@motebit/crypto 1.2.1 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -0
- package/dist/artifacts.d.ts +63 -2
- package/dist/artifacts.d.ts.map +1 -1
- package/dist/content-artifact.d.ts +150 -0
- package/dist/content-artifact.d.ts.map +1 -0
- package/dist/credential-anchor.d.ts +11 -5
- package/dist/credential-anchor.d.ts.map +1 -1
- package/dist/hardware-attestation.d.ts +5 -5
- package/dist/index.d.ts +148 -5
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +270 -46
- package/package.json +3 -2
package/README.md
CHANGED
|
@@ -113,6 +113,11 @@ const vc = await issueReputationCredential(
|
|
|
113
113
|
- **`verifyDelegationChain(chain)`** — Verify a chain of delegations with scope narrowing.
|
|
114
114
|
- **`verifyKeySuccession(record, guardianPublicKeyHex?)`** — Verify a key rotation record.
|
|
115
115
|
- **`verifySuccessionChain(chain, guardianPublicKeyHex?)`** — Verify a full key rotation chain.
|
|
116
|
+
- **`verifyKeyBindingAtTime(identity, signingKeyHex, atTimestampMs, guardianPublicKeyHex?)`** — Sovereign-root identity binding with time-windowing: was this key the motebit's legitimate key _at_ a given time? Verifies the succession chain, then checks the key's active window. Returns `KeyBindingResult`.
|
|
117
|
+
- **`identityLogLeaf(motebitId, currentKeyHex)`** — Canonical SHA-256 leaf of the identity-transparency log (the operator's `motebit_id → current key` commitment). Shared convention for the relay producer and the verifier.
|
|
118
|
+
- **`verifyIdentityBindingAnchored(identity, signingKeyHex, atTimestampMs, proof, guardianPublicKeyHex?)`** — Anchored binding: sovereign-root binding AND Merkle inclusion of the current key in the transparency log under `proof.anchoredRoot`. Confirming the root is on-chain is the caller's cross-check.
|
|
119
|
+
- **`deriveSovereignMotebitId(genesisPublicKeyHex)`** — The sovereign commitment of a genesis key: a deterministic UUIDv8 from `sha256(genesisKey)`. A sovereign-minted motebit's `motebit_id` IS this value, so the id↔key binding is self-certifying (offline, no operator). Second-preimage resistance ~2^122.
|
|
120
|
+
- **`verifySovereignBinding(motebitId, genesisPublicKeyHex)`** — True iff `motebitId` is the sovereign commitment to the genesis key. `verifyKeyBindingAtTime` sets `sovereign: true` on its result when this holds.
|
|
116
121
|
|
|
117
122
|
### Primitives
|
|
118
123
|
|
package/dist/artifacts.d.ts
CHANGED
|
@@ -162,6 +162,48 @@ export declare function signToolInvocationReceipt<T extends Omit<SignableToolInv
|
|
|
162
162
|
* base64, or signature mismatch — same rules as `verifyExecutionReceipt`.
|
|
163
163
|
*/
|
|
164
164
|
export declare function verifyToolInvocationReceipt(receipt: SignableToolInvocationReceipt, publicKey: Uint8Array): Promise<boolean>;
|
|
165
|
+
import type { SignableComputerSessionReceipt, ComputerSessionActionRecord, SettlementAsset } from "@motebit/protocol";
|
|
166
|
+
/** The one suite ComputerSessionReceipts sign under today. */
|
|
167
|
+
export declare const COMPUTER_SESSION_RECEIPT_SUITE: "motebit-jcs-ed25519-b64-v1";
|
|
168
|
+
/**
|
|
169
|
+
* Compute the `actions_hash` for a computer-session receipt — JCS-
|
|
170
|
+
* canonicalize the per-action structural roll-up, SHA-256 the UTF-8
|
|
171
|
+
* bytes, return hex. Use on both sides of the wire: the signer
|
|
172
|
+
* computes at session-close time; verifiers with the per-action
|
|
173
|
+
* records recompute and match.
|
|
174
|
+
*
|
|
175
|
+
* The actions array MUST be in dispatch order — different orderings
|
|
176
|
+
* produce different hashes by construction. The signer is the source
|
|
177
|
+
* of truth for ordering; verifiers replaying from per-action receipts
|
|
178
|
+
* sort by `started_at` ascending (ties broken by `completed_at`).
|
|
179
|
+
*/
|
|
180
|
+
export declare function hashComputerSessionActions(actions: ReadonlyArray<ComputerSessionActionRecord>): Promise<string>;
|
|
181
|
+
/**
|
|
182
|
+
* Sign a computer-session receipt. Mirrors `signToolInvocationReceipt`:
|
|
183
|
+
* stamps the cryptosuite into the body, canonicalizes with JCS,
|
|
184
|
+
* dispatches through `signBySuite`, and encodes as base64url.
|
|
185
|
+
*
|
|
186
|
+
* Caller passes the body without `signature` or `suite`; the signer
|
|
187
|
+
* owns both. Embeds the public key (hex) so the receipt is
|
|
188
|
+
* independently verifiable with no relay lookup.
|
|
189
|
+
*/
|
|
190
|
+
export declare function signComputerSessionReceipt<T extends Omit<SignableComputerSessionReceipt, "public_key"> & {
|
|
191
|
+
public_key?: string;
|
|
192
|
+
}>(receipt: T, privateKey: Uint8Array, publicKey?: Uint8Array): Promise<T & {
|
|
193
|
+
suite: typeof COMPUTER_SESSION_RECEIPT_SUITE;
|
|
194
|
+
signature: string;
|
|
195
|
+
}>;
|
|
196
|
+
/**
|
|
197
|
+
* Verify a computer-session receipt. Fails closed on unknown suite,
|
|
198
|
+
* bad base64, or signature mismatch — same rules as
|
|
199
|
+
* `verifyToolInvocationReceipt`. Caller passes the receipt verbatim
|
|
200
|
+
* (with signature) and the signer's public key; on success the
|
|
201
|
+
* structural body is committed to as-signed.
|
|
202
|
+
*/
|
|
203
|
+
export declare function verifyComputerSessionReceipt(receipt: SignableComputerSessionReceipt & {
|
|
204
|
+
suite: string;
|
|
205
|
+
signature: string;
|
|
206
|
+
}, publicKey: Uint8Array): Promise<boolean>;
|
|
165
207
|
/**
|
|
166
208
|
* Inputs for a sovereign payment receipt — produced by the *payee* when
|
|
167
209
|
* a counterparty pays them directly via an onchain wallet rail (Solana,
|
|
@@ -187,8 +229,15 @@ export interface SovereignPaymentReceiptInput {
|
|
|
187
229
|
tx_hash: string;
|
|
188
230
|
/** Payment amount in micro-units (6 decimals for USDC). */
|
|
189
231
|
amount_micro: bigint;
|
|
190
|
-
/**
|
|
191
|
-
|
|
232
|
+
/**
|
|
233
|
+
* Settlement asset this payment cleared in. Closed union — see
|
|
234
|
+
* `SettlementAsset` in `@motebit/protocol`. The value is embedded in
|
|
235
|
+
* the signed receipt's `result` string and is therefore part of the
|
|
236
|
+
* canonical-JSON-signed payload; tightening the input type forces
|
|
237
|
+
* every signer to provide a registered asset before the receipt can
|
|
238
|
+
* be produced.
|
|
239
|
+
*/
|
|
240
|
+
asset: SettlementAsset;
|
|
192
241
|
/** Brief human-readable description of the service rendered. */
|
|
193
242
|
service_description: string;
|
|
194
243
|
/** SHA-256 hash of the request payload. */
|
|
@@ -216,6 +265,18 @@ export interface ReceiptVerification {
|
|
|
216
265
|
task_id: string;
|
|
217
266
|
motebit_id: string;
|
|
218
267
|
verified: boolean;
|
|
268
|
+
/**
|
|
269
|
+
* Where the verifying key came from. `"external"` = resolved from the
|
|
270
|
+
* caller's `knownKeys` map, so identity binding is established by the
|
|
271
|
+
* caller's trusted source. `"embedded"` = fell back to the receipt's own
|
|
272
|
+
* `public_key`, which proves the bytes are internally consistent but NOT
|
|
273
|
+
* that the key belongs to `motebit_id` — a forged receipt can embed any
|
|
274
|
+
* key and still report `verified: true`. Only `"external"` establishes
|
|
275
|
+
* binding. Absent when no key was resolved (`verified: false`,
|
|
276
|
+
* `error: "unknown motebit_id"`). Callers MUST NOT present an `"embedded"`
|
|
277
|
+
* result as proof of identity.
|
|
278
|
+
*/
|
|
279
|
+
keySource?: "external" | "embedded";
|
|
219
280
|
error?: string;
|
|
220
281
|
delegations: ReceiptVerification[];
|
|
221
282
|
}
|
package/dist/artifacts.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"artifacts.d.ts","sourceRoot":"","sources":["../src/artifacts.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAwCH;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,oFAAoF;IACpF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,eAAe,EAAE,CAAC;IACxC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;;;OAOG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wDAAwD;AACxD,eAAO,MAAM,uBAAuB,EAAG,4BAAqC,CAAC;AAE7E;;;;;;;;;GASG;AACH,wBAAsB,oBAAoB,CAAC,CAAC,SAAS,IAAI,CAAC,eAAe,EAAE,WAAW,GAAG,OAAO,CAAC,EAC/F,OAAO,EAAE,CAAC,EACV,UAAU,EAAE,UAAU,EACtB,SAAS,CAAC,EAAE,UAAU,GACrB,OAAO,CAAC,CAAC,GAAG;IAAE,KAAK,EAAE,OAAO,uBAAuB,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAgC3E;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,eAAe,EACxB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CA+BlB;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,OAAO,CAAC;IACf,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,qFAAqF;IACrF,iBAAiB,EAAE,MAAM,CAAC;IAC1B,yDAAyD;IACzD,MAAM,EAAE,IAAI,GAAG,aAAa,GAAG,YAAY,GAAG,kBAAkB,CAAC;CAClE;AAED,wBAAsB,8BAA8B,CAClD,OAAO,EAAE,eAAe,EACxB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,mBAAmB,CAAC,CAiC9B;AAID;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,6BAA6B;IAC5C,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,oFAAoF;IACpF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,gFAAgF;IAChF,iBAAiB,CAAC,EAAE,UAAU,GAAG,SAAS,GAAG,WAAW,GAAG,gBAAgB,CAAC;IAC5E;;;;;OAKG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,6DAA6D;AAC7D,eAAO,MAAM,6BAA6B,EAAG,4BAAqC,CAAC;AAEnF;;;;;;;;;GASG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAErE;AAED;;;;;;;;GAQG;AACH,wBAAsB,yBAAyB,CAC7C,CAAC,SAAS,IAAI,CAAC,6BAA6B,EAAE,WAAW,GAAG,OAAO,CAAC,EAEpE,OAAO,EAAE,CAAC,EACV,UAAU,EAAE,UAAU,EACtB,SAAS,CAAC,EAAE,UAAU,GACrB,OAAO,CAAC,CAAC,GAAG;IAAE,KAAK,EAAE,OAAO,6BAA6B,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAsBjF;AAED;;;GAGG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,6BAA6B,EACtC,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CA+BlB;AAID;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,4BAA4B;IAC3C,uEAAuE;IACvE,gBAAgB,EAAE,MAAM,CAAC;IACzB,6BAA6B;IAC7B,eAAe,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,gBAAgB,EAAE,MAAM,CAAC;IACzB,iFAAiF;IACjF,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,2DAA2D;IAC3D,YAAY,EAAE,MAAM,CAAC;IACrB,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,gEAAgE;IAChE,mBAAmB,EAAE,MAAM,CAAC;IAC5B,2CAA2C;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,oFAAoF;IACpF,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,2CAA2C;IAC3C,YAAY,EAAE,MAAM,CAAC;IACrB,yCAAyC;IACzC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;GAQG;AACH,wBAAsB,2BAA2B,CAC/C,KAAK,EAAE,4BAA4B,EACnC,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,eAAe,CAAC,CAiB1B;AAID,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC;AAED;;;GAGG;AACH,MAAM,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;AAEhD;;;;GAIG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,eAAe,EACxB,SAAS,EAAE,SAAS,GACnB,OAAO,CAAC,mBAAmB,CAAC,CA+B9B;AAcD,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,eAAe,CAAC;IACzB,iBAAiB,EAAE,UAAU,CAAC;CAC/B;AAED;;;;;;;;;GASG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,iBAAiB,EAAE,GACzB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwB7D;AAID;;;;;;;;;;GAUG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,YAAY