@certivu/cli 1.1.0

package/dist/index.js

@@ -0,0 +1,1707 @@
+#!/usr/bin/env node
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod2, isNodeMode, target) => (target = mod2 != null ? __create(__getProtoOf(mod2)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod2 || !mod2.__esModule ? __defProp(target, "default", { value: mod2, enumerable: true }) : target,
+  mod2
+));
+
+// src/config.ts
+var import_node_fs = require("fs");
+var import_node_os = require("os");
+var import_node_path = require("path");
+var CONFIG_PATH = (0, import_node_path.join)((0, import_node_os.homedir)(), ".config", "certivu", "config.json");
+async function loadConfig() {
+  const fromEnv = {
+    ...process.env.CERTIVU_API_KEY ? { apiKey: process.env.CERTIVU_API_KEY } : {},
+    ...process.env.CERTIVU_GENERATOR_ID ? { generatorId: process.env.CERTIVU_GENERATOR_ID } : {},
+    ...process.env.CERTIVU_PRIVATE_KEY ? { privateKey: process.env.CERTIVU_PRIVATE_KEY } : {},
+    ...process.env.CERTIVU_BASE_URL ? { baseUrl: process.env.CERTIVU_BASE_URL } : {}
+  };
+  let fromFile = {};
+  try {
+    const raw = (0, import_node_fs.readFileSync)(CONFIG_PATH, "utf8");
+    fromFile = JSON.parse(raw);
+  } catch {
+  }
+  const merged = {};
+  const apiKey = fromEnv.apiKey ?? fromFile.apiKey;
+  const generatorId = fromEnv.generatorId ?? fromFile.generatorId;
+  const privateKey = fromEnv.privateKey ?? fromFile.privateKey;
+  const baseUrl = fromEnv.baseUrl ?? fromFile.baseUrl ?? "https://api.certivu.ai";
+  if (apiKey) merged.apiKey = apiKey;
+  if (generatorId) merged.generatorId = generatorId;
+  if (privateKey) merged.privateKey = privateKey;
+  merged.baseUrl = baseUrl;
+  return merged;
+}
+async function saveConfig(updates) {
+  const existing = await loadConfig();
+  const merged = { ...existing, ...updates };
+  (0, import_node_fs.mkdirSync)((0, import_node_path.dirname)(CONFIG_PATH), { recursive: true });
+  (0, import_node_fs.writeFileSync)(CONFIG_PATH, JSON.stringify(merged, null, 2), "utf8");
+}
+
+// src/ui.ts
+var c = {
+  reset: "\x1B[0m",
+  bold: "\x1B[1m",
+  dim: "\x1B[2m",
+  green: "\x1B[32m",
+  red: "\x1B[31m",
+  yellow: "\x1B[33m",
+  cyan: "\x1B[36m",
+  white: "\x1B[37m",
+  gray: "\x1B[90m"
+};
+var isTTY = process.stdout.isTTY;
+var paint = (code, text) => isTTY ? `${code}${text}${c.reset}` : text;
+var ok = (msg) => paint(c.green + c.bold, `\u2713 ${msg}`);
+var err = (msg) => paint(c.red + c.bold, `\u2717 ${msg}`);
+var warn = (msg) => paint(c.yellow, `\u26A0 ${msg}`);
+var label = (s) => paint(c.gray, s.padEnd(12));
+var value = (s) => paint(c.white, s);
+var dim = (s) => paint(c.dim, s);
+var bold = (s) => paint(c.bold, s);
+var amber = (s) => paint(c.yellow + c.bold, s);
+function row(key, val) {
+  console.log(`  ${label(key)}${value(val)}`);
+}
+function die(msg, code = 1) {
+  console.error(err(msg));
+  process.exit(code);
+}
+function confidenceBadge(confidence) {
+  switch (confidence) {
+    case "high":
+      return paint(c.green + c.bold, "HIGH");
+    case "medium":
+      return paint(c.yellow + c.bold, "MEDIUM");
+    case "low":
+      return paint(c.yellow, "LOW");
+    default:
+      return paint(c.gray, "NONE");
+  }
+}
+
+// src/commands/config.ts
+var VALID_KEYS = ["api-key", "generator-id", "private-key", "base-url"];
+var KEY_MAP = {
+  "api-key": "apiKey",
+  "generator-id": "generatorId",
+  "private-key": "privateKey",
+  "base-url": "baseUrl"
+};
+async function configCommand(sub, key, value2) {
+  if (sub === "set") {
+    if (!key || !value2) die("Usage: certivu config set <key> <value>");
+    if (!VALID_KEYS.includes(key)) {
+      die(`Unknown config key: ${key}
+Valid keys: ${VALID_KEYS.join(", ")}`);
+    }
+    const field = KEY_MAP[key];
+    await saveConfig({ [field]: value2 });
+    console.log(ok(`Saved ${key}`));
+    return;
+  }
+  if (sub === "get" || sub === void 0) {
+    const config = await loadConfig();
+    row("api-key", config.apiKey ? `${config.apiKey.slice(0, 12)}...` : "(not set)");
+    row("generator-id", config.generatorId ?? "(not set)");
+    row("private-key", config.privateKey ? "(set)" : "(not set)");
+    row("base-url", config.baseUrl ?? "https://api.certivu.ai");
+    return;
+  }
+  die(`Unknown config subcommand: ${sub}
+Usage: certivu config [get|set <key> <value>]`);
+}
+
+// src/commands/sign.ts
+var import_node_fs2 = require("fs");
+
+// ../../packages/sdk/dist/index.js
+var nc = __toESM(require("crypto"));
+async function getAuditLog(baseUrl, apiKey, options = {}) {
+  const page = options.page ?? 1;
+  const limit = options.limit ?? 20;
+  const res = await fetch(`${baseUrl}/v1/audit?page=${page}&limit=${limit}`, {
+    headers: { Authorization: `Bearer ${apiKey}` }
+  });
+  if (!res.ok) {
+    const err2 = await res.json().catch(() => ({}));
+    throw new Error(err2.error ?? `HTTP ${res.status}`);
+  }
+  return res.json();
+}
+var U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
+var _32n = /* @__PURE__ */ BigInt(32);
+function fromBig(n, le = false) {
+  if (le)
+    return { h: Number(n & U32_MASK64), l: Number(n >> _32n & U32_MASK64) };
+  return { h: Number(n >> _32n & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };
+}
+function split(lst, le = false) {
+  const len = lst.length;
+  let Ah = new Uint32Array(len);
+  let Al = new Uint32Array(len);
+  for (let i = 0; i < len; i++) {
+    const { h, l } = fromBig(lst[i], le);
+    [Ah[i], Al[i]] = [h, l];
+  }
+  return [Ah, Al];
+}
+var rotlSH = (h, l, s) => h << s | l >>> 32 - s;
+var rotlSL = (h, l, s) => l << s | h >>> 32 - s;
+var rotlBH = (h, l, s) => l << s - 32 | h >>> 64 - s;
+var rotlBL = (h, l, s) => h << s - 32 | l >>> 64 - s;
+function isBytes(a) {
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+function anumber(n) {
+  if (!Number.isSafeInteger(n) || n < 0)
+    throw new Error("positive integer expected, got " + n);
+}
+function abytes(b, ...lengths) {
+  if (!isBytes(b))
+    throw new Error("Uint8Array expected");
+  if (lengths.length > 0 && !lengths.includes(b.length))
+    throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
+}
+function aexists(instance, checkFinished = true) {
+  if (instance.destroyed)
+    throw new Error("Hash instance has been destroyed");
+  if (checkFinished && instance.finished)
+    throw new Error("Hash#digest() has already been called");
+}
+function aoutput(out, instance) {
+  abytes(out);
+  const min = instance.outputLen;
+  if (out.length < min) {
+    throw new Error("digestInto() expects output buffer of length at least " + min);
+  }
+}
+function u32(arr) {
+  return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
+}
+function clean(...arrays) {
+  for (let i = 0; i < arrays.length; i++) {
+    arrays[i].fill(0);
+  }
+}
+var isLE = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
+function byteSwap(word) {
+  return word << 24 & 4278190080 | word << 8 & 16711680 | word >>> 8 & 65280 | word >>> 24 & 255;
