npm - @continuonai/rcan-ts - Versions diffs - 1.1.0 → 1.2.0 - Mend

@continuonai/rcan-ts 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/browser.d.mts CHANGED Viewed

@@ -114,6 +114,12 @@ interface SignatureBlock {
     kid: string;
     sig: string;
 }
+/** v2.2: Post-quantum (ML-DSA-65) signature block */
+interface PQSignatureBlock {
+    alg: "ml-dsa-65";
+    kid: string;
+    sig: string;
+}
 interface RCANMessageData {
     rcan?: string;
     /** v1.5: explicit protocol version field (defaults to SPEC_VERSION) */
@@ -152,6 +158,8 @@ interface RCANMessageData {
     firmwareHash?: string;
     /** v2.1: URI to sender's SBOM attestation endpoint (envelope field 14). Required at L2+. */
     attestationRef?: string;
+    /** v2.2: ML-DSA-65 post-quantum signature block (field 16, FIPS 204). Hybrid mode alongside Ed25519. */
+    pqSig?: PQSignatureBlock | undefined;
     [key: string]: unknown;
 }
 declare class RCANMessageError extends Error {
@@ -188,6 +196,8 @@ declare class RCANMessage {
     readonly firmwareHash: string | undefined;
     /** v2.1: URI to sender's SBOM attestation endpoint */
     readonly attestationRef: string | undefined;
+    /** v2.2: ML-DSA-65 post-quantum signature (field 16, FIPS 204). Hybrid alongside Ed25519. */
+    readonly pqSig: PQSignatureBlock | undefined;
     constructor(data: RCANMessageData);
     /** Whether this message has a signature block */
     get isSigned(): boolean;
@@ -755,9 +765,9 @@ declare function makeTransparencyMessage(ruri: string, disclosure: string, deleg
  * §3.5 — Protocol Version Compatibility
  */
 /** The RCAN spec version this SDK implements. */
-declare const SPEC_VERSION = "2.1.0";
+declare const SPEC_VERSION = "2.2.0";
 /** The SDK release version. */
-declare const SDK_VERSION = "1.1.0";
+declare const SDK_VERSION = "1.2.0";
 /**
  * Validate version compatibility.
  *
@@ -1852,6 +1862,83 @@ declare function verifyM2mTrustedToken(token: string, targetRrn: string, options
     skipRevocationCheck?: boolean;
 }): Promise<M2MTrustedClaims>;
+/**
+ * RCAN v2.2 Post-Quantum Hybrid Signing — ML-DSA-65 (NIST FIPS 204)
+ *
+ * Provides MLDSAKeyPair for post-quantum signing alongside the existing
+ * Ed25519 SignatureBlock.  In hybrid mode a message carries both:
+ *   - `signature`  — Ed25519 SignatureBlock  (backward-compat with v2.1)
+ *   - `pqSig`      — MLDSASignatureBlock     (new in v2.2)
+ *
+ * Key sizes (ML-DSA-65, NIST security level 3):
+ *   Public key:   1952 bytes
+ *   Private key:  4032 bytes
+ *   Signature:    3309 bytes
+ *
+ * Requires: @noble/post-quantum (npm install @noble/post-quantum)
+ *
+ * Spec: https://rcan.dev/spec#section-7-2
+ */
+/** @deprecated use PQSignatureBlock */
+type MLDSASignatureBlock = PQSignatureBlock;
+interface MLDSAKeyPairData {
+    /** Public key bytes (1952 bytes) */
+    publicKey: Uint8Array;
+    /** Private key bytes (4032 bytes). Absent for verify-only key pairs. */
+    secretKey?: Uint8Array;
+    /** 8-char hex key ID */
+    keyId: string;
+}
+/**
+ * An ML-DSA-65 (CRYSTALS-Dilithium, NIST FIPS 204) key pair.
+ *
+ * Immutable value object.  Build via {@link MLDSAKeyPair.generate} or
+ * {@link MLDSAKeyPair.fromPublicKey}.
