@clawbureau/clawverify-cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +118 -0
  3. package/dist/cli.d.ts +3 -0
  4. package/dist/cli.d.ts.map +1 -0
  5. package/dist/cli.js +103 -0
  6. package/dist/cli.js.map +1 -0
  7. package/dist/config.d.ts +10 -0
  8. package/dist/config.d.ts.map +1 -0
  9. package/dist/config.js +86 -0
  10. package/dist/config.js.map +1 -0
  11. package/dist/errors.d.ts +5 -0
  12. package/dist/errors.d.ts.map +1 -0
  13. package/dist/errors.js +7 -0
  14. package/dist/errors.js.map +1 -0
  15. package/dist/index.d.ts +4 -0
  16. package/dist/index.d.ts.map +1 -0
  17. package/dist/index.js +3 -0
  18. package/dist/index.js.map +1 -0
  19. package/dist/types.d.ts +49 -0
  20. package/dist/types.d.ts.map +1 -0
  21. package/dist/types.js +2 -0
  22. package/dist/types.js.map +1 -0
  23. package/dist/verify.d.ts +21 -0
  24. package/dist/verify.d.ts.map +1 -0
  25. package/dist/verify.js +448 -0
  26. package/dist/verify.js.map +1 -0
  27. package/package.json +59 -0
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Clawbureau
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,118 @@
1
+ # @clawbureau/clawverify-cli
2
+
3
+ Verify any **Clawsig Protocol** proof bundle offline in one command. No network access, no API keys, no trust assumptions — just cryptographic verification.
4
+
5
+ ## Install
6
+
7
+ ```bash
8
+ npm install -g @clawbureau/clawverify-cli
9
+ ```
10
+
11
+ ## Usage
12
+
13
+ ### Verify a proof bundle
14
+
15
+ ```bash
16
+ clawverify verify proof-bundle --input run_xxx-bundle.json
17
+ ```
18
+
19
+ Output:
20
+ ```json
21
+ {
22
+ "status": "PASS",
23
+ "reason_code": "OK",
24
+ "component_results": {
25
+ "schema_valid": true,
26
+ "signature_valid": true,
27
+ "hash_chain_valid": true,
28
+ "tool_receipts_valid": true,
29
+ "tool_receipts_count": 3,
30
+ "side_effect_receipts_valid": true,
31
+ "human_approval_receipts_valid": true
32
+ }
33
+ }
34
+ ```
35
+
36
+ ### Verify a commit signature
37
+
38
+ ```bash
39
+ clawverify verify commit-sig --input proofs/.../commit.sig.json
40
+ ```
41
+
42
+ ### Verify an export bundle
43
+
44
+ ```bash
45
+ clawverify verify export-bundle --input identity-export.json
46
+ ```
47
+
48
+ ## Options
49
+
50
+ | Flag | Description |
51
+ |------|-------------|
52
+ | `--input <path>` | Path to the artifact to verify (required) |
53
+ | `--config <path>` | Path to verifier config file (optional) |
54
+ | `--urm <path>` | Path to URM file for proof bundle verification (optional, auto-detected) |
55
+ | `--json` | Output raw JSON (default: pretty-printed) |
56
+
57
+ ## Verifier config
58
+
59
+ The config file controls which signer DIDs are trusted:
60
+
61
+ ```json
62
+ {
63
+ "version": 1,
64
+ "trusted_signer_dids": [
65
+ "did:key:z6Mk..."
66
+ ],
67
+ "require_receipt_binding": false,
68
+ "max_event_chain_gap_ms": 86400000
69
+ }
70
+ ```
71
+
72
+ Without a config file, the CLI performs structural verification only (schema, signatures, hash chains) without enforcing signer allowlists.
73
+
74
+ ## What it verifies
75
+
76
+ | Artifact | Checks |
77
+ |----------|--------|
78
+ | **Proof bundle** | Schema validation, Ed25519 signature, event chain hash integrity, receipt binding, tool receipt validation, side-effect receipt validation, human approval receipt validation, signer DID allowlist |
79
+ | **Commit signature** | JCS-canonicalized envelope, Ed25519 signature, DID extraction, message format |
80
+ | **Export bundle** | Schema validation, signature chain, identity proofs |
81
+
82
+ ## Fail-closed behavior
83
+
84
+ The verifier is fail-closed by design:
85
+ - Unknown schema versions → `FAIL` (`UNKNOWN_VERSION`)
86
+ - Unknown hash algorithms → `FAIL` (`UNKNOWN_HASH_ALGORITHM`)
87
+ - Missing required fields → `FAIL` (`SCHEMA_VALIDATION_FAILED`)
88
+ - Unknown envelope format → `FAIL` (`MALFORMED_ENVELOPE`)
89
+
90
+ This ensures that new artifact types can't bypass verification by exploiting parser leniency.
91
+
92
+ ## Reason codes
93
+
94
+ All failures include a machine-readable `reason_code`. The full registry is at:
95
+ [`REASON_CODE_REGISTRY.md`](https://github.com/clawbureau/clawbureau/blob/main/docs/specs/clawsig-protocol/REASON_CODE_REGISTRY.md)
96
+
97
+ ## Programmatic API
98
+
99
+ ```ts
100
+ import { verifyProofBundle } from '@clawbureau/clawverify-core';
101
+
102
+ const result = verifyProofBundle(bundleJson, config);
103
+ if (result.status === 'FAIL') {
104
+ console.error(`Verification failed: ${result.reason_code}`);
105
+ }
106
+ ```
107
+
108
+ ## Conformance
109
+
110
+ This CLI is tested against the Clawsig Protocol conformance suite (22 vectors). Run it yourself:
111
+
112
+ ```bash
113
+ node scripts/protocol/run-clawsig-protocol-conformance.mjs
114
+ ```
115
+
116
+ ## License
117
+
118
+ MIT
package/dist/cli.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ #!/usr/bin/env node
2
+ export {};
3
+ //# sourceMappingURL=cli.d.ts.map
package/dist/cli.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}
package/dist/cli.js ADDED
@@ -0,0 +1,103 @@
1
+ #!/usr/bin/env node
2
+ import { resolveVerifierConfig, CliConfigError } from './config.js';
3
+ import { CliUsageError } from './errors.js';
4
+ import { exitCodeForOutput, kindForSubcommand, verifyCommitSigFromFile, verifyExportBundleFromFile, verifyProofBundleFromFile, } from './verify.js';
5
+ function nowIso() {
6
+ return new Date().toISOString();
7
+ }
8
+ function usageText() {
9
+ return [
10
+ 'clawverify (offline verifier CLI)',
11
+ '',
12
+ 'Usage:',
13
+ ' clawverify verify proof-bundle --input <path> [--urm <path>] [--config <path>]',
14
+ ' clawverify verify export-bundle --input <path> [--config <path>]',
15
+ ' clawverify verify commit-sig --input <path>',
16
+ '',
17
+ 'Exit codes:',
18
+ ' 0 = PASS (valid)',
19
+ ' 1 = FAIL (invalid)',
20
+ ' 2 = USAGE/CONFIG error',
21
+ ].join('\n');
22
+ }
23
+ function readFlag(args, name) {
24
+ const idx = args.indexOf(name);
25
+ if (idx === -1)
26
+ return undefined;
27
+ const value = args[idx + 1];
28
+ if (!value || value.startsWith('--'))
29
+ return undefined;
30
+ return value;
31
+ }
32
+ function hasFlag(args, name) {
33
+ return args.includes(name);
34
+ }
35
+ function parseCliArgs(argv) {
36
+ if (argv.length === 0 || hasFlag(argv, '--help') || hasFlag(argv, '-h')) {
37
+ throw new CliUsageError(usageText());
38
+ }
39
+ if (argv[0] !== 'verify') {
40
+ throw new CliUsageError(usageText());
41
+ }
42
+ const kind = kindForSubcommand(argv[1] ?? '');
43
+ if (!kind) {
44
+ throw new CliUsageError(usageText());
45
+ }
46
+ const inputPath = readFlag(argv, '--input');
47
+ if (!inputPath) {
48
+ throw new CliUsageError('Missing required flag: --input');
49
+ }
50
+ const urmPath = readFlag(argv, '--urm');
51
+ const configPath = readFlag(argv, '--config');
52
+ return { kind, inputPath, configPath, urmPath };
53
+ }
54
+ function output(out) {
55
+ process.stdout.write(`${JSON.stringify(out, null, 2)}\n`);
56
+ }
57
