@blink-authority-com/claude-code-plugin 1.0.0

package/dist/prompts/debug.js

@@ -0,0 +1,34 @@
+/**
+ * blink-debug MCP prompt.
+ *
+ * Debug a BLINK signing or verification issue.
+ */
+export function getDebugPrompt(args) {
+    const error = args.error || args.issue || '';
+    const code = args.code || '';
+    let text = 'The user is having a BLINK signing/verification issue.\n\n' +
+        `Issue: ${error}\n`;
+    if (code) {
+        text += `\nRelevant code:\n\`\`\`\n${code}\n\`\`\`\n`;
+    }
+    text +=
+        '\nDebugging steps:\n' +
+            '1. If an envelope is provided, use blink_decode_envelope to inspect it\n' +
+            '2. If a P_derive key is available, use blink_verify_local to check the proof chain\n' +
+            '3. Check blink://errors for matching error codes\n' +
+            '4. Identify the root cause and provide a fix\n' +
+            '5. If the issue requires a live BSEC connection, suggest using blink_sign_test or blink_verify_test';
+    return {
+        description: 'Debug a BLINK signing or verification issue',
+        messages: [
+            {
+                role: 'user',
+                content: {
+                    type: 'text',
+                    text,
+                },
+            },
+        ],
+    };
+}
+//# sourceMappingURL=debug.js.map

package/dist/prompts/debug.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"debug.js","sourceRoot":"","sources":["../../src/prompts/debug.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,UAAU,cAAc,CAAC,IAA4B;IAIzD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IAE7B,IAAI,IAAI,GACN,4DAA4D;QAC5D,UAAU,KAAK,IAAI,CAAC;IAEtB,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,IAAI,6BAA6B,IAAI,YAAY,CAAC;IACxD,CAAC;IAED,IAAI;QACF,sBAAsB;YACtB,0EAA0E;YAC1E,sFAAsF;YACtF,oDAAoD;YACpD,gDAAgD;YAChD,qGAAqG,CAAC;IAExG,OAAO;QACL,WAAW,EAAE,6CAA6C;QAC1D,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE;oBACP,IAAI,EAAE,MAAM;oBACZ,IAAI;iBACL;aACF;SACF;KACF,CAAC;AACJ,CAAC"}

package/dist/prompts/integrate.d.ts

@@ -0,0 +1,16 @@
+/**
+ * blink-integrate MCP prompt.
+ *
+ * Guide integration of BLINK signing into an existing project.
+ */
+export declare function getIntegratePrompt(args: Record<string, string>): {
+    description: string;
+    messages: Array<{
+        role: string;
+        content: {
+            type: string;
+            text: string;
+        };
+    }>;
+};
+//# sourceMappingURL=integrate.d.ts.map

package/dist/prompts/integrate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"integrate.d.ts","sourceRoot":"","sources":["../../src/prompts/integrate.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG;IAChE,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAC,CAAC;CAC5E,CAyBA"}

package/dist/prompts/integrate.js

@@ -0,0 +1,30 @@
+/**
+ * blink-integrate MCP prompt.
+ *
+ * Guide integration of BLINK signing into an existing project.
+ */
+export function getIntegratePrompt(args) {
+    const projectType = args.project_type || 'api';
+    const language = args.language || 'typescript';
+    return {
+        description: 'Add BLINK signing to this project',
+        messages: [
+            {
+                role: 'user',
+                content: {
+                    type: 'text',
+                    text: 'The user wants to add BLINK signing to their project.\n\n' +
+                        `Project type: ${projectType}\n` +
+                        `Language: ${language}\n\n` +
+                        'Steps:\n' +
+                        '1. Analyse the existing codebase to understand the architecture\n' +
+                        '2. Identify the best integration points for BLINK signing\n' +
+                        '3. Use blink_add_signing to generate the integration code\n' +
+                        '4. Use blink_lint to validate the result\n' +
+                        '5. Provide a step-by-step integration guide',
+                },
+            },
+        ],
+    };
+}
+//# sourceMappingURL=integrate.js.map

