@mindees/updates 0.1.0

package/LICENSE

@@ -0,0 +1,31 @@
+# License
+
+MindeesNative is dual-licensed under either of:
+
+- **Apache License, Version 2.0** ([LICENSE-APACHE](./LICENSE-APACHE) or
+  <https://www.apache.org/licenses/LICENSE-2.0>)
+- **MIT license** ([LICENSE-MIT](./LICENSE-MIT) or
+  <https://opensource.org/licenses/MIT>)
+
+at your option.
+
+This `MIT OR Apache-2.0` dual-license is the same model used by the Rust
+ecosystem and many modern open-source projects. It gives downstream users
+maximum flexibility: the MIT option is short and permissive, while the Apache
+option adds an explicit patent grant.
+
+## SPDX identifier
+
+```
+SPDX-License-Identifier: MIT OR Apache-2.0
+```
+
+## Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally
+submitted for inclusion in the work by you, as defined in the Apache-2.0
+license, shall be dual-licensed as above, without any additional terms or
+conditions.
+
+Contributions are accepted under the **Developer Certificate of Origin (DCO)**.
+See [CONTRIBUTING.md](./CONTRIBUTING.md) for details on signing off your commits.

package/README.md

@@ -0,0 +1,125 @@
+# @mindees/updates
+
+**Pulse** — signed over-the-air (OTA) updates: ship new JavaScript + assets to
+installed apps without an app-store release, safely.
+
+> Status: 🧪 **Experimental** — Phase 9 (Pulse) is complete in its current scope.
+> Implemented and tested: signed OTA core, differential bundle diffing, the reference
+> update server, and server-driven UI (SDUI). The WASM module runtime is a 🔬 research
+> track (`createWasmModuleRuntime()` throws `NotImplementedError`). See the repository
+> [STATUS.md](../../STATUS.md).
+
+## What works today
+
+- **Hash-addressed manifest** — `UpdateManifest` enumerates a bundle's files, each by
+  SHA-256. One signature over the manifest's canonical bytes transitively secures
+  every file. `canonicalManifestJson` is deterministic (key-sorted, compact);
+  `parseManifest` strictly validates untrusted input.
+- **Ed25519 signing** — `signManifest` / `verifySignedManifest` over **detached
+  canonical bytes** (the verifier never re-serializes). A `threshold` (default 1)
+  requires that many valid signatures from **distinct** trusted keys → key rotation
+  and multi-party signing. Pure-JS [`@noble`](https://github.com/paulmillr/noble-curves),
+  so it runs on Node, browsers, and Hermes/React Native — no WebCrypto or native module.
+- **Content-addressed storage** — `UpdateStorage` stores blobs by SHA-256, so files
+  shared across updates are stored once and **unchanged assets are never re-downloaded**.
+  `createMemoryStorage()` is the reference implementation; bring your own for FS/S3/R2/RN.
+- **Differential (delta) downloads** — a zero-dependency, pure-TS byte-level delta codec
+  (`diff` build-side, `applyDelta` on-device, a rolling-hash COPY/INSERT scheme). A
+  changed asset can carry an `AssetEntry.patch` descriptor `{ base, delta }` in the
+  signed manifest; the client fetches only the small delta, reconstructs the asset
+  against a base blob it already holds, and verifies the result against the asset's
+  SHA-256. A bad or forged delta can never install — it falls back to a full download.
+- **Safe update client** — `createUpdateClient()`:
+  - `check()` — fetch + verify the signed manifest; apply the signature, expiry,
+    runtime-compatibility, and monotonic-version (anti-rollback) gates.
+  - `download()` — fetch only assets not already stored, hash-verify each, record a
+    `pending` generation (never touches the live one).
+  - `apply()` — verify all assets present, then **atomically** flip the current
+    generation (keeping `previous` + the embedded build as fallbacks).
+  - `boot()` — on startup, roll back a generation that **crash-loops** before it
+    confirms itself (readiness handshake), down to previous → embedded.
+  - `notifyReady()` / `rollback()` — confirm a good launch, or revert manually.
+
+## Reference update server
+
+The `@mindees/updates/server` subpath ships a **pure, capability-injected**
+`createUpdateServer` — the other side of the wire. It **never signs** (it serves
+**pre-signed** manifests; signing stays offline) and is deterministic + headlessly
+testable. `resolveUpdate({ runtimeVersion, channel, currentVersion, rolloutKey })`
+does channel selection, **deterministic staged rollout**, an **anti-downgrade** mirror
+of the client's own gate, **freeze** (expiry), and **rollback directives**; `getAsset`
+serves content-addressed blobs (delta blobs included). A runnable `node:http` adapter
+lives in [`examples/pulse-server/`](../../examples/pulse-server/). See
+[ADR-0010](../../docs/adr/0010-pulse-reference-server.md).
+
+## Server-driven UI (SDUI)
+
+The `@mindees/updates/sdui` subpath ships UI **as data** over OTA. `compileSdui`
+validates an untrusted, schema-versioned JSON tree against an injected **allowlist**
+registry and compiles it to a `@mindees/core` `MindeesNode`:
+
+- **named actions** — `{ "onPress": { "$action": "increment", "args": {…} } }` →
+  a function calling a pre-registered handler (**no code is ever transported or `eval`'d**),
+- **reactive bindings** — `{ "label": { "$bind": "count" } }` → a `() => value`
+  accessor the renderer treats as a fine-grained reactive region,
+- **fail-closed + safe** — unknown tags/actions, missing bindings, dangerous keys
+  (`__proto__`/`constructor`/`prototype`), and depth/node/string/prop limit breaches all
+  throw `SduiError`.
+
+Incremental updates use a pure-TS RFC 7396 merge-patch (`applyMergePatch`) and a safe
+RFC 6902 subset (`applyJsonPatch` — `add`/`remove`/`replace`); a patched tree must be
+re-run through `compileSdui` before render. Design: [ADR-0011](../../docs/adr/0011-pulse-sdui.md).
+
+## Quick start
+
+```ts
+import {
+  createUpdateClient,
+  createMemoryStorage,
+  generateKeypair,
+  signManifest,
+  toHex,
+} from '@mindees/updates'
+
+// On your build server: sign a manifest (keep the secret key off-device).
+const { secretKey, publicKey } = generateKeypair()
+const signed = signManifest(manifest, [{ keyId: 'release-2026', secretKey }])
+
+// In the app: embed the public key + the runtime version, then drive the flow.
+const client = createUpdateClient({
+  storage: createMemoryStorage(),
+  trustedKeys: [{ keyId: 'release-2026', publicKey: toHex(publicKey) }],
+  runtimeVersion: '1.0.0',
+  embeddedVersion: 1,
+  fetchManifest: async () => fetchJson('/updates/latest'),
+  fetchAsset: async (asset) => fetchBytes(`/updates/assets/${asset.sha256}`),
+})
+
+await client.boot() // call once at startup, before rendering, to recover from a bad update
+const result = await client.check()
+if (result.available) {
+  await client.download(result.manifest)
+  await client.apply(result.manifest.id) // takes effect next launch
+}
+// …once the new version has launched and rendered successfully:
+await client.notifyReady()
+```
+
+## Security model
+
+A minimal subset of [The Update Framework](https://theupdateframework.io/) (TUF):
+
+- **Tamper** — the manifest signature plus a per-file SHA-256 check.
+- **Rollback / downgrade** — the client persists the highest version ever applied and
+  rejects anything not strictly newer.
+- **Freeze** — a past `expires` is rejected.
+- **Mix-and-match** — the manifest enumerates the exact set of files.
