@motebit/crypto 0.8.0

package/dist/index.js

@@ -0,0 +1,2513 @@
+// ../../node_modules/.pnpm/@noble+ed25519@3.0.1/node_modules/@noble/ed25519/index.js
+var ed25519_CURVE = {
+  p: 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffedn,
+  n: 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3edn,
+  h: 8n,
+  a: 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffecn,
+  d: 0x52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3n,
+  Gx: 0x216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51an,
+  Gy: 0x6666666666666666666666666666666666666666666666666666666666666658n
+};
+var { p: P, n: N, Gx, Gy, a: _a, d: _d, h } = ed25519_CURVE;
+var L = 32;
+var captureTrace = (...args) => {
+  if ("captureStackTrace" in Error && typeof Error.captureStackTrace === "function") {
+    Error.captureStackTrace(...args);
+  }
+};
+var err = (message = "") => {
+  const e = new Error(message);
+  captureTrace(e, err);
+  throw e;
+};
+var isBig = (n) => typeof n === "bigint";
+var isStr = (s) => typeof s === "string";
+var isBytes = (a) => a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+var abytes = (value, length, title = "") => {
+  const bytes = isBytes(value);
+  const len = value?.length;
+  const needsLen = length !== void 0;
+  if (!bytes || needsLen && len !== length) {
+    const prefix = title && `"${title}" `;
+    const ofLen = needsLen ? ` of length ${length}` : "";
+    const got = bytes ? `length=${len}` : `type=${typeof value}`;
+    err(prefix + "expected Uint8Array" + ofLen + ", got " + got);
+  }
+  return value;
+};
+var u8n = (len) => new Uint8Array(len);
+var u8fr = (buf) => Uint8Array.from(buf);
+var padh = (n, pad) => n.toString(16).padStart(pad, "0");
+var bytesToHex = (b) => Array.from(abytes(b)).map((e) => padh(e, 2)).join("");
+var C = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+var _ch = (ch) => {
+  if (ch >= C._0 && ch <= C._9)
+    return ch - C._0;
+  if (ch >= C.A && ch <= C.F)
+    return ch - (C.A - 10);
+  if (ch >= C.a && ch <= C.f)
+    return ch - (C.a - 10);
+  return;
+};
+var hexToBytes = (hex) => {
+  const e = "hex invalid";
+  if (!isStr(hex))
+    return err(e);
+  const hl = hex.length;
+  const al = hl / 2;
+  if (hl % 2)
+    return err(e);
+  const array = u8n(al);
+  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
+    const n1 = _ch(hex.charCodeAt(hi));
+    const n2 = _ch(hex.charCodeAt(hi + 1));
+    if (n1 === void 0 || n2 === void 0)
+      return err(e);
+    array[ai] = n1 * 16 + n2;
+  }
+  return array;
+};
+var cr = () => globalThis?.crypto;
+var subtle = () => cr()?.subtle ?? err("crypto.subtle must be defined, consider polyfill");
+var concatBytes = (...arrs) => {
+  const r = u8n(arrs.reduce((sum, a) => sum + abytes(a).length, 0));
+  let pad = 0;
+  arrs.forEach((a) => {
+    r.set(a, pad);
+    pad += a.length;
+  });
+  return r;
+};
+var randomBytes = (len = L) => {
+  const c = cr();
+  return c.getRandomValues(u8n(len));
+};
+var big = BigInt;
+var assertRange = (n, min, max, msg = "bad number: out of range") => isBig(n) && min <= n && n < max ? n : err(msg);
+var M = (a, b = P) => {
+  const r = a % b;
+  return r >= 0n ? r : b + r;
+};
+var P_MASK = (1n << 255n) - 1n;
+var modP = (num) => {
+  if (num < 0n)
+    err("negative coordinate");
+  let r = (num >> 255n) * 19n + (num & P_MASK);
+  r = (r >> 255n) * 19n + (r & P_MASK);
+  return r % P;
+};
+var modN = (a) => M(a, N);
+var invert = (num, md) => {
+  if (num === 0n || md <= 0n)
+    err("no inverse n=" + num + " mod=" + md);
+  let a = M(num, md), b = md, x = 0n, y = 1n, u = 1n, v = 0n;
+  while (a !== 0n) {
+    const q = b / a, r = b % a;
+    const m = x - u * q, n = y - v * q;
+    b = a, a = r, x = u, y = v, u = m, v = n;
+  }
+  return b === 1n ? M(x, md) : err("no inverse");
+};
+var apoint = (p) => p instanceof Point ? p : err("Point expected");
+var B256 = 2n ** 256n;
+var Point = class _Point {
+  static BASE;
+  static ZERO;
+  X;
+  Y;
+  Z;
+  T;
+  constructor(X, Y, Z, T) {
+    const max = B256;
+    this.X = assertRange(X, 0n, max);
+    this.Y = assertRange(Y, 0n, max);
+    this.Z = assertRange(Z, 1n, max);
+    this.T = assertRange(T, 0n, max);
+    Object.freeze(this);
+  }
+  static CURVE() {
+    return ed25519_CURVE;
+  }
+  static fromAffine(p) {
+    return new _Point(p.x, p.y, 1n, modP(p.x * p.y));
+  }
+  /** RFC8032 5.1.3: Uint8Array to Point. */
+  static fromBytes(hex, zip215 = false) {
+    const d = _d;
+    const normed = u8fr(abytes(hex, L));
+    const lastByte = hex[31];
+    normed[31] = lastByte & ~128;
+    const y = bytesToNumberLE(normed);
+    const max = zip215 ? B256 : P;
+    assertRange(y, 0n, max);
+    const y2 = modP(y * y);
+    const u = M(y2 - 1n);
+    const v = modP(d * y2 + 1n);
+    let { isValid, value: x } = uvRatio(u, v);
+    if (!isValid)
+      err("bad point: y not sqrt");
+    const isXOdd = (x & 1n) === 1n;
+    const isLastByteOdd = (lastByte & 128) !== 0;
+    if (!zip215 && x === 0n && isLastByteOdd)
+      err("bad point: x==0, isLastByteOdd");
+    if (isLastByteOdd !== isXOdd)
+      x = M(-x);
+    return new _Point(x, y, 1n, modP(x * y));
+  }
+  static fromHex(hex, zip215) {
+    return _Point.fromBytes(hexToBytes(hex), zip215);
+  }
+  get x() {
+    return this.toAffine().x;
+  }
+  get y() {
+    return this.toAffine().y;
+  }
+  /** Checks if the point is valid and on-curve. */
+  assertValidity() {
+    const a = _a;
+    const d = _d;
+    const p = this;
+    if (p.is0())
+      return err("bad point: ZERO");
+    const { X, Y, Z, T } = p;
+    const X2 = modP(X * X);
+    const Y2 = modP(Y * Y);
+    const Z2 = modP(Z * Z);
+    const Z4 = modP(Z2 * Z2);
+    const aX2 = modP(X2 * a);
+    const left = modP(Z2 * (aX2 + Y2));
+    const right = M(Z4 + modP(d * modP(X2 * Y2)));
+    if (left !== right)
+      return err("bad point: equation left != right (1)");
+    const XY = modP(X * Y);
+    const ZT = modP(Z * T);
+    if (XY !== ZT)
+      return err("bad point: equation left != right (2)");
+    return this;
+  }
+  /** Equality check: compare points P&Q. */
+  equals(other) {
+    const { X: X1, Y: Y1, Z: Z1 } = this;
+    const { X: X2, Y: Y2, Z: Z2 } = apoint(other);
+    const X1Z2 = modP(X1 * Z2);
+    const X2Z1 = modP(X2 * Z1);
+    const Y1Z2 = modP(Y1 * Z2);
+    const Y2Z1 = modP(Y2 * Z1);
+    return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;
+  }
+  is0() {
+    return this.equals(I);
+  }
+  /** Flip point over y coordinate. */
+  negate() {
+    return new _Point(M(-this.X), this.Y, this.Z, M(-this.T));
+  }
+  /** Point doubling. Complete formula. Cost: `4M + 4S + 1*a + 6add + 1*2`. */
+  double() {
+    const { X: X1, Y: Y1, Z: Z1 } = this;
+    const a = _a;
+    const A = modP(X1 * X1);
+    const B = modP(Y1 * Y1);
+    const C2 = modP(2n * Z1 * Z1);
+    const D = modP(a * A);
+    const x1y1 = M(X1 + Y1);
+    const E = M(modP(x1y1 * x1y1) - A - B);
+    const G2 = M(D + B);
+    const F = M(G2 - C2);
+    const H = M(D - B);
+    const X3 = modP(E * F);
+    const Y3 = modP(G2 * H);
+    const T3 = modP(E * H);
+    const Z3 = modP(F * G2);
+    return new _Point(X3, Y3, Z3, T3);
+  }
+  /** Point addition. Complete formula. Cost: `8M + 1*k + 8add + 1*2`. */
+  add(other) {
+    const { X: X1, Y: Y1, Z: Z1, T: T1 } = this;
+    const { X: X2, Y: Y2, Z: Z2, T: T2 } = apoint(other);
+    const a = _a;
+    const d = _d;
+    const A = modP(X1 * X2);
+    const B = modP(Y1 * Y2);
+    const C2 = modP(modP(T1 * d) * T2);
+    const D = modP(Z1 * Z2);
+    const E = M(modP(M(X1 + Y1) * M(X2 + Y2)) - A - B);
+    const F = M(D - C2);
+    const G2 = M(D + C2);
+    const H = M(B - modP(a * A));
+    const X3 = modP(E * F);
+    const Y3 = modP(G2 * H);
+    const T3 = modP(E * H);
+    const Z3 = modP(F * G2);
+    return new _Point(X3, Y3, Z3, T3);
+  }
+  subtract(other) {
+    return this.add(apoint(other).negate());
+  }
+  /**
+   * Point-by-scalar multiplication. Scalar must be in range 1 <= n < CURVE.n.
+   * Uses {@link wNAF} for base point.
+   * Uses fake point to mitigate side-channel leakage.
