@dupecom/botcha 0.13.1 → 0.15.0

package/README.md

@@ -36,7 +36,8 @@ Use cases:
 - 📧 Email verification, account recovery, and secret rotation
 - 🤖 Agent-first dashboard auth (challenge-based login + device code handoff)
 - 🆔 Persistent agent identities with registry
-- 🔏 Trusted Agent Protocol (TAP) — cryptographic agent auth with HTTP Message Signatures
+- 🔏 Trusted Agent Protocol (TAP) — cryptographic agent auth with HTTP Message Signatures (SDK: `registerTAPAgent`, `createTAPSession`)
+- 🌐 TAP showcase homepage at [botcha.ai](https://botcha.ai) — one of the first services to implement [Visa's Trusted Agent Protocol](https://github.com/visa/trusted-agent-protocol)
 
 ## Install
 
@@ -416,6 +417,51 @@ curl -X POST https://botcha.ai/v1/sessions/tap \
 | `POST /v1/sessions/tap` | Create TAP session with intent validation |
 | `GET /v1/sessions/:id/tap` | Get TAP session info |
 
+### TAP SDK Methods
+
+**TypeScript:**
+
+```typescript
+import { BotchaClient } from '@dupecom/botcha/client';
+
+const client = new BotchaClient({ appId: 'app_abc123' });
+
+// Register a TAP agent
+const agent = await client.registerTAPAgent({
+  name: 'my-agent',
+  operator: 'Acme Corp',
+  capabilities: [{ action: 'browse', scope: ['products'] }],
+  trust_level: 'verified',
+});
+
+// Create a TAP session
+const session = await client.createTAPSession({
+  agent_id: agent.agent_id,
+  user_context: 'user-hash',
+  intent: { action: 'browse', resource: 'products', duration: 3600 },
+});
+```
+
+**Python:**
+
+```python
+from botcha import BotchaClient
+
+async with BotchaClient(app_id="app_abc123") as client:
+    agent = await client.register_tap_agent(
+        name="my-agent",
+        operator="Acme Corp",
+        capabilities=[{"action": "browse", "scope": ["products"]}],
+        trust_level="verified",
+    )
+
+    session = await client.create_tap_session(
+        agent_id=agent.agent_id,
+        user_context="user-hash",
+        intent={"action": "browse", "resource": "products", "duration": 3600},
+    )
+```
+
 ### Express Middleware (Verification Modes)
 
 ```typescript
@@ -510,7 +556,7 @@ BOTCHA is designed to be auto-discoverable by AI agents through multiple standar
 All responses include these headers for agent discovery:
 
 ```http
-X-Botcha-Version: 0.12.0
+X-Botcha-Version: 0.15.0
 X-Botcha-Enabled: true
 X-Botcha-Methods: hybrid-challenge,speed-challenge,reasoning-challenge,standard-challenge
 X-Botcha-Docs: https://botcha.ai/openapi.json

