npm - @keytrace/claims - Versions diffs - 0.0.5 - Mend

@keytrace/claims 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/README.md +105 -0
package/dist/atproto.d.ts +22 -0
package/dist/atproto.d.ts.map +1 -0
package/dist/atproto.js +134 -0
package/dist/atproto.js.map +1 -0
package/dist/constants.d.ts +6 -0
package/dist/constants.d.ts.map +1 -0
package/dist/constants.js +6 -0
package/dist/constants.js.map +1 -0
package/dist/crypto/base64url.d.ts +9 -0
package/dist/crypto/base64url.d.ts.map +1 -0
package/dist/crypto/base64url.js +29 -0
package/dist/crypto/base64url.js.map +1 -0
package/dist/crypto/canonicalize.d.ts +12 -0
package/dist/crypto/canonicalize.d.ts.map +1 -0
package/dist/crypto/canonicalize.js +67 -0
package/dist/crypto/canonicalize.js.map +1 -0
package/dist/crypto/signature.d.ts +11 -0
package/dist/crypto/signature.d.ts.map +1 -0
package/dist/crypto/signature.js +31 -0
package/dist/crypto/signature.js.map +1 -0
package/dist/types.d.ts +125 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +2 -0
package/dist/types.js.map +1 -0
package/dist/verify.d.ts +19 -0
package/dist/verify.d.ts.map +1 -0
package/dist/verify.js +143 -0
package/dist/verify.js.map +1 -0
package/package.json +36 -0
package/src/atproto.ts +177 -0
package/src/constants.ts +5 -0
package/src/crypto/base64url.ts +29 -0
package/src/crypto/canonicalize.ts +74 -0
package/src/crypto/signature.ts +36 -0
package/src/types.ts +133 -0
package/src/verify.ts +167 -0

package/README.md ADDED Viewed

@@ -0,0 +1,105 @@
+# @keytrace/claims
+Get Keytrace identity claims, and also verify their signatures. Works in both browser and Node.js.
+## Installation
+```bash
+npm install @keytrace/claims
+```
+## Usage
+```typescript
+import { getClaimsForHandle, getClaimsForDid } from '@keytrace/claims';
+// Verify all claims for a handle
+const result = await getClaimsForHandle('alice.bsky.social');
+console.log(`${result.summary.verified}/${result.summary.total} claims verified`);
+for (const claim of result.claims) {
+  if (claim.verified) {
+    console.log(`✓ ${claim.type}: ${claim.identity.subject}`);
+  } else {
+    console.log(`✗ ${claim.type}: ${claim.error}`);
+  }
+}
+// Or verify by DID directly
+const result2 = await getClaimsForDid('did:plc:abc123');
+```
+## API
+### `getClaimsForHandle(handle, options?)`
+Verify all keytrace claims for an ATProto handle.
+```typescript
+const result = await getClaimsForHandle('alice.bsky.social');
+```
+### `getClaimsForDid(did, options?)`
+Verify all keytrace claims for a DID.
+```typescript
+const result = await getClaimsForDid('did:plc:abc123');
+```
+### Options
+```typescript
+interface VerifyOptions {
+  fetch?: typeof fetch;        // Custom fetch function
+  timeout?: number;            // Request timeout in ms (default: 10000)
+  plcDirectoryUrl?: string;    // PLC directory URL (default: https://plc.directory)
+  publicApiUrl?: string;       // Public API URL (default: https://public.api.bsky.app)
+}
+```
+### Return Type
+```typescript
+interface VerificationResult {
+  did: string;
+  handle?: string;
+  claims: ClaimVerificationResult[];
+  summary: {
+    total: number;
+    verified: number;
+    failed: number;
+  };
+}
+interface ClaimVerificationResult {
+  uri: string;                 // AT URI of the claim
+  rkey: string;                // Record key
+  type: string;                // Claim type (github, dns, etc.)
+  claimUri: string;            // The claimed identity URI
+  verified: boolean;           // Whether signature is valid
+  steps: VerificationStep[];   // Verification steps performed
+  error?: string;              // Error message if failed
+  identity: ClaimIdentity;     // Identity info from the claim
+  claim: ClaimRecord;          // Full claim record
+}
+```
+## How It Works
+1. Resolves the handle to a DID (if needed)
+2. Fetches the user's PDS endpoint from their DID document
+3. Lists all `dev.keytrace.claim` records from their repo
+4. For each claim:
+   - Fetches the signing key from the `sig.src` AT URI
+   - Reconstructs the signed claim data
+   - Verifies the ES256 signature using Web Crypto API
+## Platform Support
+- Node.js 18+
+- Modern browsers (Chrome, Firefox, Safari, Edge)
+- Deno, Cloudflare Workers, and other runtimes with Web Crypto API
+Zero runtime dependencies - uses standard `fetch` and `crypto.subtle` APIs.

