@brightchain/brightchain-lib 0.25.0 → 0.26.0

package/src/lib/interfaces/network/banListCache.d.ts

@@ -0,0 +1,39 @@
+/**
+ * @fileoverview BanListCache interface for the network trust system.
+ *
+ * Each node maintains a local cache of the active ban list, updated via
+ * gossip announcements. Enforcement points (gossip, discovery, reconciliation,
+ * block store) check this cache with O(1) lookups.
+ *
+ * @see Network Trust and Ban Mechanism spec
+ */
+import { HexString, PlatformID } from '@digitaldefiance/ecies-lib';
+import { IBanRecord } from './banRecord';
+/**
+ * Interface for the local ban list cache.
+ * Implementations must provide O(1) lookup for isBanned().
+ *
+ * @template TID - Platform ID type
+ */
+export interface IBanListCache<TID extends PlatformID = Uint8Array> {
+    /** Check if a member is banned — must be O(1) */
+    isBanned(memberId: TID): boolean;
+    /** Add a verified ban record to the cache */
+    addBan(record: IBanRecord<TID>): void;
+    /** Remove a ban record (unban) */
+    removeBan(memberId: TID): void;
+    /** Get all active ban records */
+    getAll(): IBanRecord<TID>[];
+    /** Get a specific ban record by member ID, or null if not banned */
+    getBan(memberId: TID): IBanRecord<TID> | null;
+    /** Bulk load ban records (used on startup/reconnect sync) */
+    loadFrom(records: IBanRecord<TID>[]): void;
+    /** Number of currently banned members */
+    readonly size: number;
+    /**
+     * Verify a ban record's quorum signatures against known public keys.
+     * Returns true if the record has at least `requiredSignatures` valid signatures.
+     */
+    verifySignatures(record: IBanRecord<TID>, quorumPublicKeys: Map<HexString, Uint8Array>): Promise<boolean>;
+}
+//# sourceMappingURL=banListCache.d.ts.map

package/src/lib/interfaces/network/banListCache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"banListCache.d.ts","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/interfaces/network/banListCache.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC;;;;;GAKG;AACH,MAAM,WAAW,aAAa,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAChE,iDAAiD;IACjD,QAAQ,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC;IAEjC,6CAA6C;IAC7C,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;IAEtC,kCAAkC;IAClC,SAAS,CAAC,QAAQ,EAAE,GAAG,GAAG,IAAI,CAAC;IAE/B,iCAAiC;IACjC,MAAM,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;IAE5B,oEAAoE;IACpE,MAAM,CAAC,QAAQ,EAAE,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;IAE9C,6DAA6D;IAC7D,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC;IAE3C,yCAAyC;IACzC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,gBAAgB,CACd,MAAM,EAAE,UAAU,CAAC,GAAG,CAAC,EACvB,gBAAgB,EAAE,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,GAC3C,OAAO,CAAC,OAAO,CAAC,CAAC;CACrB"}

package/src/lib/interfaces/network/banListCache.js

@@ -0,0 +1,12 @@
+"use strict";
+/**
+ * @fileoverview BanListCache interface for the network trust system.
+ *
+ * Each node maintains a local cache of the active ban list, updated via
+ * gossip announcements. Enforcement points (gossip, discovery, reconciliation,
+ * block store) check this cache with O(1) lookups.
+ *
+ * @see Network Trust and Ban Mechanism spec
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=banListCache.js.map

package/src/lib/interfaces/network/banListCache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"banListCache.js","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/interfaces/network/banListCache.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG"}

package/src/lib/interfaces/network/banRecord.d.ts

@@ -0,0 +1,48 @@
+/**
+ * @fileoverview Ban record interfaces for the network trust system.
+ *
+ * A BanRecord is created when a BAN_MEMBER proposal is approved by the quorum.
+ * It carries the quorum's threshold signatures so any node can independently
+ * verify the ban is legitimate.
+ *
+ * @see Network Trust and Ban Mechanism spec
+ */
+import { PlatformID } from '@digitaldefiance/ecies-lib';
+/**
+ * A signed record indicating a member has been banned from the network.
+ *
+ * @template TID - Platform ID type for frontend/backend DTO compatibility
+ */
+export interface IBanRecord<TID extends PlatformID = Uint8Array> {
+    /** The banned member's ID */
+    memberId: TID;
+    /** Human-readable reason for the ban */
+    reason: string;
+    /** The proposal ID that resulted in this ban */
+    proposalId: TID;
+    /** Epoch number when the ban was enacted */
+    epoch: number;
+    /** Timestamp when the ban took effect */
+    bannedAt: Date;
+    /** Optional block IDs referencing evidence (offending content, logs, etc.) */
+    evidenceBlockIds?: string[];
+    /** Quorum signatures approving this ban */
+    approvalSignatures: Array<{
+        memberId: TID;
+        signature: Uint8Array;
+    }>;
+    /** The minimum number of signatures required for this ban to be valid */
+    requiredSignatures: number;
+}
+/**
+ * Lightweight ban list entry for quick lookups.
+ * Used by the BanListCache for efficient membership checks.
+ *
+ * @template TID - Platform ID type
+ */
+export interface IBanListEntry<TID extends PlatformID = Uint8Array> {
+    memberId: TID;
+    bannedAt: Date;
+    epoch: number;
+}
+//# sourceMappingURL=banRecord.d.ts.map

