@did-btcr2/kms 0.4.2 → 0.5.0

package/dist/cjs/kms.js

@@ -1,232 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Kms = void 0;
-const common_1 = require("@did-btcr2/common");
-const keypair_1 = require("@did-btcr2/keypair");
-const sha2_js_1 = require("@noble/hashes/sha2.js");
-const store_js_1 = require("./store.js");
-/**
- * Key Management System for the did:btcr2 DID method.
- *
- * Implements the {@link KeyManager} interface with a pluggable
- * {@link KeyValueStore} (defaults to {@link MemoryStore}).
- *
- * Supports both signing (secret key present) and watch-only
- * (public-key-only) key entries, and both Schnorr and ECDSA
- * signature schemes.
- *
- */
-class Kms {
-    #store;
-    #activeKeyId;
-    /**
-     * Create a new KMS instance.
-     *
-     * @param {KeyValueStore<KeyIdentifier, KeyEntry>} [store] Optional key-value store.
-     * Defaults to in-memory store if not provided.
-     */
-    constructor(store) {
-        this.#store = store ?? new store_js_1.MemoryStore();
-    }
-    /**
-     * Get the active key identifier.
-     *
-     * @returns {KeyIdentifier | undefined} The active key identifier, or undefined if none is set.
-     */
-    get activeKeyId() {
-        return this.#activeKeyId;
-    }
-    /**
-     * Generate a URN-style key identifier from compressed public key bytes.
-     * Format: `urn:kms:secp256k1:<fingerprint>` where fingerprint is the
-     * first 8 bytes of SHA-256(publicKey), hex-encoded.
-     *
-     * @param {KeyBytes} publicKeyBytes Compressed secp256k1 public key bytes.
-     * @returns {KeyIdentifier} The generated key identifier.
-     */
-    #generateUrn(publicKeyBytes) {
-        const hash = (0, sha2_js_1.sha256)(publicKeyBytes);
-        const fingerprint = Array.from(hash.slice(0, 8))
-            .map(b => b.toString(16).padStart(2, '0'))
-            .join('');
-        return `urn:kms:secp256k1:${fingerprint}`;
-    }
-    /**
-     * Retrieve a key entry or throw if not found / no active key set.
-     *
-     * @param {KeyIdentifier} [id] Key identifier. Uses active key if omitted.
-     * @returns {KeyEntry} The retrieved key entry.
-     * @throws {KeyManagerError} If key not found or no active key set.
-     */
-    #getEntryOrThrow(id) {
-        const keyId = id ?? this.#activeKeyId;
-        if (!keyId) {
-            throw new common_1.KeyManagerError('No active key set', 'ACTIVE_KEY_NOT_SET');
-        }
-        const entry = this.#store.get(keyId);
-        if (!entry) {
-            throw new common_1.KeyManagerError(`Key not found: ${keyId}`, 'KEY_NOT_FOUND');
-        }
-        return entry;
-    }
-    /**
-     * Set the active key.
-     *
-     * @param id The key identifier to set as active.
-     * @throws {KeyManagerError} If the key is not found.
-     */
-    setActiveKey(id) {
-        this.#getEntryOrThrow(id);
-        this.#activeKeyId = id;
-    }
-    /**
-     * Get the compressed public key bytes for a key.
-     *
-     * @param id Key identifier. Uses active key if omitted.
-     * @returns Compressed secp256k1 public key bytes.
-     * @throws {KeyManagerError} If key not found or no active key set.
-     */
-    getPublicKey(id) {
-        return this.#getEntryOrThrow(id).publicKey;
-    }
-    /**
-     * Sign data using the specified key.
-     *
-     * @param {Bytes} data The data to sign.
-     * @param {KeyIdentifier} [id] Key identifier. Uses active key if omitted.
-     * @param {SignOptions} [options] Signing options (scheme defaults to 'schnorr').
-     * @returns {SignatureBytes} The signature bytes.
-     * @throws {KeyManagerError} If key not found, no active key, or key cannot sign.
-     */
-    sign(data, id, options = {}) {
-        const entry = this.#getEntryOrThrow(id);
-        if (!entry.secretKey) {
-            const keyId = id ?? this.#activeKeyId;
-            throw new common_1.KeyManagerError(`Key is not a signing key: ${keyId}`, 'KEY_NOT_SIGNER');
-        }
-        const kp = new keypair_1.SchnorrKeyPair({ secretKey: entry.secretKey });
-        return kp.secretKey.sign(data, { scheme: options.scheme ?? 'schnorr' });
-    }
-    /**
-     * Verify a signature using the specified key.
-     *
-     * @param {SignatureBytes} signature The signature bytes to verify.
-     * @param {Bytes} data The data that was signed.
-     * @param {KeyIdentifier} [id] Key identifier. Uses active key if omitted.
-     * @param {SignOptions} [options] Verification options (scheme defaults to 'schnorr').
