@hesohq/verify-wasm 0.5.1-dev.136 → 0.5.1-dev.138

package/heso_wasm.d.ts

@@ -326,6 +326,50 @@ export class MetricsVerdict {
     verdict: string;
 }
 
+/**
+ * The transparency-aware verdict: the base offline outcome PLUS the honest
+ * witness status. `witnessed`/`witness_count`/`witness_status` are DERIVED from
+ * the verifier's [`WitnessStatus`], never inferred from a bare green:
+ *
+ * - No `transparency[]`, an empty `cosignatures[]`, or no pinned witness keys ⇒
+ *   `witnessed = false`, `witness_count = 0`, `witness_status = "NotWitnessed"`.
+ *   A valid-but-unwitnessed receipt is honestly reported as such, NEVER as a
+ *   green "witnessed".
+ * - At least one distinct, pinned witness cosignature verified ⇒
+ *   `witnessed = true`, `witness_count = <distinct>`, `witness_status =
+ *   "Witnessed"`.
+ * - A demanded quorum (`minWitnesses > 0`) that is not met makes `verdict` the
+ *   `"WitnessQuorumNotMet:have=…,need=…"` tag and leaves `witness_status =
+ *   "NotWitnessed"` (fail closed — the quorum is a relying-party policy).
+ */
+export class TransparencyVerdict {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * The re-derived trust level (`"L0"`/`"L1"`); `""` unless `verdict == "Valid"`.
+     */
+    trust_level: string;
+    /**
+     * The base `ActionOutcome` verdict tag (`"Valid"`, `"HashMismatch"`,
+     * `"TransparencyUnverifiable:…"`, `"WitnessQuorumNotMet:have=…,need=…"`, …).
+     */
+    verdict: string;
+    /**
+     * The count of DISTINCT verified witness cosignatures (the minimum across the
+     * receipt's proofs). `0` when `witnessed == false`.
+     */
+    witness_count: number;
+    /**
+     * The honest witness line: `"Witnessed"` or `"NotWitnessed"`.
+     */
+    witness_status: string;
+    /**
+     * `true` iff at least one distinct, pinned witness cosignature verified.
+     */
+    witnessed: boolean;
+}
+
 /**
  * The verified, decoded result of a delegation envelope.
  */
@@ -607,6 +651,44 @@ export function verifyActionReceipt(receipt_bytes: Uint8Array): ActionVerdict;
  */
 export function verifyActionReceiptWithRates(receipt_bytes: Uint8Array, rate_card_json: string): MetricsVerdict;
 