package/dist/prompts/integrate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"integrate.js","sourceRoot":"","sources":["../../src/prompts/integrate.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,UAAU,kBAAkB,CAAC,IAA4B;IAI7D,MAAM,WAAW,GAAG,IAAI,CAAC,YAAY,IAAI,KAAK,CAAC;IAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,YAAY,CAAC;IAE/C,OAAO;QACL,WAAW,EAAE,mCAAmC;QAChD,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE;oBACP,IAAI,EAAE,MAAM;oBACZ,IAAI,EACF,2DAA2D;wBAC3D,iBAAiB,WAAW,IAAI;wBAChC,aAAa,QAAQ,MAAM;wBAC3B,UAAU;wBACV,mEAAmE;wBACnE,6DAA6D;wBAC7D,6DAA6D;wBAC7D,4CAA4C;wBAC5C,6CAA6C;iBAChD;aACF;SACF;KACF,CAAC;AACJ,CAAC"}

package/dist/prompts/review.d.ts

@@ -0,0 +1,16 @@
+/**
+ * blink-review MCP prompt.
+ *
+ * Review code for BLINK integration best practices.
+ */
+export declare function getReviewPrompt(args: Record<string, string>): {
+    description: string;
+    messages: Array<{
+        role: string;
+        content: {
+            type: string;
+            text: string;
+        };
+    }>;
+};
+//# sourceMappingURL=review.d.ts.map

package/dist/prompts/review.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"review.d.ts","sourceRoot":"","sources":["../../src/prompts/review.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG;IAC7D,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAC,CAAC;CAC5E,CAuBA"}

package/dist/prompts/review.js

@@ -0,0 +1,28 @@
+/**
+ * blink-review MCP prompt.
+ *
+ * Review code for BLINK integration best practices.
+ */
+export function getReviewPrompt(args) {
+    const code = args.code || '';
+    return {
+        description: 'Review code for BLINK integration best practices',
+        messages: [
+            {
+                role: 'user',
+                content: {
+                    type: 'text',
+                    text: 'Review the following code for BLINK integration best practices.\n\n' +
+                        'First, use the blink_lint tool to identify issues. Then provide:\n' +
+                        '1. A severity-sorted list of findings\n' +
+                        '2. Specific code fixes for each issue\n' +
+                        '3. An overall quality assessment\n\n' +
+                        'Code to review:\n```\n' +
+                        code +
+                        '\n```',
+                },
+            },
+        ],
+    };
+}
+//# sourceMappingURL=review.js.map

package/dist/prompts/review.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"review.js","sourceRoot":"","sources":["../../src/prompts/review.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,UAAU,eAAe,CAAC,IAA4B;IAI1D,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IAE7B,OAAO;QACL,WAAW,EAAE,kDAAkD;QAC/D,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE;oBACP,IAAI,EAAE,MAAM;oBACZ,IAAI,EACF,qEAAqE;wBACrE,oEAAoE;wBACpE,yCAAyC;wBACzC,yCAAyC;wBACzC,sCAAsC;wBACtC,wBAAwB;wBACxB,IAAI;wBACJ,OAAO;iBACV;aACF;SACF;KACF,CAAC;AACJ,CAAC"}

package/dist/resources/changelog.d.ts

@@ -0,0 +1,22 @@
+/**
+ * blink://changelog MCP resource.
+ *
+ * Recent changes to BLINK SDK, CLI, and BSEC.
+ */
+export declare const CHANGELOG_RESOURCE: {
+    entries: ({
+        date: string;
+        version: string;
+        type: string;
+        description: string;
+        migration: null;
+    } | {
+        date: string;
+        version: string;
+        type: string;
+        description: string;
+        migration: string;
+    })[];
+};
+export declare function getChangelogResource(): string;
+//# sourceMappingURL=changelog.d.ts.map

