npm - @certivu/cli - Versions diffs - 1.1.3 → 1.2.0 - Mend

@certivu/cli 1.1.3 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +23 -1272
package/package.json +23 -20

package/dist/index.js CHANGED Viewed

@@ -1,26 +1,4 @@
 "use strict";
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod2, isNodeMode, target) => (target = mod2 != null ? __create(__getProtoOf(mod2)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod2 || !mod2.__esModule ? __defProp(target, "default", { value: mod2, enumerable: true }) : target,
-  mod2
-));
 // src/config.ts
 var import_node_fs = require("fs");
@@ -134,9 +112,9 @@ Usage: certivu config [get|set <key> <value>]`);
 // src/commands/sign.ts
 var import_node_fs2 = require("fs");
+var import_node_path2 = require("path");
 // ../../packages/sdk/dist/index.js
-var nc = __toESM(require("crypto"));
 async function getAuditLog(baseUrl, apiKey, options = {}) {
   const page = options.page ?? 1;
   const limit = options.limit ?? 20;
@@ -149,1215 +127,6 @@ async function getAuditLog(baseUrl, apiKey, options = {}) {
   }
   return res.json();
 }
-var U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
-var _32n = /* @__PURE__ */ BigInt(32);
-function fromBig(n, le = false) {
-  if (le)
-    return { h: Number(n & U32_MASK64), l: Number(n >> _32n & U32_MASK64) };
-  return { h: Number(n >> _32n & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };
-}
-function split(lst, le = false) {
-  const len = lst.length;
-  let Ah = new Uint32Array(len);
-  let Al = new Uint32Array(len);
-  for (let i = 0; i < len; i++) {
-    const { h, l } = fromBig(lst[i], le);
-    [Ah[i], Al[i]] = [h, l];
-  }
-  return [Ah, Al];
-}
-var rotlSH = (h, l, s) => h << s | l >>> 32 - s;
-var rotlSL = (h, l, s) => l << s | h >>> 32 - s;
-var rotlBH = (h, l, s) => l << s - 32 | h >>> 64 - s;
-var rotlBL = (h, l, s) => h << s - 32 | l >>> 64 - s;
-function isBytes(a) {
-  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
-}
-function anumber(n) {
-  if (!Number.isSafeInteger(n) || n < 0)
-    throw new Error("positive integer expected, got " + n);
-}
-function abytes(b, ...lengths) {
-  if (!isBytes(b))
-    throw new Error("Uint8Array expected");
-  if (lengths.length > 0 && !lengths.includes(b.length))
-    throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
-}
-function aexists(instance, checkFinished = true) {
-  if (instance.destroyed)
-    throw new Error("Hash instance has been destroyed");
-  if (checkFinished && instance.finished)
-    throw new Error("Hash#digest() has already been called");
-}
-function aoutput(out, instance) {
-  abytes(out);
-  const min = instance.outputLen;
-  if (out.length < min) {
-    throw new Error("digestInto() expects output buffer of length at least " + min);
-  }
-}
-function u32(arr) {
-  return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
-}
-function clean(...arrays) {
-  for (let i = 0; i < arrays.length; i++) {
-    arrays[i].fill(0);
-  }
-}
-var isLE = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
-function byteSwap(word) {
-  return word << 24 & 4278190080 | word << 8 & 16711680 | word >>> 8 & 65280 | word >>> 24 & 255;
-}
-function byteSwap32(arr) {
-  for (let i = 0; i < arr.length; i++) {
-    arr[i] = byteSwap(arr[i]);
-  }
-  return arr;
-}
-var swap32IfBE = isLE ? (u) => u : byteSwap32;
-var hasHexBuiltin = /* @__PURE__ */ (() => typeof Uint8Array.from([]).toHex === "function" && typeof Uint8Array.fromHex === "function")();
-var hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
-function bytesToHex(bytes) {
-  abytes(bytes);
-  if (hasHexBuiltin)
-    return bytes.toHex();
-  let hex = "";
-  for (let i = 0; i < bytes.length; i++) {
-    hex += hexes[bytes[i]];
-  }
-  return hex;
-}
-function utf8ToBytes(str) {
-  if (typeof str !== "string")
-    throw new Error("string expected");
-  return new Uint8Array(new TextEncoder().encode(str));
-}
-function toBytes(data) {
-  if (typeof data === "string")
-    data = utf8ToBytes(data);
-  abytes(data);
-  return data;
-}
-var Hash = class {
-};
-function createHasher(hashCons) {
-  const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
-  const tmp = hashCons();
-  hashC.outputLen = tmp.outputLen;
-  hashC.blockLen = tmp.blockLen;
-  hashC.create = () => hashCons();
-  return hashC;
-}
-var _0n = BigInt(0);
-var _1n = BigInt(1);
-var _2n = BigInt(2);
-var _7n = BigInt(7);
-var _256n = BigInt(256);
-var _0x71n = BigInt(113);
-var SHA3_PI = [];
-var SHA3_ROTL = [];
-var _SHA3_IOTA = [];
-for (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {
-  [x, y] = [y, (2 * x + 3 * y) % 5];
-  SHA3_PI.push(2 * (5 * y + x));
-  SHA3_ROTL.push((round + 1) * (round + 2) / 2 % 64);
-  let t = _0n;
-  for (let j = 0; j < 7; j++) {
-    R = (R << _1n ^ (R >> _7n) * _0x71n) % _256n;
-    if (R & _2n)
-      t ^= _1n << (_1n << /* @__PURE__ */ BigInt(j)) - _1n;
-  }
-  _SHA3_IOTA.push(t);
-}
-var IOTAS = split(_SHA3_IOTA, true);
-var SHA3_IOTA_H = IOTAS[0];
-var SHA3_IOTA_L = IOTAS[1];
-var rotlH = (h, l, s) => s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s);
-var rotlL = (h, l, s) => s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s);
-function keccakP(s, rounds = 24) {
-  const B = new Uint32Array(5 * 2);
-  for (let round = 24 - rounds; round < 24; round++) {
-    for (let x = 0; x < 10; x++)
-      B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];
-    for (let x = 0; x < 10; x += 2) {
-      const idx1 = (x + 8) % 10;
-      const idx0 = (x + 2) % 10;
-      const B0 = B[idx0];
-      const B1 = B[idx0 + 1];
-      const Th = rotlH(B0, B1, 1) ^ B[idx1];
-      const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];
-      for (let y = 0; y < 50; y += 10) {
