@cardanowall/poe-standard 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/error-codes.cjs +6 -0
  2. package/dist/error-codes.cjs.map +1 -1
  3. package/dist/error-codes.d.cts +2 -2
  4. package/dist/error-codes.d.ts +2 -2
  5. package/dist/error-codes.js +6 -0
  6. package/dist/error-codes.js.map +1 -1
  7. package/dist/index.cjs +130 -16
  8. package/dist/index.cjs.map +1 -1
  9. package/dist/index.js +130 -16
  10. package/dist/index.js.map +1 -1
  11. package/dist/validator.cjs +127 -16
  12. package/dist/validator.cjs.map +1 -1
  13. package/dist/validator.js +127 -16
  14. package/dist/validator.js.map +1 -1
  15. package/package.json +2 -2
package/dist/error-codes.cjs CHANGED
@@ -31,6 +31,9 @@ var STRUCTURAL_ERROR_CODES = [
31
31
  "UNSUPPORTED_ENVELOPE_SCHEME",
32
32
  "ENC_SLOTS_EMPTY",
33
33
  "ENC_SLOT_INVALID_SHAPE",
34
+ "ENC_SLOTS_DUPLICATE_KEM_MATERIAL",
35
+ "ENC_SLOTS_TOO_MANY",
36
+ "ENC_ENVELOPE_TOO_LARGE",
34
37
  "UNSUPPORTED_KEM_ALG",
35
38
  "ENC_KEM_REQUIRED",
36
39
  "KEM_EPK_LENGTH_MISMATCH",
@@ -106,6 +109,9 @@ var SEVERITY = Object.freeze({
106
109
  UNSUPPORTED_ENVELOPE_SCHEME: "error",
107
110
  ENC_SLOTS_EMPTY: "error",
108
111
  ENC_SLOT_INVALID_SHAPE: "error",
112
+ ENC_SLOTS_DUPLICATE_KEM_MATERIAL: "error",
113
+ ENC_SLOTS_TOO_MANY: "error",
114
+ ENC_ENVELOPE_TOO_LARGE: "error",
109
115
  UNSUPPORTED_KEM_ALG: "error",
110
116
  ENC_KEM_REQUIRED: "error",
111
117
  KEM_EPK_LENGTH_MISMATCH: "error",
package/dist/error-codes.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/error-codes.ts"],"names":[],"mappings":";;;AAgBO,IAAM,sBAAA,GAAyB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKpC,gBAAA;AAAA;AAAA,EAEA,sBAAA;AAAA,EACA,yBAAA;AAAA,EACA,sBAAA;AAAA,EACA,wBAAA;AAAA,EACA,qBAAA;AAAA;AAAA,EAEA,6BAAA;AAAA,EACA,sBAAA;AAAA;AAAA,EAEA,+BAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAA;AAAA,EACA,iBAAA;AAAA;AAAA,EAEA,kCAAA;AAAA,EACA,sBAAA;AAAA,EACA,uBAAA;AAAA,EACA,6BAAA;AAAA,EACA,iBAAA;AAAA,EACA,wBAAA;AAAA,EACA,qBAAA;AAAA,EACA,kBAAA;AAAA,EACA,yBAAA;AAAA,EACA,wBAAA;AAAA,EACA,sBAAA;AAAA,EACA,8BAAA;AAAA,EACA,wBAAA;AAAA,EACA,oBAAA;AAAA,EACA,2BAAA;AAAA,EACA,iBAAA;AAAA,EACA,2BAAA;AAAA,EACA,gCAAA;AAAA,EACA,+BAAA;AAAA,EACA,8BAAA;AAAA,EACA,sCAAA;AAAA,EACA,qCAAA;AAAA;AAAA,EAEA,0BAAA;AAAA,EACA,uBAAA;AAAA,EACA,yBAAA;AAAA,EACA,iCAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EAEA,8BAAA;AAAA;AAAA,EAEA,gCAAA;AAAA,EACA;AACF;AAOO,IAAM,oBAAA,GAAuB;AAAA,EAClC,oBAAA;AAAA,EACA,4BAAA;AAAA,EACA,mBAAA;AAAA,EACA,uBAAA;AAAA,EACA,yBAAA;AAAA,EACA,sBAAA;AAAA,EACA,wBAAA;AAAA,EACA,kBAAA;AAAA,EACA,qBAAA;AAAA,EACA,wBAAA;AAAA,EACA,sBAAA;AAAA,EACA,gCAAA;AAAA,EACA,8BAAA;AAAA,EACA,qBAAA;AAAA,EACA,iBAAA;AAAA,EACA,qBAAA;AAAA,EACA,uBAAA;AAAA,EACA,mCAAA;AAAA,EACA,yCAAA;AAAA,EACA,gCAAA;AAAA,EACA,sBAAA;AAAA,EACA,2BAAA;AAAA,EACA,gCAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF;AAEO,IAAM,WAAA,GAAc,CAAC,GAAG,sBAAA,EAAwB,GAAG,oBAAoB;AAqBvE,IAAM,QAAA,GAAkD,OAAO,MAAA,CAAO;AAAA;AAAA,EAE3E,cAAA,EAAgB,OAAA;AAAA,EAChB,oBAAA,EAAsB,OAAA;AAAA,EACtB,uBAAA,EAAyB,OAAA;AAAA,EACzB,oBAAA,EAAsB,OAAA;AAAA,EACtB,sBAAA,EAAwB,OAAA;AAAA,EACxB,mBAAA,EAAqB,OAAA;AAAA,EACrB,2BAAA,EAA6B,OAAA;AAAA,EAC7B,oBAAA,EAAsB,OAAA;AAAA,EACtB,6BAAA,EAA+B,OAAA;AAAA,EAC/B,WAAA,EAAa,OAAA;AAAA,EACb,eAAA,EAAiB,OAAA;AAAA,EACjB,gCAAA,EAAkC,OAAA;AAAA,EAClC,oBAAA,EAAsB,OAAA;AAAA,EACtB,qBAAA,EAAuB,OAAA;AAAA,EACvB,2BAAA,EAA6B,OAAA;AAAA,EAC7B,eAAA,EAAiB,OAAA;AAAA,EACjB,sBAAA,EAAwB,OAAA;AAAA,EACxB,mBAAA,EAAqB,OAAA;AAAA,EACrB,gBAAA,EAAkB,OAAA;AAAA,EAClB,uBAAA,EAAyB,OAAA;AAAA,EACzB,sBAAA,EAAwB,OAAA;AAAA,EACxB,oBAAA,EAAsB,OAAA;AAAA,EACtB,4BAAA,EAA8B,OAAA;AAAA,EAC9B,sBAAA,EAAwB,OAAA;AAAA,EACxB,kBAAA,EAAoB,OAAA;AAAA,EACpB,yBAAA,EAA2B,OAAA;AAAA,EAC3B,eAAA,EAAiB,OAAA;AAAA,EACjB,yBAAA,EAA2B,OAAA;AAAA,EAC3B,8BAAA,EAAgC,OAAA;AAAA,EAChC,6BAAA,EAA+B,OAAA;AAAA,EAC/B,4BAAA,EAA8B,OAAA;AAAA,EAC9B,oCAAA,EAAsC,OAAA;AAAA,EACtC,mCAAA,EAAqC,OAAA;AAAA,EACrC,wBAAA,EAA0B,OAAA;AAAA,EAC1B,qBAAA,EAAuB,MAAA;AAAA,EACvB,uBAAA,EAAyB,OAAA;AAAA,EACzB,+BAAA,EAAiC,OAAA;AAAA,EACjC,sBAAA,EAAwB,OAAA;AAAA,EACxB,4BAAA,EAA8B,OAAA;AAAA,EAC9B,8BAAA,EAAgC,OAAA;AAAA,EAChC,kBAAA,EAAoB,OAAA;AAAA;AAAA,EAEpB,kBAAA,EAAoB,OAAA;AAAA,EACpB,0BAAA,EAA4B,MAAA;AAAA,EAC5B,iBAAA,EAAmB,OAAA;AAAA,EACnB,qBAAA,EAAuB,OAAA;AAAA,EACvB,uBAAA,EAAyB,OAAA;AAAA,EACzB,oBAAA,EAAsB,OAAA;AAAA,EACtB,sBAAA,EAAwB,OAAA;AAAA,EACxB,gBAAA,EAAkB,SAAA;AAAA,EAClB,mBAAA,EAAqB,OAAA;AAAA,EACrB,sBAAA,EAAwB,OAAA;AAAA,EACxB,oBAAA,EAAsB,OAAA;AAAA,EACtB,8BAAA,EAAgC,OAAA;AAAA,EAChC,4BAAA,EAA8B,OAAA;AAAA,EAC9B,mBAAA,EAAqB,OAAA;AAAA,EACrB,eAAA,EAAiB,OAAA;AAAA,EACjB,mBAAA,EAAqB,OAAA;AAAA,EACrB,qBAAA,EAAuB,OAAA;AAAA,EACvB,iCAAA,EAAmC,OAAA;AAAA,EACnC,uCAAA,EAAyC,OAAA;AAAA,EACzC,8BAAA,EAAgC,OAAA;AAAA,EAChC,oBAAA,EAAsB,OAAA;AAAA,EACtB,yBAAA,EAA2B,SAAA;AAAA,EAC3B,8BAAA,EAAgC,MAAA;AAAA;AAAA;AAAA;AAAA,EAIhC,kBAAA,EAAoB,MAAA;AAAA;AAAA;AAAA,EAGpB,sBAAA,EAAwB;AAC1B,CAAC;AAEM,SAAS,WAAW,IAAA,EAA2B;AACpD,EAAA,OAAO,SAAS,IAAI,CAAA;AACtB","file":"error-codes.cjs","sourcesContent":["// Label 309 v1 error-code catalogue — single source of truth for the\n// structural-validator codes (Part A) and the verifier-layer codes (Part B)\n// that downstream verifiers re-export from this package.\n//\n// The structural validator emits ONLY Part A codes. Part B codes are\n// re-exported so consumers can `import { ErrorCode } from '@cardanowall/poe-standard'`\n// and dispatch on a single union type without round-tripping through the\n// verifier package.\n//\n// Codes are SCREAMING_SNAKE_CASE and MUST match the canonical taxonomy\n// byte-exact across the TS/PY/RS implementations — no lowercase synonyms,\n// no `schema_*`-prefixed parser-internal codes.\n\n// =============================================================================\n// Part A — structural validator codes\n// =============================================================================\nexport const STRUCTURAL_ERROR_CODES = [\n // CBOR decode layer. A single code covers every canonical-decode failure —\n // malformed/truncated bytes, indefinite-length encodings, non-canonical\n // (unsorted) map-key ordering, duplicate map keys, non-minimal integers, and\n // invalid UTF-8 — by design (no separate duplicate-key code).\n 'MALFORMED_CBOR',\n // Generic schema-layer\n 'SCHEMA_TYPE_MISMATCH',\n 'SCHEMA_MISSING_REQUIRED',\n 'SCHEMA_UNKNOWN_FIELD',\n 'SCHEMA_INVALID_LITERAL',\n 'SCHEMA_EMPTY_RECORD',\n // Hash-map\n 'HASH_DIGEST_LENGTH_MISMATCH',\n 'UNSUPPORTED_HASH_ALG',\n // Top-level `merkle[]`\n 'UNSUPPORTED_MERKLE_COMMIT_ALG',\n // URI / chunking. A chunk whose bytes do not reconstruct to valid UTF-8\n // surfaces as MALFORMED_CBOR at decode (cbor2 rejects invalid-UTF-8 tstr)\n // or, in the residual reconstruct guard, as INVALID_URI — there is no\n // separate codepoint-split code.\n 'INVALID_URI',\n 'CHUNK_TOO_LARGE',\n // Encryption envelope\n 'UNAUTHENTICATED_CIPHER_FORBIDDEN',\n 'UNSUPPORTED_AEAD_ALG',\n 'NONCE_LENGTH_MISMATCH',\n 'UNSUPPORTED_ENVELOPE_SCHEME',\n 'ENC_SLOTS_EMPTY',\n 'ENC_SLOT_INVALID_SHAPE',\n 'UNSUPPORTED_KEM_ALG',\n 'ENC_KEM_REQUIRED',\n 'KEM_EPK_LENGTH_MISMATCH',\n 'KEM_CT_LENGTH_MISMATCH',\n 'WRAP_LENGTH_MISMATCH',\n 'ENC_SLOTS_MAC_INVALID_LENGTH',\n 'ENC_SLOTS_MAC_REQUIRED',\n 'ENC_SLOTS_REQUIRED',\n 'ENC_EXCLUSIVITY_VIOLATION',\n 'ENC_NO_KEY_PATH',\n 'ENC_REQUIRES_CONTENT_HASH',\n 'ENC_PASSPHRASE_ALG_UNSUPPORTED',\n 'ENC_PASSPHRASE_SALT_TOO_SHORT',\n 'ENC_PASSPHRASE_SALT_TOO_LONG',\n 'ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW',\n 'ENC_PASSPHRASE_PARAMS_EXCEED_POLICY',\n // Signatures\n 'MALFORMED_SIG_COSE_SIGN1',\n 'SIGNATURE_UNSUPPORTED',\n 'SIG_ENTRY_INVALID_SHAPE',\n 'SIG_ENTRY_KID_COSE_KEY_CONFLICT',\n 'SIG_PRIVATE_KEY_LEAKED',\n // Supersedence\n 'SUPERSEDES_TX_INVALID_LENGTH',\n // Forward-compat critical extensions\n 'EXTENSION_UNSUPPORTED_CRITICAL',\n 'CRIT_SHAPE_INVALID',\n] as const;\n\n// =============================================================================\n// Part B — verifier-layer codes\n// Re-exported so downstream verifiers can dispatch on a single union.\n// The structural validator NEVER emits these.\n// =============================================================================\nexport const VERIFIER_ERROR_CODES = [\n 'METADATA_NOT_FOUND',\n 'INSUFFICIENT_CONFIRMATIONS',\n 'SIGNATURE_INVALID',\n 'SIGNER_KEY_UNRESOLVED',\n 'WALLET_ADDRESS_MISMATCH',\n 'URI_TARGET_FORBIDDEN',\n 'URI_INTEGRITY_MISMATCH',\n 'URI_FETCH_FAILED',\n 'CONTENT_UNAVAILABLE',\n 'CIPHERTEXT_UNAVAILABLE',\n 'PROVIDER_UNAVAILABLE',\n 'SERVICE_INDEPENDENCE_VIOLATION',\n 'WRONG_DECRYPTION_INPUT_SHAPE',\n 'WRONG_RECIPIENT_KEY',\n 'TAMPERED_HEADER',\n 'TAMPERED_CIPHERTEXT',\n 'KDF_DERIVATION_FAILED',\n 'SCHEMA_MERKLE_LEAF_COUNT_MISMATCH',\n 'SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED',\n 'SCHEMA_MERKLE_LEAVES_MALFORMED',\n 'MERKLE_ROOT_MISMATCH',\n 'MERKLE_LEAVES_UNAVAILABLE',\n 'MERKLE_LEAVES_INFORMATIVE_FORM',\n 'MERKLE_UNSUPPORTED',\n 'OUT_OF_PROFILE_SKIPPED',\n] as const;\n\nexport const ERROR_CODES = [...STRUCTURAL_ERROR_CODES, ...VERIFIER_ERROR_CODES] as const;\n\nexport type StructuralErrorCode = (typeof STRUCTURAL_ERROR_CODES)[number];\nexport type VerifierErrorCode = (typeof VERIFIER_ERROR_CODES)[number];\nexport type ErrorCode = (typeof ERROR_CODES)[number];\n\n// Severity classification. Codes not listed are `error` by default.