npm - @mindees/updates - Versions diffs - 0.8.0 → 0.10.0 - Mend

@mindees/updates 0.8.0 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/errors.d.ts CHANGED Viewed

@@ -9,7 +9,7 @@
  * @module
  */
 /** Stable code identifying why an OTA update operation failed. */
-type UpdateErrorCode = /** The manifest JSON is missing required fields or has the wrong shape. */'MANIFEST_MALFORMED' /** Fewer than `threshold` valid signatures from distinct trusted keys. */ | 'SIGNATURE_INVALID' /** A downloaded asset's SHA-256 does not match the manifest. */ | 'HASH_MISMATCH' /** A differential delta is malformed or out of bounds (see `delta.ts`). */ | 'DELTA_INVALID' /** `manifest.expires` is in the past (stale / freeze-attack protection). */ | 'MANIFEST_EXPIRED' /** The manifest's `runtimeVersion` does not match the app (native-incompatibility gate). */ | 'RUNTIME_MISMATCH' /** The manifest/generation is not strictly newer than what is applied (anti-downgrade). */ | 'VERSION_NOT_NEWER' /** An asset a generation needs is not present in the store. */ | 'ASSET_MISSING' /** `apply()`/`rollback()` referenced a generation id that does not exist. */ | 'GENERATION_UNKNOWN' /** `apply()` referenced a generation previously marked failed (cannot be re-activated). */ | 'GENERATION_FAILED';
+type UpdateErrorCode = /** The manifest JSON is missing required fields or has the wrong shape. */'MANIFEST_MALFORMED' /** Fewer than `threshold` valid signatures from distinct trusted keys. */ | 'SIGNATURE_INVALID' /** A downloaded asset's SHA-256 does not match the manifest. */ | 'HASH_MISMATCH' /** A differential delta is malformed or out of bounds (see `delta.ts`). */ | 'DELTA_INVALID' /** `manifest.expires` is in the past (stale / freeze-attack protection). */ | 'MANIFEST_EXPIRED' /** The manifest's `runtimeVersion` does not match the app (native-incompatibility gate). */ | 'RUNTIME_MISMATCH' /** The manifest/generation is not strictly newer than what is applied (anti-downgrade). */ | 'VERSION_NOT_NEWER' /** An asset a generation needs is not present in the store. */ | 'ASSET_MISSING' /** `apply()`/`rollback()` referenced a generation id that does not exist. */ | 'GENERATION_UNKNOWN' /** `apply()` referenced a generation previously marked failed (cannot be re-activated). */ | 'GENERATION_FAILED' /** A WASM feature module is malformed, too large, or missing a required capability import. */ | 'MODULE_INVALID';
 /** An OTA update error carrying a stable {@link UpdateErrorCode}. */
 declare class UpdateError extends Error {
   /** Stable, machine-readable cause. */

package/dist/errors.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"errors.d.ts","names":[],"sources":["../src/errors.ts"],"mappings":";;AAWA;;;;AAA2B;~~AAuB3B~~;;;;~~KAvBY~~,eAAA;;~~cAuBC~~,WAAA,SAAoB,KAAA;;WAEtB,IAAA,EAAM,eAAA;cAEH,IAAA,EAAM,eAAA,EAAiB,OAAA;AAAA"}
1	+ {"version":3,"file":"errors.d.ts","names":[],"sources":["../src/errors.ts"],"mappings":";;AAWA;;;;AAA2B;AAyB3B;;;;KAzBY,eAAA;;cAyBC,WAAA,SAAoB,KAAA;;WAEtB,IAAA,EAAM,eAAA;cAEH,IAAA,EAAM,eAAA,EAAiB,OAAA;AAAA"}

package/dist/errors.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"errors.js","names":[],"sources":["../src/errors.ts"],"sourcesContent":["/*\n Errors for `@mindees/updates` (Pulse).\n \n Every failure carries a stable {@link UpdateErrorCode} so callers can branch on\n * the cause (e.g. distinguish a tampered bundle from a stale manifest) without\n * string-matching messages.\n \n @module\n /\n\n/* Stable code identifying why an OTA update operation failed. /\nexport type UpdateErrorCode =\n /* The manifest JSON is missing required fields or has the wrong shape. /\n \| 'MANIFEST_MALFORMED'\n /* Fewer than `threshold` valid signatures from distinct trusted keys. /\n \| 'SIGNATURE_INVALID'\n /* A downloaded asset's SHA-256 does not match the manifest. /\n \| 'HASH_MISMATCH'\n /* A differential delta is malformed or out of bounds (see `delta.ts`). /\n \| 'DELTA_INVALID'\n /* `manifest.expires` is in the past (stale / freeze-attack protection). /\n \| 'MANIFEST_EXPIRED'\n /* The manifest's `runtimeVersion` does not match the app (native-incompatibility gate). /\n \| 'RUNTIME_MISMATCH'\n /* The manifest/generation