+ async function main() {
58
+ const { kind, inputPath, configPath, urmPath } = parseCliArgs(process.argv.slice(2));
59
+ const config = await resolveVerifierConfig({ configPath });
60
+ const out = kind === 'commit_sig'
61
+ ? await verifyCommitSigFromFile({ inputPath })
62
+ : kind === 'proof_bundle'
63
+ ? await verifyProofBundleFromFile({
64
+ inputPath,
65
+ configPath,
66
+ urmPath,
67
+ config,
68
+ })
69
+ : await verifyExportBundleFromFile({ inputPath, configPath, config });
70
+ output(out);
71
+ process.exitCode = exitCodeForOutput(out);
72
+ }
73
+ main().catch((err) => {
74
+ const verifiedAt = nowIso();
75
+ if (err instanceof CliUsageError) {
76
+ output({
77
+ status: 'ERROR',
78
+ verified_at: verifiedAt,
79
+ reason_code: 'USAGE_ERROR',
80
+ reason: err.message,
81
+ });
82
+ process.exitCode = 2;
83
+ return;
84
+ }
85
+ if (err instanceof CliConfigError) {
86
+ output({
87
+ status: 'ERROR',
88
+ verified_at: verifiedAt,
89
+ reason_code: 'CONFIG_ERROR',
90
+ reason: err.message,
91
+ });
92
+ process.exitCode = 2;
93
+ return;
94
+ }
95
+ output({
96
+ status: 'ERROR',
97
+ verified_at: verifiedAt,
98
+ reason_code: 'INTERNAL_ERROR',
99
+ reason: err instanceof Error ? err.message : 'unknown error',
100
+ });
101
+ process.exitCode = 2;
102
+ });
103
+ //# sourceMappingURL=cli.js.map
package/dist/cli.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,0BAA0B,EAC1B,yBAAyB,GAC1B,MAAM,aAAa,CAAC;AAGrB,SAAS,MAAM;IACb,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,SAAS;IAChB,OAAO;QACL,mCAAmC;QACnC,EAAE;QACF,QAAQ;QACR,kFAAkF;QAClF,oEAAoE;QACpE,iDAAiD;QACjD,EAAE;QACF,aAAa;QACb,oBAAoB;QACpB,sBAAsB;QACtB,0BAA0B;KAC3B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,QAAQ,CAAC,IAAc,EAAE,IAAY;IAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IACvD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,OAAO,CAAC,IAAc,EAAE,IAAY;IAC3C,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,YAAY,CAAC,IAAc;IAMlC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC5C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,aAAa,CAAC,gCAAgC,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACxC,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAE9C,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;AAClD,CAAC;AAED,SAAS,MAAM,CAAC,GAAc;IAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AAC5D,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAErF,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;IAE3D,MAAM,GAAG,GACP,IAAI,KAAK,YAAY;QACnB,CAAC,CAAC,MAAM,uBAAuB,CAAC,EAAE,SAAS,EAAE,CAAC;QAC9C,CAAC,CAAC,IAAI,KAAK,cAAc;YACvB,CAAC,CAAC,MAAM,yBAAyB,CAAC;gBAC9B,SAAS;gBACT,UAAU;gBACV,OAAO;gBACP,MAAM;aACP,CAAC;YACJ,CAAC,CAAC,MAAM,0BAA0B,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC;IAE5E,MAAM,CAAC,GAAG,CAAC,CAAC;IACZ,OAAO,CAAC,QAAQ,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;AAC5C,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;IAC5B,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC;IAE5B,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;QACjC,MAAM,CAAC;YACL,MAAM,EAAE,OAAO;YACf,WAAW,EAAE,UAAU;YACvB,WAAW,EAAE,aAAa;YAC1B,MAAM,EAAE,GAAG,CAAC,OAAO;SACpB,CAAC,CAAC;QACH,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;QAClC,MAAM,CAAC;YACL,MAAM,EAAE,OAAO;YACf,WAAW,EAAE,UAAU;YACvB,WAAW,EAAE,cAAc;YAC3B,MAAM,EAAE,GAAG,CAAC,OAAO;SACpB,CAAC,CAAC;QACH,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,CAAC;QACL,MAAM,EAAE,OAAO;QACf,WAAW,EAAE,UAAU;QACvB,WAAW,EAAE,gBAAgB;QAC7B,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;KAC7D,CAAC,CAAC;IACH,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}
package/dist/config.d.ts ADDED
@@ -0,0 +1,10 @@
1
+ import type { ClawverifyConfigV1, ResolvedVerifierConfig } from './types.js';
2
+ export declare class CliConfigError extends Error {
3
+ readonly code = "CONFIG_ERROR";
4
+ constructor(message: string);
5
+ }
6
+ export declare function loadClawverifyConfigFile(path: string): Promise<ClawverifyConfigV1>;
7
+ export declare function resolveVerifierConfig(opts: {
8
+ configPath?: string;
9
+ }): Promise<ResolvedVerifierConfig>;
10
+ //# sourceMappingURL=config.d.ts.map
package/dist/config.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAmB7E,qBAAa,cAAe,SAAQ,KAAK;IACvC,QAAQ,CAAC,IAAI,kBAAkB;gBAEnB,OAAO,EAAE,MAAM;CAG5B;AAED,wBAAsB,wBAAwB,CAC5C,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,kBAAkB,CAAC,CAkD7B;AASD,wBAAsB,qBAAqB,CAAC,IAAI,EAAE;IAChD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAuDlC"}
package/dist/config.js ADDED
@@ -0,0 +1,86 @@
1
+ import * as fs from 'node:fs/promises';
2
+ function isRecord(value) {
3
+ return typeof value === 'object' && value !== null && !Array.isArray(value);
4
+ }
5
+ function asStringArray(value) {
6
+ if (!Array.isArray(value))
7
+ return [];
8
+ return value.filter((v) => typeof v === 'string');
9
+ }
10
+ function parseCommaSeparatedAllowlist(value) {
11
+ if (!value)
12
+ return [];
13
+ return value
14
+ .split(',')
15
+ .map((s) => s.trim())
16
+ .filter((s) => s.length > 0);
17
+ }
18
+ export class CliConfigError extends Error {
19
+ code = 'CONFIG_ERROR';
20
+ constructor(message) {
21
+ super(message);
22
+ }
23
+ }
24
+ export async function loadClawverifyConfigFile(path) {
25
+ let raw;
26
+ try {
27
+ raw = await fs.readFile(path, 'utf8');
28
+ }
29
+ catch (err) {
30
+ throw new CliConfigError(`Could not read config file at ${path}: ${err instanceof Error ? err.message : 'unknown error'}`);
31
+ }
32
+ let parsed;
33
+ try {
34
+ parsed = JSON.parse(raw);
35
+ }
36
+ catch (err) {
37
+ throw new CliConfigError(`Config file is not valid JSON: ${err instanceof Error ? err.message : 'unknown error'}`);
38
+ }
39
+ if (!isRecord(parsed) || parsed.config_version !== '1') {
40
+ throw new CliConfigError('Config must be an object with {"config_version":"1", ... }');
41
+ }
42
+ const allowlists = isRecord(parsed.allowlists) ? parsed.allowlists : {};
43
+ return {
44
+ config_version: '1',
45
+ allowlists: {
46
+ gateway_receipt_signer_dids: asStringArray(allowlists.gateway_receipt_signer_dids),
47
+ web_receipt_signer_dids: asStringArray(allowlists.web_receipt_signer_dids),
48
+ attestation_signer_dids: asStringArray(allowlists.attestation_signer_dids),
49
+ execution_attestation_signer_dids: asStringArray(allowlists.execution_attestation_signer_dids),
50
+ derivation_attestation_signer_dids: asStringArray(allowlists.derivation_attestation_signer_dids),
51
+ audit_result_attestation_signer_dids: asStringArray(allowlists.audit_result_attestation_signer_dids),
52
+ },
53
+ };
54
+ }
55
+ function mergeUnique(a, b) {
56
+ const out = new Set();
57
+ for (const v of a)
58
+ out.add(v);
59
+ for (const v of b)
60
+ out.add(v);
61
+ return [...out];
62
+ }
63
+ export async function resolveVerifierConfig(opts) {
64
+ const fileConfig = opts.configPath
65
+ ? await loadClawverifyConfigFile(opts.configPath)
66
+ : null;
67
+ const fileAllowlists = fileConfig?.allowlists ?? {};
68
+ // Env var parity with hosted clawverify service.