+ */
+declare class MLDSAKeyPair {
+    readonly keyId: string;
+    readonly publicKey: Uint8Array;
+    readonly secretKey: Uint8Array | undefined;
+    private constructor();
+    /** Generate a new ML-DSA-65 key pair. */
+    static generate(): Promise<MLDSAKeyPair>;
+    /** Build a verify-only key pair from raw public key bytes. */
+    static fromPublicKey(publicKey: Uint8Array): Promise<MLDSAKeyPair>;
+    /** Build a full key pair from saved bytes (public + secret). */
+    static fromKeyMaterial(publicKey: Uint8Array, secretKey: Uint8Array): Promise<MLDSAKeyPair>;
+    get hasPrivateKey(): boolean;
+    /** Sign raw bytes; returns ML-DSA-65 signature (3309 bytes). */
+    signBytes(data: Uint8Array): Promise<Uint8Array>;
+    /**
+     * Verify an ML-DSA-65 signature.
+     * @returns true if valid
+     * @throws {Error} on invalid signature
+     */
+    verifyBytes(data: Uint8Array, signature: Uint8Array): Promise<void>;
+    toString(): string;
+}
+/**
+ * Add an ML-DSA-65 signature (`pqSig`) to an RCAN message.
+ *
+ * This is the v2.2 hybrid complement to the existing Ed25519 signature.
+ * Call {@link signMessageEd25519} (or the existing signing path) first to set
+ * `signature`, then call this to append `pqSig`.
+ *
+ * @param msg      RCAN message (mutated in place — sets `pqSig`)
+ * @param keypair  ML-DSA-65 key pair with private key
+ * @returns The same message cast to include `pqSig`
+ */
+declare function addPQSignature(msg: RCANMessage, keypair: MLDSAKeyPair): Promise<RCANMessage>;
+/**
+ * Verify the ML-DSA-65 signature (`pqSig`) on an RCAN message.
+ *
+ * @param msg           Message with a `pqSig` field
+ * @param trustedKeys   Trusted ML-DSA public key pairs
+ * @param requirePQ     If true, raise when `pqSig` is absent (for post-2028 hard mode)
+ */
+declare function verifyPQSignature(msg: RCANMessage, trustedKeys: MLDSAKeyPair[], requirePQ?: boolean): Promise<void>;
 /**
  * rcan-ts — Official TypeScript SDK for RCAN v1.6
  * Robot Communication and Accountability Network
@@ -1864,4 +1951,4 @@ declare const VERSION = "0.6.0";
 /** @deprecated Use SPEC_VERSION from ./version instead */
 declare const RCAN_VERSION = "1.6";
-export { AUTHORITY_ERROR_CODES, type ApprovalStatus, AuditChain, AuditError, type AuditExportRequest, type AuthorityAccessPayload, type AuthorityAccessPayloadWire, type AuthorityDataCategory, type AuthorityResponseData, type AuthorityResponsePayload, COMPETITION_SCOPE_LEVEL, CONTRIBUTE_SCOPE_LEVEL, type CachedKey, type ChainVerifyResult, ClockDriftError, type ClockSyncStatus, CommitmentRecord, type CommitmentRecordData, type CommitmentRecordJSON, type CompetitionBadge, type CompetitionEnter, type CompetitionFormat, type CompetitionScore, type ComputeResource, ConfidenceGate, type ConsentRequestParams, type ConsentResponseParams, type ConsentType, type ContributeCancel, type ContributeRequest, type ContributeResult, DEFAULT_LOA_POLICY, DataCategory, type DelegationHop, FIRMWARE_MANIFEST_PATH, FaultCode, type FaultReportParams, type FaultSeverity, type FederationSyncPayload, FederationSyncType, type FirmwareComponent, FirmwareIntegrityError, type FirmwareManifest, type FirmwareManifestWire, GateError, HiTLGate, type IdentityRecord, type JWKEntry, type JWKSDocument, KeyStore, LevelOfAssurance, type ListResult, type LoaPolicy, M2MAuthError, type M2MPeerClaims, type M2MTrustedClaims, M2M_TRUSTED_ISSUER, type MediaChunk, MediaEncoding, MessageType, NodeClient, type OfflineCommandResult, OfflineModeManager, type OfflineState, PRODUCTION_LOA_POLICY, type PendingApproval, type PersonalResearchResult, QoSAckTimeoutError, QoSLevel, QoSManager, type QoSResult, type QoSSendOptions, RCANAddressError, type RCANAgentConfig, type RCANConfig, RCANConfigAuthorizationError, RCANDelegationChainError, RCANError, RCANGateError, RCANMessage, type RCANMessageData, type RCANMessageEnvelope, RCANMessageError, type RCANMetadata, RCANNodeError, RCANNodeNotFoundError, RCANNodeSyncError, RCANNodeTrustError, RCANRegistryError, type RCANRegistryNode, RCANReplayAttackError, type