@mneme-ai/core 1.98.0 → 2.0.0

package/dist/prophecy/index.d.ts

@@ -0,0 +1,88 @@
+/**
+ * v2.0.0 -- PROPHECY LETTERS · time-locked cross-version messages
+ *
+ * Mneme v2.0 writes a letter to its future self (or to a different
+ * machine running a different Mneme version). The letter is sealed
+ * with the user's HMAC secret + a target-version gate. When a future
+ * Mneme version that meets the gate opens the letter, it can grade
+ * its past self's predictions:
+ *
+ *   "Past Mneme (v2.0, 2026-05-13) predicted: 'by v2.5 we'll have
+ *    real IBM Quantum wiring.' Current Mneme (v2.5, 2026-09-01) checks
+ *    its own state: TRUE. Time-consistency score updated."
+ *
+ * Pure function. Deterministic. Composable with PASSPORT + audit log.
+ */
+export interface Prophecy {
+    /** Stable id. */
+    id: string;
+    /** Version (semver-ish) that wrote the letter. */
+    fromVersion: string;
+    /** Minimum semver-ish version that may open the letter. */
+    toMinVersion: string;
+    /** Wall-clock when sealed. */
+    sealedAt: number;
+    /** Earliest wall-clock at which the letter may be opened. */
+    earliestOpenAt: number;
+    /** Free-form letter body. */
+    text: string;
+    /** Topics — used by grading later. */
+    predictions: Array<{
+        topic: string;
+        claim: string;
+        verifyHint: string;
+    }>;
+    /** HMAC signature over (fromVersion || toMinVersion || sealedAt || earliestOpenAt || text || predictions). */
+    signature: string;
+    /** Public key fingerprint. */
+    keyFingerprint: string;
+}
+export interface SealInput {
+    fromVersion: string;
+    toMinVersion: string;
+    text: string;
+    predictions: Array<{
+        topic: string;
+        claim: string;
+        verifyHint: string;
+    }>;
+    /** Earliest wall-clock to permit opening. Default sealedAt + 30 days. */
+    earliestOpenAt?: number;
+    /** HMAC secret. */
+    secret: Buffer;
+}
+export declare function sealProphecy(input: SealInput): Prophecy;
+export type ProphecyVerdict = "SEALED" | "OPENABLE" | "TAMPERED" | "WRONG_KEY";
+export interface UnsealResult {
+    verdict: ProphecyVerdict;
+    reason: string;
+    prophecy?: Prophecy;
+}
+export interface UnsealInput {
+    prophecy: Prophecy;
+    currentVersion: string;
+    secret: Buffer;
+    now?: number;
+}
+export declare function unsealProphecy(input: UnsealInput): UnsealResult;
+export interface GradeInput {
+    prophecy: Prophecy;
+    /** User's verdict on each prediction: did it come true? */
+    observations: Array<{
+        topic: string;
+        cameTrue: boolean;
+    }>;
+}
+export interface GradeResult {
+    total: number;
+    correct: number;
+    consistency: number;
+    byTopic: Array<{
+        topic: string;
+        predicted: string;
+        cameTrue: boolean;
+    }>;
+}
+export declare function gradeProphecy(input: GradeInput): GradeResult;
+export declare function formatProphecyPulseLine(p: Prophecy): string;
+//# sourceMappingURL=index.d.ts.map

package/dist/prophecy/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/prophecy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,MAAM,WAAW,QAAQ;IACvB,iBAAiB;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,kDAAkD;IAClD,WAAW,EAAE,MAAM,CAAC;IACpB,2DAA2D;IAC3D,YAAY,EAAE,MAAM,CAAC;IACrB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,6DAA6D;IAC7D,cAAc,EAAE,MAAM,CAAC;IACvB,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,sCAAsC;IACtC,WAAW,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACzE,8GAA8G;IAC9G,SAAS,EAAE,MAAM,CAAC;IAClB,8BAA8B;IAC9B,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACzE,yEAAyE;IACzE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mBAAmB;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAYD,wBAAgB,YAAY,CAAC,KAAK,EAAE,SAAS,GAAG,QAAQ,CAcvD;AAED,MAAM,MAAM,eAAe,GAAG,QAAQ,GAAG,UAAU,GAAG,UAAU,GAAG,WAAW,CAAC;AAE/E,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,eAAe,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB;AAcD,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,QAAQ,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,WAAW,GAAG,YAAY,CAkB/D;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,QAAQ,CAAC;IACnB,2DAA2D;IAC3D,YAAY,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CAC3D;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CACzE;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,WAAW,CAe5D;AAED,wBAAgB,uBAAuB,CAAC,CAAC,EAAE,QAAQ,GAAG,MAAM,CAE3D"}

