@bradford-tech/supabase-integrity-attest 0.2.4 → 0.3.1

package/README.md

@@ -13,6 +13,21 @@ deno add jsr:@bradford-tech/supabase-integrity-attest
 npx jsr add @bradford-tech/supabase-integrity-attest
 ```
 
+## Subpath imports
+
+If you only need assertion verification, import from the lighter entry point:
+
+```typescript
+// Full library (attestation + assertion)
+import { verifyAttestation, verifyAssertion } from "@bradford-tech/supabase-integrity-attest";
+
+// Assertion only — skips asn1js and @noble/curves
+import { verifyAssertion } from "@bradford-tech/supabase-integrity-attest/assertion";
+
+// Attestation only
+import { verifyAttestation } from "@bradford-tech/supabase-integrity-attest/attestation";
+```
+
 ## Usage
 
 ### Attestation (one-time per device)
@@ -30,7 +45,88 @@ const result = await verifyAttestation(
 // Store result.publicKeyPem and signCount (0) for this device
 ```
 
-### Assertion (every protected request)
+### Protecting edge functions with `withAssertion`
+
+`withAssertion` wraps a request handler so that assertion verification,
+device lookup, and sign count updates happen before your business logic runs.
+
+```typescript
+import { createClient } from "jsr:@supabase/supabase-js@2";
+import { withAssertion } from "@bradford-tech/supabase-integrity-attest";
+
+const supabase = createClient(
+  Deno.env.get("SUPABASE_URL")!,
+  Deno.env.get("SUPABASE_SERVICE_ROLE_KEY")!,
+);
+
+Deno.serve(withAssertion({
+  appId: Deno.env.get("APP_ATTEST_APP_ID")!,
+  developmentEnv: Deno.env.get("APP_ATTEST_ENV") === "development",
+  getDeviceKey: async (deviceId) => {
+    const { data } = await supabase
+      .from("device_attestations")
+      .select("public_key_pem, sign_count")
+      .eq("key_id", deviceId)
+      .single();
+    return data
+      ? { publicKeyPem: data.public_key_pem, signCount: data.sign_count }
+      : null;
+  },
+  updateSignCount: async (deviceId, newSignCount) => {
+    await supabase
+      .from("device_attestations")
+      .update({ sign_count: newSignCount })
+      .eq("key_id", deviceId);
+  },
+}, async (_req, { rawBody }) => {
+  const { text, voice } = JSON.parse(new TextDecoder().decode(rawBody));
+  // business logic
+  return new Response(JSON.stringify({ audio: "..." }), {
+    headers: { "Content-Type": "application/json" },
+  });
+}));
+```
+
+The client sends the assertion and device ID in headers. The request body
+is the client data that was signed:
+
+```
+POST /functions/v1/your-endpoint
+Headers:
+  Content-Type: application/json
+  X-App-Attest-Assertion: <base64-encoded assertion>
+  X-App-Attest-Device-Id: <base64-encoded keyId>
+Body:
+  {"text": "Hello world", "voice": "en-US"}
+```
+
+Once you have multiple protected functions, extract the shared options into
+a helper:
+
+```typescript
+// supabase/functions/_shared/attest.ts
+import type { WithAssertionOptions } from "@bradford-tech/supabase-integrity-attest";
+
+export const attestOptions: WithAssertionOptions = {
+  appId: Deno.env.get("APP_ATTEST_APP_ID")!,
+  // ... getDeviceKey, updateSignCount as above
+};
+```
+
+```typescript
+// supabase/functions/text-to-speech/index.ts
+import { withAssertion } from "@bradford-tech/supabase-integrity-attest";
+import { attestOptions } from "../_shared/attest.ts";
+
+Deno.serve(withAssertion(attestOptions, async (_req, { rawBody }) => {
+  const { text, voice } = JSON.parse(new TextDecoder().decode(rawBody));
+  return new Response(JSON.stringify({ audio: "..." }));
+}));
+```
+
+### Assertion (low-level)
+
+For full control over the verification flow, use `verifyAssertion` directly:
 
 ```typescript
 import { verifyAssertion } from "@bradford-tech/supabase-integrity-attest";

package/esm/_dnt.test_polyfills.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"_dnt.test_polyfills.d.ts","sourceRoot":"","sources":["../src/_dnt.test_polyfills.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,KAAK;QACb,KAAK,CAAC,EAAE,OAAO,CAAC;KACjB;CACF;AAED,OAAO,EAAE,CAAC"}

package/esm/assertion.d.ts

