@de-otio/chaoskb-client 0.3.6 → 0.3.8

package/dist/crypto/envelope-cbor.js

@@ -1,124 +1,7 @@
 /**
- * CBOR serialization for ChaosKB envelopes (v2 wire format).
- *
- * v2 envelopes store ciphertext and commitment as raw binary (Uint8Array)
- * instead of base64, saving ~33% size overhead on the ciphertext field.
- *
- * Backward compatibility: can read both v1 (JSON) and v2 (CBOR) envelopes.
+ * chaoskb's CBOR envelope helpers, aliased to the `@de-otio/crypto-envelope`
+ * implementations. Preserves the historical chaoskb names
+ * (`serializeEnvelopeCBOR`, `deserializeEnvelope`).
  */
-import { encode, decode } from 'cborg';
-/** CBOR tag used to identify ChaosKB envelopes (arbitrary, in private range). */
-const CHAOSKB_CBOR_MAGIC = new Uint8Array([0x43, 0x4b, 0x42]); // "CKB"
-/**
- * Serialize an envelope to CBOR binary format (v2).
- *
- * @param envelope - A v2 envelope with raw binary ct and commit.
- * @returns CBOR-encoded bytes.
- */
-export function serializeEnvelopeCBOR(envelope) {
-    const cborPayload = {
-        v: envelope.v,
-        id: envelope.id,
-        ts: envelope.ts,
-        enc: {
-            alg: envelope.enc.alg,
-            kid: envelope.enc.kid,
-            ct: envelope.enc.ct,
-            commit: envelope.enc.commit,
-        },
-    };
-    const cborBytes = encode(cborPayload);
-    // Prepend magic header so we can distinguish CBOR from JSON
-    const result = new Uint8Array(CHAOSKB_CBOR_MAGIC.length + cborBytes.length);
-    result.set(CHAOSKB_CBOR_MAGIC, 0);
-    result.set(cborBytes, CHAOSKB_CBOR_MAGIC.length);
-    return result;
-}
-/**
- * Deserialize bytes into an envelope, auto-detecting the format.
- *
- * - If bytes start with "CKB" magic header, decode as CBOR (v2)
- * - If bytes start with '{', decode as JSON (v1)
- *
- * @param bytes - Raw envelope bytes.
- * @returns Parsed envelope (v1 or v2).
- */
-export function deserializeEnvelope(bytes) {
-    // Check for CBOR magic header
-    if (bytes.length >= CHAOSKB_CBOR_MAGIC.length &&
-        bytes[0] === CHAOSKB_CBOR_MAGIC[0] &&
-        bytes[1] === CHAOSKB_CBOR_MAGIC[1] &&
-        bytes[2] === CHAOSKB_CBOR_MAGIC[2]) {
-        return deserializeCBOR(bytes.subarray(CHAOSKB_CBOR_MAGIC.length));
-    }
-    // Try JSON (v1)
-    return deserializeJSON(bytes);
-}
-/**
- * Decode CBOR bytes into a v2 envelope.
- */
-function deserializeCBOR(cborBytes) {
-    const parsed = decode(cborBytes);
-    if (parsed.v !== 2) {
-        throw new Error(`CBOR envelope has unexpected version: ${parsed.v}`);
-    }
-    return {
-        v: 2,
-        id: parsed.id,
-        ts: parsed.ts,
-        enc: {
-            alg: parsed.enc.alg,
-            kid: parsed.enc.kid,
-            ct: new Uint8Array(parsed.enc.ct),
-            commit: new Uint8Array(parsed.enc.commit),
-        },
-    };
-}
-/**
- * Decode JSON bytes into a v1 envelope.
- */
-function deserializeJSON(bytes) {
-    const json = new TextDecoder().decode(bytes);
-    const parsed = JSON.parse(json);
-    if (parsed.v !== 1) {
-        throw new Error(`JSON envelope has unexpected version: ${parsed.v}`);
-    }
-    return parsed;
-}
-/**
- * Convert a v1 (JSON) envelope to a v2 (CBOR) envelope.
- * Decodes base64 fields to raw binary.
- */
-export function upgradeToV2(v1) {
-    return {
-        v: 2,
-        id: v1.id,
-        ts: v1.ts,
-        enc: {
-            alg: v1.enc.alg,
-            kid: v1.enc.kid,
-            ct: new Uint8Array(Buffer.from(v1.enc.ct, 'base64')),
-            commit: new Uint8Array(Buffer.from(v1.enc.commit, 'base64')),
-        },
-    };
-}
-/**
- * Convert a v2 (CBOR) envelope back to v1 (JSON) format.
- * Encodes binary fields as base64.
- */
-export function downgradeToV1(v2) {
-    const ctBase64 = Buffer.from(v2.enc.ct).toString('base64');
-    return {
-        v: 1,
-        id: v2.id,
-        ts: v2.ts,
-        enc: {
-            alg: v2.enc.alg,
-            kid: v2.enc.kid,
-            ct: ctBase64,
-            'ct.len': v2.enc.ct.length,
-            commit: Buffer.from(v2.enc.commit).toString('base64'),
-        },
-    };
-}
+export { serializeV2 as serializeEnvelopeCBOR, deserialize as deserializeEnvelope, upgradeToV2, downgradeToV1, } from '@de-otio/crypto-envelope';
 //# sourceMappingURL=envelope-cbor.js.map

