npm - @nextera.one/axis-server-sdk - Versions diffs - 2.1.1 → 2.1.3 - Mend

@nextera.one/axis-server-sdk 2.1.1 → 2.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/dist/core/index.d.mts +2 -2
package/dist/core/index.d.ts +2 -2
package/dist/core/index.js +267 -6
package/dist/core/index.js.map +1 -1
package/dist/core/index.mjs +260 -8
package/dist/core/index.mjs.map +1 -1
package/dist/index-DXHfWxLG.d.mts +133 -0
package/dist/index-DXHfWxLG.d.ts +133 -0
package/dist/index.d.mts +555 -1397
package/dist/index.d.ts +555 -1397
package/dist/index.js +432 -3020
package/dist/index.js.map +1 -1
package/dist/index.mjs +427 -3028
package/dist/index.mjs.map +1 -1
package/package.json +2 -3
package/dist/codec/axis1.encode.d.mts +0 -10
package/dist/codec/axis1.encode.d.ts +0 -10
package/dist/codec/axis1.encode.js +0 -65
package/dist/codec/axis1.encode.js.map +0 -1
package/dist/codec/axis1.encode.mjs +0 -41
package/dist/codec/axis1.encode.mjs.map +0 -1
package/dist/codec/axis1.signing.d.mts +0 -8
package/dist/codec/axis1.signing.d.ts +0 -8
package/dist/codec/axis1.signing.js +0 -61
package/dist/codec/axis1.signing.js.map +0 -1
package/dist/codec/axis1.signing.mjs +0 -37
package/dist/codec/axis1.signing.mjs.map +0 -1
package/dist/index-VxXqZPuH.d.mts +0 -51
package/dist/index-VxXqZPuH.d.ts +0 -51
package/dist/types/frame.d.mts +0 -11
package/dist/types/frame.d.ts +0 -11
package/dist/types/frame.js +0 -78
package/dist/types/frame.js.map +0 -1
package/dist/types/frame.mjs +0 -54
package/dist/types/frame.mjs.map +0 -1

package/dist/core/index.d.mts CHANGED Viewed

@@ -1,3 +1,3 @@
-export * from '@nextera.one/axis-protocol';
-export { A as AxisError, a as AxisFrameZ, c as computeReceiptHash, b as computeSignaturePayload, g as generateEd25519KeyPair, s as sha256, d as signFrame, v as verifyFrameSignature } from '../index-VxXqZPuH.mjs';
+export { a as AxisBinaryFrame, b as AxisError, A as AxisFrame, c as AxisFrameZ, d as AxisMediaTypes, e as computeReceiptHash, f as computeSignaturePayload, g as decodeFrame, h as encodeFrame, j as generateEd25519KeyPair, k as getSignTarget, s as sha256, l as signFrame, v as verifyFrameSignature } from '../index-DXHfWxLG.mjs';
+export { AXIS_MAGIC, AXIS_VERSION, BodyProfile, ERR_BAD_SIGNATURE, ERR_CONTRACT_VIOLATION, ERR_INVALID_PACKET, ERR_REPLAY_DETECTED, FLAG_BODY_TLV, FLAG_CHAIN_REQ, FLAG_HAS_WITNESS, MAX_BODY_LEN, MAX_FRAME_LEN, MAX_HDR_LEN, MAX_SIG_LEN, NCERT_ALG, NCERT_EXP, NCERT_ISSUER_KID, NCERT_KID, NCERT_NBF, NCERT_NODE_ID, NCERT_PAYLOAD, NCERT_PUB, NCERT_SCOPE, NCERT_SIG, PROOF_CAPSULE, PROOF_JWT, PROOF_LOOM, PROOF_MTLS, PROOF_NONE, PROOF_WITNESS, ProofType, TLV, TLV_ACTOR_ID, TLV_AUD, TLV_BODY_ARR, TLV_BODY_OBJ, TLV_CAPSULE, TLV_EFFECT, TLV_ERROR_CODE, TLV_ERROR_MSG, TLV_INDEX, TLV_INTENT, TLV_KID, TLV_LOOM_PRESENCE_ID, TLV_LOOM_THREAD_HASH, TLV_LOOM_WRIT, TLV_NODE, TLV_NODE_CERT_HASH, TLV_NODE_KID, TLV_NONCE, TLV_OFFSET, TLV_OK, TLV_PID, TLV_PREV_HASH, TLV_PROOF_REF, TLV_PROOF_TYPE, TLV_REALM, TLV_RECEIPT_HASH, TLV_RID, TLV_SHA256_CHUNK, TLV_TRACE_ID, TLV_TS, TLV_UPLOAD_ID, decodeArray, decodeObject, decodeTLVs, decodeTLVsList, decodeVarint, encodeTLVs, encodeVarint, varintLength } from '@nextera.one/axis-protocol';
 import 'zod';

package/dist/core/index.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
-export * from '@nextera.one/axis-protocol';
-export { A as AxisError, a as AxisFrameZ, c as computeReceiptHash, b as computeSignaturePayload, g as generateEd25519KeyPair, s as sha256, d as signFrame, v as verifyFrameSignature } from '../index-VxXqZPuH.js';
+export { a as AxisBinaryFrame, b as AxisError, A as AxisFrame, c as AxisFrameZ, d as AxisMediaTypes, e as computeReceiptHash, f as computeSignaturePayload, g as decodeFrame, h as encodeFrame, j as generateEd25519KeyPair, k as getSignTarget, s as sha256, l as signFrame, v as verifyFrameSignature } from '../index-DXHfWxLG.js';
+export { AXIS_MAGIC, AXIS_VERSION, BodyProfile, ERR_BAD_SIGNATURE, ERR_CONTRACT_VIOLATION, ERR_INVALID_PACKET, ERR_REPLAY_DETECTED, FLAG_BODY_TLV, FLAG_CHAIN_REQ, FLAG_HAS_WITNESS, MAX_BODY_LEN, MAX_FRAME_LEN, MAX_HDR_LEN, MAX_SIG_LEN, NCERT_ALG, NCERT_EXP, NCERT_ISSUER_KID, NCERT_KID, NCERT_NBF, NCERT_NODE_ID, NCERT_PAYLOAD, NCERT_PUB, NCERT_SCOPE, NCERT_SIG, PROOF_CAPSULE, PROOF_JWT, PROOF_LOOM, PROOF_MTLS, PROOF_NONE, PROOF_WITNESS, ProofType, TLV, TLV_ACTOR_ID, TLV_AUD, TLV_BODY_ARR, TLV_BODY_OBJ, TLV_CAPSULE, TLV_EFFECT, TLV_ERROR_CODE, TLV_ERROR_MSG, TLV_INDEX, TLV_INTENT, TLV_KID, TLV_LOOM_PRESENCE_ID, TLV_LOOM_THREAD_HASH, TLV_LOOM_WRIT, TLV_NODE, TLV_NODE_CERT_HASH, TLV_NODE_KID, TLV_NONCE, TLV_OFFSET, TLV_OK, TLV_PID, TLV_PREV_HASH, TLV_PROOF_REF, TLV_PROOF_TYPE, TLV_REALM, TLV_RECEIPT_HASH, TLV_RID, TLV_SHA256_CHUNK, TLV_TRACE_ID, TLV_TS, TLV_UPLOAD_ID, decodeArray, decodeObject, decodeTLVs, decodeTLVsList, decodeVarint, encodeTLVs, encodeVarint, varintLength } from '@nextera.one/axis-protocol';
 import 'zod';

package/dist/core/index.js CHANGED Viewed

@@ -16,7 +16,6 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
-var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
 var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
   // If the importer is in node compatibility mode or this is not an ESM
   // file that has been converted to a CommonJS file using a Babel-
@@ -30,21 +29,124 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/core/index.ts
 var core_exports = {};
 __export(core_exports, {
+  AXIS_MAGIC: () => import_axis_protocol.AXIS_MAGIC,
+  AXIS_VERSION: () => import_axis_protocol.AXIS_VERSION,
   AxisError: () => AxisError,