package/dist/lib/client/index.d.ts

@@ -1,5 +1,5 @@
-export type { SpeedProblem, BotchaClientOptions, ChallengeResponse, StandardChallengeResponse, VerifyResponse, TokenResponse, StreamSession, StreamEvent, Problem, VerifyResult, StreamChallengeOptions, CreateAppResponse, VerifyEmailResponse, ResendVerificationResponse, RecoverAccountResponse, RotateSecretResponse, } from './types.js';
-import type { BotchaClientOptions, VerifyResponse, CreateAppResponse, VerifyEmailResponse, ResendVerificationResponse, RecoverAccountResponse, RotateSecretResponse } from './types.js';
+export type { SpeedProblem, BotchaClientOptions, ChallengeResponse, StandardChallengeResponse, VerifyResponse, TokenResponse, StreamSession, StreamEvent, Problem, VerifyResult, StreamChallengeOptions, CreateAppResponse, VerifyEmailResponse, ResendVerificationResponse, RecoverAccountResponse, RotateSecretResponse, TAPAction, TAPTrustLevel, TAPSignatureAlgorithm, TAPCapability, TAPIntent, RegisterTAPAgentOptions, TAPAgentResponse, TAPAgentListResponse, CreateTAPSessionOptions, TAPSessionResponse, } from './types.js';
+import type { BotchaClientOptions, VerifyResponse, CreateAppResponse, VerifyEmailResponse, ResendVerificationResponse, RecoverAccountResponse, RotateSecretResponse, RegisterTAPAgentOptions, TAPAgentResponse, TAPAgentListResponse, CreateTAPSessionOptions, TAPSessionResponse } from './types.js';
 export { BotchaStreamClient } from './stream.js';
 /**
  * BOTCHA Client SDK for AI Agents
@@ -154,6 +154,68 @@ export declare class BotchaClient {
      * ```
      */
     rotateSecret(appId?: string): Promise<RotateSecretResponse>;
+    /**
+     * Register an agent with TAP (Trusted Agent Protocol) capabilities.
+     * Enables cryptographic agent authentication with optional public key signing.
+     *
+     * @param options - Registration options including name, public key, capabilities
+     * @returns TAP agent details including agent_id
+     * @throws Error if registration fails
+     *
+     * @example
+     * ```typescript
+     * const agent = await client.registerTAPAgent({
+     *   name: 'my-shopping-agent',
+     *   operator: 'acme-corp',
+     *   capabilities: [{ action: 'browse', scope: ['products'] }],
+     *   trust_level: 'verified',
+     * });
+     * console.log(agent.agent_id);
+     * ```
+     */
+    registerTAPAgent(options: RegisterTAPAgentOptions): Promise<TAPAgentResponse>;
+    /**
+     * Get a TAP agent by ID.
+     *
+     * @param agentId - The agent ID to retrieve
+     * @returns TAP agent details
+     * @throws Error if agent not found
+     */
+    getTAPAgent(agentId: string): Promise<TAPAgentResponse>;
+    /**
+     * List TAP agents for the current app.
+     *
+     * @param tapOnly - If true, only return TAP-enabled agents (default: false)
+     * @returns List of TAP agents with counts
+     * @throws Error if listing fails
+     */
+    listTAPAgents(tapOnly?: boolean): Promise<TAPAgentListResponse>;
+    /**
+     * Create a TAP session after agent verification.
+     *
+     * @param options - Session options including agent_id, user_context, and intent
+     * @returns TAP session details including session_id and expiry
+     * @throws Error if session creation fails
+     *
+     * @example
+     * ```typescript
+     * const session = await client.createTAPSession({
+     *   agent_id: 'agent_abc123',
+     *   user_context: 'user-hash',
+     *   intent: { action: 'browse', resource: 'products', duration: 3600 },
+     * });
+     * console.log(session.session_id, session.expires_at);
+     * ```
+     */
+    createTAPSession(options: CreateTAPSessionOptions): Promise<TAPSessionResponse>;
+    /**
+     * Get a TAP session by ID.
+     *
+     * @param sessionId - The session ID to retrieve
+     * @returns TAP session details including time_remaining
+     * @throws Error if session not found or expired
+     */
+    getTAPSession(sessionId: string): Promise<TAPSessionResponse>;
 }
 /**
  * Convenience function for one-off solves