package/dist/crypto/envelope-cbor.js.map

@@ -1 +1 @@
-{"version":3,"file":"envelope-cbor.js","sourceRoot":"","sources":["../../crypto/envelope-cbor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAGvC,iFAAiF;AACjF,MAAM,kBAAkB,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ;AAEvE;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAoB;IACxD,MAAM,WAAW,GAAG;QAClB,CAAC,EAAE,QAAQ,CAAC,CAAC;QACb,EAAE,EAAE,QAAQ,CAAC,EAAE;QACf,EAAE,EAAE,QAAQ,CAAC,EAAE;QACf,GAAG,EAAE;YACH,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG;YACrB,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG;YACrB,EAAE,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE;YACnB,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,MAAM;SAC5B;KACF,CAAC;IAEF,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;IAEtC,4DAA4D;IAC5D,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,kBAAkB,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC5E,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC;IAClC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAEjD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAiB;IACnD,8BAA8B;IAC9B,IACE,KAAK,CAAC,MAAM,IAAI,kBAAkB,CAAC,MAAM;QACzC,KAAK,CAAC,CAAC,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC;QAClC,KAAK,CAAC,CAAC,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC;QAClC,KAAK,CAAC,CAAC,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC,EAClC,CAAC;QACD,OAAO,eAAe,CAAC,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,gBAAgB;IAChB,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,SAAqB;IAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAU9B,CAAC;IAEF,IAAI,MAAM,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,yCAAyC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,OAAO;QACL,CAAC,EAAE,CAAC;QACJ,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,GAAG,EAAE;YACH,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAA+B;YAC/C,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAA+B;YAC/C,EAAE,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;SAC1C;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,KAAiB;IACxC,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAa,CAAC;IAE5C,IAAI,MAAM,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,yCAAyC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,EAAY;IACtC,OAAO;QACL,CAAC,EAAE,CAAC;QACJ,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,GAAG,EAAE;YACH,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG;YACf,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG;YACf,EAAE,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;YACpD,MAAM,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;SAC7D;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,EAAc;IAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3D,OAAO;QACL,CAAC,EAAE,CAAC;QACJ,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,GAAG,EAAE;YACH,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG;YACf,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG;YACf,EAAE,EAAE,QAAQ;YACZ,QAAQ,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM;YAC1B,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;SACtD;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"envelope-cbor.js","sourceRoot":"","sources":["../../crypto/envelope-cbor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EACL,WAAW,IAAI,qBAAqB,EACpC,WAAW,IAAI,mBAAmB,EAClC,WAAW,EACX,aAAa,GACd,MAAM,0BAA0B,CAAC"}

package/dist/crypto/envelope.d.ts

@@ -1,34 +1,4 @@
-import type { DerivedKeySet, DecryptResult, EncryptResult, Envelope, KeyId, Payload } from './types.js';
-/**
- * Encrypt a payload into an envelope (v1).
- *
- * Steps per the envelope spec:
- *  1. Serialize payload to canonical JSON, convert to UTF-8 bytes
- *  2. Generate blob ID
- *  3. Select key by kid (default CEK)
- *  4. Construct AAD
- *  5. Encrypt with AEAD
- *  6. Concatenate: rawCt = nonce || ciphertext || tag
- *  7. Compute commitment: HMAC-SHA256(commitKey, blobId || rawCt)
- *  8. Verify-after-encrypt: decrypt rawCt, compare with original plaintext
- *  9. Base64-encode ct and commit
- * 10. Assemble Envelope object
- * 11. Return EncryptResult with envelope and serialized JSON bytes
- */
+import type { DecryptResult, DerivedKeySet, EncryptResult, Envelope, KeyId, Payload } from './types.js';
 export declare function encryptPayload(payload: Payload, keys: DerivedKeySet, kid?: KeyId): EncryptResult;
-/**
- * Decrypt an envelope into a payload.
- *
- * Steps per the envelope spec:
- *  1. Check v == 1
- *  2. Base64-decode ct
- *  3. Verify ct.len matches decoded length
- *  4. Verify key commitment
- *  5. Construct AAD
- *  6. Split rawCt into nonce, ciphertext, tag
- *  7. Decrypt
- *  8. Parse plaintext as JSON, validate type field
- *  9. Return DecryptResult
- */
 export declare function decryptEnvelope(envelope: Envelope, keys: DerivedKeySet): DecryptResult;
 //# sourceMappingURL=envelope.d.ts.map

