@cello-protocol/daemon 0.0.3 → 0.0.4

package/dist/retry-queue.js

@@ -0,0 +1,444 @@
+/**
+ * CELLO Daemon — RetryQueue
+ *
+ * Per-session FIFO queue of messages awaiting delivery. When a send over a
+ * session node stream fails, the message envelope is added to the queue. When
+ * the peer reconnects, the daemon drains the queue in FIFO order.
+ *
+ * Persistence: SQLCipher table `retry_queue`.
+ * Cap: 1,000 messages per session. On overflow the OLDEST is evicted.
+ *
+ * Pseudocode (SPARC Phase P):
+ *
+ * 1. constructor(db, logger):
+ *    - Store db handle and logger reference
+ *    - Initialize empty per-session Map<sessionId, RetryQueueEntry[]>
+ *    - Create retry_queue table IF NOT EXISTS
+ *    - Create index on (session_id, position ASC)
+ *
+ * 2. loadFromDb():
+ *    - SELECT all rows from retry_queue ordered by session_id, position ASC
+ *    - Group into per-session arrays of RetryQueueEntry
+ *    - Store in in-memory Map
+ *    - Track per-session position counters (MAX position per session)
+ *
+ * 3. enqueue(sessionId, nonce: Uint8Array, contentBlob: Uint8Array):
+ *    - Convert nonce to hex via Buffer.from(nonce).toString('hex')
+ *    - If session queue size >= 1000: evict oldest (lowest position)
+ *      - DELETE from retry_queue WHERE session_id AND position = min
+ *      - Log message.retry.evicted WARN with evicted nonce hex
+ *      - Remove from in-memory array
+ *    - Compute next position: max(existing positions) + 1
+ *    - INSERT into retry_queue (session_id, nonce_hex, content_blob, queued_at, attempts, position)
+ *    - Add to in-memory array
+ *    - Log message.retry.queued INFO
+ *    - Return queueDepth
+ *
+ * 4. drainSession(sessionId, sendFn):
+ *    - Get entries for session in FIFO order (ascending position)
+ *    - For each entry:
+ *      a. Call sendFn(entry.contentBlob) → await result
+ *      b. If success: DELETE from retry_queue, remove from memory,
+ *         log message.retry.delivered INFO with attemptsTotal
+ *      c. If failure: HALT immediately. Do not attempt remaining entries.
+ *         FIFO invariant: M3 must not arrive before M2.
+ *    - Return count of successfully delivered messages
+ *
+ * 5. getTotalDepth():
+ *    - Sum sizes of all per-session arrays
+ *    - Return integer >= 0
+ *
+ * 6. getSessionDepth(sessionId):
+ *    - Return length of session's array (0 if absent)
+ */
+/** Cap per outline.md Resource Caps. */
+export const RETRY_QUEUE_CAP = 1000;
+export class RetryQueue {
+    #db;
+    #logger;
+    // DOD-LOG-1: when provided, content_blob is AES-256-GCM encrypted at rest with the SAME key as
+    // the transcript — closing the gap where queued message plaintext sat in cleartext in the DB.
+    // Optional for backward-compat with direct-construction tests (they store plaintext, as before).
+    #cipher;
+    /** Per-session FIFO arrays of DIRECT-resend entries, ordered by position ascending. */
+    #queues = new Map();
+    /** Per-session position counter for monotonic increment. */
+    #positionCounters = new Map();
+    /** CELLO-M7-MSG-001: per-session FIFO arrays of awaiting-ACK content (park target). */
+    #awaiting = new Map();
+    constructor(db, logger, cipher) {
+        this.#db = db;
+        this.#logger = logger;
+        this.#cipher = cipher;
+        // Create table + index if not exists (inline migration — not Flyway)
+        this.#db.exec(`
+      CREATE TABLE IF NOT EXISTS retry_queue (
+        id              INTEGER PRIMARY KEY AUTOINCREMENT,
+        session_id      TEXT    NOT NULL,
+        nonce_hex       TEXT    NOT NULL,
+        content_blob    BLOB    NOT NULL,
+        queued_at       INTEGER NOT NULL,
+        attempts        INTEGER NOT NULL DEFAULT 1,
+        position        INTEGER NOT NULL,
+        UNIQUE(session_id, nonce_hex)
+      )
+    `);
+        this.#db.exec(`
+      CREATE INDEX IF NOT EXISTS retry_queue_by_session_position
+        ON retry_queue(session_id, position ASC)
+    `);
+        // CELLO-M7-MSG-001 (AC-005): extend the SAME table with awaiting-ACK content state.
+        // No new table — guarded ALTERs make this idempotent across client upgrades.
+        const cols = this.#db.prepare("PRAGMA table_info(retry_queue)").all();
+        const hasCol = (n) => cols.some((c) => c.name === n);
+        if (!hasCol("awaiting_ack")) {
+            this.#db.exec("ALTER TABLE retry_queue ADD COLUMN awaiting_ack INTEGER NOT NULL DEFAULT 0");
+        }
+        if (!hasCol("content_hash_hex")) {
+            this.#db.exec("ALTER TABLE retry_queue ADD COLUMN content_hash_hex TEXT");
+        }
+        // DOD-LOOP-1: the OWNING agent for awaiting-ACK content, so two of the operator's agents can
+        // hold awaiting content for the SAME session_id on one daemon without colliding. NULL for
+        // legacy direct-retry rows; awaiting rows always set it.
