@motebit/crypto 1.0.0 → 1.2.0

package/dist/witness-omission-dispute.d.ts

@@ -0,0 +1,98 @@
+/**
+ * Witness-omission dispute — sign + verify (retention phase 4b-3).
+ *
+ * Permissive floor (Apache-2.0). Zero monorepo deps beyond
+ * `@motebit/protocol` types. Routes signing through
+ * `@motebit/crypto/suite-dispatch`.
+ *
+ * Path A quorum's soft-accountability layer for `append_only_horizon`
+ * certs: a peer who believes `cert.witnessed_by[]` wrongly omits them
+ * files this dispute within 24h of `cert.issued_at`. Two evidence
+ * shapes:
+ *
+ *   - `inclusion_proof` — disputant proves their peer pubkey is in
+ *     the cert's `federation_graph_anchor.merkle_root` via a Merkle
+ *     inclusion proof. The verifier reconstructs against the cert's
+ *     anchor root.
+ *
+ *   - `alternative_peering` — disputant supplies a signed peering
+ *     artifact from the cert issuer (today: a federation Heartbeat,
+ *     `motebit-concat-ed25519-hex-v1`) whose timestamp window covers
+ *     `cert.horizon_ts ± 5 min` (mirrors heartbeat suspension
+ *     threshold). The cert's published anchor is claimed incomplete.
+ *
+ * The verifier returns a per-step result; certificates remain
+ * TERMINAL per `retention-policy.md` decision 5 — a sustained dispute
+ * is a reputation hit on the issuer, not a cert invalidation.
+ */
+import type { DeletionCertificate, WitnessOmissionDispute } from "@motebit/protocol";
+/** Result of verifying a witness-omission dispute. Fail-closed: any failure → `valid: false`. */
+export interface WitnessOmissionDisputeVerifyResult {
+    readonly valid: boolean;
+    readonly errors: string[];
+    /** Per-step breakdown — useful for adjudication audit display. */
+    readonly steps: {
+        /**
+         * Window check (two gates, both must pass):
+         *   A. `now - cert.issued_at <= WITNESS_OMISSION_DISPUTE_WINDOW_MS`
+         *   B. `dispute.filed_at ∈ [cert.issued_at, cert.issued_at + WINDOW_MS]`
+         */
+        readonly window_open: boolean;
+        /** Dispute pins the disputed cert (`cert_issuer` + `cert_signature` match). */
+        readonly cert_binding_valid: boolean;
+        /** Disputant's Ed25519 signature over the dispute body. */
+        readonly disputant_signature_valid: boolean;
+        /** Evidence-shape verification. `null` when prior checks already failed. */
+        readonly evidence_valid: boolean | null;
+    };
+}
+/**
+ * Resolver context for `verifyWitnessOmissionDispute`. The caller
+ * supplies the cert (resolved from its local store via the dispute's
+ * `cert_signature` pointer), the issuer's pubkey (for verifying the
+ * cert binding and any alternative-peering artifact), the disputant's
+ * pubkey, and a `now` clock.
+ */
+export interface WitnessOmissionDisputeVerifyContext {
+    /** The disputed cert, resolved by the caller from `dispute.cert_signature`. */
+    readonly cert: Extract<DeletionCertificate, {
+        kind: "append_only_horizon";
+    }>;
+    /** Cert issuer's Ed25519 public key (32 bytes). */
+    readonly issuerPublicKey: Uint8Array;
+    /** Disputant peer's Ed25519 public key (32 bytes). `null` → unknown disputant, fail-closed. */
+    readonly disputantPublicKey: Uint8Array | null;
+    /** Wall-clock at validation time, in unix ms. */
+    readonly now: number;
+}
+/**
+ * Compute the canonical signing bytes for a `WitnessOmissionDispute`.
+ * Strips `signature` so the disputant signs every other field —
+ * including `cert_signature`, `cert_issuer`, and the evidence body.