is not strictly newer than what is applied (anti-downgrade). /\n \| 'VERSION_NOT_NEWER'\n /* An asset a generation needs is not present in the store. /\n \| 'ASSET_MISSING'\n /* `apply()`/`rollback()` referenced a generation id that does not exist. /\n \| 'GENERATION_UNKNOWN'\n /* `apply()` referenced a generation previously marked failed (cannot be re-activated). /\n \| 'GENERATION_FAILED'\n\n/* An OTA update error carrying a stable {@link UpdateErrorCode}. /\nexport class UpdateError extends Error {\n /* Stable, machine-readable cause. */\n readonly code: UpdateErrorCode\n\n constructor(code: UpdateErrorCode, message: string) {\n super(message)\n this.name = 'UpdateError'\n this.code = code\n }\n}\n"],"mappings":";;~~AAkCA~~,IAAa,cAAb,cAAiC,MAAM;;CAErC;CAEA,YAAY,MAAuB,SAAiB;EAClD,MAAM,OAAO;EACb,KAAK,OAAO;EACZ,KAAK,OAAO;CACd;AACF"}
1	+ {"version":3,"file":"errors.js","names":[],"sources":["../src/errors.ts"],"sourcesContent":["/*\n Errors for `@mindees/updates` (Pulse).\n \n Every failure carries a stable {@link UpdateErrorCode} so callers can branch on\n * the cause (e.g. distinguish a tampered bundle from a stale manifest) without\n * string-matching messages.\n \n @module\n /\n\n/* Stable code identifying why an OTA update operation failed. /\nexport type UpdateErrorCode =\n /* The manifest JSON is missing required fields or has the wrong shape. /\n \| 'MANIFEST_MALFORMED'\n /* Fewer than `threshold` valid signatures from distinct trusted keys. /\n \| 'SIGNATURE_INVALID'\n /* A downloaded asset's SHA-256 does not match the manifest. /\n \| 'HASH_MISMATCH'\n /* A differential delta is malformed or out of bounds (see `delta.ts`). /\n \| 'DELTA_INVALID'\n /* `manifest.expires` is in the past (stale / freeze-attack protection). /\n \| 'MANIFEST_EXPIRED'\n /* The manifest's `runtimeVersion` does not match the app (native-incompatibility gate). /\n \| 'RUNTIME_MISMATCH'\n /* The manifest/generation is not strictly newer than what is applied (anti-downgrade). /\n \| 'VERSION_NOT_NEWER'\n /* An asset a generation needs is not present in the store. /\n \| 'ASSET_MISSING'\n /* `apply()`/`rollback()` referenced a generation id that does not exist. /\n \| 'GENERATION_UNKNOWN'\n /* `apply()` referenced a generation previously marked failed (cannot be re-activated). /\n \| 'GENERATION_FAILED'\n /* A WASM feature module is malformed, too large, or missing a required capability import. /\n \| 'MODULE_INVALID'\n\n/* An OTA update error carrying a stable {@link UpdateErrorCode}. /\nexport class UpdateError extends Error {\n /* Stable, machine-readable cause. */\n readonly code: UpdateErrorCode\n\n constructor(code: UpdateErrorCode, message: string) {\n super(message)\n this.name = 'UpdateError'\n this.code = code\n }\n}\n"],"mappings":";;AAoCA,IAAa,cAAb,cAAiC,MAAM;;CAErC;CAEA,YAAY,MAAuB,SAAiB;EAClD,MAAM,OAAO;EACb,KAAK,OAAO;EACZ,KAAK,OAAO;CACd;AACF"}

package/dist/index.d.ts CHANGED Viewed

@@ -5,13 +5,15 @@ import { BootResult, UpdateCheck, UpdateClient, UpdateClientOptions, createUpdat
 import { Keypair, fromHex, generateKeypair, getPublicKey, sha256Hex, sign, toHex, utf8, verify } from "./crypto.js";
 import { ApplyDeltaOptions, applyDelta, diff } from "./delta.js";
 import { UpdateError, UpdateErrorCode } from "./errors.js";
+import { JsonPatchOp, SduiActionHandler, SduiActionRef, SduiBindRef, SduiError, SduiErrorCode, SduiJson, SduiLimits, SduiNode, SduiPropValue, SduiRegistry, applyJsonPatch, applyMergePatch, compileSdui } from "./sdui.js";
+import { Capabilities, WasmModuleInstance, WasmModuleRuntime, WasmModuleRuntimeOptions, createWasmModuleRuntime } from "./wasm.js";
 import { Maturity, NotImplementedError, PackageInfo, notImplemented } from "@mindees/core";
 //#region src/index.d.ts
 /** The npm package name. */
 declare const name = "@mindees/updates";
 /** The package version. All `@mindees/*` packages share one locked version line. */
-declare const VERSION = "0.8.0";
+declare const VERSION = "0.10.0";
 /** Current maturity. See the repository `STATUS.md`. */
 declare const maturity: Maturity;
 /**
@@ -20,15 +22,6 @@ declare const maturity: Maturity;
  * matching the `readonly` fields of {@link PackageInfo}.