package/dist/lib/client/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/client/index.ts"],"names":[],"mappings":"AAMA,YAAY,EACV,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,yBAAyB,EACzB,cAAc,EACd,aAAa,EACb,aAAa,EACb,WAAW,EACX,OAAO,EACP,YAAY,EACZ,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,0BAA0B,EAC1B,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAEV,mBAAmB,EAGnB,cAAc,EAEd,iBAAiB,EACjB,mBAAmB,EACnB,0BAA0B,EAC1B,sBAAsB,EACtB,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD;;;;;;;;;;;;;;GAcG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,SAAS,CAAU;IAC3B,OAAO,CAAC,KAAK,CAAC,CAAS;IACvB,OAAO,CAAC,IAAI,CAAsB;IAClC,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,cAAc,CAAuB;gBAEjC,OAAO,GAAE,mBAAwB;IAS7C;;;;;OAKG;IACH,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;IAMnC;;;;;;;OAOG;IACG,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC;IA2FjC;;;;;;OAMG;IACG,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAkCrC;;OAEG;IACH,UAAU,IAAI,IAAI;IAMlB;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IA+BlE;;OAEG;IACG,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAsBpE;;;;;;;;;OASG;IACG,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IA2F/D;;;;;;;;OAQG;IACG,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAoBtD;;;;;;;;;;;;;;;;OAgBG;IACG,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IA2B1D;;;;;;;;;;;;;OAaG;IACG,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAyB7E;;;;;;OAMG;IACG,kBAAkB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAwB7E;;;;;;;;;OASG;IACG,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAoBpE;;;;;;;;;;;;;OAaG;IACG,YAAY,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;CA+BlE;AAED;;;;;;;;GAQG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAIxD;AAED,eAAe,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/client/index.ts"],"names":[],"mappings":"AAMA,YAAY,EACV,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,yBAAyB,EACzB,cAAc,EACd,aAAa,EACb,aAAa,EACb,WAAW,EACX,OAAO,EACP,YAAY,EACZ,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,0BAA0B,EAC1B,sBAAsB,EACtB,oBAAoB,EACpB,SAAS,EACT,aAAa,EACb,qBAAqB,EACrB,aAAa,EACb,SAAS,EACT,uBAAuB,EACvB,gBAAgB,EAChB,oBAAoB,EACpB,uBAAuB,EACvB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAEV,mBAAmB,EAGnB,cAAc,EAEd,iBAAiB,EACjB,mBAAmB,EACnB,0BAA0B,EAC1B,sBAAsB,EACtB,oBAAoB,EACpB,uBAAuB,EACvB,gBAAgB,EAChB,oBAAoB,EACpB,uBAAuB,EACvB,kBAAkB,EACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD;;;;;;;;;;;;;;GAcG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,SAAS,CAAU;IAC3B,OAAO,CAAC,KAAK,CAAC,CAAS;IACvB,OAAO,CAAC,IAAI,CAAsB;IAClC,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,cAAc,CAAuB;gBAEjC,OAAO,GAAE,mBAAwB;IAS7C;;;;;OAKG;IACH,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;IAMnC;;;;;;;OAOG;IACG,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC;IA2FjC;;;;;;OAMG;IACG,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAkCrC;;OAEG;IACH,UAAU,IAAI,IAAI;IAMlB;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IA+BlE;;OAEG;IACG,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAsBpE;;;;;;;;;OASG;IACG,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IA2F/D;;;;;;;;OAQG;IACG,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAoBtD;;;;;;;;;;;;;;;;OAgBG;IACG,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IA2B1D;;;;;;;;;;;;;OAaG;IACG,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAyB7E;;;;;;OAMG;IACG,kBAAkB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAwB7E;;;;;;;;;OASG;IACG,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAoBpE;;;;;;;;;;;;;OAaG;IACG,YAAY,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAkCjE;;;;;;;;;;;;;;;;;;OAkBG;IACG,gBAAgB,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IA8BnF;;;;;;OAMG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAe7D;;;;;;OAMG;IACG,aAAa,CAAC,OAAO,GAAE,OAAe,GAAG,OAAO,CAAC,oBAAoB,CAAC;IA6B5E;;;;;;;;;;;;;;;;OAgBG;IACG,gBAAgB,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAoBrF;;;;;;OAMG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAcpE;AAED;;;;;;;;GAQG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAIxD;AAED,eAAe,YAAY,CAAC"}

