@brightchain/brightchain-lib 0.29.17 → 0.29.21

package/src/lib/ledger/authorizedSignerSet.js

@@ -0,0 +1,287 @@
+"use strict";
+/**
+ * @fileoverview In-memory state tracker for the authorized signer set.
+ *
+ * Maintains the current set of authorized signers, their roles, lifecycle
+ * statuses, and metadata. Reconstructed during load() by replaying
+ * governance entries from genesis to head.
+ *
+ * @see Design: AuthorizedSignerSet
+ * @see Requirements 12.2-12.8, 14.1-14.7, 15.1-15.5, 17.1-17.9, 18.1-18.8
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizedSignerSet = void 0;
+const governanceAction_1 = require("../interfaces/ledger/governanceAction");
+const quorumPolicy_1 = require("../interfaces/ledger/quorumPolicy");
+const signerRole_1 = require("../interfaces/ledger/signerRole");
+const signerStatus_1 = require("../interfaces/ledger/signerStatus");
+const ledgerError_1 = require("../errors/ledgerError");
+/**
+ * Convert a Uint8Array public key to a hex string for use as a Map key.
+ */
+function pubKeyToHex(publicKey) {
+    return Array.from(publicKey)
+        .map((b) => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+class AuthorizedSignerSet {
+    signers;
+    _quorumPolicy;
+    _activeAdminCount;
+    constructor(initialSigners, initialQuorum) {
+        this.signers = new Map();
+        this._activeAdminCount = 0;
+        for (const signer of initialSigners) {
+            const hex = pubKeyToHex(signer.publicKey);
+            this.signers.set(hex, {
+                publicKey: new Uint8Array(signer.publicKey),
+                role: signer.role,
+                status: signer.status,
+                metadata: new Map(signer.metadata),
+            });
+            if (signer.status === signerStatus_1.SignerStatus.Active &&
+                signer.role === signerRole_1.SignerRole.Admin) {
+                this._activeAdminCount++;
+            }
+        }
+        this._quorumPolicy = { ...initialQuorum };
+    }
+    /** Check if a public key is authorized to append (active + admin or writer). */
+    canAppend(publicKey) {
+        const signer = this.signers.get(pubKeyToHex(publicKey));
+        if (!signer)
+            return false;
+        return (signer.status === signerStatus_1.SignerStatus.Active &&
+            (signer.role === signerRole_1.SignerRole.Admin || signer.role === signerRole_1.SignerRole.Writer));
+    }
+    /** Check if a public key is an active admin. */
+    isActiveAdmin(publicKey) {
+        const signer = this.signers.get(pubKeyToHex(publicKey));
+        if (!signer)
+            return false;
+        return (signer.status === signerStatus_1.SignerStatus.Active &&
+            signer.role === signerRole_1.SignerRole.Admin);
+    }
+    /** Get signer info by public key, or undefined if not found. */
+    getSigner(publicKey) {
+        return this.signers.get(pubKeyToHex(publicKey));
+    }
+    /** Get all signers (all statuses). */
+    getAllSigners() {
+        return Array.from(this.signers.values());
+    }
+    /** Get current active admin count. */
+    get activeAdminCount() {
+        return this._activeAdminCount;
+    }
+    /** Get current quorum policy. */
+    get quorumPolicy() {
+        return this._quorumPolicy;
+    }
+    /** Compute the required number of signatures for governance. */
+    get requiredSignatures() {
+        switch (this._quorumPolicy.type) {
+            case quorumPolicy_1.QuorumType.Unanimous:
+                return this._activeAdminCount;
+            case quorumPolicy_1.QuorumType.Majority:
+                return Math.floor(this._activeAdminCount / 2) + 1;
+            case quorumPolicy_1.QuorumType.Threshold:
+                return this._quorumPolicy.threshold ?? 1;
+        }
+    }
+    /** Validate and apply a governance action. Throws LedgerError on safety violation. */
+    applyAction(action) {
