npm - @bcts/components - Versions diffs - 1.0.0-beta.0 → 1.0.0-beta.1 - Mend

@bcts/components 1.0.0-beta.0 → 1.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/index.cjs +1160 -183
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +17 -1
package/dist/index.d.cts.map +1 -1
package/dist/index.d.mts +17 -1
package/dist/index.d.mts.map +1 -1
package/dist/index.iife.js +799 -816
package/dist/index.iife.js.map +1 -1
package/dist/index.mjs +992 -14
package/dist/index.mjs.map +1 -1
package/package.json +11 -11
package/dist/digest-B1bpgcdz.mjs +0 -943
package/dist/digest-B1bpgcdz.mjs.map +0 -1
package/dist/digest-DL5sTq8T.cjs +0 -996
package/dist/digest-DL5sTq8T.cjs.map +0 -1
package/dist/digest-DRakTOWS.cjs +0 -2

package/dist/index.mjs CHANGED Viewed

@@ -1,8 +1,7 @@
-import { a as fromBase64, c as CryptoError, d as isCryptoErrorKind, f as isError, i as bytesToHex, l as ErrorKind, o as hexToBytes, r as bytesEqual, s as toBase64, t as Digest, u as isCryptoError } from "./digest-B1bpgcdz.mjs";
 import { CborDate, CborMap, cbor, createTaggedCbor, decodeCbor, expectArray, expectBytes, expectInteger, expectMap, expectNumber, expectText, expectUnsigned, extractTaggedContent, isArray, isBytes, isTagged, tagValue, tagsForValues, toByteString, toTaggedValue, validateTag } from "@bcts/dcbor";
-import { ARID as ARID$1, COMPRESSED, COMPRESSED as COMPRESSED$1, EC_KEY, EC_KEY_V1, ENCRYPTED, ENCRYPTED as ENCRYPTED$1, ENCRYPTED_KEY, ENVELOPE, JSON as JSON$1, KNOWN_VALUE, LEAF, MLDSA_PRIVATE_KEY, MLDSA_PUBLIC_KEY, MLDSA_SIGNATURE, MLKEM_CIPHERTEXT, MLKEM_PRIVATE_KEY, MLKEM_PUBLIC_KEY, NONCE, PRIVATE_KEYS, PRIVATE_KEY_BASE, PUBLIC_KEYS, REFERENCE, SALT, SEALED_MESSAGE, SEED, SEED_V1, SIGNATURE, SIGNING_PRIVATE_KEY, SIGNING_PUBLIC_KEY, SSH_TEXT_PRIVATE_KEY, SSH_TEXT_PUBLIC_KEY, SSH_TEXT_SIGNATURE, SSKR_SHARE, SSKR_SHARE_V1, SYMMETRIC_KEY, URI as URI$1, UUID as UUID$1, X25519_PRIVATE_KEY, X25519_PUBLIC_KEY, XID as XID$1 } from "@bcts/tags";
+import { ARID as ARID$1, COMPRESSED, COMPRESSED as COMPRESSED$1, DIGEST, EC_KEY, EC_KEY_V1, ENCRYPTED, ENCRYPTED as ENCRYPTED$1, ENCRYPTED_KEY, ENVELOPE, JSON as JSON$1, KNOWN_VALUE, LEAF, MLDSA_PRIVATE_KEY, MLDSA_PUBLIC_KEY, MLDSA_SIGNATURE, MLKEM_CIPHERTEXT, MLKEM_PRIVATE_KEY, MLKEM_PUBLIC_KEY, NONCE, PRIVATE_KEYS, PRIVATE_KEY_BASE, PUBLIC_KEYS, REFERENCE, SALT, SEALED_MESSAGE, SEED, SEED_V1, SIGNATURE, SIGNING_PRIVATE_KEY, SIGNING_PUBLIC_KEY, SSH_TEXT_PRIVATE_KEY, SSH_TEXT_PUBLIC_KEY, SSH_TEXT_SIGNATURE, SSKR_SHARE, SSKR_SHARE_V1, SYMMETRIC_KEY, URI as URI$1, UUID as UUID$1, X25519_PRIVATE_KEY, X25519_PUBLIC_KEY, XID as XID$1 } from "@bcts/tags";
 import { deflateRaw, inflateRaw } from "pako";
-import { ECDSA_PRIVATE_KEY_SIZE, ECDSA_PUBLIC_KEY_SIZE, ECDSA_SIGNATURE_SIZE, ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE, ED25519_PRIVATE_KEY_SIZE, ED25519_PUBLIC_KEY_SIZE, ED25519_SIGNATURE_SIZE, SCHNORR_PUBLIC_KEY_SIZE, SCHNORR_SIGNATURE_SIZE, SYMMETRIC_NONCE_SIZE, X25519_PRIVATE_KEY_SIZE, X25519_PUBLIC_KEY_SIZE, aeadChaCha20Poly1305DecryptWithAad, aeadChaCha20Poly1305EncryptWithAad, argon2id, deriveAgreementPrivateKey, deriveSigningPrivateKey, ecdsaCompressPublicKey, ecdsaDecompressPublicKey, ecdsaDerivePrivateKey, ecdsaPublicKeyFromPrivateKey, ecdsaSign, ecdsaVerify, ed25519PublicKeyFromPrivateKey, ed25519Sign, ed25519Verify, hash, hkdfHmacSha256, pbkdf2HmacSha256, schnorrPublicKeyFromPrivateKey, schnorrSign, schnorrSignUsing, schnorrVerify, scryptOpt, x25519PublicKeyFromPrivateKey, x25519SharedKey } from "@bcts/crypto";