+        if (!hasCol("agent_name")) {
+            this.#db.exec("ALTER TABLE retry_queue ADD COLUMN agent_name TEXT");
+        }
+    }
+    /** DOD-LOOP-1: composite key for the awaiting-ACK map — (agentName, sessionId). */
+    #ak(agentName, sessionId) {
+        return `${agentName}\x1f${sessionId}`;
+    }
+    /**
+     * Load all retry queue entries from SQLCipher into memory.
+     * Must complete BEFORE the IPC socket opens (AC-007).
+     */
+    loadFromDb() {
+        const rows = this.#db
+            .prepare("SELECT session_id, agent_name, nonce_hex, content_blob, queued_at, attempts, position, awaiting_ack, content_hash_hex FROM retry_queue ORDER BY session_id, position ASC")
+            .all();
+        this.#queues.clear();
+        this.#positionCounters.clear();
+        this.#awaiting.clear();
+        for (const row of rows) {
+            // Track max position per session across BOTH direct and awaiting entries.
+            const currentMax = this.#positionCounters.get(row.session_id) ?? 0;
+            if (row.position > currentMax)
+                this.#positionCounters.set(row.session_id, row.position);
+            if (row.awaiting_ack === 1) {
+                // CELLO-M7-MSG-001 (AC-004): un-acked content to re-park at startup. DOD-LOOP-1: keyed by
+                // the OWNING agent (legacy rows with no agent_name fall back to "" — single-agent behavior).
+                const agentName = row.agent_name ?? "";
+                const entry = {
+                    agentName,
+                    sessionId: row.session_id,
+                    contentHashHex: row.content_hash_hex ?? row.nonce_hex,
+                    contentBlob: this.#openBlob(Uint8Array.from(row.content_blob)),
+                    queuedAt: row.queued_at,
+                    position: row.position,
+                };
+                const ak = this.#ak(agentName, entry.sessionId);
+                let q = this.#awaiting.get(ak);
+                if (!q) {
+                    q = [];
+                    this.#awaiting.set(ak, q);
+                }
+                q.push(entry);
+                continue;
+            }
+            const entry = {
+                sessionId: row.session_id,
+                nonceHex: row.nonce_hex,
+                contentBlob: this.#openBlob(Uint8Array.from(row.content_blob)),
+                queuedAt: row.queued_at,
+                attempts: row.attempts,
+                position: row.position,
+            };
+            let sessionQueue = this.#queues.get(entry.sessionId);
+            if (!sessionQueue) {
+                sessionQueue = [];
+                this.#queues.set(entry.sessionId, sessionQueue);
+            }
+            sessionQueue.push(entry);
+        }
+    }
+    /**
+     * Enqueue a failed message for later retry.
+     * Evicts the oldest entry if cap is reached.
+     */
+    /** DOD-LOG-1: encrypt the content blob at rest when a cipher is configured (else passthrough). */
+    #sealBlob(b) {
+        return this.#cipher ? this.#cipher.encrypt(b) : b;
+    }
+    /**
+     * DOD-LOG-1: decrypt a stored content blob. If no cipher is configured, or the blob is a legacy
+     * PLAINTEXT row written before at-rest encryption (decrypt returns null), fall back to the raw
+     * bytes — so an upgrade reads old rows without crashing while new rows are encrypted.
+     */
+    #openBlob(b) {
+        if (!this.#cipher)
+            return b;
+        return this.#cipher.decrypt(b) ?? b;
+    }
+    enqueue(sessionId, nonce, contentBlob) {
+        const nonceHex = Buffer.from(nonce).toString("hex");
+        let sessionQueue = this.#queues.get(sessionId);
+        if (!sessionQueue) {
+            sessionQueue = [];
+            this.#queues.set(sessionId, sessionQueue);
+        }
+        // Cap enforcement: evict oldest if at limit
+        if (sessionQueue.length >= RETRY_QUEUE_CAP) {
+            const oldest = sessionQueue[0];
+            // Delete from DB
+            try {
+                this.#db
+                    .prepare("DELETE FROM retry_queue WHERE session_id = ? AND position = ?")
+                    .run(sessionId, oldest.position);
+            }
+            catch (err) {
+                this.#logger.error("message.retry.persist.failed", {
+                    sessionId,
+                    nonce: oldest.nonceHex,
+                    error: err instanceof Error ? err.message : String(err),
+                });
+            }
+            // Log eviction BEFORE the new entry is logged (per story spec)
+            this.#logger.warn("message.retry.evicted", {
+                sessionId,
+                nonce: oldest.nonceHex,
+                queueDepth: RETRY_QUEUE_CAP,
+            });
+            // Remove from in-memory
+            sessionQueue.shift();
+        }
+        // Compute next position
+        const currentMax = this.#positionCounters.get(sessionId) ?? 0;
+        const nextPosition = currentMax + 1;
+        this.#positionCounters.set(sessionId, nextPosition);
+        const queuedAt = Date.now();
+        const entry = {
+            sessionId,
+            nonceHex,
+            contentBlob,
+            queuedAt,
+            attempts: 1,
+            position: nextPosition,
+        };
+        // Persist to SQLCipher
+        try {
+            this.#db
+                .prepare(`INSERT INTO retry_queue (session_id, nonce_hex, content_blob, queued_at, attempts, position)
+           VALUES (?, ?, ?, ?, ?, ?)`)
+                .run(sessionId, nonceHex, Buffer.from(this.#sealBlob(contentBlob)), queuedAt, 1, nextPosition);
+        }
+        catch (err) {
+            this.#logger.error("message.retry.persist.failed", {
+                sessionId,
+                nonce: nonceHex,
+                error: err instanceof Error ? err.message : String(err),
+            });
+            // Message stays in memory only (DB-001 fallback)
+        }
+        sessionQueue.push(entry);
+        this.#logger.info("message.retry.queued", {
+            sessionId,
+            nonce: nonceHex,
+            queueDepth: sessionQueue.length,
+        });
+    }
+    /**
+     * Drain the session's retry queue in FIFO order.
