npm - @continuonai/rcan-ts - Versions diffs - 1.2.3 → 1.3.0 - Mend

@continuonai/rcan-ts 1.2.3 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -1919,6 +1919,64 @@ declare const addPQSignature: typeof signMessage;
 /** @deprecated Use verifyMessage() — Ed25519 is removed in RCAN v2.2 */
 declare function verifyPQSignature(msg: RCANMessage, trustedKeys: MLDSAKeyPair[], _requirePQ?: boolean): Promise<void>;
+/** An ML-DSA-65 key pair (NIST FIPS 204, 192-bit PQ security). */
+interface MlDsaKeyPair {
+    /** ML-DSA-65 secret key (4032 bytes). */
+    privateKey: Uint8Array;
+    /** ML-DSA-65 public key (1952 bytes). */
+    publicKey: Uint8Array;
+}
+/**
+ * Hybrid Ed25519 + ML-DSA-65 signature.
+ * Both algorithms sign the same message; verification requires both to pass.
+ */
+interface HybridSignature {
+    profile: "pqc-hybrid-v1";
+    /** Ed25519 signature (64 bytes, base-64url decoded). */
+    ed25519Sig: Uint8Array;
+    /** ML-DSA-65 signature (3309 bytes, base-64url decoded). */
+    mlDsaSig: Uint8Array;
+}
+/** Generate a fresh ML-DSA-65 key pair. */
+declare function generateMlDsaKeypair(): MlDsaKeyPair;
+/** Sign `message` with an ML-DSA-65 secret key. Returns the raw signature. */
+declare function signMlDsa(privateKey: Uint8Array, message: Uint8Array): Uint8Array;
+/**
+ * Verify an ML-DSA-65 signature.
+ * @returns `true` if valid, `false` otherwise.
+ */
+declare function verifyMlDsa(publicKey: Uint8Array, message: Uint8Array, sig: Uint8Array): boolean;
+/**
+ * Sign `msg` with both Ed25519 and ML-DSA-65.
+ * The caller supplies both private keys; neither is derived from the other.
+ */
+declare function signHybrid(ed25519Priv: Uint8Array, mlDsaPriv: Uint8Array, msg: Uint8Array): HybridSignature;
+/**
+ * Verify a hybrid signature. Both Ed25519 and ML-DSA-65 must be valid.
+ * @returns `true` only when both signatures pass.
+ */
+declare function verifyHybrid(ed25519Pub: Uint8Array, mlDsaPub: Uint8Array, msg: Uint8Array, sig: HybridSignature): boolean;
+/**
+ * Encode a HybridSignature to a compact string.
+ * Format: `pqc-hybrid-v1.<ed25519-b64url>.<mldsa-b64url>`
+ */
+declare function encodeHybridSig(sig: HybridSignature): string;
+/**
+ * Decode a hybrid signature string produced by `encodeHybridSig`.
+ * @throws if the string is not in the expected format.
+ */
+declare function decodeHybridSig(s: string): HybridSignature;
+/**
+ * Encode an ML-DSA-65 public key as a JWK-like object.
+ * Uses `kty: "OKP"`, `alg: "ML-DSA-65"`, `x: <base64url>`.
+ */
+declare function encodeMlDsaPublicKeyJwk(pub: Uint8Array): object;
+/**
+ * Decode an ML-DSA-65 public key from a JWK-like object.
+ * @throws if `kty` or `alg` fields are wrong.
