@motebit/crypto-appattest 1.0.0

package/LICENSE

@@ -0,0 +1,206 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for describing the origin of the Work and
+      reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2026 Motebit, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+"Motebit" is a trademark of Motebit, Inc. The Apache License grants rights to
+this software, not to any Motebit trademarks, logos, or branding. You may not
+use Motebit branding in a way that suggests endorsement or affiliation without
+written permission.

package/NOTICE

@@ -0,0 +1,19 @@
+Motebit
+Copyright 2026 Motebit, Inc.
+
+This product includes software developed at Motebit, Inc. (https://motebit.com).
+
+The permissive-floor packages (the protocol, SDK, cryptographic primitives,
+platform-attestation verifier leaves, scaffolding CLI, and GitHub Action) are
+licensed under the Apache License, Version 2.0. See LICENSE files in each
+`packages/*/` subdirectory and in `spec/` for the full license text.
+
+The remaining packages, apps, and services are licensed under the Business
+Source License 1.1 and convert to the Apache License, Version 2.0 four years
+after each version's first public release. See `LICENSE` at the repository
+root and `LICENSING.md` for the full license boundary.
+
+"Motebit" is a trademark of Motebit, Inc. The licenses granted here cover
+this software only, not Motebit trademarks, logos, or branding. Use of
+Motebit branding in a way that suggests endorsement or affiliation requires
+written permission.

package/README.md

@@ -0,0 +1,48 @@
+# @motebit/crypto-appattest
+
+Offline Apache-2.0 verifier for Apple App Attest hardware-attestation credentials.
+
+```bash
+npm i @motebit/crypto-appattest
+```
+
+Plugs into [`@motebit/crypto`](https://www.npmjs.com/package/@motebit/crypto)'s `HardwareAttestationVerifiers` dispatcher as the `deviceCheck` verifier — called when a credential declares `platform: "device_check"`.
+
+## Usage
+
+```ts
+import { verify } from "@motebit/crypto";
+import { deviceCheckVerifier } from "@motebit/crypto-appattest";
+
+const result = await verify(credential, {
+  hardwareAttestation: {
+    deviceCheck: deviceCheckVerifier({ expectedBundleId: "com.motebit.app" }),
+  },
+});
+```
+
+## What it verifies
+
+1. The CBOR attestation object Apple emits from `DCAppAttestService.attestKey`.
+2. The leaf + intermediate X.509 chain against the **pinned Apple App Attest root CA** — every non-leaf must carry `basicConstraints.cA === true`, every signature verified, every cert within its validity window, terminal cert DER byte-equal to the pinned root.
+3. The receipt extension OID `1.2.840.113635.100.8.2` binds `SHA256(authData || clientDataHash)`.
+4. `authData.rpIdHash === SHA256(bundleId)` (bundle binding).
+5. **Identity binding.** The transmitted `clientDataHash` must equal `SHA-256(canonicalJson({ motebit_id, device_id, identity_public_key, attested_at, platform: "device_check", version: "1" }))` — the same body the iOS mint path signs over. A malicious native client that substitutes any other body fails here.
+
+## Why pinned
+
+A verifier that dynamically fetches CA certificates has no sovereign story. The pinned root is the self-attesting contract — third parties audit `APPLE_APPATTEST_ROOT_PEM` and know what chain this library accepts. Zero network; chain path, clock-skew, and OID extraction are all deterministic from Apple's published spec.
+
+## Related
+
+- [`@motebit/crypto`](https://www.npmjs.com/package/@motebit/crypto) — dispatcher (pure permissive-floor; zero deps)
+- [`@motebit/crypto-play-integrity`](https://www.npmjs.com/package/@motebit/crypto-play-integrity) — Android sibling
+- [`@motebit/crypto-tpm`](https://www.npmjs.com/package/@motebit/crypto-tpm) — TPM 2.0 sibling
+- [`@motebit/crypto-webauthn`](https://www.npmjs.com/package/@motebit/crypto-webauthn) — browser sibling
+- [`@motebit/verify`](https://www.npmjs.com/package/@motebit/verify) — canonical CLI bundling all four leaves with motebit defaults
+
+## License
+
+Apache-2.0 — see [LICENSE](./LICENSE) and [NOTICE](./NOTICE).
+
+"Motebit" is a trademark. The Apache License grants rights to this software, not to any Motebit trademarks, logos, or branding. You may not use Motebit branding in a way that suggests endorsement or affiliation without written permission.