+   * @param n scalar by which point is multiplied
+   * @param safe safe mode guards against timing attacks; unsafe mode is faster
+   */
+  multiply(n, safe = true) {
+    if (!safe && (n === 0n || this.is0()))
+      return I;
+    assertRange(n, 1n, N);
+    if (n === 1n)
+      return this;
+    if (this.equals(G))
+      return wNAF(n).p;
+    let p = I;
+    let f = G;
+    for (let d = this; n > 0n; d = d.double(), n >>= 1n) {
+      if (n & 1n)
+        p = p.add(d);
+      else if (safe)
+        f = f.add(d);
+    }
+    return p;
+  }
+  multiplyUnsafe(scalar) {
+    return this.multiply(scalar, false);
+  }
+  /** Convert point to 2d xy affine point. (X, Y, Z) ∋ (x=X/Z, y=Y/Z) */
+  toAffine() {
+    const { X, Y, Z } = this;
+    if (this.equals(I))
+      return { x: 0n, y: 1n };
+    const iz = invert(Z, P);
+    if (modP(Z * iz) !== 1n)
+      err("invalid inverse");
+    const x = modP(X * iz);
+    const y = modP(Y * iz);
+    return { x, y };
+  }
+  toBytes() {
+    const { x, y } = this.toAffine();
+    const b = numTo32bLE(y);
+    b[31] |= x & 1n ? 128 : 0;
+    return b;
+  }
+  toHex() {
+    return bytesToHex(this.toBytes());
+  }
+  clearCofactor() {
+    return this.multiply(big(h), false);
+  }
+  isSmallOrder() {
+    return this.clearCofactor().is0();
+  }
+  isTorsionFree() {
+    let p = this.multiply(N / 2n, false).double();
+    if (N % 2n)
+      p = p.add(this);
+    return p.is0();
+  }
+};
+var G = new Point(Gx, Gy, 1n, M(Gx * Gy));
+var I = new Point(0n, 1n, 1n, 0n);
+Point.BASE = G;
+Point.ZERO = I;
+var numTo32bLE = (num) => hexToBytes(padh(assertRange(num, 0n, B256), 64)).reverse();
+var bytesToNumberLE = (b) => big("0x" + bytesToHex(u8fr(abytes(b)).reverse()));
+var pow2 = (x, power) => {
+  let r = x;
+  while (power-- > 0n) {
+    r = modP(r * r);
+  }
+  return r;
+};
+var pow_2_252_3 = (x) => {
+  const x2 = modP(x * x);
+  const b2 = modP(x2 * x);
+  const b4 = modP(pow2(b2, 2n) * b2);
+  const b5 = modP(pow2(b4, 1n) * x);
+  const b10 = modP(pow2(b5, 5n) * b5);
+  const b20 = modP(pow2(b10, 10n) * b10);
+  const b40 = modP(pow2(b20, 20n) * b20);
+  const b80 = modP(pow2(b40, 40n) * b40);
+  const b160 = modP(pow2(b80, 80n) * b80);
+  const b240 = modP(pow2(b160, 80n) * b80);
+  const b250 = modP(pow2(b240, 10n) * b10);
+  const pow_p_5_8 = modP(pow2(b250, 2n) * x);
+  return { pow_p_5_8, b2 };
+};
+var RM1 = 0x2b8324804fc1df0b2b4d00993dfbd7a72f431806ad2fe478c4ee1b274a0ea0b0n;
+var uvRatio = (u, v) => {
+  const v3 = modP(v * modP(v * v));
+  const v7 = modP(modP(v3 * v3) * v);
+  const pow = pow_2_252_3(modP(u * v7)).pow_p_5_8;
+  let x = modP(u * modP(v3 * pow));
+  const vx2 = modP(v * modP(x * x));
+  const root1 = x;
+  const root2 = modP(x * RM1);
+  const useRoot1 = vx2 === u;
+  const useRoot2 = vx2 === M(-u);
+  const noRoot = vx2 === M(-u * RM1);
+  if (useRoot1)
+    x = root1;
+  if (useRoot2 || noRoot)
+    x = root2;
+  if ((M(x) & 1n) === 1n)
+    x = M(-x);
+  return { isValid: useRoot1 || useRoot2, value: x };
+};
+var modL_LE = (hash2) => modN(bytesToNumberLE(hash2));
+var sha512a = (...m) => hashes.sha512Async(concatBytes(...m));
+var hash2extK = (hashed) => {
+  const head = hashed.slice(0, 32);
+  head[0] &= 248;
+  head[31] &= 127;
+  head[31] |= 64;
+  const prefix = hashed.slice(32, 64);
+  const scalar = modL_LE(head);
+  const point = G.multiply(scalar);
+  const pointBytes = point.toBytes();
+  return { head, prefix, scalar, point, pointBytes };
+};
+var getExtendedPublicKeyAsync = (secretKey) => sha512a(abytes(secretKey, L)).then(hash2extK);
+var getPublicKeyAsync = (secretKey) => getExtendedPublicKeyAsync(secretKey).then((p) => p.pointBytes);
+var hashFinishA = (res) => sha512a(res.hashable).then(res.finish);
+var _sign = (e, rBytes, msg) => {
+  const { pointBytes: P2, scalar: s } = e;
+  const r = modL_LE(rBytes);
+  const R = G.multiply(r).toBytes();
+  const hashable = concatBytes(R, P2, msg);
+  const finish = (hashed) => {
+    const S = modN(r + modL_LE(hashed) * s);
+    return abytes(concatBytes(R, numTo32bLE(S)), 64);
+  };
+  return { hashable, finish };
+};
+var signAsync = async (message, secretKey) => {
+  const m = abytes(message);
+  const e = await getExtendedPublicKeyAsync(secretKey);
+  const rBytes = await sha512a(e.prefix, m);
+  return hashFinishA(_sign(e, rBytes, m));
+};
+var defaultVerifyOpts = { zip215: true };
+var _verify = (sig, msg, publicKey, options = defaultVerifyOpts) => {
+  sig = abytes(sig, 64);
+  msg = abytes(msg);
+  publicKey = abytes(publicKey, L);
+  const { zip215 } = options;
+  const r = sig.subarray(0, L);
+  const s = bytesToNumberLE(sig.subarray(L, L * 2));
+  let A, R, SB;
+  let hashable = Uint8Array.of();
+  let finished = false;
+  try {
+    A = Point.fromBytes(publicKey, zip215);
+    R = Point.fromBytes(r, zip215);
+    SB = G.multiply(s, false);
+    hashable = concatBytes(R.toBytes(), A.toBytes(), msg);
+    finished = true;
+  } catch (error) {
+  }
+  const finish = (hashed) => {
+    if (!finished)
+      return false;
+    if (!zip215 && A.isSmallOrder())
+      return false;
+    const k = modL_LE(hashed);
+    const RkA = R.add(A.multiply(k, false));
+    return RkA.subtract(SB).clearCofactor().is0();
+  };
+  return { hashable, finish };
+};
+var verifyAsync = async (signature, message, publicKey, opts = defaultVerifyOpts) => hashFinishA(_verify(signature, message, publicKey, opts));
+var hashes = {
+  sha512Async: async (message) => {
+    const s = subtle();
+    const m = concatBytes(message);
+    return u8n(await s.digest("SHA-512", m.buffer));
+  },
+  sha512: void 0
+};
+var randomSecretKey = (seed = randomBytes(L)) => seed;
+var keygenAsync = async (seed) => {
+  const secretKey = randomSecretKey(seed);
+  const publicKey = await getPublicKeyAsync(secretKey);
+  return { secretKey, publicKey };
+};
+var W = 8;
+var scalarBits = 256;
+var pwindows = Math.ceil(scalarBits / W) + 1;
+var pwindowSize = 2 ** (W - 1);
+var precompute = () => {
+  const points = [];
+  let p = G;
+  let b = p;
+  for (let w = 0; w < pwindows; w++) {
+    b = p;
+    points.push(b);
+    for (let i = 1; i < pwindowSize; i++) {
+      b = b.add(p);
+      points.push(b);
+    }
+    p = b.double();
+  }
+  return points;
+};
+var Gpows = void 0;
+var ctneg = (cnd, p) => {
+  const n = p.negate();
+  return cnd ? n : p;
+};
+var wNAF = (n) => {
+  const comp = Gpows || (Gpows = precompute());
+  let p = I;
+  let f = G;
+  const pow_2_w = 2 ** W;
+  const maxNum = pow_2_w;
+  const mask = big(pow_2_w - 1);
+  const shiftBy = big(W);
+  for (let w = 0; w < pwindows; w++) {
+    let wbits = Number(n & mask);
+    n >>= shiftBy;
+    if (wbits > pwindowSize) {
+      wbits -= maxNum;
+      n += 1n;
+    }
+    const off = w * pwindowSize;
+    const offF = off;
+    const offP = off + Math.abs(wbits) - 1;
+    const isEven = w % 2 !== 0;
+    const isNeg = wbits < 0;
+    if (wbits === 0) {
+      f = f.add(ctneg(isEven, comp[offF]));
+    } else {
+      p = p.add(ctneg(isNeg, comp[offP]));
+    }
+  }
+  if (n !== 0n)
+    err("invalid wnaf");
+  return { p, f };
+};
+
+// ../../node_modules/.pnpm/@noble+hashes@1.6.1/node_modules/@noble/hashes/esm/_assert.js
+function isBytes2(a) {
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+function abytes2(b, ...lengths) {
+  if (!isBytes2(b))
+    throw new Error("Uint8Array expected");
+  if (lengths.length > 0 && !lengths.includes(b.length))
+    throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
+}
+function aexists(instance, checkFinished = true) {
+  if (instance.destroyed)
+    throw new Error("Hash instance has been destroyed");
+  if (checkFinished && instance.finished)
+    throw new Error("Hash#digest() has already been called");
+}
+function aoutput(out, instance) {
+  abytes2(out);
+  const min = instance.outputLen;
+  if (out.length < min) {
+    throw new Error("digestInto() expects output buffer of length at least " + min);
+  }
+}
+
+// ../../node_modules/.pnpm/@noble+hashes@1.6.1/node_modules/@noble/hashes/esm/utils.js
+var createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+function utf8ToBytes(str) {
+  if (typeof str !== "string")
+    throw new Error("utf8ToBytes expected string, got " + typeof str);
+  return new Uint8Array(new TextEncoder().encode(str));
+}
+function toBytes(data) {
+  if (typeof data === "string")
+    data = utf8ToBytes(data);
+  abytes2(data);
+  return data;
+}
+var Hash = class {
+  // Safe version that clones internal state
+  clone() {
+    return this._cloneInto();
+  }
+};
+function wrapConstructor(hashCons) {
+  const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
+  const tmp = hashCons();
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = () => hashCons();
+  return hashC;
+}
+
+// ../../node_modules/.pnpm/@noble+hashes@1.6.1/node_modules/@noble/hashes/esm/_md.js
+function setBigUint64(view, byteOffset, value, isLE) {
+  if (typeof view.setBigUint64 === "function")
+    return view.setBigUint64(byteOffset, value, isLE);
+  const _32n2 = BigInt(32);
+  const _u32_max = BigInt(4294967295);
+  const wh = Number(value >> _32n2 & _u32_max);
+  const wl = Number(value & _u32_max);
+  const h2 = isLE ? 4 : 0;
+  const l = isLE ? 0 : 4;
+  view.setUint32(byteOffset + h2, wh, isLE);
+  view.setUint32(byteOffset + l, wl, isLE);
+}
+var HashMD = class extends Hash {
+  constructor(blockLen, outputLen, padOffset, isLE) {
+    super();
+    this.blockLen = blockLen;
+    this.outputLen = outputLen;
+    this.padOffset = padOffset;
+    this.isLE = isLE;
+    this.finished = false;
+    this.length = 0;
+    this.pos = 0;
+    this.destroyed = false;
+    this.buffer = new Uint8Array(blockLen);
+    this.view = createView(this.buffer);
+  }
+  update(data) {
+    aexists(this);
+    const { view, buffer, blockLen } = this;
+    data = toBytes(data);
+    const len = data.length;
+    for (let pos = 0; pos < len; ) {
+      const take = Math.min(blockLen - this.pos, len - pos);
+      if (take === blockLen) {
+        const dataView = createView(data);
+        for (; blockLen <= len - pos; pos += blockLen)
+          this.process(dataView, pos);
+        continue;
+      }
+      buffer.set(data.subarray(pos, pos + take), this.pos);
+      this.pos += take;
+      pos += take;
+      if (this.pos === blockLen) {
+        this.process(view, 0);
+        this.pos = 0;
+      }
+    }
+    this.length += data.length;
+    this.roundClean();
+    return this;
+  }
+  digestInto(out) {
+    aexists(this);
+    aoutput(out, this);
+    this.finished = true;
+    const { buffer, view, blockLen, isLE } = this;
+    let { pos } = this;
+    buffer[pos++] = 128;
+    this.buffer.subarray(pos).fill(0);
+    if (this.padOffset > blockLen - pos) {
+      this.process(view, 0);
+      pos = 0;
+    }
+    for (let i = pos; i < blockLen; i++)
+      buffer[i] = 0;
+    setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
+    this.process(view, 0);
+    const oview = createView(out);
