@f-o-t/e-signature 1.4.1 → 1.6.0

package/CHANGELOG.md

@@ -0,0 +1,260 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.6.0] - 2026-03-05
+
+### Added
+
+- Web Worker signing via `signPdfInWorker()` — runs signing off the main thread to prevent browser freezes (`plugins/worker` + `plugins/worker-entry`)
+
+## [1.5.0] - 2026-03-04
+
+### Fixed
+- Signature appearance "Signatário" text now renders correctly instead of garbled "Signat`jrio" — fixed by WinAnsiEncoding support in `@f-o-t/pdf`
+- Auto-appearance width increased from 350pt to 420pt to prevent text clipping
+
+### Changed
+- Signing no longer parses the P12 certificate twice — uses `parseCertificateFromDer` to build display info from the already-extracted DER bytes, eliminating ~90ms of redundant PBKDF2 key derivation
+- Bump `@f-o-t/pdf` dependency to `^0.4.1` (100x faster `loadPdf` via object position indexing)
+- Bump `@f-o-t/digital-certificate` dependency to `^2.3.1`
+- Full auto-sign on a 100-page 571KB PDF: **732ms → 173ms** (4.2x faster)
+
+## [1.4.1] - 2026-03-04
+
+### Fixed
+- Reduced signature appearance font sizes (header 12→9pt, body 10→7.5pt, link 8→6pt) and QR code max size (100→80pt) to prevent text overflow in the stamp box
+- Signature position detection now only scans the last 3 pages instead of every page, fixing browser freezes on large multi-page PDFs
+
+## [1.4.0] - 2026-03-04
+
+### Changed
+- `appearance: "auto"` now places a signature stamp on every page of the PDF (previously only placed on one page)
+- Bump `@f-o-t/pdf` dependency to `^0.4.0`
+
+## [1.3.1] - 2026-03-04
+
+### Fixed
+- `buildSignaturePolicy()` now uses `AbortSignal.timeout(10000)` when fetching the ICP-Brasil policy DER file — previously the fetch had no timeout, causing `signPdf` to hang indefinitely when the policy server was unreachable or blocked by browser mixed-content security (HTTP from HTTPS page)
+
+## [1.3.0] - 2026-03-04
+
+### Added
+- `detectSigningPosition()` function for automatic signature placement using weighted text search
+- `appearance: "auto"` option in `signPdf()` for auto-detected positioning
+- `DetectedPosition` and `DetectPositionOptions` types
+
+### Changed
+- Visual signature appearance redesigned with bordered box, green ICP-Brasil header, and structured fields (Signatário, Empresa, CNPJ/CPF, Data, Certificado)
+- QR code now points to `https://validar.iti.gov.br`
+- Reference link "validar.iti.gov.br" displayed below signature box
+
+## [1.2.18] - 2026-02-20
+
+### Changed
+- Bump `@f-o-t/qrcode` dependency to `^1.0.2` to pick up browser-compatible PNG compression (`fflate` `zlibSync` replacing `node:zlib` `deflateSync`) — QR code generation now works in browser environments without a `zlib` polyfill
+
+## [1.2.17] - 2026-02-19
+
+### Changed
+- `signPdf` now `await`s `parsePkcs12` after it was made async in `@f-o-t/crypto` — no behaviour change for consumers, but PKCS#12 decryption now uses SubtleCrypto PBKDF2 natively when available, preventing main-thread blocking on PBES2-encrypted PFX files
+- `useSignPdf` (React plugin) calls `signPdf` directly instead of spawning a `Worker` — removes the brittle `.ts` worker URL that broke in consumer bundles; the hook still exposes the same async API so UI stays responsive
+
+## [1.2.16] - 2026-02-19
+
+### Changed
+
+- `useSignPdf` now offloads all signing work (PKCS#12 parsing, RSA crypto, ICP-Brasil policy fetch, RFC 3161 TSA timestamp) to a dedicated Web Worker — the main thread stays fully responsive during signing, eliminating the browser freeze that occurred with large PDFs or slow TSA servers
+- TSA timestamp fetch is preserved inside the worker, so ICP-Brasil signatures remain fully valid
+- Bump `@f-o-t/cli` devDependency to `^1.0.6` to pick up automatic worker file compilation and plugin declaration generation — `dist/plugins/react/` now ships `sign-pdf.worker.js`, `index.d.ts`, and `sign-pdf.worker.d.ts`
+
+## [1.2.15] - 2026-02-19
+
+### Changed
+