+}
+function byteSwap32(arr) {
+  for (let i = 0; i < arr.length; i++) {
+    arr[i] = byteSwap(arr[i]);
+  }
+  return arr;
+}
+var swap32IfBE = isLE ? (u) => u : byteSwap32;
+var hasHexBuiltin = /* @__PURE__ */ (() => typeof Uint8Array.from([]).toHex === "function" && typeof Uint8Array.fromHex === "function")();
+var hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
+function bytesToHex(bytes) {
+  abytes(bytes);
+  if (hasHexBuiltin)
+    return bytes.toHex();
+  let hex = "";
+  for (let i = 0; i < bytes.length; i++) {
+    hex += hexes[bytes[i]];
+  }
+  return hex;
+}
+function utf8ToBytes(str) {
+  if (typeof str !== "string")
+    throw new Error("string expected");
+  return new Uint8Array(new TextEncoder().encode(str));
+}
+function toBytes(data) {
+  if (typeof data === "string")
+    data = utf8ToBytes(data);
+  abytes(data);
+  return data;
+}
+var Hash = class {
+};
+function createHasher(hashCons) {
+  const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
+  const tmp = hashCons();
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = () => hashCons();
+  return hashC;
+}
+var _0n = BigInt(0);
+var _1n = BigInt(1);
+var _2n = BigInt(2);
+var _7n = BigInt(7);
+var _256n = BigInt(256);
+var _0x71n = BigInt(113);
+var SHA3_PI = [];
+var SHA3_ROTL = [];
+var _SHA3_IOTA = [];
+for (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {
+  [x, y] = [y, (2 * x + 3 * y) % 5];
+  SHA3_PI.push(2 * (5 * y + x));
+  SHA3_ROTL.push((round + 1) * (round + 2) / 2 % 64);
+  let t = _0n;
+  for (let j = 0; j < 7; j++) {
+    R = (R << _1n ^ (R >> _7n) * _0x71n) % _256n;
+    if (R & _2n)
+      t ^= _1n << (_1n << /* @__PURE__ */ BigInt(j)) - _1n;
+  }
+  _SHA3_IOTA.push(t);
+}
+var IOTAS = split(_SHA3_IOTA, true);
+var SHA3_IOTA_H = IOTAS[0];
+var SHA3_IOTA_L = IOTAS[1];
+var rotlH = (h, l, s) => s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s);
+var rotlL = (h, l, s) => s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s);
+function keccakP(s, rounds = 24) {
+  const B = new Uint32Array(5 * 2);
+  for (let round = 24 - rounds; round < 24; round++) {
+    for (let x = 0; x < 10; x++)
+      B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];
+    for (let x = 0; x < 10; x += 2) {
+      const idx1 = (x + 8) % 10;
+      const idx0 = (x + 2) % 10;
+      const B0 = B[idx0];
+      const B1 = B[idx0 + 1];
+      const Th = rotlH(B0, B1, 1) ^ B[idx1];
+      const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];
+      for (let y = 0; y < 50; y += 10) {
+        s[x + y] ^= Th;
+        s[x + y + 1] ^= Tl;
+      }
+    }
+    let curH = s[2];
+    let curL = s[3];
+    for (let t = 0; t < 24; t++) {
+      const shift = SHA3_ROTL[t];
+      const Th = rotlH(curH, curL, shift);
+      const Tl = rotlL(curH, curL, shift);
+      const PI = SHA3_PI[t];
+      curH = s[PI];
+      curL = s[PI + 1];
+      s[PI] = Th;
+      s[PI + 1] = Tl;
+    }
+    for (let y = 0; y < 50; y += 10) {
+      for (let x = 0; x < 10; x++)
+        B[x] = s[y + x];
+      for (let x = 0; x < 10; x++)
+        s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];
+    }
+    s[0] ^= SHA3_IOTA_H[round];
+    s[1] ^= SHA3_IOTA_L[round];
+  }
+  clean(B);
+}
+var Keccak = class _Keccak extends Hash {
+  constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {
+    super();
+    this.pos = 0;
+    this.posOut = 0;
+    this.finished = false;
+    this.destroyed = false;
+    this.enableXOF = false;
+    this.blockLen = blockLen;
+    this.suffix = suffix;
+    this.outputLen = outputLen;
+    this.enableXOF = enableXOF;
+    this.rounds = rounds;
+    anumber(outputLen);
+    if (!(0 < blockLen && blockLen < 200))
+      throw new Error("only keccak-f1600 function is supported");
+    this.state = new Uint8Array(200);
+    this.state32 = u32(this.state);
+  }
+  clone() {
+    return this._cloneInto();
+  }
+  keccak() {
+    swap32IfBE(this.state32);
+    keccakP(this.state32, this.rounds);
+    swap32IfBE(this.state32);
+    this.posOut = 0;
+    this.pos = 0;
+  }
+  update(data) {
+    aexists(this);
+    data = toBytes(data);
+    abytes(data);
+    const { blockLen, state } = this;
+    const len = data.length;
+    for (let pos = 0; pos < len; ) {
+      const take = Math.min(blockLen - this.pos, len - pos);
+      for (let i = 0; i < take; i++)
+        state[this.pos++] ^= data[pos++];
+      if (this.pos === blockLen)
+        this.keccak();
+    }
+    return this;
+  }
+  finish() {
+    if (this.finished)
+      return;
+    this.finished = true;
+    const { state, suffix, pos, blockLen } = this;
+    state[pos] ^= suffix;
+    if ((suffix & 128) !== 0 && pos === blockLen - 1)
+      this.keccak();
+    state[blockLen - 1] ^= 128;
+    this.keccak();
+  }
+  writeInto(out) {
+    aexists(this, false);
+    abytes(out);
+    this.finish();
+    const bufferOut = this.state;
+    const { blockLen } = this;
+    for (let pos = 0, len = out.length; pos < len; ) {
+      if (this.posOut >= blockLen)
+        this.keccak();
+      const take = Math.min(blockLen - this.posOut, len - pos);
+      out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);
+      this.posOut += take;
+      pos += take;
+    }
+    return out;
+  }
+  xofInto(out) {
+    if (!this.enableXOF)
+      throw new Error("XOF is not possible for this instance");
+    return this.writeInto(out);
+  }
+  xof(bytes) {
+    anumber(bytes);
+    return this.xofInto(new Uint8Array(bytes));
+  }
+  digestInto(out) {
+    aoutput(out, this);
+    if (this.finished)
+      throw new Error("digest() was already called");
+    this.writeInto(out);
+    this.destroy();
+    return out;
+  }
+  digest() {
+    return this.digestInto(new Uint8Array(this.outputLen));
+  }
+  destroy() {
+    this.destroyed = true;
+    clean(this.state);
+  }
+  _cloneInto(to) {
+    const { blockLen, suffix, outputLen, rounds, enableXOF } = this;
+    to || (to = new _Keccak(blockLen, suffix, outputLen, enableXOF, rounds));
+    to.state32.set(this.state32);
+    to.pos = this.pos;
+    to.posOut = this.posOut;
+    to.finished = this.finished;
+    to.rounds = rounds;
+    to.suffix = suffix;
+    to.outputLen = outputLen;
+    to.enableXOF = enableXOF;
+    to.destroyed = this.destroyed;
+    return to;
+  }
+};
+var gen = (suffix, blockLen, outputLen) => createHasher(() => new Keccak(blockLen, suffix, outputLen));
+var sha3_256 = /* @__PURE__ */ (() => gen(6, 136, 256 / 8))();
+function hash(content) {
+  const bytes = typeof content === "string" ? new TextEncoder().encode(content) : content;
+  return `sha3-256:${bytesToHex(sha3_256(bytes))}`;
+}
+function canonicalJson(obj) {
+  return JSON.stringify(obj, Object.keys(obj).sort());
+}
+function anumber2(n) {
+  if (!Number.isSafeInteger(n) || n < 0)
+    throw new Error("positive integer expected, got " + n);
+}
+function isBytes2(a) {
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+function abytes2(b, ...lengths) {