+    const len = this.outputLen;
+    if (len % 4)
+      throw new Error("_sha2: outputLen should be aligned to 32bit");
+    const outLen = len / 4;
+    const state = this.get();
+    if (outLen > state.length)
+      throw new Error("_sha2: outputLen bigger than state");
+    for (let i = 0; i < outLen; i++)
+      oview.setUint32(4 * i, state[i], isLE);
+  }
+  digest() {
+    const { buffer, outputLen } = this;
+    this.digestInto(buffer);
+    const res = buffer.slice(0, outputLen);
+    this.destroy();
+    return res;
+  }
+  _cloneInto(to) {
+    to || (to = new this.constructor());
+    to.set(...this.get());
+    const { blockLen, buffer, length, finished, destroyed, pos } = this;
+    to.length = length;
+    to.pos = pos;
+    to.finished = finished;
+    to.destroyed = destroyed;
+    if (length % blockLen)
+      to.buffer.set(buffer);
+    return to;
+  }
+};
+
+// ../../node_modules/.pnpm/@noble+hashes@1.6.1/node_modules/@noble/hashes/esm/_u64.js
+var U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
+var _32n = /* @__PURE__ */ BigInt(32);
+function fromBig(n, le = false) {
+  if (le)
+    return { h: Number(n & U32_MASK64), l: Number(n >> _32n & U32_MASK64) };
+  return { h: Number(n >> _32n & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };
+}
+function split(lst, le = false) {
+  let Ah = new Uint32Array(lst.length);
+  let Al = new Uint32Array(lst.length);
+  for (let i = 0; i < lst.length; i++) {
+    const { h: h2, l } = fromBig(lst[i], le);
+    [Ah[i], Al[i]] = [h2, l];
+  }
+  return [Ah, Al];
+}
+var toBig = (h2, l) => BigInt(h2 >>> 0) << _32n | BigInt(l >>> 0);
+var shrSH = (h2, _l, s) => h2 >>> s;
+var shrSL = (h2, l, s) => h2 << 32 - s | l >>> s;
+var rotrSH = (h2, l, s) => h2 >>> s | l << 32 - s;
+var rotrSL = (h2, l, s) => h2 << 32 - s | l >>> s;
+var rotrBH = (h2, l, s) => h2 << 64 - s | l >>> s - 32;
+var rotrBL = (h2, l, s) => h2 >>> s - 32 | l << 64 - s;
+var rotr32H = (_h, l) => l;
+var rotr32L = (h2, _l) => h2;
+var rotlSH = (h2, l, s) => h2 << s | l >>> 32 - s;
+var rotlSL = (h2, l, s) => l << s | h2 >>> 32 - s;
+var rotlBH = (h2, l, s) => l << s - 32 | h2 >>> 64 - s;
+var rotlBL = (h2, l, s) => h2 << s - 32 | l >>> 64 - s;
+function add(Ah, Al, Bh, Bl) {
+  const l = (Al >>> 0) + (Bl >>> 0);
+  return { h: Ah + Bh + (l / 2 ** 32 | 0) | 0, l: l | 0 };
+}
+var add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);
+var add3H = (low, Ah, Bh, Ch) => Ah + Bh + Ch + (low / 2 ** 32 | 0) | 0;
+var add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);
+var add4H = (low, Ah, Bh, Ch, Dh) => Ah + Bh + Ch + Dh + (low / 2 ** 32 | 0) | 0;
+var add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);
+var add5H = (low, Ah, Bh, Ch, Dh, Eh) => Ah + Bh + Ch + Dh + Eh + (low / 2 ** 32 | 0) | 0;
+var u64 = {
+  fromBig,
+  split,
+  toBig,
+  shrSH,
+  shrSL,
+  rotrSH,
+  rotrSL,
+  rotrBH,
+  rotrBL,
+  rotr32H,
+  rotr32L,
+  rotlSH,
+  rotlSL,
+  rotlBH,
+  rotlBL,
+  add,
+  add3L,
+  add3H,
+  add4L,
+  add4H,
+  add5H,
+  add5L
+};
+var u64_default = u64;
+
+// ../../node_modules/.pnpm/@noble+hashes@1.6.1/node_modules/@noble/hashes/esm/sha512.js
+var [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64_default.split([
+  "0x428a2f98d728ae22",
+  "0x7137449123ef65cd",
+  "0xb5c0fbcfec4d3b2f",
+  "0xe9b5dba58189dbbc",
+  "0x3956c25bf348b538",
+  "0x59f111f1b605d019",
+  "0x923f82a4af194f9b",
+  "0xab1c5ed5da6d8118",
+  "0xd807aa98a3030242",
+  "0x12835b0145706fbe",
+  "0x243185be4ee4b28c",
+  "0x550c7dc3d5ffb4e2",
+  "0x72be5d74f27b896f",
+  "0x80deb1fe3b1696b1",
+  "0x9bdc06a725c71235",
+  "0xc19bf174cf692694",
+  "0xe49b69c19ef14ad2",
+  "0xefbe4786384f25e3",
+  "0x0fc19dc68b8cd5b5",
+  "0x240ca1cc77ac9c65",
+  "0x2de92c6f592b0275",
+  "0x4a7484aa6ea6e483",
+  "0x5cb0a9dcbd41fbd4",
+  "0x76f988da831153b5",
+  "0x983e5152ee66dfab",
+  "0xa831c66d2db43210",
+  "0xb00327c898fb213f",
+  "0xbf597fc7beef0ee4",
+  "0xc6e00bf33da88fc2",
+  "0xd5a79147930aa725",
+  "0x06ca6351e003826f",
+  "0x142929670a0e6e70",
+  "0x27b70a8546d22ffc",
+  "0x2e1b21385c26c926",
+  "0x4d2c6dfc5ac42aed",
+  "0x53380d139d95b3df",
+  "0x650a73548baf63de",
+  "0x766a0abb3c77b2a8",
+  "0x81c2c92e47edaee6",
+  "0x92722c851482353b",
+  "0xa2bfe8a14cf10364",
+  "0xa81a664bbc423001",
+  "0xc24b8b70d0f89791",
+  "0xc76c51a30654be30",
+  "0xd192e819d6ef5218",
+  "0xd69906245565a910",
+  "0xf40e35855771202a",
+  "0x106aa07032bbd1b8",
+  "0x19a4c116b8d2d0c8",
+  "0x1e376c085141ab53",
+  "0x2748774cdf8eeb99",
+  "0x34b0bcb5e19b48a8",
+  "0x391c0cb3c5c95a63",
+  "0x4ed8aa4ae3418acb",
+  "0x5b9cca4f7763e373",
+  "0x682e6ff3d6b2b8a3",
+  "0x748f82ee5defb2fc",
+  "0x78a5636f43172f60",
+  "0x84c87814a1f0ab72",
+  "0x8cc702081a6439ec",
+  "0x90befffa23631e28",
+  "0xa4506cebde82bde9",
+  "0xbef9a3f7b2c67915",
+  "0xc67178f2e372532b",
+  "0xca273eceea26619c",
+  "0xd186b8c721c0c207",
+  "0xeada7dd6cde0eb1e",
+  "0xf57d4f7fee6ed178",
+  "0x06f067aa72176fba",
+  "0x0a637dc5a2c898a6",
+  "0x113f9804bef90dae",
+  "0x1b710b35131c471b",
+  "0x28db77f523047d84",
+  "0x32caab7b40c72493",
+  "0x3c9ebe0a15c9bebc",
+  "0x431d67c49c100d4c",
+  "0x4cc5d4becb3e42b6",
+  "0x597f299cfc657e2a",
+  "0x5fcb6fab3ad6faec",
+  "0x6c44198c4a475817"
+].map((n) => BigInt(n))))();
+var SHA512_W_H = /* @__PURE__ */ new Uint32Array(80);
+var SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);
+var SHA512 = class extends HashMD {
+  constructor() {
+    super(128, 64, 16, false);
+    this.Ah = 1779033703 | 0;
+    this.Al = 4089235720 | 0;
+    this.Bh = 3144134277 | 0;
+    this.Bl = 2227873595 | 0;
+    this.Ch = 1013904242 | 0;
+    this.Cl = 4271175723 | 0;
+    this.Dh = 2773480762 | 0;
+    this.Dl = 1595750129 | 0;
+    this.Eh = 1359893119 | 0;
+    this.El = 2917565137 | 0;
+    this.Fh = 2600822924 | 0;
+    this.Fl = 725511199 | 0;
+    this.Gh = 528734635 | 0;
+    this.Gl = 4215389547 | 0;
+    this.Hh = 1541459225 | 0;
+    this.Hl = 327033209 | 0;
+  }
+  // prettier-ignore
+  get() {
+    const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
+    return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];
+  }
+  // prettier-ignore
+  set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) {
+    this.Ah = Ah | 0;
+    this.Al = Al | 0;
+    this.Bh = Bh | 0;
+    this.Bl = Bl | 0;
+    this.Ch = Ch | 0;
+    this.Cl = Cl | 0;
+    this.Dh = Dh | 0;
+    this.Dl = Dl | 0;
+    this.Eh = Eh | 0;
+    this.El = El | 0;
+    this.Fh = Fh | 0;
+    this.Fl = Fl | 0;
+    this.Gh = Gh | 0;
+    this.Gl = Gl | 0;
+    this.Hh = Hh | 0;
+    this.Hl = Hl | 0;
+  }
+  process(view, offset) {
+    for (let i = 0; i < 16; i++, offset += 4) {
+      SHA512_W_H[i] = view.getUint32(offset);
+      SHA512_W_L[i] = view.getUint32(offset += 4);
+    }
+    for (let i = 16; i < 80; i++) {
+      const W15h = SHA512_W_H[i - 15] | 0;
+      const W15l = SHA512_W_L[i - 15] | 0;
+      const s0h = u64_default.rotrSH(W15h, W15l, 1) ^ u64_default.rotrSH(W15h, W15l, 8) ^ u64_default.shrSH(W15h, W15l, 7);
+      const s0l = u64_default.rotrSL(W15h, W15l, 1) ^ u64_default.rotrSL(W15h, W15l, 8) ^ u64_default.shrSL(W15h, W15l, 7);
+      const W2h = SHA512_W_H[i - 2] | 0;
+      const W2l = SHA512_W_L[i - 2] | 0;
+      const s1h = u64_default.rotrSH(W2h, W2l, 19) ^ u64_default.rotrBH(W2h, W2l, 61) ^ u64_default.shrSH(W2h, W2l, 6);
+      const s1l = u64_default.rotrSL(W2h, W2l, 19) ^ u64_default.rotrBL(W2h, W2l, 61) ^ u64_default.shrSL(W2h, W2l, 6);
+      const SUMl = u64_default.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);
+      const SUMh = u64_default.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);
+      SHA512_W_H[i] = SUMh | 0;
+      SHA512_W_L[i] = SUMl | 0;
+    }
+    let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
+    for (let i = 0; i < 80; i++) {
+      const sigma1h = u64_default.rotrSH(Eh, El, 14) ^ u64_default.rotrSH(Eh, El, 18) ^ u64_default.rotrBH(Eh, El, 41);
+      const sigma1l = u64_default.rotrSL(Eh, El, 14) ^ u64_default.rotrSL(Eh, El, 18) ^ u64_default.rotrBL(Eh, El, 41);
+      const CHIh = Eh & Fh ^ ~Eh & Gh;
+      const CHIl = El & Fl ^ ~El & Gl;
+      const T1ll = u64_default.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);
+      const T1h = u64_default.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);
+      const T1l = T1ll | 0;
+      const sigma0h = u64_default.rotrSH(Ah, Al, 28) ^ u64_default.rotrBH(Ah, Al, 34) ^ u64_default.rotrBH(Ah, Al, 39);
+      const sigma0l = u64_default.rotrSL(Ah, Al, 28) ^ u64_default.rotrBL(Ah, Al, 34) ^ u64_default.rotrBL(Ah, Al, 39);
+      const MAJh = Ah & Bh ^ Ah & Ch ^ Bh & Ch;
+      const MAJl = Al & Bl ^ Al & Cl ^ Bl & Cl;
+      Hh = Gh | 0;
+      Hl = Gl | 0;
+      Gh = Fh | 0;
+      Gl = Fl | 0;
+      Fh = Eh | 0;
+      Fl = El | 0;
+      ({ h: Eh, l: El } = u64_default.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));
+      Dh = Ch | 0;
+      Dl = Cl | 0;
+      Ch = Bh | 0;
+      Cl = Bl | 0;
+      Bh = Ah | 0;
+      Bl = Al | 0;
+      const All = u64_default.add3L(T1l, sigma0l, MAJl);
+      Ah = u64_default.add3H(All, T1h, sigma0h, MAJh);
+      Al = All | 0;
+    }
+    ({ h: Ah, l: Al } = u64_default.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));
+    ({ h: Bh, l: Bl } = u64_default.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));
+    ({ h: Ch, l: Cl } = u64_default.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));
+    ({ h: Dh, l: Dl } = u64_default.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));
+    ({ h: Eh, l: El } = u64_default.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));
+    ({ h: Fh, l: Fl } = u64_default.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));
+    ({ h: Gh, l: Gl } = u64_default.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));
+    ({ h: Hh, l: Hl } = u64_default.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));
+    this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);
+  }
+  roundClean() {
+    SHA512_W_H.fill(0);
+    SHA512_W_L.fill(0);
+  }
+  destroy() {
+    this.buffer.fill(0);
+    this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+  }
+};
+var sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512());
+
+// src/signing.ts
+if (!hashes.sha512) {
+  hashes.sha512 = (msg) => sha512(msg);
+}
+function canonicalJson(obj) {
+  if (obj === null || obj === void 0) return JSON.stringify(obj);
+  if (typeof obj !== "object") return JSON.stringify(obj);
+  if (Array.isArray(obj)) {
+    return "[" + obj.map((item) => canonicalJson(item)).join(",") + "]";
+  }
+  const sorted = Object.keys(obj).sort();
+  const entries = [];
+  for (const key of sorted) {
+    const val = obj[key];
+    if (val === void 0) continue;
+    entries.push(JSON.stringify(key) + ":" + canonicalJson(val));
+  }
+  return "{" + entries.join(",") + "}";
+}
+function bytesToHex2(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function hexToBytes2(hex) {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