package/dist/crypto/envelope.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"envelope.d.ts","sourceRoot":"","sources":["../../crypto/envelope.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAEV,aAAa,EACb,aAAa,EACb,aAAa,EACb,QAAQ,EACR,KAAK,EACL,OAAO,EACR,MAAM,YAAY,CAAC;AAwBpB;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,aAAa,EACnB,GAAG,GAAE,KAAa,GACjB,aAAa,CA0Df;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,GAAG,aAAa,CA0DtF"}
+{"version":3,"file":"envelope.d.ts","sourceRoot":"","sources":["../../crypto/envelope.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,aAAa,EACb,aAAa,EACb,aAAa,EACb,QAAQ,EACR,KAAK,EACL,OAAO,EACR,MAAM,YAAY,CAAC;AA0BpB,wBAAgB,cAAc,CAC5B,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,aAAa,EACnB,GAAG,GAAE,KAAa,GACjB,aAAa,CAUf;AASD,wBAAgB,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,GAAG,aAAa,CAmBtF"}

package/dist/crypto/envelope.js

@@ -1,16 +1,11 @@
-import * as crypto from 'node:crypto';
-import { aeadDecrypt, aeadEncrypt } from './aead.js';
-import { constructAAD } from './aad.js';
-import { generateBlobId } from './blob-id.js';
-import { canonicalJson } from './canonical-json.js';
-import { computeCommitment, verifyCommitment } from './commitment.js';
-// Algorithm parameters: nonce size and tag size
-const ALG_PARAMS = {
-    'XChaCha20-Poly1305': { nonceSize: 24, tagSize: 16 },
-    'AES-256-GCM': { nonceSize: 12, tagSize: 16 },
-};
+import { decryptV1, encryptV1 } from '@de-otio/crypto-envelope';
 /**
- * Look up the encryption key for a given key identifier.
+ * chaoskb's envelope API, adapted to delegate to `@de-otio/crypto-envelope`.
+ *
+ * The package takes explicit `cek` and `commitKey` bytes; chaoskb's callers
+ * still pass a `DerivedKeySet` and a `KeyId`, so this adapter unpacks the
+ * right key by `kid` and validates the chaoskb-specific payload type on
+ * decrypt.
  */
 function getKey(keys, kid) {
     switch (kid) {
@@ -20,137 +15,36 @@ function getKey(keys, kid) {
             return new Uint8Array(keys.metadataKey.buffer);
         case 'EEK':
             return new Uint8Array(keys.embeddingKey.buffer);
-        default:
-            throw new Error(`Unknown key identifier: ${kid}`);
+        default: {
+            const _exhaustive = kid;
+            throw new Error(`Unknown key identifier: ${_exhaustive}`);
+        }
     }
 }
-/**
- * Encrypt a payload into an envelope (v1).
- *
- * Steps per the envelope spec:
- *  1. Serialize payload to canonical JSON, convert to UTF-8 bytes
- *  2. Generate blob ID
- *  3. Select key by kid (default CEK)
- *  4. Construct AAD
- *  5. Encrypt with AEAD
- *  6. Concatenate: rawCt = nonce || ciphertext || tag
- *  7. Compute commitment: HMAC-SHA256(commitKey, blobId || rawCt)
- *  8. Verify-after-encrypt: decrypt rawCt, compare with original plaintext
- *  9. Base64-encode ct and commit
- * 10. Assemble Envelope object
- * 11. Return EncryptResult with envelope and serialized JSON bytes
- */
 export function encryptPayload(payload, keys, kid = 'CEK') {
-    const alg = 'XChaCha20-Poly1305';
-    // 1. Serialize to canonical JSON
-    const json = canonicalJson(payload);
-    const plaintextBytes = new TextEncoder().encode(json);
-    // 2. Generate blob ID
-    const blobId = generateBlobId();
-    // 3. Select encryption key
-    const encKey = getKey(keys, kid);
-    // 4. Construct AAD
-    const aad = constructAAD(alg, blobId, kid, 1);
-    // 5. Encrypt
-    const { nonce, ciphertext, tag } = aeadEncrypt(encKey, plaintextBytes, aad);
-    // 6. Concatenate: rawCt = nonce || ciphertext || tag
-    const rawCt = new Uint8Array(nonce.length + ciphertext.length + tag.length);
-    rawCt.set(nonce, 0);
-    rawCt.set(ciphertext, nonce.length);
-    rawCt.set(tag, nonce.length + ciphertext.length);
-    // 7. Compute key commitment
-    const commitKey = new Uint8Array(keys.commitKey.buffer);
-    const commitment = computeCommitment(commitKey, blobId, rawCt);
-    // 8. Verify-after-encrypt: decrypt and compare
-    const recovered = aeadDecrypt(encKey, nonce, ciphertext, tag, aad);
-    if (!constantTimeEqual(recovered, plaintextBytes)) {
-        throw new Error('Verify-after-encrypt failed: decrypted plaintext does not match original');
-    }
-    // 9. Base64-encode
