@hesohq/verify-wasm 0.1.0-dev.2

package/heso_wasm.d.ts

@@ -0,0 +1,353 @@
+/* tslint:disable */
+/* eslint-disable */
+
+/**
+ * The verdict returned by all single-receipt verify functions.
+ */
+export class ActionVerdict {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * The re-derived trust level: `"L0"` or `"L1"`.
+     * Only meaningful when `verdict == "Valid"`.
+     */
+    trust_level: string;
+    /**
+     * One of the `ActionOutcome` variant names as a string. "Valid" on success;
+     * "WrongAlgorithm:…", "HashMismatch", "InvalidSignature:…", etc. on failure.
+     */
+    verdict: string;
+}
+
+/**
+ * Decoded claims from a verified approval token.
+ */
+export class ApprovalTokenClaims {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Base64-encoded Ed25519 public key of the approver.
+     */
+    approver_public_key: string;
+    /**
+     * Expiry as Unix seconds (`BigInt`).
+     */
+    expiry_unix_secs: bigint;
+    /**
+     * The 32-byte random nonce as a `Uint8Array`.
+     */
+    nonce: Uint8Array;
+    /**
+     * The scope string encoded in the token.
+     */
+    scope: string;
+}
+
+/**
+ * The result of verifying a chain of `ActionReceipt`s.
+ */
+export class ChainResult {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Human-readable detail. Only set when `ok == false`.
+     */
+    get detail(): string | undefined;
+    /**
+     * Human-readable detail. Only set when `ok == false`.
+     */
+    set detail(value: string | null | undefined);
+    /**
+     * Error kind string. Only set when `ok == false`.
+     */
+    get error(): string | undefined;
+    /**
+     * Error kind string. Only set when `ok == false`.
+     */
+    set error(value: string | null | undefined);
+    /**
+     * Number of receipts verified. Only set when `ok == true`.
+     */
+    get length(): number | undefined;
+    /**
+     * Number of receipts verified. Only set when `ok == true`.
+     */
+    set length(value: number | null | undefined);
+    /**
+     * `true` when every link verified.
+     */
+    ok: boolean;
+    /**
+     * The `seq` at which the error occurred. Only set when `ok == false`.
+     */
+    get seq(): number | undefined;
+    /**
+     * The `seq` at which the error occurred. Only set when `ok == false`.
+     */
+    set seq(value: number | null | undefined);
+}
+
+/**
+ * The verified, decoded result of a delegation envelope.
+ */
+export class VerifiedDelegation {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * The authorized key `K` (raw 32-byte Ed25519 public key) as a `Uint8Array`.
+     */
+    authorized_key: Uint8Array;
+    /**
+     * The envelope's expiry as Unix seconds (`BigInt`).
+     */
+    expiry_unix_secs: bigint;
+    /**
+     * The envelope's not_before as Unix seconds (`BigInt`).
+     */
+    not_before_unix_secs: bigint;
+    /**
+     * The scope the delegated authority was bound to.
+     */
+    scope: string;
+    /**
+     * The subject string the operator stamped onto the delegation.
+     */
+    sub: string;
+}
+
+/**
+ * Return the RFC-8785 (JCS) canonical bytes of an `ActionContent` JSON string,
+ * with `action_hash` stripped. The shared canonicalizer — the browser MUST
+ * call this rather than any hand-rolled JCS implementation to avoid drift.
+ */
+export function actionCanonicalBytes(content_json: string): Uint8Array;
+
+/**
+ * Pre-anchor BLAKE3 hash (excludes `time_anchor` from the canonical bytes).
+ * Replaces `@noble/hashes` blake3 usage in `crypto.ts`.
+ */
+export function anchoredContentHash(content_json: string): string;
+
+/**
+ * Compute a domain-separated BLAKE3 chain-link digest from two 64-hex hashes.
+ * Replaces the `@noble`-backed chain helper in `crypto.ts`.
+ */
+export function chainHashHex(prev_hex: string, action_hex: string): string;
+
+/**
+ * BLAKE3 (64-hex) of the canonical bytes — the value that goes into
+ * `action_hash`. Replaces `@noble/hashes` blake3 usage in `crypto.ts`.
