@gnufoo/canaad 0.1.0

package/README.md

@@ -0,0 +1,104 @@
+# canaad-wasm
+
+WASM bindings for AAD (Additional Authenticated Data) canonicalization per RFC 8785.
+
+This crate provides WebAssembly bindings for the `canaad-core` library, enabling
+AAD canonicalization in browsers, Node.js, and other WASM runtimes like
+Cloudflare Workers.
+
+## Installation
+
+```bash
+npm install @gnufoo/canaad
+```
+
+## Usage
+
+### Canonicalize JSON
+
+```typescript
+import { canonicalize, canonicalizeString, validate, hash } from '@gnufoo/canaad';
+
+// Canonicalize JSON to bytes
+const json = '{"v":1,"tenant":"org_abc","resource":"secrets/db","purpose":"encryption"}';
+const bytes: Uint8Array = canonicalize(json);
+
+// Canonicalize JSON to string
+const canonical: string = canonicalizeString(json);
+// => '{"purpose":"encryption","resource":"secrets/db","tenant":"org_abc","v":1}'
+
+// Validate JSON
+const isValid: boolean = validate(json);
+
+// Get SHA-256 hash of canonical form
+const hashBytes: Uint8Array = hash(json);
+```
+
+### Builder API
+
+```typescript
+import { AadBuilder } from '@gnufoo/canaad';
+
+const builder = new AadBuilder()
+    .tenant("org_abc")
+    .resource("secrets/db")
+    .purpose("encryption")
+    .timestamp(1706400000)
+    .extensionString("x_vault_cluster", "us-east-1")
+    .extensionInt("x_app_priority", 5);
+
+// Build to bytes
+const bytes: Uint8Array = builder.build();
+
+// Build to string
+const canonical: string = builder.buildString();
+```
+
+### Constants
+
+```typescript
+import { SPEC_VERSION, MAX_SAFE_INTEGER, MAX_SERIALIZED_BYTES } from '@gnufoo/canaad';
+
+console.log(SPEC_VERSION);           // 1
+console.log(MAX_SAFE_INTEGER);       // 9007199254740991 (2^53 - 1)
+console.log(MAX_SERIALIZED_BYTES);   // 16384 (16 KiB)
+```
+
+## Error Handling
+
+All functions that can fail will throw JavaScript errors with descriptive messages:
+
+```typescript
+try {
+    canonicalize('{"v":1}');  // Missing required fields
+} catch (e) {
+    console.error(e.message);  // "missing required field: tenant"
+}
+```
+
+## Supported Environments
+
+- **Browsers**: Modern browsers with WASM support
+- **Node.js**: v14+ with WASM support
+- **Cloudflare Workers**: Full support
+- **Deno**: With WASM import
+
+## Building from Source
+
+```bash
+# Install wasm-pack
+cargo install wasm-pack
+
+# Build for bundlers (webpack, vite, etc.)
+wasm-pack build --target bundler
+
+# Build for Node.js
+wasm-pack build --target nodejs
+
+# Build for web (no bundler)
+wasm-pack build --target web
+```
+
+## License
+
+MIT OR Apache-2.0

package/canaad_wasm.d.ts

@@ -0,0 +1,253 @@
+/* tslint:disable */
+/* eslint-disable */
+
+/**
+ * Builder for constructing AAD objects programmatically.
+ *
+ * Provides a fluent API for building AAD with method chaining.
+ * All setter methods return a new builder to enable chaining.
+ *
+ * # Example (JavaScript)
+ *
+ * ```javascript
+ * const builder = new AadBuilder()
+ *     .tenant("org_abc")
+ *     .resource("secrets/db")
+ *     .purpose("encryption")
+ *     .timestamp(1706400000)
+ *     .extensionString("x_vault_cluster", "us-east-1");
+ *
+ * const bytes = builder.build();
+ * const canonical = builder.buildString();
+ * ```
+ */
+export class AadBuilder {
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Builds the AAD and returns the canonical bytes.
+     *
+     * # Returns
+     *
+     * A `Uint8Array` containing the UTF-8 encoded canonical JSON.