package/src/lib/interfaces/network/banRecord.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"banRecord.d.ts","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/interfaces/network/banRecord.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAExD;;;;GAIG;AACH,MAAM,WAAW,UAAU,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAC7D,6BAA6B;IAC7B,QAAQ,EAAE,GAAG,CAAC;IAEd,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC;IAEf,gDAAgD;IAChD,UAAU,EAAE,GAAG,CAAC;IAEhB,4CAA4C;IAC5C,KAAK,EAAE,MAAM,CAAC;IAEd,yCAAyC;IACzC,QAAQ,EAAE,IAAI,CAAC;IAEf,8EAA8E;IAC9E,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE5B,2CAA2C;IAC3C,kBAAkB,EAAE,KAAK,CAAC;QACxB,QAAQ,EAAE,GAAG,CAAC;QACd,SAAS,EAAE,UAAU,CAAC;KACvB,CAAC,CAAC;IAEH,yEAAyE;IACzE,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAChE,QAAQ,EAAE,GAAG,CAAC;IACd,QAAQ,EAAE,IAAI,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf"}

package/src/lib/interfaces/network/banRecord.js

@@ -0,0 +1,12 @@
+"use strict";
+/**
+ * @fileoverview Ban record interfaces for the network trust system.
+ *
+ * A BanRecord is created when a BAN_MEMBER proposal is approved by the quorum.
+ * It carries the quorum's threshold signatures so any node can independently
+ * verify the ban is legitimate.
+ *
+ * @see Network Trust and Ban Mechanism spec
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=banRecord.js.map

package/src/lib/interfaces/network/banRecord.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"banRecord.js","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/interfaces/network/banRecord.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG"}

package/src/lib/interfaces/network/index.d.ts

@@ -1,3 +1,7 @@
+export type * from './banConfig';
+export type * from './banListCache';
+export type * from './banRecord';
+export { DEFAULT_BAN_CONFIG, MIN_BAN_CONFIG, normalizeBanConfig } from './banConfig';
 export type * from './node';
 export type * from './nodeAdvertisement';
 export type * from './nodeConfig';

package/src/lib/interfaces/network/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/interfaces/network/index.ts"],"names":[],"mappings":"AAAA,mBAAmB,QAAQ,CAAC;AAC5B,mBAAmB,qBAAqB,CAAC;AACzC,mBAAmB,cAAc,CAAC;AAClC,mBAAmB,aAAa,CAAC;AACjC,mBAAmB,gBAAgB,CAAC;AACpC,mBAAmB,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/interfaces/network/index.ts"],"names":[],"mappings":"AAAA,mBAAmB,aAAa,CAAC;AACjC,mBAAmB,gBAAgB,CAAC;AACpC,mBAAmB,aAAa,CAAC;AACjC,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACrF,mBAAmB,QAAQ,CAAC;AAC5B,mBAAmB,qBAAqB,CAAC;AACzC,mBAAmB,cAAc,CAAC;AAClC,mBAAmB,aAAa,CAAC;AACjC,mBAAmB,gBAAgB,CAAC;AACpC,mBAAmB,iBAAiB,CAAC"}

package/src/lib/interfaces/network/index.js

@@ -1,3 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalizeBanConfig = exports.MIN_BAN_CONFIG = exports.DEFAULT_BAN_CONFIG = void 0;
+var banConfig_1 = require("./banConfig");
+Object.defineProperty(exports, "DEFAULT_BAN_CONFIG", { enumerable: true, get: function () { return banConfig_1.DEFAULT_BAN_CONFIG; } });
+Object.defineProperty(exports, "MIN_BAN_CONFIG", { enumerable: true, get: function () { return banConfig_1.MIN_BAN_CONFIG; } });
+Object.defineProperty(exports, "normalizeBanConfig", { enumerable: true, get: function () { return banConfig_1.normalizeBanConfig; } });
 //# sourceMappingURL=index.js.map

package/src/lib/interfaces/network/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/interfaces/network/index.ts"],"names":[],"mappings":""}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/interfaces/network/index.ts"],"names":[],"mappings":";;;AAGA,yCAAqF;AAA5E,+GAAA,kBAAkB,OAAA;AAAE,2GAAA,cAAc,OAAA;AAAE,+GAAA,kBAAkB,OAAA"}

package/src/lib/interfaces/proposal.d.ts

@@ -45,6 +45,13 @@ export interface Proposal<TID extends PlatformID = Uint8Array> {
     attachmentCblId?: string;
     /** Epoch number at proposal creation */
     epochNumber: number;
+    /**
+     * Optional cooling period end timestamp.
+     * When set, the proposal cannot be executed until this time has passed,
+     * even if the vote threshold is reached early.
+     * Used by BAN_MEMBER and UNBAN_MEMBER proposals.
+     */
+    coolingPeriodEndsAt?: Date;
 }
 /**
  * Input format for submitting a new proposal.