package/dist/apple-root.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Pinned Apple App Attest root certificate.
+ *
+ * This PEM is the root of trust for every `platform: "device_check"`
+ * hardware-attestation claim. Pinning is the self-attesting contract
+ * — a verifier that dynamically fetched the Apple CA would have no
+ * sovereign story, because a third party auditing our output could
+ * never reproduce the decision without trusting our fetch path. By
+ * committing the exact bytes of the CA we accept, anyone can audit
+ * this file, pin the same bytes in their own verifier, and reach the
+ * same yes/no answer.
+ *
+ * Source: Apple's published App Attest CA (Apple App Attestation Root
+ * CA). SHA-256 fingerprint of this certificate is the attestor the
+ * chain-verification routine requires the leaf's intermediate CA to
+ * chain to.
+ *
+ * If Apple rotates this root (they have every right to — they publish
+ * rotation schedules in their developer documentation), an additive
+ * PEM constant and a dispatch arm on expiry date land here. That's a
+ * judgment call; it belongs in BSL with the rest of the chain-validation
+ * policy.
+ */
+/**
+ * Apple App Attestation Root CA — the single pinned anchor this package
+ * chains App Attest leaves to.
+ *
+ * Byte-for-byte match of Apple's published certificate. Canonical
+ * fingerprint (SHA-256): `bf eb 88 ce 0c 59 eb b8 9e b1 9f ab 8d 8f 6d
+ * 2b 6e 83 87 27 4e 71 83 9a 2c a7 9d 43 37 1d 7f d6`.
+ */
+export declare const APPLE_APPATTEST_ROOT_PEM = "-----BEGIN CERTIFICATE-----\nMIICITCCAaegAwIBAgIQC/O+DvHN0uD7jG5yH2IXmDAKBggqhkjOPQQDAzBSMSYw\nJAYDVQQDDB1BcHBsZSBBcHAgQXR0ZXN0YXRpb24gUm9vdCBDQTETMBEGA1UECgwK\nQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTAeFw0yMDAzMTgxODMyNTNa\nFw00NTAzMTUwMDAwMDBaMFIxJjAkBgNVBAMMHUFwcGxlIEFwcCBBdHRlc3RhdGlv\nbiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9y\nbmlhMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAERTHhmLW07ATaFQIEVwTtT4dyctdh\nNbJhFs/Ii2FdCgAHGbpphY3+d8qjuDngIN3WVhQUBHAoMeQ/cLiP1sOUtgjqK9au\nYen1mMEvRq9Sk3Jm5X8U62H+xTD3FE9TgS41o0IwQDAPBgNVHRMBAf8EBTADAQH/\nMB0GA1UdDgQWBBSskRBTM72+aEH/pwyp5frq5eWKoTAOBgNVHQ8BAf8EBAMCAQYw\nCgYIKoZIzj0EAwMDaAAwZQIwQgFGnByvsiVbpTKwSga0kP0e8EeDS4+sQmTvb7vn\n53O5+FRXgeLhpJ06ysC5PrOyAjEAp5U4xDgEgllF7En3VcE3iexZZtKeYnpqtijV\noyFraWVIyd/dganmrduC1bmTBGwD\n-----END CERTIFICATE-----\n";
+/**
+ * Apple's published App Attest production RP ID / bundle-check domain.
+ * Not used directly by this package — the consumer passes its own
+ * bundle ID, which the verifier hashes and asserts equals the
+ * authData.rpIdHash field. Exposed here as a labeled constant so the
+ * audit trail is obvious.
+ */
+export declare const APPLE_APPATTEST_FMT = "apple-appattest";
+//# sourceMappingURL=apple-root.d.ts.map

package/dist/apple-root.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apple-root.d.ts","sourceRoot":"","sources":["../src/apple-root.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,wBAAwB,izBAcpC,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,mBAAmB,oBAAoB,CAAC"}