package/dist/atproto.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { ClaimRecord, VerifyOptions } from "./types.js";
+/**
+ * Resolve a handle to a DID using the public ATProto API.
+ */
+export declare function resolveHandle(handle: string, options?: VerifyOptions): Promise<string>;
+/**
+ * Resolve the PDS endpoint from a DID document.
+ */
+export declare function resolvePds(did: string, options?: VerifyOptions): Promise<string>;
+/**
+ * List all keytrace claim records from a user's repo.
+ */
+export declare function listClaimRecords(pdsUrl: string, did: string, options?: VerifyOptions): Promise<Array<{
+    uri: string;
+    rkey: string;
+    value: ClaimRecord;
+}>>;
+/**
+ * Fetch a single record by AT URI.
+ */
+export declare function getRecordByUri<T>(atUri: string, options?: VerifyOptions): Promise<T>;
+//# sourceMappingURL=atproto.d.ts.map

package/dist/atproto.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"atproto.d.ts","sourceRoot":"","sources":["../src/atproto.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAa,aAAa,EAAE,MAAM,YAAY,CAAC;AA6CxE;;GAEG;AACH,wBAAsB,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAgB5F;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CA0BtF;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,WAAW,CAAA;CAAE,CAAC,CAAC,CA0C9J;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,CAqB1F"}

