@metalabel/dfos-protocol 0.10.0 → 0.12.0

package/dist/index.js

@@ -1,30 +1,40 @@
 import {
+  ARTIFACT_CID_ANCHOR_RE,
   ArtifactPayload,
-  BeaconPayload,
+  CONTENT_ID_ANCHOR_RE,
   ContentOperation,
   CountersignPayload,
   IdentityOperation,
   MAX_ARTIFACT_PAYLOAD_SIZE,
+  MAX_OPERATION_SIZE,
+  MAX_SERVICES_ENTRIES,
+  MAX_SERVICES_PAYLOAD_SIZE,
   MultikeyPublicKey,
+  RECOGNIZED_SERVICE_TYPES,
   RevocationPayload,
+  ServiceEntry,
+  ServicesArray,
   VerifiedIdentity,
+  anchorsByLabel,
+  assertServicesWithinCap,
+  classifyAnchor,
   deriveChainIdentifier,
   deriveContentId,
+  isRecognizedServiceType,
+  relayEndpoints,
   signArtifact,
-  signBeacon,
   signContentOperation,
   signCountersignature,
   signIdentityOperation,
   signRevocation,
   verifyArtifact,
-  verifyBeacon,
   verifyContentChain,
   verifyContentExtensionFromTrustedState,
   verifyCountersignature,
   verifyIdentityChain,
   verifyIdentityExtensionFromTrustedState,
   verifyRevocation
-} from "./chunk-GZ7ZAIRD.js";
+} from "./chunk-J5C4OXL4.js";
 import {
   Attenuation,
   AuthTokenClaims,
@@ -33,6 +43,7 @@ import {
   DFOSCredentialPayload,
   ED25519_PRIV_MULTICODEC,
   ED25519_PUB_MULTICODEC,
+  MAX_CREDENTIAL_SIZE,
   createAuthToken,
   createDFOSCredential,
   decodeDFOSCredentialUnsafe,
@@ -43,7 +54,7 @@ import {
   verifyAuthToken,
   verifyDFOSCredential,
   verifyDelegationChain
-} from "./chunk-LQFOBE6X.js";
+} from "./chunk-J3XXF6F5.js";
 import {
   JwsVerificationError,
   JwtVerificationError,
@@ -67,13 +78,14 @@ import {
   signPayloadEd25519,
   verifyJws,
   verifyJwt
-} from "./chunk-GQOZJKKO.js";
+} from "./chunk-4QQ5HK5M.js";
 export {
+  ARTIFACT_CID_ANCHOR_RE,
   ArtifactPayload,
   Attenuation,
   AuthTokenClaims,
   AuthTokenVerificationError,
-  BeaconPayload,
+  CONTENT_ID_ANCHOR_RE,
   ContentOperation,
   CountersignPayload,
   CredentialVerificationError,
@@ -84,12 +96,22 @@ export {
   JwsVerificationError,
   JwtVerificationError,
   MAX_ARTIFACT_PAYLOAD_SIZE,
+  MAX_CREDENTIAL_SIZE,
+  MAX_OPERATION_SIZE,
+  MAX_SERVICES_ENTRIES,
+  MAX_SERVICES_PAYLOAD_SIZE,
   MultikeyPublicKey,
+  RECOGNIZED_SERVICE_TYPES,
   RevocationPayload,
+  ServiceEntry,
+  ServicesArray,
   VerifiedIdentity,
+  anchorsByLabel,
   assertJwsProfile,
+  assertServicesWithinCap,
   base64urlDecode,
   base64urlEncode,
+  classifyAnchor,
   createAuthToken,
   createDFOSCredential,
   createJws,
@@ -108,13 +130,14 @@ export {
   importEd25519Keypair,
   isAttenuated,
   isCanonicallyEqual,
+  isRecognizedServiceType,
   isValidEd25519Signature,
   isValidId,
   matchesResource,
   normalizedId,
   parseDagCborCID,
+  relayEndpoints,
   signArtifact,
-  signBeacon,
   signContentOperation,
   signCountersignature,
   signIdentityOperation,
@@ -122,7 +145,6 @@ export {
   signRevocation,
   verifyArtifact,
   verifyAuthToken,
-  verifyBeacon,
   verifyContentChain,
   verifyContentExtensionFromTrustedState,
   verifyCountersignature,

package/dist/schemas-Bb_9P8_s.d.ts

@@ -0,0 +1,213 @@
+import { z } from 'zod';
+
+/** Function that signs a byte array and returns a signature */
+type Signer = (message: Uint8Array) => Promise<Uint8Array>;
+/**
+ * Max number of service entries in an identity's services state — a generous
+ * cardinality ceiling on resolution fan-out. Individual entry fields are NOT
+ * separately length-capped (no per-field length zoo): the aggregate byte cap
+ * below, plus the operation-size cap, bound entry size. The op-size cap is the
+ * real arbiter when services and keys are both large.