+import { ECDSA_PRIVATE_KEY_SIZE, ECDSA_PUBLIC_KEY_SIZE, ECDSA_SIGNATURE_SIZE, ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE, ED25519_PRIVATE_KEY_SIZE, ED25519_PUBLIC_KEY_SIZE, ED25519_SIGNATURE_SIZE, SCHNORR_PUBLIC_KEY_SIZE, SCHNORR_SIGNATURE_SIZE, SHA256_SIZE, SYMMETRIC_NONCE_SIZE, X25519_PRIVATE_KEY_SIZE, X25519_PUBLIC_KEY_SIZE, aeadChaCha20Poly1305DecryptWithAad, aeadChaCha20Poly1305EncryptWithAad, argon2id, deriveAgreementPrivateKey, deriveSigningPrivateKey, ecdsaCompressPublicKey, ecdsaDecompressPublicKey, ecdsaDerivePrivateKey, ecdsaPublicKeyFromPrivateKey, ecdsaSign, ecdsaVerify, ed25519PublicKeyFromPrivateKey, ed25519Sign, ed25519Verify, hash, hkdfHmacSha256, pbkdf2HmacSha256, schnorrPublicKeyFromPrivateKey, schnorrSign, schnorrSignUsing, schnorrVerify, scryptOpt, sha256, x25519PublicKeyFromPrivateKey, x25519SharedKey } from "@bcts/crypto";
 import { UR, encodeBytemojisIdentifier, encodeBytewordsIdentifier } from "@bcts/uniform-resources";
 import { SecureRandomNumberGenerator, rngNextInClosedRangeI32 } from "@bcts/rand";
 import * as sr25519 from "@scure/sr25519";
@@ -16,6 +15,503 @@ import { base64 } from "@scure/base";
 import { hmac } from "@noble/hashes/hmac.js";
 import { ml_kem1024, ml_kem512, ml_kem768 } from "@noble/post-quantum/ml-kem.js";
 import { GroupSpec as SSKRGroupSpec, Secret as SSKRSecret, Spec as SSKRSpec, sskrCombine, sskrGenerate, sskrGenerateUsing } from "@bcts/sskr";
+//#region src/error.ts
+/**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* Error types for cryptographic and component operations
+*
+* Ported from bc-components-rust/src/error.rs
+*
+* This module provides a unified error handling system that matches the Rust
+* implementation's error variants with full structural parity:
+*
+* - InvalidSize: Invalid data size for the specified type
+* - InvalidData: Invalid data format or content
+* - DataTooShort: Data too short for the expected type
+* - Crypto: Cryptographic operation failed
+* - Cbor: CBOR encoding or decoding error
+* - Sskr: SSKR error
+* - Ssh: SSH key operation failed
+* - Uri: URI parsing failed
+* - Compression: Data compression/decompression failed
+* - PostQuantum: Post-quantum cryptography library error
+* - LevelMismatch: Signature level mismatch
+* - SshAgent: SSH agent operation failed
+* - Hex: Hex decoding error
+* - Utf8: UTF-8 conversion error
+* - Env: Environment variable error
+* - SshAgentClient: SSH agent client error
+* - General: General error with custom message
+*/
+/**
+* Error kind enum matching Rust's Error variants.
+*
+* This enum allows programmatic checking of error types, matching the
+* Rust enum variants exactly.
+*/
+let ErrorKind = /* @__PURE__ */ function(ErrorKind) {
+	/** Invalid data size for the specified type */
+	ErrorKind["InvalidSize"] = "InvalidSize";
+	/** Invalid data format or content */
+	ErrorKind["InvalidData"] = "InvalidData";
+	/** Data too short for the expected type */
+	ErrorKind["DataTooShort"] = "DataTooShort";
+	/** Cryptographic operation failed */
+	ErrorKind["Crypto"] = "Crypto";
+	/** CBOR encoding or decoding error */
+	ErrorKind["Cbor"] = "Cbor";
+	/** SSKR error */
+	ErrorKind["Sskr"] = "Sskr";
+	/** SSH key operation failed */
+	ErrorKind["Ssh"] = "Ssh";
+	/** URI parsing failed */
+	ErrorKind["Uri"] = "Uri";
+	/** Data compression/decompression failed */
+	ErrorKind["Compression"] = "Compression";
+	/** Post-quantum cryptography library error */
+	ErrorKind["PostQuantum"] = "PostQuantum";
+	/** Signature level mismatch */
+	ErrorKind["LevelMismatch"] = "LevelMismatch";
+	/** SSH agent operation failed */
+	ErrorKind["SshAgent"] = "SshAgent";
+	/** Hex decoding error */
+	ErrorKind["Hex"] = "Hex";
+	/** UTF-8 conversion error */
+	ErrorKind["Utf8"] = "Utf8";
+	/** Environment variable error */
+	ErrorKind["Env"] = "Env";
+	/** SSH agent client error */
+	ErrorKind["SshAgentClient"] = "SshAgentClient";
+	/** General error with custom message */
+	ErrorKind["General"] = "General";
+	return ErrorKind;
+}({});
+/**
+* Error type for cryptographic and component operations.