+- **Compromised CDN** — signatures are end-to-end; the CDN never holds a private key.
+- **Native incompatibility** — a `runtimeVersion` mismatch is reported as not-available,
+  so an OTA update can never carry native changes.
+
+Design rationale: [ADR-0008](../../docs/adr/0008-pulse-ota.md).
+
+## License
+
+`MIT OR Apache-2.0`

package/dist/client.d.ts

@@ -0,0 +1,74 @@
+import { AssetEntry } from "./manifest.js";
+import { SignedManifest, TrustedKey, VerifiedManifest } from "./signing.js";
+import { GenerationMeta, UpdateState, UpdateStorage } from "./store.js";
+
+//#region src/client.d.ts
+/** Options for {@link createUpdateClient}. */
+interface UpdateClientOptions {
+  /** Where blobs + state live. */
+  readonly storage: UpdateStorage;
+  /** Public keys this app trusts to sign updates. */
+  readonly trustedKeys: readonly TrustedKey[];
+  /** The app's native runtime version (gates compatibility). */
+  readonly runtimeVersion: string;
+  /** Version baked into the binary (the rollback floor). Default 0. */
+  readonly embeddedVersion?: number;
+  /** Valid signatures required from distinct trusted keys. Default 1. */
+  readonly threshold?: number;
+  /** Fetch the current signed manifest from the server. */
+  readonly fetchManifest: () => Promise<SignedManifest>;
+  /** Fetch an asset's bytes. */
+  readonly fetchAsset: (asset: AssetEntry) => Promise<Uint8Array>;
+  /** Boots into an unconfirmed generation before rolling back. Default 1. */
+  readonly maxBootAttempts?: number;
+  /** Clock, for expiry checks + tests. Default `() => Date.now()`. */
+  readonly now?: () => number;
+}
+/** Result of {@link UpdateClient.check}. */
+type UpdateCheck = {
+  readonly available: true;
+  readonly manifest: VerifiedManifest;
+} | {
+  readonly available: false;
+  readonly reason: 'up-to-date' | 'runtime-mismatch';
+};
+/** Result of {@link UpdateClient.boot}. */
+interface BootResult {
+  /** True when boot fell back to the embedded build after a failed generation. */
+  readonly isEmergencyLaunch: boolean;
+  /** The active generation id after boot (`null` = embedded). */
+  readonly current: string | null;
+}
+/** The OTA update client. */
+interface UpdateClient {
+  /** Run the boot/recovery check (call once at startup, before rendering). */
+  boot(): Promise<BootResult>;
+  /** Check the server for a newer, valid, compatible update. */
+  check(): Promise<UpdateCheck>;
+  /**
+   * Download a verified manifest's missing assets and record a pending generation.
+   * Accepts only a {@link VerifiedManifest} (from {@link UpdateClient.check}), and
+   * re-asserts the freeze / runtime / anti-downgrade gates, so it is safe even if
+   * called without `check()` first.
+   */
+  download(manifest: VerifiedManifest): Promise<GenerationMeta>;
+  /** Atomically make a downloaded generation the current one (applies next launch). */
+  apply(generationId: string): Promise<void>;
+  /** Confirm the current generation launched successfully. */
+  notifyReady(): Promise<void>;
+  /** Manually roll back the current generation to the previous / embedded one. */
+  rollback(): Promise<void>;
+  /** The persisted state. */
+  state(): Promise<UpdateState>;
+  /**
+   * True when the most recent {@link UpdateClient.boot} (or {@link UpdateClient.rollback})
+   * fell back to the embedded build after a failed update. Reflects only the latest
+   * call — it does not latch across boots.
+   */
+  readonly isEmergencyLaunch: boolean;
+}
+/** Create an {@link UpdateClient}. */
+declare function createUpdateClient(options: UpdateClientOptions): UpdateClient;
+//#endregion
+export { BootResult, UpdateCheck, UpdateClient, UpdateClientOptions, createUpdateClient };
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","names":[],"sources":["../src/client.ts"],"mappings":";;;;;;UAoCiB,mBAAA;EAMN;EAAA,SAJA,OAAA,EAAS,aAAA;EAQT;EAAA,SANA,WAAA,WAAsB,UAAA;EAQD;EAAA,SANrB,cAAA;EAQA;EAAA,SANA,eAAA;EAMa;EAAA,SAJb,SAAA;EAI2C;EAAA,SAF3C,aAAA,QAAqB,OAAA,CAAQ,cAAA;EAM7B;EAAA,SAJA,UAAA,GAAa,KAAA,EAAO,UAAA,KAAe,OAAA,CAAQ,UAAA;EAIxC;EAAA,SAFH,eAAA;EAMY;EAAA,SAJZ,GAAA;AAAA;;KAIC,WAAA;EAAA,SACG,SAAA;EAAA,SAA0B,QAAA,EAAU,gBAAgB;AAAA;EAAA,SACpD,SAAA;EAAA,SAA2B,MAAA;AAAA;;UAGzB,UAAA;EAEN;EAAA,SAAA,iBAAA;EAMM;EAAA,SAJN,OAAO;AAAA;;UAID,YAAA;EAIE;EAFjB,IAAA,IAAQ,OAAA,CAAQ,UAAA;EASG;EAPnB,KAAA,IAAS,OAAA,CAAQ,WAAA;EAOqB;;;;;;EAAtC,QAAA,CAAS,QAAA,EAAU,gBAAA,GAAmB,OAAA,CAAQ,cAAA;EAQ9B;EANhB,KAAA,CAAM,YAAA,WAAuB,OAAA;EAXrB;EAaR,WAAA,IAAe,OAAA;EAXf;EAaA,QAAA,IAAY,OAAA;EAbK;EAejB,KAAA,IAAS,OAAA,CAAQ,WAAA;EARE;;;;;EAAA,SAcV,iBAAA;AAAA;;iBAsCK,kBAAA,CAAmB,OAAA,EAAS,mBAAA,GAAsB,YAAY"}

package/dist/client.js

@@ -0,0 +1,227 @@
+import { sha256Hex } from "./crypto.js";
+import { UpdateError } from "./errors.js";
+import { applyDelta } from "./delta.js";
+import { allAssets, canonicalManifestJson, parseManifest } from "./manifest.js";
+import { verifySignedManifest } from "./signing.js";
+import { initialState } from "./store.js";
+//#region src/client.ts
+/**
+* The Pulse update client — ties the manifest, signing, and storage together into a
+* safe OTA flow:
+*
+* - **check()** — fetch + verify the signed manifest; apply the signature, expiry,
+*   runtime-compatibility, and monotonic-version gates.
+* - **download()** — fetch only the assets whose hash isn't already stored, verify
+*   each blob's SHA-256, and record a `pending` generation. Never mutates the live one.
+* - **apply()** — verify the generation's assets are present, then atomically flip
+*   `current`, retaining `previous` + the embedded build as fallbacks.
+* - **boot()** — on startup, roll back a generation that crash-loops before it
+*   confirms itself (readiness handshake), down to the embedded build.
+* - **notifyReady()** — the app calls this once it has launched successfully.
+*
+* @module
+*/
+/**
+* Compute the state after rolling back the current generation: mark it `failed`,
+* promote the previous good generation to `current` (or fall back to the embedded
+* build when there is none), and **re-arm crash-loop detection** on the rolled-to
+* generation so a *second* failure falls through to the next fallback
+* (`current → previous → embedded`). The anti-downgrade floor (`highestVersion`) is
+* preserved, so the failed version is never silently re-accepted. Shared by
+* `boot()`'s crash-loop path and the manual `rollback()`.
