@naughtbot/sdk 0.0.1

package/dist/captcha.js

@@ -0,0 +1,264 @@
+/**
+ * Core captcha session logic.
+ *
+ * Handles ephemeral key generation, QR code URL creation, relay polling,
+ * E2E encrypted challenge/response exchange, and SAS computation.
+ */
+import { generateKeyPair, deriveRequestKey, deriveResponseKey, encrypt, decrypt, requestIdToBytes, } from "@ackagent/web-sdk";
+import { base64urlEncode } from "@ackagent/web-sdk";
+import { computeSAS } from "@ackagent/web-sdk";
+import { DEFAULT_TIMEOUT_MS, DEFAULT_LOGIN_URL } from "./types.js";
+/** Polling interval for checking phone connection (ms) */
+const POLL_INTERVAL_MS = 1_500;
+/** Create a new captcha session */
+export async function createSession(options) {
+    const { nonce, relayUrl, loginUrl = DEFAULT_LOGIN_URL, timeoutMs = DEFAULT_TIMEOUT_MS, debug = false, } = options;
+    if (!relayUrl) {
+        throw new Error("relayUrl is required for QR mode");
+    }
+    const log = debug ? (...args) => console.debug("[NaughtBot]", ...args) : () => { };
+    // Generate ephemeral P-256 key pair (not persisted)
+    const ephemeralKeyPair = await generateKeyPair();
+    let currentState = "initializing";
+    let currentSas = null;
+    let cancelled = false;
+    const stateCallbacks = [];
+    function setState(newState, sas) {
+        currentState = newState;
+        if (sas !== undefined) {
+            currentSas = sas;
+        }
+        for (const cb of stateCallbacks) {
+            cb(currentState, currentSas);
+        }
+    }
+    // Create session on relay — server generates session ID
+    const sessionResult = await createRelaySession(relayUrl, ephemeralKeyPair.publicKey, log);
+    if (!sessionResult) {
+        setState("error");
+        throw new Error("Failed to create captcha session on relay");
+    }
+    const sessionId = sessionResult.sessionId;
+    const requestIdBytes = requestIdToBytes(sessionId);
+    log("Session created:", sessionId);
+    // Build QR code URL using server-returned session ID
+    const publicKeyB64 = base64urlEncode(ephemeralKeyPair.publicKey);
+    const qrCodeUrl = `${loginUrl}/link/captcha?sid=${sessionId}&pk=${publicKeyB64}`;
+    log("QR URL:", qrCodeUrl);
+    setState("waiting_for_scan");
+    const session = {
+        get sessionId() {
+            return sessionId;
+        },
+        get qrCodeUrl() {
+            return qrCodeUrl;
+        },
+        get state() {
+            return currentState;
+        },
+        get sas() {
+            return currentSas;
+        },
+        async waitForResult() {
+            const domain = typeof window !== "undefined" ? window.location.hostname : "unknown";
+            const deadline = Date.now() + timeoutMs;
+            // Phase 1: Poll for phone connection (phone posts its ephemeral public key)
+            const phonePublicKey = await pollForPhoneConnection(relayUrl, sessionId, deadline, () => cancelled, log);
+            if (cancelled)
+                throw new Error("Session cancelled");
+            setState("phone_connected");
+            // Compute SAS from both public keys
+            const approverKey = {
+                encryptionPublicKeyHex: hexEncode(phonePublicKey),
+                publicKey: phonePublicKey,
+            };
+            const sasResult = computeSAS(ephemeralKeyPair.publicKey, [approverKey]);
+            setState("sas_verification", sasResult);
+            log("SAS:", sasResult.wordString);
+            // Phase 1.5: Wait for phone to confirm SAS match (relay-mediated)
+            await pollForSASConfirmation(relayUrl, sessionId, deadline, () => cancelled, log);
+            if (cancelled)
+                throw new Error("Session cancelled");
+            // Phase 2: Send encrypted captcha challenge
+            const challenge = {
+                type: "captcha",
+                domain,
+                nonce,
+                timestamp: Date.now(),
+            };
+            const challengeBytes = new TextEncoder().encode(JSON.stringify(challenge));
+            const requestKey = await deriveRequestKey(ephemeralKeyPair.privateKey, phonePublicKey, requestIdBytes);
+            const { ciphertext, nonce: encNonce } = encrypt(requestKey, challengeBytes, requestIdBytes);
+            await postEncryptedChallenge(relayUrl, sessionId, ciphertext, encNonce, log);
+            setState("verifying");
+            // Phase 3: Poll for encrypted response
+            const encryptedResponse = await pollForResponse(relayUrl, sessionId, deadline, () => cancelled, log);
+            if (cancelled)
+                throw new Error("Session cancelled");
+            // Decrypt response (fields are hex-encoded from relay)
+            const responseKey = await deriveResponseKey(ephemeralKeyPair.privateKey, phonePublicKey, requestIdBytes);
+            const decrypted = decrypt(responseKey, hexDecodeBytes(encryptedResponse.nonce), hexDecodeBytes(encryptedResponse.ciphertext), requestIdBytes);
+            const response = JSON.parse(new TextDecoder().decode(decrypted));
+            if (!response.approved) {
+                setState("error");
+                throw new Error("Verification declined by user");
+            }
+            const result = {
+                proof: response.attestation
+                    ? base64urlEncode(new TextEncoder().encode(JSON.stringify(response.attestation)))
+                    : "",
+                nonce,
+                domain,
+            };
+            setState("verified");
+            log("Verification complete");
+            return result;
+        },
+        confirmSAS() {
+            // No-op for QR mode — SAS confirmation happens on the phone side
+        },
+        cancel() {
+            cancelled = true;
+            setState("error");
+        },
+        onStateChange(callback) {
+            stateCallbacks.push(callback);
+        },
+    };
+    return session;
+}
+// --- Relay communication helpers ---
+// All endpoints target the naughtbot-relay service (separate from AckAgent relay).
