npm - @majikah/majik-message - Versions diffs - 0.2.12 → 0.2.14 - Mend

@majikah/majik-message 0.2.12 → 0.2.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/majik-message.d.ts CHANGED Viewed

@@ -8,7 +8,7 @@ import { MajikMessageChat } from "./core/database/chat/majik-message-chat";
 import { MajikMessageIdentity } from "./core/database/system/identity";
 import { MajikKey } from "@majikah/majik-key";
 import { MajikFile, MajikFileJSON } from "@majikah/majik-file";
-import { MajikSignature, type MajikSignatureJSON, type MajikSignerPublicKeys, type VerificationResult } from "@majikah/majik-signature";
+import { EnvelopeInfo, MajikSignature, SealInfo, SealVerificationResult, type MajikSignatureJSON, type MajikSignerPublicKeys, type VerificationResult } from "@majikah/majik-signature";
 type MajikMessageEvents = "message" | "envelope" | "untrusted" | "error" | "new-account" | "new-contact" | "removed-account" | "removed-contact" | "active-account-change";
 interface MajikMessageStatic<T extends MajikMessage> {
     new (config: MajikMessageConfig, id?: string): T;
@@ -720,13 +720,13 @@ export declare class MajikMessage {
         key?: MajikKey;
         expectedSignerId?: string;
     }): Promise<Array<VerificationResult & {
-        handler: string | null;
-        mimeType: string | null;
+        handler: string | undefined;
+        mimeType: string | undefined;
         error: Error | null;
     }>>;
     /**
      * Extract the embedded MajikSignature from a file.
-     * Returns a fully typed MajikSignature instance, or null if not found.
+     * Returns an array of fully typed MajikSignature instances, or empty if none found.
      *
      * Does not verify — use verifyFile() to verify.
      *
@@ -736,7 +736,7 @@ export declare class MajikMessage {
      */
     extractSignature(file: Blob, options?: {
         mimeType?: string;
-    }): Promise<MajikSignature | null>;
+    }): Promise<MajikSignature[]>;
     /**
      * Return a clean copy of the file with any embedded signature removed.
      * The returned bytes are exactly what was originally signed.
@@ -817,7 +817,73 @@ export declare class MajikMessage {
      */
     getFileSignatureInfo(file: Blob, options?: {
         mimeType?: string;
-    }): Promise<MajikSignature | null>;
+    }): Promise<MajikSignature[]>;
+    /**
+     * Return a complete summary of the envelope state in one file read.
+     * Covers: isMultiSig, isSealed, issuer, all signatories, allowlist, seal info.
+     * Useful for rendering a signing status UI without multiple separate calls.
+     *
+     * Returns null if the file has no envelope.
+     *
+     * @example
+     *   const info = await majik.getEnvelopeInfo(file);
+     *   if (info?.isSealed) console.log("Sealed by", info.sealInfo?.sealedBy);
+     *   console.log(`${info?.signatories?.signed.length} of ${info?.signatories?.all.length} signed`);
+     */
+    getEnvelopeInfo(file: Blob, options?: {
+        mimeType?: string;
+    }): Promise<EnvelopeInfo | null>;
+    /**
+     * Seal a restricted multi-sig file, preventing any further signatures.
+     *
+     * Only the issuer (the signer who established the allowlist) may seal.
+     * Resolves the signing key from the keystore — the account must be loaded
+     * but does NOT need to be unlocked (sealing does not use private keys).
+     *
+     * @example
+     *   const { blob, sealInfo } = await majik.seal(signedFile);
+     *   console.log("Sealed at", sealInfo.sealTimestamp);
+     */
+    seal(file: Blob, options?: {
+        mimeType?: string;
+        timestamp?: string;
+        accountId?: string;
+    }): Promise<{
+        blob: Blob;
+        sealInfo: SealInfo;
+        handler: string;
+        mimeType: string;
+    }>;
+    /**
+     * Verify the seal hash against the current signatories and seal timestamp.
+     * Returns invalid if the envelope is not sealed.
+     * Does NOT verify individual cryptographic signatures — call verifyFile() for that.
+     *
+     * @example
+     *   const result = await majik.verifySeal(file);
+     *   if (result.valid) console.log("Sealed by", result.sealedBy, "at", result.sealTimestamp);
+     */
+    verifySeal(file: Blob, options?: {
+        mimeType?: string;
+    }): Promise<SealVerificationResult>;
+    /**
+     * Get seal metadata without verifying.
+     * Returns null if the file is not sealed or has no envelope.
+     *
+     * @example
+     *   const info = await majik.getSealInfo(file);
+     *   if (info) console.log("Sealed by", majik.resolveSignerLabel(info.sealedBy));
+     */
+    getSealInfo(file: Blob, options?: {
+        mimeType?: string;
+    }): Promise<SealInfo | null>;
+    /**
+     * Returns true if the file has a sealed envelope (structural check, no crypto).
+     * Use verifySeal() to confirm the seal hash is intact.
+     */
+    isSealed(file: Blob, options?: {
+        mimeType?: string;
+    }): Promise<boolean>;
     /**
      * Resolve MajikSignerPublicKeys from whichever signer hint was provided.
      * Returns null if no hint was given (caller should fall back to self-reported keys).

package/dist/majik-message.js CHANGED Viewed

@@ -1550,16 +1550,18 @@ export class MajikMessage {
         try {
             const publicKeys = await this._resolveSignerPublicKeys(options);
             if (publicKeys) {
-                return MajikSignature.verifyFile(file, publicKeys, {
+                const results = await MajikSignature.verifyFile(file, publicKeys, {
                     expectedSignerId: options?.expectedSignerId,
                     mimeType: options?.mimeType,
-                });
+                }, true);
+                return results[0];
             }
-            // No signer provided — extract and use self-reported keys
+            // No signer provided — extract and use self-reported keys from first signature.
+            // For full multi-sig verification, pass a contactId or publicKeyBase64.
             const extracted = await MajikSignature.extractFrom(file, {
                 mimeType: options?.mimeType,
             });
-            if (!extracted) {
+            if (!extracted.length) {
                 return {
                     valid: false,
                     signerId: "",
@@ -1568,10 +1570,12 @@ export class MajikMessage {
                     reason: "No embedded signature found",
                 };
             }
-            return MajikSignature.verifyFile(file, extracted.extractPublicKeys(), {
-                expectedSignerId: options?.expectedSignerId,
+            const firstSig = extracted[0];
+            const results = await MajikSignature.verifyFile(file, firstSig.extractPublicKeys(), {
+                expectedSignerId: firstSig.signerId,
                 mimeType: options?.mimeType,
-            });
+            }, true);
+            return results[0];
         }
         catch (err) {
             this.emit("error", err, { context: "verifyFile" });
@@ -1609,34 +1613,36 @@ export class MajikMessage {
             try {
                 let result;
                 if (publicKeys) {
-                    result = await MajikSignature.verifyFile(file, publicKeys, {
+                    const results = await MajikSignature.verifyFile(file, publicKeys, {
                         mimeType,
                         expectedSignerId,
                     });
+                    result = results[0];
                 }
                 else {
-                    // No signer hint — use self-reported keys from each file's envelope
                     const extracted = await MajikSignature.extractFrom(file, {
                         mimeType,
                     });
-                    if (!extracted) {
+                    if (!extracted.length) {
                         return {
                             valid: false,
-                            signerId: "",
-                            contentHash: "",
+                            signerId: undefined,
+                            contentHash: undefined,
                             timestamp: new Date().toISOString(),
                             reason: "No embedded signature found",
-                            handler: null,
-                            mimeType: mimeType ?? null,
+                            handler: undefined,
+                            mimeType,
                             error: null,
                         };
                     }
-                    result = await MajikSignature.verifyFile(file, extracted.extractPublicKeys(), { mimeType, expectedSignerId });
+                    const firstSig = extracted[0];
+                    const results = await MajikSignature.verifyFile(file, firstSig.extractPublicKeys(), { mimeType, expectedSignerId: firstSig.signerId });
+                    result = results[0];
                 }
                 return {
                     ...result,
-                    handler: result.handler ?? null,
-                    mimeType: mimeType ?? null,
+                    handler: result.handler,
+                    mimeType,
                     error: null,
                 };
             }
@@ -1644,11 +1650,11 @@ export class MajikMessage {
                 this.emit("error", err, { context: "batchVerifyFiles" });
                 return {
                     valid: false,
-                    signerId: "",
-                    contentHash: "",
+                    signerId: undefined,
+                    contentHash: undefined,
                     timestamp: new Date().toISOString(),
-                    handler: null,
-                    mimeType: mimeType ?? null,
+                    handler: undefined,
+                    mimeType,
                     error: err instanceof Error ? err : new Error(String(err)),
                 };
             }
@@ -1657,7 +1663,7 @@ export class MajikMessage {
     // ── Signature Utilities ───────────────────────────────────────────────────
     /**
      * Extract the embedded MajikSignature from a file.
-     * Returns a fully typed MajikSignature instance, or null if not found.
