npm - @cardanowall/poe-standard - Versions diffs - 0.3.0 → 0.4.0 - Mend

@cardanowall/poe-standard 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/dist/validator.d.cts CHANGED Viewed

@@ -2,22 +2,63 @@ import { ErrorCode, Severity } from './error-codes.cjs';
 import { PoeRecord } from './schema.cjs';
 import 'zod';
+type ValidatorRole = 'public' | 'recipient_or_strict';
+interface Argon2ParamsCeiling {
+    readonly m: number;
+    readonly t: number;
+    readonly p: number;
+}
+declare const DEFAULT_PASSPHRASE_PARAMS_CEILING: Argon2ParamsCeiling;
+interface ValidatorOptions {
+    /**
+     * Names of the critical extensions this validator implements. Default: the
+     * empty set — a default-configured validator therefore fails every
+     * `crit`-bearing record with `EXTENSION_UNSUPPORTED_CRITICAL`, by design.
+     */
+    readonly supportedCriticalExtensions?: ReadonlySet<string>;
+    /**
+     * The validation reading for dual-severity envelope dispositions.
+     * `public` (default): an envelope under an unsupported `scheme` / `kem` /
+     * `aead` degrades to opaque and `ENC_UNSUPPORTED` is informational.
+     * `recipient_or_strict` (the recipient verifier and strict sealed-crypto
+     * mode): the same condition is a hard reject — `ENC_UNSUPPORTED` escalates
+     * to `error` and co-fires with the identifier-specific `UNSUPPORTED_*`
+     * code.
+     */
+    readonly role?: ValidatorRole;
+    /** Slot-count resource bound (reference bound 1024; deployments MAY tighten). */
+    readonly maxSlots?: number;
+    /** Decoded-envelope byte resource bound (reference bound 65536). */
+    readonly maxEncEnvelopeBytes?: number;
+    /**
+     * Upper policy ceiling on Argon2id parameters
+     * (`ENC_PASSPHRASE_PARAMS_EXCEED_POLICY`). Defaults to
+     * `DEFAULT_PASSPHRASE_PARAMS_CEILING`; `null` disables the ceiling.
+     */
+    readonly passphraseParamsCeiling?: Argon2ParamsCeiling | null;
+}
 interface ValidationIssue {
-    readonly code: ErrorCode;
+    /**
+     * Segments from the record root: text map keys and integer array indices
+     * (e.g. `["items", 0, "hashes", "sha2-256"]`). A dotted string is a display
+     * rendering only — the segment list is the API form, so map keys containing
+     * `.` need no escaping.
+     */
     readonly path: ReadonlyArray<string | number>;
-    readonly message: string;
+    readonly code: ErrorCode;
     readonly severity: Severity;
+    readonly message: string;
 }
-type ValidateResult = {
-    readonly ok: true;
+type ValidationResult = {
+    readonly valid: true;
     readonly record: PoeRecord;
     readonly warnings?: ReadonlyArray<ValidationIssue>;
     readonly info?: ReadonlyArray<ValidationIssue>;
 } | {
-    readonly ok: false;
+    readonly valid: false;
     readonly issues: ReadonlyArray<ValidationIssue>;
 };
-declare function validatePoeRecord(bytes: Uint8Array): ValidateResult;
+declare function validatePoeRecord(bytes: Uint8Array, options?: ValidatorOptions): ValidationResult;
 declare function validateCidProfile(cid: string): boolean;
-export { type ValidateResult, type ValidationIssue, validateCidProfile, validatePoeRecord };
+export { type Argon2ParamsCeiling, DEFAULT_PASSPHRASE_PARAMS_CEILING, type ValidationIssue, type ValidationResult, type ValidatorOptions, type ValidatorRole, validateCidProfile, validatePoeRecord };

package/dist/validator.d.ts CHANGED Viewed

@@ -2,22 +2,63 @@ import { ErrorCode, Severity } from './error-codes.js';
 import { PoeRecord } from './schema.js';
 import 'zod';
+type ValidatorRole = 'public' | 'recipient_or_strict';
+interface Argon2ParamsCeiling {
+    readonly m: number;
+    readonly t: number;
+    readonly p: number;
+}
+declare const DEFAULT_PASSPHRASE_PARAMS_CEILING: Argon2ParamsCeiling;
+interface ValidatorOptions {
+    /**
+     * Names of the critical extensions this validator implements. Default: the
+     * empty set — a default-configured validator therefore fails every
+     * `crit`-bearing record with `EXTENSION_UNSUPPORTED_CRITICAL`, by design.
+     */
+    readonly supportedCriticalExtensions?: ReadonlySet<string>;
+    /**
+     * The validation reading for dual-severity envelope dispositions.
+     * `public` (default): an envelope under an unsupported `scheme` / `kem` /
+     * `aead` degrades to opaque and `ENC_UNSUPPORTED` is informational.
+     * `recipient_or_strict` (the recipient verifier and strict sealed-crypto
+     * mode): the same condition is a hard reject — `ENC_UNSUPPORTED` escalates
+     * to `error` and co-fires with the identifier-specific `UNSUPPORTED_*`
+     * code.
+     */
+    readonly role?: ValidatorRole;
+    /** Slot-count resource bound (reference bound 1024; deployments MAY tighten). */
+    readonly maxSlots?: number;
+    /** Decoded-envelope byte resource bound (reference bound 65536). */
+    readonly maxEncEnvelopeBytes?: number;
+    /**
+     * Upper policy ceiling on Argon2id parameters
+     * (`ENC_PASSPHRASE_PARAMS_EXCEED_POLICY`). Defaults to
+     * `DEFAULT_PASSPHRASE_PARAMS_CEILING`; `null` disables the ceiling.
+     */
+    readonly passphraseParamsCeiling?: Argon2ParamsCeiling | null;
+}
 interface ValidationIssue {
-    readonly code: ErrorCode;
+    /**
+     * Segments from the record root: text map keys and integer array indices
+     * (e.g. `["items", 0, "hashes", "sha2-256"]`). A dotted string is a display
+     * rendering only — the segment list is the API form, so map keys containing
+     * `.` need no escaping.
+     */
     readonly path: ReadonlyArray<string | number>;
-    readonly message: string;
+    readonly code: ErrorCode;
     readonly severity: Severity;
+    readonly message: string;
 }
-type ValidateResult = {
-    readonly ok: true;
+type ValidationResult = {
+    readonly valid: true;
     readonly record: PoeRecord;
     readonly warnings?: ReadonlyArray<ValidationIssue>;
     readonly info?: ReadonlyArray<ValidationIssue>;
 } | {
-    readonly ok: false;
+    readonly valid: false;
     readonly issues: ReadonlyArray<ValidationIssue>;
 };
-declare function validatePoeRecord(bytes: Uint8Array): ValidateResult;
+declare function validatePoeRecord(bytes: Uint8Array, options?: ValidatorOptions): ValidationResult;
 declare function validateCidProfile(cid: string): boolean;
-export { type ValidateResult, type ValidationIssue, validateCidProfile, validatePoeRecord };
+export { type Argon2ParamsCeiling, DEFAULT_PASSPHRASE_PARAMS_CEILING, type ValidationIssue, type ValidationResult, type ValidatorOptions, type ValidatorRole, validateCidProfile, validatePoeRecord };