package/src/lib/interfaces/proposal.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"proposal.d.ts","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/interfaces/proposal.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAEhE;;;GAGG;AACH,MAAM,WAAW,QAAQ,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAC3D,iCAAiC;IACjC,EAAE,EAAE,GAAG,CAAC;IACR,sDAAsD;IACtD,WAAW,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,UAAU,EAAE,kBAAkB,CAAC;IAC/B,sCAAsC;IACtC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,kDAAkD;IAClD,gBAAgB,EAAE,GAAG,CAAC;IACtB,+BAA+B;IAC/B,MAAM,EAAE,cAAc,CAAC;IACvB,oDAAoD;IACpD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iDAAiD;IACjD,SAAS,EAAE,IAAI,CAAC;IAChB,qCAAqC;IACrC,SAAS,EAAE,IAAI,CAAC;IAChB;;;;;;;;;;OAUG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,UAAU,EAAE,kBAAkB,CAAC;IAC/B,sCAAsC;IACtC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,iDAAiD;IACjD,SAAS,EAAE,IAAI,CAAC;IAChB;;;;;;;;;;OAUG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B"}
+{"version":3,"file":"proposal.d.ts","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/interfaces/proposal.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAEhE;;;GAGG;AACH,MAAM,WAAW,QAAQ,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAC3D,iCAAiC;IACjC,EAAE,EAAE,GAAG,CAAC;IACR,sDAAsD;IACtD,WAAW,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,UAAU,EAAE,kBAAkB,CAAC;IAC/B,sCAAsC;IACtC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,kDAAkD;IAClD,gBAAgB,EAAE,GAAG,CAAC;IACtB,+BAA+B;IAC/B,MAAM,EAAE,cAAc,CAAC;IACvB,oDAAoD;IACpD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iDAAiD;IACjD,SAAS,EAAE,IAAI,CAAC;IAChB,qCAAqC;IACrC,SAAS,EAAE,IAAI,CAAC;IAChB;;;;;;;;;;OAUG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB;;;;;OAKG;IACH,mBAAmB,CAAC,EAAE,IAAI,CAAC;CAC5B;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,UAAU,EAAE,kBAAkB,CAAC;IAC/B,sCAAsC;IACtC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,iDAAiD;IACjD,SAAS,EAAE,IAAI,CAAC;IAChB;;;;;;;;;;OAUG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B"}

package/src/lib/interfaces/services/quorumDatabase.d.ts

@@ -21,6 +21,7 @@ import { RedistributionJournalEntry } from '../redistributionJournalEntry';
 import { StatuteOfLimitationsConfig } from '../statuteConfig';
 import { Vote } from '../vote';
 import { IQuorumMember } from './quorumService';
+import { IBanRecord } from '../network/banRecord';
 /**
  * Abstraction over BrightDb with a dedicated "quorum-system" pool.
  *
@@ -203,5 +204,34 @@ export interface IQuorumDatabase<TID extends PlatformID = Uint8Array> {
      * @returns True if the database is available and healthy
      */
     isAvailable(): Promise<boolean>;
+    /**
+     * Persist a ban record.
+     * @param record - The ban record to save
+     */
+    saveBanRecord(record: IBanRecord<TID>): Promise<void>;
+    /**
+     * Delete a ban record (used when unbanning a member).
+     * @param memberId - The banned member's ID
+     */
+    deleteBanRecord(memberId: TID): Promise<void>;
+    /**
+     * Retrieve a ban record by member ID.
+     * @param memberId - The member ID
+     * @returns The ban record, or null if not banned
+     */
+    getBanRecord(memberId: TID): Promise<IBanRecord<TID> | null>;
+    /**
+     * Get all active ban records.
+     * @returns Array of all active ban records
+     */
+    getAllBanRecords(): Promise<IBanRecord<TID>[]>;
+    /**
+     * Get the member ID of whoever proposed the admission of a given member.
+     * Returns null if the member was a founding member (no proposer).
+     * Used by BanProposalValidator for Sybil protection.
+     * @param memberId - The member whose admission proposer to look up
+     * @returns The proposer's member ID, or null
+     */
+    getMemberAdmissionProposerId(memberId: TID): Promise<TID | null>;
 }
 //# sourceMappingURL=quorumDatabase.d.ts.map

