@did-btcr2/api 0.3.0 → 0.4.0

package/dist/cjs/index.js

@@ -1,14 +1,2239 @@
-// Upstream re-exports
-export { DidDocument, DidDocumentBuilder, Identifier } from '@did-btcr2/method';
-export { IdentifierTypes } from '@did-btcr2/common';
-// Local modules
-export * from './types.js';
-export * from './helpers.js';
-export * from './bitcoin.js';
-export * from './cas.js';
-export * from './kms.js';
-export * from './crypto.js';
-export * from './did.js';
-export * from './method.js';
-export * from './api.js';
-//# sourceMappingURL=index.js.map
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from3, except, desc) => {
+  if (from3 && typeof from3 === "object" || typeof from3 === "function") {
+    for (let key of __getOwnPropNames(from3))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from3[key], enumerable: !(desc = __getOwnPropDesc(from3, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  BitcoinApi: () => BitcoinApi,
+  CasApi: () => CasApi,
+  CryptoApi: () => CryptoApi,
+  CryptosuiteApi: () => CryptosuiteApi,
+  DataIntegrityProofApi: () => DataIntegrityProofApi,
+  DidApi: () => DidApi,
+  DidBtcr2Api: () => DidBtcr2Api,
+  DidDocument: () => import_method4.DidDocument,
+  DidDocumentBuilder: () => import_method4.DidDocumentBuilder,
+  DidMethodApi: () => DidMethodApi,
+  Identifier: () => import_method4.Identifier,
+  IdentifierTypes: () => import_common4.IdentifierTypes,
+  IpfsCasExecutor: () => IpfsCasExecutor,
+  KeyManagerApi: () => KeyManagerApi,
+  KeyPairApi: () => KeyPairApi,
+  MultikeyApi: () => MultikeyApi,
+  NOOP_LOGGER: () => NOOP_LOGGER,
+  UpdateBuilder: () => UpdateBuilder,
+  assertBytes: () => assertBytes,
+  assertCompressedPubkey: () => assertCompressedPubkey,
+  assertString: () => assertString,
+  createApi: () => createApi
+});
+module.exports = __toCommonJS(index_exports);
+var import_method4 = require("@did-btcr2/method");
+var import_common4 = require("@did-btcr2/common");
+
+// src/helpers.ts
+var noopFn = () => {
+};
+var NOOP_LOGGER = {
+  debug: noopFn,
+  info: noopFn,
+  warn: noopFn,
+  error: noopFn
+};
+function assertString(value, name) {
+  if (typeof value !== "string" || value.length === 0) {
+    throw new Error(`${name} must be a non-empty string.`);
+  }
+}
+function assertBytes(value, name) {
+  if (!(value instanceof Uint8Array) || value.length === 0) {
+    throw new Error(`${name} must be a non-empty Uint8Array.`);
+  }
+}
+function assertCompressedPubkey(value, name) {
+  assertBytes(value, name);
+  if (value.length !== 33) {
+    throw new Error(
+      `${name} must be a 33-byte compressed public key, got ${value.length} bytes.`
+    );
+  }
+}
+
+// src/bitcoin.ts
+var import_bitcoin = require("@did-btcr2/bitcoin");
+var BitcoinApi = class {
+  /** The underlying BitcoinConnection used for all operations. */
+  connection;
+  /** REST client for the active network. */
+  get rest() {
+    return this.connection.rest;
+  }
+  /**
+   * RPC client for the active network, or `undefined` if not configured.
+   * Use {@link requireRpc} when RPC is expected to be available.
+   */
+  get rpc() {
+    return this.connection.rpc;
+  }
+  /** Whether an RPC client is available for this network. */
+  get hasRpc() {
+    return this.connection.rpc !== void 0;
+  }
+  /**
+   * RPC client for the active network.
+   * @throws {Error} If RPC was not configured for this network.
+   */
+  requireRpc() {
+    const client = this.connection.rpc;
+    if (!client) {
+      throw new Error(
+        "RPC client not configured. Pass an rpc config when creating the BitcoinApi, e.g.: { network: 'regtest', rpc: { host: 'http://localhost:18443', username: 'u', password: 'p' } }"
+      );
+    }
+    return client;
+  }
+  /**
+   * Create a BitcoinApi for a specific network with optional endpoint overrides.
+   * Uses BitcoinConnection.forNetwork() — no env vars consulted.
+   * @param cfg The network and optional REST/RPC overrides.
+   */
+  constructor(cfg) {
+    let executor = cfg.executor;
+    if (!executor && cfg.timeoutMs !== void 0) {
+      const ms = cfg.timeoutMs;
+      executor = (req) => fetch(req.url, {
+        method: req.method,
+        headers: req.headers,
+        body: req.body,
+        signal: AbortSignal.timeout(ms)
+      });
+    }
+    this.connection = import_bitcoin.BitcoinConnection.forNetwork(cfg.network, {
+      rest: cfg.rest,
+      rpc: cfg.rpc,
+      executor
+    });
+  }
+  /**
+   * Fetch a transaction by txid via REST.
+   * @param txid The transaction ID (64-character hex string).
+   * @returns The fetched transaction.
+   */
+  async getTransaction(txid) {
+    assertString(txid, "txid");
+    return await this.rest.transaction.get(txid);
+  }
+  /**
+   * Broadcast a raw tx (hex) via REST.
+   * @param rawTxHex The raw transaction hex string.
+   */
+  async send(rawTxHex) {
+    assertString(rawTxHex, "rawTxHex");
+    return await this.rest.transaction.send(rawTxHex);
+  }
+  /**
+   * Get UTXOs for an address via REST.
+   * @param address The Bitcoin address.
+   */
+  async getUtxos(address) {
+    assertString(address, "address");
+    return await this.rest.address.getUtxos(address);
+  }
+  /**
+   * Get a block by hash or height via REST.
+   * @param params Block identifier — at least one of `hash` or `height` is required.
+   */
+  async getBlock(params) {
+    if (!params.hash && params.height === void 0) {
+      throw new Error("getBlock requires at least one of hash or height.");
+    }
+    return await this.rest.block.get({ blockhash: params.hash, height: params.height });
+  }
+  /** Convert BTC to satoshis (integer-safe string-split arithmetic). */
+  static btcToSats(btc) {
+    return import_bitcoin.BitcoinConnection.btcToSats(btc);
+  }
+  /** Convert satoshis to BTC (integer-safe string-split arithmetic). */
+  static satsToBtc(sats) {
+    return import_bitcoin.BitcoinConnection.satsToBtc(sats);
+  }
+};
+
+// src/cas.ts
+var import_common = require("@did-btcr2/common");
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/bytes.js
+var empty = new Uint8Array(0);
+function equals(aa, bb) {
+  if (aa === bb) {
+    return true;
+  }
+  if (aa.byteLength !== bb.byteLength) {
+    return false;
+  }
+  for (let ii = 0; ii < aa.byteLength; ii++) {
+    if (aa[ii] !== bb[ii]) {
+      return false;
+    }
+  }
+  return true;
+}
+function coerce(o) {
+  if (o instanceof Uint8Array && o.constructor.name === "Uint8Array") {
+    return o;
+  }
+  if (o instanceof ArrayBuffer) {
+    return new Uint8Array(o);
+  }
+  if (ArrayBuffer.isView(o)) {
+    return new Uint8Array(o.buffer, o.byteOffset, o.byteLength);
+  }
+  throw new Error("Unknown type, must be binary type");
+}
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/vendor/base-x.js
+function base(ALPHABET, name) {
+  if (ALPHABET.length >= 255) {
+    throw new TypeError("Alphabet too long");
+  }
+  var BASE_MAP = new Uint8Array(256);
+  for (var j = 0; j < BASE_MAP.length; j++) {
+    BASE_MAP[j] = 255;
+  }
+  for (var i = 0; i < ALPHABET.length; i++) {
+    var x = ALPHABET.charAt(i);
+    var xc = x.charCodeAt(0);
+    if (BASE_MAP[xc] !== 255) {
+      throw new TypeError(x + " is ambiguous");
+    }
+    BASE_MAP[xc] = i;
+  }
+  var BASE = ALPHABET.length;
+  var LEADER = ALPHABET.charAt(0);
+  var FACTOR = Math.log(BASE) / Math.log(256);
+  var iFACTOR = Math.log(256) / Math.log(BASE);
+  function encode3(source) {
+    if (source instanceof Uint8Array)
+      ;
+    else if (ArrayBuffer.isView(source)) {
+      source = new Uint8Array(source.buffer, source.byteOffset, source.byteLength);
+    } else if (Array.isArray(source)) {
+      source = Uint8Array.from(source);
+    }
+    if (!(source instanceof Uint8Array)) {
+      throw new TypeError("Expected Uint8Array");
+    }
+    if (source.length === 0) {
+      return "";
+    }
+    var zeroes = 0;
+    var length2 = 0;
+    var pbegin = 0;
+    var pend = source.length;
+    while (pbegin !== pend && source[pbegin] === 0) {
+      pbegin++;
+      zeroes++;
+    }
+    var size = (pend - pbegin) * iFACTOR + 1 >>> 0;
+    var b58 = new Uint8Array(size);
+    while (pbegin !== pend) {
+      var carry = source[pbegin];
+      var i2 = 0;
+      for (var it1 = size - 1; (carry !== 0 || i2 < length2) && it1 !== -1; it1--, i2++) {
+        carry += 256 * b58[it1] >>> 0;
+        b58[it1] = carry % BASE >>> 0;