,EAAE,eAAe,EAAE,CAAC;AAEhC,uDAAuD;AACvD,eAAO,MAAM,sBAAsB,EAAG,4BAAqC,CAAC;AAE5E;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAClC,UAAU,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,GAAG,OAAO,CAAC,EACxD,mBAAmB,EAAE,UAAU,GAC9B,OAAO,CAAC,eAAe,CAAC,CAM1B;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,eAAe,EAC3B,OAAO,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,OAAO,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAChD,OAAO,CAAC,OAAO,CAAC,CAmBlB;AAED;;;;;;;;;GASG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,eAAe,EAAE,GACvB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAoC7C;AAMD,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC5H,YAAY,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,cAAc,EAAE,iBAAiB,EAAE,CAAC;AAEnG,yFAAyF;AACzF,eAAO,MAAM,sBAAsB,EAAG,4BAAqC,CAAC;AAE5E,2FAA2F;AAC3F,eAAO,MAAM,wBAAwB,EAAG,4BAAqC,CAAC;AAE9E,uFAAuF;AACvF,eAAO,MAAM,qBAAqB,EAAG,4BAAqC,CAAC;AAE3E,4FAA4F;AAC5F,eAAO,MAAM,sBAAsB,EAAG,4BAAqC,CAAC;AAE5E,sFAAsF;AACtF,eAAO,MAAM,oBAAoB,EAAG,4BAAqC,CAAC;AAE1E;;;;;;;;;;GAUG;AACH,wBAAsB,mBAAmB,CACvC,IAAI,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,GAAG,OAAO,CAAC,EAClD,cAAc,EAAE,UAAU,GACzB,OAAO,CAAC,eAAe,CAAC,CAM1B;AAED;;;;;;GAMG;AACH,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,eAAe,EACrB,aAAa,EAAE,UAAU,GACxB,OAAO,CAAC,OAAO,CAAC,CAWlB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,qBAAqB,CACzC,UAAU,EAAE,IAAI,CAAC,iBAAiB,EAAE,WAAW,GAAG,OAAO,CAAC,EAC1D,qBAAqB,EAAE,UAAU,GAChC,OAAO,CAAC,iBAAiB,CAAC,CAM5B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,uBAAuB,CAC3C,UAAU,EAAE,iBAAiB,EAC7B,oBAAoB,EAAE,UAAU,EAChC,QAAQ,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,GACjC,OAAO,CAAC,OAAO,CAAC,CA2BlB;AAED;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,IAAI,CAAC,cAAc,EAAE,WAAW,GAAG,OAAO,CAAC,EACpD,eAAe,EAAE,UAAU,GAC1B,OAAO,CAAC,cAAc,CAAC,CAMzB;AAED;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,cAAc,EACvB,cAAc,EAAE,UAAU,GACzB,OAAO,CAAC,OAAO,CAAC,CAWlB;AAED;;;;;;;GAOG;AACH,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,GAAG,OAAO,CAAC,EACtD,mBAAmB,EAAE,UAAU,GAC9B,OAAO,CAAC,eAAe,CAAC,CAM1B;AAED;;;;;;GAMG;AACH,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,eAAe,EACzB,kBAAkB,EAAE,UAAU,GAC7B,OAAO,CAAC,OAAO,CAAC,CAWlB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE,WAAW,GAAG,OAAO,CAAC,EAClD,kBAAkB,EAAE,UAAU,GAC7B,OAAO,CAAC,aAAa,CAAC,CAMxB;AAED;;;;GAIG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,aAAa,EACrB,iBAAiB,EAAE,UAAU,GAC5B,OAAO,CAAC,OAAO,CAAC,CAWlB;AAID,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AAC9D,YAAY,EAAE,oBAAoB,EAAE,CAAC;AAErC,4DAA4D;AAC5D,eAAO,MAAM,2BAA2B,EAAG,4BAAqC,CAAC;AAEjF;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,IAAI,CAAC,oBAAoB,EAAE,WAAW,GAAG,OAAO,GAAG,YAAY,CAAC,EACzE,UAAU,EAAE,UAAU,EACtB,SAAS,CAAC,EAAE,UAAU,GACrB,OAAO,CAAC,oBAAoB,CAAC,CAS/B;AAED;;;;;;GAMG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,oBAAoB,EAC7B,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CAWlB;AAID,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACvD,YAAY,EAAE,aAAa,EAAE,CAAC;AAE9B,yFAAyF;AACzF,eAAO,MAAM,oBAAoB,EAAG,4BAAqC,CAAC;AAE1E;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE,WAAW,GAAG,OAAO,CAAC,EAClD,eAAe,EAAE,UAAU,GAC1B,OAAO,CAAC,aAAa,CAAC,CAMxB;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,aAAa,EACrB,cAAc,EAAE,UAAU,GACzB,OAAO,CAAC,OAAO,CAAC,CAWlB;AAID,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,YAAY,EAAE,gBAAgB,EAAE,CAAC;AAEjC,wDAAwD;AACxD,eAAO,MAAM,uBAAuB,EAAG,4BAAqC,CAAC;AAE7E;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CAClC,UAAU,EAAE,IAAI,CAAC,gBAAgB,EAAE,WAAW,GAAG,OAAO,CAAC,EACzD,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,gBAAgB,CAAC,CAM3B;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,gBAAgB,EAC5B,eAAe,EAAE,UAAU,GAC1B,OAAO,CAAC,OAAO,CAAC,CAWlB;AAID,2DAA2D;AAC3D,eAAO,MAAM,oBAAoB,EAAG,4BAAqC,CAAC;AAE1E;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;;OAKG;IACH,KAAK,EAAE,OAAO,oBAAoB,CAAC;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oEAAoE;IACpE,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,+DAA+D;IAC/D,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AA6BD;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,aAAa,EAAE,UAAU,EACzB,aAAa,EAAE,UAAU,EACzB,YAAY,EAAE,UAAU,EACxB,YAAY,EAAE,UAAU,EACxB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,mBAAmB,CAAC,CAoB9B;AAED;;;;GAIG;AACH,wBAAsB,8BAA8B,CAClD,kBAAkB,EAAE,UAAU,EAC9B,aAAa,EAAE,UAAU,EACzB,YAAY,EAAE,UAAU,EACxB,YAAY,EAAE,UAAU,EACxB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,mBAAmB,CAAC,CA4B9B;AAED;;;;;GAKG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,mBAAmB,EAC3B,oBAAoB,CAAC,EAAE,MAAM,GAC5B,OAAO,CAAC,OAAO,CAAC,CAgClB;AAID,kDAAkD;AAClD,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,OAAO,CAAC;IACf,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAC5C;AAED;;;GAGG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,mBAAmB,EAAE,EAC5B,oBAAoB,CAAC,EAAE,MAAM,GAC5B,OAAO,CAAC,qBAAqB,CAAC,CA+EhC;AAID,sEAAsE;AACtE,eAAO,MAAM,yBAAyB,EAAG,4BAAqC,CAAC;AAE/E;;;;GAIG;AACH,wBAAsB,sBAAsB,CAC1C,kBAAkB,EAAE,UAAU,EAC9B,kBAAkB,EAAE,UAAU,EAC9B,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC;IACT,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC,CAkBD;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,UAAU,EAAE;IACV,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB,EACD,oBAAoB,EAAE,MAAM,EAC5B,oBAAoB,EAAE,MAAM,GAC3B,OAAO,CAAC,OAAO,CAAC,CA+BlB;AAID,4DAA4D;AAC5D,eAAO,MAAM,2BAA2B,EAAG,4BAAqC,CAAC;AAEjF,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB,EAAE,eAAe,EAAE,CAAC;IACxC,YAAY,EAAE,MAAM,CAAC;IACrB;;;;OAIG;IACH,KAAK,EAAE,OAAO,2BAA2B,CAAC;IAC1C,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED;;;;GAIG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,IAAI,CAAC,4BAA4B,EAAE,cAAc,GAAG,qBAAqB,GAAG,OAAO,CAAC,EAC7F,mBAAmB,EAAE,UAAU,GAC9B,OAAO,CAAC,4BAA4B,CAAC,CAoBvC;AAED;;;;;;GAMG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,4BAA4B,EACrC,kBAAkB,EAAE,UAAU,EAC9B,eAAe,CAAC,EAAE,SAAS,GAC1B,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAuD7C;AAcD,mEAAmE;AACnE,eAAO,MAAM,yBAAyB,EAAG,4BAAqC,CAAC;AAE/E;;;GAGG;AACH,MAAM,WAAW,0BAA0B;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,yBAAyB,CAAC;IACxC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;GAQG;AACH,wBAAsB,sBAAsB,CAC1C,CAAC,SAAS,IAAI,CAAC,0BAA0B,EAAE,WAAW,GAAG,OAAO,CAAC,EAEjE,IAAI,EAAE,CAAC,EACP,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,CAAC,GAAG;IAAE,KAAK,EAAE,OAAO,yBAAyB,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAS7E;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,8BAA8B,GACtC;IAAE,KAAK,EAAE,IAAI,CAAA;CAAE,GACf;IAAE,KAAK,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,WAAW,GAAG,OAAO,GAAG,mBAAmB,GAAG,eAAe,CAAA;CAAE,CAAC;AAE5F,qFAAqF;AACrF,eAAO,MAAM,8BAA8B,QAAgB,CAAC;AAE5D,wBAAsB,wBAAwB,CAC5C,IAAI,EAAE,0BAA0B,EAChC,GAAG,GAAE,MAAmB,GACvB,OAAO,CAAC,8BAA8B,CAAC,CAoCzC"}
|
|
1
|
+
{"version":3,"file":"artifacts.d.ts","sourceRoot":"","sources":["../src/artifacts.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAwCH;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,oFAAoF;IACpF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,eAAe,EAAE,CAAC;IACxC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;;;OAOG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wDAAwD;AACxD,eAAO,MAAM,uBAAuB,EAAG,4BAAqC,CAAC;AAE7E;;;;;;;;;GASG;AACH,wBAAsB,oBAAoB,CAAC,CAAC,SAAS,IAAI,CAAC,eAAe,EAAE,WAAW,GAAG,OAAO,CAAC,EAC/F,OAAO,EAAE,CAAC,EACV,UAAU,EAAE,UAAU,EACtB,SAAS,CAAC,EAAE,UAAU,GACrB,OAAO,CAAC,CAAC,GAAG;IAAE,KAAK,EAAE,OAAO,uBAAuB,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAgC3E;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,eAAe,EACxB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CA+BlB;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,OAAO,CAAC;IACf,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,qFAAqF;IACrF,iBAAiB,EAAE,MAAM,CAAC;IAC1B,yDAAyD;IACzD,MAAM,EAAE,IAAI,GAAG,aAAa,GAAG,YAAY,GAAG,kBAAkB,CAAC;CAClE;AAED,wBAAsB,8BAA8B,CAClD,OAAO,EAAE,eAAe,EACxB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,mBAAmB,CAAC,CAiC9B;AAID;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,6BAA6B;IAC5C,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,oFAAoF;IACpF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,gFAAgF;IAChF,iBAAiB,CAAC,EAAE,UAAU,GAAG,SAAS,GAAG,WAAW,GAAG,gBAAgB,CAAC;IAC5E;;;;;OAKG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,6DAA6D;AAC7D,eAAO,MAAM,6BAA6B,EAAG,4BAAqC,CAAC;AAEnF;;;;;;;;;GASG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAErE;AAED;;;;;;;;GAQG;AACH,wBAAsB,yBAAyB,CAC7C,CAAC,SAAS,IAAI,CAAC,6BAA6B,EAAE,WAAW,GAAG,OAAO,CAAC,EAEpE,OAAO,EAAE,CAAC,EACV,UAAU,EAAE,UAAU,EACtB,SAAS,CAAC,EAAE,UAAU,GACrB,OAAO,CAAC,CAAC,GAAG;IAAE,KAAK,EAAE,OAAO,6BAA6B,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAsBjF;AAED;;;GAGG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,6BAA6B,EACtC,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CA+BlB;AAWD,OAAO,KAAK,EACV,8BAA8B,EAC9B,2BAA2B,EAC3B,eAAe,EAChB,MAAM,mBAAmB,CAAC;AAE3B,8DAA8D;AAC9D,eAAO,MAAM,8BAA8B,EAAG,4BAAqC,CAAC;AAEpF;;;;;;;;;;;GAWG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,aAAa,CAAC,2BAA2B,CAAC,GAClD,OAAO,CAAC,MAAM,CAAC,CAEjB;AAED;;;;;;;;GAQG;AACH,wBAAsB,0BAA0B,CAC9C,CAAC,SAAS,IAAI,CAAC,8BAA8B,EAAE,YAAY,CAAC,GAAG;IAAE,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,EAEtF,OAAO,EAAE,CAAC,EACV,UAAU,EAAE,UAAU,EACtB,SAAS,CAAC,EAAE,UAAU,GACrB,OAAO,CAAC,CAAC,GAAG;IAAE,KAAK,EAAE,OAAO,8BAA8B,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAsBlF;AAED;;;;;;GAMG;AACH,wBAAsB,4BAA4B,CAChD,OAAO,EAAE,8BAA8B,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,EAC9E,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CA+BlB;AAID;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,4BAA4B;IAC3C,uEAAuE;IACvE,gBAAgB,EAAE,MAAM,CAAC;IACzB,6BAA6B;IAC7B,eAAe,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,gBAAgB,EAAE,MAAM,CAAC;IACzB,iFAAiF;IACjF,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,2DAA2D;IAC3D,YAAY,EAAE,MAAM,CAAC;IACrB;;;;;;;OAOG;IACH,KAAK,EAAE,eAAe,CAAC;IACvB,gEAAgE;IAChE,mBAAmB,EAAE,MAAM,CAAC;IAC5B,2CAA2C;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,oFAAoF;IACpF,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,2CAA2C;IAC3C,YAAY,EAAE,MAAM,CAAC;IACrB,yCAAyC;IACzC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;GAQG;AACH,wBAAsB,2BAA2B,CAC/C,KAAK,EAAE,4BAA4B,EACnC,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,eAAe,CAAC,CAiB1B;AAID,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;IAClB;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,UAAU,GAAG,UAAU,CAAC;IACpC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC;AAED;;;GAGG;AACH,MAAM,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;AAEhD;;;;GAIG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,eAAe,EACxB,SAAS,EAAE,SAAS,GACnB,OAAO,CAAC,mBAAmB,CAAC,CA4C9B;AAcD,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,eAAe,CAAC;IACzB,iBAAiB,EAAE,UAAU,CAAC;CAC/B;AAED;;;