+  }
+  return bytes;
+}
+function toBase64Url(data) {
+  let binary = "";
+  for (let i = 0; i < data.length; i++) {
+    binary += String.fromCharCode(data[i]);
+  }
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function fromBase64Url(str) {
+  const padded = str.replace(/-/g, "+").replace(/_/g, "/");
+  const binary = atob(padded);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+var BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function base58btcEncode(bytes) {
+  let zeros = 0;
+  while (zeros < bytes.length && bytes[zeros] === 0) zeros++;
+  let value = 0n;
+  for (let i = 0; i < bytes.length; i++) {
+    value = value * 256n + BigInt(bytes[i]);
+  }
+  let result = "";
+  while (value > 0n) {
+    const remainder = Number(value % 58n);
+    value = value / 58n;
+    result = BASE58_ALPHABET[remainder] + result;
+  }
+  return BASE58_ALPHABET[0].repeat(zeros) + result;
+}
+function base58btcDecode(str) {
+  let zeros = 0;
+  while (zeros < str.length && str[zeros] === BASE58_ALPHABET[0]) zeros++;
+  let value = 0n;
+  for (let i = 0; i < str.length; i++) {
+    const idx = BASE58_ALPHABET.indexOf(str[i]);
+    if (idx === -1) throw new Error(`Invalid base58 character: ${str[i]}`);
+    value = value * 58n + BigInt(idx);
+  }
+  const hex = [];
+  while (value > 0n) {
+    const byte = Number(value & 0xffn);
+    hex.unshift(byte.toString(16).padStart(2, "0"));
+    value >>= 8n;
+  }
+  const dataBytes = hex.length > 0 ? new Uint8Array(hex.map((h2) => parseInt(h2, 16))) : new Uint8Array(0);
+  const result = new Uint8Array(zeros + dataBytes.length);
+  result.set(dataBytes, zeros);
+  return result;
+}
+function didKeyToPublicKey(did) {
+  if (!did.startsWith("did:key:z")) {
+    throw new Error("Invalid did:key URI: must start with did:key:z");
+  }
+  const encoded = did.slice("did:key:z".length);
+  const decoded = base58btcDecode(encoded);
+  if (decoded.length !== 34) {
+    throw new Error(
+      `Invalid did:key: expected 34 bytes (2 prefix + 32 key), got ${decoded.length}`
+    );
+  }
+  if (decoded[0] !== 237 || decoded[1] !== 1) {
+    throw new Error("Invalid did:key: multicodec prefix is not ed25519-pub (0xed01)");
+  }
+  return decoded.slice(2);
+}
+function publicKeyToDidKey(publicKey) {
+  if (publicKey.length !== 32) {
+    throw new Error("Ed25519 public key must be 32 bytes");
+  }
+  const prefixed = new Uint8Array(34);
+  prefixed[0] = 237;
+  prefixed[1] = 1;
+  prefixed.set(publicKey, 2);
+  return `did:key:z${base58btcEncode(prefixed)}`;
+}
+function hexPublicKeyToDidKey(hexPublicKey) {
+  return publicKeyToDidKey(hexToBytes2(hexPublicKey));
+}
+async function hash(data) {
+  const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+  const hashArray = new Uint8Array(hashBuffer);
+  return Array.from(hashArray).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function sha256(data) {
+  const buf = await crypto.subtle.digest("SHA-256", data);
+  return new Uint8Array(buf);
+}
+async function generateKeypair() {
+  const { secretKey, publicKey } = await keygenAsync();
+  return { publicKey, privateKey: secretKey };
+}
+async function ed25519Sign(message, privateKey) {
+  return signAsync(message, privateKey);
+}
+async function ed25519Verify(signature, message, publicKey) {
+  try {
+    return await verifyAsync(signature, message, publicKey);
+  } catch {
+    return false;
+  }
+}
+async function createSignedToken(payload, privateKey) {
+  const payloadBytes = new TextEncoder().encode(JSON.stringify(payload));
+  const payloadB64 = toBase64Url(payloadBytes);
+  const signature = await ed25519Sign(payloadBytes, privateKey);
+  const sigB64 = toBase64Url(signature);
+  return `${payloadB64}.${sigB64}`;
+}
+async function verifySignedToken(token, publicKey) {
+  const dotIdx = token.indexOf(".");
+  if (dotIdx === -1) return null;
+  const payloadB64 = token.slice(0, dotIdx);
+  const sigB64 = token.slice(dotIdx + 1);
+  let payloadBytes;
+  let signature;
+  try {
+    payloadBytes = fromBase64Url(payloadB64);
+    signature = fromBase64Url(sigB64);
+  } catch {
+    return null;
+  }
+  const valid = await ed25519Verify(signature, payloadBytes, publicKey);
+  if (!valid) return null;
+  let payload;
+  try {
+    payload = JSON.parse(new TextDecoder().decode(payloadBytes));
+  } catch {
+    return null;
+  }
+  if (payload.exp <= Date.now()) return null;
+  if (!payload.jti) return null;
+  if (!payload.aud) return null;
+  return payload;
+}
+function parseScopeSet(scope) {
+  if (scope === "*") return /* @__PURE__ */ new Set(["*"]);
+  return new Set(
+    scope.split(",").map((s) => s.trim()).filter((s) => s.length > 0)
+  );
+}
+function isScopeNarrowed(parentScope, childScope) {
+  const parent = parseScopeSet(parentScope);
+  const child = parseScopeSet(childScope);
+  if (parent.has("*")) return true;
+  if (child.has("*")) return false;
+  for (const cap of child) {
+    if (!parent.has(cap)) return false;
+  }
+  return true;
+}
+
+// src/artifacts.ts
+async function signExecutionReceipt(receipt, privateKey, publicKey) {
+  const body = publicKey ? { ...receipt, public_key: bytesToHex2(publicKey) } : receipt;
+  const canonical = canonicalJson(body);
+  const message = new TextEncoder().encode(canonical);
+  const sig = await ed25519Sign(message, privateKey);
+  return { ...body, signature: toBase64Url(sig) };
+}
+async function verifyExecutionReceipt(receipt, publicKey) {
+  const { signature, ...body } = receipt;
+  const canonical = canonicalJson(body);
+  const message = new TextEncoder().encode(canonical);
+  try {
+    const sig = fromBase64Url(signature);
+    return await ed25519Verify(sig, message, publicKey);
+  } catch {
+    return false;
+  }
+}
+async function signSovereignPaymentReceipt(input, privateKey, publicKey) {
+  const receipt = {
+    task_id: `${input.rail}:tx:${input.tx_hash}`,
+    motebit_id: input.payee_motebit_id,
+    device_id: input.payee_device_id,
+    submitted_at: input.submitted_at,
+    completed_at: input.completed_at,
+    status: "completed",
+    result: `${input.service_description} | paid by ${input.payer_motebit_id}: ${input.amount_micro.toString()} micro-${input.asset} via ${input.rail}`,
+    tools_used: input.tools_used ?? [],
+    memories_formed: 0,
+    prompt_hash: input.prompt_hash,
+    result_hash: input.result_hash
+    // relay_task_id intentionally omitted — sovereign rail, no relay binding
+  };
+  return signExecutionReceipt(receipt, privateKey, publicKey);
+}
+async function verifyReceiptChain(receipt, knownKeys) {
+  const { task_id, motebit_id } = receipt;
+  let publicKey = knownKeys.get(motebit_id);
+  if (!publicKey && receipt.public_key) {
+    publicKey = hexToBytes2(receipt.public_key);
+  }
+  if (!publicKey) {
+    const delegations2 = await verifyDelegations(receipt, knownKeys);
+    return { task_id, motebit_id, verified: false, error: "unknown motebit_id", delegations: delegations2 };
+  }
+  let verified;
+  let error;
+  try {
+    verified = await verifyExecutionReceipt(receipt, publicKey);
+  } catch (err2) {
+    verified = false;
+    error = err2 instanceof Error ? err2.message : String(err2);
+  }
+  const delegations = await verifyDelegations(receipt, knownKeys);
+  const result = { task_id, motebit_id, verified, delegations };
+  if (error) {
+    result.error = error;
+  }
+  return result;
+}
+async function verifyDelegations(receipt, knownKeys) {
+  if (!receipt.delegation_receipts || receipt.delegation_receipts.length === 0) {
+    return [];
+  }
+  return Promise.all(receipt.delegation_receipts.map((dr) => verifyReceiptChain(dr, knownKeys)));
+}
+async function verifyReceiptSequence(chain) {
+  if (chain.length === 0) return { valid: true };
+  for (let i = 0; i < chain.length; i++) {
+    const entry = chain[i];
+    const sigValid = await verifyExecutionReceipt(entry.receipt, entry.signer_public_key);
+    if (!sigValid) {
+      return { valid: false, error: `Receipt ${i} has invalid signature`, index: i };
+    }
+  }
+  for (let i = 1; i < chain.length; i++) {
+    const prev = chain[i - 1];
+    const curr = chain[i];
+    if (prev.receipt.completed_at > curr.receipt.submitted_at) {
+      return {
+        valid: false,
+        error: `Receipt ${i} submitted_at (${curr.receipt.submitted_at}) is before receipt ${i - 1} completed_at (${prev.receipt.completed_at})`,
+        index: i
+      };
+    }
+  }
+  return { valid: true };
+}
+async function signDelegation(delegation, delegatorPrivateKey) {
+  const canonical = canonicalJson(delegation);
+  const message = new TextEncoder().encode(canonical);
+  const sig = await ed25519Sign(message, delegatorPrivateKey);
+  return { ...delegation, signature: toBase64Url(sig) };
+}
+async function verifyDelegation(delegation, options) {
+  const checkExpiry = options?.checkExpiry ?? true;
+  if (checkExpiry) {
+    const now = options?.now ?? Date.now();
+    if (delegation.expires_at < now) return false;
+  }
+  const { signature, ...body } = delegation;
+  const canonical = canonicalJson(body);
+  const message = new TextEncoder().encode(canonical);
+  try {
+    const pubKey = fromBase64Url(delegation.delegator_public_key);
+    const sig = fromBase64Url(signature);
+    return await ed25519Verify(sig, message, pubKey);
+  } catch {
+    return false;
+  }
+}
+async function verifyDelegationChain(chain) {
+  if (chain.length === 0) return { valid: true };
+  for (let i = 0; i < chain.length; i++) {
+    const delegation = chain[i];
+    const sigValid = await verifyDelegation(delegation, { checkExpiry: false });
+    if (!sigValid) {
+      return { valid: false, error: `Delegation ${i} has invalid signature` };
+    }
+    if (i > 0) {
+      const prev = chain[i - 1];
+      if (prev.delegate_id !== delegation.delegator_id) {
+        return {
+          valid: false,
+          error: `Chain break at ${i}: delegate_id "${prev.delegate_id}" !== delegator_id "${delegation.delegator_id}"`
+        };
+      }
+      if (prev.delegate_public_key !== delegation.delegator_public_key) {
+        return {
+          valid: false,
+          error: `Chain break at ${i}: delegate_public_key mismatch`
+        };
+      }
+      if (!isScopeNarrowed(prev.scope, delegation.scope)) {
+        return {
+          valid: false,
+          error: `Delegation ${i} widens scope: parent="${prev.scope}", child="${delegation.scope}"`
+        };
+      }
+    }
+  }
+  return { valid: true };
+}
+function keySuccessionPayload(oldPublicKeyHex, newPublicKeyHex, timestamp, reason, recovery) {
+  const obj = {
+    old_public_key: oldPublicKeyHex,
+    new_public_key: newPublicKeyHex,
+    timestamp
+  };
+  if (reason !== void 0) {
+    obj.reason = reason;
+  }
+  if (recovery) {
+    obj.recovery = true;
+  }
+  return canonicalJson(obj);
+}
+async function signKeySuccession(oldPrivateKey, newPrivateKey, newPublicKey, oldPublicKey, reason) {
+  const timestamp = Date.now();