-     * @returns {boolean} True if the signature is valid, false otherwise.
-     * @throws {KeyManagerError} If key not found or no active key set.
-     */
-    verify(signature, data, id, options = {}) {
-        const entry = this.#getEntryOrThrow(id);
-        const kp = new keypair_1.SchnorrKeyPair({ publicKey: entry.publicKey });
-        return kp.publicKey.verify(signature, data, { scheme: options.scheme ?? 'schnorr' });
-    }
-    /**
-     * Import a key pair into the KMS.
-     *
-     * @param {SchnorrKeyPair} keyPair The key pair to import.
-     * @param {ImportKeyOptions} [options] Import options (id, tags, setActive).
-     * @returns {KeyIdentifier} The identifier of the imported key.
-     * @throws {KeyManagerError} If a key with the same identifier already exists.
-     */
-    importKey(keyPair, options = {}) {
-        const id = options.id ?? this.#generateUrn(keyPair.publicKey.compressed);
-        if (this.#store.has(id)) {
-            throw new common_1.KeyManagerError(`Key already exists: ${id}`, 'KEY_FOUND');
-        }
-        // Build key entry — secret key may not be available for watch-only pairs
-        const entry = {
-            publicKey: keyPair.publicKey.compressed,
-            ...(options.tags && { tags: options.tags }),
-        };
-        try {
-            if (keyPair.secretKey) {
-                entry.secretKey = keyPair.secretKey.bytes;
-            }
-        }
-        catch {
-            // Public-key-only key pair — secretKey getter throws
-        }
-        this.#store.set(id, entry);
-        if (options.setActive) {
-            this.#activeKeyId = id;
-        }
-        return id;
-    }
-    /**
-     * Remove a key from the KMS.
-     *
-     * @param {KeyIdentifier} id The key identifier to remove.
-     * @param {Object} [options] Removal options.
-     * @param {boolean} [options.force=false] Force removal of active key.
-     * @throws {KeyManagerError} If key not found or attempting to remove active key without force.
-     */
-    removeKey(id, options = {}) {
-        if (this.#activeKeyId === id && !options.force) {
-            throw new common_1.KeyManagerError('Cannot remove active key (use "force": true or switch active key)', 'ACTIVE_KEY_DELETE');
-        }
-        if (!this.#store.has(id)) {
-            throw new common_1.KeyManagerError(`Key not found: ${id}`, 'KEY_NOT_FOUND');
-        }
-        this.#store.delete(id);
-        if (this.#activeKeyId === id) {
-            this.#activeKeyId = undefined;
-        }
-    }
-    /**
-     * List all key identifiers in the KMS.
-     *
-     * @returns {KeyIdentifier[]} Array of key identifiers.
-     */
-    listKeys() {
-        return this.#store.entries().map(([k]) => k);
-    }
-    /**
-     * Compute the SHA-256 digest of the given data.
-     *
-     * @param {Uint8Array} data The data to digest.
-     * @returns {HashBytes} The SHA-256 hash of the data.
-     */
-    digest(data) {
-        return (0, sha2_js_1.sha256)(data);
-    }
-    /**
-     * Generate a new secp256k1 key pair and store it in the KMS.
-     *
-     * @param {GenerateKeyOptions} [options] Generation options (tags, setActive).
-     * @returns {KeyIdentifier} The identifier of the generated key.
-     */
-    generateKey(options = {}) {
-        const kp = keypair_1.SchnorrKeyPair.generate();
-        const id = this.#generateUrn(kp.publicKey.compressed);
-        const entry = {
-            secretKey: kp.secretKey.bytes,
-            publicKey: kp.publicKey.compressed,
-            ...(options.tags && { tags: options.tags }),
-        };
-        this.#store.set(id, entry);
-        if (options.setActive) {
-            this.#activeKeyId = id;
-        }
-        return id;
-    }
-    /**
-     * Export the key pair for a stored key.
-     *
-     * Only available on the concrete {@link Kms} class, not on the
-     * {@link KeyManager} interface. HSM or hardware-backed implementations
-     * may not support key export.
-     *
-     * @param {KeyIdentifier} id The key identifier to export.
-     * @returns {SchnorrKeyPair} The reconstructed SchnorrKeyPair.
-     */
-    exportKey(id) {
-        const entry = this.#getEntryOrThrow(id);
-        if (entry.secretKey) {
-            return new keypair_1.SchnorrKeyPair({ secretKey: entry.secretKey });
-        }
-        return new keypair_1.SchnorrKeyPair({ publicKey: entry.publicKey });
-    }
-}
-exports.Kms = Kms;