+  if (!isBytes2(b))
+    throw new Error("Uint8Array expected");
+  if (lengths.length > 0 && !lengths.includes(b.length))
+    throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
+}
+function aexists2(instance, checkFinished = true) {
+  if (instance.destroyed)
+    throw new Error("Hash instance has been destroyed");
+  if (checkFinished && instance.finished)
+    throw new Error("Hash#digest() has already been called");
+}
+function aoutput2(out, instance) {
+  abytes2(out);
+  const min = instance.outputLen;
+  if (out.length < min) {
+    throw new Error("digestInto() expects output buffer of length at least " + min);
+  }
+}
+var U32_MASK642 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
+var _32n2 = /* @__PURE__ */ BigInt(32);
+function fromBig2(n, le = false) {
+  if (le)
+    return { h: Number(n & U32_MASK642), l: Number(n >> _32n2 & U32_MASK642) };
+  return { h: Number(n >> _32n2 & U32_MASK642) | 0, l: Number(n & U32_MASK642) | 0 };
+}
+function split2(lst, le = false) {
+  let Ah = new Uint32Array(lst.length);
+  let Al = new Uint32Array(lst.length);
+  for (let i = 0; i < lst.length; i++) {
+    const { h, l } = fromBig2(lst[i], le);
+    [Ah[i], Al[i]] = [h, l];
+  }
+  return [Ah, Al];
+}
+var rotlSH2 = (h, l, s) => h << s | l >>> 32 - s;
+var rotlSL2 = (h, l, s) => l << s | h >>> 32 - s;
+var rotlBH2 = (h, l, s) => l << s - 32 | h >>> 64 - s;
+var rotlBL2 = (h, l, s) => h << s - 32 | l >>> 64 - s;
+var crypto2 = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : nc && typeof nc === "object" && "randomBytes" in nc ? nc : void 0;
+var u322 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
+var isLE2 = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
+var byteSwap2 = (word) => word << 24 & 4278190080 | word << 8 & 16711680 | word >>> 8 & 65280 | word >>> 24 & 255;
+function byteSwap322(arr) {
+  for (let i = 0; i < arr.length; i++) {
+    arr[i] = byteSwap2(arr[i]);
+  }
+}
+function utf8ToBytes2(str) {
+  if (typeof str !== "string")
+    throw new Error("utf8ToBytes expected string, got " + typeof str);
+  return new Uint8Array(new TextEncoder().encode(str));
+}
+function toBytes2(data) {
+  if (typeof data === "string")
+    data = utf8ToBytes2(data);
+  abytes2(data);
+  return data;
+}
+function concatBytes(...arrays) {
+  let sum = 0;
+  for (let i = 0; i < arrays.length; i++) {
+    const a = arrays[i];
+    abytes2(a);
+    sum += a.length;
+  }
+  const res = new Uint8Array(sum);
+  for (let i = 0, pad = 0; i < arrays.length; i++) {
+    const a = arrays[i];
+    res.set(a, pad);
+    pad += a.length;
+  }
+  return res;
+}
+var Hash2 = class {
+  clone() {
+    return this._cloneInto();
+  }
+};
+function wrapConstructor(hashCons) {
+  const hashC = (msg) => hashCons().update(toBytes2(msg)).digest();
+  const tmp = hashCons();
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = () => hashCons();
+  return hashC;
+}
+function wrapXOFConstructorWithOpts(hashCons) {
+  const hashC = (msg, opts) => hashCons(opts).update(toBytes2(msg)).digest();
+  const tmp = hashCons({});
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = (opts) => hashCons(opts);
+  return hashC;
+}
+function randomBytes(bytesLength = 32) {
+  if (crypto2 && typeof crypto2.getRandomValues === "function") {
+    return crypto2.getRandomValues(new Uint8Array(bytesLength));
+  }
+  if (crypto2 && typeof crypto2.randomBytes === "function") {
+    return crypto2.randomBytes(bytesLength);
+  }
+  throw new Error("crypto.getRandomValues must be defined");
+}
+var SHA3_PI2 = [];
+var SHA3_ROTL2 = [];
+var _SHA3_IOTA2 = [];
+var _0n2 = /* @__PURE__ */ BigInt(0);
+var _1n2 = /* @__PURE__ */ BigInt(1);
+var _2n2 = /* @__PURE__ */ BigInt(2);
+var _7n2 = /* @__PURE__ */ BigInt(7);
+var _256n2 = /* @__PURE__ */ BigInt(256);
+var _0x71n2 = /* @__PURE__ */ BigInt(113);
+for (let round = 0, R = _1n2, x = 1, y = 0; round < 24; round++) {
+  [x, y] = [y, (2 * x + 3 * y) % 5];
+  SHA3_PI2.push(2 * (5 * y + x));
+  SHA3_ROTL2.push((round + 1) * (round + 2) / 2 % 64);
+  let t = _0n2;
+  for (let j = 0; j < 7; j++) {
+    R = (R << _1n2 ^ (R >> _7n2) * _0x71n2) % _256n2;
+    if (R & _2n2)
+      t ^= _1n2 << (_1n2 << /* @__PURE__ */ BigInt(j)) - _1n2;
+  }
+  _SHA3_IOTA2.push(t);
+}
+var [SHA3_IOTA_H2, SHA3_IOTA_L2] = /* @__PURE__ */ split2(_SHA3_IOTA2, true);
+var rotlH2 = (h, l, s) => s > 32 ? rotlBH2(h, l, s) : rotlSH2(h, l, s);
+var rotlL2 = (h, l, s) => s > 32 ? rotlBL2(h, l, s) : rotlSL2(h, l, s);
+function keccakP2(s, rounds = 24) {
+  const B = new Uint32Array(5 * 2);
+  for (let round = 24 - rounds; round < 24; round++) {
+    for (let x = 0; x < 10; x++)
+      B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];
+    for (let x = 0; x < 10; x += 2) {
+      const idx1 = (x + 8) % 10;
+      const idx0 = (x + 2) % 10;
+      const B0 = B[idx0];
+      const B1 = B[idx0 + 1];
+      const Th = rotlH2(B0, B1, 1) ^ B[idx1];
+      const Tl = rotlL2(B0, B1, 1) ^ B[idx1 + 1];
+      for (let y = 0; y < 50; y += 10) {
+        s[x + y] ^= Th;
+        s[x + y + 1] ^= Tl;
+      }
+    }
+    let curH = s[2];
+    let curL = s[3];
+    for (let t = 0; t < 24; t++) {
+      const shift = SHA3_ROTL2[t];
+      const Th = rotlH2(curH, curL, shift);
+      const Tl = rotlL2(curH, curL, shift);
+      const PI = SHA3_PI2[t];
+      curH = s[PI];
+      curL = s[PI + 1];
+      s[PI] = Th;
+      s[PI + 1] = Tl;
+    }
+    for (let y = 0; y < 50; y += 10) {
+      for (let x = 0; x < 10; x++)
+        B[x] = s[y + x];
+      for (let x = 0; x < 10; x++)
+        s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];
+    }
+    s[0] ^= SHA3_IOTA_H2[round];
+    s[1] ^= SHA3_IOTA_L2[round];
+  }
+  B.fill(0);
+}
+var Keccak2 = class _Keccak2 extends Hash2 {
+  constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {
+    super();
+    this.blockLen = blockLen;
+    this.suffix = suffix;
+    this.outputLen = outputLen;
+    this.enableXOF = enableXOF;
+    this.rounds = rounds;
+    this.pos = 0;
+    this.posOut = 0;
+    this.finished = false;
+    this.destroyed = false;
+    anumber2(outputLen);
+    if (0 >= this.blockLen || this.blockLen >= 200)
+      throw new Error("Sha3 supports only keccak-f1600 function");
+    this.state = new Uint8Array(200);
+    this.state32 = u322(this.state);
+  }
+  keccak() {
+    if (!isLE2)
+      byteSwap322(this.state32);
+    keccakP2(this.state32, this.rounds);
+    if (!isLE2)
+      byteSwap322(this.state32);
+    this.posOut = 0;
+    this.pos = 0;
+  }
+  update(data) {
+    aexists2(this);
+    const { blockLen, state } = this;
+    data = toBytes2(data);
+    const len = data.length;
+    for (let pos = 0; pos < len; ) {
+      const take = Math.min(blockLen - this.pos, len - pos);
+      for (let i = 0; i < take; i++)
+        state[this.pos++] ^= data[pos++];
+      if (this.pos === blockLen)
+        this.keccak();
