@cardanowall/poe-standard 0.2.0 → 0.4.0

package/dist/validator.cjs

@@ -1621,6 +1621,14 @@ var CanonicalCborError = class extends Error {
     this.code = code;
   }
 };
+function encodeCanonicalCbor(value) {
+  return v2(value, {
+    cde: true,
+    collapseBigInts: true,
+    rejectDuplicateKeys: true,
+    sortKeys: f4
+  });
+}
 function decodeCanonicalCbor(bytes) {
   try {
     return l4(bytes, {
@@ -2184,35 +2192,257 @@ function decodeCoseSign1(bytes) {
     signature: signatureRaw
   };
 }
-
-// src/chunked.ts
-var UTF8_ENCODER = new TextEncoder();
-function bytesChunkArrayConcat(chunks) {
-  let total = 0;
-  for (const c5 of chunks) total += c5.length;
-  const out = new Uint8Array(total);
-  let offset = 0;
-  for (const c5 of chunks) {
-    out.set(c5, offset);
-    offset += c5.length;
-  }
-  return out;
+var CARDANO_POE_ITEM_HASHES_PREFIX = new TextEncoder().encode(
+  "cardano-poe-item-hashes-v1"
+);
+var CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX = new TextEncoder().encode(
+  "cardano-poe-slots-transcript-v1"
+);
+var CARDANO_POE_PASSPHRASE_TRANSCRIPT_PREFIX = new TextEncoder().encode(
+  "cardano-poe-passphrase-transcript-v1"
+);
+var CARDANO_POE_HKDF_INFO_SLOTS_MAC = new TextEncoder().encode(
+  "cardano-poe-slots-mac-v1"
+);
+var CARDANO_POE_HKDF_INFO_PASSPHRASE_MAC = new TextEncoder().encode(
+  "cardano-poe-passphrase-mac-v1"
+);
+var CARDANO_POE_HKDF_INFO_PAYLOAD = new TextEncoder().encode(
+  "cardano-poe-payload-v1"
+);
+var CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE = new TextEncoder().encode(
+  "cardano-poe-payload-passphrase-v1"
+);
+var CARDANO_POE_X25519_KEK_SALT_PREFIX = new TextEncoder().encode(
+  "cardano-poe-x25519-kek-salt-v1"
+);
+var CARDANO_POE_XWING_KEK_SALT_PREFIX = new TextEncoder().encode(
+  "cardano-poe-xwing-kek-salt-v1"
+);
+if (CARDANO_POE_ITEM_HASHES_PREFIX.length !== 26) {
+  throw new Error("CARDANO_POE_ITEM_HASHES_PREFIX byte-length invariant violated (expected 26)");
 }
-function reconstructChunkedUri(chunks) {
-  const merged = bytesChunkArrayConcat(chunks.map((c5) => UTF8_ENCODER.encode(c5)));
-  try {
-    const uri = new TextDecoder("utf-8", { fatal: true }).decode(merged);
-    return { ok: true, uri };
-  } catch (cause) {
-    return {
-      ok: false,
-      code: "INVALID_URI",
-      reason: cause instanceof Error ? cause.message : String(cause)
-    };
-  }
+if (CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX.length !== 31) {
+  throw new Error(
+    "CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX byte-length invariant violated (expected 31)"
+  );
+}
+if (CARDANO_POE_PASSPHRASE_TRANSCRIPT_PREFIX.length !== 36) {
+  throw new Error(
+    "CARDANO_POE_PASSPHRASE_TRANSCRIPT_PREFIX byte-length invariant violated (expected 36)"
+  );
+}
+if (CARDANO_POE_HKDF_INFO_SLOTS_MAC.length !== 24) {
+  throw new Error("CARDANO_POE_HKDF_INFO_SLOTS_MAC byte-length invariant violated (expected 24)");
+}
+if (CARDANO_POE_HKDF_INFO_PASSPHRASE_MAC.length !== 29) {
+  throw new Error(
+    "CARDANO_POE_HKDF_INFO_PASSPHRASE_MAC byte-length invariant violated (expected 29)"
+  );
+}
+if (CARDANO_POE_HKDF_INFO_PAYLOAD.length !== 22) {
+  throw new Error("CARDANO_POE_HKDF_INFO_PAYLOAD byte-length invariant violated (expected 22)");
+}
+if (CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE.length !== 33) {
+  throw new Error(
+    "CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE byte-length invariant violated (expected 33)"
+  );
+}
+if (CARDANO_POE_X25519_KEK_SALT_PREFIX.length !== 30) {
+  throw new Error(
+    "CARDANO_POE_X25519_KEK_SALT_PREFIX byte-length invariant violated (expected 30)"
+  );
+}
+if (CARDANO_POE_XWING_KEK_SALT_PREFIX.length !== 29) {
+  throw new Error("CARDANO_POE_XWING_KEK_SALT_PREFIX byte-length invariant violated (expected 29)");
+}
+var MAX_SLOTS = 1024;
+var MAX_DECODED_ENVELOPE_BYTES = 65536;
+var CARDANO_POE_HKDF_INFO_KEK = new TextEncoder().encode("cardano-poe-kek-v1");
+var CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519 = new TextEncoder().encode(
+  "cardano-poe-kek-mlkem768x25519-v1"
+);
+var ZERO_NONCE_12 = new Uint8Array(12);
+if (CARDANO_POE_HKDF_INFO_KEK.length !== 18) {
+  throw new Error("CARDANO_POE_HKDF_INFO_KEK byte-length invariant violated (expected 18)");
+}
+if (CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519.length !== 33) {
+  throw new Error(
+    "CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519 byte-length invariant violated (expected 33)"
+  );
+}
+if (ZERO_NONCE_12.length !== 12) {
+  throw new Error("ZERO_NONCE_12 byte-length invariant violated (expected 12)");
 }
+new TextEncoder();
+
+// src/error-codes.ts
+var ERROR_CODES = [
+  "MALFORMED_CBOR",
+  "SCHEMA_TYPE_MISMATCH",
+  "SCHEMA_MISSING_REQUIRED",
+  "SCHEMA_UNKNOWN_FIELD",
+  "SCHEMA_INVALID_LITERAL",
+  "SCHEMA_EMPTY_RECORD",
+  "HASH_DIGEST_LENGTH_MISMATCH",
+  "UNSUPPORTED_HASH_ALG",
+  "UNSUPPORTED_MERKLE_COMMIT_ALG",
+  "SCHEMA_MERKLE_LEAF_COUNT_INVALID",
+  "INVALID_URI",
+  "CHUNK_TOO_LARGE",
+  "UNAUTHENTICATED_CIPHER_FORBIDDEN",
+  "UNSUPPORTED_AEAD_ALG",
+  "NONCE_LENGTH_MISMATCH",
+  "UNSUPPORTED_ENVELOPE_SCHEME",
+  "ENC_UNSUPPORTED",
+  "ENC_SLOTS_EMPTY",
+  "ENC_SLOT_INVALID_SHAPE",
+  "UNSUPPORTED_KEM_ALG",
+  "ENC_KEM_REQUIRED",
+  "KEM_EPK_LENGTH_MISMATCH",
+  "KEM_CT_LENGTH_MISMATCH",
+  "WRAP_LENGTH_MISMATCH",
+  "ENC_SLOTS_MAC_INVALID_LENGTH",
+  "ENC_SLOTS_MAC_REQUIRED",
+  "ENC_SLOTS_REQUIRED",
+  "ENC_SLOTS_DUPLICATE_KEM_MATERIAL",
+  "ENC_SLOTS_TOO_MANY",
+  "ENC_ENVELOPE_TOO_LARGE",
+  "ENC_EXCLUSIVITY_VIOLATION",
+  "ENC_NO_KEY_PATH",
+  "ENC_REQUIRES_CONTENT_HASH",
+  "ENC_PASSPHRASE_ALG_UNSUPPORTED",
+  "ENC_PASSPHRASE_SALT_TOO_SHORT",
+  "ENC_PASSPHRASE_SALT_TOO_LONG",
+  "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW",
+  "ENC_PASSPHRASE_PARAMS_EXCEED_POLICY",
+  "MALFORMED_SIG_COSE_SIGN1",
+  "SIGNATURE_UNSUPPORTED",
+  "SIG_ENTRY_INVALID_SHAPE",
+  "SIG_ENTRY_KID_COSE_KEY_CONFLICT",
+  "SIG_PRIVATE_KEY_LEAKED",
+  "SUPERSEDES_TX_INVALID_LENGTH",
+  "EXTENSION_UNSUPPORTED_CRITICAL",
+  "CRIT_SHAPE_INVALID",
+  "TX_NOT_FOUND",
+  "PROVIDER_UNAVAILABLE",
+  "TX_INTEGRITY_MISMATCH",
+  "METADATA_NOT_FOUND",
+  "INSUFFICIENT_CONFIRMATIONS",
+  "SIGNATURE_INVALID",
+  "SIGNER_KEY_UNRESOLVED",
+  "WALLET_ADDRESS_MISMATCH",