+*/
+function rolledBackState(st) {
+	const generations = { ...st.generations };
+	if (st.current) {
+		const failing = generations[st.current];
+		if (failing) generations[st.current] = {
+			...failing,
+			status: "failed"
+		};
+	}
+	const rolledTo = st.previous && generations[st.previous] ? st.previous : null;
+	if (rolledTo) {
+		const restored = generations[rolledTo];
+		if (restored) generations[rolledTo] = {
+			...restored,
+			status: "current"
+		};
+	}
+	return {
+		current: rolledTo,
+		previous: null,
+		highestVersion: st.highestVersion,
+		pendingVerification: rolledTo !== null,
+		bootAttempts: 0,
+		generations
+	};
+}
+/** Create an {@link UpdateClient}. */
+function createUpdateClient(options) {
+	const { storage, trustedKeys, runtimeVersion, embeddedVersion = 0, threshold = 1, fetchManifest, fetchAsset, maxBootAttempts = 1, now = () => Date.now() } = options;
+	if (trustedKeys.length < 1) throw new TypeError("createUpdateClient: trustedKeys must contain at least one key");
+	const distinctKeyCount = new Set(trustedKeys.map((k) => k.publicKey)).size;
+	if (!Number.isInteger(threshold) || threshold < 1 || threshold > distinctKeyCount) throw new TypeError(`createUpdateClient: threshold must be an integer in [1, ${distinctKeyCount}], got ${threshold}`);
+	if (typeof runtimeVersion !== "string" || runtimeVersion.length === 0) throw new TypeError("createUpdateClient: runtimeVersion must be a non-empty string");
+	if (!Number.isInteger(embeddedVersion) || embeddedVersion < 0) throw new TypeError(`createUpdateClient: embeddedVersion must be a non-negative integer, got ${embeddedVersion}`);
+	if (!Number.isInteger(maxBootAttempts) || maxBootAttempts < 1) throw new TypeError(`createUpdateClient: maxBootAttempts must be a positive integer, got ${maxBootAttempts}`);
+	let emergency = false;
+	const readStateOrInit = async () => await storage.readState() ?? initialState(embeddedVersion);
+	/** Throw if the manifest has expired (freeze protection). */
+	const assertNotExpired = (manifest) => {
+		if (manifest.expires !== void 0 && Date.parse(manifest.expires) <= now()) throw new UpdateError("MANIFEST_EXPIRED", `manifest ${manifest.id} expired at ${manifest.expires}`);
+	};
+	/**
+	* Try to reconstruct `asset` from its delta against a stored base blob. Returns the
+	* verified bytes, or `null` on any failure (missing/bad delta blob, malformed delta,
+	* reconstruction hash mismatch) so the caller falls back to a full fetch. The
+	* `sha256Hex(result) === asset.sha256` check here is the trust boundary.
+	*/
+	const tryReconstruct = async (asset, patch) => {
+		try {
+			const deltaBytes = await fetchAsset(patch.delta);
+			if (sha256Hex(deltaBytes) !== patch.delta.sha256) return null;
+			const result = applyDelta(await storage.readBlob(patch.base), deltaBytes, { maxBytes: asset.size });
+			if (sha256Hex(result) !== asset.sha256) return null;
+			return result;
+		} catch {
+			return null;
+		}
+	};
+	return {
+		get isEmergencyLaunch() {
+			return emergency;
+		},
+		state: readStateOrInit,
+		async check() {
+			const manifest = verifySignedManifest(await fetchManifest(), trustedKeys, threshold);
+			assertNotExpired(manifest);
+			if (manifest.runtimeVersion !== runtimeVersion) return {
+				available: false,
+				reason: "runtime-mismatch"
+			};
+			const st = await readStateOrInit();
+			if (manifest.version <= st.highestVersion) return {
+				available: false,
+				reason: "up-to-date"
+			};
+			return {
+				available: true,
+				manifest
+			};
+		},
+		async download(manifest) {
+			assertNotExpired(manifest);
+			if (manifest.runtimeVersion !== runtimeVersion) throw new UpdateError("RUNTIME_MISMATCH", `manifest ${manifest.id} targets runtime ${manifest.runtimeVersion}, app is ${runtimeVersion}`);
+			const st = await readStateOrInit();
+			if (manifest.version <= st.highestVersion) throw new UpdateError("VERSION_NOT_NEWER", `manifest ${manifest.id} version ${manifest.version} is not newer than ${st.highestVersion}`);
+			for (const asset of allAssets(manifest)) {
+				if (await storage.hasBlob(asset.sha256)) continue;
+				if (asset.patch && await storage.hasBlob(asset.patch.base)) {
+					const reconstructed = await tryReconstruct(asset, asset.patch);
+					if (reconstructed) {
+						await storage.writeBlob(asset.sha256, reconstructed);
+						continue;
+					}
+				}
+				const bytes = await fetchAsset(asset);
+				const actual = sha256Hex(bytes);
+				if (actual !== asset.sha256) throw new UpdateError("HASH_MISMATCH", `asset ${asset.path}: expected ${asset.sha256}, got ${actual}`);
+				await storage.writeBlob(asset.sha256, bytes);
+			}
+			const generation = {
+				id: manifest.id,
+				version: manifest.version,
+				manifest: canonicalManifestJson(manifest),
+				status: "pending"
+			};
+			await storage.writeState({
+				...st,
+				generations: {
+					...st.generations,
+					[generation.id]: generation
+				}
+			});
+			return generation;
+		},
+		async apply(generationId) {
+			const st = await readStateOrInit();
+			const generation = st.generations[generationId];
+			if (!generation) throw new UpdateError("GENERATION_UNKNOWN", `no generation ${generationId}`);
+			if (generationId === st.current && generation.status === "current") return;
+			if (generation.status === "failed") throw new UpdateError("GENERATION_FAILED", `generation ${generationId} previously failed`);
+			if (generation.version < st.highestVersion || generation.version === st.highestVersion && generationId !== st.current) throw new UpdateError("VERSION_NOT_NEWER", `generation ${generationId} version ${generation.version} is not newer than ${st.highestVersion}`);
+			for (const asset of allAssets(parseManifest(generation.manifest))) if (!await storage.hasBlob(asset.sha256)) throw new UpdateError("ASSET_MISSING", `generation ${generationId} missing asset ${asset.path}`);
+			const previous = st.current && !st.pendingVerification ? st.current : st.previous;
+			const generations = { ...st.generations };
+			if (st.current) {
+				const outgoing = generations[st.current];
+				if (outgoing) generations[st.current] = {