+// Session creation is IP rate-limited; all other endpoints are unauthenticated.
+// Phone-initiated endpoints (connect, confirm-sas, respond) use BBS+ anonymous auth.
+/** Create a captcha session on the naughtbot-relay server */
+async function createRelaySession(relayUrl, ephemeralPublicKey, log) {
+    try {
+        const response = await fetch(`${relayUrl}/api/v1/captcha-sessions`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+                requesterEphemeralKeyHex: hexEncode(ephemeralPublicKey),
+            }),
+        });
+        if (!response.ok) {
+            const body = await response.text().catch(() => "");
+            log("Failed to create session:", response.status, body);
+            return null;
+        }
+        const data = await response.json();
+        return { sessionId: data.sessionId };
+    }
+    catch (error) {
+        log("Error creating session:", error);
+        return null;
+    }
+}
+/** Poll relay for phone connection (phone's ephemeral public key) */
+async function pollForPhoneConnection(relayUrl, sessionId, deadline, isCancelled, log) {
+    while (Date.now() < deadline && !isCancelled()) {
+        try {
+            const response = await fetch(`${relayUrl}/api/v1/captcha-sessions/${sessionId}`);
+            if (response.ok) {
+                const data = await response.json();
+                if (data.approverEphemeralKeyHex) {
+                    log("Phone connected");
+                    return hexDecodeBytes(data.approverEphemeralKeyHex);
+                }
+            }
+        }
+        catch {
+            // Network error, retry
+        }
+        await sleep(POLL_INTERVAL_MS);
+    }
+    if (isCancelled()) {
+        throw new Error("Session cancelled");
+    }
+    throw new Error("Session expired waiting for phone connection");
+}
+/** Poll relay until phone confirms SAS match */
+async function pollForSASConfirmation(relayUrl, sessionId, deadline, isCancelled, log) {
+    while (Date.now() < deadline && !isCancelled()) {
+        try {
+            const response = await fetch(`${relayUrl}/api/v1/captcha-sessions/${sessionId}`);
+            if (response.ok) {
+                const data = await response.json();
+                if (data.status === "sas_confirmed" ||
+                    data.status === "challenged" ||
+                    data.status === "responded") {
+                    log("Phone confirmed SAS match");
+                    return;
+                }
+            }
+        }
+        catch {
+            // Network error, retry
+        }
+        await sleep(POLL_INTERVAL_MS);
+    }
+    if (isCancelled()) {
+        throw new Error("Session cancelled");
+    }
+    throw new Error("Session expired waiting for SAS confirmation");
+}
+/** Post encrypted captcha challenge to relay */
+async function postEncryptedChallenge(relayUrl, sessionId, ciphertext, nonce, log) {
+    const response = await fetch(`${relayUrl}/api/v1/captcha-sessions/${sessionId}/challenge`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            encryptedChallenge: hexEncode(ciphertext),
+            challengeNonce: hexEncode(nonce),
+        }),
+    });
+    if (!response.ok) {
+        throw new Error(`Failed to post challenge: ${response.status}`);
+    }
+    log("Challenge posted");
+}
+/** Poll unified status endpoint for encrypted response from phone */
+async function pollForResponse(relayUrl, sessionId, deadline, isCancelled, log) {
+    while (Date.now() < deadline && !isCancelled()) {
+        try {
+            const response = await fetch(`${relayUrl}/api/v1/captcha-sessions/${sessionId}`);
+            if (response.ok) {
+                const data = await response.json();
+                if (data.status === "responded" && data.encryptedResponse && data.responseNonce) {
+                    log("Response received");
+                    return {
+                        ciphertext: data.encryptedResponse,
+                        nonce: data.responseNonce,
+                    };
+                }
+            }
+        }
+        catch {
+            // Network error, retry
+        }
+        await sleep(POLL_INTERVAL_MS);
+    }
+    if (isCancelled()) {
+        throw new Error("Session cancelled");
+    }
+    throw new Error("Session expired waiting for response");
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/** Hex-encode bytes (lowercase) */
+export function hexEncode(data) {
+    return Array.from(data, (b) => b.toString(16).padStart(2, "0")).join("");
