@heyanon-arp/sdk 0.0.2

package/dist/index.mjs

@@ -0,0 +1,761 @@
+import { sha512, sha256 } from '@noble/hashes/sha2';
+import { bytesToHex, randomBytes } from '@noble/hashes/utils';
+import canonicalize from 'canonicalize';
+import { base58, base64, base64urlnopad } from '@scure/base';
+import * as ed from '@noble/ed25519';
+import { hmac } from '@noble/hashes/hmac';
+import { scrypt } from '@noble/hashes/scrypt';
+
+// src/canonical/canonicalize.ts
+function canonicalJson(value) {
+  const result = canonicalize(value);
+  if (result === void 0) {
+    throw new Error("canonicalJson: value serialized to undefined (top-level undefined?)");
+  }
+  return result;
+}
+function canonicalBytes(value) {
+  return new TextEncoder().encode(canonicalJson(value));
+}
+function canonicalSha256Hex(value) {
+  const digest = sha256(canonicalBytes(value));
+  return `sha256:${bytesToHex(digest)}`;
+}
+function base58btcEncode(bytes) {
+  return base58.encode(bytes);
+}
+function base58btcDecode(text) {
+  return base58.decode(text);
+}
+ed.etc.sha512Sync = (...messages) => sha512(ed.etc.concatBytes(...messages));
+function generateKeyPair() {
+  const secretKey = ed.utils.randomPrivateKey();
+  const publicKey = ed.getPublicKey(secretKey);
+  return { secretKey, publicKey };
+}
+function getPublicKey2(secretKey) {
+  if (secretKey.length !== 32) {
+    throw new Error(`getPublicKey: expected 32-byte seed, got ${secretKey.length}`);
+  }
+  return ed.getPublicKey(secretKey);
+}
+function sign2(message, secretKey) {
+  return ed.sign(message, secretKey);
+}
+function verify2(signature, message, publicKey) {
+  try {
+    return ed.verify(signature, message, publicKey);
+  } catch {
+    return false;
+  }
+}
+
+// src/did/format.ts
+var DID_PREFIX = "did:arp:";
+var ED25519_PUBKEY_LENGTH = 32;
+function formatDid(identityPublicKey) {
+  if (identityPublicKey.length !== ED25519_PUBKEY_LENGTH) {
+    throw new Error(`formatDid: expected ${ED25519_PUBKEY_LENGTH}-byte Ed25519 pubkey, got ${identityPublicKey.length}`);
+  }
+  return `${DID_PREFIX}${base58btcEncode(identityPublicKey)}`;
+}
+function parseDid(did) {
+  if (!did.startsWith(DID_PREFIX)) return null;
+  const body = did.slice(DID_PREFIX.length);
+  if (body.length === 0) return null;
+  let decoded;
+  try {
+    decoded = base58btcDecode(body);
+  } catch {
+    return null;
+  }
+  if (decoded.length !== ED25519_PUBKEY_LENGTH) return null;
+  return decoded;
+}
+function isValidDid(did) {
+  return parseDid(did) !== null;
+}
+function signEnvelope(input) {
+  const body_hash = canonicalSha256Hex(input.body);
+  const attachments_hash = input.attachments === void 0 ? null : canonicalSha256Hex(input.attachments);
+  const protectedBlock = {
+    ...input.protected,
+    body_hash,
+    attachments_hash
+  };
+  const signingInputBytes = canonicalBytes(
+    input.attachments === void 0 ? { protected: protectedBlock, body: input.body } : { protected: protectedBlock, body: input.body, attachments: input.attachments }
+  );
+  const sigBytes = sign2(signingInputBytes, input.identitySecretKey);
+  const sender_signature = `ed25519:${base64.encode(sigBytes)}`;
+  const envelope = {
+    protected: protectedBlock,
+    body: input.body,
+    sender_signature
+  };
+  if (input.attachments !== void 0) {
+    envelope.attachments = input.attachments;
+  }
+  return envelope;
+}
+function verifyEnvelope(envelope, senderIdentityPubkey) {
+  const recomputedBodyHash = canonicalSha256Hex(envelope.body);
+  if (recomputedBodyHash !== envelope.protected.body_hash) {
+    return { ok: false, reason: "body_hash_mismatch" };
+  }
+  const expectedAttachmentsHash = envelope.attachments === void 0 ? null : canonicalSha256Hex(envelope.attachments);
+  if (expectedAttachmentsHash !== envelope.protected.attachments_hash) {