+ */
+export declare function canonicalizeWitnessOmissionDispute(dispute: WitnessOmissionDispute): Uint8Array;
+/**
+ * Sign a `WitnessOmissionDispute` as the disputant. Caller provides
+ * the unsigned body (everything except `suite` and `signature`); this
+ * function appends both.
+ */
+export declare function signWitnessOmissionDispute(body: Omit<WitnessOmissionDispute, "suite" | "signature">, privateKey: Uint8Array): Promise<WitnessOmissionDispute>;
+/**
+ * Verify a `WitnessOmissionDispute` against the disputed cert.
+ *
+ * Step ladder (fail-closed throughout):
+ *   1. Window: `now - cert.issued_at <= WINDOW` AND
+ *      `filed_at ∈ [cert.issued_at, cert.issued_at + WINDOW]`.
+ *   2. Cert binding: `dispute.cert_signature === cert.signature` and
+ *      `dispute.cert_issuer` matches the cert's subject.
+ *   3. Disputant signature over `canonicalJson(dispute minus signature)`.
+ *   4. Evidence: dispatched by `evidence.kind` —
+ *      - `inclusion_proof`: requires cert has a `federation_graph_anchor`;
+ *        verifies the Merkle proof against `anchor.merkle_root`.
+ *      - `alternative_peering`: dispatches on `peering_artifact`'s
+ *        self-described shape (today: federation Heartbeat); verifies
+ *        the embedded signature against the issuer pubkey and the
+ *        timestamp window covers `cert.horizon_ts`.
+ */
+export declare function verifyWitnessOmissionDispute(dispute: WitnessOmissionDispute, ctx: WitnessOmissionDisputeVerifyContext): Promise<WitnessOmissionDisputeVerifyResult>;
+//# sourceMappingURL=witness-omission-dispute.d.ts.map

package/dist/witness-omission-dispute.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"witness-omission-dispute.d.ts","sourceRoot":"","sources":["../src/witness-omission-dispute.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,KAAK,EACV,mBAAmB,EACnB,sBAAsB,EAEvB,MAAM,mBAAmB,CAAC;AAuB3B,iGAAiG;AACjG,MAAM,WAAW,kCAAkC;IACjD,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;IAC1B,kEAAkE;IAClE,QAAQ,CAAC,KAAK,EAAE;QACd;;;;WAIG;QACH,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;QAC9B,+EAA+E;QAC/E,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAC;QACrC,2DAA2D;QAC3D,QAAQ,CAAC,yBAAyB,EAAE,OAAO,CAAC;QAC5C,4EAA4E;QAC5E,QAAQ,CAAC,cAAc,EAAE,OAAO,GAAG,IAAI,CAAC;KACzC,CAAC;CACH;AAID;;;;;;GAMG;AACH,MAAM,WAAW,mCAAmC;IAClD,+EAA+E;IAC/E,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,mBAAmB,EAAE;QAAE,IAAI,EAAE,qBAAqB,CAAA;KAAE,CAAC,CAAC;IAC7E,mDAAmD;IACnD,QAAQ,CAAC,eAAe,EAAE,UAAU,CAAC;IACrC,+FAA+F;IAC/F,QAAQ,CAAC,kBAAkB,EAAE,UAAU,GAAG,IAAI,CAAC;IAC/C,iDAAiD;IACjD,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAID;;;;GAIG;AACH,wBAAgB,kCAAkC,CAAC,OAAO,EAAE,sBAAsB,GAAG,UAAU,CAI9F;AAID;;;;GAIG;AACH,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,IAAI,CAAC,sBAAsB,EAAE,OAAO,GAAG,WAAW,CAAC,EACzD,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,sBAAsB,CAAC,CASjC;AAID;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,4BAA4B,CAChD,OAAO,EAAE,sBAAsB,EAC/B,GAAG,EAAE,mCAAmC,GACvC,OAAO,CAAC,kCAAkC,CAAC,CA4F7C"}

package/dist/witness-omission-dispute.js

@@ -0,0 +1,237 @@
+/**
+ * Witness-omission dispute — sign + verify (retention phase 4b-3).