+        carry = carry / BASE >>> 0;
+      }
+      if (carry !== 0) {
+        throw new Error("Non-zero carry");
+      }
+      length2 = i2;
+      pbegin++;
+    }
+    var it2 = size - length2;
+    while (it2 !== size && b58[it2] === 0) {
+      it2++;
+    }
+    var str = LEADER.repeat(zeroes);
+    for (; it2 < size; ++it2) {
+      str += ALPHABET.charAt(b58[it2]);
+    }
+    return str;
+  }
+  function decodeUnsafe(source) {
+    if (typeof source !== "string") {
+      throw new TypeError("Expected String");
+    }
+    if (source.length === 0) {
+      return new Uint8Array();
+    }
+    var psz = 0;
+    if (source[psz] === " ") {
+      return;
+    }
+    var zeroes = 0;
+    var length2 = 0;
+    while (source[psz] === LEADER) {
+      zeroes++;
+      psz++;
+    }
+    var size = (source.length - psz) * FACTOR + 1 >>> 0;
+    var b256 = new Uint8Array(size);
+    while (source[psz]) {
+      var carry = BASE_MAP[source.charCodeAt(psz)];
+      if (carry === 255) {
+        return;
+      }
+      var i2 = 0;
+      for (var it3 = size - 1; (carry !== 0 || i2 < length2) && it3 !== -1; it3--, i2++) {
+        carry += BASE * b256[it3] >>> 0;
+        b256[it3] = carry % 256 >>> 0;
+        carry = carry / 256 >>> 0;
+      }
+      if (carry !== 0) {
+        throw new Error("Non-zero carry");
+      }
+      length2 = i2;
+      psz++;
+    }
+    if (source[psz] === " ") {
+      return;
+    }
+    var it4 = size - length2;
+    while (it4 !== size && b256[it4] === 0) {
+      it4++;
+    }
+    var vch = new Uint8Array(zeroes + (size - it4));
+    var j2 = zeroes;
+    while (it4 !== size) {
+      vch[j2++] = b256[it4++];
+    }
+    return vch;
+  }
+  function decode5(string) {
+    var buffer = decodeUnsafe(string);
+    if (buffer) {
+      return buffer;
+    }
+    throw new Error(`Non-${name} character`);
+  }
+  return {
+    encode: encode3,
+    decodeUnsafe,
+    decode: decode5
+  };
+}
+var src = base;
+var _brrp__multiformats_scope_baseX = src;
+var base_x_default = _brrp__multiformats_scope_baseX;
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/bases/base.js
+var Encoder = class {
+  name;
+  prefix;
+  baseEncode;
+  constructor(name, prefix, baseEncode) {
+    this.name = name;
+    this.prefix = prefix;
+    this.baseEncode = baseEncode;
+  }
+  encode(bytes) {
+    if (bytes instanceof Uint8Array) {
+      return `${this.prefix}${this.baseEncode(bytes)}`;
+    } else {
+      throw Error("Unknown type, must be binary type");
+    }
+  }
+};
+var Decoder = class {
+  name;
+  prefix;
+  baseDecode;
+  prefixCodePoint;
+  constructor(name, prefix, baseDecode) {
+    this.name = name;
+    this.prefix = prefix;
+    const prefixCodePoint = prefix.codePointAt(0);
+    if (prefixCodePoint === void 0) {
+      throw new Error("Invalid prefix character");
+    }
+    this.prefixCodePoint = prefixCodePoint;
+    this.baseDecode = baseDecode;
+  }
+  decode(text) {
+    if (typeof text === "string") {
+      if (text.codePointAt(0) !== this.prefixCodePoint) {
+        throw Error(`Unable to decode multibase string ${JSON.stringify(text)}, ${this.name} decoder only supports inputs prefixed with ${this.prefix}`);
+      }
+      return this.baseDecode(text.slice(this.prefix.length));
+    } else {
+      throw Error("Can only multibase decode strings");
+    }
+  }
+  or(decoder) {
+    return or(this, decoder);
+  }
+};
+var ComposedDecoder = class {
+  decoders;
+  constructor(decoders) {
+    this.decoders = decoders;
+  }
+  or(decoder) {
+    return or(this, decoder);
+  }
+  decode(input) {
+    const prefix = input[0];
+    const decoder = this.decoders[prefix];
+    if (decoder != null) {
+      return decoder.decode(input);
+    } else {
+      throw RangeError(`Unable to decode multibase string ${JSON.stringify(input)}, only inputs prefixed with ${Object.keys(this.decoders)} are supported`);
+    }
+  }
+};
+function or(left, right) {
+  return new ComposedDecoder({
+    ...left.decoders ?? { [left.prefix]: left },
+    ...right.decoders ?? { [right.prefix]: right }
+  });
+}
+var Codec = class {
+  name;
+  prefix;
+  baseEncode;
+  baseDecode;
+  encoder;
+  decoder;
+  constructor(name, prefix, baseEncode, baseDecode) {
+    this.name = name;
+    this.prefix = prefix;
+    this.baseEncode = baseEncode;
+    this.baseDecode = baseDecode;
+    this.encoder = new Encoder(name, prefix, baseEncode);
+    this.decoder = new Decoder(name, prefix, baseDecode);
+  }
+  encode(input) {
+    return this.encoder.encode(input);
+  }
+  decode(input) {
+    return this.decoder.decode(input);
+  }
+};
+function from({ name, prefix, encode: encode3, decode: decode5 }) {
+  return new Codec(name, prefix, encode3, decode5);
+}
+function baseX({ name, prefix, alphabet }) {
+  const { encode: encode3, decode: decode5 } = base_x_default(alphabet, name);
+  return from({
+    prefix,
+    name,
+    encode: encode3,
+    decode: (text) => coerce(decode5(text))
+  });
+}
+function decode(string, alphabetIdx, bitsPerChar, name) {
+  let end = string.length;
+  while (string[end - 1] === "=") {
+    --end;
+  }
+  const out = new Uint8Array(end * bitsPerChar / 8 | 0);
+  let bits = 0;
+  let buffer = 0;
+  let written = 0;
+  for (let i = 0; i < end; ++i) {
+    const value = alphabetIdx[string[i]];
+    if (value === void 0) {
+      throw new SyntaxError(`Non-${name} character`);
+    }
+    buffer = buffer << bitsPerChar | value;
+    bits += bitsPerChar;
+    if (bits >= 8) {
+      bits -= 8;
+      out[written++] = 255 & buffer >> bits;
+    }
+  }
+  if (bits >= bitsPerChar || (255 & buffer << 8 - bits) !== 0) {
+    throw new SyntaxError("Unexpected end of data");
+  }
+  return out;
+}
+function encode(data, alphabet, bitsPerChar) {
+  const pad = alphabet[alphabet.length - 1] === "=";
+  const mask = (1 << bitsPerChar) - 1;
+  let out = "";
+  let bits = 0;
+  let buffer = 0;
+  for (let i = 0; i < data.length; ++i) {
+    buffer = buffer << 8 | data[i];
+    bits += 8;
+    while (bits > bitsPerChar) {
+      bits -= bitsPerChar;
+      out += alphabet[mask & buffer >> bits];
+    }
+  }
+  if (bits !== 0) {
+    out += alphabet[mask & buffer << bitsPerChar - bits];
+  }
+  if (pad) {
+    while ((out.length * bitsPerChar & 7) !== 0) {
+      out += "=";
+    }
+  }
+  return out;
+}
+function createAlphabetIdx(alphabet) {
+  const alphabetIdx = {};
+  for (let i = 0; i < alphabet.length; ++i) {
+    alphabetIdx[alphabet[i]] = i;
+  }
+  return alphabetIdx;
+}
+function rfc4648({ name, prefix, bitsPerChar, alphabet }) {
+  const alphabetIdx = createAlphabetIdx(alphabet);
+  return from({
+    prefix,
+    name,
+    encode(input) {
+      return encode(input, alphabet, bitsPerChar);
+    },
+    decode(input) {
+      return decode(input, alphabetIdx, bitsPerChar, name);
+    }
+  });
+}
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/bases/base32.js
+var base32 = rfc4648({
+  prefix: "b",
+  name: "base32",
+  alphabet: "abcdefghijklmnopqrstuvwxyz234567",
+  bitsPerChar: 5
+});
+var base32upper = rfc4648({
+  prefix: "B",
+  name: "base32upper",
+  alphabet: "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",
+  bitsPerChar: 5
+});
+var base32pad = rfc4648({
+  prefix: "c",
+  name: "base32pad",
+  alphabet: "abcdefghijklmnopqrstuvwxyz234567=",
+  bitsPerChar: 5
+});
+var base32padupper = rfc4648({
+  prefix: "C",
+  name: "base32padupper",
+  alphabet: "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567=",
+  bitsPerChar: 5
+});
+var base32hex = rfc4648({
+  prefix: "v",
+  name: "base32hex",
+  alphabet: "0123456789abcdefghijklmnopqrstuv",
+  bitsPerChar: 5
+});
+var base32hexupper = rfc4648({
+  prefix: "V",
+  name: "base32hexupper",
+  alphabet: "0123456789ABCDEFGHIJKLMNOPQRSTUV",
+  bitsPerChar: 5
+});
+var base32hexpad = rfc4648({
+  prefix: "t",
+  name: "base32hexpad",
+  alphabet: "0123456789abcdefghijklmnopqrstuv=",
+  bitsPerChar: 5
+});
+var base32hexpadupper = rfc4648({
+  prefix: "T",
+  name: "base32hexpadupper",
+  alphabet: "0123456789ABCDEFGHIJKLMNOPQRSTUV=",
+  bitsPerChar: 5
+});
+var base32z = rfc4648({
+  prefix: "h",
+  name: "base32z",
+  alphabet: "ybndrfg8ejkmcpqxot1uwisza345h769",
+  bitsPerChar: 5
+});
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/bases/base36.js
+var base36 = baseX({
+  prefix: "k",
+  name: "base36",
+  alphabet: "0123456789abcdefghijklmnopqrstuvwxyz"