+					...outgoing,
+					status: st.current === previous ? "previous" : "failed"
+				};
+			}
+			generations[generationId] = {
+				...generation,
+				status: "current"
+			};
+			await storage.writeState({
+				current: generationId,
+				previous,
+				highestVersion: Math.max(st.highestVersion, generation.version),
+				pendingVerification: true,
+				bootAttempts: 0,
+				generations
+			});
+		},
+		async boot() {
+			emergency = false;
+			const st = await readStateOrInit();
+			if (st.current !== null && st.pendingVerification) {
+				const attempts = st.bootAttempts + 1;
+				if (attempts > maxBootAttempts) {
+					const next = rolledBackState(st);
+					await storage.writeState(next);
+					emergency = next.current === null;
+					return {
+						isEmergencyLaunch: emergency,
+						current: next.current
+					};
+				}
+				await storage.writeState({
+					...st,
+					bootAttempts: attempts
+				});
+				return {
+					isEmergencyLaunch: false,
+					current: st.current
+				};
+			}
+			if (await storage.readState() === null) await storage.writeState(st);
+			return {
+				isEmergencyLaunch: false,
+				current: st.current
+			};
+		},
+		async notifyReady() {
+			const st = await readStateOrInit();
+			if (!st.pendingVerification && st.bootAttempts === 0) return;
+			await storage.writeState({
+				...st,
+				pendingVerification: false,
+				bootAttempts: 0
+			});
+		},
+		async rollback() {
+			const st = await readStateOrInit();
+			if (st.current === null) return;
+			const next = rolledBackState(st);
+			await storage.writeState(next);
+			emergency = next.current === null;
+		}
+	};
+}
+//#endregion
+export { createUpdateClient };
+
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","names":[],"sources":["../src/client.ts"],"sourcesContent":["/**\n * The Pulse update client — ties the manifest, signing, and storage together into a\n * safe OTA flow:\n *\n * - **check()** — fetch + verify the signed manifest; apply the signature, expiry,\n *   runtime-compatibility, and monotonic-version gates.\n * - **download()** — fetch only the assets whose hash isn't already stored, verify\n *   each blob's SHA-256, and record a `pending` generation. Never mutates the live one.\n * - **apply()** — verify the generation's assets are present, then atomically flip\n *   `current`, retaining `previous` + the embedded build as fallbacks.\n * - **boot()** — on startup, roll back a generation that crash-loops before it\n *   confirms itself (readiness handshake), down to the embedded build.\n * - **notifyReady()** — the app calls this once it has launched successfully.\n *\n * @module\n */\n\nimport { sha256Hex } from './crypto'\nimport { applyDelta } from './delta'\nimport { UpdateError } from './errors'\nimport {\n  type AssetEntry,\n  allAssets,\n  canonicalManifestJson,\n  type PatchDescriptor,\n  parseManifest,\n} from './manifest'\nimport {\n  type SignedManifest,\n  type TrustedKey,\n  type VerifiedManifest,\n  verifySignedManifest,\n} from './signing'\nimport { type GenerationMeta, initialState, type UpdateState, type UpdateStorage } from './store'\n\n/** Options for {@link createUpdateClient}. */\nexport interface UpdateClientOptions {\n  /** Where blobs + state live. */\n  readonly storage: UpdateStorage\n  /** Public keys this app trusts to sign updates. */\n  readonly trustedKeys: readonly TrustedKey[]\n  /** The app's native runtime version (gates compatibility). */\n  readonly runtimeVersion: string\n  /** Version baked into the binary (the rollback floor). Default 0. */\n  readonly embeddedVersion?: number\n  /** Valid signatures required from distinct trusted keys. Default 1. */\n  readonly threshold?: number\n  /** Fetch the current signed manifest from the server. */\n  readonly fetchManifest: () => Promise<SignedManifest>\n  /** Fetch an asset's bytes. */\n  readonly fetchAsset: (asset: AssetEntry) => Promise<Uint8Array>\n  /** Boots into an unconfirmed generation before rolling back. Default 1. */\n  readonly maxBootAttempts?: number\n  /** Clock, for expiry checks + tests. Default `() => Date.now()`. */\n  readonly now?: () => number\n}\n\n/** Result of {@link UpdateClient.check}. */\nexport type UpdateCheck =\n  | { readonly available: true; readonly manifest: VerifiedManifest }\n  | { readonly available: false; readonly reason: 'up-to-date' | 'runtime-mismatch' }\n\n/** Result of {@link UpdateClient.boot}. */\nexport interface BootResult {\n  /** True when boot fell back to the embedded build after a failed generation. */\n  readonly isEmergencyLaunch: boolean\n  /** The active generation id after boot (`null` = embedded). */\n  readonly current: string | null\n}\n\n/** The OTA update client. */\nexport interface UpdateClient {\n  /** Run the boot/recovery check (call once at startup, before rendering). */\n  boot(): Promise<BootResult>\n  /** Check the server for a newer, valid, compatible update. */\n  check(): Promise<UpdateCheck>\n  /**\n   * Download a verified manifest's missing assets and record a pending generation.\n   * Accepts only a {@link VerifiedManifest} (from {@link UpdateClient.check}), and\n   * re-asserts the freeze / runtime / anti-downgrade gates, so it is safe even if\n   * called without `check()` first.\n   */\n  download(manifest: VerifiedManifest): Promise<GenerationMeta>\n  /** Atomically make a downloaded generation the current one (applies next launch). */\n  apply(generationId: string): Promise<void>\n  /** Confirm the current generation launched successfully. */\n  notifyReady(): Promise<void>\n  /** Manually roll back the current generation to the previous / embedded one. */\n  rollback(): Promise<void>\n  /** The persisted state. */\n  state(): Promise<UpdateState>\n  /**\n   * True when the most recent {@link UpdateClient.boot} (or {@link UpdateClient.rollback})\n   * fell back to the embedded build after a failed update. Reflects only the latest\n   * call — it does not latch across boots.