@codeledger/engine 0.7.0

package/dist/isc/score.js

@@ -0,0 +1,347 @@
+/**
+ * ISC — Intent Sufficiency Check
+ *
+ * PRE-CONTEXT certification layer. Evaluates whether a task prompt carries
+ * enough structured intent to justify context construction.
+ *
+ * Design principles:
+ * - Deterministic: same input → same output (no ML, no external calls)
+ * - Local-first: pure string analysis
+ * - Additive scoring: five independent factors summed with fixed weights
+ *
+ * Decision thresholds:
+ *   SUFFICIENT   ≥ 0.75  → proceed normally
+ *   WEAK         0.50–0.74 → proceed with -0.05 CCS penalty
+ *   INSUFFICIENT < 0.50  → block context construction; surface recommendations
+ */
+// ─── Weights ─────────────────────────────────────────────────────────────────
+const W_TOKEN_SIGNAL = 0.20;
+const W_OPERATION_CLARITY = 0.30;
+const W_DOMAIN_CLARITY = 0.25;
+const W_TARGET_SPECIFICITY = 0.15;
+const W_CONSTRAINT_PRESENCE = 0.10;
+// ─── Thresholds ───────────────────────────────────────────────────────────────
+export const ISC_SUFFICIENT_THRESHOLD = 0.75;
+export const ISC_WEAK_THRESHOLD = 0.50;
+// ─── Keyword Tables ───────────────────────────────────────────────────────────
+/**
+ * Operation clarity keywords — clear action verbs that signal a well-formed
+ * task. Grouped by verb family for readability.
+ */
+const OPERATION_KEYWORDS = [
+    // Bug / fix
+    'fix', 'fixes', 'fixing', 'fixed',
+    'patch', 'patches', 'patching',
+    'debug', 'debugs', 'debugging',
+    'repair', 'repairs', 'repairing',
+    'resolve', 'resolves', 'resolving',
+    // Feature / add
+    'add', 'adds', 'adding',
+    'implement', 'implements', 'implementing',
+    'create', 'creates', 'creating',
+    'build', 'builds', 'building',
+    'introduce', 'introduces', 'introducing',
+    // Refactor / clean
+    'refactor', 'refactors', 'refactoring',
+    'rename', 'renames', 'renaming',
+    'move', 'moves', 'moving',
+    'extract', 'extracts', 'extracting',
+    'clean', 'cleans', 'cleaning',
+    'reorganize', 'reorganizes', 'reorganizing',
+    // Update / change
+    'update', 'updates', 'updating',
+    'upgrade', 'upgrades', 'upgrading',
+    'change', 'changes', 'changing',
+    'modify', 'modifies', 'modifying',
+    'replace', 'replaces', 'replacing',
+    // Remove / delete
+    'remove', 'removes', 'removing',
+    'delete', 'deletes', 'deleting',
+    'drop', 'drops', 'dropping',
+    // Test
+    'test', 'tests', 'testing',
+    'write test', 'add test', 'cover',
+    // Document / explain
+    'document', 'documents', 'documenting',
+    'explain', 'explains', 'explaining',
+    // Improve / optimize
+    'improve', 'improves', 'improving',
+    'optimize', 'optimizes', 'optimizing',
+    'enhance', 'enhances', 'enhancing',
+    // Migrate / convert
+    'migrate', 'migrates', 'migrating',
+    'convert', 'converts', 'converting',
+    'port', 'ports', 'porting',
+];
+/**
+ * Domain clarity keywords — recognisable technical domains. A prompt
+ * containing any of these is scored as domain-clear.
+ */
+const DOMAIN_KEYWORDS = [
+    // Auth / security
+    'auth', 'authentication', 'authorization', 'login', 'logout', 'session',
+    'oauth', 'jwt', 'token', 'password', 'credential', 'permission', 'role',
+    // API / routes
+    'api', 'endpoint', 'route', 'routes', 'rest', 'graphql', 'grpc',
+    'http', 'https', 'request', 'response', 'middleware',
+    // Database / storage
+    'database', 'db', 'sql', 'query', 'migration', 'schema', 'table', 'index',
+    'sqlite', 'postgres', 'mysql', 'mongo', 'redis', 'cache',
+    // UI / frontend
+    'ui', 'frontend', 'component', 'react', 'vue', 'angular', 'css', 'style',
+    'modal', 'button', 'form', 'input', 'render', 'view',
+    // Build / CI
+    'build', 'ci', 'workflow', 'deploy', 'release', 'publish', 'bundle',
+    'webpack', 'vite', 'rollup', 'tsconfig', 'eslint',
+    // Config / infra
+    'config', 'configuration', 'settings', 'env', 'environment',
+    'docker', 'kubernetes', 'infrastructure',
+    // Types / models
+    'type', 'types', 'interface', 'model', 'schema', 'dto', 'entity',
+    // Tests
+    'test', 'tests', 'spec', 'jest', 'vitest', 'mocha', 'coverage',
+    // Logging / observability
+    'log', 'logs', 'logging', 'telemetry', 'metric', 'trace',
+    // CLI / commands
+    'cli', 'command', 'flag', 'argument', 'subcommand',
+    // Core concepts in this repo
+    'ledger', 'bundle', 'context', 'ccs', 'ecl', 'iole', 'sce', 'isc',
+    'slice', 'selector', 'scanner', 'repo', 'graph', 'hotspot',
+];
+/**
+ * Constraint keywords — words that introduce scope or quality limitations.
+ */
+const CONSTRAINT_KEYWORDS = [
+    'without', 'without breaking', 'must', 'should', 'ensure', 'only',