package/dist/lib/client/index.js

@@ -1,6 +1,6 @@
 import crypto from 'crypto';
 // SDK version - hardcoded since npm_package_version is unreliable when used as a library
-const SDK_VERSION = '0.11.0';
+const SDK_VERSION = '0.13.1';
 // Export stream client
 export { BotchaStreamClient } from './stream.js';
 /**
@@ -494,6 +494,141 @@ export class BotchaClient {
         }
         return await res.json();
     }
+    // ============ TAP (TRUSTED AGENT PROTOCOL) ============
+    /**
+     * Register an agent with TAP (Trusted Agent Protocol) capabilities.
+     * Enables cryptographic agent authentication with optional public key signing.
+     *
+     * @param options - Registration options including name, public key, capabilities
+     * @returns TAP agent details including agent_id
+     * @throws Error if registration fails
+     *
+     * @example
+     * ```typescript
+     * const agent = await client.registerTAPAgent({
+     *   name: 'my-shopping-agent',
+     *   operator: 'acme-corp',
+     *   capabilities: [{ action: 'browse', scope: ['products'] }],
+     *   trust_level: 'verified',
+     * });
+     * console.log(agent.agent_id);
+     * ```
+     */
+    async registerTAPAgent(options) {
+        const url = this.appId
+            ? `${this.baseUrl}/v1/agents/register/tap?app_id=${encodeURIComponent(this.appId)}`
+            : `${this.baseUrl}/v1/agents/register/tap`;
+        const headers = {
+            'Content-Type': 'application/json',
+            'User-Agent': this.agentIdentity,
+        };
+        if (this.cachedToken) {
+            headers['Authorization'] = `Bearer ${this.cachedToken}`;
+        }
+        const res = await fetch(url, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify(options),
+        });
+        if (!res.ok) {
+            const body = await res.json().catch(() => ({}));
+            throw new Error(body.message || `TAP agent registration failed with status ${res.status}`);
+        }
+        return await res.json();
+    }
+    /**
+     * Get a TAP agent by ID.
+     *
+     * @param agentId - The agent ID to retrieve
+     * @returns TAP agent details
+     * @throws Error if agent not found
+     */
+    async getTAPAgent(agentId) {
+        const res = await fetch(`${this.baseUrl}/v1/agents/${encodeURIComponent(agentId)}/tap`, {
+            headers: { 'User-Agent': this.agentIdentity },
+        });
+        if (!res.ok) {
+            const body = await res.json().catch(() => ({}));
+            throw new Error(body.message || `TAP agent retrieval failed with status ${res.status}`);
+        }
+        return await res.json();
+    }
+    /**
+     * List TAP agents for the current app.
+     *
+     * @param tapOnly - If true, only return TAP-enabled agents (default: false)
+     * @returns List of TAP agents with counts
+     * @throws Error if listing fails
+     */
+    async listTAPAgents(tapOnly = false) {
+        let url = this.appId
+            ? `${this.baseUrl}/v1/agents/tap?app_id=${encodeURIComponent(this.appId)}`
+            : `${this.baseUrl}/v1/agents/tap`;
+        if (tapOnly) {
+            url += url.includes('?') ? '&tap_only=true' : '?tap_only=true';
+        }
+        const headers = {
+            'User-Agent': this.agentIdentity,
+        };
+        if (this.cachedToken) {
+            headers['Authorization'] = `Bearer ${this.cachedToken}`;
+        }
+        const res = await fetch(url, { headers });
+        if (!res.ok) {
+            const body = await res.json().catch(() => ({}));
+            throw new Error(body.message || `TAP agent listing failed with status ${res.status}`);
+        }
+        return await res.json();
+    }
+    /**
+     * Create a TAP session after agent verification.
+     *
+     * @param options - Session options including agent_id, user_context, and intent
+     * @returns TAP session details including session_id and expiry
+     * @throws Error if session creation fails
+     *
+     * @example
+     * ```typescript
+     * const session = await client.createTAPSession({
+     *   agent_id: 'agent_abc123',
+     *   user_context: 'user-hash',
+     *   intent: { action: 'browse', resource: 'products', duration: 3600 },
+     * });
+     * console.log(session.session_id, session.expires_at);
+     * ```
+     */
+    async createTAPSession(options) {
+        const res = await fetch(`${this.baseUrl}/v1/sessions/tap`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'User-Agent': this.agentIdentity,
+            },
+            body: JSON.stringify(options),
+        });
+        if (!res.ok) {
+            const body = await res.json().catch(() => ({}));
+            throw new Error(body.message || `TAP session creation failed with status ${res.status}`);
+        }
+        return await res.json();
+    }
+    /**
+     * Get a TAP session by ID.
+     *
+     * @param sessionId - The session ID to retrieve
+     * @returns TAP session details including time_remaining
+     * @throws Error if session not found or expired
+     */
+    async getTAPSession(sessionId) {
+        const res = await fetch(`${this.baseUrl}/v1/sessions/${encodeURIComponent(sessionId)}/tap`, {
+            headers: { 'User-Agent': this.agentIdentity },
+        });
+        if (!res.ok) {
+            const body = await res.json().catch(() => ({}));
+            throw new Error(body.message || `TAP session retrieval failed with status ${res.status}`);
+        }
+        return await res.json();
+    }
 }
 /**
  * Convenience function for one-off solves