package/dist/cjs/store.js

@@ -1,34 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.MemoryStore = void 0;
-/**
- * In-memory key-value store backed by a Map.
- */
-class MemoryStore {
-    #store = new Map();
-    clear() {
-        this.#store.clear();
-    }
-    close() {
-        /** no-op */
-    }
-    delete(key) {
-        return this.#store.delete(key);
-    }
-    get(key) {
-        return this.#store.get(key);
-    }
-    has(key) {
-        return this.#store.has(key);
-    }
-    list() {
-        return Array.from(this.#store.values());
-    }
-    entries() {
-        return Array.from(this.#store.entries());
-    }
-    set(key, value) {
-        this.#store.set(key, value);
-    }
-}
-exports.MemoryStore = MemoryStore;

package/dist/esm/interface.js

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=interface.js.map

package/dist/esm/interface.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"interface.js","sourceRoot":"","sources":["../../src/interface.ts"],"names":[],"mappings":""}

package/dist/esm/kms.js

@@ -1,229 +0,0 @@
-import { KeyManagerError } from '@did-btcr2/common';
-import { SchnorrKeyPair } from '@did-btcr2/keypair';
-import { sha256 } from '@noble/hashes/sha2.js';
-import { MemoryStore } from './store.js';
-/**
- * Key Management System for the did:btcr2 DID method.
- *
- * Implements the {@link KeyManager} interface with a pluggable
- * {@link KeyValueStore} (defaults to {@link MemoryStore}).
- *
- * Supports both signing (secret key present) and watch-only
- * (public-key-only) key entries, and both Schnorr and ECDSA
- * signature schemes.
- *
- */
-export class Kms {
-    #store;
-    #activeKeyId;
-    /**
-     * Create a new KMS instance.
-     *
-     * @param {KeyValueStore<KeyIdentifier, KeyEntry>} [store] Optional key-value store.
-     * Defaults to in-memory store if not provided.
-     */
-    constructor(store) {
-        this.#store = store ?? new MemoryStore();
-    }
-    /**
-     * Get the active key identifier.
-     *
-     * @returns {KeyIdentifier | undefined} The active key identifier, or undefined if none is set.
-     */
-    get activeKeyId() {
-        return this.#activeKeyId;
-    }
-    /**
-     * Generate a URN-style key identifier from compressed public key bytes.
-     * Format: `urn:kms:secp256k1:<fingerprint>` where fingerprint is the
-     * first 8 bytes of SHA-256(publicKey), hex-encoded.
-     *
-     * @param {KeyBytes} publicKeyBytes Compressed secp256k1 public key bytes.
-     * @returns {KeyIdentifier} The generated key identifier.
-     */
-    #generateUrn(publicKeyBytes) {
-        const hash = sha256(publicKeyBytes);
-        const fingerprint = Array.from(hash.slice(0, 8))
-            .map(b => b.toString(16).padStart(2, '0'))
-            .join('');
-        return `urn:kms:secp256k1:${fingerprint}`;
-    }
-    /**
-     * Retrieve a key entry or throw if not found / no active key set.
-     *
-     * @param {KeyIdentifier} [id] Key identifier. Uses active key if omitted.
-     * @returns {KeyEntry} The retrieved key entry.
-     * @throws {KeyManagerError} If key not found or no active key set.
-     */
-    #getEntryOrThrow(id) {
-        const keyId = id ?? this.#activeKeyId;
-        if (!keyId) {