+ */
+declare function decodeMlDsaPublicKeyJwk(jwk: object): Uint8Array;
 /**
  * rcan/mcp.ts — MCP integration types for RCAN v2.2 §22
  *
@@ -2002,4 +2060,4 @@ declare const VERSION = "0.6.0";
 /** @deprecated Use SPEC_VERSION from ./version instead */
 declare const RCAN_VERSION = "1.6";
-export { AUTHORITY_ERROR_CODES, type ApprovalStatus, AuditChain, AuditError, type AuditExportRequest, type AuthorityAccessPayload, type AuthorityAccessPayloadWire, type AuthorityDataCategory, type AuthorityResponseData, type AuthorityResponsePayload, COMPETITION_SCOPE_LEVEL, CONTRIBUTE_SCOPE_LEVEL, type CachedKey, type ChainVerifyResult, ClockDriftError, type ClockSyncStatus, CommitmentRecord, type CommitmentRecordData, type CommitmentRecordJSON, type CompetitionBadge, type CompetitionEnter, type CompetitionFormat, type CompetitionScore, type ComplianceReportResult, type ComputeResource, ConfidenceGate, type ConsentRequestParams, type ConsentResponseParams, type ConsentType, type ContributeCancel, type ContributeRequest, type ContributeResult, DEFAULT_LOA_POLICY, DataCategory, type DelegationHop$1 as DelegationHop, FIRMWARE_MANIFEST_PATH, FaultCode, type FaultReportParams, type FaultSeverity, type FederationSyncPayload, FederationSyncType, type FirmwareComponent, FirmwareIntegrityError, type FirmwareManifest, type FirmwareManifestWire, type FleetListResult, GateError, HiTLGate, type IdentityRecord, type JWKEntry, type JWKSDocument, KeyStore, LOA_TO_SCOPES, LevelOfAssurance, type ListResult, type LoaPolicy, M2MAuthError, type M2MPeerClaims, type M2MTrustedClaims, M2M_TRUSTED_ISSUER, MLDSAKeyPair, type MLDSAKeyPairData, type McpClientConfig, type McpServerConfig, type MediaChunk$1 as MediaChunk, MediaEncoding, MessageType, NodeClient, type OfflineCommandResult, OfflineModeManager, type OfflineState, PRODUCTION_LOA_POLICY, type PendingApproval, type PersonalResearchResult, QoSAckTimeoutError, QoSLevel, QoSManager, type QoSResult, type QoSSendOptions, RCANAddressError, type RCANAgentConfig, type RCANConfig, RCANConfigAuthorizationError, RCANDelegationChainError, RCANError, RCANGateError, RCANMessage, type RCANMessageData, type RCANMessageEnvelope, RCANMessageError, type RCANMetadata, RCANNodeError, RCANNodeNotFoundError, RCANNodeSyncError, RCANNodeTrustError, RCANRegistryError, type RCANRegistryNode, RCANReplayAttackError, type RCANResolveResult, RCANSignatureError, RCANValidationError, RCANVersionIncompatibleError, RCAN_VERSION, ROLE_JWT_LEVEL, RRF_REVOCATION_CACHE_TTL_MS, RRF_REVOCATION_URL, type RegistrationResult, RegistryClient, type RegistryIdentity, RegistryTier, ReplayCache, type ReplayCheckResult, type ReplayableMessage, type ResearchMetrics, RevocationCache$1 as RevocationCache, type RevocationStatus, type RevocationStatusValue, type Robot, type RobotCommandResult, type RobotRegistration, type RobotStatusResult, RobotURI, RobotURIError, type RobotURIOptions, Role, type RrfLookupResult, type RunType, SAFETY_MESSAGE_TYPE, SCOPE_MIN_ROLE, SDK_VERSION, SPEC_VERSION, type SafetyEvent, type SafetyMessage, type ScopeValidationResult, type SeasonStanding, type SenderType, type SignatureBlock, type StandingEntry, type StreamChunk, TOOL_LOA_REQUIREMENTS, type TrainingConsentRequestParams, type TransparencyMessage, TransportEncoding, TransportError, TrustAnchorCache, type V22DelegationHop, type V22MediaChunk, VERSION, type ValidationResult, type