package/dist/lib/client/types.d.ts

@@ -131,4 +131,72 @@ export interface RotateSecretResponse {
     error?: string;
     message?: string;
 }
+export type TAPAction = 'browse' | 'compare' | 'purchase' | 'audit' | 'search';
+export type TAPTrustLevel = 'basic' | 'verified' | 'enterprise';
+export type TAPSignatureAlgorithm = 'ecdsa-p256-sha256' | 'rsa-pss-sha256';
+export interface TAPCapability {
+    action: TAPAction;
+    scope?: string[];
+    restrictions?: {
+        max_amount?: number;
+        rate_limit?: number;
+        [key: string]: any;
+    };
+}
+export interface TAPIntent {
+    action: TAPAction;
+    resource?: string;
+    scope?: string[];
+    duration?: number;
+}
+export interface RegisterTAPAgentOptions {
+    name: string;
+    operator?: string;
+    version?: string;
+    public_key?: string;
+    signature_algorithm?: TAPSignatureAlgorithm;
+    capabilities?: TAPCapability[];
+    trust_level?: TAPTrustLevel;
+    issuer?: string;
+}
+export interface TAPAgentResponse {
+    success: boolean;
+    agent_id: string;
+    app_id: string;
+    name: string;
+    operator?: string;
+    version?: string;
+    created_at: string;
+    tap_enabled: boolean;
+    trust_level?: TAPTrustLevel;
+    capabilities?: TAPCapability[];
+    signature_algorithm?: TAPSignatureAlgorithm;
+    issuer?: string;
+    has_public_key: boolean;
+    key_fingerprint?: string;
+    last_verified_at?: string | null;
+    public_key?: string;
+}
+export interface TAPAgentListResponse {
+    success: boolean;
+    agents: TAPAgentResponse[];
+    count: number;
+    tap_enabled_count: number;
+}
+export interface CreateTAPSessionOptions {
+    agent_id: string;
+    user_context: string;
+    intent: TAPIntent;
+}
+export interface TAPSessionResponse {
+    success: boolean;
+    session_id: string;
+    agent_id: string;
+    app_id?: string;
+    capabilities?: TAPCapability[];
+    intent: TAPIntent;
+    created_at?: string;
+    expires_at: string;
+    time_remaining?: number;
+}
 //# sourceMappingURL=types.d.ts.map