-    const ctBase64 = Buffer.from(rawCt).toString('base64');
-    const commitBase64 = Buffer.from(commitment).toString('base64');
-    // 10. Assemble envelope
-    const envelope = {
-        v: 1,
-        id: blobId,
-        ts: new Date().toISOString(),
-        enc: {
-            alg,
-            kid,
-            ct: ctBase64,
-            'ct.len': rawCt.length,
-            commit: commitBase64,
-        },
-    };
-    // 11. Serialize envelope to bytes
-    const envelopeJson = JSON.stringify(envelope);
-    const bytes = new TextEncoder().encode(envelopeJson);
+    const envelope = encryptV1({
+        payload: payload,
+        cek: getKey(keys, kid),
+        commitKey: new Uint8Array(keys.commitKey.buffer),
+        kid,
+    });
+    const bytes = new TextEncoder().encode(JSON.stringify(envelope));
     return { envelope, bytes };
 }
-/**
- * Decrypt an envelope into a payload.
- *
- * Steps per the envelope spec:
- *  1. Check v == 1
- *  2. Base64-decode ct
- *  3. Verify ct.len matches decoded length
- *  4. Verify key commitment
- *  5. Construct AAD
- *  6. Split rawCt into nonce, ciphertext, tag
- *  7. Decrypt
- *  8. Parse plaintext as JSON, validate type field
- *  9. Return DecryptResult
- */
-export function decryptEnvelope(envelope, keys) {
-    // 1. Check version
-    if (envelope.v !== 1) {
-        throw new Error(`Unsupported envelope version: ${envelope.v}. Please update the app.`);
-    }
-    const alg = envelope.enc.alg;
-    const params = ALG_PARAMS[alg];
-    if (!params) {
-        throw new Error(`Unsupported algorithm: ${alg}`);
-    }
-    // 2. Base64-decode ct
-    const rawCt = new Uint8Array(Buffer.from(envelope.enc.ct, 'base64'));
-    // Verify minimum length
-    const minLength = params.nonceSize + params.tagSize + 1;
-    if (rawCt.length < minLength) {
-        throw new Error(`Truncated ciphertext: expected at least ${minLength} bytes, got ${rawCt.length}`);
-    }
-    // 3. Verify ct.len
-    if (envelope.enc['ct.len'] !== undefined && rawCt.length !== envelope.enc['ct.len']) {
-        throw new Error(`Ciphertext length mismatch: ct.len=${envelope.enc['ct.len']}, actual=${rawCt.length}`);
+function toKeyId(kid) {
+    if (kid === 'CEK' || kid === 'MEK' || kid === 'EEK') {
+        return kid;
     }
-    // 4. Verify key commitment
-    const commitKey = new Uint8Array(keys.commitKey.buffer);
-    const expectedCommit = new Uint8Array(Buffer.from(envelope.enc.commit, 'base64'));
-    if (!verifyCommitment(commitKey, envelope.id, rawCt, expectedCommit)) {
-        throw new Error('Key commitment verification failed');
-    }
-    // 5. Construct AAD
-    const aad = constructAAD(alg, envelope.id, envelope.enc.kid, envelope.v);
-    // 6. Split rawCt into nonce, ciphertext, tag
-    const nonce = rawCt.slice(0, params.nonceSize);
-    const ciphertext = rawCt.slice(params.nonceSize, rawCt.length - params.tagSize);
-    const tag = rawCt.slice(rawCt.length - params.tagSize);
-    // 7. Decrypt
-    const encKey = getKey(keys, envelope.enc.kid);
-    const plaintext = aeadDecrypt(encKey, nonce, ciphertext, tag, aad);
-    // 8. Parse plaintext as JSON
-    const json = new TextDecoder().decode(plaintext);
-    const payload = JSON.parse(json);
-    // Validate type field exists
-    if (!payload.type || !['source', 'chunk', 'canary'].includes(payload.type)) {
-        throw new Error(`Invalid payload type: ${payload.type}`);
-    }
-    // 9. Return result
-    return { payload, envelope };
+    throw new Error(`Unknown key identifier: ${kid}`);
 }
-function constantTimeEqual(a, b) {
-    if (a.length !== b.length) {
-        return false;
-    }
-    return crypto.timingSafeEqual(a, b);
+export function decryptEnvelope(envelope, keys) {
+    const plaintext = decryptV1(envelope, getKey(keys, toKeyId(envelope.enc.kid)), new Uint8Array(keys.commitKey.buffer));
+    // chaoskb-specific payload-type validation — the generic envelope
+    // package doesn't know which payload shapes chaoskb considers valid.
+    if (!plaintext.type ||
+        !['source', 'chunk', 'canary'].includes(plaintext.type)) {
+        throw new Error(`Invalid payload type: ${plaintext.type}`);
+    }
+    return { payload: plaintext, envelope };
 }
 //# sourceMappingURL=envelope.js.map