+}
+/** Hex-decode string to bytes */
+function hexDecodeBytes(hex) {
+    if (hex.length % 2 !== 0) {
+        throw new Error("hex string must have even length");
+    }
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < hex.length; i += 2) {
+        bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
+    }
+    return bytes;
+}
+//# sourceMappingURL=captcha.js.map

package/dist/captcha.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"captcha.js","sourceRoot":"","sources":["../src/captcha.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,OAAO,EACP,OAAO,EACP,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAuB,MAAM,mBAAmB,CAAC;AASpE,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEnE,0DAA0D;AAC1D,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAiC/B,mCAAmC;AACnC,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAuB;IACzD,MAAM,EACJ,KAAK,EACL,QAAQ,EACR,QAAQ,GAAG,iBAAiB,EAC5B,SAAS,GAAG,kBAAkB,EAC9B,KAAK,GAAG,KAAK,GACd,GAAG,OAAO,CAAC;IAEZ,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,IAAe,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;IAE7F,oDAAoD;IACpD,MAAM,gBAAgB,GAAG,MAAM,eAAe,EAAE,CAAC;IAEjD,IAAI,YAAY,GAAwB,cAAc,CAAC;IACvD,IAAI,UAAU,GAAsB,IAAI,CAAC;IACzC,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,MAAM,cAAc,GAAwE,EAAE,CAAC;IAE/F,SAAS,QAAQ,CAAC,QAA6B,EAAE,GAAuB;QACtE,YAAY,GAAG,QAAQ,CAAC;QACxB,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,UAAU,GAAG,GAAG,CAAC;QACnB,CAAC;QACD,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;YAChC,EAAE,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAC1F,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,CAAC;IAC1C,MAAM,cAAc,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAEnD,GAAG,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;IAEnC,qDAAqD;IACrD,MAAM,YAAY,GAAG,eAAe,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,GAAG,QAAQ,qBAAqB,SAAS,OAAO,YAAY,EAAE,CAAC;IAEjF,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAE1B,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IAE7B,MAAM,OAAO,GAAmB;QAC9B,IAAI,SAAS;YACX,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,IAAI,SAAS;YACX,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,IAAI,KAAK;YACP,OAAO,YAAY,CAAC;QACtB,CAAC;QACD,IAAI,GAAG;YACL,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,KAAK,CAAC,aAAa;YACjB,MAAM,MAAM,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAExC,4EAA4E;YAC5E,MAAM,cAAc,GAAG,MAAM,sBAAsB,CACjD,QAAQ,EACR,SAAS,EACT,QAAQ,EACR,GAAG,EAAE,CAAC,SAAS,EACf,GAAG,CACJ,CAAC;YAEF,IAAI,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAEpD,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YAE5B,oCAAoC;YACpC,MAAM,WAAW,GAAmB;gBAClC,sBAAsB,EAAE,SAAS,CAAC,cAAc,CAAC;gBACjD,SAAS,EAAE,cAAc;aAC1B,CAAC;YACF,MAAM,SAAS,GAAG,UAAU,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;YAExE,QAAQ,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;YACxC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;YAElC,kEAAkE;YAClE,MAAM,sBAAsB,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;YAClF,IAAI,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAEpD,4CAA4C;YAC5C,MAAM,SAAS,GAAqB;gBAClC,IAAI,EAAE,SAAS;gBACf,MAAM;gBACN,KAAK;gBACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YAEF,MAAM,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;YAC3E,MAAM,UAAU,GAAG,MAAM,gBAAgB,CACvC,gBAAgB,CAAC,UAAU,EAC3B,cAAc,EACd,cAAc,CACf,CAAC;YACF,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,UAAU,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;YAE5F,MAAM,sBAAsB,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;YAE7E,QAAQ,CAAC,WAAW,CAAC,CAAC;YAEtB,uCAAuC;YACvC,MAAM,iBAAiB,GAAG,MAAM,eAAe,CAC7C,QAAQ,EACR,SAAS,EACT,QAAQ,EACR,GAAG,EAAE,CAAC,SAAS,EACf,GAAG,CACJ,CAAC;YAEF,IAAI,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAEpD,uDAAuD;YACvD,MAAM,WAAW,GAAG,MAAM,iBAAiB,CACzC,gBAAgB,CAAC,UAAU,EAC3B,cAAc,EACd,cAAc,CACf,CAAC;YACF,MAAM,SAAS,GAAG,OAAO,CACvB,WAAW,EACX,cAAc,CAAC,iBAAiB,CAAC,KAAK,CAAC,EACvC,cAAc,CAAC,iBAAiB,CAAC,UAAU,CAAC,EAC5C,cAAc,CACf,CAAC;YACF,MAAM,QAAQ,GAAoB,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;YAElF,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACvB,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAClB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;YAED,MAAM,MAAM,GAAkB;gBAC5B,KAAK,EAAE,QAAQ,CAAC,WAAW;oBACzB,CAAC,CAAC,eAAe,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;oBACjF,CAAC,CAAC,EAAE;gBACN,KAAK;gBACL,MAAM;aACP,CAAC;YAEF,QAAQ,CAAC,UAAU,CAAC,CAAC;YACrB,GAAG,CAAC,uBAAuB,CAAC,CAAC;YAC7B,