+        switch (action.type) {
+            case governanceAction_1.GovernanceActionType.AddSigner:
+                this.applyAddSigner(action);
+                break;
+            case governanceAction_1.GovernanceActionType.RemoveSigner:
+                this.applyRemoveSigner(action);
+                break;
+            case governanceAction_1.GovernanceActionType.ChangeRole:
+                this.applyChangeRole(action);
+                break;
+            case governanceAction_1.GovernanceActionType.UpdateQuorum:
+                this.applyUpdateQuorum(action);
+                break;
+            case governanceAction_1.GovernanceActionType.SuspendSigner:
+                this.applySuspendSigner(action);
+                break;
+            case governanceAction_1.GovernanceActionType.ReactivateSigner:
+                this.applyReactivateSigner(action);
+                break;
+            case governanceAction_1.GovernanceActionType.SetMemberData:
+                this.applySetMemberData(action);
+                break;
+        }
+    }
+    /** Verify that a set of cosigner public keys satisfies the current quorum. */
+    verifyQuorum(signerPublicKeys) {
+        let validCount = 0;
+        for (const pk of signerPublicKeys) {
+            if (this.isActiveAdmin(pk)) {
+                validCount++;
+            }
+        }
+        return validCount >= this.requiredSignatures;
+    }
+    /** Clone the current state (for speculative validation). */
+    clone() {
+        const clonedSigners = [];
+        for (const signer of this.signers.values()) {
+            clonedSigners.push({
+                publicKey: new Uint8Array(signer.publicKey),
+                role: signer.role,
+                status: signer.status,
+                metadata: new Map(signer.metadata),
+            });
+        }
+        const cloned = new AuthorizedSignerSet(clonedSigners, {
+            ...this._quorumPolicy,
+        });
+        return cloned;
+    }
+    // ── Private action handlers ─────────────────────────────────────
+    applyAddSigner(action) {
+        const hex = pubKeyToHex(action.publicKey);
+        const existing = this.signers.get(hex);
+        if (existing && existing.status !== signerStatus_1.SignerStatus.Retired) {
+            throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.InvalidStateTransition, `Signer ${hex} already exists and is not retired`);
+        }
+        const newSigner = {
+            publicKey: new Uint8Array(action.publicKey),
+            role: action.role,
+            status: signerStatus_1.SignerStatus.Active,
+            metadata: new Map(action.metadata ?? []),
+        };
+        this.signers.set(hex, newSigner);
+        if (action.role === signerRole_1.SignerRole.Admin) {
+            this._activeAdminCount++;
+        }
+    }
+    applyRemoveSigner(action) {
+        const hex = pubKeyToHex(action.publicKey);
+        const signer = this.signers.get(hex);
+        if (!signer) {
+            throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.InvalidGovernanceTarget, `Signer ${hex} not found`);
+        }
+        if (signer.status === signerStatus_1.SignerStatus.Retired) {
+            throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.InvalidStateTransition, `Signer ${hex} is already retired`);
+        }
+        // Safety: check if removing an active admin
+        if (signer.status === signerStatus_1.SignerStatus.Active &&
+            signer.role === signerRole_1.SignerRole.Admin) {
+            if (this._activeAdminCount - 1 < 1) {
+                throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.GovernanceSafetyViolation, 'Cannot remove the last active admin');
+            }
+            if (this._activeAdminCount - 1 < this.requiredSignatures) {
