@metalabel/dfos-protocol 0.0.3 → 0.1.0

package/README.md

@@ -15,17 +15,17 @@ npm install @metalabel/dfos-protocol
 import { verifyContentChain, verifyIdentityChain } from '@metalabel/dfos-protocol/chain';
 // Crypto primitives
 import { createJws, dagCborCanonicalEncode, verifyJws } from '@metalabel/dfos-protocol/crypto';
-// Reference registry server
-import { createRegistryServer } from '@metalabel/dfos-protocol/registry';
+// Merkle trees
+import { buildMerkleTree, verifyMerkleProof } from '@metalabel/dfos-protocol/merkle';
 ```
 
 ## Subpath Exports
 
-| Export                              | Description                                                         |
-| ----------------------------------- | ------------------------------------------------------------------- |
-| `@metalabel/dfos-protocol/chain`    | Identity and content chain signing, verification, multikey encoding |
-| `@metalabel/dfos-protocol/crypto`   | Ed25519, JWS, JWT, dag-cbor, base64url, ID generation               |
-| `@metalabel/dfos-protocol/registry` | Hono-based registry server, in-memory store, Zod schemas            |
+| Export                            | Description                                                             |
+| --------------------------------- | ----------------------------------------------------------------------- |
+| `@metalabel/dfos-protocol/chain`  | Identity and content chain signing, verification, beacons, countersigns |
+| `@metalabel/dfos-protocol/crypto` | Ed25519, JWS, JWT, dag-cbor, base64url, ID generation                   |
+| `@metalabel/dfos-protocol/merkle` | SHA-256 binary merkle tree, inclusion proofs                            |
 
 ## Specifications
 
@@ -33,9 +33,7 @@ import { createRegistryServer } from '@metalabel/dfos-protocol/registry';
 | -------------------------------------- | -------------------------------------------------------------- |
 | [PROTOCOL.md](./PROTOCOL.md)           | Core protocol — chains, signatures, verification, test vectors |
 | [DID-METHOD.md](./DID-METHOD.md)       | W3C DID method specification for `did:dfos`                    |
-| [CONTENT-MODEL.md](./CONTENT-MODEL.md) | Standard content schemas (post, profile, media)                |
-| [REGISTRY-API.md](./REGISTRY-API.md)   | HTTP API for chain storage and resolution                      |
-| [openapi.yaml](./openapi.yaml)         | OpenAPI 3.1 machine-readable registry spec                     |
+| [CONTENT-MODEL.md](./CONTENT-MODEL.md) | Standard content schemas (post, profile, manifest)             |
 
 ## Examples
 

package/dist/chain/index.d.ts

@@ -77,24 +77,38 @@ type VerifiedIdentity = z.infer<typeof VerifiedIdentity>;
 declare const ContentOperation: z.ZodDiscriminatedUnion<[z.ZodObject<{
     version: z.ZodLiteral<1>;
     type: z.ZodLiteral<"create">;
+    did: z.ZodString;
     documentCID: z.ZodString;
+    baseDocumentCID: z.ZodNullable<z.ZodString>;
     createdAt: z.ZodISODateTime;
     note: z.ZodNullable<z.ZodString>;
 }, z.core.$strict>, z.ZodObject<{
     version: z.ZodLiteral<1>;
     type: z.ZodLiteral<"update">;
+    did: z.ZodString;
     previousOperationCID: z.ZodString;
     documentCID: z.ZodNullable<z.ZodString>;
+    baseDocumentCID: z.ZodNullable<z.ZodString>;
     createdAt: z.ZodISODateTime;
     note: z.ZodNullable<z.ZodString>;
 }, z.core.$strict>, z.ZodObject<{
     version: z.ZodLiteral<1>;
     type: z.ZodLiteral<"delete">;
+    did: z.ZodString;
     previousOperationCID: z.ZodString;
     createdAt: z.ZodISODateTime;
     note: z.ZodNullable<z.ZodString>;
 }, z.core.$strict>], "type">;
 type ContentOperation = z.infer<typeof ContentOperation>;