+    }
+    return this;
+  }
+  finish() {
+    if (this.finished)
+      return;
+    this.finished = true;
+    const { state, suffix, pos, blockLen } = this;
+    state[pos] ^= suffix;
+    if ((suffix & 128) !== 0 && pos === blockLen - 1)
+      this.keccak();
+    state[blockLen - 1] ^= 128;
+    this.keccak();
+  }
+  writeInto(out) {
+    aexists2(this, false);
+    abytes2(out);
+    this.finish();
+    const bufferOut = this.state;
+    const { blockLen } = this;
+    for (let pos = 0, len = out.length; pos < len; ) {
+      if (this.posOut >= blockLen)
+        this.keccak();
+      const take = Math.min(blockLen - this.posOut, len - pos);
+      out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);
+      this.posOut += take;
+      pos += take;
+    }
+    return out;
+  }
+  xofInto(out) {
+    if (!this.enableXOF)
+      throw new Error("XOF is not possible for this instance");
+    return this.writeInto(out);
+  }
+  xof(bytes) {
+    anumber2(bytes);
+    return this.xofInto(new Uint8Array(bytes));
+  }
+  digestInto(out) {
+    aoutput2(out, this);
+    if (this.finished)
+      throw new Error("digest() was already called");
+    this.writeInto(out);
+    this.destroy();
+    return out;
+  }
+  digest() {
+    return this.digestInto(new Uint8Array(this.outputLen));
+  }
+  destroy() {
+    this.destroyed = true;
+    this.state.fill(0);
+  }
+  _cloneInto(to) {
+    const { blockLen, suffix, outputLen, rounds, enableXOF } = this;
+    to || (to = new _Keccak2(blockLen, suffix, outputLen, enableXOF, rounds));
+    to.state32.set(this.state32);
+    to.pos = this.pos;
+    to.posOut = this.posOut;
+    to.finished = this.finished;
+    to.rounds = rounds;
+    to.suffix = suffix;
+    to.outputLen = outputLen;
+    to.enableXOF = enableXOF;
+    to.destroyed = this.destroyed;
+    return to;
+  }
+};
+var gen2 = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak2(blockLen, suffix, outputLen));
+var sha3_224 = /* @__PURE__ */ gen2(6, 144, 224 / 8);
+var sha3_2562 = /* @__PURE__ */ gen2(6, 136, 256 / 8);
+var sha3_384 = /* @__PURE__ */ gen2(6, 104, 384 / 8);
+var sha3_512 = /* @__PURE__ */ gen2(6, 72, 512 / 8);
+var keccak_224 = /* @__PURE__ */ gen2(1, 144, 224 / 8);
+var keccak_256 = /* @__PURE__ */ gen2(1, 136, 256 / 8);
+var keccak_384 = /* @__PURE__ */ gen2(1, 104, 384 / 8);
+var keccak_512 = /* @__PURE__ */ gen2(1, 72, 512 / 8);
+var genShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => new Keccak2(blockLen, suffix, opts.dkLen === void 0 ? outputLen : opts.dkLen, true));
+var shake128 = /* @__PURE__ */ genShake(31, 168, 128 / 8);
+var shake256 = /* @__PURE__ */ genShake(31, 136, 256 / 8);
+var ensureBytes = abytes2;
+var randomBytes2 = randomBytes;
+function equalBytes(a, b) {
+  if (a.length !== b.length)
+    return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++)
+    diff |= a[i] ^ b[i];
+  return diff === 0;
+}
+function splitCoder(...lengths) {
+  const getLength = (c2) => typeof c2 === "number" ? c2 : c2.bytesLen;
+  const bytesLen = lengths.reduce((sum, a) => sum + getLength(a), 0);
+  return {
+    bytesLen,
+    encode: (bufs) => {
+      const res = new Uint8Array(bytesLen);
+      for (let i = 0, pos = 0; i < lengths.length; i++) {
+        const c2 = lengths[i];
+        const l = getLength(c2);
+        const b = typeof c2 === "number" ? bufs[i] : c2.encode(bufs[i]);
+        ensureBytes(b, l);
+        res.set(b, pos);
+        if (typeof c2 !== "number")
+          b.fill(0);
+        pos += l;
+      }
+      return res;
+    },
+    decode: (buf) => {
+      ensureBytes(buf, bytesLen);
+      const res = [];
+      for (const c2 of lengths) {
+        const l = getLength(c2);
+        const b = buf.subarray(0, l);
+        res.push(typeof c2 === "number" ? b : c2.decode(b));
+        buf = buf.subarray(l);
+      }
+      return res;
+    }
+  };
+}
+function vecCoder(c2, vecLen) {
+  const bytesLen = vecLen * c2.bytesLen;
+  return {
+    bytesLen,
+    encode: (u) => {
+      if (u.length !== vecLen)
+        throw new Error(`vecCoder.encode: wrong length=${u.length}. Expected: ${vecLen}`);
+      const res = new Uint8Array(bytesLen);
+      for (let i = 0, pos = 0; i < u.length; i++) {
+        const b = c2.encode(u[i]);
+        res.set(b, pos);
+        b.fill(0);
+        pos += b.length;
+      }
+      return res;
+    },
+    decode: (a) => {
+      ensureBytes(a, bytesLen);
+      const r = [];
+      for (let i = 0; i < a.length; i += c2.bytesLen)
+        r.push(c2.decode(a.subarray(i, i + c2.bytesLen)));
+      return r;
+    }
+  };
+}
+function cleanBytes(...list) {
+  for (const t of list) {
+    if (Array.isArray(t))
+      for (const b of t)
+        b.fill(0);
+    else
+      t.fill(0);
+  }
+}
+function getMask(bits) {
+  return (1 << bits) - 1;
+}
+function bitReversal(n, bits = 8) {
+  const padded = n.toString(2).padStart(8, "0");
+  const sliced = padded.slice(-bits).padStart(7, "0");
+  const revrsd = sliced.split("").reverse().join("");
+  return Number.parseInt(revrsd, 2);
+}
+var genCrystals = (opts) => {
+  const { newPoly: newPoly2, N: N2, Q: Q2, F: F2, ROOT_OF_UNITY: ROOT_OF_UNITY2, brvBits, isKyber } = opts;
+  const mod2 = (a, modulo = Q2) => {
+    const result = a % modulo | 0;
+    return (result >= 0 ? result | 0 : modulo + result | 0) | 0;
+  };
+  const smod2 = (a, modulo = Q2) => {
+    const r = mod2(a, modulo) | 0;
+    return (r > modulo >> 1 ? r - modulo | 0 : r) | 0;
+  };
+  function getZettas() {
+    const out = newPoly2(N2);
+    for (let i = 0; i < N2; i++) {
+      const b = bitReversal(i, brvBits);
+      const p = BigInt(ROOT_OF_UNITY2) ** BigInt(b) % BigInt(Q2);
+      out[i] = Number(p) | 0;
+    }
+    return out;
+  }
+  const nttZetas = getZettas();
+  const LEN1 = isKyber ? 128 : N2;
+  const LEN2 = isKyber ? 1 : 0;
+  const NTT2 = {
+    encode: (r) => {
+      for (let k = 1, len = 128; len > LEN2; len >>= 1) {
+        for (let start = 0; start < N2; start += 2 * len) {
+          const zeta = nttZetas[k++];
+          for (let j = start; j < start + len; j++) {
+            const t = mod2(zeta * r[j + len]);
+            r[j + len] = mod2(r[j] - t) | 0;
+            r[j] = mod2(r[j] + t) | 0;
+          }
+        }
+      }
+      return r;
+    },
+    decode: (r) => {
+      for (let k = LEN1 - 1, len = 1 + LEN2; len < LEN1 + LEN2; len <<= 1) {
+        for (let start = 0; start < N2; start += 2 * len) {
+          const zeta = nttZetas[k--];
+          for (let j = start; j < start + len; j++) {
+            const t = r[j];
+            r[j] = mod2(t + r[j + len]);
+            r[j + len] = mod2(zeta * (r[j + len] - t));
+          }
+        }
+      }
+      for (let i = 0; i < r.length; i++)
+        r[i] = mod2(F2 * r[i]);
+      return r;
+    }
+  };
+  const bitsCoder2 = (d, c2) => {
+    const mask = getMask(d);
+    const bytesLen = d * (N2 / 8);
+    return {
+      bytesLen,
