npm - @bcts/provenance-mark - Versions diffs - 1.0.0-alpha.10 - Mend

@bcts/provenance-mark 1.0.0-alpha.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/LICENSE +48 -0
package/README.md +15 -0
package/dist/index.cjs +1703 -0
package/dist/index.cjs.map +1 -0
package/dist/index.d.cts +711 -0
package/dist/index.d.cts.map +1 -0
package/dist/index.d.mts +711 -0
package/dist/index.d.mts.map +1 -0
package/dist/index.iife.js +1700 -0
package/dist/index.iife.js.map +1 -0
package/dist/index.mjs +1657 -0
package/dist/index.mjs.map +1 -0
package/package.json +78 -0
package/src/crypto-utils.ts +75 -0
package/src/date.ts +216 -0
package/src/error.ts +141 -0
package/src/generator.ts +182 -0
package/src/index.ts +90 -0
package/src/mark-info.ts +126 -0
package/src/mark.ts +597 -0
package/src/resolution.ts +294 -0
package/src/rng-state.ts +68 -0
package/src/seed.ts +98 -0
package/src/utils.ts +103 -0
package/src/validate.ts +449 -0
package/src/xoshiro256starstar.ts +150 -0

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,1657 @@
+import { createRequire } from "node:module";
+import { cbor, cborData, decodeCbor, expectArray, expectBytes, expectUnsigned } from "@bcts/dcbor";
+import { sha256 as sha256$1 } from "@noble/hashes/sha2.js";
+import { hkdf } from "@noble/hashes/hkdf.js";
+import { chacha20 } from "@noble/ciphers/chacha.js";
+import { randomData } from "@bcts/rand";
+import { PROVENANCE_MARK } from "@bcts/tags";
+import { BytewordsStyle, UR, decodeBytewords, encodeBytemojisIdentifier, encodeBytewords, encodeBytewordsIdentifier } from "@bcts/uniform-resources";
+//#region rolldown:runtime
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+//#endregion
+//#region src/error.ts
+/**
+* Error types for Provenance Mark operations.
+*/
+let ProvenanceMarkErrorType = /* @__PURE__ */ function(ProvenanceMarkErrorType$1) {
+	/** Invalid Seed length */
+	ProvenanceMarkErrorType$1["InvalidSeedLength"] = "InvalidSeedLength";
+	/** Duplicate key */
+	ProvenanceMarkErrorType$1["DuplicateKey"] = "DuplicateKey";
+	/** Missing key */
+	ProvenanceMarkErrorType$1["MissingKey"] = "MissingKey";
+	/** Invalid key */
+	ProvenanceMarkErrorType$1["InvalidKey"] = "InvalidKey";
+	/** Extra keys */
+	ProvenanceMarkErrorType$1["ExtraKeys"] = "ExtraKeys";
+	/** Invalid key length for the given resolution */
+	ProvenanceMarkErrorType$1["InvalidKeyLength"] = "InvalidKeyLength";
+	/** Invalid next key length for the given resolution */
+	ProvenanceMarkErrorType$1["InvalidNextKeyLength"] = "InvalidNextKeyLength";
+	/** Invalid chain ID length for the given resolution */
+	ProvenanceMarkErrorType$1["InvalidChainIdLength"] = "InvalidChainIdLength";
+	/** Invalid message length for the given resolution */
+	ProvenanceMarkErrorType$1["InvalidMessageLength"] = "InvalidMessageLength";
+	/** Invalid CBOR data in info field */
+	ProvenanceMarkErrorType$1["InvalidInfoCbor"] = "InvalidInfoCbor";
+	/** Date out of range for serialization */
+	ProvenanceMarkErrorType$1["DateOutOfRange"] = "DateOutOfRange";
+	/** Invalid date components */
+	ProvenanceMarkErrorType$1["InvalidDate"] = "InvalidDate";
+	/** Missing required URL parameter */
+	ProvenanceMarkErrorType$1["MissingUrlParameter"] = "MissingUrlParameter";
+	/** Year out of range for 2-byte serialization */
+	ProvenanceMarkErrorType$1["YearOutOfRange"] = "YearOutOfRange";
+	/** Invalid month or day */
+	ProvenanceMarkErrorType$1["InvalidMonthOrDay"] = "InvalidMonthOrDay";
+	/** Resolution serialization error */
+	ProvenanceMarkErrorType$1["ResolutionError"] = "ResolutionError";
+	/** Bytewords encoding/decoding error */
+	ProvenanceMarkErrorType$1["BytewordsError"] = "BytewordsError";
+	/** CBOR encoding/decoding error */
+	ProvenanceMarkErrorType$1["CborError"] = "CborError";
+	/** URL parsing error */
+	ProvenanceMarkErrorType$1["UrlError"] = "UrlError";
+	/** Base64 decoding error */
+	ProvenanceMarkErrorType$1["Base64Error"] = "Base64Error";
+	/** JSON serialization error */
+	ProvenanceMarkErrorType$1["JsonError"] = "JsonError";
+	/** Integer conversion error */
+	ProvenanceMarkErrorType$1["IntegerConversionError"] = "IntegerConversionError";
+	/** Validation error */
+	ProvenanceMarkErrorType$1["ValidationError"] = "ValidationError";
+	return ProvenanceMarkErrorType$1;
+}({});
+/**
+* Error class for Provenance Mark operations.
+*/
+var ProvenanceMarkError = class ProvenanceMarkError extends Error {
+	type;
+	details;
+	constructor(type, message, details) {
+		const fullMessage = message !== void 0 && message !== "" ? `${type}: ${message}` : ProvenanceMarkError.defaultMessage(type, details);
+		super(fullMessage);
+		this.name = "ProvenanceMarkError";
+		this.type = type;
+		this.details = details;
+	}
+	static defaultMessage(type, details) {
+		const d = (key) => {
+			const value = details?.[key];
+			if (value === void 0 || value === null) return "?";
+			if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") return String(value);
+			return JSON.stringify(value);
+		};
+		switch (type) {
+			case ProvenanceMarkErrorType.InvalidSeedLength: return `invalid seed length: expected 32 bytes, got ${d("actual")} bytes`;
+			case ProvenanceMarkErrorType.DuplicateKey: return `duplicate key: ${d("key")}`;
+			case ProvenanceMarkErrorType.MissingKey: return `missing key: ${d("key")}`;
+			case ProvenanceMarkErrorType.InvalidKey: return `invalid key: ${d("key")}`;
+			case ProvenanceMarkErrorType.ExtraKeys: return `wrong number of keys: expected ${d("expected")}, got ${d("actual")}`;
+			case ProvenanceMarkErrorType.InvalidKeyLength: return `invalid key length: expected ${d("expected")}, got ${d("actual")}`;
+			case ProvenanceMarkErrorType.InvalidNextKeyLength: return `invalid next key length: expected ${d("expected")}, got ${d("actual")}`;
+			case ProvenanceMarkErrorType.InvalidChainIdLength: return `invalid chain ID length: expected ${d("expected")}, got ${d("actual")}`;
+			case ProvenanceMarkErrorType.InvalidMessageLength: return `invalid message length: expected at least ${d("expected")}, got ${d("actual")}`;
+			case ProvenanceMarkErrorType.InvalidInfoCbor: return "invalid CBOR data in info field";
+			case ProvenanceMarkErrorType.DateOutOfRange: return `date out of range: ${d("details")}`;
+			case ProvenanceMarkErrorType.InvalidDate: return `invalid date: ${d("details")}`;
+			case ProvenanceMarkErrorType.MissingUrlParameter: return `missing required URL parameter: ${d("parameter")}`;
+			case ProvenanceMarkErrorType.YearOutOfRange: return `year out of range for 2-byte serialization: must be between 2023-2150, got ${d("year")}`;
+			case ProvenanceMarkErrorType.InvalidMonthOrDay: return `invalid month (${d("month")}) or day (${d("day")}) for year ${d("year")}`;
+			case ProvenanceMarkErrorType.ResolutionError: return `resolution serialization error: ${d("details")}`;
+			case ProvenanceMarkErrorType.BytewordsError: return `bytewords error: ${d("message")}`;
+			case ProvenanceMarkErrorType.CborError: return `CBOR error: ${d("message")}`;
+			case ProvenanceMarkErrorType.UrlError: return `URL parsing error: ${d("message")}`;
+			case ProvenanceMarkErrorType.Base64Error: return `base64 decoding error: ${d("message")}`;
+			case ProvenanceMarkErrorType.JsonError: return `JSON error: ${d("message")}`;
+			case ProvenanceMarkErrorType.IntegerConversionError: return `integer conversion error: ${d("message")}`;
+			case ProvenanceMarkErrorType.ValidationError: return `validation error: ${d("message")}`;
+			default: return type;
+		}
+	}
+};
+//#endregion
+//#region src/date.ts
+/**
+* Reference date for 4-byte and 6-byte serialization (2001-01-01T00:00:00Z).