+  const oldPublicKeyHex = bytesToHex2(oldPublicKey);
+  const newPublicKeyHex = bytesToHex2(newPublicKey);
+  const payload = keySuccessionPayload(oldPublicKeyHex, newPublicKeyHex, timestamp, reason);
+  const message = new TextEncoder().encode(payload);
+  const oldSig = await ed25519Sign(message, oldPrivateKey);
+  const newSig = await ed25519Sign(message, newPrivateKey);
+  return {
+    old_public_key: oldPublicKeyHex,
+    new_public_key: newPublicKeyHex,
+    timestamp,
+    ...reason !== void 0 ? { reason } : {},
+    old_key_signature: bytesToHex2(oldSig),
+    new_key_signature: bytesToHex2(newSig)
+  };
+}
+async function signGuardianRecoverySuccession(guardianPrivateKey, newPrivateKey, oldPublicKey, newPublicKey, reason) {
+  const timestamp = Date.now();
+  const oldPublicKeyHex = bytesToHex2(oldPublicKey);
+  const newPublicKeyHex = bytesToHex2(newPublicKey);
+  const effectiveReason = reason ?? "guardian_recovery";
+  const payload = keySuccessionPayload(
+    oldPublicKeyHex,
+    newPublicKeyHex,
+    timestamp,
+    effectiveReason,
+    true
+  );
+  const message = new TextEncoder().encode(payload);
+  const guardianSig = await ed25519Sign(message, guardianPrivateKey);
+  const newSig = await ed25519Sign(message, newPrivateKey);
+  return {
+    old_public_key: oldPublicKeyHex,
+    new_public_key: newPublicKeyHex,
+    timestamp,
+    reason: effectiveReason,
+    new_key_signature: bytesToHex2(newSig),
+    recovery: true,
+    guardian_signature: bytesToHex2(guardianSig)
+  };
+}
+async function verifyKeySuccession(record, guardianPublicKeyHex) {
+  const payload = keySuccessionPayload(
+    record.old_public_key,
+    record.new_public_key,
+    record.timestamp,
+    record.reason,
+    record.recovery
+  );
+  const message = new TextEncoder().encode(payload);
+  try {
+    const newPubKey = hexToBytes2(record.new_public_key);
+    const newSig = hexToBytes2(record.new_key_signature);
+    const newValid = await ed25519Verify(newSig, message, newPubKey);
+    if (!newValid) return false;
+    if (record.recovery) {
+      if (!record.guardian_signature || !guardianPublicKeyHex) return false;
+      const guardianPubKey = hexToBytes2(guardianPublicKeyHex);
+      const guardianSig = hexToBytes2(record.guardian_signature);
+      return await ed25519Verify(guardianSig, message, guardianPubKey);
+    } else {
+      if (!record.old_key_signature) return false;
+      const oldPubKey = hexToBytes2(record.old_public_key);
+      const oldSig = hexToBytes2(record.old_key_signature);
+      return await ed25519Verify(oldSig, message, oldPubKey);
+    }
+  } catch {
+    return false;
+  }
+}
+async function verifySuccessionChain(chain, guardianPublicKeyHex) {
+  if (chain.length === 0) {
+    return {
+      valid: false,
+      genesis_public_key: "",
+      current_public_key: "",
+      length: 0,
+      error: { index: 0, message: "Empty succession chain" }
+    };
+  }
+  const genesisKey = chain[0].old_public_key;
+  const currentKey = chain[chain.length - 1].new_public_key;
+  for (let i = 0; i < chain.length; i++) {
+    const record = chain[i];
+    if (record.recovery && !guardianPublicKeyHex) {
+      return {
+        valid: false,
+        genesis_public_key: genesisKey,
+        current_public_key: currentKey,
+        length: chain.length,
+        error: {
+          index: i,
+          message: `Record ${i} is a guardian recovery but no guardian public key provided`
+        }
+      };
+    }
+    const sigValid = await verifyKeySuccession(record, guardianPublicKeyHex);
+    if (!sigValid) {
+      return {
+        valid: false,
+        genesis_public_key: genesisKey,
+        current_public_key: currentKey,
+        length: chain.length,
+        error: { index: i, message: `Record ${i} has invalid signature` }
+      };
+    }
+    if (i < chain.length - 1) {
+      const next = chain[i + 1];
+      if (record.new_public_key !== next.old_public_key) {
+        return {
+          valid: false,
+          genesis_public_key: genesisKey,
+          current_public_key: currentKey,
+          length: chain.length,
+          error: {
+            index: i + 1,
+            message: `Chain break at ${i + 1}: expected old_public_key "${record.new_public_key}", got "${next.old_public_key}"`
+          }
+        };
+      }
+    }
+    if (i < chain.length - 1) {
+      const next = chain[i + 1];
+      if (record.timestamp >= next.timestamp) {
+        return {
+          valid: false,
+          genesis_public_key: genesisKey,
+          current_public_key: currentKey,
+          length: chain.length,
+          error: {
+            index: i + 1,
+            message: `Temporal ordering violation at ${i + 1}: timestamp ${next.timestamp} is not after ${record.timestamp}`
+          }
+        };
+      }
+    }
+  }
+  return {
+    valid: true,
+    genesis_public_key: genesisKey,
+    current_public_key: currentKey,
+    length: chain.length
+  };
+}
+async function signGuardianRevocation(identityPrivateKey, guardianPrivateKey, timestamp) {
+  const ts = timestamp ?? Date.now();
+  const payload = canonicalJson({ action: "guardian_revoked", timestamp: ts });
+  const message = new TextEncoder().encode(payload);
+  const identitySig = await ed25519Sign(message, identityPrivateKey);
+  const guardianSig = await ed25519Sign(message, guardianPrivateKey);
+  return {
+    payload,
+    identity_signature: bytesToHex2(identitySig),
+    guardian_signature: bytesToHex2(guardianSig),
+    timestamp: ts
+  };
+}
+async function verifyGuardianRevocation(revocation, identityPublicKeyHex, guardianPublicKeyHex) {
+  const payload = canonicalJson({ action: "guardian_revoked", timestamp: revocation.timestamp });
+  const message = new TextEncoder().encode(payload);
+  try {
+    const identityPub = hexToBytes2(identityPublicKeyHex);
+    const guardianPub = hexToBytes2(guardianPublicKeyHex);
+    const identitySig = hexToBytes2(revocation.identity_signature);
+    const guardianSig = hexToBytes2(revocation.guardian_signature);
+    const identityValid = await ed25519Verify(identitySig, message, identityPub);
+    const guardianValid = await ed25519Verify(guardianSig, message, guardianPub);
+    return identityValid && guardianValid;
+  } catch {
+    return false;
+  }
+}
+async function signCollaborativeReceipt(receipt, initiatorPrivateKey) {
+  const receiptsCanonical = canonicalJson(receipt.participant_receipts);
+  const receiptsBytes = new TextEncoder().encode(receiptsCanonical);
+  const contentHash = await hash(receiptsBytes);
+  const sigPayload = canonicalJson({
+    proposal_id: receipt.proposal_id,
+    plan_id: receipt.plan_id,
+    content_hash: contentHash
+  });
+  const sigMessage = new TextEncoder().encode(sigPayload);
+  const sig = await ed25519Sign(sigMessage, initiatorPrivateKey);
+  return {
+    ...receipt,
+    content_hash: contentHash,
+    initiator_signature: toBase64Url(sig)
+  };
+}
+async function verifyCollaborativeReceipt(receipt, initiatorPublicKey, participantKeys) {
+  const receiptsCanonical = canonicalJson(receipt.participant_receipts);
+  const receiptsBytes = new TextEncoder().encode(receiptsCanonical);
+  const expectedHash = await hash(receiptsBytes);
+  if (expectedHash !== receipt.content_hash) {
+    return { valid: false, error: "Content hash mismatch" };
+  }
+  const sigPayload = canonicalJson({
+    proposal_id: receipt.proposal_id,
+    plan_id: receipt.plan_id,
+    content_hash: receipt.content_hash
+  });
+  const sigMessage = new TextEncoder().encode(sigPayload);
+  try {
+    const sig = fromBase64Url(receipt.initiator_signature);
+    const sigValid = await ed25519Verify(sig, sigMessage, initiatorPublicKey);
+    if (!sigValid) {
+      return { valid: false, error: "Initiator signature invalid" };
+    }
+  } catch {
+    return { valid: false, error: "Initiator signature decode failed" };
+  }
+  if (participantKeys) {
+    for (let i = 0; i < receipt.participant_receipts.length; i++) {
+      const pr = receipt.participant_receipts[i];
+      const pubKey = participantKeys.get(pr.motebit_id);
+      if (!pubKey) {
+        return {
+          valid: false,
+          error: `Unknown participant key for receipt ${i} (${pr.motebit_id})`
+        };
+      }
+      const prValid = await verifyExecutionReceipt(pr, pubKey);
+      if (!prValid) {
+        return {
+          valid: false,
+          error: `Participant receipt ${i} (${pr.motebit_id}) signature invalid`
+        };
+      }
+    }
+  }
+  return { valid: true };
+}
+
+// src/credentials.ts
+function buildVerificationMethod(publicKey) {
+  const did = publicKeyToDidKey(publicKey);
+  const fragment = did.slice("did:key:".length);
+  return `${did}#${fragment}`;
+}
+async function signDataIntegrity(document, privateKey, publicKey, proofPurpose) {
+  const verificationMethod = buildVerificationMethod(publicKey);
+  const created = (/* @__PURE__ */ new Date()).toISOString();
+  const proofOptions = {
+    type: "DataIntegrityProof",
+    cryptosuite: "eddsa-jcs-2022",
+    created,
+    verificationMethod,
+    proofPurpose
+  };
+  const encoder = new TextEncoder();
+  const proofHash = await sha256(encoder.encode(canonicalJson(proofOptions)));
+  const { proof: _proof, ...docWithoutProof } = document;
+  const docHash = await sha256(encoder.encode(canonicalJson(docWithoutProof)));
+  const combined = new Uint8Array(proofHash.length + docHash.length);
+  combined.set(proofHash);
+  combined.set(docHash, proofHash.length);
+  const signature = await ed25519Sign(combined, privateKey);
+  const proofValue = "z" + base58btcEncode(signature);
+  return { ...proofOptions, proofValue };
+}
+async function verifyDataIntegritySigning(document, proof) {
+  if (proof.type !== "DataIntegrityProof" || proof.cryptosuite !== "eddsa-jcs-2022") {
+    return false;
+  }
+  const did = proof.verificationMethod.split("#")[0];
+  let publicKey;
+  try {
+    publicKey = didKeyToPublicKey(did);
+  } catch {
+    return false;
+  }
+  const { proofValue, ...proofOptions } = proof;
+  const encoder = new TextEncoder();
+  const proofHash = await sha256(encoder.encode(canonicalJson(proofOptions)));
+  const { proof: _proof, ...docWithoutProof } = document;
+  const docHash = await sha256(encoder.encode(canonicalJson(docWithoutProof)));
+  const combined = new Uint8Array(proofHash.length + docHash.length);
+  combined.set(proofHash);
+  combined.set(docHash, proofHash.length);
+  if (!proofValue.startsWith("z")) return false;
+  let signature;
+  try {
+    signature = base58btcDecode(proofValue.slice(1));
+  } catch {
+    return false;
+  }
+  return ed25519Verify(signature, combined, publicKey);
+}
+async function signVerifiableCredential(unsignedVC, privateKey, publicKey) {
+  const proof = await signDataIntegrity(
+    unsignedVC,
+    privateKey,
+    publicKey,
+    "assertionMethod"
+  );
+  return { ...unsignedVC, proof };
+}
+async function verifyVerifiableCredential(vc) {
+  if (vc.validUntil) {