+     * Halts immediately on first failure (FIFO invariant: no out-of-order delivery).
+     * Returns the number of successfully delivered messages.
+     */
+    async drainSession(sessionId, sendFn) {
+        const sessionQueue = this.#queues.get(sessionId);
+        if (!sessionQueue || sessionQueue.length === 0) {
+            return 0;
+        }
+        let delivered = 0;
+        // Drain in FIFO order (array is already sorted by position ascending)
+        while (sessionQueue.length > 0) {
+            const entry = sessionQueue[0];
+            const result = await sendFn(entry.contentBlob);
+            if (!result.delivered) {
+                // Increment attempts on failure so attemptsTotal reflects actual tries
+                entry.attempts++;
+                try {
+                    this.#db
+                        .prepare("UPDATE retry_queue SET attempts = ? WHERE session_id = ? AND nonce_hex = ?")
+                        .run(entry.attempts, sessionId, entry.nonceHex);
+                }
+                catch (err) {
+                    this.#logger.error("message.retry.persist.failed", {
+                        sessionId,
+                        nonce: entry.nonceHex,
+                        error: err instanceof Error ? err.message : String(err),
+                    });
+                }
+                // Halt immediately — FIFO invariant (AC-015)
+                break;
+            }
+            // Success: delete from DB
+            try {
+                this.#db
+                    .prepare("DELETE FROM retry_queue WHERE session_id = ? AND nonce_hex = ?")
+                    .run(sessionId, entry.nonceHex);
+            }
+            catch (err) {
+                this.#logger.error("message.retry.persist.failed", {
+                    sessionId,
+                    nonce: entry.nonceHex,
+                    error: err instanceof Error ? err.message : String(err),
+                });
+            }
+            // Remove from memory
+            sessionQueue.shift();
+            // Increment attempts for logging
+            const attemptsTotal = entry.attempts + 1;
+            this.#logger.info("message.retry.delivered", {
+                sessionId,
+                nonce: entry.nonceHex,
+                attemptsTotal,
+            });
+            delivered++;
+        }
+        // Clean up empty queue entry
+        if (sessionQueue.length === 0) {
+            this.#queues.delete(sessionId);
+        }
+        return delivered;
+    }
+    /** Total retry queue depth across all sessions. */
+    getTotalDepth() {
+        let total = 0;
+        for (const queue of this.#queues.values()) {
+            total += queue.length;
+        }
+        return total;
+    }
+    /** Retry queue depth for a specific session. */
+    getSessionDepth(sessionId) {
+        return this.#queues.get(sessionId)?.length ?? 0;
+    }
+    /** Get all entries for a session (FIFO ordered, defensive copy). Used by drain_session IPC. */
+    getSessionEntries(sessionId) {
+        const queue = this.#queues.get(sessionId);
+        return queue ? [...queue] : [];
+    }
+    // ─── CELLO-M7-MSG-001 (AC-004/AC-005/AC-019): awaiting-ACK content (park target) ──
+    /**
+     * Record un-acked content awaiting a `persisted` delivery ACK (TTF-trigger path,
+     * AC-005). Persisted to the SAME retry_queue table (awaiting_ack = 1) so a crash
+     * before the relay park confirms is recoverable at startup (AC-004). Idempotent on
+     * (sessionId, contentHash).
+     */
+    enqueueAwaitingContent(agentName, sessionId, contentHash, contentBlob) {
+        const contentHashHex = Buffer.from(contentHash).toString("hex");
+        const ak = this.#ak(agentName, sessionId);
+        let q = this.#awaiting.get(ak);
+        if (!q) {
+            q = [];
+            this.#awaiting.set(ak, q);
+        }
+        if (q.some((e) => e.contentHashHex === contentHashHex))
+            return; // idempotent
+        const currentMax = this.#positionCounters.get(ak) ?? 0;
+        const position = currentMax + 1;
+        this.#positionCounters.set(ak, position);
+        const queuedAt = Date.now();
+        try {
+            this.#db
+                .prepare(`INSERT INTO retry_queue (session_id, agent_name, nonce_hex, content_blob, queued_at, attempts, position, awaiting_ack, content_hash_hex)
+           VALUES (?, ?, ?, ?, ?, ?, ?, 1, ?)`)
+                .run(sessionId, agentName, contentHashHex, Buffer.from(this.#sealBlob(contentBlob)), queuedAt, 1, position, contentHashHex);
+        }
+        catch (err) {
+            this.#logger.error("message.retry.persist.failed", {
+                sessionId,
+                nonce: contentHashHex,
+                error: err instanceof Error ? err.message : String(err),
+            });
+            // In-memory only (DB-001 fallback) — still re-parkable this run.