package/dist/resources/changelog.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"changelog.d.ts","sourceRoot":"","sources":["../../src/resources/changelog.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;CAmD9B,CAAC;AAEF,wBAAgB,oBAAoB,IAAI,MAAM,CAE7C"}

package/dist/resources/changelog.js

@@ -0,0 +1,55 @@
+/**
+ * blink://changelog MCP resource.
+ *
+ * Recent changes to BLINK SDK, CLI, and BSEC.
+ */
+export const CHANGELOG_RESOURCE = {
+    entries: [
+        {
+            date: '2026-03-15',
+            version: '1.2.0',
+            type: 'feature',
+            description: 'Added key hierarchy support. BSEC slots can now be organised in parent-child ' +
+                'relationships with INS (Identity Naming System) paths.',
+            migration: null,
+        },
+        {
+            date: '2026-03-01',
+            version: '1.1.0',
+            type: 'feature',
+            description: 'Session management improvements. BSHB (BLINK Session Heartbeat) now supports ' +
+                'automatic reconnection and configurable session TTL.',
+            migration: null,
+        },
+        {
+            date: '2026-02-15',
+            version: '1.0.1',
+            type: 'fix',
+            description: 'Fixed VRF composite signing edge case where domain_input containing colons ' +
+                'would cause incorrect key derivation.',
+            migration: null,
+        },
+        {
+            date: '2026-02-01',
+            version: '1.0.0',
+            type: 'feature',
+            description: 'Initial release of BLINK Authority SDK and BSEC. Supports Ed25519 and ML-DSA-44 ' +
+                'algorithm suites with ECVRF-based ephemeral key derivation. Full VRF composite ' +
+                'signing, session management, and key hierarchy support.',
+            migration: null,
+        },
+        {
+            date: '2026-01-15',
+            version: '0.9.0',
+            type: 'deprecation',
+            description: 'Deprecated raw signing API. All signing now goes through the VRF composite flow. ' +
+                'Direct signer.signRaw() calls will be removed in v2.0.',
+            migration: 'Replace signer.signRaw(payload) with signer.sign(payload). The new sign() method ' +
+                'automatically handles VRF key derivation and envelope construction.',
+        },
+    ],
+};
+export function getChangelogResource() {
+    return JSON.stringify(CHANGELOG_RESOURCE, null, 2);
+}
+//# sourceMappingURL=changelog.js.map

package/dist/resources/changelog.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"changelog.js","sourceRoot":"","sources":["../../src/resources/changelog.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,OAAO,EAAE;QACP;YACE,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,OAAO;YAChB,IAAI,EAAE,SAAS;YACf,WAAW,EACT,+EAA+E;gBAC/E,wDAAwD;YAC1D,SAAS,EAAE,IAAI;SAChB;QACD;YACE,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,OAAO;YAChB,IAAI,EAAE,SAAS;YACf,WAAW,EACT,+EAA+E;gBAC/E,sDAAsD;YACxD,SAAS,EAAE,IAAI;SAChB;QACD;YACE,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,OAAO;YAChB,IAAI,EAAE,KAAK;YACX,WAAW,EACT,6EAA6E;gBAC7E,uCAAuC;YACzC,SAAS,EAAE,IAAI;SAChB;QACD;YACE,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,OAAO;YAChB,IAAI,EAAE,SAAS;YACf,WAAW,EACT,kFAAkF;gBAClF,iFAAiF;gBACjF,yDAAyD;YAC3D,SAAS,EAAE,IAAI;SAChB;QACD;YACE,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,OAAO;YAChB,IAAI,EAAE,aAAa;YACnB,WAAW,EACT,mFAAmF;gBACnF,wDAAwD;YAC1D,SAAS,EACP,mFAAmF;gBACnF,qEAAqE;SACxE;KACF;CACF,CAAC;AAEF,MAAM,UAAU,oBAAoB;IAClC,OAAO,IAAI,CAAC,SAAS,CAAC,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACrD,CAAC"}