+  "URI_TARGET_FORBIDDEN",
+  "URI_INTEGRITY_MISMATCH",
+  "URI_PROVIDER_INTEGRITY_MISMATCH",
+  "URI_FETCH_FAILED",
+  "CONTENT_UNAVAILABLE",
+  "CONTENT_FETCH_LIMIT_EXCEEDED",
+  "CIPHERTEXT_UNAVAILABLE",
+  "SERVICE_INDEPENDENCE_VIOLATION",
+  "WRONG_DECRYPTION_INPUT_SHAPE",
+  "WRONG_RECIPIENT_KEY",
+  "TAMPERED_HEADER",
+  "TAMPERED_CIPHERTEXT",
+  "KDF_DERIVATION_FAILED",
+  "ENC_PASSPHRASE_UNNORMALIZABLE",
+  "ENC_PASSPHRASE_EMPTY",
+  "SCHEMA_MERKLE_LEAF_COUNT_MISMATCH",
+  "SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED",
+  "SCHEMA_MERKLE_LEAVES_MALFORMED",
+  "MERKLE_ROOT_MISMATCH",
+  "MERKLE_LEAVES_UNAVAILABLE",
+  "MERKLE_UNSUPPORTED",
+  "OUT_OF_PROFILE_SKIPPED"
+];
+var ERROR_CODE_PART = Object.freeze({
+  MALFORMED_CBOR: "A",
+  SCHEMA_TYPE_MISMATCH: "A",
+  SCHEMA_MISSING_REQUIRED: "A",
+  SCHEMA_UNKNOWN_FIELD: "A",
+  SCHEMA_INVALID_LITERAL: "A",
+  SCHEMA_EMPTY_RECORD: "A",
+  HASH_DIGEST_LENGTH_MISMATCH: "A",
+  UNSUPPORTED_HASH_ALG: "A",
+  UNSUPPORTED_MERKLE_COMMIT_ALG: "A",
+  SCHEMA_MERKLE_LEAF_COUNT_INVALID: "A",
+  INVALID_URI: "A",
+  CHUNK_TOO_LARGE: "carriage",
+  UNAUTHENTICATED_CIPHER_FORBIDDEN: "A",
+  UNSUPPORTED_AEAD_ALG: "A",
+  NONCE_LENGTH_MISMATCH: "A",
+  UNSUPPORTED_ENVELOPE_SCHEME: "A",
+  ENC_UNSUPPORTED: "A",
+  ENC_SLOTS_EMPTY: "A",
+  ENC_SLOT_INVALID_SHAPE: "A",
+  UNSUPPORTED_KEM_ALG: "A",
+  ENC_KEM_REQUIRED: "A",
+  KEM_EPK_LENGTH_MISMATCH: "A",
+  KEM_CT_LENGTH_MISMATCH: "A",
+  WRAP_LENGTH_MISMATCH: "A",
+  ENC_SLOTS_MAC_INVALID_LENGTH: "A",
+  ENC_SLOTS_MAC_REQUIRED: "A",
+  ENC_SLOTS_REQUIRED: "A",
+  ENC_SLOTS_DUPLICATE_KEM_MATERIAL: "A",
+  ENC_SLOTS_TOO_MANY: "A",
+  ENC_ENVELOPE_TOO_LARGE: "A",
+  ENC_EXCLUSIVITY_VIOLATION: "A",
+  ENC_NO_KEY_PATH: "A",
+  ENC_REQUIRES_CONTENT_HASH: "A",
+  ENC_PASSPHRASE_ALG_UNSUPPORTED: "A",
+  ENC_PASSPHRASE_SALT_TOO_SHORT: "A",
+  ENC_PASSPHRASE_SALT_TOO_LONG: "A",
+  ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW: "A",
+  ENC_PASSPHRASE_PARAMS_EXCEED_POLICY: "A",
+  MALFORMED_SIG_COSE_SIGN1: "A",
+  SIGNATURE_UNSUPPORTED: "A",
+  SIG_ENTRY_INVALID_SHAPE: "A",
+  SIG_ENTRY_KID_COSE_KEY_CONFLICT: "A",
+  SIG_PRIVATE_KEY_LEAKED: "A",
+  SUPERSEDES_TX_INVALID_LENGTH: "A",
+  EXTENSION_UNSUPPORTED_CRITICAL: "A",
+  CRIT_SHAPE_INVALID: "A",
+  TX_NOT_FOUND: "B",
+  PROVIDER_UNAVAILABLE: "B",
+  TX_INTEGRITY_MISMATCH: "B",
+  METADATA_NOT_FOUND: "B",
+  INSUFFICIENT_CONFIRMATIONS: "B",
+  SIGNATURE_INVALID: "B",
+  SIGNER_KEY_UNRESOLVED: "B",
+  WALLET_ADDRESS_MISMATCH: "B",
+  URI_TARGET_FORBIDDEN: "B",
+  URI_INTEGRITY_MISMATCH: "B",
+  URI_PROVIDER_INTEGRITY_MISMATCH: "B",
+  URI_FETCH_FAILED: "B",
+  CONTENT_UNAVAILABLE: "B",
+  CONTENT_FETCH_LIMIT_EXCEEDED: "B",
+  CIPHERTEXT_UNAVAILABLE: "B",
+  SERVICE_INDEPENDENCE_VIOLATION: "B",
+  WRONG_DECRYPTION_INPUT_SHAPE: "B",
+  WRONG_RECIPIENT_KEY: "B",
+  TAMPERED_HEADER: "B",
+  TAMPERED_CIPHERTEXT: "B",
+  KDF_DERIVATION_FAILED: "B",
+  ENC_PASSPHRASE_UNNORMALIZABLE: "B",
+  ENC_PASSPHRASE_EMPTY: "B",
+  SCHEMA_MERKLE_LEAF_COUNT_MISMATCH: "B",
+  SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED: "B",
+  SCHEMA_MERKLE_LEAVES_MALFORMED: "B",
+  MERKLE_ROOT_MISMATCH: "B",
+  MERKLE_LEAVES_UNAVAILABLE: "B",
+  MERKLE_UNSUPPORTED: "B",
+  OUT_OF_PROFILE_SKIPPED: "B"
+});
+Object.freeze(
+  ERROR_CODES.filter((code) => ERROR_CODE_PART[code] === "A")
+);
+Object.freeze(
+  ERROR_CODES.filter((code) => ERROR_CODE_PART[code] === "carriage")
+);
+Object.freeze(
+  ERROR_CODES.filter((code) => ERROR_CODE_PART[code] === "B")
+);
 var SEVERITY = Object.freeze({
-  // --- Part A ---
   MALFORMED_CBOR: "error",
   SCHEMA_TYPE_MISMATCH: "error",
   SCHEMA_MISSING_REQUIRED: "error",
@@ -2222,12 +2452,14 @@ var SEVERITY = Object.freeze({
   HASH_DIGEST_LENGTH_MISMATCH: "error",
   UNSUPPORTED_HASH_ALG: "error",
   UNSUPPORTED_MERKLE_COMMIT_ALG: "error",
+  SCHEMA_MERKLE_LEAF_COUNT_INVALID: "error",
   INVALID_URI: "error",
   CHUNK_TOO_LARGE: "error",
   UNAUTHENTICATED_CIPHER_FORBIDDEN: "error",
   UNSUPPORTED_AEAD_ALG: "error",
   NONCE_LENGTH_MISMATCH: "error",
   UNSUPPORTED_ENVELOPE_SCHEME: "error",
+  ENC_UNSUPPORTED: "info",
   ENC_SLOTS_EMPTY: "error",
   ENC_SLOT_INVALID_SHAPE: "error",
   UNSUPPORTED_KEM_ALG: "error",
@@ -2238,6 +2470,9 @@ var SEVERITY = Object.freeze({
   ENC_SLOTS_MAC_INVALID_LENGTH: "error",
   ENC_SLOTS_MAC_REQUIRED: "error",
   ENC_SLOTS_REQUIRED: "error",
+  ENC_SLOTS_DUPLICATE_KEM_MATERIAL: "error",
+  ENC_SLOTS_TOO_MANY: "error",
+  ENC_ENVELOPE_TOO_LARGE: "error",
   ENC_EXCLUSIVITY_VIOLATION: "error",
   ENC_NO_KEY_PATH: "error",
   ENC_REQUIRES_CONTENT_HASH: "error",
@@ -2254,7 +2489,9 @@ var SEVERITY = Object.freeze({
   SUPERSEDES_TX_INVALID_LENGTH: "error",
   EXTENSION_UNSUPPORTED_CRITICAL: "error",
   CRIT_SHAPE_INVALID: "error",
-  // --- Part B ---
+  TX_NOT_FOUND: "error",
+  PROVIDER_UNAVAILABLE: "error",
+  TX_INTEGRITY_MISMATCH: "error",
   METADATA_NOT_FOUND: "error",
   INSUFFICIENT_CONFIRMATIONS: "info",
   SIGNATURE_INVALID: "error",
@@ -2262,119 +2499,135 @@ var SEVERITY = Object.freeze({
   WALLET_ADDRESS_MISMATCH: "error",
   URI_TARGET_FORBIDDEN: "error",
   URI_INTEGRITY_MISMATCH: "error",
+  URI_PROVIDER_INTEGRITY_MISMATCH: "warning",
   URI_FETCH_FAILED: "warning",
   CONTENT_UNAVAILABLE: "error",
+  CONTENT_FETCH_LIMIT_EXCEEDED: "error",
   CIPHERTEXT_UNAVAILABLE: "error",
-  PROVIDER_UNAVAILABLE: "error",
   SERVICE_INDEPENDENCE_VIOLATION: "error",
   WRONG_DECRYPTION_INPUT_SHAPE: "error",
   WRONG_RECIPIENT_KEY: "error",
   TAMPERED_HEADER: "error",
   TAMPERED_CIPHERTEXT: "error",
   KDF_DERIVATION_FAILED: "error",
+  ENC_PASSPHRASE_UNNORMALIZABLE: "error",
+  ENC_PASSPHRASE_EMPTY: "error",
   SCHEMA_MERKLE_LEAF_COUNT_MISMATCH: "error",
   SCHEMA_MERKLE_LEAVES_FORMAT_UNSUPPORTED: "error",
   SCHEMA_MERKLE_LEAVES_MALFORMED: "error",
   MERKLE_ROOT_MISMATCH: "error",
   MERKLE_LEAVES_UNAVAILABLE: "warning",
-  MERKLE_LEAVES_INFORMATIVE_FORM: "info",
-  // Dual-severity — default reading is `info`; the verifier promotes to
-  // `error` for merkle-only records (no `items[]` content claim was
-  // validated in the same record).
   MERKLE_UNSUPPORTED: "info",
-  // Dual-severity — default reading is `info` (render mode); strict
-  // end-to-end verifiers promote to `error`.
