@nexart/ai-execution 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. package/README.md +28 -7
  2. package/dist/index.cjs +130 -41
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.d.cts +2 -2
  5. package/dist/index.d.ts +2 -2
  6. package/dist/index.mjs +129 -41
  7. package/dist/index.mjs.map +1 -1
  8. package/dist/providers/anthropic.cjs +1 -1
  9. package/dist/providers/anthropic.cjs.map +1 -1
  10. package/dist/providers/anthropic.d.cts +1 -1
  11. package/dist/providers/anthropic.d.ts +1 -1
  12. package/dist/providers/anthropic.mjs +1 -1
  13. package/dist/providers/anthropic.mjs.map +1 -1
  14. package/dist/providers/openai.cjs +1 -1
  15. package/dist/providers/openai.cjs.map +1 -1
  16. package/dist/providers/openai.d.cts +1 -1
  17. package/dist/providers/openai.d.ts +1 -1
  18. package/dist/providers/openai.mjs +1 -1
  19. package/dist/providers/openai.mjs.map +1 -1
  20. package/dist/providers/wrap.cjs +1 -1
  21. package/dist/providers/wrap.cjs.map +1 -1
  22. package/dist/providers/wrap.d.cts +1 -1
  23. package/dist/providers/wrap.d.ts +1 -1
  24. package/dist/providers/wrap.mjs +1 -1
  25. package/dist/providers/wrap.mjs.map +1 -1
  26. package/dist/{types-DF29BsH5.d.cts → types-342Snbrb.d.cts} +15 -1
  27. package/dist/{types-DF29BsH5.d.ts → types-342Snbrb.d.ts} +15 -1
  28. package/package.json +2 -2
package/README.md CHANGED
@@ -1,10 +1,10 @@
1
- # @nexart/ai-execution v0.4.0
1
+ # @nexart/ai-execution v0.4.1
2
2
 
3
3
  Tamper-evident records and Certified Execution Records (CER) for AI operations.
4
4
 
5
5
  ## Why Not Just Store Logs?
6
6
 
7
- Logs tell you what happened. CERs prove it. A log entry can be edited, truncated, or fabricated after the fact with no way to detect it. A CER bundle is cryptographically sealed: any modification — to the input, output, parameters, or ordering — invalidates the certificate hash. If you need to demonstrate to an auditor, regulator, or downstream system that a specific AI model produced a specific output for a specific input with specific parameters, logs are insufficient. CERs provide the tamper-evident chain of custody that logs cannot.
7
+ Logs tell you what happened. CERs prove integrity. A log entry can be edited, truncated, or fabricated after the fact with no way to detect it. A CER bundle is cryptographically sealed: any modification — to the input, output, parameters, or ordering — invalidates the certificate hash. If you need to demonstrate to an auditor, regulator, or downstream system that a recorded execution has not been modified post-hoc, logs are insufficient. CERs provide the tamper-evident chain of custody that logs cannot. **CERs certify records, not model determinism or provider execution.**
8
8
 
9
9
  ## What This Does
10
10
 
@@ -15,13 +15,13 @@ This package creates integrity records for AI executions. Every time you call an
15
15
  - The exact parameters used (temperature, model, etc.)
16
16
  - SHA-256 hashes of everything for tamper detection
17
17
 
18
- These records can be verified offline to prove the execution happened as recorded.
18
+ These records can be verified offline to detect any post-hoc modification and prove integrity of the recorded execution.
19
19
 
20
- **Important:** This does NOT promise that an AI model will produce the same output twice. LLMs are not deterministic. This package provides **integrity and auditability** — proof that a specific input produced a specific output at a specific time with specific parameters.
20
+ **Important:** This does NOT promise that an AI model will produce the same output twice, and it does not verify provider or model identity. LLMs are not deterministic. This package provides **integrity and auditability** — proof that the recorded input, output, and parameters have not been modified, and chain-of-custody for the execution record.
21
21
 
22
22
  ## Compatibility Guarantees
23
23
 
24
- - **v0.1.0, v0.2.0, and v0.3.0 bundles verify forever.** Any CER bundle produced by any prior version will pass `verify()` in v0.4.0 and all future versions.
24
+ - **v0.1.0, v0.2.0, and v0.3.0 bundles verify forever.** Any CER bundle produced by any prior version will pass `verify()` in v0.4.1 and all future versions.
25
25
  - **Hashing rules are frozen for `cer.ai.execution.v1`.** The canonicalization, SHA-256 computation, and certificate hash inputs (bundleType, version, createdAt, snapshot) are unchanged.
26
26
  - **New optional snapshot fields** (runId, stepId, stepIndex, etc.) default to undefined and are excluded from legacy snapshots. They participate in the certificate hash only when present.
27
27
  - **Canonicalization is frozen for v1.** Number-to-string conversion uses `JSON.stringify()`, which is consistent across JavaScript engines but does not implement RFC 8785 (JCS) for edge cases like `-0`. If stricter canonicalization is required, it will ship as a new bundle type (`cer.ai.execution.v2`), never as a modification to v1.
@@ -139,7 +139,7 @@ const restored = importCer(json); // parse + verify (throws on tamper)
139
139
  | `modelVersion` | Optional | `string \| null` | Defaults to `null` |
140
140
  | `parameters.topP` | Optional | `number \| null` | Defaults to `null` |
141
141
  | `parameters.seed` | Optional | `number \| null` | Defaults to `null` |
142
- | `sdkVersion` | Optional | `string \| null` | Defaults to `"0.4.0"` |
142
+ | `sdkVersion` | Optional | `string \| null` | Defaults to `"0.4.1"` |
143
143
  | `appId` | Optional | `string \| null` | Defaults to `null` |
144
144
  | `runId` | Optional | `string \| null` | Workflow run ID |
145
145
  | `stepId` | Optional | `string \| null` | Step identifier within a run |
@@ -243,6 +243,26 @@ Fixtures at `fixtures/vectors/` and `fixtures/golden/`. Cross-language implement
243
243
  | `exportCer(bundle)` | Serialize to canonical JSON string |
244
244
  | `importCer(json)` | Parse + verify from JSON string |
245
245
 
246
+ ### Reason Codes
247
+
248
+ `CerVerifyCode` — stable string-union constant exported from the package root:
249
+
250
+ | Code | When set |
251
+ |---|---|
252
+ | `OK` | Verification passed |
253
+ | `CERTIFICATE_HASH_MISMATCH` | `certificateHash` doesn't match recomputed hash |
254
+ | `INPUT_HASH_MISMATCH` | `inputHash` doesn't match recomputed hash |
255
+ | `OUTPUT_HASH_MISMATCH` | `outputHash` doesn't match recomputed hash |
256
+ | `SNAPSHOT_HASH_MISMATCH` | Both `inputHash` and `outputHash` are wrong |
257
+ | `INVALID_SHA256_FORMAT` | A hash field doesn't start with `sha256:` |
258
+ | `SCHEMA_ERROR` | Wrong bundleType/version, missing snapshot, non-finite parameters, etc. |
259
+ | `CANONICALIZATION_ERROR` | `toCanonicalJson` threw during verification |
260
+ | `UNKNOWN_ERROR` | Catch-all for unclassified failures |
261
+
262
+ Priority when multiple failures exist: `CANONICALIZATION_ERROR` > `SCHEMA_ERROR` > `INVALID_SHA256_FORMAT` > `CERTIFICATE_HASH_MISMATCH` > `INPUT_HASH_MISMATCH` > `OUTPUT_HASH_MISMATCH` > `SNAPSHOT_HASH_MISMATCH` > `UNKNOWN_ERROR`.
263
+
264
+ **These codes are stable across all future versions.** New codes may be added but existing codes will not be renamed or removed.
265
+
246
266
  ### Providers (sub-exports)
247
267
 
248
268
  | Function | Export path |
@@ -258,7 +278,8 @@ Fixtures at `fixtures/vectors/` and `fixtures/golden/`. Cross-language implement
258
278
  | v0.1.0 | Core snapshot + CER + verify + OpenAI adapter |
259
279
  | v0.2.0 | certifyDecision, RunBuilder, attest, archive, Anthropic, wrapProvider, typed errors, workflow fields |
260
280
  | v0.3.0 | Attestation hardening (hash validation, timeout), `verify` alias, `CerAttestationError.details`, release hygiene |
261
- | **v0.4.0** | Dual ESM/CJS build, `sanitizeForAttestation`, `hasAttestation`, auto-sanitize in `attest()`, fixed `ERR_PACKAGE_PATH_NOT_EXPORTED` |
281
+ | v0.4.0 | Dual ESM/CJS build, `sanitizeForAttestation`, `hasAttestation`, auto-sanitize in `attest()`, fixed `ERR_PACKAGE_PATH_NOT_EXPORTED` |
282
+ | **v0.4.1** | Verification reason codes (`CerVerifyCode`), `code` + `details` on `VerificationResult`, README provenance wording tightened |
262
283
  | v1.0.0 | Planned: API stabilization, freeze public API surface |
263
284
 
264
285
  ## Releasing
package/dist/index.cjs CHANGED
@@ -32,6 +32,7 @@ var src_exports = {};
32
32
  __export(src_exports, {
33
33
  CerAttestationError: () => CerAttestationError,
34
34
  CerVerificationError: () => CerVerificationError,
35
+ CerVerifyCode: () => CerVerifyCode,
35
36
  RunBuilder: () => RunBuilder,
36
37
  attest: () => attest,
37
38
  certifyDecision: () => certifyDecision,
@@ -54,6 +55,19 @@ __export(src_exports, {
54
55
  });
55
56
  module.exports = __toCommonJS(src_exports);
56
57
 
58
+ // src/types.ts
59
+ var CerVerifyCode = {
60
+ OK: "OK",
61
+ CERTIFICATE_HASH_MISMATCH: "CERTIFICATE_HASH_MISMATCH",
62
+ SNAPSHOT_HASH_MISMATCH: "SNAPSHOT_HASH_MISMATCH",
63
+ INPUT_HASH_MISMATCH: "INPUT_HASH_MISMATCH",
64
+ OUTPUT_HASH_MISMATCH: "OUTPUT_HASH_MISMATCH",
65
+ INVALID_SHA256_FORMAT: "INVALID_SHA256_FORMAT",
66
+ CANONICALIZATION_ERROR: "CANONICALIZATION_ERROR",
67
+ SCHEMA_ERROR: "SCHEMA_ERROR",
68
+ UNKNOWN_ERROR: "UNKNOWN_ERROR"
69
+ };
70
+
57
71
  // src/errors.ts
58
72
  var CerVerificationError = class extends Error {
59
73
  errors;
@@ -147,7 +161,7 @@ function computeOutputHash(output) {
147
161
  }
148
162
 
149
163
  // src/snapshot.ts
150
- var PACKAGE_VERSION = "0.4.0";
164
+ var PACKAGE_VERSION = "0.4.1";
151
165
  function validateParameters(params) {
152
166
  const errors = [];
153
167
  if (typeof params.temperature !== "number" || !Number.isFinite(params.temperature)) {
@@ -203,54 +217,84 @@ function createSnapshot(params) {
203
217
  return snapshot;
204
218
  }
205
219
  function verifySnapshot(snapshot) {
206
- const errors = [];
220
+ const schemaErrors = [];
221
+ const formatErrors = [];
222
+ const inputHashErrors = [];
223
+ const outputHashErrors = [];
207
224
  if (snapshot.type !== "ai.execution.v1") {
208
- errors.push(`Expected type "ai.execution.v1", got "${snapshot.type}"`);
225
+ schemaErrors.push(`Expected type "ai.execution.v1", got "${snapshot.type}"`);
209
226
  }
210
227
  if (snapshot.protocolVersion !== "1.2.0") {
211
- errors.push(`Expected protocolVersion "1.2.0", got "${snapshot.protocolVersion}"`);
228
+ schemaErrors.push(`Expected protocolVersion "1.2.0", got "${snapshot.protocolVersion}"`);
212
229
  }
213
230
  if (snapshot.executionSurface !== "ai") {
214
- errors.push(`Expected executionSurface "ai", got "${snapshot.executionSurface}"`);
231
+ schemaErrors.push(`Expected executionSurface "ai", got "${snapshot.executionSurface}"`);
215
232
  }
216
233
  if (!snapshot.executionId || typeof snapshot.executionId !== "string") {
217
- errors.push("executionId must be a non-empty string");
234
+ schemaErrors.push("executionId must be a non-empty string");
218
235
  }
219
236
  if (!snapshot.timestamp || typeof snapshot.timestamp !== "string") {
220
- errors.push("timestamp must be a non-empty string");
237
+ schemaErrors.push("timestamp must be a non-empty string");
221
238
  }
222
239
  if (!snapshot.provider || typeof snapshot.provider !== "string") {
223
- errors.push("provider must be a non-empty string");
240
+ schemaErrors.push("provider must be a non-empty string");
224
241
  }
225
242
  if (!snapshot.model || typeof snapshot.model !== "string") {
226
- errors.push("model must be a non-empty string");
243
+ schemaErrors.push("model must be a non-empty string");
227
244
  }
228
245
  if (!snapshot.prompt || typeof snapshot.prompt !== "string") {
229
- errors.push("prompt must be a non-empty string");
246
+ schemaErrors.push("prompt must be a non-empty string");
230
247
  }
231
248
  if (snapshot.input === void 0 || snapshot.input === null) {
232
- errors.push("input must be a string or object");
249
+ schemaErrors.push("input must be a string or object");
233
250
  }
234
251
  if (snapshot.output === void 0 || snapshot.output === null) {
235
- errors.push("output must be a string or object");
252
+ schemaErrors.push("output must be a string or object");
236
253
  }
237
254
  const paramErrors = validateParameters(snapshot.parameters);
238
- errors.push(...paramErrors);
255
+ schemaErrors.push(...paramErrors);
239
256
  if (!snapshot.inputHash || !snapshot.inputHash.startsWith("sha256:")) {
240
- errors.push(`inputHash must start with "sha256:", got "${snapshot.inputHash}"`);
257
+ formatErrors.push(`inputHash must start with "sha256:", got "${snapshot.inputHash}"`);
241
258
  }
242
259
  if (!snapshot.outputHash || !snapshot.outputHash.startsWith("sha256:")) {
243
- errors.push(`outputHash must start with "sha256:", got "${snapshot.outputHash}"`);
260
+ formatErrors.push(`outputHash must start with "sha256:", got "${snapshot.outputHash}"`);
244
261
  }
245
- const expectedInputHash = computeInputHash(snapshot.input);
246
- if (snapshot.inputHash !== expectedInputHash) {
247
- errors.push(`inputHash mismatch: expected ${expectedInputHash}, got ${snapshot.inputHash}`);
262
+ if (formatErrors.length === 0) {
263
+ const expectedInputHash = computeInputHash(snapshot.input);
264
+ if (snapshot.inputHash !== expectedInputHash) {
265
+ inputHashErrors.push(`inputHash mismatch: expected ${expectedInputHash}, got ${snapshot.inputHash}`);
266
+ }
267
+ const expectedOutputHash = computeOutputHash(snapshot.output);
268
+ if (snapshot.outputHash !== expectedOutputHash) {
269
+ outputHashErrors.push(`outputHash mismatch: expected ${expectedOutputHash}, got ${snapshot.outputHash}`);
270
+ }
248
271
  }
249
- const expectedOutputHash = computeOutputHash(snapshot.output);
250
- if (snapshot.outputHash !== expectedOutputHash) {
251
- errors.push(`outputHash mismatch: expected ${expectedOutputHash}, got ${snapshot.outputHash}`);
272
+ const errors = [...schemaErrors, ...formatErrors, ...inputHashErrors, ...outputHashErrors];
273
+ if (errors.length === 0) {
274
+ return { ok: true, errors: [], code: CerVerifyCode.OK };
275
+ }
276
+ let code;
277
+ let details;
278
+ if (schemaErrors.length > 0) {
279
+ code = CerVerifyCode.SCHEMA_ERROR;
280
+ details = schemaErrors;
281
+ } else if (formatErrors.length > 0) {
282
+ code = CerVerifyCode.INVALID_SHA256_FORMAT;
283
+ details = formatErrors;
284
+ } else if (inputHashErrors.length > 0 && outputHashErrors.length > 0) {
285
+ code = CerVerifyCode.SNAPSHOT_HASH_MISMATCH;
286
+ details = [...inputHashErrors, ...outputHashErrors];
287
+ } else if (inputHashErrors.length > 0) {
288
+ code = CerVerifyCode.INPUT_HASH_MISMATCH;
289
+ details = inputHashErrors;
290
+ } else if (outputHashErrors.length > 0) {
291
+ code = CerVerifyCode.OUTPUT_HASH_MISMATCH;
292
+ details = outputHashErrors;
293
+ } else {
294
+ code = CerVerifyCode.UNKNOWN_ERROR;
295
+ details = errors;
252
296
  }
253
- return { ok: errors.length === 0, errors };
297
+ return { ok: false, errors, code, details };
254
298
  }
255
299
 