+ */
+export function contentHash(content_json: string): string;
+
+/**
+ * Parse + validate policy TOML, running the load-time dangerous-lane floor check.
+ * Throws a `[PARSE]` or `[FLOOR_BYPASS]` `JsError` on failure; returns nothing on
+ * success. The web calls this before deploy so a floor-bypassing policy is caught
+ * in the browser with the exact engine reason, not bounced by the backend.
+ */
+export function parsePolicy(toml_src: string): void;
+
+/**
+ * Parse + validate policy TOML and return the rules as a JSON array of
+ * [`PolicyRule`] (the Rust wire shape) so the web renders a pulled policy via the
+ * REAL parser — no JS TOML library, no JS re-implementation of the parse (which
+ * today splits on the wrong marker and drops all conditions). Throws the same
+ * `[PARSE]` / `[FLOOR_BYPASS]` errors as `parsePolicy`. Empty TOML yields `[]`.
+ */
+export function policyRulesFromToml(toml_src: string): string;
+
+/**
+ * Render a single rule (JSON [`PolicyRule`]) into the canonical English sentence
+ * — the SAME `rule_display` stamped on signed receipts. Replaces the drifting JS
+ * renderer so the in-UI preview is byte-identical to the audit string.
+ */
+export function ruleToSentence(rule_json: string): string;
+
+/**
+ * Return a short display form of a 64-hex BLAKE3 hash: `{prefix}:{first8}`.
+ * Replaces the `@noble`-backed display helper in `crypto.ts`.
+ */
+export function shortHash(hex: string, prefix?: string | null): string;
+
+/**
+ * Floor pre-check over a candidate ruleset (JSON array of [`PolicyRule`]) WITHOUT
+ * serializing to TOML — the live check the builder runs as the user edits.
+ * Throws a `[FLOOR_BYPASS]` `JsError` (carrying the offending rule id + verb) when
+ * a rule would allow-without-approval a dangerous lane; returns nothing when the
+ * policy only tightens.
+ */
+export function validateNoFloorBypass(rules_json: string): void;
+
+/**
+ * Verify a single `ActionReceipt` from its raw JSON bytes (`Uint8Array`) or a
+ * JSON string.
+ *
+ * Never panics — structural failures return an `ActionVerdict` with
+ * `verdict = "Malformed:…"`. This is the browser replacement for the
+ * `verifyReceipt` function in `crypto.ts`, backed by the identical Rust
+ * JCS + BLAKE3 + Ed25519 path so Node and browser get byte-identical results.
+ */
+export function verifyActionReceipt(receipt_bytes: Uint8Array): ActionVerdict;
+
+/**
+ * Verify a serialized approval token and return its decoded claims.
+ *
+ * Pure verify (Ed25519 `verify_strict` via heso-verify), no OsRng — wasm-safe.
+ * Throws a `JsError` with a stable `[CODE]` prefix per `ApprovalTokenError`
+ * variant, matching the napi surface.
+ *
+ * `token`             — raw token bytes (Uint8Array)
+ * `action_canonical`  — the action's canonical bytes (from `actionCanonicalBytes`)
+ * `now_unix_secs`     — current time as BigInt Unix seconds
+ * `seen_nonces`       — array of already-seen 32-byte nonces (Uint8Array each)
+ * `required_scope`    — the required scope string
+ * `registered_keys_b64` — array of base64 Ed25519 public keys on the allowlist
+ */
+export function verifyApprovalToken(token: Uint8Array, action_canonical: Uint8Array, now_unix_secs: bigint, seen_nonces: Array<any>, required_scope: string, registered_keys_b64: Array<any>): ApprovalTokenClaims;
+
+/**
+ * Verify an ordered array of `ActionReceipt`s as a tamper-evident chain.
+ *
+ * Input: raw bytes of a JSON array of receipts (`Uint8Array` or similar).
+ */
+export function verifyChain(receipts_bytes: Uint8Array): ChainResult;
+
+/**
+ * RFC-6962 consistency proof verification.
+ *
+ * Returns `true` iff the proof proves the new tree is an append-only extension.
+ */
+export function verifyConsistency(old_size: number, old_root_hex: string, new_size: number, new_root_hex: string, proof_hashes_json: string): boolean;
+
+/**
+ * Verify a serialized delegation envelope and its human co-sign.