package/dist/prophecy/index.js

@@ -0,0 +1,94 @@
+/**
+ * v2.0.0 -- PROPHECY LETTERS · time-locked cross-version messages
+ *
+ * Mneme v2.0 writes a letter to its future self (or to a different
+ * machine running a different Mneme version). The letter is sealed
+ * with the user's HMAC secret + a target-version gate. When a future
+ * Mneme version that meets the gate opens the letter, it can grade
+ * its past self's predictions:
+ *
+ *   "Past Mneme (v2.0, 2026-05-13) predicted: 'by v2.5 we'll have
+ *    real IBM Quantum wiring.' Current Mneme (v2.5, 2026-09-01) checks
+ *    its own state: TRUE. Time-consistency score updated."
+ *
+ * Pure function. Deterministic. Composable with PASSPORT + audit log.
+ */
+import { createHmac, createHash } from "node:crypto";
+function fpSecret(secret) {
+    return createHash("sha256").update(secret).digest("hex").slice(0, 16);
+}
+function computeSig(p, secret) {
+    const h = createHmac("sha256", secret);
+    h.update([p.fromVersion, p.toMinVersion, p.sealedAt, p.earliestOpenAt, p.text, JSON.stringify(p.predictions)].join("|"));
+    return h.digest("hex");
+}
+export function sealProphecy(input) {
+    const sealedAt = Date.now();
+    const earliestOpenAt = input.earliestOpenAt ?? sealedAt + 30 * 24 * 60 * 60 * 1000;
+    const base = {
+        fromVersion: input.fromVersion,
+        toMinVersion: input.toMinVersion,
+        sealedAt,
+        earliestOpenAt,
+        text: input.text,
+        predictions: input.predictions,
+    };
+    const signature = computeSig(base, input.secret);
+    const id = createHash("sha256").update(`${input.fromVersion}|${sealedAt}|${signature.slice(0, 16)}`).digest("hex").slice(0, 12);
+    return { id, ...base, signature, keyFingerprint: fpSecret(input.secret) };
+}
+function semverGe(a, b) {
+    const pa = a.split(".").map((n) => parseInt(n, 10));
+    const pb = b.split(".").map((n) => parseInt(n, 10));
+    for (let i = 0; i < Math.max(pa.length, pb.length); i++) {
+        const ai = pa[i] ?? 0;
+        const bi = pb[i] ?? 0;
+        if (ai > bi)
+            return true;
+        if (ai < bi)
+            return false;
+    }
+    return true;
+}
+export function unsealProphecy(input) {
+    const now = input.now ?? Date.now();
+    if (fpSecret(input.secret) !== input.prophecy.keyFingerprint) {
+        return { verdict: "WRONG_KEY", reason: `secret fingerprint mismatch` };
+    }
+    if (!semverGe(input.currentVersion, input.prophecy.toMinVersion)) {
+        return { verdict: "SEALED", reason: `current version ${input.currentVersion} < required ${input.prophecy.toMinVersion}` };
+    }
+    if (now < input.prophecy.earliestOpenAt) {
+        return { verdict: "SEALED", reason: `time-lock not expired (open at ${new Date(input.prophecy.earliestOpenAt).toISOString()})` };
+    }
+    const { signature: _drop, id: _drop2, keyFingerprint: _drop3, ...rest } = input.prophecy;
+    void _drop;
+    void _drop2;
+    void _drop3;
+    const expected = computeSig(rest, input.secret);
+    if (expected !== input.prophecy.signature) {
+        return { verdict: "TAMPERED", reason: `signature mismatch` };
+    }
+    return { verdict: "OPENABLE", reason: "all checks pass", prophecy: input.prophecy };
+}
+export function gradeProphecy(input) {
+    const obsByTopic = new Map();
+    for (const o of input.observations)
+        obsByTopic.set(o.topic, o.cameTrue);
+    const byTopic = input.prophecy.predictions.map((p) => ({
+        topic: p.topic,
+        predicted: p.claim,
+        cameTrue: obsByTopic.get(p.topic) ?? false,
+    }));
+    const correct = byTopic.filter((b) => b.cameTrue).length;
+    return {
+        total: byTopic.length,
+        correct,
+        consistency: byTopic.length > 0 ? correct / byTopic.length : 0,
+        byTopic,
+    };
+}
+export function formatProphecyPulseLine(p) {
+    return `PROPHECY · ${p.id} · ${p.fromVersion}→${p.toMinVersion} · ${p.predictions.length} predictions`;
+}
+//# sourceMappingURL=index.js.map

package/dist/prophecy/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/prophecy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAkCrD,SAAS,QAAQ,CAAC,MAAc;IAC9B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,UAAU,CAAC,CAAwD,EAAE,MAAc;IAC1F,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACzH,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAAgB;IAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC5B,MAAM,cAAc,GAAG,KAAK,CAAC,cAAc,IAAI,QAAQ,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IACnF,MAAM,IAAI,GAAG;QACX,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,QAAQ;QACR,cAAc;QACd,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,WAAW,EAAE,KAAK,CAAC,WAAW;KAC/B,CAAC;IACF,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,WAAW,IAAI,QAAQ,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChI,OAAO,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,SAAS,EAAE,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;AAC5E,CAAC;AAUD,SAAS,QAAQ,CAAC,CAAS,EAAE,CAAS;IACpC,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACpD,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACxD,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACtB,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACtB,IAAI,EAAE,GAAG,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,IAAI,EAAE,GAAG,EAAE;YAAE,OAAO,KAAK,CAAC;IAC5B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AASD,MAAM,UAAU,cAAc,CAAC,KAAkB;IAC/C,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IACpC,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,KAAK,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;QAC7D,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;IACzE,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACjE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,mBAAmB,KAAK,CAAC,cAAc,eAAe,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,CAAC;IAC5H,CAAC;IACD,IAAI,GAAG,GAAG,KAAK,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;QACxC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,kCAAkC,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,WAAW,EAAE,GAAG,EAAE,CAAC;IACnI,CAAC;IACD,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAC;IACzF,KAAK,KAAK,CAAC;IAAC,KAAK,MAAM,CAAC;IAAC,KAAK,MAAM,CAAC;IACrC,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAChD,IAAI,QAAQ,KAAK,KAAK,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;QAC1C,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;IAC/D,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,iBAAiB,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC;AACtF,CAAC;AAeD,MAAM,UAAU,aAAa,CAAC,KAAiB;IAC7C,MAAM,UAAU,GAAG,IAAI,GAAG,EAAmB,CAAC;IAC9C,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,YAAY;QAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrD,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,SAAS,EAAE,CAAC,CAAC,KAAK;QAClB,QAAQ,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,KAAK;KAC3C,CAAC,CAAC,CAAC;IACJ,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzD,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,OAAO;QACP,WAAW,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC9D,OAAO;KACR,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,CAAW;IACjD,OAAO,cAAc,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,YAAY,MAAM,CAAC,CAAC,WAAW,CAAC,MAAM,cAAc,CAAC;AACzG,CAAC"}

package/dist/prophecy/prophecy.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=prophecy.test.d.ts.map

package/dist/prophecy/prophecy.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prophecy.test.d.ts","sourceRoot":"","sources":["../../src/prophecy/prophecy.test.ts"],"names":[],"mappings":""}

