@motebit/state-export-client 0.2.0 → 0.3.0

package/README.md

@@ -57,6 +57,29 @@ if (inner.applicable && !inner.allValid) {
 
 `verifyInnerSignedReceipts` returns `applicable: false` for v1.0 bodies, non-execution-ledger bodies, or bodies with an empty `signed_receipts` field — calm-software default, no flag required. On v1.1 bodies, every entry is parsed, every signature is checked against its embedded public key, and `delegation_receipts` chains are walked recursively.
 
+## Quick start — verify a pasted receipt (receipt.computer)
+
+```ts
+import { verifyReceiptDocument } from "@motebit/state-export-client";
+
+const v = await verifyReceiptDocument(pastedJsonText);
+
+if (v.binding === "revoked") {
+  show(`Key revoked — do not trust (revoked at ${new Date(v.revokedAt!).toISOString()})`);
+} else if (!v.integrity) {
+  show(`Verification failed: ${v.reason}`); // malformed_json | not_a_receipt | signature_invalid | …
+} else if (v.binding === "anchored" || v.binding === "pinned") {
+  show(`Verified — from ${v.motebitId}`); // key bound to the motebit (anchored adds on-chain non-equivocation)
+} else {
+  // integrity-only: signature is valid but checked against the receipt's OWN
+  // embedded key — proves the bytes weren't tampered, NOT that the key belongs
+  // to motebitId. Never render "from <motebit>" here.
+  show("Signature verified — identity not anchored");
+}
+```
+
+`verifyReceiptDocument` is the brain behind a public, login-free receipt verifier. It runs entirely offline (no relay) for the integrity check, never throws on bad input (typed `reason`s instead), and keeps **integrity** (the bytes were signed, untampered) strictly separate from **binding** (the key belongs to this `motebitId`). The binding ladder: `integrity-only` (no options) < `pinned` (pass `options.identity` — the key is time-valid in the motebit's own succession chain) < `anchored` (also pass `options.anchor` — the binding is in the relay's transparency log AND that root is independently confirmed on-chain). Never render "from &lt;motebit&gt;" below `pinned`. `revoked` is off the ladder — a poison verdict: pass `options.revocation` and if the signing key has an on-chain revocation memo dated at/before the receipt, `binding` is `revoked` regardless of everything else (read from the neutral chain, never the relay's word).
+
 ## Trust-anchor chain
 
 ```
@@ -91,19 +114,37 @@ if (lookup.ok) {
 }
 ```
 
+The same on-chain channel raises a receipt's binding to `anchored`. The relay's `/identity/:motebitId` bundle carries a transparency-log inclusion proof and the tx that posted its root; `lookupIdentityLogAnchor` confirms that root really sits on-chain at the relay's **pinned** address (passed out-of-band, never from the bundle). Wire it through `verifyReceiptDocument`:
+
+```ts
+import { lookupIdentityLogAnchor, verifyReceiptDocument } from "@motebit/state-export-client";
+
+const v = await verifyReceiptDocument(pastedJsonText, {
+  identity, // the motebit's identity file (reaches `pinned`)
+  anchor: {
+    proof: bundle.anchored.proof, // from GET /api/v1/identity/:motebitId
+    relayAnchorAddress: PINNED_RELAY_SOLANA_ADDRESS, // out-of-band trust root
+  },
+});
+// v.binding === "anchored" only when inclusion AND the on-chain root cross-check both pass.
+```
+
 ## Programmatic surface
 
-| Export                                                     | Kind     | Role                                                                                                                       |
-| ---------------------------------------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------------- |
-| `fetchTransparencyAnchor(baseUrl, opts?)`                  | function | TOFU bootstrap — fetch `/.well-known/motebit-transparency.json`, verify self-signature, return pinned `TransparencyAnchor` |
-| `verifyTransparencyDeclaration(declaration)`               | function | Lower-level: verify a `SignedTransparencyDeclaration` from any source (cached, archived, fixture)                          |
-| `verifiedStateExportFetch(url, opts)`                      | function | Wrap `fetch` — verify outer envelope against body bytes + optional anchor pin                                              |
-| `verifyManifestAgainstBytes(manifest, bodyBytes, anchor?)` | function | Lower-level: verify a parsed `ContentArtifactManifest` against bytes you already have                                      |
-| `verifyInnerSignedReceipts(body)`                          | function | Recursive v1.1 inner-receipt audit — per-receipt verdict with typed failure reasons                                        |
-| `lookupTransparencyAnchor(opts)`                           | function | Onchain — query Solana RPC for a Memo program transaction posting the declaration hash                                     |
-| `verifyDeclarationOnchainAnchor(declaration, anchor)`      | function | Onchain — verify the Memo transaction's signer and content match the declaration                                           |
-| `StateExportFetchError`                                    | class    | Thrown on non-2xx HTTP; verifier never attempts to verify error envelopes                                                  |
-| `MANIFEST_HEADER`                                          | constant | The header name (`"X-Motebit-Content-Manifest"`) — exposed for custom transports                                           |
+| Export                                                     | Kind     | Role                                                                                                                                     |
+| ---------------------------------------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
+| `fetchTransparencyAnchor(baseUrl, opts?)`                  | function | TOFU bootstrap — fetch `/.well-known/motebit-transparency.json`, verify self-signature, return pinned `TransparencyAnchor`               |
+| `verifyTransparencyDeclaration(declaration)`               | function | Lower-level: verify a `SignedTransparencyDeclaration` from any source (cached, archived, fixture)                                        |
+| `verifiedStateExportFetch(url, opts)`                      | function | Wrap `fetch` — verify outer envelope against body bytes + optional anchor pin                                                            |
+| `verifyManifestAgainstBytes(manifest, bodyBytes, anchor?)` | function | Lower-level: verify a parsed `ContentArtifactManifest` against bytes you already have                                                    |
+| `verifyInnerSignedReceipts(body)`                          | function | Recursive v1.1 inner-receipt audit — per-receipt verdict with typed failure reasons                                                      |
+| `verifyReceiptDocument(jsonText)`                          | function | Verify a pasted/standalone receipt offline — honest view model separating integrity from identity binding (powers receipt.computer)      |
+| `lookupTransparencyAnchor(opts)`                           | function | Onchain — query Solana RPC for a Memo program transaction posting the declaration hash                                                   |
+| `verifyDeclarationOnchainAnchor(declaration, anchor)`      | function | Onchain — verify the Memo transaction's signer and content match the declaration                                                         |
+| `lookupIdentityLogAnchor(address, root, opts?)`            | function | Onchain — confirm a transparency-log root sits on-chain at the pinned relay address (the `anchored` binding rung)                        |
+| `lookupKeyRevocation(address, keyHex, opts?)`              | function | Onchain — find a `motebit:revocation:v1:` memo revoking a signing key (the `revoked` poison verdict; read from the chain, not the relay) |
+| `StateExportFetchError`                                    | class    | Thrown on non-2xx HTTP; verifier never attempts to verify error envelopes                                                                |
+| `MANIFEST_HEADER`                                          | constant | The header name (`"X-Motebit-Content-Manifest"`) — exposed for custom transports                                                         |
 
 All result types (`TransparencyAnchorResult`, `StateExportVerification`, `InnerReceiptsVerification`, etc.) and failure-reason unions are also exported — discriminated unions, type-narrowable by the `ok` / `valid` / `applicable` field.
 