package/dist/lib/client/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../lib/client/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAExE,MAAM,WAAW,mBAAmB;IAClC,8DAA8D;IAC9D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wEAAwE;IACxE,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6CAA6C;IAC7C,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,YAAY,EAAE,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,YAAY,EAAE,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AAEH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW,GAAG,QAAQ,GAAG,OAAO,CAAC;IAClE,IAAI,EAAE,GAAG,CAAC;CACX;AAED,MAAM,WAAW,OAAO;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,sBAAsB;IACrC,wCAAwC;IACxC,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IAC1C,0DAA0D;IAC1D,WAAW,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC;IACpE,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,YAAY,KAAK,IAAI,CAAC;IAC1C,8EAA8E;IAC9E,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,OAAO,CAAC;IACxB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,0BAA0B;IACzC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../lib/client/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAExE,MAAM,WAAW,mBAAmB;IAClC,8DAA8D;IAC9D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wEAAwE;IACxE,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6CAA6C;IAC7C,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,YAAY,EAAE,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,YAAY,EAAE,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AAEH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,OAAO,GAAG,aAAa,GAAG,WAAW,GAAG,QAAQ,GAAG,OAAO,CAAC;IAClE,IAAI,EAAE,GAAG,CAAC;CACX;AAED,MAAM,WAAW,OAAO;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,sBAAsB;IACrC,wCAAwC;IACxC,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IAC1C,0DAA0D;IAC1D,WAAW,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC;IACpE,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,YAAY,KAAK,IAAI,CAAC;IAC1C,8EAA8E;IAC9E,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,OAAO,CAAC;IACxB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,0BAA0B;IACzC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID,MAAM,MAAM,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,OAAO,GAAG,QAAQ,CAAC;AAC/E,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,UAAU,GAAG,YAAY,CAAC;AAChE,MAAM,MAAM,qBAAqB,GAAG,mBAAmB,GAAG,gBAAgB,CAAC;AAE3E,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,SAAS,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,CAAC,EAAE;QACb,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KACpB,CAAC;CACH;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,SAAS,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,qBAAqB,CAAC;IAC5C,YAAY,CAAC,EAAE,aAAa,EAAE,CAAC;IAC/B,WAAW,CAAC,EAAE,aAAa,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,EAAE,aAAa,CAAC;IAC5B,YAAY,CAAC,EAAE,aAAa,EAAE,CAAC;IAC/B,mBAAmB,CAAC,EAAE,qBAAqB,CAAC;IAC5C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,aAAa,EAAE,CAAC;IAC/B,MAAM,EAAE,SAAS,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB"}

package/dist/lib/index.js

@@ -114,3 +114,5 @@ export function solve(problems) {
 // ============ EXPORTS ============
 export const botcha = { verify, solve };
 export default botcha;
+// TAP Enhanced Middleware available via:
+// import { tapEnhancedVerify, createTAPVerifyMiddleware, tapVerifyModes } from '@dupecom/botcha/middleware'

package/dist/src/challenges/compute.d.ts

@@ -0,0 +1,19 @@
+export declare function generateChallenge(difficulty?: 'easy' | 'medium' | 'hard'): {
+    id: string;
+    puzzle: string;
+    timeLimit: number;
+    hint: string;
+};
+export declare function verifyChallenge(id: string, answer: string): {
+    valid: boolean;
+    reason?: string;
+    timeMs?: number;
+};
+export declare function generatePrimes(count: number): number[];
+export declare function isPrime(n: number): boolean;
+declare const _default: {
+    generateChallenge: typeof generateChallenge;
+    verifyChallenge: typeof verifyChallenge;
+};
+export default _default;
+//# sourceMappingURL=compute.d.ts.map

package/dist/src/challenges/compute.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compute.d.ts","sourceRoot":"","sources":["../../../src/challenges/compute.ts"],"names":[],"mappings":"AAuBA,wBAAgB,iBAAiB,CAAC,UAAU,GAAE,MAAM,GAAG,QAAQ,GAAG,MAAiB,GAAG;IACpF,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd,CAmCA;AAED,wBAAgB,eAAe,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG;IAC3D,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CA0BA;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAYtD;AAED,wBAAgB,OAAO,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAU1C;;;;;AAED,wBAAsD"}

