@nextera.one/tps-standard 0.4.3 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/README.md +268 -49
  2. package/dist/index.d.ts +366 -2
  3. package/dist/index.js +724 -1
  4. package/dist/src/index.js +693 -0
  5. package/dist/test/src/index.js +960 -0
  6. package/dist/test/test/persian-calendar.test.js +488 -0
  7. package/dist/test/test/tps-uid.test.js +295 -0
  8. package/dist/test/tps-uid.test.js +240 -0
  9. package/package.json +3 -2
  10. package/src/index.ts +1031 -2
package/dist/index.js CHANGED
@@ -8,7 +8,7 @@
8
8
  * @copyright 2026 TPS Standards Working Group
9
9
  */
10
10
  Object.defineProperty(exports, "__esModule", { value: true });
11
- exports.TPS = void 0;
11
+ exports.TPSUID7RB = exports.TPS = void 0;
12
12
  class TPS {
13
13
  /**
14
14
  * Registers a calendar driver plugin.
@@ -172,6 +172,98 @@ class TPS {
172
172
  }
173
173
  return null;
174
174
  }
175
+ // --- DRIVER CONVENIENCE METHODS ---
176
+ /**
177
+ * Parse a calendar-specific date string into TPS components.
178
+ * Requires the driver to implement the optional `parseDate` method.
179
+ *
180
+ * @param calendar - The calendar code (e.g., 'hij')
181
+ * @param dateString - Date string in calendar-native format (e.g., '1447-07-21')
182
+ * @param format - Optional format string (driver-specific)
183
+ * @returns TPS components or null if parsing fails
184
+ *
185
+ * @example
186
+ * ```ts
187
+ * const components = TPS.parseCalendarDate('hij', '1447-07-21');
188
+ * // { calendar: 'hij', year: 1447, month: 7, day: 21 }
189
+ *
190
+ * const uri = TPS.toURI({ ...components, latitude: 31.95, longitude: 35.91 });
191
+ * // "tps://31.95,35.91@T:hij.y1447.M07.d21"
192
+ * ```
193
+ */
194
+ static parseCalendarDate(calendar, dateString, format) {
195
+ const driver = this.drivers.get(calendar);
196
+ if (!driver) {
197
+ throw new Error(`Calendar driver '${calendar}' not found. Register a driver first.`);
198
+ }
199
+ if (!driver.parseDate) {
200
+ throw new Error(`Driver '${calendar}' does not implement parseDate(). Use fromGregorian() instead.`);
201
+ }
202
+ return driver.parseDate(dateString, format);
203
+ }
204
+ /**
205
+ * Convert a calendar-specific date string directly to a TPS URI.
206
+ * This is a convenience method that combines parseDate + toURI.
207
+ *
208
+ * @param calendar - The calendar code (e.g., 'hij')
209
+ * @param dateString - Date string in calendar-native format
210
+ * @param location - Optional location (lat/lon/alt or privacy flag)
211
+ * @returns Full TPS URI string
212
+ *
213
+ * @example
214
+ * ```ts
215
+ * // With coordinates
216
+ * TPS.fromCalendarDate('hij', '1447-07-21', { latitude: 31.95, longitude: 35.91 });
217
+ * // "tps://31.95,35.91@T:hij.y1447.M07.d21"
218
+ *
219
+ * // With privacy flag
220
+ * TPS.fromCalendarDate('hij', '1447-07-21', { isHiddenLocation: true });
221
+ * // "tps://hidden@T:hij.y1447.M07.d21"
222
+ *
223
+ * // Without location
224
+ * TPS.fromCalendarDate('hij', '1447-07-21');
225
+ * // "tps://unknown@T:hij.y1447.M07.d21"
226
+ * ```
227
+ */
228
+ static fromCalendarDate(calendar, dateString, location) {
229
+ const components = this.parseCalendarDate(calendar, dateString);
230
+ if (!components) {
231
+ throw new Error(`Failed to parse date string: ${dateString}`);
232
+ }
233
+ // Merge with location
234
+ const fullComponents = {
235
+ calendar,
236
+ ...components,
237
+ ...location,
238
+ };
239
+ return this.toURI(fullComponents);
240
+ }
241
+ /**
242
+ * Format TPS components to a calendar-specific date string.
243
+ * Requires the driver to implement the optional `format` method.
