@bcts/xid 1.0.0-alpha.10

package/dist/index.d.mts

@@ -0,0 +1,1038 @@
+import { KnownValue } from "@bcts/known-values";
+import { Envelope, EnvelopeEncodable, PrivateKeyBase, PublicKeyBase, Signer } from "@bcts/envelope";
+import { Reference, Salt, XID } from "@bcts/components";
+import { ProvenanceMark, ProvenanceMarkGenerator, ProvenanceMarkResolution } from "@bcts/provenance-mark";
+import { Cbor } from "@bcts/dcbor";
+
+//#region src/error.d.ts
+/**
+ * XID Error Types
+ *
+ * Error types returned when operating on XID Documents.
+ * Ported from bc-xid-rust/src/error.rs
+ */
+declare enum XIDErrorCode {
+  DUPLICATE = "DUPLICATE",
+  NOT_FOUND = "NOT_FOUND",
+  STILL_REFERENCED = "STILL_REFERENCED",
+  EMPTY_VALUE = "EMPTY_VALUE",
+  UNKNOWN_PRIVILEGE = "UNKNOWN_PRIVILEGE",
+  INVALID_XID = "INVALID_XID",
+  MISSING_INCEPTION_KEY = "MISSING_INCEPTION_KEY",
+  INVALID_RESOLUTION_METHOD = "INVALID_RESOLUTION_METHOD",
+  MULTIPLE_PROVENANCE_MARKS = "MULTIPLE_PROVENANCE_MARKS",
+  UNEXPECTED_PREDICATE = "UNEXPECTED_PREDICATE",
+  UNEXPECTED_NESTED_ASSERTIONS = "UNEXPECTED_NESTED_ASSERTIONS",
+  NO_PERMISSIONS = "NO_PERMISSIONS",
+  NO_REFERENCES = "NO_REFERENCES",
+  UNKNOWN_KEY_REFERENCE = "UNKNOWN_KEY_REFERENCE",
+  UNKNOWN_DELEGATE_REFERENCE = "UNKNOWN_DELEGATE_REFERENCE",
+  KEY_NOT_FOUND_IN_DOCUMENT = "KEY_NOT_FOUND_IN_DOCUMENT",
+  DELEGATE_NOT_FOUND_IN_DOCUMENT = "DELEGATE_NOT_FOUND_IN_DOCUMENT",
+  INVALID_PASSWORD = "INVALID_PASSWORD",
+  ENVELOPE_NOT_SIGNED = "ENVELOPE_NOT_SIGNED",
+  SIGNATURE_VERIFICATION_FAILED = "SIGNATURE_VERIFICATION_FAILED",
+  NO_PROVENANCE_MARK = "NO_PROVENANCE_MARK",
+  GENERATOR_CONFLICT = "GENERATOR_CONFLICT",
+  NO_GENERATOR = "NO_GENERATOR",
+  CHAIN_ID_MISMATCH = "CHAIN_ID_MISMATCH",
+  SEQUENCE_MISMATCH = "SEQUENCE_MISMATCH",
+  ENVELOPE_PARSING = "ENVELOPE_PARSING",
+  COMPONENT = "COMPONENT",
+  CBOR = "CBOR",
+  PROVENANCE_MARK = "PROVENANCE_MARK",
+}
+declare class XIDError extends Error {
+  readonly code: XIDErrorCode;
+  readonly cause?: Error;
+  constructor(code: XIDErrorCode, message: string, cause?: Error);
+  /**
+   * Returned when attempting to add a duplicate item.
+   */
+  static duplicate(item: string): XIDError;
+  /**
+   * Returned when an item is not found.
+   */
+  static notFound(item: string): XIDError;
+  /**
+   * Returned when an item is still referenced by other items.
+   */
+  static stillReferenced(item: string): XIDError;
+  /**
+   * Returned when a value is invalid or empty.
+   */
+  static emptyValue(field: string): XIDError;
+  /**
+   * Returned when an unknown privilege is encountered.
+   */
+  static unknownPrivilege(): XIDError;
+  /**
+   * Returned when the XID is invalid.
+   */
+  static invalidXid(): XIDError;
+  /**
+   * Returned when the inception key is missing.
+   */
+  static missingInceptionKey(): XIDError;
+  /**
+   * Returned when the resolution method is invalid.