+/** Beacon: floating signed merkle root announcement */
+declare const BeaconPayload: z.ZodObject<{
+    version: z.ZodLiteral<1>;
+    type: z.ZodLiteral<"beacon">;
+    did: z.ZodString;
+    merkleRoot: z.ZodString;
+    createdAt: z.ZodISODateTime;
+}, z.core.$strict>;
+type BeaconPayload = z.infer<typeof BeaconPayload>;
 
 /** Ed25519 public key multicodec value */
 declare const ED25519_PUB_MULTICODEC = 237;
@@ -193,4 +207,82 @@ declare const verifyContentChain: (input: {
     resolveKey: (kid: string) => Promise<Uint8Array>;
 }) => Promise<VerifiedContentChain>;
 
-export { ContentOperation, ED25519_PRIV_MULTICODEC, ED25519_PUB_MULTICODEC, IdentityOperation, MultikeyPublicKey, type Signer, type VerifiedContentChain, VerifiedIdentity, decodeMultikey, deriveChainIdentifier, deriveContentId, encodeEd25519Multikey, signContentOperation, signIdentityOperation, verifyContentChain, verifyIdentityChain };
+/**
+ * Sign a beacon announcement as a JWS
+ */
+declare const signBeacon: (input: {
+    payload: BeaconPayload;
+    signer: Signer;
+    kid: string;
+}) => Promise<{
+    jwsToken: string;
+    beaconCID: string;
+}>;
+interface VerifiedBeacon {
+    payload: BeaconPayload;
+    beaconCID: string;
+}
+/**
+ * Verify a beacon JWS — signature, CID, payload schema, clock skew
+ */
+declare const verifyBeacon: (input: {
+    jwsToken: string;
+    resolveKey: (kid: string) => Promise<Uint8Array>;
+    /** Current time for clock skew check (defaults to Date.now()) */
+    now?: number;
+}) => Promise<VerifiedBeacon>;
+
+/**
+ * Sign an existing content operation as a countersignature (witness JWS)
+ *
+ * The witness signs the same payload as the author, producing a different
+ * JWS token with their own kid. The CID is identical because the payload
+ * is identical.
+ */
+declare const signCountersignature: (input: {
+    /** The original operation payload (must include did of the author) */
+    operationPayload: ContentOperation;
+    /** Witness signer */
+    signer: Signer;
+    /** Witness kid — DID URL of the witness (must differ from payload.did) */
+    kid: string;
+}) => Promise<{
+    jwsToken: string;
+    operationCID: string;
+}>;
+interface VerifiedCountersignature {
+    operationCID: string;
+    /** The DID that authored the operation (payload.did) */
+    authorDID: string;
+    /** The DID that witnessed the operation (kid DID) */
+    witnessDID: string;
+}
+/**
+ * Verify a countersignature JWS against an expected operation CID
+ *
+ * Checks: valid signature, CID matches, kid DID differs from payload did
+ */
+declare const verifyCountersignature: (input: {
+    jwsToken: string;
+    expectedCID: string;
+    resolveKey: (kid: string) => Promise<Uint8Array>;
+}) => Promise<VerifiedCountersignature>;
+interface VerifiedBeaconCountersignature {
+    beaconCID: string;
+    /** The DID that controls the beacon (payload.did) */
+    controllerDID: string;
+    /** The DID that witnessed the beacon (kid DID) */
+    witnessDID: string;
+}
+/**
+ * Verify a beacon countersignature JWS against an expected beacon CID
+ *
+ * Checks: valid signature, CID matches, kid DID differs from payload did
+ */
+declare const verifyBeaconCountersignature: (input: {
+    jwsToken: string;
+    expectedCID: string;
+    resolveKey: (kid: string) => Promise<Uint8Array>;
+}) => Promise<VerifiedBeaconCountersignature>;
+
+export { BeaconPayload, ContentOperation, ED25519_PRIV_MULTICODEC, ED25519_PUB_MULTICODEC, IdentityOperation, MultikeyPublicKey, type Signer, type VerifiedBeacon, type VerifiedBeaconCountersignature, type VerifiedContentChain, type VerifiedCountersignature, VerifiedIdentity, decodeMultikey, deriveChainIdentifier, deriveContentId, encodeEd25519Multikey, signBeacon, signContentOperation, signCountersignature, signIdentityOperation, verifyBeacon, verifyBeaconCountersignature, verifyContentChain, verifyCountersignature, verifyIdentityChain };