package/src/lib/interfaces/services/quorumDatabase.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"quorumDatabase.d.ts","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/interfaces/services/quorumDatabase.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,0BAA0B,EAAE,MAAM,+BAA+B,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD;;;;;;;GAOG;AACH,MAAM,WAAW,eAAe,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAGlE;;;OAGG;IACH,SAAS,CAAC,KAAK,EAAE,WAAW,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElD;;;;OAIG;IACH,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAEhE;;;OAGG;IACH,eAAe,IAAI,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;IAI7C;;;OAGG;IACH,UAAU,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtD;;;;OAIG;IACH,SAAS,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAE7D;;;OAGG;IACH,iBAAiB,IAAI,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAInD;;;OAGG;IACH,YAAY,CAAC,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAExD;;;;OAIG;IACH,WAAW,CAAC,KAAK,EAAE,GAAG,GAAG,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAE/D;;;;;;OAMG;IACH,oBAAoB,CAClB,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAIpC;;;OAGG;IACH,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErD;;;;OAIG;IACH,WAAW,CAAC,UAAU,EAAE,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAE5D;;;OAGG;IACH,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzC;;;;OAIG;IACH,mBAAmB,CAAC,UAAU,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAI3D;;;OAGG;IACH,kBAAkB,CAAC,MAAM,EAAE,sBAAsB,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvE;;;;OAIG;IACH,iBAAiB,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAE9E;;;OAGG;IACH,oBAAoB,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnD;;;;;;OAMG;IACH,0BAA0B,CACxB,MAAM,EAAE,IAAI,EACZ,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,sBAAsB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAI1C;;;OAGG;IACH,SAAS,CAAC,KAAK,EAAE,WAAW,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElD;;;;OAIG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAE9D;;;;OAIG;IACH,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAItD;;;OAGG;IACH,gBAAgB,CAAC,KAAK,EAAE,mBAAmB,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjE;;;OAGG;IACH,mBAAmB,IAAI,OAAO,CAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAIjE;;;OAGG;IACH,gBAAgB,CAAC,KAAK,EAAE,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnE;;;;OAIG;IACH,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,0BAA0B,EAAE,CAAC,CAAC;IAE9E;;;OAGG;IACH,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAIzD;;;OAGG;IACH,iBAAiB,CAAC,MAAM,EAAE,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE;;;OAGG;IACH,gBAAgB,IAAI,OAAO,CAAC,0BAA0B,GAAG,IAAI,CAAC,CAAC;IAI/D;;;OAGG;IACH,oBAAoB,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7D;;;OAGG;IACH,mBAAmB,IAAI,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;IAIxD;;;;;OAKG;IACH,eAAe,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAIrD;;;;OAIG;IACH,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;CACjC"}
+{"version":3,"file":"quorumDatabase.d.ts","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/interfaces/services/quorumDatabase.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,0BAA0B,EAAE,MAAM,+BAA+B,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAElD;;;;;;;GAOG;AACH,MAAM,WAAW,eAAe,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAGlE;;;OAGG;IACH,SAAS,CAAC,KAAK,EAAE,WAAW,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElD;;;;OAIG;IACH,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAEhE;;;OAGG;IACH,eAAe,IAAI,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;IAI7C;;;OAGG;IACH,UAAU,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtD;;;;OAIG;IACH,SAAS,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAE7D;;;OAGG;IACH,iBAAiB,IAAI,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAInD;;;OAGG;IACH,YAAY,CAAC,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAExD;;;;OAIG;IACH,WAAW,CAAC,KAAK,EAAE,GAAG,GAAG,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAE/D;;;;;;OAMG;IACH,oBAAoB,CAClB,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAIpC;;;OAGG;IACH,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErD;;;;OAIG;IACH,WAAW,CAAC,UAAU,EAAE,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAE5D;;;OAGG;IACH,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzC;;;;OAIG;IACH,mBAAmB,CAAC,UAAU,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAI3D;;;OAGG;IACH,kBAAkB,CAAC,MAAM,EAAE,sBAAsB,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvE;;;;OAIG;IACH,iBAAiB,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAE9E;;;OAGG;IACH,oBAAoB,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnD;;;;;;OAMG;IACH,0BAA0B,CACxB,MAAM,EAAE,IAAI,EACZ,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,sBAAsB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAI1C;;;OAGG;IACH,SAAS,CAAC,KAAK,EAAE,WAAW,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElD;;;;OAIG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAE9D;;;;OAIG;IACH,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAItD;;;OAGG;IACH,gBAAgB,CAAC,KAAK,EAAE,mBAAmB,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjE;;;OAGG;IACH,mBAAmB,IAAI,OAAO,CAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAIjE;;;OAGG;IACH,gBAAgB,CAAC,KAAK,EAAE,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnE;;;;OAIG;IACH,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,0BAA0B,EAAE,CAAC,CAAC;IAE9E;;;OAGG;IACH,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAIzD;;;OAGG;IACH,iBAAiB,CAAC,MAAM,EAAE,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE;;;OAGG;IACH,gBAAgB,IAAI,OAAO,CAAC,0BAA0B,GAAG,IAAI,CAAC,CAAC;IAI/D;;;OAGG;IACH,oBAAoB,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7D;;;OAGG;IACH,mBAAmB,IAAI,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;IAIxD;;;;;OAKG;IACH,eAAe,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAIrD;;;;OAIG;IACH,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAIhC;;;OAGG;IACH,aAAa,CAAC,MAAM,EAAE,UAAU,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtD;;;OAGG;IACH,eAAe,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9C;;;;OAIG;IACH,YAAY,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAE7D;;;OAGG;IACH,gBAAgB,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAE/C;;;;;;OAMG;IACH,4BAA4B,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;CAClE"}