+        }
+        q.push({ agentName, sessionId, contentHashHex, contentBlob, queuedAt, position });
+    }
+    /** Remove an awaiting-ACK entry once its `persisted` ACK arrives. */
+    markContentAcked(agentName, sessionId, contentHash) {
+        const contentHashHex = Buffer.from(contentHash).toString("hex");
+        const ak = this.#ak(agentName, sessionId);
+        const q = this.#awaiting.get(ak);
+        if (q) {
+            const idx = q.findIndex((e) => e.contentHashHex === contentHashHex);
+            if (idx !== -1)
+                q.splice(idx, 1);
+            if (q.length === 0)
+                this.#awaiting.delete(ak);
+        }
+        try {
+            this.#db
+                .prepare("DELETE FROM retry_queue WHERE agent_name = ? AND session_id = ? AND content_hash_hex = ? AND awaiting_ack = 1")
+                .run(agentName, sessionId, contentHashHex);
+        }
+        catch (err) {
+            this.#logger.error("message.retry.persist.failed", {
+                sessionId, nonce: contentHashHex, error: err instanceof Error ? err.message : String(err),
+            });
+        }
+    }
+    /** Awaiting-ACK depth for a session (un-acked content count). */
+    getAwaitingDepth(agentName, sessionId) {
+        return this.#awaiting.get(this.#ak(agentName, sessionId))?.length ?? 0;
+    }
+    /** All (agent, session) pairs that currently hold awaiting-ACK content (for the startup flush). */
+    getAwaitingSessions() {
+        const out = [];
+        for (const q of this.#awaiting.values()) {
+            if (q.length > 0)
+                out.push({ agentName: q[0].agentName, sessionId: q[0].sessionId });
+        }
+        return out;
+    }
+    /**
+     * Drain a session's awaiting-ACK content to the relay park target (AC-005). Each item
+     * is independent — unlike the direct FIFO resend, a park failure does NOT halt the
+     * rest; the failed item stays queued for the next reconnect / startup flush (DB-001,
+     * AC-019). Returns the number of entries successfully parked.
+     */
+    async drainAwaitingToPark(agentName, sessionId, parkFn) {
+        const ak = this.#ak(agentName, sessionId);
+        const q = this.#awaiting.get(ak);
+        if (!q || q.length === 0)
+            return 0;
+        let parked = 0;
+        for (const entry of [...q]) {
+            let result;
+            try {
+                result = await parkFn(entry);
+            }
+            catch (err) {
+                result = { parked: false, error: err instanceof Error ? err.message : String(err) };
+            }
+            if (!result.parked)
+                continue; // keep for next reconnect / startup flush (AC-019)
+            const idx = q.indexOf(entry);
+            if (idx !== -1)
+                q.splice(idx, 1);
+            try {
+                this.#db
+                    .prepare("DELETE FROM retry_queue WHERE agent_name = ? AND session_id = ? AND content_hash_hex = ? AND awaiting_ack = 1")
+                    .run(agentName, sessionId, entry.contentHashHex);
+            }
+            catch (err) {
+                this.#logger.error("message.retry.persist.failed", {
+                    sessionId, nonce: entry.contentHashHex, error: err instanceof Error ? err.message : String(err),
+                });
+            }
+            parked += 1;
+        }
+        if (q.length === 0)
+            this.#awaiting.delete(ak);
+        return parked;
+    }
+}
+//# sourceMappingURL=retry-queue.js.map

package/dist/retry-queue.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"retry-queue.js","sourceRoot":"","sources":["../src/retry-queue.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AAMH,wCAAwC;AACxC,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,CAAC;AAqCpC,MAAM,OAAO,UAAU;IACZ,GAAG,CAAe;IAClB,OAAO,CAAS;IACzB,+FAA+F;IAC/F,8FAA8F;IAC9F,iGAAiG;IACxF,OAAO,CAA+B;IAC/C,uFAAuF;IACvF,OAAO,GAAG,IAAI,GAAG,EAA6B,CAAC;IAC/C,4DAA4D;IAC5D,iBAAiB,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC9C,uFAAuF;IACvF,SAAS,GAAG,IAAI,GAAG,EAAkC,CAAC;IAEtD,YAAY,EAAgB,EAAE,MAAc,EAAE,MAAyB;QACrE,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;QACd,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QAEtB,qEAAqE;QACrE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;;;;;;;;;;;KAWb,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;;;KAGb,CAAC,CAAC;QACH,oFAAoF;QACpF,6EAA6E;QAC7E,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,gCAAgC,CAAC,CAAC,GAAG,EAAwC,CAAC;QAC5G,MAAM,MAAM,GAAG,CAAC,CAAS,EAAW,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC;QACtE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,4EAA4E,CAAC,CAAC;QAC9F,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAChC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;QAC5E,CAAC;QACD,6FAA6F;QAC7F,0FAA0F;QAC1F,yDAAyD;QACzD,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YAC1B,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,mFAAmF;IACnF,GAAG,CAAC,SAAiB,EAAE,SAAiB;QACtC,OAAO,GAAG,SAAS,OAAO,SAAS,EAAE,CAAC;IACxC,CAAC;IAED;;;OAGG;IACH,UAAU;QACR,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG;aAClB,OAAO,CAAC,0KAA0K,CAAC;aACnL,GAAG,EAUF,CAAC;QAEL,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACrB,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;QAC/B,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QAEvB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,0EAA0E;YAC1E,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACnE,IAAI,GAAG,CAAC,QAAQ,GAAG,UAAU;gBAAE,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;YAExF,IAAI,GAAG,CAAC,YAAY,KAAK,CAAC,EAAE,CAAC;gBAC3B,0FAA0F;gBAC1F,6FAA6F;gBAC7F,MAAM,SAAS,GAAG,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;gBACvC,MAAM,KAAK,GAAyB;oBAClC,SAAS;oBACT,SAAS,EAAE,GAAG,CAAC,UAAU;oBACzB,cAAc,EAAE,GAAG,CAAC,gBAAgB,IAAI,GAAG,CAAC,SAAS;oBACrD,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBAC9D,QAAQ,EAAE,GAAG,CAAC,SAAS;oBACvB,QAAQ,EAAE,GAAG,CAAC,QAAQ;iBACvB,CAAC;gBACF,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;gBAChD,IAAI,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAC/B,IAAI,CAAC,CAAC,EAAE,CAAC;oBAAC,CAAC,GAAG,EAAE,CAAC;oBAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;gBAAC,CAAC;gBAC9C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACd,SAAS;YACX,CAAC;YAED,MAAM,KAAK,GAAoB;gBAC7B,SAAS,EAAE,GAAG,CAAC,UAAU;gBACzB,QAAQ,EAAE,GAAG,CAAC,SAAS;gBACvB,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;gBAC9D,QAAQ,EAAE,GAAG,CAAC,SAAS;gBACvB,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,QAAQ,EAAE,GAAG,CAAC,QAAQ;aACvB,CAAC;YAEF,IAAI,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACrD,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,YAAY,GAAG,EAAE,CAAC;gBAClB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;YAClD,CAAC;YACD,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,kGAAkG;IAClG,SAAS,CAAC,CAAa;QACrB,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,CAAC;IAED;;;;OAIG;IACH,SAAS,CAAC,CAAa;QACrB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,CAAC,SAAiB,EAAE,KAAiB,EAAE,WAAuB;QACnE,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAEpD,IAAI,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,YAAY,GAAG,EAAE,CAAC;YAClB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAC5C,CAAC;QAED,4CAA4C;QAC5C,IAAI,YAAY,CAAC,MAAM,IAAI,eAAe,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YAC/B,iBAAiB;YACjB,IAAI,CAAC;gBACH,IAAI,CAAC,GAAG;qBACL,OAAO,CAAC,+DAA+D,CAAC;qBACxE,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE;oBACjD,SAAS;oBACT,KAAK,EAAE,MAAM,CAAC,QAAQ;oBACtB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;YACL,CAAC;YACD,+DAA+D;YAC/D,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,uBAAuB,EAAE;gBACzC,SAAS;gBACT,KAAK,EAAE,MAAM,CAAC,QAAQ;gBACtB,UAAU,EAAE,eAAe;aAC5B,CAAC,CAAC;YACH,wBAAwB;YACxB,YAAY,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC;QAED,wBAAwB;QACxB,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,UAAU,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAEpD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAoB;YAC7B,SAAS;YACT,QAAQ;YACR,WAAW;YACX,QAAQ;YACR,QAAQ,EAAE,CAAC;YACX,QAAQ,EAAE,YAAY;SACvB,CAAC;QAEF,uBAAuB;QACvB,IAAI,CAAC;YACH,IAAI,CAAC,GAAG;iBACL,OAAO,CACN;qCAC2B,CAC5B;iBACA,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,YAAY,CAAC,CAAC;QACnG,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE;gBACjD,SAAS;gBACT,KAAK,EAAE,QAAQ;gBACf,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,iDAAiD;QACnD,CAAC;QAED,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEzB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE;YACxC,SAAS;YACT,KAAK,EAAE,QAAQ;YACf,UAAU,EAAE,YAAY,CAAC,MAAM;SAChC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,YAAY,CAAC,SAAiB,EAAE,MAAgB;QACpD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACjD,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/C,OAAO,CAAC,CAAC;QACX,CAAC;QAED,IAAI,SAAS,GAAG,CAAC,CAAC;QAElB,sEAAsE;QACtE,OAAO,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAE/C,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBACtB,uEAAuE;gBACvE,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACjB,IAAI,CAAC;oBACH,IAAI,CAAC,GAAG;yBACL,OAAO,CAAC,4EAA4E,CAAC;yBACrF,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC;gBAAC,OAAO,GAAY,EAAE,CAAC;oBACtB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE;wBACjD,SAAS;wBACT,KAAK,EAAE,KAAK,CAAC,QAAQ;wBACrB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;qBACxD,CAAC,CAAC;gBACL,CAAC;gBACD,6CAA6C;gBAC7C,MAAM;YACR,CAAC;YAED,0BAA0B;YAC1B,IAAI,CAAC;gBACH,IAAI,CAAC,GAAG;qBACL,OAAO,CAAC,gEAAgE,CAAC;qBACzE,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;YACpC,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE;oBACjD,SAAS;oBACT,KAAK,EAAE,KAAK,CAAC,QAAQ;oBACrB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;YACL,CAAC;YAED,qBAAqB;YACrB,YAAY,CAAC,KAAK,EAAE,CAAC;YAErB,iCAAiC;YACjC,MAAM,aAAa,GAAG,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC;YAEzC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,yBAAyB,EAAE;gBAC3C,SAAS;gBACT,KAAK,EAAE,KAAK,CAAC,QAAQ;gBACrB,aAAa;aACd,CAAC,CAAC;YAEH,SAAS,EAAE,CAAC;QACd,CAAC;QAED,6BAA6B;QAC7B,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,mDAAmD;IACnD,aAAa;QACX,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1C,KAAK,IAAI,KAAK,CAAC,MAAM,CAAC;QACxB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,gDAAgD;IAChD,eAAe,CAAC,SAAiB;QAC/B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,MAAM,IAAI,CAAC,CAAC;IAClD,CAAC;IAED,+FAA+F;IAC/F,iBAAiB,CAAC,SAAiB;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC1C,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACjC,CAAC;IAED,qFAAqF;IAErF;;;;;OAKG;IACH,sBAAsB,CAAC,SAAiB,EAAE,SAAiB,EAAE,WAAuB,EAAE,WAAuB;QAC3G,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAChE,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/B,IAAI,CAAC,CAAC,EAAE,CAAC;YAAC,CAAC,GAAG,EAAE,CAAC;YAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAAC,CAAC;QAC9C,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,cAAc,CAAC;YAAE,OAAO,CAAC,aAAa;QAE7E,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,QAAQ,GAAG,UAAU,GAAG,CAAC,CAAC;QAChC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE5B,IAAI,CAAC;YACH,IAAI,CAAC,GAAG;iBACL,OAAO,CACN;8CACoC,CACrC;iBACA,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;QAChI,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE;gBACjD,SAAS;gBACT,KAAK,EAAE,cAAc;gBACrB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,iEAAiE;QACnE,CAAC;QAED,CAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,qEAAqE;IACrE,gBAAgB,CAAC,SAAiB,EAAE,SAAiB,EAAE,WAAuB;QAC5E,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAChE,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC1C,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,EAAE,CAAC;YACN,MAAM,GAAG,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,cAAc,CAAC,CAAC;YACpE,IAAI,GAAG,KAAK,CAAC,CAAC;gBAAE,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YACjC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;gBAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAChD,CAAC;QACD,IAAI,CAAC;YACH,IAAI,CAAC,GAAG;iBACL,OAAO,CAAC,+GAA+G,CAAC;iBACxH,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE;gBACjD,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aAC1F,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,iEAAiE;IACjE,gBAAgB,CAAC,SAAiB,EAAE,SAAiB;QACnD,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,EAAE,MAAM,IAAI,CAAC,CAAC;IACzE,CAAC;IAED,mGAAmG;IACnG,mBAAmB;QACjB,MAAM,GAAG,GAAoD,EAAE,CAAC;QAChE,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;YACxC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;gBAAE,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;QACvF,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,mBAAmB,CAAC,SAAiB,EAAE,SAAiB,EAAE,MAAc;QAC5E,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC1C,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,CAAC,CAAC;QACnC,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,KAAK,MAAM,KAAK,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAC3B,IAAI,MAAkB,CAAC;YACvB,IAAI,CAAC;gBACH,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC;YAC/B,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,MAAM,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtF,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,MAAM;gBAAE,SAAS,CAAC,mDAAmD;YACjF,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC7B,IAAI,GAAG,KAAK,CAAC,CAAC;gBAAE,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YACjC,IAAI,CAAC;gBACH,IAAI,CAAC,GAAG;qBACL,OAAO,CAAC,+GAA+G,CAAC;qBACxH,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;YACrD,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE;oBACjD,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,cAAc,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBAChG,CAAC,CAAC;YACL,CAAC;YACD,MAAM,IAAI,CAAC,CAAC;QACd,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;YAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC9C,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/dist/seal-frontier-verify.d.ts

@@ -0,0 +1,58 @@
+/**
+ * DOD-LEG-2 (SESSION-004 SI-002) — client-side content-frontier re-derivation.
+ *
+ * The directory builds + signs the seal legibility, including each party's
+ * `content_frontier_seq` ("the highest message the party provably received"). The client
+ * must NOT trust that published value: a buggy or malicious directory could inflate it.
+ * The client independently re-derives each party's frontier from the SIGNED leaves the
+ * directory ships on the session_sealed frame, and rejects the certificate
+ * (`certificate_frontier_unverifiable`) if any published frontier EXCEEDS what the signed
+ * leaves support.
+ *
+ * Why signature-verification alone is sufficient to catch inflation: the directory cannot
+ * forge a leaf signed by a participant (it holds no participant key), so it can only ship
+ * REAL signed leaves. The maximum real signed last_seen_seq for a party IS that party's
+ * honest frontier — there is no way to fabricate a higher one. (A malicious directory could
+ * OMIT leaves, lowering the re-derived value and DoS-ing its own seal, but that is a refusal
+ * to seal, not an inflation attack — and Merkle-binding the shipped leaves to the sealed_root
+ * is a further hardening tracked separately.)
+ *
+ * Mirrors the directory's buildSealLegibility frontier derivation
+ * (trustless-cello/packages/directory/src/seal-legibility.ts): max signed last_seen_seq
+ * (Structure 1 index 4) per sender, over that sender's OWN signed leaves.
