@motebit/state-export-client 0.2.0

package/dist/verified-fetch.d.ts

@@ -0,0 +1,105 @@
+/**
+ * Verified-fetch wrapper for motebit state-export endpoints.
+ *
+ * Every `app.get(...)` in `services/relay/src/state-export.ts` emits an
+ * outer `ContentArtifactManifest` in the `X-Motebit-Content-Manifest`
+ * HTTP header (signed by the relay's identity). This module wraps
+ * `fetch` to verify the manifest against the response body bytes on
+ * every call, optionally pinning the producer key against a trust
+ * anchor obtained from `fetchTransparencyAnchor`.
+ *
+ * The consumer-side primitive that turns producer-side signing into
+ * an operational invariant: an operator who silently degrades their
+ * own signing breaks their own dashboard. Doctrine:
+ * `docs/doctrine/nist-alignment.md` §8, `docs/doctrine/self-attesting-system.md`.
+ */
+import type { ContentArtifactType } from "@motebit/protocol";
+import type { TransparencyAnchor } from "./transparency-anchor.js";
+/** HTTP header carrying the relay-signed content-artifact manifest. */
+export declare const MANIFEST_HEADER = "X-Motebit-Content-Manifest";
+/** Verification outcome accompanying every state-export response body. */
+export type StateExportVerification = {
+    readonly valid: true;
+    readonly producerPublicKeyHex: string;
+    readonly producerDid: string;
+    readonly artifactType: ContentArtifactType;
+    readonly claimGenerator: string;
+    readonly producedAt: string;
+    readonly contentHash: string;
+} | {
+    readonly valid: false;
+    readonly reason: StateExportVerificationFailureReason;
+    readonly detail?: string;
+};
+export type StateExportVerificationFailureReason = "manifest_header_missing" | "malformed_manifest_header" | "content_hash_mismatch" | "signature_invalid" | "malformed_public_key" | "malformed_signature" | "unsupported_suite" | "producer_key_mismatch";
+export interface VerifiedStateExportResponse<T> {
+    /**
+     * Parsed JSON body — present only when verification succeeded.
+     * `null` on verification failure: callers MUST check
+     * `verification.valid` before consuming the body. Never render
+     * unverified state.
+     */
+    readonly body: T | null;
+    /** Raw bytes the verifier hashed. Exposed so callers that need byte-level access (audit, hashing, re-serialization) don't double-fetch. */
+    readonly bodyBytes: Uint8Array;
+    /** Structured verification result. Callers branch on `valid` for UI status and `reason` for audit logging. */
+    readonly verification: StateExportVerification;
+}
+export interface VerifiedFetchOptions {
+    /**
+     * Trust anchor obtained from `fetchTransparencyAnchor`. When set,
+     * the verifier rejects with `producer_key_mismatch` if the manifest's
+     * declared producer key does not match the pinned hex value.
+     *
+     * Omitting the anchor still verifies the manifest's self-consistency
+     * (content_hash + signature against the declared key) — but a verifier
+     * with no pin trusts the declared key. Production callers SHOULD
+     * always pass an anchor.
+     */
+    readonly anchor?: TransparencyAnchor;
+    /**
+     * Inject the fetch implementation. Defaults to global `fetch`. Tests
+     * pass a mock; integrators with auth-proxy or tunneling transports
+     * pass a wrapper.
+     */
+    readonly fetch?: typeof globalThis.fetch;
+    /** Forwarded to the underlying fetch call. */
+    readonly init?: RequestInit;
+}
+/**
+ * Fetch a state-export endpoint and verify its content-artifact
+ * manifest against the response body bytes. Returns the parsed body,
+ * the raw bytes, and a typed verification result.
+ *
+ * The verifier reads `X-Motebit-Content-Manifest` from the response,
+ * decodes the base64url-encoded canonical-JSON manifest, recomputes
+ * SHA-256 over the body bytes, and verifies the signature against the
+ * manifest's declared producer key. With `anchor` set, also enforces
+ * a byte-equal match between the declared key and the pinned key.