RCANResolveResult, RCANSignatureError, RCANValidationError, RCANVersionIncompatibleError, RCAN_VERSION, ROLE_JWT_LEVEL, RRF_REVOCATION_CACHE_TTL_MS, RRF_REVOCATION_URL, type RegistrationResult, RegistryClient, type RegistryIdentity, RegistryTier, ReplayCache, type ReplayCheckResult, type ReplayableMessage, type ResearchMetrics, RevocationCache$1 as RevocationCache, type RevocationStatus, type RevocationStatusValue, type Robot, type RobotRegistration, RobotURI, RobotURIError, type RobotURIOptions, Role, type RunType, SAFETY_MESSAGE_TYPE, SCOPE_MIN_ROLE, SDK_VERSION, SPEC_VERSION, type SafetyEvent, type SafetyMessage, type ScopeValidationResult, type SeasonStanding, type SenderType, type SignatureBlock, type StandingEntry, type StreamChunk, type TrainingConsentRequestParams, type TransparencyMessage, TransportEncoding, TransportError, TrustAnchorCache, VERSION, type ValidationResult, type WorkUnitStatus, addDelegationHop, addMediaInline, addMediaRef, assertClockSynced, authorityAccessFromWire, authorityAccessToWire, canonicalManifestJson, checkClockSync, checkRevocation, decodeBleFrames, decodeCompact, decodeMinimal, encodeBleFrames, encodeCompact, encodeMinimal, extractIdentityFromJwt, extractLoaFromJwt, extractRoleFromJwt, fetchCanonicalSchema, fetchRRFRevocations, isAuthorityRequestValid, isM2mTrustedRevoked, isPreemptedBy, isSafetyMessage, makeCloudRelayMessage, makeCompetitionEnter, makeCompetitionScore, makeConfigUpdate, makeConsentDeny, makeConsentGrant, makeConsentRequest, makeContributeCancel, makeContributeRequest, makeContributeResult, makeEstopMessage, makeEstopWithQoS, makeFaultReport, makeFederationSync, makeKeyRotationMessage, makePersonalResearchResult, makeResumeMessage, makeRevocationBroadcast, makeSeasonStanding, makeStopMessage, makeStreamChunk, makeTrainingConsentDeny, makeTrainingConsentGrant, makeTrainingConsentRequest, makeTrainingDataMessage, makeTransparencyMessage, manifestFromWire, manifestToWire, parseM2mPeerToken, parseM2mTrustedToken, roleFromJwtLevel, selectTransport, validateAuthorityAccess, validateCompetitionScope, validateConfig, validateConfigAgainstSchema, validateConfigUpdate, validateConsentMessage, validateContributeScope, validateCrossRegistryCommand, validateDelegationChain, validateLoaForScope, validateManifest, validateMediaChunks, validateMessage, validateNodeAgainstSchema, validateReplay, validateRoleForScope, validateSafetyMessage, validateTrainingDataMessage, validateURI, validateVersionCompat, verifyM2mTrustedToken, verifyM2mTrustedTokenClaims };
+export { AUTHORITY_ERROR_CODES, type ApprovalStatus, AuditChain, AuditError, type AuditExportRequest, type AuthorityAccessPayload, type AuthorityAccessPayloadWire, type AuthorityDataCategory, type AuthorityResponseData, type AuthorityResponsePayload, COMPETITION_SCOPE_LEVEL, CONTRIBUTE_SCOPE_LEVEL, type CachedKey, type ChainVerifyResult, ClockDriftError, type ClockSyncStatus, CommitmentRecord, type CommitmentRecordData, type CommitmentRecordJSON, type CompetitionBadge, type CompetitionEnter, type CompetitionFormat, type CompetitionScore, type ComputeResource, ConfidenceGate, type ConsentRequestParams, type ConsentResponseParams, type ConsentType, type ContributeCancel, type ContributeRequest, type ContributeResult, DEFAULT_LOA_POLICY, DataCategory, type DelegationHop, FIRMWARE_MANIFEST_PATH, FaultCode, type FaultReportParams, type FaultSeverity, type FederationSyncPayload, FederationSyncType, type FirmwareComponent, FirmwareIntegrityError, type FirmwareManifest, type FirmwareManifestWire, GateError, HiTLGate, type IdentityRecord, type JWKEntry, type JWKSDocument, KeyStore, LevelOfAssurance, type ListResult, type LoaPolicy, M2MAuthError, type M2MPeerClaims, type M2MTrustedClaims, M2M_TRUSTED_ISSUER, MLDSAKeyPair, type MLDSAKeyPairData, type MLDSASignatureBlock, type MediaChunk, MediaEncoding, MessageType, NodeClient, type OfflineCommandResult, OfflineModeManager, type OfflineState, PRODUCTION_LOA_POLICY, type PendingApproval, type PersonalResearchResult, QoSAckTimeoutError, QoSLevel, QoSManager, type QoSResult, type QoSSendOptions, RCANAddressError, type RCANAgentConfig, type