+*/
+const REFERENCE_DATE = Date.UTC(2001, 0, 1, 0, 0, 0, 0);
+/**
+* Maximum value for 6-byte millisecond representation.
+*/
+const MAX_6_BYTE_VALUE = 0xe5940a78a7ff;
+/**
+* Get the number of days in a month.
+*/
+function daysInMonth(year, month) {
+	return new Date(year, month, 0).getDate();
+}
+/**
+* Check if a day is valid for a given year and month.
+*/
+function isValidDay(year, month, day) {
+	if (day < 1) return false;
+	return day <= daysInMonth(year, month);
+}
+/**
+* Serialize a date to 2 bytes (year + month + day only, day precision).
+* Year range: 2023-2150 (128 years)
+* Format: YYYYYYY MMMM DDDDD (7 bits year offset, 4 bits month, 5 bits day)
+*/
+function serialize2Bytes(date) {
+	const year = date.getUTCFullYear();
+	const month = date.getUTCMonth() + 1;
+	const day = date.getUTCDate();
+	const yy = year - 2023;
+	if (yy < 0 || yy >= 128) throw new ProvenanceMarkError(ProvenanceMarkErrorType.YearOutOfRange, void 0, { year });
+	if (month < 1 || month > 12 || day < 1 || day > 31) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidMonthOrDay, void 0, {
+		year,
+		month,
+		day
+	});
+	const value = yy << 9 | month << 5 | day;
+	const buf = new Uint8Array(2);
+	buf[0] = value >> 8 & 255;
+	buf[1] = value & 255;
+	return buf;
+}
+/**
+* Deserialize 2 bytes to a date.
+*/
+function deserialize2Bytes(bytes) {
+	if (bytes.length !== 2) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidDate, void 0, { details: `expected 2 bytes, got ${bytes.length}` });
+	const value = bytes[0] << 8 | bytes[1];
+	const day = value & 31;
+	const month = value >> 5 & 15;
+	const year = (value >> 9 & 127) + 2023;
+	if (month < 1 || month > 12 || !isValidDay(year, month, day)) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidMonthOrDay, void 0, {
+		year,
+		month,
+		day
+	});
+	return new Date(Date.UTC(year, month - 1, day, 0, 0, 0, 0));
+}
+/**
+* Serialize a date to 4 bytes (seconds since 2001-01-01).
+*/
+function serialize4Bytes(date) {
+	const duration = date.getTime() - REFERENCE_DATE;
+	const seconds = Math.floor(duration / 1e3);
+	if (seconds < 0 || seconds > 4294967295) throw new ProvenanceMarkError(ProvenanceMarkErrorType.DateOutOfRange, void 0, { details: "seconds value out of range for u32" });
+	const buf = new Uint8Array(4);
+	buf[0] = seconds >> 24 & 255;
+	buf[1] = seconds >> 16 & 255;
+	buf[2] = seconds >> 8 & 255;
+	buf[3] = seconds & 255;
+	return buf;
+}
+/**
+* Deserialize 4 bytes to a date.
+*/
+function deserialize4Bytes(bytes) {
+	if (bytes.length !== 4) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidDate, void 0, { details: `expected 4 bytes, got ${bytes.length}` });
+	const seconds = (bytes[0] << 24 | bytes[1] << 16 | bytes[2] << 8 | bytes[3]) >>> 0;
+	return new Date(REFERENCE_DATE + seconds * 1e3);
+}
+/**
+* Serialize a date to 6 bytes (milliseconds since 2001-01-01).
+*/
+function serialize6Bytes(date) {
+	const duration = date.getTime() - REFERENCE_DATE;
+	const milliseconds = BigInt(duration);
+	if (milliseconds < 0n || milliseconds > BigInt(MAX_6_BYTE_VALUE)) throw new ProvenanceMarkError(ProvenanceMarkErrorType.DateOutOfRange, void 0, { details: "date exceeds maximum representable value" });
+	const buf = new Uint8Array(6);
+	buf[0] = Number(milliseconds >> 40n & 255n);
+	buf[1] = Number(milliseconds >> 32n & 255n);
+	buf[2] = Number(milliseconds >> 24n & 255n);
+	buf[3] = Number(milliseconds >> 16n & 255n);
+	buf[4] = Number(milliseconds >> 8n & 255n);
+	buf[5] = Number(milliseconds & 255n);
+	return buf;
+}
+/**
+* Deserialize 6 bytes to a date.
+*/
+function deserialize6Bytes(bytes) {
+	if (bytes.length !== 6) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidDate, void 0, { details: `expected 6 bytes, got ${bytes.length}` });
+	const milliseconds = BigInt(bytes[0]) << 40n | BigInt(bytes[1]) << 32n | BigInt(bytes[2]) << 24n | BigInt(bytes[3]) << 16n | BigInt(bytes[4]) << 8n | BigInt(bytes[5]);
+	if (milliseconds > BigInt(MAX_6_BYTE_VALUE)) throw new ProvenanceMarkError(ProvenanceMarkErrorType.DateOutOfRange, void 0, { details: "date exceeds maximum representable value" });
+	return new Date(REFERENCE_DATE + Number(milliseconds));
+}
+/**
+* Get the range of valid days in a month.
+*/
+function rangeOfDaysInMonth(year, month) {
+	return {
+		min: 1,
+		max: daysInMonth(year, month)
+	};
+}
+/**
+* Format a date as ISO8601 string.
+*/
+function dateToIso8601(date) {
+	return date.toISOString();
+}
+/**
+* Parse an ISO8601 string to a Date.
+*/
+function dateFromIso8601(str) {
+	const date = new Date(str);
+	if (isNaN(date.getTime())) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidDate, void 0, { details: `cannot parse date: ${str}` });
+	return date;
+}
+/**
+* Format a date as a simple date string (YYYY-MM-DD).
+*/
+function dateToDateString(date) {
+	return `${date.getUTCFullYear()}-${(date.getUTCMonth() + 1).toString().padStart(2, "0")}-${date.getUTCDate().toString().padStart(2, "0")}`;
+}
+//#endregion
+//#region src/resolution.ts
+/**
+* Resolution levels for provenance marks.
+* Higher resolution provides more security but larger mark sizes.
+*/
+let ProvenanceMarkResolution = /* @__PURE__ */ function(ProvenanceMarkResolution$1) {
+	ProvenanceMarkResolution$1[ProvenanceMarkResolution$1["Low"] = 0] = "Low";
+	ProvenanceMarkResolution$1[ProvenanceMarkResolution$1["Medium"] = 1] = "Medium";
+	ProvenanceMarkResolution$1[ProvenanceMarkResolution$1["Quartile"] = 2] = "Quartile";
+	ProvenanceMarkResolution$1[ProvenanceMarkResolution$1["High"] = 3] = "High";
+	return ProvenanceMarkResolution$1;
+}({});
+/**
+* Convert a resolution to its numeric value.
+*/
+function resolutionToNumber(res) {
+	return res;
+}
+/**
+* Create a resolution from a numeric value.
+*/
+function resolutionFromNumber(value) {
+	switch (value) {
+		case 0: return ProvenanceMarkResolution.Low;
+		case 1: return ProvenanceMarkResolution.Medium;
+		case 2: return ProvenanceMarkResolution.Quartile;
+		case 3: return ProvenanceMarkResolution.High;
+		default: throw new ProvenanceMarkError(ProvenanceMarkErrorType.ResolutionError, void 0, { details: `invalid provenance mark resolution value: ${value}` });
+	}
+}
+/**
+* Get the link length (key/hash/chainID length) for a resolution.