;;;;;;GASG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,iBAAiB,EAAE,GACzB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwB7D;AAID;;;;;;;;;;GAUG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,YAAY,EAAE,eAAe,EAAE,CAAC;AAEhC,uDAAuD;AACvD,eAAO,MAAM,sBAAsB,EAAG,4BAAqC,CAAC;AAE5E;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAClC,UAAU,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,GAAG,OAAO,CAAC,EACxD,mBAAmB,EAAE,UAAU,GAC9B,OAAO,CAAC,eAAe,CAAC,CAM1B;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,eAAe,EAC3B,OAAO,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,OAAO,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAChD,OAAO,CAAC,OAAO,CAAC,CAmBlB;AAED;;;;;;;;;GASG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,eAAe,EAAE,GACvB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAoC7C;AAMD,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC5H,YAAY,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,cAAc,EAAE,iBAAiB,EAAE,CAAC;AAEnG,yFAAyF;AACzF,eAAO,MAAM,sBAAsB,EAAG,4BAAqC,CAAC;AAE5E,2FAA2F;AAC3F,eAAO,MAAM,wBAAwB,EAAG,4BAAqC,CAAC;AAE9E,uFAAuF;AACvF,eAAO,MAAM,qBAAqB,EAAG,4BAAqC,CAAC;AAE3E,4FAA4F;AAC5F,eAAO,MAAM,sBAAsB,EAAG,4BAAqC,CAAC;AAE5E,sFAAsF;AACtF,eAAO,MAAM,oBAAoB,EAAG,4BAAqC,CAAC;AAE1E;;;;;;;;;;GAUG;AACH,wBAAsB,mBAAmB,CACvC,IAAI,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,GAAG,OAAO,CAAC,EAClD,cAAc,EAAE,UAAU,GACzB,OAAO,CAAC,eAAe,CAAC,CAM1B;AAED;;;;;;GAMG;AACH,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,eAAe,EACrB,aAAa,EAAE,UAAU,GACxB,OAAO,CAAC,OAAO,CAAC,CAWlB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,qBAAqB,CACzC,UAAU,EAAE,IAAI,CAAC,iBAAiB,EAAE,WAAW,GAAG,OAAO,CAAC,EAC1D,qBAAqB,EAAE,UAAU,GAChC,OAAO,CAAC,iBAAiB,CAAC,CAM5B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,uBAAuB,CAC3C,UAAU,EAAE,iBAAiB,EAC7B,oBAAoB,EAAE,UAAU,EAChC,QAAQ,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,GACjC,OAAO,CAAC,OAAO,CAAC,CA2BlB;AAED;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,IAAI,CAAC,cAAc,EAAE,WAAW,GAAG,OAAO,CAAC,EACpD,eAAe,EAAE,UAAU,GAC1B,OAAO,CAAC,cAAc,CAAC,CAMzB;AAED;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,cAAc,EACvB,cAAc,EAAE,UAAU,GACzB,OAAO,CAAC,OAAO,CAAC,CAWlB;AAED;;;;;;;GAOG;AACH,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,GAAG,OAAO,CAAC,EACtD,mBAAmB,EAAE,UAAU,GAC9B,OAAO,CAAC,eAAe,CAAC,CAM1B;AAED;;;;;;GAMG;AACH,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,eAAe,EACzB,kBAAkB,EAAE,UAAU,GAC7B,OAAO,CAAC,OAAO,CAAC,CAWlB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE,WAAW,GAAG,OAAO,CAAC,EAClD,kBAAkB,EAAE,UAAU,GAC7B,OAAO,CAAC,aAAa,CAAC,CAMxB;AAED;;;;GAIG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,aAAa,EACrB,iBAAiB,EAAE,UAAU,GAC5B,OAAO,CAAC,OAAO,CAAC,CAWlB;AAID,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AAC9D,YAAY,EAAE,oBAAoB,EAAE,CAAC;AAErC,4DAA4D;AAC5D,eAAO,MAAM,2BAA2B,EAAG,4BAAqC,CAAC;AAEjF;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,IAAI,CAAC,oBAAoB,EAAE,WAAW,GAAG,OAAO,GAAG,YAAY,CAAC,EACzE,UAAU,EAAE,UAAU,EACtB,SAAS,CAAC,EAAE,UAAU,GACrB,OAAO,CAAC,oBAAoB,CAAC,CAS/B;AAED;;;;;;GAMG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,oBAAoB,EAC7B,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CAWlB;AAID,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACvD,YAAY,EAAE,aAAa,EAAE,CAAC;AAE9B,yFAAyF;AACzF,eAAO,MAAM,oBAAoB,EAAG,4BAAqC,CAAC;AAE1E;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE,WAAW,GAAG,OAAO,CAAC,EAClD,eAAe,EAAE,UAAU,GAC1B,OAAO,CAAC,aAAa,CAAC,CAMxB;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,aAAa,EACrB,cAAc,EAAE,UAAU,GACzB,OAAO,CAAC,OAAO,CAAC,CAWlB;AAID,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,YAAY,EAAE,gBAAgB,EAAE,CAAC;AAEjC,wDAAwD;AACxD,eAAO,MAAM,uBAAuB,EAAG,4BAAqC,CAAC;AAE7E;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CAClC,UAAU,EAAE,IAAI,CAAC,gBAAgB,EAAE,WAAW,GAAG,OAAO,CAAC,EACzD,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,gBAAgB,CAAC,CAM3B;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,gBAAgB,EAC5B,eAAe,EAAE,UAAU,GAC1B,OAAO,CAAC,OAAO,CAAC,CAWlB;AAID,2DAA2D;AAC3D,eAAO,MAAM,oBAAoB,EAAG,4BAAqC,CAAC;AAE1E;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;;OAKG;IACH,KAAK,EAAE,OAAO,oBAAoB,CAAC;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oEAAoE;IACpE,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,+DAA+D;IAC/D,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AA6BD;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,aAAa,EAAE,UAAU,EACzB,aAAa,EAAE,UAAU,EACzB,YAAY,EAAE,UAAU,EACxB,YAAY,EAAE,UAAU,EACxB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,mBAAmB,CAAC,CAoB9B;AAED;;;;GAIG;AACH,wBAAsB,8BAA8B,CAClD,kBAAkB,EAAE,UAAU,EAC9B,aAAa,EAAE,UAAU,EACzB,YAAY,EAAE,UAAU,EACxB,YAAY,EAAE,UAAU,EACxB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,mBAAmB,CAAC,CA4B9B;AAED;;;;;GAKG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,mBAAmB,EAC3B,oBAAoB,CAAC,EAAE,MAAM,GAC5B,OAAO,CAAC,OAAO,CAAC,CAgClB;AAID,kDAAkD;AAClD,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,OAAO,CAAC;IACf,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAC5C;AAED;;;GAGG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,mBAAmB,EAAE,EAC5B,oBAAoB,CAAC,EAAE,MAAM,GAC5B,OAAO,CAAC,qBAAqB,CAAC,CA+EhC;AAID,sEAAsE;AACtE,eAAO,MAAM,yBAAyB,EAAG,4BAAqC,CAAC;AAE/E;;;;GAIG;AACH,wBAAsB,sBAAsB,CAC1C,kBAAkB,EAAE,UAAU,EAC9B,kBAAkB,EAAE,UAAU,EAC9B,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC;IACT,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC,CAkBD;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,UAAU,EAAE;IACV,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB,EACD,oBAAoB,EAAE,MAAM,EAC5B,oBAAoB,EAAE,MAAM,GAC3B,OAAO,CAAC,OAAO,CAAC,CA+BlB;AAID,4DAA4D;AAC5D,eAAO,MAAM,2BAA2B,EAAG,4BAAqC,CAAC;AAEjF,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB,EAAE,eAAe,EAAE,CAAC;IACxC,YAAY,EAAE,MAAM,CAAC;IACrB;;;;OAIG;IACH,KAAK,EAAE,OAAO,2BAA2B,CAAC;IAC1C,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED;;;;GAIG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,IAAI,CAAC,4BAA4B,EAAE,cAAc,GAAG,qBAAqB,GAAG,OAAO,CAAC,EAC7F,mBAAmB,EAAE,UAAU,GAC9B,OAAO,CAAC,4BAA4B,CAAC,CAoBvC;AAED;;;;;;GAMG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,4BAA4B,EACrC,kBAAkB,EAAE,UAAU,EAC9B,eAAe,CAAC,EAAE,SAAS,GAC1B,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAuD7C;AAcD,mEAAmE;AACnE,eAAO,MAAM,yBAAyB,EAAG,4BAAqC,CAAC;AAE/E;;;GAGG;AACH,MAAM,WAAW,0BAA0B;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,yBAAyB,CAAC;IACxC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;GAQG;AACH,wBAAsB,sBAAsB,CAC1C,CAAC,SAAS,IAAI,CAAC,0BAA0B,EAAE,WAAW,GAAG,OAAO,CAAC,EAEjE,IAAI,EAAE,CAAC,EACP,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,CAAC,GAAG;IAAE,KAAK,EAAE,OAAO,yBAAyB,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAS7E;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,8BAA8B,GACtC;IAAE,KAAK,EAAE,IAAI,CAAA;CAAE,GACf;IAAE,KAAK,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,WAAW,GAAG,OAAO,GAAG,mBAAmB,GAAG,eAAe,CAAA;CAAE,CAAC;AAE5F,qFAAqF;AACrF,eAAO,MAAM,8BAA8B,QAAgB,CAAC;AAE5D,wBAAsB,wBAAwB,CAC5C,IAAI,EAAE,0BAA0B,EAChC,GAAG,GAAE,MAAmB,GACvB,OAAO,CAAC,8BAA8B,CAAC,CAoCzC"}
|
|
@@ -0,0 +1,150 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Content-artifact provenance — sign and verify arbitrary content bytes
|
|
3
|
+
* with a manifest binding them to a producer identity, an invocation
|
|
4
|
+
* context, and a moment in time.
|
|
5
|
+
*
|
|
6
|
+
* Where motebit produces a **standalone artifact that travels
|
|
7
|
+
* independently** of the conversation context — memory exports, audit-
|
|
8
|
+
* trail JSON, plan dumps, eventually generated documents and media —
|
|
9
|
+
* the `ContentArtifactManifest` is the provenance envelope. C2PA-shape
|
|
10
|
+
* (industry standard for content authenticity): manifest separate from
|
|
11
|
+
* content, signed over canonical JSON of the manifest with the
|
|
12
|
+
* content's SHA-256 hash bound in.
|
|
13
|
+
*
|
|
14
|
+
* Verification:
|
|
15
|
+
*
|
|
16
|
+
* 1. Recompute SHA-256 over the content bytes; reject if it doesn't
|
|
17
|
+
* match `manifest.content_hash`.
|
|
18
|
+
* 2. Verify the manifest signature against `manifest.producer_public_key`
|
|
19
|
+
* via `verifyBySuite`. Reject on signature mismatch.
|
|
20
|
+
*
|
|
21
|
+
* Both passes → the artifact is provably produced by the named identity
|
|
22
|
+
* at the named time. No relay contact, no operator trust, no
|
|
23
|
+
* out-of-band metadata — only `@motebit/crypto` and the bytes.
|
|
24
|
+
*
|
|
25
|
+
* Doctrine: `docs/doctrine/self-attesting-system.md` — every motebit
|
|
26
|
+
* claim is independently verifiable using only published primitives
|
|
27
|
+
* and the signer's public key. `docs/doctrine/nist-alignment.md` §8 —
|
|
28
|
+
* the content-provenance ask collapses here.
|
|
29
|
+
*
|
|
30
|
+
* Same canonical-JSON + Ed25519 + suite-dispatch pattern as
|
|
31
|
+
* `signExecutionReceipt` (artifacts.ts) and `signSkillManifest`
|
|
32
|
+
* (skills.ts). Permissive-floor primitive.
|
|
33
|
+
*/
|
|
34
|
+
import type { ContentArtifactType, SuiteId } from "@motebit/protocol";
|
|
35
|
+
/**
|
|
36
|
+
* Pinned cryptosuite for content-artifact manifests. JCS canonicalization
|
|
37
|
+
* + Ed25519 + hex signature encoding. Matches identity-file + credential-
|
|
38
|
+
* anchor + relay-metadata family (see `SUITE_REGISTRY` in
|
|
39
|
+
* `@motebit/protocol/crypto-suite.ts`).
|
|
40
|
+
*/
|
|
41
|
+
export declare const CONTENT_ARTIFACT_SUITE: SuiteId;
|
|
42
|
+
/**
|
|
43
|
+
* The provenance manifest. Bound to its content via `content_hash`;
|
|
44
|
+
* bound to its producer via signature over `producer_public_key`.
|
|
45
|
+
*
|
|
46
|
+
* `claim_generator` mirrors C2PA's identifier-of-producing-software
|
|
47
|
+
* field; `produced_at` is the wall-clock time the artifact was
|
|
48
|
+
* assembled; `invocation` is the optional cross-reference back into
|
|
49
|
+
* motebit's execution ledger (the receipt or task that triggered the
|
|
50
|
+
* artifact's production).
|
|
51
|
+
*/
|
|
52
|
+
export interface ContentArtifactManifest {
|
|
53
|
+
/** Cryptosuite identifier — `motebit-jcs-ed25519-hex-v1` today. */
|
|
54
|
+
readonly suite: SuiteId;
|
|
55
|
+
/** Identifier of the software that produced the artifact, e.g. `"motebit/1.2.3"`. */
|
|
56
|
+
readonly claim_generator: string;
|
|
57
|
+
/** ISO-8601 UTC timestamp when the artifact was produced. */
|
|
58
|
+
readonly produced_at: string;
|
|
59
|
+
/** Producer's DID — typically `did:key:zXXX` derived from the public key. */
|
|
60
|
+
readonly producer: string;
|
|
61
|
+
/** Producer's public key in lowercase hex (32 bytes / 64 chars for Ed25519). */
|
|
62
|
+
readonly producer_public_key: string;
|
|
63
|
+
/**
|
|
64
|
+
* Artifact category from the closed `ContentArtifactType` registry in
|
|
65
|
+
* `@motebit/protocol`. Producer-declared; drift gate
|
|
66
|
+
* `check-artifact-type-canonical` enforces every literal at a
|
|
67
|
+
* signing site is a registry member.