package/dist/apple-root.js

@@ -0,0 +1,55 @@
+/**
+ * Pinned Apple App Attest root certificate.
+ *
+ * This PEM is the root of trust for every `platform: "device_check"`
+ * hardware-attestation claim. Pinning is the self-attesting contract
+ * — a verifier that dynamically fetched the Apple CA would have no
+ * sovereign story, because a third party auditing our output could
+ * never reproduce the decision without trusting our fetch path. By
+ * committing the exact bytes of the CA we accept, anyone can audit
+ * this file, pin the same bytes in their own verifier, and reach the
+ * same yes/no answer.
+ *
+ * Source: Apple's published App Attest CA (Apple App Attestation Root
+ * CA). SHA-256 fingerprint of this certificate is the attestor the
+ * chain-verification routine requires the leaf's intermediate CA to
+ * chain to.
+ *
+ * If Apple rotates this root (they have every right to — they publish
+ * rotation schedules in their developer documentation), an additive
+ * PEM constant and a dispatch arm on expiry date land here. That's a
+ * judgment call; it belongs in BSL with the rest of the chain-validation
+ * policy.
+ */
+/**
+ * Apple App Attestation Root CA — the single pinned anchor this package
+ * chains App Attest leaves to.
+ *
+ * Byte-for-byte match of Apple's published certificate. Canonical
+ * fingerprint (SHA-256): `bf eb 88 ce 0c 59 eb b8 9e b1 9f ab 8d 8f 6d
+ * 2b 6e 83 87 27 4e 71 83 9a 2c a7 9d 43 37 1d 7f d6`.
+ */
+export const APPLE_APPATTEST_ROOT_PEM = `-----BEGIN CERTIFICATE-----
+MIICITCCAaegAwIBAgIQC/O+DvHN0uD7jG5yH2IXmDAKBggqhkjOPQQDAzBSMSYw
+JAYDVQQDDB1BcHBsZSBBcHAgQXR0ZXN0YXRpb24gUm9vdCBDQTETMBEGA1UECgwK
+QXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTAeFw0yMDAzMTgxODMyNTNa
+Fw00NTAzMTUwMDAwMDBaMFIxJjAkBgNVBAMMHUFwcGxlIEFwcCBBdHRlc3RhdGlv
+biBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9y
+bmlhMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAERTHhmLW07ATaFQIEVwTtT4dyctdh
+NbJhFs/Ii2FdCgAHGbpphY3+d8qjuDngIN3WVhQUBHAoMeQ/cLiP1sOUtgjqK9au
+Yen1mMEvRq9Sk3Jm5X8U62H+xTD3FE9TgS41o0IwQDAPBgNVHRMBAf8EBTADAQH/
+MB0GA1UdDgQWBBSskRBTM72+aEH/pwyp5frq5eWKoTAOBgNVHQ8BAf8EBAMCAQYw
+CgYIKoZIzj0EAwMDaAAwZQIwQgFGnByvsiVbpTKwSga0kP0e8EeDS4+sQmTvb7vn
+53O5+FRXgeLhpJ06ysC5PrOyAjEAp5U4xDgEgllF7En3VcE3iexZZtKeYnpqtijV
+oyFraWVIyd/dganmrduC1bmTBGwD
+-----END CERTIFICATE-----
+`;
+/**
+ * Apple's published App Attest production RP ID / bundle-check domain.
+ * Not used directly by this package — the consumer passes its own
+ * bundle ID, which the verifier hashes and asserts equals the
+ * authData.rpIdHash field. Exposed here as a labeled constant so the
+ * audit trail is obvious.
+ */
+export const APPLE_APPATTEST_FMT = "apple-appattest";
+//# sourceMappingURL=apple-root.js.map

package/dist/apple-root.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"apple-root.js","sourceRoot":"","sources":["../src/apple-root.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;;;;;;;;;;;;;;CAcvC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,iBAAiB,CAAC"}

