@blink-authority-com/claude-code-plugin 1.0.0

package/dist/templates/notary.js

@@ -0,0 +1,360 @@
+/**
+ * Document notary scaffold template.
+ * Generates a notarization service: upload, hash, sign, verify.
+ */
+export function generateNotary(name, features) {
+    const hasMultiAlgo = features.includes('multi-algorithm') || features.includes('post-quantum');
+    const files = {};
+    // --- package.json ---
+    files['package.json'] = JSON.stringify({
+        name,
+        version: '0.1.0',
+        description: `${name} — Document notarization service with BLINK Authority`,
+        type: 'module',
+        scripts: {
+            build: 'tsc',
+            start: 'node dist/server.js',
+            dev: 'tsx src/server.ts',
+        },
+        dependencies: {
+            '@blink-technology/sdk': '^0.14.0',
+            express: '^4.21.0',
+            multer: '^1.4.5-lts.1',
+            dotenv: '^16.4.0',
+        },
+        devDependencies: {
+            '@types/express': '^4.17.21',
+            '@types/multer': '^1.4.12',
+            '@types/node': '^22.15.2',
+            typescript: '^5.8.3',
+            tsx: '^4.19.0',
+        },
+    }, null, 2);
+    // --- tsconfig.json ---
+    files['tsconfig.json'] = JSON.stringify({
+        compilerOptions: {
+            target: 'ES2022',
+            module: 'Node16',
+            moduleResolution: 'Node16',
+            outDir: 'dist',
+            rootDir: 'src',
+            strict: true,
+            esModuleInterop: true,
+            skipLibCheck: true,
+            forceConsistentCasingInFileNames: true,
+            declaration: true,
+            sourceMap: true,
+        },
+        include: ['src/**/*'],
+        exclude: ['node_modules', 'dist'],
+    }, null, 2);
+    // --- .env.example ---
+    files['.env.example'] = `# BLINK Secure Engine connection
+BSEC_URL=http://localhost:9100
+BSEC_TOKEN=your-bsec-token-here
+SLOT_NAME=default
+
+# Server
+PORT=3000
+`;
+    // --- src/blink.ts ---
+    files['src/blink.ts'] = `/**
+ * BLINK Secure Engine connection management.
+ *
+ * BLINK Authority — https://blink-authority.com
+ */
+
+import { BlinkSigner, BlinkVerifier, AlgoSuiteId } from '@blink-technology/sdk';
+
+let signer: BlinkSigner;
+let vrfPublicKey: Uint8Array;
+
+export async function initBlink(bsecUrl: string, slotName: string): Promise<void> {
+  signer = await BlinkSigner.connect(bsecUrl, slotName, AlgoSuiteId.Ed25519);
+  vrfPublicKey = await signer.vrfPublicKey();
+  console.log(
+    \`[blink] Connected to BSEC at \${bsecUrl} \` +
+    \`(slot=\${slotName}, pk=\${Buffer.from(vrfPublicKey).toString('hex').slice(0, 16)}...)\`,
+  );
+}
+
+export function getSigner(): BlinkSigner { return signer; }
+export function getVrfPublicKey(): Uint8Array { return vrfPublicKey; }
+export function getVrfPublicKeyHex(): string { return Buffer.from(vrfPublicKey).toString('hex'); }
+
+export function createVerifier(): BlinkVerifier {
+  return new BlinkVerifier(vrfPublicKey, {
+    freshnessWindowMs: 365 * 24 * 60 * 60 * 1000, // 1 year for notarization
+    clockSkewToleranceMs: 60_000,
+  });
+}
+
+export async function shutdownBlink(): Promise<void> {
+  if (signer) {
+    await signer.close();
+    console.log('[blink] Disconnected from BLINK Secure Engine');
+  }
+}
+`;
+    // --- src/notarize.ts ---
+    files['src/notarize.ts'] = `/**
+ * Document notarization logic.