   AxisFrameZ: () => AxisFrameZ,
+  AxisMediaTypes: () => AxisMediaTypes,
+  BodyProfile: () => import_axis_protocol.BodyProfile,
+  ERR_BAD_SIGNATURE: () => import_axis_protocol.ERR_BAD_SIGNATURE,
+  ERR_CONTRACT_VIOLATION: () => import_axis_protocol.ERR_CONTRACT_VIOLATION,
+  ERR_INVALID_PACKET: () => import_axis_protocol.ERR_INVALID_PACKET,
+  ERR_REPLAY_DETECTED: () => import_axis_protocol.ERR_REPLAY_DETECTED,
+  FLAG_BODY_TLV: () => import_axis_protocol.FLAG_BODY_TLV,
+  FLAG_CHAIN_REQ: () => import_axis_protocol.FLAG_CHAIN_REQ,
+  FLAG_HAS_WITNESS: () => import_axis_protocol.FLAG_HAS_WITNESS,
+  MAX_BODY_LEN: () => import_axis_protocol.MAX_BODY_LEN,
+  MAX_FRAME_LEN: () => import_axis_protocol.MAX_FRAME_LEN,
+  MAX_HDR_LEN: () => import_axis_protocol.MAX_HDR_LEN,
+  MAX_SIG_LEN: () => import_axis_protocol.MAX_SIG_LEN,
+  NCERT_ALG: () => import_axis_protocol.NCERT_ALG,
+  NCERT_EXP: () => import_axis_protocol.NCERT_EXP,
+  NCERT_ISSUER_KID: () => import_axis_protocol.NCERT_ISSUER_KID,
+  NCERT_KID: () => import_axis_protocol.NCERT_KID,
+  NCERT_NBF: () => import_axis_protocol.NCERT_NBF,
+  NCERT_NODE_ID: () => import_axis_protocol.NCERT_NODE_ID,
+  NCERT_PAYLOAD: () => import_axis_protocol.NCERT_PAYLOAD,
+  NCERT_PUB: () => import_axis_protocol.NCERT_PUB,
+  NCERT_SCOPE: () => import_axis_protocol.NCERT_SCOPE,
+  NCERT_SIG: () => import_axis_protocol.NCERT_SIG,
+  PROOF_CAPSULE: () => import_axis_protocol.PROOF_CAPSULE,
+  PROOF_JWT: () => import_axis_protocol.PROOF_JWT,
+  PROOF_LOOM: () => import_axis_protocol.PROOF_LOOM,
+  PROOF_MTLS: () => import_axis_protocol.PROOF_MTLS,
+  PROOF_NONE: () => import_axis_protocol.PROOF_NONE,
+  PROOF_WITNESS: () => import_axis_protocol.PROOF_WITNESS,
+  ProofType: () => import_axis_protocol.ProofType,
+  TLV: () => import_axis_protocol3.TLV,
+  TLV_ACTOR_ID: () => import_axis_protocol.TLV_ACTOR_ID,
+  TLV_AUD: () => import_axis_protocol.TLV_AUD,
+  TLV_BODY_ARR: () => import_axis_protocol.TLV_BODY_ARR,
+  TLV_BODY_OBJ: () => import_axis_protocol.TLV_BODY_OBJ,
+  TLV_CAPSULE: () => import_axis_protocol.TLV_CAPSULE,
+  TLV_EFFECT: () => import_axis_protocol.TLV_EFFECT,
+  TLV_ERROR_CODE: () => import_axis_protocol.TLV_ERROR_CODE,
+  TLV_ERROR_MSG: () => import_axis_protocol.TLV_ERROR_MSG,
+  TLV_INDEX: () => import_axis_protocol.TLV_INDEX,
+  TLV_INTENT: () => import_axis_protocol.TLV_INTENT,
+  TLV_KID: () => import_axis_protocol.TLV_KID,
+  TLV_LOOM_PRESENCE_ID: () => import_axis_protocol.TLV_LOOM_PRESENCE_ID,
+  TLV_LOOM_THREAD_HASH: () => import_axis_protocol.TLV_LOOM_THREAD_HASH,
+  TLV_LOOM_WRIT: () => import_axis_protocol.TLV_LOOM_WRIT,
+  TLV_NODE: () => import_axis_protocol.TLV_NODE,
+  TLV_NODE_CERT_HASH: () => import_axis_protocol.TLV_NODE_CERT_HASH,
+  TLV_NODE_KID: () => import_axis_protocol.TLV_NODE_KID,
+  TLV_NONCE: () => import_axis_protocol.TLV_NONCE,
+  TLV_OFFSET: () => import_axis_protocol.TLV_OFFSET,
+  TLV_OK: () => import_axis_protocol.TLV_OK,
+  TLV_PID: () => import_axis_protocol.TLV_PID,
+  TLV_PREV_HASH: () => import_axis_protocol.TLV_PREV_HASH,
+  TLV_PROOF_REF: () => import_axis_protocol.TLV_PROOF_REF,
+  TLV_PROOF_TYPE: () => import_axis_protocol.TLV_PROOF_TYPE,
+  TLV_REALM: () => import_axis_protocol.TLV_REALM,
+  TLV_RECEIPT_HASH: () => import_axis_protocol.TLV_RECEIPT_HASH,
+  TLV_RID: () => import_axis_protocol.TLV_RID,
+  TLV_SHA256_CHUNK: () => import_axis_protocol.TLV_SHA256_CHUNK,
+  TLV_TRACE_ID: () => import_axis_protocol.TLV_TRACE_ID,
+  TLV_TS: () => import_axis_protocol.TLV_TS,
+  TLV_UPLOAD_ID: () => import_axis_protocol.TLV_UPLOAD_ID,
   computeReceiptHash: () => computeReceiptHash,
   computeSignaturePayload: () => computeSignaturePayload,
+  decodeArray: () => import_axis_protocol3.decodeArray,
+  decodeFrame: () => decodeFrame,
+  decodeObject: () => import_axis_protocol3.decodeObject,
+  decodeTLVs: () => import_axis_protocol3.decodeTLVs,
+  decodeTLVsList: () => import_axis_protocol3.decodeTLVsList,
+  decodeVarint: () => import_axis_protocol2.decodeVarint,
+  encodeFrame: () => encodeFrame,
+  encodeTLVs: () => import_axis_protocol3.encodeTLVs,
+  encodeVarint: () => import_axis_protocol2.encodeVarint,
   generateEd25519KeyPair: () => generateEd25519KeyPair,
+  getSignTarget: () => getSignTarget,
   sha256: () => sha256,
   signFrame: () => signFrame,
+  varintLength: () => import_axis_protocol2.varintLength,
   verifyFrameSignature: () => verifyFrameSignature
 });
 module.exports = __toCommonJS(core_exports);
-__reExport(core_exports, require("@nextera.one/axis-protocol"), module.exports);
+// src/core/constants.ts
+var import_axis_protocol = require("@nextera.one/axis-protocol");
+var _AxisMediaTypes = class _AxisMediaTypes {
+  static normalize(value) {
+    if (!value) return void 0;
+    return value.split(";", 1)[0].trim().toLowerCase();
+  }
+  static isAxisContentType(value) {
+    const normalized = _AxisMediaTypes.normalize(value);
+    return !!normalized && _AxisMediaTypes.VALID_AXIS_CONTENT_TYPES.some(
+      (contentType) => contentType === normalized
+    );
+  }
+};
+_AxisMediaTypes.BINARY = "application/axis-bin";
+_AxisMediaTypes.OCTET_STREAM = "application/octet-stream";
+_AxisMediaTypes.LEGACY_BINARY = "application/x-axis";
+_AxisMediaTypes.VALID_AXIS_CONTENT_TYPES = [
+  _AxisMediaTypes.BINARY,
+  _AxisMediaTypes.OCTET_STREAM,
+  _AxisMediaTypes.LEGACY_BINARY
+];
+var AxisMediaTypes = _AxisMediaTypes;
+// src/core/varint.ts
+var import_axis_protocol2 = require("@nextera.one/axis-protocol");
+// src/core/tlv.ts
+var import_axis_protocol3 = require("@nextera.one/axis-protocol");