package/dist/resources/errors.d.ts

@@ -0,0 +1,16 @@
+/**
+ * blink://errors MCP resource.
+ *
+ * Common BLINK/BSEC error codes with causes and fixes.
+ */
+export declare const ERRORS_RESOURCE: {
+    errors: {
+        code: string;
+        message: string;
+        cause: string;
+        fix: string;
+        related_docs: string[];
+    }[];
+};
+export declare function getErrorsResource(): string;
+//# sourceMappingURL=errors.d.ts.map

package/dist/resources/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/resources/errors.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,eAAO,MAAM,eAAe;;;;;;;;CA+G3B,CAAC;AAEF,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C"}

package/dist/resources/errors.js

@@ -0,0 +1,103 @@
+/**
+ * blink://errors MCP resource.
+ *
+ * Common BLINK/BSEC error codes with causes and fixes.
+ */
+export const ERRORS_RESOURCE = {
+    errors: [
+        {
+            code: 'BSEC_CONNECTION_REFUSED',
+            message: 'Connection refused when connecting to BSEC',
+            cause: 'The BSEC instance is not running, the URL is wrong, or a firewall is blocking the connection.',
+            fix: '1. Verify the BSEC URL is correct (check BSEC_URL env var)\n' +
+                '2. Ensure the BSEC process is running: systemctl status bsec\n' +
+                '3. Check firewall rules allow traffic on the BSEC port (default 9443)\n' +
+                '4. For Docker: ensure the container is running and ports are mapped',
+            related_docs: ['getting-started', 'bsec-deployment'],
+        },
+        {
+            code: 'BSEC_AUTH_FAILED',
+            message: 'Authentication failed — invalid or expired token',
+            cause: 'The BSEC token is invalid, expired, or does not have permission for the requested operation.',
+            fix: '1. Regenerate the BSEC token: blink config set-token\n' +
+                '2. Check token expiry: blink config show | grep token_expires\n' +
+                '3. Verify the token has the correct scope for the operation',
+            related_docs: ['authentication', 'sessions'],
+        },
+        {
+            code: 'BSEC_TIMEOUT',
+            message: 'Request to BSEC timed out',
+            cause: 'The BSEC instance is overloaded, or the network connection is slow.',
+            fix: '1. Check BSEC health: curl https://<bsec-url>/health\n' +
+                '2. Monitor BSEC metrics for high load\n' +
+                '3. Increase timeout in client config\n' +
+                '4. Consider scaling BSEC horizontally for high-throughput workloads',
+            related_docs: ['bsec-operations', 'scaling'],
+        },
+        {
+            code: 'INVALID_SLOT',
+            message: 'Requested slot does not exist',
+            cause: 'The BSEC slot name provided does not match any configured slot on the BSEC instance.',
+            fix: '1. List available slots: blink keygen --list\n' +
+                '2. Create the slot: blink keygen --ins <name> --algorithm <algo>\n' +
+                '3. Check for typos in the slot name',
+            related_docs: ['key-management', 'identity'],
+        },
+        {
+            code: 'ALGORITHM_MISMATCH',
+            message: 'Algorithm suite does not match the slot configuration',
+            cause: 'The algorithm specified in BlinkSigner.connect() does not match the algorithm ' +
+                'configured for the BSEC slot.',
+            fix: '1. Check the slot algorithm: blink inspect --slot <name>\n' +
+                '2. Update the AlgoSuiteId in your connect() call to match\n' +
+                '3. Or create a new slot with the desired algorithm',
+            related_docs: ['signing', 'key-management'],
+        },
+        {
+            code: 'SESSION_EXPIRED',
+            message: 'BSEC session has expired',
+            cause: 'The BSEC session (BSHB heartbeat session) has timed out. Sessions expire after ' +
+                'a configurable period of inactivity.',
+            fix: '1. Reconnect: await signer.reconnect()\n' +
+                '2. Implement automatic reconnection in your error handler\n' +
+                '3. Use the signWithRetry pattern from blink://patterns\n' +
+                '4. Adjust session TTL in BSEC config if timeouts are too aggressive',
+            related_docs: ['sessions', 'bsec-configuration'],
+        },
+        {
+            code: 'ENVELOPE_INVALID',
+            message: 'Malformed envelope — cannot parse',
+            cause: 'The envelope is not valid base64, not valid JSON after decoding, or is missing required fields.',
+            fix: '1. Use blink_decode_envelope to inspect the raw envelope\n' +
+                '2. Ensure the envelope is base64-encoded (not hex)\n' +
+                '3. Check that all required fields are present: signature, ephemeral_public_key, ' +
+                'vrf_proof, p_derive, domain_input, timestamp, algorithm, payload_hash',
+            related_docs: ['verification', 'envelope-format'],
+        },
+        {
+            code: 'VRF_PROOF_INVALID',
+            message: 'VRF proof does not verify',
+            cause: 'The ECVRF proof in the envelope does not verify against the P_derive key and domain input. ' +
+                'This could indicate a tampered envelope or a key derivation error.',
+            fix: '1. Use blink_verify_local to check envelope format\n' +
+                '2. Use blink_decode_envelope to inspect field values\n' +
+                '3. Verify you are using the correct P_derive key\n' +
+                '4. Check that the envelope has not been modified after signing',
+            related_docs: ['verification', 'vrf', 'key-derivation'],
+        },
+        {
+            code: 'ALGORITHM_UNSUPPORTED',
+            message: 'Requested algorithm is not available on this BSEC instance',
+            cause: 'The BSEC instance does not support the requested algorithm suite. ' +
+                'ML-DSA-44 requires BSEC v2.0+ with post-quantum support enabled.',
+            fix: '1. Check BSEC version: curl https://<bsec-url>/health | jq .version\n' +
+                '2. For ML-DSA-44: upgrade to BSEC v2.0+ and enable PQ support\n' +
+                '3. Fall back to Ed25519 if PQ is not required',
+            related_docs: ['algorithms', 'bsec-deployment'],
+        },
+    ],
+};
+export function getErrorsResource() {
+    return JSON.stringify(ERRORS_RESOURCE, null, 2);
+}
+//# sourceMappingURL=errors.js.map