+*/
+function linkLength(res) {
+	switch (res) {
+		case ProvenanceMarkResolution.Low: return 4;
+		case ProvenanceMarkResolution.Medium: return 8;
+		case ProvenanceMarkResolution.Quartile: return 16;
+		case ProvenanceMarkResolution.High: return 32;
+	}
+}
+/**
+* Get the sequence bytes length for a resolution.
+*/
+function seqBytesLength(res) {
+	switch (res) {
+		case ProvenanceMarkResolution.Low: return 2;
+		case ProvenanceMarkResolution.Medium:
+		case ProvenanceMarkResolution.Quartile:
+		case ProvenanceMarkResolution.High: return 4;
+	}
+}
+/**
+* Get the date bytes length for a resolution.
+*/
+function dateBytesLength(res) {
+	switch (res) {
+		case ProvenanceMarkResolution.Low: return 2;
+		case ProvenanceMarkResolution.Medium: return 4;
+		case ProvenanceMarkResolution.Quartile:
+		case ProvenanceMarkResolution.High: return 6;
+	}
+}
+/**
+* Get the fixed-length portion size for a resolution.
+*/
+function fixedLength(res) {
+	return linkLength(res) * 3 + seqBytesLength(res) + dateBytesLength(res);
+}
+/**
+* Get the key range for a resolution.
+*/
+function keyRange(res) {
+	return {
+		start: 0,
+		end: linkLength(res)
+	};
+}
+/**
+* Get the chain ID range for a resolution.
+*/
+function chainIdRange(res) {
+	return {
+		start: 0,
+		end: linkLength(res)
+	};
+}
+/**
+* Get the hash range for a resolution.
+*/
+function hashRange(res) {
+	const chainIdEnd = chainIdRange(res).end;
+	return {
+		start: chainIdEnd,
+		end: chainIdEnd + linkLength(res)
+	};
+}
+/**
+* Get the sequence bytes range for a resolution.
+*/
+function seqBytesRange(res) {
+	const hashEnd = hashRange(res).end;
+	return {
+		start: hashEnd,
+		end: hashEnd + seqBytesLength(res)
+	};
+}
+/**
+* Get the date bytes range for a resolution.
+*/
+function dateBytesRange(res) {
+	const seqEnd = seqBytesRange(res).end;
+	return {
+		start: seqEnd,
+		end: seqEnd + dateBytesLength(res)
+	};
+}
+/**
+* Get the info range start for a resolution.
+*/
+function infoRangeStart(res) {
+	return dateBytesRange(res).end;
+}
+/**
+* Serialize a Date into bytes based on the resolution.
+*/
+function serializeDate(res, date) {
+	switch (res) {
+		case ProvenanceMarkResolution.Low: return serialize2Bytes(date);
+		case ProvenanceMarkResolution.Medium: return serialize4Bytes(date);
+		case ProvenanceMarkResolution.Quartile:
+		case ProvenanceMarkResolution.High: return serialize6Bytes(date);
+	}
+}
+/**
+* Deserialize bytes into a Date based on the resolution.
+*/
+function deserializeDate(res, data) {
+	switch (res) {
+		case ProvenanceMarkResolution.Low:
+			if (data.length !== 2) throw new ProvenanceMarkError(ProvenanceMarkErrorType.ResolutionError, void 0, { details: `invalid date length: expected 2 bytes, got ${data.length}` });
+			return deserialize2Bytes(data);
+		case ProvenanceMarkResolution.Medium:
+			if (data.length !== 4) throw new ProvenanceMarkError(ProvenanceMarkErrorType.ResolutionError, void 0, { details: `invalid date length: expected 4 bytes, got ${data.length}` });
+			return deserialize4Bytes(data);
+		case ProvenanceMarkResolution.Quartile:
+		case ProvenanceMarkResolution.High:
+			if (data.length !== 6) throw new ProvenanceMarkError(ProvenanceMarkErrorType.ResolutionError, void 0, { details: `invalid date length: expected 6 bytes, got ${data.length}` });
+			return deserialize6Bytes(data);
+	}
+}
+/**
+* Serialize a sequence number into bytes based on the resolution.
+*/
+function serializeSeq(res, seq) {
+	if (seqBytesLength(res) === 2) {
+		if (seq > 65535) throw new ProvenanceMarkError(ProvenanceMarkErrorType.ResolutionError, void 0, { details: `sequence number ${seq} out of range for 2-byte format (max 65535)` });
+		const buf = new Uint8Array(2);
+		buf[0] = seq >> 8 & 255;
+		buf[1] = seq & 255;
+		return buf;
+	} else {
+		const buf = new Uint8Array(4);
+		buf[0] = seq >> 24 & 255;
+		buf[1] = seq >> 16 & 255;
+		buf[2] = seq >> 8 & 255;
+		buf[3] = seq & 255;
+		return buf;
+	}
+}
+/**
+* Deserialize bytes into a sequence number based on the resolution.
+*/
+function deserializeSeq(res, data) {
+	if (seqBytesLength(res) === 2) {
+		if (data.length !== 2) throw new ProvenanceMarkError(ProvenanceMarkErrorType.ResolutionError, void 0, { details: `invalid sequence number length: expected 2 bytes, got ${data.length}` });
+		return data[0] << 8 | data[1];
+	} else {
+		if (data.length !== 4) throw new ProvenanceMarkError(ProvenanceMarkErrorType.ResolutionError, void 0, { details: `invalid sequence number length: expected 4 bytes, got ${data.length}` });
+		return (data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]) >>> 0;
+	}
+}
+/**
+* Get the string representation of a resolution.
+*/
+function resolutionToString(res) {
+	switch (res) {
+		case ProvenanceMarkResolution.Low: return "low";
+		case ProvenanceMarkResolution.Medium: return "medium";
+		case ProvenanceMarkResolution.Quartile: return "quartile";
+		case ProvenanceMarkResolution.High: return "high";
+	}
+}
+/**
+* Convert a resolution to CBOR.
+*/
+function resolutionToCbor(res) {
+	return cbor(res);
+}
+/**
+* Create a resolution from CBOR.
+*/
+function resolutionFromCbor(cborValue) {
+	const value = expectUnsigned(cborValue);
+	return resolutionFromNumber(Number(value));
+}
+//#endregion
+//#region src/crypto-utils.ts
+const SHA256_SIZE = 32;
+/**
+* Compute SHA-256 hash of data.
+*/
+function sha256(data) {
+	return sha256$1(data);
+}
+/**
+* Compute SHA-256 hash and return a prefix of the given length.
+*/
+function sha256Prefix(data, prefix) {
+	return sha256(data).slice(0, prefix);
+}
+/**
+* Extend a key to 32 bytes using HKDF-HMAC-SHA-256.
+*/
+function extendKey(data) {
+	return hkdfHmacSha256(data, new Uint8Array(0), 32);
+}
+/**
+* Compute HKDF-HMAC-SHA-256 for the given key material.
+*/
+function hkdfHmacSha256(keyMaterial, salt, keyLen) {
+	return hkdf(sha256$1, keyMaterial, salt.length > 0 ? salt : void 0, new Uint8Array(0), keyLen);
+}
+/**
+* Obfuscate (or deobfuscate) a message using ChaCha20.
+* The function is symmetric - applying it twice returns the original message.
+*/
+function obfuscate(key, message) {
+	if (message.length === 0) return new Uint8Array(0);
+	const extendedKey = extendKey(key instanceof Uint8Array ? key : new Uint8Array(key));
+	const iv = new Uint8Array(12);
+	for (let i = 0; i < 12; i++) iv[i] = extendedKey[31 - i];
+	return chacha20(extendedKey, iv, message instanceof Uint8Array ? message : new Uint8Array(message));
+}
+//#endregion
+//#region src/xoshiro256starstar.ts
+/**
+* Xoshiro256** PRNG implementation.
+* A fast, high-quality pseudorandom number generator.
+*/
+var Xoshiro256StarStar = class Xoshiro256StarStar {
+	s;
+	constructor(s) {
+		this.s = s;
+	}
+	/**
+	* Get the internal state as an array of 4 u64 values.
+	*/
+	toState() {
+		return [...this.s];
+	}
+	/**
+	* Create a new PRNG from a state array.