\n   */\n  readonly isEmergencyLaunch: boolean\n}\n\n/**\n * Compute the state after rolling back the current generation: mark it `failed`,\n * promote the previous good generation to `current` (or fall back to the embedded\n * build when there is none), and **re-arm crash-loop detection** on the rolled-to\n * generation so a *second* failure falls through to the next fallback\n * (`current → previous → embedded`). The anti-downgrade floor (`highestVersion`) is\n * preserved, so the failed version is never silently re-accepted. Shared by\n * `boot()`'s crash-loop path and the manual `rollback()`.\n */\nfunction rolledBackState(st: UpdateState): UpdateState {\n  const generations = { ...st.generations }\n  if (st.current) {\n    const failing = generations[st.current]\n    if (failing) generations[st.current] = { ...failing, status: 'failed' }\n  }\n  const rolledTo = st.previous && generations[st.previous] ? st.previous : null\n  if (rolledTo) {\n    const restored = generations[rolledTo]\n    if (restored) generations[rolledTo] = { ...restored, status: 'current' }\n  }\n  return {\n    current: rolledTo,\n    // The single retained fallback was just consumed; the next failure on the\n    // rolled-to generation must fall through to the embedded build.\n    previous: null,\n    highestVersion: st.highestVersion,\n    // Re-arm: a real rolled-to generation is on probation and must re-confirm via\n    // notifyReady(); the embedded build (null) is always trusted, so don't arm it.\n    pendingVerification: rolledTo !== null,\n    bootAttempts: 0,\n    generations,\n  }\n}\n\n/** Create an {@link UpdateClient}. */\nexport function createUpdateClient(options: UpdateClientOptions): UpdateClient {\n  const {\n    storage,\n    trustedKeys,\n    runtimeVersion,\n    embeddedVersion = 0,\n    threshold = 1,\n    fetchManifest,\n    fetchAsset,\n    maxBootAttempts = 1,\n    now = () => Date.now(),\n  } = options\n\n  // Fail fast on misconfiguration: a silently-broken trust/rollback setup is worse\n  // than a thrown error at construction. These are programmer errors, not protocol\n  // errors, so they surface as TypeError rather than UpdateError.\n  if (trustedKeys.length < 1) {\n    throw new TypeError('createUpdateClient: trustedKeys must contain at least one key')\n  }\n  // Bound the threshold by distinct *public keys*: verifySignedManifest counts unique\n  // keys, so a threshold above the distinct-key count is unattainable (every check()\n  // would fail). Duplicate keyId aliases for one key must not inflate the ceiling.\n  const distinctKeyCount = new Set(trustedKeys.map((k) => k.publicKey)).size\n  if (!Number.isInteger(threshold) || threshold < 1 || threshold > distinctKeyCount) {\n    throw new TypeError(\n      `createUpdateClient: threshold must be an integer in [1, ${distinctKeyCount}], got ${threshold}`,\n    )\n  }\n  if (typeof runtimeVersion !== 'string' || runtimeVersion.length === 0) {\n    throw new TypeError('createUpdateClient: runtimeVersion must be a non-empty string')\n  }\n  if (!Number.isInteger(embeddedVersion) || embeddedVersion < 0) {\n    throw new TypeError(\n      `createUpdateClient: embeddedVersion must be a non-negative integer, got ${embeddedVersion}`,\n    )\n  }\n  if (!Number.isInteger(maxBootAttempts) || maxBootAttempts < 1) {\n    throw new TypeError(\n      `createUpdateClient: maxBootAttempts must be a positive integer, got ${maxBootAttempts}`,\n    )\n  }\n\n  let emergency = false\n\n  const readStateOrInit = async (): Promise<UpdateState> =>\n    (await storage.readState()) ?? initialState(embeddedVersion)\n\n  /** Throw if the manifest has expired (freeze protection). */\n  const assertNotExpired = (manifest: VerifiedManifest): void => {\n    if (manifest.expires !== undefined && Date.parse(manifest.expires) <= now()) {\n      throw new UpdateError(\n        'MANIFEST_EXPIRED',\n        `manifest ${manifest.id} expired at ${manifest.expires}`,\n      )\n    }\n  }\n\n  /**\n   * Try to reconstruct `asset` from its delta against a stored base blob. Returns the\n   * verified bytes, or `null` on any failure (missing/bad delta blob, malformed delta,\n   * reconstruction hash mismatch) so the caller falls back to a full fetch. The\n   * `sha256Hex(result) === asset.sha256` check here is the trust boundary.\n   */\n  const tryReconstruct = async (\n    asset: AssetEntry,\n    patch: PatchDescriptor,\n  ): Promise<Uint8Array | null> => {\n    try {\n      const deltaBytes = await fetchAsset(patch.delta)\n      if (sha256Hex(deltaBytes) !== patch.delta.sha256) return null // delta blob corrupt\n      const baseBytes = await storage.readBlob(patch.base)\n      // Bound the allocation by the signed expected size — an honest delta always\n      // reconstructs exactly asset.size bytes, so this never rejects a valid one.\n      const result = applyDelta(baseBytes, deltaBytes, { maxBytes: asset.size })\n      if (sha256Hex(result) !== asset.sha256) return null // reconstruction mismatch\n      return result\n    } catch {\n      return null\n    }\n  }\n\n  return {\n    get isEmergencyLaunch() {\n      return emergency\n    },\n\n    state: readStateOrInit,\n\n    async check(): Promise<UpdateCheck> {\n      const signed = await fetchManifest()\n      // Throws SIGNATURE_INVALID if < threshold valid trusted signatures.\n      const manifest = verifySignedManifest(signed, trustedKeys, threshold)\n      assertNotExpired(manifest)\n      if (manifest.runtimeVersion !== runtimeVersion) {\n        return { available: false, reason: 'runtime-mismatch' }\n      }\n      const st = await readStateOrInit()\n      if (manifest.version <= st.highestVersion) {\n        return { available: false, reason: 'up-to-date' } // never downgrade\n      }\n      return { available: true, manifest }\n    },\n\n    async download(manifest): Promise<GenerationMeta> {\n      // `manifest` is signature-verified (the VerifiedManifest brand), but freshness,\n      // runtime compatibility, and the anti-downgrade floor depend on *now* + current\n      // state — re-assert them here so download() is safe even without a prior check().\n      assertNotExpired(manifest)\n      if (manifest.runtimeVersion !