@metalabel/dfos-protocol 0.0.2 → 0.1.0

package/dist/chain/index.d.ts

@@ -77,24 +77,38 @@ type VerifiedIdentity = z.infer<typeof VerifiedIdentity>;
 declare const ContentOperation: z.ZodDiscriminatedUnion<[z.ZodObject<{
     version: z.ZodLiteral<1>;
     type: z.ZodLiteral<"create">;
+    did: z.ZodString;
     documentCID: z.ZodString;
+    baseDocumentCID: z.ZodNullable<z.ZodString>;
     createdAt: z.ZodISODateTime;
     note: z.ZodNullable<z.ZodString>;
 }, z.core.$strict>, z.ZodObject<{
     version: z.ZodLiteral<1>;
     type: z.ZodLiteral<"update">;
+    did: z.ZodString;
     previousOperationCID: z.ZodString;
     documentCID: z.ZodNullable<z.ZodString>;
+    baseDocumentCID: z.ZodNullable<z.ZodString>;
     createdAt: z.ZodISODateTime;
     note: z.ZodNullable<z.ZodString>;
 }, z.core.$strict>, z.ZodObject<{
     version: z.ZodLiteral<1>;
     type: z.ZodLiteral<"delete">;
+    did: z.ZodString;
     previousOperationCID: z.ZodString;
     createdAt: z.ZodISODateTime;
     note: z.ZodNullable<z.ZodString>;
 }, z.core.$strict>], "type">;
 type ContentOperation = z.infer<typeof ContentOperation>;
+/** Beacon: floating signed merkle root announcement */
+declare const BeaconPayload: z.ZodObject<{
+    version: z.ZodLiteral<1>;
+    type: z.ZodLiteral<"beacon">;
+    did: z.ZodString;
+    merkleRoot: z.ZodString;
+    createdAt: z.ZodISODateTime;
+}, z.core.$strict>;
+type BeaconPayload = z.infer<typeof BeaconPayload>;
 
 /** Ed25519 public key multicodec value */
 declare const ED25519_PUB_MULTICODEC = 237;
@@ -124,12 +138,12 @@ declare const decodeMultikey: (multibase: string) => {
  */
 declare const deriveChainIdentifier: (cidBytes: Uint8Array, prefix: string) => string;
 /**
- * Derive a bare entity identifier from CID bytes
+ * Derive a bare content identifier from CID bytes
  *
  * Returns the raw 22-char hash with no prefix. Applications may add
  * their own prefix for routing (e.g., post_xxxx) — that's semantic sugar.
  */
-declare const deriveEntityId: (cidBytes: Uint8Array) => string;
+declare const deriveContentId: (cidBytes: Uint8Array) => string;
 
 /**
  * Sign an identity operation as a JWS and derive the operation CID
@@ -156,8 +170,8 @@ declare const verifyIdentityChain: (input: {
 }) => Promise<VerifiedIdentity>;
 
 interface VerifiedContentChain {
-    /** Entity identifier — bare 22-char hash derived from genesis CID */
-    entityId: string;
+    /** Content identifier — bare 22-char hash derived from genesis CID */
+    contentId: string;
     /** CID of the genesis operation */
     genesisCID: string;
     /** CID of the most recent operation */
@@ -193,4 +207,82 @@ declare const verifyContentChain: (input: {
     resolveKey: (kid: string) => Promise<Uint8Array>;
 }) => Promise<VerifiedContentChain>;
 