-            throw new KeyManagerError('No active key set', 'ACTIVE_KEY_NOT_SET');
-        }
-        const entry = this.#store.get(keyId);
-        if (!entry) {
-            throw new KeyManagerError(`Key not found: ${keyId}`, 'KEY_NOT_FOUND');
-        }
-        return entry;
-    }
-    /**
-     * Set the active key.
-     *
-     * @param id The key identifier to set as active.
-     * @throws {KeyManagerError} If the key is not found.
-     */
-    setActiveKey(id) {
-        this.#getEntryOrThrow(id);
-        this.#activeKeyId = id;
-    }
-    /**
-     * Get the compressed public key bytes for a key.
-     *
-     * @param id Key identifier. Uses active key if omitted.
-     * @returns Compressed secp256k1 public key bytes.
-     * @throws {KeyManagerError} If key not found or no active key set.
-     */
-    getPublicKey(id) {
-        return this.#getEntryOrThrow(id).publicKey;
-    }
-    /**
-     * Sign data using the specified key.
-     *
-     * @param {Bytes} data The data to sign.
-     * @param {KeyIdentifier} [id] Key identifier. Uses active key if omitted.
-     * @param {SignOptions} [options] Signing options (scheme defaults to 'schnorr').
-     * @returns {SignatureBytes} The signature bytes.
-     * @throws {KeyManagerError} If key not found, no active key, or key cannot sign.
-     */
-    sign(data, id, options = {}) {
-        const entry = this.#getEntryOrThrow(id);
-        if (!entry.secretKey) {
-            const keyId = id ?? this.#activeKeyId;
-            throw new KeyManagerError(`Key is not a signing key: ${keyId}`, 'KEY_NOT_SIGNER');
-        }
-        const kp = new SchnorrKeyPair({ secretKey: entry.secretKey });
-        return kp.secretKey.sign(data, { scheme: options.scheme ?? 'schnorr' });
-    }
-    /**
-     * Verify a signature using the specified key.
-     *
-     * @param {SignatureBytes} signature The signature bytes to verify.
-     * @param {Bytes} data The data that was signed.
-     * @param {KeyIdentifier} [id] Key identifier. Uses active key if omitted.
-     * @param {SignOptions} [options] Verification options (scheme defaults to 'schnorr').
-     * @returns {boolean} True if the signature is valid, false otherwise.
-     * @throws {KeyManagerError} If key not found or no active key set.
-     */
-    verify(signature, data, id, options = {}) {
-        const entry = this.#getEntryOrThrow(id);
-        const kp = new SchnorrKeyPair({ publicKey: entry.publicKey });
-        return kp.publicKey.verify(signature, data, { scheme: options.scheme ?? 'schnorr' });
-    }
-    /**
-     * Import a key pair into the KMS.
-     *
-     * @param {SchnorrKeyPair} keyPair The key pair to import.
-     * @param {ImportKeyOptions} [options] Import options (id, tags, setActive).
-     * @returns {KeyIdentifier} The identifier of the imported key.
-     * @throws {KeyManagerError} If a key with the same identifier already exists.
-     */
-    importKey(keyPair, options = {}) {
-        const id = options.id ?? this.#generateUrn(keyPair.publicKey.compressed);
-        if (this.#store.has(id)) {
-            throw new KeyManagerError(`Key already exists: ${id}`, 'KEY_FOUND');
-        }
-        // Build key entry — secret key may not be available for watch-only pairs