|
|
68
|
+
*/
|
|
69
|
+
readonly artifact_type: ContentArtifactType;
|
|
70
|
+
/** SHA-256 of the canonical content bytes, lowercase hex. */
|
|
71
|
+
readonly content_hash: string;
|
|
72
|
+
/** Optional cross-reference into motebit's execution ledger. */
|
|
73
|
+
readonly invocation?: {
|
|
74
|
+
readonly task_id?: string;
|
|
75
|
+
readonly receipt_id?: string;
|
|
76
|
+
};
|
|
77
|
+
/** Signature over `canonicalJson({...manifest minus signature})`, base64url-encoded. */
|
|
78
|
+
readonly signature: string;
|
|
79
|
+
}
|
|
80
|
+
/**
|
|
81
|
+
* Inputs for `signContentArtifact`. `producerPublicKey` is required
|
|
82
|
+
* alongside the private key so the manifest carries it self-describingly
|
|
83
|
+
* — verifiers don't need a separate channel to learn the verification
|
|
84
|
+
* key.
|
|
85
|
+
*/
|
|
86
|
+
export interface SignContentArtifactOptions {
|
|
87
|
+
/** Artifact category — embedded in the manifest. Closed registry in `@motebit/protocol`. */
|
|
88
|
+
readonly artifactType: ContentArtifactType;
|
|
89
|
+
/** Producer's DID (e.g. `did:key:zXXX`). */
|
|
90
|
+
readonly producer: string;
|
|
91
|
+
/** Producer's Ed25519 public key (32 bytes). */
|
|
92
|
+
readonly producerPublicKey: Uint8Array;
|
|
93
|
+
/** Producer's Ed25519 private key (32 bytes). */
|
|
94
|
+
readonly producerPrivateKey: Uint8Array;
|
|
95
|
+
/** Software-identity claim, e.g. `"motebit/1.2.3"`. */
|
|
96
|
+
readonly claimGenerator: string;
|
|
97
|
+
/** Optional invocation cross-reference. */
|
|
98
|
+
readonly invocation?: {
|
|
99
|
+
readonly task_id?: string;
|
|
100
|
+
readonly receipt_id?: string;
|
|
101
|
+
};
|
|
102
|
+
/**
|
|
103
|
+
* Override the pinned suite. Default `CONTENT_ARTIFACT_SUITE`. Useful
|
|
104
|
+
* only for PQ migration once a new `SuiteId` lands; today every caller
|
|
105
|
+
* uses the default.
|
|
106
|
+
*/
|
|
107
|
+
readonly suite?: SuiteId;
|
|
108
|
+
/**
|
|
109
|
+
* Override the `produced_at` timestamp. Internal — exposed only for
|
|
110
|
+
* deterministic tests. Production callers omit this and let the
|
|
111
|
+
* primitive stamp the current time.
|
|
112
|
+
*/
|
|
113
|
+
readonly producedAt?: string;
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* Sign content bytes, returning a `ContentArtifactManifest` that binds
|
|
117
|
+
* the producer, the content, and the moment of production. The content
|
|
118
|
+
* bytes themselves are NOT in the manifest — only their hash — so the
|
|
119
|
+
* manifest can be transported separately (e.g. as an HTTP header)
|
|
120
|
+
* without doubling the payload.
|
|
121
|
+
*/
|
|
122
|
+
export declare function signContentArtifact(content: Uint8Array, options: SignContentArtifactOptions): Promise<ContentArtifactManifest>;
|
|
123
|
+
/** Verification outcome with a structured failure reason for audit logging. */
|
|
124
|
+
export interface VerifyContentArtifactResult {
|
|
125
|
+
readonly valid: boolean;
|
|
126
|
+
/** Structured failure reason when `valid === false`. */
|
|
127
|
+
readonly reason?: "content_hash_mismatch" | "signature_invalid" | "malformed_public_key" | "malformed_signature" | "unsupported_suite";
|
|
128
|
+
}
|
|
129
|
+
/**
|
|
130
|
+
* Verify a `ContentArtifactManifest` against the content bytes it
|
|
131
|
+
* claims to cover. Two-step check: content-hash recomputation
|
|
132
|
+
* (catches tampering of the bytes) and signature verification
|
|
133
|
+
* against the manifest's declared public key (catches tampering of
|
|
134
|
+
* the manifest itself). Both must pass.
|
|
135
|
+
*
|
|
136
|
+
* Fail-closed: every rejection returns a typed reason rather than
|
|
137
|
+
* throwing. The caller decides how to surface — audit log entry,
|
|
138
|
+
* UI banner, 4xx response.
|
|
139
|
+
*
|
|
140
|
+
* Trust note: this primitive verifies the signature against the
|
|
141
|
+
* key declared IN the manifest. The caller is responsible for
|
|
142
|
+
* confirming that declared key is who they expect (e.g. pinning a
|
|
143
|
+
* relay's identity key, checking a known motebit's public key).
|
|
144
|
+
* Without that out-of-band binding, the manifest only proves
|
|
145
|
+
* "someone with this key produced these bytes" — not "this
|
|
146
|
+
* specific motebit." The producer DID is for human display; the
|
|
147
|
+
* key is the cryptographic anchor.
|
|
148
|
+
*/
|
|
149
|
+
export declare function verifyContentArtifact(manifest: ContentArtifactManifest, content: Uint8Array): Promise<VerifyContentArtifactResult>;
|
|
150
|
+
//# sourceMappingURL=content-artifact.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"content-artifact.d.ts","sourceRoot":"","sources":["../src/content-artifact.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAWH,OAAO,KAAK,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAEtE;;;;;GAKG;AACH,eAAO,MAAM,sBAAsB,EAAE,OAAsC,CAAC;AAE5E;;;;;;;;;GASG;AACH,MAAM,WAAW,uBAAuB;IACtC,mEAAmE;IACnE,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,qFAAqF;IACrF,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,6DAA6D;IAC7D,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,6EAA6E;IAC7E,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,gFAAgF;IAChF,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC;;;;;OAKG;IACH,QAAQ,CAAC,aAAa,EAAE,mBAAmB,CAAC;IAC5C,6DAA6D;IAC7D,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,gEAAgE;IAChE,QAAQ,CAAC,UAAU,CAAC,EAAE;QACpB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;KAC9B,CAAC;IACF,wFAAwF;IACxF,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;GAKG;AACH,MAAM,WAAW,0BAA0B;IACzC,4FAA4F;IAC5F,QAAQ,CAAC,YAAY,EAAE,mBAAmB,CAAC;IAC3C,4CAA4C;IAC5C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,gDAAgD;IAChD,QAAQ,CAAC,iBAAiB,EAAE,UAAU,CAAC;IACvC,iDAAiD;IACjD,QAAQ,CAAC,kBAAkB,EAAE,UAAU,CAAC;IACxC,uDAAuD;IACvD,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,2CAA2C;IAC3C,QAAQ,CAAC,UAAU,CAAC,EAAE;QAAE,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAClF;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IACzB;;;;OAIG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;CAC9B;AAOD;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,UAAU,EACnB,OAAO,EAAE,0BAA0B,GAClC,OAAO,CAAC,uBAAuB,CAAC,CAgBlC;AAED,+EAA+E;AAC/E,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,wDAAwD;IACxD,QAAQ,CAAC,MAAM,CAAC,EACZ,uBAAuB,GACvB,mBAAmB,GACnB,sBAAsB,GACtB,qBAAqB,GACrB,mBAAmB,CAAC;CACzB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,uBAAuB,EACjC,OAAO,EAAE,UAAU,GAClB,OAAO,CAAC,2BAA2B,CAAC,CA2DtC"}
|
|
@@ -149,17 +149,23 @@ export interface RevocationAnchorProof {
|
|
|
149
149
|
* Verify a revocation anchor — confirm a key was revoked.
|
|
150
150
|
*
|
|
151
151
|
* The revocation memo format is: "motebit:revocation:v1:{public_key_hex}:{timestamp}"
|
|
152
|
-
*
|
|
153
|
-
*
|
|
152
|
+
* where the memo `timestamp` is the EFFECTIVE revocation time (see
|
|
153
|
+
* credential-anchor-v1.md §10.2). The relay separately signs the payload
|
|
154
|
+
* "revocation:{type}:{motebit_id}:{recording_timestamp}" with its identity key,
|
|
155
|
+
* where the payload timestamp is the RECORDING time and MAY be later than the
|
|
156
|
+
* memo's effective time. The two are decoupled deliberately, which is why
|
|
157
|
+
* `proof.timestamp` (used to rebuild the expected memo) and `revocationPayload`
|
|
158
|
+
* (the exact signed string) are passed as separate arguments. This function
|
|
159
|
+
* verifies:
|
|
154
160
|
*
|
|
155
|
-
* 1. The relay's Ed25519 signature over the revocation event
|
|
161
|
+
* 1. The relay's Ed25519 signature over the revocation event payload
|
|
156
162
|
* 2. Optionally, the onchain memo transaction via a callback
|
|
157
163
|
*
|
|
158
164
|
* Both steps are offline-verifiable given the relay's public key. The onchain
|
|
159
165
|
* step requires network access but ensures the relay cannot deny the revocation.
|
|
160
166
|
*
|
|
161
|
-
* @param proof - The revocation anchor proof fields
|
|
162
|
-
* @param revocationPayload - The exact signed payload string (e.g., "revocation:key_rotated:mid-xxx:1712345678")
|
|
167
|
+
* @param proof - The revocation anchor proof fields (`proof.timestamp` is the effective/memo time)
|
|
168
|
+
* @param revocationPayload - The exact signed payload string (e.g., "revocation:key_rotated:mid-xxx:1712345678"), carrying the recording time
|
|
163
169
|
* @param chainVerifier - Optional callback: given tx_hash + expected memo, verify onchain
|
|
164
170
|
*/
|
|
165
171
|
export declare function verifyRevocationAnchor(proof: RevocationAnchorProof, revocationPayload: string, chainVerifier?: (anchor: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"credential-anchor.d.ts","sourceRoot":"","sources":["../src/credential-anchor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,oEAAoE;AACpE,eAAO,MAAM,uBAAuB,EAAG,4BAAqC,CAAC;AAI7E;;;;;;;;;GASG;AACH,wBAAsB,qBAAqB,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAIhG;AAID,qDAAqD;AACrD,MAAM,WAAW,4BAA4B;IAC3C,wCAAwC;IACxC,KAAK,EAAE,OAAO,CAAC;IACf,+BAA+B;IAC/B,KAAK,EAAE;QACL,wDAAwD;QACxD,UAAU,EAAE,OAAO,CAAC;QACpB,6DAA6D;QAC7D,YAAY,EAAE,OAAO,CAAC;QACtB,yEAAyE;QACzE,qBAAqB,EAAE,OAAO,CAAC;QAC/B,6DAA6D;QAC7D,cAAc,EAAE,OAAO,GAAG,IAAI,CAAC;KAChC,CAAC;IACF,uCAAuC;IACvC,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,MAAM,EAAE;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;CACvB,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEvB,uDAAuD;AACvD,MAAM,WAAW,2BAA2B;IAC1C,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,KAAK,EAAE,OAAO,uBAAuB,CAAC;IACtC,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC;KACrB,GAAG,IAAI,CAAC;CACV;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,sBAAsB,CAC1C,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnC,WAAW,EAAE,2BAA2B,EACxC,aAAa,CAAC,EAAE,mBAAmB,GAClC,OAAO,CAAC,4BAA4B,CAAC,CA8FvC;AAID,wDAAwD;AACxD,MAAM,WAAW,4BAA4B;IAC3C,8CAA8C;IAC9C,KAAK,EAAE,OAAO,CAAC;IACf,+BAA+B;IAC/B,KAAK,EAAE;QACL,yEAAyE;QACzE,UAAU,EAAE,OAAO,CAAC;QACpB,8EAA8E;QAC9E,qBAAqB,EAAE,OAAO,CAAC;QAC/B,6DAA6D;QAC7D,cAAc,EAAE,OAAO,GAAG,IAAI,CAAC;KAChC,CAAC;IACF,uCAAuC;IACvC,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,6EAA6E;AAC7E,eAAO,MAAM,uBAAuB,EAAG,+BAAwC,CAAC;AAEhF,mDAAmD;AACnD,MAAM,WAAW,qBAAqB;IACpC,+CAA+C;IAC/C,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB;;;;OAIG;IACH,KAAK,EAAE,OAAO,uBAAuB,CAAC;IACtC,8EAA8E;IAC9E,SAAS,EAAE,MAAM,CAAC;IAClB,8EAA8E;IAC9E,gBAAgB,EAAE,MAAM,CAAC;IACzB,6DAA6D;IAC7D,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;KACjB,GAAG,IAAI,CAAC;CACV;AAED
|
|
1
|
+
{"version":3,"file":"credential-anchor.d.ts","sourceRoot":"","sources":["../src/credential-anchor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,oEAAoE;AACpE,eAAO,MAAM,uBAAuB,EAAG,4BAAqC,CAAC;AAI7E;;;;;;;;;GASG;AACH,wBAAsB,qBAAqB,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAIhG;AAID,qDAAqD;AACrD,MAAM,WAAW,4BAA4B;IAC3C,wCAAwC;IACxC,KAAK,EAAE,OAAO,CAAC;IACf,+BAA+B;IAC/B,KAAK,EAAE;QACL,wDAAwD;QACxD,UAAU,EAAE,OAAO,CAAC;QACpB,6DAA6D;QAC7D,YAAY,EAAE,OAAO,CAAC;QACtB,yEAAyE;QACzE,qBAAqB,EAAE,OAAO,CAAC;QAC/B,6DAA6D;QAC7D,cAAc,EAAE,OAAO,GAAG,IAAI,CAAC;KAChC,CAAC;IACF,uCAAuC;IACvC,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,MAAM,EAAE;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;CACvB,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEvB,uDAAuD;AACvD,MAAM,WAAW,2BAA2B;IAC1C,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,KAAK,EAAE,OAAO,uBAAuB,CAAC;IACtC,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC;KACrB,GAAG,IAAI,CAAC;CACV;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,sBAAsB,CAC1C,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnC,WAAW,EAAE,2BAA2B,EACxC,aAAa,CAAC,EAAE,mBAAmB,GAClC,OAAO,CAAC,4BAA4B,CAAC,CA8FvC;AAID,wDAAwD;AACxD,MAAM,WAAW,4BAA4B;IAC3C,8CAA8C;IAC9C,KAAK,EAAE,OAAO,CAAC;IACf,+BAA+B;IAC/B,KAAK,EAAE;QACL,yEAAyE;QACzE,UAAU,EAAE,OAAO,CAAC;QACpB,8EAA8E;QAC9E,qBAAqB,EAAE,OAAO,CAAC;QAC/B,6DAA6D;QAC7D,cAAc,EAAE,OAAO,GAAG,IAAI,CAAC;KAChC,CAAC;IACF,uCAAuC;IACvC,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,6EAA6E;AAC7E,eAAO,MAAM,uBAAuB,EAAG,+BAAwC,CAAC;AAEhF,mDAAmD;AACnD,MAAM,WAAW,qBAAqB;IACpC,+CAA+C;IAC/C,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB;;;;OAIG;IACH,KAAK,EAAE,OAAO,uBAAuB,CAAC;IACtC,8EAA8E;IAC9E,SAAS,EAAE,MAAM,CAAC;IAClB,8EAA8E;IAC9E,gBAAgB,EAAE,MAAM,CAAC;IACzB,6DAA6D;IAC7D,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;KACjB,GAAG,IAAI,CAAC;CACV;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAsB,sBAAsB,CAC1C,KAAK,EAAE,qBAAqB,EAC5B,iBAAiB,EAAE,MAAM,EACzB,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;CACvB,KAAK,OAAO,CAAC,OAAO,CAAC,GACrB,OAAO,CAAC,4BAA4B,CAAC,CAoEvC"}
|
|
@@ -126,11 +126,11 @@ export interface DeviceCheckVerifierContext {
|
|
|
126
126
|
*
|
|
127
127
|
* `@motebit/crypto` stays permissive-floor-pure and dep-thin — it never imports a
|
|
128
128
|
* platform adapter. Consumers (CLI, mobile, desktop, relay) wire the
|
|
129
|
-
* leaf packages (`@motebit/crypto-appattest` for device_check
|
|
130
|
-
*
|
|
131
|
-
* this object so that dispatch remains
|
|
132
|
-
* tree-shakable: a verifier that doesn't care
|
|
133
|
-
* zero App Attest code.