@@ -0,0 +1,7 @@
+export { verifyAssertion } from "./src/assertion.js";
+export type { AppInfo, AssertionResult } from "./src/assertion.js";
+export { AssertionError, AssertionErrorCode } from "./src/errors.js";
+export { withAssertion } from "./src/with-assertion.js";
+export { DEFAULT_ASSERTION_HEADER, DEFAULT_DEVICE_ID_HEADER, } from "./src/with-assertion.js";
+export type { AssertionContext, DeviceKey, ExtractAssertionFn, WithAssertionOptions, } from "./src/with-assertion.js";
+//# sourceMappingURL=assertion.d.ts.map

package/esm/assertion.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"assertion.d.ts","sourceRoot":"","sources":["../src/assertion.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,YAAY,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAGrE,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EACL,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AACjC,YAAY,EACV,gBAAgB,EAChB,SAAS,EACT,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,yBAAyB,CAAC"}

package/esm/assertion.js

@@ -0,0 +1,6 @@
+// assertion.ts — lightweight entry point (no asn1js / @noble/curves)
+export { verifyAssertion } from "./src/assertion.js";
+export { AssertionError, AssertionErrorCode } from "./src/errors.js";
+// withAssertion wrapper
+export { withAssertion } from "./src/with-assertion.js";
+export { DEFAULT_ASSERTION_HEADER, DEFAULT_DEVICE_ID_HEADER, } from "./src/with-assertion.js";

package/esm/attestation.d.ts

@@ -0,0 +1,4 @@
+export { verifyAttestation } from "./src/attestation.js";
+export type { AppInfo, AttestationResult, VerifyAttestationOptions, } from "./src/attestation.js";
+export { AttestationError, AttestationErrorCode } from "./src/errors.js";
+//# sourceMappingURL=attestation.d.ts.map

package/esm/attestation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"attestation.d.ts","sourceRoot":"","sources":["../src/attestation.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,YAAY,EACV,OAAO,EACP,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC"}

package/esm/attestation.js

@@ -0,0 +1,3 @@
+// attestation.ts — full attestation entry point (includes cert chain deps)
+export { verifyAttestation } from "./src/attestation.js";
+export { AttestationError, AttestationErrorCode } from "./src/errors.js";

package/esm/mod.d.ts

@@ -3,4 +3,7 @@ export type { AssertionResult } from "./src/assertion.js";
 export { verifyAttestation } from "./src/attestation.js";
 export { verifyAssertion } from "./src/assertion.js";
 export { AssertionError, AssertionErrorCode, AttestationError, AttestationErrorCode, } from "./src/errors.js";
+export { withAssertion } from "./src/with-assertion.js";
+export { DEFAULT_ASSERTION_HEADER, DEFAULT_DEVICE_ID_HEADER, } from "./src/with-assertion.js";
+export type { AssertionContext, DeviceKey, ExtractAssertionFn, WithAssertionOptions, } from "./src/with-assertion.js";
 //# sourceMappingURL=mod.d.ts.map

package/esm/mod.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../src/mod.ts"],"names":[],"mappings":"AAEA,YAAY,EACV,OAAO,EACP,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../src/mod.ts"],"names":[],"mappings":"AAEA,YAAY,EACV,OAAO,EACP,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EACL,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AACjC,YAAY,EACV,gBAAgB,EAChB,SAAS,EACT,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,yBAAyB,CAAC"}

package/esm/mod.js

@@ -2,3 +2,6 @@
 export { verifyAttestation } from "./src/attestation.js";
 export { verifyAssertion } from "./src/assertion.js";
 export { AssertionError, AssertionErrorCode, AttestationError, AttestationErrorCode, } from "./src/errors.js";
+// withAssertion wrapper
+export { withAssertion } from "./src/with-assertion.js";
+export { DEFAULT_ASSERTION_HEADER, DEFAULT_DEVICE_ID_HEADER, } from "./src/with-assertion.js";

package/esm/src/errors.d.ts

@@ -16,11 +16,15 @@ export declare enum AssertionErrorCode {
     INVALID_FORMAT = "INVALID_FORMAT",
     RP_ID_MISMATCH = "RP_ID_MISMATCH",