+/**
+ * Verify a single `ActionReceipt` AND its transparency-log inclusion proof +
+ * witness cosignatures against the PINNED log/witness keys — the verify the
+ * public proof page runs so a third party confirms the receipt was logged AND
+ * independently witnessed, entirely offline from the frozen bytes.
+ *
+ * This calls the REAL [`open_receipt_with_transparency`] (the single source of
+ * truth shared with the CLI and the Python SDK): the base offline gate, then —
+ * for each proof in `receipt.transparency` — a two-stage RFC-6962 inclusion
+ * proof against the C2SP checkpoint note signed by `log_pubkey_b64`, then every
+ * cosignature `verify_strict`-ed over the exact checkpoint-note bytes against a
+ * pinned witness key (deduped by key to a DISTINCT count). The proofs live in
+ * the receipt's `transparency[]` block (stapled at export), so there is no
+ * separate `proofsJson` argument — passing the receipt passes its proofs.
+ *
+ * HONEST by construction (see [`TransparencyVerdict`]): absent/empty witnesses ⇒
+ * `NotWitnessed` (never a green "witnessed"); a demanded-but-unmet quorum
+ * (`min_witnesses > 0`) ⇒ the `WitnessQuorumNotMet` verdict, fail closed.
+ *
+ * `receipt_bytes`        — raw `ActionReceipt` JSON (`Uint8Array`). A
+ *                          structurally bad receipt is an honest `"Malformed:…"`
+ *                          verdict, never a throw and never a green.
+ * `log_pubkey_b64`       — the PINNED transparency-log public key (base64, raw 32
+ *                          bytes), trusted out of band (CT-style).
+ * `witness_keys_b64`     — the PINNED witness public keys (base64, raw 32 bytes);
+ *                          empty ⇒ cosignatures are not counted (`NotWitnessed`).
+ * `min_witnesses`        — the relying party's witness-QUORUM policy. `0` is
+ *                          presence-tolerant; `> 0` fails closed below quorum and
+ *                          requires at least one pinned witness key.
+ * `require_transparency` — when `true`, a receipt with no `transparency[]` fails
+ *                          closed (`"TransparencyRequired"`).
+ *
+ * Throws a `JsError` only for an UNUSABLE config input (a `log_pubkey_b64` /
+ * `witness_keys_b64` entry that is not base64 of exactly 32 bytes) — every
+ * cryptographic / quorum failure is a non-throwing verdict instead.
+ */
+export function verifyActionReceiptWithTransparency(receipt_bytes: Uint8Array, log_pubkey_b64: string, witness_keys_b64: string[], min_witnesses: number, require_transparency: boolean): TransparencyVerdict;
+
 /**
  * Verify a serialized approval token and return its decoded claims.
  *
@@ -778,6 +860,10 @@ export interface InitOutput {
     readonly __wbg_get_verifieddelegation_not_before_unix_secs: (a: number) => number;
     readonly __wbg_set_verifieddelegation_not_before_unix_secs: (a: number, b: number) => void;
     readonly verifyActionReceipt: (a: number, b: number) => number;
+    readonly __wbg_transparencyverdict_free: (a: number, b: number) => void;
+    readonly __wbg_get_transparencyverdict_witness_count: (a: number) => number;
+    readonly __wbg_set_transparencyverdict_witness_count: (a: number, b: number) => void;
+    readonly verifyActionReceiptWithTransparency: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number, i: number) => void;
     readonly actionCanonicalBytes: (a: number, b: number, c: number) => void;
     readonly l1CosignPayload: (a: number, b: number, c: number, d: number, e: number) => void;
     readonly quorumCosignPayload: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number) => void;
@@ -860,13 +946,18 @@ export interface InitOutput {
     readonly __wbg_get_cloudtrailfeedverdict_signed_log_files_json: (a: number, b: number) => void;
     readonly __wbg_set_cloudtrailfeedverdict_signed_log_files_json: (a: number, b: number, c: number) => void;
     readonly verifyCloudTrailFeed: (a: number, b: number, c: number) => void;
+    readonly __wbg_set_transparencyverdict_witnessed: (a: number, b: number) => void;
     readonly __wbg_set_approvaltokenclaims_decision: (a: number, b: number, c: number) => void;
     readonly __wbg_set_approvaltokenclaims_scope: (a: number, b: number, c: number) => void;
     readonly __wbg_set_verifieddelegation_sub: (a: number, b: number, c: number) => void;
     readonly __wbg_set_verifieddelegation_scope: (a: number, b: number, c: number) => void;
     readonly __wbg_set_commitmentverdict_verdict: (a: number, b: number, c: number) => void;
     readonly __wbg_set_commitmentverdict_signer_fpr: (a: number, b: number, c: number) => void;
+    readonly __wbg_set_transparencyverdict_verdict: (a: number, b: number, c: number) => void;
+    readonly __wbg_set_transparencyverdict_trust_level: (a: number, b: number, c: number) => void;
+    readonly __wbg_set_transparencyverdict_witness_status: (a: number, b: number, c: number) => void;
     readonly __wbg_set_cloudtrailfeedverdict_broken_at: (a: number, b: number) => void;
+    readonly __wbg_get_transparencyverdict_witnessed: (a: number) => number;
     readonly __wbg_get_cloudtrailfeedverdict_broken_at: (a: number) => number;
     readonly __wbg_commitmentverdict_free: (a: number, b: number) => void;
     readonly __wbg_get_approvaltokenclaims_decision: (a: number, b: number) => void;
@@ -875,6 +966,9 @@ export interface InitOutput {
     readonly __wbg_get_verifieddelegation_scope: (a: number, b: number) => void;
     readonly __wbg_get_commitmentverdict_verdict: (a: number, b: number) => void;
     readonly __wbg_get_commitmentverdict_signer_fpr: (a: number, b: number) => void;
+    readonly __wbg_get_transparencyverdict_verdict: (a: number, b: number) => void;
+    readonly __wbg_get_transparencyverdict_trust_level: (a: number, b: number) => void;
+    readonly __wbg_get_transparencyverdict_witness_status: (a: number, b: number) => void;
     readonly __wbindgen_export: (a: number, b: number) => number;
     readonly __wbindgen_export2: (a: number, b: number, c: number, d: number) => number;
     readonly __wbindgen_add_to_stack_pointer: (a: number) => number;

