npm - @continuonai/rcan-ts - Versions diffs - 0.3.0 → 0.6.0 - Mend

@continuonai/rcan-ts 0.3.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/index.mjs CHANGED Viewed

@@ -95,7 +95,52 @@ var RobotURI = class _RobotURI {
   }
 };
+// src/version.ts
+var SPEC_VERSION = "1.6";
+var SDK_VERSION = "0.6.0";
+function validateVersionCompat(incomingVersion, localVersion = SPEC_VERSION) {
+  const parseParts = (v) => {
+    const parts = v.split(".");
+    const major = parseInt(parts[0] ?? "0", 10);
+    const minor = parseInt(parts[1] ?? "0", 10);
+    return [isNaN(major) ? 0 : major, isNaN(minor) ? 0 : minor];
+  };
+  const [inMajor] = parseParts(incomingVersion);
+  const [localMajor] = parseParts(localVersion);
+  return inMajor === localMajor;
+}
 // src/message.ts
+var MessageType = /* @__PURE__ */ ((MessageType2) => {
+  MessageType2[MessageType2["COMMAND"] = 1] = "COMMAND";
+  MessageType2[MessageType2["RESPONSE"] = 2] = "RESPONSE";
+  MessageType2[MessageType2["STATUS"] = 3] = "STATUS";
+  MessageType2[MessageType2["HEARTBEAT"] = 4] = "HEARTBEAT";
+  MessageType2[MessageType2["CONFIG"] = 5] = "CONFIG";
+  MessageType2[MessageType2["SAFETY"] = 6] = "SAFETY";
+  MessageType2[MessageType2["SENSOR_DATA"] = 7] = "SENSOR_DATA";
+  MessageType2[MessageType2["AUDIT"] = 8] = "AUDIT";
+  MessageType2[MessageType2["DISCOVER"] = 9] = "DISCOVER";
+  MessageType2[MessageType2["TRAINING_DATA"] = 10] = "TRAINING_DATA";
+  MessageType2[MessageType2["TRANSPARENCY"] = 11] = "TRANSPARENCY";
+  MessageType2[MessageType2["FEDERATION_SYNC"] = 12] = "FEDERATION_SYNC";
+  MessageType2[MessageType2["ALERT"] = 13] = "ALERT";
+  MessageType2[MessageType2["TELEOP"] = 14] = "TELEOP";
+  MessageType2[MessageType2["CHAT"] = 15] = "CHAT";
+  MessageType2[MessageType2["ERROR"] = 16] = "ERROR";
+  MessageType2[MessageType2["COMMAND_ACK"] = 17] = "COMMAND_ACK";
+  MessageType2[MessageType2["COMMAND_COMMIT"] = 18] = "COMMAND_COMMIT";
+  MessageType2[MessageType2["ROBOT_REVOCATION"] = 19] = "ROBOT_REVOCATION";
+  MessageType2[MessageType2["CONSENT_REQUEST"] = 20] = "CONSENT_REQUEST";
+  MessageType2[MessageType2["CONSENT_GRANT"] = 21] = "CONSENT_GRANT";
+  MessageType2[MessageType2["CONSENT_DENY"] = 22] = "CONSENT_DENY";
+  MessageType2[MessageType2["FLEET_COMMAND"] = 23] = "FLEET_COMMAND";
+  MessageType2[MessageType2["SUBSCRIBE"] = 24] = "SUBSCRIBE";
+  MessageType2[MessageType2["UNSUBSCRIBE"] = 25] = "UNSUBSCRIBE";
+  MessageType2[MessageType2["FAULT_REPORT"] = 26] = "FAULT_REPORT";
+  MessageType2[MessageType2["COMMAND_NACK"] = 27] = "COMMAND_NACK";
+  return MessageType2;
+})(MessageType || {});
 var RCANMessageError = class extends Error {
   constructor(message) {
     super(message);
@@ -104,6 +149,8 @@ var RCANMessageError = class extends Error {
 };
 var RCANMessage = class _RCANMessage {
   rcan;
+  /** v1.5: rcanVersion field — defaults to SPEC_VERSION */
+  rcanVersion;
   cmd;
   target;
   params;
@@ -111,6 +158,22 @@ var RCANMessage = class _RCANMessage {
   modelIdentity;
   signature;
   timestamp;
+  /** v1.5 fields */
+  senderType;
+  cloudProvider;
+  keyId;
+  delegationChain;
+  groupId;
+  qos;
+  presenceVerified;
+  proximityMeters;
+  readOnly;
+  /** v1.6: GAP-14 level of assurance */
+  loa;
+  /** v1.6: GAP-17 transport encoding hint */
+  transportEncoding;
+  /** v1.6: GAP-18 multi-modal media chunks */
+  mediaChunks;
   constructor(data) {
     if (!data.cmd || data.cmd.trim() === "") {
       throw new RCANMessageError("'cmd' is required");
@@ -118,7 +181,8 @@ var RCANMessage = class _RCANMessage {
     if (!data.target) {
       throw new RCANMessageError("'target' is required");
     }
-    this.rcan = data.rcan ?? "1.2";
+    this.rcan = data.rcan ?? SPEC_VERSION;
+    this.rcanVersion = data.rcanVersion ?? SPEC_VERSION;
     this.cmd = data.cmd;
     this.target = data.target instanceof RobotURI ? data.target.toString() : String(data.target);
     this.params = data.params ?? {};
@@ -126,6 +190,18 @@ var RCANMessage = class _RCANMessage {
     this.modelIdentity = data.modelIdentity ?? data.model_identity;
     this.signature = data.signature;
     this.timestamp = data.timestamp ?? (/* @__PURE__ */ new Date()).toISOString();
+    this.senderType = data.senderType;
+    this.cloudProvider = data.cloudProvider;
+    this.keyId = data.keyId;
+    this.delegationChain = data.delegationChain;
+    this.groupId = data.groupId;
+    this.qos = data.qos;
+    this.presenceVerified = data.presenceVerified;
+    this.proximityMeters = data.proximityMeters;
+    this.readOnly = data.readOnly;
+    this.loa = data.loa;
+    this.transportEncoding = data.transportEncoding;
+    this.mediaChunks = data.mediaChunks;
     if (this.confidence !== void 0) {
       if (this.confidence < 0 || this.confidence > 1) {
         throw new RCANMessageError(
@@ -146,6 +222,7 @@ var RCANMessage = class _RCANMessage {
   toJSON() {
     const obj = {
       rcan: this.rcan,
+      rcanVersion: this.rcanVersion,
       cmd: this.cmd,
       target: this.target,
       timestamp: this.timestamp
@@ -154,6 +231,18 @@ var RCANMessage = class _RCANMessage {
     if (this.confidence !== void 0) obj.confidence = this.confidence;
     if (this.modelIdentity) obj.model_identity = this.modelIdentity;
     if (this.signature) obj.signature = this.signature;
+    if (this.senderType !== void 0) obj.senderType = this.senderType;
+    if (this.cloudProvider !== void 0) obj.cloudProvider = this.cloudProvider;
+    if (this.keyId !== void 0) obj.keyId = this.keyId;
+    if (this.delegationChain !== void 0) obj.delegationChain = this.delegationChain;
+    if (this.groupId !== void 0) obj.groupId = this.groupId;
+    if (this.qos !== void 0) obj.qos = this.qos;
+    if (this.presenceVerified !== void 0) obj.presenceVerified = this.presenceVerified;
+    if (this.proximityMeters !== void 0) obj.proximityMeters = this.proximityMeters;
+    if (this.readOnly !== void 0) obj.readOnly = this.readOnly;
+    if (this.loa !== void 0) obj.loa = this.loa;
+    if (this.transportEncoding !== void 0) obj.transportEncoding = this.transportEncoding;
+    if (this.mediaChunks !== void 0) obj.mediaChunks = this.mediaChunks;
     return obj;
   }
   /** Serialize to JSON string */
@@ -177,16 +266,56 @@ var RCANMessage = class _RCANMessage {
     if (!obj.rcan) throw new RCANMessageError("Missing required field: 'rcan'");
     return new _RCANMessage({
       rcan: obj.rcan,
+      rcanVersion: obj.rcanVersion,
       cmd: obj.cmd,
       target: obj.target,
       params: obj.params ?? {},
       confidence: obj.confidence,
       modelIdentity: obj.model_identity ?? obj.modelIdentity,
       signature: obj.signature,
-      timestamp: obj.timestamp
+      timestamp: obj.timestamp,
+      senderType: obj.senderType,
+      cloudProvider: obj.cloudProvider,
+      keyId: obj.keyId,
+      delegationChain: obj.delegationChain,
+      groupId: obj.groupId,
+      qos: obj.qos,
+      presenceVerified: obj.presenceVerified,
+      proximityMeters: obj.proximityMeters,
+      readOnly: obj.readOnly,
+      loa: obj.loa,
+      transportEncoding: obj.transportEncoding,
+      mediaChunks: obj.mediaChunks
     });
   }
 };
+function makeCloudRelayMessage(base, provider) {
+  const data = base.toJSON();
+  data.senderType = "cloud_function";
+  data.cloudProvider = provider;
+  return new RCANMessage(data);
+}
+function addDelegationHop(msg, hop) {
+  const chain = msg.delegationChain ? [...msg.delegationChain, hop] : [hop];
+  const data = msg.toJSON();
+  data.delegationChain = chain;
+  return new RCANMessage(data);
+}
+function validateDelegationChain(chain) {
+  if (chain.length > 4) {
+    return { valid: false, reason: "DELEGATION_CHAIN_EXCEEDED: max depth is 4 hops" };
+  }