256
300
  // src/cer.ts
@@ -280,36 +324,80 @@ function sealCer(snapshot, options) {
280
324
  return bundle;
281
325
  }
282
326
  function verifyCer(bundle) {
283
- const errors = [];
327
+ const schemaErrors = [];
328
+ const formatErrors = [];
284
329
  if (bundle.bundleType !== "cer.ai.execution.v1") {
285
- errors.push(`Expected bundleType "cer.ai.execution.v1", got "${bundle.bundleType}"`);
330
+ schemaErrors.push(`Expected bundleType "cer.ai.execution.v1", got "${bundle.bundleType}"`);
286
331
  }
287
332
  if (bundle.version !== "0.1") {
288
- errors.push(`Expected version "0.1", got "${bundle.version}"`);
333
+ schemaErrors.push(`Expected version "0.1", got "${bundle.version}"`);
289
334
  }
290
335
  if (!bundle.createdAt || typeof bundle.createdAt !== "string") {
291
- errors.push("createdAt must be a non-empty string");
336
+ schemaErrors.push("createdAt must be a non-empty string");
292
337
  }
293
338
  if (!bundle.certificateHash || !bundle.certificateHash.startsWith("sha256:")) {
294
- errors.push(`certificateHash must start with "sha256:", got "${bundle.certificateHash}"`);
339
+ formatErrors.push(`certificateHash must start with "sha256:", got "${bundle.certificateHash}"`);
295
340
  }
296
341
  if (!bundle.snapshot) {
297
- errors.push("snapshot is required");
298
- return { ok: false, errors };
342
+ schemaErrors.push("snapshot is required");
343
+ const allErrors = [...schemaErrors, ...formatErrors];
344
+ return { ok: false, errors: allErrors, code: CerVerifyCode.SCHEMA_ERROR, details: schemaErrors };
299
345
  }
300
- const snapshotResult = verifySnapshot(bundle.snapshot);
301
- errors.push(...snapshotResult.errors);
302
- const payload = {
303
- bundleType: "cer.ai.execution.v1",
304
- createdAt: bundle.createdAt,
305
- snapshot: bundle.snapshot,
306
- version: "0.1"
307
- };
308
- const expectedHash = computeCertificateHash(payload);
309
- if (bundle.certificateHash !== expectedHash) {
310
- errors.push(`certificateHash mismatch: expected ${expectedHash}, got ${bundle.certificateHash}`);
346
+ let canonicalizationError = null;
347
+ let snapshotResult = null;
348
+ try {
349
+ snapshotResult = verifySnapshot(bundle.snapshot);
350
+ } catch (err) {
351
+ canonicalizationError = err instanceof Error ? err.message : String(err);
352
+ }
353
+ if (canonicalizationError !== null) {
354
+ const errors2 = [...schemaErrors, ...formatErrors, canonicalizationError];
355
+ return { ok: false, errors: errors2, code: CerVerifyCode.CANONICALIZATION_ERROR, details: [canonicalizationError] };
356
+ }
357
+ const snapshotErrors = snapshotResult.errors;
358
+ const certHashErrors = [];
359
+ try {
360
+ const payload = {
361
+ bundleType: "cer.ai.execution.v1",
362
+ createdAt: bundle.createdAt,
363
+ snapshot: bundle.snapshot,
364
+ version: "0.1"
365
+ };
366
+ const expectedHash = computeCertificateHash(payload);
367
+ if (bundle.certificateHash !== expectedHash) {
368
+ certHashErrors.push(`certificateHash mismatch: expected ${expectedHash}, got ${bundle.certificateHash}`);
369
+ }
370
+ } catch (err) {
371
+ const msg = err instanceof Error ? err.message : String(err);
372
+ const errors2 = [...schemaErrors, ...formatErrors, ...snapshotErrors, msg];
373
+ return { ok: false, errors: errors2, code: CerVerifyCode.CANONICALIZATION_ERROR, details: [msg] };
374
+ }
375
+ const errors = [...schemaErrors, ...formatErrors, ...snapshotErrors, ...certHashErrors];
376
+ if (errors.length === 0) {
377
+ return { ok: true, errors: [], code: CerVerifyCode.OK };
378
+ }
379
+ let code;
380
+ let details;
381
+ if (schemaErrors.length > 0) {
382
+ code = CerVerifyCode.SCHEMA_ERROR;
383
+ details = schemaErrors;
384
+ } else if (formatErrors.length > 0) {
385
+ code = CerVerifyCode.INVALID_SHA256_FORMAT;
386
+ details = formatErrors;
387
+ } else if (certHashErrors.length > 0 && snapshotErrors.length === 0) {
388
+ code = CerVerifyCode.CERTIFICATE_HASH_MISMATCH;
389
+ details = certHashErrors;
390
+ } else if (snapshotResult && snapshotResult.code !== CerVerifyCode.OK) {
391
+ code = snapshotResult.code;
392
+ details = snapshotResult.details ?? snapshotErrors;
393
+ } else if (certHashErrors.length > 0) {
394
+ code = CerVerifyCode.CERTIFICATE_HASH_MISMATCH;
395
+ details = certHashErrors;
396
+ } else {
397
+ code = CerVerifyCode.UNKNOWN_ERROR;
398
+ details = errors;
311
399
  }
312
- return { ok: errors.length === 0, errors };
400
+ return { ok: false, errors, code, details };
313
401
  }
314
402
 