+ *
+ * Permissive floor (Apache-2.0). Zero monorepo deps beyond
+ * `@motebit/protocol` types. Routes signing through
+ * `@motebit/crypto/suite-dispatch`.
+ *
+ * Path A quorum's soft-accountability layer for `append_only_horizon`
+ * certs: a peer who believes `cert.witnessed_by[]` wrongly omits them
+ * files this dispute within 24h of `cert.issued_at`. Two evidence
+ * shapes:
+ *
+ *   - `inclusion_proof` — disputant proves their peer pubkey is in
+ *     the cert's `federation_graph_anchor.merkle_root` via a Merkle
+ *     inclusion proof. The verifier reconstructs against the cert's
+ *     anchor root.
+ *
+ *   - `alternative_peering` — disputant supplies a signed peering
+ *     artifact from the cert issuer (today: a federation Heartbeat,
+ *     `motebit-concat-ed25519-hex-v1`) whose timestamp window covers
+ *     `cert.horizon_ts ± 5 min` (mirrors heartbeat suspension
+ *     threshold). The cert's published anchor is claimed incomplete.
+ *
+ * The verifier returns a per-step result; certificates remain
+ * TERMINAL per `retention-policy.md` decision 5 — a sustained dispute
+ * is a reputation hit on the issuer, not a cert invalidation.
+ */
+import { canonicalJson, fromBase64Url, hexToBytes, toBase64Url } from "./signing.js";
+import { signBySuite, verifyBySuite } from "./suite-dispatch.js";
+import { verifyMerkleInclusion } from "./merkle.js";
+import { WITNESS_OMISSION_DISPUTE_WINDOW_MS } from "./deletion-certificate.js";
+// ── Constants ────────────────────────────────────────────────────────
+const WITNESS_OMISSION_DISPUTE_SUITE = "motebit-jcs-ed25519-b64-v1";
+const FEDERATION_HEARTBEAT_SUITE = "motebit-concat-ed25519-hex-v1";
+/**
+ * Heartbeat-as-peering-evidence freshness window. A heartbeat whose
+ * `timestamp` is within ±5 min of `cert.horizon_ts` proves the issuer
+ * was alive on that peering relationship at the horizon — mirrors
+ * `HEARTBEAT_REMOVE_THRESHOLD = 5` × `heartbeat_interval = 60s` in
+ * `services/relay/src/federation.ts`.
+ */
+const HEARTBEAT_FRESHNESS_WINDOW_MS = 5 * 60 * 1000;
+// ── Canonicalization ─────────────────────────────────────────────────
+/**
+ * Compute the canonical signing bytes for a `WitnessOmissionDispute`.
+ * Strips `signature` so the disputant signs every other field —
+ * including `cert_signature`, `cert_issuer`, and the evidence body.
+ */
+export function canonicalizeWitnessOmissionDispute(dispute) {
+    const { signature, ...body } = dispute;
+    void signature;
+    return new TextEncoder().encode(canonicalJson(body));
+}
+// ── Signing ──────────────────────────────────────────────────────────
+/**
+ * Sign a `WitnessOmissionDispute` as the disputant. Caller provides
+ * the unsigned body (everything except `suite` and `signature`); this
+ * function appends both.
+ */
+export async function signWitnessOmissionDispute(body, privateKey) {
+    const withSuite = {
+        ...body,
+        suite: WITNESS_OMISSION_DISPUTE_SUITE,
+        signature: "",
+    };
+    const bytes = canonicalizeWitnessOmissionDispute(withSuite);
+    const sig = await signBySuite(WITNESS_OMISSION_DISPUTE_SUITE, bytes, privateKey);
+    return { ...withSuite, signature: toBase64Url(sig) };
+}
+// ── Verifier ─────────────────────────────────────────────────────────
+/**
+ * Verify a `WitnessOmissionDispute` against the disputed cert.
+ *
+ * Step ladder (fail-closed throughout):
+ *   1. Window: `now - cert.issued_at <= WINDOW` AND
+ *      `filed_at ∈ [cert.issued_at, cert.issued_at + WINDOW]`.