244
+ *
245
+ * @param calendar - The calendar code
246
+ * @param components - TPS components to format
247
+ * @param format - Optional format string (driver-specific)
248
+ * @returns Formatted date string in calendar-native format
249
+ *
250
+ * @example
251
+ * ```ts
252
+ * const tps = TPS.parse('tps://unknown@T:hij.y1447.M07.d21');
253
+ * const formatted = TPS.formatCalendarDate('hij', tps);
254
+ * // "1447-07-21"
255
+ * ```
256
+ */
257
+ static formatCalendarDate(calendar, components, format) {
258
+ const driver = this.drivers.get(calendar);
259
+ if (!driver) {
260
+ throw new Error(`Calendar driver '${calendar}' not found.`);
261
+ }
262
+ if (!driver.format) {
263
+ throw new Error(`Driver '${calendar}' does not implement format().`);
264
+ }
265
+ return driver.format(components, format);
266
+ }
175
267
  // --- INTERNAL HELPERS ---
176
268
  static _mapGroupsToComponents(g) {
177
269
  const components = {};
@@ -240,3 +332,634 @@ TPS.drivers = new Map();
240
332
  // --- REGEX ---
241
333
  TPS.REGEX_URI = new RegExp('^tps://(?<space>unknown|redacted|hidden|(?<lat>-?\\d+(?:\\.\\d+)?),(?<lon>-?\\d+(?:\\.\\d+)?)(?:,(?<alt>-?\\d+(?:\\.\\d+)?)m?)?)@T:(?<calendar>[a-z]{3,4})\\.(?:(?<unix>s\\d+(?:\\.\\d+)?)|m(?<millennium>-?\\d+)(?:\\.c(?<century>\\d+)(?:\\.y(?<year>\\d+)(?:\\.M(?<month>\\d{1,2})(?:\\.d(?<day>\\d{1,2})(?:\\.h(?<hour>\\d{1,2})(?:\\.n(?<minute>\\d{1,2})(?:\\.s(?<second>\\d{1,2}(?:\\.\\d+)?))?)?)?)?)?)?)?)?(?:;(?<extensions>[a-z0-9\\.\\-\\_]+))?$');
242
334
  TPS.REGEX_TIME = new RegExp('^T:(?<calendar>[a-z]{3,4})\\.(?:(?<unix>s\\d+(?:\\.\\d+)?)|m(?<millennium>-?\\d+)(?:\\.c(?<century>\\d+)(?:\\.y(?<year>\\d+)(?:\\.M(?<month>\\d{1,2})(?:\\.d(?<day>\\d{1,2})(?:\\.h(?<hour>\\d{1,2})(?:\\.n(?<minute>\\d{1,2})(?:\\.s(?<second>\\d{1,2}(?:\\.\\d+)?))?)?)?)?)?)?)?)?$');
335
+ /**
336
+ * TPS-UID v1 — Temporal Positioning System Identifier (Binary Reversible)
337
+ *
338
+ * A time-first, reversible identifier that binds an event to a TPS coordinate.
339
+ * Unlike UUIDs, TPS-UID identifies events in spacetime and allows exact
340
+ * reconstruction of the original TPS string.
341
+ *
342
+ * Binary Schema (all integers big-endian):
343
+ * ```
344
+ * MAGIC 4 bytes "TPU7"
345
+ * VER 1 byte 0x01
346
+ * FLAGS 1 byte bit0 = compression flag
347
+ * TIME 6 bytes epoch_ms (48-bit unsigned)
348
+ * NONCE 4 bytes 32-bit random
349
+ * LEN varint length of TPS payload
350
+ * TPS bytes UTF-8 TPS string (raw or zlib-compressed)
351
+ * ```
352
+ *
353
+ * @example
354
+ * ```ts
355
+ * const tps = 'tps://31.95,35.91@T:greg.m3.c1.y26.M01.d09';
356
+ *
357
+ * // Encode to binary
358
+ * const bytes = TPSUID7RB.encodeBinary(tps);
359
+ *
360
+ * // Encode to base64url string
361
+ * const id = TPSUID7RB.encodeBinaryB64(tps);
362
+ * // → "tpsuid7rb_AFRQV..."
363
+ *
364
+ * // Decode back to original TPS
365
+ * const decoded = TPSUID7RB.decodeBinaryB64(id);
366
+ * console.log(decoded.tps); // exact original TPS
367
+ * ```
368
+ */
369
+ class TPSUID7RB {
370
+ // ---------------------------
371
+ // Public API
372
+ // ---------------------------
373
+ /**
374
+ * Encode TPS string to binary bytes (Uint8Array).
375
+ * This is the canonical form for hashing, signing, and storage.
