@hesohq/node 0.1.2-dev.21

package/index.d.ts

@@ -0,0 +1,235 @@
+/* tslint:disable */
+/* eslint-disable */
+
+/* auto-generated by NAPI-RS */
+
+/** The verdict returned by all single-receipt verify functions. */
+export interface ActionVerdict {
+  /** One of the ActionOutcome variant names as a string. */
+  verdict: string
+  /** The re-derived trust level: "L0" or "L1" (only meaningful when verdict == "Valid"). */
+  trustLevel: string
+}
+/** Extended verdict that also includes the trusted-time status. */
+export interface ActionVerdictWithTime {
+  verdict: string
+  trustLevel: string
+  /** "NoTrustedTime" or "AnchoredRfc3161:<gen_time>". */
+  timeStatus: string
+}
+/** Outcome of a chain verification. */
+export interface ChainResult {
+  ok: boolean
+  /** Number of receipts verified (only set when ok == true). */
+  length?: number
+  /** Error kind string (only set when ok == false). */
+  error?: string
+  /** The seq at which the error occurred (only set when ok == false). */
+  seq?: number
+  /** Human-readable detail (only set when ok == false). */
+  detail?: string
+}
+/** Decoded claims from a verified approval token. */
+export interface ApprovalTokenClaims {
+  /** The 32-byte random nonce as a Buffer. */
+  nonce: Buffer
+  /** Expiry as Unix seconds (BigInt). */
+  expiryUnixSecs: bigint
+  /** The verdict the human signed into the token: "approved" or "rejected". */
+  decision: string
+  /** The scope string encoded in the token. */
+  scope: string
+  /** Base64-encoded Ed25519 public key of the approver. */
+  approverPublicKey: string
+}
+/** The verified, decoded result of a delegation envelope. */
+export interface VerifiedDelegation {
+  /** The authorized key `K` (raw 32-byte Ed25519 public key) as a Buffer. */
+  authorizedKey: Buffer
+  /** The subject string the operator stamped onto the delegation. */
+  sub: string
+  /** The scope the delegated authority was bound to. */
+  scope: string
+  /** The envelope's expiry as Unix seconds (BigInt). */
+  expiryUnixSecs: bigint
+  /** The envelope's not_before as Unix seconds (BigInt). */
+  notBeforeUnixSecs: bigint
+}
+/** Result of a commit-and-reveal redaction. */
+export interface RedactCommitResult {
+  /** The modified fields map as JSON. */
+  fields: string
+  /** The RedactionRecord as JSON. */
+  redactionRecord: string
+  /** The redaction sidecar (salts + reveals) as JSON. */
+  sidecar: string
+}
+/**
+ * Verify a single ActionReceipt from its raw JSON bytes (Buffer, Uint8Array, or string).
+ * Never panics — structural failures become `Malformed:…`.
+ */
+export declare function verify(receiptBytes: Buffer | Uint8Array | string): ActionVerdict
+/** Verify a receipt AND report its trusted-time status separately. */
+export declare function verifyWithTime(receiptBytesInput: Buffer | Uint8Array | string): ActionVerdictWithTime
+/**
+ * Verify a receipt AND re-derive its ERT classification from the embedded taxonomy.
+ * Uses heso-engine's ClassifyReDeriver (embedded taxonomy). Only available
+ * when the `process` feature is enabled (pulls heso-engine).
+ */
+export declare function verifyRederiving(receiptBytesInput: Buffer | Uint8Array | string): ActionVerdict
+/**
+ * Return the RFC-8785 (JCS) canonical bytes of an ActionContent JSON string,
+ * with `action_hash` stripped. Single source of canonical bytes — never
+ * reimplement JCS in TS.
+ */
+export declare function actionCanonicalBytesJs(contentJson: string): Buffer
+/**
+ * Promote a suspended L0 `ActionContent` to its L1 body (embed the approver
+ * record, recompute `action_hash`) and return that body's RFC-8785 (JCS)
+ * canonical bytes — the exact bytes the operator and approver sign.