package/dist/chain/index.js

@@ -1,4 +1,5 @@
 import {
+  BeaconPayload,
   ContentOperation,
   ED25519_PRIV_MULTICODEC,
   ED25519_PUB_MULTICODEC,
@@ -9,13 +10,19 @@ import {
   deriveChainIdentifier,
   deriveContentId,
   encodeEd25519Multikey,
+  signBeacon,
   signContentOperation,
+  signCountersignature,
   signIdentityOperation,
+  verifyBeacon,
+  verifyBeaconCountersignature,
   verifyContentChain,
+  verifyCountersignature,
   verifyIdentityChain
-} from "../chunk-VEBMLR37.js";
+} from "../chunk-ASGEXSVT.js";
 import "../chunk-ZXXP5W5N.js";
 export {
+  BeaconPayload,
   ContentOperation,
   ED25519_PRIV_MULTICODEC,
   ED25519_PUB_MULTICODEC,
@@ -26,8 +33,13 @@ export {
   deriveChainIdentifier,
   deriveContentId,
   encodeEd25519Multikey,
+  signBeacon,
   signContentOperation,
+  signCountersignature,
   signIdentityOperation,
+  verifyBeacon,
+  verifyBeaconCountersignature,
   verifyContentChain,
+  verifyCountersignature,
   verifyIdentityChain
 };

package/dist/{chunk-VEBMLR37.js → chunk-ASGEXSVT.js}

@@ -13,6 +13,7 @@ var MAX_PUBLIC_KEY_MULTIBASE = 128;
 var MAX_CID = 256;
 var MAX_NOTE = 256;
 var MAX_KEYS_PER_ROLE = 16;
+var MAX_DID = 256;
 var MultikeyPublicKey = z.strictObject({
   id: z.string().max(MAX_KEY_ID),
   type: z.literal("Multikey"),
@@ -49,7 +50,7 @@ var IdentityOperation = z.discriminatedUnion("type", [
   IdentityDelete
 ]);
 var VerifiedIdentity = z.strictObject({
-  did: z.string(),
+  did: z.string().max(MAX_DID),
   isDeleted: z.boolean(),
   authKeys: z.array(MultikeyPublicKey).max(MAX_KEYS_PER_ROLE),
   assertKeys: z.array(MultikeyPublicKey).max(MAX_KEYS_PER_ROLE),
@@ -58,21 +59,26 @@ var VerifiedIdentity = z.strictObject({
 var ContentCreate = z.strictObject({
   version: z.literal(1),
   type: z.literal("create"),
+  did: z.string().max(MAX_DID),
   documentCID: CIDString,
+  baseDocumentCID: CIDString.nullable(),
   createdAt: Iso8601,
   note: z.string().max(MAX_NOTE).nullable()
 });
 var ContentUpdate = z.strictObject({
   version: z.literal(1),
   type: z.literal("update"),
+  did: z.string().max(MAX_DID),
   previousOperationCID: CIDString,
   documentCID: CIDString.nullable(),
+  baseDocumentCID: CIDString.nullable(),
   createdAt: Iso8601,
   note: z.string().max(MAX_NOTE).nullable()
 });
 var ContentDelete = z.strictObject({
   version: z.literal(1),
   type: z.literal("delete"),
+  did: z.string().max(MAX_DID),
   previousOperationCID: CIDString,
   createdAt: Iso8601,
   note: z.string().max(MAX_NOTE).nullable()
@@ -82,6 +88,13 @@ var ContentOperation = z.discriminatedUnion("type", [
   ContentUpdate,
   ContentDelete
 ]);
+var BeaconPayload = z.strictObject({
+  version: z.literal(1),
+  type: z.literal("beacon"),
+  did: z.string().max(MAX_DID),
+  merkleRoot: z.string().regex(/^[0-9a-f]{64}$/),
+  createdAt: Iso8601
+});
 
 // src/chain/multikey.ts
 import { base58btc } from "multiformats/bases/base58";
@@ -164,6 +177,9 @@ var verifyIdentityChain = async (input) => {
       throw new Error(`log[${idx}]: ${messages}`);
     }
     const op = result.data;
+    if (decoded.header.typ !== "did:dfos:identity-op") {
+      throw new Error(`log[${idx}]: invalid typ: ${decoded.header.typ}`);
+    }
     if (state.isDeleted) throw new Error(`log[${idx}]: cannot modify a deleted identity`);
     if (idx === 0 && op.type !== "create") {
       throw new Error(`log[${idx}]: first operation must be create`);