 // src/core/axis-bin.ts
 var z = __toESM(require("zod"));
-var import_axis_protocol = require("@nextera.one/axis-protocol");
 var AxisFrameZ = z.object({
   /** Flag bits for protocol control (e.g., encryption, compression) */
   flags: z.number().int().nonnegative(),
@@ -58,11 +160,96 @@ var AxisFrameZ = z.object({
   /** The cryptographic signature covering the frame (except the signature itself) */
   sig: z.custom((v) => v instanceof Uint8Array)
 });
+function encodeFrame(frame) {
+  const hdrBytes = (0, import_axis_protocol3.encodeTLVs)(
+    Array.from(frame.headers.entries()).map(([t, v]) => ({
+      type: t,
+      value: v
+    }))
+  );
+  if (hdrBytes.length > import_axis_protocol.MAX_HDR_LEN) throw new Error("Header too large");
+  if (frame.body.length > import_axis_protocol.MAX_BODY_LEN) throw new Error("Body too large");
+  if (frame.sig.length > import_axis_protocol.MAX_SIG_LEN) throw new Error("Signature too large");
+  const hdrLenBytes = (0, import_axis_protocol2.encodeVarint)(hdrBytes.length);
+  const bodyLenBytes = (0, import_axis_protocol2.encodeVarint)(frame.body.length);
+  const sigLenBytes = (0, import_axis_protocol2.encodeVarint)(frame.sig.length);
+  const totalLen = 5 + // Magic (AXIS1)
+  1 + // Version
+  1 + // Flags
+  hdrLenBytes.length + bodyLenBytes.length + sigLenBytes.length + hdrBytes.length + frame.body.length + frame.sig.length;
+  if (totalLen > import_axis_protocol.MAX_FRAME_LEN) throw new Error("Total frame too large");
+  const buf = new Uint8Array(totalLen);
+  let offset = 0;
+  buf.set(import_axis_protocol.AXIS_MAGIC, offset);
+  offset += 5;
+  buf[offset++] = import_axis_protocol.AXIS_VERSION;
+  buf[offset++] = frame.flags;
+  buf.set(hdrLenBytes, offset);
+  offset += hdrLenBytes.length;
+  buf.set(bodyLenBytes, offset);
+  offset += bodyLenBytes.length;
+  buf.set(sigLenBytes, offset);
+  offset += sigLenBytes.length;
+  buf.set(hdrBytes, offset);
+  offset += hdrBytes.length;
+  buf.set(frame.body, offset);
+  offset += frame.body.length;
+  buf.set(frame.sig, offset);
+  offset += frame.sig.length;
+  return buf;
+}
+function decodeFrame(buf) {
+  let offset = 0;
+  if (offset + 5 > buf.length) throw new Error("Packet too short");
+  for (let i = 0; i < 5; i++) {
+    if (buf[offset + i] !== import_axis_protocol.AXIS_MAGIC[i]) throw new Error("Invalid Magic");
+  }
+  offset += 5;
+  const ver = buf[offset++];
+  if (ver !== import_axis_protocol.AXIS_VERSION) throw new Error(`Unsupported version: ${ver}`);
+  const flags = buf[offset++];
+  const { value: hdrLen, length: hlLen } = (0, import_axis_protocol2.decodeVarint)(buf, offset);
+  offset += hlLen;
+  if (hdrLen > import_axis_protocol.MAX_HDR_LEN) throw new Error("Header limit exceeded");
+  const { value: bodyLen, length: blLen } = (0, import_axis_protocol2.decodeVarint)(buf, offset);
+  offset += blLen;
+  if (bodyLen > import_axis_protocol.MAX_BODY_LEN) throw new Error("Body limit exceeded");
+  const { value: sigLen, length: slLen } = (0, import_axis_protocol2.decodeVarint)(buf, offset);
+  offset += slLen;
+  if (sigLen > import_axis_protocol.MAX_SIG_LEN) throw new Error("Signature limit exceeded");
+  if (offset + hdrLen + bodyLen + sigLen > buf.length) {
+    throw new Error("Frame truncated");
+  }
+  const hdrBytes = buf.slice(offset, offset + hdrLen);
+  offset += hdrLen;
+  const bodyBytes = buf.slice(offset, offset + bodyLen);
+  offset += bodyLen;
+  const sigBytes = buf.slice(offset, offset + sigLen);
+  offset += sigLen;
+  const headers = (0, import_axis_protocol3.decodeTLVs)(hdrBytes);
+  return {
+    flags,
+    headers,
+    body: bodyBytes,
+    sig: sigBytes
+  };
+}
+function getSignTarget(frame) {
+  return encodeFrame({
+    ...frame,
+    sig: new Uint8Array(0)
+  });
+}
 // src/core/signature.ts
 var crypto = __toESM(require("crypto"));
 function computeSignaturePayload(frame) {
-  return Buffer.from((0, import_axis_protocol.getSignTarget)(frame));
+  const frameWithoutSig = {
+    ...frame,
+    sig: new Uint8Array(0)
+  };
+  const encoded = encodeFrame(frameWithoutSig);
+  return Buffer.from(encoded);
 }
 function signFrame(frame, privateKey) {
   const payload = computeSignaturePayload(frame);
@@ -185,14 +372,88 @@ var AxisError = class extends Error {
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  AXIS_MAGIC,
+  AXIS_VERSION,
   AxisError,
   AxisFrameZ,
+  AxisMediaTypes,
+  BodyProfile,
+  ERR_BAD_SIGNATURE,
+  ERR_CONTRACT_VIOLATION,
+  ERR_INVALID_PACKET,
+  ERR_REPLAY_DETECTED,
+  FLAG_BODY_TLV,
+  FLAG_CHAIN_REQ,
+  FLAG_HAS_WITNESS,
+  MAX_BODY_LEN,
+  MAX_FRAME_LEN,
+  MAX_HDR_LEN,
+  MAX_SIG_LEN,
+  NCERT_ALG,
+  NCERT_EXP,
+  NCERT_ISSUER_KID,
+  NCERT_KID,
+  NCERT_NBF,
+  NCERT_NODE_ID,
+  NCERT_PAYLOAD,
+  NCERT_PUB,
+  NCERT_SCOPE,
+  NCERT_SIG,
+  PROOF_CAPSULE,
+  PROOF_JWT,
+  PROOF_LOOM,
+  PROOF_MTLS,
+  PROOF_NONE,
+  PROOF_WITNESS,
+  ProofType,
+  TLV,
+  TLV_ACTOR_ID,
+  TLV_AUD,
+  TLV_BODY_ARR,
+  TLV_BODY_OBJ,
+  TLV_CAPSULE,
+  TLV_EFFECT,
+  TLV_ERROR_CODE,
+  TLV_ERROR_MSG,
+  TLV_INDEX,
+  TLV_INTENT,
+  TLV_KID,
+  TLV_LOOM_PRESENCE_ID,
+  TLV_LOOM_THREAD_HASH,
+  TLV_LOOM_WRIT,
+  TLV_NODE,
+  TLV_NODE_CERT_HASH,
+  TLV_NODE_KID,
+  TLV_NONCE,
+  TLV_OFFSET,
+  TLV_OK,
+  TLV_PID,
+  TLV_PREV_HASH,
+  TLV_PROOF_REF,
+  TLV_PROOF_TYPE,
+  TLV_REALM,
+  TLV_RECEIPT_HASH,
+  TLV_RID,
+  TLV_SHA256_CHUNK,
+  TLV_TRACE_ID,
+  TLV_TS,
+  TLV_UPLOAD_ID,
   computeReceiptHash,
   computeSignaturePayload,
+  decodeArray,
+  decodeFrame,
+  decodeObject,
+  decodeTLVs,
+  decodeTLVsList,