+ *
+ * Key-free (`build_l1_content` is pure), so this is always compiled. It lets
+ * the SDK reproduce the L1 signing payload off-process and assert byte-parity
+ * with the native mint without ever touching a key.
+ */
+export declare function l1ContentCanonicalBytesJs(suspendedContentJson: string, approverRecordJson: string): Buffer
+/** BLAKE3 (64-hex) of the canonical bytes — the value that goes into `action_hash`. */
+export declare function contentHash(contentJson: string): string
+/** Pre-anchor BLAKE3 hash (excludes `time_anchor` from the canonical bytes). */
+export declare function anchoredContentHashJs(contentJson: string): string
+/** Return a short display form of a 64-hex BLAKE3 hash: `{prefix}:{first8}`. */
+export declare function shortHash(hex: string, prefix?: string | undefined | null): string
+/**
+ * Compute a domain-separated BLAKE3 chain-link digest from two 64-hex hashes.
+ * Maps to the display helper used by the web's crypto.ts.
+ */
+export declare function chainHashHex(prevHex: string, actionHex: string): string
+/**
+ * Verify an approval token. Throws a napi Error with a `[CODE]` prefix on failure.
+ *
+ * `required_decision` ("approved"/"rejected") is NON-DEFAULTED — the caller must
+ * declare which verdict it expects, and a token whose signed decision differs is
+ * rejected `[OutOfDecision]`.
+ */
+export declare function verifyApprovalToken(token: Buffer, actionCanonical: Buffer, nowUnixSecs: bigint, seenNonces: Array<Buffer>, requiredScope: string, requiredDecision: string, registeredKeysB64: Array<string>): ApprovalTokenClaims
+/**
+ * Verify a delegation envelope and its human co-sign. Throws a napi Error with a
+ * `[CODE]` prefix on failure (mirrors `verifyApprovalToken`).
+ *
+ * `wire`                — raw delegation envelope bytes (Buffer)
+ * `registered_operator_key` — the org-registered operator public key (raw 32-byte Buffer)
+ * `action_hash`         — the raw 32-byte BLAKE3 action digest being authorized (Buffer)
+ * `approval_token`      — the human co-sign bearer token presented by K (Buffer)
+ * `required_scope`      — the required scope string
+ * `required_decision`   — the verdict the co-sign must carry ("approved"/"rejected"),
+ *                         NON-DEFAULTED (same SEC-02 binding as the approver path)
+ * `now_unix_secs`       — current time as BigInt Unix seconds
+ */
+export declare function verifyDelegation(wire: Buffer, registeredOperatorKey: Buffer, actionHash: Buffer, approvalToken: Buffer, requiredScope: string, requiredDecision: string, nowUnixSecs: bigint): VerifiedDelegation
+/**
+ * Verify an ordered array of ActionReceipts as a tamper-evident chain.
+ * Input: array of Buffers (one per receipt) OR a JSON string of an array.
+ */
+export declare function verifyChain(receiptsBytes: Array<Buffer> | string): ChainResult
+/** Verify a session chain (lifecycle role + transition checks). */
+export declare function verifySessionChainJs(receiptsBytes: Array<Buffer> | string): ChainResult
+/**
+ * Verify a session chain with key-rotation as-of-position enforcement.
+ * `producer_key` is the base64 genesis producer key (TOFU pin).
+ * `decision_key` is the optional base64 genesis decision key.
+ */
+export declare function verifySessionChainWithRotationJs(receiptsBytes: Array<Buffer> | string, producerKey: string, decisionKey?: string | undefined | null): ChainResult
+/**
+ * RFC-6962 inclusion proof verification (SHA-256 Merkle tree).
+ * `leaf_value_hex` is the 64-hex `action_hash`; raw bytes are the leaf value.
+ * `proof_hashes` is an array of 64-hex SHA-256 sibling hashes.
+ * `root_hex` is the 64-hex SHA-256 tree root.