@@ -306,6 +322,9 @@ var verifyContentChain = async (input) => {
       throw new Error(`log[${idx}]: ${messages}`);
     }
     const op = result.data;
+    if (decoded.header.typ !== "did:dfos:content-op") {
+      throw new Error(`log[${idx}]: invalid typ: ${decoded.header.typ}`);
+    }
     if (state.isDeleted) throw new Error(`log[${idx}]: cannot extend a deleted chain`);
     if (idx === 0 && op.type !== "create") {
       throw new Error(`log[${idx}]: first operation must be create`);
@@ -323,6 +342,12 @@ var verifyContentChain = async (input) => {
       }
     }
     const kid = decoded.header.kid;
+    const hashIdx = kid.indexOf("#");
+    if (hashIdx < 0) throw new Error(`log[${idx}]: kid must be a DID URL`);
+    const kidDid = kid.substring(0, hashIdx);
+    if (kidDid !== op.did) {
+      throw new Error(`log[${idx}]: kid DID does not match operation did`);
+    }
     const publicKey = await input.resolveKey(kid);
     try {
       verifyJws({ token: jwsToken, publicKey });
@@ -367,11 +392,151 @@ var verifyContentChain = async (input) => {
   };
 };
 
+// src/chain/beacon.ts
+var signBeacon = async (input) => {
+  const encoded = await dagCborCanonicalEncode(input.payload);
+  const beaconCID = encoded.cid.toString();
+  const jwsToken = await createJws({
+    header: { alg: "EdDSA", typ: "did:dfos:beacon", kid: input.kid, cid: beaconCID },
+    payload: input.payload,
+    sign: input.signer
+  });
+  return { jwsToken, beaconCID };
+};
+var MAX_FUTURE_MS = 5 * 60 * 1e3;
+var verifyBeacon = async (input) => {
+  const decoded = decodeJwsUnsafe(input.jwsToken);
+  if (!decoded) throw new Error("failed to decode beacon JWS");
+  const result = BeaconPayload.safeParse(decoded.payload);
+  if (!result.success) {
+    const messages = result.error.issues.map((e) => e.message).join(", ");
+    throw new Error(`invalid beacon payload: ${messages}`);
+  }
+  const payload = result.data;
+  if (decoded.header.typ !== "did:dfos:beacon") {
+    throw new Error(`invalid beacon typ: ${decoded.header.typ}`);
+  }
+  const kid = decoded.header.kid;
+  const hashIdx = kid.indexOf("#");
+  if (hashIdx < 0) throw new Error("beacon kid must be a DID URL");
+  const kidDid = kid.substring(0, hashIdx);
+  if (kidDid !== payload.did) {
+    throw new Error("beacon kid DID does not match payload did");
+  }
+  const publicKey = await input.resolveKey(kid);
+  try {
+    verifyJws({ token: input.jwsToken, publicKey });
+  } catch {
+    throw new Error("invalid beacon signature");
+  }
+  const encoded = await dagCborCanonicalEncode(payload);
+  const beaconCID = encoded.cid.toString();
+  if (!decoded.header.cid) throw new Error("missing cid in beacon header");
+  if (decoded.header.cid !== beaconCID) throw new Error("beacon cid mismatch");
+  const now = input.now ?? Date.now();
+  const beaconTime = new Date(payload.createdAt).getTime();
+  if (beaconTime > now + MAX_FUTURE_MS) {
+    throw new Error("beacon createdAt is too far in the future");
+  }
+  return { payload, beaconCID };
+};
+
+// src/chain/countersign.ts
+var signCountersignature = async (input) => {
+  const encoded = await dagCborCanonicalEncode(input.operationPayload);
+  const operationCID = encoded.cid.toString();
+  const jwsToken = await createJws({
+    header: { alg: "EdDSA", typ: "did:dfos:content-op", kid: input.kid, cid: operationCID },
+    payload: input.operationPayload,
+    sign: input.signer
+  });
+  return { jwsToken, operationCID };
+};
+var verifyCountersignature = async (input) => {
+  const decoded = decodeJwsUnsafe(input.jwsToken);
+  if (!decoded) throw new Error("failed to decode countersignature JWS");