-        s[x + y] ^= Th;
-        s[x + y + 1] ^= Tl;
-      }
-    }
-    let curH = s[2];
-    let curL = s[3];
-    for (let t = 0; t < 24; t++) {
-      const shift = SHA3_ROTL[t];
-      const Th = rotlH(curH, curL, shift);
-      const Tl = rotlL(curH, curL, shift);
-      const PI = SHA3_PI[t];
-      curH = s[PI];
-      curL = s[PI + 1];
-      s[PI] = Th;
-      s[PI + 1] = Tl;
-    }
-    for (let y = 0; y < 50; y += 10) {
-      for (let x = 0; x < 10; x++)
-        B[x] = s[y + x];
-      for (let x = 0; x < 10; x++)
-        s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];
-    }
-    s[0] ^= SHA3_IOTA_H[round];
-    s[1] ^= SHA3_IOTA_L[round];
-  }
-  clean(B);
-}
-var Keccak = class _Keccak extends Hash {
-  constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {
-    super();
-    this.pos = 0;
-    this.posOut = 0;
-    this.finished = false;
-    this.destroyed = false;
-    this.enableXOF = false;
-    this.blockLen = blockLen;
-    this.suffix = suffix;
-    this.outputLen = outputLen;
-    this.enableXOF = enableXOF;
-    this.rounds = rounds;
-    anumber(outputLen);
-    if (!(0 < blockLen && blockLen < 200))
-      throw new Error("only keccak-f1600 function is supported");
-    this.state = new Uint8Array(200);
-    this.state32 = u32(this.state);
-  }
-  clone() {
-    return this._cloneInto();
-  }
-  keccak() {
-    swap32IfBE(this.state32);
-    keccakP(this.state32, this.rounds);
-    swap32IfBE(this.state32);
-    this.posOut = 0;
-    this.pos = 0;
-  }
-  update(data) {
-    aexists(this);
-    data = toBytes(data);
-    abytes(data);
-    const { blockLen, state } = this;
-    const len = data.length;
-    for (let pos = 0; pos < len; ) {
-      const take = Math.min(blockLen - this.pos, len - pos);
-      for (let i = 0; i < take; i++)
-        state[this.pos++] ^= data[pos++];
-      if (this.pos === blockLen)
-        this.keccak();
-    }
-    return this;
-  }
-  finish() {
-    if (this.finished)
-      return;
-    this.finished = true;
-    const { state, suffix, pos, blockLen } = this;
-    state[pos] ^= suffix;
-    if ((suffix & 128) !== 0 && pos === blockLen - 1)
-      this.keccak();
-    state[blockLen - 1] ^= 128;
-    this.keccak();
-  }
-  writeInto(out) {
-    aexists(this, false);
-    abytes(out);
-    this.finish();
-    const bufferOut = this.state;
-    const { blockLen } = this;
-    for (let pos = 0, len = out.length; pos < len; ) {
-      if (this.posOut >= blockLen)
-        this.keccak();
-      const take = Math.min(blockLen - this.posOut, len - pos);
-      out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);
-      this.posOut += take;
-      pos += take;
-    }
-    return out;
-  }
-  xofInto(out) {
-    if (!this.enableXOF)
-      throw new Error("XOF is not possible for this instance");
-    return this.writeInto(out);
-  }
-  xof(bytes) {
-    anumber(bytes);
-    return this.xofInto(new Uint8Array(bytes));
-  }
-  digestInto(out) {
-    aoutput(out, this);
-    if (this.finished)
-      throw new Error("digest() was already called");
-    this.writeInto(out);
-    this.destroy();
-    return out;
-  }
-  digest() {
-    return this.digestInto(new Uint8Array(this.outputLen));
-  }
-  destroy() {
-    this.destroyed = true;
-    clean(this.state);
-  }
-  _cloneInto(to) {
-    const { blockLen, suffix, outputLen, rounds, enableXOF } = this;
-    to || (to = new _Keccak(blockLen, suffix, outputLen, enableXOF, rounds));
-    to.state32.set(this.state32);
-    to.pos = this.pos;
-    to.posOut = this.posOut;
-    to.finished = this.finished;
-    to.rounds = rounds;
-    to.suffix = suffix;
-    to.outputLen = outputLen;
-    to.enableXOF = enableXOF;
-    to.destroyed = this.destroyed;
-    return to;
-  }
-};
-var gen = (suffix, blockLen, outputLen) => createHasher(() => new Keccak(blockLen, suffix, outputLen));
-var sha3_256 = /* @__PURE__ */ (() => gen(6, 136, 256 / 8))();
-function hash(content) {
-  const bytes = typeof content === "string" ? new TextEncoder().encode(content) : content;
-  return `sha3-256:${bytesToHex(sha3_256(bytes))}`;
-}
-function canonicalJson(obj) {
-  return JSON.stringify(obj, Object.keys(obj).sort());
-}
-function anumber2(n) {
-  if (!Number.isSafeInteger(n) || n < 0)
-    throw new Error("positive integer expected, got " + n);
-}
-function isBytes2(a) {
-  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
-}
-function abytes2(b, ...lengths) {
-  if (!isBytes2(b))
-    throw new Error("Uint8Array expected");
-  if (lengths.length > 0 && !lengths.includes(b.length))
-    throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
-}
-function aexists2(instance, checkFinished = true) {
-  if (instance.destroyed)
-    throw new Error("Hash instance has been destroyed");
-  if (checkFinished && instance.finished)
-    throw new Error("Hash#digest() has already been called");
-}
-function aoutput2(out, instance) {
-  abytes2(out);
-  const min = instance.outputLen;
-  if (out.length < min) {
-    throw new Error("digestInto() expects output buffer of length at least " + min);
-  }
-}
-var U32_MASK642 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
-var _32n2 = /* @__PURE__ */ BigInt(32);
-function fromBig2(n, le = false) {
-  if (le)
-    return { h: Number(n & U32_MASK642), l: Number(n >> _32n2 & U32_MASK642) };
-  return { h: Number(n >> _32n2 & U32_MASK642) | 0, l: Number(n & U32_MASK642) | 0 };
-}
-function split2(lst, le = false) {
-  let Ah = new Uint32Array(lst.length);
-  let Al = new Uint32Array(lst.length);
-  for (let i = 0; i < lst.length; i++) {
-    const { h, l } = fromBig2(lst[i], le);
-    [Ah[i], Al[i]] = [h, l];
-  }
-  return [Ah, Al];