package/dist/identity-anchor.d.ts

@@ -0,0 +1,63 @@
+/**
+ * On-chain cross-check for the identity-transparency log root.
+ *
+ * The relay's `/identity` bundle carries a Merkle inclusion proof against an
+ * `anchoredRoot` it claims to have posted on-chain. `@motebit/crypto`'s
+ * `verifyIdentityBindingAnchored` proves the leaf is included under that root —
+ * but nothing stops a relay from fabricating a root it never anchored. This
+ * module closes that gap the same way `lookupTransparencyAnchor` closes the TOFU
+ * gap on the transparency declaration: scan the relay's pinned Solana address for
+ * a memo that actually carries that exact root.
+ *
+ * The relay anchors identity-log roots through the generic `ChainAnchorSubmitter`
+ * memo (`motebit:anchor:v1:{root}:{leafCount}`), shared with settlement and
+ * credential anchoring. Matching by the EXACT root value is sound across that
+ * shared stream: identity-binding leaves hash `{type:"motebit-identity-binding",
+ * …}`, so a root over them is domain-separated from any settlement/credential
+ * root and cannot collide. We don't need a dedicated memo prefix — only the root.
+ *
+ * The pinned `relayAnchorAddress` is the trust root: it MUST come from out-of-band
+ * (canonical config / docs site / a known motebit-org keyring), NEVER from the
+ * bundle itself — passing the relay's self-asserted address would be circular
+ * trust, the same caveat the transparency anchor carries.
+ *
+ * No SDK dep — Solana JSON-RPC is plain HTTP-JSON over `fetch`, keeping the
+ * package browser-safe and dep-thin. Mirrors `onchain-anchor.ts`.
+ */
+export interface IdentityAnchorLookupOptions {
+    /** Solana JSON-RPC endpoint. Defaults to mainnet-beta; pin a known-good RPC. */
+    readonly rpcUrl?: string;
+    /** Inject `fetch`. Defaults to global `fetch`; tests pass a mock. */
+    readonly fetch?: typeof globalThis.fetch;
+    /**
+     * Max signatures to scan at the anchor address. Identity-log anchors share the
+     * address with settlement/credential anchors, so the target root may be several
+     * memos back; default 200 covers a generous window of recent anchoring.
+     */
+    readonly maxSignatures?: number;
+}
+export type IdentityAnchorResult = {
+    readonly ok: true;
+    readonly txHash: string;
+    readonly anchoredRoot: string;
+    readonly relayAnchorAddress: string;
+} | {
+    readonly ok: false;
+    readonly reason: IdentityAnchorFailureReason;
+    readonly detail?: string;
+};
+export type IdentityAnchorFailureReason = "rpc_failed" | "root_not_anchored";
+/**
+ * Confirm `expectedRootHex` was posted on-chain by the relay at
+ * `relayAnchorAddress`. Returns a typed result — never throws on verification
+ * failure; HTTP/transport errors surface as `rpc_failed`. A clean
+ * `root_not_anchored` means the scan completed but no `motebit:anchor` memo at the
+ * address carried that root (either never anchored, or beyond the scan window).
+ *
+ * The caller is expected to run this AFTER `verifyIdentityBindingAnchored` has
+ * confirmed the leaf is included under `expectedRootHex` — this adds the second
+ * trust channel (the root is really on-chain by the known relay) on top of the
+ * inclusion proof; it does not replace it.
+ */
+export declare function lookupIdentityLogAnchor(relayAnchorAddress: string, expectedRootHex: string, options?: IdentityAnchorLookupOptions): Promise<IdentityAnchorResult>;
+//# sourceMappingURL=identity-anchor.d.ts.map

package/dist/identity-anchor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-anchor.d.ts","sourceRoot":"","sources":["../src/identity-anchor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAKH,MAAM,WAAW,2BAA2B;IAC1C,gFAAgF;IAChF,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,qEAAqE;IACrE,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IACzC;;;;OAIG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,MAAM,MAAM,oBAAoB,GAC5B;IACE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC;IAClB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;CACrC,GACD;IACE,QAAQ,CAAC,EAAE,EAAE,KAAK,CAAC;IACnB,QAAQ,CAAC,MAAM,EAAE,2BAA2B,CAAC;IAC7C,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEN,MAAM,MAAM,2BAA2B,GAAG,YAAY,GAAG,mBAAmB,CAAC;AAiB7E;;;;;;;;;;;GAWG;AACH,wBAAsB,uBAAuB,CAC3C,kBAAkB,EAAE,MAAM,EAC1B,eAAe,EAAE,MAAM,EACvB,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,oBAAoB,CAAC,CAyD/B"}

package/dist/identity-anchor.js

@@ -0,0 +1,99 @@
+/**
+ * On-chain cross-check for the identity-transparency log root.
+ *
+ * The relay's `/identity` bundle carries a Merkle inclusion proof against an
+ * `anchoredRoot` it claims to have posted on-chain. `@motebit/crypto`'s
+ * `verifyIdentityBindingAnchored` proves the leaf is included under that root —
+ * but nothing stops a relay from fabricating a root it never anchored. This
+ * module closes that gap the same way `lookupTransparencyAnchor` closes the TOFU
+ * gap on the transparency declaration: scan the relay's pinned Solana address for
+ * a memo that actually carries that exact root.
+ *
+ * The relay anchors identity-log roots through the generic `ChainAnchorSubmitter`
+ * memo (`motebit:anchor:v1:{root}:{leafCount}`), shared with settlement and
+ * credential anchoring. Matching by the EXACT root value is sound across that
+ * shared stream: identity-binding leaves hash `{type:"motebit-identity-binding",
+ * …}`, so a root over them is domain-separated from any settlement/credential
+ * root and cannot collide. We don't need a dedicated memo prefix — only the root.
+ *
+ * The pinned `relayAnchorAddress` is the trust root: it MUST come from out-of-band
+ * (canonical config / docs site / a known motebit-org keyring), NEVER from the
+ * bundle itself — passing the relay's self-asserted address would be circular
+ * trust, the same caveat the transparency anchor carries.
+ *
+ * No SDK dep — Solana JSON-RPC is plain HTTP-JSON over `fetch`, keeping the
+ * package browser-safe and dep-thin. Mirrors `onchain-anchor.ts`.
+ */
+/** The generic anchor-memo prefix the relay's ChainAnchorSubmitter emits. */
+const ANCHOR_MEMO_PREFIX = "motebit:anchor:v1:";
+/**
+ * Confirm `expectedRootHex` was posted on-chain by the relay at
+ * `relayAnchorAddress`. Returns a typed result — never throws on verification
+ * failure; HTTP/transport errors surface as `rpc_failed`. A clean
+ * `root_not_anchored` means the scan completed but no `motebit:anchor` memo at the
+ * address carried that root (either never anchored, or beyond the scan window).
+ *
+ * The caller is expected to run this AFTER `verifyIdentityBindingAnchored` has
+ * confirmed the leaf is included under `expectedRootHex` — this adds the second
+ * trust channel (the root is really on-chain by the known relay) on top of the
+ * inclusion proof; it does not replace it.
+ */
+export async function lookupIdentityLogAnchor(relayAnchorAddress, expectedRootHex, options = {}) {
+    const rpcUrl = options.rpcUrl ?? "https://api.mainnet-beta.solana.com";
+    const fetchImpl = options.fetch ?? globalThis.fetch;
+    const limit = options.maxSignatures ?? 200;
+    const target = expectedRootHex.toLowerCase();
+    let signatures;
+    try {
+        const res = await fetchImpl(rpcUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+                jsonrpc: "2.0",
+                id: 1,
+                method: "getSignaturesForAddress",
+                params: [relayAnchorAddress, { limit }],
+            }),
+        });
+        if (!res.ok) {
+            return { ok: false, reason: "rpc_failed", detail: `HTTP ${res.status}` };
+        }
+        const body = (await res.json());
+        if (body.error !== undefined) {
+            return { ok: false, reason: "rpc_failed", detail: body.error.message };
+        }
+        signatures = body.result ?? [];
+    }
+    catch (err) {
+        return {
+            ok: false,
+            reason: "rpc_failed",
+            detail: err instanceof Error ? err.message : String(err),
+        };
+    }
+    for (const sig of signatures) {
+        if (sig.err !== null)
+            continue; // skip failed txs
+        if (sig.memo == null)
+            continue;
+        // Solana RPC formats memo as `[<size> (len <bytes>)] <utf-8>`; match the
+        // canonical prefix anywhere in the formatted string (robust across RPC
+        // versions), then read the 64-hex root that immediately follows it.
+        const idx = sig.memo.indexOf(ANCHOR_MEMO_PREFIX);
+        if (idx === -1)
+            continue;
+        const after = sig.memo.slice(idx + ANCHOR_MEMO_PREFIX.length);
+        const rootMatch = after.match(/^([0-9a-fA-F]{64})/);
+        if (rootMatch == null)
+            continue;
+        if (rootMatch[1].toLowerCase() === target) {
+            return { ok: true, txHash: sig.signature, anchoredRoot: target, relayAnchorAddress };
+        }
+    }
+    return {
+        ok: false,
+        reason: "root_not_anchored",
+        detail: `scanned ${signatures.length} signature(s) at ${relayAnchorAddress}, none carried root ${target}`,
+    };
+}
+//# sourceMappingURL=identity-anchor.js.map