\n//\n// `info` — a deliberate non-check (algorithm out of profile, unrecognised\n// signature algorithm at the opt-in informational tier).\n//\n// `warning` — a non-fatal anomaly that occurred at runtime but did not\n// invalidate the record (e.g. a transient gateway failure, partial leaves\n// availability).\n//\n// `MERKLE_UNSUPPORTED` / `OUT_OF_PROFILE_SKIPPED` carry dual severity\n// (`info` when another commitment was validated; `error` for the\n// merkle-only / strict-mode case). The verifier emits the resolved severity\n// per-issue; this map records the default `info` reading.\nexport type Severity = 'error' | 'warning' | 'info';\n\nexport const SEVERITY: Readonly<Record<ErrorCode, Severity>> = Object.freeze({\n // --- Part A ---\n MALFORMED_CBOR: 'error',\n SCHEMA_TYPE_MISMATCH: 'error',\n SCHEMA_MISSING_REQUIRED: 'error',\n SCHEMA_UNKNOWN_FIELD: 'error',\n SCHEMA_INVALID_LITERAL: 'error',\n SCHEMA_EMPTY_RECORD: 'error',\n HASH_DIGEST_LENGTH_MISMATCH: 'error',\n UNSUPPORTED_HASH_ALG: 'error',\n UNSUPPORTED_MERKLE_COMMIT_ALG: 'error',\n INVALID_URI: 'error',\n CHUNK_TOO_LARGE: 'error',\n UNAUTHENTICATED_CIPHER_FORBIDDEN: 'error',\n UNSUPPORTED_AEAD_ALG: 'error',\n NONCE_LENGTH_MISMATCH: 'error',\n UNSUPPORTED_ENVELOPE_SCHEME: 'error',\n ENC_SLOTS_EMPTY: 'error',\n ENC_SLOT_INVALID_SHAPE: 'error',\n UNSUPPORTED_KEM_ALG: 'error',\n ENC_KEM_REQUIRED: 'error',\n KEM_EPK_LENGTH_MISMATCH: 'error',\n KEM_CT_LENGTH_MISMATCH: 'error',\n WRAP_LENGTH_MISMATCH: 'error',\n ENC_SLOTS_MAC_INVALID_LENGTH: 'error',\n ENC_SLOTS_MAC_REQUIRED: 'error',\n ENC_SLOTS_REQUIRED: 'error',\n ENC_EXCLUSIVITY_VIOLATION: 'error',\n ENC_NO_KEY_PATH: 'error',\n ENC_REQUIRES_CONTENT_HASH: 'error',\n ENC_PASSPHRASE_ALG_UNSUPPORTED: 'error',\n ENC_PASSPHRASE_SALT_TOO_SHORT: 'error',\n ENC_PASSPHRASE_SALT_TOO_LONG: 'error',\n ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW: 'error',\n ENC_PASSPHRASE_PARAMS_EXCEED_POLICY: 'error',\n MALFORMED_SIG_COSE_SIGN1: 'error',\n SIGNATURE_UNSUPPORTED: 'info',\n SIG_ENTRY_INVALID_SHAPE: 'error',\n SIG_ENTRY_KID_COSE_KEY_CONFLICT: 'error',\n SIG_PRIVATE_KEY_LEAKED: 'error',\n SUPERSEDES_TX_INVALID_LENGTH: 'error',\n EXTENSION_UNSUPPORTED_CRITICAL: 'error',\n CRIT_SHAPE_INVALID: 'error',\n // --- Part B ---\n METADATA_NOT_FOUND: 'error',\n INSUFFICIENT_CONFIRMATIONS: 'info',\n SIGNATURE_INVALID: 'error',\n SIGNER_KEY_UNRESOLVED: 'error',\n WALLET_ADDRESS_MISMATCH: 'error',\n URI_TARGET_FORBIDDEN: 'error',\n URI_INTEGRITY_MISMATCH: 'error',\n URI_FETCH_FAILED: 'warning',\n CONTENT_UNAVAILABLE: 'error',\n CIPHERTEXT_UNAVAILABLE: 'error',\n PROVIDER_UNAVAILABLE: 'error',\n SERVICE_INDEPENDENCE_VIOLATION: 'error',\n WRONG_DECRYPTION_INPUT_SHAPE: 'error',\n WRONG_RECIPIENT_KEY: 'error',\n TAMPERED_HEADER: 'error',\n TAMPERED_CIPHERTEXT: 'error',\n KDF_DERIVATION_FAILED: 'error',\n SCHEMA_MERKLE_LEAF_COUNT_MISMATCH: 'error',\n SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED: 'error',\n SCHEMA_MERKLE_LEAVES_MALFORMED: 'error',\n MERKLE_ROOT_MISMATCH: 'error',\n MERKLE_LEAVES_UNAVAILABLE: 'warning',\n MERKLE_LEAVES_INFORMATIVE_FORM: 'info',\n // Dual-severity — default reading is `info`; the verifier promotes to\n // `error` for merkle-only records (no `items[]` content claim was\n // validated in the same record).\n MERKLE_UNSUPPORTED: 'info',\n // Dual-severity — default reading is `info` (render mode); strict\n // end-to-end verifiers promote to `error`.\n OUT_OF_PROFILE_SKIPPED: 'info',\n});\n\nexport function severityOf(code: ErrorCode): Severity {\n return SEVERITY[code];\n}\n"]}
1
+ {"version":3,"sources":["../src/error-codes.ts"],"names":[],"mappings":";;;AAgBO,IAAM,sBAAA,GAAyB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKpC,gBAAA;AAAA;AAAA,EAEA,sBAAA;AAAA,EACA,yBAAA;AAAA,EACA,sBAAA;AAAA,EACA,wBAAA;AAAA,EACA,qBAAA;AAAA;AAAA,EAEA,6BAAA;AAAA,EACA,sBAAA;AAAA;AAAA,EAEA,+BAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAA;AAAA,EACA,iBAAA;AAAA;AAAA,EAEA,kCAAA;AAAA,EACA,sBAAA;AAAA,EACA,uBAAA;AAAA,EACA,6BAAA;AAAA,EACA,iBAAA;AAAA,EACA,wBAAA;AAAA,EACA,kCAAA;AAAA,EACA,oBAAA;AAAA,EACA,wBAAA;AAAA,EACA,qBAAA;AAAA,EACA,kBAAA;AAAA,EACA,yBAAA;AAAA,EACA,wBAAA;AAAA,EACA,sBAAA;AAAA,EACA,8BAAA;AAAA,EACA,wBAAA;AAAA,EACA,oBAAA;AAAA,EACA,2BAAA;AAAA,EACA,iBAAA;AAAA,EACA,2BAAA;AAAA,EACA,gCAAA;AAAA,EACA,+BAAA;AAAA,EACA,8BAAA;AAAA,EACA,sCAAA;AAAA,EACA,qCAAA;AAAA;AAAA,EAEA,0BAAA;AAAA,EACA,uBAAA;AAAA,EACA,yBAAA;AAAA,EACA,iCAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EAEA,8BAAA;AAAA;AAAA,EAEA,gCAAA;AAAA,EACA;AACF;AAOO,IAAM,oBAAA,GAAuB;AAAA,EAClC,oBAAA;AAAA,EACA,4BAAA;AAAA,EACA,mBAAA;AAAA,EACA,uBAAA;AAAA,EACA,yBAAA;AAAA,EACA,sBAAA;AAAA,EACA,wBAAA;AAAA,EACA,kBAAA;AAAA,EACA,qBAAA;AAAA,EACA,wBAAA;AAAA,EACA,sBAAA;AAAA,EACA,gCAAA;AAAA,EACA,8BAAA;AAAA,EACA,qBAAA;AAAA,EACA,iBAAA;AAAA,EACA,qBAAA;AAAA,EACA,uBAAA;AAAA,EACA,mCAAA;AAAA,EACA,yCAAA;AAAA,EACA,gCAAA;AAAA,EACA,sBAAA;AAAA,EACA,2BAAA;AAAA,EACA,gCAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF;AAEO,IAAM,WAAA,GAAc,CAAC,GAAG,sBAAA,EAAwB,GAAG,oBAAoB;AAqBvE,IAAM,QAAA,GAAkD,OAAO,MAAA,CAAO;AAAA;AAAA,EAE3E,cAAA,EAAgB,OAAA;AAAA,EAChB,oBAAA,EAAsB,OAAA;AAAA,EACtB,uBAAA,EAAyB,OAAA;AAAA,EACzB,oBAAA,EAAsB,OAAA;AAAA,EACtB,sBAAA,EAAwB,OAAA;AAAA,EACxB,mBAAA,EAAqB,OAAA;AAAA,EACrB,2BAAA,EAA6B,OAAA;AAAA,EAC7B,oBAAA,EAAsB,OAAA;AAAA,EACtB,6BAAA,EAA+B,OAAA;AAAA,EAC/B,WAAA,EAAa,OAAA;AAAA,EACb,eAAA,EAAiB,OAAA;AAAA,EACjB,gCAAA,EAAkC,OAAA;AAAA,EAClC,oBAAA,EAAsB,OAAA;AAAA,EACtB,qBAAA,EAAuB,OAAA;AAAA,EACvB,2BAAA,EAA6B,OAAA;AAAA,EAC7B,eAAA,EAAiB,OAAA;AAAA,EACjB,sBAAA,EAAwB,OAAA;AAAA,EACxB,gCAAA,EAAkC,OAAA;AAAA,EAClC,kBAAA,EAAoB,OAAA;AAAA,EACpB,sBAAA,EAAwB,OAAA;AAAA,EACxB,mBAAA,EAAqB,OAAA;AAAA,EACrB,gBAAA,EAAkB,OAAA;AAAA,EAClB,uBAAA,EAAyB,OAAA;AAAA,EACzB,sBAAA,EAAwB,OAAA;AAAA,EACxB,oBAAA,EAAsB,OAAA;AAAA,EACtB,4BAAA,EAA8B,OAAA;AAAA,EAC9B,sBAAA,EAAwB,OAAA;AAAA,EACxB,kBAAA,EAAoB,OAAA;AAAA,EACpB,yBAAA,EAA2B,OAAA;AAAA,EAC3B,eAAA,EAAiB,OAAA;AAAA,EACjB,yBAAA,EAA2B,OAAA;AAAA,EAC3B,8BAAA,EAAgC,OAAA;AAAA,EAChC,6BAAA,EAA+B,OAAA;AAAA,EAC/B,4BAAA,EAA8B,OAAA;AAAA,EAC9B,oCAAA,EAAsC,OAAA;AAAA,EACtC,mCAAA,EAAqC,OAAA;AAAA,EACrC,wBAAA,EAA0B,OAAA;AAAA,EAC1B,qBAAA,EAAuB,MAAA;AAAA,EACvB,uBAAA,EAAyB,OAAA;AAAA,EACzB,+BAAA,EAAiC,OAAA;AAAA,EACjC,sBAAA,EAAwB,OAAA;AAAA,EACxB,4BAAA,EAA8B,OAAA;AAAA,EAC9B,8BAAA,EAAgC,OAAA;AAAA,EAChC,kBAAA,EAAoB,OAAA;AAAA;AAAA,EAEpB,kBAAA,EAAoB,OAAA;AAAA,EACpB,0BAAA,EAA4B,MAAA;AAAA,EAC5B,iBAAA,EAAmB,OAAA;AAAA,EACnB,qBAAA,EAAuB,OAAA;AAAA,EACvB,uBAAA,EAAyB,OAAA;AAAA,EACzB,oBAAA,EAAsB,OAAA;AAAA,EACtB,sBAAA,EAAwB,OAAA;AAAA,EACxB,gBAAA,EAAkB,SAAA;AAAA,EAClB,mBAAA,EAAqB,OAAA;AAAA,EACrB,sBAAA,EAAwB,OAAA;AAAA,EACxB,oBAAA,EAAsB,OAAA;AAAA,EACtB,8BAAA,EAAgC,OAAA;AAAA,EAChC,4BAAA,EAA8B,OAAA;AAAA,EAC9B,mBAAA,EAAqB,OAAA;AAAA,EACrB,eAAA,EAAiB,OAAA;AAAA,EACjB,mBAAA,EAAqB,OAAA;AAAA,EACrB,qBAAA,EAAuB,OAAA;AAAA,EACvB,iCAAA,EAAmC,OAAA;AAAA,EACnC,uCAAA,EAAyC,OAAA;AAAA,EACzC,8BAAA,EAAgC,OAAA;AAAA,EAChC,oBAAA,EAAsB,OAAA;AAAA,EACtB,yBAAA,EAA2B,SAAA;AAAA,EAC3B,8BAAA,EAAgC,MAAA;AAAA;AAAA;AAAA;AAAA,EAIhC,kBAAA,EAAoB,MAAA;AAAA;AAAA;AAAA,EAGpB,sBAAA,EAAwB;AAC1B,CAAC;AAEM,SAAS,WAAW,IAAA,EAA2B;AACpD,EAAA,OAAO,SAAS,IAAI,CAAA;AACtB","file":"error-codes.cjs","sourcesContent":["// Label 309 v1 error-code catalogue — single source of truth for the\n// structural-validator codes (Part A) and the verifier-layer codes (Part B)\n// that downstream verifiers re-export from this package.\n//\n// The structural validator emits ONLY Part A codes. Part B codes are\n// re-exported so consumers can `import { ErrorCode } from '@cardanowall/poe-standard'`\n// and dispatch on a single union type without round-tripping through the\n// verifier package.\n//\n// Codes are SCREAMING_SNAKE_CASE and MUST match the canonical taxonomy\n// byte-exact across the TS/PY/RS implementations — no lowercase synonyms,\n// no `schema_*`-prefixed parser-internal codes.\n\n// =============================================================================\n// Part A — structural validator codes\n// =============================================================================\nexport const STRUCTURAL_ERROR_CODES = [\n // CBOR decode layer. A single code covers every canonical-decode failure —\n // malformed/truncated bytes, indefinite-length encodings, non-canonical\n // (unsorted) map-key ordering, duplicate map keys, non-minimal integers, and\n // invalid UTF-8 — by design (no separate duplicate-key code).