+                throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.GovernanceSafetyViolation, 'Removing this admin would drop below quorum threshold');
+            }
+            this._activeAdminCount--;
+        }
+        this.signers.set(hex, {
+            ...signer,
+            publicKey: new Uint8Array(signer.publicKey),
+            metadata: new Map(signer.metadata),
+            status: signerStatus_1.SignerStatus.Retired,
+        });
+    }
+    applyChangeRole(action) {
+        const hex = pubKeyToHex(action.publicKey);
+        const signer = this.signers.get(hex);
+        if (!signer || signer.status === signerStatus_1.SignerStatus.Retired) {
+            throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.InvalidGovernanceTarget, `Signer ${hex} not found or retired`);
+        }
+        // Safety: demoting the last active admin
+        if (signer.status === signerStatus_1.SignerStatus.Active &&
+            signer.role === signerRole_1.SignerRole.Admin &&
+            action.newRole !== signerRole_1.SignerRole.Admin) {
+            if (this._activeAdminCount - 1 < 1) {
+                throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.GovernanceSafetyViolation, 'Cannot demote the last active admin');
+            }
+            if (this._activeAdminCount - 1 < this.requiredSignatures) {
+                throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.GovernanceSafetyViolation, 'Demoting this admin would drop below quorum threshold');
+            }
+            this._activeAdminCount--;
+        }
+        else if (signer.status === signerStatus_1.SignerStatus.Active &&
+            signer.role !== signerRole_1.SignerRole.Admin &&
+            action.newRole === signerRole_1.SignerRole.Admin) {
+            this._activeAdminCount++;
+        }
+        this.signers.set(hex, {
+            ...signer,
+            publicKey: new Uint8Array(signer.publicKey),
+            metadata: new Map(signer.metadata),
+            role: action.newRole,
+        });
+    }
+    applyUpdateQuorum(action) {
+        const newPolicy = action.newPolicy;
+        if (newPolicy.type === quorumPolicy_1.QuorumType.Threshold) {
+            if ((newPolicy.threshold ?? 1) > this._activeAdminCount) {
+                throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.GovernanceSafetyViolation, `Threshold ${newPolicy.threshold} exceeds active admin count ${this._activeAdminCount}`);
+            }
+        }
+        this._quorumPolicy = { ...newPolicy };
+    }
+    applySuspendSigner(action) {
+        const hex = pubKeyToHex(action.publicKey);
+        const signer = this.signers.get(hex);
+        if (!signer) {
+            throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.InvalidGovernanceTarget, `Signer ${hex} not found`);
+        }
+        if (signer.status !== signerStatus_1.SignerStatus.Active) {
+            throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.InvalidStateTransition, `Signer ${hex} is not active (status: ${signer.status})`);
+        }
+        // Safety: suspending an active admin
+        if (signer.role === signerRole_1.SignerRole.Admin) {
+            if (this._activeAdminCount - 1 < 1) {
+                throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.GovernanceSafetyViolation, 'Cannot suspend the last active admin');
+            }
+            if (this._activeAdminCount - 1 < this.requiredSignatures) {
+                throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.GovernanceSafetyViolation, 'Suspending this admin would drop below quorum threshold');
+            }
+            this._activeAdminCount--;
+        }
+        this.signers.set(hex, {
+            ...signer,
+            publicKey: new Uint8Array(signer.publicKey),
+            metadata: new Map(signer.metadata),
+            status: signerStatus_1.SignerStatus.Suspended,
+        });
+    }