-}
-var rotlSH2 = (h, l, s) => h << s | l >>> 32 - s;
-var rotlSL2 = (h, l, s) => l << s | h >>> 32 - s;
-var rotlBH2 = (h, l, s) => l << s - 32 | h >>> 64 - s;
-var rotlBL2 = (h, l, s) => h << s - 32 | l >>> 64 - s;
-var crypto2 = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : nc && typeof nc === "object" && "randomBytes" in nc ? nc : void 0;
-var u322 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
-var isLE2 = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
-var byteSwap2 = (word) => word << 24 & 4278190080 | word << 8 & 16711680 | word >>> 8 & 65280 | word >>> 24 & 255;
-function byteSwap322(arr) {
-  for (let i = 0; i < arr.length; i++) {
-    arr[i] = byteSwap2(arr[i]);
-  }
-}
-function utf8ToBytes2(str) {
-  if (typeof str !== "string")
-    throw new Error("utf8ToBytes expected string, got " + typeof str);
-  return new Uint8Array(new TextEncoder().encode(str));
-}
-function toBytes2(data) {
-  if (typeof data === "string")
-    data = utf8ToBytes2(data);
-  abytes2(data);
-  return data;
-}
-function concatBytes(...arrays) {
-  let sum = 0;
-  for (let i = 0; i < arrays.length; i++) {
-    const a = arrays[i];
-    abytes2(a);
-    sum += a.length;
-  }
-  const res = new Uint8Array(sum);
-  for (let i = 0, pad = 0; i < arrays.length; i++) {
-    const a = arrays[i];
-    res.set(a, pad);
-    pad += a.length;
-  }
-  return res;
-}
-var Hash2 = class {
-  clone() {
-    return this._cloneInto();
-  }
-};
-function wrapConstructor(hashCons) {
-  const hashC = (msg) => hashCons().update(toBytes2(msg)).digest();
-  const tmp = hashCons();
-  hashC.outputLen = tmp.outputLen;
-  hashC.blockLen = tmp.blockLen;
-  hashC.create = () => hashCons();
-  return hashC;
-}
-function wrapXOFConstructorWithOpts(hashCons) {
-  const hashC = (msg, opts) => hashCons(opts).update(toBytes2(msg)).digest();
-  const tmp = hashCons({});
-  hashC.outputLen = tmp.outputLen;
-  hashC.blockLen = tmp.blockLen;
-  hashC.create = (opts) => hashCons(opts);
-  return hashC;
-}
-function randomBytes(bytesLength = 32) {
-  if (crypto2 && typeof crypto2.getRandomValues === "function") {
-    return crypto2.getRandomValues(new Uint8Array(bytesLength));
-  }
-  if (crypto2 && typeof crypto2.randomBytes === "function") {
-    return crypto2.randomBytes(bytesLength);
-  }
-  throw new Error("crypto.getRandomValues must be defined");
-}
-var SHA3_PI2 = [];
-var SHA3_ROTL2 = [];
-var _SHA3_IOTA2 = [];
-var _0n2 = /* @__PURE__ */ BigInt(0);
-var _1n2 = /* @__PURE__ */ BigInt(1);
-var _2n2 = /* @__PURE__ */ BigInt(2);
-var _7n2 = /* @__PURE__ */ BigInt(7);
-var _256n2 = /* @__PURE__ */ BigInt(256);
-var _0x71n2 = /* @__PURE__ */ BigInt(113);
-for (let round = 0, R = _1n2, x = 1, y = 0; round < 24; round++) {
-  [x, y] = [y, (2 * x + 3 * y) % 5];
-  SHA3_PI2.push(2 * (5 * y + x));
-  SHA3_ROTL2.push((round + 1) * (round + 2) / 2 % 64);
-  let t = _0n2;
-  for (let j = 0; j < 7; j++) {
-    R = (R << _1n2 ^ (R >> _7n2) * _0x71n2) % _256n2;
-    if (R & _2n2)
-      t ^= _1n2 << (_1n2 << /* @__PURE__ */ BigInt(j)) - _1n2;
-  }
-  _SHA3_IOTA2.push(t);
-}
-var [SHA3_IOTA_H2, SHA3_IOTA_L2] = /* @__PURE__ */ split2(_SHA3_IOTA2, true);
-var rotlH2 = (h, l, s) => s > 32 ? rotlBH2(h, l, s) : rotlSH2(h, l, s);
-var rotlL2 = (h, l, s) => s > 32 ? rotlBL2(h, l, s) : rotlSL2(h, l, s);
-function keccakP2(s, rounds = 24) {
-  const B = new Uint32Array(5 * 2);
-  for (let round = 24 - rounds; round < 24; round++) {
-    for (let x = 0; x < 10; x++)
-      B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];
-    for (let x = 0; x < 10; x += 2) {
-      const idx1 = (x + 8) % 10;
-      const idx0 = (x + 2) % 10;
-      const B0 = B[idx0];
-      const B1 = B[idx0 + 1];
-      const Th = rotlH2(B0, B1, 1) ^ B[idx1];
-      const Tl = rotlL2(B0, B1, 1) ^ B[idx1 + 1];
-      for (let y = 0; y < 50; y += 10) {
-        s[x + y] ^= Th;
-        s[x + y + 1] ^= Tl;
-      }
-    }
-    let curH = s[2];
-    let curL = s[3];
-    for (let t = 0; t < 24; t++) {
-      const shift = SHA3_ROTL2[t];
-      const Th = rotlH2(curH, curL, shift);
-      const Tl = rotlL2(curH, curL, shift);
-      const PI = SHA3_PI2[t];
-      curH = s[PI];
-      curL = s[PI + 1];
-      s[PI] = Th;
-      s[PI + 1] = Tl;
-    }
-    for (let y = 0; y < 50; y += 10) {
-      for (let x = 0; x < 10; x++)
-        B[x] = s[y + x];
-      for (let x = 0; x < 10; x++)
-        s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];
-    }
-    s[0] ^= SHA3_IOTA_H2[round];
-    s[1] ^= SHA3_IOTA_L2[round];
-  }
-  B.fill(0);
-}
-var Keccak2 = class _Keccak2 extends Hash2 {
-  constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {
-    super();
-    this.blockLen = blockLen;
-    this.suffix = suffix;
-    this.outputLen = outputLen;
-    this.enableXOF = enableXOF;
-    this.rounds = rounds;
-    this.pos = 0;
-    this.posOut = 0;
-    this.finished = false;
-    this.destroyed = false;
-    anumber2(outputLen);
-    if (0 >= this.blockLen || this.blockLen >= 200)
-      throw new Error("Sha3 supports only keccak-f1600 function");
-    this.state = new Uint8Array(200);
-    this.state32 = u322(this.state);
-  }
-  keccak() {
-    if (!isLE2)
-      byteSwap322(this.state32);
-    keccakP2(this.state32, this.rounds);
-    if (!isLE2)
-      byteSwap322(this.state32);
-    this.posOut = 0;
-    this.pos = 0;
-  }
-  update(data) {
-    aexists2(this);
-    const { blockLen, state } = this;
-    data = toBytes2(data);
-    const len = data.length;
-    for (let pos = 0; pos < len; ) {
-      const take = Math.min(blockLen - this.pos, len - pos);
-      for (let i = 0; i < take; i++)
-        state[this.pos++] ^= data[pos++];
-      if (this.pos === blockLen)