+      encode: (poly) => {
+        const r = new Uint8Array(bytesLen);
+        for (let i = 0, buf = 0, bufLen = 0, pos = 0; i < poly.length; i++) {
+          buf |= (c2.encode(poly[i]) & mask) << bufLen;
+          bufLen += d;
+          for (; bufLen >= 8; bufLen -= 8, buf >>= 8)
+            r[pos++] = buf & getMask(bufLen);
+        }
+        return r;
+      },
+      decode: (bytes) => {
+        const r = newPoly2(N2);
+        for (let i = 0, buf = 0, bufLen = 0, pos = 0; i < bytes.length; i++) {
+          buf |= bytes[i] << bufLen;
+          bufLen += 8;
+          for (; bufLen >= d; bufLen -= d, buf >>= d)
+            r[pos++] = c2.decode(buf & mask);
+        }
+        return r;
+      }
+    };
+  };
+  return { mod: mod2, smod: smod2, nttZetas, NTT: NTT2, bitsCoder: bitsCoder2 };
+};
+var createXofShake = (shake) => (seed, blockLen) => {
+  if (!blockLen)
+    blockLen = shake.blockLen;
+  const _seed = new Uint8Array(seed.length + 2);
+  _seed.set(seed);
+  const seedLen = seed.length;
+  const buf = new Uint8Array(blockLen);
+  let h = shake.create({});
+  let calls = 0;
+  let xofs = 0;
+  return {
+    stats: () => ({ calls, xofs }),
+    get: (x, y) => {
+      _seed[seedLen + 0] = x;
+      _seed[seedLen + 1] = y;
+      h.destroy();
+      h = shake.create({}).update(_seed);
+      calls++;
+      return () => {
+        xofs++;
+        return h.xofInto(buf);
+      };
+    },
+    clean: () => {
+      h.destroy();
+      buf.fill(0);
+      _seed.fill(0);
+    }
+  };
+};
+var XOF128 = /* @__PURE__ */ createXofShake(shake128);
+var XOF256 = /* @__PURE__ */ createXofShake(shake256);
+var N = 256;
+var Q = 8380417;
+var ROOT_OF_UNITY = 1753;
+var F = 8347681;
+var D = 13;
+var GAMMA2_1 = Math.floor((Q - 1) / 88) | 0;
+var GAMMA2_2 = Math.floor((Q - 1) / 32) | 0;
+var PARAMS = {
+  2: { K: 4, L: 4, D, GAMMA1: 2 ** 17, GAMMA2: GAMMA2_1, TAU: 39, ETA: 2, OMEGA: 80 },
+  3: { K: 6, L: 5, D, GAMMA1: 2 ** 19, GAMMA2: GAMMA2_2, TAU: 49, ETA: 4, OMEGA: 55 },
+  5: { K: 8, L: 7, D, GAMMA1: 2 ** 19, GAMMA2: GAMMA2_2, TAU: 60, ETA: 2, OMEGA: 75 }
+};
+var newPoly = (n) => new Int32Array(n);
+var { mod, smod, NTT, bitsCoder } = genCrystals({
+  N,
+  Q,
+  F,
+  ROOT_OF_UNITY,
+  newPoly,
+  isKyber: false,
+  brvBits: 8
+});
+var id = (n) => n;
+var polyCoder = (d, compress = id, verify = id) => bitsCoder(d, {
+  encode: (i) => compress(verify(i)),
+  decode: (i) => verify(compress(i))
+});
+var polyAdd = (a, b) => {
+  for (let i = 0; i < a.length; i++)
+    a[i] = mod(a[i] + b[i]);
+  return a;
+};
+var polySub = (a, b) => {
+  for (let i = 0; i < a.length; i++)
+    a[i] = mod(a[i] - b[i]);
+  return a;
+};
+var polyShiftl = (p) => {
+  for (let i = 0; i < N; i++)
+    p[i] <<= D;
+  return p;
+};
+var polyChknorm = (p, B) => {
+  for (let i = 0; i < N; i++)
+    if (Math.abs(smod(p[i])) >= B)
+      return true;
+  return false;
+};
+var MultiplyNTTs = (a, b) => {
+  const c2 = newPoly(N);
+  for (let i = 0; i < a.length; i++)
+    c2[i] = mod(a[i] * b[i]);
+  return c2;
+};
+function RejNTTPoly(xof) {
+  const r = newPoly(N);
+  for (let j = 0; j < N; ) {
+    const b = xof();
+    if (b.length % 3)
+      throw new Error("RejNTTPoly: unaligned block");
+    for (let i = 0; j < N && i <= b.length - 3; i += 3) {
+      const t = (b[i + 0] | b[i + 1] << 8 | b[i + 2] << 16) & 8388607;
+      if (t < Q)
+        r[j++] = t;
+    }
+  }
+  return r;
+}
+var EMPTY = new Uint8Array(0);
+function getDilithium(opts) {
+  const { K, L, GAMMA1, GAMMA2, TAU, ETA, OMEGA } = opts;
+  const { CRH_BYTES, TR_BYTES, C_TILDE_BYTES, XOF128: XOF1282, XOF256: XOF2562 } = opts;
+  if (![2, 4].includes(ETA))
+    throw new Error("Wrong ETA");
+  if (![1 << 17, 1 << 19].includes(GAMMA1))
+    throw new Error("Wrong GAMMA1");
+  if (![GAMMA2_1, GAMMA2_2].includes(GAMMA2))
+    throw new Error("Wrong GAMMA2");
+  const BETA = TAU * ETA;
+  const decompose = (r) => {
+    const rPlus = mod(r);
+    const r0 = smod(rPlus, 2 * GAMMA2) | 0;
+    if (rPlus - r0 === Q - 1)
+      return { r1: 0 | 0, r0: r0 - 1 | 0 };
+    const r1 = Math.floor((rPlus - r0) / (2 * GAMMA2)) | 0;
+    return { r1, r0 };
+  };
+  const HighBits = (r) => decompose(r).r1;
+  const LowBits = (r) => decompose(r).r0;
+  const MakeHint = (z, r) => {
+    const res0 = z <= GAMMA2 || z > Q - GAMMA2 || z === Q - GAMMA2 && r === 0 ? 0 : 1;
+    return res0;
+  };
+  const UseHint = (h, r) => {
+    const m = Math.floor((Q - 1) / (2 * GAMMA2));
+    const { r1, r0 } = decompose(r);
+    if (h === 1)
+      return r0 > 0 ? mod(r1 + 1, m) | 0 : mod(r1 - 1, m) | 0;
+    return r1 | 0;
+  };
+  const Power2Round = (r) => {
+    const rPlus = mod(r);
+    const r0 = smod(rPlus, 2 ** D) | 0;
+    return { r1: Math.floor((rPlus - r0) / 2 ** D) | 0, r0 };
+  };
+  const hintCoder = {
+    bytesLen: OMEGA + K,
+    encode: (h) => {
+      if (h === false)
+        throw new Error("hint.encode: hint is false");
+      const res = new Uint8Array(OMEGA + K);
+      for (let i = 0, k = 0; i < K; i++) {
+        for (let j = 0; j < N; j++)
+          if (h[i][j] !== 0)
+            res[k++] = j;
+        res[OMEGA + i] = k;
+      }
+      return res;
+    },
+    decode: (buf) => {
+      const h = [];
+      let k = 0;
+      for (let i = 0; i < K; i++) {
+        const hi = newPoly(N);
+        if (buf[OMEGA + i] < k || buf[OMEGA + i] > OMEGA)
+          return false;
+        for (let j = k; j < buf[OMEGA + i]; j++) {
+          if (j > k && buf[j] <= buf[j - 1])
+            return false;
+          hi[buf[j]] = 1;
+        }
+        k = buf[OMEGA + i];
+        h.push(hi);
+      }
+      for (let j = k; j < OMEGA; j++)
+        if (buf[j] !== 0)
+          return false;
+      return h;
+    }
+  };
+  const ETACoder = polyCoder(ETA === 2 ? 3 : 4, (i) => ETA - i, (i) => {
+    if (!(-ETA <= i && i <= ETA))
+      throw new Error(`malformed key s1/s3 ${i} outside of ETA range [${-ETA}, ${ETA}]`);
+    return i;
+  });
+  const T0Coder = polyCoder(13, (i) => (1 << D - 1) - i);
+  const T1Coder = polyCoder(10);
+  const ZCoder = polyCoder(GAMMA1 === 1 << 17 ? 18 : 20, (i) => smod(GAMMA1 - i));
+  const W1Coder = polyCoder(GAMMA2 === GAMMA2_1 ? 6 : 4);
+  const W1Vec = vecCoder(W1Coder, K);
+  const publicCoder = splitCoder(32, vecCoder(T1Coder, K));
+  const secretCoder = splitCoder(32, 32, TR_BYTES, vecCoder(ETACoder, L), vecCoder(ETACoder, K), vecCoder(T0Coder, K));
+  const sigCoder = splitCoder(C_TILDE_BYTES, vecCoder(ZCoder, L), hintCoder);
+  const CoefFromHalfByte = ETA === 2 ? (n) => n < 15 ? 2 - n % 5 : false : (n) => n < 9 ? 4 - n : false;
+  function RejBoundedPoly(xof) {
+    const r = newPoly(N);
+    for (let j = 0; j < N; ) {
+      const b = xof();
+      for (let i = 0; j < N && i < b.length; i += 1) {
+        const d1 = CoefFromHalfByte(b[i] & 15);
+        const d2 = CoefFromHalfByte(b[i] >> 4 & 15);
+        if (d1 !== false)
+          r[j++] = d1;