package/dist/src/challenges/compute.js

@@ -0,0 +1,88 @@
+import crypto from 'crypto';
+// In-memory challenge store (use Redis in production)
+const challenges = new Map();
+// Clean up expired challenges periodically
+setInterval(() => {
+    const now = Date.now();
+    for (const [id, challenge] of challenges) {
+        if (challenge.expiresAt < now) {
+            challenges.delete(id);
+        }
+    }
+}, 60000);
+export function generateChallenge(difficulty = 'medium') {
+    const id = crypto.randomUUID();
+    // Different difficulty levels
+    const config = {
+        easy: { primes: 100, timeLimit: 10000 },
+        medium: { primes: 500, timeLimit: 5000 },
+        hard: { primes: 1000, timeLimit: 3000 },
+    }[difficulty];
+    // Random salt makes each challenge unique — precomputed lookup tables won't work
+    const salt = crypto.randomUUID().replace(/-/g, '').substring(0, 16);
+    // Generate first N primes, concatenate with salt, hash
+    const primes = generatePrimes(config.primes);
+    const concatenated = primes.join('') + salt;
+    const hash = crypto.createHash('sha256').update(concatenated).digest('hex');
+    const answer = hash.substring(0, 16); // First 16 chars
+    const challenge = {
+        id,
+        puzzle: `Compute SHA256 of the first ${config.primes} prime numbers concatenated (no separators) followed by the salt "${salt}". Return the first 16 hex characters.`,
+        expectedAnswer: answer,
+        expiresAt: Date.now() + config.timeLimit + 1000, // Small grace period
+        difficulty,
+    };
+    challenges.set(id, challenge);
+    return {
+        id,
+        puzzle: challenge.puzzle,
+        timeLimit: config.timeLimit,
+        hint: `Example: First 5 primes + salt = "235711${salt}" → SHA256 → first 16 chars`,
+    };
+}
+export function verifyChallenge(id, answer) {
+    const challenge = challenges.get(id);
+    if (!challenge) {
+        return { valid: false, reason: 'Challenge not found or expired' };
+    }
+    const now = Date.now();
+    if (now > challenge.expiresAt) {
+        challenges.delete(id);
+        return { valid: false, reason: 'Challenge expired - too slow!' };
+    }
+    const isValid = answer.toLowerCase() === challenge.expectedAnswer.toLowerCase();
+    // Clean up used challenge
+    challenges.delete(id);
+    if (!isValid) {
+        return { valid: false, reason: 'Incorrect answer' };
+    }
+    return {
+        valid: true,
+        timeMs: challenge.expiresAt - now - 1000, // Approximate solve time
+    };
+}
+export function generatePrimes(count) {
+    const primes = [];
+    let num = 2;
+    while (primes.length < count) {
+        if (isPrime(num)) {
+            primes.push(num);
+        }
+        num++;
+    }
+    return primes;
+}
+export function isPrime(n) {
+    if (n < 2)
+        return false;
+    if (n === 2)
+        return true;
+    if (n % 2 === 0)
+        return false;
+    for (let i = 3; i <= Math.sqrt(n); i += 2) {
+        if (n % i === 0)
+            return false;
+    }
+    return true;
+}
+export default { generateChallenge, verifyChallenge };

package/dist/src/challenges/hybrid.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Generate a hybrid challenge: speed + reasoning combined
+ * Must solve SHA256 problems in <500ms AND answer reasoning questions
+ */
+export declare function generateHybridChallenge(): {
+    id: string;
+    speed: {
+        problems: {
+            num: number;
+            operation: string;
+        }[];
+        timeLimit: number;
+    };
+    reasoning: {
+        questions: {
+            id: string;
+            question: string;
+            category: string;
+        }[];
+        timeLimit: number;
+    };
+    instructions: string;
+};
+export declare function verifyHybridChallenge(id: string, speedAnswers: string[], reasoningAnswers: Record<string, string>): {
+    valid: boolean;
+    reason?: string;
+    speed: {
+        passed: boolean;
+        solveTimeMs?: number;
+        reason?: string;
+    };
+    reasoning: {
+        passed: boolean;
+        score?: string;
+        solveTimeMs?: number;
+        reason?: string;
+    };
+    totalTimeMs?: number;
+};
+declare const _default: {
+    generateHybridChallenge: typeof generateHybridChallenge;
+    verifyHybridChallenge: typeof verifyHybridChallenge;
+};
+export default _default;
+//# sourceMappingURL=hybrid.d.ts.map

package/dist/src/challenges/hybrid.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hybrid.d.ts","sourceRoot":"","sources":["../../../src/challenges/hybrid.ts"],"names":[],"mappings":"AAsBA;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI;IACzC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE;QACL,QAAQ,EAAE;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QAC/C,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,SAAS,EAAE;QACT,SAAS,EAAE;YAAE,EAAE,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAA;SAAE,EAAE,CAAC;QAChE,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,YAAY,EAAE,MAAM,CAAC;CACtB,CA4BA;AAED,wBAAgB,qBAAqB,CACnC,EAAE,EAAE,MAAM,EACV,YAAY,EAAE,MAAM,EAAE,EACtB,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACvC;IACD,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAClE,SAAS,EAAE;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACtF,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CA2DA;;;;;AAED,wBAAkE"}