WorkUnitStatus, addDelegationHop, addMediaInline, addMediaRef, addPQSignature, assertClockSynced, authorityAccessFromWire, authorityAccessToWire, canonicalManifestJson, checkClockSync, checkRevocation, clientAllowsTool, decodeBleFrames, decodeCompact, decodeMinimal, encodeBleFrames, encodeCompact, encodeMinimal, extractIdentityFromJwt, extractLoaFromJwt, extractRoleFromJwt, fetchCanonicalSchema, fetchRRFRevocations, isAuthorityRequestValid, isM2mTrustedRevoked, isPreemptedBy, isSafetyMessage, makeCloudRelayMessage, makeCompetitionEnter, makeCompetitionScore, makeConfigUpdate, makeConsentDeny, makeConsentGrant, makeConsentRequest, makeContributeCancel, makeContributeRequest, makeContributeResult, makeEstopMessage, makeEstopWithQoS, makeFaultReport, makeFederationSync, makeKeyRotationMessage, makePersonalResearchResult, makeResumeMessage, makeRevocationBroadcast, makeSeasonStanding, makeStopMessage, makeStreamChunk, makeTrainingConsentDeny, makeTrainingConsentGrant, makeTrainingConsentRequest, makeTrainingDataMessage, makeTransparencyMessage, manifestFromWire, manifestToWire, parseM2mPeerToken, parseM2mTrustedToken, roleFromJwtLevel, selectTransport, signMessage, validateAuthorityAccess, validateCompetitionScope, validateConfig, validateConfigAgainstSchema, validateConfigUpdate, validateConsentMessage, validateContributeScope, validateCrossRegistryCommand, validateDelegationChain$1 as validateDelegationChain, validateLoaForScope, validateManifest, validateMediaChunks, validateMessage, validateNodeAgainstSchema, validateReplay, validateRoleForScope, validateSafetyMessage, validateTrainingDataMessage, validateURI, validateDelegationChain as validateV22DelegationChain, validateVersionCompat, verifyM2mTrustedToken, verifyM2mTrustedTokenClaims, verifyMessage, verifyPQSignature, verifyMediaChunkHash as verifyV22MediaChunkHash };
+export { AUTHORITY_ERROR_CODES, type ApprovalStatus, AuditChain, AuditError, type AuditExportRequest, type AuthorityAccessPayload, type AuthorityAccessPayloadWire, type AuthorityDataCategory, type AuthorityResponseData, type AuthorityResponsePayload, COMPETITION_SCOPE_LEVEL, CONTRIBUTE_SCOPE_LEVEL, type CachedKey, type ChainVerifyResult, ClockDriftError, type ClockSyncStatus, CommitmentRecord, type CommitmentRecordData, type CommitmentRecordJSON, type CompetitionBadge, type CompetitionEnter, type CompetitionFormat, type CompetitionScore, type ComplianceReportResult, type ComputeResource, ConfidenceGate, type ConsentRequestParams, type ConsentResponseParams, type ConsentType, type ContributeCancel, type ContributeRequest, type ContributeResult, DEFAULT_LOA_POLICY, DataCategory, type DelegationHop$1 as DelegationHop, FIRMWARE_MANIFEST_PATH, FaultCode, type FaultReportParams, type FaultSeverity, type FederationSyncPayload, FederationSyncType, type FirmwareComponent, FirmwareIntegrityError, type FirmwareManifest, type FirmwareManifestWire, type FleetListResult, GateError, HiTLGate, type HybridSignature, type IdentityRecord, type JWKEntry, type JWKSDocument, KeyStore, LOA_TO_SCOPES, LevelOfAssurance, type ListResult, type LoaPolicy, M2MAuthError, type M2MPeerClaims, type M2MTrustedClaims, M2M_TRUSTED_ISSUER, MLDSAKeyPair, type MLDSAKeyPairData, type McpClientConfig, type McpServerConfig, type MediaChunk$1 as MediaChunk, MediaEncoding, MessageType, type MlDsaKeyPair, NodeClient, type OfflineCommandResult, OfflineModeManager, type OfflineState, PRODUCTION_LOA_POLICY, type PendingApproval, type PersonalResearchResult, QoSAckTimeoutError, QoSLevel, QoSManager, type QoSResult, type QoSSendOptions, RCANAddressError, type RCANAgentConfig, type RCANConfig, RCANConfigAuthorizationError, RCANDelegationChainError, RCANError, RCANGateError, RCANMessage, type RCANMessageData, type RCANMessageEnvelope, RCANMessageError, type RCANMetadata, RCANNodeError, RCANNodeNotFoundError, RCANNodeSyncError, RCANNodeTrustError, RCANRegistryError, type RCANRegistryNode, RCANReplayAttackError, type