+    const expiresAt = new Date(vc.validUntil).getTime();
+    if (Date.now() > expiresAt) return false;
+  }
+  return verifyDataIntegritySigning(vc, vc.proof);
+}
+async function signVerifiablePresentation(unsignedVP, privateKey, publicKey) {
+  const proof = await signDataIntegrity(
+    unsignedVP,
+    privateKey,
+    publicKey,
+    "authentication"
+  );
+  return { ...unsignedVP, proof };
+}
+async function verifyVerifiablePresentation(vp) {
+  const errors = [];
+  const vpValid = await verifyDataIntegritySigning(
+    vp,
+    vp.proof
+  );
+  if (!vpValid) {
+    errors.push("Presentation proof is invalid");
+  }
+  for (let i = 0; i < vp.verifiableCredential.length; i++) {
+    const vc = vp.verifiableCredential[i];
+    const vcValid = await verifyVerifiableCredential(vc);
+    if (!vcValid) {
+      errors.push(`Credential ${i} proof is invalid`);
+    }
+  }
+  return { valid: errors.length === 0, errors };
+}
+var VC_TYPE_GRADIENT = "AgentGradientCredential";
+var VC_TYPE_REPUTATION = "AgentReputationCredential";
+var VC_TYPE_TRUST = "AgentTrustCredential";
+var ONE_HOUR_MS = 60 * 60 * 1e3;
+async function issueGradientCredential(snapshot, privateKey, publicKey, subjectDid, validForMs = ONE_HOUR_MS, statusEndpoint) {
+  const issuerDid = publicKeyToDidKey(publicKey);
+  const subject = {
+    id: subjectDid ?? issuerDid,
+    gradient: snapshot.gradient,
+    knowledge_density: snapshot.knowledge_density,
+    knowledge_quality: snapshot.knowledge_quality,
+    graph_connectivity: snapshot.graph_connectivity,
+    temporal_stability: snapshot.temporal_stability,
+    retrieval_quality: snapshot.retrieval_quality,
+    interaction_efficiency: snapshot.interaction_efficiency,
+    tool_efficiency: snapshot.tool_efficiency,
+    curiosity_pressure: snapshot.curiosity_pressure,
+    measured_at: snapshot.timestamp
+  };
+  const now = /* @__PURE__ */ new Date();
+  const unsignedVC = {
+    "@context": ["https://www.w3.org/ns/credentials/v2"],
+    type: ["VerifiableCredential", VC_TYPE_GRADIENT],
+    issuer: issuerDid,
+    credentialSubject: subject,
+    validFrom: now.toISOString(),
+    validUntil: new Date(now.getTime() + validForMs).toISOString(),
+    ...statusEndpoint ? { credentialStatus: { id: statusEndpoint, type: "RevocationList2024" } } : {}
+  };
+  return signVerifiableCredential(unsignedVC, privateKey, publicKey);
+}
+async function issueReputationCredential(snapshot, privateKey, publicKey, subjectDid, validForMs = ONE_HOUR_MS, statusEndpoint) {
+  const issuerDid = publicKeyToDidKey(publicKey);
+  const subject = {
+    id: subjectDid,
+    success_rate: snapshot.success_rate,
+    avg_latency_ms: snapshot.avg_latency_ms,
+    task_count: snapshot.task_count,
+    trust_score: snapshot.trust_score,
+    availability: snapshot.availability,
+    sample_size: snapshot.task_count,
+    measured_at: snapshot.measured_at
+  };
+  const now = /* @__PURE__ */ new Date();
+  const unsignedVC = {
+    "@context": ["https://www.w3.org/ns/credentials/v2"],
+    type: ["VerifiableCredential", VC_TYPE_REPUTATION],
+    issuer: issuerDid,
+    credentialSubject: subject,
+    validFrom: now.toISOString(),
+    validUntil: new Date(now.getTime() + validForMs).toISOString(),
+    ...statusEndpoint ? { credentialStatus: { id: statusEndpoint, type: "RevocationList2024" } } : {}
+  };
+  return signVerifiableCredential(unsignedVC, privateKey, publicKey);
+}
+async function issueTrustCredential(trustRecord, privateKey, publicKey, subjectDid, validForMs = ONE_HOUR_MS, statusEndpoint) {
+  const issuerDid = publicKeyToDidKey(publicKey);
+  const subject = {
+    id: subjectDid,
+    trust_level: trustRecord.trust_level,
+    interaction_count: trustRecord.interaction_count,
+    successful_tasks: trustRecord.successful_tasks ?? 0,
+    failed_tasks: trustRecord.failed_tasks ?? 0,
+    first_seen_at: trustRecord.first_seen_at,
+    last_seen_at: trustRecord.last_seen_at
+  };
+  const now = /* @__PURE__ */ new Date();
+  const unsignedVC = {
+    "@context": ["https://www.w3.org/ns/credentials/v2"],
+    type: ["VerifiableCredential", VC_TYPE_TRUST],
+    issuer: issuerDid,
+    credentialSubject: subject,
+    validFrom: now.toISOString(),
+    validUntil: new Date(now.getTime() + validForMs).toISOString(),
+    ...statusEndpoint ? { credentialStatus: { id: statusEndpoint, type: "RevocationList2024" } } : {}
+  };
+  return signVerifiableCredential(unsignedVC, privateKey, publicKey);
+}
+async function createPresentation(credentials, privateKey, publicKey) {
+  const holderDid = publicKeyToDidKey(publicKey);
+  const unsignedVP = {
+    "@context": ["https://www.w3.org/ns/credentials/v2"],
+    type: ["VerifiablePresentation"],
+    holder: holderDid,
+    verifiableCredential: credentials
+  };
+  return signVerifiablePresentation(unsignedVP, privateKey, publicKey);
+}
+
+// src/credential-anchor.ts
+function toHex(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function fromHex(hex) {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
+  }
+  return bytes;
+}
+function concat(a, b) {
+  const out = new Uint8Array(a.length + b.length);
+  out.set(a);
+  out.set(b, a.length);
+  return out;
+}
+async function computeCredentialLeaf(credential) {
+  const canonical = canonicalJson(credential);
+  const hash2 = await sha256(new TextEncoder().encode(canonical));
+  return toHex(hash2);
+}
+async function verifyMerkleInclusion(leaf, index, siblings, layerSizes, expectedRoot) {
+  let current = fromHex(leaf);
+  let idx = index;
+  let sibIdx = 0;
+  for (const layerSize of layerSizes) {
+    const siblingPos = idx % 2 === 0 ? idx + 1 : idx - 1;
+    const hasSibling = siblingPos >= 0 && siblingPos < layerSize;
+    if (hasSibling) {
+      if (sibIdx >= siblings.length) return false;
+      const siblingBytes = fromHex(siblings[sibIdx]);
+      const combined = idx % 2 === 0 ? concat(current, siblingBytes) : concat(siblingBytes, current);
+      current = await sha256(combined);
+      sibIdx++;
+    }
+    idx = Math.floor(idx / 2);
+  }
+  return toHex(current) === expectedRoot;
+}
+async function verifyCredentialAnchor(credential, anchorProof, chainVerifier) {
+  const errors = [];
+  const computedHash = await computeCredentialLeaf(credential);
+  const hashValid = computedHash === anchorProof.credential_hash;
+  if (!hashValid) {
+    errors.push(
+      `Hash mismatch: computed ${computedHash.slice(0, 16)}\u2026, proof claims ${anchorProof.credential_hash.slice(0, 16)}\u2026`
+    );
+  }
+  const merkleValid = await verifyMerkleInclusion(
+    anchorProof.credential_hash,
+    anchorProof.leaf_index,
+    anchorProof.siblings,
+    anchorProof.layer_sizes,
+    anchorProof.merkle_root
+  );
+  if (!merkleValid) {
+    errors.push("Merkle proof does not reconstruct to the claimed root");
+  }
+  const batchPayload = canonicalJson({
+    batch_id: anchorProof.batch_id,
+    merkle_root: anchorProof.merkle_root,
+    leaf_count: anchorProof.leaf_count,
+    first_issued_at: anchorProof.first_issued_at,
+    last_issued_at: anchorProof.last_issued_at,
+    relay_id: anchorProof.relay_id
+  });
+  const payloadBytes = new TextEncoder().encode(batchPayload);
+  const signatureBytes = hexToBytes2(anchorProof.batch_signature);
+  const publicKeyBytes = hexToBytes2(anchorProof.relay_public_key);
+  let relaySignatureValid = false;
+  try {
+    relaySignatureValid = await ed25519Verify(signatureBytes, payloadBytes, publicKeyBytes);
+  } catch {
+    relaySignatureValid = false;
+  }
+  if (!relaySignatureValid) {
+    errors.push("Relay batch signature verification failed");
+  }
+  let chainVerified = null;
+  if (anchorProof.anchor && chainVerifier) {
+    try {
+      chainVerified = await chainVerifier({
+        ...anchorProof.anchor,
+        expected_root: anchorProof.merkle_root
+      });
+      if (!chainVerified) {
+        errors.push("Onchain anchor verification failed");
+      }
+    } catch (err2) {
+      chainVerified = false;
+      errors.push(
+        `Onchain verification error: ${err2 instanceof Error ? err2.message : String(err2)}`
+      );
+    }
+  }
+  const valid = hashValid && merkleValid && relaySignatureValid && (chainVerified === null || chainVerified);
+  return {
+    valid,
+    steps: {
+      hash_valid: hashValid,
+      merkle_valid: merkleValid,
+      relay_signature_valid: relaySignatureValid,
+      chain_verified: chainVerified
+    },
+    errors
+  };
+}
+
+// src/index.ts
+if (!hashes.sha512) {
+  hashes.sha512 = (msg) => sha512(msg);
+}
+function parseYamlValue(raw) {
+  const trimmed = raw.trim();
+  if (trimmed === "null") return null;
+  if (trimmed === "true") return true;
+  if (trimmed === "false") return false;
+  if (trimmed === "[]") return [];
+  if (trimmed === "{}") return {};
+  if (trimmed.startsWith('"') && trimmed.endsWith('"') || trimmed.startsWith("'") && trimmed.endsWith("'")) {
+    return JSON.parse(trimmed);
+  }
+  const num = Number(trimmed);
+  if (trimmed !== "" && !isNaN(num) && isFinite(num)) return num;
+  return trimmed;
+}
+function parseYaml(text) {
+  const lines = text.split("\n");
+  const root = {};
+  const stack = [
+    { obj: root, indent: -1 }
+  ];
+  let currentArray = null;
+  let currentArrayIndent = -1;
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    if (line.trim() === "" || line.trim().startsWith("#")) continue;
+    const lineIndent = line.length - line.trimStart().length;
+    const trimmed = line.trimStart();
+    if (trimmed.startsWith("- ")) {
+      const itemContent = trimmed.slice(2);
+      const colonIdx2 = itemContent.indexOf(": ");
+      if (colonIdx2 !== -1) {
+        const obj = {};
+        const key = itemContent.slice(0, colonIdx2);
+        const val = itemContent.slice(colonIdx2 + 2);
+        obj[key] = parseYamlValue(val);
+        for (let j = i + 1; j < lines.length; j++) {
+          const nextLine = lines[j];
+          if (nextLine.trim() === "") continue;
+          const nextIndent = nextLine.length - nextLine.trimStart().length;
+          const nextTrimmed = nextLine.trimStart();
+          if (nextIndent > lineIndent && !nextTrimmed.startsWith("- ")) {
+            const nextColonIdx = nextTrimmed.indexOf(": ");
+            if (nextColonIdx !== -1) {
+              const nk = nextTrimmed.slice(0, nextColonIdx);
+              const nv = nextTrimmed.slice(nextColonIdx + 2);
+              obj[nk] = parseYamlValue(nv);
+              i = j;
+            }
+          } else {
+            break;
+          }
+        }
+        if (currentArray) currentArray.push(obj);
+      } else {
+        if (currentArray) currentArray.push(parseYamlValue(itemContent));
+      }
+      continue;
+    }
+    const colonIdx = trimmed.indexOf(": ");
+    const endsWithColon = trimmed.endsWith(":") && colonIdx === -1;
+    if (endsWithColon) {
+      const key = trimmed.slice(0, -1);
+      if (currentArray && lineIndent <= currentArrayIndent) {
+        currentArray = null;