+ *   2. Cert binding: `dispute.cert_signature === cert.signature` and
+ *      `dispute.cert_issuer` matches the cert's subject.
+ *   3. Disputant signature over `canonicalJson(dispute minus signature)`.
+ *   4. Evidence: dispatched by `evidence.kind` —
+ *      - `inclusion_proof`: requires cert has a `federation_graph_anchor`;
+ *        verifies the Merkle proof against `anchor.merkle_root`.
+ *      - `alternative_peering`: dispatches on `peering_artifact`'s
+ *        self-described shape (today: federation Heartbeat); verifies
+ *        the embedded signature against the issuer pubkey and the
+ *        timestamp window covers `cert.horizon_ts`.
+ */
+export async function verifyWitnessOmissionDispute(dispute, ctx) {
+    const errors = [];
+    const { cert } = ctx;
+    // ── Step 1: window (two gates) ────────────────────────────────────
+    const windowEnd = cert.issued_at + WITNESS_OMISSION_DISPUTE_WINDOW_MS;
+    const wallClockOpen = ctx.now <= windowEnd;
+    const filedAtInRange = dispute.filed_at >= cert.issued_at && dispute.filed_at <= windowEnd;
+    const windowOpen = wallClockOpen && filedAtInRange;
+    if (!wallClockOpen) {
+        errors.push(`dispute window expired: now (${ctx.now}) > cert.issued_at + ${WITNESS_OMISSION_DISPUTE_WINDOW_MS}ms`);
+    }
+    if (!filedAtInRange) {
+        errors.push("dispute.filed_at outside [cert.issued_at, cert.issued_at + WINDOW] — disputant-attested clock cannot widen window");
+    }
+    // ── Step 2: cert binding ──────────────────────────────────────────
+    let certBindingValid = true;
+    if (dispute.cert_signature !== cert.signature) {
+        errors.push("dispute.cert_signature does not match cert.signature");
+        certBindingValid = false;
+    }
+    const certSubjectId = cert.subject.kind === "motebit"
+        ? cert.subject.motebit_id
+        : cert.subject.operator_id;
+    if (dispute.cert_issuer !== certSubjectId) {
+        errors.push(`dispute.cert_issuer (${dispute.cert_issuer}) does not match cert subject (${certSubjectId})`);
+        certBindingValid = false;
+    }
+    // ── Step 3: disputant signature ───────────────────────────────────
+    let disputantSignatureValid = false;
+    if (ctx.disputantPublicKey === null) {
+        errors.push("disputant public key not resolvable");
+    }
+    else if (dispute.suite !== WITNESS_OMISSION_DISPUTE_SUITE) {
+        errors.push(`unexpected suite: ${String(dispute.suite)}`);
+    }
+    else {
+        const bytes = canonicalizeWitnessOmissionDispute(dispute);
+        let sigBytes;
+        try {
+            sigBytes = fromBase64Url(dispute.signature);
+        }
+        catch {
+            sigBytes = new Uint8Array(0);
+        }
+        if (sigBytes.length === 0) {
+            errors.push("dispute.signature decode failed");
+        }
+        else {
+            disputantSignatureValid = await verifyBySuite(dispute.suite, bytes, sigBytes, ctx.disputantPublicKey);
+            if (!disputantSignatureValid)
+                errors.push("dispute.signature does not verify");
+        }
+    }
+    // Short-circuit evidence verification when prior gates already failed.
+    // The dispute is invalid; the evidence-step result is meaningless.