-        const entry = {
-            publicKey: keyPair.publicKey.compressed,
-            ...(options.tags && { tags: options.tags }),
-        };
-        try {
-            if (keyPair.secretKey) {
-                entry.secretKey = keyPair.secretKey.bytes;
-            }
-        }
-        catch {
-            // Public-key-only key pair — secretKey getter throws
-        }
-        this.#store.set(id, entry);
-        if (options.setActive) {
-            this.#activeKeyId = id;
-        }
-        return id;
-    }
-    /**
-     * Remove a key from the KMS.
-     *
-     * @param {KeyIdentifier} id The key identifier to remove.
-     * @param {Object} [options] Removal options.
-     * @param {boolean} [options.force=false] Force removal of active key.
-     * @throws {KeyManagerError} If key not found or attempting to remove active key without force.
-     */
-    removeKey(id, options = {}) {
-        if (this.#activeKeyId === id && !options.force) {
-            throw new KeyManagerError('Cannot remove active key (use "force": true or switch active key)', 'ACTIVE_KEY_DELETE');
-        }
-        if (!this.#store.has(id)) {
-            throw new KeyManagerError(`Key not found: ${id}`, 'KEY_NOT_FOUND');
-        }
-        this.#store.delete(id);
-        if (this.#activeKeyId === id) {
-            this.#activeKeyId = undefined;
-        }
-    }
-    /**
-     * List all key identifiers in the KMS.
-     *
-     * @returns {KeyIdentifier[]} Array of key identifiers.
-     */
-    listKeys() {
-        return this.#store.entries().map(([k]) => k);
-    }
-    /**
-     * Compute the SHA-256 digest of the given data.
-     *
-     * @param {Uint8Array} data The data to digest.
-     * @returns {HashBytes} The SHA-256 hash of the data.
-     */
-    digest(data) {
-        return sha256(data);
-    }
-    /**
-     * Generate a new secp256k1 key pair and store it in the KMS.
-     *
-     * @param {GenerateKeyOptions} [options] Generation options (tags, setActive).
-     * @returns {KeyIdentifier} The identifier of the generated key.
-     */
-    generateKey(options = {}) {
-        const kp = SchnorrKeyPair.generate();
-        const id = this.#generateUrn(kp.publicKey.compressed);
-        const entry = {
-            secretKey: kp.secretKey.bytes,
-            publicKey: kp.publicKey.compressed,
-            ...(options.tags && { tags: options.tags }),
-        };
-        this.#store.set(id, entry);
-        if (options.setActive) {
-            this.#activeKeyId = id;
-        }
-        return id;
-    }
-    /**
-     * Export the key pair for a stored key.
-     *
-     * Only available on the concrete {@link Kms} class, not on the
-     * {@link KeyManager} interface. HSM or hardware-backed implementations
-     * may not support key export.
-     *
-     * @param {KeyIdentifier} id The key identifier to export.
-     * @returns {SchnorrKeyPair} The reconstructed SchnorrKeyPair.
-     */
-    exportKey(id) {
-        const entry = this.#getEntryOrThrow(id);
-        if (entry.secretKey) {
-            return new SchnorrKeyPair({ secretKey: entry.secretKey });
-        }
-        return new SchnorrKeyPair({ publicKey: entry.publicKey });
-    }
-}
-//# sourceMappingURL=kms.js.map