+        currentArrayIndent = -1;
+      }
+      while (stack.length > 1 && stack[stack.length - 1].indent >= lineIndent) {
+        stack.pop();
+      }
+      const parent = stack[stack.length - 1].obj;
+      let nextIdx = i + 1;
+      while (nextIdx < lines.length && lines[nextIdx].trim() === "") nextIdx++;
+      if (nextIdx < lines.length && lines[nextIdx].trimStart().startsWith("- ")) {
+        const arr = [];
+        parent[key] = arr;
+        currentArray = arr;
+        currentArrayIndent = lineIndent;
+      } else {
+        const nested = {};
+        parent[key] = nested;
+        stack.push({ obj: nested, indent: lineIndent });
+      }
+      continue;
+    }
+    if (colonIdx !== -1) {
+      if (currentArray && lineIndent <= currentArrayIndent) {
+        currentArray = null;
+        currentArrayIndent = -1;
+      }
+      while (stack.length > 1 && stack[stack.length - 1].indent >= lineIndent) {
+        stack.pop();
+      }
+      const key = trimmed.slice(0, colonIdx);
+      const val = trimmed.slice(colonIdx + 2);
+      const parent = stack[stack.length - 1].obj;
+      parent[key] = parseYamlValue(val);
+    }
+  }
+  return root;
+}
+function hexToBytes3(hex) {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
+  }
+  return bytes;
+}
+function fromBase64Url2(str) {
+  let base64 = str.replace(/-/g, "+").replace(/_/g, "/");
+  const pad = base64.length % 4;
+  if (pad === 2) base64 += "==";
+  else if (pad === 3) base64 += "=";
+  const binary = atob(base64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+function canonicalJson2(obj) {
+  if (obj === null || obj === void 0) return JSON.stringify(obj);
+  if (typeof obj !== "object") return JSON.stringify(obj);
+  if (Array.isArray(obj)) {
+    return "[" + obj.map((item) => canonicalJson2(item)).join(",") + "]";
+  }
+  const sorted = Object.keys(obj).sort();
+  const entries = [];
+  for (const key of sorted) {
+    const val = obj[key];
+    if (val === void 0) continue;
+    entries.push(JSON.stringify(key) + ":" + canonicalJson2(val));
+  }
+  return "{" + entries.join(",") + "}";
+}
+var BASE58_ALPHABET2 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function base58btcEncode2(bytes) {
+  let zeros = 0;
+  while (zeros < bytes.length && bytes[zeros] === 0) zeros++;
+  let value = 0n;
+  for (let i = 0; i < bytes.length; i++) {
+    value = value * 256n + BigInt(bytes[i]);
+  }
+  let result = "";
+  while (value > 0n) {
+    const remainder = Number(value % 58n);
+    value = value / 58n;
+    result = BASE58_ALPHABET2[remainder] + result;
+  }
+  return BASE58_ALPHABET2[0].repeat(zeros) + result;
+}
+function base58btcDecode2(str) {
+  let zeros = 0;
+  while (zeros < str.length && str[zeros] === BASE58_ALPHABET2[0]) zeros++;
+  let value = 0n;
+  for (let i = 0; i < str.length; i++) {
+    const idx = BASE58_ALPHABET2.indexOf(str[i]);
+    if (idx === -1) throw new Error(`Invalid base58 character: ${str[i]}`);
+    value = value * 58n + BigInt(idx);
+  }
+  const hex = [];
+  while (value > 0n) {
+    const byte = Number(value & 0xffn);
+    hex.unshift(byte.toString(16).padStart(2, "0"));
+    value >>= 8n;
+  }
+  const dataBytes = hex.length > 0 ? new Uint8Array(hex.map((h2) => parseInt(h2, 16))) : new Uint8Array(0);
+  const result = new Uint8Array(zeros + dataBytes.length);
+  result.set(dataBytes, zeros);
+  return result;
+}
+function publicKeyToDidKey2(pubKey) {
+  const prefixed = new Uint8Array(34);
+  prefixed[0] = 237;
+  prefixed[1] = 1;
+  prefixed.set(pubKey, 2);
+  return `did:key:z${base58btcEncode2(prefixed)}`;
+}
+function didKeyToPublicKey2(did) {
+  if (!did.startsWith("did:key:z")) {
+    throw new Error("Invalid did:key URI: must start with did:key:z");
+  }
+  const encoded = did.slice("did:key:z".length);
+  const decoded = base58btcDecode2(encoded);
+  if (decoded.length !== 34) {
+    throw new Error(
+      `Invalid did:key: expected 34 bytes (2 prefix + 32 key), got ${decoded.length}`
+    );
+  }
+  if (decoded[0] !== 237 || decoded[1] !== 1) {
+    throw new Error("Invalid did:key: multicodec prefix is not ed25519-pub (0xed01)");
+  }
+  return decoded.slice(2);
+}
+async function sha2562(data) {
+  const buf = await crypto.subtle.digest("SHA-256", data);
+  return new Uint8Array(buf);
+}
+var SIG_PREFIX = "<!-- motebit:sig:Ed25519:";
+var SIG_SUFFIX = " -->";
+function detectArtifactType(artifact) {
+  if (typeof artifact === "string") {
+    if (artifact.includes("---")) {
+      return "identity";
+    }
+    try {
+      const parsed = JSON.parse(artifact);
+      return detectArtifactType(parsed);
+    } catch {
+      return null;
+    }
+  }
+  if (typeof artifact !== "object" || artifact === null) return null;
+  const obj = artifact;
+  if ("holder" in obj && "verifiableCredential" in obj && "proof" in obj) {
+    return "presentation";
+  }
+  if ("credentialSubject" in obj && "issuer" in obj && "proof" in obj) {
+    return "credential";
+  }
+  if ("task_id" in obj && "motebit_id" in obj && "signature" in obj && "prompt_hash" in obj) {
+    return "receipt";
+  }
+  return null;
+}
+function parse(content) {
+  const firstDash = content.indexOf("---\n");
+  if (firstDash === -1) throw new Error("Missing frontmatter opening ---");
+  const bodyStart = firstDash + 4;
+  const secondDash = content.indexOf("\n---", bodyStart);
+  if (secondDash === -1) throw new Error("Missing frontmatter closing ---");
+  const rawFrontmatter = content.slice(bodyStart, secondDash);
+  const frontmatter = parseYaml(rawFrontmatter);
+  const sigStart = content.indexOf(SIG_PREFIX);
+  if (sigStart === -1) throw new Error("Missing signature");
+  const sigValueStart = sigStart + SIG_PREFIX.length;
+  const sigEnd = content.indexOf(SIG_SUFFIX, sigValueStart);
+  if (sigEnd === -1) throw new Error("Malformed signature");
+  const signature = content.slice(sigValueStart, sigEnd);
+  return { frontmatter, signature, rawFrontmatter };
+}
+function identityError(msg) {
+  return { type: "identity", valid: false, identity: null, error: msg, errors: [{ message: msg }] };
+}
+async function verifyIdentity(content) {
+  let parsed;
+  try {
+    parsed = parse(content);
+  } catch (err2) {
+    const msg = err2 instanceof Error ? err2.message : String(err2);
+    return identityError(msg);
+  }
+  const pubKeyHex = parsed.frontmatter.identity?.public_key;
+  if (!pubKeyHex) {
+    return identityError("No public key in frontmatter");
+  }
+  let pubKey;
+  try {
+    pubKey = hexToBytes3(pubKeyHex);
+  } catch {
+    return identityError("Invalid public key hex");
+  }
+  if (pubKey.length !== 32) {
+    return identityError("Public key must be 32 bytes");
+  }
+  let sigBytes;
+  try {
+    sigBytes = fromBase64Url2(parsed.signature);
+  } catch {
+    return identityError("Invalid signature encoding");
+  }
+  if (sigBytes.length !== 64) {
+    return identityError("Signature must be 64 bytes");
+  }
+  const frontmatterBytes = new TextEncoder().encode(parsed.rawFrontmatter);
+  let valid;
+  try {
+    valid = await verifyAsync(sigBytes, frontmatterBytes, pubKey);
+  } catch {
+    valid = false;
+  }
+  if (!valid) {
+    return identityError("Signature verification failed");
+  }
+  const guardian = parsed.frontmatter.guardian;
+  if (guardian?.attestation && guardian.public_key) {
+    const motebitId = parsed.frontmatter.motebit_id;
+    const attestPayload = canonicalJson2({
+      action: "guardian_attestation",
+      guardian_public_key: guardian.public_key,
+      motebit_id: motebitId
+    });
+    const attestMessage = new TextEncoder().encode(attestPayload);
+    let guardianPubKey;
+    try {
+      guardianPubKey = hexToBytes3(guardian.public_key);
+    } catch {
+      return identityError("Invalid guardian public key hex");
+    }
+    if (guardianPubKey.length !== 32) {
+      return identityError("Guardian public key must be 32 bytes");
+    }
+    let attestSig;
+    try {
+      attestSig = hexToBytes3(guardian.attestation);
+    } catch {
+      return identityError("Invalid guardian attestation encoding");
+    }
+    let attestValid;
+    try {
+      attestValid = await verifyAsync(attestSig, attestMessage, guardianPubKey);
+    } catch {
+      attestValid = false;
+    }
+    if (!attestValid) {
+      return identityError("Guardian attestation signature verification failed");
+    }
+  }
+  const chain = parsed.frontmatter.succession;
+  let successionResult;
+  if (chain && chain.length > 0) {
+    const guardianPubKeyHex = parsed.frontmatter.guardian?.public_key;
+    successionResult = await verifySuccessionChain2(chain, pubKeyHex, guardianPubKeyHex);
+  }
+  return {
+    type: "identity",
+    valid: true,
+    identity: parsed.frontmatter,
+    did: publicKeyToDidKey2(pubKey),
+    ...successionResult ? { succession: successionResult } : {}
+  };
+}
+async function verifySuccessionChain2(chain, currentPublicKeyHex, guardianPublicKeyHex) {
+  try {
+    for (let i = 0; i < chain.length; i++) {
+      const record = chain[i];
+      const payloadObj = {
+        old_public_key: record.old_public_key,
+        new_public_key: record.new_public_key,
+        timestamp: record.timestamp
+      };
+      if (record.reason !== void 0) {
+        payloadObj.reason = record.reason;
+      }
+      if (record.recovery) {
+        payloadObj.recovery = true;
+      }
+      const payload = canonicalJson2(payloadObj);
+      const message = new TextEncoder().encode(payload);
+      const newPubKey = hexToBytes3(record.new_public_key);
+      const newSig = hexToBytes3(record.new_key_signature);
+      const newValid = await verifyAsync(newSig, message, newPubKey);
+      if (!newValid) {
+        return {
+          valid: false,
+          rotations: chain.length,
+          error: `Succession record ${i}: new_key_signature verification failed`
+        };
+      }
+      if (record.recovery) {
+        if (!guardianPublicKeyHex) {
+          return {
+            valid: false,
+            rotations: chain.length,
+            error: `Succession record ${i}: guardian recovery but no guardian public key in identity`
+          };
+        }
+        if (!record.guardian_signature) {
+          return {
+            valid: false,
+            rotations: chain.length,
+            error: `Succession record ${i}: guardian recovery but no guardian_signature`
+          };
+        }
+        const guardianPubKey = hexToBytes3(guardianPublicKeyHex);
+        const guardianSig = hexToBytes3(record.guardian_signature);
+        const guardianValid = await verifyAsync(guardianSig, message, guardianPubKey);
+        if (!guardianValid) {
+          return {
+            valid: false,
+            rotations: chain.length,
+            error: `Succession record ${i}: guardian_signature verification failed`
+          };
+        }
+      } else {
+        if (!record.old_key_signature) {
+          return {
+            valid: false,
+            rotations: chain.length,