   OUT_OF_PROFILE_SKIPPED: "info"
 });
-var ChunkedBytesArraySchema = zod.z.array(
-  zod.z.instanceof(Uint8Array).refine((b5) => b5.length >= 1 && b5.length <= 64, {
-    params: { code: "CHUNK_TOO_LARGE" }
-  })
-).min(1);
-var UTF8_ENCODER2 = new TextEncoder();
-var UriChunkArraySchema = zod.z.array(
-  zod.z.string().refine(
-    (s3) => {
-      const n2 = UTF8_ENCODER2.encode(s3).length;
-      return n2 >= 1 && n2 <= 64;
-    },
-    { params: { code: "CHUNK_TOO_LARGE" } }
-  )
-).min(1);
+var REGISTRY_INDEX = new Map(
+  ERROR_CODES.map((code, index) => [code, index])
+);
+function errorCodeRegistryIndex(code) {
+  return REGISTRY_INDEX.get(code);
+}
+function textKeyedMap(inner) {
+  return zod.z.custom((value) => !(value instanceof Uint8Array), {
+    message: "CBOR byte string present where a text-keyed map is required"
+  }).pipe(inner);
+}
 var HashDigestSchema = zod.z.instanceof(Uint8Array);
 var HashesMapSchema = zod.z.record(zod.z.string(), HashDigestSchema);
-var MerkleCommitSchema = zod.z.object({
-  alg: zod.z.string(),
-  root: zod.z.instanceof(Uint8Array),
-  leaf_count: zod.z.number().int().min(1),
-  uris: zod.z.array(UriChunkArraySchema).min(1).optional()
-}).strict();
-var SlotSchema = zod.z.object({
-  epk: zod.z.instanceof(Uint8Array).optional(),
-  kem_ct: ChunkedBytesArraySchema.optional(),
-  wrap: zod.z.instanceof(Uint8Array).optional()
-});
-zod.z.object({
-  m: zod.z.number().int(),
-  t: zod.z.number().int(),
-  p: zod.z.number().int()
-}).strict();
-var PassphraseBlockSchema = zod.z.object({
-  alg: zod.z.string(),
-  salt: zod.z.instanceof(Uint8Array).superRefine((bytes, ctx) => {
-    if (bytes.length < 16) {
-      ctx.addIssue({
-        code: "custom",
-        path: [],
-        message: `passphrase.salt length ${bytes.length} < 16`,
-        params: { code: "ENC_PASSPHRASE_SALT_TOO_SHORT" }
-      });
-    } else if (bytes.length > 64) {
-      ctx.addIssue({
-        code: "custom",
-        path: [],
-        message: `passphrase.salt length ${bytes.length} > 64`,
-        params: { code: "ENC_PASSPHRASE_SALT_TOO_LONG" }
-      });
-    }
-  }),
-  params: zod.z.record(zod.z.string(), zod.z.unknown())
-}).strict();
-var EncryptionEnvelopeSchema = zod.z.object({
-  scheme: zod.z.unknown(),
-  aead: zod.z.string(),
-  kem: zod.z.string().optional(),
-  nonce: zod.z.instanceof(Uint8Array),
-  slots: zod.z.array(SlotSchema).optional(),
-  slots_mac: zod.z.instanceof(Uint8Array).refine((b5) => b5.length === 32, {
-    params: { code: "ENC_SLOTS_MAC_INVALID_LENGTH" }
-  }).optional(),
-  passphrase: PassphraseBlockSchema.optional()
-}).strict();
-var ItemEntrySchema = zod.z.object({
-  hashes: HashesMapSchema,
-  uris: zod.z.array(UriChunkArraySchema).min(1).optional(),
-  // Captured as `unknown` so the validator can run the
-  // `ENC_REQUIRES_CONTENT_HASH` pre-check ahead of any inner-shape errors
-  // and surface the most informative code first.
-  enc: zod.z.unknown().optional()
-}).strict();
-var SigEntrySchema = zod.z.object({
-  cose_key: ChunkedBytesArraySchema.optional(),
-  cose_sign1: ChunkedBytesArraySchema
-}).strict();
+var UriSchema = zod.z.string();
+var MerkleCommitSchema = textKeyedMap(
+  zod.z.object({
+    alg: zod.z.string(),
+    root: zod.z.instanceof(Uint8Array),
+    leaf_count: zod.z.union([zod.z.number().int(), zod.z.bigint()]),
+    uris: zod.z.array(UriSchema).optional()
+  }).strict()
+);
+var SlotSchema = textKeyedMap(
+  zod.z.object({
+    epk: zod.z.instanceof(Uint8Array).optional(),
+    kem_ct: zod.z.instanceof(Uint8Array).optional(),
+    wrap: zod.z.instanceof(Uint8Array).optional()
+  })
+);
+textKeyedMap(
+  zod.z.object({
+    m: zod.z.union([zod.z.number().int(), zod.z.bigint()]),
+    t: zod.z.union([zod.z.number().int(), zod.z.bigint()]),
+    p: zod.z.union([zod.z.number().int(), zod.z.bigint()])
+  }).strict()
+);
+var PassphraseBlockSchema = textKeyedMap(
+  zod.z.object({
+    alg: zod.z.string(),
+    salt: zod.z.instanceof(Uint8Array).superRefine((bytes, ctx) => {
+      if (bytes.length < 16) {
+        ctx.addIssue({
+          code: "custom",
+          path: [],
+          message: `passphrase.salt length ${bytes.length} < 16`,
+          params: { code: "ENC_PASSPHRASE_SALT_TOO_SHORT" }
+        });
+      } else if (bytes.length > 64) {
+        ctx.addIssue({
+          code: "custom",
+          path: [],
+          message: `passphrase.salt length ${bytes.length} > 64`,
+          params: { code: "ENC_PASSPHRASE_SALT_TOO_LONG" }
+        });
+      }
+    }),
+    params: zod.z.record(zod.z.string(), zod.z.unknown())
+  }).strict()
+);
+var EncScheme1Schema = textKeyedMap(
+  zod.z.object({
+    scheme: zod.z.literal(1),
+    aead: zod.z.string(),
+    kem: zod.z.string().optional(),
+    nonce: zod.z.instanceof(Uint8Array),
+    slots: zod.z.array(SlotSchema).optional(),
+    slots_mac: zod.z.instanceof(Uint8Array).refine((b5) => b5.length === 32, {
+      params: { code: "ENC_SLOTS_MAC_INVALID_LENGTH" }
+    }).optional(),
+    passphrase: PassphraseBlockSchema.optional()
+  }).strict()
+);
+var EncOpaqueSchema = textKeyedMap(
+  zod.z.looseObject({
+    scheme: zod.z.union([zod.z.number().int().nonnegative(), zod.z.bigint().nonnegative()])
+  })
+);
+zod.z.union([EncScheme1Schema, EncOpaqueSchema]);
+var ItemEntrySchema = textKeyedMap(
+  zod.z.object({
+    hashes: HashesMapSchema,
+    uris: zod.z.array(UriSchema).optional(),
+    // Captured as `unknown`: the envelope is a union whose disposition
+    // (typed scheme-1 vs opaque) depends on identifier support, so the
+    // validator's domain pass — not this schema — narrows it.
+    enc: zod.z.unknown().optional()
+  }).strict()
+);
+var SigEntrySchema = textKeyedMap(
+  zod.z.object({
+    cose_key: zod.z.instanceof(Uint8Array).optional(),
+    cose_sign1: zod.z.instanceof(Uint8Array)
+  }).strict()
+);
 var SupersedesSchema = zod.z.instanceof(Uint8Array).refine((b5) => b5.length === 32, {
   params: { code: "SUPERSEDES_TX_INVALID_LENGTH" }
 });
 var VersionLiteralSchema = zod.z.literal(1);
-var PoeRecordSchema = zod.z.looseObject({
-  v: VersionLiteralSchema,
-  items: zod.z.array(ItemEntrySchema).optional(),
-  merkle: zod.z.array(MerkleCommitSchema).optional(),
-  supersedes: SupersedesSchema.optional(),
-  sigs: zod.z.array(SigEntrySchema).optional(),
-  crit: zod.z.array(zod.z.string()).optional()
-});
+var PoeRecordSchema = textKeyedMap(
+  zod.z.looseObject({
+    v: VersionLiteralSchema,
+    items: zod.z.array(ItemEntrySchema).optional(),
+    merkle: zod.z.array(MerkleCommitSchema).optional(),
+    supersedes: SupersedesSchema.optional(),
+    sigs: zod.z.array(SigEntrySchema).optional(),
+    crit: zod.z.array(zod.z.string()).optional()
+  })
+);
 var TOP_LEVEL_BASE_KEYS = /* @__PURE__ */ new Set([
   "v",
   "items",
@@ -2383,8 +2636,8 @@ var TOP_LEVEL_BASE_KEYS = /* @__PURE__ */ new Set([
   "sigs",
   "crit"
 ]);
-var EXTENSION_KEY_VENDOR_RE = /^x-.+\n?$/;
-var EXTENSION_KEY_COMPANION_RE = /^[a-z]+-.+\n?$/;
+var EXTENSION_KEY_VENDOR_RE = /^x-[^\u0000-\u001f\u007f-\u009f]+$/;
+var EXTENSION_KEY_COMPANION_RE = /^[a-z]+-[^\u0000-\u001f\u007f-\u009f]+$/;
 function isExtensionKey(k4) {
   return EXTENSION_KEY_VENDOR_RE.test(k4) || EXTENSION_KEY_COMPANION_RE.test(k4);
 }
@@ -2398,9 +2651,9 @@ var MERKLE_COMMIT_ALG_LENGTHS = {
   "rfc9162-sha256": 32
 };
 var AEAD_NONCE_LENGTHS = {
-  "xchacha20-poly1305": 24
+  "chacha20-poly1305-stream64k": 24
 };
-var UNAUTHENTICATED_CIPHER_RE = /(?:^|[-_])(?:cbc|ctr|ecb|cfb|ofb)(?:[-_]|\n?$)|^(?:rc4|des|3des)(?:[-_]|\n?$)/i;
+var UNAUTHENTICATED_CIPHER_RE = /(?:^|[-_])(?:cbc|ctr|ecb|cfb|ofb)(?:[-_]|$)|^(?:rc4|des|3des)(?:[-_]|$)/i;
 var KEM_SLOT_DESCRIPTORS = {
   x25519: { field: "epk", fieldLength: 32, wrapLength: 48 },
   mlkem768x25519: { field: "kem_ct", fieldLength: 1120, wrapLength: 48 }
@@ -2411,13 +2664,31 @@ var KEM_FIELD_LENGTH_CODE = {
 };
 var PASSPHRASE_KDF_ALGS = /* @__PURE__ */ new Set(["argon2id"]);
 var KNOWN_SIG_ALG_IDS = /* @__PURE__ */ new Set([-8, -19]);
-function validatePoeRecord(bytes) {
+var UINT32_MAX = 4294967295;
+var DEFAULT_PASSPHRASE_PARAMS_CEILING = Object.freeze({
+  m: 2097152,
+  // KiB = 2 GiB
+  t: 16,
+  p: 8
+});
+var EMPTY_EXTENSION_SET = /* @__PURE__ */ new Set();
+function resolveOptions(options) {
+  return {
+    supportedCriticalExtensions: options?.supportedCriticalExtensions ?? EMPTY_EXTENSION_SET,
+    role: options?.role ?? "public",
+    maxSlots: options?.maxSlots ?? MAX_SLOTS,
+    maxEncEnvelopeBytes: options?.maxEncEnvelopeBytes ?? MAX_DECODED_ENVELOPE_BYTES,
+    passphraseParamsCeiling: options?.passphraseParamsCeiling === void 0 ? DEFAULT_PASSPHRASE_PARAMS_CEILING : options.passphraseParamsCeiling
+  };
+}
+function validatePoeRecord(bytes, options) {
+  const opts = resolveOptions(options);
   let decoded;
   try {
     decoded = decodeCanonicalCbor(bytes);
   } catch (cause) {
     return {
-      ok: false,
+      valid: false,
       issues: [