package/dist/atproto.js ADDED Viewed

@@ -0,0 +1,134 @@
+import { PUBLIC_API_URL, PLC_DIRECTORY_URL, COLLECTION_NSID, DEFAULT_TIMEOUT } from "./constants.js";
+/**
+ * Fetch with timeout support
+ */
+async function fetchWithTimeout(url, options) {
+    const fetchFn = options?.fetch ?? globalThis.fetch;
+    const timeout = options?.timeout ?? DEFAULT_TIMEOUT;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeout);
+    try {
+        const response = await fetchFn(url, { signal: controller.signal });
+        return response;
+    }
+    finally {
+        clearTimeout(timeoutId);
+    }
+}
+/**
+ * Resolve a handle to a DID using the public ATProto API.
+ */
+export async function resolveHandle(handle, options) {
+    // If it's already a DID, return it
+    if (handle.startsWith("did:")) {
+        return handle;
+    }
+    const baseUrl = options?.publicApiUrl ?? PUBLIC_API_URL;
+    const url = `${baseUrl}/xrpc/com.atproto.identity.resolveHandle?handle=${encodeURIComponent(handle)}`;
+    const response = await fetchWithTimeout(url, options);
+    if (!response.ok) {
+        throw new Error(`Failed to resolve handle: ${response.status} ${response.statusText}`);
+    }
+    const data = (await response.json());
+    return data.did;
+}
+/**
+ * Resolve the PDS endpoint from a DID document.
+ */
+export async function resolvePds(did, options) {
+    const plcUrl = options?.plcDirectoryUrl ?? PLC_DIRECTORY_URL;
+    try {
+        let url;
+        if (did.startsWith("did:plc:")) {
+            url = `${plcUrl}/${did}`;
+        }
+        else if (did.startsWith("did:web:")) {
+            const host = did.replace("did:web:", "").replaceAll(":", "/");
+            url = `https://${host}/.well-known/did.json`;
+        }
+        else {
+            return PUBLIC_API_URL;
+        }
+        const response = await fetchWithTimeout(url, options);
+        if (!response.ok) {
+            return PUBLIC_API_URL;
+        }
+        const doc = (await response.json());
+        const pdsService = doc.service?.find((s) => s.id === "#atproto_pds" || s.type === "AtprotoPersonalDataServer");
+        return pdsService?.serviceEndpoint ?? PUBLIC_API_URL;
+    }
+    catch {
+        return PUBLIC_API_URL;
+    }
+}
+/**
+ * List all keytrace claim records from a user's repo.
+ */
+export async function listClaimRecords(pdsUrl, did, options) {
+    const claims = [];
+    try {
+        let cursor;
+        do {
+            const url = new URL(`${pdsUrl}/xrpc/com.atproto.repo.listRecords`);
+            url.searchParams.set("repo", did);
+            url.searchParams.set("collection", COLLECTION_NSID);
+            url.searchParams.set("limit", "100");
+            if (cursor)
+                url.searchParams.set("cursor", cursor);
+            const response = await fetchWithTimeout(url.toString(), options);
+            if (!response.ok) {
+                // No records or repo not found
+                if (response.status === 400 || response.status === 404) {
+                    break;
+                }
+                throw new Error(`Failed to list records: ${response.status}`);
+            }
+            const data = (await response.json());
+            for (const record of data.records) {
+                const rkey = parseAtUriRkey(record.uri);
+                claims.push({
+                    uri: record.uri,
+                    rkey,
+                    value: record.value,
+                });
+            }
+            cursor = data.cursor;
+        } while (cursor);
+    }
+    catch (err) {
+        // Silently handle errors - return whatever we got
+        if (claims.length === 0) {
+            throw err;
+        }
+    }
+    return claims;
+}
+/**
+ * Fetch a single record by AT URI.
+ */
+export async function getRecordByUri(atUri, options) {
+    const match = atUri.match(/^at:\/\/([^/]+)\/([^/]+)\/(.+)$/);
+    if (!match) {
+        throw new Error(`Invalid AT URI: ${atUri}`);
+    }
+    const [, repo, collection, rkey] = match;
+    const pdsUrl = await resolvePds(repo, options);
+    const url = new URL(`${pdsUrl}/xrpc/com.atproto.repo.getRecord`);
+    url.searchParams.set("repo", repo);
+    url.searchParams.set("collection", collection);
+    url.searchParams.set("rkey", rkey);
+    const response = await fetchWithTimeout(url.toString(), options);
+    if (!response.ok) {
+        throw new Error(`Failed to fetch record: ${response.status}`);
+    }
+    const data = (await response.json());
+    return data.value;
+}
+/**
+ * Parse the rkey from an AT URI.
+ */
+function parseAtUriRkey(atUri) {
+    const match = atUri.match(/^at:\/\/[^/]+\/[^/]+\/(.+)$/);
+    return match?.[1] ?? "";
+}
+//# sourceMappingURL=atproto.js.map