+   */
+  static invalidResolutionMethod(): XIDError;
+  /**
+   * Returned when multiple provenance marks are found.
+   */
+  static multipleProvenanceMarks(): XIDError;
+  /**
+   * Returned when an unexpected predicate is encountered.
+   */
+  static unexpectedPredicate(predicate: string): XIDError;
+  /**
+   * Returned when unexpected nested assertions are found.
+   */
+  static unexpectedNestedAssertions(): XIDError;
+  /**
+   * Returned when a service has no permissions.
+   */
+  static noPermissions(uri: string): XIDError;
+  /**
+   * Returned when a service has no key or delegate references.
+   */
+  static noReferences(uri: string): XIDError;
+  /**
+   * Returned when an unknown key reference is found in a service.
+   */
+  static unknownKeyReference(reference: string, uri: string): XIDError;
+  /**
+   * Returned when an unknown delegate reference is found in a service.
+   */
+  static unknownDelegateReference(reference: string, uri: string): XIDError;
+  /**
+   * Returned when a key is not found in the XID document.
+   */
+  static keyNotFoundInDocument(key: string): XIDError;
+  /**
+   * Returned when a delegate is not found in the XID document.
+   */
+  static delegateNotFoundInDocument(delegate: string): XIDError;
+  /**
+   * Returned when the password is invalid.
+   */
+  static invalidPassword(): XIDError;
+  /**
+   * Returned when the envelope is not signed.
+   */
+  static envelopeNotSigned(): XIDError;
+  /**
+   * Returned when signature verification fails.
+   */
+  static signatureVerificationFailed(): XIDError;
+  /**
+   * Returned when there is no provenance mark to advance.
+   */
+  static noProvenanceMark(): XIDError;
+  /**
+   * Returned when document already has generator but external generator was provided.
+   */
+  static generatorConflict(): XIDError;
+  /**
+   * Returned when document does not have generator but needs one.
+   */
+  static noGenerator(): XIDError;
+  /**
+   * Returned when generator chain ID doesn't match.
+   */
+  static chainIdMismatch(expected: Uint8Array, actual: Uint8Array): XIDError;
+  /**
+   * Returned when generator sequence doesn't match.
+   */
+  static sequenceMismatch(expected: number, actual: number): XIDError;
+  /**
+   * Envelope parsing error wrapper.
+   */
+  static envelopeParsing(cause?: Error): XIDError;
+  /**
+   * Component error wrapper.
+   */
+  static component(cause?: Error): XIDError;
+  /**
+   * CBOR error wrapper.
+   */
+  static cbor(cause?: Error): XIDError;
+  /**
+   * Provenance mark error wrapper.
+   */
+  static provenanceMark(cause?: Error): XIDError;
+}
+/**
+ * Result type for XID operations.
+ */
+type XIDResult<T> = T;
+//#endregion
+//#region src/privilege.d.ts
+/**
+ * Enum representing XID privileges.
+ */
+declare enum Privilege {
+  /** Allow all applicable XID operations */
+  All = "All",
+  /** Authenticate as the subject (e.g., log into services) */
+  Auth = "Auth",
+  /** Sign digital communications as the subject */
+  Sign = "Sign",
+  /** Encrypt messages from the subject */
+  Encrypt = "Encrypt",
+  /** Elide data under the subject's control */
+  Elide = "Elide",
+  /** Issue or revoke verifiable credentials on the subject's authority */
+  Issue = "Issue",
+  /** Access resources under the subject's control */
+  Access = "Access",
+  /** Delegate privileges to third parties */
+  Delegate = "Delegate",
+  /** Verify (update) the XID document */
+  Verify = "Verify",
+  /** Update service endpoints */
+  Update = "Update",
+  /** Remove the inception key from the XID document */
+  Transfer = "Transfer",
+  /** Add or remove other verifiers (rotate keys) */
+  Elect = "Elect",
+  /** Transition to a new provenance mark chain */
+  Burn = "Burn",
+  /** Revoke the XID entirely */
+  Revoke = "Revoke",
+}
+/**
+ * Convert a Privilege to its corresponding KnownValue.
+ */
+declare function privilegeToKnownValue(privilege: Privilege): KnownValue;
+/**
+ * Convert a KnownValue to its corresponding Privilege.