+  decodeVarint,
+  encodeFrame,
+  encodeTLVs,
+  encodeVarint,
   generateEd25519KeyPair,
+  getSignTarget,
   sha256,
   signFrame,
-  verifyFrameSignature,
-  ...require("@nextera.one/axis-protocol")
+  varintLength,
+  verifyFrameSignature
 });
 //# sourceMappingURL=index.js.map

package/dist/core/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/core/index.ts","../../src/core/axis-bin.ts","../../src/core/signature.ts","../../src/core/axis-error.ts"],"sourcesContent":["export * from '@nextera.one/axis-protocol';\nexport { AxisFrameZ } from './axis-bin';\nexport * from './signature';\nexport * from './axis-error';\n","import * as z from 'zod';\nimport type { AxisFrame as ProtocolAxisFrame } from '@nextera.one/axis-protocol';\n\nexport {\n decodeFrame,\n encodeFrame,\n getSignTarget,\n} from '@nextera.one/axis-protocol';\nexport type { AxisFrame, AxisBinaryFrame } from '@nextera.one/axis-protocol';\n\n/*\n AxisFrame Schema\n \n Defines the logical structure of an AXIS frame using Zod for runtime validation.\n * This is used for internal processing after the low-level binary parsing is complete.\n /\nexport const AxisFrameZ: z.ZodType<ProtocolAxisFrame> = z.object({\n /* Flag bits for protocol control (e.g., encryption, compression) /\n flags: z.number().int().nonnegative(),\n /* A map of TLV headers where key=Tag and value=BinaryData /\n headers: z.map(\n z.number(),\n z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n ),\n /* The main payload of the frame /\n body: z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n /* The cryptographic signature covering the frame (except the signature itself) /\n sig: z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n});\n","import as crypto from 'crypto';\n\nimport { AxisFrame, getSignTarget } from './axis-bin';\n\n/*\n Signature utilities for AXIS binary frames\n * Supports Ed25519 signature generation and verification\n /\n\n/\n Computes the canonical payload for signing an AXIS frame.\n * The signature covers all bytes of the encoded frame EXCEPT the signature field itself.\n \n @param {AxisFrame} frame - The frame to prepare for signing\n * @returns {Buffer} The serialized canonical bytes for the signature algorithm\n /\nexport function computeSignaturePayload(frame: AxisFrame): Buffer {\n return Buffer.from(getSignTarget(frame));\n}\n\n/\n Signs an AXIS frame using the Ed25519 algorithm.\n * Automatically handles both raw 32-byte seeds and pkcs8 DER-encoded private keys.\n \n @param {AxisFrame} frame - The frame to sign\n * @param {Buffer} privateKey - Ed25519 private key (32-byte raw OR pkcs8 DER)\n * @returns {Buffer} The 64-byte Ed25519 signature\n * @throws {Error} If key format is invalid or signing fail\n /\nexport function signFrame(frame: AxisFrame, privateKey: Buffer): Buffer {\n const payload = computeSignaturePayload(frame);\n\n let keyObject: crypto.KeyObject;\n\n // Check if key is raw 32-byte seed or DER-encoded\n if (privateKey.length === 32) {\n // Raw seed - wrap in pkcs8 DER format\n // pkcs8 prefix for Ed25519: 0x302e020100300506032b657004220420\n const pkcs8Prefix = Buffer.from([\n 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,\n 0x04, 0x22, 0x04, 0x20,\n ]);\n const pkcs8Key = Buffer.concat([pkcs8Prefix, privateKey]);\n\n keyObject = crypto.createPrivateKey({\n key: pkcs8Key,\n format: 'der',\n type: 'pkcs8',\n });\n } else {\n // Assume already DER-encoded pkcs8\n keyObject = crypto.createPrivateKey({\n key: privateKey,\n format: 'der',\n type: 'pkcs8',\n });\n }\n\n const signature = crypto.sign(null, payload, keyObject);\n\n if (signature.length !== 64) {\n throw new Error('Ed25519 signature must be 64 bytes');\n }\n\n return signature;\n}\n\n/\n Verifies an Ed25519 signature on an AXIS frame.\n * Automatically handles both raw 32-byte public keys and spki DER-encoded public keys.\n \n @param {AxisFrame} frame - The frame containing the signature to verify\n * @param {Buffer} publicKey - Ed25519 public key (32-byte raw OR spki DER)\n * @returns {boolean} True if the signature is cryptographically valid\n * @throws {Error} If signature length is invalid\n /\nexport function verifyFrameSignature(\n frame: AxisFrame,\n publicKey: Buffer,\n): boolean {\n if (frame.sig.length === 0) {\n return false; // No signature\n }\n\n if (frame.sig.length !== 64) {\n throw new Error('Ed25519 signature must be 64 bytes');\n }\n\n const payload = computeSignaturePayload(frame);\n\n try {\n let keyObject: crypto.KeyObject;\n\n // Check if key is raw 32-byte or DER-encoded\n if (publicKey.length === 32) {\n // Raw key - wrap in spki DER format\n // spki prefix for Ed25519: 0x302a300506032b6570032100\n const spkiPrefix = Buffer.from([\n 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,\n ]);\n const spkiKey = Buffer.concat([spkiPrefix, publicKey]);\n\n keyObject = crypto.createPublicKey({\n key: spkiKey,\n format: 'der',\n type: 'spki',\n });\n } else {\n // Assume already DER-encoded spki\n keyObject = crypto.createPublicKey({\n key: publicKey,\n format: 'der',\n type: 'spki',\n });\n }\n\n const valid = crypto.verify(\n null,\n payload,\n keyObject,\n Buffer.from(frame.sig),\n );\n return valid;\n } catch (error) {\n return false;\n }\n}\n\n/\n Generates a new Ed25519 key pair for use with the AXIS protocol.\n * Returns keys in canonical DER format (pkcs8 for private, spki for public).