+	*/
+	static fromState(state) {
+		return new Xoshiro256StarStar([...state]);
+	}
+	/**
+	* Serialize the state to 32 bytes (little-endian).
+	*/
+	toData() {
+		const data = new Uint8Array(32);
+		for (let i = 0; i < 4; i++) {
+			const val = this.s[i];
+			for (let j = 0; j < 8; j++) data[i * 8 + j] = Number(val >> BigInt(j * 8) & 255n);
+		}
+		return data;
+	}
+	/**
+	* Create a new PRNG from 32 bytes of seed data (little-endian).
+	*/
+	static fromData(data) {
+		if (data.length !== 32) throw new Error(`expected 32 bytes, got ${data.length}`);
+		const s = [
+			0n,
+			0n,
+			0n,
+			0n
+		];
+		for (let i = 0; i < 4; i++) {
+			let val = 0n;
+			for (let j = 0; j < 8; j++) val |= BigInt(data[i * 8 + j]) << BigInt(j * 8);
+			s[i] = val;
+		}
+		return new Xoshiro256StarStar(s);
+	}
+	/**
+	* Generate the next u64 value.
+	*/
+	nextU64() {
+		const result = this.starstarU64(this.s[1]);
+		this.advance();
+		return result;
+	}
+	/**
+	* Generate the next u32 value (upper bits of u64 for better quality).
+	*/
+	nextU32() {
+		return Number(this.nextU64() >> 32n & 4294967295n);
+	}
+	/**
+	* Generate the next byte.
+	*/
+	nextByte() {
+		return Number(this.nextU64() & 255n);
+	}
+	/**
+	* Generate the next n bytes.
+	*/
+	nextBytes(len) {
+		const bytes = new Uint8Array(len);
+		for (let i = 0; i < len; i++) bytes[i] = this.nextByte();
+		return bytes;
+	}
+	/**
+	* Fill a buffer with random bytes.
+	*/
+	fillBytes(dest) {
+		let i = 0;
+		while (i + 8 <= dest.length) {
+			const val = this.nextU64();
+			for (let j = 0; j < 8; j++) dest[i + j] = Number(val >> BigInt(j * 8) & 255n);
+			i += 8;
+		}
+		if (i < dest.length) {
+			const val = this.nextU64();
+			for (let j = 0; i < dest.length; i++, j++) dest[i] = Number(val >> BigInt(j * 8) & 255n);
+		}
+	}
+	/**
+	* The starstar transformation: x * 5, rotate left 7, * 9
+	*/
+	starstarU64(x) {
+		const mask64 = 18446744073709551615n;
+		const mul5 = x * 5n & mask64;
+		return this.rotateLeft64(mul5, 7n) * 9n & mask64;
+	}
+	/**
+	* Rotate a 64-bit value left by n bits.
+	*/
+	rotateLeft64(x, n) {
+		return (x << n | x >> 64n - n) & 18446744073709551615n;
+	}
+	/**
+	* Advance the PRNG state.
+	*/
+	advance() {
+		const t = this.s[1] << 17n & 18446744073709551615n;
+		this.s[2] ^= this.s[0];
+		this.s[3] ^= this.s[1];
+		this.s[1] ^= this.s[2];
+		this.s[0] ^= this.s[3];
+		this.s[2] ^= t;
+		this.s[3] = this.rotateLeft64(this.s[3], 45n);
+	}
+};
+//#endregion
+//#region src/rng-state.ts
+const RNG_STATE_LENGTH = 32;
+/**
+* RNG state for provenance marks (32 bytes).
+*/
+var RngState = class RngState {
+	data;
+	constructor(data) {
+		this.data = data;
+	}
+	/**
+	* Get the raw bytes.
+	*/
+	toBytes() {
+		return new Uint8Array(this.data);
+	}
+	/**
+	* Create from a 32-byte array.
+	*/
+	static fromBytes(bytes) {
+		if (bytes.length !== RNG_STATE_LENGTH) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidSeedLength, void 0, { actual: bytes.length });
+		return new RngState(new Uint8Array(bytes));
+	}
+	/**
+	* Create from a slice (validates length).
+	*/
+	static fromSlice(bytes) {
+		return RngState.fromBytes(bytes);
+	}
+	/**
+	* Get the hex representation.
+	*/
+	hex() {
+		return Array.from(this.data).map((b) => b.toString(16).padStart(2, "0")).join("");
+	}
+	/**
+	* Convert to CBOR (byte string).
+	*/
+	toCbor() {
+		return cbor(this.data);
+	}
+	/**
+	* Create from CBOR (byte string).
+	*/
+	static fromCbor(cborValue) {
+		const bytes = expectBytes(cborValue);
+		return RngState.fromBytes(bytes);
+	}
+};
+//#endregion
+//#region src/seed.ts
+const PROVENANCE_SEED_LENGTH = 32;
+/**
+* A seed for generating provenance marks.
+*/
+var ProvenanceSeed = class ProvenanceSeed {
+	data;
+	constructor(data) {
+		this.data = data;
+	}
+	/**
+	* Create a new random seed using secure random number generation.
+	*/
+	static new() {
+		const data = randomData(PROVENANCE_SEED_LENGTH);
+		return ProvenanceSeed.fromBytes(data);
+	}
+	/**
+	* Create a new seed using custom random data.
+	*/
+	static newUsing(randomData$1) {
+		if (randomData$1.length < PROVENANCE_SEED_LENGTH) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidSeedLength, void 0, { actual: randomData$1.length });
+		return ProvenanceSeed.fromBytes(randomData$1.slice(0, PROVENANCE_SEED_LENGTH));
+	}
+	/**
+	* Create a new seed from a passphrase.
+	*/
+	static newWithPassphrase(passphrase) {
+		const seedData = extendKey(new TextEncoder().encode(passphrase));
+		return ProvenanceSeed.fromBytes(seedData);
+	}
+	/**
+	* Get the raw bytes.
+	*/
+	toBytes() {
+		return new Uint8Array(this.data);
+	}
+	/**
+	* Create from a 32-byte array.
+	*/
+	static fromBytes(bytes) {
+		if (bytes.length !== PROVENANCE_SEED_LENGTH) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidSeedLength, void 0, { actual: bytes.length });
+		return new ProvenanceSeed(new Uint8Array(bytes));
+	}
+	/**
+	* Create from a slice (validates length).
+	*/
+	static fromSlice(bytes) {
+		return ProvenanceSeed.fromBytes(bytes);
+	}
+	/**
+	* Get the hex representation.
+	*/
+	hex() {
+		return Array.from(this.data).map((b) => b.toString(16).padStart(2, "0")).join("");
+	}
+	/**
+	* Convert to CBOR (byte string).
+	*/
+	toCbor() {
+		return cbor(this.data);
+	}
+	/**
+	* Create from CBOR (byte string).
+	*/
+	static fromCbor(cborValue) {
+		const bytes = expectBytes(cborValue);
+		return ProvenanceSeed.fromBytes(bytes);
+	}
+};
+//#endregion
+//#region src/utils.ts
+/**
+* Convert a Uint8Array to a lowercase hexadecimal string.
+*
+* @param data - The byte array to convert
+* @returns A lowercase hex string representation (2 characters per byte)
+*/
+function bytesToHex(data) {
+	return Array.from(data).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+/**
+* Convert a Uint8Array to a base64-encoded string.
+*
+* This function works in both browser and Node.js environments.
+*
+* @param data - The byte array to encode
+* @returns A base64-encoded string
+*/
+function toBase64(data) {
+	const globalBtoa = globalThis.btoa;
+	if (typeof globalBtoa === "function") {
+		let binary = "";
+		for (const byte of data) binary += String.fromCharCode(byte);
+		return globalBtoa(binary);
+	}
+	const requireFn = __require;
+	if (typeof requireFn === "function") {
+		const { Buffer: NodeBuffer } = requireFn("buffer");
+		return NodeBuffer.from(data).toString("base64");
+	}
+	throw new Error("btoa not available and require is not defined");
+}
+/**
+* Convert a base64-encoded string to a Uint8Array.
+*
+* This function works in both browser and Node.js environments.