+    'keep', 'maintain', 'preserve', 'backward compat', 'backwards compat',
+    'no breaking', 'don\'t break', 'do not break', 'safe', 'safely',
+    'not affect', 'except', 'but not', 'limited to', 'within',
+    'in packages/', 'in src/', 'in tests/', 'only in',
+];
+// ─── Public API ───────────────────────────────────────────────────────────────
+/**
+ * Run the Intent Sufficiency Check on a task prompt.
+ *
+ * Returns a full IntentSufficiencyCheck with score, decision, per-factor
+ * breakdown, issues list, and actionable recommendations.
+ */
+export function checkIntentSufficiency(task) {
+    const taskLower = task.toLowerCase().trim();
+    const tokens = tokenize(task);
+    // ── Factor 1: Token Signal (weight 0.20) ─────────────────────────────────
+    const tokenSignalScore = scoreTokenSignal(tokens);
+    // ── Factor 2: Operation Clarity (weight 0.30) ────────────────────────────
+    const { score: operationClarityScore, detected: detectedOperation } = scoreOperationClarity(taskLower, tokens);
+    // ── Factor 3: Domain Clarity (weight 0.25) ───────────────────────────────
+    const { score: domainClarityScore, detected: detectedDomain } = scoreDomainClarity(taskLower, tokens);
+    // ── Factor 4: Target Specificity (weight 0.15) ───────────────────────────
+    const { score: targetSpecificityScore, detected: detectedTargets } = scoreTargetSpecificity(task, taskLower, tokens);
+    // ── Factor 5: Constraint Presence (weight 0.10) ──────────────────────────
+    const constraintPresenceScore = scoreConstraintPresence(taskLower);
+    // ── Weighted composite ───────────────────────────────────────────────────
+    const factors = {
+        tokenSignalScore,
+        operationClarityScore,
+        domainClarityScore,
+        targetSpecificityScore,
+        constraintPresenceScore,
+    };
+    const score = tokenSignalScore * W_TOKEN_SIGNAL +
+        operationClarityScore * W_OPERATION_CLARITY +
+        domainClarityScore * W_DOMAIN_CLARITY +
+        targetSpecificityScore * W_TARGET_SPECIFICITY +
+        constraintPresenceScore * W_CONSTRAINT_PRESENCE;
+    const roundedScore = Math.round(score * 1000) / 1000;
+    // ── Decision ─────────────────────────────────────────────────────────────
+    const decision = roundedScore >= ISC_SUFFICIENT_THRESHOLD
+        ? 'SUFFICIENT'
+        : roundedScore >= ISC_WEAK_THRESHOLD
+            ? 'WEAK'
+            : 'INSUFFICIENT';
+    // ── Issues + Recommendations ─────────────────────────────────────────────
+    const { issues, recommendations } = buildDiagnostics(factors, tokens);
+    return {
+        score: roundedScore,
+        decision,
+        factors,
+        issues,
+        recommendations,
+        ...(detectedOperation ? { detectedOperation } : {}),
+        ...(detectedDomain ? { detectedDomain } : {}),
+        ...(detectedTargets.length > 0 ? { detectedTargets } : {}),
+    };
+}
+// ─── Factor Scorers ───────────────────────────────────────────────────────────
+/**
+ * Factor 1: Token Signal
+ *
+ * Scoring table:
+ *   < 2 tokens  → 0.0
+ *   2 tokens    → 0.3
+ *   3–4 tokens  → 0.6
+ *   5–7 tokens  → 0.8
+ *   ≥ 8 tokens  → 1.0
+ */
+function scoreTokenSignal(tokens) {
+    const n = tokens.length;
+    if (n < 2)
+        return 0.0;
+    if (n === 2)
+        return 0.3;
+    if (n <= 4)
+        return 0.6;
+    if (n <= 7)
+        return 0.8;
+    return 1.0;
+}
+function scoreOperationClarity(taskLower, _tokens) {
+    for (const kw of OPERATION_KEYWORDS) {
+        // Match as a whole word or at start of a phrase
+        const escaped = kw.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+        const regex = new RegExp(`\\b${escaped}\\b`);
+        if (regex.test(taskLower)) {
+            return { score: 1.0, detected: kw };
+        }
+    }
+    return { score: 0.0, detected: undefined };
+}
+function scoreDomainClarity(taskLower, _tokens) {
+    for (const kw of DOMAIN_KEYWORDS) {
+        const escaped = kw.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+        const regex = new RegExp(`\\b${escaped}\\b`);
+        if (regex.test(taskLower)) {
+            return { score: 1.0, detected: kw };
+        }
+    }
+    return { score: 0.0, detected: undefined };
+}
+/**
+ * Factor 4: Target Specificity
+ *
+ * Rewards concrete targets:
+ *   - File/directory path tokens (contain '/' or end in known extension)
+ *   - camelCase or snake_case identifiers (internal caps or underscores)
+ *   - Quoted identifiers: "something" or 'something'
+ *   - PascalCase identifiers (likely type/class names)
+ *   - Known extensions mentioned without full path (.ts, .json, etc.)
+ *
+ * Score:
+ *   0 targets → 0.0
+ *   1 target  → 0.6