-export { ContentOperation, ED25519_PRIV_MULTICODEC, ED25519_PUB_MULTICODEC, IdentityOperation, MultikeyPublicKey, type Signer, type VerifiedContentChain, VerifiedIdentity, decodeMultikey, deriveChainIdentifier, deriveEntityId, encodeEd25519Multikey, signContentOperation, signIdentityOperation, verifyContentChain, verifyIdentityChain };
+/**
+ * Sign a beacon announcement as a JWS
+ */
+declare const signBeacon: (input: {
+    payload: BeaconPayload;
+    signer: Signer;
+    kid: string;
+}) => Promise<{
+    jwsToken: string;
+    beaconCID: string;
+}>;
+interface VerifiedBeacon {
+    payload: BeaconPayload;
+    beaconCID: string;
+}
+/**
+ * Verify a beacon JWS — signature, CID, payload schema, clock skew
+ */
+declare const verifyBeacon: (input: {
+    jwsToken: string;
+    resolveKey: (kid: string) => Promise<Uint8Array>;
+    /** Current time for clock skew check (defaults to Date.now()) */
+    now?: number;
+}) => Promise<VerifiedBeacon>;
+
+/**
+ * Sign an existing content operation as a countersignature (witness JWS)
+ *
+ * The witness signs the same payload as the author, producing a different
+ * JWS token with their own kid. The CID is identical because the payload
+ * is identical.
+ */
+declare const signCountersignature: (input: {
+    /** The original operation payload (must include did of the author) */
+    operationPayload: ContentOperation;
+    /** Witness signer */
+    signer: Signer;
+    /** Witness kid — DID URL of the witness (must differ from payload.did) */
+    kid: string;
+}) => Promise<{
+    jwsToken: string;
+    operationCID: string;
+}>;
+interface VerifiedCountersignature {
+    operationCID: string;
+    /** The DID that authored the operation (payload.did) */
+    authorDID: string;
+    /** The DID that witnessed the operation (kid DID) */
+    witnessDID: string;
+}
+/**
+ * Verify a countersignature JWS against an expected operation CID
+ *
+ * Checks: valid signature, CID matches, kid DID differs from payload did
+ */
+declare const verifyCountersignature: (input: {
+    jwsToken: string;
+    expectedCID: string;
+    resolveKey: (kid: string) => Promise<Uint8Array>;
+}) => Promise<VerifiedCountersignature>;
+interface VerifiedBeaconCountersignature {
+    beaconCID: string;
+    /** The DID that controls the beacon (payload.did) */
+    controllerDID: string;
+    /** The DID that witnessed the beacon (kid DID) */
+    witnessDID: string;
+}
+/**
+ * Verify a beacon countersignature JWS against an expected beacon CID
+ *
+ * Checks: valid signature, CID matches, kid DID differs from payload did
+ */
+declare const verifyBeaconCountersignature: (input: {
+    jwsToken: string;
+    expectedCID: string;
+    resolveKey: (kid: string) => Promise<Uint8Array>;
+}) => Promise<VerifiedBeaconCountersignature>;
+
+export { BeaconPayload, ContentOperation, ED25519_PRIV_MULTICODEC, ED25519_PUB_MULTICODEC, IdentityOperation, MultikeyPublicKey, type Signer, type VerifiedBeacon, type VerifiedBeaconCountersignature, type VerifiedContentChain, type VerifiedCountersignature, VerifiedIdentity, decodeMultikey, deriveChainIdentifier, deriveContentId, encodeEd25519Multikey, signBeacon, signContentOperation, signCountersignature, signIdentityOperation, verifyBeacon, verifyBeaconCountersignature, verifyContentChain, verifyCountersignature, verifyIdentityChain };

package/dist/chain/index.js

@@ -1,4 +1,5 @@
 import {
+  BeaconPayload,
   ContentOperation,
   ED25519_PRIV_MULTICODEC,
   ED25519_PUB_MULTICODEC,
@@ -7,15 +8,21 @@ import {
   VerifiedIdentity,
   decodeMultikey,
   deriveChainIdentifier,
-  deriveEntityId,
+  deriveContentId,
   encodeEd25519Multikey,
+  signBeacon,
   signContentOperation,
+  signCountersignature,
   signIdentityOperation,
+  verifyBeacon,
+  verifyBeaconCountersignature,
   verifyContentChain,
+  verifyCountersignature,
   verifyIdentityChain
-} from "../chunk-LWC4PWGZ.js";
+} from "../chunk-ASGEXSVT.js";
 import "../chunk-ZXXP5W5N.js";
 export {
+  BeaconPayload,
   ContentOperation,
   ED25519_PRIV_MULTICODEC,
   ED25519_PUB_MULTICODEC,
@@ -24,10 +31,15 @@ export {
   VerifiedIdentity,
   decodeMultikey,
   deriveChainIdentifier,
-  deriveEntityId,
+  deriveContentId,
   encodeEd25519Multikey,
+  signBeacon,
   signContentOperation,
+  signCountersignature,
   signIdentityOperation,
+  verifyBeacon,
+  verifyBeaconCountersignature,
   verifyContentChain,
+  verifyCountersignature,
   verifyIdentityChain
 };