+- Bump `@f-o-t/cli` devDependency to `^1.0.5` to pick up the `module` condition fix in `syncPackageJsonExports` — `fot build` now correctly writes `module` alongside `import` and `default` in the generated exports, ensuring Vite/rolldown can resolve entry points without a manual `node_modules` patch
+
+## [1.2.14] - 2026-02-19
+
+### Changed
+
+- Bump `@f-o-t/config` devDependency to `^1.0.5` to pick up the `module` condition fix in the package-json generator
+
+## [1.2.13] - 2026-02-19
+
+### Fixed
+
+- Add `module` condition to `package.json` exports (both `.` and `./plugins/react`) so Vite/rolldown resolving under conditions `["module", "browser", "development", "import"]` can locate the ESM entry points — the `module` condition was absent, causing a "not exported under the conditions" build error when the app was started with a newer Vite version
+
+## [1.2.12] - 2026-02-19
+
+### Fixed
+
+- Add `import` condition to `package.json` exports (both `.` and `./plugins/react`) so Vite and other bundlers resolving under conditions `["module", "browser", "import"]` can locate the ESM entry points — previously only `default` was present, causing a "not exported under the conditions" error when importing `@f-o-t/e-signature/plugins/react`
+
+## [1.2.11] - 2026-02-19
+
+### Fixed
+
+- Added `"./plugins/react"` to the `exports` field in `package.json`; the entry was missing from the published manifest because `fot build` did not previously sync `exports` from `fot.config.ts` — Vite/Rolldown (and any bundler respecting the `exports` map) would reject the import with *"not exported under the conditions [module, browser, …]"*
+
+## [1.2.10] - 2026-02-19
+
+### Fixed
+- Corrected TypeScript errors in `react.test.tsx`: cast `mockSignPdf.mock.calls[0]` to `[Uint8Array, unknown]` to match the two-argument mock signature; added explicit cast on `thrown` to `Error | null` to resolve incorrect `never` narrowing; typed `firstPromise` as `Promise<Uint8Array<ArrayBufferLike>>` and cast at the `mockImplementationOnce` call site to satisfy the `ArrayBuffer` vs `ArrayBufferLike` assignability constraint
+
+## [1.2.9] - 2026-02-19
+
+### Changed
+- Updated `@f-o-t/digital-certificate` dependency to `^2.3.0` to pick up browser-compatible `parseCertificate` (`Uint8Array` parameter) and cross-platform base64 helpers
+
+### Fixed
+- `signPdf` no longer wraps `opts.certificate.p12` in `Buffer.from()` before passing it to `parseCertificate`; the `Uint8Array` is passed directly, removing the last Node-only `Buffer` usage in the signing path — `signPdf` now runs in browser environments without polyfills
+
+## [1.2.8] - 2026-02-19
+
+### Changed
+- Updated `@f-o-t/crypto` dependency to `^1.2.0` and `@f-o-t/digital-certificate` to `^2.2.2` to pick up pure-TS PBKDF2/HMAC optimizations (~8× faster PBKDF2-SHA256, ~3× faster `parsePkcs12`); `signPdf` is now viable on the client side (browser/Edge Runtime) without OpenSSL
+
+## [1.2.7] - 2026-02-18
+
+### Fixed
+- `signPdf` now passes `appearancePage` to `saveWithPlaceholder` so the PDF widget annotation is placed on the same page as the visual signature; previously the annotation always landed on page 0 regardless of where the appearance was drawn, causing PDF readers to navigate to the wrong page when clicking the signature field
+- Signature placeholder size is now computed dynamically from the actual certificate chain byte length (`certChainBytes * 2 + 8 KB base + 4 KB for TSA`) instead of a fixed 16 KB, preventing "signature too large" failures for certificate chains with 5+ certificates or large RSA keys; the floor remains 16 KB for small chains
+- `parsePkcs12` is now called only once (step 1) and the result reused throughout `signPdf`; the previous code parsed the same PKCS#12 twice (steps 1 and 6), doubling CPU and memory cost of certificate parsing for every `signPdf` call
+- Updated `@f-o-t/pdf` dependency floor to `^0.3.8` to pick up nested page tree recursion, MediaBox inheritance fix, and correct widget annotation page placement
+
+## [1.2.6] - 2026-02-18
+
+### Fixed