\n \n @returns {Object} An object containing the privateKey and publicKey as Buffers\n /\nexport function generateEd25519KeyPair(): {\n privateKey: Buffer;\n publicKey: Buffer;\n} {\n const { privateKey, publicKey } = crypto.generateKeyPairSync('ed25519');\n\n return {\n privateKey: privateKey.export({ type: 'pkcs8', format: 'der' }) as Buffer,\n publicKey: publicKey.export({ type: 'spki', format: 'der' }) as Buffer,\n };\n}\n\n/\n Computes a standard SHA-256 hash of the provided data.\n \n @param {Buffer \| Uint8Array} data - The input data to hash\n * @returns {Buffer} The 32-byte SHA-256 digest\n /\nexport function sha256(data: Buffer \| Uint8Array): Buffer {\n return crypto.createHash('sha256').update(data).digest();\n}\n\n/\n Computes a hash for an AXIS receipt, optionally chaining it to a previous hash.\n * This is used for generating an immutable transaction chain.\n \n @param {Buffer \| Uint8Array} receiptBytes - The canonical binary representation of the receipt\n * @param {Buffer \| Uint8Array} [prevHash] - The hash of the previous receipt in the chain\n * @returns {Buffer} The 32-byte SHA-256 hash of the receipt (and link)\n */\nexport function computeReceiptHash(\n receiptBytes: Buffer \| Uint8Array,\n prevHash?: Buffer \| Uint8Array,\n): Buffer {\n const hasher = crypto.createHash('sha256');\n hasher.update(receiptBytes);\n\n if (prevHash && prevHash.length > 0) {\n hasher.update(prevHash);\n }\n\n return hasher.digest();\n}\n","export class AxisError extends Error {\n constructor(\n public code: string,\n message: string,\n public httpStatus: number = 400,\n public details?: Record<string, any>,\n ) {\n super(message);\n this.name = 'AxisError';\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAc,uCAAd;;;ACAA,QAAmB;AAGnB,2BAIO;AASA,IAAM,aAA6C,SAAO;AAAA;AAAA,EAE/D,OAAS,SAAO,EAAE,IAAI,EAAE,YAAY;AAAA;AAAA,EAEpC,SAAW;AAAA,IACP,SAAO;AAAA,IACP,SAAmB,CAAC,MAAM,aAAa,UAAU;AAAA,EACrD;AAAA;AAAA,EAEA,MAAQ,SAAmB,CAAC,MAAM,aAAa,UAAU;AAAA;AAAA,EAEzD,KAAO,SAAmB,CAAC,MAAM,aAAa,UAAU;AAC1D,CAAC;;;AC5BD,aAAwB;AAgBjB,SAAS,wBAAwB,OAA0B;AAChE,SAAO,OAAO,SAAK,oCAAc,KAAK,CAAC;AACzC;AAWO,SAAS,UAAU,OAAkB,YAA4B;AACtE,QAAM,UAAU,wBAAwB,KAAK;AAE7C,MAAI;AAGJ,MAAI,WAAW,WAAW,IAAI;AAG5B,UAAM,cAAc,OAAO,KAAK;AAAA,MAC9B;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAClE;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,IACpB,CAAC;AACD,UAAM,WAAW,OAAO,OAAO,CAAC,aAAa,UAAU,CAAC;AAExD,gBAAmB,wBAAiB;AAAA,MAClC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH,OAAO;AAEL,gBAAmB,wBAAiB;AAAA,MAClC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,YAAmB,YAAK,MAAM,SAAS,SAAS;AAEtD,MAAI,UAAU,WAAW,IAAI;AAC3B,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAEA,SAAO;AACT;AAWO,SAAS,qBACd,OACA,WACS;AACT,MAAI,MAAM,IAAI,WAAW,GAAG;AAC1B,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,IAAI,WAAW,IAAI;AAC3B,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAEA,QAAM,UAAU,wBAAwB,KAAK;AAE7C,MAAI;AACF,QAAI;AAGJ,QAAI,UAAU,WAAW,IAAI;AAG3B,YAAM,aAAa,OAAO,KAAK;AAAA,QAC7B;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,MACpE,CAAC;AACD,YAAM,UAAU,OAAO,OAAO,CAAC,YAAY,SAAS,CAAC;AAErD,kBAAmB,uBAAgB;AAAA,QACjC,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH,OAAO;AAEL,kBAAmB,uBAAgB;AAAA,QACjC,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,UAAM,QAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO,KAAK,MAAM,GAAG;AAAA,IACvB;AACA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF;AAQO,SAAS,yBAGd;AACA,QAAM,EAAE,YAAY,UAAU,IAAW,2BAAoB,SAAS;AAEtE,SAAO;AAAA,IACL,YAAY,WAAW,OAAO,EAAE,MAAM,SAAS,QAAQ,MAAM,CAAC;AAAA,IAC9D,WAAW,UAAU,OAAO,EAAE,MAAM,QAAQ,QAAQ,MAAM,CAAC;AAAA,EAC7D;AACF;AAQO,SAAS,OAAO,MAAmC;AACxD,SAAc,kBAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO;AACzD;AAUO,SAAS,mBACd,cACA,UACQ;AACR,QAAM,SAAgB,kBAAW,QAAQ;AACzC,SAAO,OAAO,YAAY;AAE1B,MAAI,YAAY,SAAS,SAAS,GAAG;AACnC,WAAO,OAAO,QAAQ;AAAA,EACxB;AAEA,SAAO,OAAO,OAAO;AACvB;;;AChLO,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnC,YACS,MACP,SACO,aAAqB,KACrB,SACP;AACA,UAAM,OAAO;AALN;AAEA;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;","names":[]}
1	+ {"version":3,"sources":["../../src/core/index.ts","../../src/core/constants.ts","../../src/core/varint.ts","../../src/core/tlv.ts","../../src/core/axis-bin.ts","../../src/core/signature.ts","../../src/core/axis-error.ts"],"sourcesContent":["export * from './constants';\nexport * from './varint';\nexport * from './tlv';\nexport * from './axis-bin';\nexport * from './signature';\nexport * from './axis-error';\n","export {\n AXIS_MAGIC,\n AXIS_VERSION,\n MAX_HDR_LEN,\n MAX_BODY_LEN,\n MAX_SIG_LEN,\n MAX_FRAME_LEN,\n FLAG_BODY_TLV,\n FLAG_CHAIN_REQ,\n FLAG_HAS_WITNESS,\n TLV_PID,\n TLV_TS,\n TLV_INTENT,\n TLV_ACTOR_ID,\n TLV_PROOF_TYPE,\n TLV_PROOF_REF,\n TLV_NONCE,\n TLV_AUD,\n TLV_REALM,\n TLV_NODE,\n TLV_TRACE_ID,\n TLV_KID,\n TLV_RID,\n TLV_OK,\n TLV_EFFECT,\n TLV_ERROR_CODE,\n TLV_ERROR_MSG,\n TLV_PREV_HASH,\n TLV_RECEIPT_HASH,\n TLV_NODE_KID,\n TLV_NODE_CERT_HASH,\n TLV_LOOM_PRESENCE_ID,\n TLV_LOOM_WRIT,\n TLV_LOOM_THREAD_HASH,\n TLV_UPLOAD_ID,\n TLV_INDEX,\n TLV_OFFSET,\n TLV_SHA256_CHUNK,\n TLV_CAPSULE,\n TLV_BODY_OBJ,\n TLV_BODY_ARR,\n NCERT_NODE_ID,\n NCERT_KID,\n NCERT_ALG,\n NCERT_PUB,\n NCERT_NBF,\n NCERT_EXP,\n NCERT_SCOPE,\n NCERT_ISSUER_KID,\n NCERT_PAYLOAD,\n NCERT_SIG,\n PROOF_NONE,\n PROOF_CAPSULE,\n PROOF_JWT,\n PROOF_MTLS,\n PROOF_LOOM,\n PROOF_WITNESS,\n ProofType,\n BodyProfile,\n ERR_INVALID_PACKET,\n ERR_BAD_SIGNATURE,\n ERR_REPLAY_DETECTED,\n ERR_CONTRACT_VIOLATION,\n} from '@nextera.one/axis-protocol';\n\nexport abstract class AxisMediaTypes {\n static readonly BINARY = 'application/axis-bin';\n static readonly OCTET_STREAM = 'application/octet-stream';\n static readonly LEGACY_BINARY = 'application/x-axis';\n\n static readonly VALID_AXIS_CONTENT_TYPES = [\n