-        this.keccak();
-    }
-    return this;
-  }
-  finish() {
-    if (this.finished)
-      return;
-    this.finished = true;
-    const { state, suffix, pos, blockLen } = this;
-    state[pos] ^= suffix;
-    if ((suffix & 128) !== 0 && pos === blockLen - 1)
-      this.keccak();
-    state[blockLen - 1] ^= 128;
-    this.keccak();
-  }
-  writeInto(out) {
-    aexists2(this, false);
-    abytes2(out);
-    this.finish();
-    const bufferOut = this.state;
-    const { blockLen } = this;
-    for (let pos = 0, len = out.length; pos < len; ) {
-      if (this.posOut >= blockLen)
-        this.keccak();
-      const take = Math.min(blockLen - this.posOut, len - pos);
-      out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);
-      this.posOut += take;
-      pos += take;
-    }
-    return out;
-  }
-  xofInto(out) {
-    if (!this.enableXOF)
-      throw new Error("XOF is not possible for this instance");
-    return this.writeInto(out);
-  }
-  xof(bytes) {
-    anumber2(bytes);
-    return this.xofInto(new Uint8Array(bytes));
-  }
-  digestInto(out) {
-    aoutput2(out, this);
-    if (this.finished)
-      throw new Error("digest() was already called");
-    this.writeInto(out);
-    this.destroy();
-    return out;
-  }
-  digest() {
-    return this.digestInto(new Uint8Array(this.outputLen));
-  }
-  destroy() {
-    this.destroyed = true;
-    this.state.fill(0);
-  }
-  _cloneInto(to) {
-    const { blockLen, suffix, outputLen, rounds, enableXOF } = this;
-    to || (to = new _Keccak2(blockLen, suffix, outputLen, enableXOF, rounds));
-    to.state32.set(this.state32);
-    to.pos = this.pos;
-    to.posOut = this.posOut;
-    to.finished = this.finished;
-    to.rounds = rounds;
-    to.suffix = suffix;
-    to.outputLen = outputLen;
-    to.enableXOF = enableXOF;
-    to.destroyed = this.destroyed;
-    return to;
-  }
-};
-var gen2 = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak2(blockLen, suffix, outputLen));
-var sha3_224 = /* @__PURE__ */ gen2(6, 144, 224 / 8);
-var sha3_2562 = /* @__PURE__ */ gen2(6, 136, 256 / 8);
-var sha3_384 = /* @__PURE__ */ gen2(6, 104, 384 / 8);
-var sha3_512 = /* @__PURE__ */ gen2(6, 72, 512 / 8);
-var keccak_224 = /* @__PURE__ */ gen2(1, 144, 224 / 8);
-var keccak_256 = /* @__PURE__ */ gen2(1, 136, 256 / 8);
-var keccak_384 = /* @__PURE__ */ gen2(1, 104, 384 / 8);
-var keccak_512 = /* @__PURE__ */ gen2(1, 72, 512 / 8);
-var genShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => new Keccak2(blockLen, suffix, opts.dkLen === void 0 ? outputLen : opts.dkLen, true));
-var shake128 = /* @__PURE__ */ genShake(31, 168, 128 / 8);
-var shake256 = /* @__PURE__ */ genShake(31, 136, 256 / 8);
-var ensureBytes = abytes2;
-var randomBytes2 = randomBytes;
-function equalBytes(a, b) {
-  if (a.length !== b.length)
-    return false;
-  let diff = 0;
-  for (let i = 0; i < a.length; i++)
-    diff |= a[i] ^ b[i];
-  return diff === 0;
-}
-function splitCoder(...lengths) {
-  const getLength = (c2) => typeof c2 === "number" ? c2 : c2.bytesLen;
-  const bytesLen = lengths.reduce((sum, a) => sum + getLength(a), 0);
-  return {
-    bytesLen,
-    encode: (bufs) => {
-      const res = new Uint8Array(bytesLen);
-      for (let i = 0, pos = 0; i < lengths.length; i++) {
-        const c2 = lengths[i];
-        const l = getLength(c2);
-        const b = typeof c2 === "number" ? bufs[i] : c2.encode(bufs[i]);
-        ensureBytes(b, l);
-        res.set(b, pos);
-        if (typeof c2 !== "number")
-          b.fill(0);
-        pos += l;
-      }
-      return res;
-    },
-    decode: (buf) => {
-      ensureBytes(buf, bytesLen);
-      const res = [];
-      for (const c2 of lengths) {
-        const l = getLength(c2);
-        const b = buf.subarray(0, l);
-        res.push(typeof c2 === "number" ? b : c2.decode(b));
-        buf = buf.subarray(l);
-      }
-      return res;
-    }
-  };
-}
-function vecCoder(c2, vecLen) {
-  const bytesLen = vecLen * c2.bytesLen;
-  return {
-    bytesLen,
-    encode: (u) => {
-      if (u.length !== vecLen)
-        throw new Error(`vecCoder.encode: wrong length=${u.length}. Expected: ${vecLen}`);
-      const res = new Uint8Array(bytesLen);
-      for (let i = 0, pos = 0; i < u.length; i++) {
-        const b = c2.encode(u[i]);
-        res.set(b, pos);
-        b.fill(0);
-        pos += b.length;
-      }
-      return res;
-    },
-    decode: (a) => {
-      ensureBytes(a, bytesLen);
-      const r = [];
-      for (let i = 0; i < a.length; i += c2.bytesLen)
-        r.push(c2.decode(a.subarray(i, i + c2.bytesLen)));
-      return r;
-    }
-  };
-}
-function cleanBytes(...list) {
-  for (const t of list) {
-    if (Array.isArray(t))
-      for (const b of t)
-        b.fill(0);
-    else
-      t.fill(0);
-  }
-}
-function getMask(bits) {
-  return (1 << bits) - 1;
-}
-function bitReversal(n, bits = 8) {
-  const padded = n.toString(2).padStart(8, "0");
-  const sliced = padded.slice(-bits).padStart(7, "0");
-  const revrsd = sliced.split("").reverse().join("");
-  return Number.parseInt(revrsd, 2);
-}
-var genCrystals = (opts) => {
-  const { newPoly: newPoly2, N: N2, Q: Q2, F: F2, ROOT_OF_UNITY: ROOT_OF_UNITY2, brvBits, isKyber } = opts;
-  const mod2 = (a, modulo = Q2) => {
-    const result = a % modulo | 0;
-    return (result >= 0 ? result | 0 : modulo + result | 0) | 0;
-  };
-  const smod2 = (a, modulo = Q2) => {
-    const r = mod2(a, modulo) | 0;
-    return (r > modulo >> 1 ? r - modulo | 0 : r) | 0;
-  };
-  function getZettas() {
-    const out = newPoly2(N2);
-    for (let i = 0; i < N2; i++) {
-      const b = bitReversal(i, brvBits);
-      const p = BigInt(ROOT_OF_UNITY2) ** BigInt(b) % BigInt(Q2);