+- Updated `@f-o-t/pdf` dependency floor to `^0.3.7` to pick up the parser memory fix: PDF bytes are now decoded to a latin1 string exactly once per `signPdf` call (previously decoded O(pages) times), and `embedSignature` / `extractBytesToSign` no longer allocate unnecessary full-PDF-sized copies — together these eliminate the JS heap OOM that users hit when signing PDFs with more than a few pages
+
+## [1.2.5] - 2026-02-18
+
+### Fixed
+- `extractSignatureValue` now locates `signerInfos` as the last child of `SignedData` (`.at(-1)`) instead of hardcoded index `[4]`; the previous index assumed `certificates [0]` was always present and `crls [1]` always absent, which would produce a wrong timestamp over external CMS blobs with a different layout
+- Updated `@f-o-t/crypto` dependency floor to `^1.1.0` to pick up `appendUnauthAttributes` and the corresponding signerInfos fix
+
+## [1.2.4] - 2026-02-18
+
+### Fixed
+- `signPdf` with `appearances` array no longer generates and embeds a separate QR image XObject per entry; the QR image is pre-computed once and shared across all appearances, collapsing N `generateQrCode` + `doc.embedPng` calls into 1 and preventing O(N) heap growth that caused JavaScript heap OOM in Vercel Edge Runtime for PDFs with 5+ appearances
+- Updated `@f-o-t/pdf` dependency floor to `^0.3.6` to pick up in-place ByteRange patching and binary `findByteRange` (eliminates up to 3× PDF-size string allocations per sign call)
+
+## [1.2.3] - 2026-02-18
+
+### Fixed
+- `signPdf` with `timestamp: true` now correctly embeds the RFC 3161 timestamp token as an unauthenticated attribute (OID `1.2.840.113549.1.9.16.2.14`) inside the CMS SignerInfo; previously the token was requested from the TSA but silently discarded, leaving signatures indistinguishable from untimestamped ones
+
+## [1.2.2] - 2026-02-18
+
+### Fixed
+- `onTimestampError` schema now uses Zod v4 `z.function({ input, output })` API instead of the removed `z.function().args().returns()` (Zod v3) — fixes `TypeError: z.function(...).args is not a function` at import time
+
+## [1.2.1] - 2026-02-18
+
+### Added
+- `tsaTimeout?: number` option on `PdfSignOptions` — configurable timeout per TSA attempt (default: 10000ms)
+- `tsaRetries?: number` option on `PdfSignOptions` — number of retry attempts after the initial request fails; total attempts = `1 + tsaRetries` (default: `0`)
+- `tsaFallbackUrls?: string[]` option on `PdfSignOptions` — fallback TSA servers tried in order after primary fails; exponential backoff (1s, 2s) between primary retries only
+- `onTimestampError?: (error: unknown) => void` option on `PdfSignOptions` — optional callback invoked when timestamping fails (non-fatal); use for logging or metrics
+- `signPdf` now accepts `ReadableStream<Uint8Array>` as PDF input in addition to `Uint8Array`; internally accumulates chunks before signing
+- `signPdfBatch(files, options): AsyncGenerator<BatchSignEvent>` — sign multiple PDFs sequentially, yielding progress events per file; yields control between files to avoid blocking the event loop
+- `signPdfBatchToArray(files, options): Promise<...>` — convenience wrapper for batch signing that collects results into an array
+- `BatchSignInput` and `BatchSignEvent` types exported from the package
+
+### Fixed
+- TSA errors now include the server URL and original message in the error text instead of an opaque `fetch failed`
+- `tsaRetries` semantics corrected: now means retries *after* the initial attempt (`1 + tsaRetries` total); default changed from `1` to `0` so the default behavior (1 attempt) is unchanged
+- `batch_complete.totalFiles` now reflects the number of files actually processed (non-falsy entries) instead of the raw array length, ensuring it always equals the number of `file_start` events emitted
+
+## [1.1.0] - 2026-02-18
+
+### Added
+- `appearances?: SignatureAppearance[]` field on `PdfSignOptions` — renders a visual stamp on each specified page in a single `signPdf` call, enabling multi-page document stamping while the cryptographic signature is still applied once over the entire document
+
+## [1.0.7] - 2026-02-15
+
+### Fixed