+    return { ok: false, reason: "attachments_hash_mismatch" };
+  }
+  const sigPrefix = "ed25519:";
+  if (!envelope.sender_signature.startsWith(sigPrefix)) {
+    return { ok: false, reason: "signature_malformed", detail: "sender_signature missing ed25519: prefix" };
+  }
+  let sigBytes;
+  try {
+    sigBytes = base64.decode(envelope.sender_signature.slice(sigPrefix.length));
+  } catch {
+    return { ok: false, reason: "signature_malformed", detail: "sender_signature base64 decode failed" };
+  }
+  if (sigBytes.length !== 64) {
+    return { ok: false, reason: "signature_malformed", detail: `expected 64-byte signature, got ${sigBytes.length}` };
+  }
+  const signingInputBytes = canonicalBytes(
+    envelope.attachments === void 0 ? { protected: envelope.protected, body: envelope.body } : { protected: envelope.protected, body: envelope.body, attachments: envelope.attachments }
+  );
+  const ok = verify2(sigBytes, signingInputBytes, senderIdentityPubkey);
+  return ok ? { ok: true } : { ok: false, reason: "signature_invalid" };
+}
+
+// src/purpose.ts
+var Purpose = {
+  /** Default for `protected.purpose` on body messages. */
+  ENVELOPE: "ARP-ENVELOPE-v1",
+  /** Receipt co-signature payload (delegation completion). */
+  RECEIPT: "ARP-RECEIPT-v1",
+  /** Dispute response co-signature payload. */
+  DISPUTE_RESPONSE: "ARP-DISPUTE-RESPONSE-v1",
+  /** Webhook delivery HMAC signature payload. */
+  WEBHOOK: "ARP-WEBHOOK-v1",
+  /** Identity ownership challenge proof. */
+  CHALLENGE: "ARP-CHALLENGE-v1",
+  /** Verifiable Credential issued by the platform. */
+  VC: "ARP-VC-v1",
+  /** Owner attestation linking identity ↔ settlement keys at registration. */
+  KEY_LINK: "ARP-KEY-LINK-v1",
+  /** Owner attestation for an identity-key rotation event. */
+  KEY_ROTATION: "ARP-KEY-ROTATION-v1",
+  /**
+   * Settlement-key signature authorising an on-chain `release_lock`.
+   * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.
+   */
+  SOLANA_RELEASE: "ARP-SOLANA-RELEASE-v1.5",
+  /**
+   * Settlement-key signature authorising an on-chain `partial_release`.
+   * V1.5 — digest now binds fee_bps_at_lock + fee_recipient_at_lock.
+   */
+  SOLANA_PARTIAL_RELEASE: "ARP-SOLANA-PARTIAL-RELEASE-v1.5",
+  /** Settlement-key signature authorising an on-chain co-signed `refund_lock`. */
+  SOLANA_REFUND: "ARP-SOLANA-REFUND-v1",
+  /** Admin (platform multisig) signature authorising `resolve_dispute`. */
+  SOLANA_RESOLVE_DISPUTE: "ARP-SOLANA-RESOLVE-DISPUTE-v1"
+};
+var PROTECTED_PURPOSES = [Purpose.ENVELOPE];
+var COSIGNATURE_PURPOSES = [Purpose.RECEIPT, Purpose.DISPUTE_RESPONSE];
+var SETTLEMENT_PURPOSES = [
+  Purpose.SOLANA_RELEASE,
+  Purpose.SOLANA_PARTIAL_RELEASE,
+  Purpose.SOLANA_REFUND,
+  Purpose.SOLANA_RESOLVE_DISPUTE
+];
+
+// src/cosignature/cosign.ts
+var COSIGN_ALLOWED = [Purpose.RECEIPT, Purpose.DISPUTE_RESPONSE];
+function signCosignature(input) {
+  const purpose = input.payload.purpose;
+  if (!COSIGN_ALLOWED.includes(purpose)) {
+    throw new Error(`signCosignature: purpose "${purpose}" is not allowed for co_signature`);
+  }
+  const digest = sha256(canonicalBytes(input.payload));
+  const sigBytes = sign2(digest, input.identitySecretKey);
+  const payload_hash = `sha256:${bytesToHex2(digest)}`;
+  const sig = `ed25519:${base64.encode(sigBytes)}`;
+  return {
+    agent_did: input.signerDid,
+    purpose,
+    payload_hash,
+    sig
+  };
+}
+function verifyCosignature(input) {
+  if (input.cosignature.purpose !== input.payload.purpose) {
+    return { ok: false, reason: "purpose_mismatch" };
+  }
+  const digest = sha256(canonicalBytes(input.payload));
+  const expectedHash = `sha256:${bytesToHex2(digest)}`;
+  if (expectedHash !== input.cosignature.payload_hash) {