package/heso_wasm.js

@@ -1069,6 +1069,163 @@ export class MetricsVerdict {
 }
 if (Symbol.dispose) MetricsVerdict.prototype[Symbol.dispose] = MetricsVerdict.prototype.free;
 
+/**
+ * The transparency-aware verdict: the base offline outcome PLUS the honest
+ * witness status. `witnessed`/`witness_count`/`witness_status` are DERIVED from
+ * the verifier's [`WitnessStatus`], never inferred from a bare green:
+ *
+ * - No `transparency[]`, an empty `cosignatures[]`, or no pinned witness keys ⇒
+ *   `witnessed = false`, `witness_count = 0`, `witness_status = "NotWitnessed"`.
+ *   A valid-but-unwitnessed receipt is honestly reported as such, NEVER as a
+ *   green "witnessed".
+ * - At least one distinct, pinned witness cosignature verified ⇒
+ *   `witnessed = true`, `witness_count = <distinct>`, `witness_status =
+ *   "Witnessed"`.
+ * - A demanded quorum (`minWitnesses > 0`) that is not met makes `verdict` the
+ *   `"WitnessQuorumNotMet:have=…,need=…"` tag and leaves `witness_status =
+ *   "NotWitnessed"` (fail closed — the quorum is a relying-party policy).
+ */
+export class TransparencyVerdict {
+    static __wrap(ptr) {
+        const obj = Object.create(TransparencyVerdict.prototype);
+        obj.__wbg_ptr = ptr;
+        TransparencyVerdictFinalization.register(obj, obj.__wbg_ptr, obj);
+        return obj;
+    }
+    __destroy_into_raw() {
+        const ptr = this.__wbg_ptr;
+        this.__wbg_ptr = 0;
+        TransparencyVerdictFinalization.unregister(this);
+        return ptr;
+    }
+    free() {
+        const ptr = this.__destroy_into_raw();
+        wasm.__wbg_transparencyverdict_free(ptr, 0);
+    }
+    /**
+     * The re-derived trust level (`"L0"`/`"L1"`); `""` unless `verdict == "Valid"`.
+     * @returns {string}
+     */
+    get trust_level() {
+        let deferred1_0;
+        let deferred1_1;
+        try {
+            const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+            wasm.__wbg_get_transparencyverdict_trust_level(retptr, this.__wbg_ptr);
+            var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+            var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+            deferred1_0 = r0;
+            deferred1_1 = r1;
+            return getStringFromWasm0(r0, r1);
+        } finally {
+            wasm.__wbindgen_add_to_stack_pointer(16);
+            wasm.__wbindgen_export3(deferred1_0, deferred1_1, 1);
+        }
+    }
+    /**
+     * The base `ActionOutcome` verdict tag (`"Valid"`, `"HashMismatch"`,
+     * `"TransparencyUnverifiable:…"`, `"WitnessQuorumNotMet:have=…,need=…"`, …).
+     * @returns {string}
+     */
+    get verdict() {
+        let deferred1_0;
+        let deferred1_1;
+        try {
+            const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+            wasm.__wbg_get_transparencyverdict_verdict(retptr, this.__wbg_ptr);
+            var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+            var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+            deferred1_0 = r0;
+            deferred1_1 = r1;
+            return getStringFromWasm0(r0, r1);
+        } finally {
+            wasm.__wbindgen_add_to_stack_pointer(16);
+            wasm.__wbindgen_export3(deferred1_0, deferred1_1, 1);