RCANResolveResult, RCANSignatureError, RCANValidationError, RCANVersionIncompatibleError, RCAN_VERSION, ROLE_JWT_LEVEL, RRF_REVOCATION_CACHE_TTL_MS, RRF_REVOCATION_URL, type RegistrationResult, RegistryClient, type RegistryIdentity, RegistryTier, ReplayCache, type ReplayCheckResult, type ReplayableMessage, type ResearchMetrics, RevocationCache$1 as RevocationCache, type RevocationStatus, type RevocationStatusValue, type Robot, type RobotCommandResult, type RobotRegistration, type RobotStatusResult, RobotURI, RobotURIError, type RobotURIOptions, Role, type RrfLookupResult, type RunType, SAFETY_MESSAGE_TYPE, SCOPE_MIN_ROLE, SDK_VERSION, SPEC_VERSION, type SafetyEvent, type SafetyMessage, type ScopeValidationResult, type SeasonStanding, type SenderType, type SignatureBlock, type StandingEntry, type StreamChunk, TOOL_LOA_REQUIREMENTS, type TrainingConsentRequestParams, type TransparencyMessage, TransportEncoding, TransportError, TrustAnchorCache, type V22DelegationHop, type V22MediaChunk, VERSION, type ValidationResult, type WorkUnitStatus, addDelegationHop, addMediaInline, addMediaRef, addPQSignature, assertClockSynced, authorityAccessFromWire, authorityAccessToWire, canonicalManifestJson, checkClockSync, checkRevocation, clientAllowsTool, decodeBleFrames, decodeCompact, decodeHybridSig, decodeMinimal, decodeMlDsaPublicKeyJwk, encodeBleFrames, encodeCompact, encodeHybridSig, encodeMinimal, encodeMlDsaPublicKeyJwk, extractIdentityFromJwt, extractLoaFromJwt, extractRoleFromJwt, fetchCanonicalSchema, fetchRRFRevocations, generateMlDsaKeypair, isAuthorityRequestValid, isM2mTrustedRevoked, isPreemptedBy, isSafetyMessage, makeCloudRelayMessage, makeCompetitionEnter, makeCompetitionScore, makeConfigUpdate, makeConsentDeny, makeConsentGrant, makeConsentRequest, makeContributeCancel, makeContributeRequest, makeContributeResult, makeEstopMessage, makeEstopWithQoS, makeFaultReport, makeFederationSync, makeKeyRotationMessage, makePersonalResearchResult, makeResumeMessage, makeRevocationBroadcast, makeSeasonStanding, makeStopMessage, makeStreamChunk, makeTrainingConsentDeny, makeTrainingConsentGrant, makeTrainingConsentRequest, makeTrainingDataMessage, makeTransparencyMessage, manifestFromWire, manifestToWire, parseM2mPeerToken, parseM2mTrustedToken, roleFromJwtLevel, selectTransport, signHybrid, signMessage, signMlDsa, validateAuthorityAccess, validateCompetitionScope, validateConfig, validateConfigAgainstSchema, validateConfigUpdate, validateConsentMessage, validateContributeScope, validateCrossRegistryCommand, validateDelegationChain$1 as validateDelegationChain, validateLoaForScope, validateManifest, validateMediaChunks, validateMessage, validateNodeAgainstSchema, validateReplay, validateRoleForScope, validateSafetyMessage, validateTrainingDataMessage, validateURI, validateDelegationChain as validateV22DelegationChain, validateVersionCompat, verifyHybrid, verifyM2mTrustedToken, verifyM2mTrustedTokenClaims, verifyMessage, verifyMlDsa, verifyPQSignature, verifyMediaChunkHash as verifyV22MediaChunkHash };

package/dist/index.d.ts CHANGED Viewed

@@ -1919,6 +1919,64 @@ declare const addPQSignature: typeof signMessage;
 /** @deprecated Use verifyMessage() — Ed25519 is removed in RCAN v2.2 */
 declare function verifyPQSignature(msg: RCANMessage, trustedKeys: MLDSAKeyPair[], _requirePQ?: boolean): Promise<void>;
+/** An ML-DSA-65 key pair (NIST FIPS 204, 192-bit PQ security). */
+interface MlDsaKeyPair {
+    /** ML-DSA-65 secret key (4032 bytes). */
+    privateKey: Uint8Array;
+    /** ML-DSA-65 public key (1952 bytes). */
+    publicKey: Uint8Array;
+}
+/**
+ * Hybrid Ed25519 + ML-DSA-65 signature.