     COUNTER_NOT_INCREMENTED = "COUNTER_NOT_INCREMENTED",
-    SIGNATURE_INVALID = "SIGNATURE_INVALID"
+    SIGNATURE_INVALID = "SIGNATURE_INVALID",
+    DEVICE_NOT_FOUND = "DEVICE_NOT_FOUND",
+    INTERNAL_ERROR = "INTERNAL_ERROR"
 }
 export declare class AssertionError extends Error {
     readonly code: AssertionErrorCode;
     readonly name = "AssertionError";
-    constructor(code: AssertionErrorCode, message: string);
+    constructor(code: AssertionErrorCode, message: string, options?: {
+        cause?: unknown;
+    });
 }
 //# sourceMappingURL=errors.d.ts.map

package/esm/src/errors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/src/errors.ts"],"names":[],"mappings":"AAEA,oBAAY,oBAAoB;IAC9B,cAAc,mBAAmB;IACjC,yBAAyB,8BAA8B;IACvD,cAAc,mBAAmB;IACjC,cAAc,mBAAmB;IACjC,eAAe,oBAAoB;IACnC,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;CAClC;AAED,qBAAa,gBAAiB,SAAQ,KAAK;aAGvB,IAAI,EAAE,oBAAoB;IAF5C,SAAkB,IAAI,sBAAsB;gBAE1B,IAAI,EAAE,oBAAoB,EAC1C,OAAO,EAAE,MAAM;CAIlB;AAED,oBAAY,kBAAkB;IAC5B,cAAc,mBAAmB;IACjC,cAAc,mBAAmB;IACjC,uBAAuB,4BAA4B;IACnD,iBAAiB,sBAAsB;CACxC;AAED,qBAAa,cAAe,SAAQ,KAAK;aAGrB,IAAI,EAAE,kBAAkB;IAF1C,SAAkB,IAAI,oBAAoB;gBAExB,IAAI,EAAE,kBAAkB,EACxC,OAAO,EAAE,MAAM;CAIlB"}
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/src/errors.ts"],"names":[],"mappings":"AAEA,oBAAY,oBAAoB;IAC9B,cAAc,mBAAmB;IACjC,yBAAyB,8BAA8B;IACvD,cAAc,mBAAmB;IACjC,cAAc,mBAAmB;IACjC,eAAe,oBAAoB;IACnC,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;CAClC;AAED,qBAAa,gBAAiB,SAAQ,KAAK;aAGvB,IAAI,EAAE,oBAAoB;IAF5C,SAAkB,IAAI,sBAAsB;gBAE1B,IAAI,EAAE,oBAAoB,EAC1C,OAAO,EAAE,MAAM;CAIlB;AAED,oBAAY,kBAAkB;IAC5B,cAAc,mBAAmB;IACjC,cAAc,mBAAmB;IACjC,uBAAuB,4BAA4B;IACnD,iBAAiB,sBAAsB;IACvC,gBAAgB,qBAAqB;IACrC,cAAc,mBAAmB;CAClC;AAED,qBAAa,cAAe,SAAQ,KAAK;aAGrB,IAAI,EAAE,kBAAkB;IAF1C,SAAkB,IAAI,oBAAoB;gBAExB,IAAI,EAAE,kBAAkB,EACxC,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE;CAIhC"}

package/esm/src/errors.js

@@ -32,10 +32,12 @@ export var AssertionErrorCode;
     AssertionErrorCode["RP_ID_MISMATCH"] = "RP_ID_MISMATCH";
     AssertionErrorCode["COUNTER_NOT_INCREMENTED"] = "COUNTER_NOT_INCREMENTED";
     AssertionErrorCode["SIGNATURE_INVALID"] = "SIGNATURE_INVALID";
+    AssertionErrorCode["DEVICE_NOT_FOUND"] = "DEVICE_NOT_FOUND";
+    AssertionErrorCode["INTERNAL_ERROR"] = "INTERNAL_ERROR";
 })(AssertionErrorCode || (AssertionErrorCode = {}));
 export class AssertionError extends Error {
-    constructor(code, message) {
-        super(message);
+    constructor(code, message, options) {
+        super(message, options);
         Object.defineProperty(this, "code", {
             enumerable: true,
             configurable: true,

package/esm/src/with-assertion.d.ts

@@ -0,0 +1,27 @@
+import { AssertionError } from "./errors.js";
+export declare const DEFAULT_ASSERTION_HEADER = "X-App-Attest-Assertion";
+export declare const DEFAULT_DEVICE_ID_HEADER = "X-App-Attest-Device-Id";
+export type DeviceKey = {
+    publicKeyPem: string;
+    signCount: number;
+};
+export type AssertionContext = {
+    deviceId: string;
+    signCount: number;
+    rawBody: Uint8Array;
+};
+export type ExtractAssertionFn = (req: Request) => Promise<{
+    assertion: string;
+    deviceId: string;
+    clientData: Uint8Array;
+}>;
+export type WithAssertionOptions = {
+    appId: string;
+    developmentEnv?: boolean;
+    getDeviceKey: (deviceId: string) => Promise<DeviceKey | null>;
+    updateSignCount: (deviceId: string, newSignCount: number) => Promise<void>;
+    extractAssertion?: ExtractAssertionFn;
+    onError?: (error: AssertionError, req: Request) => Response | Promise<Response>;
+};
+export declare function withAssertion(options: WithAssertionOptions, handler: (req: Request, context: AssertionContext) => Response | Promise<Response>): (req: Request) => Promise<Response>;
+//# sourceMappingURL=with-assertion.d.ts.map