+  for (let i = 0; i < chain.length; i++) {
+    const hop = chain[i];
+    if (!hop) return { valid: false, reason: `hop ${i} is undefined` };
+    if (!hop.issuerRuri) return { valid: false, reason: `hop ${i}: missing issuerRuri` };
+    if (!hop.humanSubject) return { valid: false, reason: `hop ${i}: missing humanSubject` };
+    if (!hop.timestamp) return { valid: false, reason: `hop ${i}: missing timestamp` };
+    if (!hop.scope) return { valid: false, reason: `hop ${i}: missing scope` };
+    if (!hop.signature) return { valid: false, reason: `hop ${i}: missing signature` };
+  }
+  return { valid: true, reason: "ok" };
+}
 // src/crypto.ts
 function generateUUID() {
@@ -775,6 +904,34 @@ var RCANNodeTrustError = class _RCANNodeTrustError extends RCANNodeError {
     Object.setPrototypeOf(this, _RCANNodeTrustError.prototype);
   }
 };
+var RCANVersionIncompatibleError = class _RCANVersionIncompatibleError extends RCANError {
+  constructor(incomingVersion, localVersion) {
+    super(`VERSION_INCOMPATIBLE: incoming=${incomingVersion}, local=${localVersion}`);
+    this.name = "RCANVersionIncompatibleError";
+    Object.setPrototypeOf(this, _RCANVersionIncompatibleError.prototype);
+  }
+};
+var RCANReplayAttackError = class _RCANReplayAttackError extends RCANError {
+  constructor(reason) {
+    super(`REPLAY_DETECTED: ${reason}`);
+    this.name = "RCANReplayAttackError";
+    Object.setPrototypeOf(this, _RCANReplayAttackError.prototype);
+  }
+};
+var RCANDelegationChainError = class _RCANDelegationChainError extends RCANError {
+  constructor(reason) {
+    super(`DELEGATION_CHAIN_ERROR: ${reason}`);
+    this.name = "RCANDelegationChainError";
+    Object.setPrototypeOf(this, _RCANDelegationChainError.prototype);
+  }
+};
+var RCANConfigAuthorizationError = class _RCANConfigAuthorizationError extends RCANError {
+  constructor(reason) {
+    super(`CONFIG_AUTH_ERROR: ${reason}`);
+    this.name = "RCANConfigAuthorizationError";
+    Object.setPrototypeOf(this, _RCANConfigAuthorizationError.prototype);
+  }
+};
 // src/registry.ts
 var DEFAULT_BASE_URL = "https://rcan-spec.pages.dev";
@@ -1140,19 +1297,1389 @@ async function validateNodeAgainstSchema(manifest) {
   return errors.length === 0 ? { valid: true } : { valid: false, errors };
 }
+// src/qos.ts
+var QoSLevel = /* @__PURE__ */ ((QoSLevel2) => {
+  QoSLevel2[QoSLevel2["FIRE_AND_FORGET"] = 0] = "FIRE_AND_FORGET";
+  QoSLevel2[QoSLevel2["ACKNOWLEDGED"] = 1] = "ACKNOWLEDGED";
+  QoSLevel2[QoSLevel2["EXACTLY_ONCE"] = 2] = "EXACTLY_ONCE";
+  return QoSLevel2;
+})(QoSLevel || {});
+var QoSAckTimeoutError = class _QoSAckTimeoutError extends Error {
+  constructor(msgId) {
+    super(`ACK timeout for message ${msgId} \u2014 safety halt required`);
+    this.name = "QoSAckTimeoutError";
+    Object.setPrototypeOf(this, _QoSAckTimeoutError.prototype);
+  }
+};
+var QoSManager = class {
+  _send;
+  _waitForAck;
+  constructor(send, waitForAck) {
+    this._send = send;
+    this._waitForAck = waitForAck;
+  }
+  /**
+   * Send a message with the specified QoS level.
+   *
+   * For QoS 0: fire and forget.
+   * For QoS 1: retry until ACK received or maxRetries exhausted.
+   * For QoS 2: same as QoS 1 but sends a COMMAND_COMMIT after ACK.
+   */
+  async sendWithQoS(msg, opts = {}) {
+    const qos = opts.qos ?? 0 /* FIRE_AND_FORGET */;
+    const maxRetries = opts.maxRetries ?? 3;
+    const initialBackoffMs = opts.initialBackoffMs ?? 100;
+    const ackTimeoutMs = opts.ackTimeoutMs ?? 500;
+    if (qos === 0 /* FIRE_AND_FORGET */) {
+      await this._send(msg);
+      return { delivered: true, attempts: 1, reason: "fire-and-forget" };
+    }
+    const msgId = msg.message_id ?? msg.msg_id ?? "unknown";
+    let attempts = 0;
+    let backoffMs = initialBackoffMs;
+    while (attempts <= maxRetries) {
+      await this._send(msg);
+      attempts++;
+      const acked = await this._waitForAck(msgId, ackTimeoutMs);
+      if (acked) {
+        return { delivered: true, attempts, reason: qos === 2 /* EXACTLY_ONCE */ ? "exactly-once" : "acknowledged" };
+      }
+      if (attempts > maxRetries) break;
+      await sleep(backoffMs);
+      backoffMs = Math.min(backoffMs * 2, 5e3);
+    }
+    return { delivered: false, attempts, reason: `ACK not received after ${maxRetries} retries` };
+  }
+};
+function makeEstopWithQoS(ruri, reason) {
+  const msg = {
+    message_type: 6,
+    ruri,
+    safety_event: "ESTOP",
+    reason: reason.slice(0, 512),
+    timestamp_ms: Date.now(),
+    message_id: generateId(),
+    qos: 2 /* EXACTLY_ONCE */
+  };
+  return msg;
+}
+function generateId() {
+  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
+    return crypto.randomUUID();
+  }
+  const bytes = Array.from({ length: 16 }, () => Math.floor(Math.random() * 256));
+  bytes[6] = bytes[6] & 15 | 64;
+  bytes[8] = bytes[8] & 63 | 128;
+  const hex = bytes.map((b) => b.toString(16).padStart(2, "0"));
+  return `${hex.slice(0, 4).join("")}-${hex.slice(4, 6).join("")}-${hex.slice(6, 8).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+// src/safety.ts
+var SAFETY_MESSAGE_TYPE = 6;
+function generateId2() {
+  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
+    return crypto.randomUUID();
+  }
+  const bytes = Array.from({ length: 16 }, () => Math.floor(Math.random() * 256));
+  bytes[6] = bytes[6] & 15 | 64;
+  bytes[8] = bytes[8] & 63 | 128;
+  const hex = bytes.map((b) => b.toString(16).padStart(2, "0"));
+  return `${hex.slice(0, 4).join("")}-${hex.slice(4, 6).join("")}-${hex.slice(6, 8).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
+}
+function makeEstopMessage(ruri, reason) {
+  return {
+    message_type: 6,
+    ruri,
+    safety_event: "ESTOP",
+    reason: reason.slice(0, 512),
+    timestamp_ms: Date.now(),
+    message_id: generateId2(),
+    qos: 2 /* EXACTLY_ONCE */
+  };
+}
+function makeStopMessage(ruri, reason) {
+  return {
+    message_type: 6,
+    ruri,
+    safety_event: "STOP",
+    reason: reason.slice(0, 512),
+    timestamp_ms: Date.now(),
+    message_id: generateId2()
+  };
+}
+function makeResumeMessage(ruri, reason) {
+  return {
+    message_type: 6,
+    ruri,
+    safety_event: "RESUME",
+    reason: reason.slice(0, 512),
+    timestamp_ms: Date.now(),
+    message_id: generateId2()
+  };
+}
+function isSafetyMessage(msg) {
+  return typeof msg === "object" && msg !== null && msg.message_type === SAFETY_MESSAGE_TYPE;
+}
+function validateSafetyMessage(msg) {
+  const errors = [];
+  if (msg.message_type !== 6) errors.push("message_type must be 6");
+  if (!msg.ruri) errors.push("ruri is required");
+  if (!["ESTOP", "STOP", "RESUME"].includes(msg.safety_event ?? "")) {
+    errors.push("safety_event must be ESTOP, STOP, or RESUME");
+  }
+  if (!msg.reason || msg.reason.length === 0) errors.push("reason is required");
+  if (!msg.message_id) errors.push("message_id is required");
+  if (!msg.timestamp_ms || msg.timestamp_ms <= 0) errors.push("timestamp_ms must be positive");
+  return errors;
+}
+function makeTransparencyMessage(ruri, disclosure, delegationChain) {
+  return {
+    message_type: 11,
+    ruri,
+    disclosure,
+    timestamp_ms: Date.now(),
+    message_id: generateId2(),
+    delegation_chain: delegationChain
+  };
+}
+// src/replay.ts
+var SAFETY_MESSAGE_TYPE2 = 6;
+var SAFETY_MAX_WINDOW_S = 10;
+var DEFAULT_WINDOW_S = 30;
+var DEFAULT_MAX_SIZE = 1e4;
+var ReplayCache = class {
+  windowSeconds;
+  maxSize;
+  /** Map<msgId, expiresAtMs> */
+  _seen;
+  constructor(windowSeconds = DEFAULT_WINDOW_S, maxSize = DEFAULT_MAX_SIZE) {
+    this.windowSeconds = windowSeconds;
+    this.maxSize = maxSize;
+    this._seen = /* @__PURE__ */ new Map();
+  }
+  /**
+   * Check a message id + timestamp and record it if allowed.