+        if (j < N && d2 !== false)
+          r[j++] = d2;
+      }
+    }
+    return r;
+  }
+  const SampleInBall = (seed) => {
+    const pre = newPoly(N);
+    const s = shake256.create({}).update(seed);
+    const buf = new Uint8Array(shake256.blockLen);
+    s.xofInto(buf);
+    const masks = buf.slice(0, 8);
+    for (let i = N - TAU, pos = 8, maskPos = 0, maskBit = 0; i < N; i++) {
+      let b = i + 1;
+      for (; b > i; ) {
+        b = buf[pos++];
+        if (pos < shake256.blockLen)
+          continue;
+        s.xofInto(buf);
+        pos = 0;
+      }
+      pre[i] = pre[b];
+      pre[b] = 1 - ((masks[maskPos] >> maskBit++ & 1) << 1);
+      if (maskBit >= 8) {
+        maskPos++;
+        maskBit = 0;
+      }
+    }
+    return pre;
+  };
+  const polyPowerRound = (p) => {
+    const res0 = newPoly(N);
+    const res1 = newPoly(N);
+    for (let i = 0; i < p.length; i++) {
+      const { r0, r1 } = Power2Round(p[i]);
+      res0[i] = r0;
+      res1[i] = r1;
+    }
+    return { r0: res0, r1: res1 };
+  };
+  const polyUseHint = (u, h) => {
+    for (let i = 0; i < N; i++)
+      u[i] = UseHint(h[i], u[i]);
+    return u;
+  };
+  const polyMakeHint = (a, b) => {
+    const v = newPoly(N);
+    let cnt = 0;
+    for (let i = 0; i < N; i++) {
+      const h = MakeHint(a[i], b[i]);
+      v[i] = h;
+      cnt += h;
+    }
+    return { v, cnt };
+  };
+  const signRandBytes = 32;
+  const seedCoder = splitCoder(32, 64, 32);
+  const internal = {
+    signRandBytes,
+    keygen: (seed = randomBytes2(32)) => {
+      const seedDst = new Uint8Array(32 + 2);
+      seedDst.set(seed);
+      seedDst[32] = K;
+      seedDst[33] = L;
+      const [rho, rhoPrime, K_] = seedCoder.decode(shake256(seedDst, { dkLen: seedCoder.bytesLen }));
+      const xofPrime = XOF2562(rhoPrime);
+      const s1 = [];
+      for (let i = 0; i < L; i++)
+        s1.push(RejBoundedPoly(xofPrime.get(i & 255, i >> 8 & 255)));
+      const s2 = [];
+      for (let i = L; i < L + K; i++)
+        s2.push(RejBoundedPoly(xofPrime.get(i & 255, i >> 8 & 255)));
+      const s1Hat = s1.map((i) => NTT.encode(i.slice()));
+      const t0 = [];
+      const t1 = [];
+      const xof = XOF1282(rho);
+      const t = newPoly(N);
+      for (let i = 0; i < K; i++) {
+        t.fill(0);
+        for (let j = 0; j < L; j++) {
+          const aij = RejNTTPoly(xof.get(j, i));
+          polyAdd(t, MultiplyNTTs(aij, s1Hat[j]));
+        }
+        NTT.decode(t);
+        const { r0, r1 } = polyPowerRound(polyAdd(t, s2[i]));
+        t0.push(r0);
+        t1.push(r1);
+      }
+      const publicKey = publicCoder.encode([rho, t1]);
+      const tr = shake256(publicKey, { dkLen: TR_BYTES });
+      const secretKey = secretCoder.encode([rho, K_, tr, s1, s2, t0]);
+      xof.clean();
+      xofPrime.clean();
+      cleanBytes(rho, rhoPrime, K_, s1, s2, s1Hat, t, t0, t1, tr, seedDst);
+      return { publicKey, secretKey };
+    },
+    sign: (secretKey, msg, random) => {
+      const [rho, _K, tr, s1, s2, t0] = secretCoder.decode(secretKey);
+      const A = [];
+      const xof = XOF1282(rho);
+      for (let i = 0; i < K; i++) {
+        const pv = [];
+        for (let j = 0; j < L; j++)
+          pv.push(RejNTTPoly(xof.get(j, i)));
+        A.push(pv);
+      }
+      xof.clean();
+      for (let i = 0; i < L; i++)
+        NTT.encode(s1[i]);
+      for (let i = 0; i < K; i++) {
+        NTT.encode(s2[i]);
+        NTT.encode(t0[i]);
+      }
+      const mu = shake256.create({ dkLen: CRH_BYTES }).update(tr).update(msg).digest();
+      const rnd = random ? random : new Uint8Array(32);
+      ensureBytes(rnd);
+      const rhoprime = shake256.create({ dkLen: CRH_BYTES }).update(_K).update(rnd).update(mu).digest();
+      ensureBytes(rhoprime, CRH_BYTES);
+      const x256 = XOF2562(rhoprime, ZCoder.bytesLen);
+      main_loop:
+        for (let kappa = 0; ; ) {
+          const y = [];
+          for (let i = 0; i < L; i++, kappa++)
+            y.push(ZCoder.decode(x256.get(kappa & 255, kappa >> 8)()));
+          const z = y.map((i) => NTT.encode(i.slice()));
+          const w = [];
+          for (let i = 0; i < K; i++) {
+            const wi = newPoly(N);
+            for (let j = 0; j < L; j++)
+              polyAdd(wi, MultiplyNTTs(A[i][j], z[j]));
+            NTT.decode(wi);
+            w.push(wi);
+          }
+          const w1 = w.map((j) => j.map(HighBits));
+          const cTilde = shake256.create({ dkLen: C_TILDE_BYTES }).update(mu).update(W1Vec.encode(w1)).digest();
+          const cHat = NTT.encode(SampleInBall(cTilde));
+          const cs1 = s1.map((i) => MultiplyNTTs(i, cHat));
+          for (let i = 0; i < L; i++) {
+            polyAdd(NTT.decode(cs1[i]), y[i]);
+            if (polyChknorm(cs1[i], GAMMA1 - BETA))
+              continue main_loop;
+          }
+          let cnt = 0;
+          const h = [];
+          for (let i = 0; i < K; i++) {
+            const cs2 = NTT.decode(MultiplyNTTs(s2[i], cHat));
+            const r0 = polySub(w[i], cs2).map(LowBits);
+            if (polyChknorm(r0, GAMMA2 - BETA))
+              continue main_loop;
+            const ct0 = NTT.decode(MultiplyNTTs(t0[i], cHat));
+            if (polyChknorm(ct0, GAMMA2))
+              continue main_loop;
+            polyAdd(r0, ct0);
+            const hint = polyMakeHint(r0, w1[i]);
+            h.push(hint.v);
+            cnt += hint.cnt;
+          }
+          if (cnt > OMEGA)
+            continue;
+          x256.clean();
+          const res = sigCoder.encode([cTilde, cs1, h]);
+          cleanBytes(cTilde, cs1, h, cHat, w1, w, z, y, rhoprime, mu, s1, s2, t0, ...A);
+          return res;
+        }
+      throw new Error("Unreachable code path reached, report this error");
+    },
+    verify: (publicKey, msg, sig) => {
+      const [rho, t1] = publicCoder.decode(publicKey);
+      const tr = shake256(publicKey, { dkLen: TR_BYTES });
+      if (sig.length !== sigCoder.bytesLen)
+        return false;
+      const [cTilde, z, h] = sigCoder.decode(sig);
+      if (h === false)
+        return false;
+      for (let i = 0; i < L; i++)
+        if (polyChknorm(z[i], GAMMA1 - BETA))
+          return false;
+      const mu = shake256.create({ dkLen: CRH_BYTES }).update(tr).update(msg).digest();
+      const c2 = NTT.encode(SampleInBall(cTilde));
+      const zNtt = z.map((i) => i.slice());
+      for (let i = 0; i < L; i++)
+        NTT.encode(zNtt[i]);
+      const wTick1 = [];
+      const xof = XOF1282(rho);
+      for (let i = 0; i < K; i++) {
+        const ct12d = MultiplyNTTs(NTT.encode(polyShiftl(t1[i])), c2);
+        const Az = newPoly(N);
+        for (let j = 0; j < L; j++) {
+          const aij = RejNTTPoly(xof.get(j, i));
+          polyAdd(Az, MultiplyNTTs(aij, zNtt[j]));
+        }
+        const wApprox = NTT.decode(polySub(Az, ct12d));
+        wTick1.push(polyUseHint(wApprox, h[i]));