+ *
+ * 1. Compute SHA-256 hash of the uploaded document
+ * 2. Sign the hash via BLINK Secure Engine (single-use credential)
+ * 3. Return the notarization certificate (envelope + metadata)
+ */
+
+import { createHash, randomUUID } from 'node:crypto';
+import { getSigner, getVrfPublicKeyHex } from './blink.js';
+
+export interface NotarizationCertificate {
+  id: string;
+  document: {
+    filename: string;
+    size: number;
+    hash: string;
+  };
+  envelope: string;
+  signerPublicKey: string;
+  assuranceLevel: string;
+  notarizedAt: string;
+}
+
+/**
+ * Notarize a document: hash it, then sign the hash with BLINK.
+ */
+export async function notarizeDocument(
+  file: Buffer,
+  filename: string,
+): Promise<NotarizationCertificate> {
+  // Step 1: Compute SHA-256 hash of the file
+  const hash = createHash('sha256').update(new Uint8Array(file)).digest();
+  const hashBytes = new Uint8Array(hash.buffer, hash.byteOffset, hash.byteLength);
+
+  // Step 2: Sign the hash via BLINK Secure Engine
+  // Uses signDetached — the hash is the payload, not included in the envelope
+  const envelope = await getSigner().signDetached(hashBytes);
+
+  // Step 3: Build the notarization certificate
+  return {
+    id: \`NOTARY-\${randomUUID()}\`,
+    document: {
+      filename,
+      size: file.length,
+      hash: hash.toString('hex'),
+    },
+    envelope: Buffer.from(envelope).toString('base64'),
+    signerPublicKey: getVrfPublicKeyHex(),
+    assuranceLevel: 'Standard Assurance',
+    notarizedAt: new Date().toISOString(),
+  };
+}
+
+/**
+ * Verify a previously notarized document.
+ * Re-hashes the file and checks the envelope signature.
+ */
+export async function verifyNotarization(
+  file: Buffer,
+  certificate: NotarizationCertificate,
+): Promise<{ valid: boolean; reason?: string }> {
+  // Re-hash the file
+  const currentHash = createHash('sha256').update(new Uint8Array(file)).digest('hex');
+
+  // Check hash matches
+  if (currentHash !== certificate.document.hash) {
+    return {
+      valid: false,
+      reason: \`Document hash mismatch: expected \${certificate.document.hash}, got \${currentHash}\`,
+    };
+  }
+
+  // Verify the BLINK envelope
+  const { createVerifier } = await import('./blink.js');
+  const verifier = createVerifier();
+  const envelopeBytes = new Uint8Array(Buffer.from(certificate.envelope, 'base64'));
+  const result = verifier.verify(envelopeBytes);
+
+  return {
+    valid: result.valid,
+    reason: result.valid ? undefined : (result.reason ?? 'Signature verification failed'),
+  };
+}
+`;
+    // --- src/routes.ts ---
+    files['src/routes.ts'] = `/**
+ * Notary API routes.
+ *
+ * POST /notarize  — Upload a document, receive a notarization certificate
+ * POST /verify    — Upload a document + certificate, verify authenticity
+ * GET  /health    — Health check
+ */
+
+import { Router } from 'express';
+import multer from 'multer';
+import { notarizeDocument, verifyNotarization } from './notarize.js';
+import { getVrfPublicKeyHex } from './blink.js';
+
+const upload = multer({
+  storage: multer.memoryStorage(),
+  limits: { fileSize: 50 * 1024 * 1024 }, // 50 MB max
+});
+
+const router = Router();
+
+/**
+ * POST /notarize — Upload a file to notarize.
+ * Returns a notarization certificate containing the BLINK envelope.
+ */
+router.post('/notarize', upload.single('file'), async (req, res, next) => {
+  try {
+    if (!req.file) {
+      res.status(400).json({ error: 'No file uploaded. Send as multipart/form-data with field "file".' });
+      return;
+    }
+
+    const certificate = await notarizeDocument(req.file.buffer, req.file.originalname);
+    res.status(201).json(certificate);
+  } catch (err) {
+    next(err);
+  }
+});
+
+/**
+ * POST /verify — Upload a file and its certificate to verify.