+     * Returns an array of fully typed MajikSignature instances, or empty if none found.
      *
      * Does not verify — use verifyFile() to verify.
      *
@@ -1779,6 +1785,105 @@ export class MajikMessage {
             throw err;
         }
     }
+    /**
+     * Return a complete summary of the envelope state in one file read.
+     * Covers: isMultiSig, isSealed, issuer, all signatories, allowlist, seal info.
+     * Useful for rendering a signing status UI without multiple separate calls.
+     *
+     * Returns null if the file has no envelope.
+     *
+     * @example
+     *   const info = await majik.getEnvelopeInfo(file);
+     *   if (info?.isSealed) console.log("Sealed by", info.sealInfo?.sealedBy);
+     *   console.log(`${info?.signatories?.signed.length} of ${info?.signatories?.all.length} signed`);
+     */
+    async getEnvelopeInfo(file, options) {
+        try {
+            return MajikSignature.getEnvelopeInfo(file, options);
+        }
+        catch (err) {
+            this.emit("error", err, { context: "getEnvelopeInfo" });
+            throw err;
+        }
+    }
+    // ── Seal ──────────────────────────────────────────────────────────────────
+    /**
+     * Seal a restricted multi-sig file, preventing any further signatures.
+     *
+     * Only the issuer (the signer who established the allowlist) may seal.
+     * Resolves the signing key from the keystore — the account must be loaded
+     * but does NOT need to be unlocked (sealing does not use private keys).
+     *
+     * @example
+     *   const { blob, sealInfo } = await majik.seal(signedFile);
+     *   console.log("Sealed at", sealInfo.sealTimestamp);
+     */
+    async seal(file, options) {
+        const id = options?.accountId ?? this.getActiveAccount()?.id;
+        if (!id)
+            throw new Error("No active account — call setActiveAccount() first");
+        try {
+            const key = MajikKeyStore.get(id);
+            if (!key)
+                throw new Error(`Account not found in keystore: "${id}"`);
+            return MajikSignature.seal(file, key, {
+                mimeType: options?.mimeType,
+                timestamp: options?.timestamp,
+            });
+        }
+        catch (err) {
+            this.emit("error", err, { context: "seal" });
+            throw err;
+        }
+    }
+    /**
+     * Verify the seal hash against the current signatories and seal timestamp.
+     * Returns invalid if the envelope is not sealed.
+     * Does NOT verify individual cryptographic signatures — call verifyFile() for that.
+     *
+     * @example
+     *   const result = await majik.verifySeal(file);
+     *   if (result.valid) console.log("Sealed by", result.sealedBy, "at", result.sealTimestamp);
+     */
+    async verifySeal(file, options) {
+        try {
+            return MajikSignature.verifySeal(file, options);
+        }
+        catch (err) {
+            this.emit("error", err, { context: "verifySeal" });
+            throw err;
+        }
+    }
+    /**
+     * Get seal metadata without verifying.
+     * Returns null if the file is not sealed or has no envelope.
+     *
+     * @example
+     *   const info = await majik.getSealInfo(file);
+     *   if (info) console.log("Sealed by", majik.resolveSignerLabel(info.sealedBy));
+     */
+    async getSealInfo(file, options) {
+        try {
+            return MajikSignature.getSealInfo(file, options);
+        }
+        catch (err) {
+            this.emit("error", err, { context: "getSealInfo" });
+            throw err;
+        }
+    }
+    /**
+     * Returns true if the file has a sealed envelope (structural check, no crypto).
+     * Use verifySeal() to confirm the seal hash is intact.
+     */
+    async isSealed(file, options) {
+        try {
+            return MajikSignature.isSealed(file, options);
+        }
+        catch (err) {
+            this.emit("error", err, { context: "isSealed" });
+            throw err;
+        }
+    }
     // ── Private: Signer resolution ────────────────────────────────────────────
     /**
      * Resolve MajikSignerPublicKeys from whichever signer hint was provided.

package/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "@majikah/majik-message",
   "type": "module",
   "description": "Post-quantum end-to-end encryption with ML-KEM-768. Seed phrase–based accounts. Auto-expiring messages. Offline-ready. Exportable encrypted messages. Tamper-proof threads with blockchain-like integrity. Quantum-resistant messaging.",
-  "version": "0.2.12",
+  "version": "0.2.14",
   "license": "Apache-2.0",
   "author": "Zelijah",
   "main": "./dist/index.js",
@@ -81,9 +81,9 @@
   "dependencies": {
     "@bokuweb/zstd-wasm": "^0.0.27",
     "@majikah/majik-envelope": "^0.0.1",
-    "@majikah/majik-file": "^0.0.20",
+    "@majikah/majik-file": "^0.0.21",
     "@majikah/majik-key": "^0.2.3",
-    "@majikah/majik-signature": "^0.0.10",
+    "@majikah/majik-signature": "^0.0.14",
     "@noble/hashes": "^2.0.1",
     "@noble/post-quantum": "^0.5.4",
     "@scure/bip39": "^1.6.0",