  */
 declare const info: PackageInfo;
-/**
- * 🔬 Research track — not implemented. A sandboxed WASM module runtime for shipping
- * signed, capability-secure feature modules at runtime. Throws
- * {@link NotImplementedError}; the working path today is signed JS/asset updates
- * (above).
- *
- * @experimental
- */
-declare function createWasmModuleRuntime(): never;
 //#endregion
-export { type ApplyDeltaOptions, type AssetEntry, type BootResult, type GenerationMeta, type GenerationStatus, type Keypair, type Maturity, NotImplementedError, type PackageInfo, type PatchDescriptor, type SignatureEntry, type SignedManifest, type Signer, type TrustedKey, type UpdateCheck, type UpdateClient, type UpdateClientOptions, UpdateError, type UpdateErrorCode, type UpdateManifest, type UpdateState, type UpdateStorage, VERSION, type VerifiedManifest, allAssets, applyDelta, canonicalManifestJson, createMemoryStorage, createUpdateClient, createWasmModuleRuntime, diff, fromHex, generateKeypair, getPublicKey, info, initialState, maturity, name, notImplemented, parseManifest, sha256Hex, sign, signManifest, toHex, utf8, verify, verifySignedManifest };
+export { type ApplyDeltaOptions, type AssetEntry, type BootResult, type Capabilities, type GenerationMeta, type GenerationStatus, type JsonPatchOp, type Keypair, type Maturity, NotImplementedError, type PackageInfo, type PatchDescriptor, type SduiActionHandler, type SduiActionRef, type SduiBindRef, SduiError, type SduiErrorCode, type SduiJson, type SduiLimits, type SduiNode, type SduiPropValue, type SduiRegistry, type SignatureEntry, type SignedManifest, type Signer, type TrustedKey, type UpdateCheck, type UpdateClient, type UpdateClientOptions, UpdateError, type UpdateErrorCode, type UpdateManifest, type UpdateState, type UpdateStorage, VERSION, type VerifiedManifest, type WasmModuleInstance, type WasmModuleRuntime, type WasmModuleRuntimeOptions, allAssets, applyDelta, applyJsonPatch, applyMergePatch, canonicalManifestJson, compileSdui, createMemoryStorage, createUpdateClient, createWasmModuleRuntime, diff, fromHex, generateKeypair, getPublicKey, info, initialState, maturity, name, notImplemented, parseManifest, sha256Hex, sign, signManifest, toHex, utf8, verify, verifySignedManifest };
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","names":[],"sources":["../src/index.ts"],"mappings":"~~;;;;;;;;;;;~~cAgBa,IAAA;~~AAGb~~;AAAA,~~cAAa~~,~~OAAA;;cAGA,~~QAAA,EAAU,QAAyB;AAH5B;AAGpB~~;;;;AAHoB~~,~~cAUP,~~IAAA,EAAM,WAAiE~~;;;AAwD7C;;;;;;iBAAvB,uBAAA~~"}
1	+ {"version":3,"file":"index.d.ts","names":[],"sources":["../src/index.ts"],"mappings":";;;;;;;;;;;;;cAgBa,IAAA;;cAGA,OAAA;AAAb;AAAA,cAGa,QAAA,EAAU,QAAyB;;;AAH5B;AAGpB;;cAOa,IAAA,EAAM,WAAiE"}

package/dist/index.js CHANGED Viewed

@@ -5,12 +5,14 @@ import { allAssets, canonicalManifestJson, parseManifest } from "./manifest.js";
 import { signManifest, verifySignedManifest } from "./signing.js";
 import { createMemoryStorage, initialState } from "./store.js";
 import { createUpdateClient } from "./client.js";
+import { SduiError, applyJsonPatch, applyMergePatch, compileSdui } from "./sdui.js";
+import { createWasmModuleRuntime } from "./wasm.js";
 import { NotImplementedError, notImplemented } from "@mindees/core";
 //#region src/index.ts
 /** The npm package name. */
 const name = "@mindees/updates";
 /** The package version. All `@mindees/*` packages share one locked version line. */
-const VERSION = "0.8.0";
+const VERSION = "0.10.0";
 /** Current maturity. See the repository `STATUS.md`. */
 const maturity = "experimental";
 /**
@@ -23,18 +25,7 @@ const info = Object.freeze({
 	version: VERSION,
 	maturity
 });
-/**
-* 🔬 Research track — not implemented. A sandboxed WASM module runtime for shipping
-* signed, capability-secure feature modules at runtime. Throws
-* {@link NotImplementedError}; the working path today is signed JS/asset updates
-* (above).