+*
+* This class provides full structural parity with the Rust Error enum,
+* including:
+* - An `errorKind` property for programmatic error type checking
+* - Structured `errorData` for accessing error-specific fields
+* - Factory methods matching Rust's impl block
+*/
+var CryptoError = class CryptoError extends Error {
+	/** The error kind for programmatic type checking */
+	errorKind;
+	/** Structured error data matching Rust's error variants */
+	errorData;
+	constructor(message, errorData) {
+		super(message);
+		this.name = "CryptoError";
+		this.errorKind = errorData.kind;
+		this.errorData = errorData;
+		const ErrorWithStackTrace = Error;
+		if (typeof ErrorWithStackTrace.captureStackTrace === "function") ErrorWithStackTrace.captureStackTrace(this, CryptoError);
+	}
+	/**
+	* Create an invalid size error.
+	*
+	* Rust equivalent: `Error::InvalidSize { data_type, expected, actual }`
+	*
+	* @param expected - The expected size
+	* @param actual - The actual size received
+	*/
+	static invalidSize(expected, actual) {
+		return CryptoError.invalidSizeForType("data", expected, actual);
+	}
+	/**
+	* Create an invalid size error with a data type name.
+	*
+	* Rust equivalent: `Error::invalid_size(data_type, expected, actual)`
+	*
+	* @param dataType - The name of the data type
+	* @param expected - The expected size
+	* @param actual - The actual size received
+	*/
+	static invalidSizeForType(dataType, expected, actual) {
+		return new CryptoError(`invalid ${dataType} size: expected ${expected}, got ${actual}`, {
+			kind: "InvalidSize",
+			dataType,
+			expected,
+			actual
+		});
+	}
+	/**
+	* Create an invalid data error.
+	*
+	* @param message - Description of what's invalid
+	*/
+	static invalidData(message) {
+		return CryptoError.invalidDataForType("data", message);
+	}
+	/**
+	* Create an invalid data error with a data type name.
+	*
+	* Rust equivalent: `Error::invalid_data(data_type, reason)`
+	*
+	* @param dataType - The name of the data type
+	* @param reason - The reason the data is invalid
+	*/
+	static invalidDataForType(dataType, reason) {
+		return new CryptoError(`invalid ${dataType}: ${reason}`, {
+			kind: "InvalidData",
+			dataType,
+			reason
+		});
+	}
+	/**
+	* Create a data too short error.
+	*
+	* Rust equivalent: `Error::data_too_short(data_type, minimum, actual)`
+	*
+	* @param dataType - The name of the data type
+	* @param minimum - The minimum required size
+	* @param actual - The actual size received
+	*/
+	static dataTooShort(dataType, minimum, actual) {
+		return new CryptoError(`data too short: ${dataType} expected at least ${minimum}, got ${actual}`, {
+			kind: "DataTooShort",
+			dataType,
+			minimum,
+			actual
+		});
+	}
+	/**
+	* Create an invalid format error.
+	*
+	* @param message - Description of the format error
+	*/
+	static invalidFormat(message) {
+		return CryptoError.invalidDataForType("format", message);
+	}
+	/**
+	* Create an invalid input error.
+	*
+	* @param message - Description of the invalid input
+	*/
+	static invalidInput(message) {
+		return CryptoError.invalidDataForType("input", message);
+	}
+	/**
+	* Create a cryptographic operation failed error.
+	*
+	* Rust equivalent: `Error::crypto(msg)`
+	*
+	* @param message - Description of the failure
+	*/
+	static cryptoOperation(message) {
+		return CryptoError.crypto(message);
+	}
+	/**
+	* Create a crypto error.
+	*
+	* Rust equivalent: `Error::Crypto(msg)`
+	*
+	* @param message - Description of the failure
+	*/
+	static crypto(message) {
+		return new CryptoError(`cryptographic operation failed: ${message}`, {
+			kind: "Crypto",
+			message
+		});
+	}
+	/**
+	* Create a post-quantum cryptography error.
+	*
+	* Rust equivalent: `Error::post_quantum(msg)`
+	*
+	* @param message - Description of the failure
+	*/
+	static postQuantum(message) {
+		return new CryptoError(`post-quantum cryptography error: ${message}`, {
+			kind: "PostQuantum",
+			message
+		});
+	}
+	/**
+	* Create a signature level mismatch error.
+	*
+	* Rust equivalent: `Error::LevelMismatch`
+	*/
+	static levelMismatch() {
+		return new CryptoError("signature level does not match key level", { kind: "LevelMismatch" });
+	}
+	/**
+	* Create a CBOR error.
+	*
+	* Rust equivalent: `Error::Cbor(err)`
+	*
+	* @param message - Description of the CBOR error
+	*/
+	static cbor(message) {
+		return new CryptoError(`CBOR error: ${message}`, {
+			kind: "Cbor",
+			message
+		});
+	}
+	/**
+	* Create a hex decoding error.
+	*
+	* Rust equivalent: `Error::Hex(err)`
+	*
+	* @param message - Description of the hex error
+	*/
+	static hex(message) {
+		return new CryptoError(`hex decoding error: ${message}`, {
+			kind: "Hex",
+			message
+		});
+	}
+	/**
+	* Create a UTF-8 conversion error.
+	*
+	* Rust equivalent: `Error::Utf8(err)`
+	*
+	* @param message - Description of the UTF-8 error
+	*/
+	static utf8(message) {
+		return new CryptoError(`UTF-8 conversion error: ${message}`, {
+			kind: "Utf8",
+			message
+		});
+	}
+	/**
+	* Create a compression error.
+	*
+	* Rust equivalent: `Error::compression(msg)`
+	*
+	* @param message - Description of the compression error
+	*/
+	static compression(message) {
+		return new CryptoError(`compression error: ${message}`, {
+			kind: "Compression",
+			message
+		});
+	}
+	/**
+	* Create a URI parsing error.