+     *
+     * # Errors
+     *
+     * Throws a JavaScript error if:
+     * - Required fields (tenant, resource, purpose) are missing
+     * - Any field value is invalid
+     * - Extension keys don't match the required pattern
+     * - The serialized output exceeds 16 KiB
+     */
+    build(): Uint8Array;
+    /**
+     * Builds the AAD and returns the canonical string.
+     *
+     * # Returns
+     *
+     * The canonical (JCS) representation as a string.
+     *
+     * # Errors
+     *
+     * Throws a JavaScript error if:
+     * - Required fields (tenant, resource, purpose) are missing
+     * - Any field value is invalid
+     * - Extension keys don't match the required pattern
+     * - The serialized output exceeds 16 KiB
+     */
+    buildString(): string;
+    /**
+     * Adds an integer extension field.
+     *
+     * Extension keys must match pattern `x_<app>_<field>` where:
+     * - `<app>` is one or more lowercase letters
+     * - `<field>` is one or more lowercase letters or underscores
+     *
+     * # Arguments
+     *
+     * * `key` - Extension key (e.g., `x_app_priority`)
+     * * `value` - Integer value (0 to 2^53-1)
+     *
+     * # Returns
+     *
+     * A new builder with the extension added.
+     */
+    extensionInt(key: string, value: number): AadBuilder;
+    /**
+     * Adds a string extension field.
+     *
+     * Extension keys must match pattern `x_<app>_<field>` where:
+     * - `<app>` is one or more lowercase letters
+     * - `<field>` is one or more lowercase letters or underscores
+     *
+     * # Arguments
+     *
+     * * `key` - Extension key (e.g., `x_vault_cluster`)
+     * * `value` - String value (no NUL bytes)
+     *
+     * # Returns
+     *
+     * A new builder with the extension added.
+     */
+    extensionString(key: string, value: string): AadBuilder;
+    /**
+     * Creates a new AAD builder.
+     */
+    constructor();
+    /**
+     * Sets the purpose or usage context.
+     *
+     * # Arguments
+     *
+     * * `value` - Purpose description (1+ bytes, no NUL bytes)
+     *
+     * # Returns
+     *
+     * A new builder with the purpose set.
+     */
+    purpose(value: string): AadBuilder;
+    /**
+     * Sets the resource path or identifier.
+     *
+     * # Arguments
+     *
+     * * `value` - Resource path (1-1024 bytes, no NUL bytes)
+     *
+     * # Returns
+     *
+     * A new builder with the resource set.
+     */
+    resource(value: string): AadBuilder;
+    /**
+     * Sets the tenant identifier.
+     *
+     * # Arguments
+     *
+     * * `value` - Tenant identifier (1-256 bytes, no NUL bytes)
+     *
+     * # Returns
+     *
+     * A new builder with the tenant set.
+     */
+    tenant(value: string): AadBuilder;
+    /**
+     * Sets the timestamp.
+     *
+     * # Arguments
+     *
+     * * `ts` - Unix timestamp (0 to 2^53-1)
+     *
+     * # Returns
+     *
+     * A new builder with the timestamp set.
+     */
+    timestamp(ts: number): AadBuilder;
+}
+
+/**
+ * Returns the maximum safe integer value (2^53 - 1).
+ *
+ * This is the maximum integer value that can be exactly represented in
+ * JavaScript's Number type.
+ */
+export function MAX_SAFE_INTEGER(): number;
+
+/**
+ * Returns the maximum serialized AAD size in bytes (16 KiB).
+ */
+export function MAX_SERIALIZED_BYTES(): number;
+
+/**
+ * Returns the current AAD specification version.
+ *
+ * Currently always returns 1.
+ */
+export function SPEC_VERSION(): number;
+
+/**
+ * Parses and canonicalizes a JSON string to bytes.
+ *
+ * This function:
+ * 1. Parses the JSON with duplicate key detection
+ * 2. Validates all fields according to the AAD specification
+ * 3. Returns the canonical (JCS) representation as bytes
+ *
+ * # Arguments
+ *
+ * * `json` - A JSON string containing an AAD object
+ *
+ * # Returns
+ *
+ * A `Uint8Array` containing the UTF-8 encoded canonical JSON.