package/dist/identity-anchor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-anchor.js","sourceRoot":"","sources":["../src/identity-anchor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,6EAA6E;AAC7E,MAAM,kBAAkB,GAAG,oBAAoB,CAAC;AA6ChD;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,kBAA0B,EAC1B,eAAuB,EACvB,UAAuC,EAAE;IAEzC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,qCAAqC,CAAC;IACvE,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,aAAa,IAAI,GAAG,CAAC;IAC3C,MAAM,MAAM,GAAG,eAAe,CAAC,WAAW,EAAE,CAAC;IAE7C,IAAI,UAA2B,CAAC;IAChC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,CAAC;gBACL,MAAM,EAAE,yBAAyB;gBACjC,MAAM,EAAE,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,CAAC;aACxC,CAAC;SACH,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;QAC3E,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAiC,CAAC;QAChE,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QACzE,CAAC;QACD,UAAU,GAAG,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC;IACjC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACzD,CAAC;IACJ,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI;YAAE,SAAS,CAAC,kBAAkB;QAClD,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI;YAAE,SAAS;QAE/B,yEAAyE;QACzE,uEAAuE;QACvE,oEAAoE;QACpE,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACjD,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,SAAS;QACzB,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACpD,IAAI,SAAS,IAAI,IAAI;YAAE,SAAS;QAEhC,IAAI,SAAS,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;YAC3C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;QACvF,CAAC;IACH,CAAC;IAED,OAAO;QACL,EAAE,EAAE,KAAK;QACT,MAAM,EAAE,mBAAmB;QAC3B,MAAM,EAAE,WAAW,UAAU,CAAC,MAAM,oBAAoB,kBAAkB,uBAAuB,MAAM,EAAE;KAC1G,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -48,6 +48,12 @@ export { verifiedStateExportFetch, verifyManifestAgainstBytes, StateExportFetchE
 export type { StateExportVerification, StateExportVerificationFailureReason, VerifiedFetchOptions, VerifiedStateExportResponse, } from "./verified-fetch.js";
 export { lookupTransparencyAnchor, verifyDeclarationOnchainAnchor } from "./onchain-anchor.js";
 export type { OnchainAnchorLookupOptions, OnchainAnchorResult, OnchainAnchorFailureReason, } from "./onchain-anchor.js";
+export { lookupIdentityLogAnchor } from "./identity-anchor.js";
+export type { IdentityAnchorLookupOptions, IdentityAnchorResult, IdentityAnchorFailureReason, } from "./identity-anchor.js";
+export { lookupKeyRevocation } from "./key-revocation.js";
+export type { KeyRevocationLookupOptions, KeyRevocationResult } from "./key-revocation.js";
 export { verifyInnerSignedReceipts } from "./inner-receipts.js";
 export type { InnerReceiptVerification, InnerReceiptVerificationFailureReason, InnerReceiptsVerification, } from "./inner-receipts.js";
+export { verifyReceiptDocument } from "./receipt-document.js";
+export type { ReceiptDocumentVerification, ReceiptDocumentFailureReason, ReceiptBindingStatus, ReceiptAnchorOptions, VerifyReceiptDocumentOptions, } from "./receipt-document.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAEH,OAAO,EAAE,uBAAuB,EAAE,6BAA6B,EAAE,MAAM,0BAA0B,CAAC;AAClG,YAAY,EACV,kBAAkB,EAClB,6BAA6B,EAC7B,wBAAwB,EACxB,+BAA+B,EAC/B,8BAA8B,GAC/B,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,wBAAwB,EACxB,0BAA0B,EAC1B,qBAAqB,EACrB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,uBAAuB,EACvB,oCAAoC,EACpC,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,wBAAwB,EAAE,8BAA8B,EAAE,MAAM,qBAAqB,CAAC;AAC/F,YAAY,EACV,0BAA0B,EAC1B,mBAAmB,EACnB,0BAA0B,GAC3B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAChE,YAAY,EACV,wBAAwB,EACxB,qCAAqC,EACrC,yBAAyB,GAC1B,MAAM,qBAAqB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAEH,OAAO,EAAE,uBAAuB,EAAE,6BAA6B,EAAE,MAAM,0BAA0B,CAAC;AAClG,YAAY,EACV,kBAAkB,EAClB,6BAA6B,EAC7B,wBAAwB,EACxB,+BAA+B,EAC/B,8BAA8B,GAC/B,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,wBAAwB,EACxB,0BAA0B,EAC1B,qBAAqB,EACrB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,uBAAuB,EACvB,oCAAoC,EACpC,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,wBAAwB,EAAE,8BAA8B,EAAE,MAAM,qBAAqB,CAAC;AAC/F,YAAY,EACV,0BAA0B,EAC1B,mBAAmB,EACnB,0BAA0B,GAC3B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,YAAY,EACV,2BAA2B,EAC3B,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,YAAY,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAE3F,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAChE,YAAY,EACV,wBAAwB,EACxB,qCAAqC,EACrC,yBAAyB,GAC1B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,YAAY,EACV,2BAA2B,EAC3B,4BAA4B,EAC5B,oBAAoB,EACpB,oBAAoB,EACpB,4BAA4B,GAC7B,MAAM,uBAAuB,CAAC"}

package/dist/index.js

@@ -45,5 +45,8 @@
 export { fetchTransparencyAnchor, verifyTransparencyDeclaration } from "./transparency-anchor.js";
 export { verifiedStateExportFetch, verifyManifestAgainstBytes, StateExportFetchError, MANIFEST_HEADER, } from "./verified-fetch.js";
 export { lookupTransparencyAnchor, verifyDeclarationOnchainAnchor } from "./onchain-anchor.js";
+export { lookupIdentityLogAnchor } from "./identity-anchor.js";
+export { lookupKeyRevocation } from "./key-revocation.js";
 export { verifyInnerSignedReceipts } from "./inner-receipts.js";
+export { verifyReceiptDocument } from "./receipt-document.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAEH,OAAO,EAAE,uBAAuB,EAAE,6BAA6B,EAAE,MAAM,0BAA0B,CAAC;AASlG,OAAO,EACL,wBAAwB,EACxB,0BAA0B,EAC1B,qBAAqB,EACrB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAQ7B,OAAO,EAAE,wBAAwB,EAAE,8BAA8B,EAAE,MAAM,qBAAqB,CAAC;AAO/F,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAEH,OAAO,EAAE,uBAAuB,EAAE,6BAA6B,EAAE,MAAM,0BAA0B,CAAC;AASlG,OAAO,EACL,wBAAwB,EACxB,0BAA0B,EAC1B,qBAAqB,EACrB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAQ7B,OAAO,EAAE,wBAAwB,EAAE,8BAA8B,EAAE,MAAM,qBAAqB,CAAC;AAO/F,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAO/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAG1D,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAOhE,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/inner-receipts.d.ts

@@ -25,12 +25,28 @@
 export interface InnerReceiptVerification {
     /** Task identifier of the inner receipt. Pulled from the parsed receipt body. */
     readonly taskId: string;
-    /** The producing motebit's identifier — what the relay claims; the signature proves it. */
+    /**
+     * The producing motebit's identifier as carried in the receipt body.
+     * NOTE: a valid signature proves the embedded key signed these bytes, NOT
+     * that the key belongs to this `motebitId` — see `identityBinding`.
+     */
     readonly motebitId: string;
     /** `did:key:zXXX` derived from the receipt's embedded public key when verification succeeded. */
     readonly signerDid?: string;
     /** Whether the inner receipt's signature verifies against its embedded `public_key`. */
     readonly valid: boolean;
+    /**
+     * Identity-binding status of a *successful* signature check. Always
+     * `"embedded-key-unverified"` on this path: the signature is checked
+     * against the receipt's own `public_key`, which proves byte-integrity but
+     * NOT that the key belongs to `motebitId`. Establishing binding requires
+     * an external anchor (the relay's pinned transparency key / a known-keys
+     * map). Callers MUST NOT render this as "from <motebit>" without an anchor
+     * — mirrors the content-artifact path's `producer_key_mismatch` discipline
+     * (see package CLAUDE.md "Why the trust anchor is necessary"). Absent on
+     * failures.
+     */
+    readonly identityBinding?: "embedded-key-unverified";
     /** Typed failure reason when `valid === false`. */
     readonly reason?: InnerReceiptVerificationFailureReason;
     /** Free-form detail (e.g. underlying error message). */