315
403
  // src/certify.ts
@@ -584,6 +672,7 @@ function wrapProvider(config) {
584
672
  0 && (module.exports = {
585
673
  CerAttestationError,
586
674
  CerVerificationError,
675
+ CerVerifyCode,
587
676
  RunBuilder,
588
677
  attest,
589
678
  certifyDecision,
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/canonicalJson.ts","../src/hash.ts","../src/snapshot.ts","../src/cer.ts","../src/certify.ts","../src/run.ts","../src/sanitize.ts","../src/attest.ts","../src/archive.ts","../src/providers/wrap.ts"],"sourcesContent":["export type {\n AiExecutionSnapshotV1,\n AiExecutionParameters,\n CerAiExecutionBundle,\n CerMeta,\n VerificationResult,\n CreateSnapshotParams,\n AttestationResult,\n AttestOptions,\n CertifyDecisionParams,\n RunBuilderOptions,\n StepParams,\n RunSummary,\n ProviderConfig,\n WrappedExecutionParams,\n WrappedExecutionResult,\n} from './types.js';\n\nexport { CerVerificationError, CerAttestationError } from './errors.js';\nexport { toCanonicalJson } from './canonicalJson.js';\nexport { sha256Hex, hashUtf8, hashCanonicalJson, computeInputHash, computeOutputHash } from './hash.js';\nexport { createSnapshot, verifySnapshot } from './snapshot.js';\nexport { sealCer, verifyCer, verifyCer as verify } from './cer.js';\nexport { certifyDecision } from './certify.js';\nexport { RunBuilder } from './run.js';\nexport { attest } from './attest.js';\nexport { exportCer, importCer } from './archive.js';\nexport { wrapProvider } from './providers/wrap.js';\nexport { sanitizeForAttestation, hasAttestation } from './sanitize.js';\n","export class CerVerificationError extends Error {\n public readonly errors: string[];\n\n constructor(errors: string[]) {\n super(`CER verification failed: ${errors.join('; ')}`);\n this.name = 'CerVerificationError';\n this.errors = errors;\n }\n}\n\nexport class CerAttestationError extends Error {\n public readonly statusCode?: number;\n public readonly responseBody?: unknown;\n public readonly details?: string[];\n\n constructor(message: string, statusCode?: number, responseBody?: unknown, details?: string[]) {\n super(message);\n this.name = 'CerAttestationError';\n this.statusCode = statusCode;\n this.responseBody = responseBody;\n this.details = details;\n }\n}\n","export function toCanonicalJson(value: unknown): string {\n return canonicalize(value);\n}\n\nfunction canonicalize(value: unknown): string {\n if (value === null) {\n return 'null';\n }\n\n if (typeof value === 'boolean') {\n return value ? 'true' : 'false';\n }\n\n if (typeof value === 'number') {\n if (!Number.isFinite(value)) {\n throw new Error(`Non-finite number not allowed in canonical JSON: ${value}`);\n }\n return JSON.stringify(value);\n }\n\n if (typeof value === 'string') {\n return JSON.stringify(value);\n }\n\n if (Array.isArray(value)) {\n const items = value.map(item => canonicalize(item));\n return '[' + items.join(',') + ']';\n }\n\n if (typeof value === 'object') {\n const obj = value as Record<string, unknown>;\n const keys = Object.keys(obj).sort();\n const entries = keys.map(key => {\n const val = obj[key];\n if (val === undefined) {\n return null;\n }\n return JSON.stringify(key) + ':' + canonicalize(val);\n }).filter(e => e !== null);\n return '{' + entries.join(',') + '}';\n }\n\n throw new Error(`Unsupported type for canonical JSON: ${typeof value}`);\n}\n","import * as crypto from 'crypto';\nimport { toCanonicalJson } from './canonicalJson.js';\n\nexport function sha256Hex(data: string | Uint8Array): string {\n const hash = crypto.createHash('sha256');\n if (typeof data === 'string') {\n hash.update(data, 'utf-8');\n } else {\n hash.update(data);\n }\n return hash.digest('hex');\n}\n\nexport function hashUtf8(value: string): string {\n return `sha256:${sha256Hex(value)}`;\n}\n\nexport function hashCanonicalJson(value: unknown): string {\n const canonical = toCanonicalJson(value);\n return `sha256:${sha256Hex(canonical)}`;\n}\n\nexport function computeInputHash(input: string | Record<string, unknown>): string {\n if (typeof input === 'string') {\n return hashUtf8(input);\n }\n return hashCanonicalJson(input);\n}\n\nexport function computeOutputHash(output: string | Record<string, unknown>): string {\n if (typeof output === 'string') {\n return hashUtf8(output);\n }\n return hashCanonicalJson(output);\n}\n","import type { AiExecutionSnapshotV1, CreateSnapshotParams, VerificationResult, AiExecutionParameters } from './types.js';\nimport { computeInputHash, computeOutputHash } from './hash.js';\n\nconst PACKAGE_VERSION = '0.4.0';\n\nfunction validateParameters(params: AiExecutionParameters): string[] {\n const errors: string[] = [];\n\n if (typeof params.temperature !== 'number' || !Number.isFinite(params.temperature)) {\n errors.push(`parameters.temperature must be a finite number, got: ${params.temperature}`);\n }\n\n if (typeof params.maxTokens !== 'number' || !Number.isFinite(params.maxTokens)) {\n errors.push(`parameters.maxTokens must be a finite number, got: ${params.maxTokens}`);\n }\n\n if (params.topP !== null && (typeof params.topP !== 'number' || !Number.isFinite(params.topP))) {\n errors.push(`parameters.topP must be a finite number or null, got: ${params.topP}`);\n }\n\n if (params.seed !== null && (typeof params.seed !== 'number' || !Number.isFinite(params.seed))) {\n errors.push(`parameters.seed must be a finite number or null, got: ${params.seed}`);\n }\n\n return errors;\n}\n\nexport function createSnapshot(params: CreateSnapshotParams): AiExecutionSnapshotV1 {\n const paramErrors = validateParameters(params.parameters);\n if (paramErrors.length > 0) {\n throw new Error(`Invalid parameters: ${paramErrors.join('; ')}`);\n }\n\n const inputHash = computeInputHash(params.input);\n const outputHash = computeOutputHash(params.output);\n\n const snapshot: AiExecutionSnapshotV1 = {\n type: 'ai.execution.v1',\n protocolVersion: '1.2.0',\n executionSurface: 'ai',\n executionId: params.executionId,\n timestamp: params.timestamp ?? new Date().toISOString(),\n provider: params.provider,\n model: params.model,\n modelVersion: params.modelVersion ?? null,\n prompt: params.prompt,\n input: params.input,\n inputHash,\n parameters: {\n temperature: params.parameters.temperature,\n maxTokens: params.parameters.maxTokens,\n topP: params.parameters.topP ?? null,\n seed: params.parameters.seed ?? null,\n },\n output: params.output,\n outputHash,\n sdkVersion: params.sdkVersion ?? PACKAGE_VERSION,\n appId: params.appId ?? null,\n };\n\n if (params.runId !== undefined) snapshot.runId = params.runId ?? null;\n if (params.stepId !== undefined) snapshot.stepId = params.stepId ?? null;\n if (params.stepIndex !== undefined) snapshot.stepIndex = params.stepIndex ?? null;\n if (params.workflowId !== undefined) snapshot.workflowId = params.workflowId ?? null;\n if (params.conversationId !== undefined) snapshot.conversationId = params.conversationId ?? null;\n if (params.prevStepHash !== undefined) snapshot.prevStepHash = params.prevStepHash ?? null;\n\n return snapshot;\n}\n\nexport function verifySnapshot(snapshot: AiExecutionSnapshotV1): VerificationResult {\n const errors: string[] = [];\n\n if (snapshot.type !== 'ai.execution.v1') {\n errors.push(`Expected type \"ai.execution.v1\", got \"${snapshot.type}\"`);\n }\n\n if (snapshot.protocolVersion !== '1.2.0') {\n errors.push(`Expected protocolVersion \"1.2.0\", got \"${snapshot.protocolVersion}\"`);\n }\n\n if (snapshot.executionSurface !== 'ai') {\n errors.push(`Expected executionSurface \"ai\", got \"${snapshot.executionSurface}\"`);\n }\n\n if (!snapshot.executionId || typeof snapshot.executionId !== 'string') {\n errors.push('executionId must be a non-empty string');\n }\n\n if (!snapshot.timestamp || typeof snapshot.timestamp !== 'string') {\n errors.push('timestamp must be a non-empty string');\n }\n\n if (!snapshot.provider || typeof snapshot.provider !== 'string') {\n errors.push('provider must be a non-empty string');\n }\n\n if (!snapshot.model || typeof snapshot.model !== 'string') {\n errors.push('model must be a non-empty string');\n }\n\n if (!snapshot.prompt || typeof snapshot.prompt !== 'string') {\n errors.push('prompt must be a non-empty string');\n }\n\n if (snapshot.input === undefined || snapshot.input === null) {\n errors.push('input must be a string or object');\n }\n\n if (snapshot.output === undefined || snapshot.output === null) {\n errors.push('output must be a string or object');\n }\n\n const paramErrors = validateParameters(snapshot.parameters);\n errors.push(...paramErrors);\n\n if (!snapshot.inputHash || !snapshot.inputHash.startsWith('sha256:')) {\n errors.push(`inputHash must start with \"sha256:\", got \"${snapshot.inputHash}\"`);\n }\n\n if (!snapshot.outputHash || !snapshot.outputHash.startsWith('sha256:')) {\n errors.push(`outputHash must start with \"sha256:\", got \"${snapshot.outputHash}\"`);\n }\n\n const expectedInputHash = computeInputHash(snapshot.input);\n if (snapshot.inputHash !== expectedInputHash) {\n errors.push(`inputHash mismatch: expected ${expectedInputHash}, got ${snapshot.inputHash}`);\n }\n\n const expectedOutputHash = computeOutputHash(snapshot.output);\n if (snapshot.outputHash !== expectedOutputHash) {\n errors.push(`outputHash mismatch: expected ${expectedOutputHash}, got ${snapshot.outputHash}`);\n }\n\n return { ok: errors.length === 0, errors };\n}\n","import type { AiExecutionSnapshotV1, CerAiExecutionBundle, CerMeta, VerificationResult } from './types.js';\nimport { toCanonicalJson } from './canonicalJson.js';\nimport { sha256Hex } from './hash.js';\nimport { verifySnapshot } from './snapshot.js';\n\ninterface CertificatePayload {\n bundleType: 'cer.ai.execution.v1';\n createdAt: string;\n snapshot: AiExecutionSnapshotV1;\n version: '0.1';\n}\n\nfunction computeCertificateHash(payload: CertificatePayload): string {\n const canonical = toCanonicalJson(payload);\n return `sha256:${sha256Hex(canonical)}`;\n}\n\nexport function sealCer(\n snapshot: AiExecutionSnapshotV1,\n options?: { createdAt?: string; meta?: CerMeta }\n): CerAiExecutionBundle {\n const createdAt = options?.createdAt ?? new Date().toISOString();\n\n const payload: CertificatePayload = {\n bundleType: 'cer.ai.execution.v1',\n createdAt,\n snapshot,\n version: '0.1',\n };\n\n const certificateHash = computeCertificateHash(payload);\n\n const bundle: CerAiExecutionBundle = {\n bundleType: 'cer.ai.execution.v1',\n certificateHash,\n createdAt,\n version: '0.1',\n snapshot,\n };\n\n if (options?.meta) {\n bundle.meta = options.meta;\n }\n\n return bundle;\n}\n\nexport function verifyCer(bundle: CerAiExecutionBundle): VerificationResult {\n const errors: string[] = [];\n\n if (bundle.bundleType !== 'cer.ai.execution.v1') {\n errors.push(`Expected bundleType \"cer.ai.execution.v1\", got \"${bundle.bundleType}\"`);\n }\n\n if (bundle.version !== '0.1') {\n errors.push(`Expected version \"0.1\", got \"${bundle.version}\"`);\n }\n\n if (!bundle.createdAt || typeof bundle.createdAt !== 'string') {\n errors.push('createdAt must be a non-empty string');\n }\n\n if (!bundle.certificateHash || !bundle.certificateHash.startsWith('sha256:')) {\n errors.push(`certificateHash must start with \"sha256:\", got \"${bundle.certificateHash}\"`);\n }\n\n if (!bundle.snapshot) {\n errors.push('snapshot is required');\n return { ok: false, errors };\n }\n\n const snapshotResult = verifySnapshot(bundle.snapshot);\n errors.push(...snapshotResult.errors);\n\n const payload: CertificatePayload = {\n bundleType: 'cer.ai.execution.v1',\n createdAt: bundle.createdAt,\n snapshot: bundle.snapshot,\n version: '0.1',\n };\n\n const expectedHash = computeCertificateHash(payload);\n if (bundle.certificateHash !