@de-otio/chaoskb-client 0.3.6 → 0.3.7

package/dist/crypto/commitment.js

@@ -1,30 +1,6 @@
-import * as crypto from 'node:crypto';
-import { hmac } from '@noble/hashes/hmac.js';
-import { sha256 } from '@noble/hashes/sha2.js';
 /**
- * Compute HMAC-SHA256 key commitment.
- * commitment = HMAC-SHA256(commitKey, blobIdBytes || rawCt)
- * where blobIdBytes is the UTF-8 encoding of the blob ID string.
+ * Re-export of HMAC-SHA256 key-commitment primitives from
+ * `@de-otio/crypto-envelope/primitives`.
  */
-export function computeCommitment(commitKey, blobId, rawCt) {
-    const blobIdBytes = new TextEncoder().encode(blobId);
-    const message = new Uint8Array(blobIdBytes.length + rawCt.length);
-    message.set(blobIdBytes, 0);
-    message.set(rawCt, blobIdBytes.length);
-    return hmac(sha256, commitKey, message);
-}
-/**
- * Verify a key commitment using constant-time comparison.
- * Returns true if the commitment is valid.
- */
-export function verifyCommitment(commitKey, blobId, rawCt, expected) {
-    const computed = computeCommitment(commitKey, blobId, rawCt);
-    return constantTimeEqual(computed, expected);
-}
-function constantTimeEqual(a, b) {
-    if (a.length !== b.length) {
-        return false;
-    }
-    return crypto.timingSafeEqual(a, b);
-}
+export { computeCommitment, verifyCommitment, } from '@de-otio/crypto-envelope/primitives';
 //# sourceMappingURL=commitment.js.map

package/dist/crypto/commitment.js.map

@@ -1 +1 @@
-{"version":3,"file":"commitment.js","sourceRoot":"","sources":["../../crypto/commitment.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,SAAqB,EACrB,MAAc,EACd,KAAiB;IAEjB,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IACvC,OAAO,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;AAC1C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,SAAqB,EACrB,MAAc,EACd,KAAiB,EACjB,QAAoB;IAEpB,MAAM,QAAQ,GAAG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC7D,OAAO,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAa,EAAE,CAAa;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACtC,CAAC"}
+{"version":3,"file":"commitment.js","sourceRoot":"","sources":["../../crypto/commitment.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EACL,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,qCAAqC,CAAC"}

package/dist/crypto/encryption-service.d.ts

@@ -3,6 +3,9 @@ import type { DerivedKeySet, DecryptResult, EncryptResult, Envelope, IEncryption
  * Concrete implementation of IEncryptionService.
  *
  * Wraps the standalone crypto functions into a single injectable service.
+ * Scope: chaoskb's knowledge-base blob pipeline (source/chunk/canary
+ * envelopes). Master-key wrapping, passphrase KDF, project keys, and
+ * device/invite flows live in `@de-otio/keyring`.
  */
 export declare class EncryptionService implements IEncryptionService {
     /** Generate a new random 32-byte master key in a SecureBuffer. */

package/dist/crypto/encryption-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"encryption-service.d.ts","sourceRoot":"","sources":["../../crypto/encryption-service.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EACV,aAAa,EACb,aAAa,EACb,aAAa,EACb,QAAQ,EACR,kBAAkB,EAClB,aAAa,EACb,KAAK,EACL,OAAO,EACR,MAAM,YAAY,CAAC;AAEpB;;;;GAIG;AACH,qBAAa,iBAAkB,YAAW,kBAAkB;IAC1D,kEAAkE;IAClE,iBAAiB,IAAI,aAAa;IASlC,4DAA4D;IAC5D,UAAU,CAAC,SAAS,EAAE,aAAa,EAAE,IAAI,CAAC,EAAE,UAAU,GAAG,aAAa;IAItE,0CAA0C;IAC1C,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,CAAC,EAAE,KAAK,GAAG,aAAa;IAI1E,0CAA0C;IAC1C,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,GAAG,aAAa;IAI/D,sDAAsD;IACtD,cAAc,IAAI,MAAM;CAGzB"}
+{"version":3,"file":"encryption-service.d.ts","sourceRoot":"","sources":["../../crypto/encryption-service.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EACV,aAAa,EACb,aAAa,EACb,aAAa,EACb,QAAQ,EACR,kBAAkB,EAClB,aAAa,EACb,KAAK,EACL,OAAO,EACR,MAAM,YAAY,CAAC;AAEpB;;;;;;;GAOG;AACH,qBAAa,iBAAkB,YAAW,kBAAkB;IAC1D,kEAAkE;IAClE,iBAAiB,IAAI,aAAa;IASlC,4DAA4D;IAC5D,UAAU,CAAC,SAAS,EAAE,aAAa,EAAE,IAAI,CAAC,EAAE,UAAU,GAAG,aAAa;IAItE,0CAA0C;IAC1C,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,CAAC,EAAE,KAAK,GAAG,aAAa;IAI1E,0CAA0C;IAC1C,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,GAAG,aAAa;IAI/D,sDAAsD;IACtD,cAAc,IAAI,MAAM;CAGzB"}