+        }
+    }
+    /**
+     * The count of DISTINCT verified witness cosignatures (the minimum across the
+     * receipt's proofs). `0` when `witnessed == false`.
+     * @returns {number}
+     */
+    get witness_count() {
+        const ret = wasm.__wbg_get_transparencyverdict_witness_count(this.__wbg_ptr);
+        return ret >>> 0;
+    }
+    /**
+     * The honest witness line: `"Witnessed"` or `"NotWitnessed"`.
+     * @returns {string}
+     */
+    get witness_status() {
+        let deferred1_0;
+        let deferred1_1;
+        try {
+            const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+            wasm.__wbg_get_transparencyverdict_witness_status(retptr, this.__wbg_ptr);
+            var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+            var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+            deferred1_0 = r0;
+            deferred1_1 = r1;
+            return getStringFromWasm0(r0, r1);
+        } finally {
+            wasm.__wbindgen_add_to_stack_pointer(16);
+            wasm.__wbindgen_export3(deferred1_0, deferred1_1, 1);
+        }
+    }
+    /**
+     * `true` iff at least one distinct, pinned witness cosignature verified.
+     * @returns {boolean}
+     */
+    get witnessed() {
+        const ret = wasm.__wbg_get_transparencyverdict_witnessed(this.__wbg_ptr);
+        return ret !== 0;
+    }
+    /**
+     * The re-derived trust level (`"L0"`/`"L1"`); `""` unless `verdict == "Valid"`.
+     * @param {string} arg0
+     */
+    set trust_level(arg0) {
+        const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        wasm.__wbg_set_transparencyverdict_trust_level(this.__wbg_ptr, ptr0, len0);
+    }
+    /**
+     * The base `ActionOutcome` verdict tag (`"Valid"`, `"HashMismatch"`,
+     * `"TransparencyUnverifiable:…"`, `"WitnessQuorumNotMet:have=…,need=…"`, …).
+     * @param {string} arg0
+     */
+    set verdict(arg0) {
+        const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        wasm.__wbg_set_transparencyverdict_verdict(this.__wbg_ptr, ptr0, len0);
+    }
+    /**
+     * The count of DISTINCT verified witness cosignatures (the minimum across the
+     * receipt's proofs). `0` when `witnessed == false`.
+     * @param {number} arg0
+     */
+    set witness_count(arg0) {
+        wasm.__wbg_set_transparencyverdict_witness_count(this.__wbg_ptr, arg0);
+    }
+    /**
+     * The honest witness line: `"Witnessed"` or `"NotWitnessed"`.
+     * @param {string} arg0
+     */
+    set witness_status(arg0) {
+        const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        wasm.__wbg_set_transparencyverdict_witness_status(this.__wbg_ptr, ptr0, len0);
+    }
+    /**
+     * `true` iff at least one distinct, pinned witness cosignature verified.
+     * @param {boolean} arg0
+     */
+    set witnessed(arg0) {
+        wasm.__wbg_set_transparencyverdict_witnessed(this.__wbg_ptr, arg0);
+    }
+}
+if (Symbol.dispose) TransparencyVerdict.prototype[Symbol.dispose] = TransparencyVerdict.prototype.free;
+
 /**
  * The verified, decoded result of a delegation envelope.
  */
@@ -1907,6 +2064,70 @@ export function verifyActionReceiptWithRates(receipt_bytes, rate_card_json) {
     return MetricsVerdict.__wrap(ret);
 }
 