== runtimeVersion) {\n        throw new UpdateError(\n          'RUNTIME_MISMATCH',\n          `manifest ${manifest.id} targets runtime ${manifest.runtimeVersion}, app is ${runtimeVersion}`,\n        )\n      }\n      const st = await readStateOrInit()\n      if (manifest.version <= st.highestVersion) {\n        throw new UpdateError(\n          'VERSION_NOT_NEWER',\n          `manifest ${manifest.id} version ${manifest.version} is not newer than ${st.highestVersion}`,\n        )\n      }\n      for (const asset of allAssets(manifest)) {\n        if (await storage.hasBlob(asset.sha256)) continue // content-addressed: already have it\n        // Differential path: reconstruct from a delta if we already hold the base blob.\n        // The post-apply SHA-256 gate below is the trust boundary, so a bad/forged\n        // delta just yields null and falls through to a full fetch.\n        if (asset.patch && (await storage.hasBlob(asset.patch.base))) {\n          const reconstructed = await tryReconstruct(asset, asset.patch)\n          if (reconstructed) {\n            await storage.writeBlob(asset.sha256, reconstructed)\n            continue\n          }\n        }\n        const bytes = await fetchAsset(asset)\n        const actual = sha256Hex(bytes)\n        if (actual !== asset.sha256) {\n          throw new UpdateError(\n            'HASH_MISMATCH',\n            `asset ${asset.path}: expected ${asset.sha256}, got ${actual}`,\n          )\n        }\n        await storage.writeBlob(asset.sha256, bytes)\n      }\n      const generation: GenerationMeta = {\n        id: manifest.id,\n        version: manifest.version,\n        manifest: canonicalManifestJson(manifest),\n        status: 'pending',\n      }\n      await storage.writeState({\n        ...st,\n        generations: { ...st.generations, [generation.id]: generation },\n      })\n      return generation\n    },\n\n    async apply(generationId): Promise<void> {\n      const st = await readStateOrInit()\n      const generation = st.generations[generationId]\n      if (!generation) throw new UpdateError('GENERATION_UNKNOWN', `no generation ${generationId}`)\n      // Idempotent re-apply: the requested generation is ALREADY current. Short-circuit\n      // before rewriting state — re-running the flip would reset pendingVerification and\n      // bootAttempts, un-confirming a generation that may have already passed its\n      // readiness handshake (and re-arming crash-loop rollback against a known-good build).\n      if (generationId === st.current && generation.status === 'current') return\n      // Never re-activate a generation that previously failed (e.g. crash-looped).\n      if (generation.status === 'failed') {\n        throw new UpdateError('GENERATION_FAILED', `generation ${generationId} previously failed`)\n      }\n      // Never activate something that is not strictly newer than the high-water mark\n      // (anti-downgrade). download()/check()/the server all enforce a `<=` floor;\n      // apply() is the final gate before code goes live, so it must too — otherwise a\n      // DIFFERENT bundle signed at the SAME version could laterally replace a\n      // confirmed-good current generation. Re-applying the already-current generation\n      // stays idempotent (allowed).\n      if (\n        generation.version < st.highestVersion ||\n        (generation.version === st.highestVersion && generationId !== st.current)\n      ) {\n        throw new UpdateError(\n          'VERSION_NOT_NEWER',\n          `generation ${generationId} version ${generation.version} is not newer than ${st.highestVersion}`,\n        )\n      }\n      // All assets must be present before we make it current.\n      for (const asset of allAssets(parseManifest(generation.manifest))) {\n        if (!(await storage.hasBlob(asset.sha256))) {\n          throw new UpdateError(\n            'ASSET_MISSING',\n            `generation ${generationId} missing asset ${asset.path}`,\n          )\n        }\n      }\n      // Keep as the rollback target only a *confirmed* outgoing generation. An\n      // unconfirmed `current` (still pending) never proved itself, so we retain the\n      // older known-good `previous` instead of stranding it behind a suspect build.\n      const previous = st.current && !st.pendingVerification ? st.current : st.previous\n      const generations = { ...st.generations }\n      if (st.current) {\n        const outgoing = generations[st.current]\n        if (outgoing) {\n          generations[st.current] = {\n            ...outgoing,\n            status: st.current === previous ? 'previous' : 'failed',\n          }\n        }\n      }\n      generations[generationId] = { ...generation, status: 'current' }\n      await storage.writeState({\n        current: generationId,\n        previous,\n        highestVersion: Math.max(st.highestVersion, generation.version),\n        pendingVerification: true,\n        bootAttempts: 0,\n        generations,\n      })\n    },\n\n    async boot(): Promise<BootResult> {\n      emergency = false // reflects only *this* launch — never latches across boots\n      const st = await readStateOrInit()\n      if (st.current !== null && st.pendingVerification) {\n        const attempts = st.bootAttempts + 1\n        if (attempts > maxBootAttempts) {\n          // The current generation crash-looped before confirming → roll back.\n          const next = rolledBackState(st)\n          await storage.writeState(next)\n          emergency = next.current === null\n          return { isEmergencyLaunch: emergency, current: next.current }\n        }\n        // Give the current generation another chance to confirm this launch.