376
+ *
377
+ * @param tps - The TPS string to encode
378
+ * @param opts - Encoding options (compress, epochMs override)
379
+ * @returns Binary TPS-UID as Uint8Array
380
+ */
381
+ static encodeBinary(tps, opts) {
382
+ const compress = opts?.compress ?? false;
383
+ const epochMs = opts?.epochMs ?? this.epochMsFromTPSString(tps);
384
+ if (!Number.isInteger(epochMs) || epochMs < 0) {
385
+ throw new Error('epochMs must be a non-negative integer');
386
+ }
387
+ if (epochMs > 0xffffffffffff) {
388
+ throw new Error('epochMs exceeds 48-bit range');
389
+ }
390
+ const flags = compress ? 0x01 : 0x00;
391
+ // Generate 32-bit nonce
392
+ const nonceBuf = this.randomBytes(4);
393
+ const nonce = ((nonceBuf[0] << 24) >>> 0) +
394
+ ((nonceBuf[1] << 16) >>> 0) +
395
+ ((nonceBuf[2] << 8) >>> 0) +
396
+ nonceBuf[3];
397
+ // Encode TPS to UTF-8
398
+ const tpsUtf8 = new TextEncoder().encode(tps);
399
+ // Optionally compress
400
+ const payload = compress ? this.deflateRaw(tpsUtf8) : tpsUtf8;
401
+ // Encode length as varint
402
+ const lenVar = this.uvarintEncode(payload.length);
403
+ // Construct binary structure
404
+ const out = new Uint8Array(4 + 1 + 1 + 6 + 4 + lenVar.length + payload.length);
405
+ let offset = 0;
406
+ // MAGIC
407
+ out.set(this.MAGIC, offset);
408
+ offset += 4;
409
+ // VER
410
+ out[offset++] = this.VER;
411
+ // FLAGS
412
+ out[offset++] = flags;
413
+ // TIME (48-bit big-endian)
414
+ const timeBytes = this.writeU48(epochMs);
415
+ out.set(timeBytes, offset);
416
+ offset += 6;
417
+ // NONCE (32-bit big-endian)
418
+ out.set(nonceBuf, offset);
419
+ offset += 4;
420
+ // LEN (varint)
421
+ out.set(lenVar, offset);
422
+ offset += lenVar.length;
423
+ // TPS payload
424
+ out.set(payload, offset);
425
+ return out;
426
+ }
427
+ /**
428
+ * Decode binary bytes back to original TPS string.
429
+ *
430
+ * @param bytes - Binary TPS-UID
431
+ * @returns Decoded result with original TPS string
432
+ */
433
+ static decodeBinary(bytes) {
434
+ // Header min size: 4+1+1+6+4 + 1 (at least 1 byte varint) = 17
435
+ if (bytes.length < 17) {
436
+ throw new Error('TPSUID7RB: too short');
437
+ }
438
+ // MAGIC
439
+ if (bytes[0] !== 0x54 ||
440
+ bytes[1] !== 0x50 ||
441
+ bytes[2] !== 0x55 ||
442
+ bytes[3] !== 0x37) {
443
+ throw new Error('TPSUID7RB: bad magic');
444
+ }
445
+ // VERSION
446
+ const ver = bytes[4];
447
+ if (ver !== this.VER) {
448
+ throw new Error(`TPSUID7RB: unsupported version ${ver}`);
449
+ }
450
+ // FLAGS
451
+ const flags = bytes[5];
452
+ const compressed = (flags & 0x01) === 0x01;
453
+ // TIME (48-bit big-endian)
454
+ const epochMs = this.readU48(bytes, 6);
455
+ // NONCE (32-bit big-endian)
456
+ const nonce = ((bytes[12] << 24) >>> 0) +
457
+ ((bytes[13] << 16) >>> 0) +
458
+ ((bytes[14] << 8) >>> 0) +
459
+ bytes[15];
460
+ // LEN (varint at offset 16)
461
+ let offset = 16;
462
+ const { value: tpsLen, bytesRead } = this.uvarintDecode(bytes, offset);
463
+ offset += bytesRead;
464
+ if (offset + tpsLen > bytes.length) {
465
+ throw new Error('TPSUID7RB: length overflow');
466
+ }
467
+ // TPS payload
468
+ const payload = bytes.slice(offset, offset + tpsLen);
469
+ const tpsUtf8 = compressed ? this.inflateRaw(payload) : payload;
470
+ const tps = new TextDecoder().decode(tpsUtf8);
471
+ return { version: 'tpsuid7rb', epochMs, compressed, nonce, tps };
472
+ }
473
+ /**
474
+ * Encode TPS to base64url string with prefix.
475
+ * This is the transport/storage form.