AxisMediaTypes.BINARY,\n AxisMediaTypes.OCTET_STREAM,\n AxisMediaTypes.LEGACY_BINARY,\n ] as const;\n\n static normalize(value?: string \| null): string \| undefined {\n if (!value) return undefined;\n return value.split(';', 1)[0].trim().toLowerCase();\n }\n\n static isAxisContentType(value?: string \| null): boolean {\n const normalized = AxisMediaTypes.normalize(value);\n return (\n !!normalized &&\n AxisMediaTypes.VALID_AXIS_CONTENT_TYPES.some(\n (contentType) => contentType === normalized,\n )\n );\n }\n}\n","export { encodeVarint, decodeVarint, varintLength } from '@nextera.one/axis-protocol';\n","export {\n TLV, encodeTLVs, decodeTLVs, decodeTLVsList, decodeObject, decodeArray,\n} from '@nextera.one/axis-protocol';\n","import * as z from 'zod';\n\n/*\n AxisFrame Schema\n \n Defines the logical structure of an AXIS frame using Zod for runtime validation.\n * This is used for internal processing after the low-level binary parsing is complete.\n /\nexport const AxisFrameZ = z.object({\n /* Flag bits for protocol control (e.g., encryption, compression) /\n flags: z.number().int().nonnegative(),\n /* A map of TLV headers where key=Tag and value=BinaryData /\n headers: z.map(\n z.number(),\n z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n ),\n /* The main payload of the frame /\n body: z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n /* The cryptographic signature covering the frame (except the signature itself) /\n sig: z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n});\n\n/\n Represents a structured AXIS frame.\n * @typedef {Object} AxisFrame\n /\nexport type AxisFrame = z.infer<typeof AxisFrameZ>;\nexport type AxisBinaryFrame = AxisFrame;\nimport {\n AXIS_MAGIC,\n AXIS_VERSION,\n MAX_BODY_LEN,\n MAX_FRAME_LEN,\n MAX_HDR_LEN,\n MAX_SIG_LEN,\n} from './constants';\nimport { decodeTLVs, encodeTLVs } from './tlv';\nimport { decodeVarint, encodeVarint } from './varint';\n\n/\n Encodes a structured AxisFrame into its binary wire representation.\n \n Encoding Steps:\n * 1. Encodes header TLV map into a single buffer.\n * 2. Validates lengths against MAX_* constants.\n * 3. Encodes lengths (HDR, BODY, SIG) as varints.\n * 4. Assembles the final byte array with magic, version, and flags.\n \n @param {AxisFrame} frame - The structured frame to encode\n * @returns {Uint8Array} The full binary frame\n * @throws {Error} If any section exceeds protocol limits\n /\nexport function encodeFrame(frame: AxisFrame): Uint8Array {\n const hdrBytes = encodeTLVs(\n Array.from(frame.headers.entries()).map(([t, v]) => ({\n type: t,\n value: v,\n })),\n );\n\n if (hdrBytes.length > MAX_HDR_LEN) throw new Error('Header too large');\n if (frame.body.length > MAX_BODY_LEN) throw new Error('Body too large');\n if (frame.sig.length > MAX_SIG_LEN) throw new Error('Signature too large');\n\n // Header Len, Body Len, Sig Len\n const hdrLenBytes = encodeVarint(hdrBytes.length);\n const bodyLenBytes = encodeVarint(frame.body.length);\n const sigLenBytes = encodeVarint(frame.sig.length);\n\n const totalLen =\n 5 + // Magic (AXIS1)\n 1 + // Version\n 1 + // Flags\n hdrLenBytes.length +\n bodyLenBytes.length +\n sigLenBytes.length +\n hdrBytes.length +\n frame.body.length +\n frame.sig.length;\n\n if (totalLen > MAX_FRAME_LEN) throw new Error('Total frame too large');\n\n const buf = new Uint8Array(totalLen);\n let offset = 0;\n\n // Magic (AXIS1 - 5 bytes)\n buf.set(AXIS_MAGIC, offset);\n offset += 5;\n\n // Version\n buf[offset++] = AXIS_VERSION;\n\n // Flags\n buf[offset++] = frame.flags;\n\n // Lengths\n buf.set(hdrLenBytes, offset);\n offset += hdrLenBytes.length;\n\n buf.set(bodyLenBytes, offset);\n offset += bodyLenBytes.length;\n\n buf.set(sigLenBytes, offset);\n offset += sigLenBytes.length;\n\n // Payloads\n buf.set(hdrBytes, offset);\n offset += hdrBytes.length;\n\n buf.set(frame.body, offset);\n offset += frame.body.length;\n\n buf.set(frame.sig, offset);\n offset += frame.sig.length;\n\n return buf;\n}\n\n/\n Decodes a binary buffer into a structured AxisFrame with strict validation.\n \n @param {Uint8Array} buf - Raw bytes from the wire\n * @returns {AxisFrame} The parsed and validated frame\n * @throws {Error} If magic, version, or lengths are invalid\n /\nexport function decodeFrame(buf: Uint8Array): AxisFrame {\n let offset = 0;\n\n // 1. Magic (AXIS1 - 5 bytes)\n if (offset + 5 > buf.length) throw new Error('Packet too short');\n for (let i = 0; i < 5; i++) {\n if (buf[offset + i] !== AXIS_MAGIC[i]) throw new Error('Invalid Magic');\n }\n offset += 5;\n\n // 2. Version\n const ver = buf[offset++];\n if (ver !== AXIS_VERSION) throw new Error(`Unsupported version: ${ver}`);\n\n // 3. Flags\n const flags = buf[offset++];\n\n // 4. Lengths\n const { value: hdrLen, length: hlLen } = decodeVarint(buf, offset);\n offset += hlLen;\n if (hdrLen > MAX_HDR_LEN) throw new Error('Header limit exceeded');\n\n const { value: bodyLen, length: blLen } = decodeVarint(buf, offset);\n offset += blLen;\n if (bodyLen > MAX_BODY_LEN) throw new Error('Body limit exceeded');\n\n const { value: sigLen, length: slLen } = decodeVarint(buf, offset);\n offset += slLen;\n if (sigLen > MAX_SIG_LEN) throw new Error('Signature limit exceeded');\n\n // 5. Extract Bytes\n if (offset + hdrLen + bodyLen + sigLen > buf.length) {\n throw new Error('Frame truncated');\n }\n\n const hdrBytes = buf.slice(offset, offset + hdrLen);\n offset += hdrLen;\n\n const bodyBytes = buf.slice(offset, offset + bodyLen);\n offset += bodyLen;\n\n const sigBytes = buf.slice(offset, offset + sigLen);\n offset += sigLen;\n\n // 6. Decode Header TLVs\n const headers = decodeTLVs(hdrBytes);\n\n return {\n flags,\n headers,\n body: bodyBytes,\n sig: sigBytes,\n };\n}\n\n/\n Helper to get canonical bytes for signing.