== expectedHash) {\n errors.push(`certificateHash mismatch: expected ${expectedHash}, got ${bundle.certificateHash}`);\n }\n\n return { ok: errors.length === 0, errors };\n}\n","import * as crypto from 'crypto';\nimport type { CerAiExecutionBundle, CertifyDecisionParams } from './types.js';\nimport { createSnapshot } from './snapshot.js';\nimport { sealCer } from './cer.js';\n\nexport function certifyDecision(params: CertifyDecisionParams): CerAiExecutionBundle {\n const executionId = params.executionId ?? crypto.randomUUID();\n\n const snapshot = createSnapshot({\n executionId,\n timestamp: params.timestamp,\n provider: params.provider,\n model: params.model,\n modelVersion: params.modelVersion,\n prompt: params.prompt,\n input: params.input,\n parameters: params.parameters,\n output: params.output,\n sdkVersion: params.sdkVersion,\n appId: params.appId,\n runId: params.runId,\n stepId: params.stepId,\n stepIndex: params.stepIndex,\n workflowId: params.workflowId,\n conversationId: params.conversationId,\n prevStepHash: params.prevStepHash,\n });\n\n return sealCer(snapshot, { meta: params.meta });\n}\n","import * as crypto from 'crypto';\nimport type {\n CerAiExecutionBundle,\n RunBuilderOptions,\n StepParams,\n RunSummary,\n} from './types.js';\nimport { createSnapshot } from './snapshot.js';\nimport { sealCer } from './cer.js';\n\nexport class RunBuilder {\n private readonly runId: string;\n private readonly workflowId: string | null;\n private readonly conversationId: string | null;\n private readonly appId: string | null;\n private stepIndex: number = 0;\n private prevStepHash: string | null = null;\n private steps: RunSummary['steps'] = [];\n\n constructor(options?: RunBuilderOptions) {\n this.runId = options?.runId ?? crypto.randomUUID();\n this.workflowId = options?.workflowId ?? null;\n this.conversationId = options?.conversationId ?? null;\n this.appId = options?.appId ?? null;\n }\n\n step(params: StepParams): CerAiExecutionBundle {\n const stepId = params.stepId ?? crypto.randomUUID();\n const executionId = `${this.runId}-step-${this.stepIndex}`;\n\n const snapshot = createSnapshot({\n executionId,\n timestamp: params.timestamp,\n provider: params.provider,\n model: params.model,\n modelVersion: params.modelVersion,\n prompt: params.prompt,\n input: params.input,\n parameters: params.parameters,\n output: params.output,\n appId: this.appId,\n runId: this.runId,\n stepId,\n stepIndex: this.stepIndex,\n workflowId: this.workflowId,\n conversationId: this.conversationId,\n prevStepHash: this.prevStepHash,\n });\n\n const bundle = sealCer(snapshot, { meta: params.meta });\n\n this.steps.push({\n stepIndex: this.stepIndex,\n stepId,\n executionId,\n certificateHash: bundle.certificateHash,\n prevStepHash: this.prevStepHash,\n });\n\n this.prevStepHash = bundle.certificateHash;\n this.stepIndex++;\n\n return bundle;\n }\n\n finalize(): RunSummary {\n return {\n runId: this.runId,\n workflowId: this.workflowId,\n conversationId: this.conversationId,\n stepCount: this.steps.length,\n steps: [...this.steps],\n finalStepHash: this.prevStepHash,\n };\n }\n}\n","import type { CerAiExecutionBundle } from './types.js';\n\nfunction deepRemoveUndefined(value: unknown): unknown {\n if (value === null || value === undefined) return value;\n\n if (typeof value === 'bigint') {\n throw new Error('BigInt values are not JSON-safe and cannot be sanitized');\n }\n if (typeof value === 'function') {\n throw new Error('Function values are not JSON-safe and cannot be sanitized');\n }\n if (typeof value === 'symbol') {\n throw new Error('Symbol values are not JSON-safe and cannot be sanitized');\n }\n\n if (Array.isArray(value)) {\n return value.map(deepRemoveUndefined);\n }\n\n if (typeof value === 'object') {\n const result: Record<string, unknown> = {};\n for (const [key, val] of Object.entries(value as Record<string, unknown>)) {\n if (val === undefined) continue;\n result[key] = deepRemoveUndefined(val);\n }\n return result;\n }\n\n return value;\n}\n\nexport function sanitizeForAttestation(bundle: CerAiExecutionBundle): CerAiExecutionBundle {\n return deepRemoveUndefined(bundle) as CerAiExecutionBundle;\n}\n\nexport function hasAttestation(bundle: unknown): boolean {\n if (typeof bundle !== 'object' || bundle === null) return false;\n const b = bundle as Record<string, unknown>;\n\n if (typeof b.attestationId === 'string' && b.attestationId.length > 0) return true;\n if (typeof b.nodeRuntimeHash === 'string' && b.nodeRuntimeHash.length > 0) return true;\n\n if (typeof b.attestation === 'object' && b.attestation !== null) {\n const att = b.attestation as Record<string, unknown>;\n if (typeof att.attestationId === 'string' && att.attestationId.length > 0) return true;\n if (typeof att.nodeRuntimeHash === 'string' && att.nodeRuntimeHash.length > 0) return true;\n }\n\n return false;\n}\n","import type { CerAiExecutionBundle, AttestationResult, AttestOptions } from './types.js';\nimport { CerAttestationError } from './errors.js';\nimport { sanitizeForAttestation } from './sanitize.js';\n\nconst SHA256_PATTERN = /^sha256:[0-9a-f]{64}$/;\nconst DEFAULT_TIMEOUT_MS = 10_000;\n\nfunction validateHashFormat(value: unknown, fieldName: string): string | null {\n if (typeof value !== 'string') return null;\n if (!SHA256_PATTERN.test(value)) {\n return `${fieldName} is not in sha256:<64hex> format: \"${value}\"`;\n }\n return null;\n}\n\nexport async function attest(\n bundle: CerAiExecutionBundle,\n options: AttestOptions,\n): Promise<AttestationResult> {\n const url = `${options.nodeUrl.replace(/\\/+$/, '')}/api/attest`;\n const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const sanitized = sanitizeForAttestation(bundle);\n\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), timeoutMs);\n\n let response: Response;\n try {\n response = await fetch(url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${options.apiKey}`,\n },\n body: JSON.stringify(sanitized),\n signal: controller.signal,\n });\n } catch (err) {\n clearTimeout(timer);\n const error = err as Error;\n if (error.name === 'AbortError') {\n throw new CerAttestationError(\n `Attestation request timed out after ${timeoutMs}ms`,\n );\n }\n throw new CerAttestationError(\n `Network error contacting attestation node: ${error.message}`,\n );\n } finally {\n clearTimeout(timer);\n }\n\n let body: unknown;\n try {\n body = await response.json();\n } catch {\n const text = await response.text().catch(() => '');\n throw new CerAttestationError(\n `Attestation node returned non-JSON response (${response.status}): ${text}`,\n response.status,\n );\n }\n\n if (!response.ok) {\n const result = body as Record<string, unknown>;\n const msg = typeof result.error === 'string'\n ? result.error\n : `HTTP ${response.status}`;\n const details = Array.isArray(result.details) ? result.details as string[] : undefined;\n throw new CerAttestationError(\n `Attestation failed: ${msg}`,\n response.status,\n body,\n details,\n );\n }\n\n const result = body as Record<string, unknown>;\n const errors: string[] = [];\n\n if (typeof result.certificateHash === 'string' && result.certificateHash !== bundle.certificateHash) {\n errors.push(\n `Node returned certificateHash \"${result.certificateHash}\" but bundle has \"${bundle.certificateHash}\"`,\n );\n }\n\n const certHashErr = validateHashFormat(result.certificateHash, 'response.certificateHash');\n if (certHashErr) errors.push(certHashErr);\n\n const runtimeHashErr = validateHashFormat(result.nodeRuntimeHash, 'response.nodeRuntimeHash');\n if (runtimeHashErr) errors.push(runtimeHashErr);\n\n if (errors.length > 0) {\n throw new CerAttestationError(\n `Attestation response validation failed: ${errors.join('; ')}`,\n response.status,\n body,\n errors,\n );\n }\n\n return {\n ok: true,\n attestationId: typeof result.attestationId === 'string' ? result.attestationId : undefined,\n nodeRuntimeHash: typeof result.nodeRuntimeHash === 'string' ? result.nodeRuntimeHash : undefined,\n certificateHash: typeof result.certificateHash === 'string' ? result.certificateHash : undefined,\n protocolVersion: typeof result.protocolVersion === 'string' ? result.protocolVersion : undefined,\n raw: body,\n };\n}\n","import type { CerAiExecutionBundle } from './types.js';\nimport { toCanonicalJson } from './canonicalJson.js';\nimport { verifyCer } from './cer.js';\nimport { CerVerificationError } from './errors.js';\n\nexport function exportCer(bundle: CerAiExecutionBundle): string {\n return toCanonicalJson(bundle);\n}\n\nexport function importCer(json: string): CerAiExecutionBundle {\n let parsed: unknown;\n try {\n parsed = JSON.parse(json);\n } catch (err) {\n throw new CerVerificationError([`Invalid JSON: ${(err as Error).message}`]);\n }\n\n const bundle = parsed as CerAiExecutionBundle;\n\n if (!bundle || typeof bundle !== 'object') {\n throw new CerVerificationError(['Parsed value is not an object']);\n }\n\n if (bundle.bundleType !== 'cer.ai.execution.v1') {\n throw new CerVerificationError([`Expected bundleType \"cer.ai.execution.v1\", got \"${bundle.bundleType}\"`]);\n }\n\n const result = verifyCer(bundle);\n if (!result.ok) {\n throw new CerVerificationError(result.errors);\n }\n\n return bundle;\n}\n","import * as crypto from 'crypto';\nimport type {\n ProviderConfig,\n WrappedExecutionParams,\n WrappedExecutionResult,\n} from '../types.js';\nimport { createSnapshot } from '../snapshot.js';\nimport { sealCer } from '../cer.js';\n\nexport function wrapProvider<TInput = unknown, TOutput = unknown>(\n config: ProviderConfig<TInput, TOutput>,\n) {\n return {\n async execute(params: WrappedExecutionParams & { providerInput: TInput }): Promise<WrappedExecutionResult> {\n const raw = await config.callFn(params.providerInput);\n const output = config.extractOutput(raw);\n const modelVersion = config.extractModelVersion\n ? config.extractModelVersion(raw)\n : (params.modelVersion ?? null);\n\n const snapshot = createSnapshot({\n executionId: params.executionId ?? crypto.randomUUID(),\n provider: config.provider,\n model: params.model,\n modelVersion,\n prompt: params.prompt,\n input: params.input,\n parameters: params.parameters,\n output,\n appId: params.appId,\n });\n\n const bundle = sealCer(snapshot, { meta: params.meta });\n\n return { output, snapshot, bundle };\n },\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAO,IAAM,uBAAN,cAAmC,MAAM;AAAA,EAC9B;AAAA,EAEhB,YAAY,QAAkB;AAC5B,UAAM,4BAA4B,OAAO,KAAK,IAAI,CAAC,EAAE;AACrD,SAAK,OAAO;AACZ,SAAK,SAAS;AAAA,EAChB;AACF;AAEO,IAAM,sBAAN,cAAkC,MAAM;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EAEhB,YAAY,SAAiB,YAAqB,cAAwB,SAAoB;AAC5F,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,eAAe;AACpB,SAAK,UAAU;AAAA,EACjB;AACF;;;ACtBO,SAAS,gBAAgB,OAAwB;AACtD,SAAO,aAAa,KAAK;AAC3B;AAEA,SAAS,aAAa,OAAwB;AAC5C,MAAI,UAAU,MAAM;AAClB,WAAO;AAAA,EACT;AAEA,MAAI,OAAO,UAAU,WAAW;AAC9B,WAAO,QAAQ,SAAS;AAAA,EAC1B;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,QAAI,CAAC,OAAO,SAAS,KAAK,GAAG;AAC3B,YAAM,IAAI,MAAM,oDAAoD,KAAK,EAAE;AAAA,IAC7E;AACA,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,UAAM,QAAQ,MAAM,IAAI,UAAQ,aAAa,IAAI,CAAC;AAClD,WAAO,MAAM,MAAM,KAAK,GAAG,IAAI;AAAA,EACjC;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,MAAM;AACZ,UAAM,OAAO,OAAO,KAAK,GAAG,EAAE,KAAK;AACnC,UAAM,UAAU,KAAK,IAAI,SAAO;AAC9B,YAAM,MAAM,IAAI,GAAG;AACnB,UAAI,QAAQ,QAAW;AACrB,eAAO;AAAA,MACT;AACA,aAAO,KAAK,UAAU,GAAG,IAAI,MAAM,aAAa,GAAG;AAAA,IACrD,CAAC,EAAE,OAAO,OAAK,MAAM,IAAI;AACzB,WAAO,MAAM,QAAQ,KAAK,GAAG,IAAI;AAAA,EACnC;AAEA,QAAM,IAAI,MAAM,wCAAwC,OAAO,KAAK,EAAE;AACxE;;;AC3CA,aAAwB;AAGjB,SAAS,UAAU,MAAmC;AAC3D,QAAM,OAAc,kBAAW,QAAQ;AACvC,MAAI,OAAO,SAAS,UAAU;AAC5B,SAAK,OAAO,MAAM,OAAO;AAAA,EAC3B,OAAO;AACL,SAAK,OAAO,IAAI;AAAA,EAClB;AACA,SAAO,KAAK,OAAO,KAAK;AAC1B;AAEO,SAAS,SAAS,OAAuB;AAC9C,SAAO,UAAU,UAAU,KAAK,CAAC;AACnC;AAEO,SAAS,kBAAkB,OAAwB;AACxD,QAAM,YAAY,gBAAgB,KAAK;AACvC,SAAO,UAAU,UAAU,SAAS,CAAC;AACvC;AAEO,SAAS,iBAAiB,OAAiD;AAChF,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,SAAS,KAAK;AAAA,EACvB;AACA,SAAO,kBAAkB,KAAK;AAChC;AAEO,SAAS,kBAAkB,QAAkD;AAClF,MAAI,OAAO,WAAW,UAAU;AAC9B,WAAO,SAAS,MAAM;AAAA,EACxB;AACA,SAAO,kBAAkB,MAAM;AACjC;;;AC/BA,IAAM,kBAAkB;AAExB,SAAS,mBAAmB,QAAyC;AACnE,QAAM,SAAmB,CAAC;AAE1B,MAAI,OAAO,OAAO,gBAAgB,YAAY,CAAC,OAAO,SAAS,OAAO,WAAW,GAAG;AAClF,WAAO,KAAK,wDAAwD,OAAO,WAAW,EAAE;AAAA,EAC1F;AAEA,MAAI,OAAO,OAAO,cAAc,YAAY,CAAC,OAAO,SAAS,OAAO,SAAS,GAAG;AAC9E,WAAO,KAAK,sDAAsD,OAAO,SAAS,EAAE;AAAA,EACtF;AAEA,MAAI,OAAO,SAAS,SAAS,OAAO,OAAO,SAAS,YAAY,CAAC,OAAO,SAAS,OAAO,IAAI,IAAI;AAC9F,WAAO,KAAK,yDAAyD,OAAO,IAAI,EAAE;AAAA,EACpF;AAEA,MAAI,OAAO,SAAS,SAAS,OAAO,OAAO,SAAS,YAAY,CAAC,OAAO,SAAS,OAAO,IAAI,IAAI;AAC9F,WAAO,KAAK,yDAAyD,OAAO,IAAI,EAAE;AAAA,EACpF;AAEA,SAAO;AACT;AAEO,SAAS,eAAe,QAAqD;AAClF,QAAM,cAAc,mBAAmB,OAAO,UAAU;AACxD,MAAI,YAAY,SAAS,GAAG;AAC1B,UAAM,IAAI,MAAM,uBAAuB,YAAY,KAAK,IAAI,CAAC,EAAE;AAAA,EACjE;AAEA,QAAM,YAAY,iBAAiB,OAAO,KAAK;AAC/C,QAAM,aAAa,kBAAkB,OAAO,MAAM;AAElD,QAAM,WAAkC;AAAA,IACtC,MAAM;AAAA,IACN,iBAAiB;AAAA,IACjB,kBAAkB;AAAA,IAClB,aAAa,OAAO;AAAA,IACpB,WAAW,OAAO,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACtD,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO;AAAA,IACd,cAAc,OAAO,gBAAgB;AAAA,IACrC,QAAQ,OAAO;AAAA,IACf,OAAO,OAAO;AAAA,IACd;AAAA,IACA,YAAY;AAAA,MACV,aAAa,OAAO,WAAW;AAAA,MAC/B,WAAW,OAAO,WAAW;AAAA,MAC7B,MAAM,OAAO,WAAW,QAAQ;AAAA,MAChC,MAAM,OAAO,WAAW,QAAQ;AAAA,IAClC;AAAA,IACA,QAAQ,OAAO;AAAA,IACf;AAAA,IACA,YAAY,OAAO,cAAc;AAAA,IACjC,OAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAI,OAAO,UAAU,OAAW,UAAS,QAAQ,OAAO,SAAS;AACjE,MAAI,OAAO,WAAW,OAAW,UAAS,SAAS,OAAO,UAAU;AACpE,MAAI,OAAO,cAAc,OAAW,UAAS,YAAY,OAAO,aAAa;AAC7E,MAAI,OAAO,eAAe,OAAW,UAAS,aAAa,OAAO,cAAc;AAChF,MAAI,OAAO,mBAAmB,OAAW,UAAS,iBAAiB,OAAO,kBAAkB;AAC5F,MAAI,OAAO,iBAAiB,OAAW,UAAS,eAAe,OAAO,gBAAgB;AAEtF,SAAO;AACT;AAEO,SAAS,eAAe,UAAqD;AAClF,QAAM,SAAmB,CAAC;AAE1B,MAAI,SAAS,SAAS,mBAAmB;AACvC,WAAO,KAAK,yCAAyC,SAAS,IAAI,GAAG;AAAA,EACvE;AAEA,MAAI,SAAS,oBAAoB,SAAS;AACxC,WAAO,KAAK,0CAA0C,SAAS,eAAe,GAAG;AAAA,EACnF;AAEA,MAAI,SAAS,qBAAqB,MAAM;AACtC,WAAO,KAAK,wCAAwC,SAAS,gBAAgB,GAAG;AAAA,EAClF;AAEA,MAAI,CAAC,SAAS,eAAe,OAAO,SAAS,gBAAgB,UAAU;AACrE,WAAO,KAAK,wCAAwC;AAAA,EACtD;AAEA,MAAI,CAAC,SAAS,aAAa,OAAO,SAAS,cAAc,UAAU;AACjE,WAAO,KAAK,sCAAsC;AAAA,EACpD;AAEA,MAAI,CAAC,SAAS,YAAY,OAAO,SAAS,aAAa,UAAU;AAC/D,WAAO,KAAK,qCAAqC;AAAA,EACnD;AAEA,MAAI,CAAC,SAAS,SAAS,OAAO,SAAS,UAAU,UAAU;AACzD,WAAO,KAAK,kCAAkC;AAAA,EAChD;AAEA,MAAI,CAAC,SAAS,UAAU,OAAO,SAAS,WAAW,UAAU;AAC3D,WAAO,KAAK,mCAAmC;AAAA,EACjD;AAEA,MAAI,SAAS,UAAU,UAAa,SAAS,UAAU,MAAM;AAC3D,WAAO,KAAK,kCAAkC;AAAA,EAChD;AAEA,MAAI,SAAS,WAAW,UAAa,SAAS,WAAW,MAAM;AAC7D,WAAO,KAAK,mCAAmC;AAAA,EACjD;AAEA,QAAM,cAAc,mBAAmB,SAAS,UAAU;AAC1D,SAAO,KAAK,GAAG,WAAW;AAE1B,MAAI,CAAC,SAAS,aAAa,CAAC,SAAS,UAAU,WAAW,SAAS,GAAG;AACpE,WAAO,KAAK,6CAA6C,SAAS,SAAS,GAAG;AAAA,EAChF;AAEA,MAAI,CAAC,SAAS,cAAc,CAAC,SAAS,WAAW,WAAW,SAAS,GAAG;AACtE,WAAO,KAAK,8CAA8C,SAAS,UAAU,GAAG;AAAA,EAClF;AAEA,QAAM,oBAAoB,iBAAiB,SAAS,KAAK;AACzD,MAAI,SAAS,cAAc,mBAAmB;AAC5C,WAAO,KAAK,gCAAgC,iBAAiB,SAAS,SAAS,SAAS,EAAE;AAAA,EAC5F;AAEA,QAAM,qBAAqB,kBAAkB,SAAS,MAAM;AAC5D,MAAI,SAAS,eAAe,oBAAoB;AAC9C,WAAO,KAAK,iCAAiC,kBAAkB,SAAS,SAAS,UAAU,EAAE;AAAA,EAC/F;AAEA,SAAO,EAAE,IAAI,OAAO,WAAW,GAAG,OAAO;AAC3C;;;AC3HA,SAAS,uBAAuB,SAAqC;AACnE,QAAM,YAAY,gBAAgB,OAAO;AACzC,SAAO,UAAU,UAAU,SAAS,CAAC;AACvC;AAEO,SAAS,QACd,UACA,SACsB;AACtB,QAAM,YAAY,SAAS,cAAa,oBAAI,KAAK,GAAE,YAAY;AAE/D,QAAM,UAA8B;AAAA,IAClC,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX;AAEA,QAAM,kBAAkB,uBAAuB,OAAO;AAEtD,QAAM,SAA+B;AAAA,IACnC,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,EACF;AAEA,MAAI,SAAS,MAAM;AACjB,WAAO,OAAO,QAAQ;AAAA,EACxB;AAEA,SAAO;AACT;AAEO,SAAS,UAAU,QAAkD;AAC1E,QAAM,SAAmB,CAAC;AAE1B,MAAI,OAAO,eAAe,uBAAuB;AAC/C,WAAO,KAAK,mDAAmD,OAAO,UAAU,GAAG;AAAA,EACrF;AAEA,MAAI,OAAO,YAAY,OAAO;AAC5B,WAAO,KAAK,gCAAgC,OAAO,OAAO,GAAG;AAAA,EAC/D;AAEA,MAAI,CAAC,OAAO,aAAa,OAAO,OAAO,cAAc,UAAU;AAC7D,WAAO,KAAK,sCAAsC;AAAA,EACpD;AAEA,MAAI,CAAC,OAAO,mBAAmB,CAAC,OAAO,gBAAgB,WAAW,SAAS,GAAG;AAC5E,WAAO,KAAK,mDAAmD,OAAO,eAAe,GAAG;AAAA,EAC1F;AAEA,MAAI,CAAC,OAAO,UAAU;AACpB,WAAO,KAAK,sBAAsB;AAClC,WAAO,EAAE,IAAI,OAAO,OAAO;AAAA,EAC7B;AAEA,QAAM,iBAAiB,eAAe,OAAO,QAAQ;AACrD,SAAO,KAAK,GAAG,eAAe,MAAM;AAEpC,QAAM,UAA8B;AAAA,IAClC,YAAY;AAAA,IACZ,WAAW,OAAO;AAAA,IAClB,UAAU,OAAO;AAAA,IACjB,SAAS;AAAA,EACX;AAEA,QAAM,eAAe,uBAAuB,OAAO;AACnD,MAAI,OAAO,oBAAoB,cAAc;AAC3C,WAAO,KAAK,sCAAsC,YAAY,SAAS,OAAO,eAAe,EAAE;AAAA,EACjG;AAEA,SAAO,EAAE,IAAI,OAAO,WAAW,GAAG,OAAO;AAC3C;;;ACvFA,IAAAA,UAAwB;AAKjB,SAAS,gBAAgB,QAAqD;AACnF,QAAM,cAAc,OAAO,eAAsB,mBAAW;AAE5D,QAAM,WAAW,eAAe;AAAA,IAC9B;AAAA,IACA,WAAW,OAAO;AAAA,IAClB,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO;AAAA,IACd,cAAc,OAAO;AAAA,IACrB,QAAQ,OAAO;AAAA,IACf,OAAO,OAAO;AAAA,IACd,YAAY,OAAO;AAAA,IACnB,QAAQ,OAAO;AAAA,IACf,YAAY,OAAO;AAAA,IACnB,OAAO,OAAO;AAAA,IACd,OAAO,OAAO;AAAA,IACd,QAAQ,OAAO;AAAA,IACf,WAAW,OAAO;AAAA,IAClB,YAAY,OAAO;AAAA,IACnB,gBAAgB,OAAO;AAAA,IACvB,cAAc,OAAO;AAAA,EACvB,CAAC;AAED,SAAO,QAAQ,UAAU,EAAE,MAAM,OAAO,KAAK,CAAC;AAChD;;;AC7BA,IAAAC,UAAwB;AAUjB,IAAM,aAAN,MAAiB;AAAA,EACL;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACT,YAAoB;AAAA,EACpB,eAA8B;AAAA,EAC9B,QAA6B,CAAC;AAAA,EAEtC,YAAY,SAA6B;AACvC,SAAK,QAAQ,SAAS,SAAgB,mBAAW;AACjD,SAAK,aAAa,SAAS,cAAc;AACzC,SAAK,iBAAiB,SAAS,kBAAkB;AACjD,SAAK,QAAQ,SAAS,SAAS;AAAA,EACjC;AAAA,EAEA,KAAK,QAA0C;AAC7C,UAAM,SAAS,OAAO,UAAiB,mBAAW;AAClD,UAAM,cAAc,GAAG,KAAK,KAAK,SAAS,KAAK,SAAS;AAExD,UAAM,WAAW,eAAe;AAAA,MAC9B;AAAA,MACA,WAAW,OAAO;AAAA,MAClB,UAAU,OAAO;AAAA,MACjB,OAAO,OAAO;AAAA,MACd,cAAc,OAAO;AAAA,MACrB,QAAQ,OAAO;AAAA,MACf,OAAO,OAAO;AAAA,MACd,YAAY,OAAO;AAAA,MACnB,QAAQ,OAAO;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,OAAO,KAAK;AAAA,MACZ;AAAA,MACA,WAAW,KAAK;AAAA,MAChB,YAAY,KAAK;AAAA,MACjB,gBAAgB,KAAK;AAAA,MACrB,cAAc,KAAK;AAAA,IACrB,CAAC;AAED,UAAM,SAAS,QAAQ,UAAU,EAAE,MAAM,OAAO,KAAK,CAAC;AAEtD,SAAK,MAAM,KAAK;AAAA,MACd,WAAW,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,MACA,iBAAiB,OAAO;AAAA,MACxB,cAAc,KAAK;AAAA,IACrB,CAAC;AAED,SAAK,eAAe,OAAO;AAC3B,SAAK;AAEL,WAAO;AAAA,EACT;AAAA,EAEA,WAAuB;AACrB,WAAO;AAAA,MACL,OAAO,KAAK;AAAA,MACZ,YAAY,KAAK;AAAA,MACjB,gBAAgB,KAAK;AAAA,MACrB,WAAW,KAAK,MAAM;AAAA,MACtB,OAAO,CAAC,GAAG,KAAK,KAAK;AAAA,MACrB,eAAe,KAAK;AAAA,IACtB;AAAA,EACF;AACF;;;ACzEA,SAAS,oBAAoB,OAAyB;AACpD,MAAI,UAAU,QAAQ,UAAU,OAAW,QAAO;AAElD,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,IAAI,MAAM,yDAAyD;AAAA,EAC3E;AACA,MAAI,OAAO,UAAU,YAAY;AAC/B,UAAM,IAAI,MAAM,2DAA2D;AAAA,EAC7E;AACA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,IAAI,MAAM,yDAAyD;AAAA,EAC3E;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,IAAI,mBAAmB;AAAA,EACtC;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,SAAkC,CAAC;AACzC,eAAW,CAAC,KAAK,GAAG,KAAK,OAAO,QAAQ,KAAgC,GAAG;AACzE,UAAI,QAAQ,OAAW;AACvB,aAAO,GAAG,IAAI,oBAAoB,GAAG;AAAA,IACvC;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAEO,SAAS,uBAAuB,QAAoD;AACzF,SAAO,oBAAoB,MAAM;AACnC;AAEO,SAAS,eAAe,QAA0B;AACvD,MAAI,OAAO,WAAW,YAAY,WAAW,KAAM,QAAO;AAC1D,QAAM,IAAI;AAEV,MAAI,OAAO,EAAE,kBAAkB,YAAY,EAAE,cAAc,SAAS,EAAG,QAAO;AAC9E,MAAI,OAAO,EAAE,oBAAoB,YAAY,EAAE,gBAAgB,SAAS,EAAG,QAAO;AAElF,MAAI,OAAO,EAAE,gBAAgB,YAAY,EAAE,gBAAgB,MAAM;AAC/D,UAAM,MAAM,EAAE;AACd,QAAI,OAAO,IAAI,kBAAkB,YAAY,IAAI,cAAc,SAAS,EAAG,QAAO;AAClF,QAAI,OAAO,IAAI,oBAAoB,YAAY,IAAI,gBAAgB,SAAS,EAAG,QAAO;AAAA,EACxF;AAEA,SAAO;AACT;;;AC7CA,IAAM,iBAAiB;AACvB,IAAM,qBAAqB;AAE3B,SAAS,mBAAmB,OAAgB,WAAkC;AAC5E,MAAI,OAAO,UAAU,SAAU,QAAO;AACtC,MAAI,CAAC,eAAe,KAAK,KAAK,GAAG;AAC/B,WAAO,GAAG,SAAS,sCAAsC,KAAK;AAAA,EAChE;AACA,SAAO;AACT;AAEA,eAAsB,OACpB,QACA,SAC4B;AAC5B,QAAM,MAAM,GAAG,QAAQ,QAAQ,QAAQ,QAAQ,EAAE,CAAC;AAClD,QAAM,YAAY,QAAQ,aAAa;AACvC,QAAM,YAAY,uBAAuB,MAAM;AAE/C,QAAM,aAAa,IAAI,gBAAgB;AACvC,QAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAE5D,MAAI;AACJ,MAAI;AACF,eAAW,MAAM,MAAM,KAAK;AAAA,MAC1B,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,iBAAiB,UAAU,QAAQ,MAAM;AAAA,MAC3C;AAAA,MACA,MAAM,KAAK,UAAU,SAAS;AAAA,MAC9B,QAAQ,WAAW;AAAA,IACrB,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,iBAAa,KAAK;AAClB,UAAM,QAAQ;AACd,QAAI,MAAM,SAAS,cAAc;AAC/B,YAAM,IAAI;AAAA,QACR,uCAAuC,SAAS;AAAA,MAClD;AAAA,IACF;AACA,UAAM,IAAI;AAAA,MACR,8CAA8C,MAAM,OAAO;AAAA,IAC7D;AAAA,EACF,UAAE;AACA,iBAAa,KAAK;AAAA,EACpB;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,SAAS,KAAK;AAAA,EAC7B,QAAQ;AACN,UAAM,OAAO,MAAM,SAAS,KAAK,EAAE,MAAM,MAAM,EAAE;AACjD,UAAM,IAAI;AAAA,MACR,gDAAgD,SAAS,MAAM,MAAM,IAAI;AAAA,MACzE,SAAS;AAAA,IACX;AAAA,EACF;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAMC,UAAS;AACf,UAAM,MAAM,OAAOA,QAAO,UAAU,WAChCA,QAAO,QACP,QAAQ,SAAS,MAAM;AAC3B,UAAM,UAAU,MAAM,QAAQA,QAAO,OAAO,IAAIA,QAAO,UAAsB;AAC7E,UAAM,IAAI;AAAA,MACR,uBAAuB,GAAG;AAAA,MAC1B,SAAS;AAAA,MACT;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAAS;AACf,QAAM,SAAmB,CAAC;AAE1B,MAAI,OAAO,OAAO,oBAAoB,YAAY,OAAO,oBAAoB,OAAO,iBAAiB;AACnG,WAAO;AAAA,MACL,kCAAkC,OAAO,eAAe,qBAAqB,OAAO,eAAe;AAAA,IACrG;AAAA,EACF;AAEA,QAAM,cAAc,mBAAmB,OAAO,iBAAiB,0BAA0B;AACzF,MAAI,YAAa,QAAO,KAAK,WAAW;AAExC,QAAM,iBAAiB,mBAAmB,OAAO,iBAAiB,0BAA0B;AAC5F,MAAI,eAAgB,QAAO,KAAK,cAAc;AAE9C,MAAI,OAAO,SAAS,GAAG;AACrB,UAAM,IAAI;AAAA,MACR,2CAA2C,OAAO,KAAK,IAAI,CAAC;AAAA,MAC5D,SAAS;AAAA,MACT;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,eAAe,OAAO,OAAO,kBAAkB,WAAW,OAAO,gBAAgB;AAAA,IACjF,iBAAiB,OAAO,OAAO,oBAAoB,WAAW,OAAO,kBAAkB;AAAA,IACvF,iBAAiB,OAAO,OAAO,oBAAoB,WAAW,OAAO,kBAAkB;AAAA,IACvF,iBAAiB,OAAO,OAAO,oBAAoB,WAAW,OAAO,kBAAkB;AAAA,IACvF,KAAK;AAAA,EACP;AACF;;;ACxGO,SAAS,UAAU,QAAsC;AAC9D,SAAO,gBAAgB,MAAM;AAC/B;AAEO,SAAS,UAAU,MAAoC;AAC5D,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,IAAI;AAAA,EAC1B,SAAS,KAAK;AACZ,UAAM,IAAI,qBAAqB,CAAC,iBAAkB,IAAc,OAAO,EAAE,CAAC;AAAA,EAC5E;AAEA,QAAM,SAAS;AAEf,MAAI,CAAC,UAAU,OAAO,WAAW,UAAU;AACzC,UAAM,IAAI,qBAAqB,CAAC,+BAA+B,CAAC;AAAA,EAClE;AAEA,MAAI,OAAO,eAAe,uBAAuB;AAC/C,UAAM,IAAI,qBAAqB,CAAC,mDAAmD,OAAO,UAAU,GAAG,CAAC;AAAA,EAC1G;AAEA,QAAM,SAAS,UAAU,MAAM;AAC/B,MAAI,CAAC,OAAO,IAAI;AACd,UAAM,IAAI,qBAAqB,OAAO,MAAM;AAAA,EAC9C;AAEA,SAAO;AACT;;;ACjCA,IAAAC,UAAwB;AASjB,SAAS,aACd,QACA;AACA,SAAO;AAAA,IACL,MAAM,QAAQ,QAA6F;AACzG,YAAM,MAAM,MAAM,OAAO,OAAO,OAAO,aAAa;AACpD,YAAM,SAAS,OAAO,cAAc,GAAG;AACvC,YAAM,eAAe,OAAO,sBACxB,OAAO,oBAAoB,GAAG,IAC7B,OAAO,gBAAgB;AAE5B,YAAM,WAAW,eAAe;AAAA,QAC9B,aAAa,OAAO,eAAsB,mBAAW;AAAA,QACrD,UAAU,OAAO;AAAA,QACjB,OAAO,OAAO;AAAA,QACd;AAAA,QACA,QAAQ,OAAO;AAAA,QACf,OAAO,OAAO;AAAA,QACd,YAAY,OAAO;AAAA,QACnB;AAAA,QACA,OAAO,OAAO;AAAA,MAChB,CAAC;AAED,YAAM,SAAS,QAAQ,UAAU,EAAE,MAAM,OAAO,KAAK,CAAC;AAEtD,aAAO,EAAE,QAAQ,UAAU,OAAO;AAAA,IACpC;AAAA,EACF;AACF;","names":["crypto","crypto","result","crypto"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/types.ts","../src/errors.ts","../src/canonicalJson.ts","../src/hash.ts","../src/snapshot.ts","../src/cer.ts","../src/certify.ts","../src/run.ts","../src/sanitize.ts","../src/attest.ts","../src/archive.ts","../src/providers/wrap.ts"],"sourcesContent":["export { CerVerifyCode } from './types.js';\nexport type {\n CerVerifyCode as CerVerifyCodeType,\n AiExecutionSnapshotV1,\n AiExecutionParameters,\n CerAiExecutionBundle,\n CerMeta,\n VerificationResult,\n CreateSnapshotParams,\n AttestationResult,\n AttestOptions,\n CertifyDecisionParams,\n RunBuilderOptions,\n StepParams,\n RunSummary,\n ProviderConfig,\n WrappedExecutionParams,\n WrappedExecutionResult,\n} from './types.js';\n\nexport { CerVerificationError, CerAttestationError } from './errors.js';\nexport { toCanonicalJson } from './canonicalJson.js';\nexport { sha256Hex, hashUtf8, hashCanonicalJson, computeInputHash, computeOutputHash } from './hash.js';\nexport { createSnapshot, verifySnapshot } from './snapshot.js';\nexport { sealCer, verifyCer, verifyCer as verify } from './cer.js';\nexport { certifyDecision } from './certify.js';\nexport { RunBuilder } from './run.js';\nexport { attest } from './attest.js';\nexport { exportCer, importCer } from './archive.js';\nexport { wrapProvider } from './providers/wrap.js';\nexport { sanitizeForAttestation, hasAttestation } from './sanitize.js';\n","export interface AiExecutionParameters {\n temperature: number;\n maxTokens: number;\n topP: number | null;\n seed: number | null;\n}\n\nexport interface AiExecutionSnapshotV1 {\n type: 'ai.execution.v1';\n protocolVersion: '1.2.0';\n executionSurface: 'ai';\n executionId: string;\n timestamp: string;\n provider: string;\n model: string;\n modelVersion: string | null;\n prompt: string;\n input: string | Record<string, unknown>;\n inputHash: string;\n parameters: AiExecutionParameters;\n output: string | Record<string, unknown>;\n outputHash: string;\n sdkVersion: string | null;\n appId: string | null;\n runId?: string | null;\n stepId?: string | null;\n stepIndex?: number | null;\n workflowId?: string | null;\n conversationId?: string | null;\n prevStepHash?: string | null;\n}\n\nexport interface CerMeta {\n source?: string;\n tags?: string[];\n [key: string]: unknown;\n}\n\nexport interface CerAiExecutionBundle {\n bundleType: 'cer.ai.execution.v1';\n certificateHash: string;\n createdAt: string;\n version: '0.1';\n snapshot: AiExecutionSnapshotV1;\n meta?: CerMeta;\n}\n\nexport const CerVerifyCode = {\n OK: 'OK',\n CERTIFICATE_HASH_MISMATCH: 'CERTIFICATE_HASH_MISMATCH',\n SNAPSHOT_HASH_MISMATCH: 'SNAPSHOT_HASH_MISMATCH',\n INPUT_HASH_MISMATCH: 'INPUT_HASH_MISMATCH',\n OUTPUT_HASH_MISMATCH: 'OUTPUT_HASH_MISMATCH',\n INVALID_SHA256_FORMAT: 'INVALID_SHA256_FORMAT',\n CANONICALIZATION_ERROR: 'CANONICALIZATION_ERROR',\n SCHEMA_ERROR: 'SCHEMA_ERROR',\n UNKNOWN_ERROR: 'UNKNOWN_ERROR',\n} as const;\n\nexport type CerVerifyCode = typeof CerVerifyCode[keyof typeof CerVerifyCode];\n\nexport interface VerificationResult {\n ok: boolean;\n errors: string[];\n code: CerVerifyCode;\n details?: string[];\n}\n\nexport interface CreateSnapshotParams {\n executionId: string;\n timestamp?: string;\n provider: string;\n model: string;\n modelVersion?: string | null;\n prompt: string;\n input: string | Record<string, unknown>;\n parameters: AiExecutionParameters;\n output: string | Record<string, unknown>;\n sdkVersion?: string | null;\n appId?: string | null;\n runId?: string | null;\n stepId?: string | null;\n stepIndex?: number | null;\n workflowId?: string | null;\n conversationId?: string | null;\n prevStepHash?: string | null;\n}\n\nexport interface AttestationResult {\n ok: boolean;\n attestationId?: string;\n nodeRuntimeHash?: string;\n certificateHash?: string;\n protocolVersion?: string;\n errors?: string[];\n raw?: unknown;\n}\n\nexport interface AttestOptions {\n nodeUrl: string;\n apiKey: string;\n timeoutMs?: number;\n}\n\nexport interface CertifyDecisionParams {\n executionId?: string;\n timestamp?: string;\n provider: string;\n model: string;\n modelVersion?: string | null;\n prompt: string;\n input: string | Record<string, unknown>;\n parameters: AiExecutionParameters;\n output: string | Record<string, unknown>;\n sdkVersion?: string | null;\n appId?: string | null;\n meta?: CerMeta;\n runId?: string | null;\n stepId?: string | null;\n stepIndex?: number | null;\n workflowId?: string | null;\n conversationId?: string | null;\n prevStepHash?: string | null;\n}\n\nexport interface RunBuilderOptions {\n runId?: string;\n workflowId?: string | null;\n conversationId?: string | null;\n appId?: string | null;\n}\n\nexport interface StepParams {\n stepId?: string;\n provider: string;\n model: string;\n modelVersion?: string | null;\n prompt: string;\n input: string | Record<string, unknown>;\n parameters: AiExecutionParameters;\n output: string | Record<string, unknown>;\n timestamp?: string;\n meta?: CerMeta;\n}\n\nexport interface RunSummary {\n runId: string;\n workflowId: string | null;\n conversationId: string | null;\n stepCount: number;\n steps: Array<{\n stepIndex: number;\n stepId: string;\n executionId: string;\n certificateHash: string;\n prevStepHash: string | null;\n }>;\n finalStepHash: string | null;\n}\n\nexport interface ProviderConfig<TInput = unknown, TOutput = unknown> {\n provider: string;\n callFn: (input: TInput) => Promise<TOutput>;\n extractOutput: (raw: TOutput) => string | Record<string, unknown>;\n extractModelVersion?: (raw: TOutput) => string | null;\n}\n\nexport interface WrappedExecutionParams {\n prompt: string;\n input: string | Record<string, unknown>;\n model: string;\n parameters: AiExecutionParameters;\n modelVersion?: string | null;\n appId?: string | null;\n meta?: CerMeta;\n executionId?: string;\n}\n\nexport interface WrappedExecutionResult {\n output: string | Record<string, unknown>;\n snapshot: AiExecutionSnapshotV1;\n bundle: CerAiExecutionBundle;\n}\n","export class CerVerificationError extends Error {\n public readonly errors: string[];\n\n constructor(errors: string[]) {\n super(`CER verification failed: ${errors.join('; ')}`);\n this.name = 'CerVerificationError';\n this.errors = errors;\n }\n}\n\nexport class CerAttestationError extends Error {\n public readonly statusCode?: number;\n public readonly responseBody?: unknown;\n public readonly details?: string[];\n\n constructor(message: string, statusCode?: number, responseBody?: unknown, details?: string[]) {\n super(message);\n this.name = 'CerAttestationError';\n this.statusCode = statusCode;\n this.responseBody = responseBody;\n this.details = details;\n }\n}\n","export function toCanonicalJson(value: unknown): string {\n return canonicalize(value);\n}\n\nfunction canonicalize(value: unknown): string {\n if (value === null) {\n return 'null';\n }\n\n if (typeof value === 'boolean') {\n return value ? 