+   *
+   * @param msgId     - unique message identifier
+   * @param timestamp - ISO 8601 string or Unix seconds (float)
+   * @param isSafety  - if true, enforce the 10s safety window cap
+   */
+  checkAndRecord(msgId, timestamp, isSafety = false) {
+    const now = Date.now();
+    this._evict(now);
+    const window = isSafety ? Math.min(this.windowSeconds, SAFETY_MAX_WINDOW_S) : this.windowSeconds;
+    const tMs = parseTimestampMs(timestamp);
+    if (tMs === null) {
+      return { allowed: false, reason: `invalid timestamp format: ${timestamp}` };
+    }
+    const ageMs = now - tMs;
+    const windowMs = window * 1e3;
+    if (ageMs > windowMs) {
+      return {
+        allowed: false,
+        reason: `message too old: age=${Math.round(ageMs / 1e3)}s > window=${window}s`
+      };
+    }
+    if (tMs > now + 5e3) {
+      return {
+        allowed: false,
+        reason: `message timestamp is in the future`
+      };
+    }
+    if (this._seen.has(msgId)) {
+      return { allowed: false, reason: `replay detected: msg_id ${msgId} already seen` };
+    }
+    if (this._seen.size >= this.maxSize) {
+      const firstKey = this._seen.keys().next().value;
+      this._seen.delete(firstKey);
+    }
+    const expiresAt = now + windowMs;
+    this._seen.set(msgId, expiresAt);
+    return { allowed: true, reason: "ok" };
+  }
+  /** Evict entries whose window has passed */
+  _evict(now) {
+    for (const [id, expiresAt] of this._seen) {
+      if (expiresAt <= now) {
+        this._seen.delete(id);
+      }
+    }
+  }
+  /** Number of entries currently tracked */
+  get size() {
+    return this._seen.size;
+  }
+};
+function validateReplay(message, cache) {
+  const msg = message;
+  const msgId = msg.message_id ?? msg.msg_id;
+  if (!msgId) {
+    return { valid: false, reason: "missing message_id / msg_id" };
+  }
+  let timestamp;
+  if (typeof msg.timestamp_ms === "number") {
+    timestamp = String(msg.timestamp_ms / 1e3);
+  } else if (msg.timestamp !== void 0) {
+    timestamp = String(msg.timestamp);
+  }
+  if (!timestamp) {
+    return { valid: false, reason: "missing timestamp" };
+  }
+  const isSafety = msg.message_type === SAFETY_MESSAGE_TYPE2 || msg.message_type === SAFETY_MESSAGE_TYPE2;
+  const result = cache.checkAndRecord(msgId, timestamp, isSafety);
+  return { valid: result.allowed, reason: result.reason };
+}
+function parseTimestampMs(ts) {
+  if (ts.includes("T") || ts.includes("-")) {
+    const d = new Date(ts);
+    if (!isNaN(d.getTime())) return d.getTime();
+  }
+  const n = parseFloat(ts);
+  if (isNaN(n)) return null;
+  if (n > 1e12) return n;
+  return n * 1e3;
+}
+// src/clock.ts
+var ClockDriftError = class _ClockDriftError extends Error {
+  offsetSeconds;
+  constructor(offsetSeconds, maxDriftSeconds) {
+    super(
+      `Clock drift too large: offset=${offsetSeconds.toFixed(3)}s > max=${maxDriftSeconds}s`
+    );
+    this.name = "ClockDriftError";
+    this.offsetSeconds = offsetSeconds;
+    Object.setPrototypeOf(this, _ClockDriftError.prototype);
+  }
+};
+async function checkClockSync(timeServer) {
+  const server = timeServer ?? "https://worldtimeapi.org/api/ip";
+  try {
+    const before = Date.now();
+    const resp = await fetch(server, { method: "HEAD", signal: AbortSignal.timeout(3e3) });
+    const after = Date.now();
+    const dateHeader = resp.headers.get("Date") ?? resp.headers.get("date");
+    if (!dateHeader) {
+      return {
+        synchronized: true,
+        offsetSeconds: 0,
+        source: "assumed (no Date header)"
+      };
+    }
+    const serverMs = new Date(dateHeader).getTime();
+    if (isNaN(serverMs)) {
+      return { synchronized: true, offsetSeconds: 0, source: "assumed (unparseable Date header)" };
+    }
+    const localMidpoint = (before + after) / 2;
+    const offsetSeconds = (localMidpoint - serverMs) / 1e3;
+    const synchronized = Math.abs(offsetSeconds) <= 5;
+    return { synchronized, offsetSeconds, source: server };
+  } catch {
+    return { synchronized: true, offsetSeconds: 0, source: "assumed (network unavailable)" };
+  }
+}
+async function assertClockSynced(maxDriftSeconds = 5) {
+  const status = await checkClockSync();
+  if (!status.synchronized || Math.abs(status.offsetSeconds) > maxDriftSeconds) {
+    throw new ClockDriftError(status.offsetSeconds, maxDriftSeconds);
+  }
+}
+// src/configUpdate.ts
+async function hashDiff(diff) {
+  const text = JSON.stringify(diff, Object.keys(diff).sort());
+  if (typeof crypto !== "undefined" && crypto.subtle) {
+    const encoded = new TextEncoder().encode(text);
+    const hashBuf = await crypto.subtle.digest("SHA-256", encoded);
+    return Array.from(new Uint8Array(hashBuf)).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  let hash = 2166136261;
+  for (let i = 0; i < text.length; i++) {
+    hash ^= text.charCodeAt(i);
+    hash = hash * 16777619 >>> 0;
+  }
+  return hash.toString(16).padStart(8, "0");
+}
+async function makeConfigUpdate(diff, scope, rollback, target = "rcan://local/config", safetyOverrides = false) {
+  const configHash = await hashDiff(diff);
+  return new RCANMessage({
+    rcan: SPEC_VERSION,
+    cmd: "CONFIG_UPDATE",
+    target,
+    params: {
+      message_type: 5 /* CONFIG */,
+      diff,
+      rollback,
+      scope,
+      config_hash: configHash,
+      safety_overrides: safetyOverrides
+    }
+  });
+}
+function validateConfigUpdate(msg) {
+  const p = msg.params;
+  if (!p.diff || typeof p.diff !== "object") {
+    return { valid: false, reason: "missing required field: params.diff" };
+  }
+  if (!p.config_hash || typeof p.config_hash !== "string") {
+    return { valid: false, reason: "missing required field: params.config_hash" };
+  }
+  if (!("rollback" in p)) {
+    return { valid: false, reason: "missing required field: params.rollback" };
+  }
+  if (p.safety_overrides === true && p.scope !== "creator") {
+    return {
+      valid: false,
+      reason: "safety_overrides=true requires scope=creator (owner is insufficient)"
+    };
+  }
+  return { valid: true, reason: "ok" };
+}
+// src/keys.ts
+function generateId3() {
+  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
+    return crypto.randomUUID();
+  }
+  return `${Date.now()}-${Math.random().toString(36).slice(2)}`;
+}
+var KeyStore = class {
+  _keys = [];
+  /** Add a key to the store */
+  addKey(entry) {
+    this._keys.push(entry);
+  }
+  /** Get the current JWKS document (all non-revoked keys) */
+  getJWKS() {
+    return { keys: [...this._keys] };
+  }
+  /** Find a key by kid */
+  findKey(kid) {
+    return this._keys.find((k) => k.kid === kid);
+  }
+  /** Check if a key is valid (not expired, not revoked) */
+  isKeyValid(kid, nowMs) {
+    const entry = this.findKey(kid);
+    if (!entry) return false;
+    const now = (nowMs ?? Date.now()) / 1e3;
+    if (entry.revoked_at !== void 0 && entry.revoked_at <= now) return false;
+    if (entry.exp !== void 0 && entry.exp < now) return false;
+    return true;
+  }
+  /** Mark a key as expired (rotate out) */
+  expireKey(kid, expiresAt) {
+    const entry = this.findKey(kid);
+    if (entry) {
+      entry.exp = expiresAt ?? Math.floor(Date.now() / 1e3);
+    }
+  }
+  /** Revoke a key immediately */
+  revokeKey(kid) {
+    const entry = this.findKey(kid);
+    if (entry) {
+      entry.revoked_at = Math.floor(Date.now() / 1e3);
+    }
+  }
+  /** All valid keys (not expired, not revoked) */
+  validKeys(nowMs) {
+    return this._keys.filter((k) => this.isKeyValid(k.kid, nowMs));
+  }
+};
+function makeKeyRotationMessage(newPublicKey, oldKeyId, overlapSeconds = 120, target = "rcan://local/keys") {
+  const newKid = generateId3().slice(0, 8);