package/dist/prophecy/prophecy.test.js

@@ -0,0 +1,112 @@
+import { describe, it, expect } from "vitest";
+import { randomBytes } from "node:crypto";
+import { sealProphecy, unsealProphecy, gradeProphecy, formatProphecyPulseLine } from "./index.js";
+describe("v2.0 PROPHECY LETTERS · time-locked cross-version", () => {
+    const secret = randomBytes(32);
+    it("seal returns envelope with id + signature + keyFingerprint", () => {
+        const p = sealProphecy({
+            fromVersion: "2.0.0",
+            toMinVersion: "2.5.0",
+            text: "By v2.5 we'll have IBM Quantum wired.",
+            predictions: [{ topic: "ibm-quantum", claim: "wired by v2.5", verifyHint: "check qx_bridge providers.ts for runIbm impl" }],
+            secret,
+        });
+        expect(p.id).toMatch(/^[a-f0-9]{12}$/);
+        expect(p.signature.length).toBe(64);
+        expect(p.keyFingerprint).toBeTruthy();
+    });
+    it("SEALED verdict when current version < required", () => {
+        const p = sealProphecy({
+            fromVersion: "2.0.0",
+            toMinVersion: "2.5.0",
+            text: "x",
+            predictions: [],
+            secret,
+            earliestOpenAt: Date.now() - 1000, // time-lock already past
+        });
+        const r = unsealProphecy({ prophecy: p, currentVersion: "2.0.0", secret });
+        expect(r.verdict).toBe("SEALED");
+        expect(r.reason).toContain("version");
+    });
+    it("SEALED verdict when time-lock not yet expired", () => {
+        const p = sealProphecy({
+            fromVersion: "2.0.0",
+            toMinVersion: "2.0.0",
+            text: "x",
+            predictions: [],
+            secret,
+            earliestOpenAt: Date.now() + 1000 * 60 * 60,
+        });
+        const r = unsealProphecy({ prophecy: p, currentVersion: "2.5.0", secret });
+        expect(r.verdict).toBe("SEALED");
+        expect(r.reason).toContain("time-lock");
+    });
+    it("OPENABLE verdict when version AND time gate pass + signature valid", () => {
+        const p = sealProphecy({
+            fromVersion: "2.0.0",
+            toMinVersion: "2.0.0",
+            text: "x",
+            predictions: [],
+            secret,
+            earliestOpenAt: Date.now() - 1000,
+        });
+        const r = unsealProphecy({ prophecy: p, currentVersion: "2.5.0", secret });
+        expect(r.verdict).toBe("OPENABLE");
+        expect(r.prophecy).toBeDefined();
+    });
+    it("TAMPERED verdict when signature was forged", () => {
+        const p = sealProphecy({
+            fromVersion: "2.0.0",
+            toMinVersion: "2.0.0",
+            text: "x",
+            predictions: [],
+            secret,
+            earliestOpenAt: Date.now() - 1000,
+        });
+        p.signature = "0".repeat(64);
+        const r = unsealProphecy({ prophecy: p, currentVersion: "2.5.0", secret });
+        expect(r.verdict).toBe("TAMPERED");
+    });
+    it("WRONG_KEY verdict on wrong secret", () => {
+        const p = sealProphecy({
+            fromVersion: "2.0.0",
+            toMinVersion: "2.0.0",
+            text: "x",
+            predictions: [],
+            secret,
+            earliestOpenAt: Date.now() - 1000,
+        });
+        const wrong = randomBytes(32);
+        const r = unsealProphecy({ prophecy: p, currentVersion: "2.5.0", secret: wrong });
+        expect(r.verdict).toBe("WRONG_KEY");
+    });
+    it("gradeProphecy computes consistency 0..1", () => {
+        const p = sealProphecy({
+            fromVersion: "2.0.0",
+            toMinVersion: "2.5.0",
+            text: "x",
+            predictions: [
+                { topic: "ibm-quantum", claim: "wired", verifyHint: "" },
+                { topic: "dwave-qubo", claim: "wired", verifyHint: "" },
+                { topic: "ggwave-audio", claim: "shipped", verifyHint: "" },
+            ],
+            secret,
+        });
+        const r = gradeProphecy({
+            prophecy: p,
+            observations: [
+                { topic: "ibm-quantum", cameTrue: true },
+                { topic: "dwave-qubo", cameTrue: false },
+                { topic: "ggwave-audio", cameTrue: true },
+            ],
+        });
+        expect(r.total).toBe(3);
+        expect(r.correct).toBe(2);
+        expect(r.consistency).toBeCloseTo(2 / 3, 3);
+    });
+    it("formatProphecyPulseLine produces compact summary", () => {
+        const p = sealProphecy({ fromVersion: "2.0.0", toMinVersion: "2.5.0", text: "x", predictions: [], secret });
+        expect(formatProphecyPulseLine(p)).toContain("PROPHECY");
+    });
+});
+//# sourceMappingURL=prophecy.test.js.map