+ */
+declare function privilegeFromKnownValue(knownValue: KnownValue): Privilege;
+/**
+ * Convert a Privilege to an Envelope.
+ */
+declare function privilegeToEnvelope(privilege: Privilege): Envelope;
+/**
+ * Convert an Envelope to a Privilege.
+ */
+declare function privilegeFromEnvelope(envelope: Envelope): Privilege;
+//#endregion
+//#region src/permissions.d.ts
+/**
+ * Interface for types that have permissions.
+ */
+interface HasPermissions {
+  /**
+   * Get the permissions for this object.
+   */
+  permissions(): Permissions;
+  /**
+   * Get a mutable reference to the permissions.
+   */
+  permissionsMut(): Permissions;
+}
+/**
+ * Helper methods for HasPermissions implementers.
+ */
+declare const HasPermissionsMixin: {
+  /**
+   * Get the set of allowed privileges.
+   */
+  allow(obj: HasPermissions): Set<Privilege>;
+  /**
+   * Get the set of denied privileges.
+   */
+  deny(obj: HasPermissions): Set<Privilege>;
+  /**
+   * Add an allowed privilege.
+   */
+  addAllow(obj: HasPermissions, privilege: Privilege): void;
+  /**
+   * Add a denied privilege.
+   */
+  addDeny(obj: HasPermissions, privilege: Privilege): void;
+  /**
+   * Remove an allowed privilege.
+   */
+  removeAllow(obj: HasPermissions, privilege: Privilege): void;
+  /**
+   * Remove a denied privilege.
+   */
+  removeDeny(obj: HasPermissions, privilege: Privilege): void;
+  /**
+   * Clear all permissions.
+   */
+  clearAllPermissions(obj: HasPermissions): void;
+};
+/**
+ * Represents the permissions granted to a key or delegate.
+ */
+declare class Permissions implements HasPermissions {
+  allow: Set<Privilege>;
+  deny: Set<Privilege>;
+  constructor(allow?: Set<Privilege>, deny?: Set<Privilege>);
+  /**
+   * Create a new empty Permissions object.
+   */
+  static new(): Permissions;
+  /**
+   * Create a new Permissions object that allows all privileges.
+   */
+  static newAllowAll(): Permissions;
+  /**
+   * Add permissions assertions to an envelope.
+   */
+  addToEnvelope(envelope: Envelope): Envelope;
+  /**
+   * Try to extract Permissions from an envelope.
+   */
+  static tryFromEnvelope(envelope: Envelope): Permissions;
+  /**
+   * Add an allowed privilege.
+   */
+  addAllow(privilege: Privilege): void;
+  /**
+   * Add a denied privilege.
+   */
+  addDeny(privilege: Privilege): void;
+  /**
+   * Check if a specific privilege is allowed.
+   */
+  isAllowed(privilege: Privilege): boolean;
+  /**
+   * Check if a specific privilege is denied.
+   */
+  isDenied(privilege: Privilege): boolean;
+  permissions(): Permissions;
+  permissionsMut(): Permissions;
+  /**
+   * Check equality with another Permissions object.
+   */
+  equals(other: Permissions): boolean;
+  /**
+   * Clone this Permissions object.
+   */
+  clone(): Permissions;
+}
+//#endregion
+//#region src/name.d.ts
+/**
+ * XID Name (Nickname) Interface
+ *
+ * Provides the HasNickname interface for objects that can have a nickname.
+ *
+ * Ported from bc-xid-rust/src/name.rs
+ */
+/**
+ * Interface for types that have a nickname.
+ */
+interface HasNickname {
+  /**
+   * Get the nickname for this object.
+   */
+  nickname(): string;
+  /**
+   * Set the nickname for this object.
+   */
+  setNickname(name: string): void;
+}
+/**
+ * Helper methods for HasNickname implementers.
+ */
+declare const HasNicknameMixin: {
+  /**
+   * Add a nickname, throwing if one already exists or is empty.
+   */
+  addNickname(obj: HasNickname, name: string): void;
+};
+//#endregion
+//#region src/shared.d.ts
+/**
+ * Shared Reference Wrapper
+ *
+ * Provides a wrapper for shared references to objects.
+ * In TypeScript, we don't have Arc/RwLock like Rust, but we can provide
+ * a simple wrapper that allows shared access to a value.