RCANConfig, RCANConfigAuthorizationError, RCANDelegationChainError, RCANError, RCANGateError, RCANMessage, type RCANMessageData, type RCANMessageEnvelope, RCANMessageError, type RCANMetadata, RCANNodeError, RCANNodeNotFoundError, RCANNodeSyncError, RCANNodeTrustError, RCANRegistryError, type RCANRegistryNode, RCANReplayAttackError, type RCANResolveResult, RCANSignatureError, RCANValidationError, RCANVersionIncompatibleError, RCAN_VERSION, ROLE_JWT_LEVEL, RRF_REVOCATION_CACHE_TTL_MS, RRF_REVOCATION_URL, type RegistrationResult, RegistryClient, type RegistryIdentity, RegistryTier, ReplayCache, type ReplayCheckResult, type ReplayableMessage, type ResearchMetrics, RevocationCache$1 as RevocationCache, type RevocationStatus, type RevocationStatusValue, type Robot, type RobotRegistration, RobotURI, RobotURIError, type RobotURIOptions, Role, type RunType, SAFETY_MESSAGE_TYPE, SCOPE_MIN_ROLE, SDK_VERSION, SPEC_VERSION, type SafetyEvent, type SafetyMessage, type ScopeValidationResult, type SeasonStanding, type SenderType, type SignatureBlock, type StandingEntry, type StreamChunk, type TrainingConsentRequestParams, type TransparencyMessage, TransportEncoding, TransportError, TrustAnchorCache, VERSION, type ValidationResult, type WorkUnitStatus, addDelegationHop, addMediaInline, addMediaRef, addPQSignature, assertClockSynced, authorityAccessFromWire, authorityAccessToWire, canonicalManifestJson, checkClockSync, checkRevocation, decodeBleFrames, decodeCompact, decodeMinimal, encodeBleFrames, encodeCompact, encodeMinimal, extractIdentityFromJwt, extractLoaFromJwt, extractRoleFromJwt, fetchCanonicalSchema, fetchRRFRevocations, isAuthorityRequestValid, isM2mTrustedRevoked, isPreemptedBy, isSafetyMessage, makeCloudRelayMessage, makeCompetitionEnter, makeCompetitionScore, makeConfigUpdate, makeConsentDeny, makeConsentGrant, makeConsentRequest, makeContributeCancel, makeContributeRequest, makeContributeResult, makeEstopMessage, makeEstopWithQoS, makeFaultReport, makeFederationSync, makeKeyRotationMessage, makePersonalResearchResult, makeResumeMessage, makeRevocationBroadcast, makeSeasonStanding, makeStopMessage, makeStreamChunk, makeTrainingConsentDeny, makeTrainingConsentGrant, makeTrainingConsentRequest, makeTrainingDataMessage, makeTransparencyMessage, manifestFromWire, manifestToWire, parseM2mPeerToken, parseM2mTrustedToken, roleFromJwtLevel, selectTransport, validateAuthorityAccess, validateCompetitionScope, validateConfig, validateConfigAgainstSchema, validateConfigUpdate, validateConsentMessage, validateContributeScope, validateCrossRegistryCommand, validateDelegationChain, validateLoaForScope, validateManifest, validateMediaChunks, validateMessage, validateNodeAgainstSchema, validateReplay, validateRoleForScope, validateSafetyMessage, validateTrainingDataMessage, validateURI, validateVersionCompat, verifyM2mTrustedToken, verifyM2mTrustedTokenClaims, verifyPQSignature };

package/dist/browser.mjs CHANGED Viewed

@@ -99,8 +99,8 @@ var RobotURI = class _RobotURI {
 };
 // src/version.ts
-var SPEC_VERSION = "2.1.0";
-var SDK_VERSION = "1.1.0";
+var SPEC_VERSION = "2.2.0";
+var SDK_VERSION = "1.2.0";
 function validateVersionCompat(incomingVersion, localVersion = SPEC_VERSION) {
   const parseParts = (v) => {
     const parts = v.split(".");
@@ -199,6 +199,8 @@ var RCANMessage = class _RCANMessage {
     __publicField(this, "firmwareHash");
     /** v2.1: URI to sender's SBOM attestation endpoint */
     __publicField(this, "attestationRef");
+    /** v2.2: ML-DSA-65 post-quantum signature (field 16, FIPS 204). Hybrid alongside Ed25519. */
+    __publicField(this, "pqSig");
     if (!data.cmd || data.cmd.trim() === "") {
       throw new RCANMessageError("'cmd' is required");
     }
@@ -228,6 +230,7 @@ var RCANMessage = class _RCANMessage {
     this.mediaChunks = data.mediaChunks;
     this.firmwareHash = data.firmwareHash;
     this.attestationRef = data.attestationRef;
+    this.pqSig = data.pqSig;
     if (this.signature !== void 0 && this.signature["sig"] === "pending") {
       throw new RCANMessageError(
         "signature.sig:'pending' is not valid in RCAN v2.1. Sign the message before sending."