69
+ const envAllowlists = {
70
+ gateway_receipt_signer_dids: parseCommaSeparatedAllowlist(process.env.GATEWAY_RECEIPT_SIGNER_DIDS),
71
+ web_receipt_signer_dids: parseCommaSeparatedAllowlist(process.env.WEB_RECEIPT_SIGNER_DIDS),
72
+ attestation_signer_dids: parseCommaSeparatedAllowlist(process.env.ATTESTATION_SIGNER_DIDS),
73
+ execution_attestation_signer_dids: parseCommaSeparatedAllowlist(process.env.EXECUTION_ATTESTATION_SIGNER_DIDS),
74
+ derivation_attestation_signer_dids: parseCommaSeparatedAllowlist(process.env.DERIVATION_ATTESTATION_SIGNER_DIDS),
75
+ audit_result_attestation_signer_dids: parseCommaSeparatedAllowlist(process.env.AUDIT_RESULT_ATTESTATION_SIGNER_DIDS),
76
+ };
77
+ return {
78
+ gatewayReceiptSignerDids: mergeUnique(fileAllowlists.gateway_receipt_signer_dids ?? [], envAllowlists.gateway_receipt_signer_dids),
79
+ webReceiptSignerDids: mergeUnique(fileAllowlists.web_receipt_signer_dids ?? [], envAllowlists.web_receipt_signer_dids),
80
+ attestationSignerDids: mergeUnique(fileAllowlists.attestation_signer_dids ?? [], envAllowlists.attestation_signer_dids),
81
+ executionAttestationSignerDids: mergeUnique(fileAllowlists.execution_attestation_signer_dids ?? [], envAllowlists.execution_attestation_signer_dids),
82
+ derivationAttestationSignerDids: mergeUnique(fileAllowlists.derivation_attestation_signer_dids ?? [], envAllowlists.derivation_attestation_signer_dids),
83
+ auditResultAttestationSignerDids: mergeUnique(fileAllowlists.audit_result_attestation_signer_dids ?? [], envAllowlists.audit_result_attestation_signer_dids),
84
+ };
85
+ }
86
+ //# sourceMappingURL=config.js.map
package/dist/config.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAIvC,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACrC,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAa,CAAC;AAChE,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAyB;IAC7D,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,OAAO,cAAe,SAAQ,KAAK;IAC9B,IAAI,GAAG,cAAc,CAAC;IAE/B,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,IAAY;IAEZ,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,cAAc,CACtB,iCAAiC,IAAI,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACjG,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,cAAc,CACtB,kCAAkC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACzF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,cAAc,KAAK,GAAG,EAAE,CAAC;QACvD,MAAM,IAAI,cAAc,CACtB,4DAA4D,CAC7D,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAExE,OAAO;QACL,cAAc,EAAE,GAAG;QACnB,UAAU,EAAE;YACV,2BAA2B,EAAE,aAAa,CACvC,UAAsC,CAAC,2BAA2B,CACpE;YACD,uBAAuB,EAAE,aAAa,CACnC,UAAsC,CAAC,uBAAuB,CAChE;YACD,uBAAuB,EAAE,aAAa,CACnC,UAAsC,CAAC,uBAAuB,CAChE;YACD,iCAAiC,EAAE,aAAa,CAC7C,UAAsC,CAAC,iCAAiC,CAC1E;YACD,kCAAkC,EAAE,aAAa,CAC9C,UAAsC,CAAC,kCAAkC,CAC3E;YACD,oCAAoC,EAAE,aAAa,CAChD,UAAsC,CAAC,oCAAoC,CAC7E;SACF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,CAAW,EAAE,CAAW;IAC3C,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,CAAC;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,CAAC;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC9B,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,IAE3C;IACC,MAAM,UAAU,GAA8B,IAAI,CAAC,UAAU;QAC3D,CAAC,CAAC,MAAM,wBAAwB,CAAC,IAAI,CAAC,UAAU,CAAC;QACjD,CAAC,CAAC,IAAI,CAAC;IAET,MAAM,cAAc,GAAG,UAAU,EAAE,UAAU,IAAI,EAAE,CAAC;IAEpD,iDAAiD;IACjD,MAAM,aAAa,GAAG;QACpB,2BAA2B,EAAE,4BAA4B,CACvD,OAAO,CAAC,GAAG,CAAC,2BAA2B,CACxC;QACD,uBAAuB,EAAE,4BAA4B,CACnD,OAAO,CAAC,GAAG,CAAC,uBAAuB,CACpC;QACD,uBAAuB,EAAE,4BAA4B,CACnD,OAAO,CAAC,GAAG,CAAC,uBAAuB,CACpC;QACD,iCAAiC,EAAE,4BAA4B,CAC7D,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAC9C;QACD,kCAAkC,EAAE,4BAA4B,CAC9D,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAC/C;QACD,oCAAoC,EAAE,4BAA4B,CAChE,OAAO,CAAC,GAAG,CAAC,oCAAoC,CACjD;KACF,CAAC;IAEF,OAAO;QACL,wBAAwB,EAAE,WAAW,CACnC,cAAc,CAAC,2BAA2B,IAAI,EAAE,EAChD,aAAa,CAAC,2BAA2B,CAC1C;QACD,oBAAoB,EAAE,WAAW,CAC/B,cAAc,CAAC,uBAAuB,IAAI,EAAE,EAC5C,aAAa,CAAC,uBAAuB,CACtC;QACD,qBAAqB,EAAE,WAAW,CAChC,cAAc,CAAC,uBAAuB,IAAI,EAAE,EAC5C,aAAa,CAAC,uBAAuB,CACtC;QACD,8BAA8B,EAAE,WAAW,CACzC,cAAc,CAAC,iCAAiC,IAAI,EAAE,EACtD,aAAa,CAAC,iCAAiC,CAChD;QACD,+BAA+B,EAAE,WAAW,CAC1C,cAAc,CAAC,kCAAkC,IAAI,EAAE,EACvD,aAAa,CAAC,kCAAkC,CACjD;QACD,gCAAgC,EAAE,WAAW,CAC3C,cAAc,CAAC,oCAAoC,IAAI,EAAE,EACzD,aAAa,CAAC,oCAAoC,CACnD;KACF,CAAC;AACJ,CAAC"}
package/dist/errors.d.ts ADDED
@@ -0,0 +1,5 @@
1
+ export declare class CliUsageError extends Error {
2
+ readonly code = "USAGE_ERROR";
3
+ constructor(message: string);
4
+ }
5
+ //# sourceMappingURL=errors.d.ts.map
package/dist/errors.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,aAAc,SAAQ,KAAK;IACtC,QAAQ,CAAC,IAAI,iBAAiB;gBAElB,OAAO,EAAE,MAAM;CAG5B"}
package/dist/errors.js ADDED
@@ -0,0 +1,7 @@
1
+ export class CliUsageError extends Error {
2
+ code = 'USAGE_ERROR';
3
+ constructor(message) {
4
+ super(message);
5
+ }
6
+ }
7
+ //# sourceMappingURL=errors.js.map
package/dist/errors.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,aAAc,SAAQ,KAAK;IAC7B,IAAI,GAAG,aAAa,CAAC;IAE9B,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;CACF"}
package/dist/index.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ export { resolveVerifierConfig, loadClawverifyConfigFile, CliConfigError } from './config.js';
2
+ export { verifyProofBundleFromFile, verifyExportBundleFromFile } from './verify.js';
3
+ export type { CliOutput, CliVerifyOutput, ClawverifyConfigV1, ResolvedVerifierConfig } from './types.js';
4
+ //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,wBAAwB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC9F,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC;AACpF,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC"}
package/dist/index.js ADDED
@@ -0,0 +1,3 @@
1
+ export { resolveVerifierConfig, loadClawverifyConfigFile, CliConfigError } from './config.js';
2
+ export { verifyProofBundleFromFile, verifyExportBundleFromFile } from './verify.js';
3
+ //# sourceMappingURL=index.js.map
package/dist/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,wBAAwB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC9F,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC"}
package/dist/types.d.ts ADDED
@@ -0,0 +1,49 @@
1
+ export type CliKind = 'proof_bundle' | 'export_bundle' | 'commit_sig';
2
+ export type CliStatus = 'PASS' | 'FAIL' | 'ERROR';
3
+ export interface CliOutputBase {
4
+ status: CliStatus;
5
+ verified_at: string;
6
+ reason_code: string;