+ */
+export interface SealFrontierLeaf {
+    structure1_cbor: Uint8Array;
+    sender_pubkey: Uint8Array;
+    sender_signature: Uint8Array;
+}
+export type ReDeriveResult = {
+    ok: true;
+    frontiers: Map<string, number>;
+} | {
+    ok: false;
+    reason: "leaf_signature_invalid" | "leaf_malformed" | "leaf_session_mismatch";
+};
+/**
+ * Re-derive each party's content_frontier_seq from the signed leaves. Verifies every leaf's
+ * Ed25519 signature over its Structure 1 bytes AND that the leaf's SIGNED session_id matches
+ * the session being sealed — otherwise a malicious directory could replay a party's genuinely
+ * signed leaves from a DIFFERENT session (where it reached a higher frontier) to inflate this
+ * session's frontier. An unverifiable or wrong-session leaf fails the whole re-derivation.
+ * Returns a map of lowercase-hex sender pubkey → max signed last_seen_seq.
+ */
+export declare function reDeriveFrontiers(leaves: SealFrontierLeaf[], expectedSessionId: Uint8Array): ReDeriveResult;
+/**
+ * Compare each published per-party content_frontier_seq against the re-derived value. Returns
+ * the first party whose PUBLISHED frontier exceeds what its signed leaves support (inflation —
+ * the certificate_frontier_unverifiable case), or null when every published frontier is honest.
+ */
+export declare function findInflatedFrontier(participants: ReadonlyArray<{
+    pubkey: string;
+    content_frontier_seq: number;
+}>, derived: Map<string, number>): {
+    party: string;
+    publishedFrontier: number;
+    derivedFrontier: number;
+} | null;
+//# sourceMappingURL=seal-frontier-verify.d.ts.map

package/dist/seal-frontier-verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seal-frontier-verify.d.ts","sourceRoot":"","sources":["../src/seal-frontier-verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAKH,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,UAAU,CAAC;IAC5B,aAAa,EAAE,UAAU,CAAC;IAC1B,gBAAgB,EAAE,UAAU,CAAC;CAC9B;AAED,MAAM,MAAM,cAAc,GACtB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAAE,GAC5C;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,wBAAwB,GAAG,gBAAgB,GAAG,uBAAuB,CAAA;CAAE,CAAC;AAQjG;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,gBAAgB,EAAE,EAAE,iBAAiB,EAAE,UAAU,GAAG,cAAc,CA0B3G;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAClC,YAAY,EAAE,aAAa,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,oBAAoB,EAAE,MAAM,CAAA;CAAE,CAAC,EAC7E,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAC3B;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,iBAAiB,EAAE,MAAM,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAQ9E"}

package/dist/seal-frontier-verify.js

@@ -0,0 +1,87 @@
+/**
+ * DOD-LEG-2 (SESSION-004 SI-002) — client-side content-frontier re-derivation.
+ *
+ * The directory builds + signs the seal legibility, including each party's
+ * `content_frontier_seq` ("the highest message the party provably received"). The client
+ * must NOT trust that published value: a buggy or malicious directory could inflate it.
+ * The client independently re-derives each party's frontier from the SIGNED leaves the
+ * directory ships on the session_sealed frame, and rejects the certificate
+ * (`certificate_frontier_unverifiable`) if any published frontier EXCEEDS what the signed
+ * leaves support.
+ *
+ * Why signature-verification alone is sufficient to catch inflation: the directory cannot
+ * forge a leaf signed by a participant (it holds no participant key), so it can only ship
+ * REAL signed leaves. The maximum real signed last_seen_seq for a party IS that party's
+ * honest frontier — there is no way to fabricate a higher one. (A malicious directory could
+ * OMIT leaves, lowering the re-derived value and DoS-ing its own seal, but that is a refusal
+ * to seal, not an inflation attack — and Merkle-binding the shipped leaves to the sealed_root
+ * is a further hardening tracked separately.)
+ *
+ * Mirrors the directory's buildSealLegibility frontier derivation
+ * (trustless-cello/packages/directory/src/seal-legibility.ts): max signed last_seen_seq
+ * (Structure 1 index 4) per sender, over that sender's OWN signed leaves.
+ */
+import { verify } from "@cello-protocol/crypto";
+import { decode } from "cbor-x";
+function bytesEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    for (let i = 0; i < a.length; i++)
+        if (a[i] !== b[i])
+            return false;
+    return true;
+}
+/**
+ * Re-derive each party's content_frontier_seq from the signed leaves. Verifies every leaf's
+ * Ed25519 signature over its Structure 1 bytes AND that the leaf's SIGNED session_id matches
+ * the session being sealed — otherwise a malicious directory could replay a party's genuinely
+ * signed leaves from a DIFFERENT session (where it reached a higher frontier) to inflate this
+ * session's frontier. An unverifiable or wrong-session leaf fails the whole re-derivation.
+ * Returns a map of lowercase-hex sender pubkey → max signed last_seen_seq.