+    applyReactivateSigner(action) {
+        const hex = pubKeyToHex(action.publicKey);
+        const signer = this.signers.get(hex);
+        if (!signer) {
+            throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.InvalidGovernanceTarget, `Signer ${hex} not found`);
+        }
+        if (signer.status !== signerStatus_1.SignerStatus.Suspended) {
+            throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.InvalidStateTransition, `Signer ${hex} is not suspended (status: ${signer.status})`);
+        }
+        this.signers.set(hex, {
+            ...signer,
+            publicKey: new Uint8Array(signer.publicKey),
+            metadata: new Map(signer.metadata),
+            status: signerStatus_1.SignerStatus.Active,
+        });
+        if (signer.role === signerRole_1.SignerRole.Admin) {
+            this._activeAdminCount++;
+        }
+    }
+    applySetMemberData(action) {
+        const hex = pubKeyToHex(action.publicKey);
+        const signer = this.signers.get(hex);
+        if (!signer || signer.status === signerStatus_1.SignerStatus.Retired) {
+            throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.InvalidGovernanceTarget, `Signer ${hex} not found or retired`);
+        }
+        this.signers.set(hex, {
+            ...signer,
+            publicKey: new Uint8Array(signer.publicKey),
+            metadata: new Map(action.metadata),
+        });
+    }
+}
+exports.AuthorizedSignerSet = AuthorizedSignerSet;
+//# sourceMappingURL=authorizedSignerSet.js.map

package/src/lib/ledger/authorizedSignerSet.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorizedSignerSet.js","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/ledger/authorizedSignerSet.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAGH,4EAG+C;AAC/C,oEAA8E;AAC9E,gEAA6D;AAC7D,oEAAiE;AACjE,uDAAqE;AAErE;;GAEG;AACH,SAAS,WAAW,CAAC,SAAqB;IACxC,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;SACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,MAAa,mBAAmB;IACtB,OAAO,CAAiC;IACxC,aAAa,CAAgB;IAC7B,iBAAiB,CAAS;IAElC,YACE,cAAmC,EACnC,aAA4B;QAE5B,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,iBAAiB,GAAG,CAAC,CAAC;QAC3B,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;YACpC,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC1C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE;gBACpB,SAAS,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC;gBAC3C,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;aACnC,CAAC,CAAC;YACH,IACE,MAAM,CAAC,MAAM,KAAK,2BAAY,CAAC,MAAM;gBACrC,MAAM,CAAC,IAAI,KAAK,uBAAU,CAAC,KAAK,EAChC,CAAC;gBACD,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,CAAC;QACH,CAAC;QACD,IAAI,CAAC,aAAa,GAAG,EAAE,GAAG,aAAa,EAAE,CAAC;IAC5C,CAAC;IAED,gFAAgF;IAChF,SAAS,CAAC,SAAqB;QAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC;QACxD,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAC1B,OAAO,CACL,MAAM,CAAC,MAAM,KAAK,2BAAY,CAAC,MAAM;YACrC,CAAC,MAAM,CAAC,IAAI,KAAK,uBAAU,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,KAAK,uBAAU,CAAC,MAAM,CAAC,CACxE,CAAC;IACJ,CAAC;IAED,gDAAgD;IAChD,aAAa,CAAC,SAAqB;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC;QACxD,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAC1B,OAAO,CACL,MAAM,CAAC,MAAM,KAAK,2BAAY,CAAC,MAAM;YACrC,MAAM,CAAC,IAAI,KAAK,uBAAU,CAAC,KAAK,CACjC,CAAC;IACJ,CAAC;IAED,gEAAgE;IAChE,SAAS,CAAC,SAAqB;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,sCAAsC;IACtC,aAAa;QACX,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,sCAAsC;IACtC,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAChC,CAAC;IAED,iCAAiC;IACjC,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED,gEAAgE;IAChE,IAAI,kBAAkB;QACpB,QAAQ,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;YAChC,KAAK,yBAAU,CAAC,SAAS;gBACvB,OAAO,IAAI,CAAC,iBAAiB,CAAC;YAChC,KAAK,yBAAU,CAAC,QAAQ;gBACtB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACpD,KAAK,yBAAU,CAAC,SAAS;gBACvB,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,IAAI,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,sFAAsF;IACtF,WAAW,CAAC,MAAyB;QACnC,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;YACpB,KAAK,uCAAoB,CAAC,SAAS;gBACjC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBAC5B,MAAM;YACR,KAAK,uCAAoB,CAAC,YAAY;gBACpC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;gBAC/B,MAAM;YACR,KAAK,uCAAoB,CAAC,UAAU;gBAClC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;gBAC7B,MAAM;YACR,KAAK,uCAAoB,CAAC,YAAY;gBACpC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;gBAC/B,MAAM;YACR,KAAK,uCAAoB,CAAC,aAAa;gBACrC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;gBAChC,MAAM;YACR,KAAK,uCAAoB,CAAC,gBAAgB;gBACxC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;gBACnC,MAAM;YACR,KAAK,uCAAoB,CAAC,aAAa;gBACrC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;gBAChC,MAAM;QACV,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,YAAY,CAAC,gBAA8B;QACzC,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,KAAK,MAAM,EAAE,IAAI,gBAAgB,EAAE,CAAC;YAClC,IAAI,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC3B,UAAU,EAAE,CAAC;YACf,CAAC;QACH,CAAC;QACD,OAAO,UAAU,IAAI,IAAI,CAAC,kBAAkB,CAAC;IAC/C,CAAC;IAED,4DAA4D;IAC5D,KAAK;QACH,MAAM,aAAa,GAAwB,EAAE,CAAC;QAC9C,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,aAAa,CAAC,IAAI,CAAC;gBACjB,SAAS,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC;gBAC3C,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;aACnC,CAAC,CAAC;QACL,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,mBAAmB,CAAC,aAAa,EAAE;YACpD,GAAG,IAAI,CAAC,aAAa;SACtB,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,mEAAmE;IAE3D,cAAc,CACpB,MAGC;QAED,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,2BAAY,CAAC,OAAO,EAAE,CAAC;YACzD,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,sBAAsB,EACtC,UAAU,GAAG,oCAAoC,CAClD,CAAC;QACJ,CAAC;QACD,MAAM,SAAS,GAAsB;YACnC,SAAS,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC;YAC3C,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,MAAM,EAAE,2BAAY,CAAC,MAAM;YAC3B,QAAQ,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;SACzC,CAAC;QACF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACjC,IAAI,MAAM,CAAC,IAAI,KAAK,uBAAU,CAAC,KAAK,EAAE,CAAC;YACrC,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC3B,CAAC;IACH,CAAC;IAEO,iBAAiB,CACvB,MAGC;QAED,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,uBAAuB,EACvC,UAAU,GAAG,YAAY,CAC1B,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,KAAK,2BAAY,CAAC,OAAO,EAAE,CAAC;YAC3C,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,sBAAsB,EACtC,UAAU,GAAG,qBAAqB,CACnC,CAAC;QACJ,CAAC;QACD,4CAA4C;QAC5C,IACE,MAAM,CAAC,MAAM,KAAK,2BAAY,CAAC,MAAM;YACrC,MAAM,CAAC,IAAI,KAAK,uBAAU,CAAC,KAAK,EAChC,CAAC;YACD,IAAI,IAAI,CAAC,iBAAiB,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,yBAAyB,EACzC,qCAAqC,CACtC,CAAC;YACJ,CAAC;YACD,IAAI,IAAI,CAAC,iBAAiB,GAAG,CAAC,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACzD,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,yBAAyB,EACzC,uDAAuD,CACxD,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC3B,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE;YACpB,GAAG,MAAM;YACT,SAAS,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC;YAC3C,QAAQ,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;YAClC,MAAM,EAAE,2BAAY,CAAC,OAAO;SAC7B,CAAC,CAAC;IACL,CAAC;IAEO,eAAe,CACrB,MAGC;QAED,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,2BAAY,CAAC,OAAO,EAAE,CAAC;YACtD,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,uBAAuB,EACvC,UAAU,GAAG,uBAAuB,CACrC,CAAC;QACJ,CAAC;QACD,yCAAyC;QACzC,IACE,MAAM,CAAC,MAAM,KAAK,2BAAY,CAAC,MAAM;YACrC,MAAM,CAAC,IAAI,KAAK,uBAAU,CAAC,KAAK;YAChC,MAAM,CAAC,OAAO,KAAK,uBAAU,CAAC,KAAK,EACnC,CAAC;YACD,IAAI,IAAI,CAAC,iBAAiB,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,yBAAyB,