         {
           code: "MALFORMED_CBOR",
@@ -2428,132 +2699,181 @@ function validatePoeRecord(bytes) {
       ]
     };
   }
+  const nonTextKeyIssues = collectNonTextKeyMapIssues(decoded);
+  if (nonTextKeyIssues.length > 0) {
+    return { valid: false, issues: sortIssues(nonTextKeyIssues) };
+  }
   const parse = PoeRecordSchema.safeParse(decoded);
   if (!parse.success) {
-    const issues = parse.error.issues.map((issue2) => mapZodIssue(issue2, decoded)).sort(compareIssuePath);
-    return { ok: false, issues };
+    return { valid: false, issues: sortIssues(mapZodIssues(parse.error.issues, decoded)) };
   }
   const record = parse.data;
-  const errors = [];
-  const warnings = [];
-  const info = [];
-  const itemsLen = Array.isArray(record.items) ? record.items.length : 0;
-  const merkleLen = Array.isArray(record.merkle) ? record.merkle.length : 0;
-  if (itemsLen === 0 && merkleLen === 0) {
-    errors.push(
-      issue(
-        "SCHEMA_EMPTY_RECORD",
-        [],
-        "record must carry at least one of items[] or merkle[] non-empty"
-      )
-    );
-  }
+  const issues = [];
+  checkContentCommitmentPresence(record, issues);
   const decodedTopKeys = topLevelKeysOf(decoded);
-  const critShapeInvalidIndices = checkCritShape(record, decodedTopKeys, errors);
-  for (const k4 of decodedTopKeys) {
-    if (TOP_LEVEL_BASE_KEYS.has(k4)) continue;
-    if (isExtensionKey(k4)) continue;
-    errors.push(issue("SCHEMA_UNKNOWN_FIELD", [k4], `unknown top-level field: ${k4}`));
-  }
-  if (Array.isArray(record.crit)) {
-    for (let i = 0; i < record.crit.length; i++) {
-      if (critShapeInvalidIndices.has(i)) continue;
-      const critName = record.crit[i];
-      errors.push(
-        issue(
-          "EXTENSION_UNSUPPORTED_CRITICAL",
-          ["crit", i],
-          `crit lists extension '${critName}' that this validator does not implement`
-        )
+  checkCrit(record, decodedTopKeys, opts.supportedCriticalExtensions, issues);
+  for (const key of decodedTopKeys) {
+    if (TOP_LEVEL_BASE_KEYS.has(key)) continue;
+    if (isExtensionKey(key)) continue;
+    issues.push(issueOf("SCHEMA_UNKNOWN_FIELD", [key], `unknown top-level field: ${key}`));
+  }
+  const items = record.items ?? [];
+  for (let i = 0; i < items.length; i++) {
+    const item = items[i];
+    checkItemHashes(item, i, issues);
+    if (item.uris !== void 0) checkUris(item.uris, ["items", i, "uris"], issues);
+    if (item.enc !== void 0) checkItemEnc(item, i, opts, issues);
+  }
+  const merkle = record.merkle ?? [];
+  for (let i = 0; i < merkle.length; i++) {
+    checkMerkleCommit(merkle[i], i, issues);
+  }
+  if (record.sigs !== void 0) {
+    if (record.sigs.length === 0) {
+      issues.push(
+        issueOf("SCHEMA_TYPE_MISMATCH", ["sigs"], "sigs[] must be non-empty when present")
       );
     }
+    for (let i = 0; i < record.sigs.length; i++) {
+      checkSigEntry(record.sigs[i], i, issues);
+    }
   }
-  for (let i = 0; i < (record.items ?? []).length; i++) {
-    const item = record.items[i];
-    checkItemHashes(item, i, errors);
-    if (item.uris) checkItemUris(item.uris, ["items", i, "uris"], errors);
-    if (item.enc !== void 0) checkItemEnc(item, i, errors);
-  }
-  for (let i = 0; i < (record.merkle ?? []).length; i++) {
-    const commit = record.merkle[i];
-    checkMerkleCommit(commit, i, errors);
+  const sorted = sortIssues(issues);
+  if (sorted.some((issue) => issue.severity === "error")) {
+    return { valid: false, issues: sorted };
   }
-  if (record.sigs) {
-    for (let i = 0; i < record.sigs.length; i++) {
-      checkSigEntry(record.sigs[i], i, errors, info);
+  const warnings = sorted.filter((issue) => issue.severity === "warning");
+  const info = sorted.filter((issue) => issue.severity === "info");
+  const result = { valid: true, record };
+  if (warnings.length > 0) result.warnings = warnings;
+  if (info.length > 0) result.info = info;
+  return result;
+}
+function mapZodIssues(zissues, decodedRoot) {
+  const out = [];
+  for (const zissue of zissues) {
+    if (zissue.code === "unrecognized_keys") {
+      for (const key of zissue.keys) {
+        const path = [...zissue.path, key];
+        const code = unknownKeyCode(path);
+        out.push(issueOf(code, path, `unrecognized key '${key}' in a closed map`));
+      }
+      continue;
     }
+    out.push(mapZodIssue(zissue, decodedRoot));
   }
-  if (errors.length > 0) {
-    return { ok: false, issues: errors.sort(compareIssuePath) };
+  return out;
+}
+function unknownKeyCode(path) {
+  if (path.length >= 2 && path[0] === "sigs" && typeof path[1] === "number") {
+    return "SIG_ENTRY_INVALID_SHAPE";
   }
-  const result = {
-    ok: true,
-    record
+  return "SCHEMA_UNKNOWN_FIELD";
+}
+function collectNonTextKeyMapIssues(decoded) {
+  const issues = [];
+  const flag = (path) => {
+    issues.push(
+      issueOf(
+        "SCHEMA_TYPE_MISMATCH",
+        path,
+        "CBOR map carries a non-text key where a text-keyed map is required"
+      )
+    );
   };
-  if (warnings.length > 0) result.warnings = warnings.sort(compareIssuePath);
-  if (info.length > 0) result.info = info.sort(compareIssuePath);
-  return result;
+  if (decoded instanceof Map) {
+    flag([]);
+    return issues;
+  }
+  if (decoded === null || typeof decoded !== "object" || Array.isArray(decoded)) return issues;
+  const record = decoded;
+  for (const field of ["items", "merkle", "sigs"]) {
+    const entries = record[field];
+    if (!Array.isArray(entries)) continue;
+    entries.forEach((entry, i) => {
+      if (entry instanceof Map) {
+        flag([field, i]);
+        return;
+      }
+      if (field !== "items" || entry === null || typeof entry !== "object") return;
+      const item = entry;
+      if (item["hashes"] instanceof Map) flag([field, i, "hashes"]);
+      if (item["enc"] instanceof Map) flag([field, i, "enc"]);
+    });
+  }
+  return issues;
 }
-function mapZodIssue(zissue, decoded) {
+function mapZodIssue(zissue, decodedRoot) {
   const path = zissue.path;
   const explicit = zissue.params?.code;
   if (explicit !== void 0) {
-    return issue(explicit, path, zissue.message);
+    return issueOf(explicit, path, zissue.message);
+  }
+  const valueAtIssue = valueAtPath(decodedRoot, path);
+  if (valueAtIssue instanceof Map) {
+    return issueOf(
+      "SCHEMA_TYPE_MISMATCH",
+      path,
+      "CBOR map carries a non-text key where a text-keyed map is required"
+    );
   }
   const inSigsEntry = path.length >= 2 && path[0] === "sigs" && typeof path[1] === "number";
-  const isInSlotEntry = (() => {
-    if (path.length >= 5 && path[0] === "items" && typeof path[1] === "number" && path[2] === "enc" && path[3] === "slots" && typeof path[4] === "number") {
-      return true;
-    }
-    if (path.length >= 2 && path[0] === "slots" && typeof path[1] === "number") {
-      return true;
-    }
-    return false;
-  })();
-  const valueAtIssue = valueAtPath(decoded, path);
+  const isInSlotEntry = path.length >= 2 && path[0] === "slots" && typeof path[1] === "number";
   const isMissing = valueAtIssue === void 0;
   switch (zissue.code) {
     case "invalid_type":
-      if (isInSlotEntry) return issue("ENC_SLOT_INVALID_SHAPE", path, zissue.message);
+      if (isInSlotEntry) return issueOf("ENC_SLOT_INVALID_SHAPE", path, zissue.message);
       if (isMissing) {
-        if (inSigsEntry) return issue("SIG_ENTRY_INVALID_SHAPE", path, zissue.message);
-        return issue("SCHEMA_MISSING_REQUIRED", path, zissue.message);
+        if (inSigsEntry) return issueOf("SIG_ENTRY_INVALID_SHAPE", path, zissue.message);
+        return issueOf("SCHEMA_MISSING_REQUIRED", path, zissue.message);
       }
-      if (inSigsEntry) return issue("SIG_ENTRY_INVALID_SHAPE", path, zissue.message);
-      return issue("SCHEMA_TYPE_MISMATCH", path, zissue.message);
+      if (inSigsEntry) return issueOf("SIG_ENTRY_INVALID_SHAPE", path, zissue.message);
+      return issueOf("SCHEMA_TYPE_MISMATCH", path, zissue.message);
     case "invalid_value":
-      if (path.length === 1 && path[0] === "v") {
-        return issue(
-          isMissing ? "SCHEMA_MISSING_REQUIRED" : "SCHEMA_INVALID_LITERAL",
-          path,
-          zissue.message
-        );
-      }
-      return issue("SCHEMA_INVALID_LITERAL", path, zissue.message);
-    case "unrecognized_keys":
-      if (isInSlotEntry) return issue("ENC_SLOT_INVALID_SHAPE", path, zissue.message);
-      if (inSigsEntry) return issue("SIG_ENTRY_INVALID_SHAPE", path, zissue.message);
-      return issue("SCHEMA_UNKNOWN_FIELD", path, zissue.message);
+      if (isMissing) return issueOf("SCHEMA_MISSING_REQUIRED", path, zissue.message);
+      return issueOf("SCHEMA_INVALID_LITERAL", path, zissue.message);
+    case "invalid_union":
     case "invalid_format":
     case "too_big":
     case "too_small":
-      if (inSigsEntry) return issue("SIG_ENTRY_INVALID_SHAPE", path, zissue.message);