-      out[i] = Number(p) | 0;
-    }
-    return out;
-  }
-  const nttZetas = getZettas();
-  const LEN1 = isKyber ? 128 : N2;
-  const LEN2 = isKyber ? 1 : 0;
-  const NTT2 = {
-    encode: (r) => {
-      for (let k = 1, len = 128; len > LEN2; len >>= 1) {
-        for (let start = 0; start < N2; start += 2 * len) {
-          const zeta = nttZetas[k++];
-          for (let j = start; j < start + len; j++) {
-            const t = mod2(zeta * r[j + len]);
-            r[j + len] = mod2(r[j] - t) | 0;
-            r[j] = mod2(r[j] + t) | 0;
-          }
-        }
-      }
-      return r;
-    },
-    decode: (r) => {
-      for (let k = LEN1 - 1, len = 1 + LEN2; len < LEN1 + LEN2; len <<= 1) {
-        for (let start = 0; start < N2; start += 2 * len) {
-          const zeta = nttZetas[k--];
-          for (let j = start; j < start + len; j++) {
-            const t = r[j];
-            r[j] = mod2(t + r[j + len]);
-            r[j + len] = mod2(zeta * (r[j + len] - t));
-          }
-        }
-      }
-      for (let i = 0; i < r.length; i++)
-        r[i] = mod2(F2 * r[i]);
-      return r;
-    }
-  };
-  const bitsCoder2 = (d, c2) => {
-    const mask = getMask(d);
-    const bytesLen = d * (N2 / 8);
-    return {
-      bytesLen,
-      encode: (poly) => {
-        const r = new Uint8Array(bytesLen);
-        for (let i = 0, buf = 0, bufLen = 0, pos = 0; i < poly.length; i++) {
-          buf |= (c2.encode(poly[i]) & mask) << bufLen;
-          bufLen += d;
-          for (; bufLen >= 8; bufLen -= 8, buf >>= 8)
-            r[pos++] = buf & getMask(bufLen);
-        }
-        return r;
-      },
-      decode: (bytes) => {
-        const r = newPoly2(N2);
-        for (let i = 0, buf = 0, bufLen = 0, pos = 0; i < bytes.length; i++) {
-          buf |= bytes[i] << bufLen;
-          bufLen += 8;
-          for (; bufLen >= d; bufLen -= d, buf >>= d)
-            r[pos++] = c2.decode(buf & mask);
-        }
-        return r;
-      }
-    };
-  };
-  return { mod: mod2, smod: smod2, nttZetas, NTT: NTT2, bitsCoder: bitsCoder2 };
-};
-var createXofShake = (shake) => (seed, blockLen) => {
-  if (!blockLen)
-    blockLen = shake.blockLen;
-  const _seed = new Uint8Array(seed.length + 2);
-  _seed.set(seed);
-  const seedLen = seed.length;
-  const buf = new Uint8Array(blockLen);
-  let h = shake.create({});
-  let calls = 0;
-  let xofs = 0;
-  return {
-    stats: () => ({ calls, xofs }),
-    get: (x, y) => {
-      _seed[seedLen + 0] = x;
-      _seed[seedLen + 1] = y;
-      h.destroy();
-      h = shake.create({}).update(_seed);
-      calls++;
-      return () => {
-        xofs++;
-        return h.xofInto(buf);
-      };
-    },
-    clean: () => {
-      h.destroy();
-      buf.fill(0);
-      _seed.fill(0);
-    }
-  };
-};
-var XOF128 = /* @__PURE__ */ createXofShake(shake128);
-var XOF256 = /* @__PURE__ */ createXofShake(shake256);
-var N = 256;
-var Q = 8380417;
-var ROOT_OF_UNITY = 1753;
-var F = 8347681;
-var D = 13;
-var GAMMA2_1 = Math.floor((Q - 1) / 88) | 0;
-var GAMMA2_2 = Math.floor((Q - 1) / 32) | 0;
-var PARAMS = {
-  2: { K: 4, L: 4, D, GAMMA1: 2 ** 17, GAMMA2: GAMMA2_1, TAU: 39, ETA: 2, OMEGA: 80 },
-  3: { K: 6, L: 5, D, GAMMA1: 2 ** 19, GAMMA2: GAMMA2_2, TAU: 49, ETA: 4, OMEGA: 55 },
-  5: { K: 8, L: 7, D, GAMMA1: 2 ** 19, GAMMA2: GAMMA2_2, TAU: 60, ETA: 2, OMEGA: 75 }
-};
-var newPoly = (n) => new Int32Array(n);
-var { mod, smod, NTT, bitsCoder } = genCrystals({
-  N,
-  Q,
-  F,
-  ROOT_OF_UNITY,
-  newPoly,
-  isKyber: false,
-  brvBits: 8
-});
-var id = (n) => n;
-var polyCoder = (d, compress = id, verify = id) => bitsCoder(d, {
-  encode: (i) => compress(verify(i)),
-  decode: (i) => verify(compress(i))
-});
-var polyAdd = (a, b) => {
-  for (let i = 0; i < a.length; i++)
-    a[i] = mod(a[i] + b[i]);
-  return a;
-};
-var polySub = (a, b) => {
-  for (let i = 0; i < a.length; i++)
-    a[i] = mod(a[i] - b[i]);
-  return a;
-};
-var polyShiftl = (p) => {
-  for (let i = 0; i < N; i++)
-    p[i] <<= D;
-  return p;
-};
-var polyChknorm = (p, B) => {
-  for (let i = 0; i < N; i++)
-    if (Math.abs(smod(p[i])) >= B)
-      return true;
-  return false;
-};
-var MultiplyNTTs = (a, b) => {
-  const c2 = newPoly(N);
-  for (let i = 0; i < a.length; i++)
-    c2[i] = mod(a[i] * b[i]);
-  return c2;
-};
-function RejNTTPoly(xof) {
-  const r = newPoly(N);
-  for (let j = 0; j < N; ) {
-    const b = xof();
-    if (b.length % 3)
-      throw new Error("RejNTTPoly: unaligned block");
-    for (let i = 0; j < N && i <= b.length - 3; i += 3) {
-      const t = (b[i + 0] | b[i + 1] << 8 | b[i + 2] << 16) & 8388607;
-      if (t < Q)
-        r[j++] = t;
-    }
-  }
-  return r;
-}
-var EMPTY = new Uint8Array(0);
-function getDilithium(opts) {
-  const { K, L, GAMMA1, GAMMA2, TAU, ETA, OMEGA } = opts;
-  const { CRH_BYTES, TR_BYTES, C_TILDE_BYTES, XOF128: XOF1282, XOF256: XOF2562 } = opts;
-  if (![2, 4].includes(ETA))
-    throw new Error("Wrong ETA");
-  if (![1 << 17, 1 << 19].includes(GAMMA1))
-    throw new Error("Wrong GAMMA1");
-  if (![GAMMA2_1, GAMMA2_2].includes(GAMMA2))
-    throw new Error("Wrong GAMMA2");
-  const BETA = TAU * ETA;
-  const decompose = (r) => {
-    const rPlus = mod(r);
-    const r0 = smod(rPlus, 2 * GAMMA2) | 0;
-    if (rPlus - r0 === Q - 1)
-      return { r1: 0 | 0, r0: r0 - 1 | 0 };
-    const r1 = Math.floor((rPlus - r0) / (2 * GAMMA2)) | 0;
-    return { r1, r0 };
-  };
-  const HighBits = (r) => decompose(r).r1;
-  const LowBits = (r) => decompose(r).r0;
-  const MakeHint = (z, r) => {
-    const res0 = z <= GAMMA2 || z > Q - GAMMA2 || z === Q - GAMMA2 && r === 0 ? 0 : 1;
-    return res0;
-  };