package/dist/atproto.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"atproto.js","sourceRoot":"","sources":["../src/atproto.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AA0BrG;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAAC,GAAW,EAAE,OAAuB;IAClE,MAAM,OAAO,GAAG,OAAO,EAAE,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IACnD,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,eAAe,CAAC;IAEpD,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;IAEhE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QACnE,OAAO,QAAQ,CAAC;IAClB,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,SAAS,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,MAAc,EAAE,OAAuB;IACzE,mCAAmC;IACnC,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,EAAE,YAAY,IAAI,cAAc,CAAC;IACxD,MAAM,GAAG,GAAG,GAAG,OAAO,mDAAmD,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;IAEtG,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACtD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAoB,CAAC;IACxD,OAAO,IAAI,CAAC,GAAG,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,GAAW,EAAE,OAAuB;IACnE,MAAM,MAAM,GAAG,OAAO,EAAE,eAAe,IAAI,iBAAiB,CAAC;IAE7D,IAAI,CAAC;QACH,IAAI,GAAW,CAAC;QAChB,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,GAAG,GAAG,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC;QAC3B,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC9D,GAAG,GAAG,WAAW,IAAI,uBAAuB,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,OAAO,cAAc,CAAC;QACxB,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,cAAc,CAAC;QACxB,CAAC;QAED,MAAM,GAAG,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAC;QACnD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,cAAc,IAAI,CAAC,CAAC,IAAI,KAAK,2BAA2B,CAAC,CAAC;QAE/G,OAAO,UAAU,EAAE,eAAe,IAAI,cAAc,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,cAAc,CAAC;IACxB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAAc,EAAE,GAAW,EAAE,OAAuB;IACzF,MAAM,MAAM,GAA6D,EAAE,CAAC;IAE5E,IAAI,CAAC;QACH,IAAI,MAA0B,CAAC;QAC/B,GAAG,CAAC;YACF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,oCAAoC,CAAC,CAAC;YACnE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAClC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;YACpD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACrC,IAAI,MAAM;gBAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAEnD,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC;YACjE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,+BAA+B;gBAC/B,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBACvD,MAAM;gBACR,CAAC;gBACD,MAAM,IAAI,KAAK,CAAC,2BAA2B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;YAE5D,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClC,MAAM,IAAI,GAAG,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACxC,MAAM,CAAC,IAAI,CAAC;oBACV,GAAG,EAAE,MAAM,CAAC,GAAG;oBACf,IAAI;oBACJ,KAAK,EAAE,MAAM,CAAC,KAAoB;iBACnC,CAAC,CAAC;YACL,CAAC;YAED,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QACvB,CAAC,QAAQ,MAAM,EAAE;IACnB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,kDAAkD;QAClD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAI,KAAa,EAAE,OAAuB;IAC5E,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;IAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC;IACzC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAE/C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,kCAAkC,CAAC,CAAC;IACjE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACnC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAC/C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEnC,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,2BAA2B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAsB,CAAC;IAC1D,OAAO,IAAI,CAAC,KAAU,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAa;IACnC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACzD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AAC1B,CAAC"}

package/dist/constants.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export declare const PUBLIC_API_URL = "https://public.api.bsky.app";
+export declare const PLC_DIRECTORY_URL = "https://plc.directory";
+export declare const COLLECTION_NSID = "dev.keytrace.claim";
+export declare const KEY_COLLECTION_NSID = "dev.keytrace.key";
+export declare const DEFAULT_TIMEOUT = 10000;
+//# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,cAAc,gCAAgC,CAAC;AAC5D,eAAO,MAAM,iBAAiB,0BAA0B,CAAC;AACzD,eAAO,MAAM,eAAe,uBAAuB,CAAC;AACpD,eAAO,MAAM,mBAAmB,qBAAqB,CAAC;AACtD,eAAO,MAAM,eAAe,QAAQ,CAAC"}

package/dist/constants.js ADDED Viewed

@@ -0,0 +1,6 @@
+export const PUBLIC_API_URL = "https://public.api.bsky.app";
+export const PLC_DIRECTORY_URL = "https://plc.directory";
+export const COLLECTION_NSID = "dev.keytrace.claim";
+export const KEY_COLLECTION_NSID = "dev.keytrace.key";
+export const DEFAULT_TIMEOUT = 10000;
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,cAAc,GAAG,6BAA6B,CAAC;AAC5D,MAAM,CAAC,MAAM,iBAAiB,GAAG,uBAAuB,CAAC;AACzD,MAAM,CAAC,MAAM,eAAe,GAAG,oBAAoB,CAAC;AACpD,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CAAC;AACtD,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,CAAC"}