+ */
+export function reDeriveFrontiers(leaves, expectedSessionId) {
+    const frontiers = new Map();
+    for (const leaf of leaves) {
+        if (!verify(leaf.sender_pubkey, leaf.structure1_cbor, leaf.sender_signature)) {
+            return { ok: false, reason: "leaf_signature_invalid" };
+        }
+        let arr;
+        try {
+            arr = decode(leaf.structure1_cbor);
+        }
+        catch {
+            return { ok: false, reason: "leaf_malformed" };
+        }
+        // Structure 1 = [1, content_hash(32), sender_pubkey(32), session_id(16), last_seen_seq, ts]
+        if (!Array.isArray(arr) || arr.length < 5)
+            return { ok: false, reason: "leaf_malformed" };
+        const sid = arr[3];
+        if (!(sid instanceof Uint8Array) || !bytesEqual(sid, expectedSessionId)) {
+            return { ok: false, reason: "leaf_session_mismatch" };
+        }
+        const raw = arr[4];
+        const lss = typeof raw === "bigint" ? Number(raw) : raw;
+        if (typeof lss !== "number" || !Number.isFinite(lss))
+            continue; // leaf carries no signed last_seen
+        const senderHex = Buffer.from(leaf.sender_pubkey).toString("hex").toLowerCase();
+        const cur = frontiers.get(senderHex) ?? 0;
+        if (lss > cur)
+            frontiers.set(senderHex, lss);
+    }
+    return { ok: true, frontiers };
+}
+/**
+ * Compare each published per-party content_frontier_seq against the re-derived value. Returns
+ * the first party whose PUBLISHED frontier exceeds what its signed leaves support (inflation —
+ * the certificate_frontier_unverifiable case), or null when every published frontier is honest.
+ */
+export function findInflatedFrontier(participants, derived) {
+    for (const p of participants) {
+        const d = derived.get(p.pubkey.toLowerCase()) ?? 0;
+        if (p.content_frontier_seq > d) {
+            return { party: p.pubkey, publishedFrontier: p.content_frontier_seq, derivedFrontier: d };
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=seal-frontier-verify.js.map

package/dist/seal-frontier-verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"seal-frontier-verify.js","sourceRoot":"","sources":["../src/seal-frontier-verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAYhC,SAAS,UAAU,CAAC,CAAa,EAAE,CAAa;IAC9C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IACnE,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAA0B,EAAE,iBAA6B;IACzF,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC5C,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC7E,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;QACzD,CAAC;QACD,IAAI,GAAY,CAAC;QACjB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QACjD,CAAC;QACD,4FAA4F;QAC5F,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QAC1F,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,CAAC,CAAC,GAAG,YAAY,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,iBAAiB,CAAC,EAAE,CAAC;YACxE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;QACxD,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACnB,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,SAAS,CAAC,mCAAmC;QACnG,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QAChF,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,GAAG,GAAG,GAAG;YAAE,SAAS,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAClC,YAA6E,EAC7E,OAA4B;IAE5B,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7B,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC;QACnD,IAAI,CAAC,CAAC,oBAAoB,GAAG,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,iBAAiB,EAAE,CAAC,CAAC,oBAAoB,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;QAC5F,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/seal-legibility-tbs.d.ts

@@ -0,0 +1,25 @@
+/** The legibility shape this hash reads — pubkeys may be Uint8Array or Buffer (CBOR-decoded). */
+export interface LegibilityForHash {
+    participants: Array<{
+        pubkey: unknown;
+        content_frontier_seq: unknown;
+        last_authored_seq: unknown;
+        attestation_mode: unknown;
+    }>;
+    final_message: {
+        sender_pubkey: unknown;
+        seq: unknown;
+        answered: unknown;
+    };
+}
+export declare function canonicalLegibilityBytes(legibility: LegibilityForHash): Buffer;
+/** SHA-256 of the canonical legibility bytes (32 bytes). */
+export declare function canonicalLegibilityHash(legibility: LegibilityForHash): Uint8Array;
+/**
+ * Build the seal TBS bytes WITH the legibility binding: the plain seal TBS concatenated with
+ * the 32-byte legibility hash. When `legibility` is absent (the unilateral seal carries none),
+ * returns the plain TBS unchanged — so the unilateral path keeps signing/verifying the plain TBS
+ * and only the bilateral path (which always carries legibility) is bound.
+ */
+export declare function bindLegibilityToTbs(tbs: Uint8Array, legibility: LegibilityForHash | null | undefined): Uint8Array;
+//# sourceMappingURL=seal-legibility-tbs.d.ts.map

package/dist/seal-legibility-tbs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seal-legibility-tbs.d.ts","sourceRoot":"","sources":["../src/seal-legibility-tbs.ts"],"names":[],"mappings":"AAuBA,iGAAiG;AACjG,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,KAAK,CAAC;QAClB,MAAM,EAAE,OAAO,CAAC;QAChB,oBAAoB,EAAE,OAAO,CAAC;QAC9B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,gBAAgB,EAAE,OAAO,CAAC;KAC3B,CAAC,CAAC;IACH,aAAa,EAAE;QACb,aAAa,EAAE,OAAO,CAAC;QACvB,GAAG,EAAE,OAAO,CAAC;QACb,QAAQ,EAAE,OAAO,CAAC;KACnB,CAAC;CACH;AA0BD,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,iBAAiB,GAAG,MAAM,CAY9E;AAED,4DAA4D;AAC5D,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,iBAAiB,GAAG,UAAU,CAEjF;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,iBAAiB,GAAG,IAAI,GAAG,SAAS,GAAG,UAAU,CAOjH"}