|
|
129
|
+
* leaf packages (`@motebit/crypto-appattest` for device_check,
|
|
130
|
+
* `@motebit/crypto-tpm`, `@motebit/crypto-android-keystore`,
|
|
131
|
+
* `@motebit/crypto-webauthn`) into this object so that dispatch remains
|
|
132
|
+
* explicit, auditable, and tree-shakable: a verifier that doesn't care
|
|
133
|
+
* about App Attest ships zero App Attest code.
|
|
134
134
|
*
|
|
135
135
|
* `deviceCheck` takes an optional third `context` argument carrying
|
|
136
136
|
* the VC-subject fields that participate in the JCS body the Swift
|
package/dist/index.d.ts
CHANGED
|
@@ -137,6 +137,16 @@ export interface ReceiptVerifyResult extends BaseResult {
|
|
|
137
137
|
type: "receipt";
|
|
138
138
|
receipt: ExecutionReceipt | null;
|
|
139
139
|
signer?: string;
|
|
140
|
+
/**
|
|
141
|
+
* Always `"embedded"` when present: `verifyReceipt` resolves the key from
|
|
142
|
+
* the receipt's own `public_key`, which proves byte-integrity but NOT
|
|
143
|
+
* identity binding. Establishing that the key belongs to `motebit_id`
|
|
144
|
+
* requires an external anchor (transparency log / known-keys map /
|
|
145
|
+
* identity file); see `verifyReceiptChain` for the external-key path.
|
|
146
|
+
* Callers MUST NOT present a `valid: true` result as proof of identity
|
|
147
|
+
* on the strength of an embedded key alone.
|
|
148
|
+
*/
|
|
149
|
+
keySource?: "embedded";
|
|
140
150
|
delegations?: ReceiptVerifyResult[];
|
|
141
151
|
}
|
|
142
152
|
export interface CredentialVerifyResult extends BaseResult {
|
|
@@ -230,11 +240,12 @@ export interface VerifyOptions {
|
|
|
230
240
|
/**
|
|
231
241
|
* Optional injection of platform-specific hardware-attestation
|
|
232
242
|
* verifiers. Consumers that need `device_check` / `tpm` /
|
|
233
|
-
* `
|
|
234
|
-
* verifier function here (e.g. `deviceCheckVerifier(...)`
|
|
235
|
-
* `@motebit/crypto-appattest`). Absence keeps the permissive-floor
|
|
236
|
-
* path pure: unknown platforms fail-closed with a
|
|
237
|
-
* error. See
|
|
243
|
+
* `android_keystore` / `webauthn` verification pass the corresponding
|
|
244
|
+
* leaf package's verifier function here (e.g. `deviceCheckVerifier(...)`
|
|
245
|
+
* from `@motebit/crypto-appattest`). Absence keeps the permissive-floor
|
|
246
|
+
* `@motebit/crypto` path pure: unknown platforms fail-closed with a
|
|
247
|
+
* named-missing-adapter error. See
|
|
248
|
+
* `hardware-attestation.ts::HardwareAttestationVerifiers`.
|
|
238
249
|
*/
|
|
239
250
|
hardwareAttestation?: HardwareAttestationVerifiers;
|
|
240
251
|
}
|
|
@@ -268,6 +279,136 @@ export declare function parse(content: string): {
|
|
|
268
279
|
signature: string;
|
|
269
280
|
rawFrontmatter: string;
|
|
270
281
|
};
|
|
282
|
+
/**
|
|
283
|
+
* Result of binding a signing key to a motebit identity at a point in time.
|
|
284
|
+
* `bound: true` means the key was this identity's legitimate key *at* the given
|
|
285
|
+
* timestamp — sovereign-root binding (rooted in the motebit's own genesis +
|
|
286
|
+
* rotation signatures), with time-windowing. See
|
|
287
|
+
* `docs/doctrine/identity-binding-verification.md`.
|
|
288
|
+
*/
|
|
289
|
+
export interface KeyBindingResult {
|
|
290
|
+
bound: boolean;
|
|
291
|
+
/** Genesis (root) public key of the identity's succession chain. */
|
|
292
|
+
genesisPublicKey?: string;
|
|
293
|
+
/** Start of the matched key's active window (ms epoch); absent ⇒ unbounded below. */
|
|
294
|
+
activeFrom?: number;
|
|
295
|
+
/** End of the matched key's active window (ms epoch); absent ⇒ still current. */
|
|
296
|
+
activeUntil?: number;
|
|
297
|
+
/**
|
|
298
|
+
* True when `motebit_id` is the sovereign commitment to the genesis key
|
|
299
|
+
* (`deriveSovereignMotebitId(genesisPublicKey) === motebit_id`). The id↔genesis
|
|
300
|
+
* link is then verifiable offline from the identity file alone — no operator,
|
|
301
|
+
* no anchor. This is the strongest binding root (the doctrine's `sovereign`
|
|
302
|
+
* rung); independent of `bound`, which is about the *signing* key's window.
|
|
303
|
+
*/
|
|
304
|
+
sovereign?: boolean;
|
|
305
|
+
/** Why binding failed, when `bound` is false. */
|
|
306
|
+
reason?: string;
|
|
307
|
+
}
|
|
308
|
+
/**
|
|
309
|
+
* The sovereign commitment of a genesis key: a UUIDv8 (RFC 9562) deterministically
|
|
310
|
+
* derived from `sha256(genesisPublicKey)`. When a motebit is minted sovereignly,
|
|
311
|
+
* its `motebit_id` IS this value — so the id↔key binding is self-certifying and
|
|
312
|
+
* needs no operator: a verifier recomputes it and checks equality.
|
|
313
|
+
*
|
|
314
|
+
* Second-preimage resistance is ~2^122 (an attacker cannot grind a different
|
|
315
|
+
* genesis key whose commitment matches a target id), which is the security bar
|
|
316
|
+
* for "you cannot impersonate a sovereign motebit." Existing random UUIDv7 ids
|
|
317
|
+
* carry version nibble 7 and can never equal a v8 commitment, so non-sovereign
|
|
318
|
+
* motebits read as such cleanly. The genesis key derives deterministically from a
|
|
319
|
+
* 32-byte seed (an Ed25519 key *is* its seed), so the id is recoverable from the
|
|
320
|
+
* seed — self-certification AND recovery, the `sovereign` rung's whole point.
|
|
321
|
+
*
|
|
322
|
+
* See `docs/doctrine/identity-binding-verification.md`.
|
|
323
|
+
*/
|
|
324
|
+
export declare function deriveSovereignMotebitId(genesisPublicKeyHex: string): Promise<string>;
|
|
325
|
+
/**
|
|
326
|
+
* True iff `motebitId` is the sovereign commitment to `genesisPublicKeyHex` — the
|
|
327
|
+
* offline, operator-free check that an id is bound to a key. Case-insensitive on
|
|
328
|
+
* the id. Returns false (never throws) on malformed input — fail-closed.
|
|
329
|
+
*/
|
|
330
|
+
export declare function verifySovereignBinding(motebitId: string, genesisPublicKeyHex: string): Promise<boolean>;
|
|
331
|
+
/**
|
|
332
|
+
* Sovereign-root identity binding with time-windowing: was `signingKeyHex` this
|
|
333
|
+
* motebit's legitimate key *at* `atTimestampMs`?
|
|
334
|
+
*
|
|
335
|
+
* Verifies the identity's succession chain (link signatures + continuity +
|
|
336
|
+
* temporal order, via {@link verifySuccessionChain}), then checks the key's
|
|
337
|
+
* active window contains the timestamp. A since-rotated key therefore does NOT
|
|
338
|
+
* bind a newer receipt, and a future key does not bind an older one — the
|
|
339
|
+
* time-windowing failure mode named in the doctrine.
|
|
340
|
+
*
|
|
341
|
+
* This roots in the motebit's own keys; no operator trust. Tying the genesis key
|
|
342
|
+
* to the `motebit_id` (the non-equivocable anchor) is the caller's responsibility
|
|
343
|
+
* — this primitive proves the key/identity-file relationship, not file/id.
|
|
344
|
+
*/
|
|
345
|
+
export declare function verifyKeyBindingAtTime(identity: MotebitIdentityFile, signingKeyHex: string, atTimestampMs: number, guardianPublicKeyHex?: string): Promise<KeyBindingResult>;
|
|
346
|
+
/**
|
|
347
|
+
* Canonical leaf of the identity-transparency log: the operator's
|
|
348
|
+
* non-equivocable commitment that motebit `motebitId`'s current identity key is
|
|
349
|
+
* `currentKeyHex`. Hex SHA-256 of the JCS-canonical commitment. The relay that
|
|
350
|
+
* produces the log and the verifier that checks inclusion MUST agree on this
|
|
351
|
+
* convention. See `docs/doctrine/identity-binding-verification.md`.
|
|
352
|
+
*/
|
|
353
|
+
export declare function identityLogLeaf(motebitId: string, currentKeyHex: string): Promise<string>;
|
|
354
|
+
/** Merkle inclusion proof of an identity-log leaf under an anchored root. */
|
|
355
|
+
export interface IdentityLogInclusionProof {
|
|
356
|
+
/** Leaf position in the bottom layer (0-based). */
|
|
357
|
+
readonly index: number;
|
|
358
|
+
/** Sibling hashes, leaf-to-root order (hex). */
|
|
359
|
+
readonly siblings: string[];
|
|
360
|
+
/** Bottom-up layer cardinalities. */
|
|
361
|
+
readonly layerSizes: number[];
|
|
362
|
+
/**
|
|
363
|
+
* The anchored Merkle root the proof must reconstruct (hex). Confirming this
|
|
364
|
+
* root is actually posted on-chain by the operator is a SEPARATE check, the
|
|
365
|
+
* verifier-caller's responsibility — it is what makes anchored binding
|
|
366
|
+
* non-zero-network and defeats split-view equivocation.
|
|
367
|
+
*/
|
|
368
|
+
readonly anchoredRoot: string;
|
|
369
|
+
}
|
|
370
|
+
/**
|
|
371
|
+
* Anchored identity binding: sovereign-root binding (via
|
|
372
|
+
* {@link verifyKeyBindingAtTime}) AND the motebit's current identity key is
|
|
373
|
+
* committed in the identity-transparency log under `proof.anchoredRoot`. The
|
|
374
|
+
* Merkle inclusion is the operator's non-equivocation — it cannot serve a forked
|
|
375
|
+
* chain whose head differs from the anchored leaf. Returns the sovereign
|
|
376
|
+
* `KeyBindingResult` when both hold; `bound: false` if either fails.