package/dist/prophecy/prophecy.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prophecy.test.js","sourceRoot":"","sources":["../../src/prophecy/prophecy.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAElG,QAAQ,CAAC,mDAAmD,EAAE,GAAG,EAAE;IACjE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAE/B,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;QACpE,MAAM,CAAC,GAAG,YAAY,CAAC;YACrB,WAAW,EAAE,OAAO;YACpB,YAAY,EAAE,OAAO;YACrB,IAAI,EAAE,uCAAuC;YAC7C,WAAW,EAAE,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,eAAe,EAAE,UAAU,EAAE,8CAA8C,EAAE,CAAC;YAC3H,MAAM;SACP,CAAC,CAAC;QACH,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACvC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,UAAU,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,CAAC,GAAG,YAAY,CAAC;YACrB,WAAW,EAAE,OAAO;YACpB,YAAY,EAAE,OAAO;YACrB,IAAI,EAAE,GAAG;YACT,WAAW,EAAE,EAAE;YACf,MAAM;YACN,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,yBAAyB;SAC7D,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,cAAc,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3E,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,CAAC,GAAG,YAAY,CAAC;YACrB,WAAW,EAAE,OAAO;YACpB,YAAY,EAAE,OAAO;YACrB,IAAI,EAAE,GAAG;YACT,WAAW,EAAE,EAAE;YACf,MAAM;YACN,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE;SAC5C,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,cAAc,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3E,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,GAAG,EAAE;QAC5E,MAAM,CAAC,GAAG,YAAY,CAAC;YACrB,WAAW,EAAE,OAAO;YACpB,YAAY,EAAE,OAAO;YACrB,IAAI,EAAE,GAAG;YACT,WAAW,EAAE,EAAE;YACf,MAAM;YACN,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;SAClC,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,cAAc,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3E,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,CAAC,GAAG,YAAY,CAAC;YACrB,WAAW,EAAE,OAAO;YACpB,YAAY,EAAE,OAAO;YACrB,IAAI,EAAE,GAAG;YACT,WAAW,EAAE,EAAE;YACf,MAAM;YACN,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;SAClC,CAAC,CAAC;QACH,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC7B,MAAM,CAAC,GAAG,cAAc,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3E,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,CAAC,GAAG,YAAY,CAAC;YACrB,WAAW,EAAE,OAAO;YACpB,YAAY,EAAE,OAAO;YACrB,IAAI,EAAE,GAAG;YACT,WAAW,EAAE,EAAE;YACf,MAAM;YACN,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;SAClC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC9B,MAAM,CAAC,GAAG,cAAc,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAClF,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,CAAC,GAAG,YAAY,CAAC;YACrB,WAAW,EAAE,OAAO;YACpB,YAAY,EAAE,OAAO;YACrB,IAAI,EAAE,GAAG;YACT,WAAW,EAAE;gBACX,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE;gBACxD,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE;gBACvD,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,EAAE;aAC5D;YACD,MAAM;SACP,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,aAAa,CAAC;YACtB,QAAQ,EAAE,CAAC;YACX,YAAY,EAAE;gBACZ,EAAE,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE;gBACxC,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE;gBACxC,EAAE,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE;aAC1C;SACF,CAAC,CAAC;QACH,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC1B,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,CAAC,GAAG,YAAY,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,WAAW,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAC5G,MAAM,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/rainbow/passport.d.ts

@@ -55,7 +55,9 @@ export interface PassportEnvelope {
     holder: string;
     /** Issuance timestamp. */
     issuedAt: number;
-    /** Expiration timestamp (default: issuedAt + 90 days). */
+    /** Expiration timestamp.
+     *  v1.99 default = `Number.MAX_SAFE_INTEGER` (effectively eternal — user-revocable).
+     *  Caller can override with a finite ttl for one-time / time-boxed delegation. */
     expiresAt: number;
     /** Last N entries — order matters; newer first. */
     entries: PassportEntry[];
@@ -67,6 +69,10 @@ export interface PassportEnvelope {
     alg: "HMAC-SHA256";
     /** Public key fingerprint (NOT the secret) — used as identity lookup. */
     keyFingerprint: string;
+    /** Revocation list: passport ids the holder has explicitly invalidated. */
+    revoked?: string[];
+    /** Passport id (random 12-hex). Used by revocation. */
+    id: string;
 }
 /** Hash a list of entries deterministically for tamper-evidence. */
 export declare function fingerprintEntries(entries: readonly PassportEntry[]): string;
@@ -75,13 +81,22 @@ export interface IssuePassportInput {
     entries: readonly PassportEntry[];
     /** User's local HMAC secret. Loaded from .mneme/passport.secret typically. */
     secret: Buffer;
-    /** TTL in days. Default 90. */
+    /** TTL in days. Default: ETERNAL (v1.99). Pass a finite number for one-time
+     *  delegation; otherwise the passport is valid until explicitly revoked. */
     ttlDays?: number;
     /** Cap on entries included. Default 50. */
     maxEntries?: number;
+    /** Revocation list to include. Default []. */
+    revoked?: string[];
 }
-/** Issue a fresh passport. Trims to maxEntries (newest first). HMAC-signs. */
+/** Issue a fresh passport. Default = eternal. HMAC-signs.
+ *  Trims to maxEntries (newest first). */
 export declare function issuePassport(input: IssuePassportInput): PassportEnvelope;
+/** Revoke a passport by id. Returns a NEW envelope with the revocation
+ *  list updated; re-signs with the same secret. The old passport keeps
+ *  its signature but verifiers that hold the new envelope's revoked[]
+ *  list will reject the old id. */
+export declare function revokePassport(envelope: PassportEnvelope, revokeId: string, secret: Buffer): PassportEnvelope;
 export type VerificationVerdict = "VALID" | "EXPIRED" | "TAMPERED" | "WRONG_KEY";
 export interface VerificationResult {
     verdict: VerificationVerdict;
@@ -90,8 +105,16 @@ export interface VerificationResult {
     /** True if verdict is VALID. Convenience. */
     ok: boolean;
 }
-/** Verify a passport using the same secret it was signed with. */
-export declare function verifyPassport(envelope: PassportEnvelope, secret: Buffer): VerificationResult;
+export type VerificationVerdictV99 = VerificationVerdict | "REVOKED";
+export interface VerificationResultV99 {
+    verdict: VerificationVerdictV99;
+    reason: string;
+    ok: boolean;
+}
+/** Verify a passport using the same secret it was signed with.
+ *  Also checks the envelope's revocation list — if the passport id is in
+ *  envelope.revoked[], verdict is REVOKED. */
+export declare function verifyPassport(envelope: PassportEnvelope, secret: Buffer): VerificationResultV99;
 /** Serialize to a compact JSON string suitable for pasting into ANY AI's
  *  chat box. Includes a header comment so the AI knows what it is. */
 export declare function serializePassport(envelope: PassportEnvelope): string;