-*
-* @experimental
-*/
-function createWasmModuleRuntime() {
-	throw new NotImplementedError("WASM Component-Model module runtime for OTA updates");
-}
 //#endregion
-export { NotImplementedError, UpdateError, VERSION, allAssets, applyDelta, canonicalManifestJson, createMemoryStorage, createUpdateClient, createWasmModuleRuntime, diff, fromHex, generateKeypair, getPublicKey, info, initialState, maturity, name, notImplemented, parseManifest, sha256Hex, sign, signManifest, toHex, utf8, verify, verifySignedManifest };
+export { NotImplementedError, SduiError, UpdateError, VERSION, allAssets, applyDelta, applyJsonPatch, applyMergePatch, canonicalManifestJson, compileSdui, createMemoryStorage, createUpdateClient, createWasmModuleRuntime, diff, fromHex, generateKeypair, getPublicKey, info, initialState, maturity, name, notImplemented, parseManifest, sha256Hex, sign, signManifest, toHex, utf8, verify, verifySignedManifest };
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","names":[],"sources":["../src/index.ts"],"sourcesContent":["/*\n `@mindees/updates` (Pulse) — signed OTA updates.\n \n Pulse ships a versioned, hash-addressed {@link UpdateManifest}, Ed25519\n * {@link signManifest signing}/{@link verifySignedManifest verification} (threshold +\n * key rotation), a content-addressed {@link UpdateStorage store}, an\n * {@link createUpdateClient update client} with atomic generations + crash-loop\n * rollback, differential bundle diffing, a reference update server, and SDUI.\n \n @module\n /\n\nimport type { Maturity, PackageInfo } from '@mindees/core'\nimport { NotImplementedError, notImplemented } from '@mindees/core'\n\n/* The npm package name. /\nexport const name = '@mindees/updates'\n\n/* The package version. All `@mindees/` packages share one locked version line. /\nexport const VERSION = '0.8.0'\n\n/** Current maturity. See the repository `STATUS.md`. /\nexport const maturity: Maturity = 'experimental'\n\n/\n Static identity + maturity metadata for this package. Frozen so the\n * self-reported identity tooling introspects cannot be mutated at runtime,\n * matching the `readonly` fields of {@link PackageInfo}.\n /\nexport const info: PackageInfo = Object.freeze({ name, version: VERSION, maturity })\n\nexport {\n type BootResult,\n createUpdateClient,\n type UpdateCheck,\n type UpdateClient,\n type UpdateClientOptions,\n} from './client'\nexport {\n fromHex,\n generateKeypair,\n getPublicKey,\n type Keypair,\n sha256Hex,\n sign,\n toHex,\n utf8,\n verify,\n} from './crypto'\nexport { type ApplyDeltaOptions, applyDelta, diff } from './delta'\nexport { UpdateError, type UpdateErrorCode } from './errors'\nexport {\n type AssetEntry,\n allAssets,\n canonicalManifestJson,\n type PatchDescriptor,\n parseManifest,\n type UpdateManifest,\n} from './manifest'\nexport {\n type SignatureEntry,\n type SignedManifest,\n type Signer,\n signManifest,\n type TrustedKey,\n type VerifiedManifest,\n verifySignedManifest,\n} from './signing'\nexport {\n createMemoryStorage,\n type GenerationMeta,\n type GenerationStatus,\n initialState,\n type UpdateState,\n type UpdateStorage,\n} from './store'\n\n/\n 🔬 ~~Research track — not implemented. A~~ sandboxed WASM module runtime ~~for~~ ~~shipping\n~~ * signed, capability-secure feature modules at runtime. ~~Throws\n~~ * ~~{@link~~ ~~NotImplementedError};~~ ~~the~~ ~~working~~ ~~path~~ ~~today~~ is ~~signed~~ ~~JS/asset~~ ~~updates\~~n * (~~above~~)~~.\n~~ \n ~~@experimental\~~n */\nexport ~~function createWasmModuleRuntime(): never~~ {\n ~~throw~~ ~~new~~ ~~NotImplementedError('WASM~~ ~~Component-Model~~ ~~module~~ ~~runtime~~ ~~for OTA updates~~')\n}\n\nexport type { Maturity, PackageInfo }\nexport { NotImplementedError, notImplemented }\n"],"mappings":"~~;;;;;;;;;;~~AAgBA,MAAa,OAAO;;AAGpB,MAAa,UAAU;;AAGvB,MAAa,WAAqB;;;;;;AAOlC,MAAa,OAAoB,OAAO,OAAO;CAAE;CAAM,SAAS;CAAS;AAAS,CAAC~~;;;;;;;;;AAwDnF,SAAgB,0BAAiC;CAC/C,MAAM,IAAI,oBAAoB,qDAAqD;AACrF~~"}