package/dist/esm/kms.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"kms.js","sourceRoot":"","sources":["../../src/kms.ts"],"names":[],"mappings":"AAMA,OAAO,EACL,eAAe,EAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAU/C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC;;;;;;;;;;GAUG;AACH,MAAM,OAAO,GAAG;IACd,MAAM,CAAyC;IAC/C,YAAY,CAAiB;IAE7B;;;;;OAKG;IACH,YAAY,KAA8C;QACxD,IAAI,CAAC,MAAM,GAAG,KAAK,IAAI,IAAI,WAAW,EAA2B,CAAC;IACpE,CAAC;IAED;;;;OAIG;IACH,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;;;;;;OAOG;IACH,YAAY,CAAC,cAAwB;QACnC,MAAM,IAAI,GAAG,MAAM,CAAC,cAAc,CAAC,CAAC;QACpC,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;aAC7C,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aACzC,IAAI,CAAC,EAAE,CAAC,CAAC;QACZ,OAAO,qBAAqB,WAAW,EAAE,CAAC;IAC5C,CAAC;IAED;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAkB;QACjC,MAAM,KAAK,GAAG,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC;QACtC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,eAAe,CAAC,mBAAmB,EAAE,oBAAoB,CAAC,CAAC;QACvE,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,eAAe,CAAC,kBAAkB,KAAK,EAAE,EAAE,eAAe,CAAC,CAAC;QACxE,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;OAKG;IACH,YAAY,CAAC,EAAiB;QAC5B,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAC1B,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC;IACzB,CAAC;IAED;;;;;;OAMG;IACH,YAAY,CAAC,EAAkB;QAC7B,OAAO,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;IAC7C,CAAC;IAED;;;;;;;;OAQG;IACH,IAAI,CAAC,IAAW,EAAE,EAAkB,EAAE,UAAuB,EAAE;QAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QACxC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC;YACtC,MAAM,IAAI,eAAe,CAAC,6BAA6B,KAAK,EAAE,EAAE,gBAAgB,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,EAAE,GAAG,IAAI,cAAc,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QAC9D,OAAO,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CAAC,SAAyB,EAAE,IAAW,EAAE,EAAkB,EAAE,UAAuB,EAAE;QAC1F,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QACxC,MAAM,EAAE,GAAG,IAAI,cAAc,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QAC9D,OAAO,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IACvF,CAAC;IAED;;;;;;;OAOG;IACH,SAAS,CAAC,OAAuB,EAAE,UAA4B,EAAE;QAC/D,MAAM,EAAE,GAAG,OAAO,CAAC,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAEzE,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,eAAe,CAAC,uBAAuB,EAAE,EAAE,EAAE,WAAW,CAAC,CAAC;QACtE,CAAC;QAED,yEAAyE;QACzE,MAAM,KAAK,GAAa;YACtB,SAAS,EAAG,OAAO,CAAC,SAAS,CAAC,UAAU;YACxC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;SAC5C,CAAC;QAEF,IAAI,CAAC;YACH,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtB,KAAK,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC;YAC5C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,qDAAqD;QACvD,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAE3B,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC;QACzB,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;;;;;;OAOG;IACH,SAAS,CAAC,EAAiB,EAAE,UAA+B,EAAE;QAC5D,IAAI,IAAI,CAAC,YAAY,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YAC/C,MAAM,IAAI,eAAe,CACvB,mEAAmE,EACnE,mBAAmB,CACpB,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,eAAe,CAAC,kBAAkB,EAAE,EAAE,EAAE,eAAe,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAEvB,IAAI,IAAI,CAAC,YAAY,KAAK,EAAE,EAAE,CAAC;YAC7B,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,IAAgB;QACrB,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;IAED;;;;;OAKG;IACH,WAAW,CAAC,UAA8B,EAAE;QAC1C,MAAM,EAAE,GAAG,cAAc,CAAC,QAAQ,EAAE,CAAC;QACrC,MAAM,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAEtD,MAAM,KAAK,GAAa;YACtB,SAAS,EAAG,EAAE,CAAC,SAAS,CAAC,KAAK;YAC9B,SAAS,EAAG,EAAE,CAAC,SAAS,CAAC,UAAU;YACnC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;SAC5C,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAE3B,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC;QACzB,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;;;;;;;;OASG;IACH,SAAS,CAAC,EAAiB;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QACxC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,IAAI,cAAc,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,OAAO,IAAI,cAAc,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;IAC5D,CAAC;CACF"}