package/dist/inner-receipts.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"inner-receipts.d.ts","sourceRoot":"","sources":["../src/inner-receipts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAMH,uEAAuE;AACvE,MAAM,WAAW,wBAAwB;IACvC,iFAAiF;IACjF,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,2FAA2F;IAC3F,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,iGAAiG;IACjG,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,wFAAwF;IACxF,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,mDAAmD;IACnD,QAAQ,CAAC,MAAM,CAAC,EAAE,qCAAqC,CAAC;IACxD,wDAAwD;IACxD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,uGAAuG;IACvG,QAAQ,CAAC,WAAW,CAAC,EAAE,wBAAwB,EAAE,CAAC;CACnD;AAED,MAAM,MAAM,qCAAqC,GAC7C,gBAAgB,GAChB,oBAAoB,GACpB,mBAAmB,GACnB,mBAAmB,GACnB,SAAS,CAAC;AAEd,oFAAoF;AACpF,MAAM,WAAW,yBAAyB;IACxC,uFAAuF;IACvF,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,yDAAyD;IACzD,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,kGAAkG;IAClG,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,+EAA+E;IAC/E,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,wBAAwB,CAAC,CAAC;IAC1D,+FAA+F;IAC/F,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;CAC9B;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,yBAAyB,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAkCjG"}
+{"version":3,"file":"inner-receipts.d.ts","sourceRoot":"","sources":["../src/inner-receipts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAMH,uEAAuE;AACvE,MAAM,WAAW,wBAAwB;IACvC,iFAAiF;IACjF,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB;;;;OAIG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,iGAAiG;IACjG,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,wFAAwF;IACxF,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,yBAAyB,CAAC;IACrD,mDAAmD;IACnD,QAAQ,CAAC,MAAM,CAAC,EAAE,qCAAqC,CAAC;IACxD,wDAAwD;IACxD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,uGAAuG;IACvG,QAAQ,CAAC,WAAW,CAAC,EAAE,wBAAwB,EAAE,CAAC;CACnD;AAED,MAAM,MAAM,qCAAqC,GAC7C,gBAAgB,GAChB,oBAAoB,GACpB,mBAAmB,GACnB,mBAAmB,GACnB,SAAS,CAAC;AAEd,oFAAoF;AACpF,MAAM,WAAW,yBAAyB;IACxC,uFAAuF;IACvF,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,yDAAyD;IACzD,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,kGAAkG;IAClG,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,+EAA+E;IAC/E,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,wBAAwB,CAAC,CAAC;IAC1D,+FAA+F;IAC/F,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;CAC9B;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,yBAAyB,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAkCjG"}

package/dist/inner-receipts.js

@@ -96,6 +96,9 @@ async function verifyOneInner(entryJson) {
             motebitId: String(receipt.motebit_id),
             ...(result.signer !== undefined && { signerDid: result.signer }),
             valid: true,
+            ...(result.keySource === "embedded" && {
+                identityBinding: "embedded-key-unverified",
+            }),
             ...(result.delegations !== undefined && result.delegations.length > 0
                 ? { delegations: result.delegations.map(toInnerShape) }
                 : {}),
@@ -151,6 +154,8 @@ function toInnerShape(r) {
         motebitId: String(r.receipt?.motebit_id ?? "<unknown>"),
         ...(r.signer !== undefined && { signerDid: r.signer }),
         valid: r.valid,
+        ...(r.valid &&
+            r.keySource === "embedded" && { identityBinding: "embedded-key-unverified" }),
         ...(reason !== undefined && { reason }),
         ...(errs[0]?.message !== undefined && !r.valid && { detail: errs[0].message }),
         ...(r.delegations !== undefined && r.delegations.length > 0

package/dist/inner-receipts.js.map

@@ -1 +1 @@
-{"version":3,"file":"inner-receipts.js","sourceRoot":"","sources":["../src/inner-receipts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAyChD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,IAAa;IAC3D,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,KAAK;YACf,aAAa,EAAE,CAAC;YAChB,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,EAAE;SACZ,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,CAAC;IAC5C,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChE,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,KAAK;YACf,aAAa,EAAE,CAAC;YAChB,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,EAAE;SACZ,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAA+B,EAAE,CAAC;IAC/C,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACnC,OAAO,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;IAC5D,OAAO;QACL,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,aAAa,KAAK,OAAO,CAAC,MAAM;QAC1C,aAAa;QACb,UAAU,EAAE,OAAO,CAAC,MAAM;QAC1B,OAAO;KACR,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAa;IAG1C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAC5D,MAAM,CAAC,GAAG,IAAqD,CAAC;IAChE,IAAI,CAAC,CAAC,IAAI,KAAK,0BAA0B;QAAE,OAAO,KAAK,CAAC;IACxD,OAAO,CAAC,CAAC,eAAe,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;AAC7E,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,SAAiB;IAC7C,IAAI,OAAyB,CAAC;IAC9B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAqB,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,eAAe;YACvB,SAAS,EAAE,eAAe;YAC1B,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,gBAAgB;YACxB,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACzD,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;IAE5C,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YACrC,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;YAChE,KAAK,EAAE,IAAI;YACX,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;gBACnE,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;gBACvD,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,kEAAkE;IAClE,sDAAsD;IACtD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IACjC,IAAI,MAAM,GAA0C,SAAS,CAAC;IAC9D,IAAI,MAA0B,CAAC;IAC/B,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,EAAE,CAAC;QACnE,MAAM,GAAG,oBAAoB,CAAC;QAC9B,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,EAAE,OAAO,CAAC;IACnF,CAAC;SAAM,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC,EAAE,CAAC;QAC9D,MAAM,GAAG,mBAAmB,CAAC;QAC7B,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACvE,CAAC;SAAM,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,GAAG,mBAAmB,CAAC;QAC7B,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC;IAC5B,CAAC;IAED,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,OAAO;QACvB,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;QACrC,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;QAChE,KAAK,EAAE,KAAK;QACZ,MAAM;QACN,GAAG,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,MAAM,EAAE,CAAC;QACvC,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;YACnE,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACvD,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC;AAED,oEAAoE;AACpE,+DAA+D;AAC/D,SAAS,YAAY,CAAC,CAA4C;IAChE,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;IAC5B,IAAI,MAAyD,CAAC;IAC9D,IAAI,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;QACb,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC;YAChE,MAAM,GAAG,oBAAoB,CAAC;aAC3B,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC;YAAE,MAAM,GAAG,mBAAmB,CAAC;aACrF,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,GAAG,mBAAmB,CAAC;;YAClD,MAAM,GAAG,SAAS,CAAC;IAC1B,CAAC;IACD,OAAO;QACL,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,IAAI,WAAW;QACzC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,UAAU,IAAI,WAAW,CAAC;QACvD,GAAG,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;QACtD,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,GAAG,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,MAAM,EAAE,CAAC;QACvC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,KAAK,SAAS,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAC9E,GAAG,CAAC,CAAC,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;YACzD,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YAClD,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC"}
+{"version":3,"file":"inner-receipts.js","sourceRoot":"","sources":["../src/inner-receipts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAyDhD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,IAAa;IAC3D,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,KAAK;YACf,aAAa,EAAE,CAAC;YAChB,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,EAAE;SACZ,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,CAAC;IAC5C,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChE,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,KAAK;YACf,aAAa,EAAE,CAAC;YAChB,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,EAAE;SACZ,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAA+B,EAAE,CAAC;IAC/C,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACnC,OAAO,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;IAC5D,OAAO;QACL,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,aAAa,KAAK,OAAO,CAAC,MAAM;QAC1C,aAAa;QACb,UAAU,EAAE,OAAO,CAAC,MAAM;QAC1B,OAAO;KACR,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAa;IAG1C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAC5D,MAAM,CAAC,GAAG,IAAqD,CAAC;IAChE,IAAI,CAAC,CAAC,IAAI,KAAK,0BAA0B;QAAE,OAAO,KAAK,CAAC;IACxD,OAAO,CAAC,CAAC,eAAe,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;AAC7E,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,SAAiB;IAC7C,IAAI,OAAyB,CAAC;IAC9B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAqB,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,eAAe;YACvB,SAAS,EAAE,eAAe;YAC1B,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,gBAAgB;YACxB,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACzD,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;IAE5C,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YACrC,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;YAChE,KAAK,EAAE,IAAI;YACX,GAAG,CAAC,MAAM,CAAC,SAAS,KAAK,UAAU,IAAI;gBACrC,eAAe,EAAE,yBAAkC;aACpD,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;gBACnE,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;gBACvD,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,kEAAkE;IAClE,sDAAsD;IACtD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IACjC,IAAI,MAAM,GAA0C,SAAS,CAAC;IAC9D,IAAI,MAA0B,CAAC;IAC/B,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,EAAE,CAAC;QACnE,MAAM,GAAG,oBAAoB,CAAC;QAC9B,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,EAAE,OAAO,CAAC;IACnF,CAAC;SAAM,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC,EAAE,CAAC;QAC9D,MAAM,GAAG,mBAAmB,CAAC;QAC7B,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACvE,CAAC;SAAM,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,GAAG,mBAAmB,CAAC;QAC7B,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC;IAC5B,CAAC;IAED,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,OAAO;QACvB,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;QACrC,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;QAChE,KAAK,EAAE,KAAK;QACZ,MAAM;QACN,GAAG,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,MAAM,EAAE,CAAC;QACvC,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;YACnE,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACvD,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC;AAED,oEAAoE;AACpE,+DAA+D;AAC/D,SAAS,YAAY,CAAC,CAA4C;IAChE,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;IAC5B,IAAI,MAAyD,CAAC;IAC9D,IAAI,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;QACb,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC;YAChE,MAAM,GAAG,oBAAoB,CAAC;aAC3B,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC;YAAE,MAAM,GAAG,mBAAmB,CAAC;aACrF,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,GAAG,mBAAmB,CAAC;;YAClD,MAAM,GAAG,SAAS,CAAC;IAC1B,CAAC;IACD,OAAO;QACL,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,IAAI,WAAW;QACzC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,UAAU,IAAI,WAAW,CAAC;QACvD,GAAG,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;QACtD,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,GAAG,CAAC,CAAC,CAAC,KAAK;YACT,CAAC,CAAC,SAAS,KAAK,UAAU,IAAI,EAAE,eAAe,EAAE,yBAAkC,EAAE,CAAC;QACxF,GAAG,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,MAAM,EAAE,CAAC;QACvC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,KAAK,SAAS,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAC9E,GAAG,CAAC,CAAC,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;YACzD,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YAClD,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC"}

package/dist/key-revocation.d.ts

@@ -0,0 +1,50 @@
+/**
+ * On-chain key-revocation lookup — the binding-time consumer of the relay's
+ * revocation memos.
+ *
+ * When a key is rotated away or an agent is revoked, the relay anchors a
+ * `motebit:revocation:v1:{keyHex}:{timestamp}` memo on Solana
+ * (`SolanaMemoSubmitter.submitRevocation`). This module reads those memos so a
+ * verifier can refuse to bind a receipt signed by a key that was revoked at or
+ * before the receipt's timestamp.
+ *
+ * The trust asymmetry vs. the anchored rung is the whole point: a relay can't
+ * forge an anchored root, but it COULD hide a revocation that protects it (a key
+ * it secretly controls). So revocation must be read from the neutral chain at the
+ * relay's pinned address — never taken from the relay's own `/identity` response.
+ * `revoked_at` is whatever timestamp the memo carries; if the operator backdates
+ * it to the true compromise moment, this consumer honors that automatically.
+ *
+ * No SDK dep — Solana JSON-RPC over fetch keeps the package browser-safe. Mirrors
+ * `identity-anchor.ts` / `onchain-anchor.ts`.
+ */
+export interface KeyRevocationLookupOptions {
+    readonly rpcUrl?: string;
+    readonly fetch?: typeof globalThis.fetch;
+    /** Max signatures to scan at the relay address. Default 200. */
+    readonly maxSignatures?: number;
+}
+export type KeyRevocationResult = 
+/** A revocation memo for this key was found on-chain. `revokedAt` is its timestamp (ms). */
+{
+    readonly status: "revoked";
+    readonly revokedAt: number;
+    readonly txHash: string;
+}
+/** Scan completed; no revocation memo for this key at the address. */
+ | {
+    readonly status: "not_revoked";
+}
+/** Could not determine (RPC/transport failure) — NOT proof of safety. */
+ | {
+    readonly status: "unknown";
+    readonly detail: string;
+};
+/**
+ * Look up whether `signingKeyHex` has an on-chain revocation memo at the relay's
+ * pinned address. Returns the EARLIEST revocation timestamp found (the most
+ * protective — a key revoked at T cannot be trusted for anything dated ≥ T).
+ * Never throws; transport/RPC failures surface as `status: "unknown"`.
+ */
+export declare function lookupKeyRevocation(relayAnchorAddress: string, signingKeyHex: string, options?: KeyRevocationLookupOptions): Promise<KeyRevocationResult>;
+//# sourceMappingURL=key-revocation.d.ts.map

package/dist/key-revocation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-revocation.d.ts","sourceRoot":"","sources":["../src/key-revocation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAIH,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IACzC,gEAAgE;IAChE,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,MAAM,MAAM,mBAAmB;AAC7B,4FAA4F;AAC1F;IAAE,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;IAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;CAAE;AACrF,sEAAsE;GACpE;IAAE,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAA;CAAE;AACpC,yEAAyE;GACvE;IAAE,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;IAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAiB5D;;;;;GAKG;AACH,wBAAsB,mBAAmB,CACvC,kBAAkB,EAAE,MAAM,EAC1B,aAAa,EAAE,MAAM,EACrB,OAAO,GAAE,0BAA+B,GACvC,OAAO,CAAC,mBAAmB,CAAC,CA6C9B"}

package/dist/key-revocation.js

@@ -0,0 +1,79 @@
+/**
+ * On-chain key-revocation lookup — the binding-time consumer of the relay's
+ * revocation memos.
+ *
+ * When a key is rotated away or an agent is revoked, the relay anchors a
+ * `motebit:revocation:v1:{keyHex}:{timestamp}` memo on Solana
+ * (`SolanaMemoSubmitter.submitRevocation`). This module reads those memos so a
+ * verifier can refuse to bind a receipt signed by a key that was revoked at or
+ * before the receipt's timestamp.
+ *
+ * The trust asymmetry vs. the anchored rung is the whole point: a relay can't
+ * forge an anchored root, but it COULD hide a revocation that protects it (a key
+ * it secretly controls). So revocation must be read from the neutral chain at the
+ * relay's pinned address — never taken from the relay's own `/identity` response.
+ * `revoked_at` is whatever timestamp the memo carries; if the operator backdates
+ * it to the true compromise moment, this consumer honors that automatically.
+ *
+ * No SDK dep — Solana JSON-RPC over fetch keeps the package browser-safe. Mirrors
+ * `identity-anchor.ts` / `onchain-anchor.ts`.
+ */
+const REVOCATION_MEMO_PREFIX = "motebit:revocation:v1:";
+/**
+ * Look up whether `signingKeyHex` has an on-chain revocation memo at the relay's
+ * pinned address. Returns the EARLIEST revocation timestamp found (the most
+ * protective — a key revoked at T cannot be trusted for anything dated ≥ T).
+ * Never throws; transport/RPC failures surface as `status: "unknown"`.
+ */
+export async function lookupKeyRevocation(relayAnchorAddress, signingKeyHex, options = {}) {
+    const rpcUrl = options.rpcUrl ?? "https://api.mainnet-beta.solana.com";
+    const fetchImpl = options.fetch ?? globalThis.fetch;
+    const limit = options.maxSignatures ?? 200;
+    const needle = `${REVOCATION_MEMO_PREFIX}${signingKeyHex.toLowerCase()}:`;
+    let signatures;
+    try {
+        const res = await fetchImpl(rpcUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+                jsonrpc: "2.0",
+                id: 1,
+                method: "getSignaturesForAddress",
+                params: [relayAnchorAddress, { limit }],
+            }),
+        });
+        if (!res.ok)
+            return { status: "unknown", detail: `HTTP ${res.status}` };
+        const body = (await res.json());
+        if (body.error !== undefined)
+            return { status: "unknown", detail: body.error.message };
+        signatures = body.result ?? [];
+    }
+    catch (err) {
+        return { status: "unknown", detail: err instanceof Error ? err.message : String(err) };
+    }
+    let earliest = null;
+    for (const sig of signatures) {
+        if (sig.err !== null)
+            continue;
+        if (sig.memo == null)
+            continue;
+        const idx = sig.memo.toLowerCase().indexOf(needle);
+        if (idx === -1)
+            continue;
+        const after = sig.memo.slice(idx + needle.length);
+        const tsMatch = after.match(/^(\d+)/);
+        if (tsMatch == null)
+            continue;
+        const revokedAt = Number(tsMatch[1]);
+        if (!Number.isFinite(revokedAt))
+            continue;
+        if (earliest == null || revokedAt < earliest.revokedAt) {
+            earliest = { revokedAt, txHash: sig.signature };
+        }
+    }
+    return earliest
+        ? { status: "revoked", revokedAt: earliest.revokedAt, txHash: earliest.txHash }
+        : { status: "not_revoked" };
+}
+//# sourceMappingURL=key-revocation.js.map

package/dist/key-revocation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-revocation.js","sourceRoot":"","sources":["../src/key-revocation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,MAAM,sBAAsB,GAAG,wBAAwB,CAAC;AAgCxD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,kBAA0B,EAC1B,aAAqB,EACrB,UAAsC,EAAE;IAExC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,qCAAqC,CAAC;IACvE,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,aAAa,IAAI,GAAG,CAAC;IAC3C,MAAM,MAAM,GAAG,GAAG,sBAAsB,GAAG,aAAa,CAAC,WAAW,EAAE,GAAG,CAAC;IAE1E,IAAI,UAA2B,CAAC;IAChC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,CAAC;gBACL,MAAM,EAAE,yBAAyB;gBACjC,MAAM,EAAE,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,CAAC;aACxC,CAAC;SACH,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;QACxE,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAiC,CAAC;QAChE,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QACvF,UAAU,GAAG,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC;IACjC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;IACzF,CAAC;IAED,IAAI,QAAQ,GAAiD,IAAI,CAAC;IAClE,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI;YAAE,SAAS;QAC/B,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI;YAAE,SAAS;QAC/B,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACnD,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,SAAS;QACzB,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QAClD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtC,IAAI,OAAO,IAAI,IAAI;YAAE,SAAS;QAC9B,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC;YAAE,SAAS;QAC1C,IAAI,QAAQ,IAAI,IAAI,IAAI,SAAS,GAAG,QAAQ,CAAC,SAAS,EAAE,CAAC;YACvD,QAAQ,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC;QAClD,CAAC;IACH,CAAC;IAED,OAAO,QAAQ;QACb,CAAC,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE;QAC/E,CAAC,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;AAChC,CAAC"}

package/dist/receipt-document.d.ts

@@ -0,0 +1,134 @@
+/**
+ * Verify a pasted/standalone `ExecutionReceipt` document and project it into an
+ * honest, display-ready view model — the brain behind a public receipt verifier
+ * (e.g. receipt.computer): paste a receipt, learn what it actually proves.
+ *
+ * The model's whole point is to keep two facts separate, the way the rest of the
+ * stack now does (crypto `keySource`, render-engine `bindingStatusFor`):
+ *
+ *   - INTEGRITY — "the bytes were signed by *some* key and nothing was tampered."
+ *     Always checkable offline from the receipt alone.
+ *   - BINDING   — "that key belongs to the claimed `motebit_id`." Established only
+ *     when the verifying key came from a trusted external source, never from the
+ *     receipt's own embedded `public_key`.
+ *
+ * Verified against the receipt's embedded key alone (offline, no options), a
+ * successful check is `integrity-only`: it never claims identity binding. Supply
+ * `options.identity` to reach `"pinned"` (the signing key is time-valid in the
+ * motebit's own succession chain), and additionally `options.anchor` to reach
+ * `"anchored"` (that binding is in the relay's transparency log AND the log root
+ * is independently confirmed on-chain). Callers branch on `binding`, not
+ * `integrity`, before rendering "from <motebit>".
+ *
+ * Browser-safe; composes `@motebit/crypto` verifiers + an injectable on-chain
+ * lookup — no new crypto here.
+ *
+ * Doctrine: `docs/doctrine/self-attesting-system.md`, `docs/doctrine/operator-transparency.md`.
+ */
+import { type IdentityLogInclusionProof, type MotebitIdentityFile } from "@motebit/crypto";
+import { type IdentityAnchorLookupOptions } from "./identity-anchor.js";
+import { type KeyRevocationLookupOptions } from "./key-revocation.js";
+/**
+ * Identity-binding status — a ladder of increasing trust-minimization, per
+ * `docs/doctrine/identity-binding-verification.md`. `"unverified"` (signature
+ * failed) < `"integrity-only"` (signed, but checked against the receipt's own
+ * embedded key — not bound) < `"pinned"` (the signing key is time-valid for an
+ * identity file the caller supplied; sovereign chain verified, no operator
+ * anchor) < `"anchored"` (the motebit's key is committed in the relay's
+ * identity-transparency log AND that log root is independently confirmed on-chain
+ * — operator non-equivocation) < `"sovereign"` (the `motebit_id` IS the commitment
+ * to the genesis key, verified offline from the identity file alone — no operator,
+ * no anchor, no chain; the strongest root).
+ *
+ * `"revoked"` is off the ladder — a poison verdict. The signature may be valid,
+ * but the signing key was revoked on-chain at/before the receipt's timestamp, so
+ * the producer claim must NOT be trusted. It overrides every other status.
+ */
+export type ReceiptBindingStatus = "revoked" | "sovereign" | "anchored" | "pinned" | "integrity-only" | "unverified";
+export type ReceiptDocumentFailureReason = "malformed_json" | "not_a_receipt" | "missing_public_key" | "signature_invalid" | "delegation_failed" | "unknown";
+/** Honest, recursive view model for a verified (or rejected) receipt document. */
+export interface ReceiptDocumentVerification {
+    /**
+     * True iff the signature verified (and every delegation verified) — INTEGRITY.
+     * A `true` here does NOT mean the key belongs to `motebitId`; read `binding`.
+     */
+    readonly integrity: boolean;
+    /**
+     * Identity-binding status (the ladder). `"anchored"` when the binding is in the
+     * relay's transparency log AND that root is confirmed on-chain; `"pinned"` when
+     * the signing key is time-valid for a caller-supplied identity file;
+     * `"integrity-only"` when only the signature is verified against the receipt's
+     * own embedded key; `"unverified"` when the signature did not verify. Surfaces
+     * MUST NOT render "from <motebit>" below `"pinned"`.
+     */
+    readonly binding: ReceiptBindingStatus;
+    /** The Solana tx that anchored the log root, when `binding === "anchored"`. */
+    readonly anchorTxHash?: string;
+    /** When `binding === "revoked"`: the on-chain revocation timestamp (ms). */
+    readonly revokedAt?: number;
+    /** `did:key:z…` derived from the signing key when integrity holds. */
+    readonly signerDid?: string;
+    /** The producing `motebit_id` as carried in the receipt body — a claim, not proof. */
+    readonly motebitId?: string;
+    readonly taskId?: string;
+    /** Per-delegation results, recursive — mirrors the delegation chain. */
+    readonly delegations?: ReceiptDocumentVerification[];
+    /** Typed failure reason when `integrity` is false. */
+    readonly reason?: ReceiptDocumentFailureReason;
+    /** Free-form detail (e.g. underlying error message). */
+    readonly detail?: string;
+}
+/**
+ * Material for the `anchored` rung: the relay's identity-transparency inclusion
+ * proof plus the out-of-band pinned relay Solana address to cross-check it
+ * against. Both come from the relay's `/identity/:motebitId` bundle EXCEPT
+ * `relayAnchorAddress`, which MUST be pinned independently (not taken from the
+ * bundle) — that's the trust root that makes the on-chain check non-circular.
+ */
+export interface ReceiptAnchorOptions {
+    /** The relay bundle's `anchored.proof` — its `anchoredRoot` is checked on-chain. */
+    readonly proof: IdentityLogInclusionProof;
+    /** Pinned relay Solana address (out-of-band trust root). */
+    readonly relayAnchorAddress: string;
+    /** Solana RPC / fetch injection for the on-chain lookup. */
+    readonly lookup?: IdentityAnchorLookupOptions;
+}
+export interface VerifyReceiptDocumentOptions {
+    /**
+     * The producing motebit's identity file (its self-signed succession material).
+     * When supplied, and the receipt's signing key is time-valid for it (and the
+     * `motebit_id` matches), the result's root upgrades to `binding: "pinned"` —
+     * verified against material the caller supplied. The `anchored` / `sovereign`
+     * rungs layer operator non-equivocation on top; see
+     * `docs/doctrine/identity-binding-verification.md`.
+     */
+    readonly identity?: MotebitIdentityFile;
+    /**
+     * Anchor material. Requires `identity` too — `anchored` is `pinned` PLUS an
+     * on-chain-confirmed transparency-log inclusion. When the inclusion proof and
+     * the on-chain root cross-check both pass, the root upgrades to
+     * `binding: "anchored"`; otherwise it degrades honestly to `pinned` /
+     * `integrity-only`.
+     */
+    readonly anchor?: ReceiptAnchorOptions;
+    /**
+     * On-chain revocation check. The signing key is scanned for a revocation memo
+     * at the relay's pinned address (read from the neutral chain, NOT the relay's
+     * word — the relay could hide a revocation that protects it). If the key was
+     * revoked at/before the receipt's `completed_at`, `binding` is `"revoked"`,
+     * overriding every other rung. Requires no `identity` — a revoked key poisons
+     * even the integrity-only claim.
+     */
+    readonly revocation?: {
+        readonly relayAnchorAddress: string;
+        readonly lookup?: KeyRevocationLookupOptions;
+    };
+}
+/**
+ * Verify a pasted receipt document (JSON text) entirely offline. Returns a typed
+ * view model; never throws on bad input or a crypto failure — only `JSON.parse`
+ * and shape errors map to `malformed_json` / `not_a_receipt`. Pass
+ * `options.identity` to attempt the `"pinned"` binding rung.
+ */
+export declare function verifyReceiptDocument(jsonText: string, options?: VerifyReceiptDocumentOptions): Promise<ReceiptDocumentVerification>;
+//# sourceMappingURL=receipt-document.d.ts.map