+    if (!windowOpen || !certBindingValid || !disputantSignatureValid) {
+        return {
+            valid: false,
+            errors,
+            steps: {
+                window_open: windowOpen,
+                cert_binding_valid: certBindingValid,
+                disputant_signature_valid: disputantSignatureValid,
+                evidence_valid: null,
+            },
+        };
+    }
+    // ── Step 4: evidence dispatch ─────────────────────────────────────
+    const evidenceValid = await verifyEvidence(dispute.evidence, cert, ctx, errors);
+    return {
+        valid: errors.length === 0,
+        errors,
+        steps: {
+            window_open: windowOpen,
+            cert_binding_valid: certBindingValid,
+            disputant_signature_valid: disputantSignatureValid,
+            evidence_valid: evidenceValid,
+        },
+    };
+}
+async function verifyEvidence(evidence, cert, ctx, errors) {
+    if (evidence.kind === "inclusion_proof") {
+        const anchor = cert.federation_graph_anchor;
+        if (anchor === undefined) {
+            errors.push("inclusion_proof evidence requires cert.federation_graph_anchor — none present");
+            return false;
+        }
+        if (anchor.leaf_count === 0) {
+            errors.push("inclusion_proof evidence rejected: cert is self-witnessed (anchor.leaf_count=0)");
+            return false;
+        }
+        const ok = await verifyMerkleInclusion(evidence.leaf_hash, evidence.proof.leaf_index, evidence.proof.siblings, evidence.proof.layer_sizes, anchor.merkle_root);
+        if (!ok)
+            errors.push("inclusion proof does not reconstruct to anchor.merkle_root");
+        return ok;
+    }
+    // alternative_peering — closed union; TS narrows after the if-branch.
+    return verifyAlternativePeeringArtifact(evidence.peering_artifact, cert, ctx, errors);
+}
+/**
+ * Verify a peering artifact embedded in `alternative_peering` evidence.
+ * Today: federation Heartbeat is the canonical shape — the only
+ * recurring signed peering attestation in `relay-federation-v1`.
+ *
+ * Heartbeat signing payload (FEDERATION_SUITE = motebit-concat-ed25519-hex-v1):
+ *   `${relay_id}|${timestamp}|${suite}` — UTF-8 concatenation, hex sig.
+ *
+ * The verifier dispatches on the artifact's self-described shape:
+ * presence of `relay_id` (string) + `timestamp` (number) + `signature`
+ * (hex string) identifies the heartbeat shape. Future: PeeringConfirm
+ * or other peering attestations land as additive dispatch arms.
+ */
+async function verifyAlternativePeeringArtifact(artifact, cert, ctx, errors) {
+    const relayId = artifact["relay_id"];
+    const timestamp = artifact["timestamp"];
+    const signatureHex = artifact["signature"];
+    if (typeof relayId !== "string" ||
+        typeof timestamp !== "number" ||
+        typeof signatureHex !== "string") {
+        errors.push("alternative_peering artifact unrecognized — expected federation Heartbeat shape (relay_id, timestamp, signature)");
+        return false;
+    }
+    const certSubjectId = cert.subject.kind === "motebit"
+        ? cert.subject.motebit_id
+        : cert.subject.operator_id;
+    if (relayId !== certSubjectId) {
+        errors.push(`peering artifact relay_id (${relayId}) does not match cert issuer (${certSubjectId})`);
+        return false;
+    }
+    if (Math.abs(timestamp - cert.horizon_ts) > HEARTBEAT_FRESHNESS_WINDOW_MS) {
+        errors.push(`peering artifact timestamp (${timestamp}) outside ±${HEARTBEAT_FRESHNESS_WINDOW_MS}ms of cert.horizon_ts (${cert.horizon_ts})`);
+        return false;
+    }