+	*
+	* Rust equivalent: `Error::Uri(err)`
+	*
+	* @param message - Description of the URI error
+	*/
+	static uri(message) {
+		return new CryptoError(`invalid URI: ${message}`, {
+			kind: "Uri",
+			message
+		});
+	}
+	/**
+	* Create an SSKR error.
+	*
+	* Rust equivalent: `Error::Sskr(err)`
+	*
+	* @param message - Description of the SSKR error
+	*/
+	static sskr(message) {
+		return new CryptoError(`SSKR error: ${message}`, {
+			kind: "Sskr",
+			message
+		});
+	}
+	/**
+	* Create an SSH operation error.
+	*
+	* Rust equivalent: `Error::ssh(msg)`
+	*
+	* @param message - Description of the SSH error
+	*/
+	static ssh(message) {
+		return new CryptoError(`SSH operation failed: ${message}`, {
+			kind: "Ssh",
+			message
+		});
+	}
+	/**
+	* Create an SSH agent error.
+	*
+	* Rust equivalent: `Error::ssh_agent(msg)`
+	*
+	* @param message - Description of the SSH agent error
+	*/
+	static sshAgent(message) {
+		return new CryptoError(`SSH agent error: ${message}`, {
+			kind: "SshAgent",
+			message
+		});
+	}
+	/**
+	* Create an SSH agent client error.
+	*
+	* Rust equivalent: `Error::ssh_agent_client(msg)`
+	*
+	* @param message - Description of the SSH agent client error
+	*/
+	static sshAgentClient(message) {
+		return new CryptoError(`SSH agent client error: ${message}`, {
+			kind: "SshAgentClient",
+			message
+		});
+	}
+	/**
+	* Create an environment variable error.
+	*
+	* Rust equivalent: `Error::Env(err)`
+	*
+	* @param message - Description of the environment error
+	*/
+	static env(message) {
+		return new CryptoError(`environment variable error: ${message}`, {
+			kind: "Env",
+			message
+		});
+	}
+	/**
+	* Create a general error with a custom message.
+	*
+	* Rust equivalent: `Error::general(msg)` / `Error::General(msg)`
+	*
+	* @param message - The error message
+	*/
+	static general(message) {
+		return new CryptoError(message, {
+			kind: "General",
+			message
+		});
+	}
+	/**
+	* Check if this error is of a specific kind.
+	*
+	* @param kind - The error kind to check
+	*/
+	isKind(kind) {
+		return this.errorKind === kind;
+	}
+	/**
+	* Check if this is an InvalidSize error.
+	*/
+	isInvalidSize() {
+		return this.errorKind === "InvalidSize";
+	}
+	/**
+	* Check if this is an InvalidData error.
+	*/
+	isInvalidData() {
+		return this.errorKind === "InvalidData";
+	}
+	/**
+	* Check if this is a DataTooShort error.
+	*/
+	isDataTooShort() {
+		return this.errorKind === "DataTooShort";
+	}
+	/**
+	* Check if this is a Crypto error.
+	*/
+	isCrypto() {
+		return this.errorKind === "Crypto";
+	}
+	/**
+	* Check if this is a Cbor error.
+	*/
+	isCbor() {
+		return this.errorKind === "Cbor";
+	}
+	/**
+	* Check if this is an Sskr error.
+	*/
+	isSskr() {
+		return this.errorKind === "Sskr";
+	}
+	/**
+	* Check if this is an Ssh error.
+	*/
+	isSsh() {
+		return this.errorKind === "Ssh";
+	}
+	/**
+	* Check if this is a Uri error.
+	*/
+	isUri() {
+		return this.errorKind === "Uri";
+	}
+	/**
+	* Check if this is a Compression error.
+	*/
+	isCompression() {
+		return this.errorKind === "Compression";
+	}
+	/**
+	* Check if this is a PostQuantum error.
+	*/
+	isPostQuantum() {
+		return this.errorKind === "PostQuantum";
+	}
+	/**
+	* Check if this is a LevelMismatch error.
+	*/
+	isLevelMismatch() {
+		return this.errorKind === "LevelMismatch";
+	}
+	/**
+	* Check if this is an SshAgent error.
+	*/
+	isSshAgent() {
+		return this.errorKind === "SshAgent";
+	}
+	/**
+	* Check if this is a Hex error.
+	*/
+	isHex() {
+		return this.errorKind === "Hex";
+	}
+	/**
+	* Check if this is a Utf8 error.
+	*/
+	isUtf8() {
+		return this.errorKind === "Utf8";
+	}
+	/**
+	* Check if this is an Env error.
+	*/
+	isEnv() {
+		return this.errorKind === "Env";
+	}
+	/**
+	* Check if this is an SshAgentClient error.
+	*/
+	isSshAgentClient() {
+		return this.errorKind === "SshAgentClient";
+	}
+	/**
+	* Check if this is a General error.
+	*/
+	isGeneral() {
+		return this.errorKind === "General";
+	}
+};
+/**
+* Type guard to check if a result is an Error.
+*/
+function isError(result) {
+	return result instanceof Error;
+}
+/**
+* Type guard to check if a result is a CryptoError.
+*/
+function isCryptoError(result) {
+	return result instanceof CryptoError;
+}
+/**
+* Type guard to check if an error is a CryptoError of a specific kind.