package/dist/rainbow/passport.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"passport.d.ts","sourceRoot":"","sources":["../../src/rainbow/passport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAIH,MAAM,WAAW,aAAa;IAC5B,iBAAiB;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,8CAA8C;IAC9C,EAAE,EAAE,MAAM,CAAC;IACX,yCAAyC;IACzC,IAAI,EAAE,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,YAAY,CAAC;IAClE,uCAAuC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,8CAA8C;IAC9C,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,gFAAgF;IAChF,MAAM,EAAE,MAAM,CAAC;IACf,0BAA0B;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,0DAA0D;IAC1D,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,OAAO,EAAE,aAAa,EAAE,CAAC;IACzB,wEAAwE;IACxE,WAAW,EAAE,MAAM,CAAC;IACpB,yEAAyE;IACzE,SAAS,EAAE,MAAM,CAAC;IAClB,+DAA+D;IAC/D,GAAG,EAAE,aAAa,CAAC;IACnB,yEAAyE;IACzE,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,oEAAoE;AACpE,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,SAAS,aAAa,EAAE,GAAG,MAAM,CAM5E;AAaD,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,SAAS,aAAa,EAAE,CAAC;IAClC,8EAA8E;IAC9E,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,8EAA8E;AAC9E,wBAAgB,aAAa,CAAC,KAAK,EAAE,kBAAkB,GAAG,gBAAgB,CAkBzE;AAED,MAAM,MAAM,mBAAmB,GAAG,OAAO,GAAG,SAAS,GAAG,UAAU,GAAG,WAAW,CAAC;AAEjF,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,mBAAmB,CAAC;IAC7B,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,EAAE,EAAE,OAAO,CAAC;CACb;AAED,kEAAkE;AAClE,wBAAgB,cAAc,CAAC,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,GAAG,kBAAkB,CAgB7F;AAED;sEACsE;AACtE,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CAYpE;AAED,gEAAgE;AAChE,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB,GAAG,IAAI,CAYnE;AAED,0FAA0F;AAC1F,wBAAgB,sBAAsB,IAAI,MAAM,CAE/C;AAED;yCACyC;AACzC,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CAEzE;AAED,+CAA+C;AAC/C,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,gBAAgB,EAAE,YAAY,CAAC,EAAE,kBAAkB,GAAG,MAAM,CAK7G"}
+{"version":3,"file":"passport.d.ts","sourceRoot":"","sources":["../../src/rainbow/passport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAIH,MAAM,WAAW,aAAa;IAC5B,iBAAiB;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,8CAA8C;IAC9C,EAAE,EAAE,MAAM,CAAC;IACX,yCAAyC;IACzC,IAAI,EAAE,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,YAAY,CAAC;IAClE,uCAAuC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,8CAA8C;IAC9C,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,gFAAgF;IAChF,MAAM,EAAE,MAAM,CAAC;IACf,0BAA0B;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB;;sFAEkF;IAClF,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,OAAO,EAAE,aAAa,EAAE,CAAC;IACzB,wEAAwE;IACxE,WAAW,EAAE,MAAM,CAAC;IACpB,yEAAyE;IACzE,SAAS,EAAE,MAAM,CAAC;IAClB,+DAA+D;IAC/D,GAAG,EAAE,aAAa,CAAC;IACnB,yEAAyE;IACzE,cAAc,EAAE,MAAM,CAAC;IACvB,2EAA2E;IAC3E,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,uDAAuD;IACvD,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,oEAAoE;AACpE,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,SAAS,aAAa,EAAE,GAAG,MAAM,CAM5E;AAaD,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,SAAS,aAAa,EAAE,CAAC;IAClC,8EAA8E;IAC9E,MAAM,EAAE,MAAM,CAAC;IACf;gFAC4E;IAC5E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;0CAC0C;AAC1C,wBAAgB,aAAa,CAAC,KAAK,EAAE,kBAAkB,GAAG,gBAAgB,CAsBzE;AAED;;;mCAGmC;AACnC,wBAAgB,cAAc,CAAC,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,gBAAgB,CAK7G;AAED,MAAM,MAAM,mBAAmB,GAAG,OAAO,GAAG,SAAS,GAAG,UAAU,GAAG,WAAW,CAAC;AAEjF,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,mBAAmB,CAAC;IAC7B,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,EAAE,EAAE,OAAO,CAAC;CACb;AAED,MAAM,MAAM,sBAAsB,GAAG,mBAAmB,GAAG,SAAS,CAAC;AAErE,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,sBAAsB,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,EAAE,OAAO,CAAC;CACb;AAED;;8CAE8C;AAC9C,wBAAgB,cAAc,CAAC,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,GAAG,qBAAqB,CAmBhG;AASD;sEACsE;AACtE,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CAcpE;AAED,gEAAgE;AAChE,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB,GAAG,IAAI,CAYnE;AAED,0FAA0F;AAC1F,wBAAgB,sBAAsB,IAAI,MAAM,CAE/C;AAED;yCACyC;AACzC,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CAEzE;AAED,+CAA+C;AAC/C,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,gBAAgB,EAAE,YAAY,CAAC,EAAE,kBAAkB,GAAG,MAAM,CAM7G"}