package/dist/crypto/encryption-service.js

@@ -1,22 +1,26 @@
 import { randomBytes } from 'node:crypto';
+import { SecureBuffer } from '@de-otio/crypto-envelope';
 import { generateBlobId } from './blob-id.js';
 import { encryptPayload, decryptEnvelope } from './envelope.js';
 import { deriveKeySet } from './hkdf.js';
-import { SecureBuffer } from './secure-buffer.js';
 /**
  * Concrete implementation of IEncryptionService.
  *
  * Wraps the standalone crypto functions into a single injectable service.
+ * Scope: chaoskb's knowledge-base blob pipeline (source/chunk/canary
+ * envelopes). Master-key wrapping, passphrase KDF, project keys, and
+ * device/invite flows live in `@de-otio/keyring`.
  */
 export class EncryptionService {
     /** Generate a new random 32-byte master key in a SecureBuffer. */
     generateMasterKey() {
-        const sb = SecureBuffer.alloc(32);
         const tmp = randomBytes(32);
-        tmp.copy(sb.buffer);
-        // Zero the temporary buffer
-        tmp.fill(0);
-        return sb;
+        try {
+            return SecureBuffer.from(Buffer.from(tmp));
+        }
+        finally {
+            tmp.fill(0);
+        }
     }
     /** Derive all subkeys from a master key via HKDF-SHA256. */
     deriveKeys(masterKey, salt) {

package/dist/crypto/encryption-service.js.map

@@ -1 +1 @@
-{"version":3,"file":"encryption-service.js","sourceRoot":"","sources":["../../crypto/encryption-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAYlD;;;;GAIG;AACH,MAAM,OAAO,iBAAiB;IAC5B,kEAAkE;IAClE,iBAAiB;QACf,MAAM,EAAE,GAAG,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC5B,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QACpB,4BAA4B;QAC5B,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACZ,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,4DAA4D;IAC5D,UAAU,CAAC,SAAwB,EAAE,IAAiB;QACpD,OAAO,YAAY,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IAED,0CAA0C;IAC1C,OAAO,CAAC,OAAgB,EAAE,IAAmB,EAAE,GAAW;QACxD,OAAO,cAAc,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC;IAED,0CAA0C;IAC1C,OAAO,CAAC,QAAkB,EAAE,IAAmB;QAC7C,OAAO,eAAe,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACzC,CAAC;IAED,sDAAsD;IACtD,cAAc;QACZ,OAAO,cAAc,EAAE,CAAC;IAC1B,CAAC;CACF"}
+{"version":3,"file":"encryption-service.js","sourceRoot":"","sources":["../../crypto/encryption-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAYzC;;;;;;;GAOG;AACH,MAAM,OAAO,iBAAiB;IAC5B,kEAAkE;IAClE,iBAAiB;QACf,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC5B,IAAI,CAAC;YACH,OAAO,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7C,CAAC;gBAAS,CAAC;YACT,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACd,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,UAAU,CAAC,SAAwB,EAAE,IAAiB;QACpD,OAAO,YAAY,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IAED,0CAA0C;IAC1C,OAAO,CAAC,OAAgB,EAAE,IAAmB,EAAE,GAAW;QACxD,OAAO,cAAc,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC;IAED,0CAA0C;IAC1C,OAAO,CAAC,QAAkB,EAAE,IAAmB;QAC7C,OAAO,eAAe,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACzC,CAAC;IAED,sDAAsD;IACtD,cAAc;QACZ,OAAO,cAAc,EAAE,CAAC;IAC1B,CAAC;CACF"}

package/dist/crypto/envelope-cbor.d.ts

@@ -1,37 +1,7 @@
 /**
- * CBOR serialization for ChaosKB envelopes (v2 wire format).
- *
- * v2 envelopes store ciphertext and commitment as raw binary (Uint8Array)
- * instead of base64, saving ~33% size overhead on the ciphertext field.
- *
- * Backward compatibility: can read both v1 (JSON) and v2 (CBOR) envelopes.
+ * chaoskb's CBOR envelope helpers, aliased to the `@de-otio/crypto-envelope`
+ * implementations. Preserves the historical chaoskb names
+ * (`serializeEnvelopeCBOR`, `deserializeEnvelope`).
  */
-import type { Envelope, EnvelopeV2, AnyEnvelope } from './types.js';
-/**
- * Serialize an envelope to CBOR binary format (v2).
- *
- * @param envelope - A v2 envelope with raw binary ct and commit.
- * @returns CBOR-encoded bytes.
- */
-export declare function serializeEnvelopeCBOR(envelope: EnvelopeV2): Uint8Array;
-/**
- * Deserialize bytes into an envelope, auto-detecting the format.
- *
- * - If bytes start with "CKB" magic header, decode as CBOR (v2)
- * - If bytes start with '{', decode as JSON (v1)
- *
- * @param bytes - Raw envelope bytes.
- * @returns Parsed envelope (v1 or v2).
- */
-export declare function deserializeEnvelope(bytes: Uint8Array): AnyEnvelope;
-/**
- * Convert a v1 (JSON) envelope to a v2 (CBOR) envelope.
- * Decodes base64 fields to raw binary.
- */
-export declare function upgradeToV2(v1: Envelope): EnvelopeV2;
-/**
- * Convert a v2 (CBOR) envelope back to v1 (JSON) format.
- * Encodes binary fields as base64.
- */
-export declare function downgradeToV1(v2: EnvelopeV2): Envelope;
+export { serializeV2 as serializeEnvelopeCBOR, deserialize as deserializeEnvelope, upgradeToV2, downgradeToV1, } from '@de-otio/crypto-envelope';
 //# sourceMappingURL=envelope-cbor.d.ts.map