+*/
+function isCryptoErrorKind(result, kind) {
+	return isCryptoError(result) && result.errorKind === kind;
+}
+//#endregion
 //#region src/private-key-data-provider.ts
 /**
 * Type guard to check if an object implements PrivateKeyDataProvider
@@ -38,6 +534,129 @@ function isDecrypter(obj) {
 	return typeof obj === "object" && obj !== null && "encapsulationPrivateKey" in obj && typeof obj.encapsulationPrivateKey === "function" && "decapsulateSharedSecret" in obj && typeof obj.decapsulateSharedSecret === "function";
 }
 //#endregion
+//#region src/utils.ts
+/**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* Utility functions for byte array conversions and comparisons.
+*
+* These functions provide cross-platform support for common byte manipulation
+* operations needed in cryptographic and encoding contexts.
+*
+* @packageDocumentation
+*/
+/**
+* Convert a Uint8Array to a lowercase hexadecimal string.
+*
+* @param data - The byte array to convert
+* @returns A lowercase hex string representation (2 characters per byte)
+*
+* @example
+* ```typescript
+* const bytes = new Uint8Array([0xde, 0xad, 0xbe, 0xef]);
+* bytesToHex(bytes); // "deadbeef"
+* ```
+*/
+function bytesToHex(data) {
+	return Array.from(data).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+/**
+* Convert a hexadecimal string to a Uint8Array.
+*
+* @param hex - A hex string (must have even length, case-insensitive)
+* @returns The decoded byte array
+* @throws {Error} If the hex string has odd length or contains invalid characters
+*
+* @example
+* ```typescript
+* hexToBytes("deadbeef"); // Uint8Array([0xde, 0xad, 0xbe, 0xef])
+* hexToBytes("DEADBEEF"); // Uint8Array([0xde, 0xad, 0xbe, 0xef])
+* hexToBytes("xyz"); // throws Error: Invalid hex string
+* ```
+*/
+function hexToBytes(hex) {
+	if (hex.length % 2 !== 0) throw new Error(`Hex string must have even length, got ${hex.length}`);
+	if (!/^[0-9A-Fa-f]*$/.test(hex)) throw new Error("Invalid hex string: contains non-hexadecimal characters");
+	const data = new Uint8Array(hex.length / 2);
+	for (let i = 0; i < hex.length; i += 2) data[i / 2] = parseInt(hex.substring(i, i + 2), 16);
+	return data;
+}
+/**
+* Convert a Uint8Array to a base64-encoded string.
+*
+* This function works in both browser and Node.js environments.
+* Uses btoa which is available in browsers and Node.js 16+.
+*
+* @param data - The byte array to encode
+* @returns A base64-encoded string
+*
+* @example
+* ```typescript
+* const bytes = new Uint8Array([72, 101, 108, 108, 111]); // "Hello"
+* toBase64(bytes); // "SGVsbG8="
+* ```
+*/
+function toBase64(data) {
+	let binary = "";
+	for (const byte of data) binary += String.fromCharCode(byte);
+	return btoa(binary);
+}
+/**
+* Convert a base64-encoded string to a Uint8Array.
+*
+* This function works in both browser and Node.js environments.
+* Uses atob which is available in browsers and Node.js 16+.
+*
+* @param base64 - A base64-encoded string
+* @returns The decoded byte array
+*
+* @example
+* ```typescript
+* fromBase64("SGVsbG8="); // Uint8Array([72, 101, 108, 108, 111])
+* ```
+*/
+function fromBase64(base64) {
+	const binary = atob(base64);
+	const bytes = new Uint8Array(binary.length);
+	for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+	return bytes;
+}
+/**
+* Compare two Uint8Arrays for equality using constant-time comparison.
+*
+* This function is designed to be resistant to timing attacks by always
+* comparing all bytes regardless of where a difference is found. The
+* comparison time depends only on the length of the arrays, not on where
+* they differ.
+*
+* **Security Note**: If the arrays have different lengths, this function
+* returns `false` immediately, which does leak length information. For
+* cryptographic uses where length should also be secret, ensure both
+* arrays are the same length before comparison.
+*
+* @param a - First byte array
+* @param b - Second byte array
+* @returns `true` if both arrays have the same length and identical contents
+*
+* @example
+* ```typescript
+* const key1 = new Uint8Array([1, 2, 3, 4]);
+* const key2 = new Uint8Array([1, 2, 3, 4]);
+* const key3 = new Uint8Array([1, 2, 3, 5]);
+*
+* bytesEqual(key1, key2); // true
+* bytesEqual(key1, key3); // false
+* ```
+*/
+function bytesEqual(a, b) {
+	if (a.length !== b.length) return false;
+	let result = 0;
+	for (let i = 0; i < a.length; i++) result |= a[i] ^ b[i];
+	return result === 0;
+}
+//#endregion
 //#region src/json.ts
 /**
 * Copyright © 2023-2026 Blockchain Commons, LLC
@@ -217,6 +836,309 @@ var JSON = class JSON {
 	}
 };
 //#endregion
+//#region src/digest.ts
+/**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* SHA-256 cryptographic digest (32 bytes)
+*
+* Ported from bc-components-rust/src/digest.rs
+*
+* A `Digest` represents the cryptographic hash of some data. In this
+* implementation, SHA-256 is used, which produces a 32-byte hash value.
+* Digests are used throughout the crate for data verification and as unique
+* identifiers derived from data.
+*
+* # CBOR Serialization
+*
+* `Digest` implements the CBOR tagged encoding interfaces, which means it can be
+* serialized to and deserialized from CBOR with a specific tag (TAG_DIGEST = 40001).
+*
+* # UR Serialization
+*
+* When serialized as a Uniform Resource (UR), a `Digest` is represented as a
+* binary blob with the type "digest".