1	+ {"version":3,"file":"index.js","names":[],"sources":["../src/index.ts"],"sourcesContent":["/*\n `@mindees/updates` (Pulse) — signed OTA updates.\n \n Pulse ships a versioned, hash-addressed {@link UpdateManifest}, Ed25519\n * {@link signManifest signing}/{@link verifySignedManifest verification} (threshold +\n * key rotation), a content-addressed {@link UpdateStorage store}, an\n * {@link createUpdateClient update client} with atomic generations + crash-loop\n * rollback, differential bundle diffing, a reference update server, and SDUI.\n \n @module\n /\n\nimport type { Maturity, PackageInfo } from '@mindees/core'\nimport { NotImplementedError, notImplemented } from '@mindees/core'\n\n/* The npm package name. /\nexport const name = '@mindees/updates'\n\n/* The package version. All `@mindees/` packages share one locked version line. /\nexport const VERSION = '0.10.0'\n\n/** Current maturity. See the repository `STATUS.md`. /\nexport const maturity: Maturity = 'experimental'\n\n/\n Static identity + maturity metadata for this package. Frozen so the\n * self-reported identity tooling introspects cannot be mutated at runtime,\n * matching the `readonly` fields of {@link PackageInfo}.\n /\nexport const info: PackageInfo = Object.freeze({ name, version: VERSION, maturity })\n\nexport {\n type BootResult,\n createUpdateClient,\n type UpdateCheck,\n type UpdateClient,\n type UpdateClientOptions,\n} from './client'\nexport {\n fromHex,\n generateKeypair,\n getPublicKey,\n type Keypair,\n sha256Hex,\n sign,\n toHex,\n utf8,\n verify,\n} from './crypto'\nexport { type ApplyDeltaOptions, applyDelta, diff } from './delta'\nexport { UpdateError, type UpdateErrorCode } from './errors'\nexport {\n type AssetEntry,\n allAssets,\n canonicalManifestJson,\n type PatchDescriptor,\n parseManifest,\n type UpdateManifest,\n} from './manifest'\n/\n Server-Driven UI (Pulse §10): compile an allowlisted, schema-versioned JSON tree into a live\n * MindeesNode tree, and apply incremental updates with JSON Merge Patch (RFC 7396) / JSON Patch\n * (RFC 6902). No `eval` — components + actions are pre-registered.\n /\nexport {\n applyJsonPatch,\n applyMergePatch,\n compileSdui,\n type JsonPatchOp,\n type SduiActionHandler,\n type SduiActionRef,\n type SduiBindRef,\n SduiError,\n type SduiErrorCode,\n type SduiJson,\n type SduiLimits,\n type SduiNode,\n type SduiPropValue,\n type SduiRegistry,\n} from './sdui'\nexport {\n type SignatureEntry,\n type SignedManifest,\n type Signer,\n signManifest,\n type TrustedKey,\n type VerifiedManifest,\n verifySignedManifest,\n} from './signing'\nexport {\n createMemoryStorage,\n type GenerationMeta,\n type GenerationStatus,\n initialState,\n type UpdateState,\n type UpdateStorage,\n} from './store'\n\n/\n Pulse sandboxed WASM module runtime (spec §10) — ship signed, capability-secure feature modules\n * that run at runtime in their own linear memory, reachable only through the capabilities you grant.\n * Core WebAssembly today; the full Component Model (WASI 0.2/0.3) is a follow-up behind the same seam.\n */\nexport {\n type Capabilities,\n createWasmModuleRuntime,\n type WasmModuleInstance,\n type WasmModuleRuntime,\n type WasmModuleRuntimeOptions,\n} from './wasm'\n\nexport type { Maturity, PackageInfo }\nexport { NotImplementedError, notImplemented }\n"],"mappings":";;;;;;;;;;;;AAgBA,MAAa,OAAO;;AAGpB,MAAa,UAAU;;AAGvB,MAAa,WAAqB;;;;;;AAOlC,MAAa,OAAoB,OAAO,OAAO;CAAE;CAAM,SAAS;CAAS;AAAS,CAAC"}

package/dist/wasm.d.ts ADDED Viewed

@@ -0,0 +1,48 @@
+//#region src/wasm.d.ts
+/**
+ * **Pulse sandboxed WASM modules** (spec §10) — ship signed, capability-secure feature modules that
+ * run at runtime, isolated in their own linear memory. A module gets ONLY the host capabilities you
+ * pass it (the import object); it has no ambient access to the JS realm, the network, or the DOM — a
+ * true capability sandbox. This is core WebAssembly (works on Hermes/RN, Node, and the web today);
+ * the full WASM **Component Model** (WASI 0.2/0.3 typed interfaces) is a labeled follow-up that slots
+ * in behind the same `instantiate` seam.