+});
+var base36upper = baseX({
+  prefix: "K",
+  name: "base36upper",
+  alphabet: "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+});
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/bases/base58.js
+var base58btc = baseX({
+  name: "base58btc",
+  prefix: "z",
+  alphabet: "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
+});
+var base58flickr = baseX({
+  name: "base58flickr",
+  prefix: "Z",
+  alphabet: "123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ"
+});
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/vendor/varint.js
+var encode_1 = encode2;
+var MSB = 128;
+var REST = 127;
+var MSBALL = ~REST;
+var INT = Math.pow(2, 31);
+function encode2(num, out, offset) {
+  out = out || [];
+  offset = offset || 0;
+  var oldOffset = offset;
+  while (num >= INT) {
+    out[offset++] = num & 255 | MSB;
+    num /= 128;
+  }
+  while (num & MSBALL) {
+    out[offset++] = num & 255 | MSB;
+    num >>>= 7;
+  }
+  out[offset] = num | 0;
+  encode2.bytes = offset - oldOffset + 1;
+  return out;
+}
+var decode2 = read;
+var MSB$1 = 128;
+var REST$1 = 127;
+function read(buf, offset) {
+  var res = 0, offset = offset || 0, shift = 0, counter = offset, b, l = buf.length;
+  do {
+    if (counter >= l) {
+      read.bytes = 0;
+      throw new RangeError("Could not decode varint");
+    }
+    b = buf[counter++];
+    res += shift < 28 ? (b & REST$1) << shift : (b & REST$1) * Math.pow(2, shift);
+    shift += 7;
+  } while (b >= MSB$1);
+  read.bytes = counter - offset;
+  return res;
+}
+var N1 = Math.pow(2, 7);
+var N2 = Math.pow(2, 14);
+var N3 = Math.pow(2, 21);
+var N4 = Math.pow(2, 28);
+var N5 = Math.pow(2, 35);
+var N6 = Math.pow(2, 42);
+var N7 = Math.pow(2, 49);
+var N8 = Math.pow(2, 56);
+var N9 = Math.pow(2, 63);
+var length = function(value) {
+  return value < N1 ? 1 : value < N2 ? 2 : value < N3 ? 3 : value < N4 ? 4 : value < N5 ? 5 : value < N6 ? 6 : value < N7 ? 7 : value < N8 ? 8 : value < N9 ? 9 : 10;
+};
+var varint = {
+  encode: encode_1,
+  decode: decode2,
+  encodingLength: length
+};
+var _brrp_varint = varint;
+var varint_default = _brrp_varint;
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/varint.js
+function decode3(data, offset = 0) {
+  const code2 = varint_default.decode(data, offset);
+  return [code2, varint_default.decode.bytes];
+}
+function encodeTo(int, target, offset = 0) {
+  varint_default.encode(int, target, offset);
+  return target;
+}
+function encodingLength(int) {
+  return varint_default.encodingLength(int);
+}
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/hashes/digest.js
+function create(code2, digest) {
+  const size = digest.byteLength;
+  const sizeOffset = encodingLength(code2);
+  const digestOffset = sizeOffset + encodingLength(size);
+  const bytes = new Uint8Array(digestOffset + size);
+  encodeTo(code2, bytes, 0);
+  encodeTo(size, bytes, sizeOffset);
+  bytes.set(digest, digestOffset);
+  return new Digest(code2, size, digest, bytes);
+}
+function decode4(multihash) {
+  const bytes = coerce(multihash);
+  const [code2, sizeOffset] = decode3(bytes);
+  const [size, digestOffset] = decode3(bytes.subarray(sizeOffset));
+  const digest = bytes.subarray(sizeOffset + digestOffset);
+  if (digest.byteLength !== size) {
+    throw new Error("Incorrect length");
+  }
+  return new Digest(code2, size, digest, bytes);
+}
+function equals2(a, b) {
+  if (a === b) {
+    return true;
+  } else {
+    const data = b;
+    return a.code === data.code && a.size === data.size && data.bytes instanceof Uint8Array && equals(a.bytes, data.bytes);
+  }
+}
+var Digest = class {
+  code;
+  size;
+  digest;
+  bytes;
+  /**
+   * Creates a multihash digest.
+   */
+  constructor(code2, size, digest, bytes) {
+    this.code = code2;
+    this.size = size;
+    this.digest = digest;
+    this.bytes = bytes;
+  }
+};
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/cid.js
+function format(link, base2) {
+  const { bytes, version } = link;
+  switch (version) {
+    case 0:
+      return toStringV0(bytes, baseCache(link), base2 ?? base58btc.encoder);
+    default:
+      return toStringV1(bytes, baseCache(link), base2 ?? base32.encoder);
+  }
+}
+var cache = /* @__PURE__ */ new WeakMap();
+function baseCache(cid) {
+  const baseCache2 = cache.get(cid);
+  if (baseCache2 == null) {
+    const baseCache3 = /* @__PURE__ */ new Map();
+    cache.set(cid, baseCache3);
+    return baseCache3;
+  }
+  return baseCache2;
+}
+var CID = class _CID {
+  code;
+  version;
+  multihash;
+  bytes;
+  "/";
+  /**
+   * @param version - Version of the CID
+   * @param code - Code of the codec content is encoded in, see https://github.com/multiformats/multicodec/blob/master/table.csv
+   * @param multihash - (Multi)hash of the of the content.
+   */
+  constructor(version, code2, multihash, bytes) {
+    this.code = code2;
+    this.version = version;
+    this.multihash = multihash;
+    this.bytes = bytes;
+    this["/"] = bytes;
+  }
+  /**
+   * Signalling `cid.asCID === cid` has been replaced with `cid['/'] === cid.bytes`
+   * please either use `CID.asCID(cid)` or switch to new signalling mechanism
+   *
+   * @deprecated
+   */
+  get asCID() {
+    return this;
+  }
+  // ArrayBufferView
+  get byteOffset() {
+    return this.bytes.byteOffset;
+  }
+  // ArrayBufferView
+  get byteLength() {
+    return this.bytes.byteLength;
+  }
+  toV0() {
+    switch (this.version) {
+      case 0: {
+        return this;
+      }
+      case 1: {
+        const { code: code2, multihash } = this;
+        if (code2 !== DAG_PB_CODE) {
+          throw new Error("Cannot convert a non dag-pb CID to CIDv0");
+        }
+        if (multihash.code !== SHA_256_CODE) {
+          throw new Error("Cannot convert non sha2-256 multihash CID to CIDv0");
+        }
+        return _CID.createV0(multihash);
+      }
+      default: {
+        throw Error(`Can not convert CID version ${this.version} to version 0. This is a bug please report`);
+      }
+    }
+  }
+  toV1() {
+    switch (this.version) {
+      case 0: {
+        const { code: code2, digest } = this.multihash;
+        const multihash = create(code2, digest);
+        return _CID.createV1(this.code, multihash);
+      }
+      case 1: {
+        return this;
+      }
+      default: {
+        throw Error(`Can not convert CID version ${this.version} to version 1. This is a bug please report`);
+      }
+    }
+  }
+  equals(other) {
+    return _CID.equals(this, other);
+  }
+  static equals(self, other) {
+    const unknown = other;
+    return unknown != null && self.code === unknown.code && self.version === unknown.version && equals2(self.multihash, unknown.multihash);
+  }
+  toString(base2) {
+    return format(this, base2);
+  }
+  toJSON() {
+    return { "/": format(this) };
+  }
+  link() {
+    return this;
+  }
+  [Symbol.toStringTag] = "CID";
+  // Legacy
+  [Symbol.for("nodejs.util.inspect.custom")]() {
+    return `CID(${this.toString()})`;
+  }
+  /**
+   * Takes any input `value` and returns a `CID` instance if it was
+   * a `CID` otherwise returns `null`. If `value` is instanceof `CID`
+   * it will return value back. If `value` is not instance of this CID
+   * class, but is compatible CID it will return new instance of this
+   * `CID` class. Otherwise returns null.
+   *
+   * This allows two different incompatible versions of CID library to
+   * co-exist and interop as long as binary interface is compatible.
+   */
+  static asCID(input) {
+    if (input == null) {
+      return null;
+    }
+    const value = input;
+    if (value instanceof _CID) {
+      return value;
+    } else if (value["/"] != null && value["/"] === value.bytes || value.asCID === value) {
+      const { version, code: code2, multihash, bytes } = value;
+      return new _CID(version, code2, multihash, bytes ?? encodeCID(version, code2, multihash.bytes));
+    } else if (value[cidSymbol] === true) {
+      const { version, multihash, code: code2 } = value;
+      const digest = decode4(multihash);
+      return _CID.create(version, code2, digest);
+    } else {
+      return null;
+    }
+  }
+  /**
+   * @param version - Version of the CID
+   * @param code - Code of the codec content is encoded in, see https://github.com/multiformats/multicodec/blob/master/table.csv
+   * @param digest - (Multi)hash of the of the content.