-      return issue("SCHEMA_TYPE_MISMATCH", path, zissue.message);
-    case "invalid_union":
     case "invalid_key":
     case "invalid_element":
     case "custom":
     default:
-      if (isInSlotEntry) return issue("ENC_SLOT_INVALID_SHAPE", path, zissue.message);
-      if (inSigsEntry) return issue("SIG_ENTRY_INVALID_SHAPE", path, zissue.message);
-      return issue("SCHEMA_TYPE_MISMATCH", path, zissue.message);
+      if (isInSlotEntry) return issueOf("ENC_SLOT_INVALID_SHAPE", path, zissue.message);
+      if (inSigsEntry) return issueOf("SIG_ENTRY_INVALID_SHAPE", path, zissue.message);
+      return issueOf("SCHEMA_TYPE_MISMATCH", path, zissue.message);
+  }
+}
+function checkContentCommitmentPresence(record, issues) {
+  const itemsLen = record.items?.length ?? 0;
+  const merkleLen = record.merkle?.length ?? 0;
+  if (itemsLen === 0 && merkleLen === 0) {
+    issues.push(
+      issueOf(
+        "SCHEMA_EMPTY_RECORD",
+        [],
+        "record must carry at least one of items[] or merkle[] non-empty"
+      )
+    );
+    return;
+  }
+  if (record.items !== void 0 && itemsLen === 0) {
+    issues.push(
+      issueOf("SCHEMA_TYPE_MISMATCH", ["items"], "items[] must be non-empty when present")
+    );
+  }
+  if (record.merkle !== void 0 && merkleLen === 0) {
+    issues.push(
+      issueOf("SCHEMA_TYPE_MISMATCH", ["merkle"], "merkle[] must be non-empty when present")
+    );
   }
 }
-function checkItemHashes(item, idx, errors) {
+function checkItemHashes(item, idx, issues) {
   const entries = Object.entries(item.hashes);
   if (entries.length === 0) {
-    errors.push(
-      issue(
+    issues.push(
+      issueOf(
         "SCHEMA_TYPE_MISMATCH",
         ["items", idx, "hashes"],
         "hashes must be a non-empty CBOR map of <alg-id> -> <digest>"
@@ -2563,15 +2883,15 @@ function checkItemHashes(item, idx, errors) {
   }
   for (const [alg, digest] of entries) {
     if (!(alg in HASH_ALG_LENGTHS)) {
-      errors.push(
-        issue("UNSUPPORTED_HASH_ALG", ["items", idx, "hashes", alg], `unknown hash alg: ${alg}`)
+      issues.push(
+        issueOf("UNSUPPORTED_HASH_ALG", ["items", idx, "hashes", alg], `unknown hash alg: ${alg}`)
       );
       continue;
     }
     const expected = HASH_ALG_LENGTHS[alg];
     if (digest.length !== expected) {
-      errors.push(
-        issue(
+      issues.push(
+        issueOf(
           "HASH_DIGEST_LENGTH_MISMATCH",
           ["items", idx, "hashes", alg],
           `hashes['${alg}'] digest length ${digest.length} != ${expected}`
@@ -2580,35 +2900,33 @@ function checkItemHashes(item, idx, errors) {
     }
   }
 }
-function checkItemUris(uris, basePath, errors) {
-  uris.forEach((chunks, ui) => validateOneUri(chunks, [...basePath, ui], errors));
-}
-function validateOneUri(chunks, path, errors) {
-  const reconstructed = reconstructChunkedUri(chunks);
-  if (!reconstructed.ok) {
-    errors.push(issue(reconstructed.code, path, reconstructed.reason));
+function checkUris(uris, basePath, issues) {
+  if (uris.length === 0) {
+    issues.push(issueOf("SCHEMA_TYPE_MISMATCH", basePath, "uris[] must be non-empty when present"));
     return;
   }
-  const uri = reconstructed.uri;
+  uris.forEach((uri, ui) => checkOneUri(uri, [...basePath, ui], issues));
+}
+function checkOneUri(uri, path, issues) {
   if (uri.includes("#")) {
-    errors.push(
-      issue("INVALID_URI", path, "URI contains a fragment identifier ('#'), which is forbidden")
+    issues.push(
+      issueOf("INVALID_URI", path, "URI contains a fragment identifier ('#'), which is forbidden")
     );
     return;
   }
   const sepIdx = uri.indexOf("://");
   if (sepIdx <= 0 || !/^[a-z][a-z0-9+.-]*$/i.test(uri.slice(0, sepIdx))) {
-    errors.push(
-      issue("INVALID_URI", path, "URI is not absolute (missing scheme://hierarchical-part)")
+    issues.push(
+      issueOf("INVALID_URI", path, "URI is not absolute (missing scheme://hierarchical-part)")
     );
     return;
   }
   const scheme = uri.slice(0, sepIdx).toLowerCase();
   const rest = uri.slice(sepIdx + "://".length);
   if (scheme === "ar") {
-    if (!/^ar:\/\/[A-Za-z0-9_-]{43}$/.test("ar://" + rest)) {
-      errors.push(
-        issue(
+    if (!/^[A-Za-z0-9_-]{43}$/.test(rest)) {
+      issues.push(
+        issueOf(
           "INVALID_URI",
           path,
           "ar:// URI does not match `^ar://[A-Za-z0-9_-]{43}$` (43-char base64url txid, no path/query/fragment)"
@@ -2621,277 +2939,286 @@ function validateOneUri(chunks, path, errors) {
     const slashIdx = rest.indexOf("/");
     const cid = slashIdx === -1 ? rest : rest.slice(0, slashIdx);
     if (!validateCidProfile(cid)) {
-      errors.push(
-        issue("INVALID_URI", path, "ipfs:// URI is not a valid CID under the Label 309 profile")
+      issues.push(
+        issueOf("INVALID_URI", path, "ipfs:// URI is not a valid CID under the Label 309 profile")
       );
     }
     return;
   }
-  errors.push(
-    issue("INVALID_URI", path, "unsupported URI scheme; v1 PoE URI set is {ar://, ipfs://}")
+  issues.push(
+    issueOf("INVALID_URI", path, "unsupported URI scheme; v1 PoE URI set is {ar://, ipfs://}")
   );
 }
-function checkItemEnc(item, idx, errors) {
+function checkItemEnc(item, idx, opts, issues) {
+  const encPath = ["items", idx, "enc"];
   const hasContentHash = Object.keys(item.hashes).some((alg) => alg in HASH_ALG_LENGTHS);
   if (!hasContentHash) {
-    errors.push(
-      issue(
+    issues.push(
+      issueOf(
         "ENC_REQUIRES_CONTENT_HASH",
-        ["items", idx, "enc"],
-        "item carries `enc` but `hashes` has no content-hash entry (sha2-256 or blake2b-256)"
+        encPath,
+        "item carries `enc` but `hashes` has no registered content-hash entry (sha2-256 or blake2b-256)"
       )
     );
+  }
+  const rawEnc = item.enc;
+  if (rawEnc === null || typeof rawEnc !== "object" || Array.isArray(rawEnc) || rawEnc instanceof Uint8Array) {
+    issues.push(issueOf("SCHEMA_TYPE_MISMATCH", encPath, "enc must be a CBOR map"));
     return;
   }
-  const encParse = EncryptionEnvelopeSchema.safeParse(item.enc);
-  if (!encParse.success) {
-    for (const zissue of encParse.error.issues) {
-      const mapped = mapZodIssue(zissue, item.enc);
-      errors.push({
-        ...mapped,
-        path: ["items", idx, "enc", ...mapped.path]
-      });
-    }
+  const enc = rawEnc;
+  const envelopeBytes = encodeCanonicalCbor(rawEnc).length;
+  if (envelopeBytes > opts.maxEncEnvelopeBytes) {
+    issues.push(
+      issueOf(
+        "ENC_ENVELOPE_TOO_LARGE",
+        encPath,
+        `decoded envelope is ${envelopeBytes} bytes; the resource bound is ${opts.maxEncEnvelopeBytes}`
+      )
+    );
+  }
+  const scheme = enc["scheme"];
+  if (scheme === void 0) {
+    issues.push(
+      issueOf("SCHEMA_MISSING_REQUIRED", [...encPath, "scheme"], "enc.scheme is required")
+    );
     return;
   }
-  const enc = encParse.data;
-  const basePath = ["items", idx, "enc"];
-  if (typeof enc.scheme !== "number" || !Number.isInteger(enc.scheme) || enc.scheme !== 1) {
-    errors.push(
-      issue(
-        "UNSUPPORTED_ENVELOPE_SCHEME",
-        [...basePath, "scheme"],
-        `enc.scheme must be the unsigned integer 1; got ${String(enc.scheme)}`
+  if (!isUint(scheme)) {
+    issues.push(
+      issueOf(
+        "SCHEMA_TYPE_MISMATCH",
+        [...encPath, "scheme"],
+        "enc.scheme must be a CBOR unsigned integer"
       )
     );
+    return;
   }
-  if (UNAUTHENTICATED_CIPHER_RE.test(enc.aead)) {
-    errors.push(
-      issue(
+  const aead = enc["aead"];
+  if (typeof aead === "string" && UNAUTHENTICATED_CIPHER_RE.test(aead)) {
+    issues.push(
+      issueOf(
         "UNAUTHENTICATED_CIPHER_FORBIDDEN",
-        [...basePath, "aead"],
-        `'${enc.aead}' is an unauthenticated cipher; Label 309 mandates an authenticated (AEAD) cipher`
+        [...encPath, "aead"],
+        `'${aead}' is an unauthenticated cipher; Label 309 mandates an authenticated (AEAD) cipher`
       )
     );
     return;
   }
-  if (!(enc.aead in AEAD_NONCE_LENGTHS)) {
-    errors.push(
-      issue("UNSUPPORTED_AEAD_ALG", [...basePath, "aead"], `unknown aead alg: ${enc.aead}`)
-    );
+  const kem = enc["kem"];
+  const unsupported = [];
+  if (!(typeof scheme === "number" && scheme === 1)) {
+    unsupported.push({ field: "scheme", code: "UNSUPPORTED_ENVELOPE_SCHEME", id: String(scheme) });
+  }
+  if (typeof kem === "string" && !(kem in KEM_SLOT_DESCRIPTORS)) {
+    unsupported.push({ field: "kem", code: "UNSUPPORTED_KEM_ALG", id: kem });
+  }
+  if (typeof aead === "string" && !(aead in AEAD_NONCE_LENGTHS)) {
+    unsupported.push({ field: "aead", code: "UNSUPPORTED_AEAD_ALG", id: aead });
+  }
+  if (unsupported.length > 0) {
+    const named = unsupported.map((u3) => `${u3.field}=${u3.id}`).join(", ");
+    const message = `envelope uses identifiers this implementation does not support (${named}); the envelope is opaque and only the content-hash claim is validated`;