+ *
+ * # Errors
+ *
+ * Throws a JavaScript error if:
+ * - The JSON is invalid or contains duplicate keys
+ * - Any field violates AAD constraints
+ * - The serialized output exceeds 16 KiB
+ */
+export function canonicalize(json: string): Uint8Array;
+
+/**
+ * Parses and canonicalizes a JSON string to a UTF-8 string.
+ *
+ * This is equivalent to `canonicalize` but returns a string instead of bytes.
+ *
+ * # Arguments
+ *
+ * * `json` - A JSON string containing an AAD object
+ *
+ * # Returns
+ *
+ * The canonical (JCS) representation as a string.
+ *
+ * # Errors
+ *
+ * Throws a JavaScript error if:
+ * - The JSON is invalid or contains duplicate keys
+ * - Any field violates AAD constraints
+ * - The serialized output exceeds 16 KiB
+ */
+export function canonicalizeString(json: string): string;
+
+/**
+ * Computes the SHA-256 hash of the canonical JSON form.
+ *
+ * This function:
+ * 1. Parses and validates the JSON
+ * 2. Canonicalizes according to RFC 8785
+ * 3. Returns the SHA-256 hash of the canonical bytes
+ *
+ * # Arguments
+ *
+ * * `json` - A JSON string containing an AAD object
+ *
+ * # Returns
+ *
+ * A 32-byte `Uint8Array` containing the SHA-256 hash.
+ *
+ * # Errors
+ *
+ * Throws a JavaScript error if:
+ * - The JSON is invalid or contains duplicate keys
+ * - Any field violates AAD constraints
+ * - The serialized output exceeds 16 KiB
+ */
+export function hash(json: string): Uint8Array;
+
+/**
+ * Validates a JSON string against the AAD specification.
+ *
+ * This function performs full validation without returning the context.
+ * Use this for quick validation checks.
+ *
+ * # Arguments
+ *
+ * * `json` - A JSON string to validate
+ *
+ * # Returns
+ *
+ * `true` if the JSON is valid AAD, `false` otherwise.
+ */
+export function validate(json: string): boolean;

package/canaad_wasm.js

@@ -0,0 +1,540 @@
+/* @ts-self-types="./canaad_wasm.d.ts" */
+
+/**
+ * Builder for constructing AAD objects programmatically.
+ *
+ * Provides a fluent API for building AAD with method chaining.
+ * All setter methods return a new builder to enable chaining.
+ *
+ * # Example (JavaScript)
+ *
+ * ```javascript
+ * const builder = new AadBuilder()
+ *     .tenant("org_abc")
+ *     .resource("secrets/db")
+ *     .purpose("encryption")
+ *     .timestamp(1706400000)
+ *     .extensionString("x_vault_cluster", "us-east-1");
+ *
+ * const bytes = builder.build();
+ * const canonical = builder.buildString();
+ * ```
+ */
+class AadBuilder {
+    static __wrap(ptr) {
+        ptr = ptr >>> 0;
+        const obj = Object.create(AadBuilder.prototype);
+        obj.__wbg_ptr = ptr;
+        AadBuilderFinalization.register(obj, obj.__wbg_ptr, obj);
+        return obj;
+    }
+    __destroy_into_raw() {
+        const ptr = this.__wbg_ptr;
+        this.__wbg_ptr = 0;
+        AadBuilderFinalization.unregister(this);
+        return ptr;
+    }
+    free() {
+        const ptr = this.__destroy_into_raw();
+        wasm.__wbg_aadbuilder_free(ptr, 0);
+    }
+    /**
+     * Builds the AAD and returns the canonical bytes.
+     *
+     * # Returns
+     *
+     * A `Uint8Array` containing the UTF-8 encoded canonical JSON.
+     *
+     * # Errors
+     *
+     * Throws a JavaScript error if:
+     * - Required fields (tenant, resource, purpose) are missing
+     * - Any field value is invalid
+     * - Extension keys don't match the required pattern
+     * - The serialized output exceeds 16 KiB
+     * @returns {Uint8Array}
+     */
+    build() {
+        const ret = wasm.aadbuilder_build(this.__wbg_ptr);
+        if (ret[3]) {
+            throw takeFromExternrefTable0(ret[2]);
+        }
+        var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();
+        wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);
+        return v1;
+    }
+    /**
+     * Builds the AAD and returns the canonical string.