+ *
+ * @module
+ */
+type WasmBytes = ArrayBuffer | ArrayBufferView;
+/** A module's exported linear memory. */
+interface WasmMemory {
+  readonly buffer: ArrayBuffer;
+}
+/** A host capability surface handed to a module: `{ "module": { "fn": (...) => ... } }`. */
+type Capabilities = Record<string, Record<string, (...args: never[]) => unknown>>;
+/** A live, sandboxed module instance. */
+interface WasmModuleInstance {
+  /** The module's exports (functions, memory, globals). */
+  readonly exports: Readonly<Record<string, unknown>>;
+  /** Call an exported function by name (throws `MODULE_INVALID` if it isn't an exported function). */
+  call<R = unknown>(name: string, ...args: number[]): R;
+  /** The module's exported linear memory, if any. */
+  readonly memory?: WasmMemory;
+}
+/** Options for {@link createWasmModuleRuntime}. */
+interface WasmModuleRuntimeOptions {
+  /** Reject modules larger than this many bytes (anti-bloat / anti-DoS). Default: 16 MiB. */
+  readonly maxBytes?: number;
+}
+/** The runtime that instantiates sandboxed WASM feature modules. */
+interface WasmModuleRuntime {
+  /**
+   * Instantiate `bytes` with EXACTLY the given `capabilities` as imports (nothing else is reachable).
+   * Rejects (`MODULE_INVALID`) on a malformed/oversized module or a missing required import.
+   */
+  instantiate(bytes: WasmBytes, capabilities?: Capabilities): Promise<WasmModuleInstance>;
+}
+/**
+ * Create a sandboxed WASM module runtime. A module sees only the `capabilities` you pass to
+ * `instantiate` — capability-secure by construction.
+ */
+declare function createWasmModuleRuntime(options?: WasmModuleRuntimeOptions): WasmModuleRuntime;
+//#endregion
+export { Capabilities, WasmModuleInstance, WasmModuleRuntime, WasmModuleRuntimeOptions, createWasmModuleRuntime };
+//# sourceMappingURL=wasm.d.ts.map

package/dist/wasm.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wasm.d.ts","names":[],"sources":["../src/wasm.ts"],"mappings":";;;;;;AAgB8C;AAE9C;;;;KAFK,SAAA,GAAY,WAAA,GAAc,eAAe;AAmB9C;AAAA,UAjBiB,UAAA;EAAA,SACN,MAAA,EAAQ,WAAW;AAAA;;KAgBlB,YAAA,GAAe,MAAM,SAAS,MAAA,aAAmB,IAAA;;UAG5C,kBAAA;EAHgD;EAAA,SAKtD,OAAA,EAAS,QAAA,CAAS,MAAA;EAFM;EAIjC,IAAA,cAAkB,IAAA,aAAiB,IAAA,aAAiB,CAAA;EAFzB;EAAA,SAIlB,MAAA,GAAS,UAAA;AAAA;;UAIH,wBAAA;EAJa;EAAA,SAMnB,QAAQ;AAAA;;UAIF,iBAAA;EAZV;;;;EAiBL,WAAA,CAAY,KAAA,EAAO,SAAA,EAAW,YAAA,GAAe,YAAA,GAAe,OAAA,CAAQ,kBAAA;AAAA;;AAfxC;AAI9B;;iBAoBgB,uBAAA,CAAwB,OAAA,GAAS,wBAAA,GAAgC,iBAAiB"}

package/dist/wasm.js ADDED Viewed

@@ -0,0 +1,46 @@
+import { UpdateError } from "./errors.js";
+//#region src/wasm.ts
+/**
+* **Pulse sandboxed WASM modules** (spec §10) — ship signed, capability-secure feature modules that
+* run at runtime, isolated in their own linear memory. A module gets ONLY the host capabilities you
+* pass it (the import object); it has no ambient access to the JS realm, the network, or the DOM — a
+* true capability sandbox. This is core WebAssembly (works on Hermes/RN, Node, and the web today);
+* the full WASM **Component Model** (WASI 0.2/0.3 typed interfaces) is a labeled follow-up that slots
+* in behind the same `instantiate` seam.