+  if (decoded.header.typ !== "did:dfos:content-op") {
+    throw new Error(`invalid countersignature typ: ${decoded.header.typ}`);
+  }
+  const result = ContentOperation.safeParse(decoded.payload);
+  if (!result.success) {
+    const messages = result.error.issues.map((e) => e.message).join(", ");
+    throw new Error(`invalid operation payload: ${messages}`);
+  }
+  const op = result.data;
+  const encoded = await dagCborCanonicalEncode(op);
+  const operationCID = encoded.cid.toString();
+  if (operationCID !== input.expectedCID) {
+    throw new Error("countersignature CID does not match expected CID");
+  }
+  if (decoded.header.cid !== operationCID) {
+    throw new Error("countersignature header cid mismatch");
+  }
+  const kid = decoded.header.kid;
+  const publicKey = await input.resolveKey(kid);
+  try {
+    verifyJws({ token: input.jwsToken, publicKey });
+  } catch {
+    throw new Error("invalid countersignature");
+  }
+  const hashIdx = kid.indexOf("#");
+  if (hashIdx < 0) throw new Error("countersignature kid must be a DID URL");
+  const witnessDID = kid.substring(0, hashIdx);
+  if (witnessDID === op.did) {
+    throw new Error("countersignature kid DID must differ from operation did (not a witness)");
+  }
+  return {
+    operationCID,
+    authorDID: op.did,
+    witnessDID
+  };
+};
+var verifyBeaconCountersignature = async (input) => {
+  const decoded = decodeJwsUnsafe(input.jwsToken);
+  if (!decoded) throw new Error("failed to decode beacon countersignature JWS");
+  if (decoded.header.typ !== "did:dfos:beacon") {
+    throw new Error(`invalid beacon countersignature typ: ${decoded.header.typ}`);
+  }
+  const result = BeaconPayload.safeParse(decoded.payload);
+  if (!result.success) {
+    const messages = result.error.issues.map((e) => e.message).join(", ");
+    throw new Error(`invalid beacon payload: ${messages}`);
+  }
+  const beacon = result.data;
+  const encoded = await dagCborCanonicalEncode(beacon);
+  const beaconCID = encoded.cid.toString();
+  if (beaconCID !== input.expectedCID) {
+    throw new Error("beacon countersignature CID does not match expected CID");
+  }
+  if (decoded.header.cid !== beaconCID) {
+    throw new Error("beacon countersignature header cid mismatch");
+  }
+  const kid = decoded.header.kid;
+  const publicKey = await input.resolveKey(kid);
+  try {
+    verifyJws({ token: input.jwsToken, publicKey });
+  } catch {
+    throw new Error("invalid beacon countersignature");
+  }
+  const hashIdx = kid.indexOf("#");
+  if (hashIdx < 0) throw new Error("beacon countersignature kid must be a DID URL");
+  const witnessDID = kid.substring(0, hashIdx);
+  if (witnessDID === beacon.did) {
+    throw new Error("beacon countersignature kid DID must differ from beacon did (not a witness)");
+  }
+  return {
+    beaconCID,
+    controllerDID: beacon.did,
+    witnessDID
+  };
+};
+
 export {
   MultikeyPublicKey,
   IdentityOperation,
   VerifiedIdentity,
   ContentOperation,
+  BeaconPayload,
   ED25519_PUB_MULTICODEC,
   ED25519_PRIV_MULTICODEC,
   encodeEd25519Multikey,
@@ -381,5 +546,10 @@ export {
   signIdentityOperation,
   verifyIdentityChain,
   signContentOperation,
-  verifyContentChain
+  verifyContentChain,
+  signBeacon,
+  verifyBeacon,
+  signCountersignature,
+  verifyCountersignature,
+  verifyBeaconCountersignature
 };

package/dist/chunk-E5CFQG2B.js

@@ -0,0 +1,99 @@
+// src/merkle/tree.ts
+var sha256 = async (data) => {
+  const buf = await crypto.subtle.digest("SHA-256", data);
+  return new Uint8Array(buf);
+};
+var toHex = (bytes) => {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+};