package/dist/cbor.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Thin CBOR decoder for Apple's App Attest attestation object.
+ *
+ * Apple's `DCAppAttestService.attestKey` returns a CBOR-encoded
+ * attestation object with the W3C WebAuthn-compatible shape:
+ *
+ *   {
+ *     fmt:     "apple-appattest",
+ *     attStmt: { x5c: [leafDer, intermediateDer], receipt: <bytes> },
+ *     authData: <bytes>
+ *   }
+ *
+ * Delegating to `cbor2` lets us parse that without writing a full CBOR
+ * implementation. We expose a typed `parseAppAttestCbor` so the verifier
+ * never touches raw `unknown` shapes — every field is validated as it's
+ * lifted out.
+ */
+export interface AppAttestCbor {
+    readonly fmt: string;
+    readonly x5c: readonly Uint8Array[];
+    readonly receipt: Uint8Array | null;
+    readonly authData: Uint8Array;
+}
+/**
+ * Parse a CBOR-encoded App Attest attestation object.
+ *
+ * Returns a typed view or throws on malformed / unexpected shape. The
+ * caller (`verify.ts`) catches the throw and converts to the
+ * `{ valid: false, errors: [...] }` result shape.
+ */
+export declare function parseAppAttestCbor(attestationObjectBytes: Uint8Array): AppAttestCbor;
+//# sourceMappingURL=cbor.d.ts.map

package/dist/cbor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cbor.d.ts","sourceRoot":"","sources":["../src/cbor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,SAAS,UAAU,EAAE,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,QAAQ,EAAE,UAAU,CAAC;CAC/B;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,sBAAsB,EAAE,UAAU,GAAG,aAAa,CAkDpF"}

package/dist/cbor.js

@@ -0,0 +1,88 @@
+/**
+ * Thin CBOR decoder for Apple's App Attest attestation object.
+ *
+ * Apple's `DCAppAttestService.attestKey` returns a CBOR-encoded
+ * attestation object with the W3C WebAuthn-compatible shape:
+ *
+ *   {
+ *     fmt:     "apple-appattest",
+ *     attStmt: { x5c: [leafDer, intermediateDer], receipt: <bytes> },
+ *     authData: <bytes>
+ *   }
+ *
+ * Delegating to `cbor2` lets us parse that without writing a full CBOR
+ * implementation. We expose a typed `parseAppAttestCbor` so the verifier
+ * never touches raw `unknown` shapes — every field is validated as it's
+ * lifted out.
+ */
+import { decode as cborDecode } from "cbor2";
+/**
+ * Parse a CBOR-encoded App Attest attestation object.
+ *
+ * Returns a typed view or throws on malformed / unexpected shape. The
+ * caller (`verify.ts`) catches the throw and converts to the
+ * `{ valid: false, errors: [...] }` result shape.
+ */
+export function parseAppAttestCbor(attestationObjectBytes) {
+    // cbor2's `decode` accepts ArrayBuffer-like; `Uint8Array` satisfies.
+    const decoded = cborDecode(attestationObjectBytes);
+    if (decoded === null || typeof decoded !== "object") {
+        throw new Error("attestation object is not a CBOR map");
+    }
+    // cbor2 returns JS `Map` for CBOR maps by default for non-string keys;
+    // but Apple's outer map uses string keys so we accept either `Map` or
+    // plain `Record`.
+    const getFromAny = (key) => {
+        if (decoded instanceof Map)
+            return decoded.get(key);
+        return decoded[key];
+    };
+    const fmt = getFromAny("fmt");
+    if (typeof fmt !== "string")
+        throw new Error("attestation `fmt` missing or not a string");
+    const attStmt = getFromAny("attStmt");
+    if (attStmt === null || typeof attStmt !== "object") {
+        throw new Error("attestation `attStmt` missing or not an object");
+    }
+    const attStmtGet = (key) => {
+        if (attStmt instanceof Map)
+            return attStmt.get(key);
+        return attStmt[key];
+    };
+    const x5cRaw = attStmtGet("x5c");
+    if (!Array.isArray(x5cRaw) || x5cRaw.length === 0) {
+        throw new Error("attestation `attStmt.x5c` missing or empty");
+    }
+    const x5c = [];
+    for (const entry of x5cRaw) {
+        const bytes = coerceBytes(entry);
+        if (!bytes)
+            throw new Error("attestation `attStmt.x5c` entry is not bytes");
+        x5c.push(bytes);
+    }
+    const receiptRaw = attStmtGet("receipt");
+    const receipt = receiptRaw === undefined ? null : coerceBytes(receiptRaw);
+    if (receiptRaw !== undefined && receipt === null) {
+        throw new Error("attestation `attStmt.receipt` present but not bytes");
+    }
+    const authDataRaw = getFromAny("authData");
+    const authData = coerceBytes(authDataRaw);
+    if (!authData)
+        throw new Error("attestation `authData` missing or not bytes");
+    return { fmt, x5c, receipt, authData };
+}
+/**
+ * cbor2 can surface byte strings as `Uint8Array` or, in some Node
+ * builds, as `Buffer` (which is also a Uint8Array subclass). This
+ * helper collapses both shapes into a plain `Uint8Array` copy the
+ * rest of the verifier operates on.
+ */
+function coerceBytes(v) {
+    if (v instanceof Uint8Array) {
+        // Normalize to a detached copy — downstream crypto libs expect
+        // tight-bounded views and Buffer's offset+length can surprise them.
+        return new Uint8Array(v.buffer, v.byteOffset, v.byteLength).slice();
+    }
+    return null;
+}
+//# sourceMappingURL=cbor.js.map