+- Signature appearance Y coordinate now uses top-left origin (distance from top of page) matching user expectations, instead of raw PDF bottom-left origin which caused signatures placed at the bottom to appear at the top
+
+## [1.0.6] - 2026-02-15
+
+### Changed
+- Updated `@f-o-t/pdf` dependency from `^0.3.3` to `^0.3.4`
+
+### Fixed
+- Visual signature appearance no longer renders mirrored/upside-down on PDFs with transformed coordinate systems (fixed via @f-o-t/pdf@0.3.4 graphics state isolation)
+
+## [1.0.5] - 2026-02-15
+
+### Changed
+- Updated `@f-o-t/pdf` dependency from `^0.3.2` to `^0.3.3`
+
+### Fixed
+- QR code and certificate info text now render side-by-side within the same bounding box instead of at different page positions (fixed via @f-o-t/pdf@0.3.3 coordinate system fix)
+
+## [1.0.4] - 2026-02-14
+
+### Changed
+- Updated `@f-o-t/digital-certificate` dependency from `^1.0.5` to `^2.2.0`
+- Updated `@f-o-t/pdf` dependency from `^0.3.1` to `^0.3.2`
+
+## [1.0.3] - 2026-02-14
+
+### Changed
+- Updated `@f-o-t/pdf` dependency from `^0.3.0` to `^0.3.1`
+
+### Fixed
+- Visual signature text now renders upright instead of upside-down/mirrored (fixed via @f-o-t/pdf@0.3.1 dependency upgrade)
+
+## [1.0.2] - 2026-02-14
+
+### Changed
+- Updated `@f-o-t/pdf` dependency from `^0.2.0` to `^0.3.0`
+
+### Fixed
+- Visual signature appearances no longer corrupt document fonts (fixed via @f-o-t/pdf@0.3.0 dependency upgrade)
+- PDFs from @react-pdf/renderer with CIDFont fonts now render correctly after signing with visual appearance
+
+## [1.0.1] - 2026-02-14
+
+### Fixed
+- Internal dependency updates
+
+## [1.0.0] - 2026-02-13
+
+### Added
+- Initial release of PAdES PDF signing library
+- `signPdf` function for signing PDFs with digital certificates
+- ICP-Brasil compliance with `signing-certificate-v2` and `signature-policy` attributes
+- Visual signature appearance with QR code and certificate info
+- RFC 3161 timestamp client using native `fetch`
+- Zod schema validation for all inputs
+- Support for DocMDP permissions (1, 2, 3)
+
+[1.2.18]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.2.17...@f-o-t/e-signature@1.2.18
+[1.2.16]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.2.15...@f-o-t/e-signature@1.2.16
+[1.2.15]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.2.14...@f-o-t/e-signature@1.2.15
+[1.2.14]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.2.13...@f-o-t/e-signature@1.2.14
+[1.2.13]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.2.12...@f-o-t/e-signature@1.2.13
+[1.2.12]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.2.11...@f-o-t/e-signature@1.2.12
+[1.2.11]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.2.10...@f-o-t/e-signature@1.2.11
+[1.2.9]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.2.8...@f-o-t/e-signature@1.2.9
+[1.2.8]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.2.7...@f-o-t/e-signature@1.2.8
+[1.2.7]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.2.6...@f-o-t/e-signature@1.2.7
+[1.2.6]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.2.5...@f-o-t/e-signature@1.2.6
+[1.2.5]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.2.4...@f-o-t/e-signature@1.2.5
+[1.2.0]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.1.0...@f-o-t/e-signature@1.2.0
+[1.1.0]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.0.7...@f-o-t/e-signature@1.1.0
+[1.0.7]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.0.6...@f-o-t/e-signature@1.0.7
+[1.0.6]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.0.5...@f-o-t/e-signature@1.0.6
+[1.0.5]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.0.4...@f-o-t/e-signature@1.0.5
+[1.0.4]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.0.3...@f-o-t/e-signature@1.0.4
+[1.0.3]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.0.2...@f-o-t/e-signature@1.0.3
+[1.0.2]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.0.1...@f-o-t/e-signature@1.0.2
+[1.0.1]: https://github.com/F-O-T/libraries/compare/@f-o-t/e-signature@1.0.0...@f-o-t/e-signature@1.0.1
+[1.0.0]: https://github.com/F-O-T/libraries/releases/tag/@f-o-t/e-signature@1.0.0