-  const UseHint = (h, r) => {
-    const m = Math.floor((Q - 1) / (2 * GAMMA2));
-    const { r1, r0 } = decompose(r);
-    if (h === 1)
-      return r0 > 0 ? mod(r1 + 1, m) | 0 : mod(r1 - 1, m) | 0;
-    return r1 | 0;
-  };
-  const Power2Round = (r) => {
-    const rPlus = mod(r);
-    const r0 = smod(rPlus, 2 ** D) | 0;
-    return { r1: Math.floor((rPlus - r0) / 2 ** D) | 0, r0 };
-  };
-  const hintCoder = {
-    bytesLen: OMEGA + K,
-    encode: (h) => {
-      if (h === false)
-        throw new Error("hint.encode: hint is false");
-      const res = new Uint8Array(OMEGA + K);
-      for (let i = 0, k = 0; i < K; i++) {
-        for (let j = 0; j < N; j++)
-          if (h[i][j] !== 0)
-            res[k++] = j;
-        res[OMEGA + i] = k;
-      }
-      return res;
-    },
-    decode: (buf) => {
-      const h = [];
-      let k = 0;
-      for (let i = 0; i < K; i++) {
-        const hi = newPoly(N);
-        if (buf[OMEGA + i] < k || buf[OMEGA + i] > OMEGA)
-          return false;
-        for (let j = k; j < buf[OMEGA + i]; j++) {
-          if (j > k && buf[j] <= buf[j - 1])
-            return false;
-          hi[buf[j]] = 1;
-        }
-        k = buf[OMEGA + i];
-        h.push(hi);
-      }
-      for (let j = k; j < OMEGA; j++)
-        if (buf[j] !== 0)
-          return false;
-      return h;
-    }
-  };
-  const ETACoder = polyCoder(ETA === 2 ? 3 : 4, (i) => ETA - i, (i) => {
-    if (!(-ETA <= i && i <= ETA))
-      throw new Error(`malformed key s1/s3 ${i} outside of ETA range [${-ETA}, ${ETA}]`);
-    return i;
-  });
-  const T0Coder = polyCoder(13, (i) => (1 << D - 1) - i);
-  const T1Coder = polyCoder(10);
-  const ZCoder = polyCoder(GAMMA1 === 1 << 17 ? 18 : 20, (i) => smod(GAMMA1 - i));
-  const W1Coder = polyCoder(GAMMA2 === GAMMA2_1 ? 6 : 4);
-  const W1Vec = vecCoder(W1Coder, K);
-  const publicCoder = splitCoder(32, vecCoder(T1Coder, K));
-  const secretCoder = splitCoder(32, 32, TR_BYTES, vecCoder(ETACoder, L), vecCoder(ETACoder, K), vecCoder(T0Coder, K));
-  const sigCoder = splitCoder(C_TILDE_BYTES, vecCoder(ZCoder, L), hintCoder);
-  const CoefFromHalfByte = ETA === 2 ? (n) => n < 15 ? 2 - n % 5 : false : (n) => n < 9 ? 4 - n : false;
-  function RejBoundedPoly(xof) {
-    const r = newPoly(N);
-    for (let j = 0; j < N; ) {
-      const b = xof();
-      for (let i = 0; j < N && i < b.length; i += 1) {
-        const d1 = CoefFromHalfByte(b[i] & 15);
-        const d2 = CoefFromHalfByte(b[i] >> 4 & 15);
-        if (d1 !== false)
-          r[j++] = d1;
-        if (j < N && d2 !== false)
-          r[j++] = d2;
-      }
-    }
-    return r;
-  }
-  const SampleInBall = (seed) => {
-    const pre = newPoly(N);
-    const s = shake256.create({}).update(seed);
-    const buf = new Uint8Array(shake256.blockLen);
-    s.xofInto(buf);
-    const masks = buf.slice(0, 8);
-    for (let i = N - TAU, pos = 8, maskPos = 0, maskBit = 0; i < N; i++) {
-      let b = i + 1;
-      for (; b > i; ) {
-        b = buf[pos++];
-        if (pos < shake256.blockLen)
-          continue;
-        s.xofInto(buf);
-        pos = 0;
-      }
-      pre[i] = pre[b];
-      pre[b] = 1 - ((masks[maskPos] >> maskBit++ & 1) << 1);
-      if (maskBit >= 8) {
-        maskPos++;
-        maskBit = 0;
-      }
-    }
-    return pre;
-  };
-  const polyPowerRound = (p) => {
-    const res0 = newPoly(N);
-    const res1 = newPoly(N);
-    for (let i = 0; i < p.length; i++) {
-      const { r0, r1 } = Power2Round(p[i]);
-      res0[i] = r0;
-      res1[i] = r1;
-    }
-    return { r0: res0, r1: res1 };
-  };
-  const polyUseHint = (u, h) => {
-    for (let i = 0; i < N; i++)
-      u[i] = UseHint(h[i], u[i]);
-    return u;
-  };
-  const polyMakeHint = (a, b) => {
-    const v = newPoly(N);
-    let cnt = 0;
-    for (let i = 0; i < N; i++) {
-      const h = MakeHint(a[i], b[i]);
-      v[i] = h;
-      cnt += h;
-    }
-    return { v, cnt };
-  };
-  const signRandBytes = 32;
-  const seedCoder = splitCoder(32, 64, 32);
-  const internal = {
-    signRandBytes,
-    keygen: (seed = randomBytes2(32)) => {
-      const seedDst = new Uint8Array(32 + 2);
-      seedDst.set(seed);
-      seedDst[32] = K;
-      seedDst[33] = L;
-      const [rho, rhoPrime, K_] = seedCoder.decode(shake256(seedDst, { dkLen: seedCoder.bytesLen }));
-      const xofPrime = XOF2562(rhoPrime);
-      const s1 = [];
-      for (let i = 0; i < L; i++)
-        s1.push(RejBoundedPoly(xofPrime.get(i & 255, i >> 8 & 255)));
-      const s2 = [];
-      for (let i = L; i < L + K; i++)
-        s2.push(RejBoundedPoly(xofPrime.get(i & 255, i >> 8 & 255)));
-      const s1Hat = s1.map((i) => NTT.encode(i.slice()));
-      const t0 = [];
-      const t1 = [];
-      const xof = XOF1282(rho);
-      const t = newPoly(N);
-      for (let i = 0; i < K; i++) {
-        t.fill(0);
-        for (let j = 0; j < L; j++) {
-          const aij = RejNTTPoly(xof.get(j, i));
-          polyAdd(t, MultiplyNTTs(aij, s1Hat[j]));
-        }
-        NTT.decode(t);
-        const { r0, r1 } = polyPowerRound(polyAdd(t, s2[i]));
-        t0.push(r0);
-        t1.push(r1);
-      }
-      const publicKey = publicCoder.encode([rho, t1]);
-      const tr = shake256(publicKey, { dkLen: TR_BYTES });
-      const secretKey = secretCoder.encode([rho, K_, tr, s1, s2, t0]);
-      xof.clean();
-      xofPrime.clean();
-      cleanBytes(rho, rhoPrime, K_, s1, s2, s1Hat, t, t0, t1, tr, seedDst);
-      return { publicKey, secretKey };
-    },
-    sign: (secretKey, msg, random) => {
-      const [rho, _K, tr, s1, s2, t0] = secretCoder.decode(secretKey);
-      const A = [];
-      const xof = XOF1282(rho);
-      for (let i = 0; i < K; i++) {