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,UAAU;YACR,iEAAiE;QACnE,CAAC;QAED,MAAM;YACJ,SAAS,GAAG,IAAI,CAAC;YACjB,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpB,CAAC;QAED,aAAa,CAAC,QAAQ;YACpB,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;KACF,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,sCAAsC;AACtC,mFAAmF;AACnF,gFAAgF;AAChF,qFAAqF;AAErF,6DAA6D;AAC7D,KAAK,UAAU,kBAAkB,CAC/B,QAAgB,EAChB,kBAA8B,EAC9B,GAAiC;IAEjC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,0BAA0B,EAAE;YAClE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,wBAAwB,EAAE,SAAS,CAAC,kBAAkB,CAAC;aACxD,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,GAAG,CAAC,2BAA2B,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;IACvC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,GAAG,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,qEAAqE;AACrE,KAAK,UAAU,sBAAsB,CACnC,QAAgB,EAChB,SAAiB,EACjB,QAAgB,EAChB,WAA0B,EAC1B,GAAiC;IAEjC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,4BAA4B,SAAS,EAAE,CAAC,CAAC;YAEjF,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACnC,IAAI,IAAI,CAAC,uBAAuB,EAAE,CAAC;oBACjC,GAAG,CAAC,iBAAiB,CAAC,CAAC;oBACvB,OAAO,cAAc,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;QAED,MAAM,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAChC,CAAC;IAED,IAAI,WAAW,EAAE,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;AAClE,CAAC;AAED,gDAAgD;AAChD,KAAK,UAAU,sBAAsB,CACnC,QAAgB,EAChB,SAAiB,EACjB,QAAgB,EAChB,WAA0B,EAC1B,GAAiC;IAEjC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,4BAA4B,SAAS,EAAE,CAAC,CAAC;YAEjF,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACnC,IACE,IAAI,CAAC,MAAM,KAAK,eAAe;oBAC/B,IAAI,CAAC,MAAM,KAAK,YAAY;oBAC5B,IAAI,CAAC,MAAM,KAAK,WAAW,EAC3B,CAAC;oBACD,GAAG,CAAC,2BAA2B,CAAC,CAAC;oBACjC,OAAO;gBACT,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;QAED,MAAM,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAChC,CAAC;IAED,IAAI,WAAW,EAAE,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;AAClE,CAAC;AAED,gDAAgD;AAChD,KAAK,UAAU,sBAAsB,CACnC,QAAgB,EAChB,SAAiB,EACjB,UAAsB,EACtB,KAAiB,EACjB,GAAiC;IAEjC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,4BAA4B,SAAS,YAAY,EAAE;QACzF,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,kBAAkB,EAAE,SAAS,CAAC,UAAU,CAAC;YACzC,cAAc,EAAE,SAAS,CAAC,KAAK,CAAC;SACjC,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAC1B,CAAC;AAED,qEAAqE;AACrE,KAAK,UAAU,eAAe,CAC5B,QAAgB,EAChB,SAAiB,EACjB,QAAgB,EAChB,WAA0B,EAC1B,GAAiC;IAEjC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,4BAA4B,SAAS,EAAE,CAAC,CAAC;YAEjF,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACnC,IAAI,IAAI,CAAC,MAAM,KAAK,WAAW,IAAI,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;oBAChF,GAAG,CAAC,mBAAmB,CAAC,CAAC;oBACzB,OAAO;wBACL,UAAU,EAAE,IAAI,CAAC,iBAAiB;wBAClC,KAAK,EAAE,IAAI,CAAC,aAAa;qBAC1B,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;QAED,MAAM,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAChC,CAAC;IAED,IAAI,WAAW,EAAE,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,mCAAmC;AACnC,MAAM,UAAU,SAAS,CAAC,IAAgB;IACxC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED,iCAAiC;AACjC,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,15 @@
+/**
+ * NaughtBot SDK — cryptographic proof of human interaction via biometric verification.
+ *
+ * Provides a captcha replacement that uses E2E encrypted communication with
+ * a user's mobile device for biometric verification and BBS+ anonymous attestation.
+ */
+export type { CaptchaOptions, CaptchaResult, CaptchaSessionState, CaptchaWidgetOptions, SASDisplay, } from "./types.js";
+export { createSession } from "./captcha.js";
+export type { CaptchaSession } from "./captcha.js";
+export { createWidget } from "./widget.js";
+export type { CaptchaWidget } from "./widget.js";
+export { verifyCaptchaProof } from "./verify.js";
+export type { VerificationResult, IssuerPublicKey } from "./verify.js";
+export { createBLESession, isBLESupported } from "./ble.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,YAAY,EACV,cAAc,EACd,aAAa,EACb,mBAAmB,EACnB,oBAAoB,EACpB,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAGnD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,YAAY,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAGjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,YAAY,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAGvE,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC"}

package/dist/index.js

@@ -0,0 +1,15 @@
+/**
+ * NaughtBot SDK — cryptographic proof of human interaction via biometric verification.