\n * SigTarget = All bytes up to SigLen, with SigLen=0, and no SigBytes.\n /\nexport function getSignTarget(frame: AxisFrame): Uint8Array {\n // Re-encode frame but with empty signature\n // Note: This is efficient enough for v1 (tens of KB).\n return encodeFrame({\n ...frame,\n sig: new Uint8Array(0),\n });\n}\n","import as crypto from 'crypto';\n\nimport { AxisFrame, encodeFrame } from './axis-bin';\n\n/*\n Signature utilities for AXIS binary frames\n * Supports Ed25519 signature generation and verification\n /\n\n/\n Computes the canonical payload for signing an AXIS frame.\n * The signature covers all bytes of the encoded frame EXCEPT the signature field itself.\n \n @param {AxisFrame} frame - The frame to prepare for signing\n * @returns {Buffer} The serialized canonical bytes for the signature algorithm\n /\nexport function computeSignaturePayload(frame: AxisFrame): Buffer {\n // Re-encode frame with empty signature\n const frameWithoutSig: AxisFrame = {\n ...frame,\n sig: new Uint8Array(0),\n };\n\n const encoded = encodeFrame(frameWithoutSig);\n return Buffer.from(encoded);\n}\n\n/\n Signs an AXIS frame using the Ed25519 algorithm.\n * Automatically handles both raw 32-byte seeds and pkcs8 DER-encoded private keys.\n \n @param {AxisFrame} frame - The frame to sign\n * @param {Buffer} privateKey - Ed25519 private key (32-byte raw OR pkcs8 DER)\n * @returns {Buffer} The 64-byte Ed25519 signature\n * @throws {Error} If key format is invalid or signing fail\n /\nexport function signFrame(frame: AxisFrame, privateKey: Buffer): Buffer {\n const payload = computeSignaturePayload(frame);\n\n let keyObject: crypto.KeyObject;\n\n // Check if key is raw 32-byte seed or DER-encoded\n if (privateKey.length === 32) {\n // Raw seed - wrap in pkcs8 DER format\n // pkcs8 prefix for Ed25519: 0x302e020100300506032b657004220420\n const pkcs8Prefix = Buffer.from([\n 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,\n 0x04, 0x22, 0x04, 0x20,\n ]);\n const pkcs8Key = Buffer.concat([pkcs8Prefix, privateKey]);\n\n keyObject = crypto.createPrivateKey({\n key: pkcs8Key,\n format: 'der',\n type: 'pkcs8',\n });\n } else {\n // Assume already DER-encoded pkcs8\n keyObject = crypto.createPrivateKey({\n key: privateKey,\n format: 'der',\n type: 'pkcs8',\n });\n }\n\n const signature = crypto.sign(null, payload, keyObject);\n\n if (signature.length !== 64) {\n throw new Error('Ed25519 signature must be 64 bytes');\n }\n\n return signature;\n}\n\n/\n Verifies an Ed25519 signature on an AXIS frame.\n * Automatically handles both raw 32-byte public keys and spki DER-encoded public keys.\n \n @param {AxisFrame} frame - The frame containing the signature to verify\n * @param {Buffer} publicKey - Ed25519 public key (32-byte raw OR spki DER)\n * @returns {boolean} True if the signature is cryptographically valid\n * @throws {Error} If signature length is invalid\n /\nexport function verifyFrameSignature(\n frame: AxisFrame,\n publicKey: Buffer,\n): boolean {\n if (frame.sig.length === 0) {\n return false; // No signature\n }\n\n if (frame.sig.length !== 64) {\n throw new Error('Ed25519 signature must be 64 bytes');\n }\n\n const payload = computeSignaturePayload(frame);\n\n try {\n let keyObject: crypto.KeyObject;\n\n // Check if key is raw 32-byte or DER-encoded\n if (publicKey.length === 32) {\n // Raw key - wrap in spki DER format\n // spki prefix for Ed25519: 0x302a300506032b6570032100\n const spkiPrefix = Buffer.from([\n 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,\n ]);\n const spkiKey = Buffer.concat([spkiPrefix, publicKey]);\n\n keyObject = crypto.createPublicKey({\n key: spkiKey,\n format: 'der',\n type: 'spki',\n });\n } else {\n // Assume already DER-encoded spki\n keyObject = crypto.createPublicKey({\n key: publicKey,\n format: 'der',\n type: 'spki',\n });\n }\n\n const valid = crypto.verify(\n null,\n payload,\n keyObject,\n Buffer.from(frame.sig),\n );\n return valid;\n } catch (error) {\n return false;\n }\n}\n\n/\n Generates a new Ed25519 key pair for use with the AXIS protocol.\n * Returns keys in canonical DER format (pkcs8 for private, spki for public).\n \n @returns {Object} An object containing the privateKey and publicKey as Buffers\n /\nexport function generateEd25519KeyPair(): {\n privateKey: Buffer;\n publicKey: Buffer;\n} {\n const { privateKey, publicKey } = crypto.generateKeyPairSync('ed25519');\n\n return {\n privateKey: privateKey.export({ type: 'pkcs8', format: 'der' }) as Buffer,\n publicKey: publicKey.export({ type: 'spki', format: 'der' }) as Buffer,\n };\n}\n\n/\n Computes a standard SHA-256 hash of the provided data.\n \n @param {Buffer \| Uint8Array} data - The input data to hash\n * @returns {Buffer} The 32-byte SHA-256 digest\n /\nexport function sha256(data: Buffer \| Uint8Array): Buffer {\n return crypto.createHash('sha256').update(data).digest();\n}\n\n/\n Computes a hash for an AXIS receipt, optionally chaining it to a previous hash.\n * This is used for generating an immutable transaction chain.\n \n @param {Buffer \| Uint8Array} receiptBytes - The canonical binary representation of the receipt\n * @param {Buffer \| Uint8Array} [prevHash] - The hash of the previous receipt in the chain\n * @returns {Buffer} The 32-byte SHA-256 hash of the receipt (and link)\n */\nexport function computeReceiptHash(\n receiptBytes: Buffer \| Uint8Array,\n prevHash?: Buffer \| Uint8Array,\n): Buffer {\n const hasher = crypto.createHash('sha256');\n hasher.update(receiptBytes);\n\n if (prevHash && prevHash.length > 0) {\n hasher.update(prevHash);\n }\n\n return hasher.digest();\n}\n","export class AxisError extends Error {\n constructor(\n public code: string,\n message: string,\n public httpStatus: number = 400,\n public details?: Record<string, any>,\n ) {\n super(message);\n this.name = 'AxisError';\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,2BA+DO;AAEA,IAAe,kBAAf,MAAe,gBAAe;AAAA,EAWnC,OAAO,UAAU,OAA2C;AAC1D,QAAI,CAAC,MAAO,QAAO;AACnB,WAAO,MAAM,MAAM,KAAK,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,YAAY;AAAA,EACnD;AAAA,EAEA,OAAO,kBAAkB,OAAgC;AACvD,UAAM,aAAa,gBAAe,UAAU,KAAK;AACjD,WACE,CAAC,CAAC,cACF,gBAAe,yBAAyB;AAAA,MACtC,CAAC,gBAAgB,gBAAgB;AAAA,IACnC;AAAA,EAEJ;AACF;AAzBsB,gBACJ,SAAS;AADL,gBAEJ,eAAe;AAFX,gBAGJ,gBAAgB;AAHZ,gBAKJ,2BAA2B;AAAA,EACzC,gBAAe;AAAA,EACf,gBAAe;AAAA,EACf,gBAAe;AACjB;AATK,IAAe,iBAAf;;;ACjEP,IAAAA,wBAAyD;;;ACAzD,IAAAC,wBAEO;;;ACFP,QAAmB;AAQZ,IAAM,aAAe,SAAO;AAAA;AAAA,EAEjC,OAAS,SAAO,EAAE,IAAI,EAAE,YAAY;AAAA;AAAA,EAEpC,SAAW;AAAA,IACP,SAAO;AAAA,IACP,SAAmB,CAAC,MAAM,aAAa,UAAU;AAAA,EACrD;AAAA;AAAA,EAEA,MAAQ,SAAmB,CAAC,MAAM,aAAa,UAAU;AAAA;AAAA,EAEzD,KAAO,SAAmB,CAAC,MAAM,aAAa,UAAU;AAC1D,CAAC;AAgCM,SAAS,YAAY,OAA8B;AACxD,QAAM,eAAW;AAAA,IACf,MAAM,KAAK,MAAM,QAAQ,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO;AAAA,MACnD,MAAM;AAAA,MACN,OAAO;AAAA,IACT,EAAE;AAAA,EACJ;AAEA,MAAI,SAAS,SAAS,iCAAa,OAAM,IAAI,MAAM,kBAAkB;AACrE,MAAI,MAAM,KAAK,SAAS,kCAAc,OAAM,IAAI,MAAM,gBAAgB;AACtE,MAAI,MAAM,IAAI,SAAS,iCAAa,OAAM,IAAI,MAAM,qBAAqB;AAGzE,QAAM,kBAAc,oCAAa,SAAS,MAAM;AAChD,QAAM,mBAAe,oCAAa,MAAM,KAAK,MAAM;AACnD,QAAM,kBAAc,oCAAa,MAAM,IAAI,MAAM;AAEjD,QAAM,WACJ;AAAA,EACA;AAAA,EACA;AAAA,EACA,YAAY,SACZ,aAAa,SACb,YAAY,SACZ,SAAS,SACT,MAAM,KAAK,SACX,MAAM,IAAI;AAEZ,MAAI,WAAW,mCAAe,OAAM,IAAI,MAAM,uBAAuB;AAErE,QAAM,MAAM,IAAI,WAAW,QAAQ;AACnC,MAAI,SAAS;AAGb,MAAI,IAAI,iCAAY,MAAM;AAC1B,YAAU;AAGV,MAAI,QAAQ,IAAI;AAGhB,MAAI,QAAQ,IAAI,MAAM;AAGtB,MAAI,IAAI,aAAa,MAAM;AAC3B,YAAU,YAAY;AAEtB,MAAI,IAAI,cAAc,MAAM;AAC5B,YAAU,aAAa;AAEvB,MAAI,IAAI,aAAa,MAAM;AAC3B,YAAU,YAAY;AAGtB,MAAI,IAAI,UAAU,MAAM;AACxB,YAAU,SAAS;AAEnB,MAAI,IAAI,MAAM,MAAM,MAAM;AAC1B,YAAU,MAAM,KAAK;AAErB,MAAI,IAAI,MAAM,KAAK,MAAM;AACzB,YAAU,MAAM,IAAI;AAEpB,SAAO;AACT;AASO,SAAS,YAAY,KAA4B;AACtD,MAAI,SAAS;AAGb,MAAI,SAAS,IAAI,IAAI,OAAQ,OAAM,IAAI,MAAM,kBAAkB;AAC/D,WAAS,IAAI,GAAG,IAAI,GAAG,KAAK;AAC1B,QAAI,IAAI,SAAS,CAAC,MAAM,gCAAW,CAAC,EAAG,OAAM,IAAI,MAAM,eAAe;AAAA,EACxE;AACA,YAAU;AAGV,QAAM,MAAM,IAAI,QAAQ;AACxB,MAAI,QAAQ,kCAAc,OAAM,IAAI,MAAM,wBAAwB,GAAG,EAAE;AAGvE,QAAM,QAAQ,IAAI,QAAQ;AAG1B,QAAM,EAAE,OAAO,QAAQ,QAAQ,MAAM,QAAI,oCAAa,KAAK,MAAM;AACjE,YAAU;AACV,MAAI,SAAS,iCAAa,OAAM,IAAI,MAAM,uBAAuB;AAEjE,QAAM,EAAE,OAAO,SAAS,QAAQ,MAAM,QAAI,oCAAa,KAAK,MAAM;AAClE,YAAU;AACV,MAAI,UAAU,kCAAc,OAAM,IAAI,MAAM,qBAAqB;AAEjE,QAAM,EAAE,OAAO,QAAQ,QAAQ,MAAM,QAAI,oCAAa,KAAK,MAAM;AACjE,YAAU;AACV,MAAI,SAAS,iCAAa,OAAM,IAAI,MAAM,0BAA0B;AAGpE,MAAI,SAAS,SAAS,UAAU,SAAS,IAAI,QAAQ;AACnD,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AAEA,QAAM,WAAW,IAAI,MAAM,QAAQ,SAAS,MAAM;AAClD,YAAU;AAEV,QAAM,YAAY,IAAI,MAAM,QAAQ,SAAS,OAAO;AACpD,YAAU;AAEV,QAAM,WAAW,IAAI,MAAM,QAAQ,SAAS,MAAM;AAClD,YAAU;AAGV,QAAM,cAAU,kCAAW,QAAQ;AAEnC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,KAAK;AAAA,EACP;AACF;AAMO,SAAS,cAAc,OAA8B;AAG1D,SAAO,YAAY;AAAA,IACjB,GAAG;AAAA,IACH,KAAK,IAAI,WAAW,CAAC;AAAA,EACvB,CAAC;AACH;;;AC/LA,aAAwB;AAgBjB,SAAS,wBAAwB,OAA0B;AAEhE,QAAM,kBAA6B;AAAA,IACjC,GAAG;AAAA,IACH,KAAK,IAAI,WAAW,CAAC;AAAA,EACvB;AAEA,QAAM,UAAU,YAAY,eAAe;AAC3C,SAAO,OAAO,KAAK,OAAO;AAC5B;AAWO,SAAS,UAAU,OAAkB,YAA4B;AACtE,QAAM,UAAU,wBAAwB,KAAK;AAE7C,MAAI;AAGJ,MAAI,WAAW,WAAW,IAAI;AAG5B,UAAM,cAAc,OAAO,KAAK;AAAA,MAC9B;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAClE;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,IACpB,CAAC;AACD,UAAM,WAAW,OAAO,OAAO,CAAC,aAAa,UAAU,CAAC;AAExD,gBAAmB,wBAAiB;AAAA,MAClC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH,OAAO;AAEL,gBAAmB,wBAAiB;AAAA,MAClC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,YAAmB,YAAK,MAAM,SAAS,SAAS;AAEtD,MAAI,UAAU,WAAW,IAAI;AAC3B,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAEA,SAAO;AACT;AAWO,SAAS,qBACd,OACA,WACS;AACT,MAAI,MAAM,IAAI,WAAW,GAAG;AAC1B,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,IAAI,WAAW,IAAI;AAC3B,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAEA,QAAM,UAAU,wBAAwB,KAAK;AAE7C,MAAI;AACF,QAAI;AAGJ,QAAI,UAAU,WAAW,IAAI;AAG3B,YAAM,aAAa,OAAO,KAAK;AAAA,QAC7B;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,MACpE,CAAC;AACD,YAAM,UAAU,OAAO,OAAO,CAAC,YAAY,SAAS,CAAC;AAErD,kBAAmB,uBAAgB;AAAA,QACjC,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH,OAAO;AAEL,kBAAmB,uBAAgB;AAAA,QACjC,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,UAAM,QAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO,KAAK,MAAM,GAAG;AAAA,IACvB;AACA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF;AAQO,SAAS,yBAGd;AACA,QAAM,EAAE,YAAY,UAAU,IAAW,2BAAoB,SAAS;AAEtE,SAAO;AAAA,IACL,YAAY,WAAW,OAAO,EAAE,MAAM,SAAS,QAAQ,MAAM,CAAC;AAAA,IAC9D,WAAW,UAAU,OAAO,EAAE,MAAM,QAAQ,QAAQ,MAAM,CAAC;AAAA,EAC7D;AACF;AAQO,SAAS,OAAO,MAAmC;AACxD,SAAc,kBAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO;AACzD;AAUO,SAAS,mBACd,cACA,UACQ;AACR,QAAM,SAAgB,kBAAW,QAAQ;AACzC,SAAO,OAAO,YAAY;AAE1B,MAAI,YAAY,SAAS,SAAS,GAAG;AACnC,WAAO,OAAO,QAAQ;AAAA,EACxB;AAEA,SAAO,OAAO,OAAO;AACvB;;;ACvLO,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnC,YACS,MACP,SACO,aAAqB,KACrB,SACP;AACA,UAAM,OAAO;AALN;AAEA;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;","names":["import_axis_protocol","import_axis_protocol"]}