@@ -276,6 +279,7 @@ var RCANMessage = class _RCANMessage {
     if (this.mediaChunks !== void 0) obj.mediaChunks = this.mediaChunks;
     if (this.firmwareHash !== void 0) obj.firmwareHash = this.firmwareHash;
     if (this.attestationRef !== void 0) obj.attestationRef = this.attestationRef;
+    if (this.pqSig !== void 0) obj.pqSig = this.pqSig;
     return obj;
   }
   /** Serialize to JSON string */
@@ -320,7 +324,8 @@ var RCANMessage = class _RCANMessage {
       transportEncoding: obj.transportEncoding,
       mediaChunks: obj.mediaChunks,
       firmwareHash: obj.firmwareHash,
-      attestationRef: obj.attestationRef
+      attestationRef: obj.attestationRef,
+      pqSig: obj.pqSig
     });
   }
 };
@@ -3095,6 +3100,163 @@ async function verifyM2mTrustedToken(token, targetRrn, options) {
   return claims;
 }
+// src/pqSigning.ts
+function toBase64url(bytes) {
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+function fromBase64url(b64) {
+  const padded = b64.replace(/-/g, "+").replace(/_/g, "/");
+  const binary = atob(padded);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+  return bytes;
+}
+async function sha256hex(data) {
+  const g = typeof globalThis !== "undefined" ? globalThis : {};
+  const webcrypto = g.crypto;
+  const subtle = webcrypto?.subtle;
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", data);
+    return Array.from(new Uint8Array(buf)).map((b) => b.toString(16).padStart(2, "0")).join("").slice(0, 8);
+  }
+  const nodeCrypto = await import("crypto").catch(() => null);
+  if (nodeCrypto) {
+    return nodeCrypto.createHash("sha256").update(data).digest("hex").slice(0, 8);
+  }
+  throw new Error("No SHA-256 implementation available");
+}
+var _mlDsaModule;
+async function requireNoblePostQuantum() {
+  if (_mlDsaModule) return _mlDsaModule;
+  if (typeof __require !== "undefined") {
+    try {
+      _mlDsaModule = __require("@noble/post-quantum/ml-dsa.js");
+      return _mlDsaModule;
+    } catch {
+    }
+  }
+  try {
+    _mlDsaModule = await import("@noble/post-quantum/ml-dsa.js");
+    return _mlDsaModule;
+  } catch {
+    throw new Error(
+      "ML-DSA signing requires @noble/post-quantum. Install with: npm install @noble/post-quantum"
+    );
+  }
+}
+var MLDSAKeyPair = class _MLDSAKeyPair {
+  constructor(data) {
+    __publicField(this, "keyId");
+    __publicField(this, "publicKey");
+    __publicField(this, "secretKey");
+    this.keyId = data.keyId;
+    this.publicKey = data.publicKey;
+    this.secretKey = data.secretKey;
+  }
+  /** Generate a new ML-DSA-65 key pair. */
+  static async generate() {
+    const { ml_dsa65 } = await requireNoblePostQuantum();
+    const kp = ml_dsa65.keygen();
+    const keyId = await sha256hex(kp.publicKey);
+    return new _MLDSAKeyPair({
+      publicKey: kp.publicKey,
+      secretKey: kp.secretKey,
+      keyId
+    });
+  }
+  /** Build a verify-only key pair from raw public key bytes. */
+  static async fromPublicKey(publicKey) {
+    const keyId = await sha256hex(publicKey);
+    return new _MLDSAKeyPair({ publicKey, keyId });
+  }
+  /** Build a full key pair from saved bytes (public + secret). */
+  static async fromKeyMaterial(publicKey, secretKey) {
+    const keyId = await sha256hex(publicKey);
+    return new _MLDSAKeyPair({ publicKey, secretKey, keyId });
+  }
+  get hasPrivateKey() {
+    return this.secretKey !== void 0;
+  }
+  /** Sign raw bytes; returns ML-DSA-65 signature (3309 bytes). */
+  async signBytes(data) {
+    if (!this.secretKey) {
+      throw new Error("Cannot sign: MLDSAKeyPair has no private key (verify-only)");
+    }
+    const { ml_dsa65 } = await requireNoblePostQuantum();
+    return ml_dsa65.sign(data, this.secretKey);
+  }
+  /**
+   * Verify an ML-DSA-65 signature.