package/src/lib/interfaces/vote.d.ts

@@ -21,6 +21,8 @@ export interface Vote<TID extends PlatformID = Uint8Array> {
     comment?: string;
     /** ECIES-encrypted share to proposer's public key, present only on approve */
     encryptedShare?: Uint8Array;
+    /** Digital signature of the vote for ban record attestation */
+    signature?: Uint8Array;
     /** Timestamp of vote creation */
     createdAt: Date;
 }

package/src/lib/interfaces/vote.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"vote.d.ts","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/interfaces/vote.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAExD;;;GAGG;AACH,MAAM,WAAW,IAAI,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IACvD,wCAAwC;IACxC,UAAU,EAAE,GAAG,CAAC;IAChB,8BAA8B;IAC9B,aAAa,EAAE,GAAG,CAAC;IACnB,oBAAoB;IACpB,QAAQ,EAAE,SAAS,GAAG,QAAQ,CAAC;IAC/B,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8EAA8E;IAC9E,cAAc,CAAC,EAAE,UAAU,CAAC;IAC5B,iCAAiC;IACjC,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAC5D,wCAAwC;IACxC,UAAU,EAAE,GAAG,CAAC;IAChB,yEAAyE;IACzE,aAAa,CAAC,EAAE,GAAG,CAAC;IACpB,oBAAoB;IACpB,QAAQ,EAAE,SAAS,GAAG,QAAQ,CAAC;IAC/B,uBAAuB;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB"}
+{"version":3,"file":"vote.d.ts","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/interfaces/vote.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAExD;;;GAGG;AACH,MAAM,WAAW,IAAI,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IACvD,wCAAwC;IACxC,UAAU,EAAE,GAAG,CAAC;IAChB,8BAA8B;IAC9B,aAAa,EAAE,GAAG,CAAC;IACnB,oBAAoB;IACpB,QAAQ,EAAE,SAAS,GAAG,QAAQ,CAAC;IAC/B,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8EAA8E;IAC9E,cAAc,CAAC,EAAE,UAAU,CAAC;IAC5B,+DAA+D;IAC/D,SAAS,CAAC,EAAE,UAAU,CAAC;IACvB,iCAAiC;IACjC,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAC5D,wCAAwC;IACxC,UAAU,EAAE,GAAG,CAAC;IAChB,yEAAyE;IACzE,aAAa,CAAC,EAAE,GAAG,CAAC;IACpB,oBAAoB;IACpB,QAAQ,EAAE,SAAS,GAAG,QAAQ,CAAC;IAC/B,uBAAuB;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB"}