+*
+* @module
+*/
+const DEFAULT_MAX_BYTES = 16 * 1024 * 1024;
+/**
+* Create a sandboxed WASM module runtime. A module sees only the `capabilities` you pass to
+* `instantiate` — capability-secure by construction.
+*/
+function createWasmModuleRuntime(options = {}) {
+	const maxBytes = options.maxBytes ?? DEFAULT_MAX_BYTES;
+	return { async instantiate(bytes, capabilities = {}) {
+		const size = bytes.byteLength;
+		if (size > maxBytes) throw new UpdateError("MODULE_INVALID", `WASM module is ${size} B, over the ${maxBytes} B limit`);
+		if (!WebAssembly.validate(bytes)) throw new UpdateError("MODULE_INVALID", "WASM module failed validation (malformed bytecode)");
+		let instance;
+		try {
+			instance = (await WebAssembly.instantiate(bytes, capabilities)).instance;
+		} catch (error) {
+			throw new UpdateError("MODULE_INVALID", `WASM module could not be instantiated: ${error instanceof Error ? error.message : String(error)}`);
+		}
+		const exports = instance.exports;
+		const memory = exports.memory instanceof WebAssembly.Memory ? exports.memory : void 0;
+		return {
+			exports,
+			call(name, ...args) {
+				const fn = exports[name];
+				if (typeof fn !== "function") throw new UpdateError("MODULE_INVALID", `WASM module has no exported function "${name}"`);
+				return fn(...args);
+			},
+			...memory ? { memory } : {}
+		};
+	} };
+}
+//#endregion
+export { createWasmModuleRuntime };
+//# sourceMappingURL=wasm.js.map

package/dist/wasm.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wasm.js","names":[],"sources":["../src/wasm.ts"],"sourcesContent":["/**\n * **Pulse sandboxed WASM modules** (spec §10) — ship signed, capability-secure feature modules that\n * run at runtime, isolated in their own linear memory. A module gets ONLY the host capabilities you\n * pass it (the import object); it has no ambient access to the JS realm, the network, or the DOM — a\n * true capability sandbox. This is core WebAssembly (works on Hermes/RN, Node, and the web today);\n * the full WASM **Component Model** (WASI 0.2/0.3 typed interfaces) is a labeled follow-up that slots\n * in behind the same `instantiate` seam.\n *\n * @module\n */\n\nimport { UpdateError } from './errors'\n\n// Self-contained typing for the JS-standard `WebAssembly` global. This package targets a neutral\n// runtime (Hermes/RN, Node, web) WITHOUT the DOM lib, so we declare exactly the surface we use rather\n// than pulling in `lib.dom`/`lib.webworker` (which would also leak `document`, `fetch`, etc.).\ntype WasmBytes = ArrayBuffer | ArrayBufferView\n/** A module's exported linear memory. */\nexport interface WasmMemory {\n readonly buffer: ArrayBuffer\n}\ninterface WasmInstance {\n readonly exports: Record<string, unknown>\n}\ninterface WasmEngine {\n validate(bytes: WasmBytes): boolean\n instantiate(\n bytes: WasmBytes,\n imports?: Record<string, Record<string, unknown>>,\n ): Promise<{ instance: WasmInstance }>\n readonly Memory: new (descriptor: { initial: number }) => WasmMemory\n}\ndeclare const WebAssembly: WasmEngine\n\n/** A host capability surface handed to a module: `{ \"module\": { \"fn\": (...) => ... } }`. */\nexport type Capabilities = Record<string, Record<string, (...args: never[]) => unknown>>\n\n/** A live, sandboxed module instance. */\nexport interface WasmModuleInstance {\n /** The module's exports (functions, memory, globals). */\n readonly exports: Readonly<Record<string, unknown>>\n /** Call an exported function by name (throws `MODULE_INVALID` if it isn't an exported function). */\n call<R = unknown>(name: string, ...args: number[]): R\n /** The module's exported linear memory, if any. */\n readonly memory?: WasmMemory\n}\n\n/** Options for {@link createWasmModuleRuntime}. */\nexport interface WasmModuleRuntimeOptions {\n /** Reject modules larger than this many bytes (anti-bloat / anti-DoS). Default: 16 MiB. */\n readonly maxBytes?: number\n}\n\n/** The runtime that instantiates sandboxed WASM feature modules. */\nexport interface WasmModuleRuntime {\n /**\n * Instantiate `bytes` with EXACTLY the given `capabilities` as imports (nothing else is reachable).