package/dist/{chunk-LWC4PWGZ.js → chunk-ASGEXSVT.js}

@@ -13,6 +13,7 @@ var MAX_PUBLIC_KEY_MULTIBASE = 128;
 var MAX_CID = 256;
 var MAX_NOTE = 256;
 var MAX_KEYS_PER_ROLE = 16;
+var MAX_DID = 256;
 var MultikeyPublicKey = z.strictObject({
   id: z.string().max(MAX_KEY_ID),
   type: z.literal("Multikey"),
@@ -49,7 +50,7 @@ var IdentityOperation = z.discriminatedUnion("type", [
   IdentityDelete
 ]);
 var VerifiedIdentity = z.strictObject({
-  did: z.string(),
+  did: z.string().max(MAX_DID),
   isDeleted: z.boolean(),
   authKeys: z.array(MultikeyPublicKey).max(MAX_KEYS_PER_ROLE),
   assertKeys: z.array(MultikeyPublicKey).max(MAX_KEYS_PER_ROLE),
@@ -58,21 +59,26 @@ var VerifiedIdentity = z.strictObject({
 var ContentCreate = z.strictObject({
   version: z.literal(1),
   type: z.literal("create"),
+  did: z.string().max(MAX_DID),
   documentCID: CIDString,
+  baseDocumentCID: CIDString.nullable(),
   createdAt: Iso8601,
   note: z.string().max(MAX_NOTE).nullable()
 });
 var ContentUpdate = z.strictObject({
   version: z.literal(1),
   type: z.literal("update"),
+  did: z.string().max(MAX_DID),
   previousOperationCID: CIDString,
   documentCID: CIDString.nullable(),
+  baseDocumentCID: CIDString.nullable(),
   createdAt: Iso8601,
   note: z.string().max(MAX_NOTE).nullable()
 });
 var ContentDelete = z.strictObject({
   version: z.literal(1),
   type: z.literal("delete"),
+  did: z.string().max(MAX_DID),
   previousOperationCID: CIDString,
   createdAt: Iso8601,
   note: z.string().max(MAX_NOTE).nullable()
@@ -82,6 +88,13 @@ var ContentOperation = z.discriminatedUnion("type", [
   ContentUpdate,
   ContentDelete
 ]);
+var BeaconPayload = z.strictObject({
+  version: z.literal(1),
+  type: z.literal("beacon"),
+  did: z.string().max(MAX_DID),
+  merkleRoot: z.string().regex(/^[0-9a-f]{64}$/),
+  createdAt: Iso8601
+});
 
 // src/chain/multikey.ts
 import { base58btc } from "multiformats/bases/base58";
@@ -127,7 +140,7 @@ var deriveChainIdentifier = (cidBytes, prefix) => {
   const id = generateIdNoPrefix({ seed: cidBytes });
   return `${prefix}:${id}`;
 };
-var deriveEntityId = (cidBytes) => {
+var deriveContentId = (cidBytes) => {
   return generateIdNoPrefix({ seed: cidBytes });
 };
 
@@ -164,6 +177,9 @@ var verifyIdentityChain = async (input) => {
       throw new Error(`log[${idx}]: ${messages}`);
     }
     const op = result.data;
+    if (decoded.header.typ !== "did:dfos:identity-op") {
+      throw new Error(`log[${idx}]: invalid typ: ${decoded.header.typ}`);
+    }
     if (state.isDeleted) throw new Error(`log[${idx}]: cannot modify a deleted identity`);
     if (idx === 0 && op.type !== "create") {
       throw new Error(`log[${idx}]: first operation must be create`);
@@ -289,7 +305,7 @@ var signContentOperation = async (input) => {
 var verifyContentChain = async (input) => {
   if (input.log.length === 0) throw new Error("log must have at least one operation");
   const state = {
-    entityId: null,
+    contentId: null,
     genesisCID: null,
     headCID: null,
     isDeleted: false,
@@ -306,6 +322,9 @@ var verifyContentChain = async (input) => {
       throw new Error(`log[${idx}]: ${messages}`);
     }
     const op = result.data;
+    if (decoded.header.typ !== "did:dfos:content-op") {
+      throw new Error(`log[${idx}]: invalid typ: ${decoded.header.typ}`);
+    }
     if (state.isDeleted) throw new Error(`log[${idx}]: cannot extend a deleted chain`);
     if (idx === 0 && op.type !== "create") {
       throw new Error(`log[${idx}]: first operation must be create`);
@@ -323,6 +342,12 @@ var verifyContentChain = async (input) => {
       }
     }
     const kid = decoded.header.kid;
+    const hashIdx = kid.indexOf("#");
+    if (hashIdx < 0) throw new Error(`log[${idx}]: kid must be a DID URL`);
+    const kidDid = kid.substring(0, hashIdx);
+    if (kidDid !== op.did) {
+      throw new Error(`log[${idx}]: kid DID does not match operation did`);
+    }
     const publicKey = await input.resolveKey(kid);
     try {
       verifyJws({ token: jwsToken, publicKey });
@@ -339,7 +364,7 @@ var verifyContentChain = async (input) => {
     }
     if (idx === 0) {
       state.genesisCID = operationCID;
-      state.entityId = deriveEntityId(encoded.cid.bytes);
+      state.contentId = deriveContentId(encoded.cid.bytes);
     }
     state.headCID = operationCID;
     state.previousCID = operationCID;
@@ -358,7 +383,7 @@ var verifyContentChain = async (input) => {
     }
   }
   return {
-    entityId: state.entityId,
+    contentId: state.contentId,
     genesisCID: state.genesisCID,
     headCID: state.headCID,
     isDeleted: state.isDeleted,
@@ -367,19 +392,164 @@ var verifyContentChain = async (input) => {
   };
 };
 