+/**
+ * Verify a single `ActionReceipt` AND its transparency-log inclusion proof +
+ * witness cosignatures against the PINNED log/witness keys — the verify the
+ * public proof page runs so a third party confirms the receipt was logged AND
+ * independently witnessed, entirely offline from the frozen bytes.
+ *
+ * This calls the REAL [`open_receipt_with_transparency`] (the single source of
+ * truth shared with the CLI and the Python SDK): the base offline gate, then —
+ * for each proof in `receipt.transparency` — a two-stage RFC-6962 inclusion
+ * proof against the C2SP checkpoint note signed by `log_pubkey_b64`, then every
+ * cosignature `verify_strict`-ed over the exact checkpoint-note bytes against a
+ * pinned witness key (deduped by key to a DISTINCT count). The proofs live in
+ * the receipt's `transparency[]` block (stapled at export), so there is no
+ * separate `proofsJson` argument — passing the receipt passes its proofs.
+ *
+ * HONEST by construction (see [`TransparencyVerdict`]): absent/empty witnesses ⇒
+ * `NotWitnessed` (never a green "witnessed"); a demanded-but-unmet quorum
+ * (`min_witnesses > 0`) ⇒ the `WitnessQuorumNotMet` verdict, fail closed.
+ *
+ * `receipt_bytes`        — raw `ActionReceipt` JSON (`Uint8Array`). A
+ *                          structurally bad receipt is an honest `"Malformed:…"`
+ *                          verdict, never a throw and never a green.
+ * `log_pubkey_b64`       — the PINNED transparency-log public key (base64, raw 32
+ *                          bytes), trusted out of band (CT-style).
+ * `witness_keys_b64`     — the PINNED witness public keys (base64, raw 32 bytes);
+ *                          empty ⇒ cosignatures are not counted (`NotWitnessed`).
+ * `min_witnesses`        — the relying party's witness-QUORUM policy. `0` is
+ *                          presence-tolerant; `> 0` fails closed below quorum and
+ *                          requires at least one pinned witness key.
+ * `require_transparency` — when `true`, a receipt with no `transparency[]` fails
+ *                          closed (`"TransparencyRequired"`).
+ *
+ * Throws a `JsError` only for an UNUSABLE config input (a `log_pubkey_b64` /
+ * `witness_keys_b64` entry that is not base64 of exactly 32 bytes) — every
+ * cryptographic / quorum failure is a non-throwing verdict instead.
+ * @param {Uint8Array} receipt_bytes
+ * @param {string} log_pubkey_b64
+ * @param {string[]} witness_keys_b64
+ * @param {number} min_witnesses
+ * @param {boolean} require_transparency
+ * @returns {TransparencyVerdict}
+ */
+export function verifyActionReceiptWithTransparency(receipt_bytes, log_pubkey_b64, witness_keys_b64, min_witnesses, require_transparency) {
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passArray8ToWasm0(receipt_bytes, wasm.__wbindgen_export);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passStringToWasm0(log_pubkey_b64, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len1 = WASM_VECTOR_LEN;
+        const ptr2 = passArrayJsValueToWasm0(witness_keys_b64, wasm.__wbindgen_export);
+        const len2 = WASM_VECTOR_LEN;
+        wasm.verifyActionReceiptWithTransparency(retptr, ptr0, len0, ptr1, len1, ptr2, len2, min_witnesses, require_transparency);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+        if (r2) {
+            throw takeObject(r1);
+        }
+        return TransparencyVerdict.__wrap(r0);
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+}
+
 /**
  * Verify a serialized approval token and return its decoded claims.
  *
@@ -2385,6 +2606,9 @@ const CommitmentVerdictFinalization = (typeof FinalizationRegistry === 'undefine
 const MetricsVerdictFinalization = (typeof FinalizationRegistry === 'undefined')
     ? { register: () => {}, unregister: () => {} }
     : new FinalizationRegistry(ptr => wasm.__wbg_metricsverdict_free(ptr, 1));
+const TransparencyVerdictFinalization = (typeof FinalizationRegistry === 'undefined')
+    ? { register: () => {}, unregister: () => {} }
+    : new FinalizationRegistry(ptr => wasm.__wbg_transparencyverdict_free(ptr, 1));
 const VerifiedDelegationFinalization = (typeof FinalizationRegistry === 'undefined')
     ? { register: () => {}, unregister: () => {} }
     : new FinalizationRegistry(ptr => wasm.__wbg_verifieddelegation_free(ptr, 1));
@@ -2447,6 +2671,16 @@ function passArray8ToWasm0(arg, malloc) {
     return ptr;
 }
 
