@labacacia/nps-sdk 1.0.0-alpha.3 → 1.0.0-alpha.4

package/dist/nip/error-codes.js

@@ -0,0 +1,30 @@
+// Copyright 2026 INNO LOTUS PTY LTD
+// SPDX-License-Identifier: Apache-2.0
+/** NIP error code wire constants — mirror of `spec/error-codes.md` NIP section. */
+// ── Cert verification (v1 + v2) ──────────────────────────────────────────────
+export const CERT_EXPIRED = "NIP-CERT-EXPIRED";
+export const CERT_REVOKED = "NIP-CERT-REVOKED";
+export const CERT_SIGNATURE_INVALID = "NIP-CERT-SIGNATURE-INVALID";
+export const CERT_UNTRUSTED_ISSUER = "NIP-CERT-UNTRUSTED-ISSUER";
+export const CERT_CAPABILITY_MISSING = "NIP-CERT-CAPABILITY-MISSING";
+export const CERT_SCOPE_VIOLATION = "NIP-CERT-SCOPE-VIOLATION";
+// ── CA service ───────────────────────────────────────────────────────────────
+export const CA_NID_NOT_FOUND = "NIP-CA-NID-NOT-FOUND";
+export const CA_NID_ALREADY_EXISTS = "NIP-CA-NID-ALREADY-EXISTS";
+export const CA_SERIAL_DUPLICATE = "NIP-CA-SERIAL-DUPLICATE";
+export const CA_RENEWAL_TOO_EARLY = "NIP-CA-RENEWAL-TOO-EARLY";
+export const CA_SCOPE_EXPANSION_DENIED = "NIP-CA-SCOPE-EXPANSION-DENIED";
+export const OCSP_UNAVAILABLE = "NIP-OCSP-UNAVAILABLE";
+export const TRUST_FRAME_INVALID = "NIP-TRUST-FRAME-INVALID";
+// ── RFC-0003 (assurance level) ───────────────────────────────────────────────
+export const ASSURANCE_MISMATCH = "NIP-ASSURANCE-MISMATCH";
+export const ASSURANCE_UNKNOWN = "NIP-ASSURANCE-UNKNOWN";
+// ── RFC-0004 (reputation log) ────────────────────────────────────────────────
+export const REPUTATION_ENTRY_INVALID = "NIP-REPUTATION-ENTRY-INVALID";
+export const REPUTATION_LOG_UNREACHABLE = "NIP-REPUTATION-LOG-UNREACHABLE";
+// ── RFC-0002 (X.509 + ACME) ──────────────────────────────────────────────────
+export const CERT_FORMAT_INVALID = "NIP-CERT-FORMAT-INVALID";
+export const CERT_EKU_MISSING = "NIP-CERT-EKU-MISSING";
+export const CERT_SUBJECT_NID_MISMATCH = "NIP-CERT-SUBJECT-NID-MISMATCH";
+export const ACME_CHALLENGE_FAILED = "NIP-ACME-CHALLENGE-FAILED";
+//# sourceMappingURL=error-codes.js.map

package/dist/nip/error-codes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-codes.js","sourceRoot":"","sources":["../../src/nip/error-codes.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,sCAAsC;AAEtC,mFAAmF;AAEnF,gFAAgF;AAChF,MAAM,CAAC,MAAM,YAAY,GAAc,kBAAkB,CAAC;AAC1D,MAAM,CAAC,MAAM,YAAY,GAAc,kBAAkB,CAAC;AAC1D,MAAM,CAAC,MAAM,sBAAsB,GAAI,4BAA4B,CAAC;AACpE,MAAM,CAAC,MAAM,qBAAqB,GAAK,2BAA2B,CAAC;AACnE,MAAM,CAAC,MAAM,uBAAuB,GAAG,6BAA6B,CAAC;AACrE,MAAM,CAAC,MAAM,oBAAoB,GAAM,0BAA0B,CAAC;AAElE,gFAAgF;AAChF,MAAM,CAAC,MAAM,gBAAgB,GAAY,sBAAsB,CAAC;AAChE,MAAM,CAAC,MAAM,qBAAqB,GAAO,2BAA2B,CAAC;AACrE,MAAM,CAAC,MAAM,mBAAmB,GAAS,yBAAyB,CAAC;AACnE,MAAM,CAAC,MAAM,oBAAoB,GAAQ,0BAA0B,CAAC;AACpE,MAAM,CAAC,MAAM,yBAAyB,GAAG,+BAA+B,CAAC;AAEzE,MAAM,CAAC,MAAM,gBAAgB,GAAO,sBAAsB,CAAC;AAC3D,MAAM,CAAC,MAAM,mBAAmB,GAAI,yBAAyB,CAAC;AAE9D,gFAAgF;AAChF,MAAM,CAAC,MAAM,kBAAkB,GAAG,wBAAwB,CAAC;AAC3D,MAAM,CAAC,MAAM,iBAAiB,GAAI,uBAAuB,CAAC;AAE1D,gFAAgF;AAChF,MAAM,CAAC,MAAM,wBAAwB,GAAM,8BAA8B,CAAC;AAC1E,MAAM,CAAC,MAAM,0BAA0B,GAAI,gCAAgC,CAAC;AAE5E,gFAAgF;AAChF,MAAM,CAAC,MAAM,mBAAmB,GAAS,yBAAyB,CAAC;AACnE,MAAM,CAAC,MAAM,gBAAgB,GAAY,sBAAsB,CAAC;AAChE,MAAM,CAAC,MAAM,yBAAyB,GAAG,+BAA+B,CAAC;AACzE,MAAM,CAAC,MAAM,qBAAqB,GAAO,2BAA2B,CAAC"}

package/dist/nip/frames.d.ts

@@ -1,5 +1,6 @@
 import { EncodingTier, FrameType } from "../core/frames.js";
 import type { NpsFrame } from "../core/codec.js";
+import { AssuranceLevel } from "./assurance-level.js";
 export interface IdentMetadata {
     issuer: string;
     issuedAt: string;
@@ -7,6 +8,11 @@ export interface IdentMetadata {
     capabilities?: readonly string[];
     scopes?: readonly string[];
 }
+export interface IdentFrameOptions {
+    assuranceLevel?: AssuranceLevel | null;
+    certFormat?: string | null;
+    certChain?: readonly string[] | null;
+}
 export declare class IdentFrame implements NpsFrame {
     readonly nid: string;
     readonly pubKey: string;
@@ -14,7 +20,10 @@ export declare class IdentFrame implements NpsFrame {
     readonly signature: string;
     readonly frameType = FrameType.IDENT;
     readonly preferredTier = EncodingTier.MSGPACK;
-    constructor(nid: string, pubKey: string, metadata: IdentMetadata, signature: string);
+    readonly assuranceLevel: AssuranceLevel | null;
+    readonly certFormat: string | null;
+    readonly certChain: readonly string[] | null;
+    constructor(nid: string, pubKey: string, metadata: IdentMetadata, signature: string, options?: IdentFrameOptions);
     unsignedDict(): Record<string, unknown>;
     toDict(): Record<string, unknown>;
     static fromDict(data: Record<string, unknown>): IdentFrame;