+// src/chain/beacon.ts
+var signBeacon = async (input) => {
+  const encoded = await dagCborCanonicalEncode(input.payload);
+  const beaconCID = encoded.cid.toString();
+  const jwsToken = await createJws({
+    header: { alg: "EdDSA", typ: "did:dfos:beacon", kid: input.kid, cid: beaconCID },
+    payload: input.payload,
+    sign: input.signer
+  });
+  return { jwsToken, beaconCID };
+};
+var MAX_FUTURE_MS = 5 * 60 * 1e3;
+var verifyBeacon = async (input) => {
+  const decoded = decodeJwsUnsafe(input.jwsToken);
+  if (!decoded) throw new Error("failed to decode beacon JWS");
+  const result = BeaconPayload.safeParse(decoded.payload);
+  if (!result.success) {
+    const messages = result.error.issues.map((e) => e.message).join(", ");
+    throw new Error(`invalid beacon payload: ${messages}`);
+  }
+  const payload = result.data;
+  if (decoded.header.typ !== "did:dfos:beacon") {
+    throw new Error(`invalid beacon typ: ${decoded.header.typ}`);
+  }
+  const kid = decoded.header.kid;
+  const hashIdx = kid.indexOf("#");
+  if (hashIdx < 0) throw new Error("beacon kid must be a DID URL");
+  const kidDid = kid.substring(0, hashIdx);
+  if (kidDid !== payload.did) {
+    throw new Error("beacon kid DID does not match payload did");
+  }
+  const publicKey = await input.resolveKey(kid);
+  try {
+    verifyJws({ token: input.jwsToken, publicKey });
+  } catch {
+    throw new Error("invalid beacon signature");
+  }
+  const encoded = await dagCborCanonicalEncode(payload);
+  const beaconCID = encoded.cid.toString();
+  if (!decoded.header.cid) throw new Error("missing cid in beacon header");
+  if (decoded.header.cid !== beaconCID) throw new Error("beacon cid mismatch");
+  const now = input.now ?? Date.now();
+  const beaconTime = new Date(payload.createdAt).getTime();
+  if (beaconTime > now + MAX_FUTURE_MS) {
+    throw new Error("beacon createdAt is too far in the future");
+  }
+  return { payload, beaconCID };
+};
+
+// src/chain/countersign.ts
+var signCountersignature = async (input) => {
+  const encoded = await dagCborCanonicalEncode(input.operationPayload);
+  const operationCID = encoded.cid.toString();
+  const jwsToken = await createJws({
+    header: { alg: "EdDSA", typ: "did:dfos:content-op", kid: input.kid, cid: operationCID },
+    payload: input.operationPayload,
+    sign: input.signer
+  });
+  return { jwsToken, operationCID };
+};
+var verifyCountersignature = async (input) => {
+  const decoded = decodeJwsUnsafe(input.jwsToken);
+  if (!decoded) throw new Error("failed to decode countersignature JWS");
+  if (decoded.header.typ !== "did:dfos:content-op") {
+    throw new Error(`invalid countersignature typ: ${decoded.header.typ}`);
+  }
+  const result = ContentOperation.safeParse(decoded.payload);
+  if (!result.success) {
+    const messages = result.error.issues.map((e) => e.message).join(", ");
+    throw new Error(`invalid operation payload: ${messages}`);
+  }
+  const op = result.data;
+  const encoded = await dagCborCanonicalEncode(op);
+  const operationCID = encoded.cid.toString();
+  if (operationCID !== input.expectedCID) {
+    throw new Error("countersignature CID does not match expected CID");
+  }
+  if (decoded.header.cid !== operationCID) {
+    throw new Error("countersignature header cid mismatch");
+  }
+  const kid = decoded.header.kid;
+  const publicKey = await input.resolveKey(kid);
+  try {
+    verifyJws({ token: input.jwsToken, publicKey });
+  } catch {
+    throw new Error("invalid countersignature");
+  }
+  const hashIdx = kid.indexOf("#");
+  if (hashIdx < 0) throw new Error("countersignature kid must be a DID URL");
+  const witnessDID = kid.substring(0, hashIdx);
+  if (witnessDID === op.did) {
+    throw new Error("countersignature kid DID must differ from operation did (not a witness)");
+  }
+  return {
+    operationCID,
+    authorDID: op.did,
+    witnessDID
+  };
+};
+var verifyBeaconCountersignature = async (input) => {
+  const decoded = decodeJwsUnsafe(input.jwsToken);
+  if (!decoded) throw new Error("failed to decode beacon countersignature JWS");
+  if (decoded.header.typ !== "did:dfos:beacon") {
+    throw new Error(`invalid beacon countersignature typ: ${decoded.header.typ}`);
+  }
+  const result = BeaconPayload.safeParse(decoded.payload);
+  if (!result.success) {
+    const messages = result.error.issues.map((e) => e.message).join(", ");
+    throw new Error(`invalid beacon payload: ${messages}`);
+  }
+  const beacon = result.data;
+  const encoded = await dagCborCanonicalEncode(beacon);
+  const beaconCID = encoded.cid.toString();
+  if (beaconCID !== input.expectedCID) {
+    throw new Error("beacon countersignature CID does not match expected CID");
+  }
+  if (decoded.header.cid !== beaconCID) {
+    throw new Error("beacon countersignature header cid mismatch");
+  }
+  const kid = decoded.header.kid;
+  const publicKey = await input.resolveKey(kid);
+  try {
+    verifyJws({ token: input.jwsToken, publicKey });
+  } catch {
+    throw new Error("invalid beacon countersignature");
+  }
+  const hashIdx = kid.indexOf("#");
+  if (hashIdx < 0) throw new Error("beacon countersignature kid must be a DID URL");
+  const witnessDID = kid.substring(0, hashIdx);
+  if (witnessDID === beacon.did) {
+    throw new Error("beacon countersignature kid DID must differ from beacon did (not a witness)");
+  }
+  return {
+    beaconCID,
+    controllerDID: beacon.did,
+    witnessDID
+  };
+};
+
 export {
   MultikeyPublicKey,
   IdentityOperation,
   VerifiedIdentity,
   ContentOperation,
+  BeaconPayload,
   ED25519_PUB_MULTICODEC,
   ED25519_PRIV_MULTICODEC,
   encodeEd25519Multikey,
   decodeMultikey,
   deriveChainIdentifier,
-  deriveEntityId,
+  deriveContentId,
   signIdentityOperation,
   verifyIdentityChain,
   signContentOperation,
-  verifyContentChain
+  verifyContentChain,
+  signBeacon,
+  verifyBeacon,
+  signCountersignature,
+  verifyCountersignature,
+  verifyBeaconCountersignature
 };