+*
+* @example
+* ```typescript
+* import { Digest } from '@bcts/components';
+*
+* // Create a digest from a string
+* const data = new TextEncoder().encode("hello world");
+* const digest = Digest.fromImage(data);
+*
+* // Validate that the digest matches the original data
+* console.log(digest.validate(data)); // true
+*
+* // Create a digest from a hex string
+* const hexString = "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9";
+* const digest2 = Digest.fromHex(hexString);
+*
+* // Retrieve the digest as hex
+* console.log(digest2.hex()); // b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
+* ```
+*/
+var Digest = class Digest {
+	static DIGEST_SIZE = SHA256_SIZE;
+	_data;
+	constructor(data) {
+		if (data.length !== Digest.DIGEST_SIZE) throw CryptoError.invalidSize(Digest.DIGEST_SIZE, data.length);
+		this._data = new Uint8Array(data);
+	}
+	/**
+	* Get the digest data.
+	*/
+	data() {
+		return this._data;
+	}
+	/**
+	* Create a Digest from a 32-byte array.
+	*/
+	static fromData(data) {
+		return new Digest(new Uint8Array(data));
+	}
+	/**
+	* Create a Digest from data, validating the length.
+	* Alias for fromData for compatibility with Rust API.
+	*/
+	static fromDataRef(data) {
+		return Digest.fromData(data);
+	}
+	/**
+	* Create a Digest from hex string.
+	*
+	* @throws Error if the hex string is not exactly 64 characters.
+	*/
+	static fromHex(hex) {
+		return new Digest(hexToBytes(hex));
+	}
+	/**
+	* Compute SHA-256 digest of data (called "image" in Rust).
+	*
+	* @param image - The data to hash
+	*/
+	static fromImage(image) {
+		const hashData = sha256(image);
+		return new Digest(new Uint8Array(hashData));
+	}
+	/**
+	* Compute SHA-256 digest from multiple data parts.
+	*
+	* The parts are concatenated and then hashed.
+	*
+	* @param imageParts - Array of byte arrays to concatenate and hash
+	*/
+	static fromImageParts(imageParts) {
+		const totalLength = imageParts.reduce((sum, part) => sum + part.length, 0);
+		const buf = new Uint8Array(totalLength);
+		let offset = 0;
+		for (const part of imageParts) {
+			buf.set(part, offset);
+			offset += part.length;
+		}
+		return Digest.fromImage(buf);
+	}
+	/**
+	* Compute SHA-256 digest from an array of Digests.
+	*
+	* The digest bytes are concatenated and then hashed.
+	*
+	* @param digests - Array of Digests to combine
+	*/
+	static fromDigests(digests) {
+		const buf = new Uint8Array(digests.length * Digest.DIGEST_SIZE);
+		let offset = 0;
+		for (const digest of digests) {
+			buf.set(digest._data, offset);
+			offset += Digest.DIGEST_SIZE;
+		}
+		return Digest.fromImage(buf);
+	}
+	/**
+	* Compute SHA-256 digest of data (legacy alias for fromImage).
+	* @deprecated Use fromImage instead
+	*/
+	static hash(data) {
+		return Digest.fromImage(data);
+	}
+	/**
+	* Get the raw digest bytes as a copy.
+	*/
+	toData() {
+		return new Uint8Array(this._data);
+	}
+	/**
+	* Get a reference to the raw digest bytes.
+	*/
+	asBytes() {
+		return this._data;
+	}
+	/**
+	* Get hex string representation.
+	*/
+	hex() {
+		return bytesToHex(this._data);
+	}
+	/**
+	* Get hex string representation (alias for hex()).
+	*/
+	toHex() {
+		return this.hex();
+	}
+	/**
+	* Get base64 representation.
+	*/
+	toBase64() {
+		return toBase64(this._data);
+	}
+	/**
+	* Get the first four bytes of the digest as a hexadecimal string.
+	* Useful for short descriptions.
+	*/
+	shortDescription() {
+		return bytesToHex(this._data.slice(0, 4));
+	}
+	/**
+	* Validate the digest against the given image.
+	*
+	* The image is hashed with SHA-256 and compared to this digest.
+	* @returns `true` if the digest matches the image.
+	*/
+	validate(image) {
+		return this.equals(Digest.fromImage(image));
+	}
+	/**
+	* Compare with another Digest.
+	*/
+	equals(other) {
+		if (this._data.length !== other._data.length) return false;
+		for (let i = 0; i < this._data.length; i++) if (this._data[i] !== other._data[i]) return false;
+		return true;
+	}
+	/**
+	* Compare digests lexicographically.
+	*/
+	compare(other) {
+		for (let i = 0; i < this._data.length; i++) {
+			const a = this._data[i];
+			const b = other._data[i];
+			if (a < b) return -1;
+			if (a > b) return 1;
+		}
+		return 0;
+	}
+	/**
+	* Get string representation.
+	*/
+	toString() {
+		return `Digest(${this.hex()})`;
+	}
+	/**
+	* A Digest is its own digest provider - returns itself.
+	*/
+	digest() {
+		return this;
+	}
+	/**
+	* Returns the CBOR tags associated with Digest.
+	*/
+	cborTags() {
+		return tagsForValues([DIGEST.value]);
+	}
+	/**
+	* Returns the untagged CBOR encoding (as a byte string).
+	*/
+	untaggedCbor() {
+		return toByteString(this._data);
+	}
+	/**
+	* Returns the tagged CBOR encoding.
+	*/
+	taggedCbor() {
+		return createTaggedCbor(this);
+	}
+	/**
+	* Returns the tagged value in CBOR binary representation.