+var hexToBytes = (hex) => {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
+  }
+  return bytes;
+};
+var concat = (a, b) => {
+  const result = new Uint8Array(a.length + b.length);
+  result.set(a, 0);
+  result.set(b, a.length);
+  return result;
+};
+var hashLeaf = async (contentId) => {
+  return sha256(new TextEncoder().encode(contentId));
+};
+var hashInterior = async (left, right) => {
+  return sha256(concat(left, right));
+};
+var buildMerkleTree = async (contentIds) => {
+  const sorted = [...new Set(contentIds)].sort();
+  if (sorted.length === 0) return { root: null, leafCount: 0 };
+  let level = await Promise.all(sorted.map(hashLeaf));
+  while (level.length > 1) {
+    const nextLevel = [];
+    for (let i = 0; i < level.length; i += 2) {
+      if (i + 1 < level.length) {
+        nextLevel.push(await hashInterior(level[i], level[i + 1]));
+      } else {
+        nextLevel.push(level[i]);
+      }
+    }
+    level = nextLevel;
+  }
+  return { root: toHex(level[0]), leafCount: sorted.length };
+};
+
+// src/merkle/proof.ts
+var generateMerkleProof = async (contentIds, targetId) => {
+  const sorted = [...new Set(contentIds)].sort();
+  const targetIdx = sorted.indexOf(targetId);
+  if (targetIdx < 0) return null;
+  const { root } = await buildMerkleTree(sorted);
+  if (!root) return null;
+  const leaves = await Promise.all(sorted.map(hashLeaf));
+  const path = [];
+  let level = leaves;
+  let idx = targetIdx;
+  while (level.length > 1) {
+    const nextLevel = [];
+    const nextIdx = Math.floor(idx / 2);
+    for (let i = 0; i < level.length; i += 2) {
+      if (i + 1 < level.length) {
+        if (i === idx || i + 1 === idx) {
+          const siblingIdx = i === idx ? i + 1 : i;
+          path.push({
+            hash: toHex(level[siblingIdx]),
+            position: siblingIdx < idx ? "left" : "right"
+          });
+        }
+        const interior = await sha256(concat(level[i], level[i + 1]));
+        nextLevel.push(interior);
+      } else {
+        nextLevel.push(level[i]);
+      }
+    }
+    level = nextLevel;
+    idx = nextIdx;
+  }
+  return { contentId: targetId, root, path };
+};
+var verifyMerkleProof = async (proof) => {
+  let current = await hashLeaf(proof.contentId);
+  for (const step of proof.path) {
+    const sibling = hexToBytes(step.hash);
+    if (step.position === "left") {
+      current = await sha256(concat(sibling, current));
+    } else {
+      current = await sha256(concat(current, sibling));
+    }
+  }
+  return toHex(current) === proof.root;
+};
+
+export {
+  hexToBytes,
+  hashLeaf,
+  buildMerkleTree,
+  generateMerkleProof,
+  verifyMerkleProof
+};

package/dist/index.d.ts

@@ -1,8 +1,6 @@
 export { JwsHeader, JwsVerificationError, JwtClaims, JwtCreateOptions, JwtHeader, JwtVerificationError, JwtVerifyOptions, PrefixedID, base64urlDecode, base64urlEncode, createJws, createJwt, createNewEd25519Keypair, dagCborCanonicalEncode, decodeJwsUnsafe, decodeJwtUnsafe, generateId, generateIdNoPrefix, importEd25519Keypair, isCanonicallyEqual, isValidEd25519Signature, isValidId, normalizedId, parseDagCborCID, signPayloadEd25519, verifyJws, verifyJwt } from './crypto/index.js';
-export { ContentOperation, ED25519_PRIV_MULTICODEC, ED25519_PUB_MULTICODEC, IdentityOperation, MultikeyPublicKey, Signer, VerifiedContentChain, VerifiedIdentity, decodeMultikey, deriveChainIdentifier, deriveContentId, encodeEd25519Multikey, signContentOperation, signIdentityOperation, verifyContentChain, verifyIdentityChain } from './chain/index.js';