+    if (opts.role === "recipient_or_strict") {
+      issues.push({ code: "ENC_UNSUPPORTED", path: encPath, message, severity: "error" });
+      for (const u3 of unsupported) {
+        issues.push(
+          issueOf(u3.code, [...encPath, u3.field], `enc.${u3.field} '${u3.id}' is not supported`)
+        );
+      }
+    } else {
+      issues.push({ code: "ENC_UNSUPPORTED", path: encPath, message, severity: "info" });
+    }
+    return;
+  }
+  const internalMapIssues = encInternalNonTextKeyIssues(enc, encPath);
+  if (internalMapIssues.length > 0) {
+    issues.push(...internalMapIssues);
+    return;
+  }
+  const encParse = EncScheme1Schema.safeParse(rawEnc);
+  if (!encParse.success) {
+    for (const mapped of mapZodIssues(encParse.error.issues, rawEnc)) {
+      issues.push({ ...mapped, path: [...encPath, ...mapped.path] });
+    }
     return;
   }
+  checkScheme1Envelope(encParse.data, rawEnc, encPath, opts, issues);
+}
+function encInternalNonTextKeyIssues(enc, encPath) {
+  const issues = [];
+  const flag = (path) => {
+    issues.push(
+      issueOf(
+        "SCHEMA_TYPE_MISMATCH",
+        path,
+        "CBOR map carries a non-text key where a text-keyed map is required"
+      )
+    );
+  };
+  const slots = enc["slots"];
+  if (Array.isArray(slots)) {
+    slots.forEach((slot, i) => {
+      if (slot instanceof Map) flag([...encPath, "slots", i]);
+    });
+  }
+  const passphrase = enc["passphrase"];
+  if (passphrase instanceof Map) {
+    flag([...encPath, "passphrase"]);
+  } else if (passphrase !== null && typeof passphrase === "object" && !Array.isArray(passphrase)) {
+    const params = passphrase["params"];
+    if (params instanceof Map) flag([...encPath, "passphrase", "params"]);
+  }
+  return issues;
+}
+function checkScheme1Envelope(enc, rawEnc, encPath, opts, issues) {
   const expectedNonceLen = AEAD_NONCE_LENGTHS[enc.aead];
   if (enc.nonce.length !== expectedNonceLen) {
-    errors.push(
-      issue(
+    issues.push(
+      issueOf(
         "NONCE_LENGTH_MISMATCH",
-        [...basePath, "nonce"],
+        [...encPath, "nonce"],
         `nonce length ${enc.nonce.length} != ${expectedNonceLen} for ${enc.aead}`
       )
     );
   }
-  if (enc.kem !== void 0 && !(enc.kem in KEM_SLOT_DESCRIPTORS)) {
-    errors.push(issue("UNSUPPORTED_KEM_ALG", [...basePath, "kem"], `unknown kem alg: ${enc.kem}`));
-  }
   const hasSlots = enc.slots !== void 0;
   const hasSlotsMac = enc.slots_mac !== void 0;
   const hasPassphrase = enc.passphrase !== void 0;
-  if (hasSlots && hasPassphrase) {
-    errors.push(
-      issue("ENC_EXCLUSIVITY_VIOLATION", basePath, "enc combines slots with passphrase; pick one")
+  const hasKem = enc.kem !== void 0;
+  if (hasPassphrase && (hasSlots || hasSlotsMac || hasKem)) {
+    issues.push(
+      issueOf(
+        "ENC_EXCLUSIVITY_VIOLATION",
+        encPath,
+        "enc.passphrase is mutually exclusive with kem / slots / slots_mac; exactly one key path is allowed"
+      )
     );
   }
   if (hasSlots && !hasSlotsMac) {
-    errors.push(
-      issue("ENC_SLOTS_MAC_REQUIRED", basePath, "enc.slots present but enc.slots_mac absent")
+    issues.push(
+      issueOf("ENC_SLOTS_MAC_REQUIRED", encPath, "enc.slots present but enc.slots_mac absent")
     );
   }
   if (hasSlotsMac && !hasSlots) {
-    errors.push(
-      issue("ENC_SLOTS_REQUIRED", basePath, "enc.slots_mac present but enc.slots absent")
+    issues.push(
+      issueOf("ENC_SLOTS_REQUIRED", encPath, "enc.slots_mac present but enc.slots absent")
     );
   }
-  if (hasSlots && enc.kem === void 0) {
-    errors.push(issue("ENC_KEM_REQUIRED", basePath, "enc.slots present but enc.kem absent"));
+  if (hasSlots && !hasKem) {
+    issues.push(issueOf("ENC_KEM_REQUIRED", encPath, "enc.slots present but enc.kem absent"));
   }
   if (!hasSlots && !hasPassphrase) {
-    errors.push(
-      issue(
+    issues.push(
+      issueOf(
         "ENC_NO_KEY_PATH",
-        basePath,
+        encPath,
         "enc requires either slots or passphrase \u2014 no on-chain key path otherwise"
       )
     );
   }
   if (hasSlots) {
-    if (enc.slots.length < 1) {
-      errors.push(
-        issue("ENC_SLOTS_EMPTY", [...basePath, "slots"], `slots length ${enc.slots.length} < 1`)
+    const slots = enc.slots;
+    if (slots.length < 1) {
+      issues.push(
+        issueOf("ENC_SLOTS_EMPTY", [...encPath, "slots"], "slots[] must carry at least one slot")
       );
-    }
-    const descriptor = enc.kem !== void 0 ? KEM_SLOT_DESCRIPTORS[enc.kem] : void 0;
-    if (descriptor !== void 0) {
-      const rawSlotKeys = rawSlotKeySets(item.enc);
-      enc.slots.forEach((slot, si) => {
+    } else if (slots.length > opts.maxSlots) {
+      issues.push(
+        issueOf(
+          "ENC_SLOTS_TOO_MANY",
+          [...encPath, "slots"],
+          `slots length ${slots.length} exceeds the slot-count bound ${opts.maxSlots}`
+        )
+      );
+    } else if (hasKem) {
+      const descriptor = KEM_SLOT_DESCRIPTORS[enc.kem];
+      const rawSlotKeys = rawSlotKeySets(rawEnc);
+      const seenKemMaterial = /* @__PURE__ */ new Set();
+      slots.forEach((slot, si) => {
+        const slotPath = [...encPath, "slots", si];
         checkSlotShape(
           slot,
           rawSlotKeys[si] ?? /* @__PURE__ */ new Set(),
           descriptor,
           enc.kem,
-          [...basePath, "slots", si],
-          errors
+          slotPath,
+          issues
         );
+        const material = descriptor.field === "epk" ? slot.epk : slot.kem_ct;
+        if (material !== void 0) {
+          const key = bytesToHex2(material);
+          if (seenKemMaterial.has(key)) {
+            issues.push(
+              issueOf(
+                "ENC_SLOTS_DUPLICATE_KEM_MATERIAL",
+                [...slotPath, descriptor.field],
+                `slot ${si} ${descriptor.field} duplicates an earlier slot \u2014 per-slot KEK uniqueness is violated`
+              )
+            );
+          } else {
+            seenKemMaterial.add(key);
+          }
+        }
       });
     }
   }
   if (hasPassphrase) {
-    const pp = enc.passphrase;
-    const ppPath = [...basePath, "passphrase"];
-    if (!PASSPHRASE_KDF_ALGS.has(pp.alg)) {
-      errors.push(
-        issue(
-          "ENC_PASSPHRASE_ALG_UNSUPPORTED",
-          [...ppPath, "alg"],
-          `unknown passphrase kdf alg: ${pp.alg}`
-        )
-      );
-      return;
-    }
-    if (pp.alg === "argon2id") {
-      const allowed = /* @__PURE__ */ new Set(["m", "t", "p"]);
-      for (const k4 of Object.keys(pp.params)) {
-        if (!allowed.has(k4)) {
-          errors.push(
-            issue(
-              "SCHEMA_UNKNOWN_FIELD",
-              [...ppPath, "params", k4],
-              `unknown argon2id params field: ${k4}`
-            )
-          );
-        }
-      }
-      const p5 = pp.params;
-      const argonInt = (val, name) => {
-        if (typeof val !== "number" || !Number.isInteger(val)) {
-          errors.push(
-            issue(
-              "SCHEMA_TYPE_MISMATCH",
-              [...ppPath, "params", name],
-              `argon2id params.${name} must be a CBOR unsigned integer`
-            )
-          );
-          return null;
-        }
-        return val;
-      };
-      const mVal = argonInt(p5.m, "m");
-      const tVal = argonInt(p5.t, "t");
-      const pVal = argonInt(p5.p, "p");
-      if (mVal !== null && mVal < 65536) {
-        errors.push(
-          issue(
-            "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW",
-            [...ppPath, "params", "m"],
-            "argon2id requires m >= 65536 KiB"
-          )
-        );
-      }
-      if (tVal !== null && tVal < 3) {
-        errors.push(
-          issue(
-            "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW",
-            [...ppPath, "params", "t"],
-            "argon2id requires t >= 3"
-          )
-        );
-      }
-      if (pVal !== null && pVal < 1) {
-        errors.push(
-          issue(
-            "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW",
-            [...ppPath, "params", "p"],
-            "argon2id requires p >= 1"
-          )
-        );
-      }
-    }
+    checkPassphraseBlock(enc.passphrase, [...encPath, "passphrase"], opts, issues);
   }
 }
 var SLOT_KEY_UNIVERSE = /* @__PURE__ */ new Set(["epk", "kem_ct", "wrap"]);
-function checkSlotShape(slot, rawKeys, descriptor, kem, slotPath, errors) {
+function checkSlotShape(slot, rawKeys, descriptor, kem, slotPath, issues) {
   const foreignField = descriptor.field === "epk" ? "kem_ct" : "epk";
   if (rawKeys.has(foreignField)) {
-    errors.push(
-      issue(
+    issues.push(
+      issueOf(
         "ENC_SLOT_INVALID_SHAPE",
         [...slotPath, foreignField],
         `slot carries '${foreignField}' but kem='${kem}' expects '${descriptor.field}'`
       )
     );
   }
-  for (const k4 of rawKeys) {