+ * Re-hashes the file and checks the BLINK signature.
+ */
+router.post('/verify', upload.single('file'), async (req, res, next) => {
+  try {
+    if (!req.file) {
+      res.status(400).json({ error: 'No file uploaded.' });
+      return;
+    }
+
+    const certJson = req.body?.certificate;
+    if (!certJson) {
+      res.status(400).json({ error: 'Missing "certificate" field in request body.' });
+      return;
+    }
+
+    const certificate = typeof certJson === 'string' ? JSON.parse(certJson) : certJson;
+    const result = await verifyNotarization(req.file.buffer, certificate);
+
+    res.json({
+      verified: result.valid,
+      reason: result.reason,
+      document: {
+        filename: req.file.originalname,
+        size: req.file.size,
+      },
+    });
+  } catch (err) {
+    next(err);
+  }
+});
+
+/** GET /health */
+router.get('/health', (_req, res) => {
+  res.json({
+    status: 'ok',
+    service: '${name}',
+    signerPublicKey: getVrfPublicKeyHex(),
+    timestamp: new Date().toISOString(),
+  });
+});
+
+export default router;
+`;
+    // --- src/server.ts ---
+    files['src/server.ts'] = `/**
+ * ${name} — Document notarization service with BLINK Authority.
+ *
+ * Upload documents to get a cryptographic notarization certificate.
+ * Verify documents by re-uploading with the certificate.
+ */
+
+import 'dotenv/config';
+import express from 'express';
+import { initBlink, shutdownBlink } from './blink.js';
+import routes from './routes.js';
+
+async function main(): Promise<void> {
+  const bsecUrl = process.env['BSEC_URL'] ?? 'http://localhost:9100';
+  const slotName = process.env['SLOT_NAME'] ?? 'default';
+  const port = parseInt(process.env['PORT'] ?? '3000', 10);
+
+  // Connect to BLINK Secure Engine
+  await initBlink(bsecUrl, slotName);
+
+  const app = express();
+  app.use(express.json());
+  app.use(routes);
+
+  const server = app.listen(port, () => {
+    console.log(\`[server] ${name} listening on port \${port}\`);
+  });
+
+  // Graceful shutdown
+  const shutdown = async (signal: string) => {
+    console.log(\`[server] Received \${signal}, shutting down...\`);
+    server.close();
+    await shutdownBlink();
+    process.exit(0);
+  };
+
+  process.on('SIGINT', () => shutdown('SIGINT'));
+  process.on('SIGTERM', () => shutdown('SIGTERM'));
+}
+
+main().catch((err) => {
+  console.error('[server] Fatal error:', err);
+  process.exit(1);
+});
+`;
+    // --- README.md ---
+    files['README.md'] = `# ${name}
+
+Document notarization service built on **BLINK Authority**. Upload documents to receive
+a cryptographic notarization certificate, then verify documents later.
+
+## Quick Start
+
+\`\`\`bash
+npm install
+cp .env.example .env
+npm run dev
+\`\`\`
+
+## API
+
+### POST /notarize
+Upload a file to notarize. Returns a certificate with the BLINK signature envelope.
+
+\`\`\`bash
+curl -F "file=@document.pdf" http://localhost:3000/notarize
+\`\`\`
+
+### POST /verify
+Upload a file and its certificate to verify authenticity.
+
+\`\`\`bash
+curl -F "file=@document.pdf" -F "certificate=@certificate.json" http://localhost:3000/verify
+\`\`\`
+
+### GET /health
+Health check with signer public key.
+
+## How It Works
+
+1. **Upload** — The document is uploaded to the server
+2. **Hash** — SHA-256 hash is computed
+3. **Sign** — The hash is signed with a single-use BLINK credential
+4. **Certificate** — The BLINK envelope + metadata is returned as the notarization certificate
+5. **Verify** — Re-upload the document; the server re-hashes and verifies the envelope
+
+Built with [BLINK Authority](https://blink-authority.com).