476
+ *
477
+ * @param tps - The TPS string to encode
478
+ * @param opts - Encoding options
479
+ * @returns Base64url encoded TPS-UID with prefix
480
+ */
481
+ static encodeBinaryB64(tps, opts) {
482
+ const bytes = this.encodeBinary(tps, opts);
483
+ return `${this.PREFIX}${this.base64UrlEncode(bytes)}`;
484
+ }
485
+ /**
486
+ * Decode base64url string back to original TPS string.
487
+ *
488
+ * @param id - Base64url encoded TPS-UID with prefix
489
+ * @returns Decoded result with original TPS string
490
+ */
491
+ static decodeBinaryB64(id) {
492
+ const s = id.trim();
493
+ if (!s.startsWith(this.PREFIX)) {
494
+ throw new Error('TPSUID7RB: missing prefix');
495
+ }
496
+ const b64 = s.slice(this.PREFIX.length);
497
+ const bytes = this.base64UrlDecode(b64);
498
+ return this.decodeBinary(bytes);
499
+ }
500
+ /**
501
+ * Validate base64url encoded TPS-UID format.
502
+ * Note: This validates shape only; binary decode is authoritative.
503
+ *
504
+ * @param id - String to validate
505
+ * @returns true if format is valid
506
+ */
507
+ static validateBinaryB64(id) {
508
+ return this.REGEX.test(id.trim());
509
+ }
510
+ /**
511
+ * Generate a TPS-UID from the current time and optional location.
512
+ *
513
+ * @param opts - Generation options
514
+ * @returns Base64url encoded TPS-UID
515
+ */
516
+ static generate(opts) {
517
+ const now = new Date();
518
+ const tps = this.generateTPSString(now, opts);
519
+ return this.encodeBinaryB64(tps, {
520
+ compress: opts?.compress,
521
+ epochMs: now.getTime(),
522
+ });
523
+ }
524
+ // ---------------------------
525
+ // TPS String Helpers
526
+ // ---------------------------
527
+ /**
528
+ * Generate a TPS string from a Date and optional location.
529
+ */
530
+ static generateTPSString(date, opts) {
531
+ const fullYear = date.getUTCFullYear();
532
+ const m = Math.floor(fullYear / 1000) + 1;
533
+ const c = Math.floor((fullYear % 1000) / 100) + 1;
534
+ const y = fullYear % 100;
535
+ const M = date.getUTCMonth() + 1;
536
+ const d = date.getUTCDate();
537
+ const h = date.getUTCHours();
538
+ const n = date.getUTCMinutes();
539
+ const s = date.getUTCSeconds();
540
+ const pad = (num) => num.toString().padStart(2, '0');
541
+ const timePart = `T:greg.m${m}.c${c}.y${y}.M${pad(M)}.d${pad(d)}.h${pad(h)}.n${pad(n)}.s${pad(s)}`;
542
+ let spacePart = 'unknown';
543
+ if (opts?.latitude !== undefined && opts?.longitude !== undefined) {
544
+ spacePart = `${opts.latitude},${opts.longitude}`;
545
+ if (opts.altitude !== undefined) {
546
+ spacePart += `,${opts.altitude}m`;
547
+ }
548
+ }
549
+ return `tps://${spacePart}@${timePart}`;
550
+ }
551
+ /**
552
+ * Parse epoch milliseconds from a TPS string.
553
+ * Supports both URI format (tps://...) and time-only format (T:greg...)
554
+ */
555
+ static epochMsFromTPSString(tps) {
556
+ let time;
557
+ if (tps.includes('@')) {
558
+ // URI format: tps://...@T:greg...