package/dist/resources/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/resources/errors.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,MAAM,EAAE;QACN;YACE,IAAI,EAAE,yBAAyB;YAC/B,OAAO,EAAE,4CAA4C;YACrD,KAAK,EACH,+FAA+F;YACjG,GAAG,EACD,8DAA8D;gBAC9D,gEAAgE;gBAChE,yEAAyE;gBACzE,qEAAqE;YACvE,YAAY,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;SACrD;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,OAAO,EAAE,kDAAkD;YAC3D,KAAK,EACH,8FAA8F;YAChG,GAAG,EACD,wDAAwD;gBACxD,iEAAiE;gBACjE,6DAA6D;YAC/D,YAAY,EAAE,CAAC,gBAAgB,EAAE,UAAU,CAAC;SAC7C;QACD;YACE,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,2BAA2B;YACpC,KAAK,EACH,qEAAqE;YACvE,GAAG,EACD,wDAAwD;gBACxD,yCAAyC;gBACzC,wCAAwC;gBACxC,qEAAqE;YACvE,YAAY,EAAE,CAAC,iBAAiB,EAAE,SAAS,CAAC;SAC7C;QACD;YACE,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,+BAA+B;YACxC,KAAK,EACH,sFAAsF;YACxF,GAAG,EACD,gDAAgD;gBAChD,oEAAoE;gBACpE,qCAAqC;YACvC,YAAY,EAAE,CAAC,gBAAgB,EAAE,UAAU,CAAC;SAC7C;QACD;YACE,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,uDAAuD;YAChE,KAAK,EACH,gFAAgF;gBAChF,+BAA+B;YACjC,GAAG,EACD,4DAA4D;gBAC5D,6DAA6D;gBAC7D,oDAAoD;YACtD,YAAY,EAAE,CAAC,SAAS,EAAE,gBAAgB,CAAC;SAC5C;QACD;YACE,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,0BAA0B;YACnC,KAAK,EACH,iFAAiF;gBACjF,sCAAsC;YACxC,GAAG,EACD,0CAA0C;gBAC1C,6DAA6D;gBAC7D,0DAA0D;gBAC1D,qEAAqE;YACvE,YAAY,EAAE,CAAC,UAAU,EAAE,oBAAoB,CAAC;SACjD;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,OAAO,EAAE,mCAAmC;YAC5C,KAAK,EACH,iGAAiG;YACnG,GAAG,EACD,4DAA4D;gBAC5D,sDAAsD;gBACtD,kFAAkF;gBAClF,uEAAuE;YACzE,YAAY,EAAE,CAAC,cAAc,EAAE,iBAAiB,CAAC;SAClD;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,OAAO,EAAE,2BAA2B;YACpC,KAAK,EACH,6FAA6F;gBAC7F,oEAAoE;YACtE,GAAG,EACD,sDAAsD;gBACtD,wDAAwD;gBACxD,oDAAoD;gBACpD,gEAAgE;YAClE,YAAY,EAAE,CAAC,cAAc,EAAE,KAAK,EAAE,gBAAgB,CAAC;SACxD;QACD;YACE,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EAAE,4DAA4D;YACrE,KAAK,EACH,oEAAoE;gBACpE,kEAAkE;YACpE,GAAG,EACD,uEAAuE;gBACvE,iEAAiE;gBACjE,+CAA+C;YACjD,YAAY,EAAE,CAAC,YAAY,EAAE,iBAAiB,CAAC;SAChD;KACF;CACF,CAAC;AAEF,MAAM,UAAU,iBAAiB;IAC/B,OAAO,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC"}