+`;
+    return files;
+}
+//# sourceMappingURL=notary.js.map

package/dist/templates/notary.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"notary.js","sourceRoot":"","sources":["../../src/templates/notary.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,UAAU,cAAc,CAC5B,IAAY,EACZ,QAAkB;IAElB,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAE/F,MAAM,KAAK,GAA2B,EAAE,CAAC;IAEzC,uBAAuB;IACvB,KAAK,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,SAAS,CACpC;QACE,IAAI;QACJ,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE,GAAG,IAAI,uDAAuD;QAC3E,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE;YACP,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,qBAAqB;YAC5B,GAAG,EAAE,mBAAmB;SACzB;QACD,YAAY,EAAE;YACZ,uBAAuB,EAAE,SAAS;YAClC,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,cAAc;YACtB,MAAM,EAAE,SAAS;SAClB;QACD,eAAe,EAAE;YACf,gBAAgB,EAAE,UAAU;YAC5B,eAAe,EAAE,SAAS;YAC1B,aAAa,EAAE,UAAU;YACzB,UAAU,EAAE,QAAQ;YACpB,GAAG,EAAE,SAAS;SACf;KACF,EACD,IAAI,EACJ,CAAC,CACF,CAAC;IAEF,wBAAwB;IACxB,KAAK,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,SAAS,CACrC;QACE,eAAe,EAAE;YACf,MAAM,EAAE,QAAQ;YAChB,MAAM,EAAE,QAAQ;YAChB,gBAAgB,EAAE,QAAQ;YAC1B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,IAAI;YACZ,eAAe,EAAE,IAAI;YACrB,YAAY,EAAE,IAAI;YAClB,gCAAgC,EAAE,IAAI;YACtC,WAAW,EAAE,IAAI;YACjB,SAAS,EAAE,IAAI;SAChB;QACD,OAAO,EAAE,CAAC,UAAU,CAAC;QACrB,OAAO,EAAE,CAAC,cAAc,EAAE,MAAM,CAAC;KAClC,EACD,IAAI,EACJ,CAAC,CACF,CAAC;IAEF,uBAAuB;IACvB,KAAK,CAAC,cAAc,CAAC,GAAG;;;;;;;CAOzB,CAAC;IAEA,uBAAuB;IACvB,KAAK,CAAC,cAAc,CAAC,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqCzB,CAAC;IAEA,0BAA0B;IAC1B,KAAK,CAAC,iBAAiB,CAAC,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoF5B,CAAC;IAEA,wBAAwB;IACxB,KAAK,CAAC,eAAe,CAAC,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gBA2EX,IAAI;;;;;;;CAOnB,CAAC;IAEA,wBAAwB;IACxB,KAAK,CAAC,eAAe,CAAC,GAAG;KACtB,IAAI;;;;;;;;;;;;;;;;;;;;;;;;6BAwBoB,IAAI;;;;;;;;;;;;;;;;;;;CAmBhC,CAAC;IAEA,oBAAoB;IACpB,KAAK,CAAC,WAAW,CAAC,GAAG,KAAK,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyC/B,CAAC;IAEA,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/test.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Simple smoke test for BLINK Claude Plugin tool handlers.
+ *
+ * Run: npm test
+ * (Requires: npm run build first)
+ */
+export {};
+//# sourceMappingURL=test.d.ts.map

package/dist/test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test.d.ts","sourceRoot":"","sources":["../src/test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/test.js

@@ -0,0 +1,140 @@
+/**
+ * Simple smoke test for BLINK Claude Plugin tool handlers.