+ * Both algorithms sign the same message; verification requires both to pass.
+ */
+interface HybridSignature {
+    profile: "pqc-hybrid-v1";
+    /** Ed25519 signature (64 bytes, base-64url decoded). */
+    ed25519Sig: Uint8Array;
+    /** ML-DSA-65 signature (3309 bytes, base-64url decoded). */
+    mlDsaSig: Uint8Array;
+}
+/** Generate a fresh ML-DSA-65 key pair. */
+declare function generateMlDsaKeypair(): MlDsaKeyPair;
+/** Sign `message` with an ML-DSA-65 secret key. Returns the raw signature. */
+declare function signMlDsa(privateKey: Uint8Array, message: Uint8Array): Uint8Array;
+/**
+ * Verify an ML-DSA-65 signature.
+ * @returns `true` if valid, `false` otherwise.
+ */
+declare function verifyMlDsa(publicKey: Uint8Array, message: Uint8Array, sig: Uint8Array): boolean;
+/**
+ * Sign `msg` with both Ed25519 and ML-DSA-65.
+ * The caller supplies both private keys; neither is derived from the other.
+ */
+declare function signHybrid(ed25519Priv: Uint8Array, mlDsaPriv: Uint8Array, msg: Uint8Array): HybridSignature;
+/**
+ * Verify a hybrid signature. Both Ed25519 and ML-DSA-65 must be valid.
+ * @returns `true` only when both signatures pass.
+ */
+declare function verifyHybrid(ed25519Pub: Uint8Array, mlDsaPub: Uint8Array, msg: Uint8Array, sig: HybridSignature): boolean;
+/**
+ * Encode a HybridSignature to a compact string.
+ * Format: `pqc-hybrid-v1.<ed25519-b64url>.<mldsa-b64url>`
+ */
+declare function encodeHybridSig(sig: HybridSignature): string;
+/**
+ * Decode a hybrid signature string produced by `encodeHybridSig`.
+ * @throws if the string is not in the expected format.
+ */
+declare function decodeHybridSig(s: string): HybridSignature;
+/**
+ * Encode an ML-DSA-65 public key as a JWK-like object.
+ * Uses `kty: "OKP"`, `alg: "ML-DSA-65"`, `x: <base64url>`.
+ */
+declare function encodeMlDsaPublicKeyJwk(pub: Uint8Array): object;
+/**
+ * Decode an ML-DSA-65 public key from a JWK-like object.
+ * @throws if `kty` or `alg` fields are wrong.