\n 'MALFORMED_CBOR',\n // Generic schema-layer\n 'SCHEMA_TYPE_MISMATCH',\n 'SCHEMA_MISSING_REQUIRED',\n 'SCHEMA_UNKNOWN_FIELD',\n 'SCHEMA_INVALID_LITERAL',\n 'SCHEMA_EMPTY_RECORD',\n // Hash-map\n 'HASH_DIGEST_LENGTH_MISMATCH',\n 'UNSUPPORTED_HASH_ALG',\n // Top-level `merkle[]`\n 'UNSUPPORTED_MERKLE_COMMIT_ALG',\n // URI / chunking. A chunk whose bytes do not reconstruct to valid UTF-8\n // surfaces as MALFORMED_CBOR at decode (cbor2 rejects invalid-UTF-8 tstr)\n // or, in the residual reconstruct guard, as INVALID_URI — there is no\n // separate codepoint-split code.\n 'INVALID_URI',\n 'CHUNK_TOO_LARGE',\n // Encryption envelope\n 'UNAUTHENTICATED_CIPHER_FORBIDDEN',\n 'UNSUPPORTED_AEAD_ALG',\n 'NONCE_LENGTH_MISMATCH',\n 'UNSUPPORTED_ENVELOPE_SCHEME',\n 'ENC_SLOTS_EMPTY',\n 'ENC_SLOT_INVALID_SHAPE',\n 'ENC_SLOTS_DUPLICATE_KEM_MATERIAL',\n 'ENC_SLOTS_TOO_MANY',\n 'ENC_ENVELOPE_TOO_LARGE',\n 'UNSUPPORTED_KEM_ALG',\n 'ENC_KEM_REQUIRED',\n 'KEM_EPK_LENGTH_MISMATCH',\n 'KEM_CT_LENGTH_MISMATCH',\n 'WRAP_LENGTH_MISMATCH',\n 'ENC_SLOTS_MAC_INVALID_LENGTH',\n 'ENC_SLOTS_MAC_REQUIRED',\n 'ENC_SLOTS_REQUIRED',\n 'ENC_EXCLUSIVITY_VIOLATION',\n 'ENC_NO_KEY_PATH',\n 'ENC_REQUIRES_CONTENT_HASH',\n 'ENC_PASSPHRASE_ALG_UNSUPPORTED',\n 'ENC_PASSPHRASE_SALT_TOO_SHORT',\n 'ENC_PASSPHRASE_SALT_TOO_LONG',\n 'ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW',\n 'ENC_PASSPHRASE_PARAMS_EXCEED_POLICY',\n // Signatures\n 'MALFORMED_SIG_COSE_SIGN1',\n 'SIGNATURE_UNSUPPORTED',\n 'SIG_ENTRY_INVALID_SHAPE',\n 'SIG_ENTRY_KID_COSE_KEY_CONFLICT',\n 'SIG_PRIVATE_KEY_LEAKED',\n // Supersedence\n 'SUPERSEDES_TX_INVALID_LENGTH',\n // Forward-compat critical extensions\n 'EXTENSION_UNSUPPORTED_CRITICAL',\n 'CRIT_SHAPE_INVALID',\n] as const;\n\n// =============================================================================\n// Part B — verifier-layer codes\n// Re-exported so downstream verifiers can dispatch on a single union.\n// The structural validator NEVER emits these.\n// =============================================================================\nexport const VERIFIER_ERROR_CODES = [\n 'METADATA_NOT_FOUND',\n 'INSUFFICIENT_CONFIRMATIONS',\n 'SIGNATURE_INVALID',\n 'SIGNER_KEY_UNRESOLVED',\n 'WALLET_ADDRESS_MISMATCH',\n 'URI_TARGET_FORBIDDEN',\n 'URI_INTEGRITY_MISMATCH',\n 'URI_FETCH_FAILED',\n 'CONTENT_UNAVAILABLE',\n 'CIPHERTEXT_UNAVAILABLE',\n 'PROVIDER_UNAVAILABLE',\n 'SERVICE_INDEPENDENCE_VIOLATION',\n 'WRONG_DECRYPTION_INPUT_SHAPE',\n 'WRONG_RECIPIENT_KEY',\n 'TAMPERED_HEADER',\n 'TAMPERED_CIPHERTEXT',\n 'KDF_DERIVATION_FAILED',\n 'SCHEMA_MERKLE_LEAF_COUNT_MISMATCH',\n 'SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED',\n 'SCHEMA_MERKLE_LEAVES_MALFORMED',\n 'MERKLE_ROOT_MISMATCH',\n 'MERKLE_LEAVES_UNAVAILABLE',\n 'MERKLE_LEAVES_INFORMATIVE_FORM',\n 'MERKLE_UNSUPPORTED',\n 'OUT_OF_PROFILE_SKIPPED',\n] as const;\n\nexport const ERROR_CODES = [...STRUCTURAL_ERROR_CODES, ...VERIFIER_ERROR_CODES] as const;\n\nexport type StructuralErrorCode = (typeof STRUCTURAL_ERROR_CODES)[number];\nexport type VerifierErrorCode = (typeof VERIFIER_ERROR_CODES)[number];\nexport type ErrorCode = (typeof ERROR_CODES)[number];\n\n// Severity classification. Codes not listed are `error` by default.\n//\n// `info` — a deliberate non-check (algorithm out of profile, unrecognised\n// signature algorithm at the opt-in informational tier).\n//\n// `warning` — a non-fatal anomaly that occurred at runtime but did not\n// invalidate the record (e.g. a transient gateway failure, partial leaves\n// availability).\n//\n// `MERKLE_UNSUPPORTED` / `OUT_OF_PROFILE_SKIPPED` carry dual severity\n// (`info` when another commitment was validated; `error` for the\n// merkle-only / strict-mode case). The verifier emits the resolved severity\n// per-issue; this map records the default `info` reading.\nexport type Severity = 'error' | 'warning' | 'info';\n\nexport const SEVERITY: Readonly<Record<ErrorCode, Severity>> = Object.freeze({\n // --- Part A ---\n MALFORMED_CBOR: 'error',\n SCHEMA_TYPE_MISMATCH: 'error',\n SCHEMA_MISSING_REQUIRED: 'error',\n SCHEMA_UNKNOWN_FIELD: 'error',\n SCHEMA_INVALID_LITERAL: 'error',\n SCHEMA_EMPTY_RECORD: 'error',\n HASH_DIGEST_LENGTH_MISMATCH: 'error',\n UNSUPPORTED_HASH_ALG: 'error',\n UNSUPPORTED_MERKLE_COMMIT_ALG: 'error',\n INVALID_URI: 'error',\n CHUNK_TOO_LARGE: 'error',\n UNAUTHENTICATED_CIPHER_FORBIDDEN: 'error',\n UNSUPPORTED_AEAD_ALG: 'error',\n NONCE_LENGTH_MISMATCH: 'error',\n UNSUPPORTED_ENVELOPE_SCHEME: 'error',\n ENC_SLOTS_EMPTY: 'error',\n ENC_SLOT_INVALID_SHAPE: 'error',\n ENC_SLOTS_DUPLICATE_KEM_MATERIAL: 'error',\n ENC_SLOTS_TOO_MANY: 'error',\n ENC_ENVELOPE_TOO_LARGE: 'error',\n UNSUPPORTED_KEM_ALG: 'error',\n ENC_KEM_REQUIRED: 'error',\n KEM_EPK_LENGTH_MISMATCH: 'error',\n KEM_CT_LENGTH_MISMATCH: 'error',\n WRAP_LENGTH_MISMATCH: 'error',\n ENC_SLOTS_MAC_INVALID_LENGTH: 'error',\n ENC_SLOTS_MAC_REQUIRED: 'error',\n ENC_SLOTS_REQUIRED: 'error',\n ENC_EXCLUSIVITY_VIOLATION: 'error',\n ENC_NO_KEY_PATH: 'error',\n ENC_REQUIRES_CONTENT_HASH: 'error',\n ENC_PASSPHRASE_ALG_UNSUPPORTED: 'error',\n ENC_PASSPHRASE_SALT_TOO_SHORT: 'error',\n ENC_PASSPHRASE_SALT_TOO_LONG: 'error',\n ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW: 'error',\n ENC_PASSPHRASE_PARAMS_EXCEED_POLICY: 'error',\n MALFORMED_SIG_COSE_SIGN1: 'error',\n SIGNATURE_UNSUPPORTED: 'info',\n SIG_ENTRY_INVALID_SHAPE: 'error',\n SIG_ENTRY_KID_COSE_KEY_CONFLICT: 'error',\n SIG_PRIVATE_KEY_LEAKED: 'error',\n SUPERSEDES_TX_INVALID_LENGTH: 'error',\n EXTENSION_UNSUPPORTED_CRITICAL: 'error',\n CRIT_SHAPE_INVALID: 'error',\n // --- Part B ---\n METADATA_NOT_FOUND: 'error',\n INSUFFICIENT_CONFIRMATIONS: 'info',\n SIGNATURE_INVALID: 'error',\n SIGNER_KEY_UNRESOLVED: 'error',\n WALLET_ADDRESS_MISMATCH: 'error',\n URI_TARGET_FORBIDDEN: 'error',\n URI_INTEGRITY_MISMATCH: 'error',\n URI_FETCH_FAILED: 'warning',\n CONTENT_UNAVAILABLE: 'error',\n CIPHERTEXT_UNAVAILABLE: 'error',\n PROVIDER_UNAVAILABLE: 'error',\n SERVICE_INDEPENDENCE_VIOLATION: 'error',\n WRONG_DECRYPTION_INPUT_SHAPE: 'error',\n WRONG_RECIPIENT_KEY: 'error',\n TAMPERED_HEADER: 'error',\n TAMPERED_CIPHERTEXT: 'error',\n KDF_DERIVATION_FAILED: 'error',\n SCHEMA_MERKLE_LEAF_COUNT_MISMATCH: 'error',\n SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED: 'error',\n SCHEMA_MERKLE_LEAVES_MALFORMED: 'error',\n MERKLE_ROOT_MISMATCH: 'error',\n MERKLE_LEAVES_UNAVAILABLE: 'warning',\n MERKLE_LEAVES_INFORMATIVE_FORM: 'info',\n // Dual-severity — default reading is `info`; the verifier promotes to\n // `error` for merkle-only records (no `items[]` content claim was\n // validated in the same record).\n MERKLE_UNSUPPORTED: 'info',\n // Dual-severity — default reading is `info` (render mode); strict\n // end-to-end verifiers promote to `error`.\n OUT_OF_PROFILE_SKIPPED: 'info',\n});\n\nexport function severityOf(code: ErrorCode): Severity {\n return SEVERITY[code];\n}\n"]}
package/dist/error-codes.d.cts CHANGED
@@ -1,6 +1,6 @@
1
- declare const STRUCTURAL_ERROR_CODES: readonly ["MALFORMED_CBOR", "SCHEMA_TYPE_MISMATCH", "SCHEMA_MISSING_REQUIRED", "SCHEMA_UNKNOWN_FIELD", "SCHEMA_INVALID_LITERAL", "SCHEMA_EMPTY_RECORD", "HASH_DIGEST_LENGTH_MISMATCH", "UNSUPPORTED_HASH_ALG", "UNSUPPORTED_MERKLE_COMMIT_ALG", "INVALID_URI", "CHUNK_TOO_LARGE", "UNAUTHENTICATED_CIPHER_FORBIDDEN", "UNSUPPORTED_AEAD_ALG", "NONCE_LENGTH_MISMATCH", "UNSUPPORTED_ENVELOPE_SCHEME", "ENC_SLOTS_EMPTY", "ENC_SLOT_INVALID_SHAPE", "UNSUPPORTED_KEM_ALG", "ENC_KEM_REQUIRED", "KEM_EPK_LENGTH_MISMATCH", "KEM_CT_LENGTH_MISMATCH", "WRAP_LENGTH_MISMATCH", "ENC_SLOTS_MAC_INVALID_LENGTH", "ENC_SLOTS_MAC_REQUIRED", "ENC_SLOTS_REQUIRED", "ENC_EXCLUSIVITY_VIOLATION", "ENC_NO_KEY_PATH", "ENC_REQUIRES_CONTENT_HASH", "ENC_PASSPHRASE_ALG_UNSUPPORTED", "ENC_PASSPHRASE_SALT_TOO_SHORT", "ENC_PASSPHRASE_SALT_TOO_LONG", "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW", "ENC_PASSPHRASE_PARAMS_EXCEED_POLICY", "MALFORMED_SIG_COSE_SIGN1", "SIGNATURE_UNSUPPORTED", "SIG_ENTRY_INVALID_SHAPE", "SIG_ENTRY_KID_COSE_KEY_CONFLICT", "SIG_PRIVATE_KEY_LEAKED", "SUPERSEDES_TX_INVALID_LENGTH", "EXTENSION_UNSUPPORTED_CRITICAL", "CRIT_SHAPE_INVALID"];
1