package/dist/nip/frames.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"frames.d.ts","sourceRoot":"","sources":["../../src/nip/frames.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAEjD,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAQ,MAAM,CAAC;IACrB,QAAQ,EAAM,MAAM,CAAC;IACrB,SAAS,CAAC,EAAI,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACjC,MAAM,CAAC,EAAQ,SAAS,MAAM,EAAE,CAAC;CAClC;AAED,qBAAa,UAAW,YAAW,QAAQ;aAKvB,GAAG,EAAQ,MAAM;aACjB,MAAM,EAAK,MAAM;aACjB,QAAQ,EAAG,aAAa;aACxB,SAAS,EAAE,MAAM;IAPnC,QAAQ,CAAC,SAAS,mBAAuB;IACzC,QAAQ,CAAC,aAAa,wBAAwB;gBAG5B,GAAG,EAAQ,MAAM,EACjB,MAAM,EAAK,MAAM,EACjB,QAAQ,EAAG,aAAa,EACxB,SAAS,EAAE,MAAM;IAGnC,YAAY,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAQvC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAIjC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU;CAQ3D;AAED,qBAAa,UAAW,YAAW,QAAQ;aAKvB,SAAS,EAAG,MAAM;aAClB,UAAU,EAAE,MAAM;aAClB,MAAM,EAAM,SAAS,MAAM,EAAE;aAC7B,SAAS,EAAG,MAAM;aAClB,SAAS,EAAG,MAAM;IARpC,QAAQ,CAAC,SAAS,mBAAuB;IACzC,QAAQ,CAAC,aAAa,wBAAwB;gBAG5B,SAAS,EAAG,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAM,SAAS,MAAM,EAAE,EAC7B,SAAS,EAAG,MAAM,EAClB,SAAS,EAAG,MAAM;IAGpC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAUjC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU;CAS3D;AAED,qBAAa,WAAY,YAAW,QAAQ;aAKxB,GAAG,EAAQ,MAAM;aACjB,MAAM,CAAC,EAAI,MAAM;aACjB,SAAS,CAAC,EAAE,MAAM;IANpC,QAAQ,CAAC,SAAS,oBAAwB;IAC1C,QAAQ,CAAC,aAAa,wBAAwB;gBAG5B,GAAG,EAAQ,MAAM,EACjB,MAAM,CAAC,EAAI,MAAM,YAAA,EACjB,SAAS,CAAC,EAAE,MAAM,YAAA;IAGpC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAQjC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,WAAW;CAO5D"}
+{"version":3,"file":"frames.d.ts","sourceRoot":"","sources":["../../src/nip/frames.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAQ,MAAM,CAAC;IACrB,QAAQ,EAAM,MAAM,CAAC;IACrB,SAAS,CAAC,EAAI,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACjC,MAAM,CAAC,EAAQ,SAAS,MAAM,EAAE,CAAC;CAClC;AAED,MAAM,WAAW,iBAAiB;IAChC,cAAc,CAAC,EAAE,cAAc,GAAG,IAAI,CAAC;IACvC,UAAU,CAAC,EAAM,MAAM,GAAG,IAAI,CAAC;IAC/B,SAAS,CAAC,EAAO,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;CAC3C;AAED,qBAAa,UAAW,YAAW,QAAQ;aASvB,GAAG,EAAQ,MAAM;aACjB,MAAM,EAAK,MAAM;aACjB,QAAQ,EAAG,aAAa;aACxB,SAAS,EAAE,MAAM;IAXnC,QAAQ,CAAC,SAAS,mBAAuB;IACzC,QAAQ,CAAC,aAAa,wBAAwB;IAE9C,QAAQ,CAAC,cAAc,EAAE,cAAc,GAAG,IAAI,CAAC;IAC/C,QAAQ,CAAC,UAAU,EAAM,MAAM,GAAG,IAAI,CAAC;IACvC,QAAQ,CAAC,SAAS,EAAO,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;gBAGhC,GAAG,EAAQ,MAAM,EACjB,MAAM,EAAK,MAAM,EACjB,QAAQ,EAAG,aAAa,EACxB,SAAS,EAAE,MAAM,EACjC,OAAO,GAAqB,iBAAsB;IAOpD,YAAY,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAYvC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAOjC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU;CAiB3D;AAED,qBAAa,UAAW,YAAW,QAAQ;aAKvB,SAAS,EAAG,MAAM;aAClB,UAAU,EAAE,MAAM;aAClB,MAAM,EAAM,SAAS,MAAM,EAAE;aAC7B,SAAS,EAAG,MAAM;aAClB,SAAS,EAAG,MAAM;IARpC,QAAQ,CAAC,SAAS,mBAAuB;IACzC,QAAQ,CAAC,aAAa,wBAAwB;gBAG5B,SAAS,EAAG,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAM,SAAS,MAAM,EAAE,EAC7B,SAAS,EAAG,MAAM,EAClB,SAAS,EAAG,MAAM;IAGpC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAUjC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU;CAS3D;AAED,qBAAa,WAAY,YAAW,QAAQ;aAKxB,GAAG,EAAQ,MAAM;aACjB,MAAM,CAAC,EAAI,MAAM;aACjB,SAAS,CAAC,EAAE,MAAM;IANpC,QAAQ,CAAC,SAAS,oBAAwB;IAC1C,QAAQ,CAAC,aAAa,wBAAwB;gBAG5B,GAAG,EAAQ,MAAM,EACjB,MAAM,CAAC,EAAI,MAAM,YAAA,EACjB,SAAS,CAAC,EAAE,MAAM,YAAA;IAGpC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAQjC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,WAAW;CAO5D"}

package/dist/nip/frames.js

@@ -0,0 +1,106 @@
+// Copyright 2026 INNO LOTUS PTY LTD
+// SPDX-License-Identifier: Apache-2.0
+import { EncodingTier, FrameType } from "../core/frames.js";
+import { AssuranceLevel } from "./assurance-level.js";
+export class IdentFrame {
+    nid;
+    pubKey;
+    metadata;
+    signature;
+    frameType = FrameType.IDENT;
+    preferredTier = EncodingTier.MSGPACK;
+    assuranceLevel;
+    certFormat;
+    certChain;
+    constructor(nid, pubKey, metadata, signature, options = {}) {
+        this.nid = nid;
+        this.pubKey = pubKey;
+        this.metadata = metadata;
+        this.signature = signature;
+        this.assuranceLevel = options.assuranceLevel ?? null;
+        this.certFormat = options.certFormat ?? null;
+        this.certChain = options.certChain ?? null;
+    }
+    unsignedDict() {
+        const out = {
+            nid: this.nid,
+            pub_key: this.pubKey,
+            metadata: this.metadata,
+        };
+        if (this.assuranceLevel !== null)
+            out["assurance_level"] = this.assuranceLevel.wire;
+        // cert_format / cert_chain deliberately excluded from the signed payload —
+        // the v1 Ed25519 signature covers only (nid, pub_key, metadata, [assurance_level]).
+        return out;
+    }
+    toDict() {
+        const out = { ...this.unsignedDict(), signature: this.signature };
+        if (this.certFormat !== null)
+            out["cert_format"] = this.certFormat;
+        if (this.certChain !== null)
+            out["cert_chain"] = [...this.certChain];
+        return out;
+    }
+    static fromDict(data) {
+        const lvl = data["assurance_level"];
+        const assuranceLevel = typeof lvl === "string" ? AssuranceLevel.fromWire(lvl) : null;
+        const chainRaw = data["cert_chain"];
+        const certChain = Array.isArray(chainRaw) ? chainRaw : null;
+        return new IdentFrame(data["nid"], data["pub_key"], data["metadata"], data["signature"], {
+            assuranceLevel,
+            certFormat: data["cert_format"] ?? null,
+            certChain,
+        });
+    }
+}
+export class TrustFrame {
+    issuerNid;
+    subjectNid;
+    scopes;
+    expiresAt;
+    signature;
+    frameType = FrameType.TRUST;
+    preferredTier = EncodingTier.MSGPACK;
+    constructor(issuerNid, subjectNid, scopes, expiresAt, signature) {
+        this.issuerNid = issuerNid;
+        this.subjectNid = subjectNid;
+        this.scopes = scopes;
+        this.expiresAt = expiresAt;
+        this.signature = signature;
+    }
+    toDict() {
+        return {
+            issuer_nid: this.issuerNid,
+            subject_nid: this.subjectNid,
+            scopes: this.scopes,
+            expires_at: this.expiresAt,
+            signature: this.signature,
+        };
+    }
+    static fromDict(data) {
+        return new TrustFrame(data["issuer_nid"], data["subject_nid"], data["scopes"], data["expires_at"], data["signature"]);
+    }
+}
+export class RevokeFrame {
+    nid;
+    reason;
+    revokedAt;
+    frameType = FrameType.REVOKE;
+    preferredTier = EncodingTier.MSGPACK;
+    constructor(nid, reason, revokedAt) {
+        this.nid = nid;
+        this.reason = reason;
+        this.revokedAt = revokedAt;
+    }
+    toDict() {
+        return {
+            nid: this.nid,
+            reason: this.reason ?? null,
+            revoked_at: this.revokedAt ?? null,
+        };
+    }
+    static fromDict(data) {
+        return new RevokeFrame(data["nid"], data["reason"] ?? undefined, data["revoked_at"] ?? undefined);
+    }
+}
+//# sourceMappingURL=frames.js.map