+ *
+ * Non-2xx HTTP responses throw — the verifier does not attempt to
+ * verify error bodies. A 5xx response from the relay is a service
+ * outage, not a signing failure; let the caller's catch handle it.
+ */
+export declare function verifiedStateExportFetch<T>(url: string, options?: VerifiedFetchOptions): Promise<VerifiedStateExportResponse<T>>;
+/**
+ * Pure-function verifier: decode the header value, parse the manifest,
+ * verify against the body bytes, optionally enforce the producer-key
+ * pin. Exposed so tests + audit tooling can replay a captured response
+ * without a fresh HTTP round-trip.
+ */
+export declare function verifyManifestAgainstBytes(headerValue: string | null, bodyBytes: Uint8Array, anchor?: TransparencyAnchor): Promise<StateExportVerification>;
+/**
+ * Thrown when the underlying HTTP fetch returns non-2xx. The verifier
+ * does not attempt to verify error bodies — the relay's error
+ * envelope is unsigned by design (signing 5xx pages would be
+ * misleading provenance for a service outage).
+ */
+export declare class StateExportFetchError extends Error {
+    readonly status: number;
+    readonly statusText: string;
+    readonly body: string;
+    readonly url: string;
+    constructor(status: number, statusText: string, body: string, url: string);
+}
+//# sourceMappingURL=verified-fetch.d.ts.map

package/dist/verified-fetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verified-fetch.d.ts","sourceRoot":"","sources":["../src/verified-fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAE7D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAEnE,uEAAuE;AACvE,eAAO,MAAM,eAAe,+BAA+B,CAAC;AAE5D,0EAA0E;AAC1E,MAAM,MAAM,uBAAuB,GAC/B;IACE,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC;IACrB,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,mBAAmB,CAAC;IAC3C,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B,GACD;IACE,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oCAAoC,CAAC;IACtD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEN,MAAM,MAAM,oCAAoC,GAC5C,yBAAyB,GACzB,2BAA2B,GAC3B,uBAAuB,GACvB,mBAAmB,GACnB,sBAAsB,GACtB,qBAAqB,GACrB,mBAAmB,GACnB,uBAAuB,CAAC;AAE5B,MAAM,WAAW,2BAA2B,CAAC,CAAC;IAC5C;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;IACxB,2IAA2I;IAC3I,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;IAC/B,8GAA8G;IAC9G,QAAQ,CAAC,YAAY,EAAE,uBAAuB,CAAC;CAChD;AAED,MAAM,WAAW,oBAAoB;IACnC;;;;;;;;;OASG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IACzC,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC;CAC7B;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,wBAAwB,CAAC,CAAC,EAC9C,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,oBAAyB,GACjC,OAAO,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CA6CzC;AAED;;;;;GAKG;AACH,wBAAsB,0BAA0B,CAC9C,WAAW,EAAE,MAAM,GAAG,IAAI,EAC1B,SAAS,EAAE,UAAU,EACrB,MAAM,CAAC,EAAE,kBAAkB,GAC1B,OAAO,CAAC,uBAAuB,CAAC,CAoDlC;AAED;;;;;GAKG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;aAE5B,MAAM,EAAE,MAAM;aACd,UAAU,EAAE,MAAM;aAClB,IAAI,EAAE,MAAM;aACZ,GAAG,EAAE,MAAM;gBAHX,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,MAAM;CAK9B"}

package/dist/verified-fetch.js

@@ -0,0 +1,164 @@
+/**
+ * Verified-fetch wrapper for motebit state-export endpoints.