+  return new RCANMessage({
+    rcan: SPEC_VERSION,
+    cmd: "KEY_ROTATION",
+    target,
+    params: {
+      message_type: 5 /* CONFIG */,
+      new_public_key: newPublicKey,
+      new_kid: newKid,
+      old_kid: oldKeyId,
+      overlap_seconds: overlapSeconds,
+      initiated_at: (/* @__PURE__ */ new Date()).toISOString()
+    },
+    keyId: newKid
+  });
+}
+// src/consent.ts
+function generateId4() {
+  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
+    return crypto.randomUUID();
+  }
+  return `${Date.now()}-${Math.random().toString(36).slice(2)}`;
+}
+function makeConsentRequest(params) {
+  const requestId = params.requestId ?? generateId4();
+  return new RCANMessage({
+    rcan: SPEC_VERSION,
+    cmd: "CONSENT_REQUEST",
+    target: params.targetRuri,
+    params: {
+      message_type: 20 /* CONSENT_REQUEST */,
+      requester_ruri: params.requesterRuri,
+      requester_owner: params.requesterOwner,
+      target_ruri: params.targetRuri,
+      requested_scopes: params.requestedScopes,
+      duration_hours: params.durationHours,
+      justification: params.justification,
+      request_id: requestId,
+      consent_type: params.consentType ?? "cross_robot",
+      data_categories: params.dataCategories ?? []
+    }
+  });
+}
+function makeConsentGrant(params) {
+  const expiresAt = params.expiresAt ?? new Date(Date.now() + 24 * 3600 * 1e3).toISOString();
+  return new RCANMessage({
+    rcan: SPEC_VERSION,
+    cmd: "CONSENT_GRANT",
+    target: "rcan://local/consent",
+    params: {
+      message_type: 21 /* CONSENT_GRANT */,
+      request_id: params.requestId,
+      granted_scopes: params.grantedScopes ?? [],
+      expires_at: expiresAt,
+      reason: params.reason ?? "approved"
+    }
+  });
+}
+function makeConsentDeny(params) {
+  return new RCANMessage({
+    rcan: SPEC_VERSION,
+    cmd: "CONSENT_DENY",
+    target: "rcan://local/consent",
+    params: {
+      message_type: 22 /* CONSENT_DENY */,
+      request_id: params.requestId,
+      reason: params.reason ?? "denied"
+    }
+  });
+}
+function validateConsentMessage(msg) {
+  const cmd = msg.cmd;
+  const p = msg.params;
+  const msgType = p.message_type;
+  if (cmd === "CONSENT_REQUEST") {
+    if (msgType !== 20 /* CONSENT_REQUEST */) {
+      return { valid: false, reason: "message_type must be CONSENT_REQUEST (20)" };
+    }
+    if (!p.requester_ruri) return { valid: false, reason: "missing requester_ruri" };
+    if (!p.target_ruri) return { valid: false, reason: "missing target_ruri" };
+    if (!p.requested_scopes || !Array.isArray(p.requested_scopes) || p.requested_scopes.length === 0) {
+      return { valid: false, reason: "requested_scopes must be a non-empty array" };
+    }
+    if (!p.request_id) return { valid: false, reason: "missing request_id" };
+    if (!p.justification) return { valid: false, reason: "missing justification" };
+    return { valid: true, reason: "ok" };
+  }
+  if (cmd === "CONSENT_GRANT") {
+    if (msgType !== 21 /* CONSENT_GRANT */) {
+      return { valid: false, reason: "message_type must be CONSENT_GRANT (21)" };
+    }
+    if (!p.request_id) return { valid: false, reason: "missing request_id" };
+    if (!p.expires_at) return { valid: false, reason: "missing expires_at" };
+    return { valid: true, reason: "ok" };
+  }
+  if (cmd === "CONSENT_DENY") {
+    if (msgType !== 22 /* CONSENT_DENY */) {
+      return { valid: false, reason: "message_type must be CONSENT_DENY (22)" };
+    }
+    if (!p.request_id) return { valid: false, reason: "missing request_id" };
+    return { valid: true, reason: "ok" };
+  }
+  return { valid: false, reason: `unknown consent command: ${cmd}` };
+}
+// src/revocation.ts
+var CACHE_TTL_MS = 60 * 60 * 1e3;
+var RevocationCache = class {
+  _cache = /* @__PURE__ */ new Map();
+  /** Get a cached status if still fresh */
+  get(rrn, nowMs) {
+    const entry = this._cache.get(rrn);
+    if (!entry) return void 0;
+    const now = nowMs ?? Date.now();
+    if (entry.cachedUntil !== void 0 && entry.cachedUntil < now) {
+      this._cache.delete(rrn);
+      return void 0;
+    }
+    return entry;
+  }
+  /** Store a status record with a 1h TTL */
+  set(status, nowMs) {
+    const now = nowMs ?? Date.now();
+    this._cache.set(status.rrn, {
+      ...status,
+      cachedUntil: now + CACHE_TTL_MS
+    });
+  }
+  /** Invalidate a cached entry immediately */
+  invalidate(rrn) {
+    this._cache.delete(rrn);
+  }
+  /** Number of cached entries */
+  get size() {
+    return this._cache.size;
+  }
+};
+async function checkRevocation(rrn, registryUrl, cache) {
+  const c = cache ?? new RevocationCache();
+  const cached = c.get(rrn);
+  if (cached) return cached;
+  const url = `${registryUrl.replace(/\/$/, "")}/api/v1/robots/${encodeURIComponent(rrn)}/revocation-status`;
+  try {
+    const resp = await fetch(url, { signal: AbortSignal.timeout(5e3) });
+    if (!resp.ok) {
+      const status2 = { rrn, status: "active", reason: `registry returned ${resp.status}` };
+      c.set(status2);
+      return status2;
+    }
+    const data = await resp.json();
+    const status = {
+      rrn,
+      status: data.status ?? "active",
+      revokedAt: data.revokedAt,
+      reason: data.reason,
+      authority: data.authority
+    };
+    c.set(status);
+    return status;
+  } catch {
+    const status = { rrn, status: "active", reason: "network unavailable" };
+    return status;
+  }
+}
+function makeRevocationBroadcast(rrn, reason) {
+  return new RCANMessage({
+    rcan: SPEC_VERSION,
+    cmd: "ROBOT_REVOCATION",
+    target: "rcan://broadcast/revocation",
+    params: {
+      message_type: 19 /* ROBOT_REVOCATION */,
+      rrn,
+      reason,
+      revoked_at: (/* @__PURE__ */ new Date()).toISOString()
+    }
+  });
+}
+// src/trainingConsent.ts
+var DataCategory = /* @__PURE__ */ ((DataCategory2) => {
+  DataCategory2["VIDEO"] = "video";
+  DataCategory2["AUDIO"] = "audio";
+  DataCategory2["LOCATION"] = "location";
+  DataCategory2["BIOMETRIC"] = "biometric";
+  DataCategory2["TELEMETRY"] = "telemetry";
+  return DataCategory2;
+})(DataCategory || {});
+function makeTrainingConsentRequest(params) {
+  return makeConsentRequest({
+    requesterRuri: params.requesterRuri,
+    requesterOwner: params.requesterOwner,
+    targetRuri: params.targetRuri,
+    requestedScopes: ["training_data"],
+    durationHours: params.durationHours,
+    justification: params.justification,
+    requestId: params.requestId,
+    consentType: "training_data",
+    dataCategories: params.dataCategories
+  });
+}
+function makeTrainingConsentGrant(params) {
+  return makeConsentGrant(params);
+}
+function makeTrainingConsentDeny(params) {
+  return makeConsentDeny(params);
+}
+function validateTrainingDataMessage(msg) {
+  if (msg.params.message_type !== 10 /* TRAINING_DATA */) {
+    return { valid: false, reason: "not a TRAINING_DATA message" };
+  }
+  const token = msg.params.consent_token;
+  if (!token || typeof token !== "string" || token.trim() === "") {
+    return {
+      valid: false,
+      reason: "TRAINING_DATA message missing consent_token (\xA717)"
+    };
+  }
+  return { valid: true, reason: "ok" };
+}
+// src/offline.ts
+var SAFETY_MESSAGE_TYPE3 = 6;
+var DEFAULT_CROSS_OWNER_GRACE_S = 3600;
+var DEFAULT_KEY_TTL_S = 86400;
+var OfflineModeManager = class {
+  crossOwnerGraceS;
+  keyTtlS;
+  _cachedKeys = [];
+  constructor(crossOwnerGraceS = DEFAULT_CROSS_OWNER_GRACE_S, keyTtlS = DEFAULT_KEY_TTL_S) {
+    this.crossOwnerGraceS = crossOwnerGraceS;
+    this.keyTtlS = keyTtlS;
+  }
+  /**
+   * Determine whether a command can be accepted in the current offline state.