+            error: `Succession record ${i}: normal rotation but no old_key_signature`
+          };
+        }
+        const oldPubKey = hexToBytes3(record.old_public_key);
+        const oldSig = hexToBytes3(record.old_key_signature);
+        const oldValid = await verifyAsync(oldSig, message, oldPubKey);
+        if (!oldValid) {
+          return {
+            valid: false,
+            rotations: chain.length,
+            error: `Succession record ${i}: old_key_signature verification failed`
+          };
+        }
+      }
+      if (i < chain.length - 1) {
+        const next = chain[i + 1];
+        if (record.new_public_key !== next.old_public_key) {
+          return {
+            valid: false,
+            rotations: chain.length,
+            error: `Succession chain broken at record ${i}: new_public_key does not match next record's old_public_key`
+          };
+        }
+      }
+      if (i < chain.length - 1) {
+        const next = chain[i + 1];
+        if (record.timestamp >= next.timestamp) {
+          return {
+            valid: false,
+            rotations: chain.length,
+            error: `Succession chain temporal ordering violated at record ${i}`
+          };
+        }
+      }
+    }
+    const lastRecord = chain[chain.length - 1];
+    if (lastRecord.new_public_key !== currentPublicKeyHex) {
+      return {
+        valid: false,
+        rotations: chain.length,
+        error: "Succession chain terminal: last new_public_key does not match identity public_key"
+      };
+    }
+    return {
+      valid: true,
+      genesis_public_key: chain[0].old_public_key,
+      rotations: chain.length
+    };
+  } catch (err2) {
+    const msg = err2 instanceof Error ? err2.message : String(err2);
+    return {
+      valid: false,
+      rotations: 0,
+      error: `Succession verification error: ${msg}`
+    };
+  }
+}
+async function verifyReceiptSignature(receipt, publicKey) {
+  const { signature, ...body } = receipt;
+  if (!signature || signature.trim() === "") {
+    return { valid: false, error: "Receipt signature is empty" };
+  }
+  let sig;
+  try {
+    sig = fromBase64Url2(signature);
+  } catch {
+    return { valid: false, error: "Receipt signature is not valid base64url" };
+  }
+  if (sig.length !== 64) {
+    return { valid: false, error: `Receipt signature must be 64 bytes, got ${sig.length}` };
+  }
+  const canonical = canonicalJson2(body);
+  const message = new TextEncoder().encode(canonical);
+  try {
+    const valid = await verifyAsync(sig, message, publicKey);
+    return { valid };
+  } catch {
+    return { valid: false, error: "Ed25519 verification threw" };
+  }
+}
+async function verifyReceipt(receipt) {
+  let publicKey = null;
+  let signerDid;
+  if (receipt.public_key) {
+    try {
+      publicKey = hexToBytes3(receipt.public_key);
+      if (publicKey.length === 32) {
+        signerDid = publicKeyToDidKey2(publicKey);
+      } else {
+        publicKey = null;
+      }
+    } catch {
+      publicKey = null;
+    }
+  }
+  if (!publicKey) {
+    const delegations2 = await verifyReceiptDelegations(receipt);
+    return {
+      type: "receipt",
+      valid: false,
+      receipt,
+      errors: [{ message: "No embedded public_key \u2014 cannot verify without known keys" }],
+      ...delegations2.length > 0 ? { delegations: delegations2 } : {}
+    };
+  }
+  const sigResult = await verifyReceiptSignature(receipt, publicKey);
+  const errors = [];
+  if (!sigResult.valid) {
+    errors.push({ message: sigResult.error ?? "Receipt signature verification failed" });
+  }
+  const delegations = await verifyReceiptDelegations(receipt);
+  const delegationErrors = delegations.filter((d) => !d.valid);
+  for (const d of delegationErrors) {
+    errors.push({
+      message: `Delegation ${d.receipt?.task_id ?? "unknown"}: verification failed`,
+      path: `delegation_receipts`
+    });
+  }
+  return {
+    type: "receipt",
+    valid: sigResult.valid && delegationErrors.length === 0,
+    receipt,
+    signer: signerDid,
+    ...delegations.length > 0 ? { delegations } : {},
+    ...errors.length > 0 ? { errors } : {}
+  };
+}
+async function verifyReceiptDelegations(receipt) {
+  if (!receipt.delegation_receipts || receipt.delegation_receipts.length === 0) {
+    return [];
+  }
+  return Promise.all(receipt.delegation_receipts.map((dr) => verifyReceipt(dr)));
+}
+async function verifyDataIntegrity(document, proof) {
+  if (proof.type !== "DataIntegrityProof" || proof.cryptosuite !== "eddsa-jcs-2022") {
+    return false;
+  }
+  const did = proof.verificationMethod.split("#")[0];
+  let publicKey;
+  try {
+    publicKey = didKeyToPublicKey2(did);
+  } catch {
+    return false;
+  }
+  const { proofValue, ...proofOptions } = proof;
+  const encoder = new TextEncoder();
+  const proofHash = await sha2562(encoder.encode(canonicalJson2(proofOptions)));
+  const { proof: _proof, ...docWithoutProof } = document;
+  const docHash = await sha2562(encoder.encode(canonicalJson2(docWithoutProof)));
+  const combined = new Uint8Array(proofHash.length + docHash.length);
+  combined.set(proofHash);
+  combined.set(docHash, proofHash.length);
+  if (!proofValue.startsWith("z")) return false;
+  let signature;
+  try {
+    signature = base58btcDecode2(proofValue.slice(1));
+  } catch {
+    return false;
+  }
+  try {
+    return await verifyAsync(signature, combined, publicKey);
+  } catch {
+    return false;
+  }
+}
+var DEFAULT_CLOCK_SKEW_SECONDS = 60;
+async function verifyCredential(vc, clockSkewSeconds = DEFAULT_CLOCK_SKEW_SECONDS) {
+  const errors = [];
+  let expired = false;
+  if (vc.validUntil) {
+    const expiresAt = new Date(vc.validUntil).getTime();
+    const skewMs = clockSkewSeconds * 1e3;
+    if (Date.now() > expiresAt + skewMs) {
+      expired = true;
+      errors.push({ message: "Credential has expired", path: "validUntil" });
+    }
+  }
+  const proofValid = await verifyDataIntegrity(vc, vc.proof);
+  if (!proofValid) {
+    errors.push({ message: "Credential proof verification failed", path: "proof" });
+  }
+  const issuerDid = typeof vc.issuer === "string" ? vc.issuer : void 0;
+  const subjectId = vc.credentialSubject?.id;
+  return {
+    type: "credential",
+    valid: proofValid && !expired,
+    credential: vc,
+    issuer: issuerDid,
+    subject: subjectId,
+    expired,
+    ...errors.length > 0 ? { errors } : {}
+  };
+}
+async function verifyPresentation(vp, clockSkewSeconds = DEFAULT_CLOCK_SKEW_SECONDS) {
+  const errors = [];
+  const envelopeValid = await verifyDataIntegrity(
+    vp,
+    vp.proof
+  );
+  if (!envelopeValid) {
+    errors.push({ message: "Presentation proof verification failed", path: "proof" });
+  }
+  const credentialResults = [];
+  for (let i = 0; i < vp.verifiableCredential.length; i++) {
+    const vc = vp.verifiableCredential[i];
+    const vcResult = await verifyCredential(vc, clockSkewSeconds);
+    credentialResults.push(vcResult);
+    if (!vcResult.valid) {
+      errors.push({
+        message: `Credential ${i} verification failed`,
+        path: `verifiableCredential[${i}]`
+      });
+    }
+  }
+  const allValid = envelopeValid && credentialResults.every((c) => c.valid);
+  return {
+    type: "presentation",
+    valid: allValid,
+    presentation: vp,
+    holder: vp.holder,
+    credentials: credentialResults,
+    ...errors.length > 0 ? { errors } : {}
+  };
+}
+async function verify(artifact, options) {
+  const detected = detectArtifactType(artifact);
+  if (detected === null) {
+    const fallbackType = options?.expectedType ?? "identity";
+    return {
+      type: fallbackType,
+      valid: false,
+      ...fallbackType === "identity" ? { identity: null } : {},
+      ...fallbackType === "receipt" ? { receipt: null } : {},
+      ...fallbackType === "credential" ? { credential: null } : {},
+      ...fallbackType === "presentation" ? { presentation: null } : {},
+      errors: [{ message: "Unrecognized artifact format" }]
+    };
+  }
+  if (options?.expectedType && options.expectedType !== detected) {
+    return {
+      type: detected,
+      valid: false,
+      ...detected === "identity" ? { identity: null } : {},
+      ...detected === "receipt" ? { receipt: null } : {},
+      ...detected === "credential" ? { credential: null } : {},
+      ...detected === "presentation" ? { presentation: null } : {},
+      errors: [{ message: `Expected type "${options.expectedType}" but detected "${detected}"` }]
+    };
+  }
+  let resolved = artifact;
+  if (typeof artifact === "string" && detected !== "identity") {
+    try {
+      resolved = JSON.parse(artifact);
+    } catch {
+      return {
+        type: detected,
+        valid: false,
+        ...detected === "receipt" ? { receipt: null } : {},
+        ...detected === "credential" ? { credential: null } : {},
+        ...detected === "presentation" ? { presentation: null } : {},
+        errors: [{ message: "Failed to parse JSON" }]
+      };
+    }
+  }
+  switch (detected) {
+    case "identity":
+      return verifyIdentity(resolved);
+    case "receipt":
+      return verifyReceipt(resolved);
+    case "credential":
+      return verifyCredential(resolved, options?.clockSkewSeconds);
+    case "presentation":
+      return verifyPresentation(resolved, options?.clockSkewSeconds);
+  }
+}
+async function verifyIdentityFile(content) {
+  const result = await verifyIdentity(content);
+  return {
+    valid: result.valid,
+    identity: result.identity,
+    did: result.did,
+    error: result.errors?.[0]?.message,
+    succession: result.succession
+  };
+}
+export {
+  base58btcDecode,
+  base58btcEncode,
+  bytesToHex2 as bytesToHex,
+  canonicalJson,
+  computeCredentialLeaf,
+  createPresentation,
+  createSignedToken,
+  didKeyToPublicKey,
+  ed25519Sign,
+  ed25519Verify,
+  fromBase64Url,
+  generateKeypair,
+  hash,
+  hexPublicKeyToDidKey,
+  hexToBytes2 as hexToBytes,
+  isScopeNarrowed,
+  issueGradientCredential,
+  issueReputationCredential,
+  issueTrustCredential,
+  parse,
+  parseScopeSet,
+  publicKeyToDidKey,
+  sha256,
+  signCollaborativeReceipt,
+  signDelegation,
+  signExecutionReceipt,
+  signGuardianRecoverySuccession,
+  signGuardianRevocation,
+  signKeySuccession,
+  signSovereignPaymentReceipt,
+  signVerifiableCredential,
+  signVerifiablePresentation,
+  toBase64Url,
+  verify,
+  verifyCollaborativeReceipt,
+  verifyCredentialAnchor,
+  verifyDelegation,
+  verifyDelegationChain,
+  verifyExecutionReceipt,
+  verifyGuardianRevocation,
+  verifyIdentityFile,
+  verifyKeySuccession,
+  verifyReceiptChain,
+  verifyReceiptSequence,
+  verifySignedToken,
+  verifySuccessionChain,
+  verifyVerifiableCredential,
+  verifyVerifiablePresentation
+};
+/*! Bundled license information:
+
+@noble/ed25519/index.js:
+  (*! noble-ed25519 - MIT License (c) 2019 Paul Miller (paulmillr.com) *)
+
+@noble/hashes/esm/utils.js:
+  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+*/