package/dist/nip/frames.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"frames.js","sourceRoot":"","sources":["../../src/nip/frames.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,sCAAsC;AAEtC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE5D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAgBtD,MAAM,OAAO,UAAU;IASH;IACA;IACA;IACA;IAXT,SAAS,GAAO,SAAS,CAAC,KAAK,CAAC;IAChC,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC;IAErC,cAAc,CAAwB;IACtC,UAAU,CAAoB;IAC9B,SAAS,CAAgC;IAElD,YACkB,GAAiB,EACjB,MAAiB,EACjB,QAAwB,EACxB,SAAiB,EACjC,UAAgD,EAAE;QAJlC,QAAG,GAAH,GAAG,CAAc;QACjB,WAAM,GAAN,MAAM,CAAW;QACjB,aAAQ,GAAR,QAAQ,CAAgB;QACxB,cAAS,GAAT,SAAS,CAAQ;QAGjC,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,IAAI,CAAC;QACrD,IAAI,CAAC,UAAU,GAAO,OAAO,CAAC,UAAU,IAAQ,IAAI,CAAC;QACrD,IAAI,CAAC,SAAS,GAAQ,OAAO,CAAC,SAAS,IAAS,IAAI,CAAC;IACvD,CAAC;IAED,YAAY;QACV,MAAM,GAAG,GAA4B;YACnC,GAAG,EAAO,IAAI,CAAC,GAAG;YAClB,OAAO,EAAG,IAAI,CAAC,MAAM;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC;QACF,IAAI,IAAI,CAAC,cAAc,KAAK,IAAI;YAAE,GAAG,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;QACpF,2EAA2E;QAC3E,oFAAoF;QACpF,OAAO,GAAG,CAAC;IACb,CAAC;IAED,MAAM;QACJ,MAAM,GAAG,GAA4B,EAAE,GAAG,IAAI,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;QAC3F,IAAI,IAAI,CAAC,UAAU,KAAK,IAAI;YAAE,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC;QACnE,IAAI,IAAI,CAAC,SAAS,KAAM,IAAI;YAAE,GAAG,CAAC,YAAY,CAAC,GAAI,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;QACvE,OAAO,GAAG,CAAC;IACb,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAA6B;QAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACpC,MAAM,cAAc,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACrF,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAE,QAAqB,CAAC,CAAC,CAAC,IAAI,CAAC;QAC1E,OAAO,IAAI,UAAU,CACnB,IAAI,CAAC,KAAK,CAAiB,EAC3B,IAAI,CAAC,SAAS,CAAa,EAC3B,IAAI,CAAC,UAAU,CAAmB,EAClC,IAAI,CAAC,WAAW,CAAW,EAC3B;YACE,cAAc;YACd,UAAU,EAAG,IAAI,CAAC,aAAa,CAAwB,IAAI,IAAI;YAC/D,SAAS;SACV,CACF,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,UAAU;IAKH;IACA;IACA;IACA;IACA;IART,SAAS,GAAO,SAAS,CAAC,KAAK,CAAC;IAChC,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC;IAE9C,YACkB,SAAkB,EAClB,UAAkB,EAClB,MAA6B,EAC7B,SAAkB,EAClB,SAAkB;QAJlB,cAAS,GAAT,SAAS,CAAS;QAClB,eAAU,GAAV,UAAU,CAAQ;QAClB,WAAM,GAAN,MAAM,CAAuB;QAC7B,cAAS,GAAT,SAAS,CAAS;QAClB,cAAS,GAAT,SAAS,CAAS;IACjC,CAAC;IAEJ,MAAM;QACJ,OAAO;YACL,UAAU,EAAG,IAAI,CAAC,SAAS;YAC3B,WAAW,EAAE,IAAI,CAAC,UAAU;YAC5B,MAAM,EAAO,IAAI,CAAC,MAAM;YACxB,UAAU,EAAG,IAAI,CAAC,SAAS;YAC3B,SAAS,EAAI,IAAI,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAA6B;QAC3C,OAAO,IAAI,UAAU,CACnB,IAAI,CAAC,YAAY,CAAY,EAC7B,IAAI,CAAC,aAAa,CAAW,EAC7B,IAAI,CAAC,QAAQ,CAAkB,EAC/B,IAAI,CAAC,YAAY,CAAY,EAC7B,IAAI,CAAC,WAAW,CAAa,CAC9B,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,WAAW;IAKJ;IACA;IACA;IANT,SAAS,GAAO,SAAS,CAAC,MAAM,CAAC;IACjC,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC;IAE9C,YACkB,GAAiB,EACjB,MAAiB,EACjB,SAAkB;QAFlB,QAAG,GAAH,GAAG,CAAc;QACjB,WAAM,GAAN,MAAM,CAAW;QACjB,cAAS,GAAT,SAAS,CAAS;IACjC,CAAC;IAEJ,MAAM;QACJ,OAAO;YACL,GAAG,EAAS,IAAI,CAAC,GAAG;YACpB,MAAM,EAAM,IAAI,CAAC,MAAM,IAAQ,IAAI;YACnC,UAAU,EAAE,IAAI,CAAC,SAAS,IAAK,IAAI;SACpC,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAA6B;QAC3C,OAAO,IAAI,WAAW,CACpB,IAAI,CAAC,KAAK,CAAkB,EAC3B,IAAI,CAAC,QAAQ,CAAuB,IAAI,SAAS,EACjD,IAAI,CAAC,YAAY,CAAmB,IAAI,SAAS,CACnD,CAAC;IACJ,CAAC;CACF"}

package/dist/nip/identity.js

@@ -0,0 +1,94 @@
+// Copyright 2026 INNO LOTUS PTY LTD
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * NipIdentity — Ed25519 key management and signing for NPS NID identity.
+ * Uses @noble/ed25519 for signing; node:crypto for key storage encryption.
+ */
+import * as ed25519 from "@noble/ed25519";
+import { sha512 } from "@noble/hashes/sha512";
+import { createCipheriv, createDecipheriv, pbkdf2Sync, randomBytes } from "node:crypto";
+import { readFileSync, writeFileSync } from "node:fs";
+// noble/ed25519 requires sha512 to be set explicitly in Node environments
+ed25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));
+const KEY_FILE_VERSION = 1;
+const PBKDF2_ITERS = 600_000;
+const SALT_BYTES = 16;
+const IV_BYTES = 12;
+const KEY_BYTES = 32;
+export class NipIdentity {
+    _privKey;
+    pubKey;
+    constructor(_privKey, pubKey) {
+        this._privKey = _privKey;
+        this.pubKey = pubKey;
+    }
+    // ── Factory ───────────────────────────────────────────────────────────────
+    static generate() {
+        const priv = ed25519.utils.randomPrivateKey();
+        const pub = ed25519.getPublicKey(priv);
+        return new NipIdentity(priv, pub);
+    }
+    static fromPrivateKey(privKey) {
+        const pub = ed25519.getPublicKey(privKey);
+        return new NipIdentity(privKey, pub);
+    }
+    /** Load from an AES-256-GCM encrypted key file. */
+    static load(path, passphrase) {
+        const envelope = JSON.parse(readFileSync(path, "utf8"));
+        const salt = Buffer.from(envelope.salt, "hex");
+        const iv = Buffer.from(envelope.iv, "hex");
+        const ct = Buffer.from(envelope.ciphertext, "hex");
+        const dk = pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, "sha256");
+        const decipher = createDecipheriv("aes-256-gcm", dk, iv);
+        // Last 16 bytes of ciphertext are the GCM auth tag
+        const authTag = ct.slice(ct.length - 16);
+        const body = ct.slice(0, ct.length - 16);
+        decipher.setAuthTag(authTag);
+        const priv = Buffer.concat([decipher.update(body), decipher.final()]);
+        return NipIdentity.fromPrivateKey(new Uint8Array(priv));
+    }
+    /** Save to an AES-256-GCM encrypted key file. */
+    save(path, passphrase) {
+        const salt = randomBytes(SALT_BYTES);
+        const iv = randomBytes(IV_BYTES);
+        const dk = pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, "sha256");
+        const cipher = createCipheriv("aes-256-gcm", dk, iv);
+        const body = Buffer.concat([cipher.update(Buffer.from(this._privKey)), cipher.final()]);
+        const tag = cipher.getAuthTag();
+        const envelope = {
+            version: KEY_FILE_VERSION,
+            salt: salt.toString("hex"),
+            iv: iv.toString("hex"),
+            ciphertext: Buffer.concat([body, tag]).toString("hex"),
+            pubKey: Buffer.from(this.pubKey).toString("hex"),
+        };
+        writeFileSync(path, JSON.stringify(envelope, null, 2), "utf8");
+    }
+    // ── Signing ───────────────────────────────────────────────────────────────
+    /** Sign a dict payload. Returns `ed25519:<base64url>`. */
+    sign(payload) {
+        const canonical = JSON.stringify(payload, Object.keys(payload).sort());
+        const bytes = new TextEncoder().encode(canonical);
+        const sig = ed25519.sign(bytes, this._privKey);
+        return `ed25519:${Buffer.from(sig).toString("base64")}`;
+    }
+    /** Verify a signature string against a dict payload. */
+    verify(payload, signature) {
+        if (!signature.startsWith("ed25519:"))
+            return false;
+        try {
+            const canonical = JSON.stringify(payload, Object.keys(payload).sort());
+            const bytes = new TextEncoder().encode(canonical);
+            const sigBytes = Buffer.from(signature.slice("ed25519:".length), "base64");
+            return ed25519.verify(sigBytes, bytes, this.pubKey);
+        }
+        catch {
+            return false;
+        }
+    }
+    /** Public key as `ed25519:<hex>` string. */
+    get pubKeyString() {
+        return `ed25519:${Buffer.from(this.pubKey).toString("hex")}`;
+    }
+}
+//# sourceMappingURL=identity.js.map

package/dist/nip/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/nip/identity.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,sCAAsC;AAEtC;;;GAGG;AAEH,OAAO,KAAK,OAAO,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACxF,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAEtD,0EAA0E;AAC1E,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AAEzE,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAC3B,MAAM,YAAY,GAAO,OAAO,CAAC;AACjC,MAAM,UAAU,GAAS,EAAE,CAAC;AAC5B,MAAM,QAAQ,GAAW,EAAE,CAAC;AAC5B,MAAM,SAAS,GAAU,EAAE,CAAC;AAU5B,MAAM,OAAO,WAAW;IAEH;IACA;IAFnB,YACmB,QAAoB,EACpB,MAAoB;QADpB,aAAQ,GAAR,QAAQ,CAAY;QACpB,WAAM,GAAN,MAAM,CAAc;IACpC,CAAC;IAEJ,6EAA6E;IAE7E,MAAM,CAAC,QAAQ;QACb,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAI,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QACxC,OAAO,IAAI,WAAW,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAAmB;QACvC,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAC1C,OAAO,IAAI,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,mDAAmD;IACnD,MAAM,CAAC,IAAI,CAAC,IAAY,EAAE,UAAkB;QAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAoB,CAAC;QAC3E,MAAM,IAAI,GAAQ,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAQ,KAAK,CAAC,CAAC;QAC1D,MAAM,EAAE,GAAU,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAU,KAAK,CAAC,CAAC;QAC1D,MAAM,EAAE,GAAU,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAE1D,MAAM,EAAE,GAAG,UAAU,CAAC,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACzD,mDAAmD;QACnD,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACzC,MAAM,IAAI,GAAM,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC3C,QAAoF,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC1G,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACtE,OAAO,WAAW,CAAC,cAAc,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,iDAAiD;IACjD,IAAI,CAAC,IAAY,EAAE,UAAkB;QACnC,MAAM,IAAI,GAAK,WAAW,CAAC,UAAU,CAAC,CAAC;QACvC,MAAM,EAAE,GAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;QACrC,MAAM,EAAE,GAAO,UAAU,CAAC,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC/E,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACrD,MAAM,IAAI,GAAK,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC1F,MAAM,GAAG,GAAO,MAAuE,CAAC,UAAU,EAAE,CAAC;QAErG,MAAM,QAAQ,GAAoB;YAChC,OAAO,EAAK,gBAAgB;YAC5B,IAAI,EAAQ,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAChC,EAAE,EAAU,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;YAC9B,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YACtD,MAAM,EAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;SACrD,CAAC;QACF,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IACjE,CAAC;IAED,6EAA6E;IAE7E,0DAA0D;IAC1D,IAAI,CAAC,OAAgC;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACvE,MAAM,KAAK,GAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACtD,MAAM,GAAG,GAAS,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrD,OAAO,WAAW,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC1D,CAAC;IAED,wDAAwD;IACxD,MAAM,CAAC,OAAgC,EAAE,SAAiB;QACxD,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QACpD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACvE,MAAM,KAAK,GAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACtD,MAAM,QAAQ,GAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC5E,OAAO,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,IAAI,YAAY;QACd,OAAO,WAAW,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;IAC/D,CAAC;CACF"}

package/dist/nip/index.d.ts

@@ -1,4 +1,10 @@
 export * from "./frames.js";
 export * from "./identity.js";
 export { registerNipFrames } from "./registry.js";
+export * from "./assurance-level.js";
+export * from "./cert-format.js";
+export * from "./error-codes.js";
+export * from "./verifier.js";
+export * as x509 from "./x509/index.js";
+export * as acme from "./acme/index.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/nip/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nip/index.ts"],"names":[],"mappings":"AAGA,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC;AAC9B,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nip/index.ts"],"names":[],"mappings":"AAGA,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC;AAC9B,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAGlD,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAC;AACxC,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAC"}

package/dist/nip/index.js

@@ -1,188 +1,13 @@
-import * as ed25519 from '@noble/ed25519';
-import { sha512 } from '@noble/hashes/sha512';
-import { pbkdf2Sync, createDecipheriv, randomBytes, createCipheriv } from 'crypto';
-import { readFileSync, writeFileSync } from 'fs';
-
-// src/nip/frames.ts
-var IdentFrame = class _IdentFrame {
-  constructor(nid, pubKey, metadata, signature) {
-    this.nid = nid;
-    this.pubKey = pubKey;
-    this.metadata = metadata;
-    this.signature = signature;
-  }
-  nid;
-  pubKey;
-  metadata;
-  signature;
-  frameType = 32 /* IDENT */;
-  preferredTier = 1 /* MSGPACK */;
-  unsignedDict() {
-    return {
-      nid: this.nid,
-      pub_key: this.pubKey,
-      metadata: this.metadata
-    };
-  }
-  toDict() {
-    return { ...this.unsignedDict(), signature: this.signature };
-  }
-  static fromDict(data) {
-    return new _IdentFrame(
-      data["nid"],
-      data["pub_key"],
-      data["metadata"],
-      data["signature"]
-    );
-  }
-};
-var TrustFrame = class _TrustFrame {
-  constructor(issuerNid, subjectNid, scopes, expiresAt, signature) {
-    this.issuerNid = issuerNid;
-    this.subjectNid = subjectNid;
-    this.scopes = scopes;
-    this.expiresAt = expiresAt;
-    this.signature = signature;
-  }
-  issuerNid;
-  subjectNid;
-  scopes;
-  expiresAt;
-  signature;
-  frameType = 33 /* TRUST */;
-  preferredTier = 1 /* MSGPACK */;
-  toDict() {
-    return {
-      issuer_nid: this.issuerNid,
-      subject_nid: this.subjectNid,
-      scopes: this.scopes,
-      expires_at: this.expiresAt,
-      signature: this.signature
-    };
-  }
-  static fromDict(data) {
-    return new _TrustFrame(
-      data["issuer_nid"],
-      data["subject_nid"],
-      data["scopes"],
-      data["expires_at"],
-      data["signature"]
-    );
-  }
-};
-var RevokeFrame = class _RevokeFrame {
-  constructor(nid, reason, revokedAt) {
-    this.nid = nid;
-    this.reason = reason;
-    this.revokedAt = revokedAt;
-  }
-  nid;
-  reason;
-  revokedAt;
-  frameType = 34 /* REVOKE */;
-  preferredTier = 1 /* MSGPACK */;
-  toDict() {
-    return {
-      nid: this.nid,
-      reason: this.reason ?? null,
-      revoked_at: this.revokedAt ?? null
-    };
-  }
-  static fromDict(data) {
-    return new _RevokeFrame(
-      data["nid"],
-      data["reason"] ?? void 0,
-      data["revoked_at"] ?? void 0
-    );
-  }
-};
-ed25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));
-var KEY_FILE_VERSION = 1;
-var PBKDF2_ITERS = 6e5;
-var SALT_BYTES = 16;
-var IV_BYTES = 12;
-var KEY_BYTES = 32;
-var NipIdentity = class _NipIdentity {
-  constructor(_privKey, pubKey) {
-    this._privKey = _privKey;
-    this.pubKey = pubKey;
-  }
-  _privKey;
-  pubKey;
-  // ── Factory ───────────────────────────────────────────────────────────────
-  static generate() {
-    const priv = ed25519.utils.randomPrivateKey();
-    const pub = ed25519.getPublicKey(priv);
-    return new _NipIdentity(priv, pub);
-  }
-  static fromPrivateKey(privKey) {
-    const pub = ed25519.getPublicKey(privKey);
-    return new _NipIdentity(privKey, pub);
-  }
-  /** Load from an AES-256-GCM encrypted key file. */
-  static load(path, passphrase) {
-    const envelope = JSON.parse(readFileSync(path, "utf8"));
-    const salt = Buffer.from(envelope.salt, "hex");
-    const iv = Buffer.from(envelope.iv, "hex");
-    const ct = Buffer.from(envelope.ciphertext, "hex");
-    const dk = pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, "sha256");
-    const decipher = createDecipheriv("aes-256-gcm", dk, iv);
-    const authTag = ct.slice(ct.length - 16);
-    const body = ct.slice(0, ct.length - 16);
-    decipher.setAuthTag(authTag);
-    const priv = Buffer.concat([decipher.update(body), decipher.final()]);
-    return _NipIdentity.fromPrivateKey(new Uint8Array(priv));
-  }
-  /** Save to an AES-256-GCM encrypted key file. */
-  save(path, passphrase) {
-    const salt = randomBytes(SALT_BYTES);
-    const iv = randomBytes(IV_BYTES);
-    const dk = pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, "sha256");
-    const cipher = createCipheriv("aes-256-gcm", dk, iv);
-    const body = Buffer.concat([cipher.update(Buffer.from(this._privKey)), cipher.final()]);
-    const tag = cipher.getAuthTag();
-    const envelope = {
-      version: KEY_FILE_VERSION,
-      salt: salt.toString("hex"),
-      iv: iv.toString("hex"),
-      ciphertext: Buffer.concat([body, tag]).toString("hex"),
-      pubKey: Buffer.from(this.pubKey).toString("hex")
-    };
-    writeFileSync(path, JSON.stringify(envelope, null, 2), "utf8");
-  }
-  // ── Signing ───────────────────────────────────────────────────────────────
-  /** Sign a dict payload. Returns `ed25519:<base64url>`. */
-  sign(payload) {
-    const canonical = JSON.stringify(payload, Object.keys(payload).sort());
-    const bytes = new TextEncoder().encode(canonical);
-    const sig = ed25519.sign(bytes, this._privKey);
-    return `ed25519:${Buffer.from(sig).toString("base64")}`;
-  }
-  /** Verify a signature string against a dict payload. */
-  verify(payload, signature) {
-    if (!signature.startsWith("ed25519:")) return false;
-    try {
-      const canonical = JSON.stringify(payload, Object.keys(payload).sort());
-      const bytes = new TextEncoder().encode(canonical);
-      const sigBytes = Buffer.from(signature.slice("ed25519:".length), "base64");
-      return ed25519.verify(sigBytes, bytes, this.pubKey);
-    } catch {
-      return false;
-    }
-  }
-  /** Public key as `ed25519:<hex>` string. */
-  get pubKeyString() {
-    return `ed25519:${Buffer.from(this.pubKey).toString("hex")}`;
-  }
-};
-
-// src/nip/registry.ts
-function registerNipFrames(registry) {
-  registry.register(32 /* IDENT */, IdentFrame);
-  registry.register(33 /* TRUST */, TrustFrame);
-  registry.register(34 /* REVOKE */, RevokeFrame);
-}
-
-export { IdentFrame, NipIdentity, RevokeFrame, TrustFrame, registerNipFrames };
-//# sourceMappingURL=index.js.map
+// Copyright 2026 INNO LOTUS PTY LTD
+// SPDX-License-Identifier: Apache-2.0
+export * from "./frames.js";
+export * from "./identity.js";
+export { registerNipFrames } from "./registry.js";
+// RFC-0002 / RFC-0003 — X.509 + ACME + dual-trust verifier
+export * from "./assurance-level.js";
+export * from "./cert-format.js";
+export * from "./error-codes.js";
+export * from "./verifier.js";
+export * as x509 from "./x509/index.js";
+export * as acme from "./acme/index.js";
 //# sourceMappingURL=index.js.map

package/dist/nip/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/nip/frames.ts","../../src/nip/identity.ts","../../src/nip/registry.ts"],"names":[],"mappings":";;;;;;AAcO,IAAM,UAAA,GAAN,MAAM,WAAA,CAA+B;AAAA,EAI1C,WAAA,CACkB,GAAA,EACA,MAAA,EACA,QAAA,EACA,SAAA,EAChB;AAJgB,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EACf;AAAA,EAJe,GAAA;AAAA,EACA,MAAA;AAAA,EACA,QAAA;AAAA,EACA,SAAA;AAAA,EAPT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAST,YAAA,GAAwC;AACtC,IAAA,OAAO;AAAA,MACL,KAAU,IAAA,CAAK,GAAA;AAAA,MACf,SAAU,IAAA,CAAK,MAAA;AAAA,MACf,UAAU,IAAA,CAAK;AAAA,KACjB;AAAA,EACF;AAAA,EAEA,MAAA,GAAkC;AAChC,IAAA,OAAO,EAAE,GAAG,IAAA,CAAK,cAAa,EAAG,SAAA,EAAW,KAAK,SAAA,EAAU;AAAA,EAC7D;AAAA,EAEA,OAAO,SAAS,IAAA,EAA2C;AACzD,IAAA,OAAO,IAAI,WAAA;AAAA,MACT,KAAK,KAAK,CAAA;AAAA,MACV,KAAK,SAAS,CAAA;AAAA,MACd,KAAK,UAAU,CAAA;AAAA,MACf,KAAK,WAAW;AAAA,KAClB;AAAA,EACF;AACF;AAEO,IAAM,UAAA,GAAN,MAAM,WAAA,CAA+B;AAAA,EAI1C,WAAA,CACkB,SAAA,EACA,UAAA,EACA,MAAA,EACA,WACA,SAAA,EAChB;AALgB,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EACf;AAAA,EALe,SAAA;AAAA,EACA,UAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EACA,SAAA;AAAA,EART,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAUT,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,YAAa,IAAA,CAAK,SAAA;AAAA,MAClB,aAAa,IAAA,CAAK,UAAA;AAAA,MAClB,QAAa,IAAA,CAAK,MAAA;AAAA,MAClB,YAAa,IAAA,CAAK,SAAA;AAAA,MAClB,WAAa,IAAA,CAAK;AAAA,KACpB;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,IAAA,EAA2C;AACzD,IAAA,OAAO,IAAI,WAAA;AAAA,MACT,KAAK,YAAY,CAAA;AAAA,MACjB,KAAK,aAAa,CAAA;AAAA,MAClB,KAAK,QAAQ,CAAA;AAAA,MACb,KAAK,YAAY,CAAA;AAAA,MACjB,KAAK,WAAW;AAAA,KAClB;AAAA,EACF;AACF;AAEO,IAAM,WAAA,GAAN,MAAM,YAAA,CAAgC;AAAA,EAI3C,WAAA,CACkB,GAAA,EACA,MAAA,EACA,SAAA,EAChB;AAHgB,IAAA,IAAA,CAAA,GAAA,GAAA,GAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EACf;AAAA,EAHe,GAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EANT,SAAA,GAAA,EAAA;AAAA,EACA,aAAA,GAAA,CAAA;AAAA,EAQT,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,KAAY,IAAA,CAAK,GAAA;AAAA,MACjB,MAAA,EAAY,KAAK,MAAA,IAAc,IAAA;AAAA,MAC/B,UAAA,EAAY,KAAK,SAAA,IAAc;AAAA,KACjC;AAAA,EACF;AAAA,EAEA,OAAO,SAAS,IAAA,EAA4C;AAC1D,IAAA,OAAO,IAAI,YAAA;AAAA,MACT,KAAK,KAAK,CAAA;AAAA,MACT,IAAA,CAAK,QAAQ,CAAA,IAA2B,MAAA;AAAA,MACxC,IAAA,CAAK,YAAY,CAAA,IAAuB;AAAA,KAC3C;AAAA,EACF;AACF;AC3FQ,OAAA,CAAA,GAAA,CAAI,UAAA,GAAa,IAAI,CAAA,KAAM,MAAA,CAAe,YAAI,WAAA,CAAY,GAAG,CAAC,CAAC,CAAA;AAEvE,IAAM,gBAAA,GAAmB,CAAA;AACzB,IAAM,YAAA,GAAmB,GAAA;AACzB,IAAM,UAAA,GAAmB,EAAA;AACzB,IAAM,QAAA,GAAmB,EAAA;AACzB,IAAM,SAAA,GAAmB,EAAA;AAUlB,IAAM,WAAA,GAAN,MAAM,YAAA,CAAY;AAAA,EACf,WAAA,CACW,UACA,MAAA,EACjB;AAFiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAChB;AAAA,EAFgB,QAAA;AAAA,EACA,MAAA;AAAA;AAAA,EAKnB,OAAO,QAAA,GAAwB;AAC7B,IAAA,MAAM,IAAA,GAAe,cAAM,gBAAA,EAAiB;AAC5C,IAAA,MAAM,GAAA,GAAe,qBAAa,IAAI,CAAA;AACtC,IAAA,OAAO,IAAI,YAAA,CAAY,IAAA,EAAM,GAAG,CAAA;AAAA,EAClC;AAAA,EAEA,OAAO,eAAe,OAAA,EAAkC;AACtD,IAAA,MAAM,GAAA,GAAc,qBAAa,OAAO,CAAA;AACxC,IAAA,OAAO,IAAI,YAAA,CAAY,OAAA,EAAS,GAAG,CAAA;AAAA,EACrC;AAAA;AAAA,EAGA,OAAO,IAAA,CAAK,IAAA,EAAc,UAAA,EAAiC;AACzD,IAAA,MAAM,WAAW,IAAA,CAAK,KAAA,CAAM,YAAA,CAAa,IAAA,EAAM,MAAM,CAAC,CAAA;AACtD,IAAA,MAAM,IAAA,GAAY,MAAA,CAAO,IAAA,CAAK,QAAA,CAAS,MAAY,KAAK,CAAA;AACxD,IAAA,MAAM,EAAA,GAAY,MAAA,CAAO,IAAA,CAAK,QAAA,CAAS,IAAY,KAAK,CAAA;AACxD,IAAA,MAAM,EAAA,GAAY,MAAA,CAAO,IAAA,CAAK,QAAA,CAAS,YAAY,KAAK,CAAA;AAExD,IAAA,MAAM,KAAK,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,YAAA,EAAc,WAAW,QAAQ,CAAA;AACzE,IAAA,MAAM,QAAA,GAAW,gBAAA,CAAiB,aAAA,EAAe,EAAA,EAAI,EAAE,CAAA;AAEvD,IAAA,MAAM,OAAA,GAAU,EAAA,CAAG,KAAA,CAAM,EAAA,CAAG,SAAS,EAAE,CAAA;AACvC,IAAA,MAAM,OAAU,EAAA,CAAG,KAAA,CAAM,CAAA,EAAG,EAAA,CAAG,SAAS,EAAE,CAAA;AAC1C,IAAC,QAAA,CAAqF,WAAW,OAAO,CAAA;AACxG,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,IAAI,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AACpE,IAAA,OAAO,YAAA,CAAY,cAAA,CAAe,IAAI,UAAA,CAAW,IAAI,CAAC,CAAA;AAAA,EACxD;AAAA;AAAA,EAGA,IAAA,CAAK,MAAc,UAAA,EAA0B;AAC3C,IAAA,MAAM,IAAA,GAAS,YAAY,UAAU,CAAA;AACrC,IAAA,MAAM,EAAA,GAAS,YAAY,QAAQ,CAAA;AACnC,IAAA,MAAM,KAAS,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,YAAA,EAAc,WAAW,QAAQ,CAAA;AAC7E,IAAA,MAAM,MAAA,GAAS,cAAA,CAAe,aAAA,EAAe,EAAA,EAAI,EAAE,CAAA;AACnD,IAAA,MAAM,IAAA,GAAS,MAAA,CAAO,MAAA,CAAO,CAAC,OAAO,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,QAAQ,CAAC,CAAA,EAAG,MAAA,CAAO,KAAA,EAAO,CAAC,CAAA;AACxF,IAAA,MAAM,GAAA,GAAU,OAAwE,UAAA,EAAW;AAEnG,IAAA,MAAM,QAAA,GAA4B;AAAA,MAChC,OAAA,EAAY,gBAAA;AAAA,MACZ,IAAA,EAAY,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA;AAAA,MAC/B,EAAA,EAAY,EAAA,CAAG,QAAA,CAAS,KAAK,CAAA;AAAA,MAC7B,UAAA,EAAY,OAAO,MAAA,CAAO,CAAC,MAAM,GAAG,CAAC,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAAA,MACrD,QAAY,MAAA,CAAO,IAAA,CAAK,KAAK,MAAM,CAAA,CAAE,SAAS,KAAK;AAAA,KACrD;AACA,IAAA,aAAA,CAAc,MAAM,IAAA,CAAK,SAAA,CAAU,UAAU,IAAA,EAAM,CAAC,GAAG,MAAM,CAAA;AAAA,EAC/D;AAAA;AAAA;AAAA,EAKA,KAAK,OAAA,EAA0C;AAC7C,IAAA,MAAM,SAAA,GAAY,KAAK,SAAA,CAAU,OAAA,EAAS,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,IAAA,EAAM,CAAA;AACrE,IAAA,MAAM,KAAA,GAAY,IAAI,WAAA,EAAY,CAAE,OAAO,SAAS,CAAA;AACpD,IAAA,MAAM,GAAA,GAAoB,OAAA,CAAA,IAAA,CAAK,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA;AACnD,IAAA,OAAO,WAAW,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAC,CAAA,CAAA;AAAA,EACvD;AAAA;AAAA,EAGA,MAAA,CAAO,SAAkC,SAAA,EAA4B;AACnE,IAAA,IAAI,CAAC,SAAA,CAAU,UAAA,CAAW,UAAU,GAAG,OAAO,KAAA;AAC9C,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,KAAK,SAAA,CAAU,OAAA,EAAS,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,IAAA,EAAM,CAAA;AACrE,MAAA,MAAM,KAAA,GAAY,IAAI,WAAA,EAAY,CAAE,OAAO,SAAS,CAAA;AACpD,MAAA,MAAM,QAAA,GAAY,OAAO,IAAA,CAAK,SAAA,CAAU,MAAM,UAAA,CAAW,MAAM,GAAG,QAAQ,CAAA;AAC1E,MAAA,OAAe,OAAA,CAAA,MAAA,CAAO,QAAA,EAAU,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,IACpD,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA,EAGA,IAAI,YAAA,GAAuB;AACzB,IAAA,OAAO,CAAA,QAAA,EAAW,OAAO,IAAA,CAAK,IAAA,CAAK,MAAM,CAAA,CAAE,QAAA,CAAS,KAAK,CAAC,CAAA,CAAA;AAAA,EAC5D;AACF;;;ACzGO,SAAS,kBAAkB,QAAA,EAA+B;AAC/D,EAAA,QAAA,CAAS,yBAA2B,UAAU,CAAA;AAC9C,EAAA,QAAA,CAAS,yBAA2B,UAAU,CAAA;AAC9C,EAAA,QAAA,CAAS,0BAA2B,WAAW,CAAA;AACjD","file":"index.js","sourcesContent":["// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport { EncodingTier, FrameType } from \"../core/frames.js\";\nimport type { NpsFrame } from \"../core/codec.js\";\n\nexport interface IdentMetadata {\n  issuer:       string;\n  issuedAt:     string;\n  expiresAt?:   string;\n  capabilities?: readonly string[];\n  scopes?:       readonly string[];\n}\n\nexport class IdentFrame implements NpsFrame {\n  readonly frameType     = FrameType.IDENT;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly nid:       string,\n    public readonly pubKey:    string,\n    public readonly metadata:  IdentMetadata,\n    public readonly signature: string,\n  ) {}\n\n  unsignedDict(): Record<string, unknown> {\n    return {\n      nid:      this.nid,\n      pub_key:  this.pubKey,\n      metadata: this.metadata,\n    };\n  }\n\n  toDict(): Record<string, unknown> {\n    return { ...this.unsignedDict(), signature: this.signature };\n  }\n\n  static fromDict(data: Record<string, unknown>): IdentFrame {\n    return new IdentFrame(\n      data[\"nid\"]       as string,\n      data[\"pub_key\"]   as string,\n      data[\"metadata\"]  as IdentMetadata,\n      data[\"signature\"] as string,\n    );\n  }\n}\n\nexport class TrustFrame implements NpsFrame {\n  readonly frameType     = FrameType.TRUST;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly issuerNid:  string,\n    public readonly subjectNid: string,\n    public readonly scopes:     readonly string[],\n    public readonly expiresAt:  string,\n    public readonly signature:  string,\n  ) {}\n\n  toDict(): Record<string, unknown> {\n    return {\n      issuer_nid:  this.issuerNid,\n      subject_nid: this.subjectNid,\n      scopes:      this.scopes,\n      expires_at:  this.expiresAt,\n      signature:   this.signature,\n    };\n  }\n\n  static fromDict(data: Record<string, unknown>): TrustFrame {\n    return new TrustFrame(\n      data[\"issuer_nid\"]  as string,\n      data[\"subject_nid\"] as string,\n      data[\"scopes\"]      as string[],\n      data[\"expires_at\"]  as string,\n      data[\"signature\"]   as string,\n    );\n  }\n}\n\nexport class RevokeFrame implements NpsFrame {\n  readonly frameType     = FrameType.REVOKE;\n  readonly preferredTier = EncodingTier.MSGPACK;\n\n  constructor(\n    public readonly nid:       string,\n    public readonly reason?:   string,\n    public readonly revokedAt?: string,\n  ) {}\n\n  toDict(): Record<string, unknown> {\n    return {\n      nid:        this.nid,\n      reason:     this.reason     ?? null,\n      revoked_at: this.revokedAt  ?? null,\n    };\n  }\n\n  static fromDict(data: Record<string, unknown>): RevokeFrame {\n    return new RevokeFrame(\n      data[\"nid\"]        as string,\n      (data[\"reason\"]     as string | null) ?? undefined,\n      (data[\"revoked_at\"] as string | null) ?? undefined,\n    );\n  }\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * NipIdentity — Ed25519 key management and signing for NPS NID identity.\n * Uses @noble/ed25519 for signing; node:crypto for key storage encryption.\n */\n\nimport * as ed25519 from \"@noble/ed25519\";\nimport { sha512 } from \"@noble/hashes/sha512\";\nimport { createCipheriv, createDecipheriv, pbkdf2Sync, randomBytes } from \"node:crypto\";\nimport { readFileSync, writeFileSync } from \"node:fs\";\n\n// noble/ed25519 requires sha512 to be set explicitly in Node environments\ned25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));\n\nconst KEY_FILE_VERSION = 1;\nconst PBKDF2_ITERS     = 600_000;\nconst SALT_BYTES       = 16;\nconst IV_BYTES         = 12;\nconst KEY_BYTES        = 32;\n\ninterface KeyFileEnvelope {\n  version:    number;\n  salt:       string; // hex\n  iv:         string; // hex\n  ciphertext: string; // hex\n  pubKey:     string; // hex\n}\n\nexport class NipIdentity {\n  private constructor(\n    private readonly _privKey: Uint8Array,\n    public  readonly pubKey:   Uint8Array,\n  ) {}\n\n  // ── Factory ───────────────────────────────────────────────────────────────\n\n  static generate(): NipIdentity {\n    const priv = ed25519.utils.randomPrivateKey();\n    const pub  = ed25519.getPublicKey(priv);\n    return new NipIdentity(priv, pub);\n  }\n\n  static fromPrivateKey(privKey: Uint8Array): NipIdentity {\n    const pub = ed25519.getPublicKey(privKey);\n    return new NipIdentity(privKey, pub);\n  }\n\n  /** Load from an AES-256-GCM encrypted key file. */\n  static load(path: string, passphrase: string): NipIdentity {\n    const envelope = JSON.parse(readFileSync(path, \"utf8\")) as KeyFileEnvelope;\n    const salt      = Buffer.from(envelope.salt,       \"hex\");\n    const iv        = Buffer.from(envelope.iv,         \"hex\");\n    const ct        = Buffer.from(envelope.ciphertext, \"hex\");\n\n    const dk = pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, \"sha256\");\n    const decipher = createDecipheriv(\"aes-256-gcm\", dk, iv);\n    // Last 16 bytes of ciphertext are the GCM auth tag\n    const authTag = ct.slice(ct.length - 16);\n    const body    = ct.slice(0, ct.length - 16);\n    (decipher as ReturnType<typeof createDecipheriv> & { setAuthTag(tag: Buffer): void }).setAuthTag(authTag);\n    const priv = Buffer.concat([decipher.update(body), decipher.final()]);\n    return NipIdentity.fromPrivateKey(new Uint8Array(priv));\n  }\n\n  /** Save to an AES-256-GCM encrypted key file. */\n  save(path: string, passphrase: string): void {\n    const salt   = randomBytes(SALT_BYTES);\n    const iv     = randomBytes(IV_BYTES);\n    const dk     = pbkdf2Sync(passphrase, salt, PBKDF2_ITERS, KEY_BYTES, \"sha256\");\n    const cipher = createCipheriv(\"aes-256-gcm\", dk, iv);\n    const body   = Buffer.concat([cipher.update(Buffer.from(this._privKey)), cipher.final()]);\n    const tag    = (cipher as ReturnType<typeof createCipheriv> & { getAuthTag(): Buffer }).getAuthTag();\n\n    const envelope: KeyFileEnvelope = {\n      version:    KEY_FILE_VERSION,\n      salt:       salt.toString(\"hex\"),\n      iv:         iv.toString(\"hex\"),\n      ciphertext: Buffer.concat([body, tag]).toString(\"hex\"),\n      pubKey:     Buffer.from(this.pubKey).toString(\"hex\"),\n    };\n    writeFileSync(path, JSON.stringify(envelope, null, 2), \"utf8\");\n  }\n\n  // ── Signing ───────────────────────────────────────────────────────────────\n\n  /** Sign a dict payload. Returns `ed25519:<base64url>`. */\n  sign(payload: Record<string, unknown>): string {\n    const canonical = JSON.stringify(payload, Object.keys(payload).sort());\n    const bytes     = new TextEncoder().encode(canonical);\n    const sig       = ed25519.sign(bytes, this._privKey);\n    return `ed25519:${Buffer.from(sig).toString(\"base64\")}`;\n  }\n\n  /** Verify a signature string against a dict payload. */\n  verify(payload: Record<string, unknown>, signature: string): boolean {\n    if (!signature.startsWith(\"ed25519:\")) return false;\n    try {\n      const canonical = JSON.stringify(payload, Object.keys(payload).sort());\n      const bytes     = new TextEncoder().encode(canonical);\n      const sigBytes  = Buffer.from(signature.slice(\"ed25519:\".length), \"base64\");\n      return ed25519.verify(sigBytes, bytes, this.pubKey);\n    } catch {\n      return false;\n    }\n  }\n\n  /** Public key as `ed25519:<hex>` string. */\n  get pubKeyString(): string {\n    return `ed25519:${Buffer.from(this.pubKey).toString(\"hex\")}`;\n  }\n}\n","// Copyright 2026 INNO LOTUS PTY LTD\n// SPDX-License-Identifier: Apache-2.0\n\nimport { FrameRegistry } from \"../core/registry.js\";\nimport { FrameType } from \"../core/frames.js\";\nimport { IdentFrame, TrustFrame, RevokeFrame } from \"./frames.js\";\n\nexport function registerNipFrames(registry: FrameRegistry): void {\n  registry.register(FrameType.IDENT,  IdentFrame);\n  registry.register(FrameType.TRUST,  TrustFrame);\n  registry.register(FrameType.REVOKE, RevokeFrame);\n}\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nip/index.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,sCAAsC;AAEtC,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC;AAC9B,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAElD,2DAA2D;AAC3D,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAC;AACxC,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAC"}