+     *
+     * # Returns
+     *
+     * The canonical (JCS) representation as a string.
+     *
+     * # Errors
+     *
+     * Throws a JavaScript error if:
+     * - Required fields (tenant, resource, purpose) are missing
+     * - Any field value is invalid
+     * - Extension keys don't match the required pattern
+     * - The serialized output exceeds 16 KiB
+     * @returns {string}
+     */
+    buildString() {
+        let deferred2_0;
+        let deferred2_1;
+        try {
+            const ret = wasm.aadbuilder_buildString(this.__wbg_ptr);
+            var ptr1 = ret[0];
+            var len1 = ret[1];
+            if (ret[3]) {
+                ptr1 = 0; len1 = 0;
+                throw takeFromExternrefTable0(ret[2]);
+            }
+            deferred2_0 = ptr1;
+            deferred2_1 = len1;
+            return getStringFromWasm0(ptr1, len1);
+        } finally {
+            wasm.__wbindgen_free(deferred2_0, deferred2_1, 1);
+        }
+    }
+    /**
+     * Adds an integer extension field.
+     *
+     * Extension keys must match pattern `x_<app>_<field>` where:
+     * - `<app>` is one or more lowercase letters
+     * - `<field>` is one or more lowercase letters or underscores
+     *
+     * # Arguments
+     *
+     * * `key` - Extension key (e.g., `x_app_priority`)
+     * * `value` - Integer value (0 to 2^53-1)
+     *
+     * # Returns
+     *
+     * A new builder with the extension added.
+     * @param {string} key
+     * @param {number} value
+     * @returns {AadBuilder}
+     */
+    extensionInt(key, value) {
+        const ptr = this.__destroy_into_raw();
+        const ptr0 = passStringToWasm0(key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+        const len0 = WASM_VECTOR_LEN;
+        const ret = wasm.aadbuilder_extensionInt(ptr, ptr0, len0, value);
+        return AadBuilder.__wrap(ret);
+    }
+    /**
+     * Adds a string extension field.
+     *
+     * Extension keys must match pattern `x_<app>_<field>` where:
+     * - `<app>` is one or more lowercase letters
+     * - `<field>` is one or more lowercase letters or underscores
+     *
+     * # Arguments
+     *
+     * * `key` - Extension key (e.g., `x_vault_cluster`)
+     * * `value` - String value (no NUL bytes)
+     *
+     * # Returns
+     *
+     * A new builder with the extension added.
+     * @param {string} key
+     * @param {string} value
+     * @returns {AadBuilder}
+     */
+    extensionString(key, value) {
+        const ptr = this.__destroy_into_raw();
+        const ptr0 = passStringToWasm0(key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passStringToWasm0(value, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+        const len1 = WASM_VECTOR_LEN;
+        const ret = wasm.aadbuilder_extensionString(ptr, ptr0, len0, ptr1, len1);
+        return AadBuilder.__wrap(ret);
+    }
+    /**
+     * Creates a new AAD builder.
+     */
+    constructor() {
+        const ret = wasm.aadbuilder_new();
+        this.__wbg_ptr = ret >>> 0;
+        AadBuilderFinalization.register(this, this.__wbg_ptr, this);
+        return this;
+    }
+    /**
+     * Sets the purpose or usage context.
+     *
+     * # Arguments
+     *
+     * * `value` - Purpose description (1+ bytes, no NUL bytes)
+     *
+     * # Returns
+     *
+     * A new builder with the purpose set.
+     * @param {string} value
+     * @returns {AadBuilder}
+     */
+    purpose(value) {
+        const ptr = this.__destroy_into_raw();
+        const ptr0 = passStringToWasm0(value, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+        const len0 = WASM_VECTOR_LEN;
+        const ret = wasm.aadbuilder_purpose(ptr, ptr0, len0);
+        return AadBuilder.__wrap(ret);
+    }
+    /**
+     * Sets the resource path or identifier.
+     *
+     * # Arguments
+     *
+     * * `value` - Resource path (1-1024 bytes, no NUL bytes)
+     *
+     * # Returns
+     *
+     * A new builder with the resource set.