+    return { ok: false, reason: "payload_hash_mismatch" };
+  }
+  const sigPrefix = "ed25519:";
+  if (!input.cosignature.sig.startsWith(sigPrefix)) {
+    return { ok: false, reason: "signature_malformed", detail: "sig missing ed25519: prefix" };
+  }
+  let sigBytes;
+  try {
+    sigBytes = base64.decode(input.cosignature.sig.slice(sigPrefix.length));
+  } catch {
+    return { ok: false, reason: "signature_malformed", detail: "sig base64 decode failed" };
+  }
+  if (sigBytes.length !== 64) {
+    return { ok: false, reason: "signature_malformed", detail: `expected 64-byte signature, got ${sigBytes.length}` };
+  }
+  return verify2(sigBytes, digest, input.signerIdentityPubkey) ? { ok: true } : { ok: false, reason: "signature_invalid" };
+}
+function bytesToHex2(b) {
+  let s = "";
+  for (let i = 0; i < b.length; i++) {
+    s += b[i].toString(16).padStart(2, "0");
+  }
+  return s;
+}
+
+// src/challenge/challenge.ts
+var CHALLENGE_PURPOSE_BYTES = new TextEncoder().encode(Purpose.CHALLENGE);
+function buildSigningInput(challengeBytes) {
+  if (CHALLENGE_PURPOSE_BYTES.length > 255) {
+    throw new Error("purpose label too long for 1-byte prefix");
+  }
+  const out = new Uint8Array(1 + CHALLENGE_PURPOSE_BYTES.length + challengeBytes.length);
+  out[0] = CHALLENGE_PURPOSE_BYTES.length;
+  out.set(CHALLENGE_PURPOSE_BYTES, 1);
+  out.set(challengeBytes, 1 + CHALLENGE_PURPOSE_BYTES.length);
+  return out;
+}
+function signChallenge(challengeBytes, identitySecretKey) {
+  if (challengeBytes.length !== 32) {
+    throw new Error(`signChallenge: expected 32-byte challenge, got ${challengeBytes.length}`);
+  }
+  return sign2(buildSigningInput(challengeBytes), identitySecretKey);
+}
+function verifyChallenge(challengeBytes, signature, identityPubkey) {
+  if (challengeBytes.length !== 32) return false;
+  if (signature.length !== 64) return false;
+  return verify2(signature, buildSigningInput(challengeBytes), identityPubkey);
+}
+function buildWebhookSignatureHeader(input, sharedSecret) {
+  const digest = sha256(canonicalBytes(input));
+  const mac = hmac(sha256, sharedSecret, digest);
+  return `${Purpose.WEBHOOK}=${base64.encode(mac)}`;
+}
+function verifyWebhookSignatureHeader(headerValue, input, sharedSecret) {
+  const expected = buildWebhookSignatureHeader(input, sharedSecret);
+  return constantTimeEqual(expected, headerValue);
+}
+function constantTimeEqual(a, b) {
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) {
+    diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return diff === 0;
+}
+
+// src/types/identity.ts
+var SCRYPT_PARAMS = {
+  N: 32768,
+  r: 8,
+  p: 1,
+  dkLen: 32
+};
+
+// src/attestation/scrypt-proof.ts
+function deriveScryptKey(password, salt) {
+  if (salt.length !== 16) {
+    throw new Error(`deriveScryptKey: expected 16-byte salt, got ${salt.length}`);
+  }
+  const passwordBytes = new TextEncoder().encode(password);
+  return scrypt(passwordBytes, salt, {
+    N: SCRYPT_PARAMS.N,
+    r: SCRYPT_PARAMS.r,
+    p: SCRYPT_PARAMS.p,
+    dkLen: SCRYPT_PARAMS.dkLen
+  });
+}
+function scryptPasswordProofSign(payload, scryptKey) {
+  if (scryptKey.length !== SCRYPT_PARAMS.dkLen) {
+    throw new Error(`scryptPasswordProofSign: expected ${SCRYPT_PARAMS.dkLen}-byte scrypt key, got ${scryptKey.length}`);
+  }
+  const digest = sha256(canonicalBytes(payload));
+  const mac = hmac(sha256, scryptKey, digest);
+  return base64.encode(mac);
+}
+function scryptPasswordProofVerify(payload, sigBase64, scryptKey) {
+  if (scryptKey.length !== SCRYPT_PARAMS.dkLen) return false;
+  let providedMac;
+  try {
+    providedMac = base64.decode(sigBase64);
+  } catch {
+    return false;
+  }
+  if (providedMac.length !== 32) return false;
+  const digest = sha256(canonicalBytes(payload));