7
+ reason: string;
8
+ }
9
+ export interface CliVerifyOutput extends CliOutputBase {
10
+ kind: CliKind;
11
+ input: {
12
+ path: string;
13
+ /** Optional config path (if provided explicitly). */
14
+ config_path?: string;
15
+ /** Optional URM path (proof bundles may reference a URM stored separately). */
16
+ urm_path?: string;
17
+ };
18
+ /** Raw verifier output (intentionally preserved for offline parity/debugging). */
19
+ verification?: unknown;
20
+ }
21
+ export interface CliErrorOutput extends CliOutputBase {
22
+ kind?: CliKind;
23
+ input?: {
24
+ path?: string;
25
+ config_path?: string;
26
+ urm_path?: string;
27
+ };
28
+ }
29
+ export type CliOutput = CliVerifyOutput | CliErrorOutput;
30
+ export interface ClawverifyConfigV1 {
31
+ config_version: '1';
32
+ allowlists?: {
33
+ gateway_receipt_signer_dids?: string[];
34
+ web_receipt_signer_dids?: string[];
35
+ attestation_signer_dids?: string[];
36
+ execution_attestation_signer_dids?: string[];
37
+ derivation_attestation_signer_dids?: string[];
38
+ audit_result_attestation_signer_dids?: string[];
39
+ };
40
+ }
41
+ export interface ResolvedVerifierConfig {
42
+ gatewayReceiptSignerDids: string[];
43
+ webReceiptSignerDids: string[];
44
+ attestationSignerDids: string[];
45
+ executionAttestationSignerDids: string[];
46
+ derivationAttestationSignerDids: string[];
47
+ auditResultAttestationSignerDids: string[];
48
+ }
49
+ //# sourceMappingURL=types.d.ts.map
package/dist/types.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,OAAO,GAAG,cAAc,GAAG,eAAe,GAAG,YAAY,CAAC;AAEtE,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAElD,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,SAAS,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAgB,SAAQ,aAAa;IACpD,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,qDAAqD;QACrD,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,+EAA+E;QAC/E,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IAEF,kFAAkF;IAClF,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,cAAe,SAAQ,aAAa;IACnD,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE;QACN,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED,MAAM,MAAM,SAAS,GAAG,eAAe,GAAG,cAAc,CAAC;AAEzD,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,GAAG,CAAC;IACpB,UAAU,CAAC,EAAE;QACX,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;QACvC,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;QACnC,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;QACnC,iCAAiC,CAAC,EAAE,MAAM,EAAE,CAAC;QAC7C,kCAAkC,CAAC,EAAE,MAAM,EAAE,CAAC;QAC9C,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;KACjD,CAAC;CACH;AAED,MAAM,WAAW,sBAAsB;IACrC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,8BAA8B,EAAE,MAAM,EAAE,CAAC;IACzC,+BAA+B,EAAE,MAAM,EAAE,CAAC;IAC1C,gCAAgC,EAAE,MAAM,EAAE,CAAC;CAC5C"}
package/dist/types.js ADDED
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=types.js.map
package/dist/types.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}
package/dist/verify.d.ts ADDED
@@ -0,0 +1,21 @@
1
+ import type { CliKind, CliVerifyOutput, ResolvedVerifierConfig } from './types.js';
2
+ export declare function verifyProofBundleFromFile(opts: {
3
+ inputPath: string;
4
+ /** Optional URM path. If not provided, clawverify will try to auto-load a sibling "-urm.json" file for "-bundle.json" inputs. */
5
+ urmPath?: string;
6
+ configPath?: string;
7
+ config: ResolvedVerifierConfig;
8
+ }): Promise<CliVerifyOutput>;
9
+ export declare function verifyExportBundleFromFile(opts: {
10
+ inputPath: string;
11
+ configPath?: string;
12
+ config: ResolvedVerifierConfig;
13
+ }): Promise<CliVerifyOutput>;
14
+ export declare function exitCodeForOutput(out: {
15
+ status: string;
16
+ }): number;
17
+ export declare function verifyCommitSigFromFile(opts: {
18
+ inputPath: string;
19
+ }): Promise<CliVerifyOutput>;
20
+ export declare function kindForSubcommand(cmd: string): CliKind | null;
21
+ //# sourceMappingURL=verify.d.ts.map
package/dist/verify.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AA8FnF,wBAAsB,yBAAyB,CAAC,IAAI,EAAE;IACpD,SAAS,EAAE,MAAM,CAAC;IAClB,iIAAiI;IACjI,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,sBAAsB,CAAC;CAChC,GAAG,OAAO,CAAC,eAAe,CAAC,CAwE3B;AAED,wBAAsB,0BAA0B,CAAC,IAAI,EAAE;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,sBAAsB,CAAC;CAChC,GAAG,OAAO,CAAC,eAAe,CAAC,CA4F3B;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAIjE;AAkED,wBAAsB,uBAAuB,CAAC,IAAI,EAAE;IAClD,SAAS,EAAE,MAAM,CAAC;CACnB,GAAG,OAAO,CAAC,eAAe,CAAC,CAoI3B;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,GAAG,IAAI,CAK7D"}
package/dist/verify.js ADDED
@@ -0,0 +1,448 @@
1
+ import * as fs from 'node:fs/promises';
2
+ import { verifyExportBundle, verifyProofBundle, } from '@clawbureau/clawverify-core';
3
+ import { CliUsageError } from './errors.js';
4
+ function nowIso() {
5
+ return new Date().toISOString();
6
+ }
7
+ function isRecord(value) {
8
+ return typeof value === 'object' && value !== null && !Array.isArray(value);
9
+ }
10
+ async function readJsonFile(path) {
11
+ let raw;
12
+ try {
13
+ raw = await fs.readFile(path, 'utf8');
14
+ }
15
+ catch (err) {
16
+ throw new CliUsageError(`Could not read input file at ${path}: ${err instanceof Error ? err.message : 'unknown error'}`);
17
+ }
18
+ try {
19
+ return JSON.parse(raw);
20
+ }
21
+ catch (err) {
22
+ throw new CliUsageError(`Input file is not valid JSON: ${err instanceof Error ? err.message : 'unknown error'}`);
23
+ }
24
+ }
25
+ function unwrapProofBundleInput(value) {
26
+ if (!isRecord(value))
27
+ return value;
28
+ const envelope = value.envelope;
29
+ if (envelope !== undefined)
30
+ return envelope;
31
+ return value;
32
+ }
33
+ function unwrapExportBundleInput(value) {
34
+ if (!isRecord(value))
35
+ return value;
36
+ const bundle = value.bundle;
37
+ if (bundle !== undefined)
38
+ return bundle;
39
+ return value;
40
+ }
41
+ function countReceiptsFromEnvelope(envelope) {
42
+ if (!isRecord(envelope))
43
+ return 0;
44
+ const payload = envelope.payload;
45
+ if (!isRecord(payload))
46
+ return 0;
47
+ const receipts = payload.receipts;
48
+ if (!Array.isArray(receipts))
49
+ return 0;
50
+ return receipts.length;
51
+ }
52
+ function strictProofBundleReceiptVerdict(opts) {
53
+ const receiptsCount = countReceiptsFromEnvelope(opts.envelope);
54
+ if (receiptsCount === 0)
55
+ return { ok: true };
56
+ // Fail-closed: if receipts are present, a signer allowlist MUST be configured.