package/dist/crypto/envelope-cbor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"envelope-cbor.d.ts","sourceRoot":"","sources":["../../crypto/envelope-cbor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAKpE;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,UAAU,GAAG,UAAU,CAqBtE;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,UAAU,GAAG,WAAW,CAalE;AAiDD;;;GAGG;AACH,wBAAgB,WAAW,CAAC,EAAE,EAAE,QAAQ,GAAG,UAAU,CAYpD;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,EAAE,EAAE,UAAU,GAAG,QAAQ,CActD"}
+{"version":3,"file":"envelope-cbor.d.ts","sourceRoot":"","sources":["../../crypto/envelope-cbor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EACL,WAAW,IAAI,qBAAqB,EACpC,WAAW,IAAI,mBAAmB,EAClC,WAAW,EACX,aAAa,GACd,MAAM,0BAA0B,CAAC"}

package/dist/crypto/envelope-cbor.js

@@ -1,124 +1,7 @@
 /**
- * CBOR serialization for ChaosKB envelopes (v2 wire format).
- *
- * v2 envelopes store ciphertext and commitment as raw binary (Uint8Array)
- * instead of base64, saving ~33% size overhead on the ciphertext field.
- *
- * Backward compatibility: can read both v1 (JSON) and v2 (CBOR) envelopes.
+ * chaoskb's CBOR envelope helpers, aliased to the `@de-otio/crypto-envelope`
+ * implementations. Preserves the historical chaoskb names
+ * (`serializeEnvelopeCBOR`, `deserializeEnvelope`).
  */
-import { encode, decode } from 'cborg';
-/** CBOR tag used to identify ChaosKB envelopes (arbitrary, in private range). */
-const CHAOSKB_CBOR_MAGIC = new Uint8Array([0x43, 0x4b, 0x42]); // "CKB"
-/**
- * Serialize an envelope to CBOR binary format (v2).
- *
- * @param envelope - A v2 envelope with raw binary ct and commit.
- * @returns CBOR-encoded bytes.
- */
-export function serializeEnvelopeCBOR(envelope) {
-    const cborPayload = {
-        v: envelope.v,
-        id: envelope.id,
-        ts: envelope.ts,
-        enc: {
-            alg: envelope.enc.alg,
-            kid: envelope.enc.kid,
-            ct: envelope.enc.ct,
-            commit: envelope.enc.commit,
-        },
-    };
-    const cborBytes = encode(cborPayload);
-    // Prepend magic header so we can distinguish CBOR from JSON
-    const result = new Uint8Array(CHAOSKB_CBOR_MAGIC.length + cborBytes.length);
-    result.set(CHAOSKB_CBOR_MAGIC, 0);
-    result.set(cborBytes, CHAOSKB_CBOR_MAGIC.length);
-    return result;
-}
-/**
- * Deserialize bytes into an envelope, auto-detecting the format.
- *
- * - If bytes start with "CKB" magic header, decode as CBOR (v2)
- * - If bytes start with '{', decode as JSON (v1)
- *
- * @param bytes - Raw envelope bytes.
- * @returns Parsed envelope (v1 or v2).
- */
-export function deserializeEnvelope(bytes) {
-    // Check for CBOR magic header
-    if (bytes.length >= CHAOSKB_CBOR_MAGIC.length &&
-        bytes[0] === CHAOSKB_CBOR_MAGIC[0] &&
-        bytes[1] === CHAOSKB_CBOR_MAGIC[1] &&
-        bytes[2] === CHAOSKB_CBOR_MAGIC[2]) {
-        return deserializeCBOR(bytes.subarray(CHAOSKB_CBOR_MAGIC.length));
-    }
-    // Try JSON (v1)
-    return deserializeJSON(bytes);
-}
-/**
- * Decode CBOR bytes into a v2 envelope.
- */
-function deserializeCBOR(cborBytes) {
-    const parsed = decode(cborBytes);
-    if (parsed.v !== 2) {
-        throw new Error(`CBOR envelope has unexpected version: ${parsed.v}`);
-    }
-    return {
-        v: 2,
-        id: parsed.id,
-        ts: parsed.ts,
-        enc: {
-            alg: parsed.enc.alg,
-            kid: parsed.enc.kid,
-            ct: new Uint8Array(parsed.enc.ct),
-            commit: new Uint8Array(parsed.enc.commit),
-        },
-    };
-}
-/**
- * Decode JSON bytes into a v1 envelope.
- */
-function deserializeJSON(bytes) {
-    const json = new TextDecoder().decode(bytes);
-    const parsed = JSON.parse(json);
-    if (parsed.v !== 1) {
-        throw new Error(`JSON envelope has unexpected version: ${parsed.v}`);
-    }
-    return parsed;
-}
-/**
- * Convert a v1 (JSON) envelope to a v2 (CBOR) envelope.
- * Decodes base64 fields to raw binary.
- */
-export function upgradeToV2(v1) {
-    return {
-        v: 2,
-        id: v1.id,
-        ts: v1.ts,
-        enc: {
-            alg: v1.enc.alg,
-            kid: v1.enc.kid,
-            ct: new Uint8Array(Buffer.from(v1.enc.ct, 'base64')),
-            commit: new Uint8Array(Buffer.from(v1.enc.commit, 'base64')),
-        },
-    };
-}
-/**
- * Convert a v2 (CBOR) envelope back to v1 (JSON) format.
- * Encodes binary fields as base64.
- */
-export function downgradeToV1(v2) {
-    const ctBase64 = Buffer.from(v2.enc.ct).toString('base64');
-    return {
-        v: 1,
-        id: v2.id,
-        ts: v2.ts,
-        enc: {
-            alg: v2.enc.alg,
-            kid: v2.enc.kid,
-            ct: ctBase64,
-            'ct.len': v2.enc.ct.length,
-            commit: Buffer.from(v2.enc.commit).toString('base64'),
-        },
-    };
-}
+export { serializeV2 as serializeEnvelopeCBOR, deserialize as deserializeEnvelope, upgradeToV2, downgradeToV1, } from '@de-otio/crypto-envelope';
 //# sourceMappingURL=envelope-cbor.js.map