+function passArrayJsValueToWasm0(array, malloc) {
+    const ptr = malloc(array.length * 4, 4) >>> 0;
+    const mem = getDataViewMemory0();
+    for (let i = 0; i < array.length; i++) {
+        mem.setUint32(ptr + 4 * i, addHeapObject(array[i]), true);
+    }
+    WASM_VECTOR_LEN = array.length;
+    return ptr;
+}
+
 function passStringToWasm0(arg, malloc, realloc) {
     if (realloc === undefined) {
         const buf = cachedTextEncoder.encode(arg);

package/heso_wasm_bg.wasm.d.ts

@@ -32,6 +32,10 @@ export const __wbg_set_verifieddelegation_expiry_unix_secs: (a: number, b: numbe
 export const __wbg_get_verifieddelegation_not_before_unix_secs: (a: number) => number;
 export const __wbg_set_verifieddelegation_not_before_unix_secs: (a: number, b: number) => void;
 export const verifyActionReceipt: (a: number, b: number) => number;
+export const __wbg_transparencyverdict_free: (a: number, b: number) => void;
+export const __wbg_get_transparencyverdict_witness_count: (a: number) => number;
+export const __wbg_set_transparencyverdict_witness_count: (a: number, b: number) => void;
+export const verifyActionReceiptWithTransparency: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number, i: number) => void;
 export const actionCanonicalBytes: (a: number, b: number, c: number) => void;
 export const l1CosignPayload: (a: number, b: number, c: number, d: number, e: number) => void;
 export const quorumCosignPayload: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number) => void;
@@ -114,13 +118,18 @@ export const __wbg_set_cloudtrailfeedverdict_signed_log_files_count: (a: number,
 export const __wbg_get_cloudtrailfeedverdict_signed_log_files_json: (a: number, b: number) => void;
 export const __wbg_set_cloudtrailfeedverdict_signed_log_files_json: (a: number, b: number, c: number) => void;
 export const verifyCloudTrailFeed: (a: number, b: number, c: number) => void;
+export const __wbg_set_transparencyverdict_witnessed: (a: number, b: number) => void;
 export const __wbg_set_approvaltokenclaims_decision: (a: number, b: number, c: number) => void;
 export const __wbg_set_approvaltokenclaims_scope: (a: number, b: number, c: number) => void;
 export const __wbg_set_verifieddelegation_sub: (a: number, b: number, c: number) => void;
 export const __wbg_set_verifieddelegation_scope: (a: number, b: number, c: number) => void;
 export const __wbg_set_commitmentverdict_verdict: (a: number, b: number, c: number) => void;
 export const __wbg_set_commitmentverdict_signer_fpr: (a: number, b: number, c: number) => void;
+export const __wbg_set_transparencyverdict_verdict: (a: number, b: number, c: number) => void;
+export const __wbg_set_transparencyverdict_trust_level: (a: number, b: number, c: number) => void;
+export const __wbg_set_transparencyverdict_witness_status: (a: number, b: number, c: number) => void;
 export const __wbg_set_cloudtrailfeedverdict_broken_at: (a: number, b: number) => void;
+export const __wbg_get_transparencyverdict_witnessed: (a: number) => number;
 export const __wbg_get_cloudtrailfeedverdict_broken_at: (a: number) => number;
 export const __wbg_commitmentverdict_free: (a: number, b: number) => void;
 export const __wbg_get_approvaltokenclaims_decision: (a: number, b: number) => void;
@@ -129,6 +138,9 @@ export const __wbg_get_verifieddelegation_sub: (a: number, b: number) => void;
 export const __wbg_get_verifieddelegation_scope: (a: number, b: number) => void;
 export const __wbg_get_commitmentverdict_verdict: (a: number, b: number) => void;
 export const __wbg_get_commitmentverdict_signer_fpr: (a: number, b: number) => void;
+export const __wbg_get_transparencyverdict_verdict: (a: number, b: number) => void;
+export const __wbg_get_transparencyverdict_trust_level: (a: number, b: number) => void;
+export const __wbg_get_transparencyverdict_witness_status: (a: number, b: number) => void;
 export const __wbindgen_export: (a: number, b: number) => number;
 export const __wbindgen_export2: (a: number, b: number, c: number, d: number) => number;
 export const __wbindgen_add_to_stack_pointer: (a: number) => number;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hesohq/verify-wasm",
-  "version": "0.5.1-dev.136",
+  "version": "0.5.1-dev.138",
   "description": "HESO Enterprise trust layer — browser WASM verify-only surface (ESM)",
   "type": "module",
   "scripts": {