package/dist/cbor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cbor.js","sourceRoot":"","sources":["../src/cbor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,OAAO,CAAC;AAS7C;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,sBAAkC;IACnE,qEAAqE;IACrE,MAAM,OAAO,GAAY,UAAU,CAAC,sBAAsB,CAAC,CAAC;IAE5D,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,uEAAuE;IACvE,sEAAsE;IACtE,kBAAkB;IAClB,MAAM,UAAU,GAAG,CAAC,GAAW,EAAW,EAAE;QAC1C,IAAI,OAAO,YAAY,GAAG;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpD,OAAQ,OAAmC,CAAC,GAAG,CAAC,CAAC;IACnD,CAAC,CAAC;IAEF,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IAC9B,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAE1F,MAAM,OAAO,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACtC,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,UAAU,GAAG,CAAC,GAAW,EAAW,EAAE;QAC1C,IAAI,OAAO,YAAY,GAAG;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpD,OAAQ,OAAmC,CAAC,GAAG,CAAC,CAAC;IACnD,CAAC,CAAC;IAEF,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IACjC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IACD,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAC5E,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAC1E,IAAI,UAAU,KAAK,SAAS,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,WAAW,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAE9E,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;AACzC,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAAC,CAAU;IAC7B,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC;QAC5B,+DAA+D;QAC/D,oEAAoE;QACpE,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,KAAK,EAAE,CAAC;IACtE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,93 @@
+/**
+ * @motebit/crypto-appattest — Apple App Attest chain-verification
+ * adapter for motebit hardware-attestation claims.
+ *
+ * The metabolic leaf `@motebit/crypto` delegates to when a
+ * `HardwareAttestationClaim` declares `platform: "device_check"`.
+ * Dep-thin `@motebit/crypto` stays permissive-floor-pure; this package,
+ * also on the permissive floor (Apache-2.0), metabolizes `@peculiar/x509`
+ * + `cbor2` to judge whether Apple's published CA rooted the leaf that
+ * signed the caller's attestation.
+ *
+ * Wiring from a consumer:
+ *
+ * ```ts
+ * import { verify } from "@motebit/crypto";
+ * import { deviceCheckVerifier } from "@motebit/crypto-appattest";
+ *
+ * const result = await verify(credential, {
+ *   hardwareAttestation: { deviceCheck: deviceCheckVerifier({ expectedBundleId: "com.motebit.app" }) },
+ * });
+ * ```
+ *
+ * This package exports no global state, no side-effect registrations;
+ * the injection is call-site only.
+ */
+import type { HardwareAttestationClaim } from "@motebit/protocol";
+import type { AppAttestVerifyResult } from "./verify.js";
+export { parseAppAttestCbor, type AppAttestCbor } from "./cbor.js";
+export { APPLE_APPATTEST_ROOT_PEM, APPLE_APPATTEST_FMT } from "./apple-root.js";
+export { verifyAppAttestReceipt } from "./verify.js";
+export type { AppAttestVerifyOptions, AppAttestVerifyResult, AppAttestVerifyError, } from "./verify.js";
+/**
+ * Shape the optional verifier injected into `@motebit/crypto`'s
+ * `HardwareAttestationVerifiers.deviceCheck` slot carries — mirrors the
+ * sync-or-async return shape the dispatcher supports.
+ */
+export interface DeviceCheckVerifyResult {
+    readonly valid: boolean;
+    readonly platform: "device_check";
+    readonly errors: ReadonlyArray<{
+        readonly message: string;
+    }>;