package/dist/esm/store.js

@@ -1,31 +0,0 @@
-/**
- * In-memory key-value store backed by a Map.
- */
-export class MemoryStore {
-    #store = new Map();
-    clear() {
-        this.#store.clear();
-    }
-    close() {
-        /** no-op */
-    }
-    delete(key) {
-        return this.#store.delete(key);
-    }
-    get(key) {
-        return this.#store.get(key);
-    }
-    has(key) {
-        return this.#store.has(key);
-    }
-    list() {
-        return Array.from(this.#store.values());
-    }
-    entries() {
-        return Array.from(this.#store.entries());
-    }
-    set(key, value) {
-        this.#store.set(key, value);
-    }
-}
-//# sourceMappingURL=store.js.map

package/dist/esm/store.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/store.ts"],"names":[],"mappings":"AA0BA;;GAEG;AACH,MAAM,OAAO,WAAW;IACtB,MAAM,GAAc,IAAI,GAAG,EAAE,CAAC;IAE9B,KAAK;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IAED,KAAK;QACH,YAAY;IACd,CAAC;IAED,MAAM,CAAC,GAAM;QACX,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,GAAG,CAAC,GAAM;QACR,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED,GAAG,CAAC,GAAM;QACR,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED,IAAI;QACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO;QACL,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,GAAG,CAAC,GAAM,EAAE,KAAQ;QAClB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC9B,CAAC;CACF"}

package/dist/types/interface.d.ts

@@ -1,111 +0,0 @@
-import type { Bytes, HashBytes, KeyBytes, SignatureBytes } from '@did-btcr2/common';
-import type { SchnorrKeyPair } from '@did-btcr2/keypair';
-/** Opaque key identifier string. */
-export type KeyIdentifier = string;
-/** Supported signature schemes. */
-export type SigningScheme = 'schnorr' | 'ecdsa';
-/** Options for sign and verify operations. */
-export type SignOptions = {
-    /** Signature scheme. Defaults to 'schnorr'. */
-    scheme?: SigningScheme;
-};
-/** Stored key entry with optional secret key and metadata tags. */
-export type KeyEntry = {
-    /** Secret key bytes. Undefined for public-key-only (watch-only) entries. */
-    secretKey?: KeyBytes;
-    /** Compressed secp256k1 public key bytes. Always present. */
-    publicKey: KeyBytes;
-    /** Arbitrary metadata tags (e.g. derivation path, account, DID). */
-    tags?: Record<string, string>;
-};
-/** Options for importing a key. */
-export type ImportKeyOptions = {
-    /** Custom key identifier. Auto-generated URN if omitted. */
-    id?: KeyIdentifier;
-    /** Whether to set this key as the active key. Defaults to false. */
-    setActive?: boolean;
-    /** Metadata tags to associate with the key. */
-    tags?: Record<string, string>;
-};
-/** Options for generating a key. */
-export type GenerateKeyOptions = {
-    /** Whether to set the generated key as the active key. Defaults to false. */
-    setActive?: boolean;
-    /** Metadata tags to associate with the key. */
-    tags?: Record<string, string>;
-};
-/**
- * Interface for key management operations.
- * @interface KeyManager
- */
-export interface KeyManager {
-    /** The ID of the active key. */
-    readonly activeKeyId?: KeyIdentifier;
-    /**
-     * Set the active key.
-     * @param id The key identifier to set as active.
-     * @throws {KeyManagerError} If the key is not found.
-     */
-    setActiveKey(id: KeyIdentifier): void;
-    /**
-     * Import a key pair. May be public-key-only for watch-only entries.
-     * @param keyPair The key pair to import.
-     * @param options Import options.
-     * @returns The key identifier of the imported key.
-     * @throws {KeyManagerError} If the key already exists.
-     */
-    importKey(keyPair: SchnorrKeyPair, options?: ImportKeyOptions): KeyIdentifier;
-    /**
-     * Remove a key from the store.
-     * @param id The key identifier to remove.
-     * @param options Removal options.
-     * @throws {KeyManagerError} If removing the active key without force, or key not found.
-     */
-    removeKey(id: KeyIdentifier, options?: {
-        force?: boolean;
-    }): void;
-    /**
-     * List all key identifiers.
-     * @returns Array of key identifiers.
-     */
-    listKeys(): KeyIdentifier[];
-    /**
-     * Get the compressed public key bytes for a key.
-     * @param id Key identifier. Uses active key if omitted.
-     * @returns Compressed secp256k1 public key bytes.
-     * @throws {KeyManagerError} If key not found or no active key set.
-     */
-    getPublicKey(id?: KeyIdentifier): KeyBytes;
-    /**
-     * Sign data using the specified key.
-     * @param data The data to sign.
-     * @param id Key identifier. Uses active key if omitted.
-     * @param options Signing options (scheme defaults to 'schnorr').
-     * @returns The signature bytes.
-     * @throws {KeyManagerError} If key not found, no active key, or key cannot sign.
-     */
-    sign(data: Bytes, id?: KeyIdentifier, options?: SignOptions): SignatureBytes;
-    /**
-     * Verify a signature using the specified key.
-     * @param signature The signature to verify.
-     * @param data The data that was signed.
-     * @param id Key identifier. Uses active key if omitted.
-     * @param options Verification options (scheme defaults to 'schnorr').
-     * @returns True if the signature is valid.
-     * @throws {KeyManagerError} If key not found or no active key set.
-     */
-    verify(signature: SignatureBytes, data: Bytes, id?: KeyIdentifier, options?: SignOptions): boolean;
-    /**
-     * Compute a SHA-256 hash of the given data.
-     * @param data The data to hash.
-     * @returns The hash bytes.
-     */
-    digest(data: Uint8Array): HashBytes;
-    /**
-     * Generate a new key pair and store it.
-     * @param options Generation options.
-     * @returns The key identifier of the generated key.
-     */
-    generateKey(options?: GenerateKeyOptions): KeyIdentifier;
-}
-//# sourceMappingURL=interface.d.ts.map

