npm - @bcts/components - Versions diffs - 1.0.0-beta.0 → 1.0.0-beta.1 - Mend

@bcts/components 1.0.0-beta.0 → 1.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/index.cjs +1160 -183
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +17 -1
package/dist/index.d.cts.map +1 -1
package/dist/index.d.mts +17 -1
package/dist/index.d.mts.map +1 -1
package/dist/index.iife.js +799 -816
package/dist/index.iife.js.map +1 -1
package/dist/index.mjs +992 -14
package/dist/index.mjs.map +1 -1
package/package.json +11 -11
package/dist/digest-B1bpgcdz.mjs +0 -943
package/dist/digest-B1bpgcdz.mjs.map +0 -1
package/dist/digest-DL5sTq8T.cjs +0 -996
package/dist/digest-DL5sTq8T.cjs.map +0 -1
package/dist/digest-DRakTOWS.cjs +0 -2

package/dist/index.cjs CHANGED Viewed

@@ -21,7 +21,6 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 	enumerable: true
 }) : target, mod));
 //#endregion
-const require_digest = require("./digest-DL5sTq8T.cjs");
 let _bcts_dcbor = require("@bcts/dcbor");
 let _bcts_tags = require("@bcts/tags");
 let pako = require("pako");
@@ -40,6 +39,503 @@ let _scure_base = require("@scure/base");
 let _noble_hashes_hmac_js = require("@noble/hashes/hmac.js");
 let _noble_post_quantum_ml_kem_js = require("@noble/post-quantum/ml-kem.js");
 let _bcts_sskr = require("@bcts/sskr");
+//#region src/error.ts
+/**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* Error types for cryptographic and component operations
+*
+* Ported from bc-components-rust/src/error.rs
+*
+* This module provides a unified error handling system that matches the Rust
+* implementation's error variants with full structural parity:
+*
+* - InvalidSize: Invalid data size for the specified type
+* - InvalidData: Invalid data format or content
+* - DataTooShort: Data too short for the expected type
+* - Crypto: Cryptographic operation failed
+* - Cbor: CBOR encoding or decoding error
+* - Sskr: SSKR error
+* - Ssh: SSH key operation failed
+* - Uri: URI parsing failed
+* - Compression: Data compression/decompression failed
+* - PostQuantum: Post-quantum cryptography library error
+* - LevelMismatch: Signature level mismatch
+* - SshAgent: SSH agent operation failed
+* - Hex: Hex decoding error
+* - Utf8: UTF-8 conversion error
+* - Env: Environment variable error
+* - SshAgentClient: SSH agent client error
+* - General: General error with custom message
+*/
+/**
+* Error kind enum matching Rust's Error variants.
+*
+* This enum allows programmatic checking of error types, matching the
+* Rust enum variants exactly.
+*/
+let ErrorKind = /* @__PURE__ */ function(ErrorKind) {
+	/** Invalid data size for the specified type */
+	ErrorKind["InvalidSize"] = "InvalidSize";
+	/** Invalid data format or content */
+	ErrorKind["InvalidData"] = "InvalidData";
+	/** Data too short for the expected type */
+	ErrorKind["DataTooShort"] = "DataTooShort";
+	/** Cryptographic operation failed */
+	ErrorKind["Crypto"] = "Crypto";
+	/** CBOR encoding or decoding error */
+	ErrorKind["Cbor"] = "Cbor";
+	/** SSKR error */
+	ErrorKind["Sskr"] = "Sskr";
+	/** SSH key operation failed */
+	ErrorKind["Ssh"] = "Ssh";
+	/** URI parsing failed */
+	ErrorKind["Uri"] = "Uri";
+	/** Data compression/decompression failed */
+	ErrorKind["Compression"] = "Compression";
+	/** Post-quantum cryptography library error */
+	ErrorKind["PostQuantum"] = "PostQuantum";
+	/** Signature level mismatch */
+	ErrorKind["LevelMismatch"] = "LevelMismatch";
+	/** SSH agent operation failed */
+	ErrorKind["SshAgent"] = "SshAgent";
+	/** Hex decoding error */
+	ErrorKind["Hex"] = "Hex";
+	/** UTF-8 conversion error */
+	ErrorKind["Utf8"] = "Utf8";
+	/** Environment variable error */
+	ErrorKind["Env"] = "Env";
+	/** SSH agent client error */
+	ErrorKind["SshAgentClient"] = "SshAgentClient";
+	/** General error with custom message */
+	ErrorKind["General"] = "General";
+	return ErrorKind;
+}({});
+/**
+* Error type for cryptographic and component operations.
+*
+* This class provides full structural parity with the Rust Error enum,
+* including:
+* - An `errorKind` property for programmatic error type checking
+* - Structured `errorData` for accessing error-specific fields
+* - Factory methods matching Rust's impl block
+*/
+var CryptoError = class CryptoError extends Error {
+	/** The error kind for programmatic type checking */
+	errorKind;
+	/** Structured error data matching Rust's error variants */
+	errorData;
+	constructor(message, errorData) {
+		super(message);
+		this.name = "CryptoError";
+		this.errorKind = errorData.kind;
+		this.errorData = errorData;
+		const ErrorWithStackTrace = Error;
+		if (typeof ErrorWithStackTrace.captureStackTrace === "function") ErrorWithStackTrace.captureStackTrace(this, CryptoError);
+	}
+	/**
+	* Create an invalid size error.
+	*
+	* Rust equivalent: `Error::InvalidSize { data_type, expected, actual }`
+	*
+	* @param expected - The expected size
+	* @param actual - The actual size received
+	*/
+	static invalidSize(expected, actual) {
+		return CryptoError.invalidSizeForType("data", expected, actual);
+	}
+	/**
+	* Create an invalid size error with a data type name.
+	*
+	* Rust equivalent: `Error::invalid_size(data_type, expected, actual)`
+	*
+	* @param dataType - The name of the data type
+	* @param expected - The expected size
+	* @param actual - The actual size received
+	*/
+	static invalidSizeForType(dataType, expected, actual) {
+		return new CryptoError(`invalid ${dataType} size: expected ${expected}, got ${actual}`, {
+			kind: "InvalidSize",
+			dataType,
+			expected,
+			actual
+		});
+	}
+	/**
+	* Create an invalid data error.
+	*
+	* @param message - Description of what's invalid
+	*/
+	static invalidData(message) {
+		return CryptoError.invalidDataForType("data", message);
+	}
+	/**
+	* Create an invalid data error with a data type name.
+	*
+	* Rust equivalent: `Error::invalid_data(data_type, reason)`
+	*
+	* @param dataType - The name of the data type
+	* @param reason - The reason the data is invalid
+	*/
+	static invalidDataForType(dataType, reason) {
+		return new CryptoError(`invalid ${dataType}: ${reason}`, {
+			kind: "InvalidData",
+			dataType,
+			reason
+		});
+	}
+	/**
+	* Create a data too short error.
+	*
+	* Rust equivalent: `Error::data_too_short(data_type, minimum, actual)`
+	*
+	* @param dataType - The name of the data type
+	* @param minimum - The minimum required size
+	* @param actual - The actual size received
+	*/
+	static dataTooShort(dataType, minimum, actual) {
+		return new CryptoError(`data too short: ${dataType} expected at least ${minimum}, got ${actual}`, {
+			kind: "DataTooShort",
+			dataType,
+			minimum,
+			actual
+		});
+	}
+	/**
+	* Create an invalid format error.
+	*
+	* @param message - Description of the format error
+	*/
+	static invalidFormat(message) {
+		return CryptoError.invalidDataForType("format", message);
+	}
+	/**
+	* Create an invalid input error.
+	*
+	* @param message - Description of the invalid input
+	*/
+	static invalidInput(message) {
+		return CryptoError.invalidDataForType("input", message);
+	}
+	/**
+	* Create a cryptographic operation failed error.
+	*
+	* Rust equivalent: `Error::crypto(msg)`
+	*
+	* @param message - Description of the failure
+	*/
+	static cryptoOperation(message) {
+		return CryptoError.crypto(message);
+	}
+	/**
+	* Create a crypto error.
+	*
+	* Rust equivalent: `Error::Crypto(msg)`
+	*
+	* @param message - Description of the failure
+	*/
+	static crypto(message) {
+		return new CryptoError(`cryptographic operation failed: ${message}`, {
+			kind: "Crypto",
+			message
+		});
+	}
+	/**
+	* Create a post-quantum cryptography error.
+	*
+	* Rust equivalent: `Error::post_quantum(msg)`
+	*
+	* @param message - Description of the failure
+	*/
+	static postQuantum(message) {
+		return new CryptoError(`post-quantum cryptography error: ${message}`, {
+			kind: "PostQuantum",
+			message
+		});
+	}
+	/**
+	* Create a signature level mismatch error.
+	*
+	* Rust equivalent: `Error::LevelMismatch`
+	*/
+	static levelMismatch() {
+		return new CryptoError("signature level does not match key level", { kind: "LevelMismatch" });
+	}
+	/**
+	* Create a CBOR error.
+	*
+	* Rust equivalent: `Error::Cbor(err)`
+	*
+	* @param message - Description of the CBOR error
+	*/
+	static cbor(message) {
+		return new CryptoError(`CBOR error: ${message}`, {
+			kind: "Cbor",
+			message
+		});
+	}
+	/**
+	* Create a hex decoding error.
+	*
+	* Rust equivalent: `Error::Hex(err)`
+	*
+	* @param message - Description of the hex error
+	*/
+	static hex(message) {
+		return new CryptoError(`hex decoding error: ${message}`, {
+			kind: "Hex",
+			message
+		});
+	}
+	/**
+	* Create a UTF-8 conversion error.
+	*
+	* Rust equivalent: `Error::Utf8(err)`
+	*
+	* @param message - Description of the UTF-8 error
+	*/
+	static utf8(message) {
+		return new CryptoError(`UTF-8 conversion error: ${message}`, {
+			kind: "Utf8",
+			message
+		});
+	}
+	/**
+	* Create a compression error.
+	*
+	* Rust equivalent: `Error::compression(msg)`
+	*
+	* @param message - Description of the compression error
+	*/
+	static compression(message) {
+		return new CryptoError(`compression error: ${message}`, {
+			kind: "Compression",
+			message
+		});
+	}
+	/**
+	* Create a URI parsing error.
+	*
+	* Rust equivalent: `Error::Uri(err)`
+	*
+	* @param message - Description of the URI error
+	*/
+	static uri(message) {
+		return new CryptoError(`invalid URI: ${message}`, {
+			kind: "Uri",
+			message
+		});
+	}
+	/**
+	* Create an SSKR error.
+	*
+	* Rust equivalent: `Error::Sskr(err)`
+	*
+	* @param message - Description of the SSKR error
+	*/
+	static sskr(message) {
+		return new CryptoError(`SSKR error: ${message}`, {
+			kind: "Sskr",
+			message
+		});
+	}
+	/**
+	* Create an SSH operation error.
+	*
+	* Rust equivalent: `Error::ssh(msg)`
+	*
+	* @param message - Description of the SSH error
+	*/
+	static ssh(message) {
+		return new CryptoError(`SSH operation failed: ${message}`, {
+			kind: "Ssh",
+			message
+		});
+	}
+	/**
+	* Create an SSH agent error.
+	*
+	* Rust equivalent: `Error::ssh_agent(msg)`
+	*
+	* @param message - Description of the SSH agent error
+	*/
+	static sshAgent(message) {
+		return new CryptoError(`SSH agent error: ${message}`, {
+			kind: "SshAgent",
+			message
+		});
+	}
+	/**
+	* Create an SSH agent client error.
+	*
+	* Rust equivalent: `Error::ssh_agent_client(msg)`
+	*
+	* @param message - Description of the SSH agent client error
+	*/
+	static sshAgentClient(message) {
+		return new CryptoError(`SSH agent client error: ${message}`, {
+			kind: "SshAgentClient",
+			message
+		});
+	}
+	/**
+	* Create an environment variable error.
+	*
+	* Rust equivalent: `Error::Env(err)`
+	*
+	* @param message - Description of the environment error
+	*/
+	static env(message) {
+		return new CryptoError(`environment variable error: ${message}`, {
+			kind: "Env",
+			message
+		});
+	}
+	/**
+	* Create a general error with a custom message.
+	*
+	* Rust equivalent: `Error::general(msg)` / `Error::General(msg)`
+	*
+	* @param message - The error message
+	*/
+	static general(message) {
+		return new CryptoError(message, {
+			kind: "General",
+			message
+		});
+	}
+	/**
+	* Check if this error is of a specific kind.
+	*
+	* @param kind - The error kind to check
+	*/
+	isKind(kind) {
+		return this.errorKind === kind;
+	}
+	/**
+	* Check if this is an InvalidSize error.
+	*/
+	isInvalidSize() {
+		return this.errorKind === "InvalidSize";
+	}
+	/**
+	* Check if this is an InvalidData error.