+  const expectedMac = hmac(sha256, scryptKey, digest);
+  return constantTimeEqualBytes(providedMac, expectedMac);
+}
+function constantTimeEqualBytes(a, b) {
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) {
+    diff |= a[i] ^ b[i];
+  }
+  return diff === 0;
+}
+
+// src/attestation/attestation.ts
+function signKeyLinkAttestation(input) {
+  if (input.payload.purpose !== "ARP-KEY-LINK-v1") {
+    throw new Error(`signKeyLinkAttestation: expected purpose ARP-KEY-LINK-v1, got ${input.payload.purpose}`);
+  }
+  if (input.payload.owner_signing_method !== "scrypt_password_proof") {
+    throw new Error(`signKeyLinkAttestation: this helper handles scrypt_password_proof only; got ${input.payload.owner_signing_method}`);
+  }
+  const sig = scryptPasswordProofSign(input.payload, input.scryptKey);
+  return { payload: input.payload, sig, scrypt_salt_id: input.scryptSaltId };
+}
+function verifyKeyLinkAttestation(attestation, scryptKey) {
+  if (attestation.payload.purpose !== "ARP-KEY-LINK-v1") return false;
+  return scryptPasswordProofVerify(attestation.payload, attestation.sig, scryptKey);
+}
+function signKeyRotationAttestation(input) {
+  if (input.payload.purpose !== "ARP-KEY-ROTATION-v1") {
+    throw new Error(`signKeyRotationAttestation: expected purpose ARP-KEY-ROTATION-v1, got ${input.payload.purpose}`);
+  }
+  if (input.payload.owner_signing_method !== "scrypt_password_proof") {
+    throw new Error(`signKeyRotationAttestation: this helper handles scrypt_password_proof only; got ${input.payload.owner_signing_method}`);
+  }
+  const sig = scryptPasswordProofSign(input.payload, input.scryptKey);
+  return { payload: input.payload, sig, scrypt_salt_id: input.scryptSaltId };
+}
+function verifyKeyRotationAttestation(attestation, scryptKey) {
+  if (attestation.payload.purpose !== "ARP-KEY-ROTATION-v1") return false;
+  return scryptPasswordProofVerify(attestation.payload, attestation.sig, scryptKey);
+}
+function signedMessageHash(envelope) {
+  const input = envelope.attachments === void 0 ? { protected: envelope.protected, body: envelope.body } : { protected: envelope.protected, body: envelope.body, attachments: envelope.attachments };
+  const digest = sha256(canonicalBytes(input));
+  return `sha256:${bytesToHex3(digest)}`;
+}
+function serverEventHash(input) {
+  const canonicalInput = {
+    prev_server_event_hash: input.prevServerEventHash,
+    relationship_event_index: input.relationshipEventIndex,
+    server_timestamp: input.serverTimestamp,
+    signed_message_hash: input.signedMessageHash,
+    sender_signature: input.senderSignature
+  };
+  const digest = sha256(canonicalBytes(canonicalInput));
+  return `sha256:${bytesToHex3(digest)}`;
+}
+function findFirstChainDivergence(events) {
+  for (let i = 0; i < events.length; i++) {
+    const e = events[i];
+    const expected = serverEventHash({
+      prevServerEventHash: e.prev_server_event_hash,
+      relationshipEventIndex: e.relationship_event_index,
+      serverTimestamp: e.server_timestamp,
+      signedMessageHash: e.signed_message_hash,
+      senderSignature: e.sender_signature
+    });
+    if (expected !== e.server_event_hash) return i;
+    if (i > 0 && e.prev_server_event_hash !== events[i - 1].server_event_hash) return i;
+  }
+  return null;
+}
+function bytesToHex3(b) {
+  let s = "";
+  for (let i = 0; i < b.length; i++) {
+    s += b[i].toString(16).padStart(2, "0");
+  }
+  return s;
+}
+function deriveLockId(delegationId) {
+  const bytes16 = delegationIdToBytes16(delegationId);
+  const prefix = new TextEncoder().encode("arp-lock-v1");
+  const input = new Uint8Array(prefix.length + 16);
+  input.set(prefix, 0);
+  input.set(bytes16, prefix.length);
+  return sha256(input);
+}
+var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