+ declare const STRUCTURAL_ERROR_CODES: readonly ["MALFORMED_CBOR", "SCHEMA_TYPE_MISMATCH", "SCHEMA_MISSING_REQUIRED", "SCHEMA_UNKNOWN_FIELD", "SCHEMA_INVALID_LITERAL", "SCHEMA_EMPTY_RECORD", "HASH_DIGEST_LENGTH_MISMATCH", "UNSUPPORTED_HASH_ALG", "UNSUPPORTED_MERKLE_COMMIT_ALG", "INVALID_URI", "CHUNK_TOO_LARGE", "UNAUTHENTICATED_CIPHER_FORBIDDEN", "UNSUPPORTED_AEAD_ALG", "NONCE_LENGTH_MISMATCH", "UNSUPPORTED_ENVELOPE_SCHEME", "ENC_SLOTS_EMPTY", "ENC_SLOT_INVALID_SHAPE", "ENC_SLOTS_DUPLICATE_KEM_MATERIAL", "ENC_SLOTS_TOO_MANY", "ENC_ENVELOPE_TOO_LARGE", "UNSUPPORTED_KEM_ALG", "ENC_KEM_REQUIRED", "KEM_EPK_LENGTH_MISMATCH", "KEM_CT_LENGTH_MISMATCH", "WRAP_LENGTH_MISMATCH", "ENC_SLOTS_MAC_INVALID_LENGTH", "ENC_SLOTS_MAC_REQUIRED", "ENC_SLOTS_REQUIRED", "ENC_EXCLUSIVITY_VIOLATION", "ENC_NO_KEY_PATH", "ENC_REQUIRES_CONTENT_HASH", "ENC_PASSPHRASE_ALG_UNSUPPORTED", "ENC_PASSPHRASE_SALT_TOO_SHORT", "ENC_PASSPHRASE_SALT_TOO_LONG", "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW", "ENC_PASSPHRASE_PARAMS_EXCEED_POLICY", "MALFORMED_SIG_COSE_SIGN1", "SIGNATURE_UNSUPPORTED", "SIG_ENTRY_INVALID_SHAPE", "SIG_ENTRY_KID_COSE_KEY_CONFLICT", "SIG_PRIVATE_KEY_LEAKED", "SUPERSEDES_TX_INVALID_LENGTH", "EXTENSION_UNSUPPORTED_CRITICAL", "CRIT_SHAPE_INVALID"];
2
2
  declare const VERIFIER_ERROR_CODES: readonly ["METADATA_NOT_FOUND", "INSUFFICIENT_CONFIRMATIONS", "SIGNATURE_INVALID", "SIGNER_KEY_UNRESOLVED", "WALLET_ADDRESS_MISMATCH", "URI_TARGET_FORBIDDEN", "URI_INTEGRITY_MISMATCH", "URI_FETCH_FAILED", "CONTENT_UNAVAILABLE", "CIPHERTEXT_UNAVAILABLE", "PROVIDER_UNAVAILABLE", "SERVICE_INDEPENDENCE_VIOLATION", "WRONG_DECRYPTION_INPUT_SHAPE", "WRONG_RECIPIENT_KEY", "TAMPERED_HEADER", "TAMPERED_CIPHERTEXT", "KDF_DERIVATION_FAILED", "SCHEMA_MERKLE_LEAF_COUNT_MISMATCH", "SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED", "SCHEMA_MERKLE_LEAVES_MALFORMED", "MERKLE_ROOT_MISMATCH", "MERKLE_LEAVES_UNAVAILABLE", "MERKLE_LEAVES_INFORMATIVE_FORM", "MERKLE_UNSUPPORTED", "OUT_OF_PROFILE_SKIPPED"];
3
- declare const ERROR_CODES: readonly ["MALFORMED_CBOR", "SCHEMA_TYPE_MISMATCH", "SCHEMA_MISSING_REQUIRED", "SCHEMA_UNKNOWN_FIELD", "SCHEMA_INVALID_LITERAL", "SCHEMA_EMPTY_RECORD", "HASH_DIGEST_LENGTH_MISMATCH", "UNSUPPORTED_HASH_ALG", "UNSUPPORTED_MERKLE_COMMIT_ALG", "INVALID_URI", "CHUNK_TOO_LARGE", "UNAUTHENTICATED_CIPHER_FORBIDDEN", "UNSUPPORTED_AEAD_ALG", "NONCE_LENGTH_MISMATCH", "UNSUPPORTED_ENVELOPE_SCHEME", "ENC_SLOTS_EMPTY", "ENC_SLOT_INVALID_SHAPE", "UNSUPPORTED_KEM_ALG", "ENC_KEM_REQUIRED", "KEM_EPK_LENGTH_MISMATCH", "KEM_CT_LENGTH_MISMATCH", "WRAP_LENGTH_MISMATCH", "ENC_SLOTS_MAC_INVALID_LENGTH", "ENC_SLOTS_MAC_REQUIRED", "ENC_SLOTS_REQUIRED", "ENC_EXCLUSIVITY_VIOLATION", "ENC_NO_KEY_PATH", "ENC_REQUIRES_CONTENT_HASH", "ENC_PASSPHRASE_ALG_UNSUPPORTED", "ENC_PASSPHRASE_SALT_TOO_SHORT", "ENC_PASSPHRASE_SALT_TOO_LONG", "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW", "ENC_PASSPHRASE_PARAMS_EXCEED_POLICY", "MALFORMED_SIG_COSE_SIGN1", "SIGNATURE_UNSUPPORTED", "SIG_ENTRY_INVALID_SHAPE", "SIG_ENTRY_KID_COSE_KEY_CONFLICT", "SIG_PRIVATE_KEY_LEAKED", "SUPERSEDES_TX_INVALID_LENGTH", "EXTENSION_UNSUPPORTED_CRITICAL", "CRIT_SHAPE_INVALID", "METADATA_NOT_FOUND", "INSUFFICIENT_CONFIRMATIONS", "SIGNATURE_INVALID", "SIGNER_KEY_UNRESOLVED", "WALLET_ADDRESS_MISMATCH", "URI_TARGET_FORBIDDEN", "URI_INTEGRITY_MISMATCH", "URI_FETCH_FAILED", "CONTENT_UNAVAILABLE", "CIPHERTEXT_UNAVAILABLE", "PROVIDER_UNAVAILABLE", "SERVICE_INDEPENDENCE_VIOLATION", "WRONG_DECRYPTION_INPUT_SHAPE", "WRONG_RECIPIENT_KEY", "TAMPERED_HEADER", "TAMPERED_CIPHERTEXT", "KDF_DERIVATION_FAILED", "SCHEMA_MERKLE_LEAF_COUNT_MISMATCH", "SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED", "SCHEMA_MERKLE_LEAVES_MALFORMED", "MERKLE_ROOT_MISMATCH", "MERKLE_LEAVES_UNAVAILABLE", "MERKLE_LEAVES_INFORMATIVE_FORM", "MERKLE_UNSUPPORTED", "OUT_OF_PROFILE_SKIPPED"];
3
+ declare const ERROR_CODES: readonly ["MALFORMED_CBOR", "SCHEMA_TYPE_MISMATCH", "SCHEMA_MISSING_REQUIRED", "SCHEMA_UNKNOWN_FIELD", "SCHEMA_INVALID_LITERAL", "SCHEMA_EMPTY_RECORD", "HASH_DIGEST_LENGTH_MISMATCH", "UNSUPPORTED_HASH_ALG", "UNSUPPORTED_MERKLE_COMMIT_ALG", "INVALID_URI", "CHUNK_TOO_LARGE", "UNAUTHENTICATED_CIPHER_FORBIDDEN", "UNSUPPORTED_AEAD_ALG", "NONCE_LENGTH_MISMATCH", "UNSUPPORTED_ENVELOPE_SCHEME", "ENC_SLOTS_EMPTY", "ENC_SLOT_INVALID_SHAPE", "ENC_SLOTS_DUPLICATE_KEM_MATERIAL", "ENC_SLOTS_TOO_MANY", "ENC_ENVELOPE_TOO_LARGE", "UNSUPPORTED_KEM_ALG", "ENC_KEM_REQUIRED", "KEM_EPK_LENGTH_MISMATCH", "KEM_CT_LENGTH_MISMATCH", "WRAP_LENGTH_MISMATCH", "ENC_SLOTS_MAC_INVALID_LENGTH", "ENC_SLOTS_MAC_REQUIRED", "ENC_SLOTS_REQUIRED", "ENC_EXCLUSIVITY_VIOLATION", "ENC_NO_KEY_PATH", "ENC_REQUIRES_CONTENT_HASH", "ENC_PASSPHRASE_ALG_UNSUPPORTED", "ENC_PASSPHRASE_SALT_TOO_SHORT", "ENC_PASSPHRASE_SALT_TOO_LONG", "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW", "ENC_PASSPHRASE_PARAMS_EXCEED_POLICY", "MALFORMED_SIG_COSE_SIGN1", "SIGNATURE_UNSUPPORTED", "SIG_ENTRY_INVALID_SHAPE", "SIG_ENTRY_KID_COSE_KEY_CONFLICT", "SIG_PRIVATE_KEY_LEAKED", "SUPERSEDES_TX_INVALID_LENGTH", "EXTENSION_UNSUPPORTED_CRITICAL", "CRIT_SHAPE_INVALID", "METADATA_NOT_FOUND", "INSUFFICIENT_CONFIRMATIONS", "SIGNATURE_INVALID", "SIGNER_KEY_UNRESOLVED", "WALLET_ADDRESS_MISMATCH", "URI_TARGET_FORBIDDEN", "URI_INTEGRITY_MISMATCH", "URI_FETCH_FAILED", "CONTENT_UNAVAILABLE", "CIPHERTEXT_UNAVAILABLE", "PROVIDER_UNAVAILABLE", "SERVICE_INDEPENDENCE_VIOLATION", "WRONG_DECRYPTION_INPUT_SHAPE", "WRONG_RECIPIENT_KEY", "TAMPERED_HEADER", "TAMPERED_CIPHERTEXT", "KDF_DERIVATION_FAILED", "SCHEMA_MERKLE_LEAF_COUNT_MISMATCH", "SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED", "SCHEMA_MERKLE_LEAVES_MALFORMED", "MERKLE_ROOT_MISMATCH", "MERKLE_LEAVES_UNAVAILABLE", "MERKLE_LEAVES_INFORMATIVE_FORM", "MERKLE_UNSUPPORTED", "OUT_OF_PROFILE_SKIPPED"];
4
4
  type StructuralErrorCode = (typeof STRUCTURAL_ERROR_CODES)[number];
5
5
  type VerifierErrorCode = (typeof VERIFIER_ERROR_CODES)[number];
6
6
  type ErrorCode = (typeof ERROR_CODES)[number];
package/dist/error-codes.d.ts CHANGED
@@ -1,6 +1,6 @@
1
- declare const STRUCTURAL_ERROR_CODES: readonly ["MALFORMED_CBOR", "SCHEMA_TYPE_MISMATCH", "SCHEMA_MISSING_REQUIRED", "SCHEMA_UNKNOWN_FIELD", "SCHEMA_INVALID_LITERAL", "SCHEMA_EMPTY_RECORD", "HASH_DIGEST_LENGTH_MISMATCH", "UNSUPPORTED_HASH_ALG", "UNSUPPORTED_MERKLE_COMMIT_ALG", "INVALID_URI", "CHUNK_TOO_LARGE", "UNAUTHENTICATED_CIPHER_FORBIDDEN", "UNSUPPORTED_AEAD_ALG", "NONCE_LENGTH_MISMATCH", "UNSUPPORTED_ENVELOPE_SCHEME", "ENC_SLOTS_EMPTY", "ENC_SLOT_INVALID_SHAPE", "UNSUPPORTED_KEM_ALG", "ENC_KEM_REQUIRED", "KEM_EPK_LENGTH_MISMATCH", "KEM_CT_LENGTH_MISMATCH", "WRAP_LENGTH_MISMATCH", "ENC_SLOTS_MAC_INVALID_LENGTH", "ENC_SLOTS_MAC_REQUIRED", "ENC_SLOTS_REQUIRED", "ENC_EXCLUSIVITY_VIOLATION", "ENC_NO_KEY_PATH", "ENC_REQUIRES_CONTENT_HASH", "ENC_PASSPHRASE_ALG_UNSUPPORTED", "ENC_PASSPHRASE_SALT_TOO_SHORT", "ENC_PASSPHRASE_SALT_TOO_LONG", "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW", "ENC_PASSPHRASE_PARAMS_EXCEED_POLICY", "MALFORMED_SIG_COSE_SIGN1", "SIGNATURE_UNSUPPORTED", "SIG_ENTRY_INVALID_SHAPE", "SIG_ENTRY_KID_COSE_KEY_CONFLICT", "SIG_PRIVATE_KEY_LEAKED", "SUPERSEDES_TX_INVALID_LENGTH", "EXTENSION_UNSUPPORTED_CRITICAL", "CRIT_SHAPE_INVALID"];
1
+ declare const STRUCTURAL_ERROR_CODES: readonly ["MALFORMED_CBOR", "SCHEMA_TYPE_MISMATCH", "SCHEMA_MISSING_REQUIRED", "SCHEMA_UNKNOWN_FIELD", "SCHEMA_INVALID_LITERAL", "SCHEMA_EMPTY_RECORD", "HASH_DIGEST_LENGTH_MISMATCH", "UNSUPPORTED_HASH_ALG", "UNSUPPORTED_MERKLE_COMMIT_ALG", "INVALID_URI", "CHUNK_TOO_LARGE", "UNAUTHENTICATED_CIPHER_FORBIDDEN", "UNSUPPORTED_AEAD_ALG", "NONCE_LENGTH_MISMATCH", "UNSUPPORTED_ENVELOPE_SCHEME", "ENC_SLOTS_EMPTY", "ENC_SLOT_INVALID_SHAPE", "ENC_SLOTS_DUPLICATE_KEM_MATERIAL", "ENC_SLOTS_TOO_MANY", "ENC_ENVELOPE_TOO_LARGE", "UNSUPPORTED_KEM_ALG", "ENC_KEM_REQUIRED", "KEM_EPK_LENGTH_MISMATCH", "KEM_CT_LENGTH_MISMATCH", "WRAP_LENGTH_MISMATCH", "ENC_SLOTS_MAC_INVALID_LENGTH", "ENC_SLOTS_MAC_REQUIRED", "ENC_SLOTS_REQUIRED", "ENC_EXCLUSIVITY_VIOLATION", "ENC_NO_KEY_PATH", "ENC_REQUIRES_CONTENT_HASH", "ENC_PASSPHRASE_ALG_UNSUPPORTED", "ENC_PASSPHRASE_SALT_TOO_SHORT", "ENC_PASSPHRASE_SALT_TOO_LONG", "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW", "ENC_PASSPHRASE_PARAMS_EXCEED_POLICY", "MALFORMED_SIG_COSE_SIGN1", "SIGNATURE_UNSUPPORTED", "SIG_ENTRY_INVALID_SHAPE", "SIG_ENTRY_KID_COSE_KEY_CONFLICT", "SIG_PRIVATE_KEY_LEAKED", "SUPERSEDES_TX_INVALID_LENGTH", "EXTENSION_UNSUPPORTED_CRITICAL", "CRIT_SHAPE_INVALID"];
2
2
  declare const VERIFIER_ERROR_CODES: readonly ["METADATA_NOT_FOUND", "INSUFFICIENT_CONFIRMATIONS", "SIGNATURE_INVALID", "SIGNER_KEY_UNRESOLVED", "WALLET_ADDRESS_MISMATCH", "URI_TARGET_FORBIDDEN", "URI_INTEGRITY_MISMATCH", "URI_FETCH_FAILED", "CONTENT_UNAVAILABLE", "CIPHERTEXT_UNAVAILABLE", "PROVIDER_UNAVAILABLE", "SERVICE_INDEPENDENCE_VIOLATION", "WRONG_DECRYPTION_INPUT_SHAPE", "WRONG_RECIPIENT_KEY", "TAMPERED_HEADER", "TAMPERED_CIPHERTEXT", "KDF_DERIVATION_FAILED", "SCHEMA_MERKLE_LEAF_COUNT_MISMATCH", "SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED", "SCHEMA_MERKLE_LEAVES_MALFORMED", "MERKLE_ROOT_MISMATCH", "MERKLE_LEAVES_UNAVAILABLE", "MERKLE_LEAVES_INFORMATIVE_FORM", "MERKLE_UNSUPPORTED", "OUT_OF_PROFILE_SKIPPED"];
3