+	*/
+	isInvalidData() {
+		return this.errorKind === "InvalidData";
+	}
+	/**
+	* Check if this is a DataTooShort error.
+	*/
+	isDataTooShort() {
+		return this.errorKind === "DataTooShort";
+	}
+	/**
+	* Check if this is a Crypto error.
+	*/
+	isCrypto() {
+		return this.errorKind === "Crypto";
+	}
+	/**
+	* Check if this is a Cbor error.
+	*/
+	isCbor() {
+		return this.errorKind === "Cbor";
+	}
+	/**
+	* Check if this is an Sskr error.
+	*/
+	isSskr() {
+		return this.errorKind === "Sskr";
+	}
+	/**
+	* Check if this is an Ssh error.
+	*/
+	isSsh() {
+		return this.errorKind === "Ssh";
+	}
+	/**
+	* Check if this is a Uri error.
+	*/
+	isUri() {
+		return this.errorKind === "Uri";
+	}
+	/**
+	* Check if this is a Compression error.
+	*/
+	isCompression() {
+		return this.errorKind === "Compression";
+	}
+	/**
+	* Check if this is a PostQuantum error.
+	*/
+	isPostQuantum() {
+		return this.errorKind === "PostQuantum";
+	}
+	/**
+	* Check if this is a LevelMismatch error.
+	*/
+	isLevelMismatch() {
+		return this.errorKind === "LevelMismatch";
+	}
+	/**
+	* Check if this is an SshAgent error.
+	*/
+	isSshAgent() {
+		return this.errorKind === "SshAgent";
+	}
+	/**
+	* Check if this is a Hex error.
+	*/
+	isHex() {
+		return this.errorKind === "Hex";
+	}
+	/**
+	* Check if this is a Utf8 error.
+	*/
+	isUtf8() {
+		return this.errorKind === "Utf8";
+	}
+	/**
+	* Check if this is an Env error.
+	*/
+	isEnv() {
+		return this.errorKind === "Env";
+	}
+	/**
+	* Check if this is an SshAgentClient error.
+	*/
+	isSshAgentClient() {
+		return this.errorKind === "SshAgentClient";
+	}
+	/**
+	* Check if this is a General error.
+	*/
+	isGeneral() {
+		return this.errorKind === "General";
+	}
+};
+/**
+* Type guard to check if a result is an Error.
+*/
+function isError(result) {
+	return result instanceof Error;
+}
+/**
+* Type guard to check if a result is a CryptoError.
+*/
+function isCryptoError(result) {
+	return result instanceof CryptoError;
+}
+/**
+* Type guard to check if an error is a CryptoError of a specific kind.
+*/
+function isCryptoErrorKind(result, kind) {
+	return isCryptoError(result) && result.errorKind === kind;
+}
+//#endregion
 //#region src/private-key-data-provider.ts
 /**
 * Type guard to check if an object implements PrivateKeyDataProvider
@@ -62,6 +558,129 @@ function isDecrypter(obj) {
 	return typeof obj === "object" && obj !== null && "encapsulationPrivateKey" in obj && typeof obj.encapsulationPrivateKey === "function" && "decapsulateSharedSecret" in obj && typeof obj.decapsulateSharedSecret === "function";
 }
 //#endregion
+//#region src/utils.ts
+/**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* Utility functions for byte array conversions and comparisons.
+*
+* These functions provide cross-platform support for common byte manipulation
+* operations needed in cryptographic and encoding contexts.
+*
+* @packageDocumentation
+*/
+/**
+* Convert a Uint8Array to a lowercase hexadecimal string.
+*
+* @param data - The byte array to convert
+* @returns A lowercase hex string representation (2 characters per byte)
+*
+* @example
+* ```typescript
+* const bytes = new Uint8Array([0xde, 0xad, 0xbe, 0xef]);
+* bytesToHex(bytes); // "deadbeef"
+* ```
+*/
+function bytesToHex(data) {
+	return Array.from(data).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+/**
+* Convert a hexadecimal string to a Uint8Array.
+*
+* @param hex - A hex string (must have even length, case-insensitive)
+* @returns The decoded byte array
+* @throws {Error} If the hex string has odd length or contains invalid characters
+*
+* @example
+* ```typescript
+* hexToBytes("deadbeef"); // Uint8Array([0xde, 0xad, 0xbe, 0xef])
+* hexToBytes("DEADBEEF"); // Uint8Array([0xde, 0xad, 0xbe, 0xef])
+* hexToBytes("xyz"); // throws Error: Invalid hex string
+* ```
+*/
+function hexToBytes(hex) {
+	if (hex.length % 2 !== 0) throw new Error(`Hex string must have even length, got ${hex.length}`);
+	if (!/^[0-9A-Fa-f]*$/.test(hex)) throw new Error("Invalid hex string: contains non-hexadecimal characters");
+	const data = new Uint8Array(hex.length / 2);
+	for (let i = 0; i < hex.length; i += 2) data[i / 2] = parseInt(hex.substring(i, i + 2), 16);
+	return data;
+}
+/**
+* Convert a Uint8Array to a base64-encoded string.
+*
+* This function works in both browser and Node.js environments.
+* Uses btoa which is available in browsers and Node.js 16+.
+*
+* @param data - The byte array to encode
+* @returns A base64-encoded string
+*
+* @example
+* ```typescript
+* const bytes = new Uint8Array([72, 101, 108, 108, 111]); // "Hello"
+* toBase64(bytes); // "SGVsbG8="
+* ```
+*/
+function toBase64(data) {
+	let binary = "";
+	for (const byte of data) binary += String.fromCharCode(byte);
+	return btoa(binary);
+}
+/**
+* Convert a base64-encoded string to a Uint8Array.
+*
+* This function works in both browser and Node.js environments.
+* Uses atob which is available in browsers and Node.js 16+.
+*
+* @param base64 - A base64-encoded string
+* @returns The decoded byte array
+*
+* @example
+* ```typescript
+* fromBase64("SGVsbG8="); // Uint8Array([72, 101, 108, 108, 111])
+* ```
+*/
+function fromBase64(base64) {
+	const binary = atob(base64);
+	const bytes = new Uint8Array(binary.length);
+	for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+	return bytes;
+}
+/**
+* Compare two Uint8Arrays for equality using constant-time comparison.
+*
+* This function is designed to be resistant to timing attacks by always
+* comparing all bytes regardless of where a difference is found. The
+* comparison time depends only on the length of the arrays, not on where
+* they differ.
+*
+* **Security Note**: If the arrays have different lengths, this function
+* returns `false` immediately, which does leak length information. For
+* cryptographic uses where length should also be secret, ensure both
+* arrays are the same length before comparison.
+*
+* @param a - First byte array
+* @param b - Second byte array
+* @returns `true` if both arrays have the same length and identical contents
+*
+* @example
+* ```typescript
+* const key1 = new Uint8Array([1, 2, 3, 4]);
+* const key2 = new Uint8Array([1, 2, 3, 4]);
+* const key3 = new Uint8Array([1, 2, 3, 5]);
+*
+* bytesEqual(key1, key2); // true
+* bytesEqual(key1, key3); // false
+* ```
+*/
+function bytesEqual(a, b) {
+	if (a.length !== b.length) return false;
+	let result = 0;
+	for (let i = 0; i < a.length; i++) result |= a[i] ^ b[i];
+	return result === 0;
+}
+//#endregion
 //#region src/json.ts
 /**
 * Copyright © 2023-2026 Blockchain Commons, LLC
@@ -126,7 +745,7 @@ var JSON = class JSON {
 	* Create a new JSON instance from a hexadecimal string.
 	*/
 	static fromHex(hex) {
-		return new JSON(require_digest.hexToBytes(hex));
+		return new JSON(hexToBytes(hex));
 	}
 	/**
 	* Return the length of the JSON data in bytes.
@@ -158,7 +777,7 @@ var JSON = class JSON {
 	* Return the data as a hexadecimal string.
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Return a copy of the underlying data.
@@ -241,6 +860,309 @@ var JSON = class JSON {
 	}
 };
 //#endregion
+//#region src/digest.ts
+/**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* SHA-256 cryptographic digest (32 bytes)
+*
+* Ported from bc-components-rust/src/digest.rs
+*
+* A `Digest` represents the cryptographic hash of some data. In this
+* implementation, SHA-256 is used, which produces a 32-byte hash value.
+* Digests are used throughout the crate for data verification and as unique
+* identifiers derived from data.
+*
+* # CBOR Serialization
+*
+* `Digest` implements the CBOR tagged encoding interfaces, which means it can be
+* serialized to and deserialized from CBOR with a specific tag (TAG_DIGEST = 40001).
+*
+* # UR Serialization
+*
+* When serialized as a Uniform Resource (UR), a `Digest` is represented as a
+* binary blob with the type "digest".
+*
+* @example
+* ```typescript
+* import { Digest } from '@bcts/components';
+*
+* // Create a digest from a string
+* const data = new TextEncoder().encode("hello world");
+* const digest = Digest.fromImage(data);
+*
+* // Validate that the digest matches the original data
+* console.log(digest.validate(data)); // true
+*
+* // Create a digest from a hex string
+* const hexString = "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9";
+* const digest2 = Digest.fromHex(hexString);
+*
+* // Retrieve the digest as hex
+* console.log(digest2.hex()); // b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
+* ```
+*/
+var Digest = class Digest {
+	static DIGEST_SIZE = _bcts_crypto.SHA256_SIZE;
+	_data;
+	constructor(data) {
+		if (data.length !== Digest.DIGEST_SIZE) throw CryptoError.invalidSize(Digest.DIGEST_SIZE, data.length);
+		this._data = new Uint8Array(data);
+	}
+	/**
+	* Get the digest data.
+	*/
+	data() {
+		return this._data;
+	}
+	/**
+	* Create a Digest from a 32-byte array.
+	*/
+	static fromData(data) {
+		return new Digest(new Uint8Array(data));
+	}
+	/**
+	* Create a Digest from data, validating the length.
+	* Alias for fromData for compatibility with Rust API.
+	*/
+	static fromDataRef(data) {
+		return Digest.fromData(data);
+	}
+	/**
+	* Create a Digest from hex string.
+	*
+	* @throws Error if the hex string is not exactly 64 characters.
+	*/
+	static fromHex(hex) {
+		return new Digest(hexToBytes(hex));
+	}
+	/**
+	* Compute SHA-256 digest of data (called "image" in Rust).
+	*
+	* @param image - The data to hash
+	*/
+	static fromImage(image) {
+		const hashData = (0, _bcts_crypto.sha256)(image);
+		return new Digest(new Uint8Array(hashData));
+	}
+	/**
+	* Compute SHA-256 digest from multiple data parts.
+	*
+	* The parts are concatenated and then hashed.
+	*
+	* @param imageParts - Array of byte arrays to concatenate and hash
+	*/
+	static fromImageParts(imageParts) {
+		const totalLength = imageParts.reduce((sum, part) => sum + part.length, 0);
+		const buf = new Uint8Array(totalLength);
+		let offset = 0;
+		for (const part of imageParts) {
+			buf.set(part, offset);
+			offset += part.length;
+		}
+		return Digest.fromImage(buf);
+	}
+	/**
+	* Compute SHA-256 digest from an array of Digests.
+	*
+	* The digest bytes are concatenated and then hashed.
+	*
+	* @param digests - Array of Digests to combine
+	*/
+	static fromDigests(digests) {
+		const buf = new Uint8Array(digests.length * Digest.DIGEST_SIZE);
+		let offset = 0;
+		for (const digest of digests) {
+			buf.set(digest._data, offset);
+			offset += Digest.DIGEST_SIZE;
+		}
+		return Digest.fromImage(buf);
+	}
+	/**
+	* Compute SHA-256 digest of data (legacy alias for fromImage).
+	* @deprecated Use fromImage instead
+	*/
+	static hash(data) {
+		return Digest.fromImage(data);
+	}
+	/**
+	* Get the raw digest bytes as a copy.
+	*/
+	toData() {
+		return new Uint8Array(this._data);
+	}
+	/**
+	* Get a reference to the raw digest bytes.
+	*/
+	asBytes() {
+		return this._data;
+	}
+	/**
+	* Get hex string representation.
+	*/
+	hex() {
+		return bytesToHex(this._data);
+	}
+	/**
+	* Get hex string representation (alias for hex()).
+	*/
+	toHex() {
+		return this.hex();
+	}
+	/**
+	* Get base64 representation.
+	*/
+	toBase64() {
+		return toBase64(this._data);
+	}
+	/**
+	* Get the first four bytes of the digest as a hexadecimal string.
+	* Useful for short descriptions.
+	*/
+	shortDescription() {
+		return bytesToHex(this._data.slice(0, 4));
+	}
+	/**
+	* Validate the digest against the given image.
+	*
+	* The image is hashed with SHA-256 and compared to this digest.
+	* @returns `true` if the digest matches the image.
+	*/
+	validate(image) {
+		return this.equals(Digest.fromImage(image));
+	}
+	/**
+	* Compare with another Digest.