+ *
+ * Ported from bc-xid-rust/src/shared.rs
+ */
+/**
+ * A wrapper for shared references to objects.
+ *
+ * Unlike Rust's Arc<RwLock<T>>, JavaScript uses reference semantics for objects,
+ * so this is primarily a type-safe wrapper that makes the sharing explicit.
+ */
+declare class Shared<T> {
+  private readonly value;
+  constructor(value: T);
+  /**
+   * Create a new Shared instance.
+   */
+  static new<T>(value: T): Shared<T>;
+  /**
+   * Get a read-only reference to the value.
+   */
+  read(): T;
+  /**
+   * Get a mutable reference to the value.
+   */
+  write(): T;
+  /**
+   * Check equality with another Shared instance.
+   */
+  equals(other: Shared<T>): boolean;
+  /**
+   * Clone this Shared instance.
+   * Note: This creates a shallow copy in JS; for deep copy, implement on T.
+   */
+  clone(): Shared<T>;
+}
+//#endregion
+//#region src/key.d.ts
+/**
+ * Options for handling private keys in envelopes.
+ */
+declare enum XIDPrivateKeyOptions {
+  /** Omit the private key from the envelope (default). */
+  Omit = "Omit",
+  /** Include the private key in plaintext (with salt for decorrelation). */
+  Include = "Include",
+  /** Include the private key assertion but elide it (maintains digest tree). */
+  Elide = "Elide",
+  /** Include the private key encrypted with a password. */
+  Encrypt = "Encrypt",
+}
+/**
+ * Configuration for encrypting private keys.
+ */
+interface XIDPrivateKeyEncryptConfig {
+  type: XIDPrivateKeyOptions.Encrypt;
+  password: Uint8Array;
+}
+/**
+ * Union type for all private key options.
+ */
+type XIDPrivateKeyOptionsValue = XIDPrivateKeyOptions.Omit | XIDPrivateKeyOptions.Include | XIDPrivateKeyOptions.Elide | XIDPrivateKeyEncryptConfig;
+/**
+ * Private key data that can be either decrypted or encrypted.
+ */
+type PrivateKeyData = {
+  type: "decrypted";
+  privateKeyBase: PrivateKeyBase;
+} | {
+  type: "encrypted";
+  envelope: Envelope;
+};
+/**
+ * Represents a key in an XID document.
+ */
+declare class Key implements HasNickname, HasPermissions, EnvelopeEncodable {
+  private readonly _publicKeyBase;
+  private readonly _privateKeys;
+  private _nickname;
+  private readonly _endpoints;
+  private readonly _permissions;
+  private constructor();
+  /**
+   * Create a new Key with only public keys.
+   */
+  static new(publicKeyBase: PublicKeyBase): Key;
+  /**
+   * Create a new Key with public keys and allow-all permissions.
+   */
+  static newAllowAll(publicKeyBase: PublicKeyBase): Key;
+  /**
+   * Create a new Key with private key base.
+   */
+  static newWithPrivateKeyBase(privateKeyBase: PrivateKeyBase): Key;
+  /**
+   * Get the public key base.
+   */
+  publicKeyBase(): PublicKeyBase;
+  /**
+   * Get the private key base, if available and decrypted.
+   */
+  privateKeyBase(): PrivateKeyBase | undefined;
+  /**
+   * Check if this key has decrypted private keys.
+   */
+  hasPrivateKeys(): boolean;
+  /**
+   * Check if this key has encrypted private keys.
+   */
+  hasEncryptedPrivateKeys(): boolean;
+  /**
+   * Get the salt used for private key decorrelation.
+   */
+  privateKeySalt(): Salt | undefined;
+  /**
+   * Get the reference for this key (based on public key).
+   */
+  reference(): Reference;
+  /**
+   * Get the endpoints set.
+   */
+  endpoints(): Set<string>;
+  /**
+   * Get the endpoints set for mutation.
+   */
+  endpointsMut(): Set<string>;
+  /**
+   * Add an endpoint.
+   */
+  addEndpoint(endpoint: string): void;
+  /**
+   * Add a permission.
+   */
+  addPermission(privilege: Privilege): void;
+  nickname(): string;
+  setNickname(name: string): void;
+  permissions(): Permissions;
+  permissionsMut(): Permissions;
+  /**
+   * Convert to envelope with specified options.