package/dist/crypto/base64url.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Base64url decode a string to UTF-8 text.
+ */
+export declare function base64urlDecode(str: string): string;
+/**
+ * Base64url decode a string to raw bytes.
+ */
+export declare function base64urlDecodeToBytes(str: string): Uint8Array;
+//# sourceMappingURL=base64url.d.ts.map

package/dist/crypto/base64url.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"base64url.d.ts","sourceRoot":"","sources":["../../src/crypto/base64url.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAGnD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAiB9D"}

package/dist/crypto/base64url.js ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * Base64url decode a string to UTF-8 text.
+ */
+export function base64urlDecode(str) {
+    const bytes = base64urlDecodeToBytes(str);
+    return new TextDecoder().decode(bytes);
+}
+/**
+ * Base64url decode a string to raw bytes.
+ */
+export function base64urlDecodeToBytes(str) {
+    // Add padding if needed
+    let padded = str;
+    const remainder = str.length % 4;
+    if (remainder === 2)
+        padded += "==";
+    else if (remainder === 3)
+        padded += "=";
+    // Convert URL-safe characters back to standard base64
+    const base64 = padded.replace(/-/g, "+").replace(/_/g, "/");
+    // Decode - works in both browser and Node.js
+    const binary = atob(base64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+//# sourceMappingURL=base64url.js.map

package/dist/crypto/base64url.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"base64url.js","sourceRoot":"","sources":["../../src/crypto/base64url.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,MAAM,KAAK,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAC1C,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAW;IAChD,wBAAwB;IACxB,IAAI,MAAM,GAAG,GAAG,CAAC;IACjB,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IACjC,IAAI,SAAS,KAAK,CAAC;QAAE,MAAM,IAAI,IAAI,CAAC;SAC/B,IAAI,SAAS,KAAK,CAAC;QAAE,MAAM,IAAI,GAAG,CAAC;IAExC,sDAAsD;IACtD,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAE5D,6CAA6C;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/crypto/canonicalize.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * Canonicalize a value according to RFC 8785 (JSON Canonicalization Scheme).
+ * https://datatracker.ietf.org/doc/html/rfc8785
+ *
+ * This ensures deterministic JSON output for cryptographic signing by:
+ * - Sorting object keys by UTF-16 code units
+ * - Serializing numbers per ES2020 Number.toString() (no -0, no NaN/Infinity)
+ * - No optional whitespace
+ * - Proper string escaping per RFC 8259
+ */
+export declare function canonicalize(data: unknown): string;
+//# sourceMappingURL=canonicalize.d.ts.map

package/dist/crypto/canonicalize.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"canonicalize.d.ts","sourceRoot":"","sources":["../../src/crypto/canonicalize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CAElD"}

package/dist/crypto/canonicalize.js ADDED Viewed

@@ -0,0 +1,67 @@
+/**
+ * Canonicalize a value according to RFC 8785 (JSON Canonicalization Scheme).
+ * https://datatracker.ietf.org/doc/html/rfc8785
+ *
+ * This ensures deterministic JSON output for cryptographic signing by:
+ * - Sorting object keys by UTF-16 code units
+ * - Serializing numbers per ES2020 Number.toString() (no -0, no NaN/Infinity)
+ * - No optional whitespace
+ * - Proper string escaping per RFC 8259
+ */
+export function canonicalize(data) {
+    return serialize(data);
+}
+function serialize(value) {
+    if (value === null) {
+        return "null";
+    }
+    switch (typeof value) {
+        case "boolean":
+            return value ? "true" : "false";
+        case "number":
+            if (!Number.isFinite(value)) {
+                throw new Error("RFC 8785: Cannot serialize Infinity or NaN");
+            }
+            // RFC 8785 Section 3.2.2.3: -0 must be serialized as 0
+            if (Object.is(value, -0)) {
+                return "0";
+            }
+            // Use ES Number.toString() which produces RFC 8785 compliant output
+            return String(value);
+        case "string":
+            // JSON.stringify handles RFC 8259 string escaping
+            return JSON.stringify(value);
+        case "object":
+            if (Array.isArray(value)) {
+                return "[" + value.map(serialize).join(",") + "]";
+            }
+            return serializeObject(value);
+        default:
+            throw new Error(`RFC 8785: Cannot serialize value of type ${typeof value}`);
+    }
+}
+/**
+ * Serialize an object with keys sorted by UTF-16 code units per RFC 8785 Section 3.2.3.
+ */
+function serializeObject(obj) {
+    // RFC 8785: Sort keys by comparing UTF-16 code units
+    const keys = Object.keys(obj).sort((a, b) => {
+        const len = Math.min(a.length, b.length);
+        for (let i = 0; i < len; i++) {
+            const diff = a.charCodeAt(i) - b.charCodeAt(i);
+            if (diff !== 0)
+                return diff;
+        }
+        return a.length - b.length;
+    });
+    const pairs = [];
+    for (const key of keys) {
+        const val = obj[key];
+        // Skip undefined values (not valid in JSON)
+        if (val !== undefined) {
+            pairs.push(JSON.stringify(key) + ":" + serialize(val));
+        }
+    }
+    return "{" + pairs.join(",") + "}";
+}
+//# sourceMappingURL=canonicalize.js.map

package/dist/crypto/canonicalize.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canonicalize.js","sourceRoot":"","sources":["../../src/crypto/canonicalize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,MAAM,UAAU,YAAY,CAAC,IAAa;IACxC,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,QAAQ,OAAO,KAAK,EAAE,CAAC;QACrB,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;QAElC,KAAK,QAAQ;YACX,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAChE,CAAC;YACD,uDAAuD;YACvD,IAAI,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzB,OAAO,GAAG,CAAC;YACb,CAAC;YACD,oEAAoE;YACpE,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;QAEvB,KAAK,QAAQ;YACX,kDAAkD;YAClD,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAE/B,KAAK,QAAQ;YACX,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,OAAO,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;YACpD,CAAC;YACD,OAAO,eAAe,CAAC,KAAgC,CAAC,CAAC;QAE3D;YACE,MAAM,IAAI,KAAK,CAAC,4CAA4C,OAAO,KAAK,EAAE,CAAC,CAAC;IAChF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,GAA4B;IACnD,qDAAqD;IACrD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;QACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC/C,IAAI,IAAI,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC9B,CAAC;QACD,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACrB,4CAA4C;QAC5C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AACrC,CAAC"}

package/dist/crypto/signature.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import type { ES256PublicJwk, SignedClaimData } from "../types.js";
+/**
+ * Verify a JWS ES256 signature using Web Crypto API.
+ *
+ * @param claimData The claim data that was signed
+ * @param jws The JWS compact serialization (header.payload.signature)
+ * @param publicJwk The P-256 public key as JWK
+ * @returns true if signature is valid, false otherwise
+ */
+export declare function verifyES256Signature(claimData: SignedClaimData, jws: string, publicJwk: ES256PublicJwk): Promise<boolean>;
+//# sourceMappingURL=signature.d.ts.map

package/dist/crypto/signature.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../../src/crypto/signature.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAInE;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CAAC,SAAS,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,CAuB/H"}