+    let sigBytes;
+    /* c8 ignore start -- defensive catch; `hexToBytes` (signing.ts) uses parseInt which silently returns NaN for non-hex chars rather than throwing, so this catch is unreachable today. Keep for forward-compat: a future hex-decode primitive that throws (e.g. native Uint8Array.fromHex) would route through this branch and fail closed rather than passing garbage bytes through to verifyBySuite. */
+    try {
+        sigBytes = hexToBytes(signatureHex);
+    }
+    catch {
+        errors.push("peering artifact signature is not valid hex");
+        return false;
+    }
+    /* c8 ignore stop */
+    const payload = new TextEncoder().encode(`${relayId}|${timestamp}|${FEDERATION_HEARTBEAT_SUITE}`);
+    const ok = await verifyBySuite(FEDERATION_HEARTBEAT_SUITE, payload, sigBytes, ctx.issuerPublicKey);
+    if (!ok)
+        errors.push("peering artifact signature does not verify against cert issuer pubkey");
+    return ok;
+}
+//# sourceMappingURL=witness-omission-dispute.js.map

package/dist/witness-omission-dispute.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"witness-omission-dispute.js","sourceRoot":"","sources":["../src/witness-omission-dispute.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAQH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AACrF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACjE,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,kCAAkC,EAAE,MAAM,2BAA2B,CAAC;AAE/E,wEAAwE;AAExE,MAAM,8BAA8B,GAAG,4BAAqC,CAAC;AAC7E,MAAM,0BAA0B,GAAG,+BAAwC,CAAC;AAE5E;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AA6CpD,wEAAwE;AAExE;;;;GAIG;AACH,MAAM,UAAU,kCAAkC,CAAC,OAA+B;IAChF,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IACvC,KAAK,SAAS,CAAC;IACf,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,wEAAwE;AAExE;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,IAAyD,EACzD,UAAsB;IAEtB,MAAM,SAAS,GAA2B;QACxC,GAAG,IAAI;QACP,KAAK,EAAE,8BAA8B;QACrC,SAAS,EAAE,EAAE;KACd,CAAC;IACF,MAAM,KAAK,GAAG,kCAAkC,CAAC,SAAS,CAAC,CAAC;IAC5D,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,8BAA8B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IACjF,OAAO,EAAE,GAAG,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;AACvD,CAAC;AAED,wEAAwE;AAExE;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,OAA+B,EAC/B,GAAwC;IAExC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IAErB,qEAAqE;IACrE,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,GAAG,kCAAkC,CAAC;IACtE,MAAM,aAAa,GAAG,GAAG,CAAC,GAAG,IAAI,SAAS,CAAC;IAC3C,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC,SAAS,IAAI,OAAO,CAAC,QAAQ,IAAI,SAAS,CAAC;IAC3F,MAAM,UAAU,GAAG,aAAa,IAAI,cAAc,CAAC;IACnD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,CAAC,IAAI,CACT,gCAAgC,GAAG,CAAC,GAAG,wBAAwB,kCAAkC,IAAI,CACtG,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CACT,mHAAmH,CACpH,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,IAAI,gBAAgB,GAAG,IAAI,CAAC;IAC5B,IAAI,OAAO,CAAC,cAAc,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QACpE,gBAAgB,GAAG,KAAK,CAAC;IAC3B,CAAC;IACD,MAAM,aAAa,GACjB,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS;QAC7B,CAAC,CAAE,IAAI,CAAC,OAAO,CAAC,UAAqB;QACrC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;IAC/B,IAAI,OAAO,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;QAC1C,MAAM,CAAC,IAAI,CACT,wBAAwB,OAAO,CAAC,WAAW,kCAAkC,aAAa,GAAG,CAC9F,CAAC;QACF,gBAAgB,GAAG,KAAK,CAAC;IAC3B,CAAC;IAED,qEAAqE;IACrE,IAAI,uBAAuB,GAAG,KAAK,CAAC;IACpC,IAAI,GAAG,CAAC,kBAAkB,KAAK,IAAI,EAAE,CAAC;QACpC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;SAAM,IAAI,OAAO,CAAC,KAAK,KAAK,8BAA8B,EAAE,CAAC;QAC5D,MAAM,