package/dist/crypto/envelope.js.map

@@ -1 +1 @@
-{"version":3,"file":"envelope.js","sourceRoot":"","sources":["../../crypto/envelope.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAWtE,gDAAgD;AAChD,MAAM,UAAU,GAA8D;IAC5E,oBAAoB,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;IACpD,aAAa,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;CAC9C,CAAC;AAEF;;GAEG;AACH,SAAS,MAAM,CAAC,IAAmB,EAAE,GAAU;IAC7C,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,KAAK;YACR,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAChD,KAAK,KAAK;YACR,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACjD,KAAK,KAAK;YACR,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAClD;YACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,cAAc,CAC5B,OAAgB,EAChB,IAAmB,EACnB,MAAa,KAAK;IAElB,MAAM,GAAG,GAAc,oBAAoB,CAAC;IAE5C,iCAAiC;IACjC,MAAM,IAAI,GAAG,aAAa,CAAC,OAA6C,CAAC,CAAC;IAC1E,MAAM,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAEtD,sBAAsB;IACtB,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAEhC,2BAA2B;IAC3B,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAEjC,mBAAmB;IACnB,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IAE9C,aAAa;IACb,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,WAAW,CAAC,MAAM,EAAE,cAAc,EAAE,GAAG,CAAC,CAAC;IAE5E,qDAAqD;IACrD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5E,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACpB,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACpC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAEjD,4BAA4B;IAC5B,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACxD,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAE/D,+CAA+C;IAC/C,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACnE,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IAED,mBAAmB;IACnB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEhE,wBAAwB;IACxB,MAAM,QAAQ,GAAa;QACzB,CAAC,EAAE,CAAC;QACJ,EAAE,EAAE,MAAM;QACV,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,GAAG,EAAE;YACH,GAAG;YACH,GAAG;YACH,EAAE,EAAE,QAAQ;YACZ,QAAQ,EAAE,KAAK,CAAC,MAAM;YACtB,MAAM,EAAE,YAAY;SACrB;KACF,CAAC;IAEF,kCAAkC;IAClC,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAErD,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AAC7B,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,eAAe,CAAC,QAAkB,EAAE,IAAmB;IACrE,mBAAmB;IACnB,IAAI,QAAQ,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,CAAC,CAAC,0BAA0B,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;IAC7B,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,sBAAsB;IACtB,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAC;IAErE,wBAAwB;IACxB,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,OAAO,GAAG,CAAC,CAAC;IACxD,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,2CAA2C,SAAS,eAAe,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACrG,CAAC;IAED,mBAAmB;IACnB,IAAI,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpF,MAAM,IAAI,KAAK,CACb,sCAAsC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,KAAK,CAAC,MAAM,EAAE,CACvF,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACxD,MAAM,cAAc,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClF,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,EAAE,KAAK,EAAE,cAAc,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,mBAAmB;IACnB,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;IAEzE,6CAA6C;IAC7C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IAChF,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IAEvD,aAAa;IACb,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IAEnE,6BAA6B;IAC7B,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAY,CAAC;IAE5C,6BAA6B;IAC7B,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,yBAA0B,OAA8C,CAAC,IAAI,EAAE,CAAC,CAAC;IACnG,CAAC;IAED,mBAAmB;IACnB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;AAC/B,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAa,EAAE,CAAa;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACtC,CAAC"}
+{"version":3,"file":"envelope.js","sourceRoot":"","sources":["../../crypto/envelope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AAUhE;;;;;;;GAOG;AAEH,SAAS,MAAM,CAAC,IAAmB,EAAE,GAAU;IAC7C,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,KAAK;YACR,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAChD,KAAK,KAAK;YACR,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACjD,KAAK,KAAK;YACR,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAClD,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,WAAW,GAAU,GAAG,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,2BAA2B,WAAW,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,OAAgB,EAChB,IAAmB,EACnB,MAAa,KAAK;IAElB,MAAM,QAAQ,GAAG,SAAS,CAAC;QACzB,OAAO,EAAE,OAA6C;QACtD,GAAG,EAAE,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC;QACtB,SAAS,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;QAChD,GAAG;KACJ,CAAa,CAAC;IAEf,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IACjE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AAC7B,CAAC;AAED,SAAS,OAAO,CAAC,GAAW;IAC1B,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QACpD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,EAAE,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,QAAkB,EAAE,IAAmB;IACrE,MAAM,SAAS,GAAG,SAAS,CACzB,QAAQ,EACR,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EACvC,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAChB,CAAC;IAExB,kEAAkE;IAClE,qEAAqE;IACrE,IACE,CAAC,SAAS,CAAC,IAAI;QACf,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,EACvD,CAAC;QACD,MAAM,IAAI,KAAK,CACb,yBAA0B,SAAgD,CAAC,IAAI,EAAE,CAClF,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AAC1C,CAAC"}