+ *
+ * Run: npm test
+ * (Requires: npm run build first)
+ */
+import { handleScaffold } from './tools/scaffold.js';
+import { handleAddSigning } from './tools/add-signing.js';
+import { handleDecodeEnvelope } from './tools/decode.js';
+import { handleGenerateTestVectors } from './tools/test-vectors.js';
+import { handleVerifyLocal } from './tools/verify-local.js';
+import { handleLint } from './tools/lint.js';
+import { handleHierarchyDesign } from './tools/hierarchy.js';
+import { handleSignTest } from './tools/sign-test.js';
+import { handleVerifyTest } from './tools/verify-test.js';
+import { PluginBsecClient, createPluginBsecClient } from './bsec-client.js';
+let passed = 0;
+let failed = 0;
+function test(name, fn) {
+    try {
+        fn();
+        passed++;
+        console.log(`  PASS: ${name}`);
+    }
+    catch (err) {
+        failed++;
+        console.log(`  FAIL: ${name}`);
+        console.log(`        ${err}`);
+    }
+}
+function assert(condition, message) {
+    if (!condition)
+        throw new Error(message);
+}
+console.log('\nBLINK Claude Plugin — Smoke Tests\n');
+// ---------------------------------------------------------------------------
+// S45-01: BSEC Client
+// ---------------------------------------------------------------------------
+console.log('S45-01: BSEC Client');
+test('createPluginBsecClient returns a PluginBsecClient', () => {
+    const client = createPluginBsecClient('https://localhost:8443', 'test-token');
+    assert(client instanceof PluginBsecClient, 'Expected PluginBsecClient instance');
+});
+// ---------------------------------------------------------------------------
+// S45-02: blink_sign_test
+// ---------------------------------------------------------------------------
+console.log('\nS45-02: blink_sign_test');
+test('returns error when BSEC not configured', () => {
+    const result = handleSignTest({ payload: 'test' }, null);
+    // Synchronous return when no client
+    assert(!('then' in result), 'Expected synchronous result');
+    const toolResult = result;
+    assert(toolResult.isError === true, 'Expected isError');
+    const body = JSON.parse(toolResult.content[0].text);
+    assert(body.error === 'Connected mode not configured', 'Expected connected mode error');
+});
+test('returns error when payload is empty', () => {
+    const result = handleSignTest({ payload: '' }, null);
+    const toolResult = result;
+    assert(toolResult.isError === true, 'Expected isError for empty payload');
+});
+// ---------------------------------------------------------------------------
+// S45-03: blink_verify_test
+// ---------------------------------------------------------------------------
+console.log('\nS45-03: blink_verify_test');
+test('returns error when envelope is missing', () => {
+    const result = handleVerifyTest({}, null);
+    const toolResult = result;
+    assert(toolResult.isError === true, 'Expected isError for missing envelope');
+});
+test('returns offline mode result for valid-format envelope', () => {
+    // Create a minimal valid envelope
+    const envelope = {
+        signature: Buffer.alloc(64).toString('base64'),
+        ephemeral_public_key: Buffer.alloc(32).toString('base64'),
+        vrf_proof: Buffer.alloc(80).toString('base64'),
+        p_derive: Buffer.alloc(32).toString('base64'),
+        domain_input: 'test:identity:2026-03-31T00:00:00Z',
+        timestamp: new Date().toISOString(),
+        algorithm: 'ed25519',
+        payload_hash: 'a'.repeat(64),
+    };
+    const envelopeB64 = Buffer.from(JSON.stringify(envelope)).toString('base64');
+    const pDerive = Buffer.alloc(32).toString('base64');
+    const result = handleVerifyTest({ envelope: envelopeB64, p_derive: pDerive }, null);
+    const toolResult = result;
+    const body = JSON.parse(toolResult.content[0].text);
+    assert(body.mode === 'offline', 'Expected offline mode');
+    assert(body.format_verification !== undefined, 'Expected format_verification');
+});
+// ---------------------------------------------------------------------------
+// Existing tools (quick smoke)
+// ---------------------------------------------------------------------------
+console.log('\nExisting tools (smoke)');