+ *
+ * Every `app.get(...)` in `services/relay/src/state-export.ts` emits an
+ * outer `ContentArtifactManifest` in the `X-Motebit-Content-Manifest`
+ * HTTP header (signed by the relay's identity). This module wraps
+ * `fetch` to verify the manifest against the response body bytes on
+ * every call, optionally pinning the producer key against a trust
+ * anchor obtained from `fetchTransparencyAnchor`.
+ *
+ * The consumer-side primitive that turns producer-side signing into
+ * an operational invariant: an operator who silently degrades their
+ * own signing breaks their own dashboard. Doctrine:
+ * `docs/doctrine/nist-alignment.md` §8, `docs/doctrine/self-attesting-system.md`.
+ */
+import { verifyContentArtifact } from "@motebit/crypto";
+/** HTTP header carrying the relay-signed content-artifact manifest. */
+export const MANIFEST_HEADER = "X-Motebit-Content-Manifest";
+/**
+ * Fetch a state-export endpoint and verify its content-artifact
+ * manifest against the response body bytes. Returns the parsed body,
+ * the raw bytes, and a typed verification result.
+ *
+ * The verifier reads `X-Motebit-Content-Manifest` from the response,
+ * decodes the base64url-encoded canonical-JSON manifest, recomputes
+ * SHA-256 over the body bytes, and verifies the signature against the
+ * manifest's declared producer key. With `anchor` set, also enforces
+ * a byte-equal match between the declared key and the pinned key.
+ *
+ * Non-2xx HTTP responses throw — the verifier does not attempt to
+ * verify error bodies. A 5xx response from the relay is a service
+ * outage, not a signing failure; let the caller's catch handle it.
+ */
+export async function verifiedStateExportFetch(url, options = {}) {
+    const fetchImpl = options.fetch ?? globalThis.fetch;
+    const res = await fetchImpl(url, options.init);
+    if (!res.ok) {
+        const body = await res.text().catch(() => "");
+        throw new StateExportFetchError(res.status, res.statusText, body, url);
+    }
+    // Read body bytes once — JSON.parse runs over a UTF-8 decode of the
+    // same bytes the verifier hashes. ArrayBuffer keeps both views safe.
+    const arrayBuffer = await res.arrayBuffer();
+    const bodyBytes = new Uint8Array(arrayBuffer);
+    // Verify BEFORE JSON-parse: a tampered body can corrupt JSON
+    // structure, which would mask the typed crypto reason
+    // (`content_hash_mismatch`) behind a generic parse error. Running
+    // verification first preserves the structured failure reason for
+    // audit logging even when the bytes are wholly garbage.
+    const headerValue = res.headers.get(MANIFEST_HEADER);
+    const verification = await verifyManifestAgainstBytes(headerValue, bodyBytes, options.anchor);
+    // JSON parsing only meaningful when the bytes are what the producer
+    // signed. On verification failure, `body` is null — callers MUST
+    // check `verification.valid` before rendering; the discriminated
+    // union below makes that compile-time enforceable.
+    let body = null;
+    if (verification.valid) {
+        const bodyText = new TextDecoder().decode(bodyBytes);
+        try {
+            body = JSON.parse(bodyText);
+        }
+        catch (err) {
+            // Verified bytes that don't parse as JSON are a producer bug —
+            // the manifest swore these bytes are the export, but they aren't
+            // valid JSON. Surface as a thrown error rather than mixing
+            // crypto-valid + parse-failed into the same return shape.
+            throw new StateExportFetchError(200, "verified body is not valid JSON", err instanceof Error ? err.message : String(err), url);
+        }
+    }
+    return { body, bodyBytes, verification };
+}
+/**
+ * Pure-function verifier: decode the header value, parse the manifest,
+ * verify against the body bytes, optionally enforce the producer-key
+ * pin. Exposed so tests + audit tooling can replay a captured response
+ * without a fresh HTTP round-trip.
+ */
+export async function verifyManifestAgainstBytes(headerValue, bodyBytes, anchor) {
+    if (headerValue == null || headerValue === "") {
+        return { valid: false, reason: "manifest_header_missing" };
+    }
+    let manifest;
+    try {
+        const manifestBytes = base64UrlDecode(headerValue);
+        const manifestJson = new TextDecoder().decode(manifestBytes);
+        manifest = JSON.parse(manifestJson);
+    }
+    catch (err) {
+        return {
+            valid: false,
+            reason: "malformed_manifest_header",
+            detail: err instanceof Error ? err.message : String(err),
+        };
+    }
+    // Producer-key pin runs BEFORE the crypto check — a key-mismatch
+    // rejection is cheaper and more informative than a generic
+    // signature_invalid when the verifier knows the expected signer.
+    if (anchor !== undefined) {
+        const declared = manifest.producer_public_key.toLowerCase();
+        if (declared !== anchor.relayPublicKeyHex) {
+            return {
+                valid: false,
+                reason: "producer_key_mismatch",
+                detail: `expected ${anchor.relayPublicKeyHex}, got ${declared}`,
+            };
+        }
+    }
+    const result = await verifyContentArtifact(manifest, bodyBytes);
+    if (!result.valid) {
+        // Map primitive reasons into the consumer-facing failure union.
+        // Both unions share most variants verbatim; the consumer-facing
+        // one adds the header- and key-pin-specific reasons above.
+        return {
+            valid: false,
+            reason: result.reason,
+        };
+    }
+    return {
+        valid: true,
+        producerPublicKeyHex: manifest.producer_public_key.toLowerCase(),
+        producerDid: manifest.producer,
+        artifactType: manifest.artifact_type,
+        claimGenerator: manifest.claim_generator,
+        producedAt: manifest.produced_at,
+        contentHash: manifest.content_hash,
+    };
+}
+/**
+ * Thrown when the underlying HTTP fetch returns non-2xx. The verifier
+ * does not attempt to verify error bodies — the relay's error
+ * envelope is unsigned by design (signing 5xx pages would be
+ * misleading provenance for a service outage).
+ */
+export class StateExportFetchError extends Error {
+    status;
+    statusText;
+    body;
+    url;
+    constructor(status, statusText, body, url) {
+        super(`state-export fetch ${url} → ${status} ${statusText}`);
+        this.status = status;
+        this.statusText = statusText;
+        this.body = body;
+        this.url = url;
+        this.name = "StateExportFetchError";
+    }
+}
+/**
+ * Inline base64url decoder — avoids pulling Buffer (Node-only) or a
+ * new dependency. Browsers + Node 20+ have `atob`, but `atob` rejects
+ * base64url; we normalize to standard base64 first.
+ */
+function base64UrlDecode(input) {
+    const normalized = input.replace(/-/g, "+").replace(/_/g, "/");
+    // atob requires padded base64. Compute padding from length mod 4.