package/dist/resources/patterns.d.ts

@@ -0,0 +1,16 @@
+/**
+ * blink://patterns MCP resource.
+ *
+ * Common BLINK integration patterns for reference when writing code.
+ */
+export declare const PATTERNS_RESOURCE: {
+    patterns: {
+        name: string;
+        description: string;
+        code: string;
+        when_to_use: string;
+        related_tools: string[];
+    }[];
+};
+export declare function getPatternsResource(): string;
+//# sourceMappingURL=patterns.d.ts.map

package/dist/resources/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/resources/patterns.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,eAAO,MAAM,iBAAiB;;;;;;;;CAyJ7B,CAAC;AAEF,wBAAgB,mBAAmB,IAAI,MAAM,CAE5C"}

package/dist/resources/patterns.js

@@ -0,0 +1,151 @@
+/**
+ * blink://patterns MCP resource.
+ *
+ * Common BLINK integration patterns for reference when writing code.
+ */
+export const PATTERNS_RESOURCE = {
+    patterns: [
+        {
+            name: 'Express Middleware Signing',
+            description: 'Sign every JSON response with BLINK. Adds X-Blink-Signature header containing ' +
+                'the base64-encoded envelope.',
+            code: `import { BlinkSigner, AlgoSuiteId } from '@blink-technology/sdk';
+import express from 'express';
+
+const app = express();
+const signer = await BlinkSigner.connect(
+  process.env.BSEC_URL!,
+  process.env.BSEC_TOKEN!,
+  AlgoSuiteId.Ed25519,
+);
+
+// Signing middleware — runs after route handlers
+app.use(async (req, res, next) => {
+  const originalJson = res.json.bind(res);
+  res.json = (body: unknown) => {
+    const payload = JSON.stringify(body);
+    signer.sign(Buffer.from(payload)).then((envelope) => {
+      res.setHeader('X-Blink-Signature', envelope.toString('base64'));
+      originalJson(body);
+    }).catch(next);
+    return res;
+  };
+  next();
+});`,
+            when_to_use: 'When building an API where every response needs a verifiable signature. ' +
+                'Ideal for financial APIs, compliance endpoints, or any API requiring non-repudiation.',
+            related_tools: ['blink_add_signing', 'blink_scaffold'],
+        },
+        {
+            name: 'Graceful Shutdown',
+            description: 'Properly close the BSEC connection when the process exits to avoid resource leaks.',
+            code: `const signer = await BlinkSigner.connect(url, token, AlgoSuiteId.Ed25519);
+
+async function shutdown(signal: string) {
+  console.log(\`Received \${signal}, closing BSEC connection...\`);
+  await signer.close();
+  process.exit(0);
+}
+
+process.on('SIGINT', () => shutdown('SIGINT'));
+process.on('SIGTERM', () => shutdown('SIGTERM'));`,
+            when_to_use: 'Always. Every application that creates a BlinkSigner connection should handle ' +
+                'graceful shutdown. The blink_lint tool flags missing shutdown handlers as errors.',
+            related_tools: ['blink_lint', 'blink_scaffold'],
+        },
+        {
+            name: 'VRF Public Key Caching',
+            description: 'Fetch the VRF public key once at startup and reuse it, avoiding repeated BSEC round-trips.',
+            code: `const signer = await BlinkSigner.connect(url, token, AlgoSuiteId.Ed25519);
+
+// Cache at startup
+const vrfPublicKey = await signer.vrfPublicKey();
+console.log('VRF public key cached:', vrfPublicKey.toString('base64'));
+
+// Use cached key in handlers
+app.get('/public-key', (req, res) => {