+ */
+declare const MAX_SERVICES_ENTRIES = 256;
+/**
+ * Max CBOR-encoded size of the services array (bytes) — the SINGLE aggregate that
+ * bounds the services manifest, replacing the former per-field length caps (the
+ * same collapse the op-size cap applied at the operation level). Sized so the
+ * 256-entry ceiling is genuinely reachable with realistic entries.
+ */
+declare const MAX_SERVICES_PAYLOAD_SIZE = 32768;
+/**
+ * Max dag-cbor-encoded size of a single protocol operation payload (bytes) — the
+ * one aggregate validity bound on operation size, measured over the exact bytes
+ * the CID commits to. Generously set (64 KiB) so it never binds a legitimate
+ * proof-layer operation while bounding decode/verify cost (a DoS + determinism
+ * invariant). This is a VALIDITY-determining cap: it MUST be identical across
+ * implementations. Large binary media does NOT travel in operation payloads —
+ * it is referenced, not inlined — so this bound is about proof-layer ops only.
+ */
+declare const MAX_OPERATION_SIZE = 65536;
+declare const MultikeyPublicKey: z.ZodObject<{
+    id: z.ZodString;
+    type: z.ZodLiteral<"Multikey">;
+    publicKeyMultibase: z.ZodString;
+}, z.core.$loose>;
+type MultikeyPublicKey = z.infer<typeof MultikeyPublicKey>;
+/**
+ * Anchor target shapes — a ContentAnchor references a STABLE content
+ * identifier, dispatched by structural form:
+ *   - 31-char contentId (content chain) → mutable, gateable
+ *   - CIDv1 base32 (artifact)           → immutable, public
+ * Both are stable; a chain HEAD CID (also base32 but resolves to a non-artifact
+ * op) is rejected by the shape-dispatch + resolution type check, never anchored.
+ */
+declare const CONTENT_ID_ANCHOR_RE: RegExp;
+declare const ARTIFACT_CID_ANCHOR_RE: RegExp;
+/**
+ * Service entry — discovery vocabulary in identity-chain state.
+ *
+ * Open namespace: `type` is an arbitrary bounded string. Recognized types
+ * (`DfosRelay`, `ContentAnchor`) are structurally validated; UNRECOGNIZED types
+ * are preserved verbatim and ignored (MUST-ignore-unknown) — only the common
+ * envelope (id + type) and the byte cap apply. New service types therefore
+ * never require a protocol/cross-language change.