+	*/
+	taggedCborData() {
+		return this.taggedCbor().toData();
+	}
+	/**
+	* Creates a Digest by decoding it from untagged CBOR.
+	*/
+	fromUntaggedCbor(cbor) {
+		const data = expectBytes(cbor);
+		return Digest.fromData(data);
+	}
+	/**
+	* Creates a Digest by decoding it from tagged CBOR.
+	*/
+	fromTaggedCbor(cbor) {
+		validateTag(cbor, this.cborTags());
+		const content = extractTaggedContent(cbor);
+		return this.fromUntaggedCbor(content);
+	}
+	/**
+	* Static method to decode from tagged CBOR.
+	*/
+	static fromTaggedCbor(cbor) {
+		return new Digest(new Uint8Array(Digest.DIGEST_SIZE)).fromTaggedCbor(cbor);
+	}
+	/**
+	* Static method to decode from tagged CBOR binary data.
+	*/
+	static fromTaggedCborData(data) {
+		const cbor = decodeCbor(data);
+		return Digest.fromTaggedCbor(cbor);
+	}
+	/**
+	* Static method to decode from untagged CBOR binary data.
+	*/
+	static fromUntaggedCborData(data) {
+		const bytes = expectBytes(decodeCbor(data));
+		return Digest.fromData(bytes);
+	}
+	/**
+	* Returns the UR representation of the Digest.
+	* Note: URs use untagged CBOR since the type is conveyed by the UR type itself.
+	*/
+	ur() {
+		return UR.new("digest", this.untaggedCbor());
+	}
+	/**
+	* Returns the UR string representation.
+	*/
+	urString() {
+		return this.ur().string();
+	}
+	/**
+	* Creates a Digest from a UR.
+	*/
+	static fromUR(ur) {
+		ur.checkType("digest");
+		return new Digest(new Uint8Array(Digest.DIGEST_SIZE)).fromUntaggedCbor(ur.cbor());
+	}
+	/**
+	* Creates a Digest from a UR string.
+	*/
+	static fromURString(urString) {
+		const ur = UR.fromURString(urString);
+		return Digest.fromUR(ur);
+	}
+	/**
+	* Validate the given data against the digest, if any.
+	*
+	* Returns `true` if the digest is `undefined` or if the digest matches the
+	* image's digest. Returns `false` if the digest does not match.
+	*/
+	static validateOpt(image, digest) {
+		if (digest === void 0) return true;
+		return digest.validate(image);
+	}
+};
+//#endregion
 //#region src/compressed.ts
 /**
 * Copyright © 2023-2026 Blockchain Commons, LLC
@@ -717,15 +1639,48 @@ var HKDFRng = class HKDFRng {
 //#endregion
 //#region src/digest-provider.ts
 /**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* DigestProvider interface for types that can provide a cryptographic digest.
+*
+* Ported from bc-components-rust/src/digest_provider.rs
+*
+* A type that can provide a single unique digest that characterizes its contents.
+* This trait is used to define a common interface for objects that can produce
+* a cryptographic digest (hash) of their content.
+*
+* @example
+* ```typescript
+* import { DigestProvider, Digest } from '@bcts/components';
+*
+* class Document implements DigestProvider {
+*   private content: Uint8Array;
+*   private cachedDigest?: Digest;
+*
+*   constructor(content: Uint8Array) {
+*     this.content = content;
+*   }
+*
+*   digest(): Digest {
+*     if (!this.cachedDigest) {
+*       this.cachedDigest = Digest.fromImage(this.content);
+*     }
+*     return this.cachedDigest;
+*   }
+* }
+* ```
+*/
+/**
 * Helper function to get a digest from a byte array.
 * This provides DigestProvider-like functionality for raw bytes.
 *
 * @param data - The byte array to hash
 * @returns A Promise resolving to a Digest of the data
 */
-async function digestFromBytes(data) {
-	const { Digest } = await import("./digest-B1bpgcdz.mjs").then((n) => n.n);
-	return Digest.fromImage(data);
+function digestFromBytes(data) {
+	return Promise.resolve(Digest.fromImage(data));
 }
 //#endregion
 //#region src/nonce.ts
@@ -5126,6 +6081,7 @@ var MLDSAPrivateKey = class MLDSAPrivateKey {
 */
 const MAX_UINT32 = 4294967295;
 var SshBufferReader = class {
+	bytes;
 	view;
 	offset;
 	constructor(bytes) {
@@ -6225,7 +7181,7 @@ var SSHPrivateKey = class SSHPrivateKey {
 				if (pubBytes.length !== ED25519_PUBLIC_LEN) throw new Error(`SSHPrivateKey ed25519: public key length ${pubBytes.length} != ${ED25519_PUBLIC_LEN}`);
 				if (publicKey.data.kind !== "ed25519" || !bytesEqual$1(pubBytes, publicKey.data.pubBytes)) throw new Error("SSHPrivateKey ed25519: outer/inner public-key mismatch");
 				const combined = innerReader.readString();
-				if (combined.length !== ED25519_SEED_LEN + ED25519_PUBLIC_LEN) throw new Error(`SSHPrivateKey ed25519: combined seed||public length ${combined.length} != ${ED25519_SEED_LEN + ED25519_PUBLIC_LEN}`);
+				if (combined.length !== 64) throw new Error(`SSHPrivateKey ed25519: combined seed||public length ${combined.length} != 64`);
 				if (!bytesEqual$1(combined.subarray(ED25519_SEED_LEN), pubBytes)) throw new Error("SSHPrivateKey ed25519: combined-blob public tail does not match public field");
 				data = {
 					kind: "ed25519",
@@ -6316,7 +7272,7 @@ var SSHPrivateKey = class SSHPrivateKey {
 		switch (this.data.kind) {
 			case "ed25519": {
 				w.writeString(this.data.pubBytes);
-				const combined = new Uint8Array(ED25519_SEED_LEN + ED25519_PUBLIC_LEN);
+				const combined = new Uint8Array(64);
 				combined.set(this.data.seed, 0);
 				combined.set(this.data.pubBytes, ED25519_SEED_LEN);
 				w.writeString(combined);
@@ -9476,6 +10432,16 @@ var PrivateKeyBase = class PrivateKeyBase {
 		return EncapsulationPrivateKey.fromX25519PrivateKey(this.x25519PrivateKey());
 	}
 	/**
+	* Decapsulate a shared secret from a ciphertext.