+   *
+   * @param msg         - The incoming message (SafetyMessage or plain object with message_type)
+   * @param isOffline   - Whether we are currently in offline mode
+   * @param localNetwork - Whether the sender is on the local network
+   * @param isOwner      - Whether the sender has owner-level role (validated locally)
+   * @param isCrossOwner - Whether this is a cross-owner (non-same-owner) command
+   * @param nowMs        - Optional current time in ms (for testing)
+   */
+  canAcceptCommand(msg, isOffline, localNetwork, isOwner = true, isCrossOwner = false, offlineSinceMs, nowMs) {
+    if (msg && msg.message_type === SAFETY_MESSAGE_TYPE3 && msg.safety_event === "ESTOP") {
+      return { allowed: true, reason: "ESTOP always accepted (Protocol 66)" };
+    }
+    if (!isOffline) {
+      return { allowed: true, reason: "online mode" };
+    }
+    if (!localNetwork) {
+      return {
+        allowed: false,
+        reason: "offline mode: cross-network commands blocked"
+      };
+    }
+    if (!isOwner) {
+      return {
+        allowed: false,
+        reason: "offline mode: only owner-role commands accepted from local network"
+      };
+    }
+    if (isCrossOwner && offlineSinceMs !== void 0) {
+      const now = nowMs ?? Date.now();
+      const offlineSeconds = (now - offlineSinceMs) / 1e3;
+      if (offlineSeconds > this.crossOwnerGraceS) {
+        return {
+          allowed: false,
+          reason: `offline mode: cross-owner grace period expired (${Math.round(offlineSeconds)}s > ${this.crossOwnerGraceS}s)`
+        };
+      }
+    }
+    return {
+      allowed: true,
+      reason: "offline mode: owner command on local network accepted"
+    };
+  }
+  /** Cache a public key for offline use */
+  cacheKey(entry, nowMs) {
+    const now = nowMs ?? Date.now();
+    this._cachedKeys = this._cachedKeys.filter((k) => k.kid !== entry.kid);
+    this._cachedKeys.push({
+      ...entry,
+      cachedAtMs: now,
+      ttlSeconds: this.keyTtlS
+    });
+  }
+  /** Get a cached public key if still valid */
+  getCachedKey(kid, nowMs) {
+    const now = nowMs ?? Date.now();
+    const entry = this._cachedKeys.find((k) => k.kid === kid);
+    if (!entry) return void 0;
+    const age = (now - entry.cachedAtMs) / 1e3;
+    if (age > entry.ttlSeconds) {
+      this._cachedKeys = this._cachedKeys.filter((k) => k.kid !== kid);
+      return void 0;
+    }
+    return entry;
+  }
+  /** Protocol 66 manifest fields for offline mode */
+  getManifestFields(offlineSinceMs, nowMs) {
+    if (offlineSinceMs === void 0) {
+      return { offline_mode: false, offline_since_s: 0 };
+    }
+    const now = nowMs ?? Date.now();
+    return {
+      offline_mode: true,
+      offline_since_s: Math.round((now - offlineSinceMs) / 1e3)
+    };
+  }
+};
+// src/faultReport.ts
+var FaultCode = /* @__PURE__ */ ((FaultCode2) => {
+  FaultCode2["SENSOR_PROXIMITY_FAILURE"] = "SENSOR_PROXIMITY_FAILURE";
+  FaultCode2["SENSOR_CAMERA_FAILURE"] = "SENSOR_CAMERA_FAILURE";
+  FaultCode2["SENSOR_IMU_FAILURE"] = "SENSOR_IMU_FAILURE";
+  FaultCode2["MOTOR_OVERCURRENT"] = "MOTOR_OVERCURRENT";
+  FaultCode2["MOTOR_OVERTEMP"] = "MOTOR_OVERTEMP";
+  FaultCode2["MOTOR_STALL"] = "MOTOR_STALL";
+  FaultCode2["BATTERY_CRITICAL"] = "BATTERY_CRITICAL";
+  FaultCode2["BATTERY_LOW"] = "BATTERY_LOW";
+  FaultCode2["NETWORK_TIMEOUT"] = "NETWORK_TIMEOUT";
+  FaultCode2["NETWORK_REGISTRY_UNREACHABLE"] = "NETWORK_REGISTRY_UNREACHABLE";
+  FaultCode2["SAFETY_ESTOP_STUCK"] = "SAFETY_ESTOP_STUCK";
+  FaultCode2["SAFETY_WATCHDOG_TIMEOUT"] = "SAFETY_WATCHDOG_TIMEOUT";
+  FaultCode2["UNKNOWN"] = "UNKNOWN";
+  return FaultCode2;
+})(FaultCode || {});
+function makeFaultReport(params) {
+  return new RCANMessage({
+    rcan: SPEC_VERSION,
+    cmd: "FAULT_REPORT",
+    target: params.target ?? "rcan://local/fault",
+    params: {
+      message_type: 26 /* FAULT_REPORT */,
+      fault_code: params.faultCode,
+      severity: params.severity,
+      subsystem: params.subsystem,
+      affects_safety: params.affectsSafety,
+      safe_to_continue: params.safeToContinue,
+      description: params.description ?? "",
+      reported_at: (/* @__PURE__ */ new Date()).toISOString()
+    }
+  });
+}
+// src/identity.ts
+var LevelOfAssurance = /* @__PURE__ */ ((LevelOfAssurance2) => {
+  LevelOfAssurance2[LevelOfAssurance2["ANONYMOUS"] = 1] = "ANONYMOUS";
+  LevelOfAssurance2[LevelOfAssurance2["EMAIL_VERIFIED"] = 2] = "EMAIL_VERIFIED";
+  LevelOfAssurance2[LevelOfAssurance2["HARDWARE_TOKEN"] = 3] = "HARDWARE_TOKEN";
+  return LevelOfAssurance2;
+})(LevelOfAssurance || {});
+var DEFAULT_LOA_POLICY = {
+  minLoaDiscover: 1 /* ANONYMOUS */,
+  minLoaStatus: 1 /* ANONYMOUS */,
+  minLoaChat: 1 /* ANONYMOUS */,
+  minLoaControl: 1 /* ANONYMOUS */,
+  minLoaSafety: 1 /* ANONYMOUS */
+};
+var PRODUCTION_LOA_POLICY = {
+  minLoaDiscover: 1 /* ANONYMOUS */,
+  minLoaStatus: 1 /* ANONYMOUS */,
+  minLoaChat: 1 /* ANONYMOUS */,
+  minLoaControl: 2 /* EMAIL_VERIFIED */,
+  minLoaSafety: 3 /* HARDWARE_TOKEN */
+};
+function extractLoaFromJwt(token) {
+  try {
+    const parts = token.split(".");
+    if (parts.length < 2) return 1 /* ANONYMOUS */;
+    const payloadB64 = (parts[1] ?? "").replace(/-/g, "+").replace(/_/g, "/");
+    const padded = payloadB64 + "=".repeat((4 - payloadB64.length % 4) % 4);
+    let json;
+    if (typeof atob !== "undefined") {
+      json = atob(padded);
+    } else {
+      json = Buffer.from(padded, "base64").toString("utf-8");
+    }
+    const claims = JSON.parse(json);
+    const loa = claims["loa"];
+    if (typeof loa === "number" && loa >= 1 && loa <= 3) {
+      return loa;
+    }
+  } catch {
+  }
+  return 1 /* ANONYMOUS */;
+}
+function minLoaForScope(scope, policy) {
+  const s = scope.toLowerCase();
+  switch (s) {
+    case "discover":
+      return policy.minLoaDiscover;
+    case "status":
+      return policy.minLoaStatus;
+    case "chat":
+      return policy.minLoaChat;
+    case "control":
+      return policy.minLoaControl;
+    case "safety":
+      return policy.minLoaSafety;
+    default:
+      return null;
+  }
+}
+function validateLoaForScope(loa, scope, policy = DEFAULT_LOA_POLICY) {
+  const min = minLoaForScope(scope, policy);
+  if (min === null) {
+    return { valid: true, reason: "unknown scope; allowed by default" };
+  }
+  if (loa >= min) {
+    return { valid: true, reason: "ok" };
+  }
+  return {
+    valid: false,
+    reason: `LOA_INSUFFICIENT: scope=${scope} requires LoA>=${min}, caller has LoA=${loa}`
+  };
+}
+// src/federation.ts
+var RegistryTier = /* @__PURE__ */ ((RegistryTier2) => {
+  RegistryTier2["ROOT"] = "root";
+  RegistryTier2["AUTHORITATIVE"] = "authoritative";
+  RegistryTier2["COMMUNITY"] = "community";
+  return RegistryTier2;
+})(RegistryTier || {});
+var FederationSyncType = /* @__PURE__ */ ((FederationSyncType2) => {
+  FederationSyncType2["CONSENT"] = "consent";
+  FederationSyncType2["REVOCATION"] = "revocation";
+  FederationSyncType2["KEY"] = "key";
+  return FederationSyncType2;
+})(FederationSyncType || {});
+var CACHE_TTL_MS2 = 24 * 60 * 60 * 1e3;
+var TrustAnchorCache = class {
+  store = /* @__PURE__ */ new Map();
+  /** Store or refresh a registry identity. */
+  set(identity) {
+    this.store.set(identity.registryUrl, {
+      identity,
+      expiresAt: Date.now() + CACHE_TTL_MS2
+    });
+  }
+  /**
+   * Look up a registry URL.