+	*/
+	equals(other) {
+		if (this._data.length !== other._data.length) return false;
+		for (let i = 0; i < this._data.length; i++) if (this._data[i] !== other._data[i]) return false;
+		return true;
+	}
+	/**
+	* Compare digests lexicographically.
+	*/
+	compare(other) {
+		for (let i = 0; i < this._data.length; i++) {
+			const a = this._data[i];
+			const b = other._data[i];
+			if (a < b) return -1;
+			if (a > b) return 1;
+		}
+		return 0;
+	}
+	/**
+	* Get string representation.
+	*/
+	toString() {
+		return `Digest(${this.hex()})`;
+	}
+	/**
+	* A Digest is its own digest provider - returns itself.
+	*/
+	digest() {
+		return this;
+	}
+	/**
+	* Returns the CBOR tags associated with Digest.
+	*/
+	cborTags() {
+		return (0, _bcts_dcbor.tagsForValues)([_bcts_tags.DIGEST.value]);
+	}
+	/**
+	* Returns the untagged CBOR encoding (as a byte string).
+	*/
+	untaggedCbor() {
+		return (0, _bcts_dcbor.toByteString)(this._data);
+	}
+	/**
+	* Returns the tagged CBOR encoding.
+	*/
+	taggedCbor() {
+		return (0, _bcts_dcbor.createTaggedCbor)(this);
+	}
+	/**
+	* Returns the tagged value in CBOR binary representation.
+	*/
+	taggedCborData() {
+		return this.taggedCbor().toData();
+	}
+	/**
+	* Creates a Digest by decoding it from untagged CBOR.
+	*/
+	fromUntaggedCbor(cbor) {
+		const data = (0, _bcts_dcbor.expectBytes)(cbor);
+		return Digest.fromData(data);
+	}
+	/**
+	* Creates a Digest by decoding it from tagged CBOR.
+	*/
+	fromTaggedCbor(cbor) {
+		(0, _bcts_dcbor.validateTag)(cbor, this.cborTags());
+		const content = (0, _bcts_dcbor.extractTaggedContent)(cbor);
+		return this.fromUntaggedCbor(content);
+	}
+	/**
+	* Static method to decode from tagged CBOR.
+	*/
+	static fromTaggedCbor(cbor) {
+		return new Digest(new Uint8Array(Digest.DIGEST_SIZE)).fromTaggedCbor(cbor);
+	}
+	/**
+	* Static method to decode from tagged CBOR binary data.
+	*/
+	static fromTaggedCborData(data) {
+		const cbor = (0, _bcts_dcbor.decodeCbor)(data);
+		return Digest.fromTaggedCbor(cbor);
+	}
+	/**
+	* Static method to decode from untagged CBOR binary data.
+	*/
+	static fromUntaggedCborData(data) {
+		const bytes = (0, _bcts_dcbor.expectBytes)((0, _bcts_dcbor.decodeCbor)(data));
+		return Digest.fromData(bytes);
+	}
+	/**
+	* Returns the UR representation of the Digest.
+	* Note: URs use untagged CBOR since the type is conveyed by the UR type itself.
+	*/
+	ur() {
+		return _bcts_uniform_resources.UR.new("digest", this.untaggedCbor());
+	}
+	/**
+	* Returns the UR string representation.
+	*/
+	urString() {
+		return this.ur().string();
+	}
+	/**
+	* Creates a Digest from a UR.
+	*/
+	static fromUR(ur) {
+		ur.checkType("digest");
+		return new Digest(new Uint8Array(Digest.DIGEST_SIZE)).fromUntaggedCbor(ur.cbor());
+	}
+	/**
+	* Creates a Digest from a UR string.
+	*/
+	static fromURString(urString) {
+		const ur = _bcts_uniform_resources.UR.fromURString(urString);
+		return Digest.fromUR(ur);
+	}
+	/**
+	* Validate the given data against the digest, if any.
+	*
+	* Returns `true` if the digest is `undefined` or if the digest matches the
+	* image's digest. Returns `false` if the digest does not match.
+	*/
+	static validateOpt(image, digest) {
+		if (digest === void 0) return true;
+		return digest.validate(image);
+	}
+};
+//#endregion
 //#region src/compressed.ts
 /**
 * Copyright © 2023-2026 Blockchain Commons, LLC
@@ -299,7 +1221,7 @@ var Compressed = class Compressed {
 	/** Optional cryptographic digest of the content */
 	_digest;
 	constructor(checksum, decompressedSize, compressedData, digest) {
-		if (compressedData.length > decompressedSize) throw require_digest.CryptoError.cryptoOperation("compressed data is larger than decompressed size");
+		if (compressedData.length > decompressedSize) throw CryptoError.cryptoOperation("compressed data is larger than decompressed size");
 		this._checksum = checksum;
 		this._decompressedSize = decompressedSize;
 		this._compressedData = new Uint8Array(compressedData);
@@ -358,11 +1280,11 @@ var Compressed = class Compressed {
 		if (this._compressedData.length >= this._decompressedSize) return new Uint8Array(this._compressedData);
 		try {
 			const decompressedData = (0, pako.inflateRaw)(this._compressedData);
-			if (_bcts_crypto.hash.crc32(decompressedData) !== this._checksum) throw require_digest.CryptoError.cryptoOperation("compressed data checksum mismatch");
+			if (_bcts_crypto.hash.crc32(decompressedData) !== this._checksum) throw CryptoError.cryptoOperation("compressed data checksum mismatch");
 			return decompressedData;
 		} catch (e) {
-			if (e instanceof require_digest.CryptoError) throw e;
-			throw require_digest.CryptoError.cryptoOperation("corrupt compressed data");
+			if (e instanceof CryptoError) throw e;
+			throw CryptoError.cryptoOperation("corrupt compressed data");
 		}
 	}
 	/**
@@ -435,7 +1357,7 @@ var Compressed = class Compressed {
 	* Get string representation.
 	*/
 	toString() {
-		const checksumHex = require_digest.bytesToHex(new Uint8Array([
+		const checksumHex = bytesToHex(new Uint8Array([
 			this._checksum >>> 24 & 255,
 			this._checksum >>> 16 & 255,
 			this._checksum >>> 8 & 255,
@@ -489,12 +1411,12 @@ var Compressed = class Compressed {
 	*/
 	fromUntaggedCbor(cborValue) {
 		const elements = (0, _bcts_dcbor.expectArray)(cborValue);
-		if (elements.length < 3 || elements.length > 4) throw require_digest.CryptoError.invalidData("invalid number of elements in compressed");
+		if (elements.length < 3 || elements.length > 4) throw CryptoError.invalidData("invalid number of elements in compressed");
 		const checksum = (0, _bcts_dcbor.expectInteger)(elements[0]);
 		const decompressedSize = (0, _bcts_dcbor.expectInteger)(elements[1]);
 		const compressedData = (0, _bcts_dcbor.expectBytes)(elements[2]);
 		let digest;
-		if (elements.length === 4) digest = require_digest.Digest.fromTaggedCbor(elements[3]);
+		if (elements.length === 4) digest = Digest.fromTaggedCbor(elements[3]);
 		return Compressed.new(Number(checksum), Number(decompressedSize), compressedData, digest);
 	}
 	/**
@@ -741,15 +1663,48 @@ var HKDFRng = class HKDFRng {
 //#endregion
 //#region src/digest-provider.ts
 /**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* DigestProvider interface for types that can provide a cryptographic digest.
+*
+* Ported from bc-components-rust/src/digest_provider.rs
+*
+* A type that can provide a single unique digest that characterizes its contents.
+* This trait is used to define a common interface for objects that can produce
+* a cryptographic digest (hash) of their content.
+*
+* @example
+* ```typescript
+* import { DigestProvider, Digest } from '@bcts/components';
+*
+* class Document implements DigestProvider {
+*   private content: Uint8Array;
+*   private cachedDigest?: Digest;
+*
+*   constructor(content: Uint8Array) {
+*     this.content = content;
+*   }
+*
+*   digest(): Digest {
+*     if (!this.cachedDigest) {
+*       this.cachedDigest = Digest.fromImage(this.content);
+*     }
+*     return this.cachedDigest;
+*   }
+* }
+* ```
+*/
+/**
 * Helper function to get a digest from a byte array.
 * This provides DigestProvider-like functionality for raw bytes.
 *
 * @param data - The byte array to hash
 * @returns A Promise resolving to a Digest of the data
 */
-async function digestFromBytes(data) {
-	const { Digest } = await Promise.resolve().then(() => require("./digest-DRakTOWS.cjs"));
-	return Digest.fromImage(data);
+function digestFromBytes(data) {
+	return Promise.resolve(Digest.fromImage(data));
 }
 //#endregion
 //#region src/nonce.ts
@@ -808,7 +1763,7 @@ var Nonce = class Nonce {
 	static NONCE_SIZE = _bcts_crypto.SYMMETRIC_NONCE_SIZE;
 	_data;
 	constructor(data) {
-		if (data.length !== Nonce.NONCE_SIZE) throw require_digest.CryptoError.invalidSize(Nonce.NONCE_SIZE, data.length);
+		if (data.length !== Nonce.NONCE_SIZE) throw CryptoError.invalidSize(Nonce.NONCE_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -833,7 +1788,7 @@ var Nonce = class Nonce {
 	* Restores a nonce from data (validates length).
 	*/
 	static fromDataRef(data) {
-		if (data.length !== Nonce.NONCE_SIZE) throw require_digest.CryptoError.invalidSize(Nonce.NONCE_SIZE, data.length);
+		if (data.length !== Nonce.NONCE_SIZE) throw CryptoError.invalidSize(Nonce.NONCE_SIZE, data.length);
 		return Nonce.fromData(data);
 	}
 	/**
@@ -848,7 +1803,7 @@ var Nonce = class Nonce {
 	* @throws Error if the string is not exactly 24 hexadecimal digits.
 	*/
 	static fromHex(hex) {
-		return new Nonce(require_digest.hexToBytes(hex));
+		return new Nonce(hexToBytes(hex));
 	}
 	/**
 	* Generate a random nonce using provided RNG.
@@ -878,7 +1833,7 @@ var Nonce = class Nonce {
 	* The data as a hexadecimal string.
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get hex string representation (alias for hex()).
@@ -890,7 +1845,7 @@ var Nonce = class Nonce {
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Compare with another Nonce.
@@ -1075,7 +2030,7 @@ var Salt = class Salt {
 	* Create a new salt from the given hexadecimal string.
 	*/
 	static fromHex(hex) {
-		return Salt.fromData(require_digest.hexToBytes(hex));
+		return Salt.fromData(hexToBytes(hex));
 	}
 	/**
 	* Create a specific number of bytes of salt.
@@ -1092,7 +2047,7 @@ var Salt = class Salt {
 	* @throws Error if the number of bytes is less than 8.
 	*/
 	static newWithLenUsing(count, rng) {
-		if (count < MIN_SALT_SIZE) throw require_digest.CryptoError.dataTooShort("salt", MIN_SALT_SIZE, count);
+		if (count < MIN_SALT_SIZE) throw CryptoError.dataTooShort("salt", MIN_SALT_SIZE, count);
 		return new Salt(rng.randomData(count));
 	}
 	/**
@@ -1101,7 +2056,7 @@ var Salt = class Salt {
 	* @throws Error if the minimum number of bytes is less than 8.
 	*/
 	static newInRange(minSize, maxSize) {
-		if (minSize < MIN_SALT_SIZE) throw require_digest.CryptoError.dataTooShort("salt", MIN_SALT_SIZE, minSize);
+		if (minSize < MIN_SALT_SIZE) throw CryptoError.dataTooShort("salt", MIN_SALT_SIZE, minSize);
 		const rng = new _bcts_rand.SecureRandomNumberGenerator();
 		return Salt.newInRangeUsing(minSize, maxSize, rng);
 	}
@@ -1111,7 +2066,7 @@ var Salt = class Salt {
 	* @throws Error if the minimum number of bytes is less than 8.
 	*/
 	static newInRangeUsing(minSize, maxSize, rng) {
-		if (minSize < MIN_SALT_SIZE) throw require_digest.CryptoError.dataTooShort("salt", MIN_SALT_SIZE, minSize);
+		if (minSize < MIN_SALT_SIZE) throw CryptoError.dataTooShort("salt", MIN_SALT_SIZE, minSize);
 		const count = (0, _bcts_rand.rngNextInClosedRangeI32)(rng, minSize, maxSize);
 		return Salt.newWithLenUsing(count, rng);
 	}
@@ -1185,7 +2140,7 @@ var Salt = class Salt {
 	* The data as a hexadecimal string.
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get hex string representation (alias for hex()).
@@ -1197,7 +2152,7 @@ var Salt = class Salt {
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Compare with another Salt.