package/README.md

@@ -68,6 +68,32 @@ function SignForm() {
 
 `pdf` and `p12` accept `File`, `Blob`, or `Uint8Array` — the hook converts `File`/`Blob` to `Uint8Array` automatically before calling `signPdf`.
 
+## Web Worker Signing
+
+Runs signing off the main thread to prevent browser freezes.
+
+```ts
+import { signPdfInWorker } from "@f-o-t/e-signature/plugins/worker";
+
+const worker = new Worker(
+  new URL("@f-o-t/e-signature/plugins/worker-entry", import.meta.url),
+  { type: "module" },
+);
+
+const signed = await signPdfInWorker(worker, pdfBytes, {
+  certificate: { p12, password: "secret" },
+  appearance: "auto",
+  policy: "pades-icp-brasil",
+});
+
+// Reuse the worker for multiple signings, or terminate when done
+worker.terminate();
+```
+
+### `signPdfInWorker(worker: Worker, pdf: Uint8Array, options: PdfSignOptions): Promise<Uint8Array>`
+
+Same as `signPdf` but takes a `Worker` as the first argument. PDF bytes are transferred (zero-copy) to the worker thread.
+
 ## Automatic Signature Positioning
 
 ### Using `appearance: "auto"`

package/bunfig.toml

@@ -0,0 +1,3 @@
+[test]
+environment = "happy-dom"
+preload = ["./__tests__/setup-dom.ts"]