package/dist/crypto/signature.js ADDED Viewed

@@ -0,0 +1,31 @@
+import { canonicalize } from "./canonicalize.js";
+import { base64urlDecode, base64urlDecodeToBytes } from "./base64url.js";
+/**
+ * Verify a JWS ES256 signature using Web Crypto API.
+ *
+ * @param claimData The claim data that was signed
+ * @param jws The JWS compact serialization (header.payload.signature)
+ * @param publicJwk The P-256 public key as JWK
+ * @returns true if signature is valid, false otherwise
+ */
+export async function verifyES256Signature(claimData, jws, publicJwk) {
+    const parts = jws.split(".");
+    if (parts.length !== 3)
+        return false;
+    const [headerB64, payloadB64, signatureB64] = parts;
+    // Verify payload matches expected canonical form
+    const expectedPayload = canonicalize(claimData);
+    const actualPayload = base64urlDecode(payloadB64);
+    if (actualPayload !== expectedPayload)
+        return false;
+    // Import JWK as CryptoKey
+    const key = await crypto.subtle.importKey("jwk", { ...publicJwk, alg: "ES256", use: "sig" }, { name: "ECDSA", namedCurve: "P-256" }, false, ["verify"]);
+    // Web Crypto expects raw signature bytes (R||S format) - which is what JWS ES256 uses
+    const signatureBytes = base64urlDecodeToBytes(signatureB64);
+    const signingInput = new TextEncoder().encode(`${headerB64}.${payloadB64}`);
+    // Create a fresh ArrayBuffer to satisfy TypeScript's strict BufferSource type
+    const signatureBuffer = new ArrayBuffer(signatureBytes.length);
+    new Uint8Array(signatureBuffer).set(signatureBytes);
+    return crypto.subtle.verify({ name: "ECDSA", hash: "SHA-256" }, key, signatureBuffer, signingInput);
+}
+//# sourceMappingURL=signature.js.map

package/dist/crypto/signature.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"signature.js","sourceRoot":"","sources":["../../src/crypto/signature.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAEzE;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,SAA0B,EAAE,GAAW,EAAE,SAAyB;IAC3G,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,KAAK,CAAC;IAEpD,iDAAiD;IACjD,MAAM,eAAe,GAAG,YAAY,CAAC,SAA+C,CAAC,CAAC;IACtF,MAAM,aAAa,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,aAAa,KAAK,eAAe;QAAE,OAAO,KAAK,CAAC;IAEpD,0BAA0B;IAC1B,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,GAAG,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAExJ,sFAAsF;IACtF,MAAM,cAAc,GAAG,sBAAsB,CAAC,YAAY,CAAC,CAAC;IAC5D,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC,CAAC;IAE5E,8EAA8E;IAC9E,MAAM,eAAe,GAAG,IAAI,WAAW,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAC/D,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAEpD,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,eAAe,EAAE,YAAY,CAAC,CAAC;AACtG,CAAC"}