+*
+* @param base64 - A base64-encoded string
+* @returns The decoded byte array
+*/
+function fromBase64(base64) {
+	const globalAtob = globalThis.atob;
+	if (typeof globalAtob === "function") {
+		const binary = globalAtob(base64);
+		const bytes = new Uint8Array(binary.length);
+		for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+		return bytes;
+	}
+	const requireFn = __require;
+	if (typeof requireFn === "function") {
+		const { Buffer: NodeBuffer } = requireFn("buffer");
+		return new Uint8Array(NodeBuffer.from(base64, "base64"));
+	}
+	throw new Error("atob not available and require is not defined");
+}
+//#endregion
+//#region src/mark.ts
+/**
+* A cryptographically-secured provenance mark.
+*/
+var ProvenanceMark = class ProvenanceMark {
+	_res;
+	_key;
+	_hash;
+	_chainId;
+	_seqBytes;
+	_dateBytes;
+	_infoBytes;
+	_seq;
+	_date;
+	constructor(res, key, hash, chainId, seqBytes, dateBytes, infoBytes, seq, date) {
+		this._res = res;
+		this._key = key;
+		this._hash = hash;
+		this._chainId = chainId;
+		this._seqBytes = seqBytes;
+		this._dateBytes = dateBytes;
+		this._infoBytes = infoBytes;
+		this._seq = seq;
+		this._date = date;
+	}
+	res() {
+		return this._res;
+	}
+	key() {
+		return new Uint8Array(this._key);
+	}
+	hash() {
+		return new Uint8Array(this._hash);
+	}
+	chainId() {
+		return new Uint8Array(this._chainId);
+	}
+	seqBytes() {
+		return new Uint8Array(this._seqBytes);
+	}
+	dateBytes() {
+		return new Uint8Array(this._dateBytes);
+	}
+	seq() {
+		return this._seq;
+	}
+	date() {
+		return this._date;
+	}
+	/**
+	* Get the message (serialized bytes) of this mark.
+	*/
+	message() {
+		const payload = new Uint8Array([
+			...this._chainId,
+			...this._hash,
+			...this._seqBytes,
+			...this._dateBytes,
+			...this._infoBytes
+		]);
+		const obfuscated = obfuscate(this._key, payload);
+		return new Uint8Array([...this._key, ...obfuscated]);
+	}
+	/**
+	* Get the info field as CBOR, if present.
+	*/
+	info() {
+		if (this._infoBytes.length === 0) return;
+		return decodeCbor(this._infoBytes);
+	}
+	/**
+	* Create a new provenance mark.
+	*/
+	static new(res, key, nextKey, chainId, seq, date, info) {
+		const linkLen = linkLength(res);
+		if (key.length !== linkLen) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidKeyLength, void 0, {
+			expected: linkLen,
+			actual: key.length
+		});
+		if (nextKey.length !== linkLen) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidNextKeyLength, void 0, {
+			expected: linkLen,
+			actual: nextKey.length
+		});
+		if (chainId.length !== linkLen) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidChainIdLength, void 0, {
+			expected: linkLen,
+			actual: chainId.length
+		});
+		const dateBytes = serializeDate(res, date);
+		const seqBytes = serializeSeq(res, seq);
+		const normalizedDate = deserializeDate(res, dateBytes);
+		const infoBytes = info !== void 0 ? cborData(info) : new Uint8Array(0);
+		const hash = ProvenanceMark.makeHash(res, key, nextKey, chainId, seqBytes, dateBytes, infoBytes);
+		return new ProvenanceMark(res, new Uint8Array(key), hash, new Uint8Array(chainId), seqBytes, dateBytes, infoBytes, seq, normalizedDate);
+	}
+	/**
+	* Create a provenance mark from a serialized message.
+	*/
+	static fromMessage(res, message) {
+		const minLen = fixedLength(res);
+		if (message.length < minLen) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidMessageLength, void 0, {
+			expected: minLen,
+			actual: message.length
+		});
+		const linkLen = linkLength(res);
+		const keyRng = keyRange(res);
+		const key = message.slice(keyRng.start, keyRng.end);
+		const payload = obfuscate(key, message.slice(linkLen));
+		const chainIdRng = chainIdRange(res);
+		const chainId = payload.slice(chainIdRng.start, chainIdRng.end);
+		const hashRng = hashRange(res);
+		const hash = payload.slice(hashRng.start, hashRng.end);
+		const seqRng = seqBytesRange(res);
+		const seqBytes = payload.slice(seqRng.start, seqRng.end);
+		const seq = deserializeSeq(res, seqBytes);
+		const dateRng = dateBytesRange(res);
+		const dateBytes = payload.slice(dateRng.start, dateRng.end);
+		const date = deserializeDate(res, dateBytes);
+		const infoStart = infoRangeStart(res);
+		const infoBytes = payload.slice(infoStart);
+		if (infoBytes.length > 0) try {
+			decodeCbor(infoBytes);
+		} catch {
+			throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidInfoCbor);
+		}
+		return new ProvenanceMark(res, new Uint8Array(key), new Uint8Array(hash), new Uint8Array(chainId), new Uint8Array(seqBytes), new Uint8Array(dateBytes), new Uint8Array(infoBytes), seq, date);
+	}
+	static makeHash(res, key, nextKey, chainId, seqBytes, dateBytes, infoBytes) {
+		return sha256Prefix(new Uint8Array([
+			...key,
+			...nextKey,
+			...chainId,
+			...seqBytes,
+			...dateBytes,
+			...infoBytes
+		]), linkLength(res));
+	}
+	/**
+	* Get the first four bytes of the hash as a hex string identifier.
+	*/
+	identifier() {
+		return Array.from(this._hash.slice(0, 4)).map((b) => b.toString(16).padStart(2, "0")).join("");
+	}
+	/**
+	* Get the first four bytes of the hash as upper-case ByteWords.
+	*/
+	bytewordsIdentifier(prefix) {
+		const s = encodeBytewordsIdentifier(this._hash.slice(0, 4)).toUpperCase();
+		return prefix ? `\u{1F151} ${s}` : s;
+	}
+	/**
+	* Get the first four bytes of the hash as Bytemoji.
+	*/
+	bytemojiIdentifier(prefix) {
+		const s = encodeBytemojisIdentifier(this._hash.slice(0, 4)).toUpperCase();
+		return prefix ? `\u{1F151} ${s}` : s;
+	}
+	/**
+	* Check if this mark precedes another mark in the chain.
+	*/
+	precedes(next) {
+		try {
+			this.precedesOpt(next);
+			return true;
+		} catch {
+			return false;
+		}
+	}
+	/**
+	* Check if this mark precedes another mark, throwing on validation errors.
+	*/
+	precedesOpt(next) {
+		if (next._seq === 0) throw new ProvenanceMarkError(ProvenanceMarkErrorType.ValidationError, void 0, { message: "non-genesis mark at sequence 0" });
+		if (arraysEqual(next._key, next._chainId)) throw new ProvenanceMarkError(ProvenanceMarkErrorType.ValidationError, void 0, { message: "genesis mark must have key equal to chain_id" });
+		if (this._seq !== next._seq - 1) throw new ProvenanceMarkError(ProvenanceMarkErrorType.ValidationError, void 0, { message: `sequence gap: expected ${this._seq + 1}, got ${next._seq}` });
+		if (this._date > next._date) throw new ProvenanceMarkError(ProvenanceMarkErrorType.ValidationError, void 0, { message: `date ordering: ${this._date.toISOString()} > ${next._date.toISOString()}` });
+		const expectedHash = ProvenanceMark.makeHash(this._res, this._key, next._key, this._chainId, this._seqBytes, this._dateBytes, this._infoBytes);
+		if (!arraysEqual(this._hash, expectedHash)) throw new ProvenanceMarkError(ProvenanceMarkErrorType.ValidationError, void 0, {
+			message: "hash mismatch",
+			expected: Array.from(expectedHash).map((b) => b.toString(16).padStart(2, "0")).join(""),
+			actual: Array.from(this._hash).map((b) => b.toString(16).padStart(2, "0")).join("")
+		});
+	}
+	/**
+	* Check if a sequence of marks is valid.