+      }
+      xof.clean();
+      const c22 = shake256.create({ dkLen: C_TILDE_BYTES }).update(mu).update(W1Vec.encode(wTick1)).digest();
+      for (const t of h) {
+        const sum = t.reduce((acc, i) => acc + i, 0);
+        if (!(sum <= OMEGA))
+          return false;
+      }
+      for (const t of z)
+        if (polyChknorm(t, GAMMA1 - BETA))
+          return false;
+      return equalBytes(cTilde, c22);
+    }
+  };
+  const getMessage = (msg, ctx = EMPTY) => {
+    ensureBytes(msg);
+    ensureBytes(ctx);
+    if (ctx.length > 255)
+      throw new Error("context should be less than 255 bytes");
+    return concatBytes(new Uint8Array([0, ctx.length]), ctx, msg);
+  };
+  return {
+    internal,
+    keygen: internal.keygen,
+    signRandBytes: internal.signRandBytes,
+    sign: (secretKey, msg, ctx = EMPTY, random) => {
+      const M = getMessage(msg, ctx);
+      const res = internal.sign(secretKey, M, random);
+      M.fill(0);
+      return res;
+    },
+    verify: (publicKey, msg, sig, ctx = EMPTY) => {
+      return internal.verify(publicKey, getMessage(msg, ctx), sig);
+    }
+  };
+}
+var ml_dsa44 = /* @__PURE__ */ getDilithium({
+  ...PARAMS[2],
+  CRH_BYTES: 64,
+  TR_BYTES: 64,
+  C_TILDE_BYTES: 32,
+  XOF128,
+  XOF256
+});
+var ml_dsa65 = /* @__PURE__ */ getDilithium({
+  ...PARAMS[3],
+  CRH_BYTES: 64,
+  TR_BYTES: 64,
+  C_TILDE_BYTES: 48,
+  XOF128,
+  XOF256
+});
+var ml_dsa87 = /* @__PURE__ */ getDilithium({
+  ...PARAMS[5],
+  CRH_BYTES: 64,
+  TR_BYTES: 64,
+  C_TILDE_BYTES: 64,
+  XOF128,
+  XOF256
+});
+function toBase64(bytes) {
+  let binary = "";
+  for (const byte of bytes)
+    binary += String.fromCharCode(byte);
+  return btoa(binary);
+}
+function fromBase64(b64) {
+  return Uint8Array.from(atob(b64), (c2) => c2.charCodeAt(0));
+}
+function sign(privateKey, message) {
+  const secretKey = fromBase64(privateKey);
+  const msg = new TextEncoder().encode(message);
+  const signature = ml_dsa65.sign(secretKey, msg);
+  return toBase64(signature);
+}
+var XMP_NS = "http://ns.adobe.com/xap/1.0/\0";
+var XMP_NS_BYTES = new TextEncoder().encode(XMP_NS);
+function toUint8Array(content) {
+  if (typeof content === "string")
+    return new TextEncoder().encode(content);
+  return content;
+}
+async function signContent(baseUrl, apiKey, input) {
+  const bytes = toUint8Array(input.content);
+  const contentHash = hash(bytes);
+  const watermarkId = input.watermarkId ?? crypto.randomUUID();
+  const signedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const signedPayload = {
+    generator_id: input.generatorId,
+    model: input.model,
+    content_hash: contentHash,
+    watermark_id: watermarkId,
+    signed_at: signedAt
+  };
+  const message = canonicalJson(signedPayload);
+  const signature = sign(input.privateKey, message);
+  const res = await fetch(`${baseUrl}/v1/records`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${apiKey}`
+    },
+    body: JSON.stringify({
+      watermark_id: watermarkId,
+      generator_id: input.generatorId,
+      model: input.model,
+      content_hash: contentHash,
+      signature,
+      signed_payload: signedPayload
+    })
+  });
+  if (!res.ok) {
+    const err2 = await res.json().catch(() => ({}));
+    throw new Error(err2.error ?? `HTTP ${res.status}`);
+  }
+  return res.json();
+}
+function toUint8Array2(content) {
+  if (typeof content === "string")
+    return new TextEncoder().encode(content);
+  return content;
+}
+function uint8ToBase64(input) {
+  let binary = "";
+  for (let i = 0; i < input.length; i++) {
+    binary += String.fromCharCode(input[i] ?? 0);
+  }
+  return btoa(binary);
+}
+async function verifyContent(baseUrl, apiKey, input) {
+  const bytes = toUint8Array2(input.content);
+  const form = new FormData();
+  form.append("content", new Blob([bytes]), "content");
+  if (input.token)
+    form.append("token", input.token);
+  const res = await fetch(`${baseUrl}/v1/verify`, {
+    method: "POST",
+    headers: { Authorization: `Bearer ${apiKey}` },
+    body: form
+  });
+  if (!res.ok) {
+    const err2 = await res.json().catch(() => ({}));
+    throw new Error(err2.error ?? `HTTP ${res.status}`);
+  }
+  return res.json();
+}
+async function verifyBatch(baseUrl, apiKey, items) {
+  const payload = {
+    items: items.map((item) => ({
+      content: uint8ToBase64(toUint8Array2(item.content)),
+      ...item.token && { token: item.token }
+    }))
+  };
+  const res = await fetch(`${baseUrl}/v1/verify/batch`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${apiKey}`
+    },
+    body: JSON.stringify(payload)
+  });
+  if (!res.ok) {
+    const err2 = await res.json().catch(() => ({}));
+    throw new Error(err2.error ?? `HTTP ${res.status}`);
+  }
+  return res.json();
+}
+var CertivuClient = class {
+  apiKey;
+  baseUrl;
+  generatorId;
+  privateKey;
+  constructor(config) {
+    this.apiKey = config.apiKey;
+    this.baseUrl = (config.baseUrl ?? "https://api.certivu.ai").replace(/\/$/, "");
+    this.generatorId = config.generatorId;
+    this.privateKey = config.privateKey;
+  }
+  async sign(input) {
+    const generatorId = input.generatorId ?? this.generatorId;
+    const privateKey = input.privateKey ?? this.privateKey;
+    if (!generatorId)
+      throw new Error("generatorId is required for sign (provide in config or input)");
+    if (!privateKey)
+      throw new Error("privateKey is required for sign (provide in config or input)");
+    return signContent(this.baseUrl, this.apiKey, { ...input, generatorId, privateKey });
+  }
+  async verify(input) {
+    return verifyContent(this.baseUrl, this.apiKey, input);
+  }
+  async verifyBatch(items) {
+    return verifyBatch(this.baseUrl, this.apiKey, items);
+  }
+  async getAuditLog(options) {
+    return getAuditLog(this.baseUrl, this.apiKey, options);
+  }
+  async getTokenStatus(token2) {
+    const res = await fetch(`${this.baseUrl}/v1/verify/status/${encodeURIComponent(token2)}`);
+    if (!res.ok) {
+      const err2 = await res.json().catch(() => ({}));
+      throw new Error(err2.error ?? `HTTP ${res.status}`);
+    }
+    return res.json();
+  }
+};
+
+// src/commands/sign.ts
+async function signCommand(filePath, flags) {
+  if (!filePath) die("Usage: certivu sign <file> --model <model>");
+  const config = await loadConfig();
+  const apiKey = flags.apiKey ?? config.apiKey;
+  const generatorId = flags.generatorId ?? config.generatorId;
+  const privateKey = flags.privateKey ?? config.privateKey;
+  if (!apiKey) die("API key required. Set CERTIVU_API_KEY or run: certivu config set api-key <key>");
+  if (!generatorId) die("Generator ID required. Set CERTIVU_GENERATOR_ID or run: certivu config set generator-id <id>");
+  if (!privateKey) die("Private key required. Set CERTIVU_PRIVATE_KEY or run: certivu config set private-key <key>");
+  let content;
+  try {
+    content = new Uint8Array((0, import_node_fs2.readFileSync)(filePath));