+   */
+  static create(version, code2, digest) {
+    if (typeof code2 !== "number") {
+      throw new Error("String codecs are no longer supported");
+    }
+    if (!(digest.bytes instanceof Uint8Array)) {
+      throw new Error("Invalid digest");
+    }
+    switch (version) {
+      case 0: {
+        if (code2 !== DAG_PB_CODE) {
+          throw new Error(`Version 0 CID must use dag-pb (code: ${DAG_PB_CODE}) block encoding`);
+        } else {
+          return new _CID(version, code2, digest, digest.bytes);
+        }
+      }
+      case 1: {
+        const bytes = encodeCID(version, code2, digest.bytes);
+        return new _CID(version, code2, digest, bytes);
+      }
+      default: {
+        throw new Error("Invalid version");
+      }
+    }
+  }
+  /**
+   * Simplified version of `create` for CIDv0.
+   */
+  static createV0(digest) {
+    return _CID.create(0, DAG_PB_CODE, digest);
+  }
+  /**
+   * Simplified version of `create` for CIDv1.
+   *
+   * @param code - Content encoding format code.
+   * @param digest - Multihash of the content.
+   */
+  static createV1(code2, digest) {
+    return _CID.create(1, code2, digest);
+  }
+  /**
+   * Decoded a CID from its binary representation. The byte array must contain
+   * only the CID with no additional bytes.
+   *
+   * An error will be thrown if the bytes provided do not contain a valid
+   * binary representation of a CID.
+   */
+  static decode(bytes) {
+    const [cid, remainder] = _CID.decodeFirst(bytes);
+    if (remainder.length !== 0) {
+      throw new Error("Incorrect length");
+    }
+    return cid;
+  }
+  /**
+   * Decoded a CID from its binary representation at the beginning of a byte
+   * array.
+   *
+   * Returns an array with the first element containing the CID and the second
+   * element containing the remainder of the original byte array. The remainder
+   * will be a zero-length byte array if the provided bytes only contained a
+   * binary CID representation.
+   */
+  static decodeFirst(bytes) {
+    const specs = _CID.inspectBytes(bytes);
+    const prefixSize = specs.size - specs.multihashSize;
+    const multihashBytes = coerce(bytes.subarray(prefixSize, prefixSize + specs.multihashSize));
+    if (multihashBytes.byteLength !== specs.multihashSize) {
+      throw new Error("Incorrect length");
+    }
+    const digestBytes = multihashBytes.subarray(specs.multihashSize - specs.digestSize);
+    const digest = new Digest(specs.multihashCode, specs.digestSize, digestBytes, multihashBytes);
+    const cid = specs.version === 0 ? _CID.createV0(digest) : _CID.createV1(specs.codec, digest);
+    return [cid, bytes.subarray(specs.size)];
+  }
+  /**
+   * Inspect the initial bytes of a CID to determine its properties.
+   *
+   * Involves decoding up to 4 varints. Typically this will require only 4 to 6
+   * bytes but for larger multicodec code values and larger multihash digest
+   * lengths these varints can be quite large. It is recommended that at least
+   * 10 bytes be made available in the `initialBytes` argument for a complete
+   * inspection.
+   */
+  static inspectBytes(initialBytes) {
+    let offset = 0;
+    const next = () => {
+      const [i, length2] = decode3(initialBytes.subarray(offset));
+      offset += length2;
+      return i;
+    };
+    let version = next();
+    let codec = DAG_PB_CODE;
+    if (version === 18) {
+      version = 0;
+      offset = 0;
+    } else {
+      codec = next();
+    }
+    if (version !== 0 && version !== 1) {
+      throw new RangeError(`Invalid CID version ${version}`);
+    }
+    const prefixSize = offset;
+    const multihashCode = next();
+    const digestSize = next();
+    const size = offset + digestSize;
+    const multihashSize = size - prefixSize;
+    return { version, codec, multihashCode, digestSize, multihashSize, size };
+  }
+  /**
+   * Takes cid in a string representation and creates an instance. If `base`
+   * decoder is not provided will use a default from the configuration. It will
+   * throw an error if encoding of the CID is not compatible with supplied (or
+   * a default decoder).
+   */
+  static parse(source, base2) {
+    const [prefix, bytes] = parseCIDtoBytes(source, base2);
+    const cid = _CID.decode(bytes);
+    if (cid.version === 0 && source[0] !== "Q") {
+      throw Error("Version 0 CID string must not include multibase prefix");
+    }
+    baseCache(cid).set(prefix, source);
+    return cid;
+  }
+};
+function parseCIDtoBytes(source, base2) {
+  switch (source[0]) {
+    // CIDv0 is parsed differently
+    case "Q": {
+      const decoder = base2 ?? base58btc;
+      return [
+        base58btc.prefix,
+        decoder.decode(`${base58btc.prefix}${source}`)
+      ];
+    }
+    case base58btc.prefix: {
+      const decoder = base2 ?? base58btc;
+      return [base58btc.prefix, decoder.decode(source)];
+    }
+    case base32.prefix: {
+      const decoder = base2 ?? base32;
+      return [base32.prefix, decoder.decode(source)];
+    }
+    case base36.prefix: {
+      const decoder = base2 ?? base36;
+      return [base36.prefix, decoder.decode(source)];
+    }
+    default: {
+      if (base2 == null) {
+        throw Error("To parse non base32, base36 or base58btc encoded CID multibase decoder must be provided");
+      }
+      return [source[0], base2.decode(source)];
+    }
+  }
+}
+function toStringV0(bytes, cache2, base2) {
+  const { prefix } = base2;
+  if (prefix !== base58btc.prefix) {
+    throw Error(`Cannot string encode V0 in ${base2.name} encoding`);
+  }
+  const cid = cache2.get(prefix);
+  if (cid == null) {
+    const cid2 = base2.encode(bytes).slice(1);
+    cache2.set(prefix, cid2);
+    return cid2;
+  } else {
+    return cid;
+  }
+}
+function toStringV1(bytes, cache2, base2) {
+  const { prefix } = base2;
+  const cid = cache2.get(prefix);
+  if (cid == null) {
+    const cid2 = base2.encode(bytes);
+    cache2.set(prefix, cid2);
+    return cid2;
+  } else {
+    return cid;
+  }
+}
+var DAG_PB_CODE = 112;
+var SHA_256_CODE = 18;
+function encodeCID(version, code2, multihash) {
+  const codeOffset = encodingLength(version);
+  const hashOffset = codeOffset + encodingLength(code2);
+  const bytes = new Uint8Array(hashOffset + multihash.byteLength);
+  encodeTo(version, bytes, 0);
+  encodeTo(code2, bytes, codeOffset);
+  bytes.set(multihash, hashOffset);
+  return bytes;
+}
+var cidSymbol = Symbol.for("@ipld/js-cid/CID");
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/codecs/raw.js
+var code = 85;
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/hashes/sha2.js
+var import_crypto = __toESM(require("crypto"), 1);
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/hashes/hasher.js
+var DEFAULT_MIN_DIGEST_LENGTH = 20;
+function from2({ name, code: code2, encode: encode3, minDigestLength, maxDigestLength }) {
+  return new Hasher(name, code2, encode3, minDigestLength, maxDigestLength);
+}
+var Hasher = class {
+  name;
+  code;
+  encode;
+  minDigestLength;
+  maxDigestLength;
+  constructor(name, code2, encode3, minDigestLength, maxDigestLength) {
+    this.name = name;
+    this.code = code2;
+    this.encode = encode3;
+    this.minDigestLength = minDigestLength ?? DEFAULT_MIN_DIGEST_LENGTH;
+    this.maxDigestLength = maxDigestLength;
+  }
+  digest(input, options) {
+    if (options?.truncate != null) {
+      if (options.truncate < this.minDigestLength) {
+        throw new Error(`Invalid truncate option, must be greater than or equal to ${this.minDigestLength}`);
+      }
+      if (this.maxDigestLength != null && options.truncate > this.maxDigestLength) {
+        throw new Error(`Invalid truncate option, must be less than or equal to ${this.maxDigestLength}`);
+      }
+    }
+    if (input instanceof Uint8Array) {
+      const result = this.encode(input);
+      if (result instanceof Uint8Array) {
+        return createDigest(result, this.code, options?.truncate);
+      }
+      return result.then((digest) => createDigest(digest, this.code, options?.truncate));
+    } else {
+      throw Error("Unknown type, must be binary type");
+    }
+  }
+};
+function createDigest(digest, code2, truncate) {
+  if (truncate != null && truncate !== digest.byteLength) {
+    if (truncate > digest.byteLength) {
+      throw new Error(`Invalid truncate option, must be less than or equal to ${digest.byteLength}`);
+    }
+    digest = digest.subarray(0, truncate);
+  }
+  return create(code2, digest);
+}
+
+// ../../node_modules/.pnpm/multiformats@13.4.1/node_modules/multiformats/dist/src/hashes/sha2.js
+var sha256 = from2({
+  name: "sha2-256",
+  code: 18,
+  encode: (input) => coerce(import_crypto.default.createHash("sha256").update(input).digest())
+});
+var sha512 = from2({
+  name: "sha2-512",
+  code: 19,
+  encode: (input) => coerce(import_crypto.default.createHash("sha512").update(input).digest())
+});
+
+// src/cas.ts
+var IpfsCasExecutor = class {
+  #helia;
+  constructor(helia) {
+    this.#helia = helia;
+  }
+  async retrieve(hash) {
+    const hashBytes = (0, import_common.decode)(hash, "base64urlnopad");
+    const cid = CID.create(1, code, create(sha256.code, hashBytes));
+    try {
+      return await this.#helia.blockstore.get(cid);
+    } catch {
+      return null;
+    }
+  }
+  async publish(data) {
+    const digest = await sha256.digest(data);
+    const cid = CID.createV1(code, digest);
+    await this.#helia.blockstore.put(cid, data);
+    return btoa(String.fromCharCode(...digest.bytes.slice(2))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  }
+};
+var CasApi = class {
+  #executor;
+  constructor(config) {
+    if (config.executor) {
+      this.#executor = config.executor;
+    } else if (config.helia) {
+      this.#executor = new IpfsCasExecutor(config.helia);
+    } else {
+      throw new Error(
+        "CAS configuration requires either an executor or a Helia instance. Example: createApi({ cas: { helia: await createHelia() } })"
+      );
+    }
+  }
+  /**
+   * Retrieve a JSON object from the CAS by its SHA-256 hash bytes.
+   * @param hashBytes Raw SHA-256 hash bytes of the JCS-canonicalized object.
+   * @returns The parsed JSON object, or `null` if not found.
+   */
+  async retrieve(hashBytes) {
+    const hash = (0, import_common.encode)(hashBytes, "base64urlnopad");
+    const bytes = await this.#executor.retrieve(hash);
+    if (!bytes) return null;
+    return JSON.parse(new TextDecoder().decode(bytes));
+  }
+  /**
+   * Publish a JSON object to the CAS.
+   * The object is JCS-canonicalized before storage; the returned hash
+   * matches what `canonicalHash` (from @did-btcr2/common) would produce.
+   * @param object The JSON object to publish.
+   * @returns The base64url-encoded SHA-256 hash (content address).
+   */
+  async publish(object) {
+    const bytes = new TextEncoder().encode((0, import_common.canonicalize)(object));
+    return await this.#executor.publish(bytes);
+  }
+};
+
+// src/kms.ts
+var import_kms = require("@did-btcr2/kms");
+var KeyManagerApi = class {
+  /** The backing KeyManager instance. */
+  kms;
+  /** Create a new KeyManagerApi, optionally backed by a custom KeyManager. */
+  constructor(kms) {
+    this.kms = kms ?? new import_kms.Kms();
+  }
+  /** Generate a new key directly in the KMS. */
+  generateKey(options) {
+    return this.kms.generateKey(options);
+  }
+  /** Set the active key by its identifier. */
+  setActive(id) {
+    this.kms.setActiveKey(id);
+  }
+  /** Get the public key bytes for a key identifier. */
+  getPublicKey(id) {
+    return this.kms.getPublicKey(id);
+  }
+  /** Import a Schnorr keypair into the KMS. */
+  import(kp, options) {
+    return this.kms.importKey(kp, options);
+  }
+  /**
+   * Export a Schnorr keypair from the KMS.
+   * Only supported when the backing KMS is the built-in {@link Kms} class.
+   * @throws {Error} If the backing KMS does not support key export.
+   */
+  export(id) {
+    if (!(this.kms instanceof import_kms.Kms)) {
+      throw new Error(
+        "Key export is not supported by the current KeyManager implementation. Export is only available with the built-in Kms class."
+      );
+    }
+    return this.kms.exportKey(id);
+  }
+  /** List all managed key identifiers. */
+  listKeys() {
+    return this.kms.listKeys();
+  }
+  /** Remove a key from the KMS. */
+  removeKey(id, options = {}) {
+    return this.kms.removeKey(id, options);
+  }
+  /**
+   * Sign data via the KMS.
+   * @param data The data to sign (must be non-empty).
+   * @param id Optional key identifier; uses the active key if omitted.
+   * @param options Signing options (scheme defaults to 'schnorr').
+   */
+  sign(data, id, options) {
+    assertBytes(data, "data");
+    return this.kms.sign(data, id, options);
+  }
+  /** Verify a signature via the KMS. */
+  verify(signature, data, id, options) {
+    return this.kms.verify(signature, data, id, options);
+  }
+  /** Compute a SHA-256 digest. */
+  digest(data) {
+    return this.kms.digest(data);
+  }
+};
+
+// src/crypto.ts
+var import_cryptosuite = require("@did-btcr2/cryptosuite");
+var import_keypair = require("@did-btcr2/keypair");
+var KeyPairApi = class {
+  /**
+   * Generate a new Schnorr keypair.
+   * @returns The generated Schnorr keypair.
+   */
+  generate() {
+    return import_keypair.SchnorrKeyPair.generate();
+  }
+  /**
+   * Create a Schnorr keypair from secret key bytes or hex string.
+   * @param data The secret key bytes or hex string.
+   * @returns The created Schnorr keypair.
+   */
+  fromSecret(data) {
+    return import_keypair.SchnorrKeyPair.fromSecret(data);
+  }
+  /** Create a secret key from entropy (bytes or bigint). */
+  secretKeyFrom(ent) {
+    return new import_keypair.Secp256k1SecretKey(ent);
+  }
+  /** Create a compressed public key from bytes. */
+  publicKeyFrom(byt) {
+    return new import_keypair.CompressedSecp256k1PublicKey(byt);
+  }
+  /** Deserialize a keypair from a JSON object. */
+  fromJSON(obj) {
+    return import_keypair.SchnorrKeyPair.fromJSON(obj);
+  }
+  /** Serialize a keypair to a JSON object. */
+  toJSON(kp) {
+    return kp.exportJSON();
+  }
+  /** Compare two keypairs for equality. */
+  equals(kp1, kp2) {
+    return import_keypair.SchnorrKeyPair.equals(kp1, kp2);
+  }
+};
+var CryptosuiteApi = class {
+  #current;
+  /** The currently active cryptosuite, or `undefined` if none is set. */
+  get current() {
+    return this.#current;
+  }
+  /**
+   * Set the current cryptosuite for subsequent operations.
+   * @param cs The cryptosuite to activate.
+   * @returns `this` for chaining.
+   */
+  use(cs) {
+    this.#current = cs;
+    return this;
+  }
+  /** Clear the current cryptosuite. */
+  clear() {
+    this.#current = void 0;
+  }
+  /**
+   * Create a new Schnorr cryptosuite from a multikey.
+   * @param multikey The Schnorr multikey to use.
+   * @returns The created Schnorr cryptosuite.
+   */
+  create(multikey) {
+    return new import_cryptosuite.BIP340Cryptosuite(multikey);
+  }
+  /**
+   * Convenience: resolve a key from the KMS and create a cryptosuite in one step.
+   * @param id The multikey ID (e.g. '#initialKey').
+   * @param controller The DID that controls this key.
+   * @param keyId The KMS key identifier to resolve.
+   * @param kms The KeyManagerApi instance holding the key.
+   * @returns The created Schnorr cryptosuite.
+   */
+  createFromKms(id, controller, keyId, kms) {
+    const pubBytes = kms.getPublicKey(keyId);
+    const mk = import_cryptosuite.SchnorrMultikey.fromPublicKey({ id, controller, publicKeyBytes: pubBytes });
+    return new import_cryptosuite.BIP340Cryptosuite(mk);
+  }
+  /**
+   * Convert a cryptosuite to a Data Integrity Proof instance.
+   * Uses the current cryptosuite when `cryptosuite` is omitted.
+   * @param cryptosuite Optional explicit cryptosuite to convert.
+   * @returns The Data Integrity Proof instance.
+   */
+  toDataIntegrityProof(cryptosuite) {
+    const cs = cryptosuite ?? this.#requireCurrent();
+    return cs.toDataIntegrityProof();
+  }
+  /**
+   * Create a proof for a document.
+   * Uses the current cryptosuite when `cryptosuite` is omitted.
+   * @param document The document to create the proof for.
+   * @param config Configuration for the proof creation.
+   * @param cryptosuite Optional explicit cryptosuite; defaults to current.
+   * @returns The created proof.
+   */
+  createProof(document, config, cryptosuite) {
+    const cs = cryptosuite ?? this.#requireCurrent();
+    return cs.createProof(document, config);
+  }
+  /**
+   * Verify a proof for a document.
+   * Uses the current cryptosuite when `cryptosuite` is omitted.
+   * @param document The document to verify the proof for.
+   * @param cryptosuite Optional explicit cryptosuite; defaults to current.
+   * @returns The full verification result.
+   */
+  verifyProof(document, cryptosuite) {
+    const cs = cryptosuite ?? this.#requireCurrent();
+    return cs.verifyProof(document);
+  }
+  #requireCurrent() {
+    if (!this.#current) {
+      throw new Error(
+        "No current cryptosuite set. Call cryptosuite.use(cs) first, or pass an explicit instance."
+      );
+    }
+    return this.#current;
+  }
+};
+var DataIntegrityProofApi = class {
+  #current;
+  /** The currently active proof instance, or `undefined` if none is set. */
+  get current() {
+    return this.#current;
+  }
+  /**
+   * Set the current proof instance for subsequent operations.
+   * @param p The proof instance to activate.
+   * @returns `this` for chaining.
+   */
+  use(p) {
+    this.#current = p;
+    return this;
+  }
+  /** Clear the current proof instance. */
+  clear() {
+    this.#current = void 0;
+  }
+  /**
+   * Create a BIP340DataIntegrityProof instance with the given cryptosuite.
+   * @param cryptosuite The cryptosuite to use for proof operations.
+   * @returns The created BIP340DataIntegrityProof instance.
+   */
+  create(cryptosuite) {
+    return new import_cryptosuite.BIP340DataIntegrityProof(cryptosuite);
+  }
+  /**
+   * Add a proof to a document.
+   * Uses the current proof instance when `proof` is omitted.
+   * @param document The document to add the proof to.
+   * @param config Configuration for adding the proof.
+   * @param proof Optional explicit proof instance; defaults to current.
+   * @returns A document with a proof added.
+   */
+  addProof(document, config, proof) {
+    const p = proof ?? this.#requireCurrent();
+    return p.addProof(document, config);
+  }
+  /**
+   * Convenience: create a cryptosuite, proof instance, and sign a document
+   * in one call. Requires a multikey with signing capability.