package/dist/crypto/envelope-cbor.js.map

@@ -1 +1 @@
-{"version":3,"file":"envelope-cbor.js","sourceRoot":"","sources":["../../crypto/envelope-cbor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAGvC,iFAAiF;AACjF,MAAM,kBAAkB,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ;AAEvE;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAoB;IACxD,MAAM,WAAW,GAAG;QAClB,CAAC,EAAE,QAAQ,CAAC,CAAC;QACb,EAAE,EAAE,QAAQ,CAAC,EAAE;QACf,EAAE,EAAE,QAAQ,CAAC,EAAE;QACf,GAAG,EAAE;YACH,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG;YACrB,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG;YACrB,EAAE,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE;YACnB,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,MAAM;SAC5B;KACF,CAAC;IAEF,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;IAEtC,4DAA4D;IAC5D,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,kBAAkB,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC5E,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC;IAClC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAEjD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAiB;IACnD,8BAA8B;IAC9B,IACE,KAAK,CAAC,MAAM,IAAI,kBAAkB,CAAC,MAAM;QACzC,KAAK,CAAC,CAAC,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC;QAClC,KAAK,CAAC,CAAC,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC;QAClC,KAAK,CAAC,CAAC,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC,EAClC,CAAC;QACD,OAAO,eAAe,CAAC,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,gBAAgB;IAChB,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,SAAqB;IAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAU9B,CAAC;IAEF,IAAI,MAAM,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,yCAAyC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,OAAO;QACL,CAAC,EAAE,CAAC;QACJ,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,GAAG,EAAE;YACH,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAA+B;YAC/C,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAA+B;YAC/C,EAAE,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;SAC1C;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,KAAiB;IACxC,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAa,CAAC;IAE5C,IAAI,MAAM,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,yCAAyC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,EAAY;IACtC,OAAO;QACL,CAAC,EAAE,CAAC;QACJ,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,GAAG,EAAE;YACH,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG;YACf,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG;YACf,EAAE,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;YACpD,MAAM,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SAC7D;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,EAAc;IAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3D,OAAO;QACL,CAAC,EAAE,CAAC;QACJ,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,GAAG,EAAE;YACH,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG;YACf,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG;YACf,EAAE,EAAE,QAAQ;YACZ,QAAQ,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM;YAC1B,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;SACtD;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"envelope-cbor.js","sourceRoot":"","sources":["../../crypto/envelope-cbor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EACL,WAAW,IAAI,qBAAqB,EACpC,WAAW,IAAI,mBAAmB,EAClC,WAAW,EACX,aAAa,GACd,MAAM,0BAA0B,CAAC"}

package/dist/crypto/envelope.d.ts

@@ -1,34 +1,4 @@
-import type { DerivedKeySet, DecryptResult, EncryptResult, Envelope, KeyId, Payload } from './types.js';
-/**
- * Encrypt a payload into an envelope (v1).
- *
- * Steps per the envelope spec:
- *  1. Serialize payload to canonical JSON, convert to UTF-8 bytes
- *  2. Generate blob ID
- *  3. Select key by kid (default CEK)
- *  4. Construct AAD
- *  5. Encrypt with AEAD
- *  6. Concatenate: rawCt = nonce || ciphertext || tag
- *  7. Compute commitment: HMAC-SHA256(commitKey, blobId || rawCt)
- *  8. Verify-after-encrypt: decrypt rawCt, compare with original plaintext
- *  9. Base64-encode ct and commit
- * 10. Assemble Envelope object
- * 11. Return EncryptResult with envelope and serialized JSON bytes
- */
+import type { DecryptResult, DerivedKeySet, EncryptResult, Envelope, KeyId, Payload } from './types.js';
 export declare function encryptPayload(payload: Payload, keys: DerivedKeySet, kid?: KeyId): EncryptResult;
-/**
- * Decrypt an envelope into a payload.
- *
- * Steps per the envelope spec:
- *  1. Check v == 1
- *  2. Base64-decode ct
- *  3. Verify ct.len matches decoded length
- *  4. Verify key commitment
- *  5. Construct AAD
- *  6. Split rawCt into nonce, ciphertext, tag
- *  7. Decrypt
- *  8. Parse plaintext as JSON, validate type field
- *  9. Return DecryptResult
- */
 export declare function decryptEnvelope(envelope: Envelope, keys: DerivedKeySet): DecryptResult;
 //# sourceMappingURL=envelope.d.ts.map