+  } catch {
+    die(`Cannot read file: ${filePath}`);
+  }
+  const clientConfig = {
+    apiKey,
+    generatorId,
+    privateKey,
+    ...flags.baseUrl || config.baseUrl ? { baseUrl: flags.baseUrl ?? config.baseUrl } : {}
+  };
+  const client = new CertivuClient(clientConfig);
+  let result;
+  try {
+    result = await client.sign({ content, model: flags.model, generatorId, privateKey });
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    die(`Sign failed: ${msg}`);
+  }
+  console.log(ok("Signed"));
+  row("Token", result.token);
+  row("Record ID", result.record_id);
+  if (result.deduplicated) {
+    console.log("  (content already signed \u2014 existing token returned, no quota consumed)");
+  }
+}
+
+// src/commands/status.ts
+async function statusCommand(token, flags) {
+  if (!token) die("Usage: certivu status <ctv_token>");
+  const config = await loadConfig();
+  const client = new CertivuClient({
+    apiKey: config.apiKey ?? "public",
+    ...flags.baseUrl || config.baseUrl ? { baseUrl: flags.baseUrl ?? config.baseUrl } : {}
+  });
+  let status;
+  try {
+    status = await client.getTokenStatus(token);
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    if (msg.includes("404") || msg.includes("not found")) {
+      die("Token not found \u2014 record may not exist or token is invalid");
+    }
+    die(`Status lookup failed: ${msg}`);
+  }
+  if (status.generator_status === "active") {
+    console.log(ok("Active"));
+  } else {
+    console.log(warn("Generator revoked \u2014 verifications for this token will fail"));
+  }
+  row("Record", status.record_id);
+  row("Model", status.model);
+  row("Signed", status.signed_at);
+  row("Generator", status.generator_status === "active" ? "active" : "REVOKED");
+  row("Org", status.org_id);
+}
+
+// src/commands/verify.ts
+var import_node_fs3 = require("fs");
+async function verifyCommand(filePath, flags) {
+  if (!filePath) die("Usage: certivu verify <file> [--token <ctv_token>]");
+  const config = await loadConfig();
+  let content;
+  try {
+    content = new Uint8Array((0, import_node_fs3.readFileSync)(filePath));
+  } catch {
+    die(`Cannot read file: ${filePath}`);
+  }
+  const client = new CertivuClient({
+    apiKey: flags.apiKey ?? config.apiKey ?? "public",
+    ...flags.baseUrl || config.baseUrl ? { baseUrl: flags.baseUrl ?? config.baseUrl } : {}
+  });
+  let result;
+  try {
+    result = await client.verify({ content, ...flags.token ? { token: flags.token } : {} });
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    die(`Verify failed: ${msg}`);
+  }
+  if (result.authentic) {
+    console.log(ok(`Authentic \u2014 ${confidenceBadge(result.confidence)} confidence`));
+    if (result.provenance) {
+      row("Org", result.provenance.org);
+      row("Model", result.provenance.model);
+      row("Signed", result.provenance.signed_at);
+    }
+    if (result.token_source) row("Source", result.token_source);
+  } else if (result.tampered) {
+    console.log(err("Tampered \u2014 content has been modified since signing"));
+    row("Reason", result.reason ?? "hash mismatch");
+  } else {
+    console.log(err(`Not verified \u2014 ${result.reason ?? "no provenance found"}`));
+    console.log("  Absence of provenance does not imply human origin.");
+  }
+  const { signals } = result;
+  const signalLine = [
+    signals.watermark_found ? "watermark \u2713" : "watermark \u2717",
+    signals.record_found ? "record \u2713" : "record \u2717",
+    signals.signature_valid ? "signature \u2713" : "signature \u2717"
+  ].join("  ");
+  console.log(`
+  Signals: ${signalLine}`);
+}
+
+// src/index.ts
+var VERSION = "1.1.0";
+var HELP = `
+${amber("certivu")} \u2014 quantum-resistant AI content trust
+
+${bold("Usage:")}
+  certivu sign <file> --model <model> [flags]
+  certivu verify <file> [--token <ctv_token>]
+  certivu status <ctv_token>
+  certivu config [get | set <key> <value>]
+
+${bold("Commands:")}
+  sign      Hash, sign, and submit a provenance record for AI-generated content
+  verify    Verify content authenticity (free, no API key required)
+  status    Lightweight token lookup without re-uploading the image
+  config    View or update local configuration
+
+${bold("Sign flags:")}
+  --model <name>         AI model name, e.g. stable-diffusion-xl  ${dim("(required)")}
+  --generator-id <id>    Override generator ID
+  --private-key <key>    Override ML-DSA private key (base64)
+  --api-key <key>        Override API key
+
+${bold("Verify flags:")}
+  --token <ctv_token>    Provide token explicitly (extracted automatically if omitted)
+
+${bold("Global flags:")}
+  --base-url <url>       Override API base URL ${dim("(default: https://api.certivu.ai)")}
+  --version, -v          Print version
+  --help, -h             Print this help
+
+${bold("Config keys:")}
+  api-key, generator-id, private-key, base-url
+
+${bold("Environment variables:")}
+  CERTIVU_API_KEY, CERTIVU_GENERATOR_ID, CERTIVU_PRIVATE_KEY, CERTIVU_BASE_URL
+
+${bold("Examples:")}
+  certivu config set api-key ctv_key_abc123
+  certivu sign ./output.jpg --model stable-diffusion-xl
+  certivu verify ./output.jpg
+  certivu status ctv_7f3kx9mq2...
+`.trim();
+function parseArgs(argv) {
+  const [command = "", ...rest] = argv;
+  const positional = [];
+  const flags = {};
+  for (let i = 0; i < rest.length; i++) {
+    const arg = rest[i];
+    if (arg?.startsWith("--")) {
+      const key = arg.slice(2);
+      const next = rest[i + 1];
+      if (next && !next.startsWith("--")) {
+        const camel = key.replace(/-([a-z])/g, (_, c2) => c2.toUpperCase());
+        flags[camel] = next;
+        i++;
+      } else {
+        flags[key] = true;
+      }
+    } else if (arg) {
+      positional.push(arg);
+    }
+  }
+  return { command, positional, flags };
+}
+async function main() {
+  const argv = process.argv.slice(2);
+  if (argv.length === 0 || argv[0] === "--help" || argv[0] === "-h") {
+    console.log(HELP);
+    process.exit(0);
+  }
+  if (argv[0] === "--version" || argv[0] === "-v") {
+    console.log(VERSION);
+    process.exit(0);
+  }
+  const { command, positional, flags } = parseArgs(argv);
+  try {
+    switch (command) {
+      case "sign":
+        await signCommand(positional[0] ?? "", flags);
+        break;
+      case "verify":
+        await verifyCommand(positional[0] ?? "", flags);
+        break;
+      case "status":
+        await statusCommand(positional[0] ?? "", flags);
+        break;
+      case "config":
+        await configCommand(positional[0] ?? "get", positional[1], positional[2]);
+        break;
+      default:
+        die(`Unknown command: ${command}
+Run 'certivu --help' for usage.`);
+    }
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    die(`Unexpected error: ${msg}`);
+  }
+}
+main();
+/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+/*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */