@motebit/state-export-client 0.2.0

package/dist/inner-receipts.js

@@ -0,0 +1,161 @@
+/**
+ * Recursive verification for v1.1 inner signed receipts.
+ *
+ * The relay-assembled execution-ledger reconstruction at
+ * `/api/v1/execution/:motebitId/:goalId` carries the v1.1 optional
+ * `signed_receipts: string[]` field — byte-identical canonical-JSON of
+ * each delegated motebit's signed `ExecutionReceipt`, sourced from the
+ * relay's `relay_receipts.receipt_json` archive (per
+ * `services/relay/CLAUDE.md` Rule 11). The wire shape and rationale
+ * live in `spec/execution-ledger-v1.md` §4.3 (Inner Signed Receipts —
+ * v1.1 additive).
+ *
+ * Without recursive verification, the v1.1 wire change is invisible
+ * truth: the verifier sees the field but does nothing with it. This
+ * module closes the consumer-side asymmetry. Each receipt is parsed
+ * back into its `ExecutionReceipt` shape, passed to
+ * `verifyReceipt` from `@motebit/crypto`, and its Ed25519 signature
+ * checked against the embedded `public_key` independently of the
+ * relay. Multi-hop delegation chains are walked recursively.
+ *
+ * Doctrine: `docs/doctrine/nist-alignment.md` §8 "Inner-receipt
+ * verification closed"; `docs/doctrine/self-attesting-system.md`.
+ */
+import { EXECUTION_LEDGER_SPEC_V1_1 } from "@motebit/protocol";
+import { verifyReceipt } from "@motebit/crypto";
+/**
+ * Verify the inner signed receipts inside an execution-ledger response
+ * body. Idempotent + side-effect-free; no network calls beyond what
+ * `verifyReceipt` performs (which itself is offline — every receipt
+ * carries its own `public_key`).
+ *
+ * Returns `{ applicable: false }` for v1.0 bodies, bodies without
+ * `signed_receipts`, or bodies that aren't execution-ledger shape.
+ * Returns `{ applicable: true, allValid, ... }` with per-receipt
+ * outcomes for v1.1 bodies that carry the field.
+ */
+export async function verifyInnerSignedReceipts(body) {
+    if (!isV1_1ExecutionLedger(body)) {
+        return {
+            applicable: false,
+            allValid: false,
+            verifiedCount: 0,
+            totalCount: 0,
+            results: [],
+        };
+    }
+    const signedReceipts = body.signed_receipts;
+    if (signedReceipts === undefined || signedReceipts.length === 0) {
+        return {
+            applicable: false,
+            allValid: false,
+            verifiedCount: 0,
+            totalCount: 0,
+            results: [],
+        };
+    }
+    const results = [];
+    for (const entry of signedReceipts) {
+        results.push(await verifyOneInner(entry));
+    }
+    const verifiedCount = results.filter((r) => r.valid).length;
+    return {
+        applicable: true,
+        allValid: verifiedCount === results.length,
+        verifiedCount,
+        totalCount: results.length,
+        results,
+    };
+}
+function isV1_1ExecutionLedger(body) {
+    if (typeof body !== "object" || body === null)
+        return false;
+    const b = body;
+    if (b.spec !== EXECUTION_LEDGER_SPEC_V1_1)
+        return false;
+    return b.signed_receipts === undefined || Array.isArray(b.signed_receipts);
+}
+async function verifyOneInner(entryJson) {
+    let receipt;
+    try {
+        receipt = JSON.parse(entryJson);
+    }
+    catch (err) {
+        return {
+            taskId: "<unparseable>",
+            motebitId: "<unparseable>",
+            valid: false,
+            reason: "malformed_json",
+            detail: err instanceof Error ? err.message : String(err),
+        };
+    }
+    const result = await verifyReceipt(receipt);
+    if (result.valid) {
+        return {
+            taskId: receipt.task_id,
+            motebitId: String(receipt.motebit_id),
+            ...(result.signer !== undefined && { signerDid: result.signer }),
+            valid: true,
+            ...(result.delegations !== undefined && result.delegations.length > 0
+                ? { delegations: result.delegations.map(toInnerShape) }
+                : {}),
+        };
+    }
+    // Map the crypto-layer ReceiptVerifyResult into the consumer-facing
+    // typed-failure shape. We surface the cheapest cause: missing key
+    // before signature failure, delegation failures last.
+    const errs = result.errors ?? [];
+    let reason = "unknown";
+    let detail;
+    if (errs.some((e) => e.message.includes("No embedded public_key"))) {
+        reason = "missing_public_key";
+        detail = errs.find((e) => e.message.includes("No embedded public_key"))?.message;
+    }
+    else if (errs.some((e) => e.path === "delegation_receipts")) {
+        reason = "delegation_failed";
+        detail = errs.find((e) => e.path === "delegation_receipts")?.message;
+    }
+    else if (errs.length > 0) {
+        reason = "signature_invalid";
+        detail = errs[0]?.message;
+    }
+    return {
+        taskId: receipt.task_id,
+        motebitId: String(receipt.motebit_id),
+        ...(result.signer !== undefined && { signerDid: result.signer }),
+        valid: false,
+        reason,
+        ...(detail !== undefined && { detail }),
+        ...(result.delegations !== undefined && result.delegations.length > 0
+            ? { delegations: result.delegations.map(toInnerShape) }
+            : {}),
+    };
+}
+// Lift the crypto-layer ReceiptVerifyResult shape into the consumer
+// shape so callers don't need to import @motebit/crypto types.
+function toInnerShape(r) {
+    const errs = r.errors ?? [];
+    let reason;
+    if (!r.valid) {
+        if (errs.some((e) => e.message.includes("No embedded public_key")))
+            reason = "missing_public_key";
+        else if (errs.some((e) => e.path === "delegation_receipts"))
+            reason = "delegation_failed";
+        else if (errs.length > 0)
+            reason = "signature_invalid";
+        else
+            reason = "unknown";
+    }
+    return {
+        taskId: r.receipt?.task_id ?? "<unknown>",
+        motebitId: String(r.receipt?.motebit_id ?? "<unknown>"),
+        ...(r.signer !== undefined && { signerDid: r.signer }),
+        valid: r.valid,
+        ...(reason !== undefined && { reason }),
+        ...(errs[0]?.message !== undefined && !r.valid && { detail: errs[0].message }),
+        ...(r.delegations !== undefined && r.delegations.length > 0
+            ? { delegations: r.delegations.map(toInnerShape) }
+            : {}),
+    };
+}
+//# sourceMappingURL=inner-receipts.js.map

package/dist/inner-receipts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"inner-receipts.js","sourceRoot":"","sources":["../src/inner-receipts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAyChD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,IAAa;IAC3D,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,KAAK;YACf,aAAa,EAAE,CAAC;YAChB,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,EAAE;SACZ,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,CAAC;IAC5C,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChE,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,KAAK;YACf,aAAa,EAAE,CAAC;YAChB,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,EAAE;SACZ,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAA+B,EAAE,CAAC;IAC/C,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACnC,OAAO,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;IAC5D,OAAO;QACL,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,aAAa,KAAK,OAAO,CAAC,MAAM;QAC1C,aAAa;QACb,UAAU,EAAE,OAAO,CAAC,MAAM;QAC1B,OAAO;KACR,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAa;IAG1C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAC5D,MAAM,CAAC,GAAG,IAAqD,CAAC;IAChE,IAAI,CAAC,CAAC,IAAI,KAAK,0BAA0B;QAAE,OAAO,KAAK,CAAC;IACxD,OAAO,CAAC,CAAC,eAAe,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;AAC7E,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,SAAiB;IAC7C,IAAI,OAAyB,CAAC;IAC9B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAqB,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,eAAe;YACvB,SAAS,EAAE,eAAe;YAC1B,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,gBAAgB;YACxB,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACzD,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;IAE5C,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YACrC,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;YAChE,KAAK,EAAE,IAAI;YACX,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;gBACnE,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;gBACvD,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,kEAAkE;IAClE,sDAAsD;IACtD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IACjC,IAAI,MAAM,GAA0C,SAAS,CAAC;IAC9D,IAAI,MAA0B,CAAC;IAC/B,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,EAAE,CAAC;QACnE,MAAM,GAAG,oBAAoB,CAAC;QAC9B,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,EAAE,OAAO,CAAC;IACnF,CAAC;SAAM,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC,EAAE,CAAC;QAC9D,MAAM,GAAG,mBAAmB,CAAC;QAC7B,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACvE,CAAC;SAAM,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,GAAG,mBAAmB,CAAC;QAC7B,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC;IAC5B,CAAC;IAED,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,OAAO;QACvB,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;QACrC,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;QAChE,KAAK,EAAE,KAAK;QACZ,MAAM;QACN,GAAG,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,MAAM,EAAE,CAAC;QACvC,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;YACnE,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACvD,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC;AAED,oEAAoE;AACpE,+DAA+D;AAC/D,SAAS,YAAY,CAAC,CAA4C;IAChE,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;IAC5B,IAAI,MAAyD,CAAC;IAC9D,IAAI,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;QACb,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC;YAChE,MAAM,GAAG,oBAAoB,CAAC;aAC3B,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC;YAAE,MAAM,GAAG,mBAAmB,CAAC;aACrF,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,GAAG,mBAAmB,CAAC;;YAClD,MAAM,GAAG,SAAS,CAAC;IAC1B,CAAC;IACD,OAAO;QACL,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,IAAI,WAAW;QACzC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,UAAU,IAAI,WAAW,CAAC;QACvD,GAAG,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;QACtD,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,GAAG,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,MAAM,EAAE,CAAC;QACvC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,KAAK,SAAS,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAC9E,GAAG,CAAC,CAAC,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;YACzD,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YAClD,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC"}

package/dist/onchain-anchor.d.ts

@@ -0,0 +1,93 @@
+/**
+ * Onchain cross-check for the operator-transparency declaration.
+ *
+ * Trust-on-first-use (TOFU) bootstrap is the weakest link in the
+ * offline-after-bootstrap verification story — the first fetch of
+ * `/.well-known/motebit-transparency.json` trusts HTTPS + DNS + CAs.
+ * A DNS hijack, malicious ISP, or compromised CA can substitute a
+ * different declaration with the attacker's key embedded (the
+ * self-signature still verifies — against the attacker's key).
+ *
+ * Closure: anchor the declaration's hash to Solana via the Memo
+ * program at deploy/declare time. A verifier with the relay's pinned
+ * Solana address (out-of-band trust root, like Apple's App Attest root
+ * cert) cross-checks `sha256(declaration)` against memos at that
+ * address. Mismatch — or no memo at all — surfaces a typed reason.
+ *
+ * No SDK dep. Solana JSON-RPC is plain HTTP-JSON; this module uses
+ * `fetch` directly to keep `@motebit/state-export-client` browser-safe
+ * and dep-thin (no `@solana/web3.js` pulled into web bundles).
+ *
+ * Doctrine: `docs/doctrine/operator-transparency.md` § Stage 2 onchain
+ * anchor; `docs/doctrine/nist-alignment.md` §8 "savant gap closure".
+ */
+import type { SignedTransparencyDeclaration } from "./transparency-anchor.js";
+export interface OnchainAnchorLookupOptions {
+    /**
+     * Solana JSON-RPC endpoint URL. Defaults to mainnet-beta — production
+     * verifiers SHOULD pin a known-good RPC (Helius / Triton / self-hosted)
+     * to avoid the same kind of supply-chain risk the anchor exists to
+     * close. Tests pass a fixture URL backed by a mock fetch.
+     */
+    readonly rpcUrl?: string;
+    /**
+     * Inject the fetch implementation. Defaults to global `fetch`. Tests
+     * pass a mock; integrators with custom transport pass a wrapper.
+     */
+    readonly fetch?: typeof globalThis.fetch;
+    /**
+     * Max signatures to scan at the anchor address. Memos are append-only;
+     * the latest one is the current declaration anchor. Older signatures
+     * are historical declarations the operator has cycled through.
+     * Default 50 — covers typical operator cadence (declarations change
+     * on doctrine update or key rotation, not frequently).
+     */
+    readonly maxSignatures?: number;
+}
+/** Verification outcome with a structured failure reason for audit logging. */
+export type OnchainAnchorResult = {
+    readonly ok: true;
+    readonly txHash: string;
+    readonly anchoredHashHex: string;
+    readonly anchorAddress: string;
+} | {
+    readonly ok: false;
+    readonly reason: OnchainAnchorFailureReason;
+    readonly detail?: string;
+};
+export type OnchainAnchorFailureReason = "rpc_failed" | "no_anchor_found" | "anchor_hash_mismatch" | "malformed_memo";
+/**
+ * Look up the latest onchain anchor for a transparency declaration.
+ * Returns a typed result — never throws on verification failure; HTTP
+ * errors surface as `rpc_failed`.
+ *
+ * Algorithm:
+ *
+ *   1. `getSignaturesForAddress(anchorAddress)` returns recent signatures
+ *      with their memo field populated (the JSON-RPC returns the memo
+ *      inline because the Memo program emits the data in the tx log).
+ *   2. Filter to signatures whose memo starts with the canonical
+ *      `motebit:transparency:v1:` prefix.
+ *   3. Pick the most recent (signatures are returned newest-first).
+ *   4. Parse the hash out of the memo (`motebit:transparency:v1:<hash>`).
+ *   5. Compare against `expectedHashHex`. Equality → anchored; mismatch
+ *      → tampering; no match in scan → never anchored.
+ *
+ * The pinned `anchorAddress` is the trust root. It MUST be obtained
+ * out-of-band (published in the motebit canonical config, the docs site,
+ * or a known motebit-org keyring) — passing the value from the
+ * declaration itself would be circular trust.
+ */
+export declare function lookupTransparencyAnchor(anchorAddress: string, expectedHashHex: string, options?: OnchainAnchorLookupOptions): Promise<OnchainAnchorResult>;
+/**
+ * Convenience: cross-check a transparency declaration against an
+ * onchain anchor. Combines hash extraction from the declaration with
+ * `lookupTransparencyAnchor`. Returns the same typed result.
+ *
+ * The verifier expected to call this AFTER `verifyTransparencyDeclaration`
+ * has confirmed the self-signature — anchor verification adds a second
+ * trust channel on top of the self-signature check; it doesn't replace
+ * the self-signature.
+ */
+export declare function verifyDeclarationOnchainAnchor(declaration: SignedTransparencyDeclaration, anchorAddress: string, options?: OnchainAnchorLookupOptions): Promise<OnchainAnchorResult>;
+//# sourceMappingURL=onchain-anchor.d.ts.map

package/dist/onchain-anchor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"onchain-anchor.d.ts","sourceRoot":"","sources":["../src/onchain-anchor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,0BAA0B,CAAC;AAK9E,MAAM,WAAW,0BAA0B;IACzC;;;;;OAKG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;;OAGG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IACzC;;;;;;OAMG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,+EAA+E;AAC/E,MAAM,MAAM,mBAAmB,GAC3B;IACE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC;IAClB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CAChC,GACD;IACE,QAAQ,CAAC,EAAE,EAAE,KAAK,CAAC;IACnB,QAAQ,CAAC,MAAM,EAAE,0BAA0B,CAAC;IAC5C,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEN,MAAM,MAAM,0BAA0B,GAClC,YAAY,GACZ,iBAAiB,GACjB,sBAAsB,GACtB,gBAAgB,CAAC;AAiBrB;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,wBAAwB,CAC5C,aAAa,EAAE,MAAM,EACrB,eAAe,EAAE,MAAM,EACvB,OAAO,GAAE,0BAA+B,GACvC,OAAO,CAAC,mBAAmB,CAAC,CAkF9B;AAED;;;;;;;;;GASG;AACH,wBAAsB,8BAA8B,CAClD,WAAW,EAAE,6BAA6B,EAC1C,aAAa,EAAE,MAAM,EACrB,OAAO,GAAE,0BAA+B,GACvC,OAAO,CAAC,mBAAmB,CAAC,CAE9B"}

package/dist/onchain-anchor.js

@@ -0,0 +1,141 @@
+/**
+ * Onchain cross-check for the operator-transparency declaration.
+ *
+ * Trust-on-first-use (TOFU) bootstrap is the weakest link in the
+ * offline-after-bootstrap verification story — the first fetch of
+ * `/.well-known/motebit-transparency.json` trusts HTTPS + DNS + CAs.
+ * A DNS hijack, malicious ISP, or compromised CA can substitute a
+ * different declaration with the attacker's key embedded (the
+ * self-signature still verifies — against the attacker's key).
+ *
+ * Closure: anchor the declaration's hash to Solana via the Memo
+ * program at deploy/declare time. A verifier with the relay's pinned
+ * Solana address (out-of-band trust root, like Apple's App Attest root
+ * cert) cross-checks `sha256(declaration)` against memos at that
+ * address. Mismatch — or no memo at all — surfaces a typed reason.
+ *
+ * No SDK dep. Solana JSON-RPC is plain HTTP-JSON; this module uses
+ * `fetch` directly to keep `@motebit/state-export-client` browser-safe
+ * and dep-thin (no `@solana/web3.js` pulled into web bundles).
+ *
+ * Doctrine: `docs/doctrine/operator-transparency.md` § Stage 2 onchain
+ * anchor; `docs/doctrine/nist-alignment.md` §8 "savant gap closure".
+ */
+/** Canonical memo prefix the relay emits for transparency anchors. */
+const TRANSPARENCY_MEMO_PREFIX = "motebit:transparency:v1:";
+/**
+ * Look up the latest onchain anchor for a transparency declaration.
+ * Returns a typed result — never throws on verification failure; HTTP
+ * errors surface as `rpc_failed`.
+ *
+ * Algorithm:
+ *
+ *   1. `getSignaturesForAddress(anchorAddress)` returns recent signatures
+ *      with their memo field populated (the JSON-RPC returns the memo
+ *      inline because the Memo program emits the data in the tx log).
+ *   2. Filter to signatures whose memo starts with the canonical
+ *      `motebit:transparency:v1:` prefix.
+ *   3. Pick the most recent (signatures are returned newest-first).
+ *   4. Parse the hash out of the memo (`motebit:transparency:v1:<hash>`).
+ *   5. Compare against `expectedHashHex`. Equality → anchored; mismatch
+ *      → tampering; no match in scan → never anchored.
+ *
+ * The pinned `anchorAddress` is the trust root. It MUST be obtained
+ * out-of-band (published in the motebit canonical config, the docs site,
+ * or a known motebit-org keyring) — passing the value from the
+ * declaration itself would be circular trust.
+ */
+export async function lookupTransparencyAnchor(anchorAddress, expectedHashHex, options = {}) {
+    const rpcUrl = options.rpcUrl ?? "https://api.mainnet-beta.solana.com";
+    const fetchImpl = options.fetch ?? globalThis.fetch;
+    const limit = options.maxSignatures ?? 50;
+    let signatures;
+    try {
+        const res = await fetchImpl(rpcUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+                jsonrpc: "2.0",
+                id: 1,
+                method: "getSignaturesForAddress",
+                params: [anchorAddress, { limit }],
+            }),
+        });
+        if (!res.ok) {
+            return { ok: false, reason: "rpc_failed", detail: `HTTP ${res.status}` };
+        }
+        const body = (await res.json());
+        if (body.error !== undefined) {
+            return { ok: false, reason: "rpc_failed", detail: body.error.message };
+        }
+        signatures = body.result ?? [];
+    }
+    catch (err) {
+        return {
+            ok: false,
+            reason: "rpc_failed",
+            detail: err instanceof Error ? err.message : String(err),
+        };
+    }
+    // Newest-first per Solana RPC convention. Find the first valid
+    // transparency anchor memo. The memo field appears in the signature
+    // result when the tx includes the Memo program — solana-rpc parses
+    // and surfaces the data inline.
+    for (const sig of signatures) {
+        if (sig.err !== null)
+            continue; // skip failed txs
+        if (sig.memo == null)
+            continue;
+        // Solana RPC formats memo as `[<size> (len <bytes>)] <utf-8>`. The
+        // leading bracket-prefix is metadata; the actual memo bytes follow.
+        // Match the canonical prefix anywhere in the formatted string —
+        // robust to format variation across RPC versions.
+        const idx = sig.memo.indexOf(TRANSPARENCY_MEMO_PREFIX);
+        if (idx === -1)
+            continue;
+        const after = sig.memo.slice(idx + TRANSPARENCY_MEMO_PREFIX.length);
+        // The hash continues until the first non-hex character (end of string,
+        // closing bracket from RPC formatting, whitespace, etc.).
+        const hashMatch = after.match(/^([0-9a-fA-F]{64})/);
+        if (hashMatch == null) {
+            return {
+                ok: false,
+                reason: "malformed_memo",
+                detail: `memo prefix matched but hash slot is not 64 hex chars: "${after.slice(0, 80)}"`,
+            };
+        }
+        const anchoredHashHex = hashMatch[1].toLowerCase();
+        if (anchoredHashHex !== expectedHashHex.toLowerCase()) {
+            return {
+                ok: false,
+                reason: "anchor_hash_mismatch",
+                detail: `expected ${expectedHashHex.toLowerCase()}, got ${anchoredHashHex}`,
+            };
+        }
+        return {
+            ok: true,
+            txHash: sig.signature,
+            anchoredHashHex,
+            anchorAddress,
+        };
+    }
+    return {
+        ok: false,
+        reason: "no_anchor_found",
+        detail: `scanned ${signatures.length} signature(s) at ${anchorAddress}, none matched ${TRANSPARENCY_MEMO_PREFIX}<hash>`,
+    };
+}
+/**
+ * Convenience: cross-check a transparency declaration against an
+ * onchain anchor. Combines hash extraction from the declaration with
+ * `lookupTransparencyAnchor`. Returns the same typed result.
+ *
+ * The verifier expected to call this AFTER `verifyTransparencyDeclaration`
+ * has confirmed the self-signature — anchor verification adds a second
+ * trust channel on top of the self-signature check; it doesn't replace
+ * the self-signature.
+ */
+export async function verifyDeclarationOnchainAnchor(declaration, anchorAddress, options = {}) {
+    return lookupTransparencyAnchor(anchorAddress, declaration.hash, options);
+}
+//# sourceMappingURL=onchain-anchor.js.map

package/dist/onchain-anchor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"onchain-anchor.js","sourceRoot":"","sources":["../src/onchain-anchor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAIH,sEAAsE;AACtE,MAAM,wBAAwB,GAAG,0BAA0B,CAAC;AA4D5D;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,aAAqB,EACrB,eAAuB,EACvB,UAAsC,EAAE;IAExC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,qCAAqC,CAAC;IACvE,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC;IAE1C,IAAI,UAA2B,CAAC;IAChC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,CAAC;gBACL,MAAM,EAAE,yBAAyB;gBACjC,MAAM,EAAE,CAAC,aAAa,EAAE,EAAE,KAAK,EAAE,CAAC;aACnC,CAAC;SACH,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;QAC3E,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAiC,CAAC;QAChE,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QACzE,CAAC;QACD,UAAU,GAAG,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC;IACjC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACzD,CAAC;IACJ,CAAC;IAED,+DAA+D;IAC/D,oEAAoE;IACpE,mEAAmE;IACnE,gCAAgC;IAChC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI;YAAE,SAAS,CAAC,kBAAkB;QAClD,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI;YAAE,SAAS;QAE/B,mEAAmE;QACnE,oEAAoE;QACpE,gEAAgE;QAChE,kDAAkD;QAClD,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QACvD,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,SAAS;QAEzB,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACpE,uEAAuE;QACvE,0DAA0D;QAC1D,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACpD,IAAI,SAAS,IAAI,IAAI,EAAE,CAAC;YACtB,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,gBAAgB;gBACxB,MAAM,EAAE,2DAA2D,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG;aACzF,CAAC;QACJ,CAAC;QACD,MAAM,eAAe,GAAG,SAAS,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;QAEpD,IAAI,eAAe,KAAK,eAAe,CAAC,WAAW,EAAE,EAAE,CAAC;YACtD,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,sBAAsB;gBAC9B,MAAM,EAAE,YAAY,eAAe,CAAC,WAAW,EAAE,SAAS,eAAe,EAAE;aAC5E,CAAC;QACJ,CAAC;QAED,OAAO;YACL,EAAE,EAAE,IAAI;YACR,MAAM,EAAE,GAAG,CAAC,SAAS;YACrB,eAAe;YACf,aAAa;SACd,CAAC;IACJ,CAAC;IAED,OAAO;QACL,EAAE,EAAE,KAAK;QACT,MAAM,EAAE,iBAAiB;QACzB,MAAM,EAAE,WAAW,UAAU,CAAC,MAAM,oBAAoB,aAAa,kBAAkB,wBAAwB,QAAQ;KACxH,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,WAA0C,EAC1C,aAAqB,EACrB,UAAsC,EAAE;IAExC,OAAO,wBAAwB,CAAC,aAAa,EAAE,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5E,CAAC"}

package/dist/transparency-anchor.d.ts

@@ -0,0 +1,86 @@
+/**
+ * Trust-anchor discovery from `/.well-known/motebit-transparency.json`.
+ *
+ * The operator-transparency declaration (`docs/doctrine/operator-transparency.md`)
+ * is a self-signed JSON artifact: the relay's Ed25519 public key is
+ * embedded inside the signed payload, and the payload's signature verifies
+ * against that same key. Trust-on-first-use (TOFU): a verifier that does
+ * not yet know the relay's key fetches the declaration once, verifies its
+ * self-signature, and caches the key. From then on every state-export
+ * `X-Motebit-Content-Manifest` header is verified against the cached key
+ * offline — no further relay contact at verify time.
+ *
+ * Why this is sufficient (not circular):
+ * The declaration's signature commits the relay to the key it carries.
+ * An attacker who substitutes a different key must also re-sign the
+ * declaration; doing so produces a different declaration that any
+ * holder of a prior (signed) declaration can detect by comparing keys
+ * or by walking the onchain anchor chain once stage 2 ships. The
+ * disappearance test still applies: the declaration is durable across
+ * operator vanishings; the key it commits to remains the anchor.
+ *
+ * Doctrine: `docs/doctrine/operator-transparency.md`, `docs/doctrine/nist-alignment.md` §8.
+ */
+import type { SignedTransparencyDeclaration } from "@motebit/protocol";
+export type { SignedTransparencyDeclaration } from "@motebit/protocol";
+/**
+ * The pinned trust anchor — what a verifier carries forward after a
+ * successful TOFU bootstrap. Subsequent state-export manifests are
+ * checked against `relayPublicKey`.
+ */
+export interface TransparencyAnchor {
+    /** 32-byte Ed25519 public key — the canonical signer for this operator. */
+    readonly relayPublicKey: Uint8Array;
+    /** Hex form, for `motebit-verify --producer-key` pinning + log display. */
+    readonly relayPublicKeyHex: string;
+    /** Relay motebit ID from the declaration. */
+    readonly relayId: string;
+    /** ISO timestamp of the declaration. */
+    readonly declaredAt: number;
+}
+export interface FetchTransparencyAnchorOptions {
+    /**
+     * Override the default endpoint path. Production callers leave this
+     * unset; tests pass a fixture path. The default mirrors the
+     * well-known URI defined in `docs/doctrine/operator-transparency.md`.
+     */
+    readonly path?: string;
+    /**
+     * Inject the fetch implementation. Defaults to global `fetch`.
+     * Tests pass a mock; integrators with custom transport (auth proxy,
+     * tunneling) pass a wrapper.
+     */
+    readonly fetch?: typeof globalThis.fetch;
+    /** Abort signal for the network request. */
+    readonly signal?: AbortSignal;
+}
+/** Verification outcome with a structured failure reason for audit logging. */
+export type TransparencyAnchorResult = {
+    readonly ok: true;
+    readonly anchor: TransparencyAnchor;
+} | {
+    readonly ok: false;
+    readonly reason: TransparencyAnchorFailureReason;
+    readonly detail?: string;
+};
+export type TransparencyAnchorFailureReason = "fetch_failed" | "malformed_declaration" | "hash_mismatch" | "malformed_public_key" | "malformed_signature" | "signature_invalid" | "unsupported_suite";
+/**
+ * Fetch the operator-transparency declaration and verify its
+ * self-signature. Returns the pinned `TransparencyAnchor` on success,
+ * or a structured failure reason. Fail-closed — every rejection has a
+ * typed reason, no thrown exceptions for verification failures.
+ *
+ * The relay's identity key is embedded in the declaration as
+ * `relay_public_key` (hex) and the signature is over
+ * `canonicalJson({spec, declared_at, relay_id, relay_public_key, content})`.
+ * Verification recomputes the hash, then checks the signature against
+ * the declared key via `verifyBySuite`.
+ */
+export declare function fetchTransparencyAnchor(baseUrl: string, options?: FetchTransparencyAnchorOptions): Promise<TransparencyAnchorResult>;
+/**
+ * Verify an already-fetched signed transparency declaration. Exposed
+ * separately so a verifier with a cached declaration (e.g. captured
+ * to a file by an auditor) can re-verify without a network round-trip.
+ */
+export declare function verifyTransparencyDeclaration(declaration: SignedTransparencyDeclaration): Promise<TransparencyAnchorResult>;
+//# sourceMappingURL=transparency-anchor.d.ts.map

package/dist/transparency-anchor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transparency-anchor.d.ts","sourceRoot":"","sources":["../src/transparency-anchor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,mBAAmB,CAAC;AAMvE,YAAY,EAAE,6BAA6B,EAAE,MAAM,mBAAmB,CAAC;AAEvE;;;;GAIG;AACH,MAAM,WAAW,kBAAkB;IACjC,2EAA2E;IAC3E,QAAQ,CAAC,cAAc,EAAE,UAAU,CAAC;IACpC,2EAA2E;IAC3E,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,6CAA6C;IAC7C,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,wCAAwC;IACxC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,8BAA8B;IAC7C;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IACzC,4CAA4C;IAC5C,QAAQ,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC;CAC/B;AAED,+EAA+E;AAC/E,MAAM,MAAM,wBAAwB,GAChC;IAAE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC;IAAC,QAAQ,CAAC,MAAM,EAAE,kBAAkB,CAAA;CAAE,GAC1D;IACE,QAAQ,CAAC,EAAE,EAAE,KAAK,CAAC;IACnB,QAAQ,CAAC,MAAM,EAAE,+BAA+B,CAAC;IACjD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEN,MAAM,MAAM,+BAA+B,GACvC,cAAc,GACd,uBAAuB,GACvB,eAAe,GACf,sBAAsB,GACtB,qBAAqB,GACrB,mBAAmB,GACnB,mBAAmB,CAAC;AAExB;;;;;;;;;;;GAWG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,8BAAmC,GAC3C,OAAO,CAAC,wBAAwB,CAAC,CAyBnC;AAED;;;;GAIG;AACH,wBAAsB,6BAA6B,CACjD,WAAW,EAAE,6BAA6B,GACzC,OAAO,CAAC,wBAAwB,CAAC,CA8EnC"}

package/dist/transparency-anchor.js

@@ -0,0 +1,142 @@
+/**
+ * Trust-anchor discovery from `/.well-known/motebit-transparency.json`.
+ *
+ * The operator-transparency declaration (`docs/doctrine/operator-transparency.md`)
+ * is a self-signed JSON artifact: the relay's Ed25519 public key is
+ * embedded inside the signed payload, and the payload's signature verifies
+ * against that same key. Trust-on-first-use (TOFU): a verifier that does
+ * not yet know the relay's key fetches the declaration once, verifies its
+ * self-signature, and caches the key. From then on every state-export
+ * `X-Motebit-Content-Manifest` header is verified against the cached key
+ * offline — no further relay contact at verify time.
+ *
+ * Why this is sufficient (not circular):
+ * The declaration's signature commits the relay to the key it carries.
+ * An attacker who substitutes a different key must also re-sign the
+ * declaration; doing so produces a different declaration that any
+ * holder of a prior (signed) declaration can detect by comparing keys
+ * or by walking the onchain anchor chain once stage 2 ships. The
+ * disappearance test still applies: the declaration is durable across
+ * operator vanishings; the key it commits to remains the anchor.
+ *
+ * Doctrine: `docs/doctrine/operator-transparency.md`, `docs/doctrine/nist-alignment.md` §8.
+ */
+import { canonicalJson, hexToBytes, sha256, bytesToHex, verifyBySuite } from "@motebit/crypto";
+/**
+ * Fetch the operator-transparency declaration and verify its
+ * self-signature. Returns the pinned `TransparencyAnchor` on success,
+ * or a structured failure reason. Fail-closed — every rejection has a
+ * typed reason, no thrown exceptions for verification failures.
+ *
+ * The relay's identity key is embedded in the declaration as
+ * `relay_public_key` (hex) and the signature is over
+ * `canonicalJson({spec, declared_at, relay_id, relay_public_key, content})`.
+ * Verification recomputes the hash, then checks the signature against
+ * the declared key via `verifyBySuite`.
+ */
+export async function fetchTransparencyAnchor(baseUrl, options = {}) {
+    const path = options.path ?? "/.well-known/motebit-transparency.json";
+    const url = `${baseUrl.replace(/\/$/, "")}${path}`;
+    const fetchImpl = options.fetch ?? globalThis.fetch;
+    let declaration;
+    try {
+        const res = await fetchImpl(url, { signal: options.signal });
+        if (!res.ok) {
+            return {
+                ok: false,
+                reason: "fetch_failed",
+                detail: `HTTP ${res.status} ${res.statusText}`,
+            };
+        }
+        declaration = (await res.json());
+    }
+    catch (err) {
+        return {
+            ok: false,
+            reason: "fetch_failed",
+            detail: err instanceof Error ? err.message : String(err),
+        };
+    }
+    return verifyTransparencyDeclaration(declaration);
+}
+/**
+ * Verify an already-fetched signed transparency declaration. Exposed
+ * separately so a verifier with a cached declaration (e.g. captured
+ * to a file by an auditor) can re-verify without a network round-trip.
+ */
+export async function verifyTransparencyDeclaration(declaration) {
+    // Structural sanity — anything malformed past JSON.parse falls into
+    // `malformed_declaration` rather than the more specific reasons. A
+    // genuinely tampered declaration produces hash_mismatch or
+    // signature_invalid; a malformed-shape declaration is a producer
+    // bug or wire-protocol mismatch.
+    if (typeof declaration !== "object" ||
+        declaration === null ||
+        typeof declaration.relay_public_key !== "string" ||
+        typeof declaration.signature !== "string" ||
+        typeof declaration.hash !== "string" ||
+        typeof declaration.suite !== "string" ||
+        typeof declaration.relay_id !== "string" ||
+        typeof declaration.declared_at !== "number" ||
+        typeof declaration.spec !== "string") {
+        return { ok: false, reason: "malformed_declaration" };
+    }
+    // Recompute hash over the signed payload (everything except hash, suite, signature).
+    const payload = {
+        spec: declaration.spec,
+        declared_at: declaration.declared_at,
+        relay_id: declaration.relay_id,
+        relay_public_key: declaration.relay_public_key,
+        content: declaration.content,
+    };
+    const canonical = new TextEncoder().encode(canonicalJson(payload));
+    const computedHashBytes = await sha256(canonical);
+    const computedHash = bytesToHex(computedHashBytes);
+    if (computedHash !== declaration.hash) {
+        return { ok: false, reason: "hash_mismatch" };
+    }
+    // Decode the declared public key. Ed25519 = 32 bytes = 64 hex chars.
+    // Future PQ suites will need their own length validation per suite.
+    if (!/^[0-9a-fA-F]{64}$/.test(declaration.relay_public_key)) {
+        return { ok: false, reason: "malformed_public_key" };
+    }
+    let publicKey;
+    try {
+        publicKey = hexToBytes(declaration.relay_public_key);
+    }
+    catch {
+        return { ok: false, reason: "malformed_public_key" };
+    }
+    // Decode the signature (hex form for transparency declarations).
+    if (!/^[0-9a-fA-F]+$/.test(declaration.signature)) {
+        return { ok: false, reason: "malformed_signature" };
+    }
+    let sigBytes;
+    try {
+        sigBytes = hexToBytes(declaration.signature);
+    }
+    catch {
+        return { ok: false, reason: "malformed_signature" };
+    }
+    // Verify under the declared suite.
+    let valid;
+    try {
+        valid = await verifyBySuite(declaration.suite, canonical, sigBytes, publicKey);
+    }
+    catch {
+        return { ok: false, reason: "unsupported_suite" };
+    }
+    if (!valid) {
+        return { ok: false, reason: "signature_invalid" };
+    }
+    return {
+        ok: true,
+        anchor: {
+            relayPublicKey: publicKey,
+            relayPublicKeyHex: declaration.relay_public_key.toLowerCase(),
+            relayId: declaration.relay_id,
+            declaredAt: declaration.declared_at,
+        },
+    };
+}
+//# sourceMappingURL=transparency-anchor.js.map

package/dist/transparency-anchor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transparency-anchor.js","sourceRoot":"","sources":["../src/transparency-anchor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AA4D/F;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAe,EACf,UAA0C,EAAE;IAE5C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,wCAAwC,CAAC;IACtE,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC;IACnD,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IAEpD,IAAI,WAA0C,CAAC;IAC/C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,cAAc;gBACtB,MAAM,EAAE,QAAQ,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,UAAU,EAAE;aAC/C,CAAC;QACJ,CAAC;QACD,WAAW,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAkC,CAAC;IACpE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,cAAc;YACtB,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACzD,CAAC;IACJ,CAAC;IAED,OAAO,6BAA6B,CAAC,WAAW,CAAC,CAAC;AACpD,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,WAA0C;IAE1C,oEAAoE;IACpE,mEAAmE;IACnE,2DAA2D;IAC3D,iEAAiE;IACjE,iCAAiC;IACjC,IACE,OAAO,WAAW,KAAK,QAAQ;QAC/B,WAAW,KAAK,IAAI;QACpB,OAAO,WAAW,CAAC,gBAAgB,KAAK,QAAQ;QAChD,OAAO,WAAW,CAAC,SAAS,KAAK,QAAQ;QACzC,OAAO,WAAW,CAAC,IAAI,KAAK,QAAQ;QACpC,OAAO,WAAW,CAAC,KAAK,KAAK,QAAQ;QACrC,OAAO,WAAW,CAAC,QAAQ,KAAK,QAAQ;QACxC,OAAO,WAAW,CAAC,WAAW,KAAK,QAAQ;QAC3C,OAAO,WAAW,CAAC,IAAI,KAAK,QAAQ,EACpC,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;IACxD,CAAC;IAED,qFAAqF;IACrF,MAAM,OAAO,GAAG;QACd,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,QAAQ,EAAE,WAAW,CAAC,QAAQ;QAC9B,gBAAgB,EAAE,WAAW,CAAC,gBAAgB;QAC9C,OAAO,EAAE,WAAW,CAAC,OAAO;KAC7B,CAAC;IACF,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;IACnE,MAAM,iBAAiB,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,UAAU,CAAC,iBAAiB,CAAC,CAAC;IACnD,IAAI,YAAY,KAAK,WAAW,CAAC,IAAI,EAAE,CAAC;QACtC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAChD,CAAC;IAED,qEAAqE;IACrE,oEAAoE;IACpE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC5D,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACvD,CAAC;IACD,IAAI,SAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,SAAS,GAAG,UAAU,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACvD,CAAC;IAED,iEAAiE;IACjE,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;QAClD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACtD,CAAC;IACD,IAAI,QAAoB,CAAC;IACzB,IAAI,CAAC;QACH,QAAQ,GAAG,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACtD,CAAC;IAED,mCAAmC;IACnC,IAAI,KAAc,CAAC;IACnB,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACjF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACpD,CAAC;IACD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACpD,CAAC;IAED,OAAO;QACL,EAAE,EAAE,IAAI;QACR,MAAM,EAAE;YACN,cAAc,EAAE,SAAS;YACzB,iBAAiB,EAAE,WAAW,CAAC,gBAAgB,CAAC,WAAW,EAAE;YAC7D,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,UAAU,EAAE,WAAW,CAAC,WAAW;SACpC;KACF,CAAC;AACJ,CAAC"}