package/dist/crypto/envelope.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"envelope.d.ts","sourceRoot":"","sources":["../../crypto/envelope.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAEV,aAAa,EACb,aAAa,EACb,aAAa,EACb,QAAQ,EACR,KAAK,EACL,OAAO,EACR,MAAM,YAAY,CAAC;AAwBpB;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,aAAa,EACnB,GAAG,GAAE,KAAa,GACjB,aAAa,CA0Df;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,GAAG,aAAa,CA0DtF"}
+{"version":3,"file":"envelope.d.ts","sourceRoot":"","sources":["../../crypto/envelope.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,aAAa,EACb,aAAa,EACb,aAAa,EACb,QAAQ,EACR,KAAK,EACL,OAAO,EACR,MAAM,YAAY,CAAC;AA0BpB,wBAAgB,cAAc,CAC5B,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,aAAa,EACnB,GAAG,GAAE,KAAa,GACjB,aAAa,CAUf;AASD,wBAAgB,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,GAAG,aAAa,CAmBtF"}

package/dist/crypto/envelope.js

@@ -1,16 +1,11 @@
-import * as crypto from 'node:crypto';
-import { aeadDecrypt, aeadEncrypt } from './aead.js';
-import { constructAAD } from './aad.js';
-import { generateBlobId } from './blob-id.js';
-import { canonicalJson } from './canonical-json.js';
-import { computeCommitment, verifyCommitment } from './commitment.js';
-// Algorithm parameters: nonce size and tag size
-const ALG_PARAMS = {
-    'XChaCha20-Poly1305': { nonceSize: 24, tagSize: 16 },
-    'AES-256-GCM': { nonceSize: 12, tagSize: 16 },
-};
+import { decryptV1, encryptV1 } from '@de-otio/crypto-envelope';
 /**
- * Look up the encryption key for a given key identifier.
+ * chaoskb's envelope API, adapted to delegate to `@de-otio/crypto-envelope`.
+ *
+ * The package takes explicit `cek` and `commitKey` bytes; chaoskb's callers
+ * still pass a `DerivedKeySet` and a `KeyId`, so this adapter unpacks the
+ * right key by `kid` and validates the chaoskb-specific payload type on
+ * decrypt.
  */
 function getKey(keys, kid) {
     switch (kid) {
@@ -20,137 +15,36 @@ function getKey(keys, kid) {
             return new Uint8Array(keys.metadataKey.buffer);
         case 'EEK':
             return new Uint8Array(keys.embeddingKey.buffer);
-        default:
-            throw new Error(`Unknown key identifier: ${kid}`);
+        default: {
+            const _exhaustive = kid;
+            throw new Error(`Unknown key identifier: ${_exhaustive}`);
+        }
     }
 }
-/**
- * Encrypt a payload into an envelope (v1).
- *
- * Steps per the envelope spec:
- *  1. Serialize payload to canonical JSON, convert to UTF-8 bytes
- *  2. Generate blob ID
- *  3. Select key by kid (default CEK)
- *  4. Construct AAD
- *  5. Encrypt with AEAD
- *  6. Concatenate: rawCt = nonce || ciphertext || tag
- *  7. Compute commitment: HMAC-SHA256(commitKey, blobId || rawCt)
- *  8. Verify-after-encrypt: decrypt rawCt, compare with original plaintext
- *  9. Base64-encode ct and commit
- * 10. Assemble Envelope object
- * 11. Return EncryptResult with envelope and serialized JSON bytes
- */
 export function encryptPayload(payload, keys, kid = 'CEK') {
-    const alg = 'XChaCha20-Poly1305';
-    // 1. Serialize to canonical JSON
-    const json = canonicalJson(payload);
-    const plaintextBytes = new TextEncoder().encode(json);
-    // 2. Generate blob ID
-    const blobId = generateBlobId();
-    // 3. Select encryption key
-    const encKey = getKey(keys, kid);
-    // 4. Construct AAD
-    const aad = constructAAD(alg, blobId, kid, 1);
-    // 5. Encrypt
-    const { nonce, ciphertext, tag } = aeadEncrypt(encKey, plaintextBytes, aad);
-    // 6. Concatenate: rawCt = nonce || ciphertext || tag
-    const rawCt = new Uint8Array(nonce.length + ciphertext.length + tag.length);
-    rawCt.set(nonce, 0);
-    rawCt.set(ciphertext, nonce.length);
-    rawCt.set(tag, nonce.length + ciphertext.length);
-    // 7. Compute key commitment
-    const commitKey = new Uint8Array(keys.commitKey.buffer);
-    const commitment = computeCommitment(commitKey, blobId, rawCt);
-    // 8. Verify-after-encrypt: decrypt and compare
-    const recovered = aeadDecrypt(encKey, nonce, ciphertext, tag, aad);
-    if (!constantTimeEqual(recovered, plaintextBytes)) {
-        throw new Error('Verify-after-encrypt failed: decrypted plaintext does not match original');
-    }
-    // 9. Base64-encode