559
+ const at = tps.indexOf('@');
560
+ time = tps.slice(at + 1).trim();
561
+ }
562
+ else if (tps.startsWith('T:')) {
563
+ // Time-only format
564
+ time = tps;
565
+ }
566
+ else {
567
+ throw new Error('TPS: unrecognized format');
568
+ }
569
+ if (!time.startsWith('T:greg.')) {
570
+ throw new Error('TPS: only T:greg.* parsing is supported');
571
+ }
572
+ // Extract m (millennium), c (century), y (year)
573
+ const mMatch = time.match(/\.m(-?\d+)/);
574
+ const cMatch = time.match(/\.c(\d+)/);
575
+ const yMatch = time.match(/\.y(\d{1,4})/);
576
+ const MMatch = time.match(/\.M(\d{1,2})/);
577
+ const dMatch = time.match(/\.d(\d{1,2})/);
578
+ const hMatch = time.match(/\.h(\d{1,2})/);
579
+ const nMatch = time.match(/\.n(\d{1,2})/);
580
+ const sMatch = time.match(/\.s(\d{1,2})/);
581
+ // Calculate full year from millennium, century, year
582
+ let fullYear;
583
+ if (mMatch && cMatch && yMatch) {
584
+ const millennium = parseInt(mMatch[1], 10);
585
+ const century = parseInt(cMatch[1], 10);
586
+ const year = parseInt(yMatch[1], 10);
587
+ fullYear = (millennium - 1) * 1000 + (century - 1) * 100 + year;
588
+ }
589
+ else if (yMatch) {
590
+ // Fallback: interpret y as 2-digit year
591
+ let year = parseInt(yMatch[1], 10);
592
+ if (year < 100) {
593
+ year = year <= 69 ? 2000 + year : 1900 + year;
594
+ }
595
+ fullYear = year;
596
+ }
597
+ else {
598
+ throw new Error('TPS: missing year component');
599
+ }
600
+ const month = MMatch ? parseInt(MMatch[1], 10) : 1;
601
+ const day = dMatch ? parseInt(dMatch[1], 10) : 1;
602
+ const hour = hMatch ? parseInt(hMatch[1], 10) : 0;
603
+ const minute = nMatch ? parseInt(nMatch[1], 10) : 0;
604
+ const second = sMatch ? parseInt(sMatch[1], 10) : 0;
605
+ const epoch = Date.UTC(fullYear, month - 1, day, hour, minute, second);
606
+ if (!Number.isFinite(epoch)) {
607
+ throw new Error('TPS: failed to compute epochMs');
608
+ }
609
+ return epoch;
610
+ }
611
+ // ---------------------------
612
+ // Binary Helpers
613
+ // ---------------------------
614
+ /** Write 48-bit unsigned integer (big-endian) */
615
+ static writeU48(epochMs) {
616
+ const b = new Uint8Array(6);
617
+ // Use BigInt for proper 48-bit handling
618
+ const v = BigInt(epochMs);
619
+ b[0] = Number((v >> 40n) & 0xffn);
620
+ b[1] = Number((v >> 32n) & 0xffn);
621
+ b[2] = Number((v >> 24n) & 0xffn);
622
+ b[3] = Number((v >> 16n) & 0xffn);
623
+ b[4] = Number((v >> 8n) & 0xffn);
624
+ b[5] = Number(v & 0xffn);
625
+ return b;
626
+ }
627
+ /** Read 48-bit unsigned integer (big-endian) */
628
+ static readU48(bytes, offset) {
629
+ const v = (BigInt(bytes[offset]) << 40n) +
630
+ (BigInt(bytes[offset + 1]) << 32n) +
631
+ (BigInt(bytes[offset + 2]) << 24n) +
632
+ (BigInt(bytes[offset + 3]) << 16n) +
633
+ (BigInt(bytes[offset + 4]) << 8n) +
634
+ BigInt(bytes[offset + 5]);
635
+ const n = Number(v);
636
+ if (!Number.isSafeInteger(n)) {
637
+ throw new Error('TPSUID7RB: u48 not safe integer');
638
+ }
639
+ return n;
640
+ }
641
+ /** Encode unsigned integer as LEB128 varint */
642
+ static uvarintEncode(n) {
643
+ if (!Number.isInteger(n) || n < 0) {
644
+ throw new Error('uvarint must be non-negative int');
645
+ }
646
+ const out = [];
647
+ let x = n >>> 0;
648
+ while (x >= 0x80) {
649
+ out.push((x & 0x7f) | 0x80);
650
+ x >>>= 7;
651
+ }
652
+ out.push(x);
653
+ return new Uint8Array(out);
654
+ }
655
+ /** Decode LEB128 varint */
656
+ static uvarintDecode(bytes, offset) {
657
+ let x = 0;
658
+ let s = 0;
659
+ let i = 0;
660
+ while (true) {
661
+ if (offset + i >= bytes.length) {
662
+ throw new Error('uvarint overflow');
663
+ }
664
+ const b = bytes[offset + i];
665
+ if (b < 0x80) {
666
+ if (i > 9 || (i === 9 && b > 1)) {
667
+ throw new Error('uvarint too large');
668
+ }
669
+ x |= b << s;
670
+ return { value: x >>> 0, bytesRead: i + 1 };
671
+ }
672
+ x |= (b & 0x7f) << s;
673
+ s += 7;
674
+ i++;
675
+ if (i > 10) {
676
+ throw new Error('uvarint too long');
677
+ }
678
+ }
679
+ }
680
+ // ---------------------------
681
+ // Base64url Helpers
682
+ // ---------------------------
683
+ /** Encode bytes to base64url (no padding) */
684
+ static base64UrlEncode(bytes) {
685
+ // Node.js environment
686
+ if (typeof Buffer !== 'undefined') {
687
+ return Buffer.from(bytes)
688
+ .toString('base64')
689
+ .replace(/\+/g, '-')
690
+ .replace(/\//g, '_')
691
+ .replace(/=+$/g, '');
692
+ }
693
+ // Browser environment
694
+ let binary = '';
695
+ for (let i = 0; i < bytes.length; i++) {
696
+ binary += String.fromCharCode(bytes[i]);
697
+ }
698
+ return btoa(binary)
699
+ .replace(/\+/g, '-')
700
+ .replace(/\//g, '_')
701
+ .replace(/=+$/g, '');
702
+ }
703
+ /** Decode base64url to bytes */
704
+ static base64UrlDecode(b64url) {
705
+ // Add padding
706
+ const padLen = (4 - (b64url.length % 4)) % 4;
707
+ const b64 = (b64url + '='.repeat(padLen))
708
+ .replace(/-/g, '+')
709
+ .replace(/_/g, '/');
710
+ // Node.js environment
711
+ if (typeof Buffer !== 'undefined') {
712
+ return new Uint8Array(Buffer.from(b64, 'base64'));
713
+ }
714
+ // Browser environment
715
+ const binary = atob(b64);
716
+ const bytes = new Uint8Array(binary.length);
717
+ for (let i = 0; i < binary.length; i++) {
718
+ bytes[i] = binary.charCodeAt(i);
719
+ }
720
+ return bytes;
721
+ }
722
+ // ---------------------------
723
+ // Compression Helpers
724
+ // ---------------------------
725
+ /** Compress using zlib deflate raw */
726
+ static deflateRaw(data) {
727
+ // Node.js environment
728
+ if (typeof require !== 'undefined') {
729
+ try {
730
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
731
+ const zlib = require('zlib');
732
+ return new Uint8Array(zlib.deflateRawSync(Buffer.from(data)));
733
+ }
734
+ catch {
735
+ throw new Error('TPSUID7RB: compression not available');
736
+ }
737
+ }
738
+ // Browser: would need pako or similar library
739
+ throw new Error('TPSUID7RB: compression not available in browser');
740
+ }
741
+ /** Decompress using zlib inflate raw */
742
+ static inflateRaw(data) {
743
+ // Node.js environment
744
+ if (typeof require !== 'undefined') {
745
+ try {
746
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
747
+ const zlib = require('zlib');
748
+ return new Uint8Array(zlib.inflateRawSync(Buffer.from(data)));
749
+ }
750
+ catch {
751
+ throw new Error('TPSUID7RB: decompression failed');
752
+ }
753
+ }
754
+ // Browser: would need pako or similar library
755
+ throw new Error('TPSUID7RB: decompression not available in browser');
756
+ }
757
+ // ---------------------------
758
+ // Cryptographic Sealing (Ed25519)
759
+ // ---------------------------
760
+ /**
761
+ * Seal (sign) a TPS string to create a cryptographically verifiable TPS-UID.
762
+ * This appends an Ed25519 signature to the binary form.
763
+ *
764
+ * @param tps - The TPS string to seal
765
+ * @param privateKey - Ed25519 private key (hex or buffer)
766
+ * @param opts - Encoding options
767
+ * @returns Sealed binary TPS-UID
768
+ */
769
+ static seal(tps, privateKey, opts) {
770
+ // 1. Create standard binary (unsealed first)
771
+ // We force the SEAL flag (bit 1) to be 0 initially for the "content to sign"
772
+ // But wait, we want the signature to cover the header too.
773
+ // Strategy: Construct the full binary with SEAL flag OFF, sign it, then set SEAL flag ON and append sig.
774
+ // Actually, the standard way is:
775
+ // Content = MAGIC + VER + FLAGS(with seal bit set) + TIME + NONCE + LEN + PAYLOAD
776
+ // Signature = Sign(Content)
777
+ // Final = Content + SEAL_TYPE + SIGNATURE
778
+ const compress = opts?.compress ?? false;
779
+ const epochMs = opts?.epochMs ?? this.epochMsFromTPSString(tps);
780
+ // Validate epoch
781
+ if (!Number.isInteger(epochMs) || epochMs < 0 || epochMs > 0xffffffffffff) {
782
+ throw new Error('epochMs must be a valid 48-bit non-negative integer');
783
+ }
784
+ // Flags: Bit 0 = compress, Bit 1 = sealed
785
+ const flags = (compress ? 0x01 : 0x00) | 0x02; // Set SEAL bit
786
+ // Generate Nonce
787
+ const nonceBuf = this.randomBytes(4);
788
+ // Encode Payload
789
+ const tpsUtf8 = new TextEncoder().encode(tps);
790
+ const payload = compress ? this.deflateRaw(tpsUtf8) : tpsUtf8;
791
+ const lenVar = this.uvarintEncode(payload.length);
792
+ // Construct Content (Header + Payload)
793
+ const contentLen = 4 + 1 + 1 + 6 + 4 + lenVar.length + payload.length;
794
+ const content = new Uint8Array(contentLen);
795
+ let offset = 0;
796
+ content.set(this.MAGIC, offset);
797
+ offset += 4;
798
+ content[offset++] = this.VER;
799
+ content[offset++] = flags;
800
+ content.set(this.writeU48(epochMs), offset);
801
+ offset += 6;
802
+ content.set(nonceBuf, offset);
803
+ offset += 4;
804
+ content.set(lenVar, offset);
805
+ offset += lenVar.length;
806
+ content.set(payload, offset);
807
+ // Sign the content
808
+ const signature = this.signEd25519(content, privateKey);
809
+ const sealType = 0x01; // Ed25519
810
+ // Final Output: Content + SealType (1) + Signature (64)
811
+ const final = new Uint8Array(contentLen + 1 + signature.length);
812
+ final.set(content, 0);
813
+ final.set([sealType], contentLen);
814
+ final.set(signature, contentLen + 1);
815
+ return final;
816
+ }
817
+ /**
818
+ * Verify a sealed TPS-UID and decode it.
819
+ * Throws if signature is invalid or not sealed.
820
+ *
821
+ * @param sealedBytes - The binary sealed TPS-UID
822
+ * @param publicKey - Ed25519 public key (hex or buffer) to verify against
823
+ * @returns Decoded result
824
+ */
825
+ static verifyAndDecode(sealedBytes, publicKey) {
826
+ if (sealedBytes.length < 18)
827
+ throw new Error('TPSUID7RB: too short');
828
+ // Check Magic
829
+ if (sealedBytes[0] !== 0x54 ||
830
+ sealedBytes[1] !== 0x50 ||
831
+ sealedBytes[2] !== 0x55 ||
832
+ sealedBytes[3] !== 0x37) {
833
+ throw new Error('TPSUID7RB: bad magic');
834
+ }
835
+ // Check Flags for Sealed Bit (bit 1)
836
+ const flags = sealedBytes[5];
837
+ if ((flags & 0x02) === 0) {
838
+ throw new Error('TPSUID7RB: not a sealed UID');
839
+ }
840
+ // 1. Parse the structure to find where content ends
841
+ // We need to parse LEN and Payload to find the split point
842
+ let offset = 16; // Start of LEN
843
+ // Decode LEN
844
+ const { value: tpsLen, bytesRead } = this.uvarintDecode(sealedBytes, offset);
845
+ offset += bytesRead;
846
+ const payloadEnd = offset + tpsLen;
847
+ if (payloadEnd > sealedBytes.length) {
848
+ throw new Error('TPSUID7RB: length overflow (truncated)');
849
+ }
850
+ // The Content to verify matches exactly [0 ... payloadEnd]
851
+ const content = sealedBytes.slice(0, payloadEnd);
852
+ // After content: SealType (1 byte) + Signature
853
+ if (sealedBytes.length <= payloadEnd + 1) {
854
+ throw new Error('TPSUID7RB: missing signature data');
855
+ }
856
+ const sealType = sealedBytes[payloadEnd];
857
+ if (sealType !== 0x01) {
858
+ throw new Error(`TPSUID7RB: unsupported seal type 0x${sealType.toString(16)}`);
859
+ }
860
+ const signature = sealedBytes.slice(payloadEnd + 1);
861
+ if (signature.length !== 64) {
862
+ throw new Error(`TPSUID7RB: invalid Ed25519 signature length ${signature.length}`);
863
+ }
864
+ // Verify
865
+ const isValid = this.verifyEd25519(content, signature, publicKey);
866
+ if (!isValid) {
867
+ throw new Error('TPSUID7RB: signature verification failed');
868
+ }
869
+ // Decode (reuse standard logic, but ignoring the extra bytes at end is fine?)
870
+ // Actually standard logic doesn't expect trailing bytes unless we tell it to.
871
+ // But since we verified, we can just slice the content and decode that as a strict binary
872
+ // EXCEPT standard decodeBinary checks strict length.
873
+ // So we manually decode the components here to be safe and efficient.
874
+ return this.decodeBinary(content); // Reuse strict decoder on the content part
875
+ }
876
+ // --- Crypto Implementation (Ed25519) ---
877
+ static signEd25519(data, privateKey) {
878
+ if (typeof require !== 'undefined') {
879
+ try {
880
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
881
+ const crypto = require('crypto');
882
+ // Node's crypto.sign uses PEM or KeyObject, but for raw Ed25519 keys we might need 'crypto.sign(null, data, key)'
883
+ // or ensure key is properly formatted.
884
+ // For simplicity in Node 20+, crypto.sign(null, data, privateKey) works if key is KeyObject.
885
+ // If raw bytes: establish KeyObject.
886
+ let keyObj;
887
+ if (Buffer.isBuffer(privateKey) || privateKey instanceof Uint8Array) {
888
+ // Assuming raw 64-byte private key (or 32-byte seed properly expanded by crypto)
889
+ // Node < 16 is tricky with raw keys.
890
+ // Let's assume standard Ed25519 standard implementation pattern logic:
891
+ keyObj = crypto.createPrivateKey({
892
+ key: Buffer.from(privateKey),
893
+ format: 'der', // or 'pem' - strict.
894
+ type: 'pkcs8'
895
+ });
896
+ // Actually, simpler: construct key object from raw bytes if possible?
897
+ // Node's crypto is strict. Let's try the simplest:
898
+ // If hex string provided, convert to buffer.
899
+ }
900
+ // Simpler fallback: If user passed a PEM string, great.
901
+ // If they passed raw bytes, we might need 'ed25519' key type.
902
+ // For this implementation, let's target Node's high-level sign/verify
903
+ // and assume the user provides a VALID key object or compatible format (PEM/DER).
904
+ // Handling RAW Ed25519 keys in Node requires specific 'crypto.createPrivateKey' with 'raw' format (Node 11.6+).
905
+ const key = typeof privateKey === 'string' && !privateKey.includes('PRIVATE KEY')
906
+ ? crypto.createPrivateKey({ key: Buffer.from(privateKey, 'hex'), format: 'pem', type: 'pkcs8' }) // Fallback guess
907
+ : privateKey;
908
+ // Note: Raw Ed25519 key support in Node.js 'crypto' acts via 'generateKeyPair' or KeyObject.
909
+ // Direct raw signing is via crypto.sign(null, data, key).
910
+ return new Uint8Array(crypto.sign(null, data, key));
911
+ }
912
+ catch (e) {
913
+ // If standard crypto fails (e.g. key format issue), throw
914
+ throw new Error('TPSUID7RB: signing failed (check key format)');
915
+ }
916
+ }
917
+ throw new Error('TPSUID7RB: signing not available in browser');
918
+ }
919
+ static verifyEd25519(data, signature, publicKey) {
920
+ if (typeof require !== 'undefined') {
921
+ try {
922
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
923
+ const crypto = require('crypto');
924
+ return crypto.verify(null, data, publicKey, signature);
925
+ }
926
+ catch {
927
+ return false;
928
+ }
929
+ }
930
+ throw new Error('TPSUID7RB: verification not available in browser');
931
+ }
932
+ // ---------------------------
933
+ // Random Bytes
934
+ // ---------------------------
935
+ /** Generate cryptographically secure random bytes */
936
+ static randomBytes(length) {
937
+ // Node.js environment
938
+ if (typeof require !== 'undefined') {
939
+ try {
940
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
941
+ const crypto = require('crypto');
942
+ return new Uint8Array(crypto.randomBytes(length));
943
+ }
944
+ catch {
945
+ // Fallback to crypto.getRandomValues
946
+ }
947
+ }
948
+ // Browser or fallback
949
+ if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
950
+ const bytes = new Uint8Array(length);
951
+ crypto.getRandomValues(bytes);
952
+ return bytes;
953
+ }
954
+ throw new Error('TPSUID7RB: no crypto available');
955
+ }
956
+ }
957
+ exports.TPSUID7RB = TPSUID7RB;
958
+ /** Magic bytes: "TPU7" */
959
+ TPSUID7RB.MAGIC = new Uint8Array([0x54, 0x50, 0x55, 0x37]);
960
+ /** Version 1 */
961
+ TPSUID7RB.VER = 0x01;
962
+ /** String prefix for base64url encoded form */
963
+ TPSUID7RB.PREFIX = 'tpsuid7rb_';
964
+ /** Regex for validating base64url encoded form */
965
+ TPSUID7RB.REGEX = /^tpsuid7rb_[A-Za-z0-9_-]+$/;