@@ -1352,7 +2307,7 @@ var Seed = class Seed {
 	_note;
 	_creationDate;
 	constructor(data, name, note, creationDate) {
-		if (data.length < Seed.MIN_SEED_LENGTH) throw require_digest.CryptoError.dataTooShort("seed", Seed.MIN_SEED_LENGTH, data.length);
+		if (data.length < Seed.MIN_SEED_LENGTH) throw CryptoError.dataTooShort("seed", Seed.MIN_SEED_LENGTH, data.length);
 		this._data = new Uint8Array(data);
 		this._name = name ?? "";
 		this._note = note ?? "";
@@ -1423,7 +2378,7 @@ var Seed = class Seed {
 	* @param metadata - Optional metadata object
 	*/
 	static fromHex(hex, metadata) {
-		return Seed.from(require_digest.hexToBytes(hex), metadata);
+		return Seed.from(hexToBytes(hex), metadata);
 	}
 	/**
 	* Generate a random seed with specified size (default 32 bytes).
@@ -1478,13 +2433,13 @@ var Seed = class Seed {
 	* Get hex string representation.
 	*/
 	toHex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Get seed size in bytes.
@@ -1637,7 +2592,7 @@ var Seed = class Seed {
 	fromUntaggedCbor(cborValue) {
 		const map = (0, _bcts_dcbor.expectMap)(cborValue);
 		const data = map.extract(1);
-		if (data.length === 0) throw require_digest.CryptoError.invalidData("Seed data is empty");
+		if (data.length === 0) throw CryptoError.invalidData("Seed data is empty");
 		let creationDate;
 		const dateValue = map.get(2);
 		if (dateValue !== void 0) creationDate = _bcts_dcbor.CborDate.fromTaggedCbor((0, _bcts_dcbor.cbor)(dateValue)).datetime();
@@ -1745,7 +2700,7 @@ var Reference = class Reference {
 	}
 	/** Create a Reference from exactly 32 bytes. Mirrors Rust `Reference::from_data`. */
 	static fromData(data) {
-		if (data.length !== Reference.REFERENCE_SIZE) throw require_digest.CryptoError.invalidSize(Reference.REFERENCE_SIZE, data.length);
+		if (data.length !== Reference.REFERENCE_SIZE) throw CryptoError.invalidSize(Reference.REFERENCE_SIZE, data.length);
 		return new Reference(new Uint8Array(data));
 	}
 	/** Alias of `fromData` for parity with Rust `from_data_ref`. */
@@ -1762,7 +2717,7 @@ var Reference = class Reference {
 	}
 	/** Create a Reference from a 64-character hex string. */
 	static fromHex(hex) {
-		return Reference.fromData(require_digest.hexToBytes(hex));
+		return Reference.fromData(hexToBytes(hex));
 	}
 	/**
 	* Create a Reference whose bytes are the SHA-256 digest of the input.
@@ -1772,7 +2727,7 @@ var Reference = class Reference {
 	*   that should be wrapped without hashing (matches Rust `from_data`).
 	*/
 	static hash(data) {
-		return Reference.fromDigest(require_digest.Digest.fromImage(data));
+		return Reference.fromDigest(Digest.fromImage(data));
 	}
 	/** Returns the 32 reference bytes (copy). */
 	data() {
@@ -1784,11 +2739,11 @@ var Reference = class Reference {
 	}
 	/** Returns a `Digest` constructed from these 32 bytes (no hashing). */
 	getDigest() {
-		return require_digest.Digest.fromData(this._data);
+		return Digest.fromData(this._data);
 	}
 	/** The full 64-character lowercase hex of the reference. */
 	refHex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/** The first 4 bytes of the reference. */
 	refDataShort() {
@@ -1796,7 +2751,7 @@ var Reference = class Reference {
 	}
 	/** The first 4 bytes of the reference, as 8 lowercase hex characters. */
 	refHexShort() {
-		return require_digest.bytesToHex(this._data.slice(0, 4));
+		return bytesToHex(this._data.slice(0, 4));
 	}
 	/**
 	* The first 4 bytes as upper-case bytewords identifier.
@@ -1826,7 +2781,7 @@ var Reference = class Reference {
 	}
 	/** Returns the 32 raw bytes encoded as base64. */
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Returns a short representation of this reference in the requested format.
@@ -1841,7 +2796,7 @@ var Reference = class Reference {
 			case "bytemojis": return (0, _bcts_uniform_resources.encodeBytemojisIdentifier)(this.refDataShort());
 			default: {
 				const _exhaustive = format;
-				throw require_digest.CryptoError.invalidFormat(`Unknown reference format: ${String(_exhaustive)}`);
+				throw CryptoError.invalidFormat(`Unknown reference format: ${String(_exhaustive)}`);
 			}
 		}
 	}
@@ -1856,7 +2811,7 @@ var Reference = class Reference {
 	* `Digest::from_image(self.tagged_cbor().to_cbor_data())`.
 	*/
 	digest() {
-		return require_digest.Digest.fromImage(this.taggedCborData());
+		return Digest.fromImage(this.taggedCborData());
 	}
 	cborTags() {
 		return (0, _bcts_dcbor.tagsForValues)([_bcts_tags.REFERENCE.value]);
@@ -1970,7 +2925,7 @@ var ARID = class ARID {
 	static ARID_SIZE = 32;
 	_data;
 	constructor(data) {
-		if (data.length !== ARID.ARID_SIZE) throw require_digest.CryptoError.invalidSize(ARID.ARID_SIZE, data.length);
+		if (data.length !== ARID.ARID_SIZE) throw CryptoError.invalidSize(ARID.ARID_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -1995,7 +2950,7 @@ var ARID = class ARID {
 	* Create a new ARID from a reference to an array of bytes.
 	*/
 	static fromDataRef(data) {
-		if (data.length !== ARID.ARID_SIZE) throw require_digest.CryptoError.invalidSize(ARID.ARID_SIZE, data.length);
+		if (data.length !== ARID.ARID_SIZE) throw CryptoError.invalidSize(ARID.ARID_SIZE, data.length);
 		return ARID.fromData(data);
 	}
 	/**
@@ -2010,7 +2965,7 @@ var ARID = class ARID {
 	* @throws Error if the string is not exactly 64 hexadecimal digits.
 	*/
 	static fromHex(hex) {
-		return new ARID(require_digest.hexToBytes(hex));
+		return new ARID(hexToBytes(hex));
 	}
 	/**
 	* Get the data of the ARID as an array of bytes.
@@ -2034,7 +2989,7 @@ var ARID = class ARID {
 	* The data as a hexadecimal string.
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get hex string representation (alias for hex()).
@@ -2046,13 +3001,13 @@ var ARID = class ARID {
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* The first four bytes of the ARID as a hexadecimal string.
 	*/
 	shortDescription() {
-		return require_digest.bytesToHex(this._data.slice(0, 4));
+		return bytesToHex(this._data.slice(0, 4));
 	}
 	/**
 	* Compare with another ARID.
@@ -2212,7 +3167,7 @@ var UUID = class UUID {
 	static UUID_SIZE = UUID_SIZE;
 	_data;
 	constructor(data) {
-		if (data.length !== UUID_SIZE) throw require_digest.CryptoError.invalidSize(UUID_SIZE, data.length);
+		if (data.length !== UUID_SIZE) throw CryptoError.invalidSize(UUID_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -2231,7 +3186,7 @@ var UUID = class UUID {
 	* Restores a UUID from data (validates length).
 	*/
 	static fromDataRef(data) {
-		if (data.length !== UUID_SIZE) throw require_digest.CryptoError.invalidSize(UUID_SIZE, data.length);
+		if (data.length !== UUID_SIZE) throw CryptoError.invalidSize(UUID_SIZE, data.length);
 		return UUID.fromData(data);
 	}
 	/**
@@ -2244,7 +3199,7 @@ var UUID = class UUID {
 	* Create a UUID from hex string (32 hex chars)
 	*/
 	static fromHex(hex) {
-		if (hex.length !== 32) throw require_digest.CryptoError.invalidFormat(`UUID hex must be 32 characters, got ${hex.length}`);
+		if (hex.length !== 32) throw CryptoError.invalidFormat(`UUID hex must be 32 characters, got ${hex.length}`);
 		const data = new Uint8Array(16);
 		for (let i = 0; i < 16; i++) data[i] = parseInt(hex.substring(i * 2, i * 2 + 2), 16);
 		return new UUID(data);
@@ -2254,7 +3209,7 @@ var UUID = class UUID {
 	* Format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 	*/
 	static fromString(uuidString) {
-		if (!/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(uuidString)) throw require_digest.CryptoError.invalidFormat(`Invalid UUID format: ${uuidString}`);
+		if (!/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(uuidString)) throw CryptoError.invalidFormat(`Invalid UUID format: ${uuidString}`);
 		const hex = uuidString.replace(/-/g, "");
 		return UUID.fromHex(hex);
 	}
@@ -2290,7 +3245,7 @@ var UUID = class UUID {
 	* Get hex string representation (lowercase, matching Rust implementation).
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get hex string representation (alias for hex()).
@@ -2310,7 +3265,7 @@ var UUID = class UUID {
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Compare with another UUID.
@@ -2462,7 +3417,7 @@ var XID = class XID {
 	static XID_SIZE = XID_SIZE;
 	_data;
 	constructor(data) {
-		if (data.length !== XID_SIZE) throw require_digest.CryptoError.invalidSize(XID_SIZE, data.length);
+		if (data.length !== XID_SIZE) throw CryptoError.invalidSize(XID_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -2477,7 +3432,7 @@ var XID = class XID {
 	* Returns error if the data is not the correct length.
 	*/
 	static fromDataRef(data) {
-		if (data.length !== XID_SIZE) throw require_digest.CryptoError.invalidSize(XID_SIZE, data.length);
+		if (data.length !== XID_SIZE) throw CryptoError.invalidSize(XID_SIZE, data.length);
 		return XID.fromData(data);
 	}
 	/**
@@ -2490,7 +3445,7 @@ var XID = class XID {
 	* Create an XID from hex string (64 hex characters).
 	*/
 	static fromHex(hex) {
-		if (hex.length !== 64) throw require_digest.CryptoError.invalidFormat(`XID hex must be 64 characters, got ${hex.length}`);
+		if (hex.length !== 64) throw CryptoError.invalidFormat(`XID hex must be 64 characters, got ${hex.length}`);
 		const data = new Uint8Array(32);
 		for (let i = 0; i < 32; i++) data[i] = parseInt(hex.substring(i * 2, i * 2 + 2), 16);
 		return new XID(data);
@@ -2516,7 +3471,7 @@ var XID = class XID {
 	*/
 	static newFromSigningKey(signingPublicKey) {
 		const keyCborData = signingPublicKey.taggedCborData();
-		const digest = require_digest.Digest.fromImage(keyCborData);
+		const digest = Digest.fromImage(keyCborData);
 		return XID.fromData(digest.toData());
 	}
 	/**
@@ -2555,7 +3510,7 @@ var XID = class XID {
 	*/
 	validate(signingPublicKey) {
 		const keyData = signingPublicKey.taggedCborData();
-		const digest = require_digest.Digest.fromImage(keyData);
+		const digest = Digest.fromImage(keyData);
 		return this.equals(XID.fromData(digest.toData()));
 	}
 	/**
@@ -2580,19 +3535,19 @@ var XID = class XID {
 	* Get hex string representation (lowercase, matching Rust implementation).
 	*/
 	toHex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Get short description (first 4 bytes) as hex.
 	*/
 	shortDescription() {
-		return require_digest.bytesToHex(this._data.slice(0, 4));
+		return bytesToHex(this._data.slice(0, 4));
 	}
 	/**
 	* Get short reference (first 4 bytes) as hex (alias for shortDescription).
@@ -2782,7 +3737,7 @@ var URI = class URI {
 			new URL(uri);
 			return new URI(uri);
 		} catch {
-			throw require_digest.CryptoError.invalidData("URI: invalid URI format");
+			throw CryptoError.invalidData("URI: invalid URI format");
 		}
 	}
 	/**
@@ -2866,7 +3821,7 @@ var URI = class URI {
 	* Get base64 representation of the URI string.
 	*/
 	toBase64() {
-		return require_digest.toBase64(new TextEncoder().encode(this._uri));
+		return toBase64(new TextEncoder().encode(this._uri));
 	}
 	/**
 	* Get the length of the URI string.
@@ -2974,7 +3929,7 @@ var URI = class URI {
 var Ed25519PublicKey = class Ed25519PublicKey {
 	_data;
 	constructor(data) {
-		if (data.length !== _bcts_crypto.ED25519_PUBLIC_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.ED25519_PUBLIC_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.ED25519_PUBLIC_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.ED25519_PUBLIC_KEY_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -2993,14 +3948,14 @@ var Ed25519PublicKey = class Ed25519PublicKey {
 	* Mirror of Rust `Ed25519PublicKey::from_data_ref` — validates length.