57
+ if (opts.config.gatewayReceiptSignerDids.length === 0) {
58
+ return {
59
+ ok: false,
60
+ reason_code: 'DEPENDENCY_NOT_CONFIGURED',
61
+ reason: 'Gateway receipt signer allowlist not configured (required to verify receipts)',
62
+ };
63
+ }
64
+ const cr = opts.verification.result.component_results;
65
+ const verified = cr?.receipts_verified_count ?? 0;
66
+ const sigVerified = cr?.receipts_signature_verified_count ?? 0;
67
+ // Conformance mode: all receipts must verify and be bound.
68
+ if (verified !== receiptsCount) {
69
+ if (sigVerified === receiptsCount) {
70
+ return {
71
+ ok: false,
72
+ reason_code: 'RECEIPT_BINDING_MISMATCH',
73
+ reason: 'One or more receipts are not bound to the proof bundle event chain',
74
+ };
75
+ }
76
+ return {
77
+ ok: false,
78
+ reason_code: 'RECEIPT_VERIFICATION_FAILED',
79
+ reason: 'One or more receipts failed cryptographic verification',
80
+ };
81
+ }
82
+ return { ok: true };
83
+ }
84
+ export async function verifyProofBundleFromFile(opts) {
85
+ const verifiedAt = nowIso();
86
+ const raw = await readJsonFile(opts.inputPath);
87
+ const envelope = unwrapProofBundleInput(raw);
88
+ // Optional: load URM from an explicit flag, or auto-detect a sibling file for canonical PoH evidence packs.
89
+ let resolvedUrmPath = opts.urmPath;
90
+ if (!resolvedUrmPath && opts.inputPath.endsWith('-bundle.json')) {
91
+ const candidate = opts.inputPath.replace(/-bundle\.json$/, '-urm.json');
92
+ try {
93
+ await fs.access(candidate);
94
+ resolvedUrmPath = candidate;
95
+ }
96
+ catch {
97
+ // ignore
98
+ }
99
+ }
100
+ const urm = resolvedUrmPath ? await readJsonFile(resolvedUrmPath) : undefined;
101
+ const input = {
102
+ path: opts.inputPath,
103
+ config_path: opts.configPath,
104
+ urm_path: resolvedUrmPath,
105
+ };
106
+ const verification = await verifyProofBundle(envelope, {
107
+ allowlistedReceiptSignerDids: opts.config.gatewayReceiptSignerDids,
108
+ allowlistedAttesterDids: opts.config.attestationSignerDids,
109
+ urm,
110
+ });
111
+ if (verification.result.status !== 'VALID') {
112
+ return {
113
+ kind: 'proof_bundle',
114
+ status: 'FAIL',
115
+ verified_at: verifiedAt,
116
+ reason_code: verification.error?.code ?? 'INVALID',
117
+ reason: verification.error?.message ?? verification.result.reason,
118
+ input,
119
+ verification,
120
+ };
121
+ }
122
+ const strict = strictProofBundleReceiptVerdict({
123
+ envelope,
124
+ verification,
125
+ config: opts.config,
126
+ });
127
+ if (!strict.ok) {
128
+ return {
129
+ kind: 'proof_bundle',
130
+ status: 'FAIL',
131
+ verified_at: verifiedAt,
132
+ reason_code: strict.reason_code,
133
+ reason: strict.reason,
134
+ input,
135
+ verification,
136
+ };
137
+ }
138
+ return {
139
+ kind: 'proof_bundle',
140
+ status: 'PASS',
141
+ verified_at: verifiedAt,
142
+ reason_code: 'OK',
143
+ reason: 'Proof bundle verified successfully',
144
+ input,
145
+ verification,
146
+ };
147
+ }
148
+ export async function verifyExportBundleFromFile(opts) {
149
+ const verifiedAt = nowIso();
150
+ const raw = await readJsonFile(opts.inputPath);
151
+ const bundle = unwrapExportBundleInput(raw);
152
+ const verification = await verifyExportBundle(bundle, {
153
+ allowlistedReceiptSignerDids: opts.config.gatewayReceiptSignerDids,
154
+ allowlistedAttesterDids: opts.config.attestationSignerDids,
155
+ allowlistedExecutionAttestationSignerDids: opts.config.executionAttestationSignerDids,
156
+ allowlistedDerivationAttestationSignerDids: opts.config.derivationAttestationSignerDids,
157
+ allowlistedAuditResultAttestationSignerDids: opts.config.auditResultAttestationSignerDids,
158
+ });
159
+ if (verification.result.status !== 'VALID') {
160
+ return {
161
+ kind: 'export_bundle',
162
+ status: 'FAIL',
163
+ verified_at: verifiedAt,
164
+ reason_code: verification.error?.code ?? 'INVALID',
165
+ reason: verification.error?.message ?? verification.result.reason,
166
+ input: {
167
+ path: opts.inputPath,
168
+ config_path: opts.configPath,
169
+ },
170
+ verification,
171
+ };
172
+ }
173
+ // Optional strict receipt enforcement for nested proof bundle.
174
+ const nestedProofEnvelope = bundle?.artifacts?.proof_bundle_envelope;
175
+ if (nestedProofEnvelope !== undefined) {
176
+ const proofOut = await verifyProofBundle(nestedProofEnvelope, {
177
+ allowlistedReceiptSignerDids: opts.config.gatewayReceiptSignerDids,
178
+ allowlistedAttesterDids: opts.config.attestationSignerDids,
179
+ });
180
+ if (proofOut.result.status !== 'VALID') {
181
+ return {
182
+ kind: 'export_bundle',
183
+ status: 'FAIL',
184
+ verified_at: verifiedAt,
185
+ reason_code: proofOut.error?.code ?? 'INVALID',
186
+ reason: `Nested proof bundle verification failed: ${proofOut.error?.message ?? proofOut.result.reason}`,
187
+ input: {
188
+ path: opts.inputPath,
189
+ config_path: opts.configPath,
190
+ },
191
+ verification: {
192
+ export_bundle: verification,
193
+ proof_bundle: proofOut,
194
+ },
195
+ };
196
+ }
197
+ const strict = strictProofBundleReceiptVerdict({
198
+ envelope: nestedProofEnvelope,
199
+ verification: proofOut,
200
+ config: opts.config,
201
+ });
202
+ if (!strict.ok) {
203
+ return {
204
+ kind: 'export_bundle',
205
+ status: 'FAIL',
206
+ verified_at: verifiedAt,
207
+ reason_code: strict.reason_code,
208
+ reason: strict.reason,
209
+ input: {
210
+ path: opts.inputPath,
211
+ config_path: opts.configPath,
212
+ },
213
+ verification: {
214
+ export_bundle: verification,
215
+ proof_bundle: proofOut,
216
+ },
217
+ };
218
+ }
219
+ }
220
+ return {
221
+ kind: 'export_bundle',
222
+ status: 'PASS',
223
+ verified_at: verifiedAt,
224
+ reason_code: 'OK',
225
+ reason: 'Export bundle verified successfully',
226
+ input: {
227
+ path: opts.inputPath,
228
+ config_path: opts.configPath,
229
+ },
230
+ verification,
231
+ };
232
+ }
233
+ export function exitCodeForOutput(out) {
234
+ if (out.status === 'PASS')
235
+ return 0;
236
+ if (out.status === 'FAIL')
237
+ return 1;
238
+ return 2;
239
+ }
240
+ // ---------------------------------------------------------------------------
241
+ // commit-sig verification (did-work Protocol M)
242
+ // ---------------------------------------------------------------------------
243
+ const BASE58_ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
244
+ function base58Decode(str) {
245
+ const bytes = [0];
246
+ for (const char of str) {
247
+ const value = BASE58_ALPHABET.indexOf(char);
248
+ if (value === -1)
249
+ throw new Error(`Invalid base58 character: ${char}`);
250
+ for (let i = 0; i < bytes.length; i++)
251
+ bytes[i] *= 58;
252
+ bytes[0] += value;
253
+ let carry = 0;
254
+ for (let i = 0; i < bytes.length; i++) {
255
+ bytes[i] += carry;
256
+ carry = bytes[i] >> 8;
257
+ bytes[i] &= 0xff;
258
+ }
259
+ while (carry) {
260
+ bytes.push(carry & 0xff);
261
+ carry >>= 8;
262
+ }
263
+ }
264
+ for (const char of str) {
265
+ if (char !== '1')
266
+ break;
267
+ bytes.push(0);
268
+ }
269
+ return new Uint8Array(bytes.reverse());
270
+ }
271
+ function extractEd25519PublicKeyFromDidKey(did) {
272
+ if (!did.startsWith('did:key:z'))
273
+ return null;
274
+ try {
275
+ const decoded = base58Decode(did.slice(9));
276