+ *
+ * Provides a captcha replacement that uses E2E encrypted communication with
+ * a user's mobile device for biometric verification and BBS+ anonymous attestation.
+ */
+// Core session API
+export { createSession } from "./captcha.js";
+// Widget API
+export { createWidget } from "./widget.js";
+// Verification
+export { verifyCaptchaProof } from "./verify.js";
+// BLE transport
+export { createBLESession, isBLESupported } from "./ble.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,mBAAmB;AACnB,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAG7C,aAAa;AACb,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,eAAe;AACf,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjD,gBAAgB;AAChB,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,87 @@
+/**
+ * Type definitions for NaughtBot captcha sessions.
+ */
+/** Options for creating a captcha session */
+export interface CaptchaOptions {
+    /** Server-generated nonce for replay protection */
+    nonce: string;
+    /** Relay server URL (e.g., "https://relay.naughtbot.com"). Required for QR mode. */
+    relayUrl?: string;
+    /** Login/identity service URL for QR code links (e.g., "https://login.naughtbot.com") */
+    loginUrl?: string;
+    /** Transport mode */
+    mode?: "qr" | "ble" | "auto";
+    /** Session timeout in milliseconds (default: 300000 = 5 min) */
+    timeoutMs?: number;
+    /** Enable debug logging */
+    debug?: boolean;
+}
+/** Options for the captcha widget */
+export interface CaptchaWidgetOptions extends CaptchaOptions {
+    /** Callback when verification completes successfully */
+    onVerified: (result: CaptchaResult) => void;
+    /** Callback when an error occurs */
+    onError?: (error: Error) => void;
+    /** Callback when the session expires */
+    onExpired?: () => void;
+    /** Callback when session state changes */
+    onStateChange?: (state: CaptchaSessionState) => void;
+}
+/** Result of a successful captcha verification */
+export interface CaptchaResult {
+    /** BBS+ anonymous proof (base64url) */
+    proof: string;
+    /** Original nonce (for server-side correlation) */
+    nonce: string;
+    /** Domain that was verified (e.g., "example.com") */
+    domain: string;
+}
+/** State of a captcha session */
+export type CaptchaSessionState = "initializing" | "waiting_for_scan" | "phone_connected" | "sas_verification" | "verifying" | "verified" | "expired" | "error";
+/** SAS (Short Authentication String) for visual verification */
+export interface SASDisplay {
+    words: string[];
+    emojis: string[];
+    wordString: string;
+    emojiString: string;
+}
+/** Internal: captcha challenge sent from browser to phone */
+export interface CaptchaChallenge {
+    type: "captcha";
+    domain: string;
+    nonce: string;
+    timestamp: number;
+}
+/** Internal: captcha response from phone to browser */
+export interface CaptchaResponse {
+    approved: boolean;
+    plaintextHash?: string;
+    attestation?: {
+        "@context": string[];
+        type: string[];
+        proof: {
+            type: string;
+            cryptosuite: string;
+            proofValue: string;
+            created?: string;
+            verificationMethod?: string;
+            proofPurpose?: string;
+        };
+        ackagentAnonymousAttestation: {
+            pseudonym: string;
+            scope: string;
+            presentationHeader: string;
+            revealedMessages: {
+                attestationType: string;
+                deviceType: string;
+                expiresAt: number;
+            };
+            issuerPublicKeyId: string;
+        };
+    };
+}
+/** Default timeout for captcha sessions (5 minutes) */
+export declare const DEFAULT_TIMEOUT_MS = 300000;
+/** Default login URL for QR code links */
+export declare const DEFAULT_LOGIN_URL = "https://login.naughtbot.com";