+ */
+declare function decodeMlDsaPublicKeyJwk(jwk: object): Uint8Array;
 /**
  * rcan/mcp.ts — MCP integration types for RCAN v2.2 §22
  *
@@ -2002,4 +2060,4 @@ declare const VERSION = "0.6.0";
 /** @deprecated Use SPEC_VERSION from ./version instead */
 declare const RCAN_VERSION = "1.6";
-export { AUTHORITY_ERROR_CODES, type ApprovalStatus, AuditChain, AuditError, type AuditExportRequest, type AuthorityAccessPayload, type AuthorityAccessPayloadWire, type AuthorityDataCategory, type AuthorityResponseData, type AuthorityResponsePayload, COMPETITION_SCOPE_LEVEL, CONTRIBUTE_SCOPE_LEVEL, type CachedKey, type ChainVerifyResult, ClockDriftError, type ClockSyncStatus, CommitmentRecord, type CommitmentRecordData, type CommitmentRecordJSON, type CompetitionBadge, type CompetitionEnter, type CompetitionFormat, type CompetitionScore, type ComplianceReportResult, type ComputeResource, ConfidenceGate, type ConsentRequestParams, type ConsentResponseParams, type ConsentType, type ContributeCancel, type ContributeRequest, type ContributeResult, DEFAULT_LOA_POLICY, DataCategory, type DelegationHop$1 as DelegationHop, FIRMWARE_MANIFEST_PATH, FaultCode, type FaultReportParams, type FaultSeverity, type FederationSyncPayload, FederationSyncType, type FirmwareComponent, FirmwareIntegrityError, type FirmwareManifest, type FirmwareManifestWire, type FleetListResult, GateError, HiTLGate, type IdentityRecord, type JWKEntry, type JWKSDocument, KeyStore, LOA_TO_SCOPES, LevelOfAssurance, type ListResult, type LoaPolicy, M2MAuthError, type M2MPeerClaims, type M2MTrustedClaims, M2M_TRUSTED_ISSUER, MLDSAKeyPair, type MLDSAKeyPairData, type McpClientConfig, type McpServerConfig, type MediaChunk$1 as MediaChunk, MediaEncoding, MessageType, NodeClient, type OfflineCommandResult, OfflineModeManager, type OfflineState, PRODUCTION_LOA_POLICY, type PendingApproval, type PersonalResearchResult, QoSAckTimeoutError, QoSLevel, QoSManager, type QoSResult, type QoSSendOptions, RCANAddressError, type RCANAgentConfig, type RCANConfig, RCANConfigAuthorizationError, RCANDelegationChainError, RCANError, RCANGateError, RCANMessage, type RCANMessageData, type RCANMessageEnvelope, RCANMessageError, type RCANMetadata, RCANNodeError, RCANNodeNotFoundError, RCANNodeSyncError, RCANNodeTrustError, RCANRegistryError, type RCANRegistryNode, RCANReplayAttackError, type RCANResolveResult, RCANSignatureError, RCANValidationError, RCANVersionIncompatibleError, RCAN_VERSION, ROLE_JWT_LEVEL, RRF_REVOCATION_CACHE_TTL_MS, RRF_REVOCATION_URL, type RegistrationResult, RegistryClient, type RegistryIdentity, RegistryTier, ReplayCache, type ReplayCheckResult, type ReplayableMessage, type ResearchMetrics, RevocationCache$1 as RevocationCache, type RevocationStatus, type RevocationStatusValue, type Robot, type RobotCommandResult, type RobotRegistration, type RobotStatusResult, RobotURI, RobotURIError, type RobotURIOptions, Role, type RrfLookupResult, type RunType, SAFETY_MESSAGE_TYPE, SCOPE_MIN_ROLE, SDK_VERSION, SPEC_VERSION, type SafetyEvent, type SafetyMessage, type ScopeValidationResult, type SeasonStanding, type SenderType, type SignatureBlock, type StandingEntry, type StreamChunk, TOOL_LOA_REQUIREMENTS, type TrainingConsentRequestParams, type TransparencyMessage, TransportEncoding, TransportError, TrustAnchorCache, type V22DelegationHop, type V22MediaChunk, VERSION, type ValidationResult, type WorkUnitStatus, addDelegationHop, addMediaInline, addMediaRef, addPQSignature, assertClockSynced, authorityAccessFromWire, authorityAccessToWire, canonicalManifestJson, checkClockSync, checkRevocation, clientAllowsTool, decodeBleFrames, decodeCompact, decodeMinimal, encodeBleFrames, encodeCompact, encodeMinimal, extractIdentityFromJwt, extractLoaFromJwt, extractRoleFromJwt, fetchCanonicalSchema, fetchRRFRevocations, isAuthorityRequestValid, isM2mTrustedRevoked, isPreemptedBy, isSafetyMessage, makeCloudRelayMessage, makeCompetitionEnter, makeCompetitionScore, makeConfigUpdate, makeConsentDeny, makeConsentGrant, makeConsentRequest, makeContributeCancel, makeContributeRequest, makeContributeResult, makeEstopMessage, makeEstopWithQoS, makeFaultReport, makeFederationSync, makeKeyRotationMessage, makePersonalResearchResult, makeResumeMessage, makeRevocationBroadcast, makeSeasonStanding, makeStopMessage, makeStreamChunk, makeTrainingConsentDeny, makeTrainingConsentGrant, makeTrainingConsentRequest, makeTrainingDataMessage, makeTransparencyMessage, manifestFromWire, manifestToWire, parseM2mPeerToken, parseM2mTrustedToken, roleFromJwtLevel, selectTransport, signMessage, validateAuthorityAccess, validateCompetitionScope, validateConfig, validateConfigAgainstSchema, validateConfigUpdate, validateConsentMessage, validateContributeScope, validateCrossRegistryCommand, validateDelegationChain$1 as validateDelegationChain, validateLoaForScope, validateManifest, validateMediaChunks, validateMessage, validateNodeAgainstSchema, validateReplay, validateRoleForScope, validateSafetyMessage, validateTrainingDataMessage, validateURI, validateDelegationChain as validateV22DelegationChain, validateVersionCompat, verifyM2mTrustedToken, verifyM2mTrustedTokenClaims, verifyMessage, verifyPQSignature, verifyMediaChunkHash as verifyV22MediaChunkHash };
+export { AUTHORITY_ERROR_CODES, type ApprovalStatus, AuditChain, AuditError, type AuditExportRequest, type AuthorityAccessPayload, type AuthorityAccessPayloadWire, type AuthorityDataCategory, type AuthorityResponseData, type AuthorityResponsePayload, COMPETITION_SCOPE_LEVEL, CONTRIBUTE_SCOPE_LEVEL, type CachedKey, type ChainVerifyResult, ClockDriftError, type ClockSyncStatus, CommitmentRecord, type CommitmentRecordData, type CommitmentRecordJSON, type CompetitionBadge, type CompetitionEnter, type CompetitionFormat, type CompetitionScore, type ComplianceReportResult, type ComputeResource, ConfidenceGate, type ConsentRequestParams, type ConsentResponseParams, type ConsentType, type ContributeCancel, type ContributeRequest, type ContributeResult, DEFAULT_LOA_POLICY, DataCategory, type DelegationHop$1 as DelegationHop, FIRMWARE_MANIFEST_PATH, FaultCode, type FaultReportParams, type FaultSeverity, type FederationSyncPayload, FederationSyncType, type FirmwareComponent, FirmwareIntegrityError, type FirmwareManifest, type FirmwareManifestWire, type FleetListResult, GateError, HiTLGate, type HybridSignature, type IdentityRecord, type JWKEntry, type JWKSDocument, KeyStore, LOA_TO_SCOPES, LevelOfAssurance, type ListResult, type LoaPolicy, M2MAuthError, type M2MPeerClaims, type M2MTrustedClaims, M2M_TRUSTED_ISSUER, MLDSAKeyPair, type MLDSAKeyPairData, type McpClientConfig, type McpServerConfig, type MediaChunk$1 as MediaChunk, MediaEncoding, MessageType, type MlDsaKeyPair, NodeClient, type OfflineCommandResult, OfflineModeManager, type OfflineState, PRODUCTION_LOA_POLICY, type PendingApproval, type PersonalResearchResult, QoSAckTimeoutError, QoSLevel, QoSManager, type