-    const ctBase64 = Buffer.from(rawCt).toString('base64');
-    const commitBase64 = Buffer.from(commitment).toString('base64');
-    // 10. Assemble envelope
-    const envelope = {
-        v: 1,
-        id: blobId,
-        ts: new Date().toISOString(),
-        enc: {
-            alg,
-            kid,
-            ct: ctBase64,
-            'ct.len': rawCt.length,
-            commit: commitBase64,
-        },
-    };
-    // 11. Serialize envelope to bytes
-    const envelopeJson = JSON.stringify(envelope);
-    const bytes = new TextEncoder().encode(envelopeJson);
+    const envelope = encryptV1({
+        payload: payload,
+        cek: getKey(keys, kid),
+        commitKey: new Uint8Array(keys.commitKey.buffer),
+        kid,
+    });
+    const bytes = new TextEncoder().encode(JSON.stringify(envelope));
     return { envelope, bytes };
 }
-/**
- * Decrypt an envelope into a payload.
- *
- * Steps per the envelope spec:
- *  1. Check v == 1
- *  2. Base64-decode ct
- *  3. Verify ct.len matches decoded length
- *  4. Verify key commitment
- *  5. Construct AAD
- *  6. Split rawCt into nonce, ciphertext, tag
- *  7. Decrypt
- *  8. Parse plaintext as JSON, validate type field
- *  9. Return DecryptResult
- */
-export function decryptEnvelope(envelope, keys) {
-    // 1. Check version
-    if (envelope.v !== 1) {
-        throw new Error(`Unsupported envelope version: ${envelope.v}. Please update the app.`);
-    }
-    const alg = envelope.enc.alg;
-    const params = ALG_PARAMS[alg];
-    if (!params) {
-        throw new Error(`Unsupported algorithm: ${alg}`);
-    }
-    // 2. Base64-decode ct
-    const rawCt = new Uint8Array(Buffer.from(envelope.enc.ct, 'base64'));
-    // Verify minimum length
-    const minLength = params.nonceSize + params.tagSize + 1;
-    if (rawCt.length < minLength) {
-        throw new Error(`Truncated ciphertext: expected at least ${minLength} bytes, got ${rawCt.length}`);
-    }
-    // 3. Verify ct.len
-    if (envelope.enc['ct.len'] !== undefined && rawCt.length !== envelope.enc['ct.len']) {
-        throw new Error(`Ciphertext length mismatch: ct.len=${envelope.enc['ct.len']}, actual=${rawCt.length}`);
+function toKeyId(kid) {
+    if (kid === 'CEK' || kid === 'MEK' || kid === 'EEK') {
+        return kid;
     }
-    // 4. Verify key commitment
-    const commitKey = new Uint8Array(keys.commitKey.buffer);
-    const expectedCommit = new Uint8Array(Buffer.from(envelope.enc.commit, 'base64'));
-    if (!verifyCommitment(commitKey, envelope.id, rawCt, expectedCommit)) {
-        throw new Error('Key commitment verification failed');
-    }
-    // 5. Construct AAD
-    const aad = constructAAD(alg, envelope.id, envelope.enc.kid, envelope.v);
-    // 6. Split rawCt into nonce, ciphertext, tag
-    const nonce = rawCt.slice(0, params.nonceSize);
-    const ciphertext = rawCt.slice(params.nonceSize, rawCt.length - params.tagSize);
-    const tag = rawCt.slice(rawCt.length - params.tagSize);
-    // 7. Decrypt
-    const encKey = getKey(keys, envelope.enc.kid);
-    const plaintext = aeadDecrypt(encKey, nonce, ciphertext, tag, aad);
-    // 8. Parse plaintext as JSON
-    const json = new TextDecoder().decode(plaintext);
-    const payload = JSON.parse(json);
-    // Validate type field exists
-    if (!payload.type || !['source', 'chunk', 'canary'].includes(payload.type)) {
-        throw new Error(`Invalid payload type: ${payload.type}`);
-    }
-    // 9. Return result
-    return { payload, envelope };
+    throw new Error(`Unknown key identifier: ${kid}`);
 }
-function constantTimeEqual(a, b) {
-    if (a.length !== b.length) {
-        return false;
-    }
-    return crypto.timingSafeEqual(a, b);
+export function decryptEnvelope(envelope, keys) {
+    const plaintext = decryptV1(envelope, getKey(keys, toKeyId(envelope.enc.kid)), new Uint8Array(keys.commitKey.buffer));
+    // chaoskb-specific payload-type validation — the generic envelope
+    // package doesn't know which payload shapes chaoskb considers valid.
+    if (!plaintext.type ||
+        !['source', 'chunk', 'canary'].includes(plaintext.type)) {
+        throw new Error(`Invalid payload type: ${plaintext.type}`);
+    }
+    return { payload: plaintext, envelope };
 }
 //# sourceMappingURL=envelope.js.map