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,6CAA6C;AAC7C,MAAM,WAAW,cAAc;IAC7B,mDAAmD;IACnD,KAAK,EAAE,MAAM,CAAC;IAEd,oFAAoF;IACpF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,yFAAyF;IACzF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,qBAAqB;IACrB,IAAI,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG,MAAM,CAAC;IAE7B,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,2BAA2B;IAC3B,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,qCAAqC;AACrC,MAAM,WAAW,oBAAqB,SAAQ,cAAc;IAC1D,wDAAwD;IACxD,UAAU,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,IAAI,CAAC;IAE5C,oCAAoC;IACpC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IAEjC,wCAAwC;IACxC,SAAS,CAAC,EAAE,MAAM,IAAI,CAAC;IAEvB,0CAA0C;IAC1C,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,mBAAmB,KAAK,IAAI,CAAC;CACtD;AAED,kDAAkD;AAClD,MAAM,WAAW,aAAa;IAC5B,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAC;IAEd,mDAAmD;IACnD,KAAK,EAAE,MAAM,CAAC;IAEd,qDAAqD;IACrD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,iCAAiC;AACjC,MAAM,MAAM,mBAAmB,GAC3B,cAAc,GACd,kBAAkB,GAClB,iBAAiB,GACjB,kBAAkB,GAClB,WAAW,GACX,UAAU,GACV,SAAS,GACT,OAAO,CAAC;AAEZ,gEAAgE;AAChE,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,6DAA6D;AAC7D,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,SAAS,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,uDAAuD;AACvD,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE;QACZ,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,IAAI,EAAE,MAAM,EAAE,CAAC;QACf,KAAK,EAAE;YACL,IAAI,EAAE,MAAM,CAAC;YACb,WAAW,EAAE,MAAM,CAAC;YACpB,UAAU,EAAE,MAAM,CAAC;YACnB,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,kBAAkB,CAAC,EAAE,MAAM,CAAC;YAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;SACvB,CAAC;QACF,4BAA4B,EAAE;YAC5B,SAAS,EAAE,MAAM,CAAC;YAClB,KAAK,EAAE,MAAM,CAAC;YACd,kBAAkB,EAAE,MAAM,CAAC;YAC3B,gBAAgB,EAAE;gBAChB,eAAe,EAAE,MAAM,CAAC;gBACxB,UAAU,EAAE,MAAM,CAAC;gBACnB,SAAS,EAAE,MAAM,CAAC;aACnB,CAAC;YACF,iBAAiB,EAAE,MAAM,CAAC;SAC3B,CAAC;KACH,CAAC;CACH;AAED,uDAAuD;AACvD,eAAO,MAAM,kBAAkB,SAAU,CAAC;AAE1C,0CAA0C;AAC1C,eAAO,MAAM,iBAAiB,gCAAgC,CAAC"}

package/dist/types.js

@@ -0,0 +1,8 @@
+/**
+ * Type definitions for NaughtBot captcha sessions.
+ */
+/** Default timeout for captcha sessions (5 minutes) */
+export const DEFAULT_TIMEOUT_MS = 300_000;
+/** Default login URL for QR code links */
+export const DEFAULT_LOGIN_URL = "https://login.naughtbot.com";
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AA0GH,uDAAuD;AACvD,MAAM,CAAC,MAAM,kBAAkB,GAAG,OAAO,CAAC;AAE1C,0CAA0C;AAC1C,MAAM,CAAC,MAAM,iBAAiB,GAAG,6BAA6B,CAAC"}

package/dist/verify.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Client-side BBS+ proof verification for captcha results.
+ *
+ * This provides a convenience wrapper around @ackagent/web-sdk's BBS+ verification
+ * for verifying NaughtBot captcha proofs in the browser. Server-side verification
+ * is recommended for production use.
+ */
+import type { CaptchaResult } from "./types.js";
+/** Issuer public key for verifying BBS+ proofs */
+export interface IssuerPublicKey {
+    /** Key ID matching the proof's issuerPublicKeyId */
+    keyId: string;
+    /** BLS12-381 G2 public key (96 bytes, base64url) */
+    publicKey: string;
+}
+/** Result of verifying a captcha proof */
+export interface VerificationResult {
+    /** Whether the proof is valid */
+    valid: boolean;
+    /** Error message if verification failed */
+    error?: string;
+    /** Revealed attestation attributes */
+    attestation?: {
+        attestationType: string;
+        deviceType: string;
+        expiresAt: number;
+    };
+}
+/**
+ * Verify a NaughtBot captcha proof.
+ *
+ * This performs client-side verification of the BBS+ anonymous attestation
+ * included in the captcha result. For production use, verify server-side
+ * using the NaughtBot verification API.
+ *
+ * @param result - The captcha result to verify
+ * @param issuerPublicKey - The issuer's public key for BBS+ verification
+ * @returns Verification result
+ */
+export declare function verifyCaptchaProof(result: CaptchaResult, issuerPublicKey: IssuerPublicKey, expectedDomain?: string): Promise<VerificationResult>;
+//# sourceMappingURL=verify.d.ts.map

package/dist/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAKhD,kDAAkD;AAClD,MAAM,WAAW,eAAe;IAC9B,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IAEd,oDAAoD;IACpD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,0CAA0C;AAC1C,MAAM,WAAW,kBAAkB;IACjC,iCAAiC;IACjC,KAAK,EAAE,OAAO,CAAC;IAEf,2CAA2C;IAC3C,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,sCAAsC;IACtC,WAAW,CAAC,EAAE;QACZ,eAAe,EAAE,MAAM,CAAC;QACxB,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,aAAa,EACrB,eAAe,EAAE,eAAe,EAChC,cAAc,CAAC,EAAE,MAAM,GACtB,OAAO,CAAC,kBAAkB,CAAC,CA+G7B"}

package/dist/verify.js

@@ -0,0 +1,112 @@
+/**
+ * Client-side BBS+ proof verification for captcha results.
+ *
+ * This provides a convenience wrapper around @ackagent/web-sdk's BBS+ verification
+ * for verifying NaughtBot captcha proofs in the browser. Server-side verification
+ * is recommended for production use.