+ *
+ * Pure verify (Ed25519 `verify_strict` via heso-verify), no OsRng — wasm-safe.
+ * Throws a `JsError` with a stable `[CODE]` prefix per `DelegationError` variant,
+ * matching the napi surface.
+ *
+ * `wire`                    — raw delegation envelope bytes (Uint8Array)
+ * `registered_operator_key` — the org-registered operator public key (raw 32 bytes)
+ * `action_hash`             — the raw 32-byte BLAKE3 action digest being authorized
+ * `approval_token`          — the human co-sign bearer token presented by K
+ * `required_scope`          — the required scope string
+ * `now_unix_secs`           — current time as BigInt Unix seconds
+ */
+export function verifyDelegation(wire: Uint8Array, registered_operator_key: Uint8Array, action_hash: Uint8Array, approval_token: Uint8Array, required_scope: string, now_unix_secs: bigint): VerifiedDelegation;
+
+/**
+ * RFC-6962 inclusion proof verification (SHA-256 Merkle tree).
+ *
+ * `leaf_value_hex`  — the 64-hex `action_hash`; raw bytes are the leaf value.
+ * `proof_hashes`    — array of 64-hex SHA-256 sibling hashes (space-separated
+ *                     OR JSON array string).
+ * `root_hex`        — 64-hex SHA-256 tree root.
+ *
+ * Returns `true` iff the proof verifies.
+ */
+export function verifyInclusion(leaf_value_hex: string, index: number, size: number, root_hex: string, proof_hashes_json: string): boolean;
+
+/**
+ * Verify a session chain (lifecycle role + transition checks).
+ */
+export function verifySessionChain(receipts_bytes: Uint8Array): ChainResult;
+
+/**
+ * Verify a session chain with key-rotation as-of-position enforcement.
+ *
+ * `producer_key` — base64 genesis producer key (TOFU pin).
+ * `decision_key` — optional base64 genesis decision key.
+ */
+export function verifySessionChainWithRotation(receipts_bytes: Uint8Array, producer_key: string, decision_key?: string | null): ChainResult;
+
+export type InitInput = RequestInfo | URL | Response | BufferSource | WebAssembly.Module;
+
+export interface InitOutput {
+    readonly memory: WebAssembly.Memory;
+    readonly __wbg_actionverdict_free: (a: number, b: number) => void;
+    readonly __wbg_get_actionverdict_verdict: (a: number) => [number, number];
+    readonly __wbg_set_actionverdict_verdict: (a: number, b: number, c: number) => void;
+    readonly __wbg_get_actionverdict_trust_level: (a: number) => [number, number];
+    readonly __wbg_set_actionverdict_trust_level: (a: number, b: number, c: number) => void;
+    readonly __wbg_chainresult_free: (a: number, b: number) => void;
+    readonly __wbg_get_chainresult_ok: (a: number) => number;
+    readonly __wbg_set_chainresult_ok: (a: number, b: number) => void;
+    readonly __wbg_get_chainresult_length: (a: number) => number;
+    readonly __wbg_set_chainresult_length: (a: number, b: number) => void;
+    readonly __wbg_get_chainresult_error: (a: number) => [number, number];
+    readonly __wbg_set_chainresult_error: (a: number, b: number, c: number) => void;
+    readonly __wbg_get_chainresult_seq: (a: number) => number;
+    readonly __wbg_set_chainresult_seq: (a: number, b: number) => void;
+    readonly __wbg_get_chainresult_detail: (a: number) => [number, number];
+    readonly __wbg_set_chainresult_detail: (a: number, b: number, c: number) => void;
+    readonly __wbg_approvaltokenclaims_free: (a: number, b: number) => void;
+    readonly __wbg_get_approvaltokenclaims_nonce: (a: number) => any;
+    readonly __wbg_set_approvaltokenclaims_nonce: (a: number, b: any) => void;
+    readonly __wbg_get_approvaltokenclaims_expiry_unix_secs: (a: number) => any;
+    readonly __wbg_set_approvaltokenclaims_expiry_unix_secs: (a: number, b: any) => void;
+    readonly __wbg_get_approvaltokenclaims_scope: (a: number) => [number, number];
+    readonly __wbg_get_approvaltokenclaims_approver_public_key: (a: number) => [number, number];
+    readonly __wbg_verifieddelegation_free: (a: number, b: number) => void;
+    readonly __wbg_get_verifieddelegation_sub: (a: number) => [number, number];