+ */
+declare const ServiceEntry: z.ZodObject<{
+    id: z.ZodString;
+    type: z.ZodString;
+}, z.core.$catchall<z.ZodUnknown>>;
+type ServiceEntry = z.infer<typeof ServiceEntry>;
+/** Identity services state — full-state, bounded, unique entry ids */
+declare const ServicesArray: z.ZodArray<z.ZodObject<{
+    id: z.ZodString;
+    type: z.ZodString;
+}, z.core.$catchall<z.ZodUnknown>>>;
+type ServicesArray = z.infer<typeof ServicesArray>;
+declare const IdentityOperation: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    version: z.ZodLiteral<1>;
+    type: z.ZodLiteral<"create">;
+    authKeys: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodLiteral<"Multikey">;
+        publicKeyMultibase: z.ZodString;
+    }, z.core.$loose>>;
+    assertKeys: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodLiteral<"Multikey">;
+        publicKeyMultibase: z.ZodString;
+    }, z.core.$loose>>;
+    controllerKeys: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodLiteral<"Multikey">;
+        publicKeyMultibase: z.ZodString;
+    }, z.core.$loose>>;
+    services: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodString;
+    }, z.core.$catchall<z.ZodUnknown>>>>;
+    createdAt: z.ZodISODateTime;
+}, z.core.$loose>, z.ZodObject<{
+    version: z.ZodLiteral<1>;
+    type: z.ZodLiteral<"update">;
+    previousOperationCID: z.ZodString;
+    authKeys: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodLiteral<"Multikey">;
+        publicKeyMultibase: z.ZodString;
+    }, z.core.$loose>>;
+    assertKeys: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodLiteral<"Multikey">;
+        publicKeyMultibase: z.ZodString;
+    }, z.core.$loose>>;
+    controllerKeys: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodLiteral<"Multikey">;
+        publicKeyMultibase: z.ZodString;
+    }, z.core.$loose>>;
+    services: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodString;
+    }, z.core.$catchall<z.ZodUnknown>>>>;
+    createdAt: z.ZodISODateTime;
+}, z.core.$loose>, z.ZodObject<{
+    version: z.ZodLiteral<1>;
+    type: z.ZodLiteral<"delete">;
+    previousOperationCID: z.ZodString;
+    createdAt: z.ZodISODateTime;
+}, z.core.$loose>], "type">;
+type IdentityOperation = z.infer<typeof IdentityOperation>;
+declare const VerifiedIdentity: z.ZodObject<{
+    did: z.ZodString;
+    isDeleted: z.ZodBoolean;
+    authKeys: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodLiteral<"Multikey">;
+        publicKeyMultibase: z.ZodString;
+    }, z.core.$loose>>;
+    assertKeys: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodLiteral<"Multikey">;
+        publicKeyMultibase: z.ZodString;
+    }, z.core.$loose>>;
+    controllerKeys: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodLiteral<"Multikey">;
+        publicKeyMultibase: z.ZodString;
+    }, z.core.$loose>>;
+    services: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodString;
+    }, z.core.$catchall<z.ZodUnknown>>>;
+}, z.core.$strict>;
+type VerifiedIdentity = z.infer<typeof VerifiedIdentity>;
+declare const ContentOperation: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    version: z.ZodLiteral<1>;
+    type: z.ZodLiteral<"create">;
+    did: z.ZodString;
+    documentCID: z.ZodString;
+    baseDocumentCID: z.ZodNullable<z.ZodString>;
+    createdAt: z.ZodISODateTime;
+    note: z.ZodNullable<z.ZodString>;
+}, z.core.$loose>, z.ZodObject<{
+    version: z.ZodLiteral<1>;
+    type: z.ZodLiteral<"update">;
+    did: z.ZodString;
+    previousOperationCID: z.ZodString;
+    documentCID: z.ZodNullable<z.ZodString>;
+    baseDocumentCID: z.ZodNullable<z.ZodString>;
+    createdAt: z.ZodISODateTime;
+    note: z.ZodNullable<z.ZodString>;
+    authorization: z.ZodOptional<z.ZodString>;
+}, z.core.$loose>, z.ZodObject<{
+    version: z.ZodLiteral<1>;
+    type: z.ZodLiteral<"delete">;
+    did: z.ZodString;
+    previousOperationCID: z.ZodString;
+    createdAt: z.ZodISODateTime;
+    note: z.ZodNullable<z.ZodString>;
+    authorization: z.ZodOptional<z.ZodString>;
+}, z.core.$loose>], "type">;
+type ContentOperation = z.infer<typeof ContentOperation>;
+/** Max CBOR-encoded payload size for artifacts (bytes) — protocol constant */
+declare const MAX_ARTIFACT_PAYLOAD_SIZE = 16384;
+/** Artifact: standalone signed inline document, immutable, CID-addressable */
+declare const ArtifactPayload: z.ZodObject<{
+    version: z.ZodLiteral<1>;
+    type: z.ZodLiteral<"artifact">;
+    did: z.ZodString;
+    content: z.ZodObject<{
+        $schema: z.ZodString;
+    }, z.core.$catchall<z.ZodUnknown>>;
+    createdAt: z.ZodISODateTime;
+}, z.core.$loose>;
+type ArtifactPayload = z.infer<typeof ArtifactPayload>;
+/**
+ * Countersign: standalone witness attestation referencing a target operation by CID.