-    if (!SLOT_KEY_UNIVERSE.has(k4)) {
-      errors.push(
-        issue(
+  for (const key of rawKeys) {
+    if (!SLOT_KEY_UNIVERSE.has(key)) {
+      issues.push(
+        issueOf(
           "ENC_SLOT_INVALID_SHAPE",
-          [...slotPath, k4],
-          `slot carries unexpected key '${k4}'; a slot is a 2-key map {${descriptor.field}, wrap}`
+          [...slotPath, key],
+          `slot carries unexpected key '${key}'; a slot is a 2-key map {${descriptor.field}, wrap}`
         )
       );
     }
   }
-  if (descriptor.field === "epk") {
-    if (slot.epk === void 0) {
-      errors.push(
-        issue(
-          "ENC_SLOT_INVALID_SHAPE",
-          [...slotPath, "epk"],
-          `slot for kem='${kem}' is missing required 'epk'`
-        )
-      );
-    } else if (slot.epk.length !== descriptor.fieldLength) {
-      errors.push(
-        issue(
-          KEM_FIELD_LENGTH_CODE.epk,
-          [...slotPath, "epk"],
-          `slot.epk length ${slot.epk.length} != ${descriptor.fieldLength} for ${kem}`
-        )
-      );
-    }
-  } else {
-    if (slot.kem_ct === void 0) {
-      errors.push(
-        issue(
-          "ENC_SLOT_INVALID_SHAPE",
-          [...slotPath, "kem_ct"],
-          `slot for kem='${kem}' is missing required 'kem_ct'`
-        )
-      );
-    } else {
-      const reassembled = bytesChunkArrayConcat(slot.kem_ct).length;
-      if (reassembled !== descriptor.fieldLength) {
-        errors.push(
-          issue(
-            KEM_FIELD_LENGTH_CODE.kem_ct,
-            [...slotPath, "kem_ct"],
-            `slot.kem_ct reassembles to ${reassembled} bytes != ${descriptor.fieldLength} for ${kem}`
-          )
-        );
-      }
-    }
+  const ctField = descriptor.field === "epk" ? slot.epk : slot.kem_ct;
+  if (ctField === void 0) {
+    issues.push(
+      issueOf(
+        "ENC_SLOT_INVALID_SHAPE",
+        [...slotPath, descriptor.field],
+        `slot for kem='${kem}' is missing required '${descriptor.field}'`
+      )
+    );
+  } else if (ctField.length !== descriptor.fieldLength) {
+    issues.push(
+      issueOf(
+        KEM_FIELD_LENGTH_CODE[descriptor.field],
+        [...slotPath, descriptor.field],
+        `slot.${descriptor.field} length ${ctField.length} != ${descriptor.fieldLength} for ${kem}`
+      )
+    );
   }
   if (slot.wrap === void 0) {
-    errors.push(
-      issue(
+    issues.push(
+      issueOf(
         "ENC_SLOT_INVALID_SHAPE",
         [...slotPath, "wrap"],
         `slot for kem='${kem}' is missing required 'wrap'`
       )
     );
   } else if (slot.wrap.length !== descriptor.wrapLength) {
-    errors.push(
-      issue(
+    issues.push(
+      issueOf(
         "WRAP_LENGTH_MISMATCH",
         [...slotPath, "wrap"],
         `slot.wrap length ${slot.wrap.length} != ${descriptor.wrapLength}`
@@ -2899,8 +3226,88 @@ function checkSlotShape(slot, rawKeys, descriptor, kem, slotPath, errors) {
     );
   }
 }
+function checkPassphraseBlock(pp, ppPath, opts, issues) {
+  if (!PASSPHRASE_KDF_ALGS.has(pp.alg)) {
+    issues.push(
+      issueOf(
+        "ENC_PASSPHRASE_ALG_UNSUPPORTED",
+        [...ppPath, "alg"],
+        `unknown passphrase kdf alg: ${pp.alg}`
+      )
+    );
+    return;
+  }
+  const paramsPath = [...ppPath, "params"];
+  const params = pp.params;
+  for (const key of Object.keys(params)) {
+    if (key !== "m" && key !== "t" && key !== "p") {
+      issues.push(
+        issueOf(
+          "SCHEMA_UNKNOWN_FIELD",
+          [...paramsPath, key],
+          `unknown argon2id params field: ${key}`
+        )
+      );
+    }
+  }
+  const floors = { m: 65536, t: 3, p: 1 };
+  const ceiling = opts.passphraseParamsCeiling;
+  for (const name of ["m", "t", "p"]) {
+    const value = params[name];
+    if (value === void 0) {
+      issues.push(
+        issueOf(
+          "SCHEMA_MISSING_REQUIRED",
+          [...paramsPath, name],
+          `argon2id params.${name} is required`
+        )
+      );
+      continue;
+    }
+    if (!isUint(value)) {
+      issues.push(
+        issueOf(
+          "SCHEMA_TYPE_MISMATCH",
+          [...paramsPath, name],
+          `argon2id params.${name} must be a CBOR unsigned integer`
+        )
+      );
+      continue;
+    }
+    if (!uintWithin(value, 0, UINT32_MAX)) {
+      issues.push(
+        issueOf(
+          "SCHEMA_TYPE_MISMATCH",
+          [...paramsPath, name],
+          `argon2id params.${name} exceeds the pinned wire range 0 .. 2^32 - 1`
+        )
+      );
+      continue;
+    }
+    const num = Number(value);
+    if (num < floors[name]) {
+      issues.push(
+        issueOf(
+          "ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW",
+          [...paramsPath, name],
+          `argon2id requires ${name} >= ${floors[name]}`
+        )
+      );
+      continue;
+    }
+    if (ceiling !== null && num > ceiling[name]) {
+      issues.push(
+        issueOf(
+          "ENC_PASSPHRASE_PARAMS_EXCEED_POLICY",
+          [...paramsPath, name],
+          `argon2id params.${name} = ${num} exceeds the deployment ceiling ${ceiling[name]}`
+        )
+      );
+    }
+  }
+}
 function rawSlotKeySets(rawEnc) {
-  const slots = mapLikeGet(rawEnc, "slots");
+  const slots = rawEnc["slots"];
   if (!Array.isArray(slots)) return [];
   return slots.map((slot) => {
     const keys = /* @__PURE__ */ new Set();
@@ -2912,54 +3319,64 @@ function rawSlotKeySets(rawEnc) {
     return keys;
   });
 }
-function mapLikeGet(value, key) {
-  if (value instanceof Map) return value.get(key);
-  if (typeof value === "object" && value !== null) {
-    return value[key];
-  }
-  return void 0;
-}
-function checkMerkleCommit(commit, idx, errors) {
+function checkMerkleCommit(commit, idx, issues) {
   const basePath = ["merkle", idx];
   if (!(commit.alg in MERKLE_COMMIT_ALG_LENGTHS)) {
-    errors.push(
-      issue(
+    issues.push(
+      issueOf(
         "UNSUPPORTED_MERKLE_COMMIT_ALG",
         [...basePath, "alg"],
         `unknown merkle commitment alg: ${commit.alg}`
       )
     );
-    return;
+  } else {
+    const expected = MERKLE_COMMIT_ALG_LENGTHS[commit.alg];
+    if (commit.root.length !== expected) {
+      issues.push(
+        issueOf(
+          "HASH_DIGEST_LENGTH_MISMATCH",
+          [...basePath, "root"],
+          `merkle entry root length ${commit.root.length} != ${expected} for ${commit.alg}`
+        )
+      );
+    }
   }
-  const expected = MERKLE_COMMIT_ALG_LENGTHS[commit.alg];
-  if (commit.root.length !== expected) {
-    errors.push(
-      issue(
-        "HASH_DIGEST_LENGTH_MISMATCH",
-        [...basePath, "root"],
-        `merkle entry root length ${commit.root.length} != ${expected} for ${commit.alg}`
+  const leafCount = commit.leaf_count;
+  if (!isUint(leafCount)) {
+    issues.push(
+      issueOf(
+        "SCHEMA_TYPE_MISMATCH",
+        [...basePath, "leaf_count"],
+        "leaf_count must be a CBOR unsigned integer"
+      )
+    );
+  } else if (!uintWithin(leafCount, 1, UINT32_MAX)) {
+    issues.push(
+      issueOf(
+        "SCHEMA_MERKLE_LEAF_COUNT_INVALID",
+        [...basePath, "leaf_count"],
+        `leaf_count ${String(leafCount)} is outside the pinned range 1 .. 2^32 - 1`
       )
     );
   }
-  if (commit.uris) {
-    checkItemUris(commit.uris, [...basePath, "uris"], errors);
+  if (commit.uris !== void 0) {
+    checkUris(commit.uris, [...basePath, "uris"], issues);
   }
 }
-function checkSigEntry(entry, idx, errors, info) {
+function checkSigEntry(entry, idx, issues) {
   if (entry.cose_key !== void 0) {
     const keyIssue = inspectCoseKey(entry.cose_key, idx);
     if (keyIssue !== null) {
-      errors.push(keyIssue);
+      issues.push(keyIssue);
       return;
     }
   }
-  const merged = bytesChunkArrayConcat(entry.cose_sign1);
   let cose;
   try {
-    cose = decodeCoseSign1(merged);
+    cose = decodeCoseSign1(entry.cose_sign1);
   } catch (cause) {
-    errors.push(
-      issue(
+    issues.push(
+      issueOf(
         "MALFORMED_SIG_COSE_SIGN1",
         ["sigs", idx],
         cause instanceof CoseVerifyError || cause instanceof Error ? cause.message : String(cause)
@@ -2968,8 +3385,8 @@ function checkSigEntry(entry, idx, errors, info) {
     return;
   }
   if (cose.payload !== null) {
-    errors.push(
-      issue(
+    issues.push(
+      issueOf(
         "MALFORMED_SIG_COSE_SIGN1",
         ["sigs", idx],
         "COSE_Sign1 payload must be null (detached); attached form forbidden"
@@ -2979,8 +3396,8 @@ function checkSigEntry(entry, idx, errors, info) {
   }
   const alg = cose.protectedHeader.get(1);
   if (typeof alg !== "number" || !KNOWN_SIG_ALG_IDS.has(alg)) {
-    info.push(
-      issue(
+    issues.push(
+      issueOf(
         "SIGNATURE_UNSUPPORTED",
         ["sigs", idx],
         `COSE_Sign1 protected alg ${String(alg)} not in {-8, -19}`
@@ -2989,8 +3406,8 @@ function checkSigEntry(entry, idx, errors, info) {
   }
   const protectedKid = cose.protectedHeader.get(4);