+ */
+export declare function verifyInclusionJs(leafValueHex: string, index: number, size: number, rootHex: string, proofHashes: Array<string>): boolean
+/** RFC-6962 consistency proof verification. */
+export declare function verifyConsistencyJs(oldSize: number, oldRootHex: string, newSize: number, newRootHex: string, proofHashes: Array<string>): boolean
+/**
+ * Verify a BLAKE3 audit chain from its raw JSONL bytes (Buffer or string).
+ * Returns true if every link hashes correctly, false on any break.
+ */
+export declare function verifyAuditChain(bytes: Buffer | string): boolean
+/** Return the hex hash of the embedded taxonomy (golden: 9f3bbaaf…). */
+export declare function taxonomyHash(): string
+/** Destructively redact fields and return the modified fields JSON. */
+export declare function redactDestructiveJs(fieldsJson: string, fieldPaths: Array<string>): string
+/**
+ * Commit-and-reveal redaction.
+ * `salts` is an array of 32-byte Buffers (one per field, in order).
+ */
+export declare function redactCommitJs(fieldsJson: string, fieldPaths: Array<string>, salts: Array<Buffer>): RedactCommitResult
+/**
+ * Construct an OperatorKey from a 32-byte seed (OsRng-free, deterministic).
+ * The preferred/documented entry point.
+ */
+export declare function keyFromSeed(seed: Buffer): OperatorKey
+/**
+ * Generate a fresh random OperatorKey using OS entropy (native-only).
+ * Do NOT call from any wasm-reachable path.
+ */
+export declare function generateKey(): OperatorKey
+/**
+ * BLAKE3 (64-hex) of arbitrary bytes — the result-hash primitive the Node SDK
+ * binds a tool result under, keeping "zero crypto in TS" (Node's crypto has no
+ * BLAKE3). Always available (no OsRng); the JS-side `recordResult` calls this.
+ */
+export declare function blake3Hex(data: Buffer | Uint8Array | string): string
+/**
+ * Process an action through the compliance pipeline (in-process, no subprocess).
+ *
+ * `process_input_json`: JSON-encoded `ProcessInput` (Buffer, Uint8Array, or string).
+ * `project_root`: path to the project root holding `heso.toml` and `heso-local-data/`
+ * (operator key, audit log, approval queue) — the same layout the PyO3 wheel reads.
+ *
+ * Returns JSON-encoded `ProcessOutput` bytes, tagged on `status`
+ * (`allowed`/`blocked`/`suspended`). Only available with the `process` feature.
+ *
+ * Named `process_action` (JS `processAction`) — NOT `process` — because a napi
+ * export named `process` shadows Node's global `process` in the generated loader.
+ */
+export declare function processAction(processInputJson: Buffer | Uint8Array | string, projectRoot: string): Buffer
+/**
+ * Assemble a complete L1 ActionReceipt from a suspended L0 body and an approver's
+ * detached co-signature, operator-signing locally with the project's key.
+ *
+ * MANDATORY-1 is enforced in-core: the loaded operator key MUST equal the
+ * suspended body's `agent_identity`, else `assemble_l1_from_parts` fails closed
+ * with `OperatorKeyMismatch`. After assembly the receipt is verified locally and
+ * returned ONLY if it opens `Valid(L1)`; any other verdict is surfaced as an
+ * error rather than handing back a receipt the offline verifier would reject.
+ *
+ * Returns the serialized ActionReceipt JSON bytes. Only available with `process`
+ * (loads a key from the filesystem; never wasm-reachable).
+ */
+export declare function assembleL1FromParts(suspendedContentJson: string, approverRecordJson: string, approverPubkeyB64: string, coSigB64: string, projectRoot: string, keyPassphrase?: string | undefined | null, relayedAnchorJson?: string | undefined | null): Buffer
+/**
+ * Assemble a complete multi-approver k-of-n QUORUM ActionReceipt from a suspended
+ * L0 body, the gate's `threshold` + `roster`, and the per-approver detached
+ * co-signatures — operator-signing locally with the project's key. The result
+ * derives and embeds `L1` WITH a `multi_approval` block (a quorum is not a higher
+ * level than single-approver L1).