+ *
+ * `relation` is an OPEN-namespace tag naming the nature of the attestation
+ * (e.g. `coauthors`, `endorses`, `witnessed`, `holds`, `received`). It is an
+ * arbitrary bounded string — recognized values carry social meaning to clients,
+ * unrecognized values MUST be preserved and ignored. Optional, so a bare witness
+ * attestation (no relation) encodes identically (CID-neutral).
+ */
+declare const CountersignPayload: z.ZodObject<{
+    version: z.ZodLiteral<1>;
+    type: z.ZodLiteral<"countersign">;
+    did: z.ZodString;
+    targetCID: z.ZodString;
+    relation: z.ZodOptional<z.ZodString>;
+    createdAt: z.ZodISODateTime;
+}, z.core.$loose>;
+type CountersignPayload = z.infer<typeof CountersignPayload>;
+/** Revocation: signed credential revocation artifact, gossiped on the proof plane */
+declare const RevocationPayload: z.ZodObject<{
+    version: z.ZodLiteral<1>;
+    type: z.ZodLiteral<"revocation">;
+    did: z.ZodString;
+    credentialCID: z.ZodString;
+    createdAt: z.ZodISODateTime;
+}, z.core.$loose>;
+type RevocationPayload = z.infer<typeof RevocationPayload>;
+
+export { ARTIFACT_CID_ANCHOR_RE as A, CONTENT_ID_ANCHOR_RE as C, IdentityOperation as I, MAX_ARTIFACT_PAYLOAD_SIZE as M, RevocationPayload as R, ServiceEntry as S, VerifiedIdentity as V, ArtifactPayload as a, ContentOperation as b, CountersignPayload as c, MAX_OPERATION_SIZE as d, MAX_SERVICES_ENTRIES as e, MAX_SERVICES_PAYLOAD_SIZE as f, MultikeyPublicKey as g, ServicesArray as h, type Signer as i };

package/examples/identity-services.json

@@ -0,0 +1,38 @@
+{
+  "description": "Identity chain: genesis publishing a services set (relay locator + content/artifact anchors)",
+  "type": "identity",
+  "chain": [
+    "eyJhbGciOiJFZERTQSIsInR5cCI6ImRpZDpkZm9zOmlkZW50aXR5LW9wIiwia2lkIjoia2V5X3I5ZXYzNGZ2YzIzejk5OXZlYWFmdDgzbm4yOXp2aGUiLCJjaWQiOiJiYWZ5cmVpZGkzcXBzM3F0dHFwMjJtM3kzM2JkYmYyaXlrYnE1cjQ1ampod2EzN21nZXNvdjdzZGd6ZSJ9.eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoiY3JlYXRlIiwiYXV0aEtleXMiOlt7ImlkIjoia2V5X3I5ZXYzNGZ2YzIzejk5OXZlYWFmdDgzbm4yOXp2aGUiLCJ0eXBlIjoiTXVsdGlrZXkiLCJwdWJsaWNLZXlNdWx0aWJhc2UiOiJ6Nk1rcnpMTU53b0pTVjRQM1ljY1djYnRrOHZkOUx0Z01LbkxlYURMVXFMdUFTamIifV0sImFzc2VydEtleXMiOlt7ImlkIjoia2V5X3I5ZXYzNGZ2YzIzejk5OXZlYWFmdDgzbm4yOXp2aGUiLCJ0eXBlIjoiTXVsdGlrZXkiLCJwdWJsaWNLZXlNdWx0aWJhc2UiOiJ6Nk1rcnpMTU53b0pTVjRQM1ljY1djYnRrOHZkOUx0Z01LbkxlYURMVXFMdUFTamIifV0sImNvbnRyb2xsZXJLZXlzIjpbeyJpZCI6ImtleV9yOWV2MzRmdmMyM3o5OTl2ZWFhZnQ4M25uMjl6dmhlIiwidHlwZSI6Ik11bHRpa2V5IiwicHVibGljS2V5TXVsdGliYXNlIjoiejZNa3J6TE1Od29KU1Y0UDNZY2NXY2J0azh2ZDlMdGdNS25MZWFETFVxTHVBU2piIn1dLCJzZXJ2aWNlcyI6W3siaWQiOiJyZWxheSIsInR5cGUiOiJEZm9zUmVsYXkiLCJlbmRwb2ludCI6Imh0dHBzOi8vcmVsYXkuZGZvcy5jb20ifSx7ImlkIjoicHJvZmlsZSIsInR5cGUiOiJDb250ZW50QW5jaG9yIiwibGFiZWwiOiJwcm9maWxlIiwiYW5jaG9yIjoiY3Y3bjh2a3ZyNjRjY3RmMzI5NGg5azRlYW5oZmY4eiJ9LHsiaWQiOiJhdmF0YXIiLCJ0eXBlIjoiQ29udGVudEFuY2hvciIsImxhYmVsIjoiYXZhdGFyIiwiYW5jaG9yIjoiYmFmeXJlaWV2Y3FybXZ0ejJwaXM1dGRpenQ3c2pvdG9xcW9nbDZ2cnJxZ2E2NHcydG53a3Eycm51ZHkifV0sImNyZWF0ZWRBdCI6IjIwMjYtMDMtMDdUMDA6MDU6MDAuMDAwWiJ9.HCzVJXcUzL62lxtC8omBlit1JNSWk4b4kQKjjjWT00honzZ9-k3dKusIRuhTV6gjT1M74bLVZYUxPb8kJvhHAw"
+  ],
+  "controllerPublicKey": "z6MkrzLMNwoJSV4P3YccWcbtk8vd9LtgMKnLeaDLUqLuASjb",
+  "expected": {
+    "did": "did:dfos:zhkrrzrd7z623ha8tt7dt699de8r3ar",
+    "isDeleted": false,
+    "controllerKeys": [
+      {
+        "id": "key_r9ev34fvc23z999veaaft83nn29zvhe",
+        "type": "Multikey",
+        "publicKeyMultibase": "z6MkrzLMNwoJSV4P3YccWcbtk8vd9LtgMKnLeaDLUqLuASjb"
+      }
+    ],
+    "services": [
+      {
+        "id": "relay",
+        "type": "DfosRelay",
+        "endpoint": "https://relay.dfos.com"
+      },
+      {
+        "id": "profile",
+        "type": "ContentAnchor",
+        "label": "profile",
+        "anchor": "cv7n8vkvr64cctf3294h9k4eanhff8z"
+      },
+      {
+        "id": "avatar",
+        "type": "ContentAnchor",
+        "label": "avatar",
+        "anchor": "bafyreievcqrmvtz2pis5tdizt7sjotoqqogl6vrrqga64w2tnwkq2rnudy"
+      }
+    ]
+  }
+}

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "@metalabel/dfos-protocol",
-  "version": "0.10.0",
+  "version": "0.12.0",
   "type": "module",
-  "description": "DFOS Protocol — Ed25519 signed chain primitives, beacons, credentials, and verification",
+  "description": "DFOS Protocol — Ed25519 signed chain primitives, services, credentials, and verification",
   "license": "MIT",
   "author": "Metalabel <hello@metalabel.com> (https://metalabel.com)",
   "repository": {

package/dist/schemas-BhikXSf_.d.ts

@@ -1,146 +0,0 @@
-import { z } from 'zod';
-
-/** Function that signs a byte array and returns a signature */
-type Signer = (message: Uint8Array) => Promise<Uint8Array>;
-declare const MultikeyPublicKey: z.ZodObject<{
-    id: z.ZodString;
-    type: z.ZodLiteral<"Multikey">;
-    publicKeyMultibase: z.ZodString;
-}, z.core.$strict>;
-type MultikeyPublicKey = z.infer<typeof MultikeyPublicKey>;
-declare const IdentityOperation: z.ZodDiscriminatedUnion<[z.ZodObject<{
-    version: z.ZodLiteral<1>;
-    type: z.ZodLiteral<"create">;
-    authKeys: z.ZodArray<z.ZodObject<{
-        id: z.ZodString;
-        type: z.ZodLiteral<"Multikey">;
-        publicKeyMultibase: z.ZodString;
-    }, z.core.$strict>>;
-    assertKeys: z.ZodArray<z.ZodObject<{