   if (protectedKid instanceof Uint8Array && protectedKid.length === 32 && entry.cose_key !== void 0) {
-    errors.push(
-      issue(
+    issues.push(
+      issueOf(
         "SIG_ENTRY_KID_COSE_KEY_CONFLICT",
         ["sigs", idx],
         "sigs[i] carries both a 32-byte protected `kid` (path 1) and an inline `cose_key` (path 2); paths are mutually exclusive"
@@ -2998,12 +3415,12 @@ function checkSigEntry(entry, idx, errors, info) {
     );
   }
 }
-function inspectCoseKey(keyChunks, i) {
+function inspectCoseKey(keyBytes, i) {
   let decoded;
   try {
-    decoded = decodeCanonicalCbor(bytesChunkArrayConcat(keyChunks));
+    decoded = decodeCanonicalCbor(keyBytes);
   } catch (cause) {
-    return issue(
+    return issueOf(
       "MALFORMED_SIG_COSE_SIGN1",
       ["sigs", i, "cose_key"],
       `sigs[${i}].cose_key failed to decode as cbor<COSE_Key>: ${cause instanceof Error ? cause.message : String(cause)}`
@@ -3011,20 +3428,14 @@ function inspectCoseKey(keyChunks, i) {
   }
   const getLabel = (label) => {
     if (decoded instanceof Map) return decoded.get(label);
-    if (typeof decoded === "object" && decoded !== null) {
-      return decoded[String(label)];
-    }
     return void 0;
   };
   const hasLabel = (label) => {
     if (decoded instanceof Map) return decoded.has(label);
-    if (typeof decoded === "object" && decoded !== null) {
-      return Object.prototype.hasOwnProperty.call(decoded, String(label));
-    }
     return false;
   };
   if (hasLabel(-4)) {
-    return issue(
+    return issueOf(
       "SIG_PRIVATE_KEY_LEAKED",
       ["sigs", i, "cose_key"],
       "cose_key carries COSE_Key private-key material (label -4, the OKP/EC2 private scalar d); publishing a private key on the permanent ledger is forbidden"
@@ -3032,7 +3443,7 @@ function inspectCoseKey(keyChunks, i) {
   }
   const kty = getLabel(1);
   if (kty !== 1) {
-    return issue(
+    return issueOf(
       "MALFORMED_SIG_COSE_SIGN1",
       ["sigs", i, "cose_key"],
       `sigs[${i}].cose_key COSE_Key kty (label 1) must be 1 (OKP); got ${String(kty)}`
@@ -3040,23 +3451,16 @@ function inspectCoseKey(keyChunks, i) {
   }
   const crv = getLabel(-1);
   if (crv !== 6) {
-    return issue(
+    return issueOf(
       "MALFORMED_SIG_COSE_SIGN1",
       ["sigs", i, "cose_key"],
       `sigs[${i}].cose_key COSE_Key crv (label -1) must be 6 (Ed25519); got ${String(crv)}`
     );
   }
-  if (!hasLabel(-2)) {
-    return issue(
-      "MALFORMED_SIG_COSE_SIGN1",
-      ["sigs", i, "cose_key"],
-      `sigs[${i}].cose_key COSE_Key missing label -2 (Ed25519 public-key bytes)`
-    );
-  }
   const x5 = getLabel(-2);
   if (!(x5 instanceof Uint8Array) || x5.length !== 32) {
     const got = x5 instanceof Uint8Array ? `${x5.length}-byte bstr` : typeof x5;
-    return issue(
+    return issueOf(
       "MALFORMED_SIG_COSE_SIGN1",
       ["sigs", i, "cose_key"],
       `sigs[${i}].cose_key COSE_Key label -2 must be a 32-byte byte string (Ed25519 public key); got ${got}`
@@ -3064,6 +3468,58 @@ function inspectCoseKey(keyChunks, i) {
   }
   return null;
 }
+function checkCrit(record, decodedTopKeys, supportedCriticalExtensions, issues) {
+  if (!Array.isArray(record.crit)) return;
+  if (record.crit.length === 0) {
+    issues.push(
+      issueOf(
+        "SCHEMA_TYPE_MISMATCH",
+        ["crit"],
+        "crit[] must carry at least one entry when present"
+      )
+    );
+    return;
+  }
+  const seen = /* @__PURE__ */ new Set();
+  for (let i = 0; i < record.crit.length; i++) {
+    const critName = record.crit[i];
+    let reason = null;
+    if (TOP_LEVEL_BASE_KEYS.has(critName)) {
+      reason = `'${critName}' is a base key and MUST NOT appear in crit[]`;
+    } else if (!isExtensionKey(critName)) {
+      reason = `'${critName}' does not match the extension-key form (^x-.+ or ^[a-z]+-.+, no control characters)`;
+    } else if (!decodedTopKeys.has(critName)) {
+      reason = `'${critName}' is named in crit but absent from the record map`;
+    } else if (seen.has(critName)) {
+      reason = `'${critName}' appears more than once in crit[]`;
+    }
+    seen.add(critName);
+    if (reason !== null) {
+      issues.push(issueOf("CRIT_SHAPE_INVALID", ["crit", i], reason));
+      continue;
+    }
+    if (!supportedCriticalExtensions.has(critName)) {
+      issues.push(
+        issueOf(
+          "EXTENSION_UNSUPPORTED_CRITICAL",
+          ["crit", i],
+          `crit lists extension '${critName}' that this validator does not implement`
+        )
+      );
+    }
+  }
+}
+function topLevelKeysOf(decoded) {
+  if (decoded === null || typeof decoded !== "object") return /* @__PURE__ */ new Set();
+  if (decoded instanceof Map) {
+    const out = /* @__PURE__ */ new Set();
+    for (const k4 of decoded.keys()) {
+      if (typeof k4 === "string") out.add(k4);
+    }
+    return out;
+  }
+  return new Set(Object.keys(decoded));
+}
 var ACCEPTED_CIDV1_MULTIBASE = /* @__PURE__ */ new Set(["b", "B", "f", "F", "z"]);
 var ACCEPTED_MULTICODECS = /* @__PURE__ */ new Set([85, 112, 113]);
 var ACCEPTED_MULTIHASHES = /* @__PURE__ */ new Map([
@@ -3199,52 +3655,56 @@ function decodeBase58btc(s3) {
   }
   return out;
 }
-function checkCritShape(record, decodedTopKeys, errors) {
-  const invalid = /* @__PURE__ */ new Set();
-  if (!Array.isArray(record.crit)) return invalid;
-  if (record.crit.length === 0) {
-    errors.push(
-      issue("SCHEMA_TYPE_MISMATCH", ["crit"], "crit[] must carry at least one entry when present")
-    );
-    return invalid;
-  }
-  const seen = /* @__PURE__ */ new Set();
-  for (let i = 0; i < record.crit.length; i++) {
-    const critName = record.crit[i];
-    let reason = null;
-    if (TOP_LEVEL_BASE_KEYS.has(critName)) {
-      reason = `'${critName}' is a base key and MUST NOT appear in crit[]`;
-    } else if (!isExtensionKey(critName)) {
-      reason = `'${critName}' does not match the extension-key regex (^x-.+ or ^[a-z]+-.+)`;
-    } else if (!decodedTopKeys.has(critName)) {
-      reason = `'${critName}' is named in crit but absent from the record map`;
-    } else if (seen.has(critName)) {
-      reason = `'${critName}' appears more than once in crit[]`;
-    }
-    seen.add(critName);
-    if (reason !== null) {
-      invalid.add(i);
-      errors.push(issue("CRIT_SHAPE_INVALID", ["crit", i], reason));
-    }
-  }
-  return invalid;
+function bytesToHex2(bytes) {
+  let out = "";
+  for (const b5 of bytes) out += b5.toString(16).padStart(2, "0");
+  return out;
 }
-function topLevelKeysOf(decoded) {
-  if (decoded === null || typeof decoded !== "object") return /* @__PURE__ */ new Set();
-  if (decoded instanceof Map) {
-    const out = /* @__PURE__ */ new Set();
-    for (const k4 of decoded.keys()) {
-      if (typeof k4 === "string") out.add(k4);
-    }
-    return out;
-  }
-  return new Set(Object.keys(decoded));
+function isUint(value) {
+  if (typeof value === "number") return Number.isInteger(value) && value >= 0;
+  if (typeof value === "bigint") return value >= 0n;
+  return false;
 }
-function issue(code, path, message) {
+function uintWithin(value, min, max) {
+  if (typeof value === "bigint") return value >= BigInt(min) && value <= BigInt(max);
+  return value >= min && value <= max;
+}
+function issueOf(code, path, message) {
   return { code, path, message, severity: SEVERITY[code] };
 }
-function compareIssuePath(a4, b5) {
-  return a4.path.join(".").localeCompare(b5.path.join("."));
+var PATH_UTF8 = new TextEncoder();
+function compareTextSegments(a4, b5) {
+  const ab = PATH_UTF8.encode(a4);
+  const bb = PATH_UTF8.encode(b5);
+  const n2 = Math.min(ab.length, bb.length);
+  for (let i = 0; i < n2; i++) {
+    const d6 = ab[i] - bb[i];
+    if (d6 !== 0) return d6;
+  }
+  return ab.length - bb.length;
+}
+function compareIssues(a4, b5) {
+  const ap = a4.path;
+  const bp = b5.path;
+  const n2 = Math.min(ap.length, bp.length);
+  for (let i = 0; i < n2; i++) {
+    const x5 = ap[i];
+    const y7 = bp[i];
+    const xIsNum = typeof x5 === "number";
+    const yIsNum = typeof y7 === "number";
+    if (xIsNum !== yIsNum) return xIsNum ? -1 : 1;
+    if (xIsNum && yIsNum) {
+      if (x5 !== y7) return x5 < y7 ? -1 : 1;
+    } else {
+      const d6 = compareTextSegments(x5, y7);
+      if (d6 !== 0) return d6;
+    }
+  }
+  if (ap.length !== bp.length) return ap.length - bp.length;
+  return errorCodeRegistryIndex(a4.code) - errorCodeRegistryIndex(b5.code);
+}
+function sortIssues(issues) {
+  return [...issues].sort(compareIssues);
 }
 function valueAtPath(root, path) {
   let cur = root;
@@ -3265,6 +3725,7 @@ function valueAtPath(root, path) {
   (*! noble-ed25519 - MIT License (c) 2019 Paul Miller (paulmillr.com) *)
 */
 
+exports.DEFAULT_PASSPHRASE_PARAMS_CEILING = DEFAULT_PASSPHRASE_PARAMS_CEILING;
 exports.validateCidProfile = validateCidProfile;
 exports.validatePoeRecord = validatePoeRecord;
 //# sourceMappingURL=validator.cjs.map