+function delegationIdToBytes16(delegationId) {
+  const uuid = delegationId.startsWith("del_") ? delegationId.slice(4) : delegationId;
+  if (!UUID_RE.test(uuid)) {
+    if (delegationId.startsWith("del_")) {
+      throw new Error(`Invalid delegation_id UUID (must be canonical lowercase): ${JSON.stringify(uuid)}`);
+    }
+    throw new Error(`Invalid delegation_id format: expected "del_<uuid>" or bare canonical-lowercase UUID, got ${JSON.stringify(delegationId)}`);
+  }
+  const hex = uuid.replace(/-/g, "");
+  const out = new Uint8Array(16);
+  for (let i = 0; i < 16; i++) {
+    out[i] = Number.parseInt(hex.substring(i * 2, i * 2 + 2), 16);
+  }
+  return out;
+}
+function bytes16ToDelegationId(bytes) {
+  if (bytes.length !== 16) {
+    throw new Error(`bytes16ToDelegationId: expected 16 bytes, got ${bytes.length}`);
+  }
+  const hex = Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
+  return `del_${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20, 32)}`;
+}
+
+// src/settlement/settlement.ts
+var PURPOSE_RELEASE_STRING = "ARP-SOLANA-RELEASE-v1.5";
+var PURPOSE_PARTIAL_RELEASE_STRING = "ARP-SOLANA-PARTIAL-RELEASE-v1.5";
+var PURPOSE_REFUND_STRING = "ARP-SOLANA-REFUND-v1";
+var PURPOSE_RELEASE = new TextEncoder().encode(PURPOSE_RELEASE_STRING);
+var PURPOSE_PARTIAL_RELEASE = new TextEncoder().encode(PURPOSE_PARTIAL_RELEASE_STRING);
+var PURPOSE_REFUND = new TextEncoder().encode(PURPOSE_REFUND_STRING);
+var ZERO_PUBKEY = new Uint8Array(32);
+function buildReleaseDigest(input) {
+  requireLen(input.programId, 32, "programId");
+  requireLen(input.lockId, 32, "lockId");
+  requireLen(input.payerSettlementPubkey, 32, "payerSettlementPubkey");
+  requireLen(input.payeeSettlementPubkey, 32, "payeeSettlementPubkey");
+  requireLen(input.mint, 32, "mint");
+  requireLen(input.conditionHash, 32, "conditionHash");
+  requireLen(input.receiptEventHash, 32, "receiptEventHash");
+  requireLen(input.deliverableHash, 32, "deliverableHash");
+  const feeBps = input.feeBpsAtLock ?? 0;
+  requireFeeBps(feeBps);
+  const feeRecipient = input.feeRecipientAtLock ?? ZERO_PUBKEY;
+  requireLen(feeRecipient, 32, "feeRecipientAtLock");
+  const delegationBytes = delegationIdToBytes16(input.delegationId);
+  const buf = concatBytes(
+    PURPOSE_RELEASE,
+    new Uint8Array([input.clusterTag]),
+    input.programId,
+    input.lockId,
+    input.payerSettlementPubkey,
+    input.payeeSettlementPubkey,
+    input.mint,
+    u64LE(input.amount),
+    input.conditionHash,
+    delegationBytes,
+    input.receiptEventHash,
+    input.deliverableHash,
+    u64LE(input.expiresAt),
+    u16LE(feeBps),
+    feeRecipient
+  );
+  return sha256(buf);
+}
+function buildPartialReleaseDigest(input) {
+  requireLen(input.programId, 32, "programId");
+  requireLen(input.lockId, 32, "lockId");
+  requireLen(input.payerSettlementPubkey, 32, "payerSettlementPubkey");
+  requireLen(input.payeeSettlementPubkey, 32, "payeeSettlementPubkey");
+  requireLen(input.mint, 32, "mint");
+  requireLen(input.conditionHash, 32, "conditionHash");
+  requireLen(input.receiptEventHash, 32, "receiptEventHash");
+  requireLen(input.deliverableHash, 32, "deliverableHash");
+  const feeBps = input.feeBpsAtLock ?? 0;
+  requireFeeBps(feeBps);
+  const feeRecipient = input.feeRecipientAtLock ?? ZERO_PUBKEY;
+  requireLen(feeRecipient, 32, "feeRecipientAtLock");
+  const delegationBytes = delegationIdToBytes16(input.delegationId);
+  const buf = concatBytes(
+    PURPOSE_PARTIAL_RELEASE,
+    new Uint8Array([input.clusterTag]),
+    input.programId,
+    input.lockId,
+    input.payerSettlementPubkey,
+    input.payeeSettlementPubkey,
+    input.mint,
+    u64LE(input.amount),
+    u64LE(input.payeeAmount),
+    input.conditionHash,
+    delegationBytes,
