@motebit/state-export-client 0.4.1 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"receipt-document.d.ts","sourceRoot":"","sources":["../src/receipt-document.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,
|
|
1
|
+
{"version":3,"file":"receipt-document.d.ts","sourceRoot":"","sources":["../src/receipt-document.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EAKL,KAAK,yBAAyB,EAC9B,KAAK,mBAAmB,EACzB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAA2B,KAAK,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AACjG,OAAO,EAAuB,KAAK,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAE3F;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,oBAAoB,GAC5B,SAAS,GACT,WAAW,GACX,UAAU,GACV,QAAQ,GACR,gBAAgB,GAChB,YAAY,CAAC;AAEjB,MAAM,MAAM,4BAA4B,GACpC,gBAAgB,GAChB,eAAe,GACf,oBAAoB,GACpB,mBAAmB,GACnB,mBAAmB,GACnB,SAAS,CAAC;AAEd,kFAAkF;AAClF,MAAM,WAAW,2BAA2B;IAC1C;;;OAGG;IACH,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B;;;;;;;OAOG;IACH,QAAQ,CAAC,OAAO,EAAE,oBAAoB,CAAC;IACvC,+EAA+E;IAC/E,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,4EAA4E;IAC5E,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,sEAAsE;IACtE,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,sFAAsF;IACtF,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,wEAAwE;IACxE,QAAQ,CAAC,WAAW,CAAC,EAAE,2BAA2B,EAAE,CAAC;IACrD,sDAAsD;IACtD,QAAQ,CAAC,MAAM,CAAC,EAAE,4BAA4B,CAAC;IAC/C,wDAAwD;IACxD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AA8DD;;;;;;GAMG;AACH,MAAM,WAAW,oBAAoB;IACnC,oFAAoF;IACpF,QAAQ,CAAC,KAAK,EAAE,yBAAyB,CAAC;IAC1C,4DAA4D;IAC5D,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,4DAA4D;IAC5D,QAAQ,CAAC,MAAM,CAAC,EAAE,2BAA2B,CAAC;CAC/C;AAED,MAAM,WAAW,4BAA4B;IAC3C;;;;;;;OAOG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,mBAAmB,CAAC;IACxC;;;;;;OAMG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,oBAAoB,CAAC;IACvC;;;;;;;OAOG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE;QACpB,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;QACpC,QAAQ,CAAC,MAAM,CAAC,EAAE,0BAA0B,CAAC;KAC9C,CAAC;CACH;AAoED;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,4BAA4B,GACrC,OAAO,CAAC,2BAA2B,CAAC,CAiEtC"}
|
package/dist/receipt-document.js
CHANGED
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
*
|
|
26
26
|
* Doctrine: `docs/doctrine/self-attesting-system.md`, `docs/doctrine/operator-transparency.md`.
|
|
27
27
|
*/
|
|
28
|
-
import { verifyReceipt, verifyKeyBindingAtTime, verifyIdentityBindingAnchored, } from "@motebit/crypto";
|
|
28
|
+
import { verifyReceipt, verifyKeyBindingAtTime, verifyIdentityBindingAnchored, verifySovereignBinding, } from "@motebit/crypto";
|
|
29
29
|
import { lookupIdentityLogAnchor } from "./identity-anchor.js";
|
|
30
30
|
import { lookupKeyRevocation } from "./key-revocation.js";
|
|
31
31
|
/**
|
|
@@ -168,6 +168,20 @@ export async function verifyReceiptDocument(jsonText, options) {
|
|
|
168
168
|
return { ...view, binding: "revoked", revokedAt: rev.revokedAt };
|
|
169
169
|
}
|
|
170
170
|
}
|
|
171
|
+
// Receipt-alone sovereign — the strongest root, fully offline, needs NO
|
|
172
|
+
// identity file or relay: the `motebit_id` is itself the commitment to the
|
|
173
|
+
// receipt's signing key. Matches @motebit/verifier's offline `sovereign`
|
|
174
|
+
// rung (same `verifySovereignBinding` primitive), so the two surfaces agree
|
|
175
|
+
// on the rung, not just on integrity (locked by check-receipt-conformance).
|
|
176
|
+
// Checked after revocation (a revoked key must not bind) and before the
|
|
177
|
+
// identity/anchor ladder (sovereign is the top rung — supplying anchor
|
|
178
|
+
// material must never downgrade it). Rotated-key receipts fail this and fall
|
|
179
|
+
// through to the identity-file succession path below.