+ if (decoded[0] === 0xed && decoded[1] === 0x01)
277
+ return decoded.slice(2);
278
+ return null;
279
+ }
280
+ catch {
281
+ return null;
282
+ }
283
+ }
284
+ /** RFC 8785 JSON Canonicalization Scheme (JCS) */
285
+ function jcsCanonicalize(value) {
286
+ if (value === null)
287
+ return 'null';
288
+ switch (typeof value) {
289
+ case 'boolean': return value ? 'true' : 'false';
290
+ case 'number': {
291
+ if (!Number.isFinite(value))
292
+ throw new Error('Non-finite number not allowed in JCS');
293
+ return JSON.stringify(value);
294
+ }
295
+ case 'string': return JSON.stringify(value);
296
+ case 'object': {
297
+ if (Array.isArray(value))
298
+ return `[${value.map(jcsCanonicalize).join(',')}]`;
299
+ const obj = value;
300
+ const keys = Object.keys(obj).sort();
301
+ const parts = [];
302
+ for (const k of keys)
303
+ parts.push(`${JSON.stringify(k)}:${jcsCanonicalize(obj[k])}`);
304
+ return `{${parts.join(',')}}`;
305
+ }
306
+ default: throw new Error(`Unsupported value type for JCS: ${typeof value}`);
307
+ }
308
+ }
309
+ function toArrayBuffer(bytes) {
310
+ const buf = bytes.buffer;
311
+ if (buf instanceof ArrayBuffer)
312
+ return buf.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength);
313
+ const copy = new Uint8Array(bytes.byteLength);
314
+ copy.set(bytes);
315
+ return copy.buffer;
316
+ }
317
+ export async function verifyCommitSigFromFile(opts) {
318
+ const verifiedAt = nowIso();
319
+ const raw = await readJsonFile(opts.inputPath);
320
+ if (!isRecord(raw)) {
321
+ return {
322
+ kind: 'commit_sig', status: 'FAIL', verified_at: verifiedAt,
323
+ reason_code: 'MALFORMED_ENVELOPE', reason: 'commit.sig.json must be a JSON object',
324
+ input: { path: opts.inputPath },
325
+ };
326
+ }
327
+ const { version, type, algo, did, message, signature } = raw;
328
+ if (version !== 'm1') {
329
+ return {
330
+ kind: 'commit_sig', status: 'FAIL', verified_at: verifiedAt,
331
+ reason_code: 'UNKNOWN_VERSION', reason: `Unsupported version: ${String(version)}`,
332
+ input: { path: opts.inputPath },
333
+ };
334
+ }
335
+ if (type !== 'message_signature') {
336
+ return {
337
+ kind: 'commit_sig', status: 'FAIL', verified_at: verifiedAt,
338
+ reason_code: 'UNKNOWN_TYPE', reason: `Unsupported type: ${String(type)}`,
339
+ input: { path: opts.inputPath },
340
+ };
341
+ }
342
+ if (algo !== 'ed25519') {
343
+ return {
344
+ kind: 'commit_sig', status: 'FAIL', verified_at: verifiedAt,
345
+ reason_code: 'UNKNOWN_ALGO', reason: `Unsupported algo: ${String(algo)}`,
346
+ input: { path: opts.inputPath },
347
+ };
348
+ }
349
+ const commitMatch = String(message ?? '').match(/^commit:([a-f0-9]{7,64})$/i);
350
+ if (!commitMatch) {
351
+ return {
352
+ kind: 'commit_sig', status: 'FAIL', verified_at: verifiedAt,
353
+ reason_code: 'COMMIT_MESSAGE_INVALID',
354
+ reason: 'Invalid message format (expected "commit:<sha>")',
355
+ input: { path: opts.inputPath },
356
+ verification: { signer_did: typeof did === 'string' ? did : undefined },
357
+ };
358
+ }
359
+ const commitSha = commitMatch[1];
360
+ const publicKeyBytes = typeof did === 'string' ? extractEd25519PublicKeyFromDidKey(did) : null;
361
+ if (!publicKeyBytes) {
362
+ return {
363
+ kind: 'commit_sig', status: 'FAIL', verified_at: verifiedAt,
364
+ reason_code: 'INVALID_DID_FORMAT',
365
+ reason: 'Unsupported DID format (expected did:key with Ed25519 multicodec)',
366
+ input: { path: opts.inputPath },
367
+ verification: { commit_sha: commitSha, signer_did: typeof did === 'string' ? did : undefined },
368
+ };
369
+ }
370
+ if (typeof signature !== 'string' || signature.length === 0) {
371
+ return {
372
+ kind: 'commit_sig', status: 'FAIL', verified_at: verifiedAt,
373
+ reason_code: 'MALFORMED_ENVELOPE', reason: 'Missing signature field',
374
+ input: { path: opts.inputPath },
375
+ verification: { commit_sha: commitSha, signer_did: did },
376
+ };
377
+ }
378
+ let sigBytes;
379
+ try {
380
+ const binary = atob(signature);
381
+ sigBytes = new Uint8Array(binary.length);
382
+ for (let i = 0; i < binary.length; i++)
383
+ sigBytes[i] = binary.charCodeAt(i);
384
+ }
385
+ catch {
386
+ return {
387
+ kind: 'commit_sig', status: 'FAIL', verified_at: verifiedAt,
388
+ reason_code: 'MALFORMED_ENVELOPE', reason: 'Invalid base64 signature',
389
+ input: { path: opts.inputPath },
390
+ verification: { commit_sha: commitSha, signer_did: did },
391
+ };
392
+ }
393
+ if (sigBytes.length !== 64) {
394
+ return {
395
+ kind: 'commit_sig', status: 'FAIL', verified_at: verifiedAt,
396
+ reason_code: 'MALFORMED_ENVELOPE', reason: 'Signature must be 64 bytes',
397
+ input: { path: opts.inputPath },
398
+ verification: { commit_sha: commitSha, signer_did: did },
399
+ };
400
+ }
401
+ // Protocol M: sign JCS-canonicalized envelope with signature=""
402
+ let canonical;
403
+ try {
404
+ canonical = jcsCanonicalize({ ...raw, signature: '' });
405
+ }
406
+ catch (err) {
407
+ return {
408
+ kind: 'commit_sig', status: 'FAIL', verified_at: verifiedAt,
409
+ reason_code: 'CANONICALIZATION_ERROR',
410
+ reason: err instanceof Error ? err.message : 'Canonicalization failed',
411
+ input: { path: opts.inputPath },
412
+ verification: { commit_sha: commitSha, signer_did: did },
413
+ };
414
+ }
415
+ const msgBytes = new TextEncoder().encode(canonical);
416
+ try {
417
+ const publicKey = await crypto.subtle.importKey('raw', toArrayBuffer(publicKeyBytes), { name: 'Ed25519' }, false, ['verify']);
418
+ const ok = await crypto.subtle.verify({ name: 'Ed25519' }, publicKey, toArrayBuffer(sigBytes), toArrayBuffer(msgBytes));
419
+ return {
420
+ kind: 'commit_sig',
421
+ status: ok ? 'PASS' : 'FAIL',
422
+ verified_at: verifiedAt,
423
+ reason_code: ok ? 'OK' : 'SIGNATURE_INVALID',
424
+ reason: ok ? 'Commit signature verified' : 'Signature verification failed',
425
+ input: { path: opts.inputPath },
426
+ verification: { commit_sha: commitSha, signer_did: did, message: String(message) },
427
+ };
428
+ }
429
+ catch (err) {
430
+ return {
431
+ kind: 'commit_sig', status: 'FAIL', verified_at: verifiedAt,
432
+ reason_code: 'CRYPTO_ERROR',
433
+ reason: err instanceof Error ? err.message : 'Crypto verification error',
434
+ input: { path: opts.inputPath },
435
+ verification: { commit_sha: commitSha, signer_did: did },
436
+ };
437
+ }
438
+ }
439
+ export function kindForSubcommand(cmd) {
440
+ if (cmd === 'proof-bundle' || cmd === 'proof_bundle')
441
+ return 'proof_bundle';
442
+ if (cmd === 'export-bundle' || cmd === 'export_bundle')
443
+ return 'export_bundle';
444
+ if (cmd === 'commit-sig' || cmd === 'commit_sig')
445
+ return 'commit_sig';
446
+ return null;
447
+ }
448
+ //# sourceMappingURL=verify.js.map