+    input.receiptEventHash,
+    input.deliverableHash,
+    u64LE(input.expiresAt),
+    u16LE(feeBps),
+    feeRecipient
+  );
+  return sha256(buf);
+}
+var REFUND_REASON_BYTES = {
+  expired: 0,
+  dispute_resolution: 1,
+  payer_cancellation: 2,
+  both_parties_agreed: 3
+};
+function buildRefundDigest(input) {
+  requireLen(input.programId, 32, "programId");
+  requireLen(input.lockId, 32, "lockId");
+  requireLen(input.payerSettlementPubkey, 32, "payerSettlementPubkey");
+  requireLen(input.payeeSettlementPubkey, 32, "payeeSettlementPubkey");
+  requireLen(input.mint, 32, "mint");
+  const buf = concatBytes(
+    PURPOSE_REFUND,
+    new Uint8Array([input.clusterTag]),
+    input.programId,
+    input.lockId,
+    input.payerSettlementPubkey,
+    input.payeeSettlementPubkey,
+    input.mint,
+    u64LE(input.amount),
+    new Uint8Array([input.reasonByte]),
+    u64LE(input.expiresAt)
+  );
+  return sha256(buf);
+}
+function requireLen(bytes, expected, name) {
+  if (bytes.length !== expected) {
+    throw new Error(`settlement digest: ${name} must be ${expected} bytes, got ${bytes.length}`);
+  }
+}
+function requireFeeBps(bps) {
+  if (!Number.isInteger(bps) || bps < 0 || bps > 65535) {
+    throw new Error(`settlement digest: feeBpsAtLock must be a u16 (0..65535), got ${bps}`);
+  }
+}
+function concatBytes(...parts) {
+  let total = 0;
+  for (const p of parts) total += p.length;
+  const out = new Uint8Array(total);
+  let off = 0;
+  for (const p of parts) {
+    out.set(p, off);
+    off += p.length;
+  }
+  return out;
+}
+function u64LE(value) {
+  if (value < 0n || value > 0xffffffffffffffffn) {
+    throw new Error(`settlement digest: u64 value out of range: ${value}`);
+  }
+  const out = new Uint8Array(8);
+  let v = value;
+  for (let i = 0; i < 8; i++) {
+    out[i] = Number(v & 0xffn);
+    v >>= 8n;
+  }
+  return out;
+}
+function u16LE(value) {
+  const out = new Uint8Array(2);
+  out[0] = value & 255;
+  out[1] = value >> 8 & 255;
+  return out;
+}
+
+// src/settlement/token-program.ts
+var SPL_TOKEN_PROGRAM_ID_BASE58 = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
+var TOKEN_2022_PROGRAM_ID_BASE58 = "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb";
+function detectTokenProgramFromOwner(mintAccountOwnerBase58) {
+  switch (mintAccountOwnerBase58) {
+    case SPL_TOKEN_PROGRAM_ID_BASE58:
+      return { kind: "legacy", programIdBase58: SPL_TOKEN_PROGRAM_ID_BASE58 };
+    case TOKEN_2022_PROGRAM_ID_BASE58:
+      return { kind: "token-2022", programIdBase58: TOKEN_2022_PROGRAM_ID_BASE58 };
+    default:
+      throw new Error(
+        `detectTokenProgram: unsupported mint owner ${mintAccountOwnerBase58}; ARP escrow supports legacy SPL Token (${SPL_TOKEN_PROGRAM_ID_BASE58}) and Token-2022 (${TOKEN_2022_PROGRAM_ID_BASE58}) only`
+      );
+  }
+}
+function detectTokenProgramFromOwnerBytes(mintAccountOwnerBytes) {
+  if (mintAccountOwnerBytes.length !== 32) {
+    throw new Error(`detectTokenProgram: mintAccountOwnerBytes must be 32 bytes, got ${mintAccountOwnerBytes.length}`);
+  }
+  return detectTokenProgramFromOwner(bytesToBase58(mintAccountOwnerBytes));
+}
+function bytesToBase58(bytes) {
+  const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+  let zeros = 0;
+  for (let i = 0; i < bytes.length && bytes[i] === 0; i++) zeros++;
+  let num = 0n;
+  for (const b of bytes) {
+    num = num * 256n + BigInt(b);
+  }
+  let out = "";
+  while (num > 0n) {
+    const rem = Number(num % 58n);
+    num = num / 58n;
+    out = ALPHABET[rem] + out;
+  }
+  return "1".repeat(zeros) + out;
+}
+function uuidV4() {
+  const bytes = randomBytes(16);
+  bytes[6] = bytes[6] & 15 | 64;
+  bytes[8] = bytes[8] & 63 | 128;
+  const hex = bytesToHex16(bytes);
+  return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