+ *   2 targets → 0.8
+ *   ≥ 3       → 1.0
+ */
+function scoreTargetSpecificity(taskOriginal, taskLower, tokens) {
+    const targets = new Set();
+    // File/directory paths (contain '/' or '\')
+    for (const token of tokens) {
+        if (/[/\\]/.test(token) && token.length > 1) {
+            targets.add(token);
+        }
+    }
+    // Tokens with known source extensions
+    const EXT_RE = /\.(ts|tsx|js|mjs|cjs|json|yaml|yml|md|sh|py|go|rs|java)$/i;
+    for (const token of tokens) {
+        if (EXT_RE.test(token)) {
+            targets.add(token);
+        }
+    }
+    // camelCase identifiers (at least one lowercase followed by uppercase)
+    const CAMEL_RE = /^[a-z][a-z0-9]*[A-Z][a-zA-Z0-9]*$/;
+    for (const token of tokens) {
+        if (CAMEL_RE.test(token)) {
+            targets.add(token);
+        }
+    }
+    // snake_case identifiers (at least one underscore between word chars)
+    const SNAKE_RE = /^[a-z][a-z0-9]*(_[a-z0-9]+)+$/;
+    for (const token of tokens) {
+        if (SNAKE_RE.test(token)) {
+            targets.add(token);
+        }
+    }
+    // PascalCase (starts with uppercase, has mixed case, length > 3)
+    const PASCAL_RE = /^[A-Z][a-z][a-zA-Z0-9]{2,}$/;
+    for (const token of tokens) {
+        if (PASCAL_RE.test(token)) {
+            targets.add(token);
+        }
+    }
+    // ALL_CAPS identifiers like README, API, CLI, UI, etc. (3+ chars)
+    const ALLCAPS_RE = /^[A-Z][A-Z0-9_]{2,}$/;
+    for (const token of tokens) {
+        const cleaned = token.replace(/[^A-Z0-9_]/g, '');
+        if (ALLCAPS_RE.test(cleaned)) {
+            targets.add(token);
+        }
+    }
+    // Quoted identifiers
+    const QUOTED_RE = /["'`]([^"'`]{2,40})["'`]/g;
+    let m;
+    while ((m = QUOTED_RE.exec(taskOriginal)) !== null) {
+        if (m[1] !== undefined)
+            targets.add(m[1]);
+    }
+    // CLI flags like --force, --json
+    const FLAG_RE = /--[a-z][-a-z0-9]+/g;
+    while ((m = FLAG_RE.exec(taskLower)) !== null) {
+        if (m[0] !== undefined)
+            targets.add(m[0]);
+    }
+    // Package scope tokens (e.g. @codeledger/engine, packages/engine)
+    const SCOPE_RE = /@[a-z][-a-z0-9]*\/[a-z][-a-z0-9]*/g;
+    while ((m = SCOPE_RE.exec(taskLower)) !== null) {
+        if (m[0] !== undefined)
+            targets.add(m[0]);
+    }
+    const detected = Array.from(targets).slice(0, 10);
+    const count = detected.length;
+    const score = count === 0 ? 0.0
+        : count === 1 ? 0.6
+            : count === 2 ? 0.8
+                : 1.0;
+    return { score, detected };
+}
+function scoreConstraintPresence(taskLower) {
+    for (const kw of CONSTRAINT_KEYWORDS) {
+        if (taskLower.includes(kw)) {
+            return 1.0;
+        }
+    }
+    return 0.0;
+}
+// ─── Diagnostics ─────────────────────────────────────────────────────────────
+function buildDiagnostics(factors, tokens) {
+    const issues = [];
+    const recommendations = [];
+    if (factors.tokenSignalScore < 0.6) {
+        issues.push(`Prompt is too short (${tokens.length} token${tokens.length === 1 ? '' : 's'}); too little context for reliable file selection.`);
+        recommendations.push('Expand your prompt with more detail about what you want to change and where.');
+    }
+    if (factors.operationClarityScore === 0) {
+        issues.push('No clear action verb detected (e.g., fix, add, refactor, update, remove).');
+        recommendations.push('Start the prompt with a concrete action: "Fix …", "Add …", "Refactor …".');
+    }
+    if (factors.domainClarityScore === 0) {
+        issues.push('No recognisable technical domain detected (e.g., auth, api, database, cli, types).');
+        recommendations.push('Include the technical area this task belongs to (e.g., "in the auth middleware", "for the database layer").');
+    }
+    if (factors.targetSpecificityScore < 0.6) {
+        issues.push('No specific target identified (file path, function name, module name, or flag).');
+        recommendations.push('Name the specific file, function, or module being changed (e.g., "in packages/cli/src/commands/context.ts", "the buildSlice function").');
+    }
+    return { issues, recommendations };
+}
+// ─── Utilities ────────────────────────────────────────────────────────────────
+/**
+ * Tokenize a task string into meaningful tokens.
+ * Splits on whitespace and common punctuation, preserving paths and identifiers.
+ */
+function tokenize(task) {
+    // Split on whitespace, keeping compound tokens intact
+    return task
+        .split(/\s+/)
+        .map((t) => t.replace(/^[,;:()"'`]+|[,;:()"'`]+$/g, ''))
+        .filter((t) => t.length > 0);
+}
+//# sourceMappingURL=score.js.map