package/dist/crypto/envelope.js.map

@@ -1 +1 @@
-{"version":3,"file":"envelope.js","sourceRoot":"","sources":["../../crypto/envelope.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAWtE,gDAAgD;AAChD,MAAM,UAAU,GAA8D;IAC5E,oBAAoB,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;IACpD,aAAa,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;CAC9C,CAAC;AAEF;;GAEG;AACH,SAAS,MAAM,CAAC,IAAmB,EAAE,GAAU;IAC7C,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,KAAK;YACR,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAChD,KAAK,KAAK;YACR,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACjD,KAAK,KAAK;YACR,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAClD;YACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,cAAc,CAC5B,OAAgB,EAChB,IAAmB,EACnB,MAAa,KAAK;IAElB,MAAM,GAAG,GAAc,oBAAoB,CAAC;IAE5C,iCAAiC;IACjC,MAAM,IAAI,GAAG,aAAa,CAAC,OAA6C,CAAC,CAAC;IAC1E,MAAM,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAEtD,sBAAsB;IACtB,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAEhC,2BAA2B;IAC3B,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAEjC,mBAAmB;IACnB,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IAE9C,aAAa;IACb,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,WAAW,CAAC,MAAM,EAAE,cAAc,EAAE,GAAG,CAAC,CAAC;IAE5E,qDAAqD;IACrD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5E,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACpB,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACpC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAEjD,4BAA4B;IAC5B,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACxD,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAE/D,+CAA+C;IAC/C,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACnE,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IAED,mBAAmB;IACnB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEhE,wBAAwB;IACxB,MAAM,QAAQ,GAAa;QACzB,CAAC,EAAE,CAAC;QACJ,EAAE,EAAE,MAAM;QACV,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,GAAG,EAAE;YACH,GAAG;YACH,GAAG;YACH,EAAE,EAAE,QAAQ;YACZ,QAAQ,EAAE,KAAK,CAAC,MAAM;YACtB,MAAM,EAAE,YAAY;SACrB;KACF,CAAC;IAEF,kCAAkC;IAClC,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAErD,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AAC7B,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,eAAe,CAAC,QAAkB,EAAE,IAAmB;IACrE,mBAAmB;IACnB,IAAI,QAAQ,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,CAAC,CAAC,0BAA0B,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;IAC7B,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,sBAAsB;IACtB,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAC;IAErE,wBAAwB;IACxB,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,OAAO,GAAG,CAAC,CAAC;IACxD,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,2CAA2C,SAAS,eAAe,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACrG,CAAC;IAED,mBAAmB;IACnB,IAAI,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpF,MAAM,IAAI,KAAK,CACb,sCAAsC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,KAAK,CAAC,MAAM,EAAE,CACvF,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACxD,MAAM,cAAc,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClF,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,EAAE,KAAK,EAAE,cAAc,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,mBAAmB;IACnB,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;IAEzE,6CAA6C;IAC7C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IAChF,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IAEvD,aAAa;IACb,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IAEnE,6BAA6B;IAC7B,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAY,CAAC;IAE5C,6BAA6B;IAC7B,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,yBAA0B,OAA8C,CAAC,IAAI,EAAE,CAAC,CAAC;IACnG,CAAC;IAED,mBAAmB;IACnB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;AAC/B,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAa,EAAE,CAAa;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACtC,CAAC"}
+{"version":3,"file":"envelope.js","sourceRoot":"","sources":["../../crypto/envelope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AAUhE;;;;;;;GAOG;AAEH,SAAS,MAAM,CAAC,IAAmB,EAAE,GAAU;IAC7C,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,KAAK;YACR,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAChD,KAAK,KAAK;YACR,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACjD,KAAK,KAAK;YACR,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAClD,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,WAAW,GAAU,GAAG,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,2BAA2B,WAAW,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,OAAgB,EAChB,IAAmB,EACnB,MAAa,KAAK;IAElB,MAAM,QAAQ,GAAG,SAAS,CAAC;QACzB,OAAO,EAAE,OAA6C;QACtD,GAAG,EAAE,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC;QACtB,SAAS,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;QAChD,GAAG;KACJ,CAAa,CAAC;IAEf,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IACjE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AAC7B,CAAC;AAED,SAAS,OAAO,CAAC,GAAW;IAC1B,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QACpD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,EAAE,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,QAAkB,EAAE,IAAmB;IACrE,MAAM,SAAS,GAAG,SAAS,CACzB,QAAQ,EACR,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EACvC,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAChB,CAAC;IAExB,kEAAkE;IAClE,qEAAqE;IACrE,IACE,CAAC,SAAS,CAAC,IAAI;QACf,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,EACvD,CAAC;QACD,MAAM,IAAI,KAAK,CACb,yBAA0B,SAAgD,CAAC,IAAI,EAAE,CAClF,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AAC1C,CAAC"}

package/dist/crypto/hkdf.d.ts

@@ -1,16 +1,12 @@
+import { deriveKey } from '@de-otio/crypto-envelope/primitives';
 import type { DerivedKeySet } from './types.js';
+export { deriveKey };
 /**
- * Derive a key using HKDF-SHA256 (Extract+Expand per RFC 5869).
- * @param ikm - Input keying material
- * @param info - Context/application-specific info string
- * @param salt - Optional salt (defaults to empty Uint8Array)
- * @param length - Output key length in bytes (default 32)
- */
-export declare function deriveKey(ikm: Uint8Array, info: string, salt?: Uint8Array, length?: number): Uint8Array;
-/**
- * Derive the complete set of subkeys from a master key.
- * Returns SecureBuffer-wrapped keys for:
- *   CEK (content), MEK (metadata), EEK (embedding), CKY (commit)
+ * Derive the four chaoskb subkeys from a master key via HKDF-SHA256.
+ *
+ * Info strings are chaoskb-specific and MUST NOT change — every encrypted
+ * blob on disk was bound to these labels at encrypt time, and changing them
+ * would mean no existing envelope could decrypt.
  */
 export declare function deriveKeySet(masterKey: Uint8Array, salt?: Uint8Array): DerivedKeySet;
 //# sourceMappingURL=hkdf.d.ts.map