package/dist/receipt-document.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"receipt-document.d.ts","sourceRoot":"","sources":["../src/receipt-document.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EAIL,KAAK,yBAAyB,EAC9B,KAAK,mBAAmB,EACzB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAA2B,KAAK,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AACjG,OAAO,EAAuB,KAAK,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAE3F;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,oBAAoB,GAC5B,SAAS,GACT,WAAW,GACX,UAAU,GACV,QAAQ,GACR,gBAAgB,GAChB,YAAY,CAAC;AAEjB,MAAM,MAAM,4BAA4B,GACpC,gBAAgB,GAChB,eAAe,GACf,oBAAoB,GACpB,mBAAmB,GACnB,mBAAmB,GACnB,SAAS,CAAC;AAEd,kFAAkF;AAClF,MAAM,WAAW,2BAA2B;IAC1C;;;OAGG;IACH,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B;;;;;;;OAOG;IACH,QAAQ,CAAC,OAAO,EAAE,oBAAoB,CAAC;IACvC,+EAA+E;IAC/E,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,4EAA4E;IAC5E,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,sEAAsE;IACtE,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,sFAAsF;IACtF,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,wEAAwE;IACxE,QAAQ,CAAC,WAAW,CAAC,EAAE,2BAA2B,EAAE,CAAC;IACrD,sDAAsD;IACtD,QAAQ,CAAC,MAAM,CAAC,EAAE,4BAA4B,CAAC;IAC/C,wDAAwD;IACxD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AA8DD;;;;;;GAMG;AACH,MAAM,WAAW,oBAAoB;IACnC,oFAAoF;IACpF,QAAQ,CAAC,KAAK,EAAE,yBAAyB,CAAC;IAC1C,4DAA4D;IAC5D,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,4DAA4D;IAC5D,QAAQ,CAAC,MAAM,CAAC,EAAE,2BAA2B,CAAC;CAC/C;AAED,MAAM,WAAW,4BAA4B;IAC3C;;;;;;;OAOG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,mBAAmB,CAAC;IACxC;;;;;;OAMG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,oBAAoB,CAAC;IACvC;;;;;;;OAOG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE;QACpB,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;QACpC,QAAQ,CAAC,MAAM,CAAC,EAAE,0BAA0B,CAAC;KAC9C,CAAC;CACH;AAoED;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,4BAA4B,GACrC,OAAO,CAAC,2BAA2B,CAAC,CAiDtC"}

package/dist/receipt-document.js

@@ -0,0 +1,189 @@
+/**
+ * Verify a pasted/standalone `ExecutionReceipt` document and project it into an
+ * honest, display-ready view model — the brain behind a public receipt verifier
+ * (e.g. receipt.computer): paste a receipt, learn what it actually proves.
+ *
+ * The model's whole point is to keep two facts separate, the way the rest of the
+ * stack now does (crypto `keySource`, render-engine `bindingStatusFor`):
+ *
+ *   - INTEGRITY — "the bytes were signed by *some* key and nothing was tampered."
+ *     Always checkable offline from the receipt alone.
+ *   - BINDING   — "that key belongs to the claimed `motebit_id`." Established only
+ *     when the verifying key came from a trusted external source, never from the
+ *     receipt's own embedded `public_key`.
+ *
+ * Verified against the receipt's embedded key alone (offline, no options), a
+ * successful check is `integrity-only`: it never claims identity binding. Supply
+ * `options.identity` to reach `"pinned"` (the signing key is time-valid in the
+ * motebit's own succession chain), and additionally `options.anchor` to reach
+ * `"anchored"` (that binding is in the relay's transparency log AND the log root
+ * is independently confirmed on-chain). Callers branch on `binding`, not
+ * `integrity`, before rendering "from <motebit>".
+ *
+ * Browser-safe; composes `@motebit/crypto` verifiers + an injectable on-chain
+ * lookup — no new crypto here.
+ *
+ * Doctrine: `docs/doctrine/self-attesting-system.md`, `docs/doctrine/operator-transparency.md`.
+ */
+import { verifyReceipt, verifyKeyBindingAtTime, verifyIdentityBindingAnchored, } from "@motebit/crypto";
+import { lookupIdentityLogAnchor } from "./identity-anchor.js";
+import { lookupKeyRevocation } from "./key-revocation.js";
+/**
+ * Minimal structural guard for user-pasted input. We verify at the boundary
+ * (untrusted text) before handing to crypto — a non-receipt object must surface
+ * as a typed `not_a_receipt`, never an opaque downstream throw.
+ */
+function isExecutionReceiptShape(value) {
+    if (typeof value !== "object" || value === null)
+        return false;
+    const r = value;
+    return (typeof r["motebit_id"] === "string" &&
+        typeof r["task_id"] === "string" &&
+        typeof r["signature"] === "string" &&
+        typeof r["suite"] === "string");
+}
+function toView(result) {
+    const errs = result.errors ?? [];
+    const base = {
+        integrity: result.valid,
+        // `verifyReceipt` checks the signature against the receipt's own embedded
+        // key, so on its own a valid check is integrity-only. `verifyReceiptDocument`
+        // upgrades the root to `"pinned"` when a matching identity file is supplied.
+        binding: result.valid ? "integrity-only" : "unverified",
+    };
+    if (result.signer !== undefined)
+        base.signerDid = result.signer;
+    if (result.receipt) {
+        base.motebitId = String(result.receipt.motebit_id);
+        base.taskId = result.receipt.task_id;
+    }
+    if (result.delegations && result.delegations.length > 0) {
+        base.delegations = result.delegations.map(toView);
+    }
+    if (!result.valid) {
+        if (errs.some((e) => e.message.includes("No embedded public_key"))) {
+            base.reason = "missing_public_key";
+        }
+        else if (errs.some((e) => e.path === "delegation_receipts")) {
+            base.reason = "delegation_failed";
+        }
+        else if (errs.length > 0) {
+            base.reason = "signature_invalid";
+        }
+        else {
+            base.reason = "unknown";
+        }
+        const detail = errs[0]?.message;
+        if (detail !== undefined)
+            base.detail = detail;
+    }
+    return base;
+}
+/**
+ * Promote the root to `"pinned"` iff the supplied identity file is for this
+ * receipt's motebit and its succession chain makes the signing key valid at the
+ * receipt's `completed_at`. Returns `null` (no promotion) otherwise. The chain is
+ * verified inside `verifyKeyBindingAtTime`; this is the sovereign-root half of
+ * binding (no operator anchor).
+ */
+async function pinnedBinding(receipt, identity) {
+    if (typeof receipt.public_key !== "string")
+        return null;
+    if (String(identity.motebit_id) !== String(receipt.motebit_id))
+        return null;
+    const r = await verifyKeyBindingAtTime(identity, receipt.public_key, receipt.completed_at);
+    return r.bound ? "pinned" : null;
+}
+/**
+ * Promote to `"sovereign"` iff the signing key binds AND the identity's
+ * `motebit_id` is the sovereign commitment to its genesis key. This is the
+ * strongest rung and the only fully-offline one — `verifyKeyBindingAtTime`
+ * computes both the key's window and the id↔genesis commitment from the identity
+ * file alone, so no anchor, no relay, no chain is consulted. Returns `null`
+ * (no promotion) when the motebit wasn't minted sovereignly.
+ */
+async function sovereignBinding(receipt, identity) {
+    if (typeof receipt.public_key !== "string")
+        return null;
+    if (String(identity.motebit_id) !== String(receipt.motebit_id))
+        return null;
+    const r = await verifyKeyBindingAtTime(identity, receipt.public_key, receipt.completed_at);
+    return r.bound === true && r.sovereign === true ? "sovereign" : null;
+}
+/**
+ * Promote to `"anchored"` iff (a) the signing key is sovereign-bound to the
+ * supplied identity at `completed_at` AND included under `anchor.proof`'s root
+ * (`verifyIdentityBindingAnchored`), AND (b) that root is independently confirmed
+ * on-chain at the pinned relay address (`lookupIdentityLogAnchor`). The second
+ * check is what makes it `anchored` rather than `pinned` — without it a relay
+ * could assert any root. Returns the anchoring `txHash` for provenance, or `null`
+ * (no promotion) on any failure.
+ */
+async function anchoredBinding(receipt, identity, anchor) {
+    if (typeof receipt.public_key !== "string")
+        return null;
+    if (String(identity.motebit_id) !== String(receipt.motebit_id))
+        return null;
+    const bound = await verifyIdentityBindingAnchored(identity, receipt.public_key, receipt.completed_at, anchor.proof);
+    if (!bound.bound)
+        return null;
+    const onchain = await lookupIdentityLogAnchor(anchor.relayAnchorAddress, anchor.proof.anchoredRoot, anchor.lookup);
+    return onchain.ok ? { txHash: onchain.txHash } : null;
+}
+/**
+ * Verify a pasted receipt document (JSON text) entirely offline. Returns a typed
+ * view model; never throws on bad input or a crypto failure — only `JSON.parse`
+ * and shape errors map to `malformed_json` / `not_a_receipt`. Pass
+ * `options.identity` to attempt the `"pinned"` binding rung.
+ */
+export async function verifyReceiptDocument(jsonText, options) {
+    let parsed;
+    try {
+        parsed = JSON.parse(jsonText);
+    }
+    catch (err) {
+        return {
+            integrity: false,
+            binding: "unverified",
+            reason: "malformed_json",
+            detail: err instanceof Error ? err.message : String(err),
+        };
+    }
+    if (!isExecutionReceiptShape(parsed)) {
+        return {
+            integrity: false,
+            binding: "unverified",
+            reason: "not_a_receipt",
+            detail: "input is not an ExecutionReceipt (missing motebit_id / task_id / signature / suite)",
+        };
+    }
+    const view = toView(await verifyReceipt(parsed));
+    if (view.integrity) {
+        // Revocation is a poison verdict — check it first, independent of `identity`.
+        // A key revoked on-chain at/before completed_at must not bind, no matter what
+        // the succession chain says.
+        if (options?.revocation && typeof parsed.public_key === "string") {
+            const rev = await lookupKeyRevocation(options.revocation.relayAnchorAddress, parsed.public_key, options.revocation.lookup);
+            if (rev.status === "revoked" && rev.revokedAt <= parsed.completed_at) {
+                return { ...view, binding: "revoked", revokedAt: rev.revokedAt };
+            }
+        }
+        if (options?.identity) {
+            // Sovereign is the strongest root AND fully offline — check it first; a
+            // sovereign motebit needs no operator anchor at all.
+            const sovereign = await sovereignBinding(parsed, options.identity);
+            if (sovereign)
+                return { ...view, binding: sovereign };
+            if (options.anchor) {
+                const anchored = await anchoredBinding(parsed, options.identity, options.anchor);
+                if (anchored)
+                    return { ...view, binding: "anchored", anchorTxHash: anchored.txHash };
+            }
+            const pinned = await pinnedBinding(parsed, options.identity);
+            if (pinned)
+                return { ...view, binding: pinned };
+        }
+    }
+    return view;
+}
+//# sourceMappingURL=receipt-document.js.map