+   * @param multikey The Schnorr multikey (must include secret key).
+   * @param document The unsigned document to sign.
+   * @param config The Data Integrity proof configuration.
+   * @returns The signed document with proof attached.
+   */
+  signDocument(multikey, document, config) {
+    const cs = new import_cryptosuite.BIP340Cryptosuite(multikey);
+    const proofInst = new import_cryptosuite.BIP340DataIntegrityProof(cs);
+    return proofInst.addProof(document, config);
+  }
+  /**
+   * Verify a proof using a BIP340DataIntegrityProof instance.
+   * Uses the current proof instance when `proof` is omitted.
+   * @param document The document to verify the proof for.
+   * @param expectedPurpose The expected proof purpose.
+   * @param mediaType The media type of the document.
+   * @param expectedDomain The expected domain for the proof.
+   * @param expectedChallenge The expected challenge for the proof.
+   * @param proof Optional explicit proof instance; defaults to current.
+   * @returns The result of verifying the proof.
+   */
+  verifyProof(document, expectedPurpose, mediaType, expectedDomain, expectedChallenge, proof) {
+    const p = proof ?? this.#requireCurrent();
+    return p.verifyProof(
+      document,
+      expectedPurpose,
+      mediaType,
+      expectedDomain,
+      expectedChallenge
+    );
+  }
+  #requireCurrent() {
+    if (!this.#current) {
+      throw new Error(
+        "No current proof instance set. Call proof.use(p) first, or pass an explicit instance."
+      );
+    }
+    return this.#current;
+  }
+};
+var MultikeyApi = class {
+  #current;
+  /** The currently active multikey, or `undefined` if none is set. */
+  get current() {
+    return this.#current;
+  }
+  /**
+   * Set the current multikey for subsequent operations.
+   * @param mk The multikey to activate.
+   * @returns `this` for chaining.
+   */
+  use(mk) {
+    this.#current = mk;
+    return this;
+  }
+  /** Clear the current multikey. */
+  clear() {
+    this.#current = void 0;
+  }
+  /**
+   * Create a new Schnorr multikey from a keypair.
+   * @param id The multikey ID.
+   * @param controller The multikey controller.
+   * @param keyPair The Schnorr keypair to use.
+   * @returns The created Schnorr multikey.
+   */
+  create(id, controller, keyPair) {
+    return new import_cryptosuite.SchnorrMultikey({ id, controller, keyPair });
+  }
+  /**
+   * Create a Schnorr multikey from raw secret key bytes.
+   * @param id The multikey ID.
+   * @param controller The multikey controller.
+   * @param secretKeyBytes The secret key bytes.
+   * @returns The created Schnorr multikey.
+   */
+  fromSecretKey(id, controller, secretKeyBytes) {
+    return import_cryptosuite.SchnorrMultikey.fromSecretKey(id, controller, secretKeyBytes);
+  }
+  /**
+   * Create a verification-only multikey from public key bytes.
+   * @param params The id, controller, and publicKeyBytes.
+   * @returns The created Multikey.
+   */
+  fromPublicKey(params) {
+    return import_cryptosuite.SchnorrMultikey.fromPublicKey(params);
+  }
+  /**
+   * Convenience: resolve a key from the KMS and create a multikey in one step.
+   * @param id The multikey ID.
+   * @param controller The multikey controller DID.
+   * @param keyId The KMS key identifier to resolve.
+   * @param kms The KeyManagerApi instance holding the key.
+   * @returns The created Multikey (verification-only; public key from KMS).
+   */
+  fromKms(id, controller, keyId, kms) {
+    const pubBytes = kms.getPublicKey(keyId);
+    return import_cryptosuite.SchnorrMultikey.fromPublicKey({ id, controller, publicKeyBytes: pubBytes });
+  }
+  /**
+   * Reconstruct a multikey from a DID document's verification method.
+   * @param verificationMethod The verification method to convert.
+   * @returns The reconstructed multikey.
+   */
+  fromVerificationMethod(verificationMethod) {
+    return import_cryptosuite.SchnorrMultikey.fromVerificationMethod(verificationMethod);
+  }
+  /**
+   * Produce a DID Verification Method JSON from a multikey.
+   * Uses the current multikey when `mk` is omitted.
+   * @param mk Optional explicit multikey; defaults to current.
+   */
+  toVerificationMethod(mk) {
+    const m = mk ?? this.#requireCurrent();
+    return m.toVerificationMethod();
+  }
+  /**
+   * Sign bytes via the multikey (requires secret).
+   * Uses the current multikey when `mk` is omitted.
+   * @param data The data to sign.
+   * @param mk Optional explicit multikey; defaults to current.
+   */
+  sign(data, mk) {
+    const m = mk ?? this.#requireCurrent();
+    return m.sign(data);
+  }
+  /**
+   * Verify signature via multikey.
+   * Uses the current multikey when `mk` is omitted.
+   * @param data The data that was signed.
+   * @param signature The signature to verify.
+   * @param mk Optional explicit multikey; defaults to current.
+   */
+  verify(data, signature, mk) {
+    const m = mk ?? this.#requireCurrent();
+    return m.verify(signature, data);
+  }
+  #requireCurrent() {
+    if (!this.#current) {
+      throw new Error(
+        "No current multikey set. Call multikey.use(mk) first, or pass an explicit instance."
+      );
+    }
+    return this.#current;
+  }
+};
+var CryptoApi = class {
+  /** Schnorr keypair operations. */
+  keypair = new KeyPairApi();
+  /** Schnorr Multikey operations (optionally stateful). */
+  multikey = new MultikeyApi();
+  /** Schnorr Cryptosuite operations (optionally stateful). */
+  cryptosuite = new CryptosuiteApi();
+  /** Data Integrity Proof operations (optionally stateful). */
+  proof = new DataIntegrityProofApi();
+  /**
+   * Activate a multikey and propagate through the full pipeline.
+   * Sets the current multikey, creates a cryptosuite from it, and creates
+   * a proof instance from the cryptosuite — all three sub-facades become
+   * ready for stateful operations.
+   * @param mk The multikey to activate (must include a secret key for signing).
+   * @returns `this` for chaining.
+   */
+  activate(mk) {
+    this.multikey.use(mk);
+    const cs = this.cryptosuite.create(mk);
+    this.cryptosuite.use(cs);
+    const p = this.proof.create(cs);
+    this.proof.use(p);
+    return this;
+  }
+  /**
+   * Clear stateful defaults from all sub-facades.
+   */
+  deactivate() {
+    this.multikey.clear();
+    this.cryptosuite.clear();
+    this.proof.clear();
+  }
+  /**
+   * Sign data using the current multikey.
+   * Shorthand for `crypto.multikey.sign(data)`.
+   * @param data The data to sign.
+   * @returns The signature bytes.
+   */
+  sign(data) {
+    return this.multikey.sign(data);
+  }
+  /**
+   * Verify a signature using the current multikey.
+   * Shorthand for `crypto.multikey.verify(data, signature)`.
+   * @param data The data that was signed.
+   * @param signature The signature to verify.
+   * @returns `true` if the signature is valid.
+   */
+  verify(data, signature) {
+    return this.multikey.verify(data, signature);
+  }
+  /**
+   * Sign a BTCR2 update document using the current proof instance.
+   * Shorthand for `crypto.proof.addProof(document, config)`.
+   *
+   * Requires {@link activate} to have been called first, or the three
+   * sub-facades to have been configured individually.
+   * @param document The unsigned BTCR2 update document.
+   * @param config The Data Integrity proof configuration.
+   * @returns The signed document with proof attached.
+   */
+  signDocument(document, config) {
+    return this.proof.addProof(document, config);
+  }
+  /**
+   * Verify a signed BTCR2 update document using the current cryptosuite.
+   * Shorthand for `crypto.cryptosuite.verifyProof(document)`.
+   * @param document The signed document to verify.
+   * @returns The full verification result.
+   */
+  verifyDocument(document) {
+    return this.cryptosuite.verifyProof(document);
+  }
+};
+
+// src/did.ts
+var import_common2 = require("@did-btcr2/common");
+var import_keypair2 = require("@did-btcr2/keypair");
+var import_method = require("@did-btcr2/method");
+var import_dids = require("@web5/dids");
+var DidApi = class {
+  /**
+   * Encode a DID from genesis bytes and options.
+   * @param genesisBytes The genesis document bytes.
+   * @param options The creation options.
+   * @returns The encoded DID string.
+   */
+  encode(genesisBytes, options) {
+    assertBytes(genesisBytes, "genesisBytes");
+    return import_method.Identifier.encode(genesisBytes, options);
+  }
+  /**
+   * Decode a DID into its components.
+   * @param did The DID string to decode.
+   * @returns The decoded identifier components.
+   */
+  decode(did) {
+    assertString(did, "did");
+    return import_method.Identifier.decode(did);
+  }
+  /**
+   * Generate a new DID along with its keypair.
+   *
+   * When no `network` is given, defaults to `'regtest'` (upstream default).
+   * Pass an explicit network to generate DIDs for other networks.
+   *
+   * @param network Optional network to generate the DID for.
+   * @returns The generated keypair and DID string.
+   */
+  generate(network) {
+    if (!network) return import_method.Identifier.generate();
+    const kp = import_keypair2.SchnorrKeyPair.generate();
+    const did = import_method.Identifier.encode(kp.publicKey.compressed, {
+      idType: import_common2.IdentifierTypes.KEY,
+      network
+    });
+    return { keyPair: kp.exportJSON(), did };
+  }
+  /**
+   * Check if a DID string is valid.