package/dist/verify.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verify.js","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAEvC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,GAMlB,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,SAAS,MAAM;IACb,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,IAAY;IACtC,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,aAAa,CACrB,gCAAgC,IAAI,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAChG,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,CAAC;IACpC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,aAAa,CACrB,iCAAiC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACxF,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAc;IAC5C,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAChC,IAAI,QAAQ,KAAK,SAAS;QAAE,OAAO,QAAQ,CAAC;IAC5C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,uBAAuB,CAAC,KAAc;IAC7C,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAC5B,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IACxC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,yBAAyB,CAAC,QAAiB;IAClD,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,CAAC,CAAC;IAClC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC;IACjC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;QAAE,OAAO,CAAC,CAAC;IACvC,OAAO,QAAQ,CAAC,MAAM,CAAC;AACzB,CAAC;AAED,SAAS,+BAA+B,CAAC,IAIxC;IACC,MAAM,aAAa,GAAG,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/D,IAAI,aAAa,KAAK,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IAE7C,+EAA+E;IAC/E,IAAI,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtD,OAAO;YACL,EAAE,EAAE,KAAK;YACT,WAAW,EAAE,2BAA2B;YACxC,MAAM,EAAE,+EAA+E;SACxF,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,iBAAiB,CAAC;IACtD,MAAM,QAAQ,GAAG,EAAE,EAAE,uBAAuB,IAAI,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,EAAE,EAAE,iCAAiC,IAAI,CAAC,CAAC;IAE/D,2DAA2D;IAC3D,IAAI,QAAQ,KAAK,aAAa,EAAE,CAAC;QAC/B,IAAI,WAAW,KAAK,aAAa,EAAE,CAAC;YAClC,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,WAAW,EAAE,0BAA0B;gBACvC,MAAM,EAAE,oEAAoE;aAC7E,CAAC;QACJ,CAAC;QAED,OAAO;YACL,EAAE,EAAE,KAAK;YACT,WAAW,EAAE,6BAA6B;YAC1C,MAAM,EAAE,wDAAwD;SACjE,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,IAM/C;IACC,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC;IAE5B,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,sBAAsB,CAAC,GAAG,CAAuC,CAAC;IAEnF,4GAA4G;IAC5G,IAAI,eAAe,GAAuB,IAAI,CAAC,OAAO,CAAC;IAEvD,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QAChE,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;QACxE,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC3B,eAAe,GAAG,SAAS,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAG,eAAe,CAAC,CAAC,CAAC,MAAM,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE9E,MAAM,KAAK,GAAG;QACZ,IAAI,EAAE,IAAI,CAAC,SAAS;QACpB,WAAW,EAAE,IAAI,CAAC,UAAU;QAC5B,QAAQ,EAAE,eAAe;KAC1B,CAAC;IAEF,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,QAAQ,EAAE;QACrD,4BAA4B,EAAE,IAAI,CAAC,MAAM,CAAC,wBAAwB;QAClE,uBAAuB,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB;QAC1D,GAAG;KACJ,CAAC,CAAC;IAEH,IAAI,YAAY,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC3C,OAAO;YACL,IAAI,EAAE,cAAc;YACpB,MAAM,EAAE,MAAM;YACd,WAAW,EAAE,UAAU;YACvB,WAAW,EAAE,YAAY,CAAC,KAAK,EAAE,IAAI,IAAI,SAAS;YAClD,MAAM,EAAE,YAAY,CAAC,KAAK,EAAE,OAAO,IAAI,YAAY,CAAC,MAAM,CAAC,MAAM;YACjE,KAAK;YACL,YAAY;SACb,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,+BAA+B,CAAC;QAC7C,QAAQ;QACR,YAAY;QACZ,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CAAC;IAEH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,IAAI,EAAE,cAAc;YACpB,MAAM,EAAE,MAAM;YACd,WAAW,EAAE,UAAU;YACvB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,KAAK;YACL,YAAY;SACb,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,cAAc;QACpB,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,UAAU;QACvB,WAAW,EAAE,IAAI;QACjB,MAAM,EAAE,oCAAoC;QAC5C,KAAK;QACL,YAAY;KACb,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,IAIhD;IACC,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC;IAE5B,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,uBAAuB,CAAC,GAAG,CAAwB,CAAC;IAEnE,MAAM,YAAY,GAA+B,MAAM,kBAAkB,CAAC,MAAM,EAAE;QAChF,4BAA4B,EAAE,IAAI,CAAC,MAAM,CAAC,wBAAwB;QAClE,uBAAuB,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB;QAC1D,yCAAyC,EAAE,IAAI,CAAC,MAAM,CAAC,8BAA8B;QACrF,0CAA0C,EAAE,IAAI,CAAC,MAAM,CAAC,+BAA+B;QACvF,2CAA2C,EAAE,IAAI,CAAC,MAAM,CAAC,gCAAgC;KAC1F,CAAC,CAAC;IAEH,IAAI,YAAY,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC3C,OAAO;YACL,IAAI,EAAE,eAAe;YACrB,MAAM,EAAE,MAAM;YACd,WAAW,EAAE,UAAU;YACvB,WAAW,EAAE,YAAY,CAAC,KAAK,EAAE,IAAI,IAAI,SAAS;YAClD,MAAM,EAAE,YAAY,CAAC,KAAK,EAAE,OAAO,IAAI,YAAY,CAAC,MAAM,CAAC,MAAM;YACjE,KAAK,EAAE;gBACL,IAAI,EAAE,IAAI,CAAC,SAAS;gBACpB,WAAW,EAAE,IAAI,CAAC,UAAU;aAC7B;YACD,YAAY;SACb,CAAC;IACJ,CAAC;IAED,+DAA+D;IAC/D,MAAM,mBAAmB,GAAI,MAAc,EAAE,SAAS,EAAE,qBAAqB,CAAC;IAC9E,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,mBAAmB,EAAE;YAC5D,4BAA4B,EAAE,IAAI,CAAC,MAAM,CAAC,wBAAwB;YAClE,uBAAuB,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB;SAC3D,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACvC,OAAO;gBACL,IAAI,EAAE,eAAe;gBACrB,MAAM,EAAE,MAAM;gBACd,WAAW,EAAE,UAAU;gBACvB,WAAW,EAAE,QAAQ,CAAC,KAAK,EAAE,IAAI,IAAI,SAAS;gBAC9C,MAAM,EAAE,4CAA4C,QAAQ,CAAC,KAAK,EAAE,OAAO,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE;gBACvG,KAAK,EAAE;oBACL,IAAI,EAAE,IAAI,CAAC,SAAS;oBACpB,WAAW,EAAE,IAAI,CAAC,UAAU;iBAC7B;gBACD,YAAY,EAAE;oBACZ,aAAa,EAAE,YAAY;oBAC3B,YAAY,EAAE,QAAQ;iBACvB;aACF,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,+BAA+B,CAAC;YAC7C,QAAQ,EAAE,mBAAmB;YAC7B,YAAY,EAAE,QAAQ;YACtB,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO;gBACL,IAAI,EAAE,eAAe;gBACrB,MAAM,EAAE,MAAM;gBACd,WAAW,EAAE,UAAU;gBACvB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,KAAK,EAAE;oBACL,IAAI,EAAE,IAAI,CAAC,SAAS;oBACpB,WAAW,EAAE,IAAI,CAAC,UAAU;iBAC7B;gBACD,YAAY,EAAE;oBACZ,aAAa,EAAE,YAAY;oBAC3B,YAAY,EAAE,QAAQ;iBACvB;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,UAAU;QACvB,WAAW,EAAE,IAAI;QACjB,MAAM,EAAE,qCAAqC;QAC7C,KAAK,EAAE;YACL,IAAI,EAAE,IAAI,CAAC,SAAS;YACpB,WAAW,EAAE,IAAI,CAAC,UAAU;SAC7B;QACD,YAAY;KACb,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,GAAuB;IACvD,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,CAAC,CAAC;IACpC,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,CAAC,CAAC;IACpC,OAAO,CAAC,CAAC;AACX,CAAC;AAED,8EAA8E;AAC9E,gDAAgD;AAChD,8EAA8E;AAE9E,MAAM,eAAe,GAAG,4DAA4D,CAAC;AAErF,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,KAAK,GAAa,CAAC,CAAC,CAAC,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,EAAE,CAAC,CAAC;QACvE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACtD,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;QAClB,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;YAClB,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACtB,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QACnB,CAAC;QACD,OAAO,KAAK,EAAE,CAAC;YAAC,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;YAAC,KAAK,KAAK,CAAC,CAAC;QAAC,CAAC;IAC1D,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;QAAC,IAAI,IAAI,KAAK,GAAG;YAAE,MAAM;QAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IACnE,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,iCAAiC,CAAC,GAAW;IACpD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI;YAAE,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;AAC1B,CAAC;AAED,kDAAkD;AAClD,SAAS,eAAe,CAAC,KAAc;IACrC,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAClC,QAAQ,OAAO,KAAK,EAAE,CAAC;QACrB,KAAK,SAAS,CAAC,CAAC,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;QAChD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;YACrF,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC/B,