+   */
+  intoEnvelopeOpt(privateKeyOptions?: XIDPrivateKeyOptionsValue): Envelope;
+  intoEnvelope(): Envelope;
+  /**
+   * Try to extract a Key from an envelope, optionally with password for decryption.
+   */
+  static tryFromEnvelope(envelope: Envelope, password?: Uint8Array): Key;
+  /**
+   * Check equality with another Key.
+   */
+  equals(other: Key): boolean;
+  /**
+   * Get a hash key for use in Sets/Maps.
+   */
+  hashKey(): string;
+  /**
+   * Clone this Key.
+   */
+  clone(): Key;
+}
+//#endregion
+//#region src/service.d.ts
+/**
+ * Represents a service endpoint in an XID document.
+ */
+declare class Service implements HasPermissions, EnvelopeEncodable {
+  private readonly _uri;
+  private _keyReferences;
+  private _delegateReferences;
+  private _permissions;
+  private _capability;
+  private _name;
+  constructor(uri: string);
+  /**
+   * Create a new Service with the given URI.
+   */
+  static new(uri: string): Service;
+  /**
+   * Get the service URI.
+   */
+  uri(): string;
+  /**
+   * Get the capability string.
+   */
+  capability(): string;
+  /**
+   * Set the capability string.
+   */
+  setCapability(capability: string): void;
+  /**
+   * Add a capability, throwing if one already exists or is empty.
+   */
+  addCapability(capability: string): void;
+  /**
+   * Get the key references set.
+   */
+  keyReferences(): Set<string>;
+  /**
+   * Get the key references set for mutation.
+   */
+  keyReferencesMut(): Set<string>;
+  /**
+   * Add a key reference by hex string.
+   */
+  addKeyReferenceHex(keyReferenceHex: string): void;
+  /**
+   * Add a key reference.
+   */
+  addKeyReference(keyReference: Reference): void;
+  /**
+   * Get the delegate references set.
+   */
+  delegateReferences(): Set<string>;
+  /**
+   * Get the delegate references set for mutation.
+   */
+  delegateReferencesMut(): Set<string>;
+  /**
+   * Add a delegate reference by hex string.
+   */
+  addDelegateReferenceHex(delegateReferenceHex: string): void;
+  /**
+   * Add a delegate reference.
+   */
+  addDelegateReference(delegateReference: Reference): void;
+  /**
+   * Get the name.
+   */
+  name(): string;
+  /**
+   * Set the name, throwing if one already exists or is empty.
+   */
+  setName(name: string): void;
+  permissions(): Permissions;
+  permissionsMut(): Permissions;
+  /**
+   * Convert to envelope.
+   */
+  intoEnvelope(): Envelope;
+  /**
+   * Try to extract a Service from an envelope.
+   */
+  static tryFromEnvelope(envelope: Envelope): Service;
+  /**
+   * Check equality with another Service (based on URI).
+   */
+  equals(other: Service): boolean;
+  /**
+   * Get a hash key for use in Sets/Maps.
+   */
+  hashKey(): string;
+  /**
+   * Clone this Service.
+   */
+  clone(): Service;
+}
+//#endregion
+//#region src/delegate.d.ts
+/**
+ * Forward declaration interface for XIDDocument to avoid circular dependency.
+ * The actual XIDDocument class implements this interface.
+ */
+interface XIDDocumentType {
+  xid(): XID;
+  intoEnvelope(): Envelope;
+  clone(): XIDDocumentType;
+}
+/**
+ * Register the XIDDocument class to avoid circular dependency issues.
+ * Called by xid-document.ts when it loads.
+ */
+declare function registerXIDDocumentClass(cls: {
+  tryFromEnvelope(envelope: Envelope): XIDDocumentType;
+}): void;
+/**
+ * Represents a delegate in an XID document.
+ */
+declare class Delegate implements HasPermissions, EnvelopeEncodable {
+  private readonly _controller;
+  private readonly _permissions;
+  private constructor();
+  /**
+   * Create a new Delegate with the given controller document.
+   */
+  static new(controller: XIDDocumentType): Delegate;
+  /**
+   * Get the controller document.
+   */
+  controller(): Shared<XIDDocumentType>;
+  /**
+   * Get the XID of the controller.