'true' : 'false';\n }\n\n if (typeof value === 'number') {\n if (!Number.isFinite(value)) {\n throw new Error(`Non-finite number not allowed in canonical JSON: ${value}`);\n }\n return JSON.stringify(value);\n }\n\n if (typeof value === 'string') {\n return JSON.stringify(value);\n }\n\n if (Array.isArray(value)) {\n const items = value.map(item => canonicalize(item));\n return '[' + items.join(',') + ']';\n }\n\n if (typeof value === 'object') {\n const obj = value as Record<string, unknown>;\n const keys = Object.keys(obj).sort();\n const entries = keys.map(key => {\n const val = obj[key];\n if (val === undefined) {\n return null;\n }\n return JSON.stringify(key) + ':' + canonicalize(val);\n }).filter(e => e !== null);\n return '{' + entries.join(',') + '}';\n }\n\n throw new Error(`Unsupported type for canonical JSON: ${typeof value}`);\n}\n","import * as crypto from 'crypto';\nimport { toCanonicalJson } from './canonicalJson.js';\n\nexport function sha256Hex(data: string | Uint8Array): string {\n const hash = crypto.createHash('sha256');\n if (typeof data === 'string') {\n hash.update(data, 'utf-8');\n } else {\n hash.update(data);\n }\n return hash.digest('hex');\n}\n\nexport function hashUtf8(value: string): string {\n return `sha256:${sha256Hex(value)}`;\n}\n\nexport function hashCanonicalJson(value: unknown): string {\n const canonical = toCanonicalJson(value);\n return `sha256:${sha256Hex(canonical)}`;\n}\n\nexport function computeInputHash(input: string | Record<string, unknown>): string {\n if (typeof input === 'string') {\n return hashUtf8(input);\n }\n return hashCanonicalJson(input);\n}\n\nexport function computeOutputHash(output: string | Record<string, unknown>): string {\n if (typeof output === 'string') {\n return hashUtf8(output);\n }\n return hashCanonicalJson(output);\n}\n","import type { AiExecutionSnapshotV1, CreateSnapshotParams, VerificationResult, AiExecutionParameters } from './types.js';\nimport { CerVerifyCode } from './types.js';\nimport { computeInputHash, computeOutputHash } from './hash.js';\n\nconst PACKAGE_VERSION = '0.4.1';\n\nfunction validateParameters(params: AiExecutionParameters): string[] {\n const errors: string[] = [];\n\n if (typeof params.temperature !== 'number' || !Number.isFinite(params.temperature)) {\n errors.push(`parameters.temperature must be a finite number, got: ${params.temperature}`);\n }\n\n if (typeof params.maxTokens !== 'number' || !Number.isFinite(params.maxTokens)) {\n errors.push(`parameters.maxTokens must be a finite number, got: ${params.maxTokens}`);\n }\n\n if (params.topP !== null && (typeof params.topP !== 'number' || !Number.isFinite(params.topP))) {\n errors.push(`parameters.topP must be a finite number or null, got: ${params.topP}`);\n }\n\n if (params.seed !== null && (typeof params.seed !== 'number' || !Number.isFinite(params.seed))) {\n errors.push(`parameters.seed must be a finite number or null, got: ${params.seed}`);\n }\n\n return errors;\n}\n\nexport function createSnapshot(params: CreateSnapshotParams): AiExecutionSnapshotV1 {\n const paramErrors = validateParameters(params.parameters);\n if (paramErrors.length > 0) {\n throw new Error(`Invalid parameters: ${paramErrors.join('; ')}`);\n }\n\n const inputHash = computeInputHash(params.input);\n const outputHash = computeOutputHash(params.output);\n\n const snapshot: AiExecutionSnapshotV1 = {\n type: 'ai.execution.v1',\n protocolVersion: '1.2.0',\n executionSurface: 'ai',\n executionId: params.executionId,\n timestamp: params.timestamp ?? new Date().toISOString(),\n provider: params.provider,\n model: params.model,\n modelVersion: params.modelVersion ?? null,\n prompt: params.prompt,\n input: params.input,\n inputHash,\n parameters: {\n temperature: params.parameters.temperature,\n maxTokens: params.parameters.maxTokens,\n topP: params.parameters.topP ?? null,\n seed: params.parameters.seed ?? null,\n },\n output: params.output,\n outputHash,\n sdkVersion: params.sdkVersion ?? PACKAGE_VERSION,\n appId: params.appId ?? null,\n };\n\n if (params.runId !== undefined) snapshot.runId = params.runId ?? null;\n if (params.stepId !== undefined) snapshot.stepId = params.stepId ?? null;\n if (params.stepIndex !== undefined) snapshot.stepIndex = params.stepIndex ?? null;\n if (params.workflowId !== undefined) snapshot.workflowId = params.workflowId ?? null;\n if (params.conversationId !== undefined) snapshot.conversationId = params.conversationId ?? null;\n if (params.prevStepHash !== undefined) snapshot.prevStepHash = params.prevStepHash ?? null;\n\n return snapshot;\n}\n\nexport function verifySnapshot(snapshot: AiExecutionSnapshotV1): VerificationResult {\n const schemaErrors: string[] = [];\n const formatErrors: string[] = [];\n const inputHashErrors: string[] = [];\n const outputHashErrors: string[] = [];\n\n if (snapshot.type !== 'ai.execution.v1') {\n schemaErrors.push(`Expected type \"ai.execution.v1\", got \"${snapshot.type}\"`);\n }\n\n if (snapshot.protocolVersion !== '1.2.0') {\n schemaErrors.push(`Expected protocolVersion \"1.2.0\", got \"${snapshot.protocolVersion}\"`);\n }\n\n if (snapshot.executionSurface !== 'ai') {\n schemaErrors.push(`Expected executionSurface \"ai\", got \"${snapshot.executionSurface}\"`);\n }\n\n if (!snapshot.executionId || typeof snapshot.executionId !== 'string') {\n schemaErrors.push('executionId must be a non-empty string');\n }\n\n if (!snapshot.timestamp || typeof snapshot.timestamp !== 'string') {\n schemaErrors.push('timestamp must be a non-empty string');\n }\n\n if (!snapshot.provider || typeof snapshot.provider !== 'string') {\n schemaErrors.push('provider must be a non-empty string');\n }\n\n if (!snapshot.model || typeof snapshot.model !== 'string') {\n schemaErrors.push('model must be a non-empty string');\n }\n\n if (!snapshot.prompt || typeof snapshot.prompt !== 'string') {\n schemaErrors.push('prompt must be a non-empty string');\n }\n\n if (snapshot.input === undefined || snapshot.input === null) {\n schemaErrors.push('input must be a string or object');\n }\n\n if (snapshot.output === undefined || snapshot.output === null) {\n schemaErrors.push('output must be a string or object');\n }\n\n const paramErrors = validateParameters(snapshot.parameters);\n schemaErrors.push(...paramErrors);\n\n if (!snapshot.inputHash || !snapshot.inputHash.startsWith('sha256:')) {\n formatErrors.push(`inputHash must start with \"sha256:\", got \"${snapshot.inputHash}\"`);\n }\n\n if (!snapshot.outputHash || !snapshot.outputHash.startsWith('sha256:')) {\n formatErrors.push(`outputHash must start with \"sha256:\", got \"${snapshot.outputHash}\"`);\n }\n\n if (formatErrors.length === 0) {\n const expectedInputHash = computeInputHash(snapshot.input);\n if (snapshot.inputHash !== expectedInputHash) {\n inputHashErrors.push(`inputHash mismatch: expected ${expectedInputHash}, got ${snapshot.inputHash}`);\n }\n\n const expectedOutputHash = computeOutputHash(snapshot.output);\n if (snapshot.outputHash !== expectedOutputHash) {\n outputHashErrors.push(`outputHash mismatch: expected ${expectedOutputHash}, got ${snapshot.outputHash}`);\n }\n }\n\n const errors = [...schemaErrors, ...formatErrors, ...inputHashErrors, ...outputHashErrors];\n\n if (errors.length === 0) {\n return { ok: true, errors: [], code: CerVerifyCode.OK };\n }\n\n let code: typeof CerVerifyCode[keyof typeof CerVerifyCode];\n let details: string[];\n\n if (schemaErrors.length > 0) {\n code = CerVerifyCode.SCHEMA_ERROR;\n details = schemaErrors;\n } else if (formatErrors.length > 0) {\n code = CerVerifyCode.INVALID_SHA256_FORMAT;\n details = formatErrors;\n } else if (inputHashErrors.length > 0 && outputHashErrors.length > 0) {\n code = CerVerifyCode.SNAPSHOT_HASH_MISMATCH;\n details = [...inputHashErrors, ...outputHashErrors];\n } else if (inputHashErrors.length > 0) {\n code = CerVerifyCode.INPUT_HASH_MISMATCH;\n details = inputHashErrors;\n } else if (outputHashErrors.length > 0) {\n code = CerVerifyCode.OUTPUT_HASH_MISMATCH;\n details = outputHashErrors;\n } else {\n code = CerVerifyCode.UNKNOWN_ERROR;\n details = errors;\n }\n\n return { ok: false, errors, code, details };\n}\n","import type { AiExecutionSnapshotV1, CerAiExecutionBundle, CerMeta, VerificationResult } from './types.js';\nimport { CerVerifyCode } from './types.js';\nimport { toCanonicalJson } from './canonicalJson.js';\nimport { sha256Hex } from './hash.js';\nimport { verifySnapshot } from './snapshot.js';\n\ninterface CertificatePayload {\n bundleType: 'cer.ai.execution.v1';\n createdAt: string;\n snapshot: AiExecutionSnapshotV1;\n version: '0.1';\n}\n\nfunction computeCertificateHash(payload: CertificatePayload): string {\n const canonical = toCanonicalJson(payload);\n return `sha256:${sha256Hex(canonical)}`;\n}\n\nexport function sealCer(\n snapshot: AiExecutionSnapshotV1,\n options?: { createdAt?: string; meta?: CerMeta }\n): CerAiExecutionBundle {\n const createdAt = options?.createdAt ?? new Date().toISOString();\n\n const payload: CertificatePayload = {\n bundleType: 'cer.ai.execution.v1',\n createdAt,\n snapshot,\n version: '0.1',\n };\n\n const certificateHash = computeCertificateHash(payload);\n\n const bundle: CerAiExecutionBundle = {\n bundleType: 'cer.ai.execution.v1',\n certificateHash,\n createdAt,\n version: '0.1',\n snapshot,\n };\n\n if (options?.meta) {\n bundle.meta = options.meta;\n }\n\n return bundle;\n}\n\nexport function verifyCer(bundle: CerAiExecutionBundle): VerificationResult {\n const schemaErrors: string[] = [];\n const formatErrors: string[] = [];\n\n if (bundle.bundleType !== 'cer.ai.execution.v1') {\n schemaErrors.push(`Expected bundleType \"cer.ai.execution.v1\", got \"${bundle.bundleType}\"`);\n }\n\n if (bundle.version !== '0.1') {\n schemaErrors.push(`Expected version \"0.1\", got \"${bundle.version}\"`);\n }\n\n if (!bundle.createdAt || typeof bundle.createdAt !== 'string') {\n schemaErrors.push('createdAt must be a non-empty string');\n }\n\n if (!bundle.certificateHash || !bundle.certificateHash.startsWith('sha256:')) {\n formatErrors.push(`certificateHash must start with \"sha256:\", got \"${bundle.certificateHash}\"`);\n }\n\n if (!bundle.snapshot) {\n schemaErrors.push('snapshot is required');\n const allErrors = [...schemaErrors, ...formatErrors];\n return { ok: false, errors: allErrors, code: CerVerifyCode.SCHEMA_ERROR, details: schemaErrors };\n }\n\n let canonicalizationError: string | null = null;\n let snapshotResult: VerificationResult | null = null;\n\n try {\n snapshotResult = verifySnapshot(bundle.snapshot);\n } catch (err) {\n canonicalizationError = err instanceof Error ? err.message : String(err);\n }\n\n if (canonicalizationError !== null) {\n const errors = [...schemaErrors, ...formatErrors, canonicalizationError];\n return { ok: false, errors, code: CerVerifyCode.CANONICALIZATION_ERROR, details: [canonicalizationError] };\n }\n\n const snapshotErrors = snapshotResult!.errors;\n\n const certHashErrors: string[] = [];\n try {\n const payload: CertificatePayload = {\n bundleType: 'cer.ai.execution.v1',\n createdAt: bundle.createdAt,\n snapshot: bundle.snapshot,\n version: '0.1',\n };\n const expectedHash = computeCertificateHash(payload);\n if (bundle.certificateHash !== expectedHash) {\n certHashErrors.push(`certificateHash mismatch: expected ${expectedHash}, got ${bundle.certificateHash}`);\n }\n } catch (err) {\n const msg = err instanceof Error ? err.message : String(err);\n const errors = [...schemaErrors, ...formatErrors, ...snapshotErrors, msg];\n return { ok: false, errors, code: CerVerifyCode.CANONICALIZATION_ERROR, details: [msg] };\n }\n\n const errors = [...schemaErrors, ...formatErrors, ...snapshotErrors, ...certHashErrors];\n\n if (errors.length === 0) {\n return { ok: true, errors: [], code: CerVerifyCode.OK };\n }\n\n let code: typeof CerVerifyCode[keyof typeof CerVerifyCode];\n let details: string[];\n\n if (schemaErrors.length > 0) {\n code = CerVerifyCode.SCHEMA_ERROR;\n details = schemaErrors;\n } else if (formatErrors.length > 0) {\n code = CerVerifyCode.INVALID_SHA256_FORMAT;\n details = formatErrors;\n } else if (certHashErrors.length > 0 && snapshotErrors.length === 0) {\n code = CerVerifyCode.CERTIFICATE_HASH_MISMATCH;\n details = certHashErrors;\n } else if (snapshotResult && snapshotResult.code !