+	*
+	* Implements the `Decrypter` interface so a `PrivateKeyBase` can be used
+	* directly as a recipient key, mirroring Rust `impl Decrypter for
+	* PrivateKeyBase`.
+	*/
+	decapsulateSharedSecret(ciphertext) {
+		return this.encapsulationPrivateKey().decapsulateSharedSecret(ciphertext);
+	}
+	/**
 	* Derive a PrivateKeys container with Ed25519 signing and X25519 agreement keys.
 	*
 	* @returns PrivateKeys containing the derived signing and encapsulation keys
@@ -11014,6 +11980,12 @@ var SigningPublicKey = class SigningPublicKey {
 	*/
 	static fromUntaggedCborData(data) {
 		const cborValue = decodeCbor(data);
+		return SigningPublicKey.fromUntaggedCbor(cborValue);
+	}
+	/**
+	* Static method to decode from untagged CBOR.
+	*/
+	static fromUntaggedCbor(cborValue) {
 		return new SigningPublicKey("Ed25519", void 0, void 0, Ed25519PublicKey.from(new Uint8Array(ED25519_PUBLIC_KEY_SIZE))).fromUntaggedCbor(cborValue);
 	}
 	/**
@@ -11024,7 +11996,7 @@ var SigningPublicKey = class SigningPublicKey {
 	* Returns the UR representation of the signing public key.
 	*/
 	ur() {
-		return UR.new(SigningPublicKey.UR_TYPE, this.taggedCbor());
+		return UR.new(SigningPublicKey.UR_TYPE, this.untaggedCbor());
 	}
 	/**
 	* Returns the UR string representation of the signing public key.
@@ -11037,7 +12009,7 @@ var SigningPublicKey = class SigningPublicKey {
 	*/
 	static fromUR(ur) {
 		ur.checkType(SigningPublicKey.UR_TYPE);
-		return SigningPublicKey.fromTaggedCbor(ur.cbor());
+		return SigningPublicKey.fromUntaggedCbor(ur.cbor());
 	}
 	/**
 	* Creates a SigningPublicKey from a UR string.
@@ -11761,6 +12733,12 @@ var SigningPrivateKey = class SigningPrivateKey {
 	*/
 	static fromUntaggedCborData(data) {
 		const cborValue = decodeCbor(data);
+		return SigningPrivateKey.fromUntaggedCbor(cborValue);
+	}
+	/**
+	* Static method to decode from untagged CBOR.
+	*/
+	static fromUntaggedCbor(cborValue) {
 		return new SigningPrivateKey("Ed25519", void 0, Ed25519PrivateKey.from(new Uint8Array(ED25519_PRIVATE_KEY_SIZE))).fromUntaggedCbor(cborValue);
 	}
 	/**
@@ -11771,7 +12749,7 @@ var SigningPrivateKey = class SigningPrivateKey {
 	* Returns the UR representation of the signing private key.
 	*/
 	ur() {
-		return UR.new(SigningPrivateKey.UR_TYPE, this.taggedCbor());
+		return UR.new(SigningPrivateKey.UR_TYPE, this.untaggedCbor());
 	}
 	/**
 	* Returns the UR string representation of the signing private key.
@@ -11784,7 +12762,7 @@ var SigningPrivateKey = class SigningPrivateKey {
 	*/
 	static fromUR(ur) {
 		ur.checkType(SigningPrivateKey.UR_TYPE);
-		return SigningPrivateKey.fromTaggedCbor(ur.cbor());
+		return SigningPrivateKey.fromUntaggedCbor(ur.cbor());
 	}
 	/**
 	* Creates a SigningPrivateKey from a UR string.
@@ -13932,7 +14910,7 @@ var SSKRShareCbor = class SSKRShareCbor {
 	* Static method to decode from tagged CBOR.
 	*/
 	static fromTaggedCbor(cborValue) {
-		return new SSKRShareCbor(new Uint8Array(METADATA_SIZE_BYTES + 16)).fromTaggedCbor(cborValue);
+		return new SSKRShareCbor(new Uint8Array(21)).fromTaggedCbor(cborValue);
 	}
 	/**
 	* Static method to decode from tagged CBOR binary data.
@@ -13946,7 +14924,7 @@ var SSKRShareCbor = class SSKRShareCbor {
 	*/
 	static fromUntaggedCborData(data) {
 		const cborValue = decodeCbor(data);
-		return new SSKRShareCbor(new Uint8Array(METADATA_SIZE_BYTES + 16)).fromUntaggedCbor(cborValue);
+		return new SSKRShareCbor(new Uint8Array(21)).fromUntaggedCbor(cborValue);
 	}
 };
 /**