package/package.json

@@ -1,7 +1,6 @@
 {
    "name": "@f-o-t/e-signature",
-   "version": "1.4.1",
-   "description": "PAdES PDF signing with ICP-Brasil compliance",
+   "version": "1.6.0",
    "type": "module",
    "main": "./dist/index.js",
    "types": "./dist/index.d.ts",
@@ -17,44 +16,29 @@
          "module": "./dist/plugins/react/index.js",
          "import": "./dist/plugins/react/index.js",
          "default": "./dist/plugins/react/index.js"
+      },
+      "./plugins/worker": {
+         "types": "./dist/plugins/worker/index.d.ts",
+         "module": "./dist/plugins/worker/index.js",
+         "import": "./dist/plugins/worker/index.js",
+         "default": "./dist/plugins/worker/index.js"
+      },
+      "./plugins/worker-entry": {
+         "types": "./dist/plugins/worker-entry/index.d.ts",
+         "module": "./dist/plugins/worker-entry/index.js",
+         "import": "./dist/plugins/worker-entry/index.js",
+         "default": "./dist/plugins/worker-entry/index.js"
       }
    },
-   "files": [
-      "dist"
-   ],
    "scripts": {
-      "build": "bun x --bun fot build",
-      "test": "bun x --bun fot test",
-      "lint": "bun x --bun fot lint",
-      "format": "bun x --bun fot format",
-      "check": "bun x --bun fot check"
-   },
-   "dependencies": {
-      "@f-o-t/asn1": "^1.0.0",
-      "@f-o-t/crypto": "^1.3.0",
-      "@f-o-t/digital-certificate": "^2.3.0",
-      "@f-o-t/pdf": "^0.4.0",
-      "@f-o-t/qrcode": "^1.0.2",
-      "zod": "^4.3.6"
+      "build": "fot build",
+      "test": "fot test",
+      "lint": "fot lint",
+      "format": "fot format"
    },
    "devDependencies": {
-      "@f-o-t/cli": "^1.0.6",
-      "@f-o-t/config": "^1.0.6",
-      "@testing-library/react": "^16.0.0",
-      "@types/bun": "latest",
-      "@types/react": "^19.0.0",
-      "@types/react-dom": "^19.0.0",
-      "happy-dom": "^20.6.3",
-      "react": "^19.0.0",
-      "react-dom": "^19.0.0"
-   },
-   "peerDependencies": {
-      "react": ">=18.0.0"
-   },
-   "peerDependenciesMeta": {
-      "react": {
-         "optional": true
-      }
+      "@f-o-t/cli": "workspace:*",
+      "@f-o-t/config": "workspace:*"
    },
    "repository": {
       "type": "git",

package/dist/appearance.d.ts

@@ -1,28 +0,0 @@
-/**
- * Visual Signature Appearance
- *
- * Draws certificate information and QR code on the PDF page
- * following the ICP-Brasil standard visual signature layout.
- */
-import type { CertificateInfo } from "@f-o-t/digital-certificate";
-import type { PdfDocument, PdfImage, PdfPage } from "@f-o-t/pdf/plugins/editing";
-import type { QrCodeConfig, SignatureAppearance } from "./types.ts";
-/**
- * Draw the visual signature appearance on a PDF page.
- *
- * Includes optional QR code and certificate information text
- * inside a bordered rectangle following ICP-Brasil layout.
- */
-export declare function drawSignatureAppearance(doc: PdfDocument, page: PdfPage, appearance: SignatureAppearance, certInfo: CertificateInfo | null, options: {
-    reason?: string;
-    location?: string;
-    qrCode?: QrCodeConfig;
-    pdfData: Uint8Array;
-    preEmbeddedQr?: PdfImage;
-}): void;
-/**
- * Pre-compute the QR code image and embed it once into the PDF document.
- * Call this before an appearances loop so all appearances share a single XObject.
- */
-export declare function precomputeSharedQrImage(doc: PdfDocument, certInfo: CertificateInfo | null, pdfData: Uint8Array, qrConfig?: QrCodeConfig): PdfImage;
-//# sourceMappingURL=appearance.d.ts.map