package/esm/src/with-assertion.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"with-assertion.d.ts","sourceRoot":"","sources":["../../src/src/with-assertion.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAsB,MAAM,aAAa,CAAC;AAEjE,eAAO,MAAM,wBAAwB,2BAA2B,CAAC;AACjE,eAAO,MAAM,wBAAwB,2BAA2B,CAAC;AAEjE,MAAM,MAAM,SAAS,GAAG;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,UAAU,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC;IACzD,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,UAAU,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAC9D,eAAe,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3E,gBAAgB,CAAC,EAAE,kBAAkB,CAAC;IACtC,OAAO,CAAC,EAAE,CACR,KAAK,EAAE,cAAc,EACrB,GAAG,EAAE,OAAO,KACT,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACnC,CAAC;AAmCF,wBAAgB,aAAa,CAC3B,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,CACP,GAAG,EAAE,OAAO,EACZ,OAAO,EAAE,gBAAgB,KACtB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAChC,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAuErC"}

package/esm/src/with-assertion.js

@@ -0,0 +1,72 @@
+// src/with-assertion.ts
+import { verifyAssertion } from "./assertion.js";
+import { AssertionError, AssertionErrorCode } from "./errors.js";
+export const DEFAULT_ASSERTION_HEADER = "X-App-Attest-Assertion";
+export const DEFAULT_DEVICE_ID_HEADER = "X-App-Attest-Device-Id";
+async function defaultExtractAssertion(req) {
+    const assertion = req.headers.get(DEFAULT_ASSERTION_HEADER);
+    const deviceId = req.headers.get(DEFAULT_DEVICE_ID_HEADER);
+    if (!assertion || !deviceId) {
+        throw new AssertionError(AssertionErrorCode.INVALID_FORMAT, `Missing ${DEFAULT_ASSERTION_HEADER} or ${DEFAULT_DEVICE_ID_HEADER} header`);
+    }
+    const clientData = new Uint8Array(await req.arrayBuffer());
+    return { assertion, deviceId, clientData };
+}
+function defaultErrorResponse(error) {
+    const status = error.code === AssertionErrorCode.INTERNAL_ERROR
+        ? 500
+        : error.code === AssertionErrorCode.INVALID_FORMAT
+            ? 400
+            : 401;
+    return new Response(JSON.stringify({ error: error.message, code: error.code }), { status, headers: { "Content-Type": "application/json" } });
+}
+export function withAssertion(options, handler) {
+    const appInfo = {
+        appId: options.appId,
+        developmentEnv: options.developmentEnv ?? false,
+    };
+    const extract = options.extractAssertion ?? defaultExtractAssertion;
+    return async (req) => {
+        let deviceId;
+        let clientData;
+        let newSignCount;
+        // Steps 1-4: extract, verify, update sign count
+        try {
+            const extracted = await extract(req);
+            deviceId = extracted.deviceId;
+            clientData = extracted.clientData;
+            let deviceKey;
+            try {
+                deviceKey = await options.getDeviceKey(deviceId);
+            }
+            catch (err) {
+                throw new AssertionError(AssertionErrorCode.INTERNAL_ERROR, "Storage callback failed", { cause: err });
+            }
+            if (!deviceKey) {
+                throw new AssertionError(AssertionErrorCode.DEVICE_NOT_FOUND, "Device not found");
+            }
+            const result = await verifyAssertion(appInfo, extracted.assertion, clientData, deviceKey.publicKeyPem, deviceKey.signCount);
+            try {
+                await options.updateSignCount(deviceId, result.signCount);
+            }
+            catch (err) {
+                throw new AssertionError(AssertionErrorCode.INTERNAL_ERROR, "Failed to update sign count", { cause: err });
+            }
+            newSignCount = result.signCount;
+        }
+        catch (err) {
+            const error = err instanceof AssertionError
+                ? err
+                : new AssertionError(AssertionErrorCode.INTERNAL_ERROR, String(err), {
+                    cause: err,
+                });
+            return options.onError?.(error, req) ?? defaultErrorResponse(error);
+        }
+        // Step 5: handler — outside try/catch, errors bubble up
+        return await handler(req, {
+            deviceId,
+            signCount: newSignCount,