QoSResult, type QoSSendOptions, RCANAddressError, type RCANAgentConfig, type RCANConfig, RCANConfigAuthorizationError, RCANDelegationChainError, RCANError, RCANGateError, RCANMessage, type RCANMessageData, type RCANMessageEnvelope, RCANMessageError, type RCANMetadata, RCANNodeError, RCANNodeNotFoundError, RCANNodeSyncError, RCANNodeTrustError, RCANRegistryError, type RCANRegistryNode, RCANReplayAttackError, type RCANResolveResult, RCANSignatureError, RCANValidationError, RCANVersionIncompatibleError, RCAN_VERSION, ROLE_JWT_LEVEL, RRF_REVOCATION_CACHE_TTL_MS, RRF_REVOCATION_URL, type RegistrationResult, RegistryClient, type RegistryIdentity, RegistryTier, ReplayCache, type ReplayCheckResult, type ReplayableMessage, type ResearchMetrics, RevocationCache$1 as RevocationCache, type RevocationStatus, type RevocationStatusValue, type Robot, type RobotCommandResult, type RobotRegistration, type RobotStatusResult, RobotURI, RobotURIError, type RobotURIOptions, Role, type RrfLookupResult, type RunType, SAFETY_MESSAGE_TYPE, SCOPE_MIN_ROLE, SDK_VERSION, SPEC_VERSION, type SafetyEvent, type SafetyMessage, type ScopeValidationResult, type SeasonStanding, type SenderType, type SignatureBlock, type StandingEntry, type StreamChunk, TOOL_LOA_REQUIREMENTS, type TrainingConsentRequestParams, type TransparencyMessage, TransportEncoding, TransportError, TrustAnchorCache, type V22DelegationHop, type V22MediaChunk, VERSION, type ValidationResult, type WorkUnitStatus, addDelegationHop, addMediaInline, addMediaRef, addPQSignature, assertClockSynced, authorityAccessFromWire, authorityAccessToWire, canonicalManifestJson, checkClockSync, checkRevocation, clientAllowsTool, decodeBleFrames, decodeCompact, decodeHybridSig, decodeMinimal, decodeMlDsaPublicKeyJwk, encodeBleFrames, encodeCompact, encodeHybridSig, encodeMinimal, encodeMlDsaPublicKeyJwk, extractIdentityFromJwt, extractLoaFromJwt, extractRoleFromJwt, fetchCanonicalSchema, fetchRRFRevocations, generateMlDsaKeypair, isAuthorityRequestValid, isM2mTrustedRevoked, isPreemptedBy, isSafetyMessage, makeCloudRelayMessage, makeCompetitionEnter, makeCompetitionScore, makeConfigUpdate, makeConsentDeny, makeConsentGrant, makeConsentRequest, makeContributeCancel, makeContributeRequest, makeContributeResult, makeEstopMessage, makeEstopWithQoS, makeFaultReport, makeFederationSync, makeKeyRotationMessage, makePersonalResearchResult, makeResumeMessage, makeRevocationBroadcast, makeSeasonStanding, makeStopMessage, makeStreamChunk, makeTrainingConsentDeny, makeTrainingConsentGrant, makeTrainingConsentRequest, makeTrainingDataMessage, makeTransparencyMessage, manifestFromWire, manifestToWire, parseM2mPeerToken, parseM2mTrustedToken, roleFromJwtLevel, selectTransport, signHybrid, signMessage, signMlDsa, validateAuthorityAccess, validateCompetitionScope, validateConfig, validateConfigAgainstSchema, validateConfigUpdate, validateConsentMessage, validateContributeScope, validateCrossRegistryCommand, validateDelegationChain$1 as validateDelegationChain, validateLoaForScope, validateManifest, validateMediaChunks, validateMessage, validateNodeAgainstSchema, validateReplay, validateRoleForScope, validateSafetyMessage, validateTrainingDataMessage, validateURI, validateDelegationChain as validateV22DelegationChain, validateVersionCompat, verifyHybrid, verifyM2mTrustedToken, verifyM2mTrustedTokenClaims, verifyMessage, verifyMlDsa, verifyPQSignature, verifyMediaChunkHash as verifyV22MediaChunkHash };