 	*/
 	static fromDataRef(data) {
-		if (data.length !== _bcts_crypto.ED25519_PUBLIC_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.ED25519_PUBLIC_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.ED25519_PUBLIC_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.ED25519_PUBLIC_KEY_SIZE, data.length);
 		return new Ed25519PublicKey(data);
 	}
 	/**
 	* Create an Ed25519PublicKey from hex string.
 	*/
 	static fromHex(hex) {
-		return new Ed25519PublicKey(require_digest.hexToBytes(hex));
+		return new Ed25519PublicKey(hexToBytes(hex));
 	}
 	/** Returns the 32 raw public key bytes (copy). */
 	data() {
@@ -3018,23 +3973,23 @@ var Ed25519PublicKey = class Ed25519PublicKey {
 	* Get hex string representation
 	*/
 	toHex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get base64 representation
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Verify a signature using Ed25519
 	*/
 	verify(message, signature) {
 		try {
-			if (signature.length !== _bcts_crypto.ED25519_SIGNATURE_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.ED25519_SIGNATURE_SIZE, signature.length);
+			if (signature.length !== _bcts_crypto.ED25519_SIGNATURE_SIZE) throw CryptoError.invalidSize(_bcts_crypto.ED25519_SIGNATURE_SIZE, signature.length);
 			return (0, _bcts_crypto.ed25519Verify)(this._data, message, signature);
 		} catch (e) {
-			throw require_digest.CryptoError.cryptoOperation(`Ed25519 verification failed: ${String(e)}`);
+			throw CryptoError.cryptoOperation(`Ed25519 verification failed: ${String(e)}`);
 		}
 	}
 	/**
@@ -3055,7 +4010,7 @@ var Ed25519PublicKey = class Ed25519PublicKey {
 	* (not tagged CBOR) — same pattern as SchnorrPublicKey.
 	*/
 	toString() {
-		return `Ed25519PublicKey(${require_digest.Digest.fromImage(this._data).shortDescription()})`;
+		return `Ed25519PublicKey(${Digest.fromImage(this._data).shortDescription()})`;
 	}
 };
 //#endregion
@@ -3072,7 +4027,7 @@ var Ed25519PrivateKey = class Ed25519PrivateKey {
 	seed;
 	_publicKey;
 	constructor(seed) {
-		if (seed.length !== _bcts_crypto.ED25519_PRIVATE_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.ED25519_PRIVATE_KEY_SIZE, seed.length);
+		if (seed.length !== _bcts_crypto.ED25519_PRIVATE_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.ED25519_PRIVATE_KEY_SIZE, seed.length);
 		this.seed = new Uint8Array(seed);
 	}
 	/**
@@ -3085,7 +4040,7 @@ var Ed25519PrivateKey = class Ed25519PrivateKey {
 	* Create an Ed25519PrivateKey from hex string (64 hex characters)
 	*/
 	static fromHex(hex) {
-		return new Ed25519PrivateKey(require_digest.hexToBytes(hex));
+		return new Ed25519PrivateKey(hexToBytes(hex));
 	}
 	/**
 	* Generate a random Ed25519PrivateKey
@@ -3125,13 +4080,13 @@ var Ed25519PrivateKey = class Ed25519PrivateKey {
 	* Get hex string representation of the seed
 	*/
 	toHex() {
-		return require_digest.bytesToHex(this.seed);
+		return bytesToHex(this.seed);
 	}
 	/**
 	* Get base64 representation of the seed
 	*/
 	toBase64() {
-		return require_digest.toBase64(this.seed);
+		return toBase64(this.seed);
 	}
 	/**
 	* Derive the corresponding public key
@@ -3151,7 +4106,7 @@ var Ed25519PrivateKey = class Ed25519PrivateKey {
 			const signature = (0, _bcts_crypto.ed25519Sign)(this.seed, message);
 			return new Uint8Array(signature);
 		} catch (e) {
-			throw require_digest.CryptoError.cryptoOperation(`Ed25519 signing failed: ${String(e)}`);
+			throw CryptoError.cryptoOperation(`Ed25519 signing failed: ${String(e)}`);
 		}
 	}
 	/**
@@ -3227,7 +4182,7 @@ var Sr25519PublicKey = class Sr25519PublicKey {
 	* Returns the hex representation of the key.
 	*/
 	toHex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Verify a signature using the default "substrate" context.
@@ -3254,7 +4209,7 @@ var Sr25519PublicKey = class Sr25519PublicKey {
 	* @throws CryptoError if `context` is not the substrate default
 	*/
 	verifyWithContext(signature, message, context) {
-		if (!require_digest.bytesEqual(context, SR25519_DEFAULT_CONTEXT)) throw require_digest.CryptoError.cryptoOperation("Sr25519: only the default substrate context is supported by the underlying library");
+		if (!bytesEqual(context, SR25519_DEFAULT_CONTEXT)) throw CryptoError.cryptoOperation("Sr25519: only the default substrate context is supported by the underlying library");
 		try {
 			return _scure_sr25519.verify(message, signature, this._data);
 		} catch {
@@ -3273,7 +4228,7 @@ var Sr25519PublicKey = class Sr25519PublicKey {
 	* Get string representation.
 	*/
 	toString() {
-		return `Sr25519PublicKey(${require_digest.bytesToHex(this._data).substring(0, 16)}...)`;
+		return `Sr25519PublicKey(${bytesToHex(this._data).substring(0, 16)}...)`;
 	}
 };
 //#endregion
@@ -3396,7 +4351,7 @@ var Sr25519PrivateKey = class Sr25519PrivateKey {
 	* Returns the hex representation of the seed.
 	*/
 	toHex() {
-		return require_digest.bytesToHex(this._seed);
+		return bytesToHex(this._seed);
 	}
 	/**
 	* Derives the corresponding public key.
@@ -3433,7 +4388,7 @@ var Sr25519PrivateKey = class Sr25519PrivateKey {
 	* @throws CryptoError if `context` is not the substrate default
 	*/
 	signWithContext(message, context) {
-		if (!require_digest.bytesEqual(context, SR25519_DEFAULT_CONTEXT)) throw require_digest.CryptoError.cryptoOperation("Sr25519: only the default substrate context is supported by the underlying library");
+		if (!bytesEqual(context, SR25519_DEFAULT_CONTEXT)) throw CryptoError.cryptoOperation("Sr25519: only the default substrate context is supported by the underlying library");
 		const secretKey = _scure_sr25519.secretFromSeed(this._seed);
 		return _scure_sr25519.sign(secretKey, message);
 	}
@@ -3449,7 +4404,7 @@ var Sr25519PrivateKey = class Sr25519PrivateKey {
 	* Get string representation (truncated for security).
 	*/
 	toString() {
-		return `Sr25519PrivateKey(${require_digest.bytesToHex(this._seed).substring(0, 8)}...)`;
+		return `Sr25519PrivateKey(${bytesToHex(this._seed).substring(0, 8)}...)`;
 	}
 };
 //#endregion
@@ -3485,7 +4440,7 @@ var ECUncompressedPublicKey = class ECUncompressedPublicKey {
 	static KEY_SIZE = _bcts_crypto.ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE;
 	_data;
 	constructor(data) {
-		if (data.length !== _bcts_crypto.ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -3499,7 +4454,7 @@ var ECUncompressedPublicKey = class ECUncompressedPublicKey {
 	* Validates the length.
 	*/
 	static fromDataRef(data) {
-		if (data.length !== _bcts_crypto.ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE, data.length);
 		return ECUncompressedPublicKey.fromData(data);
 	}
 	/**
@@ -3512,7 +4467,7 @@ var ECUncompressedPublicKey = class ECUncompressedPublicKey {
 	* Restore an ECUncompressedPublicKey from a hex string.
 	*/
 	static fromHex(hex) {
-		return ECUncompressedPublicKey.fromData(require_digest.hexToBytes(hex));
+		return ECUncompressedPublicKey.fromData(hexToBytes(hex));
 	}
 	/**
 	* Get a reference to the fixed-size array of bytes.
@@ -3530,7 +4485,7 @@ var ECUncompressedPublicKey = class ECUncompressedPublicKey {
 	* Get hex string representation.
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get hex string representation (alias for hex()).
@@ -3542,7 +4497,7 @@ var ECUncompressedPublicKey = class ECUncompressedPublicKey {
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Convert to compressed public key format.
@@ -3700,7 +4655,7 @@ var ECPublicKey = class ECPublicKey {
 	static KEY_SIZE = _bcts_crypto.ECDSA_PUBLIC_KEY_SIZE;
 	_data;
 	constructor(data) {
-		if (data.length !== _bcts_crypto.ECDSA_PUBLIC_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.ECDSA_PUBLIC_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.ECDSA_PUBLIC_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.ECDSA_PUBLIC_KEY_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -3714,7 +4669,7 @@ var ECPublicKey = class ECPublicKey {
 	* Validates the length.
 	*/
 	static fromDataRef(data) {
-		if (data.length !== _bcts_crypto.ECDSA_PUBLIC_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.ECDSA_PUBLIC_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.ECDSA_PUBLIC_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.ECDSA_PUBLIC_KEY_SIZE, data.length);
 		return ECPublicKey.fromData(data);
 	}
 	/**
@@ -3727,7 +4682,7 @@ var ECPublicKey = class ECPublicKey {
 	* Restore an ECPublicKey from a hex string.
 	*/
 	static fromHex(hex) {
-		return ECPublicKey.fromData(require_digest.hexToBytes(hex));
+		return ECPublicKey.fromData(hexToBytes(hex));
 	}
 	/**
 	* Get a reference to the fixed-size array of bytes.
@@ -3745,7 +4700,7 @@ var ECPublicKey = class ECPublicKey {
 	* Get hex string representation.
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get hex string representation (alias for hex()).
@@ -3757,7 +4712,7 @@ var ECPublicKey = class ECPublicKey {
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Returns the compressed public key (self).
@@ -3938,7 +4893,7 @@ var SchnorrPublicKey = class SchnorrPublicKey {
 	static KEY_SIZE = _bcts_crypto.SCHNORR_PUBLIC_KEY_SIZE;
 	_data;
 	constructor(data) {
-		if (data.length !== _bcts_crypto.SCHNORR_PUBLIC_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.SCHNORR_PUBLIC_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.SCHNORR_PUBLIC_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.SCHNORR_PUBLIC_KEY_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -3952,7 +4907,7 @@ var SchnorrPublicKey = class SchnorrPublicKey {
 	* Validates the length.
 	*/
 	static fromDataRef(data) {
-		if (data.length !== _bcts_crypto.SCHNORR_PUBLIC_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.SCHNORR_PUBLIC_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.SCHNORR_PUBLIC_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.SCHNORR_PUBLIC_KEY_SIZE, data.length);
 		return SchnorrPublicKey.fromData(data);
 	}
 	/**
@@ -3965,7 +4920,7 @@ var SchnorrPublicKey = class SchnorrPublicKey {
 	* Restore a SchnorrPublicKey from a hex string.
 	*/
 	static fromHex(hex) {
-		return SchnorrPublicKey.fromData(require_digest.hexToBytes(hex));
+		return SchnorrPublicKey.fromData(hexToBytes(hex));
 	}
 	/**
 	* Get a reference to the fixed-size array of bytes.
@@ -3983,7 +4938,7 @@ var SchnorrPublicKey = class SchnorrPublicKey {
 	* Get hex string representation.
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get hex string representation (alias for hex()).
@@ -3995,7 +4950,7 @@ var SchnorrPublicKey = class SchnorrPublicKey {
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Verify a Schnorr signature (BIP-340).
@@ -4030,7 +4985,7 @@ var SchnorrPublicKey = class SchnorrPublicKey {
 	* reference's binary form (= SHA-256(data)[0..4]).
 	*/
 	toString() {
-		return `SchnorrPublicKey(${require_digest.Digest.fromImage(this._data).shortDescription()})`;
+		return `SchnorrPublicKey(${Digest.fromImage(this._data).shortDescription()})`;
 	}
 };
 //#endregion
@@ -4070,7 +5025,7 @@ var ECPrivateKey = class ECPrivateKey {
 	_publicKey;
 	_schnorrPublicKey;
 	constructor(data) {
-		if (data.length !== _bcts_crypto.ECDSA_PRIVATE_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.ECDSA_PRIVATE_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.ECDSA_PRIVATE_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.ECDSA_PRIVATE_KEY_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -4127,7 +5082,7 @@ var ECPrivateKey = class ECPrivateKey {
 	* Validates the length.
 	*/
 	static fromDataRef(data) {
-		if (data.length !== _bcts_crypto.ECDSA_PRIVATE_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.ECDSA_PRIVATE_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.ECDSA_PRIVATE_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.ECDSA_PRIVATE_KEY_SIZE, data.length);
 		return ECPrivateKey.fromData(data);
 	}
 	/**
@@ -4140,7 +5095,7 @@ var ECPrivateKey = class ECPrivateKey {
 	* Restore an ECPrivateKey from a hex string.