+     * @param {string} value
+     * @returns {AadBuilder}
+     */
+    resource(value) {
+        const ptr = this.__destroy_into_raw();
+        const ptr0 = passStringToWasm0(value, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+        const len0 = WASM_VECTOR_LEN;
+        const ret = wasm.aadbuilder_resource(ptr, ptr0, len0);
+        return AadBuilder.__wrap(ret);
+    }
+    /**
+     * Sets the tenant identifier.
+     *
+     * # Arguments
+     *
+     * * `value` - Tenant identifier (1-256 bytes, no NUL bytes)
+     *
+     * # Returns
+     *
+     * A new builder with the tenant set.
+     * @param {string} value
+     * @returns {AadBuilder}
+     */
+    tenant(value) {
+        const ptr = this.__destroy_into_raw();
+        const ptr0 = passStringToWasm0(value, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+        const len0 = WASM_VECTOR_LEN;
+        const ret = wasm.aadbuilder_tenant(ptr, ptr0, len0);
+        return AadBuilder.__wrap(ret);
+    }
+    /**
+     * Sets the timestamp.
+     *
+     * # Arguments
+     *
+     * * `ts` - Unix timestamp (0 to 2^53-1)
+     *
+     * # Returns
+     *
+     * A new builder with the timestamp set.
+     * @param {number} ts
+     * @returns {AadBuilder}
+     */
+    timestamp(ts) {
+        const ptr = this.__destroy_into_raw();
+        const ret = wasm.aadbuilder_timestamp(ptr, ts);
+        return AadBuilder.__wrap(ret);
+    }
+}
+if (Symbol.dispose) AadBuilder.prototype[Symbol.dispose] = AadBuilder.prototype.free;
+exports.AadBuilder = AadBuilder;
+
+/**
+ * Returns the maximum safe integer value (2^53 - 1).
+ *
+ * This is the maximum integer value that can be exactly represented in
+ * JavaScript's Number type.
+ * @returns {number}
+ */
+function MAX_SAFE_INTEGER() {
+    const ret = wasm.MAX_SAFE_INTEGER();
+    return ret;
+}
+exports.MAX_SAFE_INTEGER = MAX_SAFE_INTEGER;
+
+/**
+ * Returns the maximum serialized AAD size in bytes (16 KiB).
+ * @returns {number}
+ */
+function MAX_SERIALIZED_BYTES() {
+    const ret = wasm.MAX_SERIALIZED_BYTES();
+    return ret >>> 0;
+}
+exports.MAX_SERIALIZED_BYTES = MAX_SERIALIZED_BYTES;
+
+/**
+ * Returns the current AAD specification version.
+ *
+ * Currently always returns 1.
+ * @returns {number}
+ */
+function SPEC_VERSION() {
+    const ret = wasm.SPEC_VERSION();
+    return ret >>> 0;
+}
+exports.SPEC_VERSION = SPEC_VERSION;
+
+/**
+ * Parses and canonicalizes a JSON string to bytes.
+ *
+ * This function:
+ * 1. Parses the JSON with duplicate key detection
+ * 2. Validates all fields according to the AAD specification
+ * 3. Returns the canonical (JCS) representation as bytes
+ *
+ * # Arguments
+ *
+ * * `json` - A JSON string containing an AAD object
+ *
+ * # Returns
+ *
+ * A `Uint8Array` containing the UTF-8 encoded canonical JSON.
+ *
+ * # Errors
+ *
+ * Throws a JavaScript error if:
+ * - The JSON is invalid or contains duplicate keys
+ * - Any field violates AAD constraints
+ * - The serialized output exceeds 16 KiB
+ * @param {string} json
+ * @returns {Uint8Array}
+ */
+function canonicalize(json) {
+    const ptr0 = passStringToWasm0(json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.canonicalize(ptr0, len0);
+    if (ret[3]) {
+        throw takeFromExternrefTable0(ret[2]);
+    }
+    var v2 = getArrayU8FromWasm0(ret[0], ret[1]).slice();
+    wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);
+    return v2;
+}
+exports.canonicalize = canonicalize;
+
+/**
+ * Parses and canonicalizes a JSON string to a UTF-8 string.
+ *
+ * This is equivalent to `canonicalize` but returns a string instead of bytes.
+ *
+ * # Arguments
+ *
+ * * `json` - A JSON string containing an AAD object
+ *
+ * # Returns
+ *
+ * The canonical (JCS) representation as a string.
+ *
+ * # Errors
+ *
+ * Throws a JavaScript error if:
+ * - The JSON is invalid or contains duplicate keys
+ * - Any field violates AAD constraints
+ * - The serialized output exceeds 16 KiB
+ * @param {string} json
+ * @returns {string}
+ */
+function canonicalizeString(json) {
+    let deferred3_0;
+    let deferred3_1;
+    try {
+        const ptr0 = passStringToWasm0(json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+        const len0 = WASM_VECTOR_LEN;
+        const ret = wasm.canonicalizeString(ptr0, len0);
+        var ptr2 = ret[0];
+        var len2 = ret[1];
+        if (ret[3]) {
+            ptr2 = 0; len2 = 0;
+            throw takeFromExternrefTable0(ret[2]);
+        }
+        deferred3_0 = ptr2;
+        deferred3_1 = len2;
+        return getStringFromWasm0(ptr2, len2);
+    } finally {
+        wasm.__wbindgen_free(deferred3_0, deferred3_1, 1);
+    }
+}
+exports.canonicalizeString = canonicalizeString;
+
+/**
+ * Computes the SHA-256 hash of the canonical JSON form.
+ *
+ * This function:
+ * 1. Parses and validates the JSON
+ * 2. Canonicalizes according to RFC 8785
+ * 3. Returns the SHA-256 hash of the canonical bytes
+ *
+ * # Arguments
+ *
+ * * `json` - A JSON string containing an AAD object
+ *
+ * # Returns
+ *
+ * A 32-byte `Uint8Array` containing the SHA-256 hash.
+ *
+ * # Errors
+ *
+ * Throws a JavaScript error if:
+ * - The JSON is invalid or contains duplicate keys
+ * - Any field violates AAD constraints
+ * - The serialized output exceeds 16 KiB
+ * @param {string} json
+ * @returns {Uint8Array}
+ */
+function hash(json) {
+    const ptr0 = passStringToWasm0(json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.hash(ptr0, len0);
+    if (ret[3]) {
+        throw takeFromExternrefTable0(ret[2]);
+    }
+    var v2 = getArrayU8FromWasm0(ret[0], ret[1]).slice();
+    wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);
+    return v2;
+}
+exports.hash = hash;
+
+/**
+ * Validates a JSON string against the AAD specification.
+ *
+ * This function performs full validation without returning the context.
+ * Use this for quick validation checks.
+ *
+ * # Arguments
+ *
+ * * `json` - A JSON string to validate
+ *
+ * # Returns
+ *
+ * `true` if the JSON is valid AAD, `false` otherwise.