package/dist/rainbow/passport.js

@@ -56,16 +56,20 @@ function computeSignature(holder, issuedAt, expiresAt, entriesHash, secret) {
 function fingerprintSecret(secret) {
     return createHash("sha256").update(secret).digest("hex").slice(0, 16);
 }
-/** Issue a fresh passport. Trims to maxEntries (newest first). HMAC-signs. */
+/** Issue a fresh passport. Default = eternal. HMAC-signs.
+ *  Trims to maxEntries (newest first). */
 export function issuePassport(input) {
-    const ttlDays = input.ttlDays ?? 90;
     const maxEntries = input.maxEntries ?? 50;
     const issuedAt = Date.now();
-    const expiresAt = issuedAt + ttlDays * 24 * 60 * 60 * 1000;
+    // v1.99: default eternal. User explicitly revokes via the revocation list.
+    const expiresAt = input.ttlDays !== undefined ? issuedAt + input.ttlDays * 24 * 60 * 60 * 1000 : Number.MAX_SAFE_INTEGER;
     const sorted = [...input.entries].sort((a, b) => b.ts - a.ts).slice(0, maxEntries);
     const entriesHash = fingerprintEntries(sorted);
     const signature = computeSignature(input.holder, issuedAt, expiresAt, entriesHash, input.secret);
+    // Deterministic id from (holder + issuedAt) for revocation lookup.
+    const id = createHash("sha256").update(`${input.holder}|${issuedAt}`).digest("hex").slice(0, 12);
     return {
+        id,
         holder: input.holder,
         issuedAt,
         expiresAt,
@@ -74,10 +78,26 @@ export function issuePassport(input) {
         signature,
         alg: "HMAC-SHA256",
         keyFingerprint: fingerprintSecret(input.secret),
+        revoked: input.revoked ?? [],
     };
 }
-/** Verify a passport using the same secret it was signed with. */
+/** Revoke a passport by id. Returns a NEW envelope with the revocation
+ *  list updated; re-signs with the same secret. The old passport keeps
+ *  its signature but verifiers that hold the new envelope's revoked[]
+ *  list will reject the old id. */
+export function revokePassport(envelope, revokeId, secret) {
+    const newRevoked = [...(envelope.revoked ?? []), revokeId];
+    // Re-sign to keep the chain intact.
+    const newSig = computeSignature(envelope.holder, envelope.issuedAt, envelope.expiresAt, envelope.entriesHash, secret);
+    return { ...envelope, revoked: newRevoked, signature: newSig };
+}
+/** Verify a passport using the same secret it was signed with.
+ *  Also checks the envelope's revocation list — if the passport id is in
+ *  envelope.revoked[], verdict is REVOKED. */
 export function verifyPassport(envelope, secret) {
+    if (envelope.revoked && envelope.id && envelope.revoked.includes(envelope.id)) {
+        return { verdict: "REVOKED", reason: `passport id ${envelope.id} is in revocation list`, ok: false };
+    }
     if (Date.now() > envelope.expiresAt) {
         return { verdict: "EXPIRED", reason: `expired at ${new Date(envelope.expiresAt).toISOString()}`, ok: false };
     }
@@ -92,16 +112,30 @@ export function verifyPassport(envelope, secret) {
     if (expectedSig !== envelope.signature) {
         return { verdict: "TAMPERED", reason: `signature mismatch — envelope was modified`, ok: false };
     }
-    return { verdict: "VALID", reason: `signature + hash + key + expiry all check out`, ok: true };
+    return { verdict: "VALID", reason: `signature + hash + key + revocation all check out · ${envelope.expiresAt === Number.MAX_SAFE_INTEGER ? "eternal" : "ttl-bounded"}`, ok: true };
+}
+/** Render a timestamp safely. Number.MAX_SAFE_INTEGER lies beyond Date's
+ *  valid range — print "eternal" instead of throwing. */
+function safeIsoDate(ms) {
+    if (ms >= Number.MAX_SAFE_INTEGER || ms > 8.64e15)
+        return "eternal (user-revocable)";
+    try {
+        return new Date(ms).toISOString();
+    }
+    catch {
+        return "eternal (user-revocable)";
+    }
 }
 /** Serialize to a compact JSON string suitable for pasting into ANY AI's
  *  chat box. Includes a header comment so the AI knows what it is. */
 export function serializePassport(envelope) {
     const header = `--- MNEME PASSPORT v1 ---\n` +
+        `id: ${envelope.id}\n` +
         `holder: ${envelope.holder}\n` +
-        `issued: ${new Date(envelope.issuedAt).toISOString()}\n` +
-        `expires: ${new Date(envelope.expiresAt).toISOString()}\n` +
+        `issued: ${safeIsoDate(envelope.issuedAt)}\n` +
+        `expires: ${safeIsoDate(envelope.expiresAt)}\n` +
         `entries: ${envelope.entries.length}\n` +
+        `revoked: ${envelope.revoked?.length ?? 0}\n` +
         `signed: HMAC-SHA256 (key ${envelope.keyFingerprint})\n` +
         `verify: any holder of the public key can verify; ANY AI agent can\n` +
         `        read the entries without verification (read-only consent).\n` +
@@ -138,8 +172,9 @@ export function estimatePassportTokens(envelope) {
 /** One-line summary suitable for the pulse. */
 export function formatPassportPulseLine(envelope, verification) {
     const tokens = estimatePassportTokens(envelope);
-    const ttlDays = Math.round((envelope.expiresAt - Date.now()) / (24 * 60 * 60 * 1000));
+    const isEternal = envelope.expiresAt >= Number.MAX_SAFE_INTEGER;
+    const ttlStr = isEternal ? "ttl=eternal" : `ttl=${Math.round((envelope.expiresAt - Date.now()) / (24 * 60 * 60 * 1000))}d`;
     const vStr = verification ? ` · verify=${verification.verdict}` : "";
-    return `MNEME-PASSPORT · holder=${envelope.holder} · entries=${envelope.entries.length} · ~${tokens} tokens · ttl=${ttlDays}d${vStr}`;
+    return `MNEME-PASSPORT · holder=${envelope.holder} · entries=${envelope.entries.length} · ~${tokens} tokens · ${ttlStr}${vStr}`;
 }
 //# sourceMappingURL=passport.js.map