+ */
+import { verifyBbsProofWithPseudonym, base64urlDecode, base64urlEncode } from "@ackagent/web-sdk";
+/** Total number of signer messages in BBS+ credential */
+const BBS_TOTAL_SIGNER_MESSAGES = 4;
+/**
+ * Verify a NaughtBot captcha proof.
+ *
+ * This performs client-side verification of the BBS+ anonymous attestation
+ * included in the captcha result. For production use, verify server-side
+ * using the NaughtBot verification API.
+ *
+ * @param result - The captcha result to verify
+ * @param issuerPublicKey - The issuer's public key for BBS+ verification
+ * @returns Verification result
+ */
+export async function verifyCaptchaProof(result, issuerPublicKey, expectedDomain) {
+    if (!result.proof) {
+        return { valid: false, error: "No proof in captcha result" };
+    }
+    try {
+        // Decode the attestation from the proof field
+        const attestationJson = new TextDecoder().decode(base64urlDecode(result.proof));
+        const attestation = JSON.parse(attestationJson);
+        const payload = attestation.ackagentAnonymousAttestation;
+        if (!payload) {
+            return { valid: false, error: "Missing ackagentAnonymousAttestation in proof" };
+        }
+        // Verify the issuer key ID matches
+        if (payload.issuerPublicKeyId !== issuerPublicKey.keyId) {
+            return {
+                valid: false,
+                error: `Issuer key mismatch: expected ${issuerPublicKey.keyId}, got ${payload.issuerPublicKeyId}`,
+            };
+        }
+        // Verify scope is non-empty (it should be the sessionId)
+        if (!payload.scope) {
+            return { valid: false, error: "Missing scope in attestation" };
+        }
+        // Verify domain if expected domain is provided
+        // Domain binding comes from the presentation header (challenge-bound), not the scope
+        if (expectedDomain && result.domain !== expectedDomain) {
+            return {
+                valid: false,
+                error: `Domain mismatch: expected ${expectedDomain}, got ${result.domain}`,
+            };
+        }
+        // Verify BBS+ proof with pseudonym
+        const proofValue = attestation.proof?.proofValue;
+        if (!proofValue) {
+            return { valid: false, error: "Missing proofValue in attestation" };
+        }
+        // Strip multibase "u" prefix from proofValue (iOS produces "u" + base64url(proof))
+        const rawProofValue = proofValue.startsWith("u") ? proofValue.slice(1) : proofValue;
+        // Build disclosed messages map from revealed attributes
+        // Signer indices: 0=attestationType, 1=deviceType, 3=expiresAt
+        const disclosed = payload.revealedMessages;
+        const disclosedMessages = new Map();
+        if (disclosed.attestationType) {
+            disclosedMessages.set(0, new TextEncoder().encode(disclosed.attestationType));
+        }
+        if (disclosed.deviceType) {
+            disclosedMessages.set(1, new TextEncoder().encode(disclosed.deviceType));
+        }
+        if (disclosed.expiresAt) {
+            const buf = new ArrayBuffer(8);
+            new DataView(buf).setBigInt64(0, BigInt(disclosed.expiresAt));
+            disclosedMessages.set(3, new Uint8Array(buf));
+        }
+        // Recompute expected presentation header from result nonce + domain
+        // This binds the proof to the specific challenge (sha256(nonce || 0x00 || domain))
+        const phMessage = new Uint8Array([
+            ...new TextEncoder().encode(result.nonce),
+            0x00,
+            ...new TextEncoder().encode(result.domain),
+        ]);
+        const phDigest = new Uint8Array(await crypto.subtle.digest("SHA-256", phMessage));
+        // iOS passes base64urlEncode(digest) as a String to generateRelayAuthProof,
+        // which UTF-8 encodes it internally. Match that encoding here.