-        id: z.ZodString;
-        type: z.ZodLiteral<"Multikey">;
-        publicKeyMultibase: z.ZodString;
-    }, z.core.$strict>>;
-    controllerKeys: z.ZodArray<z.ZodObject<{
-        id: z.ZodString;
-        type: z.ZodLiteral<"Multikey">;
-        publicKeyMultibase: z.ZodString;
-    }, z.core.$strict>>;
-    createdAt: z.ZodISODateTime;
-}, z.core.$strict>, z.ZodObject<{
-    version: z.ZodLiteral<1>;
-    type: z.ZodLiteral<"update">;
-    previousOperationCID: z.ZodString;
-    authKeys: z.ZodArray<z.ZodObject<{
-        id: z.ZodString;
-        type: z.ZodLiteral<"Multikey">;
-        publicKeyMultibase: z.ZodString;
-    }, z.core.$strict>>;
-    assertKeys: z.ZodArray<z.ZodObject<{
-        id: z.ZodString;
-        type: z.ZodLiteral<"Multikey">;
-        publicKeyMultibase: z.ZodString;
-    }, z.core.$strict>>;
-    controllerKeys: z.ZodArray<z.ZodObject<{
-        id: z.ZodString;
-        type: z.ZodLiteral<"Multikey">;
-        publicKeyMultibase: z.ZodString;
-    }, z.core.$strict>>;
-    createdAt: z.ZodISODateTime;
-}, z.core.$strict>, z.ZodObject<{
-    version: z.ZodLiteral<1>;
-    type: z.ZodLiteral<"delete">;
-    previousOperationCID: z.ZodString;
-    createdAt: z.ZodISODateTime;
-}, z.core.$strict>], "type">;
-type IdentityOperation = z.infer<typeof IdentityOperation>;
-declare const VerifiedIdentity: z.ZodObject<{
-    did: z.ZodString;
-    isDeleted: z.ZodBoolean;
-    authKeys: z.ZodArray<z.ZodObject<{
-        id: z.ZodString;
-        type: z.ZodLiteral<"Multikey">;
-        publicKeyMultibase: z.ZodString;
-    }, z.core.$strict>>;
-    assertKeys: z.ZodArray<z.ZodObject<{
-        id: z.ZodString;
-        type: z.ZodLiteral<"Multikey">;
-        publicKeyMultibase: z.ZodString;
-    }, z.core.$strict>>;
-    controllerKeys: z.ZodArray<z.ZodObject<{
-        id: z.ZodString;
-        type: z.ZodLiteral<"Multikey">;
-        publicKeyMultibase: z.ZodString;
-    }, z.core.$strict>>;
-}, z.core.$strict>;
-type VerifiedIdentity = z.infer<typeof VerifiedIdentity>;
-declare const ContentOperation: z.ZodDiscriminatedUnion<[z.ZodObject<{
-    version: z.ZodLiteral<1>;
-    type: z.ZodLiteral<"create">;
-    did: z.ZodString;
-    documentCID: z.ZodString;
-    baseDocumentCID: z.ZodNullable<z.ZodString>;
-    createdAt: z.ZodISODateTime;
-    note: z.ZodNullable<z.ZodString>;
-}, z.core.$strict>, z.ZodObject<{
-    version: z.ZodLiteral<1>;
-    type: z.ZodLiteral<"update">;
-    did: z.ZodString;
-    previousOperationCID: z.ZodString;
-    documentCID: z.ZodNullable<z.ZodString>;
-    baseDocumentCID: z.ZodNullable<z.ZodString>;
-    createdAt: z.ZodISODateTime;