+            rawBody: clientData,
+        });
+    };
+}

package/esm/tests/assertion-entry.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"assertion-entry.test.d.ts","sourceRoot":"","sources":["../../src/tests/assertion-entry.test.ts"],"names":[],"mappings":"AACA,OAAO,2BAA2B,CAAC"}

package/esm/tests/assertion.test.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"assertion.test.d.ts","sourceRoot":"","sources":["../../src/tests/assertion.test.ts"],"names":[],"mappings":""}
+{"version":3,"file":"assertion.test.d.ts","sourceRoot":"","sources":["../../src/tests/assertion.test.ts"],"names":[],"mappings":"AACA,OAAO,2BAA2B,CAAC"}

package/esm/tests/attestation-entry.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"attestation-entry.test.d.ts","sourceRoot":"","sources":["../../src/tests/attestation-entry.test.ts"],"names":[],"mappings":"AACA,OAAO,2BAA2B,CAAC"}

package/esm/tests/attestation.test.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attestation.test.d.ts","sourceRoot":"","sources":["../../src/tests/attestation.test.ts"],"names":[],"mappings":""}
+{"version":3,"file":"attestation.test.d.ts","sourceRoot":"","sources":["../../src/tests/attestation.test.ts"],"names":[],"mappings":"AACA,OAAO,2BAA2B,CAAC"}

package/esm/tests/authdata.test.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authdata.test.d.ts","sourceRoot":"","sources":["../../src/tests/authdata.test.ts"],"names":[],"mappings":""}
+{"version":3,"file":"authdata.test.d.ts","sourceRoot":"","sources":["../../src/tests/authdata.test.ts"],"names":[],"mappings":"AACA,OAAO,2BAA2B,CAAC"}

package/esm/tests/certificate.test.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"certificate.test.d.ts","sourceRoot":"","sources":["../../src/tests/certificate.test.ts"],"names":[],"mappings":""}
+{"version":3,"file":"certificate.test.d.ts","sourceRoot":"","sources":["../../src/tests/certificate.test.ts"],"names":[],"mappings":"AACA,OAAO,2BAA2B,CAAC"}

package/esm/tests/cose.test.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cose.test.d.ts","sourceRoot":"","sources":["../../src/tests/cose.test.ts"],"names":[],"mappings":""}
+{"version":3,"file":"cose.test.d.ts","sourceRoot":"","sources":["../../src/tests/cose.test.ts"],"names":[],"mappings":"AACA,OAAO,2BAA2B,CAAC"}

package/esm/tests/der.test.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"der.test.d.ts","sourceRoot":"","sources":["../../src/tests/der.test.ts"],"names":[],"mappings":""}
+{"version":3,"file":"der.test.d.ts","sourceRoot":"","sources":["../../src/tests/der.test.ts"],"names":[],"mappings":"AACA,OAAO,2BAA2B,CAAC"}

package/esm/tests/errors.test.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"errors.test.d.ts","sourceRoot":"","sources":["../../src/tests/errors.test.ts"],"names":[],"mappings":""}
+{"version":3,"file":"errors.test.d.ts","sourceRoot":"","sources":["../../src/tests/errors.test.ts"],"names":[],"mappings":"AACA,OAAO,2BAA2B,CAAC"}

package/esm/tests/utils.test.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.test.d.ts","sourceRoot":"","sources":["../../src/tests/utils.test.ts"],"names":[],"mappings":""}
+{"version":3,"file":"utils.test.d.ts","sourceRoot":"","sources":["../../src/tests/utils.test.ts"],"names":[],"mappings":"AACA,OAAO,2BAA2B,CAAC"}

package/esm/tests/with-assertion.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"with-assertion.test.d.ts","sourceRoot":"","sources":["../../src/tests/with-assertion.test.ts"],"names":[],"mappings":"AACA,OAAO,2BAA2B,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bradford-tech/supabase-integrity-attest",
-  "version": "0.2.4",
+  "version": "0.3.1",
   "description": "Verify Apple App Attest attestations and assertions using WebCrypto.",
   "repository": {
     "type": "git",
@@ -14,6 +14,12 @@
   "exports": {
     ".": {
       "import": "./esm/mod.js"
+    },
+    "./assertion": {
+      "import": "./esm/assertion.js"
+    },
+    "./attestation": {
+      "import": "./esm/attestation.js"
     }
   },
   "scripts": {