\n * Rejects (`MODULE_INVALID`) on a malformed/oversized module or a missing required import.\n */\n instantiate(bytes: WasmBytes, capabilities?: Capabilities): Promise<WasmModuleInstance>\n}\n\nconst DEFAULT_MAX_BYTES = 16 * 1024 * 1024\n\n/**\n * Create a sandboxed WASM module runtime. A module sees only the `capabilities` you pass to\n * `instantiate` — capability-secure by construction.\n */\nexport function createWasmModuleRuntime(options: WasmModuleRuntimeOptions = {}): WasmModuleRuntime {\n const maxBytes = options.maxBytes ?? DEFAULT_MAX_BYTES\n return {\n async instantiate(bytes, capabilities = {}) {\n const size = bytes.byteLength\n if (size > maxBytes) {\n throw new UpdateError(\n 'MODULE_INVALID',\n `WASM module is ${size} B, over the ${maxBytes} B limit`,\n )\n }\n if (!WebAssembly.validate(bytes)) {\n throw new UpdateError(\n 'MODULE_INVALID',\n 'WASM module failed validation (malformed bytecode)',\n )\n }\n let instance: WasmInstance\n try {\n // The import object IS the sandbox: only `capabilities` is reachable from inside the module.\n const result = await WebAssembly.instantiate(bytes, capabilities)\n instance = result.instance\n } catch (error) {\n // A missing/typed-wrong import (LinkError) or a compile error → the module asked for a\n // capability it wasn't granted; refuse it deterministically.\n throw new UpdateError(\n 'MODULE_INVALID',\n `WASM module could not be instantiated: ${error instanceof Error ? error.message : String(error)}`,\n )\n }\n const exports = instance.exports as Record<string, unknown>\n const memory = exports.memory instanceof WebAssembly.Memory ? exports.memory : undefined\n const handle: WasmModuleInstance = {\n exports,\n call<R = unknown>(name: string, ...args: number[]): R {\n const fn = exports[name]\n if (typeof fn !== 'function') {\n throw new UpdateError(\n 'MODULE_INVALID',\n `WASM module has no exported function \"${name}\"`,\n )\n }\n return (fn as (...a: number[]) => R)(...args)\n },\n // Only present when the module exports memory (exactOptionalPropertyTypes).\n ...(memory ? { memory } : {}),\n }\n return handle\n },\n }\n}\n"],"mappings":";;;;;;;;;;;;AA8DA,MAAM,oBAAoB,KAAK,OAAO;;;;;AAMtC,SAAgB,wBAAwB,UAAoC,CAAC,GAAsB;CACjG,MAAM,WAAW,QAAQ,YAAY;CACrC,OAAO,EACL,MAAM,YAAY,OAAO,eAAe,CAAC,GAAG;EAC1C,MAAM,OAAO,MAAM;EACnB,IAAI,OAAO,UACT,MAAM,IAAI,YACR,kBACA,kBAAkB,KAAK,eAAe,SAAS,SACjD;EAEF,IAAI,CAAC,YAAY,SAAS,KAAK,GAC7B,MAAM,IAAI,YACR,kBACA,oDACF;EAEF,IAAI;EACJ,IAAI;GAGF,YAAW,MADU,YAAY,YAAY,OAAO,YAAY,GAC9C;EACpB,SAAS,OAAO;GAGd,MAAM,IAAI,YACR,kBACA,0CAA0C,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,GACjG;EACF;EACA,MAAM,UAAU,SAAS;EACzB,MAAM,SAAS,QAAQ,kBAAkB,YAAY,SAAS,QAAQ,SAAS,KAAA;EAgB/E,OAAO;GAdL;GACA,KAAkB,MAAc,GAAG,MAAmB;IACpD,MAAM,KAAK,QAAQ;IACnB,IAAI,OAAO,OAAO,YAChB,MAAM,IAAI,YACR,kBACA,yCAAyC,KAAK,EAChD;IAEF,OAAQ,GAA6B,GAAG,IAAI;GAC9C;GAEA,GAAI,SAAS,EAAE,OAAO,IAAI,CAAC;EAEjB;CACd,EACF;AACF"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mindees/updates",
-  "version": "0.8.0",
+  "version": "0.10.0",
   "description": "MindeesNative Pulse - signed over-the-air (OTA) updates: hash-addressed manifests, Ed25519 signing, content-addressed storage, atomic generations with crash-loop rollback.",
   "license": "MIT OR Apache-2.0",
   "type": "module",
@@ -33,7 +33,7 @@
   "dependencies": {
     "@noble/curves": "2.2.0",
     "@noble/hashes": "2.2.0",
-    "@mindees/core": "0.8.0"
+    "@mindees/core": "0.10.0"
   },
   "devDependencies": {
     "fast-check": "4.8.0"