-export { ChainStore, ContentOperationsParams, ContentOperationsResponse, IdentityOperationsParams, IdentityOperationsResponse, OperationEntry, PaginationParams, RegistryError, ResolveContentResponse, ResolveIdentityResponse, ResolveOperationResponse, StoredChain, SubmitContentChainRequest, SubmitContentChainResponse, SubmitIdentityChainRequest, SubmitIdentityChainResponse, createRegistryServer } from './registry/index.js';
+export { BeaconPayload, ContentOperation, ED25519_PRIV_MULTICODEC, ED25519_PUB_MULTICODEC, IdentityOperation, MultikeyPublicKey, Signer, VerifiedBeacon, VerifiedBeaconCountersignature, VerifiedContentChain, VerifiedCountersignature, VerifiedIdentity, decodeMultikey, deriveChainIdentifier, deriveContentId, encodeEd25519Multikey, signBeacon, signContentOperation, signCountersignature, signIdentityOperation, verifyBeacon, verifyBeaconCountersignature, verifyContentChain, verifyCountersignature, verifyIdentityChain } from './chain/index.js';
+export { MerkleProof, buildMerkleTree, generateMerkleProof, hashLeaf, hexToBytes, verifyMerkleProof } from './merkle/index.js';
 import 'multiformats';
 import 'multiformats/cid';
 import 'zod';
-import 'hono/types';
-import 'hono';

package/dist/index.js

@@ -1,20 +1,5 @@
 import {
-  ChainStore,
-  ContentOperationsParams,
-  ContentOperationsResponse,
-  IdentityOperationsParams,
-  IdentityOperationsResponse,
-  RegistryError,
-  ResolveContentResponse,
-  ResolveIdentityResponse,
-  ResolveOperationResponse,
-  SubmitContentChainRequest,
-  SubmitContentChainResponse,
-  SubmitIdentityChainRequest,
-  SubmitIdentityChainResponse,
-  createRegistryServer
-} from "./chunk-U6DANYPT.js";
-import {
+  BeaconPayload,
   ContentOperation,
   ED25519_PRIV_MULTICODEC,
   ED25519_PUB_MULTICODEC,
@@ -25,11 +10,16 @@ import {
   deriveChainIdentifier,
   deriveContentId,
   encodeEd25519Multikey,
+  signBeacon,
   signContentOperation,
+  signCountersignature,
   signIdentityOperation,
+  verifyBeacon,
+  verifyBeaconCountersignature,
   verifyContentChain,
+  verifyCountersignature,
   verifyIdentityChain
-} from "./chunk-VEBMLR37.js";
+} from "./chunk-ASGEXSVT.js";
 import {
   JwsVerificationError,
   JwtVerificationError,
@@ -53,34 +43,29 @@ import {
   verifyJws,
   verifyJwt
 } from "./chunk-ZXXP5W5N.js";
+import {
+  buildMerkleTree,
+  generateMerkleProof,
+  hashLeaf,
+  hexToBytes,
+  verifyMerkleProof
+} from "./chunk-E5CFQG2B.js";
 export {
-  ChainStore,
+  BeaconPayload,
   ContentOperation,
-  ContentOperationsParams,
-  ContentOperationsResponse,
   ED25519_PRIV_MULTICODEC,
   ED25519_PUB_MULTICODEC,
   IdentityOperation,
-  IdentityOperationsParams,
-  IdentityOperationsResponse,
   JwsVerificationError,
   JwtVerificationError,
   MultikeyPublicKey,
-  RegistryError,
-  ResolveContentResponse,
-  ResolveIdentityResponse,
-  ResolveOperationResponse,
-  SubmitContentChainRequest,
-  SubmitContentChainResponse,
-  SubmitIdentityChainRequest,
-  SubmitIdentityChainResponse,
   VerifiedIdentity,
   base64urlDecode,
   base64urlEncode,
+  buildMerkleTree,
   createJws,
   createJwt,
   createNewEd25519Keypair,
-  createRegistryServer,
   dagCborCanonicalEncode,
   decodeJwsUnsafe,
   decodeJwtUnsafe,
@@ -90,17 +75,26 @@ export {
   encodeEd25519Multikey,
   generateId,
   generateIdNoPrefix,
+  generateMerkleProof,
+  hashLeaf,
+  hexToBytes,
   importEd25519Keypair,
   isCanonicallyEqual,
   isValidEd25519Signature,
   isValidId,
   normalizedId,
   parseDagCborCID,
+  signBeacon,
   signContentOperation,
+  signCountersignature,
   signIdentityOperation,
   signPayloadEd25519,
+  verifyBeacon,
+  verifyBeaconCountersignature,
   verifyContentChain,
+  verifyCountersignature,
   verifyIdentityChain,
   verifyJws,
-  verifyJwt
+  verifyJwt,
+  verifyMerkleProof
 };