+        const phBytes = new TextEncoder().encode(base64urlEncode(phDigest));
+        const bbsResult = await verifyBbsProofWithPseudonym(base64urlDecode(issuerPublicKey.publicKey), base64urlDecode(rawProofValue), base64urlDecode(payload.pseudonym), new TextEncoder().encode("ackagent-anonymous-attestation-v2"), phBytes, new TextEncoder().encode(payload.scope), disclosedMessages, BBS_TOTAL_SIGNER_MESSAGES, new Map(), // disclosed committed messages
+        []);
+        if (!bbsResult.verified) {
+            return { valid: false, error: bbsResult.error || "BBS+ proof verification failed" };
+        }
+        // Check credential expiry
+        const revealed = payload.revealedMessages;
+        if (revealed.expiresAt && revealed.expiresAt < Math.floor(Date.now() / 1000)) {
+            return { valid: false, error: "Credential has expired" };
+        }
+        return {
+            valid: true,
+            attestation: {
+                attestationType: revealed.attestationType,
+                deviceType: revealed.deviceType,
+                expiresAt: revealed.expiresAt,
+            },
+        };
+    }
+    catch (error) {
+        return {
+            valid: false,
+            error: error instanceof Error ? error.message : "Verification failed",
+        };
+    }
+}
+//# sourceMappingURL=verify.js.map

package/dist/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,2BAA2B,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAIlG,yDAAyD;AACzD,MAAM,yBAAyB,GAAG,CAAC,CAAC;AA2BpC;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,MAAqB,EACrB,eAAgC,EAChC,cAAuB;IAEvB,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC;QACH,8CAA8C;QAC9C,MAAM,eAAe,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAChF,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAEhD,MAAM,OAAO,GAAG,WAAW,CAAC,4BAA4B,CAAC;QACzD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,+CAA+C,EAAE,CAAC;QAClF,CAAC;QAED,mCAAmC;QACnC,IAAI,OAAO,CAAC,iBAAiB,KAAK,eAAe,CAAC,KAAK,EAAE,CAAC;YACxD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,iCAAiC,eAAe,CAAC,KAAK,SAAS,OAAO,CAAC,iBAAiB,EAAE;aAClG,CAAC;QACJ,CAAC;QAED,yDAAyD;QACzD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC;QACjE,CAAC;QAED,+CAA+C;QAC/C,qFAAqF;QACrF,IAAI,cAAc,IAAI,MAAM,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;YACvD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,6BAA6B,cAAc,SAAS,MAAM,CAAC,MAAM,EAAE;aAC3E,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,EAAE,UAAU,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;QACtE,CAAC;QAED,mFAAmF;QACnF,MAAM,aAAa,GAAG,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;QAEpF,wDAAwD;QACxD,+DAA+D;QAC/D,MAAM,SAAS,GAAG,OAAO,CAAC,gBAAgB,CAAC;QAC3C,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAsB,CAAC;QACxD,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC;YAC9B,iBAAiB,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC;QAChF,CAAC;QACD,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;YACzB,iBAAiB,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC;QAC3E,CAAC;QACD,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;YAC/B,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,EAAE,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;YAC9D,iBAAiB,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QAChD,CAAC;QAED,oEAAoE;QACpE,mFAAmF;QACnF,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC;YAC/B,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC;YACzC,IAAI;YACJ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;SAC3C,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;QAClF,4EAA4E;QAC5E,+DAA+D;QAC/D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEpE,MAAM,SAAS,GAAG,MAAM,2BAA2B,CACjD,eAAe,CAAC,eAAe,CAAC,SAAS,CAAC,EAC1C,eAAe,CAAC,aAAa,CAAC,EAC9B,eAAe,CAAC,OAAO,CAAC,SAAS,CAAC,EAClC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,mCAAmC,CAAC,EAC7D,OAAO,EACP,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EACvC,iBAAiB,EACjB,yBAAyB,EACzB,IAAI,GAAG,EAAE,EAAE,+BAA+B;QAC1C,EAAE,CACH,CAAC;QAEF,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACxB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,gCAAgC,EAAE,CAAC;QACtF,CAAC;QAED,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,OAAO,CAAC,gBAAgB,CAAC;QAC1C,IAAI,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;YAC7E,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC;QAC3D,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI;YACX,WAAW,EAAE;gBACX,eAAe,EAAE,QAAQ,CAAC,eAAe;gBACzC,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,SAAS,EAAE,QAAQ,CAAC,SAAS;aAC9B;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB;SACtE,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/widget.d.ts

@@ -0,0 +1,24 @@
+/**
+ * QR code widget for NaughtBot captcha.
+ * Renders a QR code, shows SAS words/emojis, handles lifecycle.
+ *
+ * Uses safe DOM APIs (createElement, textContent) instead of innerHTML.
+ */
+import { type CaptchaSession } from "./captcha.js";
+import type { CaptchaWidgetOptions } from "./types.js";
+/** Widget instance that can be destroyed */
+export interface CaptchaWidget {
+    /** Destroy the widget and clean up */
+    destroy(): void;
+    /** Get the underlying session */
+    readonly session: CaptchaSession | null;
+}
+/**
+ * Create a captcha widget in the specified container.
+ *
+ * @param container - CSS selector or DOM element
+ * @param options - Widget options
+ * @returns Widget instance
+ */
+export declare function createWidget(container: string | HTMLElement, options: CaptchaWidgetOptions): Promise<CaptchaWidget>;
+//# sourceMappingURL=widget.d.ts.map

package/dist/widget.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"widget.d.ts","sourceRoot":"","sources":["../src/widget.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAiB,KAAK,cAAc,EAAE,MAAM,cAAc,CAAC;AAElE,OAAO,KAAK,EACV,oBAAoB,EAIrB,MAAM,YAAY,CAAC;AAEpB,4CAA4C;AAC5C,MAAM,WAAW,aAAa;IAC5B,sCAAsC;IACtC,OAAO,IAAI,IAAI,CAAC;IAEhB,iCAAiC;IACjC,QAAQ,CAAC,OAAO,EAAE,cAAc,GAAG,IAAI,CAAC;CACzC;AAKD;;;;;;GAMG;AACH,wBAAsB,YAAY,CAChC,SAAS,EAAE,MAAM,GAAG,WAAW,EAC/B,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,aAAa,CAAC,CAwGxB"}