+    readonly attestation_detail?: AppAttestVerifyResult;
+}
+/**
+ * Context fields the dispatcher lifts out of the credential subject and
+ * threads through to the verifier. All three participate in the JCS
+ * body the Swift mint path signs, so the verifier re-derives the body
+ * from them and byte-compares against the transmitted clientDataHash
+ * (see `verify.ts::buildCanonicalAttestationBody`).
+ *
+ * All fields optional: a caller that omits one loses the
+ * identity-binding channel but still gets chain / nonce / bundle
+ * binding results — the verifier reports the missing channel
+ * explicitly rather than silently passing.
+ */
+export interface DeviceCheckVerifierContext {
+    readonly expectedMotebitId?: string;
+    readonly expectedDeviceId?: string;
+    readonly expectedAttestedAt?: number;
+}
+export interface DeviceCheckVerifierConfig {
+    /** iOS bundle identifier the receipt must bind to. */
+    readonly expectedBundleId: string;
+    /** Optional: override the pinned Apple root (tests fabricate their own). */
+    readonly rootPem?: string;
+    /** Optional: inject a fixed clock for deterministic chain-validity checks. */
+    readonly now?: () => number;
+    /** Optional: override the accepted attestation-format string. */
+    readonly expectedFmt?: string;
+}
+/**
+ * Factory — build a `deviceCheck` verifier bound to a specific bundle
+ * and (optionally) a test root / clock / fmt. The returned function
+ * matches the `HardwareAttestationVerifiers.deviceCheck` signature the
+ * `@motebit/crypto` dispatcher expects.
+ *
+ * Signature widened 2026-04-22: the third `context` parameter carries
+ * the motebit_id / device_id / attested_at fields the VC subject
+ * declares so the verifier can re-derive the JCS body Apple signed
+ * over and cryptographically bind it to the caller's Ed25519 identity
+ * (see `verify.ts` step 6). Pre-existing call sites that pass only
+ * `(claim, expectedIdentityHex)` still compile — the context is
+ * optional — but they lose the identity-binding channel and receive
+ * `identity_bound: false` in the result.
+ *
+ * Kept as a factory rather than a free function so the consumer's
+ * bundle ID is captured once at wiring time, not repeated at every
+ * call site — every subsequent `verify()` call inherits the same
+ * binding.
+ */
+export declare function deviceCheckVerifier(config: DeviceCheckVerifierConfig): (claim: HardwareAttestationClaim, expectedIdentityHex: string, context?: DeviceCheckVerifierContext) => Promise<DeviceCheckVerifyResult>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAElE,OAAO,KAAK,EAA0B,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGjF,OAAO,EAAE,kBAAkB,EAAE,KAAK,aAAa,EAAE,MAAM,WAAW,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,YAAY,EACV,sBAAsB,EACtB,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAErB;;;;GAIG;AACH,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;QAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC7D,QAAQ,CAAC,kBAAkB,CAAC,EAAE,qBAAqB,CAAC;CACrD;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;CACtC;AAED,MAAM,WAAW,yBAAyB;IACxC,sDAAsD;IACtD,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,4EAA4E;IAC5E,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,8EAA8E;IAC9E,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;IAC5B,iEAAiE;IACjE,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,yBAAyB,GAChC,CACD,KAAK,EAAE,wBAAwB,EAC/B,mBAAmB,EAAE,MAAM,EAC3B,OAAO,CAAC,EAAE,0BAA0B,KACjC,OAAO,CAAC,uBAAuB,CAAC,CA0BpC"}