+ *
+ * MANDATORY-1 is enforced in-core: the loaded operator key MUST equal the
+ * suspended body's `agent_identity`, else assembly fails closed with
+ * `OperatorKeyMismatch` (surfaced as the discriminable `[OperatorKeyMismatch]`
+ * prefix the SDK's key-rotation catch keys on). After assembly the receipt is
+ * verified locally and returned ONLY if it opens `Valid(L1)` with a quorum block;
+ * any other verdict is surfaced as an error rather than handing back a receipt the
+ * offline verifier would reject.
+ *
+ * `parts_json` is a JSON array of `{ record, approverPubkeyB64, coSigB64 }`
+ * objects. `roster_json` is a JSON array of base64 approver public keys.
+ *
+ * Returns the serialized ActionReceipt JSON bytes. Only available with `process`
+ * (loads a key from the filesystem; never wasm-reachable).
+ */
+export declare function assembleQuorumFromParts(suspendedContentJson: string, threshold: number, rosterJson: string, partsJson: string, projectRoot: string, keyPassphrase?: string | undefined | null): Buffer
+/** A loaded operator key, exposing just the public-key surface. */
+export declare class OperatorKey {
+  /** Return the base64 standard-alphabet public key. */
+  publicKeyB64(): string
+}

package/index.js

@@ -0,0 +1,341 @@
+/* tslint:disable */
+/* eslint-disable */
+/* prettier-ignore */
+
+/* auto-generated by NAPI-RS */
+
+const { existsSync, readFileSync } = require('fs')
+const { join } = require('path')
+
+const { platform, arch } = process
+
+let nativeBinding = null
+let localFileExisted = false
+let loadError = null
+
+function isMusl() {
+  // For Node 10
+  if (!process.report || typeof process.report.getReport !== 'function') {
+    try {
+      const lddPath = require('child_process').execSync('which ldd').toString().trim()
+      return readFileSync(lddPath, 'utf8').includes('musl')
+    } catch (e) {
+      return true
+    }
+  } else {
+    const { glibcVersionRuntime } = process.report.getReport().header
+    return !glibcVersionRuntime
+  }
+}
+
+switch (platform) {
+  case 'android':
+    switch (arch) {
+      case 'arm64':
+        localFileExisted = existsSync(join(__dirname, 'heso-node.android-arm64.node'))
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./heso-node.android-arm64.node')
+          } else {
+            nativeBinding = require('@hesohq/node-android-arm64')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'arm':
+        localFileExisted = existsSync(join(__dirname, 'heso-node.android-arm-eabi.node'))
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./heso-node.android-arm-eabi.node')
+          } else {
+            nativeBinding = require('@hesohq/node-android-arm-eabi')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      default:
+        throw new Error(`Unsupported architecture on Android ${arch}`)
+    }
+    break
+  case 'win32':
+    switch (arch) {
+      case 'x64':
+        localFileExisted = existsSync(
+          join(__dirname, 'heso-node.win32-x64-msvc.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./heso-node.win32-x64-msvc.node')
+          } else {
+            nativeBinding = require('@hesohq/node-win32-x64-msvc')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'ia32':
+        localFileExisted = existsSync(
+          join(__dirname, 'heso-node.win32-ia32-msvc.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./heso-node.win32-ia32-msvc.node')
+          } else {
+            nativeBinding = require('@hesohq/node-win32-ia32-msvc')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'arm64':
+        localFileExisted = existsSync(
+          join(__dirname, 'heso-node.win32-arm64-msvc.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./heso-node.win32-arm64-msvc.node')
+          } else {
+            nativeBinding = require('@hesohq/node-win32-arm64-msvc')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      default:
+        throw new Error(`Unsupported architecture on Windows: ${arch}`)
+    }
+    break
+  case 'darwin':
+    localFileExisted = existsSync(join(__dirname, 'heso-node.darwin-universal.node'))
+    try {
+      if (localFileExisted) {