-    note: z.ZodNullable<z.ZodString>;
-    authorization: z.ZodOptional<z.ZodString>;
-}, z.core.$strict>, z.ZodObject<{
-    version: z.ZodLiteral<1>;
-    type: z.ZodLiteral<"delete">;
-    did: z.ZodString;
-    previousOperationCID: z.ZodString;
-    createdAt: z.ZodISODateTime;
-    note: z.ZodNullable<z.ZodString>;
-    authorization: z.ZodOptional<z.ZodString>;
-}, z.core.$strict>], "type">;
-type ContentOperation = z.infer<typeof ContentOperation>;
-/** Beacon: floating signed manifest pointer announcement */
-declare const BeaconPayload: z.ZodObject<{
-    version: z.ZodLiteral<1>;
-    type: z.ZodLiteral<"beacon">;
-    did: z.ZodString;
-    manifestContentId: z.ZodString;
-    createdAt: z.ZodISODateTime;
-}, z.core.$strict>;
-type BeaconPayload = z.infer<typeof BeaconPayload>;
-/** Max CBOR-encoded payload size for artifacts (bytes) — protocol constant */
-declare const MAX_ARTIFACT_PAYLOAD_SIZE = 16384;
-/** Artifact: standalone signed inline document, immutable, CID-addressable */
-declare const ArtifactPayload: z.ZodObject<{
-    version: z.ZodLiteral<1>;
-    type: z.ZodLiteral<"artifact">;
-    did: z.ZodString;
-    content: z.ZodObject<{
-        $schema: z.ZodString;
-    }, z.core.$catchall<z.ZodUnknown>>;
-    createdAt: z.ZodISODateTime;
-}, z.core.$strict>;
-type ArtifactPayload = z.infer<typeof ArtifactPayload>;
-/** Countersign: standalone witness attestation referencing a target operation by CID */
-declare const CountersignPayload: z.ZodObject<{
-    version: z.ZodLiteral<1>;
-    type: z.ZodLiteral<"countersign">;
-    did: z.ZodString;
-    targetCID: z.ZodString;
-    createdAt: z.ZodISODateTime;
-}, z.core.$strict>;
-type CountersignPayload = z.infer<typeof CountersignPayload>;
-/** Revocation: signed credential revocation artifact, gossiped like beacons */
-declare const RevocationPayload: z.ZodObject<{
-    version: z.ZodLiteral<1>;
-    type: z.ZodLiteral<"revocation">;
-    did: z.ZodString;
-    credentialCID: z.ZodString;
-    createdAt: z.ZodISODateTime;
-}, z.core.$strict>;
-type RevocationPayload = z.infer<typeof RevocationPayload>;
-
-export { ArtifactPayload as A, BeaconPayload as B, ContentOperation as C, IdentityOperation as I, MAX_ARTIFACT_PAYLOAD_SIZE as M, RevocationPayload as R, type Signer as S, VerifiedIdentity as V, CountersignPayload as a, MultikeyPublicKey as b };

package/examples/beacon.json

@@ -1,14 +0,0 @@
-{
-  "description": "Beacon: signed manifest content ID announcement with witness countersignature",
-  "type": "beacon",