+  res.json({ vrf_public_key: vrfPublicKey.toString('base64') });
+});`,
+            when_to_use: 'When you need to expose or use the VRF public key in request handlers. ' +
+                'Calling vrfPublicKey() per-request wastes BSEC round-trips.',
+            related_tools: ['blink_lint'],
+        },
+        {
+            name: 'Error Handling Around sign()',
+            description: 'Proper error handling for BLINK signing operations with retry logic.',
+            code: `async function signWithRetry(
+  signer: BlinkSigner,
+  payload: Buffer,
+  maxRetries = 3,
+): Promise<Buffer> {
+  for (let attempt = 1; attempt <= maxRetries; attempt++) {
+    try {
+      return await signer.sign(payload);
+    } catch (err: unknown) {
+      const message = err instanceof Error ? err.message : String(err);
+      if (attempt === maxRetries) throw err;
+      if (message.includes('SESSION_EXPIRED')) {
+        // Session expired — reconnect
+        await signer.reconnect();
+      }
+      // Exponential backoff
+      await new Promise((r) => setTimeout(r, Math.pow(2, attempt) * 100));
+    }
+  }
+  throw new Error('Sign failed after max retries');
+}`,
+            when_to_use: 'Whenever calling signer.sign(). Network failures, session expiry, and BSEC ' +
+                'overload can all cause transient errors that are recoverable with retry.',
+            related_tools: ['blink_lint', 'blink_add_signing'],
+        },
+        {
+            name: 'Hash-Then-Sign',
+            description: 'Hash large documents before signing. BLINK signs the hash, not the raw payload.',
+            code: `import { createHash } from 'node:crypto';
+
+async function signDocument(signer: BlinkSigner, document: Buffer): Promise<{
+  hash: string;
+  envelope: string;
+}> {
+  const hash = createHash('sha256').update(document).digest();
+  const envelope = await signer.sign(hash);
+  return {
+    hash: hash.toString('hex'),
+    envelope: envelope.toString('base64'),
+  };
+}`,
+            when_to_use: 'When signing large documents, files, or binary data. Always hash first — ' +
+                'BLINK is designed for hash-then-sign, not raw payload signing.',
+            related_tools: ['blink_add_signing'],
+        },
+        {
+            name: 'Multi-Algorithm (Ed25519 + ML-DSA-44)',
+            description: 'Use two signers in parallel for dual-algorithm signing (classical + post-quantum).',
+            code: `import { BlinkSigner, AlgoSuiteId } from '@blink-technology/sdk';
+
+const ed25519Signer = await BlinkSigner.connect(url, token, AlgoSuiteId.Ed25519);
+const mldsaSigner = await BlinkSigner.connect(url, token, AlgoSuiteId.MlDsa44);
+
+async function dualSign(payload: Buffer): Promise<{
+  ed25519_envelope: string;
+  mldsa44_envelope: string;
+}> {
+  const [ed25519, mldsa44] = await Promise.all([
+    ed25519Signer.sign(payload),
+    mldsaSigner.sign(payload),
+  ]);
+  return {
+    ed25519_envelope: ed25519.toString('base64'),
+    mldsa44_envelope: mldsa44.toString('base64'),
+  };
+}`,
+            when_to_use: 'When you need both classical and post-quantum signatures for transition period ' +
+                'compliance, or when different verifiers support different algorithms.',
+            related_tools: ['blink_scaffold', 'blink_hierarchy_design'],
+        },
+    ],
+};
+export function getPatternsResource() {
+    return JSON.stringify(PATTERNS_RESOURCE, null, 2);
+}
+//# sourceMappingURL=patterns.js.map