package/dist/isc/score.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"score.js","sourceRoot":"","sources":["../../src/isc/score.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH,gFAAgF;AAEhF,MAAM,cAAc,GAAU,IAAI,CAAC;AACnC,MAAM,mBAAmB,GAAK,IAAI,CAAC;AACnC,MAAM,gBAAgB,GAAQ,IAAI,CAAC;AACnC,MAAM,oBAAoB,GAAI,IAAI,CAAC;AACnC,MAAM,qBAAqB,GAAG,IAAI,CAAC;AAEnC,iFAAiF;AAEjF,MAAM,CAAC,MAAM,wBAAwB,GAAK,IAAI,CAAC;AAC/C,MAAM,CAAC,MAAM,kBAAkB,GAAW,IAAI,CAAC;AAE/C,iFAAiF;AAEjF;;;GAGG;AACH,MAAM,kBAAkB,GAAsB;IAC5C,YAAY;IACZ,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO;IACjC,OAAO,EAAE,SAAS,EAAE,UAAU;IAC9B,OAAO,EAAE,QAAQ,EAAE,WAAW;IAC9B,QAAQ,EAAE,SAAS,EAAE,WAAW;IAChC,SAAS,EAAE,UAAU,EAAE,WAAW;IAClC,gBAAgB;IAChB,KAAK,EAAE,MAAM,EAAE,QAAQ;IACvB,WAAW,EAAE,YAAY,EAAE,cAAc;IACzC,QAAQ,EAAE,SAAS,EAAE,UAAU;IAC/B,OAAO,EAAE,QAAQ,EAAE,UAAU;IAC7B,WAAW,EAAE,YAAY,EAAE,aAAa;IACxC,mBAAmB;IACnB,UAAU,EAAE,WAAW,EAAE,aAAa;IACtC,QAAQ,EAAE,SAAS,EAAE,UAAU;IAC/B,MAAM,EAAE,OAAO,EAAE,QAAQ;IACzB,SAAS,EAAE,UAAU,EAAE,YAAY;IACnC,OAAO,EAAE,QAAQ,EAAE,UAAU;IAC7B,YAAY,EAAE,aAAa,EAAE,cAAc;IAC3C,kBAAkB;IAClB,QAAQ,EAAE,SAAS,EAAE,UAAU;IAC/B,SAAS,EAAE,UAAU,EAAE,WAAW;IAClC,QAAQ,EAAE,SAAS,EAAE,UAAU;IAC/B,QAAQ,EAAE,UAAU,EAAE,WAAW;IACjC,SAAS,EAAE,UAAU,EAAE,WAAW;IAClC,kBAAkB;IAClB,QAAQ,EAAE,SAAS,EAAE,UAAU;IAC/B,QAAQ,EAAE,SAAS,EAAE,UAAU;IAC/B,MAAM,EAAE,OAAO,EAAE,UAAU;IAC3B,OAAO;IACP,MAAM,EAAE,OAAO,EAAE,SAAS;IAC1B,YAAY,EAAE,UAAU,EAAE,OAAO;IACjC,qBAAqB;IACrB,UAAU,EAAE,WAAW,EAAE,aAAa;IACtC,SAAS,EAAE,UAAU,EAAE,YAAY;IACnC,qBAAqB;IACrB,SAAS,EAAE,UAAU,EAAE,WAAW;IAClC,UAAU,EAAE,WAAW,EAAE,YAAY;IACrC,SAAS,EAAE,UAAU,EAAE,WAAW;IAClC,oBAAoB;IACpB,SAAS,EAAE,UAAU,EAAE,WAAW;IAClC,SAAS,EAAE,UAAU,EAAE,YAAY;IACnC,MAAM,EAAE,OAAO,EAAE,SAAS;CAC3B,CAAC;AAEF;;;GAGG;AACH,MAAM,eAAe,GAAsB;IACzC,kBAAkB;IAClB,MAAM,EAAE,gBAAgB,EAAE,eAAe,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS;IACvE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM;IACvE,eAAe;IACf,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;IAC/D,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY;IACpD,qBAAqB;IACrB,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO;IACzE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IACxD,gBAAgB;IAChB,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO;IACxE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM;IACpD,aAAa;IACb,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ;IACnE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ;IACjD,iBAAiB;IACjB,QAAQ,EAAE,eAAe,EAAE,UAAU,EAAE,KAAK,EAAE,aAAa;IAC3D,QAAQ,EAAE,YAAY,EAAE,gBAAgB;IACxC,iBAAiB;IACjB,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ;IAChE,QAAQ;IACR,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU;IAC9D,0BAA0B;IAC1B,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO;IACxD,iBAAiB;IACjB,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY;IAClD,6BAA6B;IAC7B,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;IACjE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS;CAC3D,CAAC;AAEF;;GAEG;AACH,MAAM,mBAAmB,GAAsB;IAC7C,SAAS,EAAE,kBAAkB,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM;IACjE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,kBAAkB;IACrE,aAAa,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ;IAC/D,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ;IACzD,cAAc,EAAE,SAAS,EAAE,WAAW,EAAE,SAAS;CAClD,CAAC;AAEF,iFAAiF;AAEjF;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAY;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAC5C,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAE9B,4EAA4E;IAC5E,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAElD,4EAA4E;IAC5E,MAAM,EAAE,KAAK,EAAE,qBAAqB,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GACjE,qBAAqB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAE3C,4EAA4E;IAC5E,MAAM,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,cAAc,EAAE,GAC3D,kBAAkB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAExC,4EAA4E;IAC5E,MAAM,EAAE,KAAK,EAAE,sBAAsB,EAAE,QAAQ,EAAE,eAAe,EAAE,GAChE,sBAAsB,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IAElD,4EAA4E;IAC5E,MAAM,uBAAuB,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;IAEnE,4EAA4E;IAC5E,MAAM,OAAO,GAA6B;QACxC,gBAAgB;QAChB,qBAAqB;QACrB,kBAAkB;QAClB,sBAAsB;QACtB,uBAAuB;KACxB,CAAC;IAEF,MAAM,KAAK,GACT,gBAAgB,GAAU,cAAc;QACxC,qBAAqB,GAAK,mBAAmB;QAC7C,kBAAkB,GAAQ,gBAAgB;QAC1C,sBAAsB,GAAI,oBAAoB;QAC9C,uBAAuB,GAAG,qBAAqB,CAAC;IAElD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAErD,4EAA4E;IAC5E,MAAM,QAAQ,GAAG,YAAY,IAAI,wBAAwB;QACvD,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,YAAY,IAAI,kBAAkB;YAClC,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,cAAc,CAAC;IAErB,4EAA4E;IAC5E,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,GAAG,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAEtE,OAAO;QACL,KAAK,EAAE,YAAY;QACnB,QAAQ;QACR,OAAO;QACP,MAAM;QACN,eAAe;QACf,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACnD,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7C,GAAG,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC3D,CAAC;AACJ,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;;GASG;AACH,SAAS,gBAAgB,CAAC,MAAgB;IACxC,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;IACxB,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IACtB,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IACxB,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,GAAG,CAAC;IACvB,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,GAAG,CAAC;IACvB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,qBAAqB,CAC5B,SAAiB,EACjB,OAAiB;IAEjB,KAAK,MAAM,EAAE,IAAI,kBAAkB,EAAE,CAAC;QACpC,gDAAgD;QAChD,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,MAAM,OAAO,KAAK,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACtC,CAAC;IACH,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AAC7C,CAAC;AAED,SAAS,kBAAkB,CACzB,SAAiB,EACjB,OAAiB;IAEjB,KAAK,MAAM,EAAE,IAAI,eAAe,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,MAAM,OAAO,KAAK,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACtC,CAAC;IACH,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AAC7C,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,SAAS,sBAAsB,CAC7B,YAAoB,EACpB,SAAiB,EACjB,MAAgB;IAEhB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,4CAA4C;IAC5C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,MAAM,MAAM,GAAG,2DAA2D,CAAC;IAC3E,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,MAAM,QAAQ,GAAG,mCAAmC,CAAC;IACrD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,MAAM,QAAQ,GAAG,+BAA+B,CAAC;IACjD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,iEAAiE;IACjE,MAAM,SAAS,GAAG,6BAA6B,CAAC;IAChD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,MAAM,UAAU,GAAG,sBAAsB,CAAC;IAC1C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACjD,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,SAAS,GAAG,2BAA2B,CAAC;IAC9C,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnD,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,SAAS;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,iCAAiC;IACjC,MAAM,OAAO,GAAG,oBAAoB,CAAC;IACrC,OAAO,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9C,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,SAAS;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,kEAAkE;IAClE,MAAM,QAAQ,GAAG,oCAAoC,CAAC;IACtD,OAAO,CAAC,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC/C,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,SAAS;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC;IAE9B,MAAM,KAAK,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG;QAC7B,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG;YACnB,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG;gBACnB,CAAC,CAAC,GAAG,CAAC;IAER,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC7B,CAAC;AAED,SAAS,uBAAuB,CAAC,SAAiB;IAChD,KAAK,MAAM,EAAE,IAAI,mBAAmB,EAAE,CAAC;QACrC,IAAI,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YAC3B,OAAO,GAAG,CAAC;QACb,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,gFAAgF;AAEhF,SAAS,gBAAgB,CACvB,OAAiC,EACjC,MAAgB;IAEhB,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,IAAI,OAAO,CAAC,gBAAgB,GAAG,GAAG,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,wBAAwB,MAAM,CAAC,MAAM,SAAS,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,oDAAoD,CAAC,CAAC;QAC9I,eAAe,CAAC,IAAI,CAAC,8EAA8E,CAAC,CAAC;IACvG,CAAC;IAED,IAAI,OAAO,CAAC,qBAAqB,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,2EAA2E,CAAC,CAAC;QACzF,eAAe,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC;IACnG,CAAC;IAED,IAAI,OAAO,CAAC,kBAAkB,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC,oFAAoF,CAAC,CAAC;QAClG,eAAe,CAAC,IAAI,CAAC,6GAA6G,CAAC,CAAC;IACtI,CAAC;IAED,IAAI,OAAO,CAAC,sBAAsB,GAAG,GAAG,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;QAC/F,eAAe,CAAC,IAAI,CAAC,yIAAyI,CAAC,CAAC;IAClK,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;AACrC,CAAC;AAED,iFAAiF;AAEjF;;;GAGG;AACH,SAAS,QAAQ,CAAC,IAAY;IAC5B,sDAAsD;IACtD,OAAO,IAAI;SACR,KAAK,CAAC,KAAK,CAAC;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,4BAA4B,EAAE,EAAE,CAAC,CAAC;SACvD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC"}