|
|
377
|
+
*
|
|
378
|
+
* NOTE: this proves inclusion under a *given* root; verifying that root is the
|
|
379
|
+
* one the operator anchored on-chain is the caller's cross-check. The caller must
|
|
380
|
+
* also confirm `identity.motebit_id` is the receipt's claimed motebit — this
|
|
381
|
+
* primitive binds a key to the supplied identity file, not to a receipt.
|
|
382
|
+
*/
|
|
383
|
+
export declare function verifyIdentityBindingAnchored(identity: MotebitIdentityFile, signingKeyHex: string, atTimestampMs: number, proof: IdentityLogInclusionProof, guardianPublicKeyHex?: string): Promise<KeyBindingResult>;
|
|
384
|
+
/**
|
|
385
|
+
* Verify a single `ExecutionReceipt` by:
|
|
386
|
+
*
|
|
387
|
+
* 1. Resolving the signer key — `receipt.public_key` (embedded hex) is
|
|
388
|
+
* the canonical source. A receipt without an embedded key cannot
|
|
389
|
+
* be verified offline; verification fails with a typed error.
|
|
390
|
+
* 2. Verifying the Ed25519 signature over the receipt's content hash
|
|
391
|
+
* (per `spec/execution-ledger-v1.md` §6).
|
|
392
|
+
* 3. Recursively verifying each entry in `delegation_receipts` (§11.5)
|
|
393
|
+
* so multi-hop chains are fully audited.
|
|
394
|
+
*
|
|
395
|
+
* Returns a `ReceiptVerifyResult` with the signer's `did:key`, the
|
|
396
|
+
* outer signature validity, and an array of nested delegation results.
|
|
397
|
+
* Fail-closed on every error path — missing key, wrong key length,
|
|
398
|
+
* malformed hex, signature mismatch.
|
|
399
|
+
*
|
|
400
|
+
* Consumed by `@motebit/state-export-client::verifyInnerSignedReceipts`
|
|
401
|
+
* to recursively check each `signed_receipts` entry inside a v1.1
|
|
402
|
+
* relay-assembled execution-ledger reconstruction
|
|
403
|
+
* (`spec/execution-ledger-v1.md` §4.3) and by `motebit-verify
|
|
404
|
+
* content-artifact --verify-inner` for the same purpose at the CLI.
|
|
405
|
+
*
|
|
406
|
+
* Closes the operator-trust gap at the consumer side: a verifier with
|
|
407
|
+
* v1.1 inner receipts in hand can prove "motebit X did this work"
|
|
408
|
+
* directly against motebit X's own public key, without trusting the
|
|
409
|
+
* relay's word.
|
|
410
|
+
*/
|
|
411
|
+
export declare function verifyReceipt(receipt: ExecutionReceipt): Promise<ReceiptVerifyResult>;
|
|
271
412
|
/**
|
|
272
413
|
* Bundle-shape input for `verifySkillBundle`. The full-verify
|
|
273
414
|
* primitive — envelope signature + body hash + per-file hashes — runs
|
|
@@ -376,6 +517,8 @@ export declare function verifyIdentityFile(content: string): Promise<LegacyVerif
|
|
|
376
517
|
export * from "./signing.js";
|
|
377
518
|
export * from "./artifacts.js";
|
|
378
519
|
export { signVerifiableCredential, verifyVerifiableCredential, signVerifiablePresentation, verifyVerifiablePresentation, issueGradientCredential, issueReputationCredential, issueTrustCredential, createPresentation, type GradientCredentialSubject, type ReputationCredentialSubject, type TrustCredentialSubject, } from "./credentials.js";
|
|
520
|
+
export { signContentArtifact, verifyContentArtifact, CONTENT_ARTIFACT_SUITE, } from "./content-artifact.js";
|
|
521
|
+
export type { ContentArtifactManifest, SignContentArtifactOptions, VerifyContentArtifactResult, } from "./content-artifact.js";
|
|
379
522
|
export { computeCredentialLeaf, verifyCredentialAnchor, verifyRevocationAnchor, type CredentialAnchorVerifyResult, type CredentialAnchorProofFields, type ChainAnchorVerifier, type RevocationAnchorVerifyResult, type RevocationAnchorProof, } from "./credential-anchor.js";
|
|
380
523
|
export { SKILL_SIGNATURE_SUITE, canonicalizeSkillManifestBytes, canonicalizeSkillEnvelopeBytes, signSkillManifest, signSkillEnvelope, verifySkillManifest, verifySkillManifestDetailed, verifySkillEnvelope, verifySkillEnvelopeDetailed, decodeSkillSignaturePublicKey, type SkillVerifyReason, type SkillVerifyDetail, } from "./skills.js";
|
|
381
524
|
export { DELETION_CERTIFICATE_SUITE, WITNESS_OMISSION_DISPUTE_WINDOW_MS, canonicalizeMultiSignatureCert, canonicalizeHorizonCert, canonicalizeHorizonCertForWitness, signCertAsSubject, signCertAsOperator, signCertAsDelegate, signCertAsGuardian, signHorizonCertAsIssuer, signHorizonWitness, canonicalizeHorizonWitnessRequestBody, signHorizonWitnessRequestBody, verifyHorizonWitnessRequestSignature, verifyDeletionCertificate, verifyRetentionManifest, type DeletionCertificateVerifyResult, type DeletionCertificateVerifyContext, type RetentionManifestVerifyResult, } from "./deletion-certificate.js";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAaH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IAGjB,IAAI,CAAC,EAAE,UAAU,GAAG,SAAS,GAAG,eAAe,CAAC;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,QAAQ,EAAE;QACR,SAAS,EAAE,SAAS,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IAEF,UAAU,EAAE;QACV,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,CAAC;QAC3C,aAAa,EAAE,MAAM,CAAC;QACtB,sBAAsB,EAAE,MAAM,CAAC;QAC/B,UAAU,EAAE,MAAM,CAAC;QACnB,aAAa,EAAE,OAAO,CAAC;KACxB,CAAC;IAEF,OAAO,EAAE;QACP,mBAAmB,EAAE,MAAM,CAAC;QAC5B,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACvC,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IAEF,MAAM,EAAE;QACN,cAAc,EAAE,MAAM,CAAC;QACvB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IAEF,8EAA8E;IAC9E,QAAQ,CAAC,EAAE;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,cAAc,EAAE,MAAM,CAAC;QACvB,6DAA6D;QAC7D,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF,OAAO,EAAE,KAAK,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC,CAAC;IAEH,UAAU,CAAC,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,gBAAgB;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,KAAK,EAAE,4BAA4B,CAAC;IACpC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oEAAoE;IACpE,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,+DAA+D;IAC/D,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAMD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,oFAAoF;IACpF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACzC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB;AAOD,YAAY,EACV,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAEV,oBAAoB,EACpB,sBAAsB,EACvB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAEvD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAKrD,OAAO,EACL,8BAA8B,EAC9B,iCAAiC,EACjC,iCAAiC,EACjC,+BAA+B,GAChC,MAAM,2BAA2B,CAAC;AACnC,YAAY,EACV,mBAAmB,EACnB,wBAAwB,EACxB,+BAA+B,EAC/B,4BAA4B,EAC5B,0BAA0B,GAC3B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,KAAK,EACV,4BAA4B,EAC5B,+BAA+B,EAChC,MAAM,2BAA2B,CAAC;AAMnC,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,UAAU,UAAU;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,iBAAiB,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,oBAAqB,SAAQ,UAAU;IACtD,IAAI,EAAE,UAAU,CAAC;IACjB,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CAAC;IACrC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,4EAA4E;IAC5E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE;QACX,KAAK,EAAE,OAAO,CAAC;QACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED,MAAM,WAAW,mBAAoB,SAAQ,UAAU;IACrD,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,gBAAgB,GAAG,IAAI,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;;;;;OAQG;IACH,SAAS,CAAC,EAAE,UAAU,CAAC;IACvB,WAAW,CAAC,EAAE,mBAAmB,EAAE,CAAC;CACrC;AAED,MAAM,WAAW,sBAAuB,SAAQ,UAAU;IACxD,IAAI,EAAE,YAAY,CAAC;IACnB,UAAU,EAAE,oBAAoB,GAAG,IAAI,CAAC;IACxC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,+BAA+B,CAAC;CACxD;AAED,MAAM,WAAW,wBAAyB,SAAQ,UAAU;IAC1D,IAAI,EAAE,cAAc,CAAC;IACrB,YAAY,EAAE,sBAAsB,GAAG,IAAI,CAAC;IAC5C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,sBAAsB,EAAE,CAAC;CACxC;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,4CAA4C;IAC5C,QAAQ,CAAC,MAAM,EAAE,IAAI,GAAG,eAAe,GAAG,SAAS,CAAC;CACrD;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,WAAW,iBAAkB,SAAQ,UAAU;IACnD,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,aAAa,GAAG,IAAI,CAAC;IAC/B,qEAAqE;IACrE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mDAAmD;IACnD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE;QACL,QAAQ,EAAE;YAAE,KAAK,EAAE,OAAO,CAAC;YAAC,MAAM,EAAE,iBAAiB,CAAA;SAAE,CAAC;QACxD,SAAS,EAAE;YAAE,KAAK,EAAE,OAAO,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAC;QACvE,KAAK,EAAE,aAAa,CAAC,qBAAqB,CAAC,CAAC;KAC7C,CAAC;CACH;AAED,MAAM,MAAM,YAAY,GACpB,oBAAoB,GACpB,mBAAmB,GACnB,sBAAsB,GACtB,wBAAwB,GACxB,iBAAiB,CAAC;AAEtB,MAAM,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;AAEhD,MAAM,WAAW,aAAa;IAC5B,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,iFAAiF;IACjF,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;;;;;;OASG;IACH,mBAAmB,CAAC,EAAE,4BAA4B,CAAC;CACpD;AAMD;;;;;;;;GAQG;AACH,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAC;IACf,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CAAC;IACrC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE;QACX,KAAK,EAAE,OAAO,CAAC;QACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AA4VD;;;GAGG;AACH,wBAAgB,KAAK,CAAC,OAAO,EAAE,MAAM,GAAG;IACtC,WAAW,EAAE,mBAAmB,CAAC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACxB,CAgCA;AAqRD;;;;;;GAMG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,oEAAoE;IACpE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qFAAqF;IACrF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iFAAiF;IACjF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,wBAAwB,CAAC,mBAAmB,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAS3F;AAED;;;;GAIG;AACH,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,EACjB,mBAAmB,EAAE,MAAM,GAC1B,OAAO,CAAC,OAAO,CAAC,CAOlB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,sBAAsB,CAC1C,QAAQ,EAAE,mBAAmB,EAC7B,aAAa,EAAE,MAAM,EACrB,aAAa,EAAE,MAAM,EACrB,oBAAoB,CAAC,EAAE,MAAM,GAC5B,OAAO,CAAC,gBAAgB,CAAC,CAyD3B;AAED;;;;;;GAMG;AACH,wBAAsB,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAU/F;AAED,6EAA6E;AAC7E,MAAM,WAAW,yBAAyB;IACxC,mDAAmD;IACnD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC5B,qCAAqC;IACrC,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAC9B;;;;;OAKG;IACH,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,6BAA6B,CACjD,QAAQ,EAAE,mBAAmB,EAC7B,aAAa,EAAE,MAAM,EACrB,aAAa,EAAE,MAAM,EACrB,KAAK,EAAE,yBAAyB,EAChC,oBAAoB,CAAC,EAAE,MAAM,GAC5B,OAAO,CAAC,gBAAgB,CAAC,CAyB3B;AAsCD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAwD3F;AA8DD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC;IACjC,wFAAwF;IACxF,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,gGAAgG;IAChG,QAAQ,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;CACvD;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CA+F3F;AAgND;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAsB,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC,CAgG9F;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CASrF;AAOD,cAAc,cAAc,CAAC;AAC7B,cAAc,gBAAgB,CAAC;AAC/B,OAAO,EACL,wBAAwB,EACxB,0BAA0B,EAC1B,0BAA0B,EAC1B,4BAA4B,EAC5B,uBAAuB,EACvB,yBAAyB,EACzB,oBAAoB,EACpB,kBAAkB,EAClB,KAAK,yBAAyB,EAC9B,KAAK,2BAA2B,EAChC,KAAK,sBAAsB,GAC5B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EACV,uBAAuB,EACvB,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,sBAAsB,EACtB,KAAK,4BAA4B,EACjC,KAAK,2BAA2B,EAChC,KAAK,mBAAmB,EACxB,KAAK,4BAA4B,EACjC,KAAK,qBAAqB,GAC3B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,qBAAqB,EACrB,8BAA8B,EAC9B,8BAA8B,EAC9B,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,2BAA2B,EAC3B,mBAAmB,EACnB,2BAA2B,EAC3B,6BAA6B,EAC7B,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,GACvB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,0BAA0B,EAC1B,kCAAkC,EAClC,8BAA8B,EAC9B,uBAAuB,EACvB,iCAAiC,EACjC,iBAAiB,EACjB,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,EAClB,uBAAuB,EACvB,kBAAkB,EAClB,qCAAqC,EACrC,6BAA6B,EAC7B,oCAAoC,EACpC,yBAAyB,EACzB,uBAAuB,EACvB,KAAK,+BAA+B,EACpC,KAAK,gCAAgC,EACrC,KAAK,6BAA6B,GACnC,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,kCAAkC,EAClC,0BAA0B,EAC1B,4BAA4B,EAC5B,KAAK,kCAAkC,EACvC,KAAK,mCAAmC,GACzC,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -3747,6 +3747,52 @@ function isScopeNarrowed(parentScope, childScope) {
|
|
|
3747
3747
|
return true;
|
|
3748
3748
|
}
|
|
3749
3749
|
|
|
3750
|
+
// src/merkle.ts
|
|
3751
|
+
function fromHex(hex) {
|
|
3752
|
+
const bytes = new Uint8Array(hex.length / 2);
|
|
3753
|
+
for (let i = 0; i < hex.length; i += 2) {
|
|
3754
|
+
bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
|
|
3755
|
+
}
|
|
3756
|
+
return bytes;
|
|
3757
|
+
}
|
|
3758
|
+
function toHex(bytes) {
|
|
3759
|
+
return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
|
|
3760
|
+
}
|
|
3761
|
+
function concat(a, b) {
|
|
3762
|
+
const out = new Uint8Array(a.length + b.length);
|
|
3763
|
+
out.set(a);
|
|
3764
|
+
out.set(b, a.length);
|
|
3765
|
+
return out;
|
|
3766
|
+
}
|
|
3767
|
+
async function verifyMerkleInclusion(leaf, index, siblings, layerSizes, expectedRoot) {
|
|
3768
|
+
let current;
|
|
3769
|
+
try {
|
|
3770
|
+
current = fromHex(leaf);
|
|
3771
|
+
} catch {
|
|
3772
|
+
return false;
|
|
3773
|
+
}
|
|
3774
|
+
let idx = index;
|
|
3775
|
+
let sibIdx = 0;
|
|
3776
|
+
for (const layerSize of layerSizes) {
|
|
3777
|
+
const siblingPos = idx % 2 === 0 ? idx + 1 : idx - 1;
|
|
3778
|
+
const hasSibling = siblingPos >= 0 && siblingPos < layerSize;
|
|
3779
|
+
if (hasSibling) {
|
|
3780
|
+
if (sibIdx >= siblings.length) return false;
|
|
3781
|
+
let siblingBytes;
|
|
3782
|
+
try {
|
|
3783
|
+
siblingBytes = fromHex(siblings[sibIdx]);
|
|
3784
|
+
} catch {
|
|
3785
|
+
return false;
|
|
3786
|
+
}
|
|
3787
|
+
const combined = idx % 2 === 0 ? concat(current, siblingBytes) : concat(siblingBytes, current);
|
|
3788
|
+
current = await sha2563(combined);
|
|
3789
|
+
sibIdx++;
|
|
3790
|
+
}
|
|
3791
|
+
idx = Math.floor(idx / 2);
|
|
3792
|
+
}
|
|
3793
|
+
return toHex(current) === expectedRoot;
|
|
3794
|
+
}
|
|
3795
|
+
|
|
3750
3796
|
// src/skills.ts
|
|
3751
3797
|
var SKILL_SIGNATURE_SUITE = "motebit-jcs-ed25519-b64-v1";
|
|
3752
3798
|
function signatureWithoutValue(sig) {
|
|
@@ -4261,6 +4307,52 @@ async function verifyToolInvocationReceipt(receipt, publicKey) {
|
|
|
4261
4307
|
}
|
|
4262
4308
|
return valid;
|
|
4263
4309
|
}
|
|
4310
|
+
var COMPUTER_SESSION_RECEIPT_SUITE = "motebit-jcs-ed25519-b64-v1";
|
|
4311
|
+
async function hashComputerSessionActions(actions) {
|
|
4312
|
+
return canonicalSha256(actions);
|
|
4313
|
+
}
|
|
4314
|
+
async function signComputerSessionReceipt(receipt, privateKey, publicKey) {
|
|
4315
|
+
const withKey = publicKey ? { ...receipt, public_key: bytesToHex3(publicKey) } : receipt;
|
|
4316
|
+
const body = { ...withKey, suite: COMPUTER_SESSION_RECEIPT_SUITE };
|
|
4317
|
+
const canonical = canonicalJson(body);
|
|
4318
|
+
const message = new TextEncoder().encode(canonical);
|
|
4319
|
+
const sig = await signBySuite(COMPUTER_SESSION_RECEIPT_SUITE, message, privateKey);
|
|
4320
|
+
const signed = { ...body, signature: toBase64Url(sig) };
|
|
4321
|
+
if (isReceiptDebugEnabled()) {
|
|
4322
|
+
const sha = await canonicalSha256(body);
|
|
4323
|
+
console.debug(
|
|
4324
|
+
`[motebit/crypto] signComputerSessionReceipt canonical_sha256=${sha} session=${body.session_id} actions=${body.action_count} bytes=${canonical.length}`
|
|
4325
|
+
);
|
|
4326
|
+
}
|
|
4327
|
+
return Object.freeze(signed);
|
|
4328
|
+
}
|
|
4329
|
+
async function verifyComputerSessionReceipt(receipt, publicKey) {
|
|
4330
|
+
if (receipt.suite !== COMPUTER_SESSION_RECEIPT_SUITE) {
|
|
4331
|
+
if (isReceiptDebugEnabled()) {
|
|
4332
|
+
console.debug(
|
|
4333
|
+
`[motebit/crypto] verifyComputerSessionReceipt EARLY_RETURN suite_mismatch actual=${JSON.stringify(receipt.suite)} expected=${JSON.stringify(COMPUTER_SESSION_RECEIPT_SUITE)}`
|
|
4334
|
+
);
|
|
4335
|
+
}
|
|
4336
|
+
return false;
|
|
4337
|
+
}
|
|
4338
|
+
const { signature, ...body } = receipt;
|
|
4339
|
+
const canonical = canonicalJson(body);
|
|
4340
|
+
const message = new TextEncoder().encode(canonical);
|
|
4341
|
+
let valid = false;
|
|
4342
|
+
try {
|
|
4343
|
+
const sig = fromBase64Url(signature);
|
|
4344
|
+
valid = await verifyBySuite(receipt.suite, message, sig, publicKey);
|
|
4345
|
+
} catch {
|
|
4346
|
+
valid = false;
|
|
4347
|
+
}
|
|
4348
|
+
if (isReceiptDebugEnabled()) {
|
|
4349
|
+
const sha = await canonicalSha256(body);
|
|
4350
|
+
console.debug(
|
|
4351
|
+
`[motebit/crypto] verifyComputerSessionReceipt canonical_sha256=${sha} valid=${valid} bytes=${canonical.length}`
|
|
4352
|
+
);
|
|
4353
|
+
}
|
|
4354
|
+
return valid;
|
|
4355
|
+
}
|
|
4264
4356
|
async function signSovereignPaymentReceipt(input, privateKey, publicKey) {
|
|
4265
4357
|
const receipt = {
|
|
4266
4358
|
task_id: `${input.rail}:tx:${input.tx_hash}`,
|
|
@@ -4282,10 +4374,13 @@ async function signSovereignPaymentReceipt(input, privateKey, publicKey) {
|
|
|
4282
4374
|
async function verifyReceiptChain(receipt, knownKeys) {
|
|
4283
4375
|
const { task_id, motebit_id } = receipt;
|
|
4284
4376
|
let publicKey = knownKeys.get(motebit_id);
|
|
4285
|
-
|
|
4377
|
+
let keySource;
|
|
4378
|
+
if (publicKey) {
|
|
4379
|
+
keySource = "external";
|
|
4380
|
+
} else if (receipt.public_key) {
|
|
4286
4381
|
publicKey = hexToBytes4(receipt.public_key);
|
|
4287
|
-
|
|
4288
|
-
|
|
4382
|
+
keySource = "embedded";
|
|
4383
|
+
} else {
|
|
4289
4384
|
const delegations2 = await verifyDelegations(receipt, knownKeys);
|
|
4290
4385
|
return { task_id, motebit_id, verified: false, error: "unknown motebit_id", delegations: delegations2 };
|
|
4291
4386
|
}
|
|
@@ -4298,7 +4393,13 @@ async function verifyReceiptChain(receipt, knownKeys) {
|
|
|
4298
4393
|
error = err2 instanceof Error ? err2.message : String(err2);
|
|
4299
4394
|
}
|
|
4300
4395
|
const delegations = await verifyDelegations(receipt, knownKeys);
|
|
4301
|
-
const result = {
|
|
4396
|
+
const result = {
|
|
4397
|
+
task_id,
|
|
4398
|
+
motebit_id,
|
|
4399
|
+
verified,
|
|
4400
|
+
keySource,
|
|
4401
|
+
delegations
|
|
4402
|
+
};
|
|
4302
4403
|
if (error) {
|
|
4303
4404
|
result.error = error;
|
|
4304
4405
|
}
|
|
@@ -5063,50 +5164,68 @@ async function createPresentation(credentials, privateKey, publicKey) {
|
|
|
5063
5164
|
return signVerifiablePresentation(unsignedVP, privateKey, publicKey);
|
|
5064
5165
|
}
|
|
5065
5166
|
|
|
5066
|
-
// src/
|
|
5067
|
-
|
|
5068
|
-
|
|
5069
|
-
|
|
5070
|
-
|
|
5071
|
-
|
|
5072
|
-
|
|
5073
|
-
|
|
5074
|
-
|
|
5075
|
-
|
|
5076
|
-
|
|
5077
|
-
|
|
5078
|
-
|
|
5079
|
-
|
|
5080
|
-
|
|
5081
|
-
|
|
5167
|
+
// src/content-artifact.ts
|
|
5168
|
+
var CONTENT_ARTIFACT_SUITE = "motebit-jcs-ed25519-hex-v1";
|
|
5169
|
+
function canonicalizeForSigning(unsigned) {
|
|
5170
|
+
return new TextEncoder().encode(canonicalJson(unsigned));
|
|
5171
|
+
}
|
|
5172
|
+
async function signContentArtifact(content, options) {
|
|
5173
|
+
const suite = options.suite ?? CONTENT_ARTIFACT_SUITE;
|
|
5174
|
+
const contentHashBytes = await sha2563(content);
|
|
5175
|
+
const unsigned = {
|
|
5176
|
+
suite,
|
|
5177
|
+
claim_generator: options.claimGenerator,
|
|
5178
|
+
produced_at: options.producedAt ?? (/* @__PURE__ */ new Date()).toISOString(),
|
|
5179
|
+
producer: options.producer,
|
|
5180
|
+
producer_public_key: bytesToHex3(options.producerPublicKey),
|
|
5181
|
+
artifact_type: options.artifactType,
|
|
5182
|
+
content_hash: bytesToHex3(contentHashBytes),
|
|
5183
|
+
...options.invocation ? { invocation: options.invocation } : {}
|
|
5184
|
+
};
|
|
5185
|
+
const message = canonicalizeForSigning(unsigned);
|
|
5186
|
+
const sig = await signBySuite(suite, message, options.producerPrivateKey);
|
|
5187
|
+
return { ...unsigned, signature: toBase64Url(sig) };
|
|
5082
5188
|
}
|
|
5083
|
-
async function
|
|
5084
|
-
|
|
5189
|
+
async function verifyContentArtifact(manifest, content) {
|
|
5190
|
+
const recomputedHashBytes = await sha2563(content);
|
|
5191
|
+
const recomputedHashHex = bytesToHex3(recomputedHashBytes);
|
|
5192
|
+
if (recomputedHashHex !== manifest.content_hash) {
|
|
5193
|
+
return { valid: false, reason: "content_hash_mismatch" };
|
|
5194
|
+
}
|
|
5195
|
+
if (!/^[0-9a-fA-F]{64}$/.test(manifest.producer_public_key)) {
|
|
5196
|
+
return { valid: false, reason: "malformed_public_key" };
|
|
5197
|
+
}
|
|
5198
|
+
let publicKey;
|
|
5085
5199
|
try {
|
|
5086
|
-
|
|
5200
|
+
publicKey = hexToBytes4(manifest.producer_public_key);
|
|
5087
5201
|
} catch {
|
|
5088
|
-
return false;
|
|
5202
|
+
return { valid: false, reason: "malformed_public_key" };
|
|
5089
5203
|
}
|
|
5090
|
-
let
|
|
5091
|
-
|
|
5092
|
-
|
|
5093
|
-
|
|
5094
|
-
|
|
5095
|
-
|
|
5096
|
-
|
|
5097
|
-
|
|
5098
|
-
|
|
5099
|
-
|
|
5100
|
-
|
|
5101
|
-
|
|
5102
|
-
|
|
5103
|
-
|
|
5104
|
-
|
|
5105
|
-
|
|
5106
|
-
|
|
5107
|
-
|
|
5204
|
+
let sigBytes;
|
|
5205
|
+
try {
|
|
5206
|
+