 	*/
 	static fromHex(hex) {
-		return ECPrivateKey.fromData(require_digest.hexToBytes(hex));
+		return ECPrivateKey.fromData(hexToBytes(hex));
 	}
 	/**
 	* Get a reference to the fixed-size array of bytes.
@@ -4158,7 +5113,7 @@ var ECPrivateKey = class ECPrivateKey {
 	* Get hex string representation.
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get hex string representation (alias for hex()).
@@ -4170,7 +5125,7 @@ var ECPrivateKey = class ECPrivateKey {
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Get the ECPublicKey (compressed) corresponding to this ECPrivateKey.
@@ -4202,7 +5157,7 @@ var ECPrivateKey = class ECPrivateKey {
 		try {
 			return (0, _bcts_crypto.ecdsaSign)(this._data, message);
 		} catch (e) {
-			throw require_digest.CryptoError.cryptoOperation(`ECDSA signing failed: ${String(e)}`);
+			throw CryptoError.cryptoOperation(`ECDSA signing failed: ${String(e)}`);
 		}
 	}
 	/**
@@ -4215,7 +5170,7 @@ var ECPrivateKey = class ECPrivateKey {
 		try {
 			return (0, _bcts_crypto.schnorrSign)(this._data, message);
 		} catch (e) {
-			throw require_digest.CryptoError.cryptoOperation(`Schnorr signing failed: ${String(e)}`);
+			throw CryptoError.cryptoOperation(`Schnorr signing failed: ${String(e)}`);
 		}
 	}
 	/**
@@ -4229,7 +5184,7 @@ var ECPrivateKey = class ECPrivateKey {
 		try {
 			return (0, _bcts_crypto.schnorrSignUsing)(this._data, message, rng);
 		} catch (e) {
-			throw require_digest.CryptoError.cryptoOperation(`Schnorr signing failed: ${String(e)}`);
+			throw CryptoError.cryptoOperation(`Schnorr signing failed: ${String(e)}`);
 		}
 	}
 	/**
@@ -4619,7 +5574,7 @@ var MLDSAPublicKey = class MLDSAPublicKey {
 	* Get string representation.
 	*/
 	toString() {
-		const hex = require_digest.bytesToHex(this._data);
+		const hex = bytesToHex(this._data);
 		return `MLDSAPublicKey(${mldsaLevelToString(this._level)}, ${hex.substring(0, 16)}...)`;
 	}
 	/**
@@ -4798,7 +5753,7 @@ var MLDSASignature = class MLDSASignature {
 	* Get string representation.
 	*/
 	toString() {
-		const hex = require_digest.bytesToHex(this._data);
+		const hex = bytesToHex(this._data);
 		return `MLDSASignature(${mldsaLevelToString(this._level)}, ${hex.substring(0, 16)}...)`;
 	}
 	/**
@@ -5036,7 +5991,7 @@ var MLDSAPrivateKey = class MLDSAPrivateKey {
 	* Get string representation (truncated for security).
 	*/
 	toString() {
-		const hex = require_digest.bytesToHex(this._data);
+		const hex = bytesToHex(this._data);
 		return `MLDSAPrivateKey(${mldsaLevelToString(this._level)}, ${hex.substring(0, 8)}...)`;
 	}
 	/**
@@ -5150,6 +6105,7 @@ var MLDSAPrivateKey = class MLDSAPrivateKey {
 */
 const MAX_UINT32 = 4294967295;
 var SshBufferReader = class {
+	bytes;
 	view;
 	offset;
 	constructor(bytes) {
@@ -6249,7 +7205,7 @@ var SSHPrivateKey = class SSHPrivateKey {
 				if (pubBytes.length !== ED25519_PUBLIC_LEN) throw new Error(`SSHPrivateKey ed25519: public key length ${pubBytes.length} != ${ED25519_PUBLIC_LEN}`);
 				if (publicKey.data.kind !== "ed25519" || !bytesEqual$1(pubBytes, publicKey.data.pubBytes)) throw new Error("SSHPrivateKey ed25519: outer/inner public-key mismatch");
 				const combined = innerReader.readString();
-				if (combined.length !== ED25519_SEED_LEN + ED25519_PUBLIC_LEN) throw new Error(`SSHPrivateKey ed25519: combined seed||public length ${combined.length} != ${ED25519_SEED_LEN + ED25519_PUBLIC_LEN}`);
+				if (combined.length !== 64) throw new Error(`SSHPrivateKey ed25519: combined seed||public length ${combined.length} != 64`);
 				if (!bytesEqual$1(combined.subarray(ED25519_SEED_LEN), pubBytes)) throw new Error("SSHPrivateKey ed25519: combined-blob public tail does not match public field");
 				data = {
 					kind: "ed25519",
@@ -6340,7 +7296,7 @@ var SSHPrivateKey = class SSHPrivateKey {
 		switch (this.data.kind) {
 			case "ed25519": {
 				w.writeString(this.data.pubBytes);
-				const combined = new Uint8Array(ED25519_SEED_LEN + ED25519_PUBLIC_LEN);
+				const combined = new Uint8Array(64);
 				combined.set(this.data.seed, 0);
 				combined.set(this.data.pubBytes, ED25519_SEED_LEN);
 				w.writeString(combined);
@@ -6453,7 +7409,7 @@ var X25519PublicKey = class X25519PublicKey {
 	static KEY_SIZE = _bcts_crypto.X25519_PUBLIC_KEY_SIZE;
 	_data;
 	constructor(data) {
-		if (data.length !== _bcts_crypto.X25519_PUBLIC_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.X25519_PUBLIC_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.X25519_PUBLIC_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.X25519_PUBLIC_KEY_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -6467,7 +7423,7 @@ var X25519PublicKey = class X25519PublicKey {
 	* Validates the length.
 	*/
 	static fromDataRef(data) {
-		if (data.length !== _bcts_crypto.X25519_PUBLIC_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.X25519_PUBLIC_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.X25519_PUBLIC_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.X25519_PUBLIC_KEY_SIZE, data.length);
 		return X25519PublicKey.fromData(data);
 	}
 	/**
@@ -6480,7 +7436,7 @@ var X25519PublicKey = class X25519PublicKey {
 	* Restore an X25519PublicKey from a hex string.
 	*/
 	static fromHex(hex) {
-		return X25519PublicKey.fromData(require_digest.hexToBytes(hex));
+		return X25519PublicKey.fromData(hexToBytes(hex));
 	}
 	/**
 	* Get a reference to the fixed-size array of bytes.
@@ -6498,7 +7454,7 @@ var X25519PublicKey = class X25519PublicKey {
 	* Get hex string representation.
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get hex string representation (alias for hex()).
@@ -6510,7 +7466,7 @@ var X25519PublicKey = class X25519PublicKey {
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Compare with another X25519PublicKey.
@@ -6529,7 +7485,7 @@ var X25519PublicKey = class X25519PublicKey {
 	*   computed from the **tagged-CBOR** form of the key.
 	*/
 	toString() {
-		return `X25519PublicKey(${require_digest.Digest.fromImage(this.taggedCborData()).shortDescription()})`;
+		return `X25519PublicKey(${Digest.fromImage(this.taggedCborData()).shortDescription()})`;
 	}
 	/**
 	* Returns the CBOR tags associated with X25519PublicKey.
@@ -6650,7 +7606,7 @@ var AuthenticationTag = class AuthenticationTag {
 	static AUTHENTICATION_TAG_SIZE = AUTHENTICATION_TAG_SIZE;
 	_data;
 	constructor(data) {
-		if (data.length !== AUTHENTICATION_TAG_SIZE) throw require_digest.CryptoError.invalidSize(AUTHENTICATION_TAG_SIZE, data.length);
+		if (data.length !== AUTHENTICATION_TAG_SIZE) throw CryptoError.invalidSize(AUTHENTICATION_TAG_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -6663,7 +7619,7 @@ var AuthenticationTag = class AuthenticationTag {
 	* Restore an AuthenticationTag from a reference to an array of bytes.
 	*/
 	static fromDataRef(data) {
-		if (data.length !== AUTHENTICATION_TAG_SIZE) throw require_digest.CryptoError.invalidSize(AUTHENTICATION_TAG_SIZE, data.length);
+		if (data.length !== AUTHENTICATION_TAG_SIZE) throw CryptoError.invalidSize(AUTHENTICATION_TAG_SIZE, data.length);
 		return AuthenticationTag.fromData(data);
 	}
 	/**
@@ -6676,7 +7632,7 @@ var AuthenticationTag = class AuthenticationTag {
 	* Create an AuthenticationTag from hex string.
 	*/
 	static fromHex(hex) {
-		return AuthenticationTag.fromData(require_digest.hexToBytes(hex));
+		return AuthenticationTag.fromData(hexToBytes(hex));
 	}
 	/**
 	* Get a reference to the fixed-size array of bytes.
@@ -6700,13 +7656,13 @@ var AuthenticationTag = class AuthenticationTag {
 	* Get hex string representation.
 	*/
 	toHex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Compare with another AuthenticationTag.
@@ -6861,7 +7817,7 @@ var EncryptedMessage = class EncryptedMessage {
 		const aadCbor = this.aadCbor();
 		if (aadCbor === null) return null;
 		try {
-			return require_digest.Digest.fromTaggedCbor(aadCbor);
+			return Digest.fromTaggedCbor(aadCbor);
 		} catch {
 			return null;
 		}
@@ -6886,7 +7842,7 @@ var EncryptedMessage = class EncryptedMessage {
 	* Get string representation.
 	*/
 	toString() {
-		return `EncryptedMessage(ciphertext: ${require_digest.bytesToHex(this._ciphertext).substring(0, 16)}..., nonce: ${this._nonce.toHex()}, auth: ${this._auth.toHex()})`;
+		return `EncryptedMessage(ciphertext: ${bytesToHex(this._ciphertext).substring(0, 16)}..., nonce: ${this._nonce.toHex()}, auth: ${this._auth.toHex()})`;
 	}
 	/**
 	* Returns the CBOR tags associated with EncryptedMessage.
@@ -7020,7 +7976,7 @@ var SymmetricKey = class SymmetricKey {
 	static SYMMETRIC_KEY_SIZE = SYMMETRIC_KEY_SIZE;
 	_data;
 	constructor(data) {
-		if (data.length !== SYMMETRIC_KEY_SIZE) throw require_digest.CryptoError.invalidSize(SYMMETRIC_KEY_SIZE, data.length);
+		if (data.length !== SYMMETRIC_KEY_SIZE) throw CryptoError.invalidSize(SYMMETRIC_KEY_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -7039,7 +7995,7 @@ var SymmetricKey = class SymmetricKey {
 	* Create a new symmetric key from data (validates length).
 	*/
 	static fromDataRef(data) {
-		if (data.length !== SYMMETRIC_KEY_SIZE) throw require_digest.CryptoError.invalidSize(SYMMETRIC_KEY_SIZE, data.length);
+		if (data.length !== SYMMETRIC_KEY_SIZE) throw CryptoError.invalidSize(SYMMETRIC_KEY_SIZE, data.length);
 		return SymmetricKey.fromData(data);
 	}
 	/**
@@ -7052,7 +8008,7 @@ var SymmetricKey = class SymmetricKey {
 	* Create a SymmetricKey from hex string.
 	*/
 	static fromHex(hex) {
-		return SymmetricKey.fromData(require_digest.hexToBytes(hex));
+		return SymmetricKey.fromData(hexToBytes(hex));
 	}
 	/**
 	* Generate a random symmetric key.
@@ -7089,7 +8045,7 @@ var SymmetricKey = class SymmetricKey {
 	* Get hex string representation.
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get hex string representation (alias for hex()).
@@ -7101,7 +8057,7 @@ var SymmetricKey = class SymmetricKey {
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Compare with another SymmetricKey.
@@ -7266,7 +8222,7 @@ var X25519PrivateKey = class X25519PrivateKey {
 	_data;
 	_publicKey;
 	constructor(data) {
-		if (data.length !== _bcts_crypto.X25519_PRIVATE_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.X25519_PRIVATE_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.X25519_PRIVATE_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.X25519_PRIVATE_KEY_SIZE, data.length);
 		this._data = new Uint8Array(data);
 	}
 	/**
@@ -7323,7 +8279,7 @@ var X25519PrivateKey = class X25519PrivateKey {
 	* Validates the length.
 	*/
 	static fromDataRef(data) {
-		if (data.length !== _bcts_crypto.X25519_PRIVATE_KEY_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.X25519_PRIVATE_KEY_SIZE, data.length);
+		if (data.length !== _bcts_crypto.X25519_PRIVATE_KEY_SIZE) throw CryptoError.invalidSize(_bcts_crypto.X25519_PRIVATE_KEY_SIZE, data.length);
 		return X25519PrivateKey.fromData(data);
 	}
 	/**
@@ -7336,7 +8292,7 @@ var X25519PrivateKey = class X25519PrivateKey {
 	* Restore an X25519PrivateKey from a hex string.