package/dist/crypto/hkdf.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hkdf.d.ts","sourceRoot":"","sources":["../../crypto/hkdf.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAIhD;;;;;;GAMG;AACH,wBAAgB,SAAS,CACvB,GAAG,EAAE,UAAU,EACf,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,UAAU,EACjB,MAAM,CAAC,EAAE,MAAM,GACd,UAAU,CAGZ;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,UAAU,GAAG,aAAa,CAYpF"}
+{"version":3,"file":"hkdf.d.ts","sourceRoot":"","sources":["../../crypto/hkdf.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,qCAAqC,CAAC;AAEhE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGhD,OAAO,EAAE,SAAS,EAAE,CAAC;AAErB;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,UAAU,GAAG,aAAa,CAYpF"}

package/dist/crypto/hkdf.js

@@ -1,22 +1,13 @@
-import { hkdf } from '@noble/hashes/hkdf.js';
-import { sha256 } from '@noble/hashes/sha2.js';
-import { SecureBuffer } from './secure-buffer.js';
-const DEFAULT_KEY_LENGTH = 32;
+import { SecureBuffer } from '@de-otio/crypto-envelope';
+import { deriveKey } from '@de-otio/crypto-envelope/primitives';
+// Re-export `deriveKey` so callers that import it from this module keep working.
+export { deriveKey };
 /**
- * Derive a key using HKDF-SHA256 (Extract+Expand per RFC 5869).
- * @param ikm - Input keying material
- * @param info - Context/application-specific info string
- * @param salt - Optional salt (defaults to empty Uint8Array)
- * @param length - Output key length in bytes (default 32)
- */
-export function deriveKey(ikm, info, salt, length) {
-    const infoBytes = new TextEncoder().encode(info);
-    return hkdf(sha256, ikm, salt ?? new Uint8Array(0), infoBytes, length ?? DEFAULT_KEY_LENGTH);
-}
-/**
- * Derive the complete set of subkeys from a master key.
- * Returns SecureBuffer-wrapped keys for:
- *   CEK (content), MEK (metadata), EEK (embedding), CKY (commit)
+ * Derive the four chaoskb subkeys from a master key via HKDF-SHA256.
+ *
+ * Info strings are chaoskb-specific and MUST NOT change — every encrypted
+ * blob on disk was bound to these labels at encrypt time, and changing them
+ * would mean no existing envelope could decrypt.
  */
 export function deriveKeySet(masterKey, salt) {
     const cekBytes = deriveKey(masterKey, 'chaoskb-content', salt);

package/dist/crypto/hkdf.js.map

@@ -1 +1 @@
-{"version":3,"file":"hkdf.js","sourceRoot":"","sources":["../../crypto/hkdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAE9B;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CACvB,GAAe,EACf,IAAY,EACZ,IAAiB,EACjB,MAAe;IAEf,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACjD,OAAO,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,IAAI,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,IAAI,kBAAkB,CAAC,CAAC;AAC/F,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,SAAqB,EAAE,IAAiB;IACnE,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,iBAAiB,EAAE,IAAI,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,kBAAkB,EAAE,IAAI,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,mBAAmB,EAAE,IAAI,CAAC,CAAC;IACjE,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAC;IAE9D,OAAO;QACL,UAAU,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpD,WAAW,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrD,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtD,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;KACpD,CAAC;AACJ,CAAC"}
+{"version":3,"file":"hkdf.js","sourceRoot":"","sources":["../../crypto/hkdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,qCAAqC,CAAC;AAIhE,iFAAiF;AACjF,OAAO,EAAE,SAAS,EAAE,CAAC;AAErB;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,SAAqB,EAAE,IAAiB;IACnE,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,iBAAiB,EAAE,IAAI,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,kBAAkB,EAAE,IAAI,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,mBAAmB,EAAE,IAAI,CAAC,CAAC;IACjE,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAC;IAE9D,OAAO;QACL,UAAU,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpD,WAAW,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrD,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtD,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;KACpD,CAAC;AACJ,CAAC"}

package/dist/crypto/index.d.ts

@@ -1,15 +1,20 @@
+/**
+ * chaoskb crypto module — knowledge-base blob primitives.
+ *
+ * Key-lifecycle (master-key wrapping, tiers, project keys, invites,
+ * TOFU pinning) lives in `@de-otio/keyring`. Pre-existing re-exports
+ * of those modules have been removed.
+ */
 export * from './types.js';
-export { SecureBuffer } from './secure-buffer.js';
+export { SecureBuffer } from '@de-otio/crypto-envelope';
 export { canonicalJson } from './canonical-json.js';
 export { generateBlobId } from './blob-id.js';
 export { aeadEncrypt, aeadDecrypt } from './aead.js';
 export { deriveKey, deriveKeySet } from './hkdf.js';
-export { deriveFromPassphrase as argon2Derive } from './argon2.js';
+export { deriveFromPassphrase as argon2Derive } from '@de-otio/crypto-envelope/primitives';
 export { constructAAD } from './aad.js';
 export { computeCommitment, verifyCommitment } from './commitment.js';
 export { encryptPayload, decryptEnvelope } from './envelope.js';
 export { parseSSHPublicKey, ed25519ToX25519PublicKey, ed25519ToX25519SecretKey } from './ssh-keys.js';
 export { EncryptionService } from './encryption-service.js';
-export { KeyringService } from './keyring.js';
-export { createProjectKey, unwrapProjectKey } from './project-keys.js';
 //# sourceMappingURL=index.d.ts.map