+   * @returns true if valid
+   * @throws {Error} on invalid signature
+   */
+  async verifyBytes(data, signature) {
+    const { ml_dsa65 } = await requireNoblePostQuantum();
+    const ok = ml_dsa65.verify(signature, data, this.publicKey);
+    if (!ok) throw new Error("ML-DSA signature verification failed");
+  }
+  toString() {
+    const mode = this.hasPrivateKey ? "private+public" : "public-only";
+    return `MLDSAKeyPair(keyId=${this.keyId}, alg=ML-DSA-65, ${mode})`;
+  }
+};
+function canonicalMessageBytes(msg) {
+  const m = msg;
+  const payload = {
+    rcan: msg.rcan,
+    msg_id: m["msgId"] ?? m["msg_id"] ?? "",
+    timestamp: msg.timestamp,
+    cmd: msg.cmd,
+    target: msg.target,
+    params: msg.params
+  };
+  const sorted = JSON.stringify(
+    Object.fromEntries(Object.entries(payload).sort()),
+    null,
+    void 0
+  );
+  return new TextEncoder().encode(sorted);
+}
+async function addPQSignature(msg, keypair) {
+  const payload = canonicalMessageBytes(msg);
+  const rawSig = await keypair.signBytes(payload);
+  const block = {
+    alg: "ml-dsa-65",
+    kid: keypair.keyId,
+    sig: toBase64url(rawSig)
+  };
+  msg["pqSig"] = block;
+  return msg;
+}
+async function verifyPQSignature(msg, trustedKeys, requirePQ = false) {
+  const pqSig = msg["pqSig"];
+  if (!pqSig) {
+    if (requirePQ) {
+      throw new Error("ML-DSA signature (pqSig) required but missing from message");
+    }
+    return;
+  }
+  if (pqSig.alg !== "ml-dsa-65") {
+    throw new Error(`Unsupported PQ signature algorithm: ${pqSig.alg}`);
+  }
+  const matched = trustedKeys.find((k) => k.keyId === pqSig.kid);
+  if (!matched) {
+    throw new Error(
+      `No trusted ML-DSA key with kid=${pqSig.kid}. Known kids: [${trustedKeys.map((k) => k.keyId).join(", ")}]`
+    );
+  }
+  let rawSig;
+  try {
+    rawSig = fromBase64url(pqSig.sig);
+  } catch (e) {
+    throw new Error(`Invalid base64url ML-DSA signature: ${e}`);
+  }
+  const payload = canonicalMessageBytes(msg);
+  await matched.verifyBytes(payload, rawSig);
+}
 // src/index.ts
 var VERSION = "0.6.0";
 var RCAN_VERSION = "1.6";
@@ -3119,6 +3281,7 @@ export {
   LevelOfAssurance,
   M2MAuthError,
   M2M_TRUSTED_ISSUER,
+  MLDSAKeyPair,
   MediaEncoding,
   MessageType,
   NodeClient,
@@ -3165,6 +3328,7 @@ export {
   addDelegationHop,
   addMediaInline,
   addMediaRef,
+  addPQSignature,
   assertClockSynced,
   authorityAccessFromWire,
   authorityAccessToWire,
@@ -3239,6 +3403,7 @@ export {
   validateURI,
   validateVersionCompat,
   verifyM2mTrustedToken,
-  verifyM2mTrustedTokenClaims
+  verifyM2mTrustedTokenClaims,
+  verifyPQSignature
 };
 //# sourceMappingURL=browser.mjs.map