+test('blink_scaffold returns files', () => {
+    const result = handleScaffold({ template: 'express-api', name: 'test-app' });
+    assert(result.content.length > 0, 'Expected content');
+    const body = JSON.parse(result.content[0].text);
+    assert(body.files || body.project_name, 'Expected scaffold output');
+});
+test('blink_add_signing returns enhanced code', () => {
+    const result = handleAddSigning({ code: 'app.get("/", (req, res) => res.send("ok"));', pattern: 'sign-response' });
+    assert(result.content.length > 0, 'Expected content');
+});
+test('blink_decode_envelope handles invalid input', () => {
+    const result = handleDecodeEnvelope({ envelope: 'not-valid-base64!!' });
+    assert(result.content.length > 0, 'Expected content');
+});
+test('blink_generate_test_vectors returns vectors', () => {
+    const result = handleGenerateTestVectors({ count: 2 });
+    assert(result.content.length > 0, 'Expected content');
+    const body = JSON.parse(result.content[0].text);
+    assert(body.test_vectors || body.vectors || Array.isArray(body), 'Expected test vectors');
+});
+test('blink_verify_local handles missing envelope', () => {
+    const result = handleVerifyLocal({});
+    assert(result.content.length > 0, 'Expected content');
+    const body = JSON.parse(result.content[0].text);
+    assert(body.format_valid === false, 'Expected format_valid false');
+});
+test('blink_lint returns results', () => {
+    const result = handleLint({ code: 'const x = 1;' });
+    assert(result.content.length > 0, 'Expected content');
+});
+test('blink_hierarchy_design returns hierarchy', () => {
+    const result = handleHierarchyDesign({ description: 'A small startup with 3 services' });
+    assert(result.content.length > 0, 'Expected content');
+});
+// ---------------------------------------------------------------------------
+// Summary
+// ---------------------------------------------------------------------------
+console.log(`\n${'='.repeat(40)}`);
+console.log(`Results: ${passed} passed, ${failed} failed, ${passed + failed} total`);
+if (failed > 0) {
+    process.exit(1);
+}
+else {
+    console.log('All tests passed.\n');
+}
+//# sourceMappingURL=test.js.map

package/dist/test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"test.js","sourceRoot":"","sources":["../src/test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAE5E,IAAI,MAAM,GAAG,CAAC,CAAC;AACf,IAAI,MAAM,GAAG,CAAC,CAAC;AAEf,SAAS,IAAI,CAAC,IAAY,EAAE,EAAc;IACxC,IAAI,CAAC;QACH,EAAE,EAAE,CAAC;QACL,MAAM,EAAE,CAAC;QACT,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,EAAE,CAAC;QACT,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC;IAChC,CAAC;AACH,CAAC;AAED,SAAS,MAAM,CAAC,SAAkB,EAAE,OAAe;IACjD,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;AAC3C,CAAC;AAED,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;AAErD,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAC9E,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;AAEnC,IAAI,CAAC,mDAAmD,EAAE,GAAG,EAAE;IAC7D,MAAM,MAAM,GAAG,sBAAsB,CAAC,wBAAwB,EAAE,YAAY,CAAC,CAAC;IAC9E,MAAM,CAAC,MAAM,YAAY,gBAAgB,EAAE,oCAAoC,CAAC,CAAC;AACnF,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAC9E,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;AAEzC,IAAI,CAAC,wCAAwC,EAAE,GAAG,EAAE;IAClD,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,CAAC,CAAC;IACzD,oCAAoC;IACpC,MAAM,CAAC,CAAC,CAAC,MAAM,IAAI,MAAM,CAAC,EAAE,6BAA6B,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,MAA+E,CAAC;IACnG,MAAM,CAAC,UAAU,CAAC,OAAO,KAAK,IAAI,EAAE,kBAAkB,CAAC,CAAC;IACxD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACpD,MAAM,CAAC,IAAI,CAAC,KAAK,KAAK,+BAA+B,EAAE,+BAA+B,CAAC,CAAC;AAC1F,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,qCAAqC,EAAE,GAAG,EAAE;IAC/C,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,MAA+E,CAAC;IACnG,MAAM,CAAC,UAAU,CAAC,OAAO,KAAK,IAAI,EAAE,oCAAoC,CAAC,CAAC;AAC5E,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAC9E,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;AAE3C,IAAI,CAAC,wCAAwC,EAAE,GAAG,EAAE;IAClD,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,MAA+E,CAAC;IACnG,MAAM,CAAC,UAAU,CAAC,OAAO,KAAK,IAAI,EAAE,uCAAuC,CAAC,CAAC;AAC/E,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