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,125 @@
+/**
+ * Identity metadata from a claim record
+ */
+export interface ClaimIdentity {
+    subject: string;
+    avatarUrl?: string;
+    profileUrl?: string;
+    displayName?: string;
+}
+/**
+ * Signature data from a claim record
+ */
+export interface ClaimSignature {
+    /** Key identifier (YYYY-MM-DD) */
+    kid: string;
+    /** AT URI to the signing key record */
+    src: string;
+    /** Timestamp when signed */
+    signedAt: string;
+    /** JWS compact serialization */
+    attestation: string;
+}
+/**
+ * Raw claim record from ATProto
+ */
+export interface ClaimRecord {
+    $type: "dev.keytrace.claim";
+    type: string;
+    claimUri: string;
+    identity: ClaimIdentity;
+    sig: ClaimSignature;
+    comment?: string;
+    createdAt: string;
+    prerelease?: boolean;
+}
+/**
+ * Public key record from keytrace service
+ */
+export interface KeyRecord {
+    $type: "dev.keytrace.key";
+    publicJwk: string;
+    validFrom: string;
+    validUntil: string;
+}
+/**
+ * Parsed JWK for P-256 public key
+ */
+export interface ES256PublicJwk {
+    kty: "EC";
+    crv: "P-256";
+    x: string;
+    y: string;
+}
+/**
+ * Claim data that is signed (canonical form)
+ */
+export interface SignedClaimData {
+    did: string;
+    subject: string;
+    type: string;
+    verifiedAt: string;
+}
+/**
+ * Verification step detail for debugging/auditing
+ */
+export interface VerificationStep {
+    step: string;
+    success: boolean;
+    detail?: string;
+    error?: string;
+}
+/**
+ * Result of verifying a single claim
+ */
+export interface ClaimVerificationResult {
+    /** AT URI of the claim record */
+    uri: string;
+    /** Record key */
+    rkey: string;
+    /** Claim type (github, dns, etc.) */
+    type: string;
+    /** The claim URI being verified */
+    claimUri: string;
+    /** Whether signature verification passed */
+    verified: boolean;
+    /** Verification steps performed */
+    steps: VerificationStep[];
+    /** Error message if verification failed */
+    error?: string;
+    /** Identity data (available regardless of verification status) */
+    identity: ClaimIdentity;
+    /** Full claim record */
+    claim: ClaimRecord;
+}
+/**
+ * Result of verifying all claims for a DID
+ */
+export interface VerificationResult {
+    /** The DID that was verified */
+    did: string;
+    /** Resolved handle (if available) */
+    handle?: string;
+    /** Array of claim verification results */
+    claims: ClaimVerificationResult[];
+    /** Summary statistics */
+    summary: {
+        total: number;
+        verified: number;
+        failed: number;
+    };
+}
+/**
+ * Options for verification
+ */
+export interface VerifyOptions {
+    /** Custom fetch function (defaults to globalThis.fetch) */
+    fetch?: typeof fetch;
+    /** Request timeout in ms (default: 10000) */
+    timeout?: number;
+    /** PLC directory URL (default: https://plc.directory) */
+    plcDirectoryUrl?: string;
+    /** Public ATProto API URL for handle resolution (default: https://public.api.bsky.app) */
+    publicApiUrl?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,uCAAuC;IACvC,GAAG,EAAE,MAAM,CAAC;IACZ,4BAA4B;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,oBAAoB,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,aAAa,CAAC;IACxB,GAAG,EAAE,cAAc,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,kBAAkB,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,IAAI,CAAC;IACV,GAAG,EAAE,OAAO,CAAC;IACb,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,iCAAiC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,iBAAiB;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,qCAAqC;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,mCAAmC;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,QAAQ,EAAE,OAAO,CAAC;IAClB,mCAAmC;IACnC,KAAK,EAAE,gBAAgB,EAAE,CAAC;IAC1B,2CAA2C;IAC3C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,QAAQ,EAAE,aAAa,CAAC;IACxB,wBAAwB;IACxB,KAAK,EAAE,WAAW,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,gCAAgC;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,qCAAqC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,MAAM,EAAE,uBAAuB,EAAE,CAAC;IAClC,yBAAyB;IACzB,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2DAA2D;IAC3D,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;IACrB,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,0FAA0F;IAC1F,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB"}

package/dist/types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=types.js.map

package/dist/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/verify.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import type { VerificationResult, VerifyOptions } from "./types.js";
+export type { ClaimIdentity, ClaimRecord, ClaimSignature, ClaimVerificationResult, ES256PublicJwk, KeyRecord, SignedClaimData, VerificationResult, VerificationStep, VerifyOptions, } from "./types.js";
+/**
+ * Verify all keytrace claims for a handle.
+ *
+ * @param handle The ATProto handle (e.g., "alice.bsky.social") or DID
+ * @param options Optional configuration
+ * @returns Verification results for all claims
+ */
+export declare function getClaimsForHandle(handle: string, options?: VerifyOptions): Promise<VerificationResult>;
+/**
+ * Verify all keytrace claims for a DID.
+ *
+ * @param did The ATProto DID (e.g., "did:plc:abc123")
+ * @param options Optional configuration
+ * @returns Verification results for all claims
+ */
+export declare function getClaimsForDid(did: string, options?: VerifyOptions): Promise<VerificationResult>;
+//# sourceMappingURL=verify.d.ts.map

package/dist/verify.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAoF,kBAAkB,EAAoB,aAAa,EAAE,MAAM,YAAY,CAAC;AAKxK,YAAY,EACV,aAAa,EACb,WAAW,EACX,cAAc,EACd,uBAAuB,EACvB,cAAc,EACd,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAQ7G;AAED;;;;;;GAMG;AACH,wBAAsB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAkCvG"}