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC5C,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;gBAAE,OAAO,IAAI,KAAK,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAC7E,MAAM,GAAG,GAAG,KAAgC,CAAC;YAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACrC,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,KAAK,MAAM,CAAC,IAAI,IAAI;gBAAE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACpF,OAAO,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;QAChC,CAAC;QACD,OAAO,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,mCAAmC,OAAO,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,KAAiB;IACtC,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC;IACzB,IAAI,GAAG,YAAY,WAAW;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC;IACxG,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9C,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAChB,OAAO,IAAI,CAAC,MAAM,CAAC;AACrB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,IAE7C;IACC,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC;IAE5B,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACnB,OAAO;YACL,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;YAC3D,WAAW,EAAE,oBAAoB,EAAE,MAAM,EAAE,uCAAuC;YAClF,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE;SAChC,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,GAA8B,CAAC;IAExF,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,OAAO;YACL,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;YAC3D,WAAW,EAAE,iBAAiB,EAAE,MAAM,EAAE,wBAAwB,MAAM,CAAC,OAAO,CAAC,EAAE;YACjF,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE;SAChC,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACjC,OAAO;YACL,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;YAC3D,WAAW,EAAE,cAAc,EAAE,MAAM,EAAE,qBAAqB,MAAM,CAAC,IAAI,CAAC,EAAE;YACxE,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE;SAChC,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO;YACL,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;YAC3D,WAAW,EAAE,cAAc,EAAE,MAAM,EAAE,qBAAqB,MAAM,CAAC,IAAI,CAAC,EAAE;YACxE,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE;SAChC,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAC9E,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO;YACL,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;YAC3D,WAAW,EAAE,wBAAwB;YACrC,MAAM,EAAE,kDAAkD;YAC1D,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE;YAC/B,YAAY,EAAE,EAAE,UAAU,EAAE,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE;SACxE,CAAC;IACJ,CAAC;IACD,MAAM,SAAS,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAEjC,MAAM,cAAc,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,iCAAiC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC/F,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO;YACL,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;YAC3D,WAAW,EAAE,oBAAoB;YACjC,MAAM,EAAE,mEAAmE;YAC3E,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE;YAC/B,YAAY,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE;SAC/F,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5D,OAAO;YACL,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;YAC3D,WAAW,EAAE,oBAAoB,EAAE,MAAM,EAAE,yBAAyB;YACpE,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE;YAC/B,YAAY,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAa,EAAE;SACnE,CAAC;IACJ,CAAC;IAED,IAAI,QAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;QAC/B,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;YAC3D,WAAW,EAAE,oBAAoB,EAAE,MAAM,EAAE,0BAA0B;YACrE,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE;YAC/B,YAAY,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAa,EAAE;SACnE,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC3B,OAAO;YACL,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;YAC3D,WAAW,EAAE,oBAAoB,EAAE,MAAM,EAAE,4BAA4B;YACvE,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE;YAC/B,YAAY,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAa,EAAE;SACnE,CAAC;IACJ,CAAC;IAED,gEAAgE;IAChE,IAAI,SAAiB,CAAC;IACtB,IAAI,CAAC;QACH,SAAS,GAAG,eAAe,CAAC,EAAE,GAAG,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;YAC3D,WAAW,EAAE,wBAAwB;YACrC,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,yBAAyB;YACtE,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE;YAC/B,YAAY,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAa,EAAE;SACnE,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAErD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EAAE,aAAa,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,CAC7E,CAAC;QACF,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACnC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,SAAS,EAAE,aAAa,CAAC,QAAQ,CAAC,EAAE,aAAa,CAAC,QAAQ,CAAC,CACjF,CAAC;QAEF,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YAC5B,WAAW,EAAE,UAAU;YACvB,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,mBAAmB;YAC5C,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,+BAA+B;YAC1E,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE;YAC/B,YAAY,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAa,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE;SAC7F,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;YAC3D,WAAW,EAAE,cAAc;YAC3B,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B;YACxE,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE;YAC/B,YAAY,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAa,EAAE;SACnE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,GAAW;IAC3C,IAAI,GAAG,KAAK,cAAc,IAAI,GAAG,KAAK,cAAc;QAAE,OAAO,cAAc,CAAC;IAC5E,IAAI,GAAG,KAAK,eAAe,IAAI,GAAG,KAAK,eAAe;QAAE,OAAO,eAAe,CAAC;IAC/E,IAAI,GAAG,KAAK,YAAY,IAAI,GAAG,KAAK,YAAY;QAAE,OAAO,YAAY,CAAC;IACtE,OAAO,IAAI,CAAC;AACd,CAAC"}
package/package.json ADDED
@@ -0,0 +1,59 @@
1
+ {
2
+ "name": "@clawbureau/clawverify-cli",
3
+ "version": "0.1.0",
4
+ "description": "Offline verifier CLI for the Clawsig Protocol — verify proof bundles, export bundles, and commit signatures without network access.",
5
+ "type": "module",
6
+ "bin": {
7
+ "clawverify": "./dist/cli.js"
8
+ },
9
+ "main": "./dist/index.js",
10
+ "types": "./dist/index.d.ts",
11
+ "exports": {
12
+ ".": {
13
+ "import": "./dist/index.js",
14
+ "types": "./dist/index.d.ts"
15
+ }
16
+ },
17
+ "files": [
18
+ "dist/**/*.js",
19
+ "dist/**/*.d.ts",
20
+ "dist/**/*.d.ts.map",
21
+ "dist/**/*.js.map",
22
+ "README.md",
23
+ "LICENSE"
24
+ ],
25
+ "scripts": {
26
+ "build": "tsc",
27
+ "typecheck": "tsc --noEmit",
28
+ "prepublishOnly": "npm run build",
29
+ "test": "vitest run"
30
+ },
31
+ "keywords": [
32
+ "clawsig",
33
+ "verifier",
34
+ "proof-bundle",
35
+ "offline-verification",
36
+ "Ed25519",
37
+ "DID",
38
+ "agent-verification"
39
+ ],
40
+ "repository": {
41
+ "type": "git",
42
+ "url": "https://github.com/clawbureau/clawbureau",
43
+ "directory": "packages/clawverify-cli"
44
+ },
45
+ "homepage": "https://github.com/clawbureau/clawbureau/tree/main/packages/clawverify-cli",
46
+ "bugs": "https://github.com/clawbureau/clawbureau/issues",
47
+ "dependencies": {
48
+ "@clawbureau/clawverify-core": "file:../clawverify-core"
49
+ },
50
+ "devDependencies": {
51
+ "@types/node": "^25.2.1",
52
+ "typescript": "^5.7.0",
53
+ "vitest": "^1.2.0"
54
+ },
55
+ "engines": {
56
+ "node": ">=20"
57
+ },
58
+ "license": "MIT"
59
+ }