package/dist/rainbow/passport.js.map

@@ -1 +1 @@
-{"version":3,"file":"passport.js","sourceRoot":"","sources":["../../src/rainbow/passport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAEH,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAkClE,oEAAoE;AACpE,MAAM,UAAU,kBAAkB,CAAC,OAAiC;IAClE,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IACD,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACtC,CAAC;AAED,kEAAkE;AAClE,SAAS,gBAAgB,CAAC,MAAc,EAAE,QAAgB,EAAE,SAAiB,EAAE,WAAmB,EAAE,MAAc;IAChH,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,QAAQ,IAAI,SAAS,IAAI,WAAW,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAc;IACvC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAaD,8EAA8E;AAC9E,MAAM,UAAU,aAAa,CAAC,KAAyB;IACrD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;IACpC,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAG,QAAQ,GAAG,OAAO,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAC3D,MAAM,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACnF,MAAM,WAAW,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACjG,OAAO;QACL,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,QAAQ;QACR,SAAS;QACT,OAAO,EAAE,MAAM;QACf,WAAW;QACX,SAAS;QACT,GAAG,EAAE,aAAa;QAClB,cAAc,EAAE,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC;KAChD,CAAC;AACJ,CAAC;AAYD,kEAAkE;AAClE,MAAM,UAAU,cAAc,CAAC,QAA0B,EAAE,MAAc;IACvE,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,CAAC;QACpC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAC/G,CAAC;IACD,IAAI,iBAAiB,CAAC,MAAM,CAAC,KAAK,QAAQ,CAAC,cAAc,EAAE,CAAC;QAC1D,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,+BAA+B,iBAAiB,CAAC,MAAM,CAAC,2CAA2C,QAAQ,CAAC,cAAc,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IACnL,CAAC;IACD,MAAM,YAAY,GAAG,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC1D,IAAI,YAAY,KAAK,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC1C,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,4DAA4D,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAClH,CAAC;IACD,MAAM,WAAW,GAAG,gBAAgB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC3H,IAAI,WAAW,KAAK,QAAQ,CAAC,SAAS,EAAE,CAAC;QACvC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,4CAA4C,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAClG,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,+CAA+C,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACjG,CAAC;AAED;sEACsE;AACtE,MAAM,UAAU,iBAAiB,CAAC,QAA0B;IAC1D,MAAM,MAAM,GAAG,6BAA6B;QAC1C,WAAW,QAAQ,CAAC,MAAM,IAAI;QAC9B,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,IAAI;QACxD,YAAY,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,IAAI;QAC1D,YAAY,QAAQ,CAAC,OAAO,CAAC,MAAM,IAAI;QACvC,4BAA4B,QAAQ,CAAC,cAAc,KAAK;QACxD,qEAAqE;QACrE,sEAAsE;QACtE,sBAAsB,CAAC;IACzB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/C,OAAO,MAAM,GAAG,IAAI,GAAG,8BAA8B,CAAC;AACxD,CAAC;AAED,gEAAgE;AAChE,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACvD,IAAI,KAAK,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,oBAAoB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAC7E,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAqB,CAAC;QACrD,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC1F,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,0FAA0F;AAC1F,MAAM,UAAU,sBAAsB;IACpC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC;AACzB,CAAC;AAED;yCACyC;AACzC,MAAM,UAAU,sBAAsB,CAAC,QAA0B;IAC/D,OAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,+CAA+C;AAC/C,MAAM,UAAU,uBAAuB,CAAC,QAA0B,EAAE,YAAiC;IACnG,MAAM,MAAM,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IACtF,MAAM,IAAI,GAAG,YAAY,CAAC,CAAC,CAAC,aAAa,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACrE,OAAO,2BAA2B,QAAQ,CAAC,MAAM,cAAc,QAAQ,CAAC,OAAO,CAAC,MAAM,OAAO,MAAM,iBAAiB,OAAO,IAAI,IAAI,EAAE,CAAC;AACxI,CAAC"}
+{"version":3,"file":"passport.js","sourceRoot":"","sources":["../../src/rainbow/passport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAEH,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAwClE,oEAAoE;AACpE,MAAM,UAAU,kBAAkB,CAAC,OAAiC;IAClE,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IACD,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACtC,CAAC;AAED,kEAAkE;AAClE,SAAS,gBAAgB,CAAC,MAAc,EAAE,QAAgB,EAAE,SAAiB,EAAE,WAAmB,EAAE,MAAc;IAChH,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,QAAQ,IAAI,SAAS,IAAI,WAAW,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAc;IACvC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAgBD;0CAC0C;AAC1C,MAAM,UAAU,aAAa,CAAC,KAAyB;IACrD,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC5B,2EAA2E;IAC3E,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,GAAG,KAAK,CAAC,OAAO,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC;IACzH,MAAM,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACnF,MAAM,WAAW,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACjG,mEAAmE;IACnE,MAAM,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjG,OAAO;QACL,EAAE;QACF,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,QAAQ;QACR,SAAS;QACT,OAAO,EAAE,MAAM;QACf,WAAW;QACX,SAAS;QACT,GAAG,EAAE,aAAa;QAClB,cAAc,EAAE,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC;QAC/C,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,EAAE;KAC7B,CAAC;AACJ,CAAC;AAED;;;mCAGmC;AACnC,MAAM,UAAU,cAAc,CAAC,QAA0B,EAAE,QAAgB,EAAE,MAAc;IACzF,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC3D,oCAAoC;IACpC,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IACtH,OAAO,EAAE,GAAG,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;AACjE,CAAC;AAoBD;;8CAE8C;AAC9C,MAAM,UAAU,cAAc,CAAC,QAA0B,EAAE,MAAc;IACvE,IAAI,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;QAC9E,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,QAAQ,CAAC,EAAE,wBAAwB,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IACvG,CAAC;IACD,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,CAAC;QACpC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAC/G,CAAC;IACD,IAAI,iBAAiB,CAAC,MAAM,CAAC,KAAK,QAAQ,CAAC,cAAc,EAAE,CAAC;QAC1D,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,+BAA+B,iBAAiB,CAAC,MAAM,CAAC,2CAA2C,QAAQ,CAAC,cAAc,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IACnL,CAAC;IACD,MAAM,YAAY,GAAG,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC1D,IAAI,YAAY,KAAK,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC1C,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,4DAA4D,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAClH,CAAC;IACD,MAAM,WAAW,GAAG,gBAAgB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC3H,IAAI,WAAW,KAAK,QAAQ,CAAC,SAAS,EAAE,CAAC;QACvC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,4CAA4C,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAClG,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,uDAAuD,QAAQ,CAAC,SAAS,KAAK,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACrL,CAAC;AAED;yDACyD;AACzD,SAAS,WAAW,CAAC,EAAU;IAC7B,IAAI,EAAE,IAAI,MAAM,CAAC,gBAAgB,IAAI,EAAE,GAAG,OAAO;QAAE,OAAO,0BAA0B,CAAC;IACrF,IAAI,CAAC;QAAC,OAAO,IAAI,IAAI,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,0BAA0B,CAAC;IAAC,CAAC;AACzF,CAAC;AAED;sEACsE;AACtE,MAAM,UAAU,iBAAiB,CAAC,QAA0B;IAC1D,MAAM,MAAM,GAAG,6BAA6B;QAC1C,OAAO,QAAQ,CAAC,EAAE,IAAI;QACtB,WAAW,QAAQ,CAAC,MAAM,IAAI;QAC9B,WAAW,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI;QAC7C,YAAY,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI;QAC/C,YAAY,QAAQ,CAAC,OAAO,CAAC,MAAM,IAAI;QACvC,YAAY,QAAQ,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC,IAAI;QAC7C,4BAA4B,QAAQ,CAAC,cAAc,KAAK;QACxD,qEAAqE;QACrE,sEAAsE;QACtE,sBAAsB,CAAC;IACzB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/C,OAAO,MAAM,GAAG,IAAI,GAAG,8BAA8B,CAAC;AACxD,CAAC;AAED,gEAAgE;AAChE,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACvD,IAAI,KAAK,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,oBAAoB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAC7E,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAqB,CAAC;QACrD,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC1F,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,0FAA0F;AAC1F,MAAM,UAAU,sBAAsB;IACpC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC;AACzB,CAAC;AAED;yCACyC;AACzC,MAAM,UAAU,sBAAsB,CAAC,QAA0B;IAC/D,OAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,+CAA+C;AAC/C,MAAM,UAAU,uBAAuB,CAAC,QAA0B,EAAE,YAAiC;IACnG,MAAM,MAAM,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,IAAI,MAAM,CAAC,gBAAgB,CAAC;IAChE,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC;IAC3H,MAAM,IAAI,GAAG,YAAY,CAAC,CAAC,CAAC,aAAa,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACrE,OAAO,2BAA2B,QAAQ,CAAC,MAAM,cAAc,QAAQ,CAAC,OAAO,CAAC,MAAM,OAAO,MAAM,aAAa,MAAM,GAAG,IAAI,EAAE,CAAC;AAClI,CAAC"}