package/dist/crypto/hkdf.d.ts

@@ -1,16 +1,12 @@
+import { deriveKey } from '@de-otio/crypto-envelope/primitives';
 import type { DerivedKeySet } from './types.js';
+export { deriveKey };
 /**
- * Derive a key using HKDF-SHA256 (Extract+Expand per RFC 5869).
- * @param ikm - Input keying material
- * @param info - Context/application-specific info string
- * @param salt - Optional salt (defaults to empty Uint8Array)
- * @param length - Output key length in bytes (default 32)
- */
-export declare function deriveKey(ikm: Uint8Array, info: string, salt?: Uint8Array, length?: number): Uint8Array;
-/**
- * Derive the complete set of subkeys from a master key.
- * Returns SecureBuffer-wrapped keys for:
- *   CEK (content), MEK (metadata), EEK (embedding), CKY (commit)
+ * Derive the four chaoskb subkeys from a master key via HKDF-SHA256.
+ *
+ * Info strings are chaoskb-specific and MUST NOT change — every encrypted
+ * blob on disk was bound to these labels at encrypt time, and changing them
+ * would mean no existing envelope could decrypt.
  */
 export declare function deriveKeySet(masterKey: Uint8Array, salt?: Uint8Array): DerivedKeySet;
 //# sourceMappingURL=hkdf.d.ts.map

package/dist/crypto/hkdf.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hkdf.d.ts","sourceRoot":"","sources":["../../crypto/hkdf.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAIhD;;;;;;GAMG;AACH,wBAAgB,SAAS,CACvB,GAAG,EAAE,UAAU,EACf,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,UAAU,EACjB,MAAM,CAAC,EAAE,MAAM,GACd,UAAU,CAGZ;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,UAAU,GAAG,aAAa,CAYpF"}
+{"version":3,"file":"hkdf.d.ts","sourceRoot":"","sources":["../../crypto/hkdf.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,qCAAqC,CAAC;AAEhE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGhD,OAAO,EAAE,SAAS,EAAE,CAAC;AAErB;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,UAAU,GAAG,aAAa,CAYpF"}

package/dist/crypto/hkdf.js

@@ -1,22 +1,13 @@
-import { hkdf } from '@noble/hashes/hkdf.js';
-import { sha256 } from '@noble/hashes/sha2.js';
-import { SecureBuffer } from './secure-buffer.js';
-const DEFAULT_KEY_LENGTH = 32;
+import { SecureBuffer } from '@de-otio/crypto-envelope';
+import { deriveKey } from '@de-otio/crypto-envelope/primitives';
+// Re-export `deriveKey` so callers that import it from this module keep working.
+export { deriveKey };
 /**
- * Derive a key using HKDF-SHA256 (Extract+Expand per RFC 5869).
- * @param ikm - Input keying material
- * @param info - Context/application-specific info string
- * @param salt - Optional salt (defaults to empty Uint8Array)
- * @param length - Output key length in bytes (default 32)
- */
-export function deriveKey(ikm, info, salt, length) {
-    const infoBytes = new TextEncoder().encode(info);
-    return hkdf(sha256, ikm, salt ?? new Uint8Array(0), infoBytes, length ?? DEFAULT_KEY_LENGTH);
-}
-/**
- * Derive the complete set of subkeys from a master key.
- * Returns SecureBuffer-wrapped keys for:
- *   CEK (content), MEK (metadata), EEK (embedding), CKY (commit)
+ * Derive the four chaoskb subkeys from a master key via HKDF-SHA256.
+ *
+ * Info strings are chaoskb-specific and MUST NOT change — every encrypted
+ * blob on disk was bound to these labels at encrypt time, and changing them
+ * would mean no existing envelope could decrypt.
  */
 export function deriveKeySet(masterKey, salt) {
     const cekBytes = deriveKey(masterKey, 'chaoskb-content', salt);