+        nativeBinding = require('./heso-node.darwin-universal.node')
+      } else {
+        nativeBinding = require('@hesohq/node-darwin-universal')
+      }
+      break
+    } catch {}
+    switch (arch) {
+      case 'x64':
+        localFileExisted = existsSync(join(__dirname, 'heso-node.darwin-x64.node'))
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./heso-node.darwin-x64.node')
+          } else {
+            nativeBinding = require('@hesohq/node-darwin-x64')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'arm64':
+        localFileExisted = existsSync(
+          join(__dirname, 'heso-node.darwin-arm64.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./heso-node.darwin-arm64.node')
+          } else {
+            nativeBinding = require('@hesohq/node-darwin-arm64')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      default:
+        throw new Error(`Unsupported architecture on macOS: ${arch}`)
+    }
+    break
+  case 'freebsd':
+    if (arch !== 'x64') {
+      throw new Error(`Unsupported architecture on FreeBSD: ${arch}`)
+    }
+    localFileExisted = existsSync(join(__dirname, 'heso-node.freebsd-x64.node'))
+    try {
+      if (localFileExisted) {
+        nativeBinding = require('./heso-node.freebsd-x64.node')
+      } else {
+        nativeBinding = require('@hesohq/node-freebsd-x64')
+      }
+    } catch (e) {
+      loadError = e
+    }
+    break
+  case 'linux':
+    switch (arch) {
+      case 'x64':
+        if (isMusl()) {
+          localFileExisted = existsSync(
+            join(__dirname, 'heso-node.linux-x64-musl.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./heso-node.linux-x64-musl.node')
+            } else {
+              nativeBinding = require('@hesohq/node-linux-x64-musl')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        } else {
+          localFileExisted = existsSync(
+            join(__dirname, 'heso-node.linux-x64-gnu.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./heso-node.linux-x64-gnu.node')
+            } else {
+              nativeBinding = require('@hesohq/node-linux-x64-gnu')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        }
+        break
+      case 'arm64':
+        if (isMusl()) {
+          localFileExisted = existsSync(
+            join(__dirname, 'heso-node.linux-arm64-musl.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./heso-node.linux-arm64-musl.node')
+            } else {
+              nativeBinding = require('@hesohq/node-linux-arm64-musl')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        } else {
+          localFileExisted = existsSync(
+            join(__dirname, 'heso-node.linux-arm64-gnu.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./heso-node.linux-arm64-gnu.node')
+            } else {
+              nativeBinding = require('@hesohq/node-linux-arm64-gnu')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        }
+        break
+      case 'arm':
+        if (isMusl()) {
+          localFileExisted = existsSync(
+            join(__dirname, 'heso-node.linux-arm-musleabihf.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./heso-node.linux-arm-musleabihf.node')
+            } else {
+              nativeBinding = require('@hesohq/node-linux-arm-musleabihf')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        } else {
+          localFileExisted = existsSync(
+            join(__dirname, 'heso-node.linux-arm-gnueabihf.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./heso-node.linux-arm-gnueabihf.node')
+            } else {
+              nativeBinding = require('@hesohq/node-linux-arm-gnueabihf')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        }
+        break
+      case 'riscv64':
+        if (isMusl()) {
+          localFileExisted = existsSync(
+            join(__dirname, 'heso-node.linux-riscv64-musl.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./heso-node.linux-riscv64-musl.node')
+            } else {
+              nativeBinding = require('@hesohq/node-linux-riscv64-musl')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        } else {
+          localFileExisted = existsSync(