EACzC,qCAAqC,CACtC,CAAC;YACJ,CAAC;YACD,IAAI,IAAI,CAAC,iBAAiB,GAAG,CAAC,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACzD,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,yBAAyB,EACzC,uDAAuD,CACxD,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC3B,CAAC;aAAM,IACL,MAAM,CAAC,MAAM,KAAK,2BAAY,CAAC,MAAM;YACrC,MAAM,CAAC,IAAI,KAAK,uBAAU,CAAC,KAAK;YAChC,MAAM,CAAC,OAAO,KAAK,uBAAU,CAAC,KAAK,EACnC,CAAC;YACD,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC3B,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE;YACpB,GAAG,MAAM;YACT,SAAS,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC;YAC3C,QAAQ,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;YAClC,IAAI,EAAE,MAAM,CAAC,OAAO;SACrB,CAAC,CAAC;IACL,CAAC;IAEO,iBAAiB,CACvB,MAGC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;QACnC,IAAI,SAAS,CAAC,IAAI,KAAK,yBAAU,CAAC,SAAS,EAAE,CAAC;YAC5C,IAAI,CAAC,SAAS,CAAC,SAAS,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACxD,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,yBAAyB,EACzC,aAAa,SAAS,CAAC,SAAS,+BAA+B,IAAI,CAAC,iBAAiB,EAAE,CACxF,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,aAAa,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC;IACxC,CAAC;IAEO,kBAAkB,CACxB,MAGC;QAED,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,uBAAuB,EACvC,UAAU,GAAG,YAAY,CAC1B,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,KAAK,2BAAY,CAAC,MAAM,EAAE,CAAC;YAC1C,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,sBAAsB,EACtC,UAAU,GAAG,2BAA2B,MAAM,CAAC,MAAM,GAAG,CACzD,CAAC;QACJ,CAAC;QACD,qCAAqC;QACrC,IAAI,MAAM,CAAC,IAAI,KAAK,uBAAU,CAAC,KAAK,EAAE,CAAC;YACrC,IAAI,IAAI,CAAC,iBAAiB,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,yBAAyB,EACzC,sCAAsC,CACvC,CAAC;YACJ,CAAC;YACD,IAAI,IAAI,CAAC,iBAAiB,GAAG,CAAC,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACzD,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,yBAAyB,EACzC,yDAAyD,CAC1D,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC3B,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE;YACpB,GAAG,MAAM;YACT,SAAS,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC;YAC3C,QAAQ,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;YAClC,MAAM,EAAE,2BAAY,CAAC,SAAS;SAC/B,CAAC,CAAC;IACL,CAAC;IAEO,qBAAqB,CAC3B,MAGC;QAED,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,uBAAuB,EACvC,UAAU,GAAG,YAAY,CAC1B,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,KAAK,2BAAY,CAAC,SAAS,EAAE,CAAC;YAC7C,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,sBAAsB,EACtC,UAAU,GAAG,8BAA8B,MAAM,CAAC,MAAM,GAAG,CAC5D,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE;YACpB,GAAG,MAAM;YACT,SAAS,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC;YAC3C,QAAQ,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;YAClC,MAAM,EAAE,2BAAY,CAAC,MAAM;SAC5B,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,KAAK,uBAAU,CAAC,KAAK,EAAE,CAAC;YACrC,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC3B,CAAC;IACH,CAAC;IAEO,kBAAkB,CACxB,MAGC;QAED,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,2BAAY,CAAC,OAAO,EAAE,CAAC;YACtD,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,uBAAuB,EACvC,UAAU,GAAG,uBAAuB,CACrC,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE;YACpB,GAAG,MAAM;YACT,SAAS,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC;YAC3C,QAAQ,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;SACnC,CAAC,CAAC;IACL,CAAC;CACF;AApXD,kDAoXC"}

package/src/lib/ledger/browserSignatureVerifier.d.ts

@@ -0,0 +1,18 @@
+/**
+ * @fileoverview BrowserSignatureVerifier — lightweight ILedgerSignatureVerifier.
+ *
+ * Calls @noble/curves secp256k1 directly to verify compact ECDSA signatures
+ * without requiring an ECIESService instance. Useful in browser contexts
+ * (e.g. the showcase demo) where you want minimal dependencies.
+ *
+ * EciesSignatureVerifier is the full-featured alternative that wraps
+ * ECIESService.verifyMessage().