package/dist/src/challenges/hybrid.js

@@ -0,0 +1,94 @@
+import crypto from 'crypto';
+import { generateSpeedChallenge, verifySpeedChallenge } from './speed.js';
+import { generateReasoningChallenge, verifyReasoningChallenge } from './reasoning.js';
+const hybridChallenges = new Map();
+// Cleanup expired
+setInterval(() => {
+    const now = Date.now();
+    for (const [id, c] of hybridChallenges) {
+        if (c.expiresAt < now)
+            hybridChallenges.delete(id);
+    }
+}, 60000);
+/**
+ * Generate a hybrid challenge: speed + reasoning combined
+ * Must solve SHA256 problems in <500ms AND answer reasoning questions
+ */
+export function generateHybridChallenge() {
+    const id = crypto.randomUUID();
+    // Generate both sub-challenges
+    const speedChallenge = generateSpeedChallenge();
+    const reasoningChallenge = generateReasoningChallenge();
+    // Store the mapping
+    hybridChallenges.set(id, {
+        id,
+        speedChallengeId: speedChallenge.id,
+        reasoningChallengeId: reasoningChallenge.id,
+        issuedAt: Date.now(),
+        expiresAt: Date.now() + 35000, // 35 seconds total (500ms for speed + 30s for reasoning + buffer)
+    });
+    return {
+        id,
+        speed: {
+            problems: speedChallenge.challenges,
+            timeLimit: speedChallenge.timeLimit,
+        },
+        reasoning: {
+            questions: reasoningChallenge.questions,
+            timeLimit: reasoningChallenge.timeLimit,
+        },
+        instructions: 'Solve ALL speed problems (SHA256) in <500ms AND answer ALL reasoning questions. Submit both together.',
+    };
+}
+export function verifyHybridChallenge(id, speedAnswers, reasoningAnswers) {
+    const hybrid = hybridChallenges.get(id);
+    if (!hybrid) {
+        return {
+            valid: false,
+            reason: 'Hybrid challenge not found or expired',
+            speed: { passed: false, reason: 'Challenge not found' },
+            reasoning: { passed: false, reason: 'Challenge not found' },
+        };
+    }
+    const now = Date.now();
+    const totalTimeMs = now - hybrid.issuedAt;
+    // Don't delete yet - we need to verify both parts
+    if (now > hybrid.expiresAt) {
+        hybridChallenges.delete(id);
+        return {
+            valid: false,
+            reason: 'Hybrid challenge expired',
+            speed: { passed: false, reason: 'Expired' },
+            reasoning: { passed: false, reason: 'Expired' },
+            totalTimeMs,
+        };
+    }
+    // Verify speed challenge
+    const speedResult = verifySpeedChallenge(hybrid.speedChallengeId, speedAnswers);
+    // Verify reasoning challenge
+    const reasoningResult = verifyReasoningChallenge(hybrid.reasoningChallengeId, reasoningAnswers);
+    // Clean up
+    hybridChallenges.delete(id);
+    const speedPassed = speedResult.valid;
+    const reasoningPassed = reasoningResult.valid;
+    const bothPassed = speedPassed && reasoningPassed;
+    return {
+        valid: bothPassed,
+        reason: bothPassed
+            ? undefined
+            : `Failed: ${!speedPassed ? 'speed' : ''}${!speedPassed && !reasoningPassed ? ' + ' : ''}${!reasoningPassed ? 'reasoning' : ''}`,
+        speed: {
+            passed: speedPassed,
+            solveTimeMs: speedResult.solveTimeMs,
+            reason: speedResult.reason,
+        },
+        reasoning: {
+            passed: reasoningPassed,
+            score: reasoningResult.valid ? `${reasoningResult.correctCount}/${reasoningResult.totalCount}` : undefined,
+            solveTimeMs: reasoningResult.solveTimeMs,
+            reason: reasoningResult.reason,
+        },
+        totalTimeMs,
+    };
+}
+export default { generateHybridChallenge, verifyHybridChallenge };