+	*/
+	static isSequenceValid(marks) {
+		if (marks.length < 2) return false;
+		if (marks[0]._seq === 0 && !marks[0].isGenesis()) return false;
+		for (let i = 0; i < marks.length - 1; i++) if (!marks[i].precedes(marks[i + 1])) return false;
+		return true;
+	}
+	/**
+	* Check if this is a genesis mark (seq 0 and key equals chain_id).
+	*/
+	isGenesis() {
+		return this._seq === 0 && arraysEqual(this._key, this._chainId);
+	}
+	/**
+	* Encode as bytewords with the given style.
+	*/
+	toBytewordsWithStyle(style) {
+		return encodeBytewords(this.message(), style);
+	}
+	/**
+	* Encode as standard bytewords.
+	*/
+	toBytewords() {
+		return this.toBytewordsWithStyle(BytewordsStyle.Standard);
+	}
+	/**
+	* Decode from bytewords.
+	*/
+	static fromBytewords(res, bytewords) {
+		const message = decodeBytewords(bytewords, BytewordsStyle.Standard);
+		return ProvenanceMark.fromMessage(res, message);
+	}
+	/**
+	* Encode for URL (minimal bytewords of CBOR).
+	*/
+	toUrlEncoding() {
+		return encodeBytewords(this.toCborData(), BytewordsStyle.Minimal);
+	}
+	/**
+	* Decode from URL encoding.
+	*/
+	static fromUrlEncoding(urlEncoding) {
+		const cborValue = decodeCbor(decodeBytewords(urlEncoding, BytewordsStyle.Minimal));
+		return ProvenanceMark.fromTaggedCbor(cborValue);
+	}
+	/**
+	* Build a URL with this mark as a query parameter.
+	*/
+	toUrl(base) {
+		const url = new URL(base);
+		url.searchParams.set("provenance", this.toUrlEncoding());
+		return url;
+	}
+	/**
+	* Parse a provenance mark from a URL.
+	*/
+	static fromUrl(url) {
+		const param = url.searchParams.get("provenance");
+		if (param === null || param === "") throw new ProvenanceMarkError(ProvenanceMarkErrorType.MissingUrlParameter, void 0, { parameter: "provenance" });
+		return ProvenanceMark.fromUrlEncoding(param);
+	}
+	/**
+	* Get the untagged CBOR representation.
+	*/
+	untaggedCbor() {
+		return cbor([resolutionToCbor(this._res), cbor(this.message())]);
+	}
+	/**
+	* Get the tagged CBOR representation.
+	*/
+	taggedCbor() {
+		return cbor({
+			tag: PROVENANCE_MARK.value,
+			value: this.untaggedCbor()
+		});
+	}
+	/**
+	* Serialize to CBOR bytes (tagged).
+	*/
+	toCborData() {
+		return cborData(this.taggedCbor());
+	}
+	/**
+	* Create from untagged CBOR.
+	*/
+	static fromUntaggedCbor(cborValue) {
+		const arr = expectArray(cborValue);
+		if (arr.length !== 2) throw new ProvenanceMarkError(ProvenanceMarkErrorType.CborError, void 0, { message: "Invalid provenance mark length" });
+		const res = resolutionFromCbor(arr[0]);
+		const message = expectBytes(arr[1]);
+		return ProvenanceMark.fromMessage(res, message);
+	}
+	/**
+	* Create from tagged CBOR.
+	*/
+	static fromTaggedCbor(cborValue) {
+		const cborObj = cborValue;
+		if (cborObj.tag !== PROVENANCE_MARK.value) throw new ProvenanceMarkError(ProvenanceMarkErrorType.CborError, void 0, { message: `Expected tag ${PROVENANCE_MARK.value}, got ${String(cborObj.tag)}` });
+		if (cborObj.value === void 0) throw new ProvenanceMarkError(ProvenanceMarkErrorType.CborError, void 0, { message: "Tagged CBOR value is missing" });
+		return ProvenanceMark.fromUntaggedCbor(cborObj.value);
+	}
+	/**
+	* Create from CBOR bytes.
+	*/
+	static fromCborData(data) {
+		const cborValue = decodeCbor(data);
+		return ProvenanceMark.fromTaggedCbor(cborValue);
+	}
+	/**
+	* Get the fingerprint (SHA-256 of CBOR data).
+	*/
+	fingerprint() {
+		return sha256(this.toCborData());
+	}
+	/**
+	* Debug string representation.
+	*/
+	toString() {
+		return `ProvenanceMark(${this.identifier()})`;
+	}
+	/**
+	* Detailed debug representation.
+	*/
+	toDebugString() {
+		const components = [
+			`key: ${bytesToHex(this._key)}`,
+			`hash: ${bytesToHex(this._hash)}`,
+			`chainID: ${bytesToHex(this._chainId)}`,
+			`seq: ${this._seq}`,
+			`date: ${this._date.toISOString()}`
+		];
+		const info = this.info();
+		if (info !== void 0) components.push(`info: ${JSON.stringify(info)}`);
+		return `ProvenanceMark(${components.join(", ")})`;
+	}
+	/**
+	* Check equality with another mark.
+	*/
+	equals(other) {
+		return this._res === other._res && arraysEqual(this.message(), other.message());
+	}
+	/**
+	* JSON serialization.
+	*/
+	toJSON() {
+		const result = {
+			res: this._res,
+			key: toBase64(this._key),
+			hash: toBase64(this._hash),
+			chainID: toBase64(this._chainId),
+			seq: this._seq,
+			date: this._date.toISOString()
+		};
+		if (this._infoBytes.length > 0) result["info_bytes"] = toBase64(this._infoBytes);
+		return result;
+	}
+	/**
+	* Create from JSON object.
+	*/
+	static fromJSON(json) {
+		const res = json["res"];
+		const key = fromBase64(json["key"]);
+		const hash = fromBase64(json["hash"]);
+		const chainId = fromBase64(json["chainID"]);
+		const seq = json["seq"];
+		const dateStr = json["date"];
+		const date = new Date(dateStr);
+		const seqBytes = serializeSeq(res, seq);
+		const dateBytes = serializeDate(res, date);
+		let infoBytes = new Uint8Array(0);
+		if (typeof json["info_bytes"] === "string") infoBytes = fromBase64(json["info_bytes"]);
+		return new ProvenanceMark(res, key, hash, chainId, seqBytes, dateBytes, infoBytes, seq, date);
+	}
+};
+/**
+* Helper function to compare two Uint8Arrays.
+*/
+function arraysEqual(a, b) {
+	if (a.length !== b.length) return false;
+	for (let i = 0; i < a.length; i++) if (a[i] !== b[i]) return false;
+	return true;
+}
+//#endregion
+//#region src/generator.ts
+/**
+* Generator for creating provenance mark chains.
+*/
+var ProvenanceMarkGenerator = class ProvenanceMarkGenerator {
+	_res;
+	_seed;
+	_chainId;
+	_nextSeq;
+	_rngState;
+	constructor(res, seed, chainId, nextSeq, rngState) {
+		this._res = res;
+		this._seed = seed;
+		this._chainId = chainId;
+		this._nextSeq = nextSeq;
+		this._rngState = rngState;
+	}
+	res() {
+		return this._res;
+	}
+	seed() {
+		return this._seed;
+	}
+	chainId() {
+		return new Uint8Array(this._chainId);
+	}
+	nextSeq() {
+		return this._nextSeq;
+	}
+	rngState() {
+		return this._rngState;
+	}
+	/**
+	* Create a new generator with a seed.
+	*/
+	static newWithSeed(res, seed) {
+		const digest1 = sha256(seed.toBytes());
+		const chainId = digest1.slice(0, linkLength(res));
+		const digest2 = sha256(digest1);
+		return ProvenanceMarkGenerator.new(res, seed, chainId, 0, RngState.fromBytes(digest2));
+	}
+	/**
+	* Create a new generator with a passphrase.
+	*/
+	static newWithPassphrase(res, passphrase) {
+		const seed = ProvenanceSeed.newWithPassphrase(passphrase);
+		return ProvenanceMarkGenerator.newWithSeed(res, seed);
+	}
+	/**
+	* Create a new generator with custom random data.
+	*/
+	static newUsing(res, randomData$1) {
+		const seed = ProvenanceSeed.newUsing(randomData$1);
+		return ProvenanceMarkGenerator.newWithSeed(res, seed);
+	}
+	/**
+	* Create a new generator with random seed.