+   * Returns undefined when absent or when the TTL has expired.
+   */
+  lookup(url) {
+    const entry = this.store.get(url);
+    if (!entry) return void 0;
+    if (Date.now() > entry.expiresAt) {
+      this.store.delete(url);
+      return void 0;
+    }
+    return entry.identity;
+  }
+  /**
+   * Discover a registry via DNS TXT record `_rcan-registry.<domain>`.
+   *
+   * The TXT record is expected to contain a JSON object with the
+   * RegistryIdentity fields. Returns the identity and caches it.
+   *
+   * Node.js only — returns undefined in environments without `dns.promises`.
+   */
+  async discoverViaDns(domain) {
+    const hostname = `_rcan-registry.${domain}`;
+    let records;
+    try {
+      const dnsModule = __require("dns");
+      records = await dnsModule.promises.resolveTxt(hostname);
+    } catch {
+      return void 0;
+    }
+    for (const record of records) {
+      const text = record.join("");
+      try {
+        const parsed = JSON.parse(text);
+        if (parsed.registryUrl && parsed.tier && parsed.publicKeyPem && parsed.domain) {
+          const identity = {
+            registryUrl: parsed.registryUrl,
+            tier: parsed.tier,
+            publicKeyPem: parsed.publicKeyPem,
+            domain: parsed.domain,
+            verifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+          };
+          this.set(identity);
+          return identity;
+        }
+      } catch {
+      }
+    }
+    return void 0;
+  }
+  /**
+   * Verify a JWT was issued by the registry at `url`.
+   *
+   * Validates the `iss` claim and checks the registry is in the trust cache.
+   * Full cryptographic signature verification requires the registry's public
+   * key material — callers should perform additional checks using `publicKeyPem`
+   * from the returned identity.
+   */
+  async verifyRegistryJwt(token, url) {
+    const identity = this.lookup(url);
+    if (!identity) {
+      throw new Error(`REGISTRY_UNKNOWN: ${url} is not in the trust cache`);
+    }
+    let iss;
+    try {
+      const parts = token.split(".");
+      const payloadB64 = (parts[1] ?? "").replace(/-/g, "+").replace(/_/g, "/");
+      const padded = payloadB64 + "=".repeat((4 - payloadB64.length % 4) % 4);
+      let json;
+      if (typeof atob !== "undefined") {
+        json = atob(padded);
+      } else {
+        json = Buffer.from(padded, "base64").toString("utf-8");
+      }
+      const claims = JSON.parse(json);
+      iss = typeof claims["iss"] === "string" ? claims["iss"] : void 0;
+    } catch {
+      throw new Error("REGISTRY_JWT_MALFORMED: cannot decode token payload");
+    }
+    if (iss !== url) {
+      throw new Error(
+        `REGISTRY_JWT_ISS_MISMATCH: expected iss=${url}, got iss=${iss ?? "(none)"}`
+      );
+    }
+    return identity;
+  }
+};
+function generateId5() {
+  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
+    return crypto.randomUUID();
+  }
+  const bytes = Array.from({ length: 16 }, () => Math.floor(Math.random() * 256));
+  bytes[6] = (bytes[6] ?? 0) & 15 | 64;
+  bytes[8] = (bytes[8] ?? 0) & 63 | 128;
+  const hex = bytes.map((b) => b.toString(16).padStart(2, "0"));
+  return `${hex.slice(0, 4).join("")}-${hex.slice(4, 6).join("")}-${hex.slice(6, 8).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
+}
+function makeFederationSync(source, target, syncType, payload) {
+  return new RCANMessage({
+    rcan: "1.6",
+    rcanVersion: "1.6",
+    cmd: "federation_sync",
+    target,
+    params: {
+      msg_type: 12 /* FEDERATION_SYNC */,
+      msg_id: generateId5(),
+      source_registry: source,
+      target_registry: target,
+      sync_type: syncType,
+      payload
+    },
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  });
+}
+async function validateCrossRegistryCommand(msg, localRegistry, trustCache) {
+  const msgType = msg.params?.["msg_type"];
+  const isEstop = msgType === 6 /* SAFETY */ || msgType === 6 || msg.cmd === "estop" || msg.cmd === "ESTOP";
+  if (isEstop) {
+    return { valid: true, reason: "ESTOP always permitted (P66 invariant)" };
+  }
+  const sourceRegistry = msg.params?.["source_registry"] ?? msg.params?.["from_registry"];
+  if (!sourceRegistry || sourceRegistry === localRegistry) {
+    return { valid: true, reason: "local registry; no federation check needed" };
+  }
+  const identity = trustCache.lookup(sourceRegistry);
+  if (!identity) {
+    return {
+      valid: false,
+      reason: `REGISTRY_UNKNOWN: ${sourceRegistry} is not in the local trust cache`
+    };
+  }
+  let loa = 1 /* ANONYMOUS */;
+  const registryJwt = msg.params?.["registry_jwt"];
+  if (registryJwt) {
+    loa = extractLoaFromJwt(registryJwt);
+  } else if (typeof msg.loa === "number") {
+    loa = msg.loa;
+  }
+  if (loa < 2 /* EMAIL_VERIFIED */) {
+    return {
+      valid: false,
+      reason: `LOA_INSUFFICIENT: cross-registry commands require LoA>=2 (EMAIL_VERIFIED), got LoA=${loa}`
+    };
+  }
+  return { valid: true, reason: "cross-registry command accepted" };
+}
+// src/transport.ts
+var TransportError = class _TransportError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "TransportError";
+    Object.setPrototypeOf(this, _TransportError.prototype);
+  }
+};
+var TransportEncoding = /* @__PURE__ */ ((TransportEncoding2) => {
+  TransportEncoding2["HTTP"] = "http";
+  TransportEncoding2["COMPACT"] = "compact";
+  TransportEncoding2["MINIMAL"] = "minimal";
+  TransportEncoding2["BLE"] = "ble";
+  return TransportEncoding2;
+})(TransportEncoding || {});
+var COMPACT_ENCODE = {
+  msg_type: "t",
+  msg_id: "i",
+  timestamp: "ts",
+  from_rrn: "f",
+  to_rrn: "to",
+  scope: "s",
+  payload: "p",
+  signature: "sig"
+};
+var COMPACT_DECODE = Object.fromEntries(
+  Object.entries(COMPACT_ENCODE).map(([k, v]) => [v, k])
+);
+function encodeCompact(message) {
+  const full = message.toJSON();
+  const compact = {};
+  for (const [key, value] of Object.entries(full)) {
+    const short = COMPACT_ENCODE[key];
+    compact[short ?? key] = value;
+  }
+  if (compact["p"] && typeof compact["p"] === "object") {
+    const params = compact["p"];
+    const compactParams = {};
+    for (const [k, v] of Object.entries(params)) {
+      const short = COMPACT_ENCODE[k];
+      compactParams[short ?? k] = v;
+    }
+    compact["p"] = compactParams;
+  }
+  const json = JSON.stringify(compact);
+  const encoder = new TextEncoder();
+  return encoder.encode(json);
+}
+function decodeCompact(data) {
+  const decoder = new TextDecoder();
+  const json = decoder.decode(data);
+  const compact = JSON.parse(json);
+  const full = {};
+  for (const [key, value] of Object.entries(compact)) {
+    const long = COMPACT_DECODE[key];
+    full[long ?? key] = value;
+  }
+  if (full["payload"] && typeof full["payload"] === "object") {