\n        await storage.writeState({ ...st, bootAttempts: attempts })\n        return { isEmergencyLaunch: false, current: st.current }\n      }\n      if ((await storage.readState()) === null) await storage.writeState(st) // persist initial\n      return { isEmergencyLaunch: false, current: st.current }\n    },\n\n    async notifyReady(): Promise<void> {\n      const st = await readStateOrInit()\n      if (!st.pendingVerification && st.bootAttempts === 0) return\n      await storage.writeState({ ...st, pendingVerification: false, bootAttempts: 0 })\n    },\n\n    async rollback(): Promise<void> {\n      const st = await readStateOrInit()\n      if (st.current === null) return // already on the embedded build\n      const next = rolledBackState(st)\n      await storage.writeState(next)\n      emergency = next.current === null\n    },\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4GA,SAAS,gBAAgB,IAA8B;CACrD,MAAM,cAAc,EAAE,GAAG,GAAG,YAAY;CACxC,IAAI,GAAG,SAAS;EACd,MAAM,UAAU,YAAY,GAAG;EAC/B,IAAI,SAAS,YAAY,GAAG,WAAW;GAAE,GAAG;GAAS,QAAQ;EAAS;CACxE;CACA,MAAM,WAAW,GAAG,YAAY,YAAY,GAAG,YAAY,GAAG,WAAW;CACzE,IAAI,UAAU;EACZ,MAAM,WAAW,YAAY;EAC7B,IAAI,UAAU,YAAY,YAAY;GAAE,GAAG;GAAU,QAAQ;EAAU;CACzE;CACA,OAAO;EACL,SAAS;EAGT,UAAU;EACV,gBAAgB,GAAG;EAGnB,qBAAqB,aAAa;EAClC,cAAc;EACd;CACF;AACF;;AAGA,SAAgB,mBAAmB,SAA4C;CAC7E,MAAM,EACJ,SACA,aACA,gBACA,kBAAkB,GAClB,YAAY,GACZ,eACA,YACA,kBAAkB,GAClB,YAAY,KAAK,IAAI,MACnB;CAKJ,IAAI,YAAY,SAAS,GACvB,MAAM,IAAI,UAAU,+DAA+D;CAKrF,MAAM,mBAAmB,IAAI,IAAI,YAAY,KAAK,MAAM,EAAE,SAAS,CAAC,EAAE;CACtE,IAAI,CAAC,OAAO,UAAU,SAAS,KAAK,YAAY,KAAK,YAAY,kBAC/D,MAAM,IAAI,UACR,2DAA2D,iBAAiB,SAAS,WACvF;CAEF,IAAI,OAAO,mBAAmB,YAAY,eAAe,WAAW,GAClE,MAAM,IAAI,UAAU,+DAA+D;CAErF,IAAI,CAAC,OAAO,UAAU,eAAe,KAAK,kBAAkB,GAC1D,MAAM,IAAI,UACR,2EAA2E,iBAC7E;CAEF,IAAI,CAAC,OAAO,UAAU,eAAe,KAAK,kBAAkB,GAC1D,MAAM,IAAI,UACR,uEAAuE,iBACzE;CAGF,IAAI,YAAY;CAEhB,MAAM,kBAAkB,YACrB,MAAM,QAAQ,UAAU,KAAM,aAAa,eAAe;;CAG7D,MAAM,oBAAoB,aAAqC;EAC7D,IAAI,SAAS,YAAY,KAAA,KAAa,KAAK,MAAM,SAAS,OAAO,KAAK,IAAI,GACxE,MAAM,IAAI,YACR,oBACA,YAAY,SAAS,GAAG,cAAc,SAAS,SACjD;CAEJ;;;;;;;CAQA,MAAM,iBAAiB,OACrB,OACA,UAC+B;EAC/B,IAAI;GACF,MAAM,aAAa,MAAM,WAAW,MAAM,KAAK;GAC/C,IAAI,UAAU,UAAU,MAAM,MAAM,MAAM,QAAQ,OAAO;GAIzD,MAAM,SAAS,WAAW,MAHF,QAAQ,SAAS,MAAM,IAAI,GAGd,YAAY,EAAE,UAAU,MAAM,KAAK,CAAC;GACzE,IAAI,UAAU,MAAM,MAAM,MAAM,QAAQ,OAAO;GAC/C,OAAO;EACT,QAAQ;GACN,OAAO;EACT;CACF;CAEA,OAAO;EACL,IAAI,oBAAoB;GACtB,OAAO;EACT;EAEA,OAAO;EAEP,MAAM,QAA8B;GAGlC,MAAM,WAAW,qBAAqB,MAFjB,cAAc,GAEW,aAAa,SAAS;GACpE,iBAAiB,QAAQ;GACzB,IAAI,SAAS,mBAAmB,gBAC9B,OAAO;IAAE,WAAW;IAAO,QAAQ;GAAmB;GAExD,MAAM,KAAK,MAAM,gBAAgB;GACjC,IAAI,SAAS,WAAW,GAAG,gBACzB,OAAO;IAAE,WAAW;IAAO,QAAQ;GAAa;GAElD,OAAO;IAAE,WAAW;IAAM;GAAS;EACrC;EAEA,MAAM,SAAS,UAAmC;GAIhD,iBAAiB,QAAQ;GACzB,IAAI,SAAS,mBAAmB,gBAC9B,MAAM,IAAI,YACR,oBACA,YAAY,SAAS,GAAG,mBAAmB,SAAS,eAAe,WAAW,gBAChF;GAEF,MAAM,KAAK,MAAM,gBAAgB;GACjC,IAAI,SAAS,WAAW,GAAG,gBACzB,MAAM,IAAI,YACR,qBACA,YAAY,SAAS,GAAG,WAAW,SAAS,QAAQ,qBAAqB,GAAG,gBAC9E;GAEF,KAAK,MAAM,SAAS,UAAU,QAAQ,GAAG;IACvC,IAAI,MAAM,QAAQ,QAAQ,MAAM,MAAM,GAAG;IAIzC,IAAI,MAAM,SAAU,MAAM,QAAQ,QAAQ,MAAM,MAAM,IAAI,GAAI;KAC5D,MAAM,gBAAgB,MAAM,eAAe,OAAO,MAAM,KAAK;KAC7D,IAAI,eAAe;MACjB,MAAM,QAAQ,UAAU,MAAM,QAAQ,aAAa;MACnD;KACF;IACF;IACA,MAAM,QAAQ,MAAM,WAAW,KAAK;IACpC,MAAM,SAAS,UAAU,KAAK;IAC9B,IAAI,WAAW,MAAM,QACnB,MAAM,IAAI,YACR,iBACA,SAAS,MAAM,KAAK,aAAa,MAAM,OAAO,QAAQ,QACxD;IAEF,MAAM,QAAQ,UAAU,MAAM,QAAQ,KAAK;GAC7C;GACA,MAAM,aAA6B;IACjC,IAAI,SAAS;IACb,SAAS,SAAS;IAClB,UAAU,sBAAsB,QAAQ;IACxC,QAAQ;GACV;GACA,MAAM,QAAQ,WAAW;IACvB,GAAG;IACH,aAAa;KAAE,GAAG,GAAG;MAAc,WAAW,KAAK;IAAW;GAChE,CAAC;GACD,OAAO;EACT;EAEA,MAAM,MAAM,cAA6B;GACvC,MAAM,KAAK,MAAM,gBAAgB;GACjC,MAAM,aAAa,GAAG,YAAY;GAClC,IAAI,CAAC,YAAY,MAAM,IAAI,YAAY,sBAAsB,iBAAiB,cAAc;GAK5F,IAAI,iBAAiB,GAAG,WAAW,WAAW,WAAW,WAAW;GAEpE,IAAI,WAAW,WAAW,UACxB,MAAM,IAAI,YAAY,qBAAqB,cAAc,aAAa,mBAAmB;GAQ3F,IACE,WAAW,UAAU,GAAG,kBACvB,WAAW,YAAY,GAAG,kBAAkB,iBAAiB,GAAG,SAEjE,MAAM,IAAI,YACR,qBACA,cAAc,aAAa,WAAW,WAAW,QAAQ,qBAAqB,GAAG,gBACnF;GAGF,KAAK,MAAM,SAAS,UAAU,cAAc,WAAW,QAAQ,CAAC,GAC9D,IAAI,CAAE,MAAM,QAAQ,QAAQ,MAAM,MAAM,GACtC,MAAM,IAAI,YACR,iBACA,cAAc,aAAa,iBAAiB,MAAM,MACpD;GAMJ,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,sBAAsB,GAAG,UAAU,GAAG;GACzE,MAAM,cAAc,EAAE,GAAG,GAAG,YAAY;GACxC,IAAI,GAAG,SAAS;IACd,MAAM,WAAW,YAAY,GAAG;IAChC,IAAI,UACF,YAAY,GAAG,WAAW;KACxB,GAAG;KACH,QAAQ,GAAG,YAAY,WAAW,aAAa;IACjD;GAEJ;GACA,YAAY,gBAAgB;IAAE,GAAG;IAAY,QAAQ;GAAU;GAC/D,MAAM,QAAQ,WAAW;IACvB,SAAS;IACT;IACA,gBAAgB,KAAK,IAAI,GAAG,gBAAgB,WAAW,OAAO;IAC9D,qBAAqB;IACrB,cAAc;IACd;GACF,CAAC;EACH;EAEA,MAAM,OAA4B;GAChC,YAAY;GACZ,MAAM,KAAK,MAAM,gBAAgB;GACjC,IAAI,GAAG,YAAY,QAAQ,GAAG,qBAAqB;IACjD,MAAM,WAAW,GAAG,eAAe;IACnC,IAAI,WAAW,iBAAiB;KAE9B,MAAM,OAAO,gBAAgB,EAAE;KAC/B,MAAM,QAAQ,WAAW,IAAI;KAC7B,YAAY,KAAK,YAAY;KAC7B,OAAO;MAAE,mBAAmB;MAAW,SAAS,KAAK;KAAQ;IAC/D;IAEA,MAAM,QAAQ,WAAW;KAAE,GAAG;KAAI,cAAc;IAAS,CAAC;IAC1D,OAAO;KAAE,mBAAmB;KAAO,SAAS,GAAG;IAAQ;GACzD;GACA,IAAK,MAAM,QAAQ,UAAU,MAAO,MAAM,MAAM,QAAQ,WAAW,EAAE;GACrE,OAAO;IAAE,mBAAmB;IAAO,SAAS,GAAG;GAAQ;EACzD;EAEA,MAAM,cAA6B;GACjC,MAAM,KAAK,MAAM,gBAAgB;GACjC,IAAI,CAAC,GAAG,uBAAuB,GAAG,iBAAiB,GAAG;GACtD,MAAM,QAAQ,WAAW;IAAE,GAAG;IAAI,qBAAqB;IAAO,cAAc;GAAE,CAAC;EACjF;EAEA,MAAM,WAA0B;GAC9B,MAAM,KAAK,MAAM,gBAAgB;GACjC,IAAI,GAAG,YAAY,MAAM;GACzB,MAAM,OAAO,gBAAgB,EAAE;GAC/B,MAAM,QAAQ,WAAW,IAAI;GAC7B,YAAY,KAAK,YAAY;EAC/B;CACF;AACF"}

package/dist/crypto.d.ts

@@ -0,0 +1,42 @@
+//#region src/crypto.d.ts
+/**
+ * Cryptographic primitives for Pulse: Ed25519 signing/verification and SHA-256
+ * content hashing.
+ *
+ * These use the pure-JavaScript [@noble](https://github.com/paulmillr/noble-curves)
+ * libraries, which run on Node, browsers, **and Hermes/React Native** — where
+ * WebCrypto's Ed25519 is unavailable. No native module, no `crypto.subtle`
+ * dependency, so the verifier works on every MindeesNative target.
+ *
+ * @module
+ */
+/** An Ed25519 keypair (raw 32-byte keys). */
+interface Keypair {
+  /** The 32-byte secret (signing) key. Keep offline; never ship it. */
+  readonly secretKey: Uint8Array;
+  /** The 32-byte public (verification) key. Safe to embed in the app. */
+  readonly publicKey: Uint8Array;
+}
+/** Generate a fresh Ed25519 keypair. */
+declare function generateKeypair(): Keypair;
+/** Derive the public key for a given secret key. */
+declare function getPublicKey(secretKey: Uint8Array): Uint8Array;
+/** Sign `message` with `secretKey`, returning the 64-byte Ed25519 signature. */
+declare function sign(message: Uint8Array, secretKey: Uint8Array): Uint8Array;
+/**
+ * Verify `signature` over `message` against `publicKey`. Returns `false` (never
+ * throws) for a wrong signature **or** malformed input — a verifier on untrusted
+ * data must treat any failure as "not valid".