 	*/
 	static fromHex(hex) {
-		return X25519PrivateKey.fromData(require_digest.hexToBytes(hex));
+		return X25519PrivateKey.fromData(hexToBytes(hex));
 	}
 	/**
 	* Get a reference to the fixed-size array of bytes.
@@ -7354,7 +8310,7 @@ var X25519PrivateKey = class X25519PrivateKey {
 	* Get hex string representation.
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Get hex string representation (alias for hex()).
@@ -7366,7 +8322,7 @@ var X25519PrivateKey = class X25519PrivateKey {
 	* Get base64 representation.
 	*/
 	toBase64() {
-		return require_digest.toBase64(this._data);
+		return toBase64(this._data);
 	}
 	/**
 	* Get the X25519PublicKey corresponding to this X25519PrivateKey.
@@ -7399,7 +8355,7 @@ var X25519PrivateKey = class X25519PrivateKey {
 			const shared = (0, _bcts_crypto.x25519SharedKey)(this._data, publicKey.data());
 			return new Uint8Array(shared);
 		} catch (e) {
-			throw require_digest.CryptoError.cryptoOperation(`ECDH key agreement failed: ${String(e)}`);
+			throw CryptoError.cryptoOperation(`ECDH key agreement failed: ${String(e)}`);
 		}
 	}
 	/**
@@ -7880,7 +8836,7 @@ var MLKEMCiphertext = class MLKEMCiphertext {
 	* Get string representation.
 	*/
 	toString() {
-		const hex = require_digest.bytesToHex(this._data);
+		const hex = bytesToHex(this._data);
 		return `MLKEMCiphertext(${mlkemLevelToString(this._level)}, ${hex.substring(0, 16)}...)`;
 	}
 	/**
@@ -8136,8 +9092,8 @@ var EncapsulationCiphertext = class EncapsulationCiphertext {
 	* Get string representation.
 	*/
 	toString() {
-		if (this._scheme === "x25519") return `EncapsulationCiphertext(X25519, ${require_digest.bytesToHex(this.data()).substring(0, 16)}...)`;
-		else if (isMlkemScheme$2(this._scheme)) return `EncapsulationCiphertext(${String(this._scheme)}, ${require_digest.bytesToHex(this.data()).substring(0, 16)}...)`;
+		if (this._scheme === "x25519") return `EncapsulationCiphertext(X25519, ${bytesToHex(this.data()).substring(0, 16)}...)`;
+		else if (isMlkemScheme$2(this._scheme)) return `EncapsulationCiphertext(${String(this._scheme)}, ${bytesToHex(this.data()).substring(0, 16)}...)`;
 		return `EncapsulationCiphertext(${String(this._scheme)})`;
 	}
 	/**
@@ -8320,7 +9276,7 @@ var MLKEMPublicKey = class MLKEMPublicKey {
 	* Get string representation.
 	*/
 	toString() {
-		const hex = require_digest.bytesToHex(this._data);
+		const hex = bytesToHex(this._data);
 		return `MLKEMPublicKey(${mlkemLevelToString(this._level)}, ${hex.substring(0, 16)}...)`;
 	}
 	/**
@@ -8635,7 +9591,7 @@ var EncapsulationPublicKey = class EncapsulationPublicKey {
 	* representation, providing a unique, content-addressable identifier.
 	*/
 	reference() {
-		const digest = require_digest.Digest.fromImage(this.taggedCborData());
+		const digest = Digest.fromImage(this.taggedCborData());
 		return Reference.from(digest);
 	}
 	/**
@@ -8903,7 +9859,7 @@ var MLKEMPrivateKey = class MLKEMPrivateKey {
 	* Get string representation (truncated for security).
 	*/
 	toString() {
-		const hex = require_digest.bytesToHex(this._data);
+		const hex = bytesToHex(this._data);
 		return `MLKEMPrivateKey(${mlkemLevelToString(this._level)}, ${hex.substring(0, 8)}...)`;
 	}
 	/**
@@ -9229,7 +10185,7 @@ var EncapsulationPrivateKey = class EncapsulationPrivateKey {
 	* @throws CryptoError if the scheme doesn't match
 	*/
 	decapsulateSharedSecret(ciphertext) {
-		if (ciphertext.encapsulationScheme() !== this._scheme) throw require_digest.CryptoError.invalidData(`Scheme mismatch: expected ${String(this._scheme)}, got ${String(ciphertext.encapsulationScheme())}`);
+		if (ciphertext.encapsulationScheme() !== this._scheme) throw CryptoError.invalidData(`Scheme mismatch: expected ${String(this._scheme)}, got ${String(ciphertext.encapsulationScheme())}`);
 		if (this._scheme === "x25519") {
 			const pk = this._x25519PrivateKey;
 			if (pk === void 0) throw new Error("X25519 private key not set");
@@ -9265,8 +10221,8 @@ var EncapsulationPrivateKey = class EncapsulationPrivateKey {
 	* Get string representation.
 	*/
 	toString() {
-		if (this._scheme === "x25519") return `EncapsulationPrivateKey(X25519, ${require_digest.bytesToHex(this.data()).substring(0, 16)}...)`;
-		else if (isMlkemScheme(this._scheme)) return `EncapsulationPrivateKey(${String(this._scheme)}, ${require_digest.bytesToHex(this.data()).substring(0, 16)}...)`;
+		if (this._scheme === "x25519") return `EncapsulationPrivateKey(X25519, ${bytesToHex(this.data()).substring(0, 16)}...)`;
+		else if (isMlkemScheme(this._scheme)) return `EncapsulationPrivateKey(${String(this._scheme)}, ${bytesToHex(this.data()).substring(0, 16)}...)`;
 		return `EncapsulationPrivateKey(${String(this._scheme)})`;
 	}
 	/**
@@ -9276,7 +10232,7 @@ var EncapsulationPrivateKey = class EncapsulationPrivateKey {
 	* representation, providing a unique, content-addressable identifier.
 	*/
 	reference() {
-		const digest = require_digest.Digest.fromImage(this.taggedCborData());
+		const digest = Digest.fromImage(this.taggedCborData());
 		return Reference.from(digest);
 	}
 	/**
@@ -9500,6 +10456,16 @@ var PrivateKeyBase = class PrivateKeyBase {
 		return EncapsulationPrivateKey.fromX25519PrivateKey(this.x25519PrivateKey());
 	}
 	/**
+	* Decapsulate a shared secret from a ciphertext.
+	*
+	* Implements the `Decrypter` interface so a `PrivateKeyBase` can be used
+	* directly as a recipient key, mirroring Rust `impl Decrypter for
+	* PrivateKeyBase`.
+	*/
+	decapsulateSharedSecret(ciphertext) {
+		return this.encapsulationPrivateKey().decapsulateSharedSecret(ciphertext);
+	}
+	/**
 	* Derive a PrivateKeys container with Ed25519 signing and X25519 agreement keys.
 	*
 	* @returns PrivateKeys containing the derived signing and encapsulation keys
@@ -9661,7 +10627,7 @@ var PrivateKeyBase = class PrivateKeyBase {
 	* Get string representation (truncated for security).
 	*/
 	toString() {
-		return `PrivateKeyBase(${require_digest.bytesToHex(this._data).substring(0, 8)}...)`;
+		return `PrivateKeyBase(${bytesToHex(this._data).substring(0, 8)}...)`;
 	}
 	/**
 	* Returns the CBOR tags associated with PrivateKeyBase.
@@ -10003,7 +10969,7 @@ function createKeypairUsing(scheme, rng, comment = "") {
 		}
 		case "MLDSA44":
 		case "MLDSA65":
-		case "MLDSA87": throw require_digest.CryptoError.general(`Deterministic keypair generation not supported for ${scheme}. Use createKeypair() instead.`);
+		case "MLDSA87": throw CryptoError.general(`Deterministic keypair generation not supported for ${scheme}. Use createKeypair() instead.`);
 		case "SshEd25519":
 		case "SshDsa":
 		case "SshEcdsaP256":
@@ -10065,7 +11031,7 @@ var Signature = class Signature {
 	* @returns A new Schnorr signature
 	*/
 	static schnorrFromData(data) {
-		if (data.length !== _bcts_crypto.SCHNORR_SIGNATURE_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.SCHNORR_SIGNATURE_SIZE, data.length);
+		if (data.length !== _bcts_crypto.SCHNORR_SIGNATURE_SIZE) throw CryptoError.invalidSize(_bcts_crypto.SCHNORR_SIGNATURE_SIZE, data.length);
 		return new Signature("Schnorr", data);
 	}
 	/**
@@ -10075,7 +11041,7 @@ var Signature = class Signature {
 	* @returns A new Schnorr signature
 	*/
 	static schnorrFromHex(hex) {
-		return Signature.schnorrFromData(require_digest.hexToBytes(hex));
+		return Signature.schnorrFromData(hexToBytes(hex));
 	}
 	/**
 	* Creates an ECDSA signature from a 64-byte array.
@@ -10084,7 +11050,7 @@ var Signature = class Signature {
 	* @returns A new ECDSA signature
 	*/
 	static ecdsaFromData(data) {
-		if (data.length !== _bcts_crypto.ECDSA_SIGNATURE_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.ECDSA_SIGNATURE_SIZE, data.length);
+		if (data.length !== _bcts_crypto.ECDSA_SIGNATURE_SIZE) throw CryptoError.invalidSize(_bcts_crypto.ECDSA_SIGNATURE_SIZE, data.length);
 		return new Signature("Ecdsa", data);
 	}
 	/**
@@ -10094,7 +11060,7 @@ var Signature = class Signature {
 	* @returns A new ECDSA signature
 	*/
 	static ecdsaFromHex(hex) {
-		return Signature.ecdsaFromData(require_digest.hexToBytes(hex));
+		return Signature.ecdsaFromData(hexToBytes(hex));
 	}
 	/**
 	* Creates an Ed25519 signature from a 64-byte array.
@@ -10103,7 +11069,7 @@ var Signature = class Signature {
 	* @returns A new Ed25519 signature
 	*/
 	static ed25519FromData(data) {
-		if (data.length !== _bcts_crypto.ED25519_SIGNATURE_SIZE) throw require_digest.CryptoError.invalidSize(_bcts_crypto.ED25519_SIGNATURE_SIZE, data.length);
+		if (data.length !== _bcts_crypto.ED25519_SIGNATURE_SIZE) throw CryptoError.invalidSize(_bcts_crypto.ED25519_SIGNATURE_SIZE, data.length);
 		return new Signature("Ed25519", data);
 	}
 	/**
@@ -10113,7 +11079,7 @@ var Signature = class Signature {
 	* @returns A new Ed25519 signature
 	*/
 	static ed25519FromHex(hex) {
-		return Signature.ed25519FromData(require_digest.hexToBytes(hex));
+		return Signature.ed25519FromData(hexToBytes(hex));
 	}
 	/**
 	* Creates an Sr25519 signature from a 64-byte array.
@@ -10122,7 +11088,7 @@ var Signature = class Signature {
 	* @returns A new Sr25519 signature
 	*/
 	static sr25519FromData(data) {
-		if (data.length !== 64) throw require_digest.CryptoError.invalidSize(64, data.length);
+		if (data.length !== 64) throw CryptoError.invalidSize(64, data.length);
 		return new Signature("Sr25519", data);
 	}
 	/**
@@ -10132,7 +11098,7 @@ var Signature = class Signature {
 	* @returns A new Sr25519 signature
 	*/
 	static sr25519FromHex(hex) {
-		return Signature.sr25519FromData(require_digest.hexToBytes(hex));
+		return Signature.sr25519FromData(hexToBytes(hex));
 	}
 	/**
 	* Creates a Signature from an MLDSASignature.
@@ -10318,7 +11284,7 @@ var Signature = class Signature {
 	* Get hex string representation of the signature data.
 	*/
 	toHex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Compare with another Signature.
@@ -10838,7 +11804,7 @@ var SigningPublicKey = class SigningPublicKey {
 	* representation, providing a unique, content-addressable identifier.
 	*/
 	reference() {
-		const digest = require_digest.Digest.fromImage(this.taggedCborData());
+		const digest = Digest.fromImage(this.taggedCborData());
 		return Reference.from(digest);
 	}
 	/**
@@ -11038,6 +12004,12 @@ var SigningPublicKey = class SigningPublicKey {
 	*/
 	static fromUntaggedCborData(data) {
 		const cborValue = (0, _bcts_dcbor.decodeCbor)(data);
+		return SigningPublicKey.fromUntaggedCbor(cborValue);
+	}
+	/**
+	* Static method to decode from untagged CBOR.
+	*/
+	static fromUntaggedCbor(cborValue) {
 		return new SigningPublicKey("Ed25519", void 0, void 0, Ed25519PublicKey.from(new Uint8Array(_bcts_crypto.ED25519_PUBLIC_KEY_SIZE))).fromUntaggedCbor(cborValue);
 	}
 	/**
@@ -11048,7 +12020,7 @@ var SigningPublicKey = class SigningPublicKey {
 	* Returns the UR representation of the signing public key.