+	*/
+	static newRandom(res) {
+		const seed = ProvenanceSeed.new();
+		return ProvenanceMarkGenerator.newWithSeed(res, seed);
+	}
+	/**
+	* Create a new generator with all parameters.
+	*/
+	static new(res, seed, chainId, nextSeq, rngState) {
+		const linkLen = linkLength(res);
+		if (chainId.length !== linkLen) throw new ProvenanceMarkError(ProvenanceMarkErrorType.InvalidChainIdLength, void 0, {
+			expected: linkLen,
+			actual: chainId.length
+		});
+		return new ProvenanceMarkGenerator(res, seed, chainId, nextSeq, rngState);
+	}
+	/**
+	* Generate the next provenance mark in the chain.
+	*/
+	next(date, info) {
+		const data = this._rngState.toBytes();
+		const rng = Xoshiro256StarStar.fromData(data);
+		const seq = this._nextSeq;
+		this._nextSeq += 1;
+		let key;
+		if (seq === 0) key = new Uint8Array(this._chainId);
+		else {
+			key = rng.nextBytes(linkLength(this._res));
+			this._rngState = RngState.fromBytes(rng.toData());
+		}
+		const nextRngData = rng.toData();
+		const nextKey = Xoshiro256StarStar.fromData(nextRngData).nextBytes(linkLength(this._res));
+		return ProvenanceMark.new(this._res, key, nextKey, new Uint8Array(this._chainId), seq, date, info);
+	}
+	/**
+	* String representation.
+	*/
+	toString() {
+		return `ProvenanceMarkGenerator(chainID: ${bytesToHex(this._chainId)}, res: ${this._res}, seed: ${this._seed.hex()}, nextSeq: ${this._nextSeq})`;
+	}
+	/**
+	* JSON serialization.
+	*/
+	toJSON() {
+		return {
+			res: this._res,
+			seed: toBase64(this._seed.toBytes()),
+			chainID: toBase64(this._chainId),
+			nextSeq: this._nextSeq,
+			rngState: toBase64(this._rngState.toBytes())
+		};
+	}
+	/**
+	* Create from JSON object.
+	*/
+	static fromJSON(json) {
+		const res = json["res"];
+		const seed = ProvenanceSeed.fromBytes(fromBase64(json["seed"]));
+		const chainId = fromBase64(json["chainID"]);
+		const nextSeq = json["nextSeq"];
+		const rngState = RngState.fromBytes(fromBase64(json["rngState"]));
+		return ProvenanceMarkGenerator.new(res, seed, chainId, nextSeq, rngState);
+	}
+};
+//#endregion
+//#region src/validate.ts
+/**
+* Format for validation report output.
+*/
+let ValidationReportFormat = /* @__PURE__ */ function(ValidationReportFormat$1) {
+	/** Human-readable text format */
+	ValidationReportFormat$1["Text"] = "text";
+	/** Compact JSON format (no whitespace) */
+	ValidationReportFormat$1["JsonCompact"] = "json-compact";
+	/** Pretty-printed JSON format (with indentation) */
+	ValidationReportFormat$1["JsonPretty"] = "json-pretty";
+	return ValidationReportFormat$1;
+}({});
+/**
+* Format a validation issue as a string.
+*/
+function formatValidationIssue(issue) {
+	switch (issue.type) {
+		case "HashMismatch": return `hash mismatch: expected ${issue.expected}, got ${issue.actual}`;
+		case "KeyMismatch": return "key mismatch: current hash was not generated from next key";
+		case "SequenceGap": return `sequence number gap: expected ${issue.expected}, got ${issue.actual}`;
+		case "DateOrdering": return `date must be equal or later: previous is ${issue.previous}, next is ${issue.next}`;
+		case "NonGenesisAtZero": return "non-genesis mark at sequence 0";
+		case "InvalidGenesisKey": return "genesis mark must have key equal to chain_id";
+	}
+}
+/**
+* Get the chain ID as a hex string for display.
+*/
+function chainIdHex(report) {
+	return hexEncode(report.chainId);
+}
+/**
+* Check if the validation report has any issues.
+*/
+function hasIssues(report) {
+	for (const chain of report.chains) if (!chain.hasGenesis) return true;
+	for (const chain of report.chains) for (const seq of chain.sequences) for (const mark of seq.marks) if (mark.issues.length > 0) return true;
+	if (report.chains.length > 1) return true;
+	if (report.chains.length === 1 && report.chains[0].sequences.length > 1) return true;
+	return false;
+}
+/**
+* Check if the validation report contains interesting information.
+*/
+function isInteresting(report) {
+	if (report.chains.length === 0) return false;
+	for (const chain of report.chains) if (!chain.hasGenesis) return true;
+	if (report.chains.length === 1) {
+		const chain = report.chains[0];
+		if (chain.sequences.length === 1) {
+			if (chain.sequences[0].marks.every((m) => m.issues.length === 0)) return false;
+		}
+	}
+	return true;
+}
+/**
+* Format the validation report as human-readable text.
+*/
+function formatText(report) {
+	if (!isInteresting(report)) return "";
+	const lines = [];
+	lines.push(`Total marks: ${report.marks.length}`);
+	lines.push(`Chains: ${report.chains.length}`);
+	lines.push("");
+	for (let chainIdx = 0; chainIdx < report.chains.length; chainIdx++) {
+		const chain = report.chains[chainIdx];
+		const chainIdStr = chainIdHex(chain);
+		const shortChainId = chainIdStr.length > 8 ? chainIdStr.slice(0, 8) : chainIdStr;
+		lines.push(`Chain ${chainIdx + 1}: ${shortChainId}`);
+		if (!chain.hasGenesis) lines.push("  Warning: No genesis mark found");
+		for (const seq of chain.sequences) for (const flaggedMark of seq.marks) {
+			const mark = flaggedMark.mark;
+			const shortId = mark.identifier();
+			const seqNum = mark.seq();
+			const annotations = [];
+			if (mark.isGenesis()) annotations.push("genesis mark");
+			for (const issue of flaggedMark.issues) {
+				let issueStr;
+				switch (issue.type) {
+					case "SequenceGap":
+						issueStr = `gap: ${issue.expected} missing`;
+						break;
+					case "DateOrdering":
+						issueStr = `date ${issue.previous} < ${issue.next}`;
+						break;
+					case "HashMismatch":
+						issueStr = "hash mismatch";
+						break;
+					case "KeyMismatch":
+						issueStr = "key mismatch";
+						break;
+					case "NonGenesisAtZero":
+						issueStr = "non-genesis at seq 0";
+						break;
+					case "InvalidGenesisKey":
+						issueStr = "invalid genesis key";
+						break;
+				}
+				annotations.push(issueStr);
+			}
+			if (annotations.length === 0) lines.push(`  ${seqNum}: ${shortId}`);
+			else lines.push(`  ${seqNum}: ${shortId} (${annotations.join(", ")})`);
+		}
+		lines.push("");
+	}
+	return lines.join("\n").trimEnd();
+}
+/**
+* Format the validation report.
+*/
+function formatReport(report, format) {
+	switch (format) {
+		case ValidationReportFormat.Text: return formatText(report);
+		case ValidationReportFormat.JsonCompact: return JSON.stringify(reportToJSON(report));
+		case ValidationReportFormat.JsonPretty: return JSON.stringify(reportToJSON(report), null, 2);
+	}
+}
+/**
+* Convert a report to a JSON-serializable object.
+*/
+function reportToJSON(report) {
+	return {
+		marks: report.marks.map((m) => m.toUrlEncoding()),
+		chains: report.chains.map((chain) => ({
+			chain_id: hexEncode(chain.chainId),
+			has_genesis: chain.hasGenesis,
+			marks: chain.marks.map((m) => m.toUrlEncoding()),
+			sequences: chain.sequences.map((seq) => ({
+				start_seq: seq.startSeq,
+				end_seq: seq.endSeq,
+				marks: seq.marks.map((fm) => ({
+					mark: fm.mark.toUrlEncoding(),
+					issues: fm.issues
+				}))
+			}))
+		}))
+	};
+}
+/**
+* Build sequence bins for a chain.