+ * @param {string} json
+ * @returns {boolean}
+ */
+function validate(json) {
+    const ptr0 = passStringToWasm0(json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.validate(ptr0, len0);
+    return ret !== 0;
+}
+exports.validate = validate;
+
+function __wbg_get_imports() {
+    const import0 = {
+        __proto__: null,
+        __wbg_Error_8c4e43fe74559d73: function(arg0, arg1) {
+            const ret = Error(getStringFromWasm0(arg0, arg1));
+            return ret;
+        },
+        __wbg___wbindgen_throw_be289d5034ed271b: function(arg0, arg1) {
+            throw new Error(getStringFromWasm0(arg0, arg1));
+        },
+        __wbindgen_init_externref_table: function() {
+            const table = wasm.__wbindgen_externrefs;
+            const offset = table.grow(4);
+            table.set(0, undefined);
+            table.set(offset + 0, undefined);
+            table.set(offset + 1, null);
+            table.set(offset + 2, true);
+            table.set(offset + 3, false);
+        },
+    };
+    return {
+        __proto__: null,
+        "./canaad_wasm_bg.js": import0,
+    };
+}
+
+const AadBuilderFinalization = (typeof FinalizationRegistry === 'undefined')
+    ? { register: () => {}, unregister: () => {} }
+    : new FinalizationRegistry(ptr => wasm.__wbg_aadbuilder_free(ptr >>> 0, 1));
+
+function getArrayU8FromWasm0(ptr, len) {
+    ptr = ptr >>> 0;
+    return getUint8ArrayMemory0().subarray(ptr / 1, ptr / 1 + len);
+}
+
+function getStringFromWasm0(ptr, len) {
+    ptr = ptr >>> 0;
+    return decodeText(ptr, len);
+}
+
+let cachedUint8ArrayMemory0 = null;
+function getUint8ArrayMemory0() {
+    if (cachedUint8ArrayMemory0 === null || cachedUint8ArrayMemory0.byteLength === 0) {
+        cachedUint8ArrayMemory0 = new Uint8Array(wasm.memory.buffer);
+    }
+    return cachedUint8ArrayMemory0;
+}
+
+function passStringToWasm0(arg, malloc, realloc) {
+    if (realloc === undefined) {
+        const buf = cachedTextEncoder.encode(arg);
+        const ptr = malloc(buf.length, 1) >>> 0;
+        getUint8ArrayMemory0().subarray(ptr, ptr + buf.length).set(buf);
+        WASM_VECTOR_LEN = buf.length;
+        return ptr;
+    }
+
+    let len = arg.length;
+    let ptr = malloc(len, 1) >>> 0;
+
+    const mem = getUint8ArrayMemory0();
+
+    let offset = 0;
+
+    for (; offset < len; offset++) {
+        const code = arg.charCodeAt(offset);
+        if (code > 0x7F) break;
+        mem[ptr + offset] = code;
+    }
+    if (offset !== len) {
+        if (offset !== 0) {
+            arg = arg.slice(offset);
+        }
+        ptr = realloc(ptr, len, len = offset + arg.length * 3, 1) >>> 0;
+        const view = getUint8ArrayMemory0().subarray(ptr + offset, ptr + len);
+        const ret = cachedTextEncoder.encodeInto(arg, view);
+
+        offset += ret.written;
+        ptr = realloc(ptr, len, offset, 1) >>> 0;
+    }
+
+    WASM_VECTOR_LEN = offset;
+    return ptr;
+}
+
+function takeFromExternrefTable0(idx) {
+    const value = wasm.__wbindgen_externrefs.get(idx);
+    wasm.__externref_table_dealloc(idx);
+    return value;
+}
+
+let cachedTextDecoder = new TextDecoder('utf-8', { ignoreBOM: true, fatal: true });
+cachedTextDecoder.decode();
+function decodeText(ptr, len) {
+    return cachedTextDecoder.decode(getUint8ArrayMemory0().subarray(ptr, ptr + len));
+}
+
+const cachedTextEncoder = new TextEncoder();
+
+if (!('encodeInto' in cachedTextEncoder)) {
+    cachedTextEncoder.encodeInto = function (arg, view) {
+        const buf = cachedTextEncoder.encode(arg);
+        view.set(buf);
+        return {
+            read: arg.length,
+            written: buf.length
+        };
+    };
+}
+
+let WASM_VECTOR_LEN = 0;
+
+const wasmPath = `${__dirname}/canaad_wasm_bg.wasm`;
+const wasmBytes = require('fs').readFileSync(wasmPath);
+const wasmModule = new WebAssembly.Module(wasmBytes);
+const wasm = new WebAssembly.Instance(wasmModule, __wbg_get_imports()).exports;
+wasm.__wbindgen_start();

package/package.json

@@ -0,0 +1,20 @@
+{
+  "name": "@gnufoo/canaad",
+  "description": "WASM bindings for AAD canonicalization per RFC 8785",
+  "version": "0.1.0",
+  "license": "MIT OR Apache-2.0",
+  "files": [
+    "canaad_wasm_bg.wasm",
+    "canaad_wasm.js",
+    "canaad_wasm.d.ts"
+  ],
+  "main": "canaad_wasm.js",
+  "types": "canaad_wasm.d.ts",
+  "keywords": [
+    "aead",
+    "aad",
+    "canonicalization",
+    "jcs",
+    "rfc8785"
+  ]
+}