@majikah/majik-message 0.2.15 → 0.2.17

package/dist/majik-message.d.ts

@@ -8,7 +8,7 @@ import { MajikMessageChat } from "./core/database/chat/majik-message-chat";
 import { MajikMessageIdentity } from "./core/database/system/identity";
 import { MajikKey } from "@majikah/majik-key";
 import { MajikFile, MajikFileJSON } from "@majikah/majik-file";
-import { EnvelopeInfo, ExpectedSigner, MajikSignature, SealInfo, SealVerificationResult, type MajikSignatureJSON, type MajikSignerPublicKeys, type VerificationResult } from "@majikah/majik-signature";
+import { EnvelopeInfo, ExpectedSigner, MajikSignature, SealInfo, SealVerificationResult, SignatoriesFilter, SignatoriesResult, SignatoryInfo, type MajikSignatureJSON, type MajikSignerPublicKeys, type VerificationResult } from "@majikah/majik-signature";
 type MajikMessageEvents = "message" | "envelope" | "untrusted" | "error" | "new-account" | "new-contact" | "removed-account" | "removed-contact" | "active-account-change";
 interface MajikMessageStatic<T extends MajikMessage> {
     new (config: MajikMessageConfig, id?: string): T;
@@ -798,6 +798,106 @@ export declare class MajikMessage {
         handler: string;
         mimeType: string;
     }>;
+    /**
+     * Build an ExpectedSigner entry from a MajikKey.
+     * Use this to construct the expectedSigners array passed to signFile().
+     * The key does not need to be unlocked.
+     *
+     * @example
+     *   const { blob } = await majik.signFile(file, {
+     *     expectedSigners: [
+     *       MajikSignatureClient.expectedSignerFromKey(aliceKey),
+     *       MajikSignatureClient.expectedSignerFromKey(bobKey),
+     *     ],
+     *   });
+     */
+    static expectedSignerFromKey(key: MajikKey): ExpectedSigner;
+    /**
+     * Get the allowlist from a file without verifying any signatures.
+     * Returns null for open-signing files or unsigned files.
+     *
+     * @example
+     *   const list = await majik.getAllowlist(file);
+     *   if (list) console.log("Restricted to", list.map(e => e.signerId));
+     */
+    getAllowlist(file: Blob, options?: {
+        mimeType?: string;
+    }): Promise<ExpectedSigner[] | null>;
+    /**
+     * Check whether a MajikKey is permitted to add a signature to this file.
+     * Accounts for seal status and allowlist membership (full three-field check).
+     *
+     * @example
+     *   const { permitted, reason } = await majik.canSign(file, key);
+     *   if (!permitted) showError(reason);
+     */
+    canSign(file: Blob, key: MajikKey, options?: {
+        mimeType?: string;
+    }): Promise<{
+        permitted: boolean;
+        reason?: string;
+    }>;
+    /**
+     * Returns true when the file has a restricted multi-sig envelope
+     * (allowlist with more than one expected signer).
+     * Returns false for unsigned, open-signing, or single-signer files.
+     */
+    isMultiSig(file: Blob, options?: {
+        mimeType?: string;
+    }): Promise<boolean>;
+    /**
+     * Core signatories method — returns all, signed, and pending arrays.
+     *
+     * When an allowlist is present:
+     *   - all     = every expected signer with their signing status
+     *   - signed  = those who have already signed
+     *   - pending = those who are expected but have not yet signed
+     *
+     * When no allowlist is present:
+     *   - all / signed = actual signers (everyone has signed by definition)
+     *   - pending      = always empty
+     *
+     * Returns null if the file has no envelope.
+     *
+     * @example
+     *   const result = await majik.getSignatories(file);
+     *   console.log(`${result?.signed.length} of ${result?.all.length} signed`);
+     */
+    getSignatories(file: Blob, options?: {
+        mimeType?: string;
+    }, filter?: SignatoriesFilter): Promise<SignatoriesResult | null>;
+    /**
+     * Returns only signatories who have already signed.
+     * Alias for getSignatories(file, options, "signed").
+     */
+    getSignedSignatories(file: Blob, options?: {
+        mimeType?: string;
+    }): Promise<SignatoriesResult | null>;
+    /**
+     * Returns only signatories who are expected but have not yet signed.
+     * Alias for getSignatories(file, options, "pending").
+     */
+    getPendingSignatories(file: Blob, options?: {
+        mimeType?: string;
+    }): Promise<SignatoriesResult | null>;
+    /**
+     * Returns all signatories with full status information.
+     * Alias for getSignatories(file, options, "all").
+     */
+    getAllSignatories(file: Blob, options?: {
+        mimeType?: string;
+    }): Promise<SignatoriesResult | null>;
+    /**
+     * Returns the issuer — the signer who established the allowlist and
+     * controls sealing. Returns null for open-signing or unsigned files.
+     *
+     * @example
+     *   const issuer = await majik.getIssuer(file);
+     *   if (issuer) console.log("Issued by", majik.resolveSignerLabel(issuer.signerId));
+     */
+    getIssuer(file: Blob, options?: {
+        mimeType?: string;
+    }): Promise<SignatoryInfo | null>;
     /**
      * Extract metadata from a file's embedded signature without verifying it.
      *

package/dist/majik-message.js

@@ -1759,6 +1759,154 @@ export class MajikMessage {
         // that makes the caller's intent explicit at the call-site.
         return this.signFile(file, options);
     }
+    // ── Multi-sig & Allowlist ─────────────────────────────────────────────────
+    /**
+     * Build an ExpectedSigner entry from a MajikKey.
+     * Use this to construct the expectedSigners array passed to signFile().
+     * The key does not need to be unlocked.
+     *
+     * @example
+     *   const { blob } = await majik.signFile(file, {
+     *     expectedSigners: [
+     *       MajikSignatureClient.expectedSignerFromKey(aliceKey),
+     *       MajikSignatureClient.expectedSignerFromKey(bobKey),
+     *     ],
+     *   });
+     */
+    static expectedSignerFromKey(key) {
+        return MajikSignature.expectedSignerFromKey(key);
+    }
+    /**
+     * Get the allowlist from a file without verifying any signatures.
+     * Returns null for open-signing files or unsigned files.
+     *
+     * @example
+     *   const list = await majik.getAllowlist(file);
+     *   if (list) console.log("Restricted to", list.map(e => e.signerId));
+     */
+    async getAllowlist(file, options) {
+        try {
+            return MajikSignature.getAllowlist(file, options);
+        }
+        catch (err) {
+            this.emit("error", err, { context: "getAllowlist" });
+            throw err;
+        }
+    }
+    /**
+     * Check whether a MajikKey is permitted to add a signature to this file.
+     * Accounts for seal status and allowlist membership (full three-field check).
+     *
+     * @example
+     *   const { permitted, reason } = await majik.canSign(file, key);
+     *   if (!permitted) showError(reason);
+     */
+    async canSign(file, key, options) {
+        try {
+            return MajikSignature.canSign(file, key, options);
+        }
+        catch (err) {
+            this.emit("error", err, { context: "canSign" });
+            throw err;
+        }
+    }
+    /**
+     * Returns true when the file has a restricted multi-sig envelope
+     * (allowlist with more than one expected signer).
+     * Returns false for unsigned, open-signing, or single-signer files.
+     */
+    async isMultiSig(file, options) {
+        try {
+            return MajikSignature.isMultiSig(file, options);
+        }
+        catch (err) {
+            this.emit("error", err, { context: "isMultiSig" });
+            throw err;
+        }
+    }
+    /**
+     * Core signatories method — returns all, signed, and pending arrays.
+     *
+     * When an allowlist is present:
+     *   - all     = every expected signer with their signing status
+     *   - signed  = those who have already signed
+     *   - pending = those who are expected but have not yet signed
+     *
+     * When no allowlist is present:
+     *   - all / signed = actual signers (everyone has signed by definition)
+     *   - pending      = always empty
+     *
+     * Returns null if the file has no envelope.
+     *
+     * @example
+     *   const result = await majik.getSignatories(file);
+     *   console.log(`${result?.signed.length} of ${result?.all.length} signed`);
+     */
+    async getSignatories(file, options, filter) {
+        try {
+            return MajikSignature.getSignatories(file, options, filter);
+        }
+        catch (err) {
+            this.emit("error", err, { context: "getSignatories" });
+            throw err;
+        }
+    }
+    /**
+     * Returns only signatories who have already signed.
+     * Alias for getSignatories(file, options, "signed").
+     */
+    async getSignedSignatories(file, options) {
+        try {
+            return MajikSignature.getSignedSignatories(file, options);
+        }
+        catch (err) {
+            this.emit("error", err, { context: "getSignedSignatories" });
+            throw err;
+        }
+    }
+    /**
+     * Returns only signatories who are expected but have not yet signed.
+     * Alias for getSignatories(file, options, "pending").
+     */
+    async getPendingSignatories(file, options) {
+        try {
+            return MajikSignature.getPendingSignatories(file, options);
+        }
+        catch (err) {
+            this.emit("error", err, { context: "getPendingSignatories" });
+            throw err;
+        }
+    }
+    /**
+     * Returns all signatories with full status information.
+     * Alias for getSignatories(file, options, "all").
+     */
+    async getAllSignatories(file, options) {
+        try {
+            return MajikSignature.getAllSignatories(file, options);
+        }
+        catch (err) {
+            this.emit("error", err, { context: "getAllSignatories" });
+            throw err;
+        }
+    }
+    /**
+     * Returns the issuer — the signer who established the allowlist and
+     * controls sealing. Returns null for open-signing or unsigned files.
+     *
+     * @example
+     *   const issuer = await majik.getIssuer(file);
+     *   if (issuer) console.log("Issued by", majik.resolveSignerLabel(issuer.signerId));
+     */
+    async getIssuer(file, options) {
+        try {
+            return MajikSignature.getIssuer(file, options);
+        }
+        catch (err) {
+            this.emit("error", err, { context: "getIssuer" });
+            throw err;
+        }
+    }
     /**
      * Extract metadata from a file's embedded signature without verifying it.
      *

package/package.json

@@ -2,7 +2,7 @@
   "name": "@majikah/majik-message",
   "type": "module",
   "description": "Post-quantum end-to-end encryption with ML-KEM-768. Seed phrase–based accounts. Auto-expiring messages. Offline-ready. Exportable encrypted messages. Tamper-proof threads with blockchain-like integrity. Quantum-resistant messaging.",
-  "version": "0.2.15",
+  "version": "0.2.17",
   "license": "Apache-2.0",
   "author": "Zelijah",
   "main": "./dist/index.js",
@@ -81,9 +81,9 @@
   "dependencies": {
     "@bokuweb/zstd-wasm": "^0.0.27",
     "@majikah/majik-envelope": "^0.0.1",
-    "@majikah/majik-file": "^0.0.21",
+    "@majikah/majik-file": "^0.0.22",
     "@majikah/majik-key": "^0.2.3",
-    "@majikah/majik-signature": "^0.0.14",
+    "@majikah/majik-signature": "^0.0.15",
     "@noble/hashes": "^2.0.1",
     "@noble/post-quantum": "^0.5.4",
     "@scure/bip39": "^1.6.0",