+    const params = full["payload"];
+    const expandedParams = {};
+    for (const [k, v] of Object.entries(params)) {
+      const long = COMPACT_DECODE[k];
+      expandedParams[long ?? k] = v;
+    }
+    full["payload"] = expandedParams;
+  }
+  return new RCANMessage({
+    rcan: full["rcan"] ?? "1.6",
+    rcanVersion: full["rcanVersion"],
+    cmd: full["cmd"],
+    target: full["target"],
+    params: full["params"] ?? full["payload"] ?? {},
+    timestamp: full["timestamp"],
+    confidence: full["confidence"],
+    signature: full["signature"]
+  });
+}
+var MINIMAL_SIZE = 32;
+var SAFETY_TYPE = 6;
+async function sha256Bytes(input) {
+  const encoded = new TextEncoder().encode(input);
+  const ab = new ArrayBuffer(encoded.byteLength);
+  new Uint8Array(ab).set(encoded);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", ab);
+  return new Uint8Array(hashBuffer);
+}
+async function encodeMinimal(message) {
+  const msgType = message.params?.["msg_type"] ?? 0;
+  if (msgType !== SAFETY_TYPE) {
+    throw new TransportError(
+      `encodeMinimal only supports SAFETY (type 6) messages; got type=${msgType}`
+    );
+  }
+  const fromRrn = message.params?.["from_rrn"] ?? message.target ?? "";
+  const toRrn = message.params?.["to_rrn"] ?? message.target ?? "";
+  const fromHash = await sha256Bytes(fromRrn);
+  const toHash = await sha256Bytes(toRrn);
+  const sig = (message.signature?.sig ?? "").replace(/[^A-Za-z0-9+/=]/g, "");
+  let sigBytes;
+  try {
+    if (typeof atob !== "undefined") {
+      const raw = atob(sig.slice(0, 16));
+      sigBytes = new Uint8Array(raw.length);
+      for (let i = 0; i < raw.length; i++) sigBytes[i] = raw.charCodeAt(i);
+    } else {
+      sigBytes = Buffer.from(sig.slice(0, 16), "base64");
+    }
+  } catch {
+    sigBytes = new Uint8Array(8);
+  }
+  const ts = message.timestamp ? Math.floor(new Date(message.timestamp).getTime() / 1e3) : Math.floor(Date.now() / 1e3);
+  const unix32 = ts >>> 0;
+  const out = new Uint8Array(MINIMAL_SIZE);
+  const view = new DataView(out.buffer);
+  view.setUint16(0, SAFETY_TYPE, false);
+  out.set(fromHash.subarray(0, 8), 2);
+  out.set(toHash.subarray(0, 8), 10);
+  view.setUint32(18, unix32, false);
+  const sigSlice = new Uint8Array(8);
+  sigSlice.set(sigBytes.subarray(0, Math.min(8, sigBytes.length)));
+  out.set(sigSlice, 22);
+  let checksum = 0;
+  for (let i = 0; i < 30; i++) checksum ^= out[i] ?? 0;
+  view.setUint16(30, checksum & 65535, false);
+  if (out.length !== MINIMAL_SIZE) {
+    throw new TransportError(
+      `encodeMinimal assertion failed: expected ${MINIMAL_SIZE} bytes, got ${out.length}`
+    );
+  }
+  return out;
+}
+function decodeMinimal(data) {
+  if (data.length !== MINIMAL_SIZE) {
+    throw new TransportError(
+      `decodeMinimal: expected ${MINIMAL_SIZE} bytes, got ${data.length}`
+    );
+  }
+  const view = new DataView(data.buffer, data.byteOffset, data.byteLength);
+  const msgType = view.getUint16(0, false);
+  const fromHash = data.subarray(2, 10);
+  const toHash = data.subarray(10, 18);
+  const unix32 = view.getUint32(18, false);
+  const sigTrunc = data.subarray(22, 30);
+  const timestamp = new Date(unix32 * 1e3).toISOString();
+  const toHex2 = (b) => Array.from(b).map((x) => x.toString(16).padStart(2, "0")).join("");
+  return {
+    params: {
+      msg_type: msgType,
+      from_hash: toHex2(fromHash),
+      to_hash: toHex2(toHash),
+      timestamp_s: unix32,
+      sig_truncated: toHex2(sigTrunc)
+    },
+    timestamp
+  };
+}
+var DEFAULT_MTU = 251;
+var BLE_HEADER_SIZE = 3;
+function encodeBleFrames(message, mtu = DEFAULT_MTU) {
+  const payload = encodeCompact(message);
+  const chunkSize = mtu - BLE_HEADER_SIZE;
+  if (chunkSize <= 0) {
+    throw new TransportError(`MTU ${mtu} is too small (need at least ${BLE_HEADER_SIZE + 1})`);
+  }
+  const totalChunks = Math.ceil(payload.length / chunkSize);
+  const frames = [];
+  for (let i = 0; i < totalChunks; i++) {
+    const chunk = payload.subarray(i * chunkSize, (i + 1) * chunkSize);
+    const frame = new Uint8Array(BLE_HEADER_SIZE + chunk.length);
+    frame[0] = i;
+    frame[1] = totalChunks;
+    frame[2] = i === totalChunks - 1 ? 1 : 0;
+    frame.set(chunk, BLE_HEADER_SIZE);
+    frames.push(frame);
+  }
+  return frames;
+}
+function decodeBleFrames(frames) {
+  if (frames.length === 0) {
+    throw new TransportError("decodeBleFrames: no frames provided");
+  }
+  const sorted = [...frames].sort((a, b) => (a[0] ?? 0) - (b[0] ?? 0));
+  const expectedTotal = sorted[0]?.[1] ?? sorted.length;
+  if (sorted.length !== expectedTotal) {
+    throw new TransportError(
+      `decodeBleFrames: expected ${expectedTotal} frames, got ${sorted.length}`
+    );
+  }
+  const payloadChunks = sorted.map((f) => f.subarray(BLE_HEADER_SIZE));
+  const totalLen = payloadChunks.reduce((s, c) => s + c.length, 0);
+  const payload = new Uint8Array(totalLen);
+  let offset = 0;
+  for (const chunk of payloadChunks) {
+    payload.set(chunk, offset);
+    offset += chunk.length;
+  }
+  return decodeCompact(payload);
+}
+function selectTransport(available, message) {
+  const msgType = message.params?.["msg_type"] ?? 0;
+  const isSafety = msgType === SAFETY_TYPE;
+  const has = (enc) => available.includes(enc);
+  if (isSafety) {
+    if (has("minimal" /* MINIMAL */)) return "minimal" /* MINIMAL */;
+    if (has("ble" /* BLE */)) return "ble" /* BLE */;
+    if (has("compact" /* COMPACT */)) return "compact" /* COMPACT */;
+    if (has("http" /* HTTP */)) return "http" /* HTTP */;
+  } else {
+    if (has("http" /* HTTP */)) return "http" /* HTTP */;
+    if (has("compact" /* COMPACT */)) return "compact" /* COMPACT */;
+    if (has("ble" /* BLE */)) return "ble" /* BLE */;
+  }
+  throw new TransportError(
+    `No suitable transport available from: [${available.join(", ")}]`
+  );
+}
+// src/multimodal.ts
+var MediaEncoding = /* @__PURE__ */ ((MediaEncoding2) => {
+  MediaEncoding2["BASE64"] = "base64";
+  MediaEncoding2["REF"] = "ref";
+  return MediaEncoding2;
+})(MediaEncoding || {});
+function generateId6() {
+  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
+    return crypto.randomUUID();
+  }
+  const bytes = Array.from({ length: 16 }, () => Math.floor(Math.random() * 256));
+  bytes[6] = (bytes[6] ?? 0) & 15 | 64;
+  bytes[8] = (bytes[8] ?? 0) & 63 | 128;
+  const hex = bytes.map((b) => b.toString(16).padStart(2, "0"));
+  return `${hex.slice(0, 4).join("")}-${hex.slice(4, 6).join("")}-${hex.slice(6, 8).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10).join("")}`;
+}
+async function computeSha256Hex(data) {
+  const ab = new ArrayBuffer(data.byteLength);
+  new Uint8Array(ab).set(data);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", ab);