package/dist/rainbow/passport_v99.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=passport_v99.test.d.ts.map

package/dist/rainbow/passport_v99.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"passport_v99.test.d.ts","sourceRoot":"","sources":["../../src/rainbow/passport_v99.test.ts"],"names":[],"mappings":""}

package/dist/rainbow/passport_v99.test.js

@@ -0,0 +1,53 @@
+import { describe, it, expect } from "vitest";
+import { issuePassport, verifyPassport, revokePassport, generatePassportSecret, } from "./passport.js";
+const entries = () => [
+    { id: "d1", ts: Date.now(), kind: "decision", text: "test decision" },
+];
+describe("v1.99 PASSPORT · eternal default + revocation", () => {
+    it("default (no ttlDays) → expiresAt = MAX_SAFE_INTEGER (eternal)", () => {
+        const secret = generatePassportSecret();
+        const env = issuePassport({ holder: "alice", entries: entries(), secret });
+        expect(env.expiresAt).toBe(Number.MAX_SAFE_INTEGER);
+    });
+    it("verifyPassport returns VALID for eternal passport (no expiry possible)", () => {
+        const secret = generatePassportSecret();
+        const env = issuePassport({ holder: "alice", entries: entries(), secret });
+        const r = verifyPassport(env, secret);
+        expect(r.verdict).toBe("VALID");
+        expect(r.reason).toContain("eternal");
+    });
+    it("envelope has stable id derived from holder + issuedAt", () => {
+        const secret = generatePassportSecret();
+        const env = issuePassport({ holder: "alice", entries: entries(), secret });
+        expect(env.id).toMatch(/^[0-9a-f]{12}$/);
+    });
+    it("revokePassport adds id to revocation list", () => {
+        const secret = generatePassportSecret();
+        const env = issuePassport({ holder: "alice", entries: entries(), secret });
+        expect(env.revoked).toEqual([]);
+        const env2 = revokePassport(env, env.id, secret);
+        expect(env2.revoked).toContain(env.id);
+    });
+    it("verifyPassport returns REVOKED when own id in revocation list", () => {
+        const secret = generatePassportSecret();
+        const env = issuePassport({ holder: "alice", entries: entries(), secret });
+        const env2 = revokePassport(env, env.id, secret);
+        const r = verifyPassport(env2, secret);
+        expect(r.verdict).toBe("REVOKED");
+        expect(r.ok).toBe(false);
+    });
+    it("verifyPassport on non-revoked passport returns VALID even when revocation list has OTHER ids", () => {
+        const secret = generatePassportSecret();
+        const env = issuePassport({ holder: "alice", entries: entries(), secret, revoked: ["other-id-123"] });
+        const r = verifyPassport(env, secret);
+        expect(r.verdict).toBe("VALID");
+    });
+    it("explicit ttlDays still works for one-time delegation", () => {
+        const secret = generatePassportSecret();
+        const env = issuePassport({ holder: "alice", entries: entries(), secret, ttlDays: 7 });
+        expect(env.expiresAt).toBeLessThan(Number.MAX_SAFE_INTEGER);
+        expect(env.expiresAt).toBeGreaterThan(Date.now());
+        expect(env.expiresAt - Date.now()).toBeLessThanOrEqual(8 * 24 * 60 * 60 * 1000);
+    });
+});
+//# sourceMappingURL=passport_v99.test.js.map

package/dist/rainbow/passport_v99.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passport_v99.test.js","sourceRoot":"","sources":["../../src/rainbow/passport_v99.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EACL,aAAa,EACb,cAAc,EACd,cAAc,EACd,sBAAsB,GAEvB,MAAM,eAAe,CAAC;AAEvB,MAAM,OAAO,GAAG,GAAoB,EAAE,CAAC;IACrC,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,eAAe,EAAE;CACtE,CAAC;AAEF,QAAQ,CAAC,+CAA+C,EAAE,GAAG,EAAE;IAC7D,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,aAAa,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3E,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,GAAG,EAAE;QAChF,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,aAAa,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3E,MAAM,CAAC,GAAG,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACtC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,aAAa,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3E,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,aAAa,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3E,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAChC,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,aAAa,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3E,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACjD,MAAM,CAAC,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACvC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAClC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8FAA8F,EAAE,GAAG,EAAE;QACtG,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,aAAa,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;QACtG,MAAM,CAAC,GAAG,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACtC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,MAAM,GAAG,sBAAsB,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,aAAa,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;QACvF,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC5D,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAClD,MAAM,CAAC,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,mBAAmB,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAClF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}