-        const pv = [];
-        for (let j = 0; j < L; j++)
-          pv.push(RejNTTPoly(xof.get(j, i)));
-        A.push(pv);
-      }
-      xof.clean();
-      for (let i = 0; i < L; i++)
-        NTT.encode(s1[i]);
-      for (let i = 0; i < K; i++) {
-        NTT.encode(s2[i]);
-        NTT.encode(t0[i]);
-      }
-      const mu = shake256.create({ dkLen: CRH_BYTES }).update(tr).update(msg).digest();
-      const rnd = random ? random : new Uint8Array(32);
-      ensureBytes(rnd);
-      const rhoprime = shake256.create({ dkLen: CRH_BYTES }).update(_K).update(rnd).update(mu).digest();
-      ensureBytes(rhoprime, CRH_BYTES);
-      const x256 = XOF2562(rhoprime, ZCoder.bytesLen);
-      main_loop:
-        for (let kappa = 0; ; ) {
-          const y = [];
-          for (let i = 0; i < L; i++, kappa++)
-            y.push(ZCoder.decode(x256.get(kappa & 255, kappa >> 8)()));
-          const z = y.map((i) => NTT.encode(i.slice()));
-          const w = [];
-          for (let i = 0; i < K; i++) {
-            const wi = newPoly(N);
-            for (let j = 0; j < L; j++)
-              polyAdd(wi, MultiplyNTTs(A[i][j], z[j]));
-            NTT.decode(wi);
-            w.push(wi);
-          }
-          const w1 = w.map((j) => j.map(HighBits));
-          const cTilde = shake256.create({ dkLen: C_TILDE_BYTES }).update(mu).update(W1Vec.encode(w1)).digest();
-          const cHat = NTT.encode(SampleInBall(cTilde));
-          const cs1 = s1.map((i) => MultiplyNTTs(i, cHat));
-          for (let i = 0; i < L; i++) {
-            polyAdd(NTT.decode(cs1[i]), y[i]);
-            if (polyChknorm(cs1[i], GAMMA1 - BETA))
-              continue main_loop;
-          }
-          let cnt = 0;
-          const h = [];
-          for (let i = 0; i < K; i++) {
-            const cs2 = NTT.decode(MultiplyNTTs(s2[i], cHat));
-            const r0 = polySub(w[i], cs2).map(LowBits);
-            if (polyChknorm(r0, GAMMA2 - BETA))
-              continue main_loop;
-            const ct0 = NTT.decode(MultiplyNTTs(t0[i], cHat));
-            if (polyChknorm(ct0, GAMMA2))
-              continue main_loop;
-            polyAdd(r0, ct0);
-            const hint = polyMakeHint(r0, w1[i]);
-            h.push(hint.v);
-            cnt += hint.cnt;
-          }
-          if (cnt > OMEGA)
-            continue;
-          x256.clean();
-          const res = sigCoder.encode([cTilde, cs1, h]);
-          cleanBytes(cTilde, cs1, h, cHat, w1, w, z, y, rhoprime, mu, s1, s2, t0, ...A);
-          return res;
-        }
-      throw new Error("Unreachable code path reached, report this error");
-    },
-    verify: (publicKey, msg, sig) => {
-      const [rho, t1] = publicCoder.decode(publicKey);
-      const tr = shake256(publicKey, { dkLen: TR_BYTES });
-      if (sig.length !== sigCoder.bytesLen)
-        return false;
-      const [cTilde, z, h] = sigCoder.decode(sig);
-      if (h === false)
-        return false;
-      for (let i = 0; i < L; i++)
-        if (polyChknorm(z[i], GAMMA1 - BETA))
-          return false;
-      const mu = shake256.create({ dkLen: CRH_BYTES }).update(tr).update(msg).digest();
-      const c2 = NTT.encode(SampleInBall(cTilde));
-      const zNtt = z.map((i) => i.slice());
-      for (let i = 0; i < L; i++)
-        NTT.encode(zNtt[i]);
-      const wTick1 = [];
-      const xof = XOF1282(rho);
-      for (let i = 0; i < K; i++) {
-        const ct12d = MultiplyNTTs(NTT.encode(polyShiftl(t1[i])), c2);
-        const Az = newPoly(N);
-        for (let j = 0; j < L; j++) {
-          const aij = RejNTTPoly(xof.get(j, i));
-          polyAdd(Az, MultiplyNTTs(aij, zNtt[j]));
-        }
-        const wApprox = NTT.decode(polySub(Az, ct12d));
-        wTick1.push(polyUseHint(wApprox, h[i]));
-      }
-      xof.clean();
-      const c22 = shake256.create({ dkLen: C_TILDE_BYTES }).update(mu).update(W1Vec.encode(wTick1)).digest();
-      for (const t of h) {
-        const sum = t.reduce((acc, i) => acc + i, 0);
-        if (!(sum <= OMEGA))
-          return false;
-      }
-      for (const t of z)
-        if (polyChknorm(t, GAMMA1 - BETA))
-          return false;
-      return equalBytes(cTilde, c22);
-    }
-  };
-  const getMessage = (msg, ctx = EMPTY) => {
-    ensureBytes(msg);
-    ensureBytes(ctx);
-    if (ctx.length > 255)
-      throw new Error("context should be less than 255 bytes");
-    return concatBytes(new Uint8Array([0, ctx.length]), ctx, msg);
-  };
-  return {
-    internal,
-    keygen: internal.keygen,
-    signRandBytes: internal.signRandBytes,
-    sign: (secretKey, msg, ctx = EMPTY, random) => {
-      const M = getMessage(msg, ctx);
-      const res = internal.sign(secretKey, M, random);
-      M.fill(0);
-      return res;
-    },
-    verify: (publicKey, msg, sig, ctx = EMPTY) => {
-      return internal.verify(publicKey, getMessage(msg, ctx), sig);
-    }
-  };
-}
-var ml_dsa44 = /* @__PURE__ */ getDilithium({
-  ...PARAMS[2],
-  CRH_BYTES: 64,
-  TR_BYTES: 64,
-  C_TILDE_BYTES: 32,
-  XOF128,
-  XOF256
-});
-var ml_dsa65 = /* @__PURE__ */ getDilithium({
-  ...PARAMS[3],
-  CRH_BYTES: 64,
-  TR_BYTES: 64,
-  C_TILDE_BYTES: 48,
-  XOF128,
-  XOF256
-});
-var ml_dsa87 = /* @__PURE__ */ getDilithium({
-  ...PARAMS[5],
-  CRH_BYTES: 64,
-  TR_BYTES: 64,
-  C_TILDE_BYTES: 64,
-  XOF128,
-  XOF256
-});
-function toBase64(bytes) {
-  let binary = "";
-  for (const byte of bytes)
-    binary += String.fromCharCode(byte);
-  return btoa(binary);
-}
-function fromBase64(b64) {
-  return Uint8Array.from(atob(b64), (c2) => c2.charCodeAt(0));
-}
-function sign(privateKey, message) {
-  const secretKey = fromBase64(privateKey);
-  const msg = new TextEncoder().encode(message);