+    const padded = normalized + "=".repeat((4 - (normalized.length % 4)) % 4);
+    const binary = atob(padded);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+//# sourceMappingURL=verified-fetch.js.map

package/dist/verified-fetch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verified-fetch.js","sourceRoot":"","sources":["../src/verified-fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAKxD,uEAAuE;AACvE,MAAM,CAAC,MAAM,eAAe,GAAG,4BAA4B,CAAC;AAiE5D;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,GAAW,EACX,UAAgC,EAAE;IAElC,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IACpD,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,MAAM,IAAI,qBAAqB,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;IACzE,CAAC;IAED,oEAAoE;IACpE,qEAAqE;IACrE,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC;IAE9C,6DAA6D;IAC7D,sDAAsD;IACtD,kEAAkE;IAClE,iEAAiE;IACjE,wDAAwD;IACxD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,MAAM,0BAA0B,CAAC,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IAE9F,oEAAoE;IACpE,iEAAiE;IACjE,iEAAiE;IACjE,mDAAmD;IACnD,IAAI,IAAI,GAAa,IAAI,CAAC;IAC1B,IAAI,YAAY,CAAC,KAAK,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACrD,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAM,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,+DAA+D;YAC/D,iEAAiE;YACjE,2DAA2D;YAC3D,0DAA0D;YAC1D,MAAM,IAAI,qBAAqB,CAC7B,GAAG,EACH,iCAAiC,EACjC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAChD,GAAG,CACJ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;AAC3C,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,WAA0B,EAC1B,SAAqB,EACrB,MAA2B;IAE3B,IAAI,WAAW,IAAI,IAAI,IAAI,WAAW,KAAK,EAAE,EAAE,CAAC;QAC9C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IAC7D,CAAC;IAED,IAAI,QAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;QACnD,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAC7D,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAA4B,CAAC;IACjE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,2BAA2B;YACnC,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACzD,CAAC;IACJ,CAAC;IAED,iEAAiE;IACjE,2DAA2D;IAC3D,iEAAiE;IACjE,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,QAAQ,CAAC,mBAAmB,CAAC,WAAW,EAAE,CAAC;QAC5D,IAAI,QAAQ,KAAK,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAC1C,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,uBAAuB;gBAC/B,MAAM,EAAE,YAAY,MAAM,CAAC,iBAAiB,SAAS,QAAQ,EAAE;aAChE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAChE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,gEAAgE;QAChE,gEAAgE;QAChE,2DAA2D;QAC3D,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,MAAM,CAAC,MAA8C;SAC9D,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,oBAAoB,EAAE,QAAQ,CAAC,mBAAmB,CAAC,WAAW,EAAE;QAChE,WAAW,EAAE,QAAQ,CAAC,QAAQ;QAC9B,YAAY,EAAE,QAAQ,CAAC,aAAa;QACpC,cAAc,EAAE,QAAQ,CAAC,eAAe;QACxC,UAAU,EAAE,QAAQ,CAAC,WAAW;QAChC,WAAW,EAAE,QAAQ,CAAC,YAAY;KACnC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAE5B;IACA;IACA;IACA;IAJlB,YACkB,MAAc,EACd,UAAkB,EAClB,IAAY,EACZ,GAAW;QAE3B,KAAK,CAAC,sBAAsB,GAAG,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC,CAAC;QAL7C,WAAM,GAAN,MAAM,CAAQ;QACd,eAAU,GAAV,UAAU,CAAQ;QAClB,SAAI,GAAJ,IAAI,CAAQ;QACZ,QAAG,GAAH,GAAG,CAAQ;QAG3B,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;;;GAIG;AACH,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC/D,kEAAkE;IAClE,MAAM,MAAM,GAAG,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1E,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "@motebit/state-export-client",
+  "version": "0.2.0",
+  "description": "Browser-safe client for verified motebit state-export reads. Wraps fetch with X-Motebit-Content-Manifest verification + Trust-On-First-Use bootstrap from /.well-known/motebit-transparency.json. Apache-2.0; consumes @motebit/crypto + @motebit/protocol only.",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/motebit/motebit",
+    "directory": "packages/state-export-client"
+  },
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist/**/*.js",
+    "dist/**/*.js.map",
+    "dist/**/*.d.ts",
+    "dist/**/*.d.ts.map",
+    "LICENSE",
+    "NOTICE",
+    "README.md"
+  ],
+  "sideEffects": false,
+  "license": "Apache-2.0",
+  "keywords": [
+    "motebit",
+    "verification",
+    "self-attesting",
+    "content-provenance",
+    "operator-transparency"
+  ],
+  "dependencies": {
+    "@motebit/crypto": "1.3.0",
+    "@motebit/protocol": "1.3.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "typescript": "^5.6.0",
+    "vitest": "^2.1.0"
+  },
+  "scripts": {
+    "build": "tsc -b",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint --parser-options=project:tsconfig.eslint.json src/",
+    "clean": "rm -rf dist .turbo *.tsbuildinfo"
+  }
+}