+*/
+function buildSequenceBins(marks) {
+	const sequences = [];
+	let currentSequence = [];
+	for (let i = 0; i < marks.length; i++) {
+		const mark = marks[i];
+		if (i === 0) currentSequence.push({
+			mark,
+			issues: []
+		});
+		else {
+			const prev = marks[i - 1];
+			try {
+				prev.precedesOpt(mark);
+				currentSequence.push({
+					mark,
+					issues: []
+				});
+			} catch (e) {
+				if (currentSequence.length > 0) sequences.push(createSequenceReport(currentSequence));
+				currentSequence = [{
+					mark,
+					issues: [parseValidationError(e, prev, mark)]
+				}];
+			}
+		}
+	}
+	if (currentSequence.length > 0) sequences.push(createSequenceReport(currentSequence));
+	return sequences;
+}
+/**
+* Parse a validation error into a ValidationIssue.
+*/
+function parseValidationError(e, prev, next) {
+	const message = e instanceof Error ? e.message : "";
+	if (message !== "" && message.includes("non-genesis mark at sequence 0")) return { type: "NonGenesisAtZero" };
+	if (message !== "" && message.includes("genesis mark must have key equal to chain_id")) return { type: "InvalidGenesisKey" };
+	if (message !== "" && message.includes("sequence gap")) {
+		const match = /expected (\d+), got (\d+)/.exec(message);
+		if (match !== null) return {
+			type: "SequenceGap",
+			expected: parseInt(match[1], 10),
+			actual: parseInt(match[2], 10)
+		};
+	}
+	if (message !== "" && message.includes("date ordering")) return {
+		type: "DateOrdering",
+		previous: prev.date().toISOString(),
+		next: next.date().toISOString()
+	};
+	if (message !== "" && message.includes("hash mismatch")) {
+		const match = /expected: (\w+), actual: (\w+)/.exec(message);
+		if (match !== null) return {
+			type: "HashMismatch",
+			expected: match[1],
+			actual: match[2]
+		};
+		return {
+			type: "HashMismatch",
+			expected: "",
+			actual: ""
+		};
+	}
+	return { type: "KeyMismatch" };
+}
+/**
+* Create a sequence report from flagged marks.
+*/
+function createSequenceReport(marks) {
+	return {
+		startSeq: marks.length > 0 ? marks[0].mark.seq() : 0,
+		endSeq: marks.length > 0 ? marks[marks.length - 1].mark.seq() : 0,
+		marks
+	};
+}
+/**
+* Validate a collection of provenance marks.
+*/
+function validate(marks) {
+	const seen = /* @__PURE__ */ new Set();
+	const deduplicatedMarks = [];
+	for (const mark of marks) {
+		const key = mark.toUrlEncoding();
+		if (!seen.has(key)) {
+			seen.add(key);
+			deduplicatedMarks.push(mark);
+		}
+	}
+	const chainBins = /* @__PURE__ */ new Map();
+	for (const mark of deduplicatedMarks) {
+		const chainIdKey = hexEncode(mark.chainId());
+		const bin = chainBins.get(chainIdKey);
+		if (bin !== void 0) bin.push(mark);
+		else chainBins.set(chainIdKey, [mark]);
+	}
+	const chains = [];
+	for (const [chainIdKey, chainMarks] of chainBins) {
+		chainMarks.sort((a, b) => a.seq() - b.seq());
+		const hasGenesis = chainMarks.length > 0 && chainMarks[0].seq() === 0 && chainMarks[0].isGenesis();
+		const sequences = buildSequenceBins(chainMarks);
+		chains.push({
+			chainId: hexDecode(chainIdKey),
+			hasGenesis,
+			marks: chainMarks,
+			sequences
+		});
+	}
+	chains.sort((a, b) => hexEncode(a.chainId).localeCompare(hexEncode(b.chainId)));
+	return {
+		marks: deduplicatedMarks,
+		chains
+	};
+}
+/**
+* Helper function to encode bytes as hex.
+*/
+function hexEncode(bytes) {
+	return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+/**
+* Helper function to decode hex to bytes.
+*/
+function hexDecode(hex) {
+	const bytes = new Uint8Array(hex.length / 2);
+	for (let i = 0; i < hex.length; i += 2) bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
+	return bytes;
+}
+//#endregion
+//#region src/mark-info.ts
+/**
+* Wrapper for a provenance mark with additional display information.
+*/
+var ProvenanceMarkInfo = class ProvenanceMarkInfo {
+	_mark;
+	_ur;
+	_bytewords;
+	_bytemoji;
+	_comment;
+	constructor(mark, ur, bytewords, bytemoji, comment) {
+		this._mark = mark;
+		this._ur = ur;
+		this._bytewords = bytewords;
+		this._bytemoji = bytemoji;
+		this._comment = comment;
+	}
+	/**
+	* Create a new ProvenanceMarkInfo from a mark.
+	*/
+	static new(mark, comment = "") {
+		const tagName = PROVENANCE_MARK.name;
+		if (tagName === void 0) throw new Error("PROVENANCE_MARK tag has no name");
+		const cborValue = decodeCbor(mark.toCborData());
+		return new ProvenanceMarkInfo(mark, UR.new(tagName, cborValue), mark.bytewordsIdentifier(true), mark.bytemojiIdentifier(true), comment);
+	}
+	mark() {
+		return this._mark;
+	}
+	ur() {
+		return this._ur;
+	}
+	bytewords() {
+		return this._bytewords;
+	}
+	bytemoji() {
+		return this._bytemoji;
+	}
+	comment() {
+		return this._comment;
+	}
+	/**
+	* Generate a markdown summary of the mark.
+	*/
+	markdownSummary() {
+		const lines = [];
+		lines.push("---");
+		lines.push("");
+		lines.push(this._mark.date().toISOString());
+		lines.push("");
+		lines.push(`#### ${this._ur.toString()}`);
+		lines.push("");
+		lines.push(`#### \`${this._bytewords}\``);
+		lines.push("");
+		lines.push(this._bytemoji);
+		lines.push("");
+		if (this._comment.length > 0) {
+			lines.push(this._comment);
+			lines.push("");
+		}
+		return lines.join("\n");
+	}
+	/**
+	* JSON serialization.
+	*/
+	toJSON() {
+		const result = {
+			ur: this._ur.toString(),
+			bytewords: this._bytewords,
+			bytemoji: this._bytemoji,
+			mark: this._mark.toJSON()
+		};
+		if (this._comment.length > 0) result["comment"] = this._comment;
+		return result;
+	}
+	/**
+	* Create from JSON object.
+	*/
+	static fromJSON(json) {
+		const urString = json["ur"];
+		const ur = UR.fromURString(urString);
+		const cborBytes = cborData(ur.cbor());
+		const mark = ProvenanceMark.fromCborData(cborBytes);
+		const bytewords = json["bytewords"];
+		const bytemoji = json["bytemoji"];
+		return new ProvenanceMarkInfo(mark, ur, bytewords, bytemoji, typeof json["comment"] === "string" ? json["comment"] : "");
+	}
+};
+//#endregion
+export { PROVENANCE_SEED_LENGTH, ProvenanceMark, ProvenanceMarkError, ProvenanceMarkErrorType, ProvenanceMarkGenerator, ProvenanceMarkInfo, ProvenanceMarkResolution, ProvenanceSeed, RNG_STATE_LENGTH, RngState, SHA256_SIZE, ValidationReportFormat, Xoshiro256StarStar, chainIdHex, chainIdRange, dateBytesLength, dateBytesRange, dateFromIso8601, dateToDateString, dateToIso8601, deserialize2Bytes, deserialize4Bytes, deserialize6Bytes, deserializeDate, deserializeSeq, extendKey, fixedLength, formatReport, formatValidationIssue, hasIssues, hashRange, hkdfHmacSha256, infoRangeStart, keyRange, linkLength, obfuscate, rangeOfDaysInMonth, resolutionFromCbor, resolutionFromNumber, resolutionToCbor, resolutionToNumber, resolutionToString, seqBytesLength, seqBytesRange, serialize2Bytes, serialize4Bytes, serialize6Bytes, serializeDate, serializeSeq, sha256, sha256Prefix, validate };
+//# sourceMappingURL=index.mjs.map