- declare const ERROR_CODES: readonly ["MALFORMED_CBOR", "SCHEMA_TYPE_MISMATCH", "SCHEMA_MISSING_REQUIRED", "SCHEMA_UNKNOWN_FIELD", "SCHEMA_INVALID_LITERAL", "SCHEMA_EMPTY_RECORD", "HASH_DIGEST_LENGTH_MISMATCH", "UNSUPPORTED_HASH_ALG", "UNSUPPORTED_MERKLE_COMMIT_ALG", "INVALID_URI", "CHUNK_TOO_LARGE", "UNAUTHENTICATED_CIPHER_FORBIDDEN", "UNSUPPORTED_AEAD_ALG", "NONCE_LENGTH_MISMATCH", "UNSUPPORTED_ENVELOPE_SCHEME", "ENC_SLOTS_EMPTY", "ENC_SLOT_INVALID_SHAPE", "UNSUPPORTED_KEM_ALG", "ENC_KEM_REQUIRED", "KEM_EPK_LENGTH_MISMATCH", "KEM_CT_LENGTH_MISMATCH", "WRAP_LENGTH_MISMATCH", "ENC_SLOTS_MAC_INVALID_LENGTH", "ENC_SLOTS_MAC_REQUIRED", "ENC_SLOTS_REQUIRED", "ENC_EXCLUSIVITY_VIOLATION", "ENC_NO_KEY_PATH", "ENC_REQUIRES_CONTENT_HASH", "ENC_PASSPHRASE_ALG_UNSUPPORTED", "ENC_PASSPHRASE_SALT_TOO_SHORT", "ENC_PASSPHRASE_SALT_TOO_LONG", "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW", "ENC_PASSPHRASE_PARAMS_EXCEED_POLICY", "MALFORMED_SIG_COSE_SIGN1", "SIGNATURE_UNSUPPORTED", "SIG_ENTRY_INVALID_SHAPE", "SIG_ENTRY_KID_COSE_KEY_CONFLICT", "SIG_PRIVATE_KEY_LEAKED", "SUPERSEDES_TX_INVALID_LENGTH", "EXTENSION_UNSUPPORTED_CRITICAL", "CRIT_SHAPE_INVALID", "METADATA_NOT_FOUND", "INSUFFICIENT_CONFIRMATIONS", "SIGNATURE_INVALID", "SIGNER_KEY_UNRESOLVED", "WALLET_ADDRESS_MISMATCH", "URI_TARGET_FORBIDDEN", "URI_INTEGRITY_MISMATCH", "URI_FETCH_FAILED", "CONTENT_UNAVAILABLE", "CIPHERTEXT_UNAVAILABLE", "PROVIDER_UNAVAILABLE", "SERVICE_INDEPENDENCE_VIOLATION", "WRONG_DECRYPTION_INPUT_SHAPE", "WRONG_RECIPIENT_KEY", "TAMPERED_HEADER", "TAMPERED_CIPHERTEXT", "KDF_DERIVATION_FAILED", "SCHEMA_MERKLE_LEAF_COUNT_MISMATCH", "SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED", "SCHEMA_MERKLE_LEAVES_MALFORMED", "MERKLE_ROOT_MISMATCH", "MERKLE_LEAVES_UNAVAILABLE", "MERKLE_LEAVES_INFORMATIVE_FORM", "MERKLE_UNSUPPORTED", "OUT_OF_PROFILE_SKIPPED"];
3
+ declare const ERROR_CODES: readonly ["MALFORMED_CBOR", "SCHEMA_TYPE_MISMATCH", "SCHEMA_MISSING_REQUIRED", "SCHEMA_UNKNOWN_FIELD", "SCHEMA_INVALID_LITERAL", "SCHEMA_EMPTY_RECORD", "HASH_DIGEST_LENGTH_MISMATCH", "UNSUPPORTED_HASH_ALG", "UNSUPPORTED_MERKLE_COMMIT_ALG", "INVALID_URI", "CHUNK_TOO_LARGE", "UNAUTHENTICATED_CIPHER_FORBIDDEN", "UNSUPPORTED_AEAD_ALG", "NONCE_LENGTH_MISMATCH", "UNSUPPORTED_ENVELOPE_SCHEME", "ENC_SLOTS_EMPTY", "ENC_SLOT_INVALID_SHAPE", "ENC_SLOTS_DUPLICATE_KEM_MATERIAL", "ENC_SLOTS_TOO_MANY", "ENC_ENVELOPE_TOO_LARGE", "UNSUPPORTED_KEM_ALG", "ENC_KEM_REQUIRED", "KEM_EPK_LENGTH_MISMATCH", "KEM_CT_LENGTH_MISMATCH", "WRAP_LENGTH_MISMATCH", "ENC_SLOTS_MAC_INVALID_LENGTH", "ENC_SLOTS_MAC_REQUIRED", "ENC_SLOTS_REQUIRED", "ENC_EXCLUSIVITY_VIOLATION", "ENC_NO_KEY_PATH", "ENC_REQUIRES_CONTENT_HASH", "ENC_PASSPHRASE_ALG_UNSUPPORTED", "ENC_PASSPHRASE_SALT_TOO_SHORT", "ENC_PASSPHRASE_SALT_TOO_LONG", "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW", "ENC_PASSPHRASE_PARAMS_EXCEED_POLICY", "MALFORMED_SIG_COSE_SIGN1", "SIGNATURE_UNSUPPORTED", "SIG_ENTRY_INVALID_SHAPE", "SIG_ENTRY_KID_COSE_KEY_CONFLICT", "SIG_PRIVATE_KEY_LEAKED", "SUPERSEDES_TX_INVALID_LENGTH", "EXTENSION_UNSUPPORTED_CRITICAL", "CRIT_SHAPE_INVALID", "METADATA_NOT_FOUND", "INSUFFICIENT_CONFIRMATIONS", "SIGNATURE_INVALID", "SIGNER_KEY_UNRESOLVED", "WALLET_ADDRESS_MISMATCH", "URI_TARGET_FORBIDDEN", "URI_INTEGRITY_MISMATCH", "URI_FETCH_FAILED", "CONTENT_UNAVAILABLE", "CIPHERTEXT_UNAVAILABLE", "PROVIDER_UNAVAILABLE", "SERVICE_INDEPENDENCE_VIOLATION", "WRONG_DECRYPTION_INPUT_SHAPE", "WRONG_RECIPIENT_KEY", "TAMPERED_HEADER", "TAMPERED_CIPHERTEXT", "KDF_DERIVATION_FAILED", "SCHEMA_MERKLE_LEAF_COUNT_MISMATCH", "SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED", "SCHEMA_MERKLE_LEAVES_MALFORMED", "MERKLE_ROOT_MISMATCH", "MERKLE_LEAVES_UNAVAILABLE", "MERKLE_LEAVES_INFORMATIVE_FORM", "MERKLE_UNSUPPORTED", "OUT_OF_PROFILE_SKIPPED"];
4
4
  type StructuralErrorCode = (typeof STRUCTURAL_ERROR_CODES)[number];
5
5
  type VerifierErrorCode = (typeof VERIFIER_ERROR_CODES)[number];
6
6
  type ErrorCode = (typeof ERROR_CODES)[number];
package/dist/error-codes.js CHANGED
@@ -29,6 +29,9 @@ var STRUCTURAL_ERROR_CODES = [
29
29
  "UNSUPPORTED_ENVELOPE_SCHEME",
30
30
  "ENC_SLOTS_EMPTY",
31
31
  "ENC_SLOT_INVALID_SHAPE",
32
+ "ENC_SLOTS_DUPLICATE_KEM_MATERIAL",
33
+ "ENC_SLOTS_TOO_MANY",
34
+ "ENC_ENVELOPE_TOO_LARGE",
32
35
  "UNSUPPORTED_KEM_ALG",
33
36
  "ENC_KEM_REQUIRED",
34
37
  "KEM_EPK_LENGTH_MISMATCH",
@@ -104,6 +107,9 @@ var SEVERITY = Object.freeze({
104
107
  UNSUPPORTED_ENVELOPE_SCHEME: "error",
105
108
  ENC_SLOTS_EMPTY: "error",
106
109
  ENC_SLOT_INVALID_SHAPE: "error",
110
+ ENC_SLOTS_DUPLICATE_KEM_MATERIAL: "error",
111
+ ENC_SLOTS_TOO_MANY: "error",
112
+ ENC_ENVELOPE_TOO_LARGE: "error",
107
113
  UNSUPPORTED_KEM_ALG: "error",
108
114
  ENC_KEM_REQUIRED: "error",
109
115
  KEM_EPK_LENGTH_MISMATCH: "error",
package/dist/error-codes.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/error-codes.ts"],"names":[],"mappings":";AAgBO,IAAM,sBAAA,GAAyB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKpC,gBAAA;AAAA;AAAA,EAEA,sBAAA;AAAA,EACA,yBAAA;AAAA,EACA,sBAAA;AAAA,EACA,wBAAA;AAAA,EACA,qBAAA;AAAA;AAAA,EAEA,6BAAA;AAAA,EACA,sBAAA;AAAA;AAAA,EAEA,+BAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAA;AAAA,EACA,iBAAA;AAAA;AAAA,EAEA,kCAAA;AAAA,EACA,sBAAA;AAAA,EACA,uBAAA;AAAA,EACA,6BAAA;AAAA,EACA,iBAAA;AAAA,EACA,wBAAA;AAAA,EACA,qBAAA;AAAA,EACA,kBAAA;AAAA,EACA,yBAAA;AAAA,EACA,wBAAA;AAAA,EACA,sBAAA;AAAA,EACA,8BAAA;AAAA,EACA,wBAAA;AAAA,EACA,oBAAA;AAAA,EACA,2BAAA;AAAA,EACA,iBAAA;AAAA,EACA,2BAAA;AAAA,EACA,gCAAA;AAAA,EACA,+BAAA;AAAA,EACA,8BAAA;AAAA,EACA,sCAAA;AAAA,EACA,qCAAA;AAAA;AAAA,EAEA,0BAAA;AAAA,EACA,uBAAA;AAAA,EACA,yBAAA;AAAA,EACA,iCAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EAEA,8BAAA;AAAA;AAAA,EAEA,gCAAA;AAAA,EACA;AACF;AAOO,IAAM,oBAAA,GAAuB;AAAA,EAClC,oBAAA;AAAA,EACA,4BAAA;AAAA,EACA,mBAAA;AAAA,EACA,uBAAA;AAAA,EACA,yBAAA;AAAA,EACA,sBAAA;AAAA,EACA,wBAAA;AAAA,EACA,kBAAA;AAAA,EACA,qBAAA;AAAA,EACA,wBAAA;AAAA,EACA,sBAAA;AAAA,EACA,gCAAA;AAAA,EACA,8BAAA;AAAA,EACA,qBAAA;AAAA,EACA,iBAAA;AAAA,EACA,qBAAA;AAAA,EACA,uBAAA;AAAA,EACA,mCAAA;AAAA,EACA,yCAAA;AAAA,EACA,gCAAA;AAAA,EACA,sBAAA;AAAA,EACA,2BAAA;AAAA,EACA,gCAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF;AAEO,IAAM,WAAA,GAAc,CAAC,GAAG,sBAAA,EAAwB,GAAG,oBAAoB;AAqBvE,IAAM,QAAA,GAAkD,OAAO,MAAA,CAAO;AAAA;AAAA,EAE3E,cAAA,EAAgB,OAAA;AAAA,EAChB,oBAAA,EAAsB,OAAA;AAAA,EACtB,uBAAA,EAAyB,OAAA;AAAA,EACzB,oBAAA,EAAsB,OAAA;AAAA,EACtB,sBAAA,EAAwB,OAAA;AAAA,EACxB,mBAAA,EAAqB,OAAA;AAAA,EACrB,2BAAA,EAA6B,OAAA;AAAA,EAC7B,oBAAA,EAAsB,OAAA;AAAA,EACtB,6BAAA,EAA+B,OAAA;AAAA,EAC/B,WAAA,EAAa,OAAA;AAAA,EACb,eAAA,EAAiB,OAAA;AAAA,EACjB,gCAAA,EAAkC,OAAA;AAAA,EAClC,oBAAA,EAAsB,OAAA;AAAA,EACtB,qBAAA,EAAuB,OAAA;AAAA,EACvB,2BAAA,EAA6B,OAAA;AAAA,EAC7B,eAAA,EAAiB,OAAA;AAAA,EACjB,sBAAA,EAAwB,OAAA;AAAA,EACxB,mBAAA,EAAqB,OAAA;AAAA,EACrB,gBAAA,EAAkB,OAAA;AAAA,EAClB,uBAAA,EAAyB,OAAA;AAAA,EACzB,sBAAA,EAAwB,OAAA;AAAA,EACxB,oBAAA,EAAsB,OAAA;AAAA,EACtB,4BAAA,EAA8B,OAAA;AAAA,EAC9B,sBAAA,EAAwB,OAAA;AAAA,EACxB,kBAAA,EAAoB,OAAA;AAAA,EACpB,yBAAA,EAA2B,OAAA;AAAA,EAC3B,eAAA,EAAiB,OAAA;AAAA,EACjB,yBAAA,EAA2B,OAAA;AAAA,EAC3B,8BAAA,EAAgC,OAAA;AAAA,EAChC,6BAAA,EAA+B,OAAA;AAAA,EAC/B,4BAAA,EAA8B,OAAA;AAAA,EAC9B,oCAAA,EAAsC,OAAA;AAAA,EACtC,mCAAA,EAAqC,OAAA;AAAA,EACrC,wBAAA,EAA0B,OAAA;AAAA,EAC1B,qBAAA,EAAuB,MAAA;AAAA,EACvB,uBAAA,EAAyB,OAAA;AAAA,EACzB,+BAAA,EAAiC,OAAA;AAAA,EACjC,sBAAA,EAAwB,OAAA;AAAA,EACxB,4BAAA,EAA8B,OAAA;AAAA,EAC9B,8BAAA,EAAgC,OAAA;AAAA,EAChC,kBAAA,EAAoB,OAAA;AAAA;AAAA,EAEpB,kBAAA,EAAoB,OAAA;AAAA,EACpB,0BAAA,EAA4B,MAAA;AAAA,EAC5B,iBAAA,EAAmB,OAAA;AAAA,EACnB,qBAAA,EAAuB,OAAA;AAAA,EACvB,uBAAA,EAAyB,OAAA;AAAA,EACzB,oBAAA,EAAsB,OAAA;AAAA,EACtB,sBAAA,EAAwB,OAAA;AAAA,EACxB,gBAAA,EAAkB,SAAA;AAAA,EAClB,mBAAA,EAAqB,OAAA;AAAA,EACrB,sBAAA,EAAwB,OAAA;AAAA,EACxB,oBAAA,EAAsB,OAAA;AAAA,EACtB,8BAAA,EAAgC,OAAA;AAAA,EAChC,4BAAA,EAA8B,OAAA;AAAA,EAC9B,mBAAA,EAAqB,OAAA;AAAA,EACrB,eAAA,EAAiB,OAAA;AAAA,EACjB,mBAAA,EAAqB,OAAA;AAAA,EACrB,qBAAA,EAAuB,OAAA;AAAA,EACvB,iCAAA,EAAmC,OAAA;AAAA,EACnC,uCAAA,EAAyC,OAAA;AAAA,EACzC,8BAAA,EAAgC,OAAA;AAAA,EAChC,oBAAA,EAAsB,OAAA;AAAA,EACtB,yBAAA,EAA2B,SAAA;AAAA,EAC3B,8BAAA,EAAgC,MAAA;AAAA;AAAA;AAAA;AAAA,EAIhC,kBAAA,EAAoB,MAAA;AAAA;AAAA;AAAA,EAGpB,sBAAA,EAAwB;AAC1B,CAAC;AAEM,SAAS,WAAW,IAAA,EAA2B;AACpD,EAAA,OAAO,SAAS,IAAI,CAAA;AACtB","file":"error-codes.js","sourcesContent":["// Label 309 v1 error-code catalogue — single source of truth for the\n// structural-validator codes (Part A) and the verifier-layer codes (Part B)\n// that downstream verifiers re-export from this package.\n//\n// The structural validator emits ONLY Part A codes. Part B codes are\n// re-exported so consumers can `import { ErrorCode } from '@cardanowall/poe-standard'`\n// and dispatch on a single union type without round-tripping through the\n// verifier package.\n//\n// Codes are SCREAMING_SNAKE_CASE and MUST match the canonical taxonomy\n// byte-exact across the TS/PY/RS implementations — no lowercase synonyms,\n// no `schema_*`-prefixed parser-internal codes.