package/dist/types/interface.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../src/interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACpF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEzD,oCAAoC;AACpC,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC;AAEnC,mCAAmC;AACnC,MAAM,MAAM,aAAa,GAAG,SAAS,GAAG,OAAO,CAAC;AAEhD,8CAA8C;AAC9C,MAAM,MAAM,WAAW,GAAG;IACxB,+CAA+C;IAC/C,MAAM,CAAC,EAAE,aAAa,CAAC;CACxB,CAAC;AAEF,mEAAmE;AACnE,MAAM,MAAM,QAAQ,GAAG;IACrB,4EAA4E;IAC5E,SAAS,CAAC,EAAE,QAAQ,CAAC;IACrB,6DAA6D;IAC7D,SAAS,EAAE,QAAQ,CAAC;IACpB,oEAAoE;IACpE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B,CAAC;AAEF,mCAAmC;AACnC,MAAM,MAAM,gBAAgB,GAAG;IAC7B,4DAA4D;IAC5D,EAAE,CAAC,EAAE,aAAa,CAAC;IACnB,oEAAoE;IACpE,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,+CAA+C;IAC/C,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B,CAAC;AAEF,oCAAoC;AACpC,MAAM,MAAM,kBAAkB,GAAG;IAC/B,6EAA6E;IAC7E,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,+CAA+C;IAC/C,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B,CAAC;AAEF;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,gCAAgC;IAChC,QAAQ,CAAC,WAAW,CAAC,EAAE,aAAa,CAAC;IAErC;;;;OAIG;IACH,YAAY,CAAC,EAAE,EAAE,aAAa,GAAG,IAAI,CAAC;IAEtC;;;;;;OAMG;IACH,SAAS,CAAC,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,aAAa,CAAC;IAE9E;;;;;OAKG;IACH,SAAS,CAAC,EAAE,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,IAAI,CAAC;IAElE;;;OAGG;IACH,QAAQ,IAAI,aAAa,EAAE,CAAC;IAE5B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,CAAC,EAAE,aAAa,GAAG,QAAQ,CAAC;IAE3C;;;;;;;OAOG;IACH,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,cAAc,CAAC;IAE7E;;;;;;;;OAQG;IACH,MAAM,CAAC,SAAS,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC;IAEnG;;;;OAIG;IACH,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,SAAS,CAAC;IAEpC;;;;OAIG;IACH,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,aAAa,CAAC;CAC1D"}