+    readonly __wbg_get_verifieddelegation_scope: (a: number) => [number, number];
+    readonly __wbg_get_verifieddelegation_not_before_unix_secs: (a: number) => any;
+    readonly __wbg_set_verifieddelegation_not_before_unix_secs: (a: number, b: any) => void;
+    readonly verifyActionReceipt: (a: number, b: number) => number;
+    readonly actionCanonicalBytes: (a: number, b: number) => [number, number, number];
+    readonly contentHash: (a: number, b: number) => [number, number, number, number];
+    readonly anchoredContentHash: (a: number, b: number) => [number, number, number, number];
+    readonly shortHash: (a: number, b: number, c: number, d: number) => [number, number, number, number];
+    readonly chainHashHex: (a: number, b: number, c: number, d: number) => [number, number, number, number];
+    readonly verifyApprovalToken: (a: number, b: number, c: number, d: number, e: any, f: any, g: number, h: number, i: any) => [number, number, number];
+    readonly verifyDelegation: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number, i: number, j: number, k: any) => [number, number, number];
+    readonly verifyChain: (a: number, b: number) => [number, number, number];
+    readonly verifySessionChain: (a: number, b: number) => [number, number, number];
+    readonly verifySessionChainWithRotation: (a: number, b: number, c: number, d: number, e: number, f: number) => [number, number, number];
+    readonly verifyInclusion: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number) => [number, number, number];
+    readonly verifyConsistency: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number) => [number, number, number];
+    readonly parsePolicy: (a: number, b: number) => [number, number];
+    readonly ruleToSentence: (a: number, b: number) => [number, number, number, number];
+    readonly policyRulesFromToml: (a: number, b: number) => [number, number, number, number];
+    readonly validateNoFloorBypass: (a: number, b: number) => [number, number];
+    readonly __wbg_set_verifieddelegation_authorized_key: (a: number, b: any) => void;
+    readonly __wbg_set_verifieddelegation_expiry_unix_secs: (a: number, b: any) => void;
+    readonly __wbg_get_verifieddelegation_authorized_key: (a: number) => any;
+    readonly __wbg_get_verifieddelegation_expiry_unix_secs: (a: number) => any;
+    readonly __wbg_set_approvaltokenclaims_scope: (a: number, b: number, c: number) => void;
+    readonly __wbg_set_approvaltokenclaims_approver_public_key: (a: number, b: number, c: number) => void;
+    readonly __wbg_set_verifieddelegation_sub: (a: number, b: number, c: number) => void;
+    readonly __wbg_set_verifieddelegation_scope: (a: number, b: number, c: number) => void;
+    readonly __wbindgen_malloc: (a: number, b: number) => number;
+    readonly __wbindgen_realloc: (a: number, b: number, c: number, d: number) => number;
+    readonly __wbindgen_externrefs: WebAssembly.Table;
+    readonly __externref_table_dealloc: (a: number) => void;
+    readonly __wbindgen_free: (a: number, b: number, c: number) => void;
+    readonly __wbindgen_start: () => void;
+}
+
+export type SyncInitInput = BufferSource | WebAssembly.Module;
+
+/**
+ * Instantiates the given `module`, which can either be bytes or
+ * a precompiled `WebAssembly.Module`.
+ *
+ * @param {{ module: SyncInitInput }} module - Passing `SyncInitInput` directly is deprecated.
+ *
+ * @returns {InitOutput}
+ */
+export function initSync(module: { module: SyncInitInput } | SyncInitInput): InitOutput;
+
+/**
+ * If `module_or_path` is {RequestInfo} or {URL}, makes a request and
+ * for everything else, calls `WebAssembly.instantiate` directly.
+ *
+ * @param {{ module_or_path: InitInput | Promise<InitInput> }} module_or_path - Passing `InitInput` directly is deprecated.
+ *
+ * @returns {Promise<InitOutput>}
+ */
+export default function __wbg_init (module_or_path?: { module_or_path: InitInput | Promise<InitInput> } | InitInput | Promise<InitInput>): Promise<InitOutput>;