sigBytes = fromBase64Url(manifest.signature);
|
|
5207
|
+
} catch {
|
|
5208
|
+
return { valid: false, reason: "malformed_signature" };
|
|
5209
|
+
}
|
|
5210
|
+
const unsigned = {
|
|
5211
|
+
suite: manifest.suite,
|
|
5212
|
+
claim_generator: manifest.claim_generator,
|
|
5213
|
+
produced_at: manifest.produced_at,
|
|
5214
|
+
producer: manifest.producer,
|
|
5215
|
+
producer_public_key: manifest.producer_public_key,
|
|
5216
|
+
artifact_type: manifest.artifact_type,
|
|
5217
|
+
content_hash: manifest.content_hash,
|
|
5218
|
+
...manifest.invocation ? { invocation: manifest.invocation } : {}
|
|
5219
|
+
};
|
|
5220
|
+
const message = canonicalizeForSigning(unsigned);
|
|
5221
|
+
let valid;
|
|
5222
|
+
try {
|
|
5223
|
+
valid = await verifyBySuite(manifest.suite, message, sigBytes, publicKey);
|
|
5224
|
+
} catch {
|
|
5225
|
+
return { valid: false, reason: "unsupported_suite" };
|
|
5108
5226
|
}
|
|
5109
|
-
|
|
5227
|
+
if (!valid) return { valid: false, reason: "signature_invalid" };
|
|
5228
|
+
return { valid: true };
|
|
5110
5229
|
}
|
|
5111
5230
|
|
|
5112
5231
|
// src/credential-anchor.ts
|
|
@@ -5996,13 +6115,13 @@ var SIG_PREFIX = `<!-- motebit:sig:${IDENTITY_FILE_SUITE}:`;
|
|
|
5996
6115
|
var SIG_SUFFIX = " -->";
|
|
5997
6116
|
function detectArtifactType(artifact) {
|
|
5998
6117
|
if (typeof artifact === "string") {
|
|
5999
|
-
if (artifact.includes("---")) {
|
|
6000
|
-
return "identity";
|
|
6001
|
-
}
|
|
6002
6118
|
try {
|
|
6003
6119
|
const parsed = JSON.parse(artifact);
|
|
6004
6120
|
return detectArtifactType(parsed);
|
|
6005
6121
|
} catch {
|
|
6122
|
+
if (artifact.includes("---")) {
|
|
6123
|
+
return "identity";
|
|
6124
|
+
}
|
|
6006
6125
|
return null;
|
|
6007
6126
|
}
|
|
6008
6127
|
}
|
|
@@ -6275,6 +6394,97 @@ async function verifySuccessionChain2(chain, currentPublicKeyHex, guardianPublic
|
|
|
6275
6394
|
};
|
|
6276
6395
|
}
|
|
6277
6396
|
}
|
|
6397
|
+
async function deriveSovereignMotebitId(genesisPublicKeyHex) {
|
|
6398
|
+
const h2 = await sha2564(hexToBytes5(genesisPublicKeyHex));
|
|
6399
|
+
const b = h2.slice(0, 16);
|
|
6400
|
+
b[6] = 128 | b[6] & 15;
|
|
6401
|
+
b[8] = 128 | b[8] & 63;
|
|
6402
|
+
const hex = Array.from(b).map((x) => x.toString(16).padStart(2, "0")).join("");
|
|
6403
|
+
return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20, 32)}`;
|
|
6404
|
+
}
|
|
6405
|
+
async function verifySovereignBinding(motebitId, genesisPublicKeyHex) {
|
|
6406
|
+
try {
|
|
6407
|
+
const expected = await deriveSovereignMotebitId(genesisPublicKeyHex);
|
|
6408
|
+
return motebitId.toLowerCase() === expected;
|
|
6409
|
+
} catch {
|
|
6410
|
+
return false;
|
|
6411
|
+
}
|
|
6412
|
+
}
|
|
6413
|
+
async function verifyKeyBindingAtTime(identity, signingKeyHex, atTimestampMs, guardianPublicKeyHex) {
|
|
6414
|
+
const chain = identity.succession ?? [];
|
|
6415
|
+
const currentKey = identity.identity.public_key;
|
|
6416
|
+
if (chain.length > 0) {
|
|
6417
|
+
const guardianKey = guardianPublicKeyHex ?? identity.guardian?.public_key;
|
|
6418
|
+
const chk = await verifySuccessionChain2(chain, currentKey, guardianKey);
|
|
6419
|
+
if (!chk.valid) {
|
|
6420
|
+
return { bound: false, reason: chk.error ?? "succession chain invalid" };
|
|
6421
|
+
}
|
|
6422
|
+
}
|
|
6423
|
+
const createdAtMs = Date.parse(identity.created_at);
|
|
6424
|
+
const genesisKey = chain.length > 0 ? chain[0].old_public_key : currentKey;
|
|
6425
|
+
const windows = [
|
|
6426
|
+
{ key: genesisKey, from: createdAtMs, until: chain[0]?.timestamp ?? Number.POSITIVE_INFINITY }
|
|
6427
|
+
];
|
|
6428
|
+
for (let i = 0; i < chain.length; i++) {
|
|
6429
|
+
windows.push({
|
|
6430
|
+
key: chain[i].new_public_key,
|
|
6431
|
+
from: chain[i].timestamp,
|
|
6432
|
+
until: chain[i + 1]?.timestamp ?? Number.POSITIVE_INFINITY
|
|
6433
|
+
});
|
|
6434
|
+
}
|
|
6435
|
+
const match = windows.find(
|
|
6436
|
+
(w) => w.key === signingKeyHex && atTimestampMs >= w.from && atTimestampMs < w.until
|
|
6437
|
+
);
|
|
6438
|
+
if (!match) {
|
|
6439
|
+
const inChain = windows.some((w) => w.key === signingKeyHex);
|
|
6440
|
+
return {
|
|
6441
|
+
bound: false,
|
|
6442
|
+
genesisPublicKey: genesisKey,
|
|
6443
|
+
reason: inChain ? "signing key is in the succession chain but was not active at the given timestamp" : "signing key is not in this identity's succession chain"
|
|
6444
|
+
};
|
|
6445
|
+
}
|
|
6446
|
+
return {
|
|
6447
|
+
bound: true,
|
|
6448
|
+
genesisPublicKey: genesisKey,
|
|
6449
|
+
sovereign: await verifySovereignBinding(identity.motebit_id, genesisKey),
|
|
6450
|
+
activeFrom: match.from,
|
|
6451
|
+
...match.until !== Number.POSITIVE_INFINITY ? { activeUntil: match.until } : {}
|
|
6452
|
+
};
|
|
6453
|
+
}
|
|
6454
|
+
async function identityLogLeaf(motebitId, currentKeyHex) {
|
|
6455
|
+
const canonical = canonicalJson2({
|
|
6456
|
+
type: "motebit-identity-binding",
|
|
6457
|
+
motebit_id: motebitId,
|
|
6458
|
+
public_key: currentKeyHex
|
|
6459
|
+
});
|
|
6460
|
+
const hash2 = await sha2564(new TextEncoder().encode(canonical));
|
|
6461
|
+
return Array.from(hash2).map((b) => b.toString(16).padStart(2, "0")).join("");
|
|
6462
|
+
}
|
|
6463
|
+
async function verifyIdentityBindingAnchored(identity, signingKeyHex, atTimestampMs, proof, guardianPublicKeyHex) {
|
|
6464
|
+
const sovereign = await verifyKeyBindingAtTime(
|
|
6465
|
+
identity,
|
|
6466
|
+
signingKeyHex,
|
|
6467
|
+
atTimestampMs,
|
|
6468
|
+
guardianPublicKeyHex
|
|
6469
|
+
);
|
|
6470
|
+
if (!sovereign.bound) return sovereign;
|
|
6471
|
+
const leaf = await identityLogLeaf(identity.motebit_id, identity.identity.public_key);
|
|
6472
|
+
const included = await verifyMerkleInclusion(
|
|
6473
|
+
leaf,
|
|
6474
|
+
proof.index,
|
|
6475
|
+
proof.siblings,
|
|
6476
|
+
proof.layerSizes,
|
|
6477
|
+
proof.anchoredRoot
|
|
6478
|
+
);
|
|
6479
|
+
if (!included) {
|
|
6480
|
+
return {
|
|
6481
|
+
bound: false,
|
|
6482
|
+
...sovereign.genesisPublicKey ? { genesisPublicKey: sovereign.genesisPublicKey } : {},
|
|
6483
|
+
reason: "identity key is not included in the anchored transparency log"
|
|
6484
|
+
};
|
|
6485
|
+
}
|
|
6486
|
+
return sovereign;
|
|
6487
|
+
}
|
|
6278
6488
|
async function verifyReceiptSignature(receipt, publicKey) {
|
|
6279
6489
|
const { signature, ...body } = receipt;
|
|
6280
6490
|
if (!signature || signature.trim() === "") {
|
|
@@ -6337,6 +6547,7 @@ async function verifyReceipt(receipt) {
|
|
|
6337
6547
|
valid: sigResult.valid && delegationErrors.length === 0,
|
|
6338
6548
|
receipt,
|
|
6339
6549
|
signer: signerDid,
|
|
6550
|
+
keySource: "embedded",
|
|
6340
6551
|
...delegations.length > 0 ? { delegations } : {},
|
|
6341
6552
|
...errors.length > 0 ? { errors } : {}
|
|
6342
6553
|
};
|
|
@@ -6677,7 +6888,9 @@ export {
|
|
|
6677
6888
|
ADJUDICATOR_VOTE_SUITE,
|
|
6678
6889
|
BALANCE_WAIVER_SUITE,
|
|
6679
6890
|
COLLABORATIVE_RECEIPT_SUITE,
|
|
6891
|
+
COMPUTER_SESSION_RECEIPT_SUITE,
|
|
6680
6892
|
CONSOLIDATION_RECEIPT_SUITE,
|
|
6893
|
+
CONTENT_ARTIFACT_SUITE,
|
|
6681
6894
|
DELEGATION_TOKEN_SUITE,
|
|
6682
6895
|
DELETION_CERTIFICATE_SUITE,
|
|
6683
6896
|
DEVICE_REGISTRATION_MAX_AGE_MS,
|
|
@@ -6711,6 +6924,7 @@ export {
|
|
|
6711
6924
|
createPresentation,
|
|
6712
6925
|
createSignedToken,
|
|
6713
6926
|
decodeSkillSignaturePublicKey,
|
|
6927
|
+
deriveSovereignMotebitId,
|
|
6714
6928
|
didKeyToPublicKey,
|
|
6715
6929
|
ed25519Sign,
|
|
6716
6930
|
ed25519Verify,
|
|
@@ -6720,9 +6934,11 @@ export {
|
|
|
6720
6934
|
generateKeypair,
|
|
6721
6935
|
getPublicKeyBySuite,
|
|
6722
6936
|
hash,
|
|
6937
|
+
hashComputerSessionActions,
|
|
6723
6938
|
hashToolPayload,
|
|
6724
6939
|
hexPublicKeyToDidKey,
|
|
6725
6940
|
hexToBytes4 as hexToBytes,
|
|
6941
|
+
identityLogLeaf,
|
|
6726
6942
|
isScopeNarrowed,
|
|
6727
6943
|
issueGradientCredential,
|
|
6728
6944
|
issueReputationCredential,
|
|
@@ -6740,7 +6956,9 @@ export {
|
|
|
6740
6956
|
signCertAsOperator,
|
|
6741
6957
|
signCertAsSubject,
|
|
6742
6958
|
signCollaborativeReceipt,
|
|
6959
|
+
signComputerSessionReceipt,
|
|
6743
6960
|
signConsolidationReceipt,
|
|
6961
|
+
signContentArtifact,
|
|
6744
6962
|
signDelegation,
|
|
6745
6963
|
signDeviceRegistration,
|
|
6746
6964
|
signDisputeAppeal,
|
|
@@ -6768,7 +6986,9 @@ export {
|
|
|
6768
6986
|
verifyBalanceWaiver,
|
|
6769
6987
|
verifyBySuite,
|
|
6770
6988
|
verifyCollaborativeReceipt,
|
|
6989
|
+
verifyComputerSessionReceipt,
|
|
6771
6990
|
verifyConsolidationReceipt,
|
|
6991
|
+
verifyContentArtifact,
|
|
6772
6992
|
verifyCredentialAnchor,
|
|
6773
6993
|
verifyDelegation,
|
|
6774
6994
|
verifyDelegationChain,
|
|
@@ -6783,9 +7003,12 @@ export {
|
|
|
6783
7003
|
verifyGuardianRevocation,
|
|
6784
7004
|
verifyHardwareAttestationClaim,
|
|
6785
7005
|
verifyHorizonWitnessRequestSignature,
|
|
7006
|
+
verifyIdentityBindingAnchored,
|
|
6786
7007
|
verifyIdentityFile,
|
|
7008
|
+
verifyKeyBindingAtTime,
|
|
6787
7009
|
verifyKeySuccession,
|
|
6788
7010
|
verifyMerkleInclusion,
|
|
7011
|
+
verifyReceipt,
|
|
6789
7012
|
verifyReceiptChain,
|
|
6790
7013
|
verifyReceiptSequence,
|
|
6791
7014
|
verifyRetentionManifest,
|
|
@@ -6797,6 +7020,7 @@ export {
|
|
|
6797
7020
|
verifySkillEnvelopeDetailed,
|
|
6798
7021
|
verifySkillManifest,
|
|
6799
7022
|
verifySkillManifestDetailed,
|
|
7023
|
+
verifySovereignBinding,
|
|
6800
7024
|
verifySuccessionChain,
|
|
6801
7025
|
verifyToolInvocationReceipt,
|
|
6802
7026
|
verifyVerifiableCredential,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@motebit/crypto",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "2.0.0",
|
|
4
4
|
"description": "Sign and verify every Motebit artifact — identity files, execution receipts, credentials, delegations, succession records, credential anchors. Ed25519 today, cryptosuite-agile for post-quantum tomorrow. Apache-2.0, zero monorepo dependencies.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -61,10 +61,11 @@
|
|
|
61
61
|
"@noble/ed25519": "~3.0.1",
|
|
62
62
|
"@noble/hashes": "~1.6.0",
|
|
63
63
|
"@types/node": "^22.0.0",
|
|
64
|
+
"fast-check": "^4.6.0",
|
|
64
65
|
"tsup": "^8.0.0",
|
|
65
66
|
"typescript": "^5.6.0",
|
|
66
67
|
"vitest": "^2.1.0",
|
|
67
|
-
"@motebit/protocol": "
|
|
68
|
+
"@motebit/protocol": "2.0.0"
|
|
68
69
|
},
|
|
69
70
|
"engines": {
|
|
70
71
|
"node": ">=20"
|