+ *
+ * @see eciesSignatureVerifier.ts for the ECIESService-backed version
+ */
+import type { SignatureUint8Array } from '@digitaldefiance/ecies-lib';
+import type { ILedgerSignatureVerifier } from '../interfaces/ledger/ledgerSignatureVerifier';
+export declare class BrowserSignatureVerifier implements ILedgerSignatureVerifier {
+    verify(publicKey: Uint8Array, data: Uint8Array, signature: SignatureUint8Array): boolean;
+}
+//# sourceMappingURL=browserSignatureVerifier.d.ts.map

package/src/lib/ledger/browserSignatureVerifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browserSignatureVerifier.d.ts","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/ledger/browserSignatureVerifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAGtE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,8CAA8C,CAAC;AAE7F,qBAAa,wBAAyB,YAAW,wBAAwB;IACvE,MAAM,CACJ,SAAS,EAAE,UAAU,EACrB,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,mBAAmB,GAC7B,OAAO;CAYX"}

package/src/lib/ledger/browserSignatureVerifier.js

@@ -0,0 +1,35 @@
+"use strict";
+/**
+ * @fileoverview BrowserSignatureVerifier — lightweight ILedgerSignatureVerifier.
+ *
+ * Calls @noble/curves secp256k1 directly to verify compact ECDSA signatures
+ * without requiring an ECIESService instance. Useful in browser contexts
+ * (e.g. the showcase demo) where you want minimal dependencies.
+ *
+ * EciesSignatureVerifier is the full-featured alternative that wraps
+ * ECIESService.verifyMessage().
+ *
+ * @see eciesSignatureVerifier.ts for the ECIESService-backed version
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BrowserSignatureVerifier = void 0;
+const secp256k1_1 = require("@noble/curves/secp256k1");
+const sha2_1 = require("@noble/hashes/sha2");
+class BrowserSignatureVerifier {
+    verify(publicKey, data, signature) {
+        try {
+            if (!signature || signature.length !== 64)
+                return false;
+            const hash = (0, sha2_1.sha256)(data);
+            return secp256k1_1.secp256k1.verify(signature, hash, publicKey, {
+                prehash: false,
+                format: 'compact',
+            });
+        }
+        catch {
+            return false;
+        }
+    }
+}
+exports.BrowserSignatureVerifier = BrowserSignatureVerifier;
+//# sourceMappingURL=browserSignatureVerifier.js.map

package/src/lib/ledger/browserSignatureVerifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"browserSignatureVerifier.js","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/ledger/browserSignatureVerifier.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAGH,uDAAoD;AACpD,6CAA4C;AAG5C,MAAa,wBAAwB;IACnC,MAAM,CACJ,SAAqB,EACrB,IAAgB,EAChB,SAA8B;QAE9B,IAAI,CAAC;YACH,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE;gBAAE,OAAO,KAAK,CAAC;YACxD,MAAM,IAAI,GAAG,IAAA,aAAM,EAAC,IAAI,CAAC,CAAC;YAC1B,OAAO,qBAAS,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;gBAClD,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS;aAClB,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAjBD,4DAiBC"}

package/src/lib/ledger/governancePayloadSerializer.d.ts

@@ -0,0 +1,70 @@
+/**
+ * @fileoverview Governance payload serializer for the blockchain ledger.
+ *
+ * Handles deterministic binary serialization of governance payloads,
+ * including the 0x01 type prefix that distinguishes governance entries
+ * from regular (0x00) entries.
+ *
+ * Binary format (after 0x01 type prefix):
+ * - 1 byte: subtype (0x00 = genesis, 0x01 = amendment)
+ * - For genesis: quorum policy + initial signer list
+ * - 2 bytes: actionCount (uint16 BE)
+ * - variable: serialized actions
+ * - 2 bytes: cosignatureCount (uint16 BE)
+ * - variable: cosignatures
+ *
+ * @see Design: Governance Payload Serialization Format
+ * @see Requirements 13.9
+ */
+import { IGovernanceAction } from '../interfaces/ledger/governanceAction';
+import { IGovernancePayload } from '../interfaces/ledger/governancePayload';
+import { IQuorumPolicy } from '../interfaces/ledger/quorumPolicy';
+import { IAuthorizedSigner } from '../interfaces/ledger/authorizedSigner';
+/**
+ * Genesis initialization data embedded in the genesis governance payload.