package/dist/license/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * @codeledger/engine/license — Signed license verification.
+ *
+ * Local-first, offline license verification using Ed25519 digital signatures.
+ * The private key lives in the license issuer service (separate private repo).
+ * Only the public key is embedded here.
+ */
+export { parseLicenseKey, isSignedKey, base64urlToBuffer } from './parse.js';
+export type { LicensePayload, ParsedSignedLicense, ParsedLegacyLicense, ParsedLicense, ParseResult, ParseError, } from './parse.js';
+export { verifySignature, validateClaims, verifySignedLicense } from './verify.js';
+export type { VerifyResult, VerifySuccess, VerifyFailure } from './verify.js';
+export { KNOWN_PUBLIC_KEYS, getActivePublicKey, getPublicKeyById, } from './publicKey.js';
+export type { PublicKeyEntry } from './publicKey.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/license/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/license/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC7E,YAAY,EACV,cAAc,EACd,mBAAmB,EACnB,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,UAAU,GACX,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AACnF,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE9E,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,gBAAgB,CAAC;AACxB,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/license/index.js

@@ -0,0 +1,11 @@
+/**
+ * @codeledger/engine/license — Signed license verification.
+ *
+ * Local-first, offline license verification using Ed25519 digital signatures.
+ * The private key lives in the license issuer service (separate private repo).
+ * Only the public key is embedded here.
+ */
+export { parseLicenseKey, isSignedKey, base64urlToBuffer } from './parse.js';
+export { verifySignature, validateClaims, verifySignedLicense } from './verify.js';
+export { KNOWN_PUBLIC_KEYS, getActivePublicKey, getPublicKeyById, } from './publicKey.js';
+//# sourceMappingURL=index.js.map