\n\n// =============================================================================\n// Part A — structural validator codes\n// =============================================================================\nexport const STRUCTURAL_ERROR_CODES = [\n // CBOR decode layer. A single code covers every canonical-decode failure —\n // malformed/truncated bytes, indefinite-length encodings, non-canonical\n // (unsorted) map-key ordering, duplicate map keys, non-minimal integers, and\n // invalid UTF-8 — by design (no separate duplicate-key code).\n 'MALFORMED_CBOR',\n // Generic schema-layer\n 'SCHEMA_TYPE_MISMATCH',\n 'SCHEMA_MISSING_REQUIRED',\n 'SCHEMA_UNKNOWN_FIELD',\n 'SCHEMA_INVALID_LITERAL',\n 'SCHEMA_EMPTY_RECORD',\n // Hash-map\n 'HASH_DIGEST_LENGTH_MISMATCH',\n 'UNSUPPORTED_HASH_ALG',\n // Top-level `merkle[]`\n 'UNSUPPORTED_MERKLE_COMMIT_ALG',\n // URI / chunking. A chunk whose bytes do not reconstruct to valid UTF-8\n // surfaces as MALFORMED_CBOR at decode (cbor2 rejects invalid-UTF-8 tstr)\n // or, in the residual reconstruct guard, as INVALID_URI — there is no\n // separate codepoint-split code.\n 'INVALID_URI',\n 'CHUNK_TOO_LARGE',\n // Encryption envelope\n 'UNAUTHENTICATED_CIPHER_FORBIDDEN',\n 'UNSUPPORTED_AEAD_ALG',\n 'NONCE_LENGTH_MISMATCH',\n 'UNSUPPORTED_ENVELOPE_SCHEME',\n 'ENC_SLOTS_EMPTY',\n 'ENC_SLOT_INVALID_SHAPE',\n 'UNSUPPORTED_KEM_ALG',\n 'ENC_KEM_REQUIRED',\n 'KEM_EPK_LENGTH_MISMATCH',\n 'KEM_CT_LENGTH_MISMATCH',\n 'WRAP_LENGTH_MISMATCH',\n 'ENC_SLOTS_MAC_INVALID_LENGTH',\n 'ENC_SLOTS_MAC_REQUIRED',\n 'ENC_SLOTS_REQUIRED',\n 'ENC_EXCLUSIVITY_VIOLATION',\n 'ENC_NO_KEY_PATH',\n 'ENC_REQUIRES_CONTENT_HASH',\n 'ENC_PASSPHRASE_ALG_UNSUPPORTED',\n 'ENC_PASSPHRASE_SALT_TOO_SHORT',\n 'ENC_PASSPHRASE_SALT_TOO_LONG',\n 'ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW',\n 'ENC_PASSPHRASE_PARAMS_EXCEED_POLICY',\n // Signatures\n 'MALFORMED_SIG_COSE_SIGN1',\n 'SIGNATURE_UNSUPPORTED',\n 'SIG_ENTRY_INVALID_SHAPE',\n 'SIG_ENTRY_KID_COSE_KEY_CONFLICT',\n 'SIG_PRIVATE_KEY_LEAKED',\n // Supersedence\n 'SUPERSEDES_TX_INVALID_LENGTH',\n // Forward-compat critical extensions\n 'EXTENSION_UNSUPPORTED_CRITICAL',\n 'CRIT_SHAPE_INVALID',\n] as const;\n\n// =============================================================================\n// Part B — verifier-layer codes\n// Re-exported so downstream verifiers can dispatch on a single union.\n// The structural validator NEVER emits these.\n// =============================================================================\nexport const VERIFIER_ERROR_CODES = [\n 'METADATA_NOT_FOUND',\n 'INSUFFICIENT_CONFIRMATIONS',\n 'SIGNATURE_INVALID',\n 'SIGNER_KEY_UNRESOLVED',\n 'WALLET_ADDRESS_MISMATCH',\n 'URI_TARGET_FORBIDDEN',\n 'URI_INTEGRITY_MISMATCH',\n 'URI_FETCH_FAILED',\n 'CONTENT_UNAVAILABLE',\n 'CIPHERTEXT_UNAVAILABLE',\n 'PROVIDER_UNAVAILABLE',\n 'SERVICE_INDEPENDENCE_VIOLATION',\n 'WRONG_DECRYPTION_INPUT_SHAPE',\n 'WRONG_RECIPIENT_KEY',\n 'TAMPERED_HEADER',\n 'TAMPERED_CIPHERTEXT',\n 'KDF_DERIVATION_FAILED',\n 'SCHEMA_MERKLE_LEAF_COUNT_MISMATCH',\n 'SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED',\n 'SCHEMA_MERKLE_LEAVES_MALFORMED',\n 'MERKLE_ROOT_MISMATCH',\n 'MERKLE_LEAVES_UNAVAILABLE',\n 'MERKLE_LEAVES_INFORMATIVE_FORM',\n 'MERKLE_UNSUPPORTED',\n 'OUT_OF_PROFILE_SKIPPED',\n] as const;\n\nexport const ERROR_CODES = [...STRUCTURAL_ERROR_CODES, ...VERIFIER_ERROR_CODES] as const;\n\nexport type StructuralErrorCode = (typeof STRUCTURAL_ERROR_CODES)[number];\nexport type VerifierErrorCode = (typeof VERIFIER_ERROR_CODES)[number];\nexport type ErrorCode = (typeof ERROR_CODES)[number];\n\n// Severity classification. Codes not listed are `error` by default.\n//\n// `info` — a deliberate non-check (algorithm out of profile, unrecognised\n// signature algorithm at the opt-in informational tier).\n//\n// `warning` — a non-fatal anomaly that occurred at runtime but did not\n// invalidate the record (e.g. a transient gateway failure, partial leaves\n// availability).\n//\n// `MERKLE_UNSUPPORTED` / `OUT_OF_PROFILE_SKIPPED` carry dual severity\n// (`info` when another commitment was validated; `error` for the\n// merkle-only / strict-mode case). The verifier emits the resolved severity\n// per-issue; this map records the default `info` reading.\nexport type Severity = 'error' | 'warning' | 'info';\n\nexport const SEVERITY: Readonly<Record<ErrorCode, Severity>> = Object.freeze({\n // --- Part A ---\n MALFORMED_CBOR: 'error',\n SCHEMA_TYPE_MISMATCH: 'error',\n SCHEMA_MISSING_REQUIRED: 'error',\n SCHEMA_UNKNOWN_FIELD: 'error',\n SCHEMA_INVALID_LITERAL: 'error',\n SCHEMA_EMPTY_RECORD: 'error',\n HASH_DIGEST_LENGTH_MISMATCH: 'error',\n UNSUPPORTED_HASH_ALG: 'error',\n UNSUPPORTED_MERKLE_COMMIT_ALG: 'error',\n INVALID_URI: 'error',\n CHUNK_TOO_LARGE: 'error',\n UNAUTHENTICATED_CIPHER_FORBIDDEN: 'error',\n UNSUPPORTED_AEAD_ALG: 'error',\n NONCE_LENGTH_MISMATCH: 'error',\n UNSUPPORTED_ENVELOPE_SCHEME: 'error',\n ENC_SLOTS_EMPTY: 'error',\n ENC_SLOT_INVALID_SHAPE: 'error',\n UNSUPPORTED_KEM_ALG: 'error',\n ENC_KEM_REQUIRED: 'error',\n KEM_EPK_LENGTH_MISMATCH: 'error',\n KEM_CT_LENGTH_MISMATCH: 'error',\n WRAP_LENGTH_MISMATCH: 'error',\n ENC_SLOTS_MAC_INVALID_LENGTH: 'error',\n ENC_SLOTS_MAC_REQUIRED: 'error',\n ENC_SLOTS_REQUIRED: 'error',\n ENC_EXCLUSIVITY_VIOLATION: 'error',\n ENC_NO_KEY_PATH: 'error',\n ENC_REQUIRES_CONTENT_HASH: 'error',\n ENC_PASSPHRASE_ALG_UNSUPPORTED: 'error',\n ENC_PASSPHRASE_SALT_TOO_SHORT: 'error',\n ENC_PASSPHRASE_SALT_TOO_LONG: 'error',\n ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW: 'error',\n ENC_PASSPHRASE_PARAMS_EXCEED_POLICY: 'error',\n MALFORMED_SIG_COSE_SIGN1: 'error',\n SIGNATURE_UNSUPPORTED: 'info',\n SIG_ENTRY_INVALID_SHAPE: 'error',\n SIG_ENTRY_KID_COSE_KEY_CONFLICT: 'error',\n SIG_PRIVATE_KEY_LEAKED: 'error',\n SUPERSEDES_TX_INVALID_LENGTH: 'error',\n EXTENSION_UNSUPPORTED_CRITICAL: 'error',\n CRIT_SHAPE_INVALID: 'error',\n // --- Part B ---\n METADATA_NOT_FOUND: 'error',\n INSUFFICIENT_CONFIRMATIONS: 'info',\n SIGNATURE_INVALID: 'error',\n SIGNER_KEY_UNRESOLVED: 'error',\n WALLET_ADDRESS_MISMATCH: 'error',\n URI_TARGET_FORBIDDEN: 'error',\n URI_INTEGRITY_MISMATCH: 'error',\n URI_FETCH_FAILED: 'warning',\n CONTENT_UNAVAILABLE: 'error',\n CIPHERTEXT_UNAVAILABLE: 'error',\n PROVIDER_UNAVAILABLE: 'error',\n SERVICE_INDEPENDENCE_VIOLATION: 'error',\n WRONG_DECRYPTION_INPUT_SHAPE: 'error',\n WRONG_RECIPIENT_KEY: 'error',\n TAMPERED_HEADER: 'error',\n TAMPERED_CIPHERTEXT: 'error',\n KDF_DERIVATION_FAILED: 'error',\n SCHEMA_MERKLE_LEAF_COUNT_MISMATCH: 'error',\n SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED: 'error',\n SCHEMA_MERKLE_LEAVES_MALFORMED: 'error',\n MERKLE_ROOT_MISMATCH: 'error',\n MERKLE_LEAVES_UNAVAILABLE: 'warning',\n MERKLE_LEAVES_INFORMATIVE_FORM: 'info',\n // Dual-severity — default reading is `info`; the verifier promotes to\n // `error` for merkle-only records (no `items[]` content claim was\n // validated in the same record).\n MERKLE_UNSUPPORTED: 'info',\n // Dual-severity — default reading is `info` (render mode); strict\n // end-to-end verifiers promote to `error`.\n OUT_OF_PROFILE_SKIPPED: 'info',\n});\n\nexport function severityOf(code: ErrorCode): Severity {\n return SEVERITY[code];\n}\n"]}
1
+ {"version":3,"sources":["../src/error-codes.ts"],"names":[],"mappings":";AAgBO,IAAM,sBAAA,GAAyB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKpC,gBAAA;AAAA;AAAA,EAEA,sBAAA;AAAA,EACA,yBAAA;AAAA,EACA,sBAAA;AAAA,EACA,wBAAA;AAAA,EACA,qBAAA;AAAA;AAAA,EAEA,6BAAA;AAAA,EACA,sBAAA;AAAA;AAAA,EAEA,+BAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAA;AAAA,EACA,iBAAA;AAAA;AAAA,EAEA,kCAAA;AAAA,EACA,sBAAA;AAAA,EACA,uBAAA;AAAA,EACA,6BAAA;AAAA,EACA,iBAAA;AAAA,EACA,wBAAA;AAAA,EACA,kCAAA;AAAA,EACA,oBAAA;AAAA,EACA,wBAAA;AAAA,EACA,qBAAA;AAAA,EACA,kBAAA;AAAA,EACA,yBAAA;AAAA,EACA,wBAAA;AAAA,EACA,sBAAA;AAAA,EACA,8BAAA;AAAA,EACA,wBAAA;AAAA,EACA,oBAAA;AAAA,EACA,2BAAA;AAAA,EACA,iBAAA;AAAA,EACA,2BAAA;AAAA,EACA,gCAAA;AAAA,EACA,+BAAA;AAAA,EACA,8BAAA;AAAA,EACA,sCAAA;AAAA,EACA,qCAAA;AAAA;AAAA,EAEA,0BAAA;AAAA,EACA,uBAAA;AAAA,EACA,yBAAA;AAAA,EACA,iCAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EAEA,8BAAA;AAAA;AAAA,EAEA,gCAAA;AAAA,EACA;AACF;AAOO,IAAM,oBAAA,GAAuB;AAAA,EAClC,oBAAA;AAAA,EACA,4BAAA;AAAA,EACA,mBAAA;AAAA,EACA,uBAAA;AAAA,EACA,yBAAA;AAAA,EACA,sBAAA;AAAA,EACA,wBAAA;AAAA,EACA,kBAAA;AAAA,EACA,qBAAA;AAAA,EACA,wBAAA;AAAA,EACA,sBAAA;AAAA,EACA,gCAAA;AAAA,EACA,8BAAA;AAAA,EACA,qBAAA;AAAA,EACA,iBAAA;AAAA,EACA,qBAAA;AAAA,EACA,uBAAA;AAAA,EACA,mCAAA;AAAA,EACA,yCAAA;AAAA,EACA,gCAAA;AAAA,EACA,sBAAA;AAAA,EACA,2BAAA;AAAA,EACA,gCAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF;AAEO,IAAM,WAAA,GAAc,CAAC,GAAG,sBAAA,EAAwB,GAAG,oBAAoB;AAqBvE,IAAM,QAAA,GAAkD,OAAO,MAAA,CAAO;AAAA;AAAA,EAE3E,cAAA,EAAgB,OAAA;AAAA,EAChB,oBAAA,EAAsB,OAAA;AAAA,EACtB,uBAAA,EAAyB,OAAA;AAAA,EACzB,oBAAA,EAAsB,OAAA;AAAA,EACtB,sBAAA,EAAwB,OAAA;AAAA,EACxB,mBAAA,EAAqB,OAAA;AAAA,EACrB,2BAAA,EAA6B,OAAA;AAAA,EAC7B,oBAAA,EAAsB,OAAA;AAAA,EACtB,6BAAA,EAA+B,OAAA;AAAA,EAC/B,WAAA,EAAa,OAAA;AAAA,EACb,eAAA,EAAiB,OAAA;AAAA,EACjB,gCAAA,EAAkC,OAAA;AAAA,EAClC,oBAAA,EAAsB,OAAA;AAAA,EACtB,qBAAA,EAAuB,OAAA;AAAA,EACvB,2BAAA,EAA6B,OAAA;AAAA,EAC7B,eAAA,EAAiB,OAAA;AAAA,EACjB,sBAAA,EAAwB,OAAA;AAAA,EACxB,gCAAA,EAAkC,OAAA;AAAA,EAClC,kBAAA,EAAoB,OAAA;AAAA,EACpB,sBAAA,EAAwB,OAAA;AAAA,EACxB,mBAAA,EAAqB,OAAA;AAAA,EACrB,gBAAA,EAAkB,OAAA;AAAA,EAClB,uBAAA,EAAyB,OAAA;AAAA,EACzB,sBAAA,EAAwB,OAAA;AAAA,EACxB,oBAAA,EAAsB,OAAA;AAAA,EACtB,4BAAA,EAA8B,OAAA;AAAA,EAC9B,sBAAA,EAAwB,OAAA;AAAA,EACxB,kBAAA,EAAoB,OAAA;AAAA,EACpB,yBAAA,EAA2B,OAAA;AAAA,EAC3B,eAAA,EAAiB,OAAA;AAAA,EACjB,yBAAA,EAA2B,OAAA;AAAA,EAC3B,8BAAA,EAAgC,OAAA;AAAA,EAChC,6BAAA,EAA+B,OAAA;AAAA,EAC/B,4BAAA,EAA8B,OAAA;AAAA,EAC9B,oCAAA,EAAsC,OAAA;AAAA,EACtC,mCAAA,EAAqC,OAAA;AAAA,EACrC,wBAAA,EAA0B,OAAA;AAAA,EAC1B,qBAAA,EAAuB,MAAA;AAAA,EACvB,uBAAA,EAAyB,OAAA;AAAA,EACzB,+BAAA,EAAiC,OAAA;AAAA,EACjC,sBAAA,EAAwB,OAAA;AAAA,EACxB,4BAAA,EAA8B,OAAA;AAAA,EAC9B,8BAAA,EAAgC,OAAA;AAAA,EAChC,kBAAA,EAAoB,OAAA;AAAA;AAAA,EAEpB,kBAAA,EAAoB,OAAA;AAAA,EACpB,0BAAA,EAA4B,MAAA;AAAA,EAC5B,iBAAA,EAAmB,OAAA;AAAA,EACnB,qBAAA,EAAuB,OAAA;AAAA,EACvB,uBAAA,EAAyB,OAAA;AAAA,EACzB,oBAAA,EAAsB,OAAA;AAAA,EACtB,sBAAA,EAAwB,OAAA;AAAA,EACxB,gBAAA,EAAkB,SAAA;AAAA,EAClB,mBAAA,EAAqB,OAAA;AAAA,EACrB,sBAAA,EAAwB,OAAA;AAAA,EACxB,oBAAA,EAAsB,OAAA;AAAA,EACtB,8BAAA,EAAgC,OAAA;AAAA,EAChC,4BAAA,EAA8B,OAAA;AAAA,EAC9B,mBAAA,EAAqB,OAAA;AAAA,EACrB,eAAA,EAAiB,OAAA;AAAA,EACjB,mBAAA,EAAqB,OAAA;AAAA,EACrB,qBAAA,EAAuB,OAAA;AAAA,EACvB,iCAAA,EAAmC,OAAA;AAAA,EACnC,uCAAA,EAAyC,OAAA;AAAA,EACzC,8BAAA,EAAgC,OAAA;AAAA,EAChC,oBAAA,EAAsB,OAAA;AAAA,EACtB,yBAAA,EAA2B,SAAA;AAAA,EAC3B,8BAAA,EAAgC,MAAA;AAAA;AAAA;AAAA;AAAA,EAIhC,kBAAA,EAAoB,MAAA;AAAA;AAAA;AAAA,EAGpB,sBAAA,EAAwB;AAC1B,CAAC;AAEM,SAAS,WAAW,IAAA,EAA2B;AACpD,EAAA,OAAO,SAAS,IAAI,CAAA;AACtB","file":"error-codes.js","sourcesContent":["// Label 309 v1 error-code catalogue — single source of truth for the\n// structural-validator codes (Part A) and the verifier-layer codes (Part B)\n// that downstream verifiers re-export from this package.\n//\n// The structural validator emits ONLY Part A codes. Part B codes are\n// re-exported so consumers can `import { ErrorCode } from '@cardanowall/poe-standard'`\n// and dispatch on a single union type without round-tripping through the\n// verifier package.\n//\n// Codes are SCREAMING_SNAKE_CASE and MUST match the canonical taxonomy\n// byte-exact across the TS/PY/RS implementations — no lowercase synonyms,\n// no `schema_*`-prefixed parser-internal codes.\n\n// =============================================================================\n// Part A — structural validator codes\n// =============================================================================\nexport const STRUCTURAL_ERROR_CODES = [\n // CBOR decode layer. A single code covers every canonical-decode failure —\n // malformed/truncated bytes, indefinite-length encodings, non-canonical\n // (unsorted) map-key ordering, duplicate map keys, non-minimal integers, and\n // invalid UTF-8 — by design (no separate duplicate-key code).\n 'MALFORMED_CBOR',\n // Generic schema-layer\n 'SCHEMA_TYPE_MISMATCH',\n 'SCHEMA_MISSING_REQUIRED',\n 'SCHEMA_UNKNOWN_FIELD',\n 'SCHEMA_INVALID_LITERAL',\n 'SCHEMA_EMPTY_RECORD',\n // Hash-map\n 'HASH_DIGEST_LENGTH_MISMATCH',\n 'UNSUPPORTED_HASH_ALG',\n // Top-level `merkle[]`\n 'UNSUPPORTED_MERKLE_COMMIT_ALG',\n // URI / chunking. A chunk whose bytes do not reconstruct to valid UTF-8\n // surfaces as MALFORMED_CBOR at decode (cbor2 rejects invalid-UTF-8 tstr)\n // or, in the residual reconstruct guard, as INVALID_URI — there is no\n // separate codepoint-split code.\n 'INVALID_URI',\n 'CHUNK_TOO_LARGE',\n // Encryption envelope\n 'UNAUTHENTICATED_CIPHER_FORBIDDEN',\n 'UNSUPPORTED_AEAD_ALG',\n 'NONCE_LENGTH_MISMATCH',\n 'UNSUPPORTED_ENVELOPE_SCHEME',\n 'ENC_SLOTS_EMPTY',\n 'ENC_SLOT_INVALID_SHAPE',\n 'ENC_SLOTS_DUPLICATE_KEM_MATERIAL',\n 'ENC_SLOTS_TOO_MANY',\n 'ENC_ENVELOPE_TOO_LARGE',\n 'UNSUPPORTED_KEM_ALG',\n 'ENC_KEM_REQUIRED',\n 'KEM_EPK_LENGTH_MISMATCH',\n 'KEM_CT_LENGTH_MISMATCH',\n 'WRAP_LENGTH_MISMATCH',\n 'ENC_SLOTS_MAC_INVALID_LENGTH',\n 'ENC_SLOTS_MAC_REQUIRED',\n 'ENC_SLOTS_REQUIRED',\n 'ENC_EXCLUSIVITY_VIOLATION',\n 'ENC_NO_KEY_PATH',\n 'ENC_REQUIRES_CONTENT_HASH',\n 'ENC_PASSPHRASE_ALG_UNSUPPORTED',\n 'ENC_PASSPHRASE_SALT_TOO_SHORT',\n 'ENC_PASSPHRASE_SALT_TOO_LONG',\n 'ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW',\n 'ENC_PASSPHRASE_PARAMS_EXCEED_POLICY',\n // Signatures\n 'MALFORMED_SIG_COSE_SIGN1',\n 'SIGNATURE_UNSUPPORTED',\n 'SIG_ENTRY_INVALID_SHAPE',\n 'SIG_ENTRY_KID_COSE_KEY_CONFLICT',\n 'SIG_PRIVATE_KEY_LEAKED',\n // Supersedence\n 'SUPERSEDES_TX_INVALID_LENGTH',\n // Forward-compat critical extensions\n 'EXTENSION_UNSUPPORTED_CRITICAL',\n 'CRIT_SHAPE_INVALID',\n] as const;\n\n// =============================================================================\n// Part B — verifier-layer codes\n// Re-exported so downstream verifiers can dispatch on a single union.\n// The structural validator NEVER emits these.\n// =============================================================================\nexport const VERIFIER_ERROR_CODES = [\n 'METADATA_NOT_FOUND',\n 'INSUFFICIENT_CONFIRMATIONS',\n 'SIGNATURE_INVALID',\n 'SIGNER_KEY_UNRESOLVED',\n 'WALLET_ADDRESS_MISMATCH',\n 'URI_TARGET_FORBIDDEN',\n 'URI_INTEGRITY_MISMATCH',\n 'URI_FETCH_FAILED',\n 'CONTENT_UNAVAILABLE',\n 'CIPHERTEXT_UNAVAILABLE',\n 'PROVIDER_UNAVAILABLE',\n 'SERVICE_INDEPENDENCE_VIOLATION',\n 'WRONG_DECRYPTION_INPUT_SHAPE',\n 'WRONG_RECIPIENT_KEY',\n 'TAMPERED_HEADER',\n 'TAMPERED_CIPHERTEXT',\n 'KDF_DERIVATION_FAILED',\n 'SCHEMA_MERKLE_LEAF_COUNT_MISMATCH',\n 'SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED',\n 'SCHEMA_MERKLE_LEAVES_MALFORMED',\n 'MERKLE_ROOT_MISMATCH',\n 'MERKLE_LEAVES_UNAVAILABLE',\n 'MERKLE_LEAVES_INFORMATIVE_FORM',\n 'MERKLE_UNSUPPORTED',\n 'OUT_OF_PROFILE_SKIPPED',\n] as const;\n\nexport const ERROR_CODES = [...STRUCTURAL_ERROR_CODES, ...VERIFIER_ERROR_CODES] as const;\n\nexport type StructuralErrorCode = (typeof STRUCTURAL_ERROR_CODES)[number];\nexport type VerifierErrorCode = (typeof VERIFIER_ERROR_CODES)[number];\nexport type ErrorCode = (typeof ERROR_CODES)[number];\n\n// Severity classification. Codes not listed are `error` by default.\n//\n// `info` — a deliberate non-check (algorithm out of profile, unrecognised\n// signature algorithm at the opt-in informational tier).\n//\n// `warning` — a non-fatal anomaly that occurred at runtime but did not\n// invalidate the record (e.g. a transient gateway failure, partial leaves\n// availability).\n//\n// `MERKLE_UNSUPPORTED` / `OUT_OF_PROFILE_SKIPPED` carry dual severity\n// (`info` when another commitment was validated; `error` for the\n// merkle-only / strict-mode case). The verifier emits the resolved severity\n// per-issue; this map records the default `info` reading.\nexport type Severity = 'error' | 'warning' | 'info';\n\nexport const SEVERITY: Readonly<Record<ErrorCode, Severity>> = Object.freeze({\n // --- Part A ---\n MALFORMED_CBOR: 'error',\n SCHEMA_TYPE_MISMATCH: 'error',\n SCHEMA_MISSING_REQUIRED: 'error',\n SCHEMA_UNKNOWN_FIELD: 'error',\n SCHEMA_INVALID_LITERAL: 'error',\n SCHEMA_EMPTY_RECORD: 'error',\n HASH_DIGEST_LENGTH_MISMATCH: 'error',\n UNSUPPORTED_HASH_ALG: 'error',\n UNSUPPORTED_MERKLE_COMMIT_ALG: 'error',\n INVALID_URI: 'error',\n CHUNK_TOO_LARGE: 'error',\n UNAUTHENTICATED_CIPHER_FORBIDDEN: 'error',\n UNSUPPORTED_AEAD_ALG: 'error',\n NONCE_LENGTH_MISMATCH: 'error',\n UNSUPPORTED_ENVELOPE_SCHEME: 'error',\n ENC_SLOTS_EMPTY: 'error',\n ENC_SLOT_INVALID_SHAPE: 'error',\n ENC_SLOTS_DUPLICATE_KEM_MATERIAL: 'error',\n ENC_SLOTS_TOO_MANY: 'error',\n ENC_ENVELOPE_TOO_LARGE: 'error',\n UNSUPPORTED_KEM_ALG: 'error',\n ENC_KEM_REQUIRED: 'error',\n KEM_EPK_LENGTH_MISMATCH: 'error',\n KEM_CT_LENGTH_MISMATCH: 'error',\n WRAP_LENGTH_MISMATCH: 'error',\n ENC_SLOTS_MAC_INVALID_LENGTH: 'error',\n ENC_SLOTS_MAC_REQUIRED: 'error',\n ENC_SLOTS_REQUIRED: 'error',\n ENC_EXCLUSIVITY_VIOLATION: 'error',\n ENC_NO_KEY_PATH: 'error',\n ENC_REQUIRES_CONTENT_HASH: 'error',\n ENC_PASSPHRASE_ALG_UNSUPPORTED: 'error',\n ENC_PASSPHRASE_SALT_TOO_SHORT: 'error',\n ENC_PASSPHRASE_SALT_TOO_LONG: 'error',\n ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW: 'error',\n ENC_PASSPHRASE_PARAMS_EXCEED_POLICY: 'error',\n MALFORMED_SIG_COSE_SIGN1: 'error',\n SIGNATURE_UNSUPPORTED: 'info',\n SIG_ENTRY_INVALID_SHAPE: 'error',\n SIG_ENTRY_KID_COSE_KEY_CONFLICT: 'error',\n SIG_PRIVATE_KEY_LEAKED: 'error',\n SUPERSEDES_TX_INVALID_LENGTH: 'error',\n EXTENSION_UNSUPPORTED_CRITICAL: 'error',\n CRIT_SHAPE_INVALID: 'error',\n // --- Part B ---\n METADATA_NOT_FOUND: 'error',\n INSUFFICIENT_CONFIRMATIONS: 'info',\n SIGNATURE_INVALID: 'error',\n SIGNER_KEY_UNRESOLVED: 'error',\n WALLET_ADDRESS_MISMATCH: 'error',\n URI_TARGET_FORBIDDEN: 'error',\n URI_INTEGRITY_MISMATCH: 'error',\n URI_FETCH_FAILED: 'warning',\n CONTENT_UNAVAILABLE: 'error',\n CIPHERTEXT_UNAVAILABLE: 'error',\n PROVIDER_UNAVAILABLE: 'error',\n SERVICE_INDEPENDENCE_VIOLATION: 'error',\n WRONG_DECRYPTION_INPUT_SHAPE: 'error',\n WRONG_RECIPIENT_KEY: 'error',\n TAMPERED_HEADER: 'error',\n TAMPERED_CIPHERTEXT: 'error',\n KDF_DERIVATION_FAILED: 'error',\n SCHEMA_MERKLE_LEAF_COUNT_MISMATCH: 'error',\n SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED: 'error',\n SCHEMA_MERKLE_LEAVES_MALFORMED: 'error',\n MERKLE_ROOT_MISMATCH: 'error',\n MERKLE_LEAVES_UNAVAILABLE: 'warning',\n MERKLE_LEAVES_INFORMATIVE_FORM: 'info',\n // Dual-severity — default reading is `info`; the verifier promotes to\n // `error` for merkle-only records (no `items[]` content claim was\n // validated in the same record).