-  "controllerJws": "eyJhbGciOiJFZERTQSIsInR5cCI6ImRpZDpkZm9zOmJlYWNvbiIsImtpZCI6ImRpZDpkZm9zOmNubm5mdDlmOGEycm45MzhkNm5rejM4cjg0N3Yya3Ija2V5X3I5ZXYzNGZ2YzIzejk5OXZlYWFmdDgzbm4yOXp2aGUiLCJjaWQiOiJiYWZ5cmVpYjR3MnAydTZ0bHc3N3NidGtwdnc3ZnF2d3ZrNnJ3MzdweWFtM29zb2JvNXhwM29vZWt1cSJ9.eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoiYmVhY29uIiwiZGlkIjoiZGlkOmRmb3M6Y25ubmZ0OWY4YTJybjkzOGQ2bmt6MzhyODQ3djJrciIsIm1hbmlmZXN0Q29udGVudElkIjoiY3Y3bjh2a3ZyNjRjY3RmMzI5NGg5azRlYW5oZmY4eiIsImNyZWF0ZWRBdCI6IjIwMjYtMDMtMDdUMDA6MDU6MDAuMDAwWiJ9.exr0Dfb_asVXeMpnUOaql9ppeO2pifzEdId8ocXHQ6-v_XUwccQdJaL4MhKzJGUbRAa0hfRVSFRndhjJ4NN1DA",
-  "witnessJws": "eyJhbGciOiJFZERTQSIsInR5cCI6ImRpZDpkZm9zOmJlYWNvbiIsImtpZCI6ImRpZDpkZm9zOmNubm5mdDlmOGEycm45MzhkNm5rejM4cjg0N3Yya3Ija2V5X2V6OWE4NzR0Y2tyM2R2OTMzZDNja2RuN3o2enJjdDgiLCJjaWQiOiJiYWZ5cmVpYjR3MnAydTZ0bHc3N3NidGtwdnc3ZnF2d3ZrNnJ3MzdweWFtM29zb2JvNXhwM29vZWt1cSJ9.eyJ2ZXJzaW9uIjoxLCJ0eXBlIjoiYmVhY29uIiwiZGlkIjoiZGlkOmRmb3M6Y25ubmZ0OWY4YTJybjkzOGQ2bmt6MzhyODQ3djJrciIsIm1hbmlmZXN0Q29udGVudElkIjoiY3Y3bjh2a3ZyNjRjY3RmMzI5NGg5azRlYW5oZmY4eiIsImNyZWF0ZWRBdCI6IjIwMjYtMDMtMDdUMDA6MDU6MDAuMDAwWiJ9.-49R4npkmKMJtnK4sVS_x7MFOgB1RhjkZAzwycLp80g_o6y0gV0JjnUAj12as8NglccBXEk_5DdZTFs17ygKCA",
-  "controllerPublicKey": "z6MkrzLMNwoJSV4P3YccWcbtk8vd9LtgMKnLeaDLUqLuASjb",
-  "witnessPublicKey": "z6MkfUd65JrAhfdgFuMCccU9ThQvjB2fJAMUHkuuajF992gK",
-  "expected": {
-    "beaconCID": "bafyreib4w2p2u6tlw77sbtkpvw7fqvwvk6rw37pyam3osobo5xp3ooekuq",
-    "did": "did:dfos:cnnnft9f8a2rn938d6nkz38r847v2kr",
-    "manifestContentId": "cv7n8vkvr64cctf3294h9k4eanhff8z",
-    "createdAt": "2026-03-07T00:05:00.000Z"
-  }
-}

package/schemas/manifest.v1.json

@@ -1,29 +0,0 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://schemas.dfos.com/manifest/v1",
-  "title": "Manifest",
-  "description": "A manifest — a named map of protocol object references for semantic navigation. Keys are path-like labels. Values are protocol references: content chain identifiers (31-char bare hash), DIDs (did:dfos:...), or CIDs (bafyrei...). The document layer of the dark forest. Discovery is social or out-of-band.",
-  "type": "object",
-  "required": ["$schema", "entries"],
-  "properties": {
-    "$schema": {
-      "const": "https://schemas.dfos.com/manifest/v1"
-    },
-    "entries": {
-      "type": "object",
-      "propertyNames": {
-        "pattern": "^[a-z0-9][a-z0-9._/-]*[a-z0-9]$",
-        "minLength": 2,
-        "maxLength": 128
-      },
-      "additionalProperties": {
-        "type": "string",
-        "pattern": "^[a-z0-9][a-z0-9:._/-]*$",
-        "minLength": 1,
-        "maxLength": 512
-      },
-      "description": "Named entries mapping path-like keys to protocol object references (contentId, DID, or CID)."
-    }
-  },
-  "additionalProperties": false
-}