+   */
+  xid(): XID;
+  /**
+   * Get the reference for this delegate.
+   */
+  reference(): Reference;
+  permissions(): Permissions;
+  permissionsMut(): Permissions;
+  /**
+   * Convert to envelope.
+   */
+  intoEnvelope(): Envelope;
+  /**
+   * Try to extract a Delegate from an envelope.
+   */
+  static tryFromEnvelope(envelope: Envelope): Delegate;
+  /**
+   * Check equality with another Delegate (based on controller XID).
+   */
+  equals(other: Delegate): boolean;
+  /**
+   * Get a hash key for use in Sets/Maps.
+   */
+  hashKey(): string;
+  /**
+   * Clone this Delegate.
+   */
+  clone(): Delegate;
+}
+//#endregion
+//#region src/provenance.d.ts
+/**
+ * Options for handling generators in envelopes.
+ */
+declare enum XIDGeneratorOptions {
+  /** Omit the generator from the envelope (default). */
+  Omit = "Omit",
+  /** Include the generator in plaintext (with salt for decorrelation). */
+  Include = "Include",
+  /** Include the generator assertion but elide it (maintains digest tree). */
+  Elide = "Elide",
+  /** Include the generator encrypted with a password. */
+  Encrypt = "Encrypt",
+}
+/**
+ * Configuration for encrypting generators.
+ */
+interface XIDGeneratorEncryptConfig {
+  type: XIDGeneratorOptions.Encrypt;
+  password: Uint8Array;
+}
+/**
+ * Union type for all generator options.
+ */
+type XIDGeneratorOptionsValue = XIDGeneratorOptions.Omit | XIDGeneratorOptions.Include | XIDGeneratorOptions.Elide | XIDGeneratorEncryptConfig;
+/**
+ * Generator data that can be either decrypted or encrypted.
+ */
+type GeneratorData = {
+  type: "decrypted";
+  generator: ProvenanceMarkGenerator;
+} | {
+  type: "encrypted";
+  envelope: Envelope;
+};
+/**
+ * Represents provenance information in an XID document.
+ */
+declare class Provenance implements EnvelopeEncodable {
+  private _mark;
+  private _generator;
+  private constructor();
+  /**
+   * Create a new Provenance with just a mark.
+   */
+  static new(mark: ProvenanceMark): Provenance;
+  /**
+   * Create a new Provenance with a generator and mark.
+   */
+  static newWithGenerator(generator: ProvenanceMarkGenerator, mark: ProvenanceMark): Provenance;
+  /**
+   * Get the provenance mark.
+   */
+  mark(): ProvenanceMark;
+  /**
+   * Get the generator, if available and decrypted.
+   */
+  generator(): ProvenanceMarkGenerator | undefined;
+  /**
+   * Check if this provenance has a decrypted generator.
+   */
+  hasGenerator(): boolean;
+  /**
+   * Check if this provenance has an encrypted generator.
+   */
+  hasEncryptedGenerator(): boolean;
+  /**
+   * Get the salt used for generator decorrelation.
+   */
+  generatorSalt(): Salt | undefined;
+  /**
+   * Update the provenance mark.
+   */
+  setMark(mark: ProvenanceMark): void;
+  /**
+   * Set or replace the generator.
+   */
+  setGenerator(generator: ProvenanceMarkGenerator): void;
+  /**
+   * Take and remove the generator.
+   */
+  takeGenerator(): {
+    data: GeneratorData;
+    salt: Salt;
+  } | undefined;
+  /**
+   * Get a mutable reference to the generator, decrypting if necessary.
+   */
+  generatorMut(password?: Uint8Array): ProvenanceMarkGenerator | undefined;
+  /**
+   * Convert to envelope with specified options.
+   */
+  intoEnvelopeOpt(generatorOptions?: XIDGeneratorOptionsValue): Envelope;
+  intoEnvelope(): Envelope;
+  /**
+   * Try to extract a Provenance from an envelope, optionally with password for decryption.
+   */
+  static tryFromEnvelope(envelope: Envelope, password?: Uint8Array): Provenance;
+  /**
+   * Check equality with another Provenance.
+   */
+  equals(other: Provenance): boolean;
+  /**
+   * Clone this Provenance.
+   * Note: ProvenanceMark is immutable so we can use the same instance.