package/dist/nip/registry.js

@@ -0,0 +1,10 @@
+// Copyright 2026 INNO LOTUS PTY LTD
+// SPDX-License-Identifier: Apache-2.0
+import { FrameType } from "../core/frames.js";
+import { IdentFrame, TrustFrame, RevokeFrame } from "./frames.js";
+export function registerNipFrames(registry) {
+    registry.register(FrameType.IDENT, IdentFrame);
+    registry.register(FrameType.TRUST, TrustFrame);
+    registry.register(FrameType.REVOKE, RevokeFrame);
+}
+//# sourceMappingURL=registry.js.map

package/dist/nip/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/nip/registry.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,sCAAsC;AAGtC,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAElE,MAAM,UAAU,iBAAiB,CAAC,QAAuB;IACvD,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,KAAK,EAAG,UAAU,CAAC,CAAC;IAChD,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,KAAK,EAAG,UAAU,CAAC,CAAC;IAChD,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AACnD,CAAC"}

package/dist/nip/verifier.d.ts

@@ -0,0 +1,23 @@
+import type { X509Certificate } from "@peculiar/x509";
+import { AssuranceLevel } from "./assurance-level.js";
+import type { IdentFrame } from "./frames.js";
+export interface NipVerifierOptions {
+    /** Map of issuer NID → CA public key string (`ed25519:<hex>`). */
+    trustedCaPublicKeys?: Readonly<Record<string, string>>;
+    /** X.509 trust anchors. Empty/undefined makes Step 3b reject v2 frames. */
+    trustedX509Roots?: readonly X509Certificate[];
+    /** Minimum required assurance level (NPS-RFC-0003). */
+    minAssuranceLevel?: AssuranceLevel;
+}
+export interface NipIdentVerifyResult {
+    valid: boolean;
+    stepFailed: number;
+    errorCode?: string;
+    message?: string;
+}
+export declare class NipIdentVerifier {
+    readonly options: NipVerifierOptions;
+    constructor(options: NipVerifierOptions);
+    verify(frame: IdentFrame, issuerNid: string): Promise<NipIdentVerifyResult>;
+}
+//# sourceMappingURL=verifier.d.ts.map

package/dist/nip/verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../src/nip/verifier.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEtD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGtD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAM9C,MAAM,WAAW,kBAAkB;IACjC,kEAAkE;IAClE,mBAAmB,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACvD,2EAA2E;IAC3E,gBAAgB,CAAC,EAAK,SAAS,eAAe,EAAE,CAAC;IACjD,uDAAuD;IACvD,iBAAiB,CAAC,EAAI,cAAc,CAAC;CACtC;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAO,OAAO,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAI,MAAM,CAAC;CACpB;AAQD,qBAAa,gBAAgB;aACC,OAAO,EAAE,kBAAkB;gBAA3B,OAAO,EAAE,kBAAkB;IAEjD,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;CAsDlF"}