package/dist/license/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/license/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAU7E,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGnF,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,gBAAgB,CAAC"}

package/dist/license/parse.d.ts

@@ -0,0 +1,42 @@
+/**
+ * License key parsing — split signed keys into components.
+ *
+ * Signed format: CL-PRO.<base64url-payload>.<base64url-signature>
+ * Legacy format:  CL-PRO-XXXX-XXXX-XXXX
+ */
+export interface LicensePayload {
+    plan: string;
+    features: string[];
+    issuedAt: string;
+    expiresAt: string | null;
+    issuedTo?: string;
+    licenseId: string;
+}
+export interface ParsedSignedLicense {
+    kind: 'signed';
+    prefix: string;
+    payloadRaw: string;
+    signatureRaw: string;
+    payload: LicensePayload;
+}
+export interface ParsedLegacyLicense {
+    kind: 'legacy';
+    rawKey: string;
+}
+export type ParsedLicense = ParsedSignedLicense | ParsedLegacyLicense;
+export interface ParseError {
+    kind: 'error';
+    reason: string;
+}
+export type ParseResult = ParsedLicense | ParseError;
+/** Convert base64url string to Buffer. Exported for use by verify.ts. */
+export declare function base64urlToBuffer(input: string): Buffer;
+/**
+ * Determine whether a key is signed (contains dots) or legacy format.
+ */
+export declare function isSignedKey(key: string): boolean;
+/**
+ * Parse a license key string into its components.
+ */
+export declare function parseLicenseKey(rawKey: string): ParseResult;
+//# sourceMappingURL=parse.d.ts.map

package/dist/license/parse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse.d.ts","sourceRoot":"","sources":["../../src/license/parse.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,QAAQ,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,cAAc,CAAC;CACzB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,QAAQ,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,aAAa,GAAG,mBAAmB,GAAG,mBAAmB,CAAC;AAEtE,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,WAAW,GAAG,aAAa,GAAG,UAAU,CAAC;AAIrD,yEAAyE;AACzE,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAMvD;AAOD;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAEhD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,CAyB3D"}