|
|
180
|
+
if (typeof parsed.public_key === "string") {
|
|
181
|
+
const receiptAloneSovereign = await verifySovereignBinding(String(parsed.motebit_id), parsed.public_key);
|
|
182
|
+
if (receiptAloneSovereign)
|
|
183
|
+
return { ...view, binding: "sovereign" };
|
|
184
|
+
}
|
|
171
185
|
if (options?.identity) {
|
|
172
186
|
// Sovereign is the strongest root AND fully offline — check it first; a
|
|
173
187
|
// sovereign motebit needs no operator anchor at all.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"receipt-document.js","sourceRoot":"","sources":["../src/receipt-document.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,6BAA6B,
|
|
1
|
+
{"version":3,"file":"receipt-document.js","sourceRoot":"","sources":["../src/receipt-document.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,GAGvB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,uBAAuB,EAAoC,MAAM,sBAAsB,CAAC;AACjG,OAAO,EAAE,mBAAmB,EAAmC,MAAM,qBAAqB,CAAC;AAmE3F;;;;GAIG;AACH,SAAS,uBAAuB,CAAC,KAAc;IAC7C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAC9D,MAAM,CAAC,GAAG,KAAgC,CAAC;IAC3C,OAAO,CACL,OAAO,CAAC,CAAC,YAAY,CAAC,KAAK,QAAQ;QACnC,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,QAAQ;QAChC,OAAO,CAAC,CAAC,WAAW,CAAC,KAAK,QAAQ;QAClC,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAC/B,CAAC;AACJ,CAAC;AAID,SAAS,MAAM,CAAC,MAA2B;IACzC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IACjC,MAAM,IAAI,GASN;QACF,SAAS,EAAE,MAAM,CAAC,KAAK;QACvB,0EAA0E;QAC1E,8EAA8E;QAC9E,6EAA6E;QAC7E,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,YAAY;KACxD,CAAC;IACF,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS;QAAE,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;IAChE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;IACvC,CAAC;IACD,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxD,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,EAAE,CAAC;YACnE,IAAI,CAAC,MAAM,GAAG,oBAAoB,CAAC;QACrC,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC,EAAE,CAAC;YAC9D,IAAI,CAAC,MAAM,GAAG,mBAAmB,CAAC;QACpC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,IAAI,CAAC,MAAM,GAAG,mBAAmB,CAAC;QACpC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QAC1B,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC;QAChC,IAAI,MAAM,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACjD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAkDD;;;;;;GAMG;AACH,KAAK,UAAU,aAAa,CAC1B,OAAyB,EACzB,QAA6B;IAE7B,IAAI,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5E,MAAM,CAAC,GAAG,MAAM,sBAAsB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAC3F,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;AACnC,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,gBAAgB,CAC7B,OAAyB,EACzB,QAA6B;IAE7B,IAAI,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5E,MAAM,CAAC,GAAG,MAAM,sBAAsB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAC3F,OAAO,CAAC,CAAC,KAAK,KAAK,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;AACvE,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,eAAe,CAC5B,OAAyB,EACzB,QAA6B,EAC7B,MAA4B;IAE5B,IAAI,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5E,MAAM,KAAK,GAAG,MAAM,6BAA6B,CAC/C,QAAQ,EACR,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,YAAY,EACpB,MAAM,CAAC,KAAK,CACb,CAAC;IACF,IAAI,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAC9B,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAC3C,MAAM,CAAC,kBAAkB,EACzB,MAAM,CAAC,KAAK,CAAC,YAAY,EACzB,MAAM,CAAC,MAAM,CACd,CAAC;IACF,OAAO,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACxD,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,QAAgB,EAChB,OAAsC;IAEtC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,OAAO,EAAE,YAAY;YACrB,MAAM,EAAE,gBAAgB;YACxB,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACzD,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC,EAAE,CAAC;QACrC,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,OAAO,EAAE,YAAY;YACrB,MAAM,EAAE,eAAe;YACvB,MAAM,EAAE,qFAAqF;SAC9F,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;IACjD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,8EAA8E;QAC9E,8EAA8E;QAC9E,6BAA6B;QAC7B,IAAI,OAAO,EAAE,UAAU,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YACjE,MAAM,GAAG,GAAG,MAAM,mBAAmB,CACnC,OAAO,CAAC,UAAU,CAAC,kBAAkB,EACrC,MAAM,CAAC,UAAU,EACjB,OAAO,CAAC,UAAU,CAAC,MAAM,CAC1B,CAAC;YACF,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,IAAI,GAAG,CAAC,SAAS,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACrE,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC;YACnE,CAAC;QACH,CAAC;QACD,wEAAwE;QACxE,2EAA2E;QAC3E,yEAAyE;QACzE,4EAA4E;QAC5E,4EAA4E;QAC5E,wEAAwE;QACxE,uEAAuE;QACvE,6EAA6E;QAC7E,sDAAsD;QACtD,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,qBAAqB,GAAG,MAAM,sBAAsB,CACxD,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EACzB,MAAM,CAAC,UAAU,CAClB,CAAC;YACF,IAAI,qBAAqB;gBAAE,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;QACtE,CAAC;QACD,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,wEAAwE;YACxE,qDAAqD;YACrD,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnE,IAAI,SAAS;gBAAE,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YACtD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;gBACjF,IAAI,QAAQ;oBAAE,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC;YACvF,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC7D,IAAI,MAAM;gBAAE,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;QAClD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@motebit/state-export-client",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.5.0",
|
|
4
4
|
"description": "Browser-safe client for verified motebit state-export reads. Wraps fetch with X-Motebit-Content-Manifest verification + Trust-On-First-Use bootstrap from /.well-known/motebit-transparency.json. Apache-2.0; consumes @motebit/crypto + @motebit/protocol only.",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -35,8 +35,8 @@
|
|
|
35
35
|
"operator-transparency"
|
|
36
36
|
],
|
|
37
37
|
"dependencies": {
|
|
38
|
-
"@motebit/crypto": "3.0
|
|
39
|
-
"@motebit/protocol": "3.
|
|
38
|
+
"@motebit/crypto": "3.1.0",
|
|
39
|
+
"@motebit/protocol": "3.1.0"
|
|
40
40
|
},
|
|
41
41
|
"devDependencies": {
|
|
42
42
|
"@types/node": "^22.0.0",
|