+ */
+declare function verify(signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array): boolean;
+/** SHA-256 of `data`, as a lowercase hex string. */
+declare function sha256Hex(data: Uint8Array): string;
+/** UTF-8 encode a string to bytes (no DOM/Node `TextEncoder` dependency). */
+declare function utf8(text: string): Uint8Array;
+/** Lowercase-hex encode bytes (e.g. to serialize a public key). */
+declare function toHex(bytes: Uint8Array): string;
+/** Decode a hex string to bytes. Throws on invalid hex. */
+declare function fromHex(hex: string): Uint8Array;
+//#endregion
+export { Keypair, fromHex, generateKeypair, getPublicKey, sha256Hex, sign, toHex, utf8, verify };
+//# sourceMappingURL=crypto.d.ts.map

package/dist/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","names":[],"sources":["../src/crypto.ts"],"mappings":";;AAiBA;;;;;;;;;AAIgC;AAIhC;AAAA,UARiB,OAAA;;WAEN,SAAA,EAAW,UAAA;EAMoB;EAAA,SAJ/B,SAAA,EAAW,UAAU;AAAA;;iBAIhB,eAAA,IAAmB,OAAO;;iBAM1B,YAAA,CAAa,SAAA,EAAW,UAAA,GAAa,UAAU;;iBAK/C,IAAA,CAAK,OAAA,EAAS,UAAA,EAAY,SAAA,EAAW,UAAA,GAAa,UAAA;AALH;AAK/D;;;;AAL+D,iBAc/C,MAAA,CAAO,SAAA,EAAW,UAAA,EAAY,OAAA,EAAS,UAAA,EAAY,SAAA,EAAW,UAAA;;iBAS9D,SAAA,CAAU,IAAgB,EAAV,UAAU;;iBAK1B,IAAA,CAAK,IAAA,WAAe,UAAU;;iBAK9B,KAAA,CAAM,KAAiB,EAAV,UAAU;;iBAKvB,OAAA,CAAQ,GAAA,WAAc,UAAU"}

package/dist/crypto.js

@@ -0,0 +1,63 @@
+import { ed25519 } from "@noble/curves/ed25519.js";
+import { sha256 } from "@noble/hashes/sha2.js";
+import { bytesToHex, hexToBytes, utf8ToBytes } from "@noble/hashes/utils.js";
+//#region src/crypto.ts
+/**
+* Cryptographic primitives for Pulse: Ed25519 signing/verification and SHA-256
+* content hashing.
+*
+* These use the pure-JavaScript [@noble](https://github.com/paulmillr/noble-curves)
+* libraries, which run on Node, browsers, **and Hermes/React Native** — where
+* WebCrypto's Ed25519 is unavailable. No native module, no `crypto.subtle`
+* dependency, so the verifier works on every MindeesNative target.
+*
+* @module
+*/
+/** Generate a fresh Ed25519 keypair. */
+function generateKeypair() {
+	const { secretKey, publicKey } = ed25519.keygen();
+	return {
+		secretKey,
+		publicKey
+	};
+}
+/** Derive the public key for a given secret key. */
+function getPublicKey(secretKey) {
+	return ed25519.getPublicKey(secretKey);
+}
+/** Sign `message` with `secretKey`, returning the 64-byte Ed25519 signature. */
+function sign(message, secretKey) {
+	return ed25519.sign(message, secretKey);
+}
+/**
+* Verify `signature` over `message` against `publicKey`. Returns `false` (never
+* throws) for a wrong signature **or** malformed input — a verifier on untrusted
+* data must treat any failure as "not valid".
+*/
+function verify(signature, message, publicKey) {
+	try {
+		return ed25519.verify(signature, message, publicKey);
+	} catch {
+		return false;
+	}
+}
+/** SHA-256 of `data`, as a lowercase hex string. */
+function sha256Hex(data) {
+	return bytesToHex(sha256(data));
+}
+/** UTF-8 encode a string to bytes (no DOM/Node `TextEncoder` dependency). */
+function utf8(text) {
+	return utf8ToBytes(text);
+}
+/** Lowercase-hex encode bytes (e.g. to serialize a public key). */
+function toHex(bytes) {
+	return bytesToHex(bytes);
+}
+/** Decode a hex string to bytes. Throws on invalid hex. */
+function fromHex(hex) {
+	return hexToBytes(hex);
+}
+//#endregion
+export { fromHex, generateKeypair, getPublicKey, sha256Hex, sign, toHex, utf8, verify };
+
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","names":[],"sources":["../src/crypto.ts"],"sourcesContent":["/**\n * Cryptographic primitives for Pulse: Ed25519 signing/verification and SHA-256\n * content hashing.\n *\n * These use the pure-JavaScript [@noble](https://github.com/paulmillr/noble-curves)\n * libraries, which run on Node, browsers, **and Hermes/React Native** — where\n * WebCrypto's Ed25519 is unavailable. No native module, no `crypto.subtle`\n * dependency, so the verifier works on every MindeesNative target.\n *\n * @module\n */\n\nimport { ed25519 } from '@noble/curves/ed25519.js'\nimport { sha256 } from '@noble/hashes/sha2.js'\nimport { bytesToHex, hexToBytes, utf8ToBytes } from '@noble/hashes/utils.js'\n\n/** An Ed25519 keypair (raw 32-byte keys). */\nexport interface Keypair {\n  /** The 32-byte secret (signing) key. Keep offline; never ship it. */\n  readonly secretKey: Uint8Array\n  /** The 32-byte public (verification) key. Safe to embed in the app. */\n  readonly publicKey: Uint8Array\n}\n\n/** Generate a fresh Ed25519 keypair. */\nexport function generateKeypair(): Keypair {\n  const { secretKey, publicKey } = ed25519.keygen()\n  return { secretKey, publicKey }\n}\n\n/** Derive the public key for a given secret key. */\nexport function getPublicKey(secretKey: Uint8Array): Uint8Array {\n  return ed25519.getPublicKey(secretKey)\n}\n\n/** Sign `message` with `secretKey`, returning the 64-byte Ed25519 signature. */\nexport function sign(message: Uint8Array, secretKey: Uint8Array): Uint8Array {\n  return ed25519.sign(message, secretKey)\n}\n\n/**\n * Verify `signature` over `message` against `publicKey`. Returns `false` (never\n * throws) for a wrong signature **or** malformed input — a verifier on untrusted\n * data must treat any failure as \"not valid\".\n */\nexport function verify(signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array): boolean {\n  try {\n    return ed25519.verify(signature, message, publicKey)\n  } catch {\n    return false\n  }\n}\n\n/** SHA-256 of `data`, as a lowercase hex string. */\nexport function sha256Hex(data: Uint8Array): string {\n  return bytesToHex(sha256(data))\n}\n\n/** UTF-8 encode a string to bytes (no DOM/Node `TextEncoder` dependency). */\nexport function utf8(text: string): Uint8Array {\n  return utf8ToBytes(text)\n}\n\n/** Lowercase-hex encode bytes (e.g. to serialize a public key). */\nexport function toHex(bytes: Uint8Array): string {\n  return bytesToHex(bytes)\n}\n\n/** Decode a hex string to bytes. Throws on invalid hex. */\nexport function fromHex(hex: string): Uint8Array {\n  return hexToBytes(hex)\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAyBA,SAAgB,kBAA2B;CACzC,MAAM,EAAE,WAAW,cAAc,QAAQ,OAAO;CAChD,OAAO;EAAE;EAAW;CAAU;AAChC;;AAGA,SAAgB,aAAa,WAAmC;CAC9D,OAAO,QAAQ,aAAa,SAAS;AACvC;;AAGA,SAAgB,KAAK,SAAqB,WAAmC;CAC3E,OAAO,QAAQ,KAAK,SAAS,SAAS;AACxC;;;;;;AAOA,SAAgB,OAAO,WAAuB,SAAqB,WAAgC;CACjG,IAAI;EACF,OAAO,QAAQ,OAAO,WAAW,SAAS,SAAS;CACrD,QAAQ;EACN,OAAO;CACT;AACF;;AAGA,SAAgB,UAAU,MAA0B;CAClD,OAAO,WAAW,OAAO,IAAI,CAAC;AAChC;;AAGA,SAAgB,KAAK,MAA0B;CAC7C,OAAO,YAAY,IAAI;AACzB;;AAGA,SAAgB,MAAM,OAA2B;CAC/C,OAAO,WAAW,KAAK;AACzB;;AAGA,SAAgB,QAAQ,KAAyB;CAC/C,OAAO,WAAW,GAAG;AACvB"}