package/dist/appearance.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"appearance.d.ts","sourceRoot":"","sources":["../src/appearance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,KAAK,EACT,WAAW,EACX,QAAQ,EACR,OAAO,EACT,MAAM,4BAA4B,CAAC;AAEpC,OAAO,KAAK,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAIpE;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACpC,GAAG,EAAE,WAAW,EAChB,IAAI,EAAE,OAAO,EACb,UAAU,EAAE,mBAAmB,EAC/B,QAAQ,EAAE,eAAe,GAAG,IAAI,EAChC,OAAO,EAAE;IACN,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,OAAO,EAAE,UAAU,CAAC;IACpB,aAAa,CAAC,EAAE,QAAQ,CAAC;CAC3B,GACD,IAAI,CA8DN;AAgGD;;;GAGG;AACH,wBAAgB,uBAAuB,CACpC,GAAG,EAAE,WAAW,EAChB,QAAQ,EAAE,eAAe,GAAG,IAAI,EAChC,OAAO,EAAE,UAAU,EACnB,QAAQ,CAAC,EAAE,YAAY,GACvB,QAAQ,CAIV"}

package/dist/batch.d.ts

@@ -1,61 +0,0 @@
-import type { PdfSignOptions } from "./types.ts";
-/**
- * Input for a single PDF in a batch signing operation.
- */
-export type BatchSignInput = {
-    /** Filename for identification in events */
-    filename: string;
-    /** PDF content as Uint8Array or ReadableStream */
-    pdf: Uint8Array | ReadableStream<Uint8Array>;
-    /** Per-file option overrides merged with base options */
-    options?: Partial<PdfSignOptions>;
-};
-/**
- * Events emitted during batch signing.
- */
-export type BatchSignEvent = {
-    type: "file_start";
-    fileIndex: number;
-    filename: string;
-} | {
-    type: "file_complete";
-    fileIndex: number;
-    filename: string;
-    signed: Uint8Array;
-} | {
-    type: "file_error";
-    fileIndex: number;
-    filename: string;
-    error: string;
-} | {
-    type: "batch_complete";
-    totalFiles: number;
-    errorCount: number;
-};
-/**
- * Sign multiple PDFs sequentially, yielding progress events.
- *
- * Yields control between each signing operation to prevent blocking
- * the event loop under bulk load.
- *
- * @param files - Array of PDFs with filename and optional per-file options
- * @param options - Base signing options (per-file options override these)
- * @yields BatchSignEvent for each file start, completion, error, and batch complete
- */
-export declare function signPdfBatch(files: BatchSignInput[], options: PdfSignOptions): AsyncGenerator<BatchSignEvent>;
-/**
- * Sign multiple PDFs sequentially, collecting all results.
- *
- * Convenience wrapper around {@link signPdfBatch} that collects all events
- * into an array of results.
- *
- * @param files - Array of PDFs with filename and optional per-file options
- * @param options - Base signing options
- * @returns Array of results with signed PDF bytes or error per file
- */
-export declare function signPdfBatchToArray(files: BatchSignInput[], options: PdfSignOptions): Promise<{
-    filename: string;
-    signed?: Uint8Array;
-    error?: string;
-}[]>;
-//# sourceMappingURL=batch.d.ts.map

package/dist/batch.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"batch.d.ts","sourceRoot":"","sources":["../src/batch.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC1B,4CAA4C;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,kDAAkD;IAClD,GAAG,EAAE,UAAU,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;IAC7C,yDAAyD;IACzD,OAAO,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GACrB;IAAE,IAAI,EAAE,YAAY,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAC3D;IACG,IAAI,EAAE,eAAe,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,UAAU,CAAC;CACrB,GACD;IAAE,IAAI,EAAE,YAAY,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAC1E;IAAE,IAAI,EAAE,gBAAgB,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;AAExE;;;;;;;;;GASG;AACH,wBAAuB,YAAY,CAChC,KAAK,EAAE,cAAc,EAAE,EACvB,OAAO,EAAE,cAAc,GACvB,cAAc,CAAC,cAAc,CAAC,CAsChC;AAED;;;;;;;;;GASG;AACH,wBAAsB,mBAAmB,CACtC,KAAK,EAAE,cAAc,EAAE,EACvB,OAAO,EAAE,cAAc,GACvB,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,UAAU,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,EAAE,CAAC,CAoBtE"}