package/dist/chunk-E5CFQG2B.js

@@ -0,0 +1,99 @@
+// src/merkle/tree.ts
+var sha256 = async (data) => {
+  const buf = await crypto.subtle.digest("SHA-256", data);
+  return new Uint8Array(buf);
+};
+var toHex = (bytes) => {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+};
+var hexToBytes = (hex) => {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
+  }
+  return bytes;
+};
+var concat = (a, b) => {
+  const result = new Uint8Array(a.length + b.length);
+  result.set(a, 0);
+  result.set(b, a.length);
+  return result;
+};
+var hashLeaf = async (contentId) => {
+  return sha256(new TextEncoder().encode(contentId));
+};
+var hashInterior = async (left, right) => {
+  return sha256(concat(left, right));
+};
+var buildMerkleTree = async (contentIds) => {
+  const sorted = [...new Set(contentIds)].sort();
+  if (sorted.length === 0) return { root: null, leafCount: 0 };
+  let level = await Promise.all(sorted.map(hashLeaf));
+  while (level.length > 1) {
+    const nextLevel = [];
+    for (let i = 0; i < level.length; i += 2) {
+      if (i + 1 < level.length) {
+        nextLevel.push(await hashInterior(level[i], level[i + 1]));
+      } else {
+        nextLevel.push(level[i]);
+      }
+    }
+    level = nextLevel;
+  }
+  return { root: toHex(level[0]), leafCount: sorted.length };
+};
+
+// src/merkle/proof.ts
+var generateMerkleProof = async (contentIds, targetId) => {
+  const sorted = [...new Set(contentIds)].sort();
+  const targetIdx = sorted.indexOf(targetId);
+  if (targetIdx < 0) return null;
+  const { root } = await buildMerkleTree(sorted);
+  if (!root) return null;
+  const leaves = await Promise.all(sorted.map(hashLeaf));
+  const path = [];
+  let level = leaves;
+  let idx = targetIdx;
+  while (level.length > 1) {
+    const nextLevel = [];
+    const nextIdx = Math.floor(idx / 2);
+    for (let i = 0; i < level.length; i += 2) {
+      if (i + 1 < level.length) {
+        if (i === idx || i + 1 === idx) {
+          const siblingIdx = i === idx ? i + 1 : i;
+          path.push({
+            hash: toHex(level[siblingIdx]),
+            position: siblingIdx < idx ? "left" : "right"
+          });
+        }
+        const interior = await sha256(concat(level[i], level[i + 1]));
+        nextLevel.push(interior);
+      } else {
+        nextLevel.push(level[i]);
+      }
+    }
+    level = nextLevel;
+    idx = nextIdx;
+  }
+  return { contentId: targetId, root, path };
+};
+var verifyMerkleProof = async (proof) => {
+  let current = await hashLeaf(proof.contentId);
+  for (const step of proof.path) {
+    const sibling = hexToBytes(step.hash);
+    if (step.position === "left") {
+      current = await sha256(concat(sibling, current));
+    } else {
+      current = await sha256(concat(current, sibling));
+    }
+  }
+  return toHex(current) === proof.root;
+};
+
+export {
+  hexToBytes,
+  hashLeaf,
+  buildMerkleTree,
+  generateMerkleProof,
+  verifyMerkleProof
+};

package/dist/index.d.ts

@@ -1,8 +1,6 @@
 export { JwsHeader, JwsVerificationError, JwtClaims, JwtCreateOptions, JwtHeader, JwtVerificationError, JwtVerifyOptions, PrefixedID, base64urlDecode, base64urlEncode, createJws, createJwt, createNewEd25519Keypair, dagCborCanonicalEncode, decodeJwsUnsafe, decodeJwtUnsafe, generateId, generateIdNoPrefix, importEd25519Keypair, isCanonicallyEqual, isValidEd25519Signature, isValidId, normalizedId, parseDagCborCID, signPayloadEd25519, verifyJws, verifyJwt } from './crypto/index.js';
-export { ContentOperation, ED25519_PRIV_MULTICODEC, ED25519_PUB_MULTICODEC, IdentityOperation, MultikeyPublicKey, Signer, VerifiedContentChain, VerifiedIdentity, decodeMultikey, deriveChainIdentifier, deriveEntityId, encodeEd25519Multikey, signContentOperation, signIdentityOperation, verifyContentChain, verifyIdentityChain } from './chain/index.js';
-export { ChainStore, EntityOperationsParams, EntityOperationsResponse, IdentityOperationsParams, IdentityOperationsResponse, OperationEntry, PaginationParams, RegistryError, ResolveEntityResponse, ResolveIdentityResponse, ResolveOperationResponse, StoredChain, SubmitContentChainRequest, SubmitContentChainResponse, SubmitIdentityChainRequest, SubmitIdentityChainResponse, createRegistryServer } from './registry/index.js';
+export { BeaconPayload, ContentOperation, ED25519_PRIV_MULTICODEC, ED25519_PUB_MULTICODEC, IdentityOperation, MultikeyPublicKey, Signer, VerifiedBeacon, VerifiedBeaconCountersignature, VerifiedContentChain, VerifiedCountersignature, VerifiedIdentity, decodeMultikey, deriveChainIdentifier, deriveContentId, encodeEd25519Multikey, signBeacon, signContentOperation, signCountersignature, signIdentityOperation, verifyBeacon, verifyBeaconCountersignature, verifyContentChain, verifyCountersignature, verifyIdentityChain } from './chain/index.js';
+export { MerkleProof, buildMerkleTree, generateMerkleProof, hashLeaf, hexToBytes, verifyMerkleProof } from './merkle/index.js';
 import 'multiformats';
 import 'multiformats/cid';
 import 'zod';
-import 'hono/types';
-import 'hono';