-  const signature = ml_dsa65.sign(secretKey, msg);
-  return toBase64(signature);
-}
-var XMP_NS = "http://ns.adobe.com/xap/1.0/\0";
-var XMP_NS_BYTES = new TextEncoder().encode(XMP_NS);
 function toUint8Array(content) {
   if (typeof content === "string")
     return new TextEncoder().encode(content);
@@ -1365,38 +134,23 @@ function toUint8Array(content) {
 }
 async function signContent(baseUrl, apiKey, input) {
   const bytes = toUint8Array(input.content);
-  const contentHash = hash(bytes);
-  const watermarkId = input.watermarkId ?? crypto.randomUUID();
-  const signedAt = (/* @__PURE__ */ new Date()).toISOString();
-  const signedPayload = {
-    generator_id: input.generatorId,
-    model: input.model,
-    content_hash: contentHash,
-    watermark_id: watermarkId,
-    signed_at: signedAt
-  };
-  const message = canonicalJson(signedPayload);
-  const signature = sign(input.privateKey, message);
-  const res = await fetch(`${baseUrl}/v1/records`, {
+  const form = new FormData();
+  form.append("image", new Blob([bytes]), "image");
+  form.append("model", input.model);
+  form.append("generator_id", input.generatorId);
+  const res = await fetch(`${baseUrl}/v1/sign`, {
     method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      Authorization: `Bearer ${apiKey}`
-    },
-    body: JSON.stringify({
-      watermark_id: watermarkId,
-      generator_id: input.generatorId,
-      model: input.model,
-      content_hash: contentHash,
-      signature,
-      signed_payload: signedPayload
-    })
+    headers: { Authorization: `Bearer ${apiKey}` },
+    body: form
   });
   if (!res.ok) {
     const err2 = await res.json().catch(() => ({}));
     throw new Error(err2.error ?? `HTTP ${res.status}`);
   }
-  return res.json();
+  const token = res.headers.get("X-Certivu-Token") ?? "";
+  const record_id = res.headers.get("X-Certivu-Record-Id") ?? "";
+  const watermarkedContent = new Uint8Array(await res.arrayBuffer());
+  return { token, record_id, watermarkedContent };
 }
 function toUint8Array2(content) {
   if (typeof content === "string")
@@ -1452,21 +206,16 @@ var CertivuClient = class {
   apiKey;
   baseUrl;
   generatorId;
-  privateKey;
   constructor(config) {
     this.apiKey = config.apiKey;
     this.baseUrl = (config.baseUrl ?? "https://api.certivu.ai").replace(/\/$/, "");
     this.generatorId = config.generatorId;
-    this.privateKey = config.privateKey;
   }
   async sign(input) {
     const generatorId = input.generatorId ?? this.generatorId;
-    const privateKey = input.privateKey ?? this.privateKey;
     if (!generatorId)
       throw new Error("generatorId is required for sign (provide in config or input)");
-    if (!privateKey)
-      throw new Error("privateKey is required for sign (provide in config or input)");
-    return signContent(this.baseUrl, this.apiKey, { ...input, generatorId, privateKey });
+    return signContent(this.baseUrl, this.apiKey, { ...input, generatorId });
   }
   async verify(input) {
     return verifyContent(this.baseUrl, this.apiKey, input);
@@ -1477,8 +226,8 @@ var CertivuClient = class {
   async getAuditLog(options) {
     return getAuditLog(this.baseUrl, this.apiKey, options);
   }
-  async getTokenStatus(token2) {
-    const res = await fetch(`${this.baseUrl}/v1/verify/status/${encodeURIComponent(token2)}`);
+  async getTokenStatus(token) {
+    const res = await fetch(`${this.baseUrl}/v1/verify/status/${encodeURIComponent(token)}`);
     if (!res.ok) {
       const err2 = await res.json().catch(() => ({}));
       throw new Error(err2.error ?? `HTTP ${res.status}`);
@@ -1493,10 +242,8 @@ async function signCommand(filePath, flags) {
   const config = await loadConfig();
   const apiKey = flags.apiKey ?? config.apiKey;
   const generatorId = flags.generatorId ?? config.generatorId;
-  const privateKey = flags.privateKey ?? config.privateKey;
   if (!apiKey) die("API key required. Set CERTIVU_API_KEY or run: certivu config set api-key <key>");
   if (!generatorId) die("Generator ID required. Set CERTIVU_GENERATOR_ID or run: certivu config set generator-id <id>");
-  if (!privateKey) die("Private key required. Set CERTIVU_PRIVATE_KEY or run: certivu config set private-key <key>");
   let content;
   try {
     content = new Uint8Array((0, import_node_fs2.readFileSync)(filePath));
@@ -1506,20 +253,26 @@ async function signCommand(filePath, flags) {
   const clientConfig = {
     apiKey,
     generatorId,
-    privateKey,
     ...flags.baseUrl || config.baseUrl ? { baseUrl: flags.baseUrl ?? config.baseUrl } : {}
   };
   const client = new CertivuClient(clientConfig);
   let result;
   try {
-    result = await client.sign({ content, model: flags.model, generatorId, privateKey });
+    result = await client.sign({ content, model: flags.model, generatorId });
   } catch (e) {
     const msg = e instanceof Error ? e.message : String(e);
     die(`Sign failed: ${msg}`);
   }
+  const outPath = flags.output ?? (filePath.replace(/(\.[^.]+)$/, `.signed$1`) || `${filePath}.signed${(0, import_node_path2.extname)(filePath)}`);
+  try {
+    (0, import_node_fs2.writeFileSync)(outPath, result.watermarkedContent);
+  } catch {
+    die(`Could not write output file: ${outPath}`);
+  }
   console.log(ok("Signed"));
   row("Token", result.token);
   row("Record ID", result.record_id);
+  row("Output", outPath);
   if (result.deduplicated) {
     console.log("  (content already signed \u2014 existing token returned, no quota consumed)");
   }
@@ -1702,5 +455,3 @@ Run 'certivu --help' for usage.`);
   }
 }
 main();
-/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-/*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */