@nextera.one/axis-server-sdk 2.1.6 → 2.1.8

package/dist/core/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/core/index.ts","../../src/core/constants.ts","../../src/core/varint.ts","../../src/core/tlv.ts","../../src/core/axis-bin.ts","../../src/core/signature.ts","../../src/core/axis-error.ts"],"sourcesContent":["export * from './constants';\nexport * from './varint';\nexport * from './tlv';\nexport * from './axis-bin';\nexport * from './signature';\nexport * from './axis-error';\n","export {\n  AXIS_MAGIC,\n  AXIS_VERSION,\n  MAX_HDR_LEN,\n  MAX_BODY_LEN,\n  MAX_SIG_LEN,\n  MAX_FRAME_LEN,\n  FLAG_BODY_TLV,\n  FLAG_CHAIN_REQ,\n  FLAG_HAS_WITNESS,\n  TLV_PID,\n  TLV_TS,\n  TLV_INTENT,\n  TLV_ACTOR_ID,\n  TLV_PROOF_TYPE,\n  TLV_PROOF_REF,\n  TLV_NONCE,\n  TLV_AUD,\n  TLV_REALM,\n  TLV_NODE,\n  TLV_TRACE_ID,\n  TLV_KID,\n  TLV_RID,\n  TLV_OK,\n  TLV_EFFECT,\n  TLV_ERROR_CODE,\n  TLV_ERROR_MSG,\n  TLV_PREV_HASH,\n  TLV_RECEIPT_HASH,\n  TLV_NODE_KID,\n  TLV_NODE_CERT_HASH,\n  TLV_LOOM_PRESENCE_ID,\n  TLV_LOOM_WRIT,\n  TLV_LOOM_THREAD_HASH,\n  TLV_UPLOAD_ID,\n  TLV_INDEX,\n  TLV_OFFSET,\n  TLV_SHA256_CHUNK,\n  TLV_CAPSULE,\n  TLV_BODY_OBJ,\n  TLV_BODY_ARR,\n  NCERT_NODE_ID,\n  NCERT_KID,\n  NCERT_ALG,\n  NCERT_PUB,\n  NCERT_NBF,\n  NCERT_EXP,\n  NCERT_SCOPE,\n  NCERT_ISSUER_KID,\n  NCERT_PAYLOAD,\n  NCERT_SIG,\n  PROOF_NONE,\n  PROOF_CAPSULE,\n  PROOF_JWT,\n  PROOF_MTLS,\n  PROOF_LOOM,\n  PROOF_WITNESS,\n  ProofType,\n  BodyProfile,\n  ERR_INVALID_PACKET,\n  ERR_BAD_SIGNATURE,\n  ERR_REPLAY_DETECTED,\n  ERR_CONTRACT_VIOLATION,\n} from '@nextera.one/axis-protocol';\n\nexport abstract class AxisMediaTypes {\n  static readonly BINARY = 'application/axis-bin';\n  static readonly OCTET_STREAM = 'application/octet-stream';\n  static readonly LEGACY_BINARY = 'application/x-axis';\n\n  static readonly VALID_AXIS_CONTENT_TYPES = [\n    AxisMediaTypes.BINARY,\n    AxisMediaTypes.OCTET_STREAM,\n    AxisMediaTypes.LEGACY_BINARY,\n  ] as const;\n\n  static normalize(value?: string | null): string | undefined {\n    if (!value) return undefined;\n    return value.split(';', 1)[0].trim().toLowerCase();\n  }\n\n  static isAxisContentType(value?: string | null): boolean {\n    const normalized = AxisMediaTypes.normalize(value);\n    return (\n      !!normalized &&\n      AxisMediaTypes.VALID_AXIS_CONTENT_TYPES.some(\n        (contentType) => contentType === normalized,\n      )\n    );\n  }\n}\n","export { encodeVarint, decodeVarint, varintLength } from '@nextera.one/axis-protocol';\n","export {\n  TLV, encodeTLVs, decodeTLVs, decodeTLVsList, decodeObject, decodeArray,\n} from '@nextera.one/axis-protocol';\n","import * as z from 'zod';\n\n/**\n * AxisFrame Schema\n *\n * Defines the logical structure of an AXIS frame using Zod for runtime validation.\n * This is used for internal processing after the low-level binary parsing is complete.\n */\nexport const AxisFrameZ = z.object({\n  /** Flag bits for protocol control (e.g., encryption, compression) */\n  flags: z.number().int().nonnegative(),\n  /** A map of TLV headers where key=Tag and value=BinaryData */\n  headers: z.map(\n    z.number(),\n    z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n  ),\n  /** The main payload of the frame */\n  body: z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n  /** The cryptographic signature covering the frame (except the signature itself) */\n  sig: z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n});\n\n/**\n * Represents a structured AXIS frame.\n * @typedef {Object} AxisFrame\n */\nexport type AxisFrame = z.infer<typeof AxisFrameZ>;\nexport type AxisBinaryFrame = AxisFrame;\nimport {\n  AXIS_MAGIC,\n  AXIS_VERSION,\n  MAX_BODY_LEN,\n  MAX_FRAME_LEN,\n  MAX_HDR_LEN,\n  MAX_SIG_LEN,\n} from './constants';\nimport { decodeTLVs, encodeTLVs } from './tlv';\nimport { decodeVarint, encodeVarint } from './varint';\n\n/**\n * Encodes a structured AxisFrame into its binary wire representation.\n *\n * **Encoding Steps:**\n * 1. Encodes header TLV map into a single buffer.\n * 2. Validates lengths against MAX_* constants.\n * 3. Encodes lengths (HDR, BODY, SIG) as varints.\n * 4. Assembles the final byte array with magic, version, and flags.\n *\n * @param {AxisFrame} frame - The structured frame to encode\n * @returns {Uint8Array} The full binary frame\n * @throws {Error} If any section exceeds protocol limits\n */\nexport function encodeFrame(frame: AxisFrame): Uint8Array {\n  const hdrBytes = encodeTLVs(\n    Array.from(frame.headers.entries()).map(([t, v]) => ({\n      type: t,\n      value: v,\n    })),\n  );\n\n  if (hdrBytes.length > MAX_HDR_LEN) throw new Error('Header too large');\n  if (frame.body.length > MAX_BODY_LEN) throw new Error('Body too large');\n  if (frame.sig.length > MAX_SIG_LEN) throw new Error('Signature too large');\n\n  // Header Len, Body Len, Sig Len\n  const hdrLenBytes = encodeVarint(hdrBytes.length);\n  const bodyLenBytes = encodeVarint(frame.body.length);\n  const sigLenBytes = encodeVarint(frame.sig.length);\n\n  const totalLen =\n    5 + // Magic (AXIS1)\n    1 + // Version\n    1 + // Flags\n    hdrLenBytes.length +\n    bodyLenBytes.length +\n    sigLenBytes.length +\n    hdrBytes.length +\n    frame.body.length +\n    frame.sig.length;\n\n  if (totalLen > MAX_FRAME_LEN) throw new Error('Total frame too large');\n\n  const buf = new Uint8Array(totalLen);\n  let offset = 0;\n\n  // Magic (AXIS1 - 5 bytes)\n  buf.set(AXIS_MAGIC, offset);\n  offset += 5;\n\n  // Version\n  buf[offset++] = AXIS_VERSION;\n\n  // Flags\n  buf[offset++] = frame.flags;\n\n  // Lengths\n  buf.set(hdrLenBytes, offset);\n  offset += hdrLenBytes.length;\n\n  buf.set(bodyLenBytes, offset);\n  offset += bodyLenBytes.length;\n\n  buf.set(sigLenBytes, offset);\n  offset += sigLenBytes.length;\n\n  // Payloads\n  buf.set(hdrBytes, offset);\n  offset += hdrBytes.length;\n\n  buf.set(frame.body, offset);\n  offset += frame.body.length;\n\n  buf.set(frame.sig, offset);\n  offset += frame.sig.length;\n\n  return buf;\n}\n\n/**\n * Decodes a binary buffer into a structured AxisFrame with strict validation.\n *\n * @param {Uint8Array} buf - Raw bytes from the wire\n * @returns {AxisFrame} The parsed and validated frame\n * @throws {Error} If magic, version, or lengths are invalid\n */\nexport function decodeFrame(buf: Uint8Array): AxisFrame {\n  let offset = 0;\n\n  // 1. Magic (AXIS1 - 5 bytes)\n  if (offset + 5 > buf.length) throw new Error('Packet too short');\n  for (let i = 0; i < 5; i++) {\n    if (buf[offset + i] !== AXIS_MAGIC[i]) throw new Error('Invalid Magic');\n  }\n  offset += 5;\n\n  // 2. Version\n  const ver = buf[offset++];\n  if (ver !== AXIS_VERSION) throw new Error(`Unsupported version: ${ver}`);\n\n  // 3. Flags\n  const flags = buf[offset++];\n\n  // 4. Lengths\n  const { value: hdrLen, length: hlLen } = decodeVarint(buf, offset);\n  offset += hlLen;\n  if (hdrLen > MAX_HDR_LEN) throw new Error('Header limit exceeded');\n\n  const { value: bodyLen, length: blLen } = decodeVarint(buf, offset);\n  offset += blLen;\n  if (bodyLen > MAX_BODY_LEN) throw new Error('Body limit exceeded');\n\n  const { value: sigLen, length: slLen } = decodeVarint(buf, offset);\n  offset += slLen;\n  if (sigLen > MAX_SIG_LEN) throw new Error('Signature limit exceeded');\n\n  // 5. Extract Bytes\n  if (offset + hdrLen + bodyLen + sigLen > buf.length) {\n    throw new Error('Frame truncated');\n  }\n\n  const hdrBytes = buf.slice(offset, offset + hdrLen);\n  offset += hdrLen;\n\n  const bodyBytes = buf.slice(offset, offset + bodyLen);\n  offset += bodyLen;\n\n  const sigBytes = buf.slice(offset, offset + sigLen);\n  offset += sigLen;\n\n  // 6. Decode Header TLVs\n  const headers = decodeTLVs(hdrBytes);\n\n  return {\n    flags,\n    headers,\n    body: bodyBytes,\n    sig: sigBytes,\n  };\n}\n\n/**\n * Helper to get canonical bytes for signing.\n * SigTarget = All bytes up to SigLen, with SigLen=0, and no SigBytes.\n */\nexport function getSignTarget(frame: AxisFrame): Uint8Array {\n  // Re-encode frame but with empty signature\n  // Note: This is efficient enough for v1 (tens of KB).\n  return encodeFrame({\n    ...frame,\n    sig: new Uint8Array(0),\n  });\n}\n","import * as crypto from 'crypto';\n\nimport { AxisFrame, encodeFrame } from './axis-bin';\n\n/**\n * Signature utilities for AXIS binary frames\n * Supports Ed25519 signature generation and verification\n */\n\n/**\n * Computes the canonical payload for signing an AXIS frame.\n * The signature covers all bytes of the encoded frame EXCEPT the signature field itself.\n *\n * @param {AxisFrame} frame - The frame to prepare for signing\n * @returns {Buffer} The serialized canonical bytes for the signature algorithm\n */\nexport function computeSignaturePayload(frame: AxisFrame): Buffer {\n  // Re-encode frame with empty signature\n  const frameWithoutSig: AxisFrame = {\n    ...frame,\n    sig: new Uint8Array(0),\n  };\n\n  const encoded = encodeFrame(frameWithoutSig);\n  return Buffer.from(encoded);\n}\n\n/**\n * Signs an AXIS frame using the Ed25519 algorithm.\n * Automatically handles both raw 32-byte seeds and pkcs8 DER-encoded private keys.\n *\n * @param {AxisFrame} frame - The frame to sign\n * @param {Buffer} privateKey - Ed25519 private key (32-byte raw OR pkcs8 DER)\n * @returns {Buffer} The 64-byte Ed25519 signature\n * @throws {Error} If key format is invalid or signing fail\n */\nexport function signFrame(frame: AxisFrame, privateKey: Buffer): Buffer {\n  const payload = computeSignaturePayload(frame);\n\n  let keyObject: crypto.KeyObject;\n\n  // Check if key is raw 32-byte seed or DER-encoded\n  if (privateKey.length === 32) {\n    // Raw seed - wrap in pkcs8 DER format\n    // pkcs8 prefix for Ed25519: 0x302e020100300506032b657004220420\n    const pkcs8Prefix = Buffer.from([\n      0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,\n      0x04, 0x22, 0x04, 0x20,\n    ]);\n    const pkcs8Key = Buffer.concat([pkcs8Prefix, privateKey]);\n\n    keyObject = crypto.createPrivateKey({\n      key: pkcs8Key,\n      format: 'der',\n      type: 'pkcs8',\n    });\n  } else {\n    // Assume already DER-encoded pkcs8\n    keyObject = crypto.createPrivateKey({\n      key: privateKey,\n      format: 'der',\n      type: 'pkcs8',\n    });\n  }\n\n  const signature = crypto.sign(null, payload, keyObject);\n\n  if (signature.length !== 64) {\n    throw new Error('Ed25519 signature must be 64 bytes');\n  }\n\n  return signature;\n}\n\n/**\n * Verifies an Ed25519 signature on an AXIS frame.\n * Automatically handles both raw 32-byte public keys and spki DER-encoded public keys.\n *\n * @param {AxisFrame} frame - The frame containing the signature to verify\n * @param {Buffer} publicKey - Ed25519 public key (32-byte raw OR spki DER)\n * @returns {boolean} True if the signature is cryptographically valid\n * @throws {Error} If signature length is invalid\n */\nexport function verifyFrameSignature(\n  frame: AxisFrame,\n  publicKey: Buffer,\n): boolean {\n  if (frame.sig.length === 0) {\n    return false; // No signature\n  }\n\n  if (frame.sig.length !== 64) {\n    throw new Error('Ed25519 signature must be 64 bytes');\n  }\n\n  const payload = computeSignaturePayload(frame);\n\n  try {\n    let keyObject: crypto.KeyObject;\n\n    // Check if key is raw 32-byte or DER-encoded\n    if (publicKey.length === 32) {\n      // Raw key - wrap in spki DER format\n      // spki prefix for Ed25519: 0x302a300506032b6570032100\n      const spkiPrefix = Buffer.from([\n        0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,\n      ]);\n      const spkiKey = Buffer.concat([spkiPrefix, publicKey]);\n\n      keyObject = crypto.createPublicKey({\n        key: spkiKey,\n        format: 'der',\n        type: 'spki',\n      });\n    } else {\n      // Assume already DER-encoded spki\n      keyObject = crypto.createPublicKey({\n        key: publicKey,\n        format: 'der',\n        type: 'spki',\n      });\n    }\n\n    const valid = crypto.verify(\n      null,\n      payload,\n      keyObject,\n      Buffer.from(frame.sig),\n    );\n    return valid;\n  } catch (error) {\n    return false;\n  }\n}\n\n/**\n * Generates a new Ed25519 key pair for use with the AXIS protocol.\n * Returns keys in canonical DER format (pkcs8 for private, spki for public).\n *\n * @returns {Object} An object containing the privateKey and publicKey as Buffers\n */\nexport function generateEd25519KeyPair(): {\n  privateKey: Buffer;\n  publicKey: Buffer;\n} {\n  const { privateKey, publicKey } = crypto.generateKeyPairSync('ed25519');\n\n  return {\n    privateKey: privateKey.export({ type: 'pkcs8', format: 'der' }) as Buffer,\n    publicKey: publicKey.export({ type: 'spki', format: 'der' }) as Buffer,\n  };\n}\n\n/**\n * Computes a standard SHA-256 hash of the provided data.\n *\n * @param {Buffer | Uint8Array} data - The input data to hash\n * @returns {Buffer} The 32-byte SHA-256 digest\n */\nexport function sha256(data: Buffer | Uint8Array): Buffer {\n  return crypto.createHash('sha256').update(data).digest();\n}\n\n/**\n * Computes a hash for an AXIS receipt, optionally chaining it to a previous hash.\n * This is used for generating an immutable transaction chain.\n *\n * @param {Buffer | Uint8Array} receiptBytes - The canonical binary representation of the receipt\n * @param {Buffer | Uint8Array} [prevHash] - The hash of the previous receipt in the chain\n * @returns {Buffer} The 32-byte SHA-256 hash of the receipt (and link)\n */\nexport function computeReceiptHash(\n  receiptBytes: Buffer | Uint8Array,\n  prevHash?: Buffer | Uint8Array,\n): Buffer {\n  const hasher = crypto.createHash('sha256');\n  hasher.update(receiptBytes);\n\n  if (prevHash && prevHash.length > 0) {\n    hasher.update(prevHash);\n  }\n\n  return hasher.digest();\n}\n","export class AxisError extends Error {\n  constructor(\n    public code: string,\n    message: string,\n    public httpStatus: number = 400,\n    public details?: Record<string, any>,\n  ) {\n    super(message);\n    this.name = 'AxisError';\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,2BA+DO;AAEA,IAAe,kBAAf,MAAe,gBAAe;AAAA,EAWnC,OAAO,UAAU,OAA2C;AAC1D,QAAI,CAAC,MAAO,QAAO;AACnB,WAAO,MAAM,MAAM,KAAK,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,YAAY;AAAA,EACnD;AAAA,EAEA,OAAO,kBAAkB,OAAgC;AACvD,UAAM,aAAa,gBAAe,UAAU,KAAK;AACjD,WACE,CAAC,CAAC,cACF,gBAAe,yBAAyB;AAAA,MACtC,CAAC,gBAAgB,gBAAgB;AAAA,IACnC;AAAA,EAEJ;AACF;AAzBsB,gBACJ,SAAS;AADL,gBAEJ,eAAe;AAFX,gBAGJ,gBAAgB;AAHZ,gBAKJ,2BAA2B;AAAA,EACzC,gBAAe;AAAA,EACf,gBAAe;AAAA,EACf,gBAAe;AACjB;AATK,IAAe,iBAAf;;;ACjEP,IAAAA,wBAAyD;;;ACAzD,IAAAC,wBAEO;;;ACFP,QAAmB;AAQZ,IAAM,aAAe,SAAO;AAAA;AAAA,EAEjC,OAAS,SAAO,EAAE,IAAI,EAAE,YAAY;AAAA;AAAA,EAEpC,SAAW;AAAA,IACP,SAAO;AAAA,IACP,SAAmB,CAAC,MAAM,aAAa,UAAU;AAAA,EACrD;AAAA;AAAA,EAEA,MAAQ,SAAmB,CAAC,MAAM,aAAa,UAAU;AAAA;AAAA,EAEzD,KAAO,SAAmB,CAAC,MAAM,aAAa,UAAU;AAC1D,CAAC;AAgCM,SAAS,YAAY,OAA8B;AACxD,QAAM,eAAW;AAAA,IACf,MAAM,KAAK,MAAM,QAAQ,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO;AAAA,MACnD,MAAM;AAAA,MACN,OAAO;AAAA,IACT,EAAE;AAAA,EACJ;AAEA,MAAI,SAAS,SAAS,iCAAa,OAAM,IAAI,MAAM,kBAAkB;AACrE,MAAI,MAAM,KAAK,SAAS,kCAAc,OAAM,IAAI,MAAM,gBAAgB;AACtE,MAAI,MAAM,IAAI,SAAS,iCAAa,OAAM,IAAI,MAAM,qBAAqB;AAGzE,QAAM,kBAAc,oCAAa,SAAS,MAAM;AAChD,QAAM,mBAAe,oCAAa,MAAM,KAAK,MAAM;AACnD,QAAM,kBAAc,oCAAa,MAAM,IAAI,MAAM;AAEjD,QAAM,WACJ;AAAA,EACA;AAAA,EACA;AAAA,EACA,YAAY,SACZ,aAAa,SACb,YAAY,SACZ,SAAS,SACT,MAAM,KAAK,SACX,MAAM,IAAI;AAEZ,MAAI,WAAW,mCAAe,OAAM,IAAI,MAAM,uBAAuB;AAErE,QAAM,MAAM,IAAI,WAAW,QAAQ;AACnC,MAAI,SAAS;AAGb,MAAI,IAAI,iCAAY,MAAM;AAC1B,YAAU;AAGV,MAAI,QAAQ,IAAI;AAGhB,MAAI,QAAQ,IAAI,MAAM;AAGtB,MAAI,IAAI,aAAa,MAAM;AAC3B,YAAU,YAAY;AAEtB,MAAI,IAAI,cAAc,MAAM;AAC5B,YAAU,aAAa;AAEvB,MAAI,IAAI,aAAa,MAAM;AAC3B,YAAU,YAAY;AAGtB,MAAI,IAAI,UAAU,MAAM;AACxB,YAAU,SAAS;AAEnB,MAAI,IAAI,MAAM,MAAM,MAAM;AAC1B,YAAU,MAAM,KAAK;AAErB,MAAI,IAAI,MAAM,KAAK,MAAM;AACzB,YAAU,MAAM,IAAI;AAEpB,SAAO;AACT;AASO,SAAS,YAAY,KAA4B;AACtD,MAAI,SAAS;AAGb,MAAI,SAAS,IAAI,IAAI,OAAQ,OAAM,IAAI,MAAM,kBAAkB;AAC/D,WAAS,IAAI,GAAG,IAAI,GAAG,KAAK;AAC1B,QAAI,IAAI,SAAS,CAAC,MAAM,gCAAW,CAAC,EAAG,OAAM,IAAI,MAAM,eAAe;AAAA,EACxE;AACA,YAAU;AAGV,QAAM,MAAM,IAAI,QAAQ;AACxB,MAAI,QAAQ,kCAAc,OAAM,IAAI,MAAM,wBAAwB,GAAG,EAAE;AAGvE,QAAM,QAAQ,IAAI,QAAQ;AAG1B,QAAM,EAAE,OAAO,QAAQ,QAAQ,MAAM,QAAI,oCAAa,KAAK,MAAM;AACjE,YAAU;AACV,MAAI,SAAS,iCAAa,OAAM,IAAI,MAAM,uBAAuB;AAEjE,QAAM,EAAE,OAAO,SAAS,QAAQ,MAAM,QAAI,oCAAa,KAAK,MAAM;AAClE,YAAU;AACV,MAAI,UAAU,kCAAc,OAAM,IAAI,MAAM,qBAAqB;AAEjE,QAAM,EAAE,OAAO,QAAQ,QAAQ,MAAM,QAAI,oCAAa,KAAK,MAAM;AACjE,YAAU;AACV,MAAI,SAAS,iCAAa,OAAM,IAAI,MAAM,0BAA0B;AAGpE,MAAI,SAAS,SAAS,UAAU,SAAS,IAAI,QAAQ;AACnD,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AAEA,QAAM,WAAW,IAAI,MAAM,QAAQ,SAAS,MAAM;AAClD,YAAU;AAEV,QAAM,YAAY,IAAI,MAAM,QAAQ,SAAS,OAAO;AACpD,YAAU;AAEV,QAAM,WAAW,IAAI,MAAM,QAAQ,SAAS,MAAM;AAClD,YAAU;AAGV,QAAM,cAAU,kCAAW,QAAQ;AAEnC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,KAAK;AAAA,EACP;AACF;AAMO,SAAS,cAAc,OAA8B;AAG1D,SAAO,YAAY;AAAA,IACjB,GAAG;AAAA,IACH,KAAK,IAAI,WAAW,CAAC;AAAA,EACvB,CAAC;AACH;;;AC/LA,aAAwB;AAgBjB,SAAS,wBAAwB,OAA0B;AAEhE,QAAM,kBAA6B;AAAA,IACjC,GAAG;AAAA,IACH,KAAK,IAAI,WAAW,CAAC;AAAA,EACvB;AAEA,QAAM,UAAU,YAAY,eAAe;AAC3C,SAAO,OAAO,KAAK,OAAO;AAC5B;AAWO,SAAS,UAAU,OAAkB,YAA4B;AACtE,QAAM,UAAU,wBAAwB,KAAK;AAE7C,MAAI;AAGJ,MAAI,WAAW,WAAW,IAAI;AAG5B,UAAM,cAAc,OAAO,KAAK;AAAA,MAC9B;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAClE;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,IACpB,CAAC;AACD,UAAM,WAAW,OAAO,OAAO,CAAC,aAAa,UAAU,CAAC;AAExD,gBAAmB,wBAAiB;AAAA,MAClC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH,OAAO;AAEL,gBAAmB,wBAAiB;AAAA,MAClC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,YAAmB,YAAK,MAAM,SAAS,SAAS;AAEtD,MAAI,UAAU,WAAW,IAAI;AAC3B,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAEA,SAAO;AACT;AAWO,SAAS,qBACd,OACA,WACS;AACT,MAAI,MAAM,IAAI,WAAW,GAAG;AAC1B,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,IAAI,WAAW,IAAI;AAC3B,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAEA,QAAM,UAAU,wBAAwB,KAAK;AAE7C,MAAI;AACF,QAAI;AAGJ,QAAI,UAAU,WAAW,IAAI;AAG3B,YAAM,aAAa,OAAO,KAAK;AAAA,QAC7B;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,MACpE,CAAC;AACD,YAAM,UAAU,OAAO,OAAO,CAAC,YAAY,SAAS,CAAC;AAErD,kBAAmB,uBAAgB;AAAA,QACjC,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH,OAAO;AAEL,kBAAmB,uBAAgB;AAAA,QACjC,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,UAAM,QAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO,KAAK,MAAM,GAAG;AAAA,IACvB;AACA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF;AAQO,SAAS,yBAGd;AACA,QAAM,EAAE,YAAY,UAAU,IAAW,2BAAoB,SAAS;AAEtE,SAAO;AAAA,IACL,YAAY,WAAW,OAAO,EAAE,MAAM,SAAS,QAAQ,MAAM,CAAC;AAAA,IAC9D,WAAW,UAAU,OAAO,EAAE,MAAM,QAAQ,QAAQ,MAAM,CAAC;AAAA,EAC7D;AACF;AAQO,SAAS,OAAO,MAAmC;AACxD,SAAc,kBAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO;AACzD;AAUO,SAAS,mBACd,cACA,UACQ;AACR,QAAM,SAAgB,kBAAW,QAAQ;AACzC,SAAO,OAAO,YAAY;AAE1B,MAAI,YAAY,SAAS,SAAS,GAAG;AACnC,WAAO,OAAO,QAAQ;AAAA,EACxB;AAEA,SAAO,OAAO,OAAO;AACvB;;;ACvLO,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnC,YACS,MACP,SACO,aAAqB,KACrB,SACP;AACA,UAAM,OAAO;AALN;AAEA;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;","names":["import_axis_protocol","import_axis_protocol"]}
+{"version":3,"sources":["../../src/core/index.ts","../../src/core/axis-bin.ts","../../src/core/signature.ts","../../src/core/axis-error.ts"],"sourcesContent":["export * from '@nextera.one/axis-protocol';\nexport { AxisFrameZ } from './axis-bin';\nexport * from './signature';\nexport * from './axis-error';\n","import * as z from 'zod';\nimport type { AxisFrame as ProtocolAxisFrame } from '@nextera.one/axis-protocol';\n\nexport {\n  decodeFrame,\n  encodeFrame,\n  getSignTarget,\n} from '@nextera.one/axis-protocol';\nexport type { AxisFrame, AxisBinaryFrame } from '@nextera.one/axis-protocol';\n\n/**\n * AxisFrame Schema\n *\n * Defines the logical structure of an AXIS frame using Zod for runtime validation.\n * This is used for internal processing after the low-level binary parsing is complete.\n */\nexport const AxisFrameZ: z.ZodType<ProtocolAxisFrame> = z.object({\n  /** Flag bits for protocol control (e.g., encryption, compression) */\n  flags: z.number().int().nonnegative(),\n  /** A map of TLV headers where key=Tag and value=BinaryData */\n  headers: z.map(\n    z.number(),\n    z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n  ),\n  /** The main payload of the frame */\n  body: z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n  /** The cryptographic signature covering the frame (except the signature itself) */\n  sig: z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n});\n","import * as crypto from 'crypto';\n\nimport { AxisFrame, getSignTarget } from './axis-bin';\n\n/**\n * Signature utilities for AXIS binary frames\n * Supports Ed25519 signature generation and verification\n */\n\n/**\n * Computes the canonical payload for signing an AXIS frame.\n * The signature covers all bytes of the encoded frame EXCEPT the signature field itself.\n *\n * @param {AxisFrame} frame - The frame to prepare for signing\n * @returns {Buffer} The serialized canonical bytes for the signature algorithm\n */\nexport function computeSignaturePayload(frame: AxisFrame): Buffer {\n  return Buffer.from(getSignTarget(frame));\n}\n\n/**\n * Signs an AXIS frame using the Ed25519 algorithm.\n * Automatically handles both raw 32-byte seeds and pkcs8 DER-encoded private keys.\n *\n * @param {AxisFrame} frame - The frame to sign\n * @param {Buffer} privateKey - Ed25519 private key (32-byte raw OR pkcs8 DER)\n * @returns {Buffer} The 64-byte Ed25519 signature\n * @throws {Error} If key format is invalid or signing fail\n */\nexport function signFrame(frame: AxisFrame, privateKey: Buffer): Buffer {\n  const payload = computeSignaturePayload(frame);\n\n  let keyObject: crypto.KeyObject;\n\n  // Check if key is raw 32-byte seed or DER-encoded\n  if (privateKey.length === 32) {\n    // Raw seed - wrap in pkcs8 DER format\n    // pkcs8 prefix for Ed25519: 0x302e020100300506032b657004220420\n    const pkcs8Prefix = Buffer.from([\n      0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,\n      0x04, 0x22, 0x04, 0x20,\n    ]);\n    const pkcs8Key = Buffer.concat([pkcs8Prefix, privateKey]);\n\n    keyObject = crypto.createPrivateKey({\n      key: pkcs8Key,\n      format: 'der',\n      type: 'pkcs8',\n    });\n  } else {\n    // Assume already DER-encoded pkcs8\n    keyObject = crypto.createPrivateKey({\n      key: privateKey,\n      format: 'der',\n      type: 'pkcs8',\n    });\n  }\n\n  const signature = crypto.sign(null, payload, keyObject);\n\n  if (signature.length !== 64) {\n    throw new Error('Ed25519 signature must be 64 bytes');\n  }\n\n  return signature;\n}\n\n/**\n * Verifies an Ed25519 signature on an AXIS frame.\n * Automatically handles both raw 32-byte public keys and spki DER-encoded public keys.\n *\n * @param {AxisFrame} frame - The frame containing the signature to verify\n * @param {Buffer} publicKey - Ed25519 public key (32-byte raw OR spki DER)\n * @returns {boolean} True if the signature is cryptographically valid\n * @throws {Error} If signature length is invalid\n */\nexport function verifyFrameSignature(\n  frame: AxisFrame,\n  publicKey: Buffer,\n): boolean {\n  if (frame.sig.length === 0) {\n    return false; // No signature\n  }\n\n  if (frame.sig.length !== 64) {\n    throw new Error('Ed25519 signature must be 64 bytes');\n  }\n\n  const payload = computeSignaturePayload(frame);\n\n  try {\n    let keyObject: crypto.KeyObject;\n\n    // Check if key is raw 32-byte or DER-encoded\n    if (publicKey.length === 32) {\n      // Raw key - wrap in spki DER format\n      // spki prefix for Ed25519: 0x302a300506032b6570032100\n      const spkiPrefix = Buffer.from([\n        0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,\n      ]);\n      const spkiKey = Buffer.concat([spkiPrefix, publicKey]);\n\n      keyObject = crypto.createPublicKey({\n        key: spkiKey,\n        format: 'der',\n        type: 'spki',\n      });\n    } else {\n      // Assume already DER-encoded spki\n      keyObject = crypto.createPublicKey({\n        key: publicKey,\n        format: 'der',\n        type: 'spki',\n      });\n    }\n\n    const valid = crypto.verify(\n      null,\n      payload,\n      keyObject,\n      Buffer.from(frame.sig),\n    );\n    return valid;\n  } catch (error) {\n    return false;\n  }\n}\n\n/**\n * Generates a new Ed25519 key pair for use with the AXIS protocol.\n * Returns keys in canonical DER format (pkcs8 for private, spki for public).\n *\n * @returns {Object} An object containing the privateKey and publicKey as Buffers\n */\nexport function generateEd25519KeyPair(): {\n  privateKey: Buffer;\n  publicKey: Buffer;\n} {\n  const { privateKey, publicKey } = crypto.generateKeyPairSync('ed25519');\n\n  return {\n    privateKey: privateKey.export({ type: 'pkcs8', format: 'der' }) as Buffer,\n    publicKey: publicKey.export({ type: 'spki', format: 'der' }) as Buffer,\n  };\n}\n\n/**\n * Computes a standard SHA-256 hash of the provided data.\n *\n * @param {Buffer | Uint8Array} data - The input data to hash\n * @returns {Buffer} The 32-byte SHA-256 digest\n */\nexport function sha256(data: Buffer | Uint8Array): Buffer {\n  return crypto.createHash('sha256').update(data).digest();\n}\n\n/**\n * Computes a hash for an AXIS receipt, optionally chaining it to a previous hash.\n * This is used for generating an immutable transaction chain.\n *\n * @param {Buffer | Uint8Array} receiptBytes - The canonical binary representation of the receipt\n * @param {Buffer | Uint8Array} [prevHash] - The hash of the previous receipt in the chain\n * @returns {Buffer} The 32-byte SHA-256 hash of the receipt (and link)\n */\nexport function computeReceiptHash(\n  receiptBytes: Buffer | Uint8Array,\n  prevHash?: Buffer | Uint8Array,\n): Buffer {\n  const hasher = crypto.createHash('sha256');\n  hasher.update(receiptBytes);\n\n  if (prevHash && prevHash.length > 0) {\n    hasher.update(prevHash);\n  }\n\n  return hasher.digest();\n}\n","export class AxisError extends Error {\n  constructor(\n    public code: string,\n    message: string,\n    public httpStatus: number = 400,\n    public details?: Record<string, any>,\n  ) {\n    super(message);\n    this.name = 'AxisError';\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAc,uCAAd;;;ACAA,QAAmB;AAGnB,2BAIO;AASA,IAAM,aAA6C,SAAO;AAAA;AAAA,EAE/D,OAAS,SAAO,EAAE,IAAI,EAAE,YAAY;AAAA;AAAA,EAEpC,SAAW;AAAA,IACP,SAAO;AAAA,IACP,SAAmB,CAAC,MAAM,aAAa,UAAU;AAAA,EACrD;AAAA;AAAA,EAEA,MAAQ,SAAmB,CAAC,MAAM,aAAa,UAAU;AAAA;AAAA,EAEzD,KAAO,SAAmB,CAAC,MAAM,aAAa,UAAU;AAC1D,CAAC;;;AC5BD,aAAwB;AAgBjB,SAAS,wBAAwB,OAA0B;AAChE,SAAO,OAAO,SAAK,oCAAc,KAAK,CAAC;AACzC;AAWO,SAAS,UAAU,OAAkB,YAA4B;AACtE,QAAM,UAAU,wBAAwB,KAAK;AAE7C,MAAI;AAGJ,MAAI,WAAW,WAAW,IAAI;AAG5B,UAAM,cAAc,OAAO,KAAK;AAAA,MAC9B;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAClE;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,IACpB,CAAC;AACD,UAAM,WAAW,OAAO,OAAO,CAAC,aAAa,UAAU,CAAC;AAExD,gBAAmB,wBAAiB;AAAA,MAClC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH,OAAO;AAEL,gBAAmB,wBAAiB;AAAA,MAClC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,YAAmB,YAAK,MAAM,SAAS,SAAS;AAEtD,MAAI,UAAU,WAAW,IAAI;AAC3B,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAEA,SAAO;AACT;AAWO,SAAS,qBACd,OACA,WACS;AACT,MAAI,MAAM,IAAI,WAAW,GAAG;AAC1B,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,IAAI,WAAW,IAAI;AAC3B,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAEA,QAAM,UAAU,wBAAwB,KAAK;AAE7C,MAAI;AACF,QAAI;AAGJ,QAAI,UAAU,WAAW,IAAI;AAG3B,YAAM,aAAa,OAAO,KAAK;AAAA,QAC7B;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,MACpE,CAAC;AACD,YAAM,UAAU,OAAO,OAAO,CAAC,YAAY,SAAS,CAAC;AAErD,kBAAmB,uBAAgB;AAAA,QACjC,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH,OAAO;AAEL,kBAAmB,uBAAgB;AAAA,QACjC,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,UAAM,QAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO,KAAK,MAAM,GAAG;AAAA,IACvB;AACA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF;AAQO,SAAS,yBAGd;AACA,QAAM,EAAE,YAAY,UAAU,IAAW,2BAAoB,SAAS;AAEtE,SAAO;AAAA,IACL,YAAY,WAAW,OAAO,EAAE,MAAM,SAAS,QAAQ,MAAM,CAAC;AAAA,IAC9D,WAAW,UAAU,OAAO,EAAE,MAAM,QAAQ,QAAQ,MAAM,CAAC;AAAA,EAC7D;AACF;AAQO,SAAS,OAAO,MAAmC;AACxD,SAAc,kBAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO;AACzD;AAUO,SAAS,mBACd,cACA,UACQ;AACR,QAAM,SAAgB,kBAAW,QAAQ;AACzC,SAAO,OAAO,YAAY;AAE1B,MAAI,YAAY,SAAS,SAAS,GAAG;AACnC,WAAO,OAAO,QAAQ;AAAA,EACxB;AAEA,SAAO,OAAO,OAAO;AACvB;;;AChLO,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnC,YACS,MACP,SACO,aAAqB,KACrB,SACP;AACA,UAAM,OAAO;AALN;AAEA;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;","names":[]}

package/dist/core/index.mjs

@@ -1,105 +1,13 @@
-// src/core/constants.ts
-import {
-  AXIS_MAGIC,
-  AXIS_VERSION,
-  MAX_HDR_LEN,
-  MAX_BODY_LEN,
-  MAX_SIG_LEN,
-  MAX_FRAME_LEN,
-  FLAG_BODY_TLV,
-  FLAG_CHAIN_REQ,
-  FLAG_HAS_WITNESS,
-  TLV_PID,
-  TLV_TS,
-  TLV_INTENT,
-  TLV_ACTOR_ID,
-  TLV_PROOF_TYPE,
-  TLV_PROOF_REF,
-  TLV_NONCE,
-  TLV_AUD,
-  TLV_REALM,
-  TLV_NODE,
-  TLV_TRACE_ID,
-  TLV_KID,
-  TLV_RID,
-  TLV_OK,
-  TLV_EFFECT,
-  TLV_ERROR_CODE,
-  TLV_ERROR_MSG,
-  TLV_PREV_HASH,
-  TLV_RECEIPT_HASH,
-  TLV_NODE_KID,
-  TLV_NODE_CERT_HASH,
-  TLV_LOOM_PRESENCE_ID,
-  TLV_LOOM_WRIT,
-  TLV_LOOM_THREAD_HASH,
-  TLV_UPLOAD_ID,
-  TLV_INDEX,
-  TLV_OFFSET,
-  TLV_SHA256_CHUNK,
-  TLV_CAPSULE,
-  TLV_BODY_OBJ,
-  TLV_BODY_ARR,
-  NCERT_NODE_ID,
-  NCERT_KID,
-  NCERT_ALG,
-  NCERT_PUB,
-  NCERT_NBF,
-  NCERT_EXP,
-  NCERT_SCOPE,
-  NCERT_ISSUER_KID,
-  NCERT_PAYLOAD,
-  NCERT_SIG,
-  PROOF_NONE,
-  PROOF_CAPSULE,
-  PROOF_JWT,
-  PROOF_MTLS,
-  PROOF_LOOM,
-  PROOF_WITNESS,
-  ProofType,
-  BodyProfile,
-  ERR_INVALID_PACKET,
-  ERR_BAD_SIGNATURE,
-  ERR_REPLAY_DETECTED,
-  ERR_CONTRACT_VIOLATION
-} from "@nextera.one/axis-protocol";
-var _AxisMediaTypes = class _AxisMediaTypes {
-  static normalize(value) {
-    if (!value) return void 0;
-    return value.split(";", 1)[0].trim().toLowerCase();
-  }
-  static isAxisContentType(value) {
-    const normalized = _AxisMediaTypes.normalize(value);
-    return !!normalized && _AxisMediaTypes.VALID_AXIS_CONTENT_TYPES.some(
-      (contentType) => contentType === normalized
-    );
-  }
-};
-_AxisMediaTypes.BINARY = "application/axis-bin";
-_AxisMediaTypes.OCTET_STREAM = "application/octet-stream";
-_AxisMediaTypes.LEGACY_BINARY = "application/x-axis";
-_AxisMediaTypes.VALID_AXIS_CONTENT_TYPES = [
-  _AxisMediaTypes.BINARY,
-  _AxisMediaTypes.OCTET_STREAM,
-  _AxisMediaTypes.LEGACY_BINARY
-];
-var AxisMediaTypes = _AxisMediaTypes;
-
-// src/core/varint.ts
-import { encodeVarint, decodeVarint, varintLength } from "@nextera.one/axis-protocol";
-
-// src/core/tlv.ts
-import {
-  TLV,
-  encodeTLVs,
-  decodeTLVs,
-  decodeTLVsList,
-  decodeObject,
-  decodeArray
-} from "@nextera.one/axis-protocol";
+// src/core/index.ts
+export * from "@nextera.one/axis-protocol";
 
 // src/core/axis-bin.ts
 import * as z from "zod";
+import {
+  decodeFrame,
+  encodeFrame,
+  getSignTarget
+} from "@nextera.one/axis-protocol";
 var AxisFrameZ = z.object({
   /** Flag bits for protocol control (e.g., encryption, compression) */
   flags: z.number().int().nonnegative(),
@@ -113,96 +21,11 @@ var AxisFrameZ = z.object({
   /** The cryptographic signature covering the frame (except the signature itself) */
   sig: z.custom((v) => v instanceof Uint8Array)
 });
-function encodeFrame(frame) {
-  const hdrBytes = encodeTLVs(
-    Array.from(frame.headers.entries()).map(([t, v]) => ({
-      type: t,
-      value: v
-    }))
-  );
-  if (hdrBytes.length > MAX_HDR_LEN) throw new Error("Header too large");
-  if (frame.body.length > MAX_BODY_LEN) throw new Error("Body too large");
-  if (frame.sig.length > MAX_SIG_LEN) throw new Error("Signature too large");
-  const hdrLenBytes = encodeVarint(hdrBytes.length);
-  const bodyLenBytes = encodeVarint(frame.body.length);
-  const sigLenBytes = encodeVarint(frame.sig.length);
-  const totalLen = 5 + // Magic (AXIS1)
-  1 + // Version
-  1 + // Flags
-  hdrLenBytes.length + bodyLenBytes.length + sigLenBytes.length + hdrBytes.length + frame.body.length + frame.sig.length;
-  if (totalLen > MAX_FRAME_LEN) throw new Error("Total frame too large");
-  const buf = new Uint8Array(totalLen);
-  let offset = 0;
-  buf.set(AXIS_MAGIC, offset);
-  offset += 5;
-  buf[offset++] = AXIS_VERSION;
-  buf[offset++] = frame.flags;
-  buf.set(hdrLenBytes, offset);
-  offset += hdrLenBytes.length;
-  buf.set(bodyLenBytes, offset);
-  offset += bodyLenBytes.length;
-  buf.set(sigLenBytes, offset);
-  offset += sigLenBytes.length;
-  buf.set(hdrBytes, offset);
-  offset += hdrBytes.length;
-  buf.set(frame.body, offset);
-  offset += frame.body.length;
-  buf.set(frame.sig, offset);
-  offset += frame.sig.length;
-  return buf;
-}
-function decodeFrame(buf) {
-  let offset = 0;
-  if (offset + 5 > buf.length) throw new Error("Packet too short");
-  for (let i = 0; i < 5; i++) {
-    if (buf[offset + i] !== AXIS_MAGIC[i]) throw new Error("Invalid Magic");
-  }
-  offset += 5;
-  const ver = buf[offset++];
-  if (ver !== AXIS_VERSION) throw new Error(`Unsupported version: ${ver}`);
-  const flags = buf[offset++];
-  const { value: hdrLen, length: hlLen } = decodeVarint(buf, offset);
-  offset += hlLen;
-  if (hdrLen > MAX_HDR_LEN) throw new Error("Header limit exceeded");
-  const { value: bodyLen, length: blLen } = decodeVarint(buf, offset);
-  offset += blLen;
-  if (bodyLen > MAX_BODY_LEN) throw new Error("Body limit exceeded");
-  const { value: sigLen, length: slLen } = decodeVarint(buf, offset);
-  offset += slLen;
-  if (sigLen > MAX_SIG_LEN) throw new Error("Signature limit exceeded");
-  if (offset + hdrLen + bodyLen + sigLen > buf.length) {
-    throw new Error("Frame truncated");
-  }
-  const hdrBytes = buf.slice(offset, offset + hdrLen);
-  offset += hdrLen;
-  const bodyBytes = buf.slice(offset, offset + bodyLen);
-  offset += bodyLen;
-  const sigBytes = buf.slice(offset, offset + sigLen);
-  offset += sigLen;
-  const headers = decodeTLVs(hdrBytes);
-  return {
-    flags,
-    headers,
-    body: bodyBytes,
-    sig: sigBytes
-  };
-}
-function getSignTarget(frame) {
-  return encodeFrame({
-    ...frame,
-    sig: new Uint8Array(0)
-  });
-}
 
 // src/core/signature.ts
 import * as crypto from "crypto";
 function computeSignaturePayload(frame) {
-  const frameWithoutSig = {
-    ...frame,
-    sig: new Uint8Array(0)
-  };
-  const encoded = encodeFrame(frameWithoutSig);
-  return Buffer.from(encoded);
+  return Buffer.from(getSignTarget(frame));
 }
 function signFrame(frame, privateKey) {
   const payload = computeSignaturePayload(frame);
@@ -324,88 +147,13 @@ var AxisError = class extends Error {
   }
 };
 export {
-  AXIS_MAGIC,
-  AXIS_VERSION,
   AxisError,
   AxisFrameZ,
-  AxisMediaTypes,
-  BodyProfile,
-  ERR_BAD_SIGNATURE,
-  ERR_CONTRACT_VIOLATION,
-  ERR_INVALID_PACKET,
-  ERR_REPLAY_DETECTED,
-  FLAG_BODY_TLV,
-  FLAG_CHAIN_REQ,
-  FLAG_HAS_WITNESS,
-  MAX_BODY_LEN,
-  MAX_FRAME_LEN,
-  MAX_HDR_LEN,
-  MAX_SIG_LEN,
-  NCERT_ALG,
-  NCERT_EXP,
-  NCERT_ISSUER_KID,
-  NCERT_KID,
-  NCERT_NBF,
-  NCERT_NODE_ID,
-  NCERT_PAYLOAD,
-  NCERT_PUB,
-  NCERT_SCOPE,
-  NCERT_SIG,
-  PROOF_CAPSULE,
-  PROOF_JWT,
-  PROOF_LOOM,
-  PROOF_MTLS,
-  PROOF_NONE,
-  PROOF_WITNESS,
-  ProofType,
-  TLV,
-  TLV_ACTOR_ID,
-  TLV_AUD,
-  TLV_BODY_ARR,
-  TLV_BODY_OBJ,
-  TLV_CAPSULE,
-  TLV_EFFECT,
-  TLV_ERROR_CODE,
-  TLV_ERROR_MSG,
-  TLV_INDEX,
-  TLV_INTENT,
-  TLV_KID,
-  TLV_LOOM_PRESENCE_ID,
-  TLV_LOOM_THREAD_HASH,
-  TLV_LOOM_WRIT,
-  TLV_NODE,
-  TLV_NODE_CERT_HASH,
-  TLV_NODE_KID,
-  TLV_NONCE,
-  TLV_OFFSET,
-  TLV_OK,
-  TLV_PID,
-  TLV_PREV_HASH,
-  TLV_PROOF_REF,
-  TLV_PROOF_TYPE,
-  TLV_REALM,
-  TLV_RECEIPT_HASH,
-  TLV_RID,
-  TLV_SHA256_CHUNK,
-  TLV_TRACE_ID,
-  TLV_TS,
-  TLV_UPLOAD_ID,
   computeReceiptHash,
   computeSignaturePayload,
-  decodeArray,
-  decodeFrame,
-  decodeObject,
-  decodeTLVs,
-  decodeTLVsList,
-  decodeVarint,
-  encodeFrame,
-  encodeTLVs,
-  encodeVarint,
   generateEd25519KeyPair,
-  getSignTarget,
   sha256,
   signFrame,
-  varintLength,
   verifyFrameSignature
 };
 //# sourceMappingURL=index.mjs.map

package/dist/core/index.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/core/constants.ts","../../src/core/varint.ts","../../src/core/tlv.ts","../../src/core/axis-bin.ts","../../src/core/signature.ts","../../src/core/axis-error.ts"],"sourcesContent":["export {\n  AXIS_MAGIC,\n  AXIS_VERSION,\n  MAX_HDR_LEN,\n  MAX_BODY_LEN,\n  MAX_SIG_LEN,\n  MAX_FRAME_LEN,\n  FLAG_BODY_TLV,\n  FLAG_CHAIN_REQ,\n  FLAG_HAS_WITNESS,\n  TLV_PID,\n  TLV_TS,\n  TLV_INTENT,\n  TLV_ACTOR_ID,\n  TLV_PROOF_TYPE,\n  TLV_PROOF_REF,\n  TLV_NONCE,\n  TLV_AUD,\n  TLV_REALM,\n  TLV_NODE,\n  TLV_TRACE_ID,\n  TLV_KID,\n  TLV_RID,\n  TLV_OK,\n  TLV_EFFECT,\n  TLV_ERROR_CODE,\n  TLV_ERROR_MSG,\n  TLV_PREV_HASH,\n  TLV_RECEIPT_HASH,\n  TLV_NODE_KID,\n  TLV_NODE_CERT_HASH,\n  TLV_LOOM_PRESENCE_ID,\n  TLV_LOOM_WRIT,\n  TLV_LOOM_THREAD_HASH,\n  TLV_UPLOAD_ID,\n  TLV_INDEX,\n  TLV_OFFSET,\n  TLV_SHA256_CHUNK,\n  TLV_CAPSULE,\n  TLV_BODY_OBJ,\n  TLV_BODY_ARR,\n  NCERT_NODE_ID,\n  NCERT_KID,\n  NCERT_ALG,\n  NCERT_PUB,\n  NCERT_NBF,\n  NCERT_EXP,\n  NCERT_SCOPE,\n  NCERT_ISSUER_KID,\n  NCERT_PAYLOAD,\n  NCERT_SIG,\n  PROOF_NONE,\n  PROOF_CAPSULE,\n  PROOF_JWT,\n  PROOF_MTLS,\n  PROOF_LOOM,\n  PROOF_WITNESS,\n  ProofType,\n  BodyProfile,\n  ERR_INVALID_PACKET,\n  ERR_BAD_SIGNATURE,\n  ERR_REPLAY_DETECTED,\n  ERR_CONTRACT_VIOLATION,\n} from '@nextera.one/axis-protocol';\n\nexport abstract class AxisMediaTypes {\n  static readonly BINARY = 'application/axis-bin';\n  static readonly OCTET_STREAM = 'application/octet-stream';\n  static readonly LEGACY_BINARY = 'application/x-axis';\n\n  static readonly VALID_AXIS_CONTENT_TYPES = [\n    AxisMediaTypes.BINARY,\n    AxisMediaTypes.OCTET_STREAM,\n    AxisMediaTypes.LEGACY_BINARY,\n  ] as const;\n\n  static normalize(value?: string | null): string | undefined {\n    if (!value) return undefined;\n    return value.split(';', 1)[0].trim().toLowerCase();\n  }\n\n  static isAxisContentType(value?: string | null): boolean {\n    const normalized = AxisMediaTypes.normalize(value);\n    return (\n      !!normalized &&\n      AxisMediaTypes.VALID_AXIS_CONTENT_TYPES.some(\n        (contentType) => contentType === normalized,\n      )\n    );\n  }\n}\n","export { encodeVarint, decodeVarint, varintLength } from '@nextera.one/axis-protocol';\n","export {\n  TLV, encodeTLVs, decodeTLVs, decodeTLVsList, decodeObject, decodeArray,\n} from '@nextera.one/axis-protocol';\n","import * as z from 'zod';\n\n/**\n * AxisFrame Schema\n *\n * Defines the logical structure of an AXIS frame using Zod for runtime validation.\n * This is used for internal processing after the low-level binary parsing is complete.\n */\nexport const AxisFrameZ = z.object({\n  /** Flag bits for protocol control (e.g., encryption, compression) */\n  flags: z.number().int().nonnegative(),\n  /** A map of TLV headers where key=Tag and value=BinaryData */\n  headers: z.map(\n    z.number(),\n    z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n  ),\n  /** The main payload of the frame */\n  body: z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n  /** The cryptographic signature covering the frame (except the signature itself) */\n  sig: z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n});\n\n/**\n * Represents a structured AXIS frame.\n * @typedef {Object} AxisFrame\n */\nexport type AxisFrame = z.infer<typeof AxisFrameZ>;\nexport type AxisBinaryFrame = AxisFrame;\nimport {\n  AXIS_MAGIC,\n  AXIS_VERSION,\n  MAX_BODY_LEN,\n  MAX_FRAME_LEN,\n  MAX_HDR_LEN,\n  MAX_SIG_LEN,\n} from './constants';\nimport { decodeTLVs, encodeTLVs } from './tlv';\nimport { decodeVarint, encodeVarint } from './varint';\n\n/**\n * Encodes a structured AxisFrame into its binary wire representation.\n *\n * **Encoding Steps:**\n * 1. Encodes header TLV map into a single buffer.\n * 2. Validates lengths against MAX_* constants.\n * 3. Encodes lengths (HDR, BODY, SIG) as varints.\n * 4. Assembles the final byte array with magic, version, and flags.\n *\n * @param {AxisFrame} frame - The structured frame to encode\n * @returns {Uint8Array} The full binary frame\n * @throws {Error} If any section exceeds protocol limits\n */\nexport function encodeFrame(frame: AxisFrame): Uint8Array {\n  const hdrBytes = encodeTLVs(\n    Array.from(frame.headers.entries()).map(([t, v]) => ({\n      type: t,\n      value: v,\n    })),\n  );\n\n  if (hdrBytes.length > MAX_HDR_LEN) throw new Error('Header too large');\n  if (frame.body.length > MAX_BODY_LEN) throw new Error('Body too large');\n  if (frame.sig.length > MAX_SIG_LEN) throw new Error('Signature too large');\n\n  // Header Len, Body Len, Sig Len\n  const hdrLenBytes = encodeVarint(hdrBytes.length);\n  const bodyLenBytes = encodeVarint(frame.body.length);\n  const sigLenBytes = encodeVarint(frame.sig.length);\n\n  const totalLen =\n    5 + // Magic (AXIS1)\n    1 + // Version\n    1 + // Flags\n    hdrLenBytes.length +\n    bodyLenBytes.length +\n    sigLenBytes.length +\n    hdrBytes.length +\n    frame.body.length +\n    frame.sig.length;\n\n  if (totalLen > MAX_FRAME_LEN) throw new Error('Total frame too large');\n\n  const buf = new Uint8Array(totalLen);\n  let offset = 0;\n\n  // Magic (AXIS1 - 5 bytes)\n  buf.set(AXIS_MAGIC, offset);\n  offset += 5;\n\n  // Version\n  buf[offset++] = AXIS_VERSION;\n\n  // Flags\n  buf[offset++] = frame.flags;\n\n  // Lengths\n  buf.set(hdrLenBytes, offset);\n  offset += hdrLenBytes.length;\n\n  buf.set(bodyLenBytes, offset);\n  offset += bodyLenBytes.length;\n\n  buf.set(sigLenBytes, offset);\n  offset += sigLenBytes.length;\n\n  // Payloads\n  buf.set(hdrBytes, offset);\n  offset += hdrBytes.length;\n\n  buf.set(frame.body, offset);\n  offset += frame.body.length;\n\n  buf.set(frame.sig, offset);\n  offset += frame.sig.length;\n\n  return buf;\n}\n\n/**\n * Decodes a binary buffer into a structured AxisFrame with strict validation.\n *\n * @param {Uint8Array} buf - Raw bytes from the wire\n * @returns {AxisFrame} The parsed and validated frame\n * @throws {Error} If magic, version, or lengths are invalid\n */\nexport function decodeFrame(buf: Uint8Array): AxisFrame {\n  let offset = 0;\n\n  // 1. Magic (AXIS1 - 5 bytes)\n  if (offset + 5 > buf.length) throw new Error('Packet too short');\n  for (let i = 0; i < 5; i++) {\n    if (buf[offset + i] !== AXIS_MAGIC[i]) throw new Error('Invalid Magic');\n  }\n  offset += 5;\n\n  // 2. Version\n  const ver = buf[offset++];\n  if (ver !== AXIS_VERSION) throw new Error(`Unsupported version: ${ver}`);\n\n  // 3. Flags\n  const flags = buf[offset++];\n\n  // 4. Lengths\n  const { value: hdrLen, length: hlLen } = decodeVarint(buf, offset);\n  offset += hlLen;\n  if (hdrLen > MAX_HDR_LEN) throw new Error('Header limit exceeded');\n\n  const { value: bodyLen, length: blLen } = decodeVarint(buf, offset);\n  offset += blLen;\n  if (bodyLen > MAX_BODY_LEN) throw new Error('Body limit exceeded');\n\n  const { value: sigLen, length: slLen } = decodeVarint(buf, offset);\n  offset += slLen;\n  if (sigLen > MAX_SIG_LEN) throw new Error('Signature limit exceeded');\n\n  // 5. Extract Bytes\n  if (offset + hdrLen + bodyLen + sigLen > buf.length) {\n    throw new Error('Frame truncated');\n  }\n\n  const hdrBytes = buf.slice(offset, offset + hdrLen);\n  offset += hdrLen;\n\n  const bodyBytes = buf.slice(offset, offset + bodyLen);\n  offset += bodyLen;\n\n  const sigBytes = buf.slice(offset, offset + sigLen);\n  offset += sigLen;\n\n  // 6. Decode Header TLVs\n  const headers = decodeTLVs(hdrBytes);\n\n  return {\n    flags,\n    headers,\n    body: bodyBytes,\n    sig: sigBytes,\n  };\n}\n\n/**\n * Helper to get canonical bytes for signing.\n * SigTarget = All bytes up to SigLen, with SigLen=0, and no SigBytes.\n */\nexport function getSignTarget(frame: AxisFrame): Uint8Array {\n  // Re-encode frame but with empty signature\n  // Note: This is efficient enough for v1 (tens of KB).\n  return encodeFrame({\n    ...frame,\n    sig: new Uint8Array(0),\n  });\n}\n","import * as crypto from 'crypto';\n\nimport { AxisFrame, encodeFrame } from './axis-bin';\n\n/**\n * Signature utilities for AXIS binary frames\n * Supports Ed25519 signature generation and verification\n */\n\n/**\n * Computes the canonical payload for signing an AXIS frame.\n * The signature covers all bytes of the encoded frame EXCEPT the signature field itself.\n *\n * @param {AxisFrame} frame - The frame to prepare for signing\n * @returns {Buffer} The serialized canonical bytes for the signature algorithm\n */\nexport function computeSignaturePayload(frame: AxisFrame): Buffer {\n  // Re-encode frame with empty signature\n  const frameWithoutSig: AxisFrame = {\n    ...frame,\n    sig: new Uint8Array(0),\n  };\n\n  const encoded = encodeFrame(frameWithoutSig);\n  return Buffer.from(encoded);\n}\n\n/**\n * Signs an AXIS frame using the Ed25519 algorithm.\n * Automatically handles both raw 32-byte seeds and pkcs8 DER-encoded private keys.\n *\n * @param {AxisFrame} frame - The frame to sign\n * @param {Buffer} privateKey - Ed25519 private key (32-byte raw OR pkcs8 DER)\n * @returns {Buffer} The 64-byte Ed25519 signature\n * @throws {Error} If key format is invalid or signing fail\n */\nexport function signFrame(frame: AxisFrame, privateKey: Buffer): Buffer {\n  const payload = computeSignaturePayload(frame);\n\n  let keyObject: crypto.KeyObject;\n\n  // Check if key is raw 32-byte seed or DER-encoded\n  if (privateKey.length === 32) {\n    // Raw seed - wrap in pkcs8 DER format\n    // pkcs8 prefix for Ed25519: 0x302e020100300506032b657004220420\n    const pkcs8Prefix = Buffer.from([\n      0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,\n      0x04, 0x22, 0x04, 0x20,\n    ]);\n    const pkcs8Key = Buffer.concat([pkcs8Prefix, privateKey]);\n\n    keyObject = crypto.createPrivateKey({\n      key: pkcs8Key,\n      format: 'der',\n      type: 'pkcs8',\n    });\n  } else {\n    // Assume already DER-encoded pkcs8\n    keyObject = crypto.createPrivateKey({\n      key: privateKey,\n      format: 'der',\n      type: 'pkcs8',\n    });\n  }\n\n  const signature = crypto.sign(null, payload, keyObject);\n\n  if (signature.length !== 64) {\n    throw new Error('Ed25519 signature must be 64 bytes');\n  }\n\n  return signature;\n}\n\n/**\n * Verifies an Ed25519 signature on an AXIS frame.\n * Automatically handles both raw 32-byte public keys and spki DER-encoded public keys.\n *\n * @param {AxisFrame} frame - The frame containing the signature to verify\n * @param {Buffer} publicKey - Ed25519 public key (32-byte raw OR spki DER)\n * @returns {boolean} True if the signature is cryptographically valid\n * @throws {Error} If signature length is invalid\n */\nexport function verifyFrameSignature(\n  frame: AxisFrame,\n  publicKey: Buffer,\n): boolean {\n  if (frame.sig.length === 0) {\n    return false; // No signature\n  }\n\n  if (frame.sig.length !== 64) {\n    throw new Error('Ed25519 signature must be 64 bytes');\n  }\n\n  const payload = computeSignaturePayload(frame);\n\n  try {\n    let keyObject: crypto.KeyObject;\n\n    // Check if key is raw 32-byte or DER-encoded\n    if (publicKey.length === 32) {\n      // Raw key - wrap in spki DER format\n      // spki prefix for Ed25519: 0x302a300506032b6570032100\n      const spkiPrefix = Buffer.from([\n        0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,\n      ]);\n      const spkiKey = Buffer.concat([spkiPrefix, publicKey]);\n\n      keyObject = crypto.createPublicKey({\n        key: spkiKey,\n        format: 'der',\n        type: 'spki',\n      });\n    } else {\n      // Assume already DER-encoded spki\n      keyObject = crypto.createPublicKey({\n        key: publicKey,\n        format: 'der',\n        type: 'spki',\n      });\n    }\n\n    const valid = crypto.verify(\n      null,\n      payload,\n      keyObject,\n      Buffer.from(frame.sig),\n    );\n    return valid;\n  } catch (error) {\n    return false;\n  }\n}\n\n/**\n * Generates a new Ed25519 key pair for use with the AXIS protocol.\n * Returns keys in canonical DER format (pkcs8 for private, spki for public).\n *\n * @returns {Object} An object containing the privateKey and publicKey as Buffers\n */\nexport function generateEd25519KeyPair(): {\n  privateKey: Buffer;\n  publicKey: Buffer;\n} {\n  const { privateKey, publicKey } = crypto.generateKeyPairSync('ed25519');\n\n  return {\n    privateKey: privateKey.export({ type: 'pkcs8', format: 'der' }) as Buffer,\n    publicKey: publicKey.export({ type: 'spki', format: 'der' }) as Buffer,\n  };\n}\n\n/**\n * Computes a standard SHA-256 hash of the provided data.\n *\n * @param {Buffer | Uint8Array} data - The input data to hash\n * @returns {Buffer} The 32-byte SHA-256 digest\n */\nexport function sha256(data: Buffer | Uint8Array): Buffer {\n  return crypto.createHash('sha256').update(data).digest();\n}\n\n/**\n * Computes a hash for an AXIS receipt, optionally chaining it to a previous hash.\n * This is used for generating an immutable transaction chain.\n *\n * @param {Buffer | Uint8Array} receiptBytes - The canonical binary representation of the receipt\n * @param {Buffer | Uint8Array} [prevHash] - The hash of the previous receipt in the chain\n * @returns {Buffer} The 32-byte SHA-256 hash of the receipt (and link)\n */\nexport function computeReceiptHash(\n  receiptBytes: Buffer | Uint8Array,\n  prevHash?: Buffer | Uint8Array,\n): Buffer {\n  const hasher = crypto.createHash('sha256');\n  hasher.update(receiptBytes);\n\n  if (prevHash && prevHash.length > 0) {\n    hasher.update(prevHash);\n  }\n\n  return hasher.digest();\n}\n","export class AxisError extends Error {\n  constructor(\n    public code: string,\n    message: string,\n    public httpStatus: number = 400,\n    public details?: Record<string, any>,\n  ) {\n    super(message);\n    this.name = 'AxisError';\n  }\n}\n"],"mappings":";AAAA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEA,IAAe,kBAAf,MAAe,gBAAe;AAAA,EAWnC,OAAO,UAAU,OAA2C;AAC1D,QAAI,CAAC,MAAO,QAAO;AACnB,WAAO,MAAM,MAAM,KAAK,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,YAAY;AAAA,EACnD;AAAA,EAEA,OAAO,kBAAkB,OAAgC;AACvD,UAAM,aAAa,gBAAe,UAAU,KAAK;AACjD,WACE,CAAC,CAAC,cACF,gBAAe,yBAAyB;AAAA,MACtC,CAAC,gBAAgB,gBAAgB;AAAA,IACnC;AAAA,EAEJ;AACF;AAzBsB,gBACJ,SAAS;AADL,gBAEJ,eAAe;AAFX,gBAGJ,gBAAgB;AAHZ,gBAKJ,2BAA2B;AAAA,EACzC,gBAAe;AAAA,EACf,gBAAe;AAAA,EACf,gBAAe;AACjB;AATK,IAAe,iBAAf;;;ACjEP,SAAS,cAAc,cAAc,oBAAoB;;;ACAzD;AAAA,EACE;AAAA,EAAK;AAAA,EAAY;AAAA,EAAY;AAAA,EAAgB;AAAA,EAAc;AAAA,OACtD;;;ACFP,YAAY,OAAO;AAQZ,IAAM,aAAe,SAAO;AAAA;AAAA,EAEjC,OAAS,SAAO,EAAE,IAAI,EAAE,YAAY;AAAA;AAAA,EAEpC,SAAW;AAAA,IACP,SAAO;AAAA,IACP,SAAmB,CAAC,MAAM,aAAa,UAAU;AAAA,EACrD;AAAA;AAAA,EAEA,MAAQ,SAAmB,CAAC,MAAM,aAAa,UAAU;AAAA;AAAA,EAEzD,KAAO,SAAmB,CAAC,MAAM,aAAa,UAAU;AAC1D,CAAC;AAgCM,SAAS,YAAY,OAA8B;AACxD,QAAM,WAAW;AAAA,IACf,MAAM,KAAK,MAAM,QAAQ,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO;AAAA,MACnD,MAAM;AAAA,MACN,OAAO;AAAA,IACT,EAAE;AAAA,EACJ;AAEA,MAAI,SAAS,SAAS,YAAa,OAAM,IAAI,MAAM,kBAAkB;AACrE,MAAI,MAAM,KAAK,SAAS,aAAc,OAAM,IAAI,MAAM,gBAAgB;AACtE,MAAI,MAAM,IAAI,SAAS,YAAa,OAAM,IAAI,MAAM,qBAAqB;AAGzE,QAAM,cAAc,aAAa,SAAS,MAAM;AAChD,QAAM,eAAe,aAAa,MAAM,KAAK,MAAM;AACnD,QAAM,cAAc,aAAa,MAAM,IAAI,MAAM;AAEjD,QAAM,WACJ;AAAA,EACA;AAAA,EACA;AAAA,EACA,YAAY,SACZ,aAAa,SACb,YAAY,SACZ,SAAS,SACT,MAAM,KAAK,SACX,MAAM,IAAI;AAEZ,MAAI,WAAW,cAAe,OAAM,IAAI,MAAM,uBAAuB;AAErE,QAAM,MAAM,IAAI,WAAW,QAAQ;AACnC,MAAI,SAAS;AAGb,MAAI,IAAI,YAAY,MAAM;AAC1B,YAAU;AAGV,MAAI,QAAQ,IAAI;AAGhB,MAAI,QAAQ,IAAI,MAAM;AAGtB,MAAI,IAAI,aAAa,MAAM;AAC3B,YAAU,YAAY;AAEtB,MAAI,IAAI,cAAc,MAAM;AAC5B,YAAU,aAAa;AAEvB,MAAI,IAAI,aAAa,MAAM;AAC3B,YAAU,YAAY;AAGtB,MAAI,IAAI,UAAU,MAAM;AACxB,YAAU,SAAS;AAEnB,MAAI,IAAI,MAAM,MAAM,MAAM;AAC1B,YAAU,MAAM,KAAK;AAErB,MAAI,IAAI,MAAM,KAAK,MAAM;AACzB,YAAU,MAAM,IAAI;AAEpB,SAAO;AACT;AASO,SAAS,YAAY,KAA4B;AACtD,MAAI,SAAS;AAGb,MAAI,SAAS,IAAI,IAAI,OAAQ,OAAM,IAAI,MAAM,kBAAkB;AAC/D,WAAS,IAAI,GAAG,IAAI,GAAG,KAAK;AAC1B,QAAI,IAAI,SAAS,CAAC,MAAM,WAAW,CAAC,EAAG,OAAM,IAAI,MAAM,eAAe;AAAA,EACxE;AACA,YAAU;AAGV,QAAM,MAAM,IAAI,QAAQ;AACxB,MAAI,QAAQ,aAAc,OAAM,IAAI,MAAM,wBAAwB,GAAG,EAAE;AAGvE,QAAM,QAAQ,IAAI,QAAQ;AAG1B,QAAM,EAAE,OAAO,QAAQ,QAAQ,MAAM,IAAI,aAAa,KAAK,MAAM;AACjE,YAAU;AACV,MAAI,SAAS,YAAa,OAAM,IAAI,MAAM,uBAAuB;AAEjE,QAAM,EAAE,OAAO,SAAS,QAAQ,MAAM,IAAI,aAAa,KAAK,MAAM;AAClE,YAAU;AACV,MAAI,UAAU,aAAc,OAAM,IAAI,MAAM,qBAAqB;AAEjE,QAAM,EAAE,OAAO,QAAQ,QAAQ,MAAM,IAAI,aAAa,KAAK,MAAM;AACjE,YAAU;AACV,MAAI,SAAS,YAAa,OAAM,IAAI,MAAM,0BAA0B;AAGpE,MAAI,SAAS,SAAS,UAAU,SAAS,IAAI,QAAQ;AACnD,UAAM,IAAI,MAAM,iBAAiB;AAAA,EACnC;AAEA,QAAM,WAAW,IAAI,MAAM,QAAQ,SAAS,MAAM;AAClD,YAAU;AAEV,QAAM,YAAY,IAAI,MAAM,QAAQ,SAAS,OAAO;AACpD,YAAU;AAEV,QAAM,WAAW,IAAI,MAAM,QAAQ,SAAS,MAAM;AAClD,YAAU;AAGV,QAAM,UAAU,WAAW,QAAQ;AAEnC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,KAAK;AAAA,EACP;AACF;AAMO,SAAS,cAAc,OAA8B;AAG1D,SAAO,YAAY;AAAA,IACjB,GAAG;AAAA,IACH,KAAK,IAAI,WAAW,CAAC;AAAA,EACvB,CAAC;AACH;;;AC/LA,YAAY,YAAY;AAgBjB,SAAS,wBAAwB,OAA0B;AAEhE,QAAM,kBAA6B;AAAA,IACjC,GAAG;AAAA,IACH,KAAK,IAAI,WAAW,CAAC;AAAA,EACvB;AAEA,QAAM,UAAU,YAAY,eAAe;AAC3C,SAAO,OAAO,KAAK,OAAO;AAC5B;AAWO,SAAS,UAAU,OAAkB,YAA4B;AACtE,QAAM,UAAU,wBAAwB,KAAK;AAE7C,MAAI;AAGJ,MAAI,WAAW,WAAW,IAAI;AAG5B,UAAM,cAAc,OAAO,KAAK;AAAA,MAC9B;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAClE;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,IACpB,CAAC;AACD,UAAM,WAAW,OAAO,OAAO,CAAC,aAAa,UAAU,CAAC;AAExD,gBAAmB,wBAAiB;AAAA,MAClC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH,OAAO;AAEL,gBAAmB,wBAAiB;AAAA,MAClC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,YAAmB,YAAK,MAAM,SAAS,SAAS;AAEtD,MAAI,UAAU,WAAW,IAAI;AAC3B,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAEA,SAAO;AACT;AAWO,SAAS,qBACd,OACA,WACS;AACT,MAAI,MAAM,IAAI,WAAW,GAAG;AAC1B,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,IAAI,WAAW,IAAI;AAC3B,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAEA,QAAM,UAAU,wBAAwB,KAAK;AAE7C,MAAI;AACF,QAAI;AAGJ,QAAI,UAAU,WAAW,IAAI;AAG3B,YAAM,aAAa,OAAO,KAAK;AAAA,QAC7B;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,MACpE,CAAC;AACD,YAAM,UAAU,OAAO,OAAO,CAAC,YAAY,SAAS,CAAC;AAErD,kBAAmB,uBAAgB;AAAA,QACjC,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH,OAAO;AAEL,kBAAmB,uBAAgB;AAAA,QACjC,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,UAAM,QAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO,KAAK,MAAM,GAAG;AAAA,IACvB;AACA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF;AAQO,SAAS,yBAGd;AACA,QAAM,EAAE,YAAY,UAAU,IAAW,2BAAoB,SAAS;AAEtE,SAAO;AAAA,IACL,YAAY,WAAW,OAAO,EAAE,MAAM,SAAS,QAAQ,MAAM,CAAC;AAAA,IAC9D,WAAW,UAAU,OAAO,EAAE,MAAM,QAAQ,QAAQ,MAAM,CAAC;AAAA,EAC7D;AACF;AAQO,SAAS,OAAO,MAAmC;AACxD,SAAc,kBAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO;AACzD;AAUO,SAAS,mBACd,cACA,UACQ;AACR,QAAM,SAAgB,kBAAW,QAAQ;AACzC,SAAO,OAAO,YAAY;AAE1B,MAAI,YAAY,SAAS,SAAS,GAAG;AACnC,WAAO,OAAO,QAAQ;AAAA,EACxB;AAEA,SAAO,OAAO,OAAO;AACvB;;;ACvLO,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnC,YACS,MACP,SACO,aAAqB,KACrB,SACP;AACA,UAAM,OAAO;AALN;AAEA;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;","names":[]}
+{"version":3,"sources":["../../src/core/index.ts","../../src/core/axis-bin.ts","../../src/core/signature.ts","../../src/core/axis-error.ts"],"sourcesContent":["export * from '@nextera.one/axis-protocol';\nexport { AxisFrameZ } from './axis-bin';\nexport * from './signature';\nexport * from './axis-error';\n","import * as z from 'zod';\nimport type { AxisFrame as ProtocolAxisFrame } from '@nextera.one/axis-protocol';\n\nexport {\n  decodeFrame,\n  encodeFrame,\n  getSignTarget,\n} from '@nextera.one/axis-protocol';\nexport type { AxisFrame, AxisBinaryFrame } from '@nextera.one/axis-protocol';\n\n/**\n * AxisFrame Schema\n *\n * Defines the logical structure of an AXIS frame using Zod for runtime validation.\n * This is used for internal processing after the low-level binary parsing is complete.\n */\nexport const AxisFrameZ: z.ZodType<ProtocolAxisFrame> = z.object({\n  /** Flag bits for protocol control (e.g., encryption, compression) */\n  flags: z.number().int().nonnegative(),\n  /** A map of TLV headers where key=Tag and value=BinaryData */\n  headers: z.map(\n    z.number(),\n    z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n  ),\n  /** The main payload of the frame */\n  body: z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n  /** The cryptographic signature covering the frame (except the signature itself) */\n  sig: z.custom<Uint8Array>((v) => v instanceof Uint8Array),\n});\n","import * as crypto from 'crypto';\n\nimport { AxisFrame, getSignTarget } from './axis-bin';\n\n/**\n * Signature utilities for AXIS binary frames\n * Supports Ed25519 signature generation and verification\n */\n\n/**\n * Computes the canonical payload for signing an AXIS frame.\n * The signature covers all bytes of the encoded frame EXCEPT the signature field itself.\n *\n * @param {AxisFrame} frame - The frame to prepare for signing\n * @returns {Buffer} The serialized canonical bytes for the signature algorithm\n */\nexport function computeSignaturePayload(frame: AxisFrame): Buffer {\n  return Buffer.from(getSignTarget(frame));\n}\n\n/**\n * Signs an AXIS frame using the Ed25519 algorithm.\n * Automatically handles both raw 32-byte seeds and pkcs8 DER-encoded private keys.\n *\n * @param {AxisFrame} frame - The frame to sign\n * @param {Buffer} privateKey - Ed25519 private key (32-byte raw OR pkcs8 DER)\n * @returns {Buffer} The 64-byte Ed25519 signature\n * @throws {Error} If key format is invalid or signing fail\n */\nexport function signFrame(frame: AxisFrame, privateKey: Buffer): Buffer {\n  const payload = computeSignaturePayload(frame);\n\n  let keyObject: crypto.KeyObject;\n\n  // Check if key is raw 32-byte seed or DER-encoded\n  if (privateKey.length === 32) {\n    // Raw seed - wrap in pkcs8 DER format\n    // pkcs8 prefix for Ed25519: 0x302e020100300506032b657004220420\n    const pkcs8Prefix = Buffer.from([\n      0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,\n      0x04, 0x22, 0x04, 0x20,\n    ]);\n    const pkcs8Key = Buffer.concat([pkcs8Prefix, privateKey]);\n\n    keyObject = crypto.createPrivateKey({\n      key: pkcs8Key,\n      format: 'der',\n      type: 'pkcs8',\n    });\n  } else {\n    // Assume already DER-encoded pkcs8\n    keyObject = crypto.createPrivateKey({\n      key: privateKey,\n      format: 'der',\n      type: 'pkcs8',\n    });\n  }\n\n  const signature = crypto.sign(null, payload, keyObject);\n\n  if (signature.length !== 64) {\n    throw new Error('Ed25519 signature must be 64 bytes');\n  }\n\n  return signature;\n}\n\n/**\n * Verifies an Ed25519 signature on an AXIS frame.\n * Automatically handles both raw 32-byte public keys and spki DER-encoded public keys.\n *\n * @param {AxisFrame} frame - The frame containing the signature to verify\n * @param {Buffer} publicKey - Ed25519 public key (32-byte raw OR spki DER)\n * @returns {boolean} True if the signature is cryptographically valid\n * @throws {Error} If signature length is invalid\n */\nexport function verifyFrameSignature(\n  frame: AxisFrame,\n  publicKey: Buffer,\n): boolean {\n  if (frame.sig.length === 0) {\n    return false; // No signature\n  }\n\n  if (frame.sig.length !== 64) {\n    throw new Error('Ed25519 signature must be 64 bytes');\n  }\n\n  const payload = computeSignaturePayload(frame);\n\n  try {\n    let keyObject: crypto.KeyObject;\n\n    // Check if key is raw 32-byte or DER-encoded\n    if (publicKey.length === 32) {\n      // Raw key - wrap in spki DER format\n      // spki prefix for Ed25519: 0x302a300506032b6570032100\n      const spkiPrefix = Buffer.from([\n        0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,\n      ]);\n      const spkiKey = Buffer.concat([spkiPrefix, publicKey]);\n\n      keyObject = crypto.createPublicKey({\n        key: spkiKey,\n        format: 'der',\n        type: 'spki',\n      });\n    } else {\n      // Assume already DER-encoded spki\n      keyObject = crypto.createPublicKey({\n        key: publicKey,\n        format: 'der',\n        type: 'spki',\n      });\n    }\n\n    const valid = crypto.verify(\n      null,\n      payload,\n      keyObject,\n      Buffer.from(frame.sig),\n    );\n    return valid;\n  } catch (error) {\n    return false;\n  }\n}\n\n/**\n * Generates a new Ed25519 key pair for use with the AXIS protocol.\n * Returns keys in canonical DER format (pkcs8 for private, spki for public).\n *\n * @returns {Object} An object containing the privateKey and publicKey as Buffers\n */\nexport function generateEd25519KeyPair(): {\n  privateKey: Buffer;\n  publicKey: Buffer;\n} {\n  const { privateKey, publicKey } = crypto.generateKeyPairSync('ed25519');\n\n  return {\n    privateKey: privateKey.export({ type: 'pkcs8', format: 'der' }) as Buffer,\n    publicKey: publicKey.export({ type: 'spki', format: 'der' }) as Buffer,\n  };\n}\n\n/**\n * Computes a standard SHA-256 hash of the provided data.\n *\n * @param {Buffer | Uint8Array} data - The input data to hash\n * @returns {Buffer} The 32-byte SHA-256 digest\n */\nexport function sha256(data: Buffer | Uint8Array): Buffer {\n  return crypto.createHash('sha256').update(data).digest();\n}\n\n/**\n * Computes a hash for an AXIS receipt, optionally chaining it to a previous hash.\n * This is used for generating an immutable transaction chain.\n *\n * @param {Buffer | Uint8Array} receiptBytes - The canonical binary representation of the receipt\n * @param {Buffer | Uint8Array} [prevHash] - The hash of the previous receipt in the chain\n * @returns {Buffer} The 32-byte SHA-256 hash of the receipt (and link)\n */\nexport function computeReceiptHash(\n  receiptBytes: Buffer | Uint8Array,\n  prevHash?: Buffer | Uint8Array,\n): Buffer {\n  const hasher = crypto.createHash('sha256');\n  hasher.update(receiptBytes);\n\n  if (prevHash && prevHash.length > 0) {\n    hasher.update(prevHash);\n  }\n\n  return hasher.digest();\n}\n","export class AxisError extends Error {\n  constructor(\n    public code: string,\n    message: string,\n    public httpStatus: number = 400,\n    public details?: Record<string, any>,\n  ) {\n    super(message);\n    this.name = 'AxisError';\n  }\n}\n"],"mappings":";AAAA,cAAc;;;ACAd,YAAY,OAAO;AAGnB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AASA,IAAM,aAA6C,SAAO;AAAA;AAAA,EAE/D,OAAS,SAAO,EAAE,IAAI,EAAE,YAAY;AAAA;AAAA,EAEpC,SAAW;AAAA,IACP,SAAO;AAAA,IACP,SAAmB,CAAC,MAAM,aAAa,UAAU;AAAA,EACrD;AAAA;AAAA,EAEA,MAAQ,SAAmB,CAAC,MAAM,aAAa,UAAU;AAAA;AAAA,EAEzD,KAAO,SAAmB,CAAC,MAAM,aAAa,UAAU;AAC1D,CAAC;;;AC5BD,YAAY,YAAY;AAgBjB,SAAS,wBAAwB,OAA0B;AAChE,SAAO,OAAO,KAAK,cAAc,KAAK,CAAC;AACzC;AAWO,SAAS,UAAU,OAAkB,YAA4B;AACtE,QAAM,UAAU,wBAAwB,KAAK;AAE7C,MAAI;AAGJ,MAAI,WAAW,WAAW,IAAI;AAG5B,UAAM,cAAc,OAAO,KAAK;AAAA,MAC9B;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,MAClE;AAAA,MAAM;AAAA,MAAM;AAAA,MAAM;AAAA,IACpB,CAAC;AACD,UAAM,WAAW,OAAO,OAAO,CAAC,aAAa,UAAU,CAAC;AAExD,gBAAmB,wBAAiB;AAAA,MAClC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH,OAAO;AAEL,gBAAmB,wBAAiB;AAAA,MAClC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAEA,QAAM,YAAmB,YAAK,MAAM,SAAS,SAAS;AAEtD,MAAI,UAAU,WAAW,IAAI;AAC3B,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAEA,SAAO;AACT;AAWO,SAAS,qBACd,OACA,WACS;AACT,MAAI,MAAM,IAAI,WAAW,GAAG;AAC1B,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,IAAI,WAAW,IAAI;AAC3B,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAEA,QAAM,UAAU,wBAAwB,KAAK;AAE7C,MAAI;AACF,QAAI;AAGJ,QAAI,UAAU,WAAW,IAAI;AAG3B,YAAM,aAAa,OAAO,KAAK;AAAA,QAC7B;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,QAAM;AAAA,MACpE,CAAC;AACD,YAAM,UAAU,OAAO,OAAO,CAAC,YAAY,SAAS,CAAC;AAErD,kBAAmB,uBAAgB;AAAA,QACjC,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH,OAAO;AAEL,kBAAmB,uBAAgB;AAAA,QACjC,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,UAAM,QAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO,KAAK,MAAM,GAAG;AAAA,IACvB;AACA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF;AAQO,SAAS,yBAGd;AACA,QAAM,EAAE,YAAY,UAAU,IAAW,2BAAoB,SAAS;AAEtE,SAAO;AAAA,IACL,YAAY,WAAW,OAAO,EAAE,MAAM,SAAS,QAAQ,MAAM,CAAC;AAAA,IAC9D,WAAW,UAAU,OAAO,EAAE,MAAM,QAAQ,QAAQ,MAAM,CAAC;AAAA,EAC7D;AACF;AAQO,SAAS,OAAO,MAAmC;AACxD,SAAc,kBAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO;AACzD;AAUO,SAAS,mBACd,cACA,UACQ;AACR,QAAM,SAAgB,kBAAW,QAAQ;AACzC,SAAO,OAAO,YAAY;AAE1B,MAAI,YAAY,SAAS,SAAS,GAAG;AACnC,WAAO,OAAO,QAAQ;AAAA,EACxB;AAEA,SAAO,OAAO,OAAO;AACvB;;;AChLO,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnC,YACS,MACP,SACO,aAAqB,KACrB,SACP;AACA,UAAM,OAAO;AALN;AAEA;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;","names":[]}

package/dist/index-VxXqZPuH.d.mts

@@ -0,0 +1,51 @@
+import * as _nextera_one_axis_protocol from '@nextera.one/axis-protocol';
+import { AxisFrame } from '@nextera.one/axis-protocol';
+import * as z from 'zod';
+
+function _mergeNamespaces(n, m) {
+  m.forEach(function (e) {
+    e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
+      if (k !== 'default' && !(k in n)) {
+        var d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: function () { return e[k]; }
+        });
+      }
+    });
+  });
+  return Object.freeze(n);
+}
+
+declare const AxisFrameZ: z.ZodType<AxisFrame>;
+
+declare function computeSignaturePayload(frame: AxisFrame): Buffer;
+declare function signFrame(frame: AxisFrame, privateKey: Buffer): Buffer;
+declare function verifyFrameSignature(frame: AxisFrame, publicKey: Buffer): boolean;
+declare function generateEd25519KeyPair(): {
+    privateKey: Buffer;
+    publicKey: Buffer;
+};
+declare function sha256(data: Buffer | Uint8Array): Buffer;
+declare function computeReceiptHash(receiptBytes: Buffer | Uint8Array, prevHash?: Buffer | Uint8Array): Buffer;
+
+declare class AxisError extends Error {
+    code: string;
+    httpStatus: number;
+    details?: Record<string, any> | undefined;
+    constructor(code: string, message: string, httpStatus?: number, details?: Record<string, any> | undefined);
+}
+
+var index = /*#__PURE__*/_mergeNamespaces({
+  __proto__: null,
+  AxisError: AxisError,
+  AxisFrameZ: AxisFrameZ,
+  computeReceiptHash: computeReceiptHash,
+  computeSignaturePayload: computeSignaturePayload,
+  generateEd25519KeyPair: generateEd25519KeyPair,
+  sha256: sha256,
+  signFrame: signFrame,
+  verifyFrameSignature: verifyFrameSignature
+}, [_nextera_one_axis_protocol]);
+
+export { AxisError as A, AxisFrameZ as a, computeSignaturePayload as b, computeReceiptHash as c, signFrame as d, generateEd25519KeyPair as g, index as i, sha256 as s, verifyFrameSignature as v };

package/dist/index-VxXqZPuH.d.ts

@@ -0,0 +1,51 @@
+import * as _nextera_one_axis_protocol from '@nextera.one/axis-protocol';
+import { AxisFrame } from '@nextera.one/axis-protocol';
+import * as z from 'zod';
+
+function _mergeNamespaces(n, m) {
+  m.forEach(function (e) {
+    e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
+      if (k !== 'default' && !(k in n)) {
+        var d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: function () { return e[k]; }
+        });
+      }
+    });
+  });
+  return Object.freeze(n);
+}
+
+declare const AxisFrameZ: z.ZodType<AxisFrame>;
+
+declare function computeSignaturePayload(frame: AxisFrame): Buffer;
+declare function signFrame(frame: AxisFrame, privateKey: Buffer): Buffer;
+declare function verifyFrameSignature(frame: AxisFrame, publicKey: Buffer): boolean;
+declare function generateEd25519KeyPair(): {
+    privateKey: Buffer;
+    publicKey: Buffer;
+};
+declare function sha256(data: Buffer | Uint8Array): Buffer;
+declare function computeReceiptHash(receiptBytes: Buffer | Uint8Array, prevHash?: Buffer | Uint8Array): Buffer;
+
+declare class AxisError extends Error {
+    code: string;
+    httpStatus: number;
+    details?: Record<string, any> | undefined;
+    constructor(code: string, message: string, httpStatus?: number, details?: Record<string, any> | undefined);
+}
+
+var index = /*#__PURE__*/_mergeNamespaces({
+  __proto__: null,
+  AxisError: AxisError,
+  AxisFrameZ: AxisFrameZ,
+  computeReceiptHash: computeReceiptHash,
+  computeSignaturePayload: computeSignaturePayload,
+  generateEd25519KeyPair: generateEd25519KeyPair,
+  sha256: sha256,
+  signFrame: signFrame,
+  verifyFrameSignature: verifyFrameSignature
+}, [_nextera_one_axis_protocol]);
+
+export { AxisError as A, AxisFrameZ as a, computeSignaturePayload as b, computeReceiptHash as c, signFrame as d, generateEd25519KeyPair as g, index as i, sha256 as s, verifyFrameSignature as v };