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,MAAM,KAAK,GAAG,kCAAkC,CAAC,OAAO,CAAC,CAAC;QAC1D,IAAI,QAAoB,CAAC;QACzB,IAAI,CAAC;YACH,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,uBAAuB,GAAG,MAAM,aAAa,CAC3C,OAAO,CAAC,KAAK,EACb,KAAK,EACL,QAAQ,EACR,GAAG,CAAC,kBAAkB,CACvB,CAAC;YACF,IAAI,CAAC,uBAAuB;gBAAE,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,mEAAmE;IACnE,IAAI,CAAC,UAAU,IAAI,CAAC,gBAAgB,IAAI,CAAC,uBAAuB,EAAE,CAAC;QACjE,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM;YACN,KAAK,EAAE;gBACL,WAAW,EAAE,UAAU;gBACvB,kBAAkB,EAAE,gBAAgB;gBACpC,yBAAyB,EAAE,uBAAuB;gBAClD,cAAc,EAAE,IAAI;aACrB;SACF,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;IAEhF,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,KAAK,EAAE;YACL,WAAW,EAAE,UAAU;YACvB,kBAAkB,EAAE,gBAAgB;YACpC,yBAAyB,EAAE,uBAAuB;YAClD,cAAc,EAAE,aAAa;SAC9B;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,QAAiC,EACjC,IAAmE,EACnE,GAAwC,EACxC,MAAgB;IAEhB,IAAI,QAAQ,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,IAAI,CAAC,uBAAuB,CAAC;QAC5C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAC;YAC7F,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CACT,iFAAiF,CAClF,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,EAAE,GAAG,MAAM,qBAAqB,CACpC,QAAQ,CAAC,SAAS,EAClB,QAAQ,CAAC,KAAK,CAAC,UAAU,EACzB,QAAQ,CAAC,KAAK,CAAC,QAAQ,EACvB,QAAQ,CAAC,KAAK,CAAC,WAAW,EAC1B,MAAM,CAAC,WAAW,CACnB,CAAC;QACF,IAAI,CAAC,EAAE;YAAE,MAAM,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QACnF,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,sEAAsE;IACtE,OAAO,gCAAgC,CAAC,QAAQ,CAAC,gBAAgB,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;AACxF,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,KAAK,UAAU,gCAAgC,CAC7C,QAAiC,EACjC,IAAmE,EACnE,GAAwC,EACxC,MAAgB;IAEhB,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC;IACxC,MAAM,YAAY,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC;IAE3C,IACE,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,SAAS,KAAK,QAAQ;QAC7B,OAAO,YAAY,KAAK,QAAQ,EAChC,CAAC;QACD,MAAM,CAAC,IAAI,CACT,kHAAkH,CACnH,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,aAAa,GACjB,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS;QAC7B,CAAC,CAAE,IAAI,CAAC,OAAO,CAAC,UAAqB;QACrC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;IAC/B,IAAI,OAAO,KAAK,aAAa,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CACT,8BAA8B,OAAO,iCAAiC,aAAa,GAAG,CACvF,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,6BAA6B,EAAE,CAAC;QAC1E,MAAM,CAAC,IAAI,CACT,+BAA+B,SAAS,cAAc,6BAA6B,0BAA0B,IAAI,CAAC,UAAU,GAAG,CAChI,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,QAAoB,CAAC;IACzB,wYAAwY;IACxY,IAAI,CAAC;QACH,QAAQ,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;QAC3D,OAAO,KAAK,CAAC;IACf,CAAC;IACD,oBAAoB;IAEpB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,OAAO,IAAI,SAAS,IAAI,0BAA0B,EAAE,CAAC,CAAC;IAClG,MAAM,EAAE,GAAG,MAAM,aAAa,CAC5B,0BAA0B,EAC1B,OAAO,EACP,QAAQ,EACR,GAAG,CAAC,eAAe,CACpB,CAAC;IACF,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;IAC9F,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@motebit/crypto",
-  "version": "1.0.0",
+  "version": "1.2.0",
   "description": "Sign and verify every Motebit artifact — identity files, execution receipts, credentials, delegations, succession records, credential anchors. Ed25519 today, cryptosuite-agile for post-quantum tomorrow. Apache-2.0, zero monorepo dependencies.",
   "type": "module",
   "main": "./dist/index.js",
@@ -64,7 +64,7 @@
     "tsup": "^8.0.0",
     "typescript": "^5.6.0",
     "vitest": "^2.1.0",
-    "@motebit/protocol": "1.0.0"
+    "@motebit/protocol": "1.2.0"
   },
   "engines": {
     "node": ">=20"