+   */
+  clone(): Provenance;
+}
+//#endregion
+//#region src/xid-document.d.ts
+/**
+ * Options for creating the inception key.
+ */
+type XIDInceptionKeyOptions = {
+  type: "default";
+} | {
+  type: "publicKeyBase";
+  publicKeyBase: PublicKeyBase;
+} | {
+  type: "privateKeyBase";
+  privateKeyBase: PrivateKeyBase;
+};
+/**
+ * Options for creating the genesis mark.
+ */
+type XIDGenesisMarkOptions = {
+  type: "none";
+} | {
+  type: "passphrase";
+  passphrase: string;
+  resolution?: ProvenanceMarkResolution;
+  date?: Date;
+  info?: Cbor;
+} | {
+  type: "seed";
+  seed: Uint8Array;
+  resolution?: ProvenanceMarkResolution;
+  date?: Date;
+  info?: Cbor;
+};
+/**
+ * Options for signing an envelope.
+ */
+type XIDSigningOptions = {
+  type: "none";
+} | {
+  type: "inception";
+} | {
+  type: "privateKeyBase";
+  privateKeyBase: PrivateKeyBase;
+};
+/**
+ * Options for verifying the signature on an envelope when loading.
+ */
+declare enum XIDVerifySignature {
+  /** Do not verify the signature (default). */
+  None = "None",
+  /** Verify that the envelope is signed with the inception key. */
+  Inception = "Inception",
+}
+/**
+ * Represents an XID document.
+ */
+declare class XIDDocument implements EnvelopeEncodable {
+  private readonly _xid;
+  private readonly _resolutionMethods;
+  private readonly _keys;
+  private readonly _delegates;
+  private readonly _services;
+  private _provenance;
+  private constructor();
+  /**
+   * Create a new XIDDocument with the given options.
+   */
+  static new(keyOptions?: XIDInceptionKeyOptions, markOptions?: XIDGenesisMarkOptions): XIDDocument;
+  private static inceptionKeyForOptions;
+  private static genesisMarkWithOptions;
+  /**
+   * Create an XIDDocument from just an XID.
+   */
+  static fromXid(xid: XID): XIDDocument;
+  /**
+   * Get the XID.
+   */
+  xid(): XID;
+  /**
+   * Get the resolution methods.
+   */
+  resolutionMethods(): Set<string>;
+  /**
+   * Add a resolution method.
+   */
+  addResolutionMethod(method: string): void;
+  /**
+   * Remove a resolution method.
+   */
+  removeResolutionMethod(method: string): boolean;
+  /**
+   * Get all keys.
+   */
+  keys(): Key[];
+  /**
+   * Add a key.
+   */
+  addKey(key: Key): void;
+  /**
+   * Find a key by its public key base.
+   */
+  findKeyByPublicKeyBase(publicKeyBase: PublicKeyBase): Key | undefined;
+  /**
+   * Find a key by its reference.
+   */
+  findKeyByReference(reference: Reference): Key | undefined;
+  /**
+   * Take and remove a key.
+   */
+  takeKey(publicKeyBase: PublicKeyBase): Key | undefined;
+  /**
+   * Remove a key.
+   */
+  removeKey(publicKeyBase: PublicKeyBase): void;
+  /**
+   * Check if the given public key is the inception signing key.
+   */
+  isInceptionKey(publicKeyBase: PublicKeyBase): boolean;
+  /**
+   * Get the inception key, if it exists in the document.
+   */
+  inceptionKey(): Key | undefined;
+  /**
+   * Get the inception private key base, if available.
+   */
+  inceptionPrivateKeyBase(): PrivateKeyBase | undefined;
+  /**
+   * Remove the inception key from the document.
+   */
+  removeInceptionKey(): Key | undefined;
+  /**
+   * Check if the document is empty (no keys, delegates, services, or provenance).
+   */
+  isEmpty(): boolean;
+  /**
+   * Get all delegates.
+   */
+  delegates(): Delegate[];
+  /**
+   * Add a delegate.
+   */
+  addDelegate(delegate: Delegate): void;
+  /**
+   * Find a delegate by XID.
+   */
+  findDelegateByXid(xid: XID): Delegate | undefined;
+  /**
+   * Find a delegate by reference.