+  const hashArray = new Uint8Array(hashBuffer);
+  return Array.from(hashArray).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function uint8ToBase64(data) {
+  if (typeof Buffer !== "undefined") {
+    return Buffer.from(data).toString("base64");
+  }
+  let binary = "";
+  for (let i = 0; i < data.length; i++) binary += String.fromCharCode(data[i] ?? 0);
+  return btoa(binary);
+}
+function rebuildMessage(base, overrides) {
+  const data = { ...base.toJSON(), ...overrides };
+  return RCANMessage.fromJSON(data);
+}
+async function addMediaInline(message, data, mimeType) {
+  const hashSha256 = await computeSha256Hex(data);
+  const dataB64 = uint8ToBase64(data);
+  const chunk = {
+    chunkId: generateId6(),
+    mimeType,
+    encoding: "base64" /* BASE64 */,
+    hashSha256,
+    dataB64,
+    sizeBytes: data.length
+  };
+  const existing = message.mediaChunks ?? [];
+  return rebuildMessage(message, { mediaChunks: [...existing, chunk] });
+}
+function addMediaRef(message, refUrl, mimeType, hashSha256, sizeBytes) {
+  const chunk = {
+    chunkId: generateId6(),
+    mimeType,
+    encoding: "ref" /* REF */,
+    hashSha256,
+    refUrl,
+    sizeBytes
+  };
+  const existing = message.mediaChunks ?? [];
+  return rebuildMessage(message, { mediaChunks: [...existing, chunk] });
+}
+async function validateMediaChunks(message) {
+  const chunks = message.mediaChunks ?? [];
+  if (chunks.length === 0) {
+    return { valid: true, reason: "no media chunks" };
+  }
+  for (let i = 0; i < chunks.length; i++) {
+    const chunk = chunks[i];
+    if (!chunk.chunkId) return { valid: false, reason: `chunk[${i}]: missing chunkId` };
+    if (!chunk.mimeType) return { valid: false, reason: `chunk[${i}]: missing mimeType` };
+    if (!chunk.hashSha256) return { valid: false, reason: `chunk[${i}]: missing hashSha256` };
+    if (chunk.sizeBytes < 0) return { valid: false, reason: `chunk[${i}]: sizeBytes must be >= 0` };
+    if (chunk.encoding === "base64" /* BASE64 */) {
+      if (!chunk.dataB64) {
+        return { valid: false, reason: `chunk[${i}]: BASE64 encoding requires dataB64` };
+      }
+      let decoded;
+      try {
+        if (typeof Buffer !== "undefined") {
+          decoded = Buffer.from(chunk.dataB64, "base64");
+        } else {
+          const raw = atob(chunk.dataB64);
+          decoded = new Uint8Array(raw.length);
+          for (let j = 0; j < raw.length; j++) decoded[j] = raw.charCodeAt(j);
+        }
+      } catch {
+        return { valid: false, reason: `chunk[${i}]: failed to decode base64 data` };
+      }
+      const actualHash = await computeSha256Hex(decoded);
+      if (actualHash !== chunk.hashSha256) {
+        return {
+          valid: false,
+          reason: `chunk[${i}]: SHA-256 mismatch (expected ${chunk.hashSha256}, got ${actualHash})`
+        };
+      }
+    } else if (chunk.encoding === "ref" /* REF */) {
+      if (!chunk.refUrl) {
+        return { valid: false, reason: `chunk[${i}]: REF encoding requires refUrl` };
+      }
+    } else {
+      return { valid: false, reason: `chunk[${i}]: unknown encoding '${chunk.encoding}'` };
+    }
+  }
+  return { valid: true, reason: "ok" };
+}
+async function makeTrainingDataMessage(media) {
+  let msg = new RCANMessage({
+    rcan: "1.6",
+    rcanVersion: "1.6",
+    cmd: "training_data",
+    target: "rcan://training/data",
+    params: {
+      msg_type: 10 /* TRAINING_DATA */,
+      msg_id: generateId6()
+    },
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  for (const item of media) {
+    msg = await addMediaInline(msg, item.data, item.mimeType);
+  }
+  return msg;
+}
+async function makeStreamChunk(streamId, data, mimeType, chunkIndex, isFinal) {
+  const hashSha256 = await computeSha256Hex(data);
+  const dataB64 = uint8ToBase64(data);
+  const chunk = {
+    chunkId: generateId6(),
+    mimeType,
+    encoding: "base64" /* BASE64 */,
+    hashSha256,
+    dataB64,
+    sizeBytes: data.length
+  };
+  const streamChunkMeta = {
+    streamId,
+    chunkIndex,
+    isFinal,
+    chunk
+  };
+  let msg = new RCANMessage({
+    rcan: "1.6",
+    rcanVersion: "1.6",
+    cmd: "stream_chunk",
+    target: "rcan://streaming/chunk",
+    params: {
+      msg_type: 7 /* SENSOR_DATA */,
+      msg_id: generateId6(),
+      stream_chunk: streamChunkMeta
+    },
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  msg = rebuildMessage(msg, { mediaChunks: [chunk] });
+  return msg;
+}
 // src/index.ts
-var VERSION = "0.3.0";
-var SPEC_VERSION = "1.2";
-var RCAN_VERSION = "1.2";
+var VERSION = "0.6.0";
+var RCAN_VERSION = "1.6";
 export {
   AuditChain,
   AuditError,
+  ClockDriftError,
   CommitmentRecord,
   ConfidenceGate,
+  DEFAULT_LOA_POLICY,
+  DataCategory,
+  FaultCode,
+  FederationSyncType,
   GateError,
   HiTLGate,
+  KeyStore,
+  LevelOfAssurance,
+  MediaEncoding,
+  MessageType,
   NodeClient,
+  OfflineModeManager,
+  PRODUCTION_LOA_POLICY,
+  QoSAckTimeoutError,
+  QoSLevel,
+  QoSManager,
   RCANAddressError,
+  RCANConfigAuthorizationError,
+  RCANDelegationChainError,
   RCANError,
   RCANGateError,
   RCANMessage,
@@ -1162,19 +2689,73 @@ export {
   RCANNodeSyncError,
   RCANNodeTrustError,
   RCANRegistryError,
+  RCANReplayAttackError,
   RCANSignatureError,
   RCANValidationError,
+  RCANVersionIncompatibleError,
   RCAN_VERSION,
   RegistryClient,
+  RegistryTier,
+  ReplayCache,
+  RevocationCache,
   RobotURI,
   RobotURIError,
+  SAFETY_MESSAGE_TYPE,
+  SDK_VERSION,
   SPEC_VERSION,
+  TransportEncoding,
+  TransportError,
+  TrustAnchorCache,
   VERSION,
+  addDelegationHop,
+  addMediaInline,
+  addMediaRef,
+  assertClockSynced,
+  checkClockSync,
+  checkRevocation,
+  decodeBleFrames,
+  decodeCompact,
+  decodeMinimal,
+  encodeBleFrames,
+  encodeCompact,
+  encodeMinimal,
+  extractLoaFromJwt,
   fetchCanonicalSchema,
+  isSafetyMessage,
+  makeCloudRelayMessage,
+  makeConfigUpdate,
+  makeConsentDeny,
+  makeConsentGrant,
+  makeConsentRequest,
+  makeEstopMessage,
+  makeEstopWithQoS,
+  makeFaultReport,
+  makeFederationSync,
+  makeKeyRotationMessage,
+  makeResumeMessage,
+  makeRevocationBroadcast,
+  makeStopMessage,
+  makeStreamChunk,
+  makeTrainingConsentDeny,
+  makeTrainingConsentGrant,
+  makeTrainingConsentRequest,
+  makeTrainingDataMessage,
+  makeTransparencyMessage,
+  selectTransport,
   validateConfig,
   validateConfigAgainstSchema,
+  validateConfigUpdate,
+  validateConsentMessage,
+  validateCrossRegistryCommand,
+  validateDelegationChain,
+  validateLoaForScope,
+  validateMediaChunks,
   validateMessage,
   validateNodeAgainstSchema,
-  validateURI
+  validateReplay,
+  validateSafetyMessage,
+  validateTrainingDataMessage,
+  validateURI,
+  validateVersionCompat
 };
 //# sourceMappingURL=index.mjs.map