+            join(__dirname, 'heso-node.linux-riscv64-gnu.node')
+          )
+          try {
+            if (localFileExisted) {
+              nativeBinding = require('./heso-node.linux-riscv64-gnu.node')
+            } else {
+              nativeBinding = require('@hesohq/node-linux-riscv64-gnu')
+            }
+          } catch (e) {
+            loadError = e
+          }
+        }
+        break
+      case 's390x':
+        localFileExisted = existsSync(
+          join(__dirname, 'heso-node.linux-s390x-gnu.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./heso-node.linux-s390x-gnu.node')
+          } else {
+            nativeBinding = require('@hesohq/node-linux-s390x-gnu')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      default:
+        throw new Error(`Unsupported architecture on Linux: ${arch}`)
+    }
+    break
+  default:
+    throw new Error(`Unsupported OS: ${platform}, architecture: ${arch}`)
+}
+
+if (!nativeBinding) {
+  if (loadError) {
+    throw loadError
+  }
+  throw new Error(`Failed to load native binding`)
+}
+
+const { OperatorKey, verify, verifyWithTime, verifyRederiving, actionCanonicalBytesJs, l1ContentCanonicalBytesJs, contentHash, anchoredContentHashJs, shortHash, chainHashHex, verifyApprovalToken, verifyDelegation, verifyChain, verifySessionChainJs, verifySessionChainWithRotationJs, verifyInclusionJs, verifyConsistencyJs, verifyAuditChain, taxonomyHash, redactDestructiveJs, redactCommitJs, keyFromSeed, generateKey, blake3Hex, processAction, assembleL1FromParts, assembleQuorumFromParts } = nativeBinding
+
+module.exports.OperatorKey = OperatorKey
+module.exports.verify = verify
+module.exports.verifyWithTime = verifyWithTime
+module.exports.verifyRederiving = verifyRederiving
+module.exports.actionCanonicalBytesJs = actionCanonicalBytesJs
+module.exports.l1ContentCanonicalBytesJs = l1ContentCanonicalBytesJs
+module.exports.contentHash = contentHash
+module.exports.anchoredContentHashJs = anchoredContentHashJs
+module.exports.shortHash = shortHash
+module.exports.chainHashHex = chainHashHex
+module.exports.verifyApprovalToken = verifyApprovalToken
+module.exports.verifyDelegation = verifyDelegation
+module.exports.verifyChain = verifyChain
+module.exports.verifySessionChainJs = verifySessionChainJs
+module.exports.verifySessionChainWithRotationJs = verifySessionChainWithRotationJs
+module.exports.verifyInclusionJs = verifyInclusionJs
+module.exports.verifyConsistencyJs = verifyConsistencyJs
+module.exports.verifyAuditChain = verifyAuditChain
+module.exports.taxonomyHash = taxonomyHash
+module.exports.redactDestructiveJs = redactDestructiveJs
+module.exports.redactCommitJs = redactCommitJs
+module.exports.keyFromSeed = keyFromSeed
+module.exports.generateKey = generateKey
+module.exports.blake3Hex = blake3Hex
+module.exports.processAction = processAction
+module.exports.assembleL1FromParts = assembleL1FromParts
+module.exports.assembleQuorumFromParts = assembleQuorumFromParts

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@hesohq/node",
+  "version": "0.1.2-dev.21",
+  "description": "napi-rs native Node.js addon for the HESO Enterprise trust layer",
+  "main": "index.js",
+  "types": "index.d.ts",
+  "napi": {
+    "name": "heso-node",
+    "triples": {
+      "defaults": true,
+      "additional": [
+        "aarch64-apple-darwin",
+        "aarch64-unknown-linux-gnu"
+      ]
+    }
+  },
+  "files": [
+    "index.js",
+    "index.d.ts"
+  ],
+  "scripts": {
+    "build": "napi build --platform --release --features process --cargo-cwd ../../crates/heso-node .",
+    "build:debug": "napi build --platform --features process --cargo-cwd ../../crates/heso-node .",
+    "test": "node --test \"__tests__/**/*.test.mjs\""
+  },
+  "devDependencies": {
+    "@napi-rs/cli": "^2.18.4"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "license": "LicenseRef-Proprietary",
+  "optionalDependencies": {
+    "@hesohq/node-darwin-arm64": "0.1.2-dev.21",
+    "@hesohq/node-darwin-x64": "0.1.2-dev.21",
+    "@hesohq/node-linux-arm64-gnu": "0.1.2-dev.21",
+    "@hesohq/node-linux-x64-gnu": "0.1.2-dev.21",
+    "@hesohq/node-win32-x64-msvc": "0.1.2-dev.21"
+  }
+}