package/dist/detect-position.d.ts

@@ -1,13 +0,0 @@
-import type { DetectedPosition, DetectPositionOptions } from "./types.ts";
-/**
- * Detect the best position to place a digital signature on a PDF.
- *
- * Uses weighted scoring across three signal types:
- * - Signer name match (weight 3)
- * - Horizontal line patterns (weight 2)
- * - Signature keywords (weight 1)
- *
- * Returns null if the PDF cannot be parsed.
- */
-export declare function detectSigningPosition(pdfData: Uint8Array, options?: DetectPositionOptions): DetectedPosition | null;
-//# sourceMappingURL=detect-position.d.ts.map

package/dist/detect-position.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"detect-position.d.ts","sourceRoot":"","sources":["../src/detect-position.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAoB1E;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CAClC,OAAO,EAAE,UAAU,EACnB,OAAO,GAAE,qBAA0B,GACnC,gBAAgB,GAAG,IAAI,CAqIzB"}

package/dist/icp-brasil.d.ts

@@ -1,60 +0,0 @@
-/**
- * ICP-Brasil Attributes for PAdES Signatures
- *
- * Implements the id-aa-signingCertificateV2 (RFC 5035) and
- * id-aa-ets-sigPolicyId attributes required by ICP-Brasil.
- *
- * Uses @f-o-t/asn1 for ASN.1 construction and @f-o-t/crypto for hashing.
- */
-/**
- * Clear the cached signature policy data.
- * Useful for testing or forcing a re-download.
- */
-export declare function clearPolicyCache(): void;
-/**
- * Build the id-aa-signingCertificateV2 attribute value (DER-encoded).
- *
- * This attribute links the signature to the specific certificate used to
- * create it, preventing substitution attacks.
- *
- * ASN.1 structure (RFC 5035):
- *
- * SigningCertificateV2 ::= SEQUENCE {
- *   certs SEQUENCE OF ESSCertIDv2
- * }
- *
- * ESSCertIDv2 ::= SEQUENCE {
- *   hashAlgorithm AlgorithmIdentifier DEFAULT {algorithm id-sha256},
- *   certHash Hash,
- *   issuerSerial IssuerSerial OPTIONAL
- * }
- *
- * IssuerSerial ::= SEQUENCE {
- *   issuer GeneralNames,
- *   serialNumber CertificateSerialNumber
- * }
- *
- * @param certDer - DER-encoded X.509 certificate
- * @returns DER-encoded SigningCertificateV2 value
- */
-export declare function buildSigningCertificateV2(certDer: Uint8Array): Uint8Array;
-/**
- * Build the id-aa-ets-sigPolicyId attribute value (DER-encoded).
- *
- * Downloads the ICP-Brasil PAdES signature policy and extracts the
- * embedded signPolicyHash to build the attribute.
- *
- * @returns DER-encoded SignaturePolicyIdentifier value
- */
-export declare function buildSignaturePolicy(): Promise<Uint8Array>;
-/**
- * Attribute OID constants for external use
- */
-export declare const ICP_BRASIL_OIDS: {
-    readonly signingCertificateV2: "1.2.840.113549.1.9.16.2.47";
-    readonly signaturePolicy: "1.2.840.113549.1.9.16.2.15";
-};
-export declare class SignaturePolicyError extends Error {
-    constructor(message: string);
-}
-//# sourceMappingURL=icp-brasil.d.ts.map

package/dist/icp-brasil.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"icp-brasil.d.ts","sourceRoot":"","sources":["../src/icp-brasil.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA8CH;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CAEvC;AAMD;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,UAAU,GAAG,UAAU,CAuCzE;AA2ED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,UAAU,CAAC,CA8BhE;AAED;;GAEG;AACH,eAAO,MAAM,eAAe;;;CAGlB,CAAC;AAMX,qBAAa,oBAAqB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI7B"}