+   * @param did The DID string to validate.
+   * @returns `true` if valid, `false` otherwise.
+   */
+  isValid(did) {
+    if (typeof did !== "string" || did.length === 0) return false;
+    return import_method.Identifier.isValid(did);
+  }
+  /**
+   * Parse a DID string into a Did instance.
+   * @param did The DID string to parse.
+   * @returns The parsed Did instance, or `null` if parsing failed.
+   */
+  parse(did) {
+    if (typeof did !== "string" || did.length === 0) return null;
+    return import_dids.Did.parse(did);
+  }
+};
+
+// src/method.ts
+var import_common3 = require("@did-btcr2/common");
+var import_method2 = require("@did-btcr2/method");
+var DidMethodApi = class {
+  #btc;
+  #cas;
+  #log;
+  constructor(btc, cas, logger) {
+    this.#btc = btc;
+    this.#cas = cas;
+    this.#log = logger ?? NOOP_LOGGER;
+  }
+  /**
+   * Create a deterministic (k1) DID from a public key.
+   * Sets idType to KEY automatically.
+   * @param genesisBytes The compressed public key bytes (33 bytes).
+   * @param options Creation options (idType is set for you).
+   * @returns The created DID identifier string.
+   */
+  createDeterministic(genesisBytes, options = {}) {
+    assertCompressedPubkey(genesisBytes, "genesisBytes");
+    return import_method2.DidBtcr2.create(genesisBytes, { ...options, idType: import_common3.IdentifierTypes.KEY });
+  }
+  /**
+   * Create a non-deterministic (x1) DID from external genesis document bytes.
+   * Sets idType to EXTERNAL automatically.
+   * @param genesisBytes The genesis document bytes.
+   * @param options Creation options (idType is set for you).
+   * @returns The created DID identifier string.
+   */
+  createExternal(genesisBytes, options = {}) {
+    assertBytes(genesisBytes, "genesisBytes");
+    return import_method2.DidBtcr2.create(genesisBytes, { ...options, idType: import_common3.IdentifierTypes.EXTERNAL });
+  }
+  /**
+   * Resolve a DID by driving the sans-I/O `Resolver` state machine (from @did-btcr2/method).
+   * If a Bitcoin connection is configured on the API, it is used automatically
+   * to fetch beacon signals. Sidecar data flows through `options.sidecar`.
+   * @param did The DID to resolve.
+   * @param options Resolution options.
+   * @returns The resolution result.
+   */
+  async resolve(did, options) {
+    assertString(did, "did");
+    this.#log.debug("Resolving DID", did);
+    try {
+      const resolver = import_method2.DidBtcr2.resolve(did, options);
+      let state = resolver.resolve();
+      while (state.status === "action-required") {
+        for (const need of state.needs) {
+          switch (need.kind) {
+            case "NeedBeaconSignals": {
+              if (!this.#btc) {
+                throw new Error(
+                  "Bitcoin connection required to fetch beacon signals. Configure a BitcoinApi on the DidBtcr2Api instance."
+                );
+              }
+              this.#log.debug(
+                "Fetching beacon signals for %d service(s)",
+                need.beaconServices.length
+              );
+              const signals = await import_method2.BeaconSignalDiscovery.indexer(
+                [...need.beaconServices],
+                this.#btc.connection
+              );
+              resolver.provide(need, signals);
+              break;
+            }
+            case "NeedGenesisDocument": {
+              if (!this.#cas) {
+                throw new Error(
+                  `Genesis document required but not in sidecar (hash: ${need.genesisHash}), and no CAS driver configured. Either provide the genesis document via options.sidecar.genesisDocument or configure a CAS driver.`
+                );
+              }
+              this.#log.debug("Fetching genesis document from CAS: %s", need.genesisHash);
+              const doc = await this.#cas.retrieve((0, import_common3.decode)(need.genesisHash, "hex"));
+              if (!doc) {
+                throw new Error(
+                  `Genesis document not found in CAS (hash: ${need.genesisHash}).`
+                );
+              }
+              resolver.provide(need, doc);
+              break;
+            }
+            case "NeedCASAnnouncement": {
+              if (!this.#cas) {
+                throw new Error(
+                  `CAS announcement required but not in sidecar (hash: ${need.announcementHash}), and no CAS driver configured. Either provide it via options.sidecar.casUpdates or configure a CAS driver.`
+                );
+              }
+              this.#log.debug("Fetching CAS announcement from CAS: %s", need.announcementHash);
+              const announcement = await this.#cas.retrieve((0, import_common3.decode)(need.announcementHash, "hex"));
+              if (!announcement) {
+                throw new Error(
+                  `CAS announcement not found in CAS (hash: ${need.announcementHash}).`
+                );
+              }
+              resolver.provide(need, announcement);
+              break;
+            }
+            case "NeedSignedUpdate": {
+              if (!this.#cas) {
+                throw new Error(
+                  `Signed update required but not in sidecar (hash: ${need.updateHash}), and no CAS driver configured. Either provide it via options.sidecar.updates or configure a CAS driver.`
+                );
+              }
+              this.#log.debug("Fetching signed update from CAS: %s", need.updateHash);
+              const update = await this.#cas.retrieve((0, import_common3.decode)(need.updateHash, "hex"));
+              if (!update) {
+                throw new Error(
+                  `Signed update not found in CAS (hash: ${need.updateHash}).`
+                );
+              }
+              resolver.provide(need, update);
+              break;
+            }
+          }
+        }
+        state = resolver.resolve();
+      }
+      this.#log.debug("DID resolved successfully", did, state.result.metadata);
+      return {
+        didResolutionMetadata: {},
+        didDocument: state.result.didDocument,
+        didDocumentMetadata: state.result.metadata
+      };
+    } catch (err) {
+      this.#log.error("DID resolution failed", did, err);
+      throw new Error(
+        `Failed to resolve DID: ${did}`,
+        { cause: err }
+      );
+    }
+  }
+  /**
+   * Update an existing DID document. If a Bitcoin connection is configured on
+   * the API, it is injected automatically.
+   * @param params The update parameters.
+   * @returns The signed update.
+   */
+  async update({
+    sourceDocument,
+    patches,
+    sourceVersionId,
+    verificationMethodId,
+    beaconId,
+    signingMaterial,
+    bitcoin
+  }) {
+    const btcConnection = bitcoin ?? this.#btc?.connection ?? void 0;
+    return await import_method2.DidBtcr2.update({
+      sourceDocument,
+      patches,
+      sourceVersionId,
+      verificationMethodId,
+      beaconId,
+      signingMaterial,
+      bitcoin: btcConnection
+    });
+  }
+  /**
+   * Get the signing method from a DID document by method ID.
+   * @param didDocument The DID document.
+   * @param methodId The method ID (if omitted, the first signing method is returned).
+   * @returns The found signing method.
+   */
+  getSigningMethod(didDocument, methodId) {
+    return import_method2.DidBtcr2.getSigningMethod(didDocument, methodId);
+  }
+  /**
+   * Create a fluent builder for a DID update operation.
+   * @param sourceDocument The current DID document to update.
+   * @returns An {@link UpdateBuilder} for chaining update parameters.
+   *
+   * @example
+   * ```ts
+   * const signed = await api.btcr2
+   *   .buildUpdate(currentDoc)
+   *   .patch({ op: 'add', path: '/service/1', value: newService })
+   *   .version(2)
+   *   .signer('#initialKey')
+   *   .beacon('#beacon-0')
+   *   .execute();
+   * ```
+   */
+  buildUpdate(sourceDocument) {
+    return new UpdateBuilder(this, sourceDocument);
+  }
+  /** Deactivate a DID (not yet implemented in the core method). */
+  async deactivate() {
+    throw new import_common3.NotImplementedError(
+      "DidMethodApi.deactivate is not implemented yet.",
+      {
+        type: "DID_API_METHOD_NOT_IMPLEMENTED",
+        name: "NOT_IMPLEMENTED_ERROR"
+      }
+    );
+  }
+};
+var UpdateBuilder = class {
+  #methodApi;
+  #sourceDocument;
+  #patches = [];
+  #sourceVersionId;
+  #verificationMethodId;
+  #beaconId;
+  #signingMaterial;
+  #bitcoin;
+  /** @internal */
+  constructor(methodApi, sourceDocument) {
+    this.#methodApi = methodApi;
+    this.#sourceDocument = sourceDocument;
+  }
+  /** Add a single JSON Patch operation. Can be called multiple times. */
+  patch(op) {
+    this.#patches.push(op);
+    return this;
+  }
+  /** Set all patches at once (replaces any previously added). */
+  patches(ops) {
+    this.#patches = [...ops];
+    return this;
+  }
+  /** Set the source version ID. */
+  version(id) {
+    this.#sourceVersionId = id;
+    return this;
+  }
+  /** Set the verification method ID used for signing. */
+  signer(methodId) {
+    this.#verificationMethodId = methodId;
+    return this;
+  }
+  /** Set the beacon ID for the update announcement. */
+  beacon(beaconId) {
+    this.#beaconId = beaconId;
+    return this;
+  }
+  /** Set the signing material (secret key bytes or hex). */
+  signingMaterial(material) {
+    this.#signingMaterial = material;
+    return this;
+  }
+  /** Override the Bitcoin connection for this update. */
+  withBitcoin(connection) {
+    this.#bitcoin = connection;
+    return this;
+  }
+  /**
+   * Execute the update.
+   * @throws {Error} If required fields (version, signer, beacon) are missing.