package/dist/crypto/hkdf.js.map

@@ -1 +1 @@
-{"version":3,"file":"hkdf.js","sourceRoot":"","sources":["../../crypto/hkdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAE9B;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CACvB,GAAe,EACf,IAAY,EACZ,IAAiB,EACjB,MAAe;IAEf,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACjD,OAAO,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,IAAI,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,IAAI,kBAAkB,CAAC,CAAC;AAC/F,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,SAAqB,EAAE,IAAiB;IACnE,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,iBAAiB,EAAE,IAAI,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,kBAAkB,EAAE,IAAI,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,mBAAmB,EAAE,IAAI,CAAC,CAAC;IACjE,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAC;IAE9D,OAAO;QACL,UAAU,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpD,WAAW,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrD,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtD,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;KACpD,CAAC;AACJ,CAAC"}
+{"version":3,"file":"hkdf.js","sourceRoot":"","sources":["../../crypto/hkdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,qCAAqC,CAAC;AAIhE,iFAAiF;AACjF,OAAO,EAAE,SAAS,EAAE,CAAC;AAErB;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,SAAqB,EAAE,IAAiB;IACnE,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,iBAAiB,EAAE,IAAI,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,kBAAkB,EAAE,IAAI,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,mBAAmB,EAAE,IAAI,CAAC,CAAC;IACjE,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAC;IAE9D,OAAO;QACL,UAAU,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpD,WAAW,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrD,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtD,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;KACpD,CAAC;AACJ,CAAC"}

package/dist/crypto/index.d.ts

@@ -1,15 +1,20 @@
+/**
+ * chaoskb crypto module — knowledge-base blob primitives.
+ *
+ * Key-lifecycle (master-key wrapping, tiers, project keys, invites,
+ * TOFU pinning) lives in `@de-otio/keyring`. Pre-existing re-exports
+ * of those modules have been removed.
+ */
 export * from './types.js';
-export { SecureBuffer } from './secure-buffer.js';
+export { SecureBuffer } from '@de-otio/crypto-envelope';
 export { canonicalJson } from './canonical-json.js';
 export { generateBlobId } from './blob-id.js';
 export { aeadEncrypt, aeadDecrypt } from './aead.js';
 export { deriveKey, deriveKeySet } from './hkdf.js';
-export { deriveFromPassphrase as argon2Derive } from './argon2.js';
+export { deriveFromPassphrase as argon2Derive } from '@de-otio/crypto-envelope/primitives';
 export { constructAAD } from './aad.js';
 export { computeCommitment, verifyCommitment } from './commitment.js';
 export { encryptPayload, decryptEnvelope } from './envelope.js';
 export { parseSSHPublicKey, ed25519ToX25519PublicKey, ed25519ToX25519SecretKey } from './ssh-keys.js';
 export { EncryptionService } from './encryption-service.js';
-export { KeyringService } from './keyring.js';
-export { createProjectKey, unwrapProjectKey } from './project-keys.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/crypto/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../crypto/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,EAAE,oBAAoB,IAAI,YAAY,EAAE,MAAM,aAAa,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,MAAM,eAAe,CAAC;AACtG,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../crypto/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,EAAE,oBAAoB,IAAI,YAAY,EAAE,MAAM,qCAAqC,CAAC;AAC3F,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,MAAM,eAAe,CAAC;AACtG,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/crypto/index.js