+   */
+  findDelegateByReference(reference: Reference): Delegate | undefined;
+  /**
+   * Take and remove a delegate.
+   */
+  takeDelegate(xid: XID): Delegate | undefined;
+  /**
+   * Remove a delegate.
+   */
+  removeDelegate(xid: XID): void;
+  /**
+   * Get all services.
+   */
+  services(): Service[];
+  /**
+   * Find a service by URI.
+   */
+  findServiceByUri(uri: string): Service | undefined;
+  /**
+   * Add a service.
+   */
+  addService(service: Service): void;
+  /**
+   * Take and remove a service.
+   */
+  takeService(uri: string): Service | undefined;
+  /**
+   * Remove a service.
+   */
+  removeService(uri: string): void;
+  /**
+   * Check service consistency.
+   */
+  checkServicesConsistency(): void;
+  /**
+   * Check consistency of a single service.
+   */
+  checkServiceConsistency(service: Service): void;
+  /**
+   * Check if any service references the given key.
+   */
+  servicesReferenceKey(publicKeyBase: PublicKeyBase): boolean;
+  /**
+   * Check if any service references the given delegate.
+   */
+  servicesReferenceDelegate(xid: XID): boolean;
+  /**
+   * Get the provenance mark.
+   */
+  provenance(): ProvenanceMark | undefined;
+  /**
+   * Get the provenance generator.
+   */
+  provenanceGenerator(): ProvenanceMarkGenerator | undefined;
+  /**
+   * Set the provenance.
+   */
+  setProvenance(provenance: ProvenanceMark | undefined): void;
+  /**
+   * Set provenance with generator.
+   */
+  setProvenanceWithGenerator(generator: ProvenanceMarkGenerator, mark: ProvenanceMark): void;
+  /**
+   * Advance the provenance mark using the embedded generator.
+   */
+  nextProvenanceMarkWithEmbeddedGenerator(password?: Uint8Array, date?: Date, info?: Cbor): void;
+  /**
+   * Advance the provenance mark using a provided generator.
+   */
+  nextProvenanceMarkWithProvidedGenerator(generator: ProvenanceMarkGenerator, date?: Date, info?: Cbor): void;
+  /**
+   * Convert to envelope with options.
+   */
+  toEnvelope(privateKeyOptions?: XIDPrivateKeyOptionsValue, generatorOptions?: XIDGeneratorOptionsValue, signingOptions?: XIDSigningOptions): Envelope;
+  intoEnvelope(): Envelope;
+  /**
+   * Extract an XIDDocument from an envelope.
+   */
+  static fromEnvelope(envelope: Envelope, password?: Uint8Array, verifySignature?: XIDVerifySignature): XIDDocument;
+  private static fromEnvelopeInner;
+  /**
+   * Create a signed envelope.
+   */
+  toSignedEnvelope(signingKey: Signer): Envelope;
+  /**
+   * Get the reference for this document.
+   */
+  reference(): Reference;
+  /**
+   * Check equality with another XIDDocument.
+   */
+  equals(other: XIDDocument): boolean;
+  /**
+   * Clone this XIDDocument.
+   */
+  clone(): XIDDocument;
+  /**
+   * Try to extract from envelope (alias for fromEnvelope with default options).
+   */
+  static tryFromEnvelope(envelope: Envelope): XIDDocument;
+}
+//#endregion
+//#region src/index.d.ts
+declare const VERSION = "1.0.0-alpha.3";
+//#endregion
+export { Delegate, type GeneratorData, type HasNickname, HasNicknameMixin, type HasPermissions, HasPermissionsMixin, Key, Permissions, type PrivateKeyData, Privilege, Provenance, Service, Shared, VERSION, XIDDocument, type XIDDocumentType, XIDError, XIDErrorCode, type XIDGeneratorEncryptConfig, XIDGeneratorOptions, type XIDGeneratorOptionsValue, type XIDGenesisMarkOptions, type XIDInceptionKeyOptions, type XIDPrivateKeyEncryptConfig, XIDPrivateKeyOptions, type XIDPrivateKeyOptionsValue, type XIDResult, type XIDSigningOptions, XIDVerifySignature, privilegeFromEnvelope, privilegeFromKnownValue, privilegeToEnvelope, privilegeToKnownValue, registerXIDDocumentClass };
+//# sourceMappingURL=index.d.mts.map