+   */
+  async execute() {
+    if (this.#sourceVersionId === void 0) {
+      throw new Error("UpdateBuilder: sourceVersionId is required. Call .version(id) before .execute().");
+    }
+    if (!this.#verificationMethodId) {
+      throw new Error("UpdateBuilder: verificationMethodId is required. Call .signer(id) before .execute().");
+    }
+    if (!this.#beaconId) {
+      throw new Error("UpdateBuilder: beaconId is required. Call .beacon(id) before .execute().");
+    }
+    return this.#methodApi.update({
+      sourceDocument: this.#sourceDocument,
+      patches: this.#patches,
+      sourceVersionId: this.#sourceVersionId,
+      verificationMethodId: this.#verificationMethodId,
+      beaconId: this.#beaconId,
+      signingMaterial: this.#signingMaterial,
+      bitcoin: this.#bitcoin
+    });
+  }
+};
+
+// src/api.ts
+var import_keypair3 = require("@did-btcr2/keypair");
+var DidBtcr2Api = class {
+  /** Cryptographic operations (keypair, multikey, cryptosuite, proof). */
+  crypto;
+  /** DID identifier operations (encode, decode, generate, parse). */
+  did;
+  /** Key management operations. */
+  kms;
+  #btcConfig;
+  #btc;
+  #casConfig;
+  #cas;
+  #btcr2;
+  #log;
+  #disposed = false;
+  constructor(config) {
+    this.#btcConfig = config?.btc;
+    this.#casConfig = config?.cas;
+    this.#log = config?.logger ?? NOOP_LOGGER;
+    this.kms = new KeyManagerApi(config?.kms);
+    this.did = new DidApi();
+    this.crypto = new CryptoApi();
+  }
+  /**
+   * Bitcoin API sub-facade (lazily initialized).
+   * Only available when `btc` config was provided to the constructor.
+   * @throws {Error} If the instance has been disposed or no Bitcoin config was provided.
+   */
+  get btc() {
+    this.#assertNotDisposed();
+    if (!this.#btc) {
+      if (!this.#btcConfig) {
+        throw new Error(
+          "Bitcoin not configured. Pass a btc config to createApi(), e.g.: createApi({ btc: { network: 'regtest' } })"
+        );
+      }
+      this.#btc = new BitcoinApi(this.#btcConfig);
+    }
+    return this.#btc;
+  }
+  /**
+   * CAS API sub-facade (lazily initialized).
+   * Only available when `cas` config was provided to the constructor.
+   * @throws {Error} If the instance has been disposed or no CAS config was provided.
+   */
+  get cas() {
+    this.#assertNotDisposed();
+    if (!this.#cas) {
+      if (!this.#casConfig) {
+        throw new Error(
+          "CAS not configured. Pass a cas config to createApi(), e.g.: createApi({ cas: { helia: await createHelia() } })"
+        );
+      }
+      this.#cas = new CasApi(this.#casConfig);
+    }
+    return this.#cas;
+  }
+  /**
+   * DID Method API sub-facade (lazily initialized with bitcoin + CAS wiring).
+   * @throws {Error} If the instance has been disposed.
+   */
+  get btcr2() {
+    this.#assertNotDisposed();
+    if (!this.#btcr2) {
+      this.#btcr2 = new DidMethodApi(
+        this.#btcConfig ? this.btc : void 0,
+        this.#casConfig ? this.cas : void 0,
+        this.#log
+      );
+    }
+    return this.#btcr2;
+  }
+  /**
+   * Whether this API instance has been disposed.
+   */
+  get disposed() {
+    return this.#disposed;
+  }
+  /**
+   * Create a DID using either deterministic (KEY) or external (EXTERNAL) mode.
+   * @param type The creation mode.
+   * @param genesisBytes Public key bytes (deterministic) or document bytes (external).
+   * @param options Creation options (idType is set for you).
+   * @returns The created DID identifier string.
+   */
+  createDid(type, genesisBytes, options) {
+    this.#assertNotDisposed();
+    return type === "deterministic" ? this.btcr2.createDeterministic(genesisBytes, options) : this.btcr2.createExternal(genesisBytes, options);
+  }
+  /**
+   * Generate a new DID, create the keypair, and import it into the KMS.
+   * @param options Optional settings.
+   * @param options.setActive Whether to set the imported key as active in the KMS (default `true`).
+   * @param options.network Network for the generated DID (default `'regtest'`).
+   * @returns The generated DID string and KMS key identifier.
+   */
+  generateDid(options) {
+    this.#assertNotDisposed();
+    const { keyPair, did } = this.did.generate(options?.network);
+    const kp = import_keypair3.SchnorrKeyPair.fromJSON(keyPair);
+    const keyId = this.kms.import(kp, { setActive: options?.setActive ?? true });
+    return { did, keyId };
+  }
+  /**
+   * Resolve a DID, automatically injecting the configured Bitcoin connection.
+   * @param did The DID to resolve.
+   * @param options Optional resolution options.
+   * @returns The resolution result.
+   */
+  async resolveDid(did, options) {
+    this.#assertNotDisposed();
+    return await this.btcr2.resolve(did, options);
+  }
+  /**
+   * Resolve a DID and return a discriminated result instead of throwing.
+   * Useful when resolution failure is an expected outcome (e.g. checking
+   * whether a DID exists before creating it).
+   * @param did The DID to resolve.
+   * @param options Optional resolution options.
+   * @returns A {@link ResolutionResult} with `ok: true` on success or
+   *          `ok: false` with error details on failure.
+   */
+  async tryResolveDid(did, options) {
+    this.#assertNotDisposed();
+    assertString(did, "did");
+    try {
+      const raw = await this.btcr2.resolve(did, options);
+      if (raw.didDocument) {
+        return {
+          ok: true,
+          document: raw.didDocument,
+          metadata: raw.didDocumentMetadata,
+          raw
+        };
+      }
+      return {
+        ok: false,
+        error: raw.didResolutionMetadata?.error ?? "unknown",
+        errorMessage: raw.didResolutionMetadata?.errorMessage,
+        raw
+      };
+    } catch (err) {
+      return {
+        ok: false,
+        error: "internalError",
+        errorMessage: err.message,
+        raw: {
+          didDocument: null,
+          didDocumentMetadata: {},
+          didResolutionMetadata: { error: "internalError", errorMessage: err.message }
+        }
+      };
+    }
+  }
+  /**
+   * Update a DID document: resolve the current state, apply patches, sign, and announce.
+   * Automatically injects the configured Bitcoin connection.
+   *
+   * If `sourceDocument` and `sourceVersionId` are both provided, resolution
+   * is skipped. Otherwise the DID is resolved first to obtain them.
+   * @param params The update parameters.
+   * @returns The signed update.
+   */
+  async updateDid({
+    did,
+    patches,
+    verificationMethodId,
+    beaconId,
+    sourceDocument,
+    sourceVersionId
+  }) {
+    this.#assertNotDisposed();
+    assertString(did, "did");
+    let doc = sourceDocument;
+    let versionId = sourceVersionId;
+    if (!doc || versionId === void 0) {
+      const resolution = await this.resolveDid(did);
+      if (!resolution.didDocument) {
+        const meta = resolution.didResolutionMetadata;
+        const detail = meta?.error ? `: ${meta.error}` : ".";
+        const extra = meta?.errorMessage ? ` ${meta.errorMessage}` : "";
+        throw new Error(
+          `Failed to resolve DID ${did} for update${detail}${extra}`,
+          { cause: meta }
+        );
+      }
+      doc = doc ?? resolution.didDocument;
+      if (versionId === void 0) {
+        const rawVersionId = resolution.didDocumentMetadata?.versionId;
+        if (rawVersionId === void 0 || rawVersionId === null) {
+          throw new Error(
+            `Resolution of DID ${did} succeeded but returned no versionId in metadata. Provide sourceVersionId explicitly.`
+          );
+        }
+        const parsed = Number(rawVersionId);
+        if (!Number.isFinite(parsed)) {
+          throw new Error(
+            `Resolution of DID ${did} returned a non-numeric versionId: ${String(rawVersionId)}.`
+          );
+        }
+        versionId = parsed;
+      }
+    }
+    return await this.btcr2.update({
+      sourceDocument: doc,
+      patches,
+      sourceVersionId: versionId,
+      verificationMethodId,
+      beaconId
+    });
+  }
+  /**
+   * Release internal references. After disposal, accessing `btc`, `btcr2`,
+   * or calling top-level methods will throw.
+   *
+   * Note: the underlying `BitcoinConnection` does not hold persistent
+   * connections, so this is primarily a guard against accidental reuse.
+   */
+  dispose() {
+    this.#btc = void 0;
+    this.#cas = void 0;
+    this.#btcr2 = void 0;
+    this.#btcConfig = void 0;
+    this.#casConfig = void 0;
+    this.#disposed = true;
+  }
+  #assertNotDisposed() {
+    if (this.#disposed) {
+      throw new Error("This DidBtcr2Api instance has been disposed and can no longer be used.");
+    }
+  }
+};
+function createApi(config) {
+  return new DidBtcr2Api(config);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BitcoinApi,
+  CasApi,
+  CryptoApi,
+  CryptosuiteApi,
+  DataIntegrityProofApi,
+  DidApi,
+  DidBtcr2Api,
+  DidDocument,
+  DidDocumentBuilder,
+  DidMethodApi,
+  Identifier,
+  IdentifierTypes,
+  IpfsCasExecutor,
+  KeyManagerApi,
+  KeyPairApi,
+  MultikeyApi,
+  NOOP_LOGGER,
+  UpdateBuilder,
+  assertBytes,
+  assertCompressedPubkey,
+  assertString,
+  createApi
+});