@@ -1,15 +1,20 @@
+/**
+ * chaoskb crypto module — knowledge-base blob primitives.
+ *
+ * Key-lifecycle (master-key wrapping, tiers, project keys, invites,
+ * TOFU pinning) lives in `@de-otio/keyring`. Pre-existing re-exports
+ * of those modules have been removed.
+ */
 export * from './types.js';
-export { SecureBuffer } from './secure-buffer.js';
+export { SecureBuffer } from '@de-otio/crypto-envelope';
 export { canonicalJson } from './canonical-json.js';
 export { generateBlobId } from './blob-id.js';
 export { aeadEncrypt, aeadDecrypt } from './aead.js';
 export { deriveKey, deriveKeySet } from './hkdf.js';
-export { deriveFromPassphrase as argon2Derive } from './argon2.js';
+export { deriveFromPassphrase as argon2Derive } from '@de-otio/crypto-envelope/primitives';
 export { constructAAD } from './aad.js';
 export { computeCommitment, verifyCommitment } from './commitment.js';
 export { encryptPayload, decryptEnvelope } from './envelope.js';
 export { parseSSHPublicKey, ed25519ToX25519PublicKey, ed25519ToX25519SecretKey } from './ssh-keys.js';
 export { EncryptionService } from './encryption-service.js';
-export { KeyringService } from './keyring.js';
-export { createProjectKey, unwrapProjectKey } from './project-keys.js';
 //# sourceMappingURL=index.js.map

package/dist/crypto/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../crypto/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,EAAE,oBAAoB,IAAI,YAAY,EAAE,MAAM,aAAa,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,MAAM,eAAe,CAAC;AACtG,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../crypto/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,EAAE,oBAAoB,IAAI,YAAY,EAAE,MAAM,qCAAqC,CAAC;AAC3F,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,MAAM,eAAe,CAAC;AACtG,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/crypto/ssh-keys.d.ts

@@ -1,19 +1,26 @@
-import type { SSHKeyInfo } from './types.js';
 /**
- * Parse an OpenSSH public key from authorized_keys / .pub file format.
- * Supports ssh-ed25519 and ssh-rsa key types.
+ * SSH key helpers — thin re-exports over `@de-otio/keyring`'s
+ * canonical implementations. Kept so existing chaoskb imports
+ * (`parseSSHPublicKey`, `ed25519ToX25519*`) continue to work.
  *
- * Format: <key-type> <base64-blob> [comment]
+ * New code should import directly from `@de-otio/keyring`.
  */
+import { sshFingerprint, type SshKeyType } from '@de-otio/keyring';
+import type { SSHKeyInfo } from './types.js';
+/** Back-compat alias for `parseSshPublicKey`. */
 export declare function parseSSHPublicKey(keyString: string): SSHKeyInfo;
-/**
- * Convert an Ed25519 public key to X25519 (Curve25519) public key.
- * Uses sodium crypto_sign_ed25519_pk_to_curve25519.
- */
+export { sshFingerprint };
+export type { SshKeyType };
+/** Convert an Ed25519 public key to X25519 (Curve25519). */
 export declare function ed25519ToX25519PublicKey(ed25519PublicKey: Uint8Array): Uint8Array;
 /**
- * Convert an Ed25519 secret key to X25519 (Curve25519) secret key.
- * Uses sodium crypto_sign_ed25519_sk_to_curve25519.
+ * Convert an Ed25519 secret key to X25519 secret key.
+ *
+ * Note: keyring's canonical implementation returns an `ISecureBuffer`
+ * (design-review B5 fix). For back-compat with the old chaoskb signature
+ * we copy the bytes into a plain `Uint8Array` and dispose the secure
+ * handle. Callers that want the secure-buffer form should import from
+ * `@de-otio/keyring` directly.
  */
 export declare function ed25519ToX25519SecretKey(ed25519SecretKey: Uint8Array): Uint8Array;
 //# sourceMappingURL=ssh-keys.d.ts.map

package/dist/crypto/ssh-keys.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ssh-keys.d.ts","sourceRoot":"","sources":["../../crypto/ssh-keys.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAc,MAAM,YAAY,CAAC;AAEzD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,CAqC/D;AAkED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,gBAAgB,EAAE,UAAU,GAAG,UAAU,CAKjF;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,gBAAgB,EAAE,UAAU,GAAG,UAAU,CAMjF"}
+{"version":3,"file":"ssh-keys.d.ts","sourceRoot":"","sources":["../../crypto/ssh-keys.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EAEL,cAAc,EAGd,KAAK,UAAU,EAEhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,UAAU,EAAc,MAAM,YAAY,CAAC;AAEzD,iDAAiD;AACjD,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,CAQ/D;AAED,OAAO,EAAE,cAAc,EAAE,CAAC;AAC1B,YAAY,EAAE,UAAU,EAAE,CAAC;AAE3B,4DAA4D;AAC5D,wBAAgB,wBAAwB,CAAC,gBAAgB,EAAE,UAAU,GAAG,UAAU,CAEjF;AAED;;;;;;;;GAQG;AACH,wBAAgB,wBAAwB,CAAC,gBAAgB,EAAE,UAAU,GAAG,UAAU,CAOjF"}