package/src/lib/services/banListCache.d.ts

@@ -0,0 +1,49 @@
+/**
+ * @fileoverview In-memory ban list cache.
+ *
+ * Each node maintains a local cache of active bans, updated via gossip.
+ * Enforcement points check isBanned() which is O(1) via a hex-keyed Map.
+ *
+ * @see Network Trust and Ban Mechanism spec, Requirements 4.3, 4.4, 5.6
+ */
+import { HexString, PlatformID, TypedIdProviderWrapper } from '@digitaldefiance/ecies-lib';
+import { IBanListCache } from '../interfaces/network/banListCache';
+import { IBanRecord } from '../interfaces/network/banRecord';
+/**
+ * In-memory implementation of the ban list cache.
+ * Uses a Map keyed by hex-encoded member IDs for O(1) lookups.
+ *
+ * @template TID - Platform ID type
+ */
+export declare class BanListCache<TID extends PlatformID = Uint8Array> implements IBanListCache<TID> {
+    private readonly idProvider;
+    private readonly bannedMembers;
+    constructor(idProvider: TypedIdProviderWrapper<TID>);
+    private toHex;
+    isBanned(memberId: TID): boolean;
+    addBan(record: IBanRecord<TID>): void;
+    removeBan(memberId: TID): void;
+    getAll(): IBanRecord<TID>[];
+    getBan(memberId: TID): IBanRecord<TID> | null;
+    loadFrom(records: IBanRecord<TID>[]): void;
+    get size(): number;
+    /**
+     * Verify a ban record's quorum signatures.
+     *
+     * Checks that at least `record.requiredSignatures` of the attached
+     * signatures are valid against the provided quorum public keys.
+     * Uses ECDSA signature verification (secp256k1).
+     *
+     * @param record - The ban record to verify
+     * @param quorumPublicKeys - Map of hex member ID → public key bytes
+     * @returns true if enough valid signatures are present
+     */
+    verifySignatures(record: IBanRecord<TID>, quorumPublicKeys: Map<HexString, Uint8Array>): Promise<boolean>;
+    /**
+     * Verify an ECDSA signature using the Web Crypto API (browser-compatible)
+     * or Node.js crypto. This is a minimal implementation; production code
+     * should delegate to the existing ECIESService or NodeAuthenticator.
+     */
+    private verifyEcdsaSignature;
+}
+//# sourceMappingURL=banListCache.d.ts.map

package/src/lib/services/banListCache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"banListCache.d.ts","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/services/banListCache.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,SAAS,EACT,UAAU,EACV,sBAAsB,EAEvB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAE7D;;;;;GAKG;AACH,qBAAa,YAAY,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU,CAC3D,YAAW,aAAa,CAAC,GAAG,CAAC;IAK3B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAH7B,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAyC;gBAGpD,UAAU,EAAE,sBAAsB,CAAC,GAAG,CAAC;IAG1D,OAAO,CAAC,KAAK;IAIb,QAAQ,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO;IAIhC,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,GAAG,CAAC,GAAG,IAAI;IAIrC,SAAS,CAAC,QAAQ,EAAE,GAAG,GAAG,IAAI;IAI9B,MAAM,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE;IAI3B,MAAM,CAAC,QAAQ,EAAE,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,IAAI;IAI7C,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI;IAO1C,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED;;;;;;;;;;OAUG;IACG,gBAAgB,CACpB,MAAM,EAAE,UAAU,CAAC,GAAG,CAAC,EACvB,gBAAgB,EAAE,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,GAC3C,OAAO,CAAC,OAAO,CAAC;IA2CnB;;;;OAIG;YACW,oBAAoB;CA6BnC"}

package/src/lib/services/banListCache.js

@@ -0,0 +1,113 @@
+"use strict";
+/**
+ * @fileoverview In-memory ban list cache.
+ *
+ * Each node maintains a local cache of active bans, updated via gossip.
+ * Enforcement points check isBanned() which is O(1) via a hex-keyed Map.
+ *
+ * @see Network Trust and Ban Mechanism spec, Requirements 4.3, 4.4, 5.6
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BanListCache = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+/**
+ * In-memory implementation of the ban list cache.
+ * Uses a Map keyed by hex-encoded member IDs for O(1) lookups.
+ *
+ * @template TID - Platform ID type
+ */
+class BanListCache {
+    idProvider;
+    bannedMembers = new Map();
+    constructor(idProvider) {
+        this.idProvider = idProvider;
+    }
+    toHex(id) {
+        return this.idProvider.toString(id, 'hex');
+    }
+    isBanned(memberId) {
+        return this.bannedMembers.has(this.toHex(memberId));
+    }
+    addBan(record) {
+        this.bannedMembers.set(this.toHex(record.memberId), record);
+    }
+    removeBan(memberId) {
+        this.bannedMembers.delete(this.toHex(memberId));
+    }
+    getAll() {
+        return Array.from(this.bannedMembers.values());
+    }
+    getBan(memberId) {
+        return this.bannedMembers.get(this.toHex(memberId)) ?? null;
+    }
+    loadFrom(records) {
+        this.bannedMembers.clear();
+        for (const record of records) {
+            this.bannedMembers.set(this.toHex(record.memberId), record);
+        }
+    }
+    get size() {
+        return this.bannedMembers.size;
+    }
+    /**
+     * Verify a ban record's quorum signatures.
+     *
+     * Checks that at least `record.requiredSignatures` of the attached
+     * signatures are valid against the provided quorum public keys.
+     * Uses ECDSA signature verification (secp256k1).
+     *
+     * @param record - The ban record to verify
+     * @param quorumPublicKeys - Map of hex member ID → public key bytes
+     * @returns true if enough valid signatures are present
+     */
+    async verifySignatures(record, quorumPublicKeys) {
+        if (record.approvalSignatures.length < record.requiredSignatures) {
+            return false;
+        }
+        // Build the message that was signed: memberId + reason + epoch + bannedAt
+        const memberHex = this.toHex(record.memberId);
+        const message = new TextEncoder().encode(`ban:${memberHex}:${record.reason}:${record.epoch}:${record.bannedAt.toISOString()}`);
+        let validCount = 0;
+        for (const sig of record.approvalSignatures) {
+            const signerHex = (0, ecies_lib_1.uint8ArrayToHex)(this.idProvider.toBytes(sig.memberId));
+            const publicKey = quorumPublicKeys.get(signerHex);
+            if (!publicKey) {
+                // Unknown signer — skip
+                continue;
+            }
+            try {
+                const isValid = await this.verifyEcdsaSignature(message, sig.signature, publicKey);
+                if (isValid) {
+                    validCount++;
+                }
+            }
+            catch {
+                // Verification error — skip this signature
+            }
+            if (validCount >= record.requiredSignatures) {
+                return true;
+            }
+        }
+        return validCount >= record.requiredSignatures;
+    }
+    /**
+     * Verify an ECDSA signature using the Web Crypto API (browser-compatible)
+     * or Node.js crypto. This is a minimal implementation; production code
+     * should delegate to the existing ECIESService or NodeAuthenticator.
+     */
+    async verifyEcdsaSignature(message, signature, publicKey) {
+        // Use SubtleCrypto if available (browser + Node 20+)
+        if (typeof globalThis.crypto?.subtle !== 'undefined') {
+            const key = await globalThis.crypto.subtle.importKey('raw', new Uint8Array(publicKey), { name: 'ECDSA', namedCurve: 'P-256' }, false, ['verify']);
+            return globalThis.crypto.subtle.verify({ name: 'ECDSA', hash: 'SHA-256' }, key, new Uint8Array(signature), new Uint8Array(message));
+        }
+        // Fallback: assume Node.js crypto is available via dynamic import
+        // This path is used in Node.js environments where SubtleCrypto
+        // may not support secp256k1 directly.
+        // In practice, the QuorumStateMachine will use the existing
+        // ECIESService for signature verification rather than this fallback.
+        return false;
+    }
+}
+exports.BanListCache = BanListCache;
+//# sourceMappingURL=banListCache.js.map