package/dist/receipt-document.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"receipt-document.js","sourceRoot":"","sources":["../src/receipt-document.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,6BAA6B,GAG9B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,uBAAuB,EAAoC,MAAM,sBAAsB,CAAC;AACjG,OAAO,EAAE,mBAAmB,EAAmC,MAAM,qBAAqB,CAAC;AAmE3F;;;;GAIG;AACH,SAAS,uBAAuB,CAAC,KAAc;IAC7C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAC9D,MAAM,CAAC,GAAG,KAAgC,CAAC;IAC3C,OAAO,CACL,OAAO,CAAC,CAAC,YAAY,CAAC,KAAK,QAAQ;QACnC,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,QAAQ;QAChC,OAAO,CAAC,CAAC,WAAW,CAAC,KAAK,QAAQ;QAClC,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAC/B,CAAC;AACJ,CAAC;AAID,SAAS,MAAM,CAAC,MAA2B;IACzC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IACjC,MAAM,IAAI,GASN;QACF,SAAS,EAAE,MAAM,CAAC,KAAK;QACvB,0EAA0E;QAC1E,8EAA8E;QAC9E,6EAA6E;QAC7E,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,YAAY;KACxD,CAAC;IACF,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS;QAAE,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;IAChE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;IACvC,CAAC;IACD,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxD,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,EAAE,CAAC;YACnE,IAAI,CAAC,MAAM,GAAG,oBAAoB,CAAC;QACrC,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC,EAAE,CAAC;YAC9D,IAAI,CAAC,MAAM,GAAG,mBAAmB,CAAC;QACpC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,IAAI,CAAC,MAAM,GAAG,mBAAmB,CAAC;QACpC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QAC1B,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC;QAChC,IAAI,MAAM,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACjD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAkDD;;;;;;GAMG;AACH,KAAK,UAAU,aAAa,CAC1B,OAAyB,EACzB,QAA6B;IAE7B,IAAI,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5E,MAAM,CAAC,GAAG,MAAM,sBAAsB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAC3F,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;AACnC,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,gBAAgB,CAC7B,OAAyB,EACzB,QAA6B;IAE7B,IAAI,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5E,MAAM,CAAC,GAAG,MAAM,sBAAsB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAC3F,OAAO,CAAC,CAAC,KAAK,KAAK,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;AACvE,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,eAAe,CAC5B,OAAyB,EACzB,QAA6B,EAC7B,MAA4B;IAE5B,IAAI,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5E,MAAM,KAAK,GAAG,MAAM,6BAA6B,CAC/C,QAAQ,EACR,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,YAAY,EACpB,MAAM,CAAC,KAAK,CACb,CAAC;IACF,IAAI,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAC9B,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAC3C,MAAM,CAAC,kBAAkB,EACzB,MAAM,CAAC,KAAK,CAAC,YAAY,EACzB,MAAM,CAAC,MAAM,CACd,CAAC;IACF,OAAO,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACxD,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,QAAgB,EAChB,OAAsC;IAEtC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,OAAO,EAAE,YAAY;YACrB,MAAM,EAAE,gBAAgB;YACxB,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACzD,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC,EAAE,CAAC;QACrC,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,OAAO,EAAE,YAAY;YACrB,MAAM,EAAE,eAAe;YACvB,MAAM,EAAE,qFAAqF;SAC9F,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;IACjD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,8EAA8E;QAC9E,8EAA8E;QAC9E,6BAA6B;QAC7B,IAAI,OAAO,EAAE,UAAU,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YACjE,MAAM,GAAG,GAAG,MAAM,mBAAmB,CACnC,OAAO,CAAC,UAAU,CAAC,kBAAkB,EACrC,MAAM,CAAC,UAAU,EACjB,OAAO,CAAC,UAAU,CAAC,MAAM,CAC1B,CAAC;YACF,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,IAAI,GAAG,CAAC,SAAS,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACrE,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC;YACnE,CAAC;QACH,CAAC;QACD,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,wEAAwE;YACxE,qDAAqD;YACrD,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnE,IAAI,SAAS;gBAAE,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YACtD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;gBACjF,IAAI,QAAQ;oBAAE,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC;YACvF,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC7D,IAAI,MAAM;gBAAE,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;QAClD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@motebit/state-export-client",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Browser-safe client for verified motebit state-export reads. Wraps fetch with X-Motebit-Content-Manifest verification + Trust-On-First-Use bootstrap from /.well-known/motebit-transparency.json. Apache-2.0; consumes @motebit/crypto + @motebit/protocol only.",
   "repository": {
     "type": "git",
@@ -35,8 +35,8 @@
     "operator-transparency"
   ],
   "dependencies": {
-    "@motebit/crypto": "1.3.0",
-    "@motebit/protocol": "1.3.0"
+    "@motebit/crypto": "2.0.0",
+    "@motebit/protocol": "2.0.0"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",