 	*/
 	ur() {
-		return _bcts_uniform_resources.UR.new(SigningPublicKey.UR_TYPE, this.taggedCbor());
+		return _bcts_uniform_resources.UR.new(SigningPublicKey.UR_TYPE, this.untaggedCbor());
 	}
 	/**
 	* Returns the UR string representation of the signing public key.
@@ -11061,7 +12033,7 @@ var SigningPublicKey = class SigningPublicKey {
 	*/
 	static fromUR(ur) {
 		ur.checkType(SigningPublicKey.UR_TYPE);
-		return SigningPublicKey.fromTaggedCbor(ur.cbor());
+		return SigningPublicKey.fromUntaggedCbor(ur.cbor());
 	}
 	/**
 	* Creates a SigningPublicKey from a UR string.
@@ -11499,7 +12471,7 @@ var SigningPrivateKey = class SigningPrivateKey {
 	* representation, providing a unique, content-addressable identifier.
 	*/
 	reference() {
-		const digest = require_digest.Digest.fromImage(this.taggedCborData());
+		const digest = Digest.fromImage(this.taggedCborData());
 		return Reference.from(digest);
 	}
 	/**
@@ -11785,6 +12757,12 @@ var SigningPrivateKey = class SigningPrivateKey {
 	*/
 	static fromUntaggedCborData(data) {
 		const cborValue = (0, _bcts_dcbor.decodeCbor)(data);
+		return SigningPrivateKey.fromUntaggedCbor(cborValue);
+	}
+	/**
+	* Static method to decode from untagged CBOR.
+	*/
+	static fromUntaggedCbor(cborValue) {
 		return new SigningPrivateKey("Ed25519", void 0, Ed25519PrivateKey.from(new Uint8Array(_bcts_crypto.ED25519_PRIVATE_KEY_SIZE))).fromUntaggedCbor(cborValue);
 	}
 	/**
@@ -11795,7 +12773,7 @@ var SigningPrivateKey = class SigningPrivateKey {
 	* Returns the UR representation of the signing private key.
 	*/
 	ur() {
-		return _bcts_uniform_resources.UR.new(SigningPrivateKey.UR_TYPE, this.taggedCbor());
+		return _bcts_uniform_resources.UR.new(SigningPrivateKey.UR_TYPE, this.untaggedCbor());
 	}
 	/**
 	* Returns the UR string representation of the signing private key.
@@ -11808,7 +12786,7 @@ var SigningPrivateKey = class SigningPrivateKey {
 	*/
 	static fromUR(ur) {
 		ur.checkType(SigningPrivateKey.UR_TYPE);
-		return SigningPrivateKey.fromTaggedCbor(ur.cbor());
+		return SigningPrivateKey.fromUntaggedCbor(ur.cbor());
 	}
 	/**
 	* Creates a SigningPrivateKey from a UR string.
@@ -11920,7 +12898,7 @@ var PublicKeys = class PublicKeys {
 	* representation, providing a unique, content-addressable identifier.
 	*/
 	reference() {
-		const digest = require_digest.Digest.fromImage(this.taggedCborData());
+		const digest = Digest.fromImage(this.taggedCborData());
 		return Reference.from(digest);
 	}
 	/**
@@ -12178,7 +13156,7 @@ var PrivateKeys = class PrivateKeys {
 	* representation, providing a unique, content-addressable identifier.
 	*/
 	reference() {
-		const digest = require_digest.Digest.fromImage(this.taggedCborData());
+		const digest = Digest.fromImage(this.taggedCborData());
 		return Reference.from(digest);
 	}
 	/**
@@ -12493,7 +13471,7 @@ var SealedMessage = class SealedMessage {
 	* Get string representation.
 	*/
 	toString() {
-		return `SealedMessage(${this._encapsulatedKey.encapsulationScheme()}, ciphertext: ${require_digest.bytesToHex(this._message.ciphertext()).substring(0, 16)}...)`;
+		return `SealedMessage(${this._encapsulatedKey.encapsulationScheme()}, ciphertext: ${bytesToHex(this._message.ciphertext()).substring(0, 16)}...)`;
 	}
 	/**
 	* Returns the CBOR tags associated with SealedMessage.
@@ -13305,7 +14283,7 @@ var SSHAgentParams = class SSHAgentParams {
 	* @throws CryptoError - SSH agent support is not available
 	*/
 	lock(_contentKey, _secret) {
-		throw require_digest.CryptoError.sshAgent("SSH agent key derivation is not yet implemented in this TypeScript port. Use HKDF, PBKDF2, Scrypt, or Argon2id instead.");
+		throw CryptoError.sshAgent("SSH agent key derivation is not yet implemented in this TypeScript port. Use HKDF, PBKDF2, Scrypt, or Argon2id instead.");
 	}
 	/**
 	* Derive a key using SSH agent and decrypt the content key.
@@ -13317,7 +14295,7 @@ var SSHAgentParams = class SSHAgentParams {
 	* @throws CryptoError - SSH agent support is not available
 	*/
 	unlock(_encryptedMessage, _secret) {
-		throw require_digest.CryptoError.sshAgent("SSH agent key derivation is not yet implemented in this TypeScript port. Use HKDF, PBKDF2, Scrypt, or Argon2id instead.");
+		throw CryptoError.sshAgent("SSH agent key derivation is not yet implemented in this TypeScript port. Use HKDF, PBKDF2, Scrypt, or Argon2id instead.");
 	}
 	/**
 	* Get string representation.
@@ -13657,7 +14635,7 @@ var EncryptedKey = class EncryptedKey {
 	*/
 	unlock(secret) {
 		const aad = this._encryptedMessage.aad();
-		if (aad.length === 0) throw require_digest.CryptoError.invalidData("Missing AAD in EncryptedKey");
+		if (aad.length === 0) throw CryptoError.invalidData("Missing AAD in EncryptedKey");
 		const params = keyDerivationParamsFromCbor((0, _bcts_dcbor.decodeCbor)(aad));
 		switch (params.type) {
 			case "hkdf": return params.params.unlock(this._encryptedMessage, secret);
@@ -13710,7 +14688,7 @@ var EncryptedKey = class EncryptedKey {
 	fromUntaggedCbor(cborValue) {
 		const encryptedMessage = EncryptedMessage.fromTaggedCbor(cborValue);
 		const aad = encryptedMessage.aad();
-		if (aad.length === 0) throw require_digest.CryptoError.invalidData("Missing AAD in EncryptedKey");
+		if (aad.length === 0) throw CryptoError.invalidData("Missing AAD in EncryptedKey");
 		return new EncryptedKey(keyDerivationParamsFromCbor((0, _bcts_dcbor.decodeCbor)(aad)), encryptedMessage);
 	}
 	/**
@@ -13828,7 +14806,7 @@ var SSKRShareCbor = class SSKRShareCbor {
 	* @param hex - The share as a hex string
 	*/
 	static fromHex(hex) {
-		return new SSKRShareCbor(require_digest.hexToBytes(hex));
+		return new SSKRShareCbor(hexToBytes(hex));
 	}
 	/**
 	* Returns the raw share bytes.
@@ -13846,7 +14824,7 @@ var SSKRShareCbor = class SSKRShareCbor {
 	* Returns the share as a hex string.
 	*/
 	hex() {
-		return require_digest.bytesToHex(this._data);
+		return bytesToHex(this._data);
 	}
 	/**
 	* Returns the identifier (2 bytes) as a number.
@@ -13858,7 +14836,7 @@ var SSKRShareCbor = class SSKRShareCbor {
 	* Returns the identifier as a hex string.
 	*/
 	identifierHex() {
-		return require_digest.bytesToHex(this._data.subarray(0, 2));
+		return bytesToHex(this._data.subarray(0, 2));
 	}
 	/**
 	* Returns the group threshold (minimum number of groups needed).
@@ -13956,7 +14934,7 @@ var SSKRShareCbor = class SSKRShareCbor {
 	* Static method to decode from tagged CBOR.
 	*/
 	static fromTaggedCbor(cborValue) {
-		return new SSKRShareCbor(new Uint8Array(METADATA_SIZE_BYTES + 16)).fromTaggedCbor(cborValue);
+		return new SSKRShareCbor(new Uint8Array(21)).fromTaggedCbor(cborValue);
 	}
 	/**
 	* Static method to decode from tagged CBOR binary data.
@@ -13970,7 +14948,7 @@ var SSKRShareCbor = class SSKRShareCbor {
 	*/
 	static fromUntaggedCborData(data) {
 		const cborValue = (0, _bcts_dcbor.decodeCbor)(data);
-		return new SSKRShareCbor(new Uint8Array(METADATA_SIZE_BYTES + 16)).fromUntaggedCbor(cborValue);
+		return new SSKRShareCbor(new Uint8Array(21)).fromUntaggedCbor(cborValue);
 	}
 };
 /**
@@ -14100,12 +15078,12 @@ Object.defineProperty(exports, "COMPRESSED", {
 	}
 });
 exports.Compressed = Compressed;
-exports.CryptoError = require_digest.CryptoError;
+exports.CryptoError = CryptoError;
 exports.DEFAULT_PBKDF2_ITERATIONS = DEFAULT_PBKDF2_ITERATIONS;
 exports.DEFAULT_SCRYPT_LOG_N = DEFAULT_SCRYPT_LOG_N;
 exports.DEFAULT_SCRYPT_P = DEFAULT_SCRYPT_P;
 exports.DEFAULT_SCRYPT_R = DEFAULT_SCRYPT_R;
-exports.Digest = require_digest.Digest;
+exports.Digest = Digest;
 exports.ECPrivateKey = ECPrivateKey;
 exports.ECPublicKey = ECPublicKey;
 exports.ECUncompressedPublicKey = ECUncompressedPublicKey;
@@ -14129,7 +15107,7 @@ exports.EncapsulationPublicKey = EncapsulationPublicKey;
 exports.EncapsulationScheme = EncapsulationScheme;
 exports.EncryptedKey = EncryptedKey;
 exports.EncryptedMessage = EncryptedMessage;
-exports.ErrorKind = require_digest.ErrorKind;
+exports.ErrorKind = ErrorKind;
 exports.HKDFParams = HKDFParams;
 exports.HKDFRng = HKDFRng;
 exports.HashType = HashType;
@@ -14199,10 +15177,9 @@ exports.X25519PrivateKey = X25519PrivateKey;
 exports.X25519PublicKey = X25519PublicKey;
 exports.XID = XID;
 exports.XID_PREFIX = XID_PREFIX;
-exports.__toESM = __toESM;
 exports.argon2idParams = argon2idParams;
-exports.bytesEqual = require_digest.bytesEqual;
-exports.bytesToHex = require_digest.bytesToHex;
+exports.bytesEqual = bytesEqual;
+exports.bytesToHex = bytesToHex;
 exports.createEncapsulationKeypair = createEncapsulationKeypair;
 exports.createEncapsulationKeypairUsing = createEncapsulationKeypairUsing;
 exports.createKeypair = createKeypair;
@@ -14212,20 +15189,20 @@ exports.defaultKeyDerivationMethod = defaultKeyDerivationMethod;
 exports.defaultKeyDerivationParams = defaultKeyDerivationParams;
 exports.defaultSignatureScheme = defaultSignatureScheme;
 exports.digestFromBytes = digestFromBytes;
-exports.fromBase64 = require_digest.fromBase64;
+exports.fromBase64 = fromBase64;
 exports.hashTypeFromCbor = hashTypeFromCbor;
 exports.hashTypeToCbor = hashTypeToCbor;
 exports.hashTypeToString = hashTypeToString;
-exports.hexToBytes = require_digest.hexToBytes;
+exports.hexToBytes = hexToBytes;
 exports.hkdfParams = hkdfParams;
-exports.isCryptoError = require_digest.isCryptoError;
-exports.isCryptoErrorKind = require_digest.isCryptoErrorKind;
+exports.isCryptoError = isCryptoError;
+exports.isCryptoErrorKind = isCryptoErrorKind;
 exports.isDecrypter = isDecrypter;
 exports.isECKey = isECKey;
 exports.isECKeyBase = isECKeyBase;
 exports.isECPublicKeyBase = isECPublicKeyBase;
 exports.isEncrypter = isEncrypter;
-exports.isError = require_digest.isError;
+exports.isError = isError;
 exports.isMldsaScheme = isMldsaScheme;
 exports.isPasswordBased = isPasswordBased;
 exports.isPrivateKeyDataProvider = isPrivateKeyDataProvider;
@@ -14277,6 +15254,6 @@ exports.sskrGenerate = _bcts_sskr.sskrGenerate;
 exports.sskrGenerateShares = sskrGenerateShares;
 exports.sskrGenerateSharesUsing = sskrGenerateSharesUsing;
 exports.sskrGenerateUsing = _bcts_sskr.sskrGenerateUsing;
-exports.toBase64 = require_digest.toBase64;
+exports.toBase64 = toBase64;
 //# sourceMappingURL=index.cjs.map