+ */
+export interface IGenesisPayloadData {
+    readonly quorumPolicy: IQuorumPolicy;
+    readonly signers: readonly IAuthorizedSigner[];
+}
+export declare class GovernancePayloadSerializer {
+    /**
+     * Check if a payload Uint8Array is a governance payload (starts with 0x01).
+     */
+    static isGovernancePayload(payload: Uint8Array): boolean;
+    /**
+     * Serialize a governance payload into a Uint8Array with 0x01 prefix.
+     * This produces an amendment-subtype payload.
+     */
+    serialize(payload: IGovernancePayload): Uint8Array;
+    /**
+     * Serialize a genesis governance payload with initial signer set and quorum policy.
+     */
+    serializeGenesis(data: IGenesisPayloadData): Uint8Array;
+    /**
+     * Deserialize a Uint8Array (with 0x01 prefix) back into an IGovernancePayload.
+     * For genesis payloads, also returns the genesis data.
+     */
+    deserialize(data: Uint8Array): IGovernancePayload & {
+        genesis?: IGenesisPayloadData;
+    };
+    /**
+     * Serialize the governance actions only (without cosignatures) for hashing/signing by co-signers.
+     */
+    serializeActionsForSigning(actions: readonly IGovernanceAction[]): Uint8Array;
+    private serializeActions;
+    private serializeAction;
+    private serializeQuorumPolicy;
+    private serializeMetadata;
+    private serializeSignerList;
+    private serializeCosignatures;
+    private deserializeGenesis;
+    private deserializeAmendment;
+    private deserializeAction;
+    private deserializeQuorumPolicy;
+    private deserializeMetadata;
+    private deserializeSigner;
+    private deserializeCosignatures;
+    private ensureBytes;
+}
+//# sourceMappingURL=governancePayloadSerializer.d.ts.map

package/src/lib/ledger/governancePayloadSerializer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"governancePayloadSerializer.d.ts","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/ledger/governancePayloadSerializer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAGH,OAAO,EAEL,iBAAiB,EAClB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAC;AAC5E,OAAO,EAAE,aAAa,EAAc,MAAM,mCAAmC,CAAC;AAG9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAyE1E;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC;IACrC,QAAQ,CAAC,OAAO,EAAE,SAAS,iBAAiB,EAAE,CAAC;CAChD;AAED,qBAAa,2BAA2B;IACtC;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO;IAIxD;;;OAGG;IACH,SAAS,CAAC,OAAO,EAAE,kBAAkB,GAAG,UAAU;IAgClD;;OAEG;IACH,gBAAgB,CAAC,IAAI,EAAE,mBAAmB,GAAG,UAAU;IAgCvD;;;OAGG;IACH,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,kBAAkB,GAAG;QAAE,OAAO,CAAC,EAAE,mBAAmB,CAAA;KAAE;IA+BrF;;OAEG;IACH,0BAA0B,CAAC,OAAO,EAAE,SAAS,iBAAiB,EAAE,GAAG,UAAU;IAY7E,OAAO,CAAC,gBAAgB;IAQxB,OAAO,CAAC,eAAe;IAsCvB,OAAO,CAAC,qBAAqB;IAW7B,OAAO,CAAC,iBAAiB;IA8BzB,OAAO,CAAC,mBAAmB;IAW3B,OAAO,CAAC,qBAAqB;IAa7B,OAAO,CAAC,kBAAkB;IAqC1B,OAAO,CAAC,oBAAoB;IA4B5B,OAAO,CAAC,iBAAiB;IAwFzB,OAAO,CAAC,uBAAuB;IAwB/B,OAAO,CAAC,mBAAmB;IAmC3B,OAAO,CAAC,iBAAiB;IAqCzB,OAAO,CAAC,uBAAuB;IA2B/B,OAAO,CAAC,WAAW;CAapB"}