package/dist/resources/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/resources/patterns.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,QAAQ,EAAE;QACR;YACE,IAAI,EAAE,4BAA4B;YAClC,WAAW,EACT,gFAAgF;gBAChF,8BAA8B;YAChC,IAAI,EAAE;;;;;;;;;;;;;;;;;;;;;;IAsBR;YACE,WAAW,EACT,0EAA0E;gBAC1E,uFAAuF;YACzF,aAAa,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;SACvD;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,WAAW,EACT,oFAAoF;YACtF,IAAI,EAAE;;;;;;;;;kDASsC;YAC5C,WAAW,EACT,gFAAgF;gBAChF,mFAAmF;YACrF,aAAa,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;SAChD;QACD;YACE,IAAI,EAAE,wBAAwB;YAC9B,WAAW,EACT,4FAA4F;YAC9F,IAAI,EAAE;;;;;;;;;IASR;YACE,WAAW,EACT,yEAAyE;gBACzE,6DAA6D;YAC/D,aAAa,EAAE,CAAC,YAAY,CAAC;SAC9B;QACD;YACE,IAAI,EAAE,8BAA8B;YACpC,WAAW,EACT,sEAAsE;YACxE,IAAI,EAAE;;;;;;;;;;;;;;;;;;;;EAoBV;YACI,WAAW,EACT,6EAA6E;gBAC7E,0EAA0E;YAC5E,aAAa,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;SACnD;QACD;YACE,IAAI,EAAE,gBAAgB;YACtB,WAAW,EACT,iFAAiF;YACnF,IAAI,EAAE;;;;;;;;;;;;EAYV;YACI,WAAW,EACT,2EAA2E;gBAC3E,gEAAgE;YAClE,aAAa,EAAE,CAAC,mBAAmB,CAAC;SACrC;QACD;YACE,IAAI,EAAE,uCAAuC;YAC7C,WAAW,EACT,oFAAoF;YACtF,IAAI,EAAE;;;;;;;;;;;;;;;;;EAiBV;YACI,WAAW,EACT,iFAAiF;gBACjF,uEAAuE;YACzE,aAAa,EAAE,CAAC,gBAAgB,EAAE,wBAAwB,CAAC;SAC5D;KACF;CACF,CAAC;AAEF,MAAM,UAAU,mBAAmB;IACjC,OAAO,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACpD,CAAC"}

package/dist/templates/approval-workflow.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Approval workflow scaffold template.
+ * Generates an M-of-N signing workflow with BLINK signatures.
+ */
+export declare function generateApprovalWorkflow(name: string, features: string[]): Record<string, string>;
+//# sourceMappingURL=approval-workflow.d.ts.map

package/dist/templates/approval-workflow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval-workflow.d.ts","sourceRoot":"","sources":["../../src/templates/approval-workflow.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAAE,GACjB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CA+dxB"}