package/dist/license/parse.js

@@ -0,0 +1,106 @@
+/**
+ * License key parsing — split signed keys into components.
+ *
+ * Signed format: CL-PRO.<base64url-payload>.<base64url-signature>
+ * Legacy format:  CL-PRO-XXXX-XXXX-XXXX
+ */
+// ── Base64url helpers ──────────────────────────────────────────────────────
+/** Convert base64url string to Buffer. Exported for use by verify.ts. */
+export function base64urlToBuffer(input) {
+    let base64 = input.replace(/-/g, '+').replace(/_/g, '/');
+    const pad = base64.length % 4;
+    if (pad === 2)
+        base64 += '==';
+    else if (pad === 3)
+        base64 += '=';
+    return Buffer.from(base64, 'base64');
+}
+// ── Parser ─────────────────────────────────────────────────────────────────
+const SIGNED_PREFIX = 'CL-PRO';
+const LEGACY_PATTERN = /^CL-PRO-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}$/;
+/**
+ * Determine whether a key is signed (contains dots) or legacy format.
+ */
+export function isSignedKey(key) {
+    return key.startsWith(SIGNED_PREFIX + '.') && key.split('.').length === 3;
+}
+/**
+ * Parse a license key string into its components.
+ */
+export function parseLicenseKey(rawKey) {
+    if (!rawKey || typeof rawKey !== 'string') {
+        return { kind: 'error', reason: 'License key is empty.' };
+    }
+    const trimmed = rawKey.trim();
+    // Signed format: CL-PRO.<payload>.<signature>
+    if (isSignedKey(trimmed)) {
+        return parseSignedKey(trimmed);
+    }
+    // Legacy format: CL-PRO-XXXX-XXXX-XXXX
+    if (LEGACY_PATTERN.test(trimmed)) {
+        return { kind: 'legacy', rawKey: trimmed };
+    }
+    // Neither format matches
+    if (trimmed.startsWith('CL-PRO.')) {
+        return { kind: 'error', reason: 'Invalid signed license format. Expected: CL-PRO.<payload>.<signature>' };
+    }
+    if (trimmed.startsWith('CL-PRO-')) {
+        return { kind: 'error', reason: 'Invalid key format. Expected: CL-PRO-XXXX-XXXX-XXXX (uppercase alphanumeric).' };
+    }
+    return { kind: 'error', reason: 'Invalid license format.' };
+}
+function parseSignedKey(key) {
+    const parts = key.split('.');
+    if (parts.length !== 3) {
+        return { kind: 'error', reason: 'Invalid signed license format. Expected three dot-separated parts.' };
+    }
+    const [prefix, payloadRaw, signatureRaw] = parts;
+    if (prefix !== SIGNED_PREFIX) {
+        return { kind: 'error', reason: `Invalid license prefix. Expected "${SIGNED_PREFIX}".` };
+    }
+    if (!payloadRaw || !signatureRaw) {
+        return { kind: 'error', reason: 'License payload or signature is empty.' };
+    }
+    // Decode and parse payload
+    let decoded;
+    try {
+        const json = base64urlToBuffer(payloadRaw).toString('utf-8');
+        decoded = JSON.parse(json);
+    }
+    catch {
+        return { kind: 'error', reason: 'Failed to decode license payload.' };
+    }
+    if (typeof decoded !== 'object' || decoded === null) {
+        return { kind: 'error', reason: 'License payload is not a valid object.' };
+    }
+    const obj = decoded;
+    // Validate required fields
+    if (typeof obj['plan'] !== 'string') {
+        return { kind: 'error', reason: 'Missing required field: plan.' };
+    }
+    if (!Array.isArray(obj['features'])) {
+        return { kind: 'error', reason: 'Missing required field: features.' };
+    }
+    if (typeof obj['issuedAt'] !== 'string') {
+        return { kind: 'error', reason: 'Missing required field: issuedAt.' };
+    }
+    if (typeof obj['licenseId'] !== 'string') {
+        return { kind: 'error', reason: 'Missing required field: licenseId.' };
+    }
+    const payload = {
+        plan: obj['plan'],
+        features: obj['features'],
+        issuedAt: obj['issuedAt'],
+        expiresAt: typeof obj['expiresAt'] === 'string' ? obj['expiresAt'] : null,
+        issuedTo: typeof obj['issuedTo'] === 'string' ? obj['issuedTo'] : undefined,
+        licenseId: obj['licenseId'],
+    };
+    return {
+        kind: 'signed',
+        prefix,
+        payloadRaw,
+        signatureRaw,
+        payload,
+    };
+}
+//# sourceMappingURL=parse.js.map