package/src/lib/services/banListCache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"banListCache.js","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/services/banListCache.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,0DAKoC;AAIpC;;;;;GAKG;AACH,MAAa,YAAY;IAMJ;IAHF,aAAa,GAAG,IAAI,GAAG,EAA8B,CAAC;IAEvE,YACmB,UAAuC;QAAvC,eAAU,GAAV,UAAU,CAA6B;IACvD,CAAC;IAEI,KAAK,CAAC,EAAO;QACnB,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,EAAE,KAAK,CAAc,CAAC;IAC1D,CAAC;IAED,QAAQ,CAAC,QAAa;QACpB,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,CAAC,MAAuB;QAC5B,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;IAC9D,CAAC;IAED,SAAS,CAAC,QAAa;QACrB,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,MAAM;QACJ,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,QAAa;QAClB,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,IAAI,IAAI,CAAC;IAC9D,CAAC;IAED,QAAQ,CAAC,OAA0B;QACjC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;QAC3B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;IACjC,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,gBAAgB,CACpB,MAAuB,EACvB,gBAA4C;QAE5C,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACjE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,0EAA0E;QAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CACtC,OAAO,SAAS,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CACrF,CAAC;QAEF,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAC5C,MAAM,SAAS,GAAG,IAAA,2BAAe,EAC/B,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CACzB,CAAC;YACf,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAClD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,wBAAwB;gBACxB,SAAS;YACX,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAC7C,OAAO,EACP,GAAG,CAAC,SAAS,EACb,SAAS,CACV,CAAC;gBACF,IAAI,OAAO,EAAE,CAAC;oBACZ,UAAU,EAAE,CAAC;gBACf,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,2CAA2C;YAC7C,CAAC;YAED,IAAI,UAAU,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;gBAC5C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,UAAU,IAAI,MAAM,CAAC,kBAAkB,CAAC;IACjD,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,oBAAoB,CAChC,OAAmB,EACnB,SAAqB,EACrB,SAAqB;QAErB,qDAAqD;QACrD,IAAI,OAAO,UAAU,CAAC,MAAM,EAAE,MAAM,KAAK,WAAW,EAAE,CAAC;YACrD,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAClD,KAAK,EACL,IAAI,UAAU,CAAC,SAAS,CAA2B,EACnD,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EACtC,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;YACF,OAAO,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CACpC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAClC,GAAG,EACH,IAAI,UAAU,CAAC,SAAS,CAA2B,EACnD,IAAI,UAAU,CAAC,OAAO,CAA2B,CAClD,CAAC;QACJ,CAAC;QAED,kEAAkE;QAClE,+DAA+D;QAC/D,sCAAsC;QACtC,4DAA4D;QAC5D,qEAAqE;QACrE,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAvID,oCAuIC"}