\n MERKLE_UNSUPPORTED: 'info',\n // Dual-severity — default reading is `info` (render mode); strict\n // end-to-end verifiers promote to `error`.\n OUT_OF_PROFILE_SKIPPED: 'info',\n});\n\nexport function severityOf(code: ErrorCode): Severity {\n return SEVERITY[code];\n}\n"]}
package/dist/index.cjs CHANGED
@@ -2390,6 +2390,60 @@ function decodeCoseSign1(bytes) {
2390
2390
  };
2391
2391
  }
2392
2392
 
2393
+ // ../crypto-core/dist/sealed-poe.js
2394
+ var CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX = new TextEncoder().encode(
2395
+ "cardano-poe-slots-transcript-v1"
2396
+ );
2397
+ var CARDANO_POE_HKDF_INFO_PAYLOAD = new TextEncoder().encode(
2398
+ "cardano-poe-payload-v1"
2399
+ );
2400
+ var CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE = new TextEncoder().encode(
2401
+ "cardano-poe-payload-passphrase-v1"
2402
+ );
2403
+ var CARDANO_POE_XWING_KEK_SALT_PREFIX = new TextEncoder().encode(
2404
+ "cardano-poe-xwing-kek-salt-v1"
2405
+ );
2406
+ if (CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX.length !== 31) {
2407
+ throw new Error(
2408
+ "CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX byte-length invariant violated (expected 31)"
2409
+ );
2410
+ }
2411
+ if (CARDANO_POE_HKDF_INFO_PAYLOAD.length !== 22) {
2412
+ throw new Error("CARDANO_POE_HKDF_INFO_PAYLOAD byte-length invariant violated (expected 22)");
2413
+ }
2414
+ if (CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE.length !== 33) {
2415
+ throw new Error(
2416
+ "CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE byte-length invariant violated (expected 33)"
2417
+ );
2418
+ }
2419
+ if (CARDANO_POE_XWING_KEK_SALT_PREFIX.length !== 29) {
2420
+ throw new Error("CARDANO_POE_XWING_KEK_SALT_PREFIX byte-length invariant violated (expected 29)");
2421
+ }
2422
+ var MAX_SLOTS = 1024;
2423
+ var MAX_DECODED_ENVELOPE_BYTES = 65536;
2424
+ var CARDANO_POE_HKDF_INFO_KEK = new TextEncoder().encode("cardano-poe-kek-v1");
2425
+ var CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519 = new TextEncoder().encode(
2426
+ "cardano-poe-kek-mlkem768x25519-v1"
2427
+ );
2428
+ var CARDANO_POE_HKDF_INFO_SLOTS_MAC = new TextEncoder().encode(
2429
+ "cardano-poe-slots-mac-v1"
2430
+ );
2431
+ var ZERO_NONCE_12 = new Uint8Array(12);
2432
+ if (CARDANO_POE_HKDF_INFO_KEK.length !== 18) {
2433
+ throw new Error("CARDANO_POE_HKDF_INFO_KEK byte-length invariant violated (expected 18)");
2434
+ }
2435
+ if (CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519.length !== 33) {
2436
+ throw new Error(
2437
+ "CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519 byte-length invariant violated (expected 33)"
2438
+ );
2439
+ }
2440
+ if (CARDANO_POE_HKDF_INFO_SLOTS_MAC.length !== 24) {
2441
+ throw new Error("CARDANO_POE_HKDF_INFO_SLOTS_MAC byte-length invariant violated (expected 24)");
2442
+ }
2443
+ if (ZERO_NONCE_12.length !== 12) {
2444
+ throw new Error("ZERO_NONCE_12 byte-length invariant violated (expected 12)");
2445
+ }
2446
+
2393
2447
  // src/chunked.ts
2394
2448
  var CHUNK_MAX_BYTES = 64;
2395
2449
  var UTF8_ENCODER2 = new TextEncoder();
@@ -2472,6 +2526,9 @@ var STRUCTURAL_ERROR_CODES = [
2472
2526
  "UNSUPPORTED_ENVELOPE_SCHEME",
2473
2527
  "ENC_SLOTS_EMPTY",
2474
2528
  "ENC_SLOT_INVALID_SHAPE",
2529
+ "ENC_SLOTS_DUPLICATE_KEM_MATERIAL",
2530
+ "ENC_SLOTS_TOO_MANY",
2531
+ "ENC_ENVELOPE_TOO_LARGE",
2475
2532
  "UNSUPPORTED_KEM_ALG",
2476
2533
  "ENC_KEM_REQUIRED",
2477
2534
  "KEM_EPK_LENGTH_MISMATCH",
@@ -2547,6 +2604,9 @@ var SEVERITY = Object.freeze({
2547
2604
  UNSUPPORTED_ENVELOPE_SCHEME: "error",
2548
2605
  ENC_SLOTS_EMPTY: "error",
2549
2606
  ENC_SLOT_INVALID_SHAPE: "error",
2607
+ ENC_SLOTS_DUPLICATE_KEM_MATERIAL: "error",
2608
+ ENC_SLOTS_TOO_MANY: "error",
2609
+ ENC_ENVELOPE_TOO_LARGE: "error",
2550
2610
  UNSUPPORTED_KEM_ALG: "error",
2551
2611
  ENC_KEM_REQUIRED: "error",
2552
2612
  KEM_EPK_LENGTH_MISMATCH: "error",
@@ -2627,6 +2687,8 @@ var KEM_FIELD_LENGTH_CODE = {
2627
2687
  epk: "KEM_EPK_LENGTH_MISMATCH",
2628
2688
  kem_ct: "KEM_CT_LENGTH_MISMATCH"
2629
2689
  };
2690
+ var NONCE_LENGTH = 24;
2691
+ var SLOTS_MAC_LENGTH = 32;
2630
2692
  var PASSPHRASE_KDF_ALGS = /* @__PURE__ */ new Set(["argon2id"]);
2631
2693
  var KNOWN_SIG_ALG_IDS = /* @__PURE__ */ new Set([-8, -19]);
2632
2694
  function validatePoeRecord(bytes) {
@@ -2943,24 +3005,62 @@ function checkItemEnc(item, idx, errors) {
2943
3005
  );
2944
3006
  }
2945
3007
  if (hasSlots) {
2946
- if (enc.slots.length < 1) {
3008
+ const slotCount = enc.slots.length;
3009
+ if (slotCount < 1) {
2947
3010
  errors.push(
2948
- issue("ENC_SLOTS_EMPTY", [...basePath, "slots"], `slots length ${enc.slots.length} < 1`)
3011
+ issue("ENC_SLOTS_EMPTY", [...basePath, "slots"], `slots length ${slotCount} < 1`)
2949
3012
  );
2950
- }
2951
- const descriptor = enc.kem !== void 0 ? KEM_SLOT_DESCRIPTORS[enc.kem] : void 0;
2952
- if (descriptor !== void 0) {
2953
- const rawSlotKeys = rawSlotKeySets(item.enc);
2954
- enc.slots.forEach((slot, si) => {
2955
- checkSlotShape(
2956
- slot,
2957
- rawSlotKeys[si] ?? /* @__PURE__ */ new Set(),
2958
- descriptor,
2959
- enc.kem,
2960
- [...basePath, "slots", si],
2961
- errors
2962
- );
2963
- });
3013
+ } else if (slotCount > MAX_SLOTS) {
3014
+ errors.push(
3015
+ issue(
3016
+ "ENC_SLOTS_TOO_MANY",
3017
+ [...basePath, "slots"],
3018
+ `slots length ${slotCount} exceeds MAX_SLOTS=${MAX_SLOTS}`
3019
+ )
3020
+ );
3021
+ } else {
3022
+ const descriptor = enc.kem !== void 0 ? KEM_SLOT_DESCRIPTORS[enc.kem] : void 0;
3023
+ if (descriptor !== void 0) {
3024
+ const rawSlotKeys = rawSlotKeySets(item.enc);
3025
+ const seenKemMaterial = /* @__PURE__ */ new Set();
3026
+ enc.slots.forEach((slot, si) => {
3027
+ const slotPath = [...basePath, "slots", si];
3028
+ checkSlotShape(
3029
+ slot,
3030
+ rawSlotKeys[si] ?? /* @__PURE__ */ new Set(),
3031
+ descriptor,
3032
+ enc.kem,
3033
+ slotPath,
3034
+ errors
3035
+ );
3036
+ const material = slotKemMaterial(slot, descriptor);
3037
+ if (material !== void 0) {
3038
+ const key = bytesToHex2(material);
3039
+ if (seenKemMaterial.has(key)) {
3040
+ errors.push(
3041
+ issue(
3042
+ "ENC_SLOTS_DUPLICATE_KEM_MATERIAL",
3043
+ [...slotPath, descriptor.field],
3044
+ `slot ${si} ${descriptor.field} duplicates an earlier slot \u2014 per-slot KEK uniqueness is violated`
3045
+ )
3046
+ );
3047
+ } else {
3048
+ seenKemMaterial.add(key);
3049
+ }
3050
+ }
3051
+ });
3052
+ const perSlotBytes = descriptor.fieldLength + descriptor.wrapLength;
3053
+ const decodedEnvelopeBytes = NONCE_LENGTH + SLOTS_MAC_LENGTH + slotCount * perSlotBytes;
3054
+ if (decodedEnvelopeBytes > MAX_DECODED_ENVELOPE_BYTES) {
3055
+ errors.push(
3056
+ issue(
3057
+ "ENC_ENVELOPE_TOO_LARGE",
3058
+ [...basePath, "slots"],
3059
+ `decoded envelope size ${decodedEnvelopeBytes} exceeds MAX_DECODED_ENVELOPE_BYTES=${MAX_DECODED_ENVELOPE_BYTES}`
3060
+ )
3061
+ );
3062
+ }
3063
+ }
2964
3064
  }
2965
3065
  }
2966
3066
  if (hasPassphrase) {
@@ -3117,6 +3217,20 @@ function checkSlotShape(slot, rawKeys, descriptor, kem, slotPath, errors) {
3117
3217
  );
3118
3218
  }
3119
3219
  }
3220
+ function slotKemMaterial(slot, descriptor) {
3221
+ if (descriptor.field === "epk") {
3222
+ return slot.epk;
3223
+ }
3224
+ if (slot.kem_ct === void 0) return void 0;
3225
+ return bytesChunkArrayConcat(slot.kem_ct);
3226
+ }
3227
+ function bytesToHex2(bytes) {
3228
+ let hex = "";
3229
+ for (let i = 0; i < bytes.length; i++) {
3230
+ hex += bytes[i].toString(16).padStart(2, "0");
3231
+ }
3232
+ return hex;
3233
+ }
3120
3234
  function rawSlotKeySets(rawEnc) {
3121
3235
  const slots = mapLikeGet(rawEnc, "slots");
3122
3236
  if (!Array.isArray(slots)) return [];