,uDAAuD,EAAE,GAAG,EAAE;IACjE,kCAAkC;IAClC,MAAM,QAAQ,GAAG;QACf,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC9C,oBAAoB,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACzD,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC9C,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC7C,YAAY,EAAE,oCAAoC;QAClD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,SAAS,EAAE,SAAS;QACpB,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;KAC7B,CAAC;IACF,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEpD,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,IAAI,CAAC,CAAC;IACpF,MAAM,UAAU,GAAG,MAA4D,CAAC;IAChF,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACpD,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,uBAAuB,CAAC,CAAC;IACzD,MAAM,CAAC,IAAI,CAAC,mBAAmB,KAAK,SAAS,EAAE,8BAA8B,CAAC,CAAC;AACjF,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,+BAA+B;AAC/B,8EAA8E;AAC9E,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;AAExC,IAAI,CAAC,8BAA8B,EAAE,GAAG,EAAE;IACxC,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;IAC7E,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,kBAAkB,CAAC,CAAC;IACtD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,YAAY,EAAE,0BAA0B,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,yCAAyC,EAAE,GAAG,EAAE;IACnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,6CAA6C,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAC;IACnH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,kBAAkB,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,6CAA6C,EAAE,GAAG,EAAE;IACvD,MAAM,MAAM,GAAG,oBAAoB,CAAC,EAAE,QAAQ,EAAE,oBAAoB,EAAE,CAAC,CAAC;IACxE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,kBAAkB,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,6CAA6C,EAAE,GAAG,EAAE;IACvD,MAAM,MAAM,GAAG,yBAAyB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;IACvD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,kBAAkB,CAAC,CAAC;IACtD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,uBAAuB,CAAC,CAAC;AAC5F,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,6CAA6C,EAAE,GAAG,EAAE;IACvD,MAAM,MAAM,GAAG,iBAAiB,CAAC,EAAE,CAAC,CAAC;IACrC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,kBAAkB,CAAC,CAAC;IACtD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,CAAC,IAAI,CAAC,YAAY,KAAK,KAAK,EAAE,6BAA6B,CAAC,CAAC;AACrE,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,4BAA4B,EAAE,GAAG,EAAE;IACtC,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC;IACpD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,kBAAkB,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,0CAA0C,EAAE,GAAG,EAAE;IACpD,MAAM,MAAM,GAAG,qBAAqB,CAAC,EAAE,WAAW,EAAE,iCAAiC,EAAE,CAAC,CAAC;IACzF,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,kBAAkB,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAC9E,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;AACnC,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,YAAY,MAAM,YAAY,MAAM,GAAG,MAAM,QAAQ,CAAC,CAAC;AAErF,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;IACf,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;KAAM,CAAC;IACN,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;AACrC,CAAC"}

package/dist/tools/add-signing.d.ts

@@ -0,0 +1,19 @@
+/**
+ * blink_add_signing tool handler.
+ *
+ * Takes existing code and a signing pattern, returns enhanced code
+ * with BLINK signing added. Uses string manipulation (not AST) for v1.
+ *
+ * Patterns:
+ *   sign-response     — Add BLINK signing middleware to Express responses
+ *   sign-document     — Add document hashing + BLINK signing
+ *   sign-audit-entry  — Add hash-chained audit entry signing
+ *   verify-incoming   — Add incoming signature verification
+ */
+export declare function handleAddSigning(args: Record<string, unknown>): {
+    content: Array<{
+        type: string;
+        text: string;
+    }>;
+};
+//# sourceMappingURL=add-signing.d.ts.map

package/dist/tools/add-signing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"add-signing.d.ts","sourceRoot":"","sources":["../../src/tools/add-signing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAkTH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5B;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE,CAiCpD"}