package/src/lib/services/banProposalValidator.d.ts

@@ -0,0 +1,67 @@
+/**
+ * @fileoverview Ban proposal validation with Sybil attack protections.
+ *
+ * Validates BAN_MEMBER proposals before submission and filters votes
+ * to prevent coordinated abuse of the ban mechanism.
+ *
+ * Two key protections:
+ * 1. Epoch restriction: members who joined in the current epoch cannot propose bans.
+ * 2. Proposer-ally restriction: members admitted by the ban proposer cannot vote on
+ *    that proposer's ban proposals.
+ *
+ * @see Network Trust and Ban Mechanism spec, Requirements 1.6, 6.4, 6.5
+ */
+import { PlatformID, TypedIdProviderWrapper } from '@digitaldefiance/ecies-lib';
+import { Proposal } from '../interfaces/proposal';
+import { QuorumEpoch } from '../interfaces/quorumEpoch';
+import { IQuorumMember } from '../interfaces/services/quorumService';
+import { Vote } from '../interfaces/vote';
+/**
+ * Provides the data needed by the validator to check admission history.
+ * Implemented by the quorum database.
+ */
+export interface IBanValidationDataProvider<TID extends PlatformID = Uint8Array> {
+    /** Get a member by ID */
+    getMember(memberId: TID): Promise<IQuorumMember<TID> | null>;
+    /**
+     * Get the member ID of whoever proposed the admission of a given member.
+     * Returns null if the member was a founding member (no proposer).
+     */
+    getMemberAdmissionProposerId(memberId: TID): Promise<TID | null>;
+}
+/**
+ * Validates BAN_MEMBER proposals and filters votes for Sybil protection.
+ */
+export declare class BanProposalValidator<TID extends PlatformID = Uint8Array> {
+    private readonly dataProvider;
+    private readonly idProvider;
+    constructor(dataProvider: IBanValidationDataProvider<TID>, idProvider: TypedIdProviderWrapper<TID>);
+    private idsEqual;
+    /**
+     * Validate a BAN_MEMBER proposal before submission.
+     *
+     * Checks:
+     * 1. Proposer is not banning themselves
+     * 2. Target member exists and is not already banned
+     * 3. Proposer did not join in the current epoch (Sybil protection)
+     *
+     * @param proposerId - The member submitting the proposal
+     * @param targetMemberId - The member to be banned
+     * @param currentEpoch - The current quorum epoch
+     * @throws QuorumError if validation fails
+     */
+    validateBanProposal(proposerId: TID, targetMemberId: TID, currentEpoch: QuorumEpoch<TID>): Promise<void>;
+    /**
+     * Filter votes on a BAN_MEMBER proposal to exclude proposer-ally votes.
+     *
+     * A vote is excluded if the voter was admitted to the quorum by the same
+     * member who submitted the ban proposal. This prevents a single member
+     * from admitting allies and immediately using their votes to ban others.
+     *
+     * @param proposal - The BAN_MEMBER proposal
+     * @param votes - All votes cast on the proposal
+     * @returns Filtered votes with proposer-ally votes removed
+     */
+    filterVotes(proposal: Proposal<TID>, votes: Vote<TID>[]): Promise<Vote<TID>[]>;
+}
+//# sourceMappingURL=banProposalValidator.d.ts.map

package/src/lib/services/banProposalValidator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"banProposalValidator.d.ts","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/services/banProposalValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAEL,UAAU,EACV,sBAAsB,EACvB,MAAM,4BAA4B,CAAC;AAIpC,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AACrE,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAE1C;;;GAGG;AACH,MAAM,WAAW,0BAA0B,CACzC,GAAG,SAAS,UAAU,GAAG,UAAU;IAEnC,yBAAyB;IACzB,SAAS,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAE7D;;;OAGG;IACH,4BAA4B,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;CAClE;AAED;;GAEG;AACH,qBAAa,oBAAoB,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAEjE,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,UAAU;gBADV,YAAY,EAAE,0BAA0B,CAAC,GAAG,CAAC,EAC7C,UAAU,EAAE,sBAAsB,CAAC,GAAG,CAAC;IAG1D,OAAO,CAAC,QAAQ;IAUhB;;;;;;;;;;;;OAYG;IACG,mBAAmB,CACvB,UAAU,EAAE,GAAG,EACf,cAAc,EAAE,GAAG,EACnB,YAAY,EAAE,WAAW,CAAC,GAAG,CAAC,GAC7B,OAAO,CAAC,IAAI,CAAC;IA+DhB;;;;;;;;;;OAUG;IACG,WAAW,CACf,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,EACvB,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,GACjB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;CA6BxB"}