package/dist/license/parse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse.js","sourceRoot":"","sources":["../../src/license/parse.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAmCH,8EAA8E;AAE9E,yEAAyE;AACzE,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,IAAI,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IAC9B,IAAI,GAAG,KAAK,CAAC;QAAE,MAAM,IAAI,IAAI,CAAC;SACzB,IAAI,GAAG,KAAK,CAAC;QAAE,MAAM,IAAI,GAAG,CAAC;IAClC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AACvC,CAAC;AAED,8EAA8E;AAE9E,MAAM,aAAa,GAAG,QAAQ,CAAC;AAC/B,MAAM,cAAc,GAAG,8CAA8C,CAAC;AAEtE;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,OAAO,GAAG,CAAC,UAAU,CAAC,aAAa,GAAG,GAAG,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;AAC5E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,MAAc;IAC5C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAE9B,8CAA8C;IAC9C,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC;IACjC,CAAC;IAED,uCAAuC;IACvC,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC7C,CAAC;IAED,yBAAyB;IACzB,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,uEAAuE,EAAE,CAAC;IAC5G,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,+EAA+E,EAAE,CAAC;IACpH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;AAC9D,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,oEAAoE,EAAE,CAAC;IACzG,CAAC;IAED,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,KAAiC,CAAC;IAE7E,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;QAC7B,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,qCAAqC,aAAa,IAAI,EAAE,CAAC;IAC3F,CAAC;IAED,IAAI,CAAC,UAAU,IAAI,CAAC,YAAY,EAAE,CAAC;QACjC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,wCAAwC,EAAE,CAAC;IAC7E,CAAC;IAED,2BAA2B;IAC3B,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7D,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC;IACxE,CAAC;IAED,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACpD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,wCAAwC,EAAE,CAAC;IAC7E,CAAC;IAED,MAAM,GAAG,GAAG,OAAkC,CAAC;IAE/C,2BAA2B;IAC3B,IAAI,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;IACpE,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;QACpC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC;IACxE,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,UAAU,CAAC,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC;IACxE,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,WAAW,CAAC,KAAK,QAAQ,EAAE,CAAC;QACzC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;IACzE,CAAC;IAED,MAAM,OAAO,GAAmB;QAC9B,IAAI,EAAE,GAAG,CAAC,MAAM,CAAW;QAC3B,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAa;QACrC,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAW;QACnC,SAAS,EAAE,OAAO,GAAG,CAAC,WAAW,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI;QACzE,QAAQ,EAAE,OAAO,GAAG,CAAC,UAAU,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;QAC3E,SAAS,EAAE,GAAG,CAAC,WAAW,CAAW;KACtC,CAAC;IAEF,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,MAAM;QACN,UAAU;QACV,YAAY;QACZ,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/license/publicKey.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Embedded public key for license verification.
+ *
+ * This is the Ed25519 public key corresponding to the private key held by
+ * the license issuer service. Only the public key lives in this repo.
+ *
+ * Key rotation: add new keys to KNOWN_PUBLIC_KEYS with a unique keyId.
+ * The active key is used for new verifications; older keys remain for
+ * backward compatibility with previously issued licenses.
+ */
+export interface PublicKeyEntry {
+    keyId: string;
+    algorithm: 'Ed25519';
+    /** PEM-encoded public key */
+    pem: string;
+    /** When this key became active */
+    activeFrom: string;
+    /** If set, this key is no longer used for new issuance */
+    retiredAt?: string;
+}
+/**
+ * Known public keys for license verification.
+ * The issuer service signs with the corresponding private key.
+ *
+ * To rotate keys:
+ *   1. Generate a new Ed25519 keypair in the issuer service
+ *   2. Add the public key here with a new keyId
+ *   3. Set retiredAt on the old key
+ *   4. The issuer starts signing with the new key
+ *   5. Old licenses continue to verify against the old key
+ */
+export declare const KNOWN_PUBLIC_KEYS: PublicKeyEntry[];
+/** Get the currently active public key (most recent non-retired). */
+export declare function getActivePublicKey(): PublicKeyEntry;
+/** Find a public key by keyId (for verifying older licenses). */
+export declare function getPublicKeyById(keyId: string): PublicKeyEntry | undefined;
+//# sourceMappingURL=publicKey.d.ts.map

package/dist/license/publicKey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"publicKey.d.ts","sourceRoot":"","sources":["../../src/license/publicKey.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,SAAS,CAAC;IACrB,6BAA6B;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,0DAA0D;IAC1D,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,iBAAiB,EAAE,cAAc,EAW7C,CAAC;AAEF,qEAAqE;AACrE,wBAAgB,kBAAkB,IAAI,cAAc,CAQnD;AAED,iEAAiE;AACjE,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAE1E"}

package/dist/license/publicKey.js

@@ -0,0 +1,48 @@
+/**
+ * Embedded public key for license verification.
+ *
+ * This is the Ed25519 public key corresponding to the private key held by
+ * the license issuer service. Only the public key lives in this repo.
+ *
+ * Key rotation: add new keys to KNOWN_PUBLIC_KEYS with a unique keyId.
+ * The active key is used for new verifications; older keys remain for
+ * backward compatibility with previously issued licenses.
+ */
+/**
+ * Known public keys for license verification.
+ * The issuer service signs with the corresponding private key.
+ *
+ * To rotate keys:
+ *   1. Generate a new Ed25519 keypair in the issuer service
+ *   2. Add the public key here with a new keyId
+ *   3. Set retiredAt on the old key
+ *   4. The issuer starts signing with the new key
+ *   5. Old licenses continue to verify against the old key
+ */
+export const KNOWN_PUBLIC_KEYS = [
+    {
+        keyId: 'cl-v1',
+        algorithm: 'Ed25519',
+        pem: [
+            '-----BEGIN PUBLIC KEY-----',
+            'MCowBQYDK2VwAyEADQoOMv3lKd7sfINa9Fr9cfRQn9QiE/pEO5XcOaFc0Ys=',
+            '-----END PUBLIC KEY-----',
+        ].join('\n'),
+        activeFrom: '2026-03-22T00:00:00Z',
+    },
+];
+/** Get the currently active public key (most recent non-retired). */
+export function getActivePublicKey() {
+    const active = KNOWN_PUBLIC_KEYS
+        .filter((k) => !k.retiredAt)
+        .sort((a, b) => b.activeFrom.localeCompare(a.activeFrom));
+    if (active.length === 0) {
+        throw new Error('No active public key configured.');
+    }
+    return active[0];
+}
+/** Find a public key by keyId (for verifying older licenses). */
+export function getPublicKeyById(keyId) {
+    return KNOWN_PUBLIC_KEYS.find((k) => k.keyId === keyId);
+}
+//# sourceMappingURL=publicKey.js.map