== CerVerifyCode.OK) {\n code = snapshotResult.code;\n details = snapshotResult.details ?? snapshotErrors;\n } else if (certHashErrors.length > 0) {\n code = CerVerifyCode.CERTIFICATE_HASH_MISMATCH;\n details = certHashErrors;\n } else {\n code = CerVerifyCode.UNKNOWN_ERROR;\n details = errors;\n }\n\n return { ok: false, errors, code, details };\n}\n","import * as crypto from 'crypto';\nimport type { CerAiExecutionBundle, CertifyDecisionParams } from './types.js';\nimport { createSnapshot } from './snapshot.js';\nimport { sealCer } from './cer.js';\n\nexport function certifyDecision(params: CertifyDecisionParams): CerAiExecutionBundle {\n const executionId = params.executionId ?? crypto.randomUUID();\n\n const snapshot = createSnapshot({\n executionId,\n timestamp: params.timestamp,\n provider: params.provider,\n model: params.model,\n modelVersion: params.modelVersion,\n prompt: params.prompt,\n input: params.input,\n parameters: params.parameters,\n output: params.output,\n sdkVersion: params.sdkVersion,\n appId: params.appId,\n runId: params.runId,\n stepId: params.stepId,\n stepIndex: params.stepIndex,\n workflowId: params.workflowId,\n conversationId: params.conversationId,\n prevStepHash: params.prevStepHash,\n });\n\n return sealCer(snapshot, { meta: params.meta });\n}\n","import * as crypto from 'crypto';\nimport type {\n CerAiExecutionBundle,\n RunBuilderOptions,\n StepParams,\n RunSummary,\n} from './types.js';\nimport { createSnapshot } from './snapshot.js';\nimport { sealCer } from './cer.js';\n\nexport class RunBuilder {\n private readonly runId: string;\n private readonly workflowId: string | null;\n private readonly conversationId: string | null;\n private readonly appId: string | null;\n private stepIndex: number = 0;\n private prevStepHash: string | null = null;\n private steps: RunSummary['steps'] = [];\n\n constructor(options?: RunBuilderOptions) {\n this.runId = options?.runId ?? crypto.randomUUID();\n this.workflowId = options?.workflowId ?? null;\n this.conversationId = options?.conversationId ?? null;\n this.appId = options?.appId ?? null;\n }\n\n step(params: StepParams): CerAiExecutionBundle {\n const stepId = params.stepId ?? crypto.randomUUID();\n const executionId = `${this.runId}-step-${this.stepIndex}`;\n\n const snapshot = createSnapshot({\n executionId,\n timestamp: params.timestamp,\n provider: params.provider,\n model: params.model,\n modelVersion: params.modelVersion,\n prompt: params.prompt,\n input: params.input,\n parameters: params.parameters,\n output: params.output,\n appId: this.appId,\n runId: this.runId,\n stepId,\n stepIndex: this.stepIndex,\n workflowId: this.workflowId,\n conversationId: this.conversationId,\n prevStepHash: this.prevStepHash,\n });\n\n const bundle = sealCer(snapshot, { meta: params.meta });\n\n this.steps.push({\n stepIndex: this.stepIndex,\n stepId,\n executionId,\n certificateHash: bundle.certificateHash,\n prevStepHash: this.prevStepHash,\n });\n\n this.prevStepHash = bundle.certificateHash;\n this.stepIndex++;\n\n return bundle;\n }\n\n finalize(): RunSummary {\n return {\n runId: this.runId,\n workflowId: this.workflowId,\n conversationId: this.conversationId,\n stepCount: this.steps.length,\n steps: [...this.steps],\n finalStepHash: this.prevStepHash,\n };\n }\n}\n","import type { CerAiExecutionBundle } from './types.js';\n\nfunction deepRemoveUndefined(value: unknown): unknown {\n if (value === null || value === undefined) return value;\n\n if (typeof value === 'bigint') {\n throw new Error('BigInt values are not JSON-safe and cannot be sanitized');\n }\n if (typeof value === 'function') {\n throw new Error('Function values are not JSON-safe and cannot be sanitized');\n }\n if (typeof value === 'symbol') {\n throw new Error('Symbol values are not JSON-safe and cannot be sanitized');\n }\n\n if (Array.isArray(value)) {\n return value.map(deepRemoveUndefined);\n }\n\n if (typeof value === 'object') {\n const result: Record<string, unknown> = {};\n for (const [key, val] of Object.entries(value as Record<string, unknown>)) {\n if (val === undefined) continue;\n result[key] = deepRemoveUndefined(val);\n }\n return result;\n }\n\n return value;\n}\n\nexport function sanitizeForAttestation(bundle: CerAiExecutionBundle): CerAiExecutionBundle {\n return deepRemoveUndefined(bundle) as CerAiExecutionBundle;\n}\n\nexport function hasAttestation(bundle: unknown): boolean {\n if (typeof bundle !== 'object' || bundle === null) return false;\n const b = bundle as Record<string, unknown>;\n\n if (typeof b.attestationId === 'string' && b.attestationId.length > 0) return true;\n if (typeof b.nodeRuntimeHash === 'string' && b.nodeRuntimeHash.length > 0) return true;\n\n if (typeof b.attestation === 'object' && b.attestation !== null) {\n const att = b.attestation as Record<string, unknown>;\n if (typeof att.attestationId === 'string' && att.attestationId.length > 0) return true;\n if (typeof att.nodeRuntimeHash === 'string' && att.nodeRuntimeHash.length > 0) return true;\n }\n\n return false;\n}\n","import type { CerAiExecutionBundle, AttestationResult, AttestOptions } from './types.js';\nimport { CerAttestationError } from './errors.js';\nimport { sanitizeForAttestation } from './sanitize.js';\n\nconst SHA256_PATTERN = /^sha256:[0-9a-f]{64}$/;\nconst DEFAULT_TIMEOUT_MS = 10_000;\n\nfunction validateHashFormat(value: unknown, fieldName: string): string | null {\n if (typeof value !== 'string') return null;\n if (!SHA256_PATTERN.test(value)) {\n return `${fieldName} is not in sha256:<64hex> format: \"${value}\"`;\n }\n return null;\n}\n\nexport async function attest(\n bundle: CerAiExecutionBundle,\n options: AttestOptions,\n): Promise<AttestationResult> {\n const url = `${options.nodeUrl.replace(/\\/+$/, '')}/api/attest`;\n const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const sanitized = sanitizeForAttestation(bundle);\n\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), timeoutMs);\n\n let response: Response;\n try {\n response = await fetch(url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${options.apiKey}`,\n },\n body: JSON.stringify(sanitized),\n signal: controller.signal,\n });\n } catch (err) {\n clearTimeout(timer);\n const error = err as Error;\n if (error.name === 'AbortError') {\n throw new CerAttestationError(\n `Attestation request timed out after ${timeoutMs}ms`,\n );\n }\n throw new CerAttestationError(\n `Network error contacting attestation node: ${error.message}`,\n );\n } finally {\n clearTimeout(timer);\n }\n\n let body: unknown;\n try {\n body = await response.json();\n } catch {\n const text = await response.text().catch(() => '');\n throw new CerAttestationError(\n `Attestation node returned non-JSON response (${response.status}): ${text}`,\n response.status,\n );\n }\n\n if (!response.ok) {\n const result = body as Record<string, unknown>;\n const msg = typeof result.error === 'string'\n ? result.error\n : `HTTP ${response.status}`;\n const details = Array.isArray(result.details) ? result.details as string[] : undefined;\n throw new CerAttestationError(\n `Attestation failed: ${msg}`,\n response.status,\n body,\n details,\n );\n }\n\n const result = body as Record<string, unknown>;\n const errors: string[] = [];\n\n if (typeof result.certificateHash === 'string' && result.certificateHash !== bundle.certificateHash) {\n errors.push(\n `Node returned certificateHash \"${result.certificateHash}\" but bundle has \"${bundle.certificateHash}\"`,\n );\n }\n\n const certHashErr = validateHashFormat(result.certificateHash, 'response.certificateHash');\n if (certHashErr) errors.push(certHashErr);\n\n const runtimeHashErr = validateHashFormat(result.nodeRuntimeHash, 'response.nodeRuntimeHash');\n if (runtimeHashErr) errors.push(runtimeHashErr);\n\n if (errors.length > 0) {\n throw new CerAttestationError(\n `Attestation response validation failed: ${errors.join('; ')}`,\n response.status,\n body,\n errors,\n );\n }\n\n return {\n ok: true,\n attestationId: typeof result.attestationId === 'string' ? result.attestationId : undefined,\n nodeRuntimeHash: typeof result.nodeRuntimeHash === 'string' ? result.nodeRuntimeHash : undefined,\n certificateHash: typeof result.certificateHash === 'string' ? result.certificateHash : undefined,\n protocolVersion: typeof result.protocolVersion === 'string' ? result.protocolVersion : undefined,\n raw: body,\n };\n}\n","import type { CerAiExecutionBundle } from './types.js';\nimport { toCanonicalJson } from './canonicalJson.js';\nimport { verifyCer } from './cer.js';\nimport { CerVerificationError } from './errors.js';\n\nexport function exportCer(bundle: CerAiExecutionBundle): string {\n return toCanonicalJson(bundle);\n}\n\nexport function importCer(json: string): CerAiExecutionBundle {\n let parsed: unknown;\n try {\n parsed = JSON.parse(json);\n } catch (err) {\n throw new CerVerificationError([`Invalid JSON: ${(err as Error).message}`]);\n }\n\n const bundle = parsed as CerAiExecutionBundle;\n\n if (!bundle || typeof bundle !== 'object') {\n throw new CerVerificationError(['Parsed value is not an object']);\n }\n\n if (bundle.bundleType !== 'cer.ai.execution.v1') {\n throw new CerVerificationError([`Expected bundleType \"cer.ai.execution.v1\", got \"${bundle.bundleType}\"`]);\n }\n\n const result = verifyCer(bundle);\n if (!result.ok) {\n throw new CerVerificationError(result.errors);\n }\n\n return bundle;\n}\n","import * as crypto from 'crypto';\nimport type {\n ProviderConfig,\n WrappedExecutionParams,\n WrappedExecutionResult,\n} from '../types.js';\nimport { createSnapshot } from '../snapshot.js';\nimport { sealCer } from '../cer.js';\n\nexport function wrapProvider<TInput = unknown, TOutput = unknown>(\n config: ProviderConfig<TInput, TOutput>,\n) {\n return {\n async execute(params: WrappedExecutionParams & { providerInput: TInput }): Promise<WrappedExecutionResult> {\n const raw = await config.callFn(params.providerInput);\n const output = config.extractOutput(raw);\n const modelVersion = config.extractModelVersion\n ? config.extractModelVersion(raw)\n : (params.modelVersion ?? null);\n\n const snapshot = createSnapshot({\n executionId: params.executionId ?? crypto.randomUUID(),\n provider: config.provider,\n model: params.model,\n modelVersion,\n prompt: params.prompt,\n input: params.input,\n parameters: params.parameters,\n output,\n appId: params.appId,\n });\n\n const bundle = sealCer(snapshot, { meta: params.meta });\n\n return { output, snapshot, bundle };\n },\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;AC+CO,IAAM,gBAAgB;AAAA,EAC3B,IAAI;AAAA,EACJ,2BAA2B;AAAA,EAC3B,wBAAwB;AAAA,EACxB,qBAAqB;AAAA,EACrB,sBAAsB;AAAA,EACtB,uBAAuB;AAAA,EACvB,wBAAwB;AAAA,EACxB,cAAc;AAAA,EACd,eAAe;AACjB;;;ACzDO,IAAM,uBAAN,cAAmC,MAAM;AAAA,EAC9B;AAAA,EAEhB,YAAY,QAAkB;AAC5B,UAAM,4BAA4B,OAAO,KAAK,IAAI,CAAC,EAAE;AACrD,SAAK,OAAO;AACZ,SAAK,SAAS;AAAA,EAChB;AACF;AAEO,IAAM,sBAAN,cAAkC,MAAM;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EAEhB,YAAY,SAAiB,YAAqB,cAAwB,SAAoB;AAC5F,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,eAAe;AACpB,SAAK,UAAU;AAAA,EACjB;AACF;;;ACtBO,SAAS,gBAAgB,OAAwB;AACtD,SAAO,aAAa,KAAK;AAC3B;AAEA,SAAS,aAAa,OAAwB;AAC5C,MAAI,UAAU,MAAM;AAClB,WAAO;AAAA,EACT;AAEA,MAAI,OAAO,UAAU,WAAW;AAC9B,WAAO,QAAQ,SAAS;AAAA,EAC1B;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,QAAI,CAAC,OAAO,SAAS,KAAK,GAAG;AAC3B,YAAM,IAAI,MAAM,oDAAoD,KAAK,EAAE;AAAA,IAC7E;AACA,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,UAAM,QAAQ,MAAM,IAAI,UAAQ,aAAa,IAAI,CAAC;AAClD,WAAO,MAAM,MAAM,KAAK,GAAG,IAAI;AAAA,EACjC;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,MAAM;AACZ,UAAM,OAAO,OAAO,KAAK,GAAG,EAAE,KAAK;AACnC,UAAM,UAAU,KAAK,IAAI,SAAO;AAC9B,YAAM,MAAM,IAAI,GAAG;AACnB,UAAI,QAAQ,QAAW;AACrB,eAAO;AAAA,MACT;AACA,aAAO,KAAK,UAAU,GAAG,IAAI,MAAM,aAAa,GAAG;AAAA,IACrD,CAAC,EAAE,OAAO,OAAK,MAAM,IAAI;AACzB,WAAO,MAAM,QAAQ,KAAK,GAAG,IAAI;AAAA,EACnC;AAEA,QAAM,IAAI,MAAM,wCAAwC,OAAO,KAAK,EAAE;AACxE;;;AC3CA,aAAwB;AAGjB,SAAS,UAAU,MAAmC;AAC3D,QAAM,OAAc,kBAAW,QAAQ;AACvC,MAAI,OAAO,SAAS,UAAU;AAC5B,SAAK,OAAO,MAAM,OAAO;AAAA,EAC3B,OAAO;AACL,SAAK,OAAO,IAAI;AAAA,EAClB;AACA,SAAO,KAAK,OAAO,KAAK;AAC1B;AAEO,SAAS,SAAS,OAAuB;AAC9C,SAAO,UAAU,UAAU,KAAK,CAAC;AACnC;AAEO,SAAS,kBAAkB,OAAwB;AACxD,QAAM,YAAY,gBAAgB,KAAK;AACvC,SAAO,UAAU,UAAU,SAAS,CAAC;AACvC;AAEO,SAAS,iBAAiB,OAAiD;AAChF,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,SAAS,KAAK;AAAA,EACvB;AACA,SAAO,kBAAkB,KAAK;AAChC;AAEO,SAAS,kBAAkB,QAAkD;AAClF,MAAI,OAAO,WAAW,UAAU;AAC9B,WAAO,SAAS,MAAM;AAAA,EACxB;AACA,SAAO,kBAAkB,MAAM;AACjC;;;AC9BA,IAAM,kBAAkB;AAExB,SAAS,mBAAmB,QAAyC;AACnE,QAAM,SAAmB,CAAC;AAE1B,MAAI,OAAO,OAAO,gBAAgB,YAAY,CAAC,OAAO,SAAS,OAAO,WAAW,GAAG;AAClF,WAAO,KAAK,wDAAwD,OAAO,WAAW,EAAE;AAAA,EAC1F;AAEA,MAAI,OAAO,OAAO,cAAc,YAAY,CAAC,OAAO,SAAS,OAAO,SAAS,GAAG;AAC9E,WAAO,KAAK,sDAAsD,OAAO,SAAS,EAAE;AAAA,EACtF;AAEA,MAAI,OAAO,SAAS,SAAS,OAAO,OAAO,SAAS,YAAY,CAAC,OAAO,SAAS,OAAO,IAAI,IAAI;AAC9F,WAAO,KAAK,yDAAyD,OAAO,IAAI,EAAE;AAAA,EACpF;AAEA,MAAI,OAAO,SAAS,SAAS,OAAO,OAAO,SAAS,YAAY,CAAC,OAAO,SAAS,OAAO,IAAI,IAAI;AAC9F,WAAO,KAAK,yDAAyD,OAAO,IAAI,EAAE;AAAA,EACpF;AAEA,SAAO;AACT;AAEO,SAAS,eAAe,QAAqD;AAClF,QAAM,cAAc,mBAAmB,OAAO,UAAU;AACxD,MAAI,YAAY,SAAS,GAAG;AAC1B,UAAM,IAAI,MAAM,uBAAuB,YAAY,KAAK,IAAI,CAAC,EAAE;AAAA,EACjE;AAEA,QAAM,YAAY,iBAAiB,OAAO,KAAK;AAC/C,QAAM,aAAa,kBAAkB,OAAO,MAAM;AAElD,QAAM,WAAkC;AAAA,IACtC,MAAM;AAAA,IACN,iBAAiB;AAAA,IACjB,kBAAkB;AAAA,IAClB,aAAa,OAAO;AAAA,IACpB,WAAW,OAAO,cAAa,oBAAI,KAAK,GAAE,YAAY;AAAA,IACtD,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO;AAAA,IACd,cAAc,OAAO,gBAAgB;AAAA,IACrC,QAAQ,OAAO;AAAA,IACf,OAAO,OAAO;AAAA,IACd;AAAA,IACA,YAAY;AAAA,MACV,aAAa,OAAO,WAAW;AAAA,MAC/B,WAAW,OAAO,WAAW;AAAA,MAC7B,MAAM,OAAO,WAAW,QAAQ;AAAA,MAChC,MAAM,OAAO,WAAW,QAAQ;AAAA,IAClC;AAAA,IACA,QAAQ,OAAO;AAAA,IACf;AAAA,IACA,YAAY,OAAO,cAAc;AAAA,IACjC,OAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAI,OAAO,UAAU,OAAW,UAAS,QAAQ,OAAO,SAAS;AACjE,MAAI,OAAO,WAAW,OAAW,UAAS,SAAS,OAAO,UAAU;AACpE,MAAI,OAAO,cAAc,OAAW,UAAS,YAAY,OAAO,aAAa;AAC7E,MAAI,OAAO,eAAe,OAAW,UAAS,aAAa,OAAO,cAAc;AAChF,MAAI,OAAO,mBAAmB,OAAW,UAAS,iBAAiB,OAAO,kBAAkB;AAC5F,MAAI,OAAO,iBAAiB,OAAW,UAAS,eAAe,OAAO,gBAAgB;AAEtF,SAAO;AACT;AAEO,SAAS,eAAe,UAAqD;AAClF,QAAM,eAAyB,CAAC;AAChC,QAAM,eAAyB,CAAC;AAChC,QAAM,kBAA4B,CAAC;AACnC,QAAM,mBAA6B,CAAC;AAEpC,MAAI,SAAS,SAAS,mBAAmB;AACvC,iBAAa,KAAK,yCAAyC,SAAS,IAAI,GAAG;AAAA,EAC7E;AAEA,MAAI,SAAS,oBAAoB,SAAS;AACxC,iBAAa,KAAK,0CAA0C,SAAS,eAAe,GAAG;AAAA,EACzF;AAEA,MAAI,SAAS,qBAAqB,MAAM;AACtC,iBAAa,KAAK,wCAAwC,SAAS,gBAAgB,GAAG;AAAA,EACxF;AAEA,MAAI,CAAC,SAAS,eAAe,OAAO,SAAS,gBAAgB,UAAU;AACrE,iBAAa,KAAK,wCAAwC;AAAA,EAC5D;AAEA,MAAI,CAAC,SAAS,aAAa,OAAO,SAAS,cAAc,UAAU;AACjE,iBAAa,KAAK,sCAAsC;AAAA,EAC1D;AAEA,MAAI,CAAC,SAAS,YAAY,OAAO,SAAS,aAAa,UAAU;AAC/D,iBAAa,KAAK,qCAAqC;AAAA,EACzD;AAEA,MAAI,CAAC,SAAS,SAAS,OAAO,SAAS,UAAU,UAAU;AACzD,iBAAa,KAAK,kCAAkC;AAAA,EACtD;AAEA,MAAI,CAAC,SAAS,UAAU,OAAO,SAAS,WAAW,UAAU;AAC3D,iBAAa,KAAK,mCAAmC;AAAA,EACvD;AAEA,MAAI,SAAS,UAAU,UAAa,SAAS,UAAU,MAAM;AAC3D,iBAAa,KAAK,kCAAkC;AAAA,EACtD;AAEA,MAAI,SAAS,WAAW,UAAa,SAAS,WAAW,MAAM;AAC7D,iBAAa,KAAK,mCAAmC;AAAA,EACvD;AAEA,QAAM,cAAc,mBAAmB,SAAS,UAAU;AAC1D,eAAa,KAAK,GAAG,WAAW;AAEhC,MAAI,CAAC,SAAS,aAAa,CAAC,SAAS,UAAU,WAAW,SAAS,GAAG;AACpE,iBAAa,KAAK,6CAA6C,SAAS,SAAS,GAAG;AAAA,EACtF;AAEA,MAAI,CAAC,SAAS,cAAc,CAAC,SAAS,WAAW,WAAW,SAAS,GAAG;AACtE,iBAAa,KAAK,8CAA8C,SAAS,UAAU,GAAG;AAAA,EACxF;AAEA,MAAI,aAAa,WAAW,GAAG;AAC7B,UAAM,oBAAoB,iBAAiB,SAAS,KAAK;AACzD,QAAI,SAAS,cAAc,mBAAmB;AAC5C,sBAAgB,KAAK,gCAAgC,iBAAiB,SAAS,SAAS,SAAS,EAAE;AAAA,IACrG;AAEA,UAAM,qBAAqB,kBAAkB,SAAS,MAAM;AAC5D,QAAI,SAAS,eAAe,oBAAoB;AAC9C,uBAAiB,KAAK,iCAAiC,kBAAkB,SAAS,SAAS,UAAU,EAAE;AAAA,IACzG;AAAA,EACF;AAEA,QAAM,SAAS,CAAC,GAAG,cAAc,GAAG,cAAc,GAAG,iBAAiB,GAAG,gBAAgB;AAEzF,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,EAAE,IAAI,MAAM,QAAQ,CAAC,GAAG,MAAM,cAAc,GAAG;AAAA,EACxD;AAEA,MAAI;AACJ,MAAI;AAEJ,MAAI,aAAa,SAAS,GAAG;AAC3B,WAAO,cAAc;AACrB,cAAU;AAAA,EACZ,WAAW,aAAa,SAAS,GAAG;AAClC,WAAO,cAAc;AACrB,cAAU;AAAA,EACZ,WAAW,gBAAgB,SAAS,KAAK,iBAAiB,SAAS,GAAG;AACpE,WAAO,cAAc;AACrB,cAAU,CAAC,GAAG,iBAAiB,GAAG,gBAAgB;AAAA,EACpD,WAAW,gBAAgB,SAAS,GAAG;AACrC,WAAO,cAAc;AACrB,cAAU;AAAA,EACZ,WAAW,iBAAiB,SAAS,GAAG;AACtC,WAAO,cAAc;AACrB,cAAU;AAAA,EACZ,OAAO;AACL,WAAO,cAAc;AACrB,cAAU;AAAA,EACZ;AAEA,SAAO,EAAE,IAAI,OAAO,QAAQ,MAAM,QAAQ;AAC5C;;;AC7JA,SAAS,uBAAuB,SAAqC;AACnE,QAAM,YAAY,gBAAgB,OAAO;AACzC,SAAO,UAAU,UAAU,SAAS,CAAC;AACvC;AAEO,SAAS,QACd,UACA,SACsB;AACtB,QAAM,YAAY,SAAS,cAAa,oBAAI,KAAK,GAAE,YAAY;AAE/D,QAAM,UAA8B;AAAA,IAClC,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX;AAEA,QAAM,kBAAkB,uBAAuB,OAAO;AAEtD,QAAM,SAA+B;AAAA,IACnC,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,EACF;AAEA,MAAI,SAAS,MAAM;AACjB,WAAO,OAAO,QAAQ;AAAA,EACxB;AAEA,SAAO;AACT;AAEO,SAAS,UAAU,QAAkD;AAC1E,QAAM,eAAyB,CAAC;AAChC,QAAM,eAAyB,CAAC;AAEhC,MAAI,OAAO,eAAe,uBAAuB;AAC/C,iBAAa,KAAK,mDAAmD,OAAO,UAAU,GAAG;AAAA,EAC3F;AAEA,MAAI,OAAO,YAAY,OAAO;AAC5B,iBAAa,KAAK,gCAAgC,OAAO,OAAO,GAAG;AAAA,EACrE;AAEA,MAAI,CAAC,OAAO,aAAa,OAAO,OAAO,cAAc,UAAU;AAC7D,iBAAa,KAAK,sCAAsC;AAAA,EAC1D;AAEA,MAAI,CAAC,OAAO,mBAAmB,CAAC,OAAO,gBAAgB,WAAW,SAAS,GAAG;AAC5E,iBAAa,KAAK,mDAAmD,OAAO,eAAe,GAAG;AAAA,EAChG;AAEA,MAAI,CAAC,OAAO,UAAU;AACpB,iBAAa,KAAK,sBAAsB;AACxC,UAAM,YAAY,CAAC,GAAG,cAAc,GAAG,YAAY;AACnD,WAAO,EAAE,IAAI,OAAO,QAAQ,WAAW,MAAM,cAAc,cAAc,SAAS,aAAa;AAAA,EACjG;AAEA,MAAI,wBAAuC;AAC3C,MAAI,iBAA4C;AAEhD,MAAI;AACF,qBAAiB,eAAe,OAAO,QAAQ;AAAA,EACjD,SAAS,KAAK;AACZ,4BAAwB,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,EACzE;AAEA,MAAI,0BAA0B,MAAM;AAClC,UAAMA,UAAS,CAAC,GAAG,cAAc,GAAG,cAAc,qBAAqB;AACvE,WAAO,EAAE,IAAI,OAAO,QAAAA,SAAQ,MAAM,cAAc,wBAAwB,SAAS,CAAC,qBAAqB,EAAE;AAAA,EAC3G;AAEA,QAAM,iBAAiB,eAAgB;AAEvC,QAAM,iBAA2B,CAAC;AAClC,MAAI;AACF,UAAM,UAA8B;AAAA,MAClC,YAAY;AAAA,MACZ,WAAW,OAAO;AAAA,MAClB,UAAU,OAAO;AAAA,MACjB,SAAS;AAAA,IACX;AACA,UAAM,eAAe,uBAAuB,OAAO;AACnD,QAAI,OAAO,oBAAoB,cAAc;AAC3C,qBAAe,KAAK,sCAAsC,YAAY,SAAS,OAAO,eAAe,EAAE;AAAA,IACzG;AAAA,EACF,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,UAAMA,UAAS,CAAC,GAAG,cAAc,GAAG,cAAc,GAAG,gBAAgB,GAAG;AACxE,WAAO,EAAE,IAAI,OAAO,QAAAA,SAAQ,MAAM,cAAc,wBAAwB,SAAS,CAAC,GAAG,EAAE;AAAA,EACzF;AAEA,QAAM,SAAS,CAAC,GAAG,cAAc,GAAG,cAAc,GAAG,gBAAgB,GAAG,cAAc;AAEtF,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,EAAE,IAAI,MAAM,QAAQ,CAAC,GAAG,MAAM,cAAc,GAAG;AAAA,EACxD;AAEA,MAAI;AACJ,MAAI;AAEJ,MAAI,aAAa,SAAS,GAAG;AAC3B,WAAO,cAAc;AACrB,cAAU;AAAA,EACZ,WAAW,aAAa,SAAS,GAAG;AAClC,WAAO,cAAc;AACrB,cAAU;AAAA,EACZ,WAAW,eAAe,SAAS,KAAK,eAAe,WAAW,GAAG;AACnE,WAAO,cAAc;AACrB,cAAU;AAAA,EACZ,WAAW,kBAAkB,eAAe,SAAS,cAAc,IAAI;AACrE,WAAO,eAAe;AACtB,cAAU,eAAe,WAAW;AAAA,EACtC,WAAW,eAAe,SAAS,GAAG;AACpC,WAAO,cAAc;AACrB,cAAU;AAAA,EACZ,OAAO;AACL,WAAO,cAAc;AACrB,cAAU;AAAA,EACZ;AAEA,SAAO,EAAE,IAAI,OAAO,QAAQ,MAAM,QAAQ;AAC5C;;;AC1IA,IAAAC,UAAwB;AAKjB,SAAS,gBAAgB,QAAqD;AACnF,QAAM,cAAc,OAAO,eAAsB,mBAAW;AAE5D,QAAM,WAAW,eAAe;AAAA,IAC9B;AAAA,IACA,WAAW,OAAO;AAAA,IAClB,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO;AAAA,IACd,cAAc,OAAO;AAAA,IACrB,QAAQ,OAAO;AAAA,IACf,OAAO,OAAO;AAAA,IACd,YAAY,OAAO;AAAA,IACnB,QAAQ,OAAO;AAAA,IACf,YAAY,OAAO;AAAA,IACnB,OAAO,OAAO;AAAA,IACd,OAAO,OAAO;AAAA,IACd,QAAQ,OAAO;AAAA,IACf,WAAW,OAAO;AAAA,IAClB,YAAY,OAAO;AAAA,IACnB,gBAAgB,OAAO;AAAA,IACvB,cAAc,OAAO;AAAA,EACvB,CAAC;AAED,SAAO,QAAQ,UAAU,EAAE,MAAM,OAAO,KAAK,CAAC;AAChD;;;AC7BA,IAAAC,UAAwB;AAUjB,IAAM,aAAN,MAAiB;AAAA,EACL;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACT,YAAoB;AAAA,EACpB,eAA8B;AAAA,EAC9B,QAA6B,CAAC;AAAA,EAEtC,YAAY,SAA6B;AACvC,SAAK,QAAQ,SAAS,SAAgB,mBAAW;AACjD,SAAK,aAAa,SAAS,cAAc;AACzC,SAAK,iBAAiB,SAAS,kBAAkB;AACjD,SAAK,QAAQ,SAAS,SAAS;AAAA,EACjC;AAAA,EAEA,KAAK,QAA0C;AAC7C,UAAM,SAAS,OAAO,UAAiB,mBAAW;AAClD,UAAM,cAAc,GAAG,KAAK,KAAK,SAAS,KAAK,SAAS;AAExD,UAAM,WAAW,eAAe;AAAA,MAC9B;AAAA,MACA,WAAW,OAAO;AAAA,MAClB,UAAU,OAAO;AAAA,MACjB,OAAO,OAAO;AAAA,MACd,cAAc,OAAO;AAAA,MACrB,QAAQ,OAAO;AAAA,MACf,OAAO,OAAO;AAAA,MACd,YAAY,OAAO;AAAA,MACnB,QAAQ,OAAO;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,OAAO,KAAK;AAAA,MACZ;AAAA,MACA,WAAW,KAAK;AAAA,MAChB,YAAY,KAAK;AAAA,MACjB,gBAAgB,KAAK;AAAA,MACrB,cAAc,KAAK;AAAA,IACrB,CAAC;AAED,UAAM,SAAS,QAAQ,UAAU,EAAE,MAAM,OAAO,KAAK,CAAC;AAEtD,SAAK,MAAM,KAAK;AAAA,MACd,WAAW,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,MACA,iBAAiB,OAAO;AAAA,MACxB,cAAc,KAAK;AAAA,IACrB,CAAC;AAED,SAAK,eAAe,OAAO;AAC3B,SAAK;AAEL,WAAO;AAAA,EACT;AAAA,EAEA,WAAuB;AACrB,WAAO;AAAA,MACL,OAAO,KAAK;AAAA,MACZ,YAAY,KAAK;AAAA,MACjB,gBAAgB,KAAK;AAAA,MACrB,WAAW,KAAK,MAAM;AAAA,MACtB,OAAO,CAAC,GAAG,KAAK,KAAK;AAAA,MACrB,eAAe,KAAK;AAAA,IACtB;AAAA,EACF;AACF;;;ACzEA,SAAS,oBAAoB,OAAyB;AACpD,MAAI,UAAU,QAAQ,UAAU,OAAW,QAAO;AAElD,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,IAAI,MAAM,yDAAyD;AAAA,EAC3E;AACA,MAAI,OAAO,UAAU,YAAY;AAC/B,UAAM,IAAI,MAAM,2DAA2D;AAAA,EAC7E;AACA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,IAAI,MAAM,yDAAyD;AAAA,EAC3E;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,IAAI,mBAAmB;AAAA,EACtC;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,SAAkC,CAAC;AACzC,eAAW,CAAC,KAAK,GAAG,KAAK,OAAO,QAAQ,KAAgC,GAAG;AACzE,UAAI,QAAQ,OAAW;AACvB,aAAO,GAAG,IAAI,oBAAoB,GAAG;AAAA,IACvC;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAEO,SAAS,uBAAuB,QAAoD;AACzF,SAAO,oBAAoB,MAAM;AACnC;AAEO,SAAS,eAAe,QAA0B;AACvD,MAAI,OAAO,WAAW,YAAY,WAAW,KAAM,QAAO;AAC1D,QAAM,IAAI;AAEV,MAAI,OAAO,EAAE,kBAAkB,YAAY,EAAE,cAAc,SAAS,EAAG,QAAO;AAC9E,MAAI,OAAO,EAAE,oBAAoB,YAAY,EAAE,gBAAgB,SAAS,EAAG,QAAO;AAElF,MAAI,OAAO,EAAE,gBAAgB,YAAY,EAAE,gBAAgB,MAAM;AAC/D,UAAM,MAAM,EAAE;AACd,QAAI,OAAO,IAAI,kBAAkB,YAAY,IAAI,cAAc,SAAS,EAAG,QAAO;AAClF,QAAI,OAAO,IAAI,oBAAoB,YAAY,IAAI,gBAAgB,SAAS,EAAG,QAAO;AAAA,EACxF;AAEA,SAAO;AACT;;;AC7CA,IAAM,iBAAiB;AACvB,IAAM,qBAAqB;AAE3B,SAAS,mBAAmB,OAAgB,WAAkC;AAC5E,MAAI,OAAO,UAAU,SAAU,QAAO;AACtC,MAAI,CAAC,eAAe,KAAK,KAAK,GAAG;AAC/B,WAAO,GAAG,SAAS,sCAAsC,KAAK;AAAA,EAChE;AACA,SAAO;AACT;AAEA,eAAsB,OACpB,QACA,SAC4B;AAC5B,QAAM,MAAM,GAAG,QAAQ,QAAQ,QAAQ,QAAQ,EAAE,CAAC;AAClD,QAAM,YAAY,QAAQ,aAAa;AACvC,QAAM,YAAY,uBAAuB,MAAM;AAE/C,QAAM,aAAa,IAAI,gBAAgB;AACvC,QAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAE5D,MAAI;AACJ,MAAI;AACF,eAAW,MAAM,MAAM,KAAK;AAAA,MAC1B,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,iBAAiB,UAAU,QAAQ,MAAM;AAAA,MAC3C;AAAA,MACA,MAAM,KAAK,UAAU,SAAS;AAAA,MAC9B,QAAQ,WAAW;AAAA,IACrB,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,iBAAa,KAAK;AAClB,UAAM,QAAQ;AACd,QAAI,MAAM,SAAS,cAAc;AAC/B,YAAM,IAAI;AAAA,QACR,uCAAuC,SAAS;AAAA,MAClD;AAAA,IACF;AACA,UAAM,IAAI;AAAA,MACR,8CAA8C,MAAM,OAAO;AAAA,IAC7D;AAAA,EACF,UAAE;AACA,iBAAa,KAAK;AAAA,EACpB;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,SAAS,KAAK;AAAA,EAC7B,QAAQ;AACN,UAAM,OAAO,MAAM,SAAS,KAAK,EAAE,MAAM,MAAM,EAAE;AACjD,UAAM,IAAI;AAAA,MACR,gDAAgD,SAAS,MAAM,MAAM,IAAI;AAAA,MACzE,SAAS;AAAA,IACX;AAAA,EACF;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAMC,UAAS;AACf,UAAM,MAAM,OAAOA,QAAO,UAAU,WAChCA,QAAO,QACP,QAAQ,SAAS,MAAM;AAC3B,UAAM,UAAU,MAAM,QAAQA,QAAO,OAAO,IAAIA,QAAO,UAAsB;AAC7E,UAAM,IAAI;AAAA,MACR,uBAAuB,GAAG;AAAA,MAC1B,SAAS;AAAA,MACT;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAAS;AACf,QAAM,SAAmB,CAAC;AAE1B,MAAI,OAAO,OAAO,oBAAoB,YAAY,OAAO,oBAAoB,OAAO,iBAAiB;AACnG,WAAO;AAAA,MACL,kCAAkC,OAAO,eAAe,qBAAqB,OAAO,eAAe;AAAA,IACrG;AAAA,EACF;AAEA,QAAM,cAAc,mBAAmB,OAAO,iBAAiB,0BAA0B;AACzF,MAAI,YAAa,QAAO,KAAK,WAAW;AAExC,QAAM,iBAAiB,mBAAmB,OAAO,iBAAiB,0BAA0B;AAC5F,MAAI,eAAgB,QAAO,KAAK,cAAc;AAE9C,MAAI,OAAO,SAAS,GAAG;AACrB,UAAM,IAAI;AAAA,MACR,2CAA2C,OAAO,KAAK,IAAI,CAAC;AAAA,MAC5D,SAAS;AAAA,MACT;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,eAAe,OAAO,OAAO,kBAAkB,WAAW,OAAO,gBAAgB;AAAA,IACjF,iBAAiB,OAAO,OAAO,oBAAoB,WAAW,OAAO,kBAAkB;AAAA,IACvF,iBAAiB,OAAO,OAAO,oBAAoB,WAAW,OAAO,kBAAkB;AAAA,IACvF,iBAAiB,OAAO,OAAO,oBAAoB,WAAW,OAAO,kBAAkB;AAAA,IACvF,KAAK;AAAA,EACP;AACF;;;ACxGO,SAAS,UAAU,QAAsC;AAC9D,SAAO,gBAAgB,MAAM;AAC/B;AAEO,SAAS,UAAU,MAAoC;AAC5D,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,IAAI;AAAA,EAC1B,SAAS,KAAK;AACZ,UAAM,IAAI,qBAAqB,CAAC,iBAAkB,IAAc,OAAO,EAAE,CAAC;AAAA,EAC5E;AAEA,QAAM,SAAS;AAEf,MAAI,CAAC,UAAU,OAAO,WAAW,UAAU;AACzC,UAAM,IAAI,qBAAqB,CAAC,+BAA+B,CAAC;AAAA,EAClE;AAEA,MAAI,OAAO,eAAe,uBAAuB;AAC/C,UAAM,IAAI,qBAAqB,CAAC,mDAAmD,OAAO,UAAU,GAAG,CAAC;AAAA,EAC1G;AAEA,QAAM,SAAS,UAAU,MAAM;AAC/B,MAAI,CAAC,OAAO,IAAI;AACd,UAAM,IAAI,qBAAqB,OAAO,MAAM;AAAA,EAC9C;AAEA,SAAO;AACT;;;ACjCA,IAAAC,UAAwB;AASjB,SAAS,aACd,QACA;AACA,SAAO;AAAA,IACL,MAAM,QAAQ,QAA6F;AACzG,YAAM,MAAM,MAAM,OAAO,OAAO,OAAO,aAAa;AACpD,YAAM,SAAS,OAAO,cAAc,GAAG;AACvC,YAAM,eAAe,OAAO,sBACxB,OAAO,oBAAoB,GAAG,IAC7B,OAAO,gBAAgB;AAE5B,YAAM,WAAW,eAAe;AAAA,QAC9B,aAAa,OAAO,eAAsB,mBAAW;AAAA,QACrD,UAAU,OAAO;AAAA,QACjB,OAAO,OAAO;AAAA,QACd;AAAA,QACA,QAAQ,OAAO;AAAA,QACf,OAAO,OAAO;AAAA,QACd,YAAY,OAAO;AAAA,QACnB;AAAA,QACA,OAAO,OAAO;AAAA,MAChB,CAAC;AAED,YAAM,SAAS,QAAQ,UAAU,EAAE,MAAM,OAAO,KAAK,CAAC;AAEtD,aAAO,EAAE,QAAQ,UAAU,OAAO;AAAA,IACpC;AAAA,EACF;AACF;","names":["errors","crypto","crypto","result","crypto"]}
package/dist/index.d.cts CHANGED
@@ -1,5 +1,5 @@
1
- import { C as CreateSnapshotParams, A as AiExecutionSnapshotV1, V as VerificationResult, a as CerMeta, b as CerAiExecutionBundle, c as CertifyDecisionParams, R as RunBuilderOptions, S as StepParams, d as RunSummary, e as AttestOptions, f as AttestationResult } from './types-DF29BsH5.cjs';
2
- export { g as AiExecutionParameters, P as ProviderConfig, W as WrappedExecutionParams, h as WrappedExecutionResult } from './types-DF29BsH5.cjs';
1
+ import { C as CreateSnapshotParams, A as AiExecutionSnapshotV1, V as VerificationResult, a as CerMeta, b as CerAiExecutionBundle, c as CertifyDecisionParams, R as RunBuilderOptions, S as StepParams, d as RunSummary, e as AttestOptions, f as AttestationResult } from './types-342Snbrb.cjs';
2
+ export { h as AiExecutionParameters, g as CerVerifyCode, g as CerVerifyCodeType, P as ProviderConfig, W as WrappedExecutionParams, i as WrappedExecutionResult } from './types-342Snbrb.cjs';
3
3
  export { wrapProvider } from './providers/wrap.cjs';
4
4
 
5
5
  declare class CerVerificationError extends Error {
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { C as CreateSnapshotParams, A as AiExecutionSnapshotV1, V as VerificationResult, a as CerMeta, b as CerAiExecutionBundle, c as CertifyDecisionParams, R as RunBuilderOptions, S as StepParams, d as RunSummary, e as AttestOptions, f as AttestationResult } from './types-DF29BsH5.js';
2
- export { g as AiExecutionParameters, P as ProviderConfig, W as WrappedExecutionParams, h as WrappedExecutionResult } from './types-DF29BsH5.js';
1
+ import { C as CreateSnapshotParams, A as AiExecutionSnapshotV1, V as VerificationResult, a as CerMeta, b as CerAiExecutionBundle, c as CertifyDecisionParams, R as RunBuilderOptions, S as StepParams, d as RunSummary, e as AttestOptions, f as AttestationResult } from './types-342Snbrb.js';
2
+ export { h as AiExecutionParameters, g as CerVerifyCode, g as CerVerifyCodeType, P as ProviderConfig, W as WrappedExecutionParams, i as WrappedExecutionResult } from './types-342Snbrb.js';
3
3
  export { wrapProvider } from './providers/wrap.js';
4
4
 
5
5
  declare class CerVerificationError extends Error {