+}
+function bytesToHex16(b) {
+  let s = "";
+  for (let i = 0; i < b.length; i++) {
+    s += b[i].toString(16).padStart(2, "0");
+  }
+  return s;
+}
+function senderNonce() {
+  return base64urlnopad.encode(randomBytes(16));
+}
+
+// src/utils/timestamp.ts
+function rfc3339(at = /* @__PURE__ */ new Date()) {
+  return `${at.toISOString().slice(0, 19)}Z`;
+}
+function expiresAt(ttlSeconds, now = /* @__PURE__ */ new Date()) {
+  if (!Number.isFinite(ttlSeconds) || ttlSeconds <= 0) {
+    throw new Error(`expiresAt: ttlSeconds must be positive, got ${ttlSeconds}`);
+  }
+  if (ttlSeconds > 24 * 60 * 60) {
+    throw new Error(`expiresAt: ttlSeconds exceeds 24h cap, got ${ttlSeconds}`);
+  }
+  return rfc3339(new Date(now.getTime() + ttlSeconds * 1e3));
+}
+
+// src/types/body.ts
+var DECLINE_REASONS = ["missing_brief", "rate_too_low", "out_of_scope", "policy", "expired_proposal", "capacity", "unspecified", "other"];
+function isDeclineReason(v) {
+  return typeof v === "string" && DECLINE_REASONS.includes(v);
+}
+
+// src/assets.ts
+var SOLANA_CLUSTER_IDS = {
+  "solana-mainnet": "5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",
+  "solana-devnet": "EtWTRABZaYq6iMfeYKouRu166VU2xqa1"
+};
+var SLIP44_SOLANA = 501;
+var USDC_MINTS = {
+  "solana-mainnet": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
+  "solana-devnet": "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU"
+};
+var WELL_KNOWN_ASSETS = {
+  "USDC:solana-mainnet": {
+    asset_id: `solana:${SOLANA_CLUSTER_IDS["solana-mainnet"]}/spl:${USDC_MINTS["solana-mainnet"]}`,
+    decimals: 6,
+    symbol: "USDC"
+  },
+  "USDC:solana-devnet": {
+    asset_id: `solana:${SOLANA_CLUSTER_IDS["solana-devnet"]}/spl:${USDC_MINTS["solana-devnet"]}`,
+    decimals: 6,
+    symbol: "USDC"
+  },
+  "SOL:solana-mainnet": {
+    asset_id: `solana:${SOLANA_CLUSTER_IDS["solana-mainnet"]}/slip44:${SLIP44_SOLANA}`,
+    decimals: 9,
+    symbol: "SOL"
+  },
+  "SOL:solana-devnet": {
+    asset_id: `solana:${SOLANA_CLUSTER_IDS["solana-devnet"]}/slip44:${SLIP44_SOLANA}`,
+    decimals: 9,
+    symbol: "SOL"
+  }
+};
+var CAIP19_REGEX = /^[-a-z0-9]{3,8}:[-_a-zA-Z0-9]{1,32}\/[-a-z0-9]{3,8}:[-.%a-zA-Z0-9]{1,128}$/;
+function isAssetIdentifier(value) {
+  if (typeof value !== "object" || value === null || Array.isArray(value)) return false;
+  const v = value;
+  if (typeof v.asset_id !== "string" || !CAIP19_REGEX.test(v.asset_id)) return false;
+  if (typeof v.decimals !== "number" || !Number.isInteger(v.decimals) || v.decimals < 0 || v.decimals > 18) return false;
+  if (v.symbol !== void 0 && (typeof v.symbol !== "string" || v.symbol.length === 0 || v.symbol.length > 16)) return false;
+  return true;
+}
+function resolveAsset(input) {
+  const hit = WELL_KNOWN_ASSETS[input];
+  if (hit) return { ...hit };
+  if (CAIP19_REGEX.test(input)) {
+    return { asset_id: input, decimals: NaN };
+  }
+  return null;
+}
+var WELL_KNOWN_ASSET_KEYS = Object.keys(WELL_KNOWN_ASSETS);
+function deriveConditionHash(contract) {
+  const required = ["contractId", "version", "scopeSummary", "pricingModel", "settlementModel"];
+  for (const field of required) {
+    if (contract[field] === void 0) {
+      throw new Error(`deriveConditionHash: required field '${String(field)}' is missing from the contract input`);
+    }
+  }
+  const subset = {
+    contractId: contract.contractId,
+    version: contract.version,
+    scopeSummary: contract.scopeSummary,
+    pricingModel: contract.pricingModel,
+    settlementModel: contract.settlementModel
+  };
+  if (contract.rateAmount !== void 0) subset.rateAmount = contract.rateAmount;
+  if (contract.rateCurrency !== void 0) subset.rateCurrency = contract.rateCurrency;
+  if (contract.rateUnit !== void 0) subset.rateUnit = contract.rateUnit;
+  if (contract.allowedDelegationTags !== void 0) subset.allowedDelegationTags = contract.allowedDelegationTags;
+  const bytes = canonicalBytes(subset);
+  return sha256(bytes);
+}
+
+// src/escrow/caip19.ts
+var CAIP19_RE = /^solana:([-_a-zA-Z0-9]{1,32})\/([-a-z0-9]{3,8}):([-.%a-zA-Z0-9]{1,128})$/;
+function parseCaip19SolanaAssetId(assetId) {
+  const m = CAIP19_RE.exec(assetId);
+  if (!m) {
+    throw new Error(`CAIP-19 asset_id is malformed: ${JSON.stringify(assetId)}`);
+  }
+  const cluster = m[1];
+  const namespaceRaw = m[2];
+  const reference = m[3];
+  if (namespaceRaw === "slip44") {
+    if (reference !== "501") {
+      throw new Error(`Unsupported slip44 coin index: only 501 (SOL) is supported, got ${reference}`);
+    }
+    return { cluster, namespace: "slip44", reference, isNative: true };
+  }
+  if (namespaceRaw === "spl") {
+    return { cluster, namespace: "spl", reference, isNative: false };
+  }
+  throw new Error(`Unsupported CAIP-19 namespace: ${JSON.stringify(namespaceRaw)} (only 'spl' and 'slip44' are supported on Solana)`);
+}
+var CREATE_LOCK_DISCRIMINATOR = new Uint8Array([171, 216, 92, 167, 165, 8, 153, 90]);
+function buildCreateLockIxData(args) {
+  if (args.lockId.length !== 32) throw new Error("create_lock: lockId must be 32 bytes");
+  if (args.conditionHash.length !== 32) throw new Error("create_lock: conditionHash must be 32 bytes");
+  requireU64(args.amount, "amount");
+  requireU64(args.expiry, "expiry");
+  const total = 8 + 32 + 8 + 32 + 8;
+  const out = new Uint8Array(total);
+  let off = 0;
+  out.set(CREATE_LOCK_DISCRIMINATOR, off);
+  off += 8;
+  out.set(args.lockId, off);
+  off += 32;
+  writeU64LE(out, off, args.amount);
+  off += 8;
+  out.set(args.conditionHash, off);
+  off += 32;
+  writeU64LE(out, off, args.expiry);
+  off += 8;
+  if (off !== total) throw new Error(`create_lock ix data layout drift: ${off} != ${total}`);
+  return out;
+}
+function requireU64(value, name) {
+  if (value < 0n || value > 0xffffffffffffffffn) {
+    throw new Error(`create_lock: ${name} out of u64 range`);
+  }
+}
+function writeU64LE(buf, off, value) {
+  let v = value;
+  for (let i = 0; i < 8; i++) {
+    buf[off + i] = Number(v & 0xffn);
+    v >>= 8n;
+  }
+}
+function computeCreateLockDiscriminator() {
+  const h = sha256(new TextEncoder().encode("global:create_lock"));
+  return h.slice(0, 8);
+}
+
+export { CAIP19_REGEX, COSIGNATURE_PURPOSES, CREATE_LOCK_DISCRIMINATOR, DECLINE_REASONS, PROTECTED_PURPOSES, PURPOSE_PARTIAL_RELEASE_STRING, PURPOSE_REFUND_STRING, PURPOSE_RELEASE_STRING, Purpose, REFUND_REASON_BYTES, SCRYPT_PARAMS, SETTLEMENT_PURPOSES, SLIP44_SOLANA, SOLANA_CLUSTER_IDS, SPL_TOKEN_PROGRAM_ID_BASE58, TOKEN_2022_PROGRAM_ID_BASE58, USDC_MINTS, WELL_KNOWN_ASSETS, WELL_KNOWN_ASSET_KEYS, base58btcDecode, base58btcEncode, buildCreateLockIxData, buildPartialReleaseDigest, buildRefundDigest, buildReleaseDigest, buildWebhookSignatureHeader, bytes16ToDelegationId, canonicalBytes, canonicalJson, canonicalSha256Hex, computeCreateLockDiscriminator, delegationIdToBytes16, deriveConditionHash, deriveLockId, deriveScryptKey, detectTokenProgramFromOwner, detectTokenProgramFromOwnerBytes, expiresAt, findFirstChainDivergence, formatDid, generateKeyPair, getPublicKey2 as getPublicKey, isAssetIdentifier, isDeclineReason, isValidDid, parseCaip19SolanaAssetId, parseDid, resolveAsset, rfc3339, scryptPasswordProofSign, scryptPasswordProofVerify, senderNonce, serverEventHash, sign2 as sign, signChallenge, signCosignature, signEnvelope, signKeyLinkAttestation, signKeyRotationAttestation, signedMessageHash, uuidV4, verify2 as verify, verifyChallenge, verifyCosignature, verifyEnvelope, verifyKeyLinkAttestation, verifyKeyRotationAttestation, verifyWebhookSignatureHeader };