@nextera.one/tps-standard 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/LICENSE +192 -0
  2. package/README.md +9 -5
  3. package/dist/index.d.ts +28 -2
  4. package/dist/index.js +137 -23
  5. package/dist/src/index.js +621 -633
  6. package/dist/test/src/index.js +908 -905
  7. package/package.json +2 -2
  8. package/src/index.ts +191 -47
package/dist/test/src/index.js CHANGED
@@ -3,331 +3,321 @@
3
3
  * The Universal Protocol for Space-Time Coordinates.
4
4
  * @packageDocumentation
5
5
  * @version 0.4.2
6
- * @license MIT
6
+ * @license Apache-2.0
7
7
  * @copyright 2026 TPS Standards Working Group
8
8
  */
9
9
  export class TPS {
10
- /**
11
- * Registers a calendar driver plugin.
12
- * @param driver - The driver instance to register.
13
- */
14
- static registerDriver(driver) {
15
- this.drivers.set(driver.code, driver);
16
- }
17
- /**
18
- * Gets a registered calendar driver.
19
- * @param code - The calendar code.
20
- * @returns The driver or undefined.
21
- */
22
- static getDriver(code) {
23
- return this.drivers.get(code);
24
- }
25
- // --- CORE METHODS ---
26
- static validate(input) {
27
- if (input.startsWith('tps://'))
28
- return this.REGEX_URI.test(input);
29
- return this.REGEX_TIME.test(input);
30
- }
31
- static parse(input) {
32
- if (input.startsWith('tps://')) {
33
- const match = this.REGEX_URI.exec(input);
34
- if (!match || !match.groups)
35
- return null;
36
- return this._mapGroupsToComponents(match.groups);
37
- }
38
- const match = this.REGEX_TIME.exec(input);
39
- if (!match || !match.groups)
40
- return null;
41
- return this._mapGroupsToComponents(match.groups);
42
- }
43
- /**
44
- * SERIALIZER: Converts a components object into a full TPS URI.
45
- * @param comp - The TPS components.
46
- * @returns Full URI string (e.g. "tps://...").
47
- */
48
- static toURI(comp) {
49
- // 1. Build Space Part
50
- let spacePart = 'unknown'; // Default safe fallback
51
- if (comp.isHiddenLocation) {
52
- spacePart = 'hidden';
53
- }
54
- else if (comp.isRedactedLocation) {
55
- spacePart = 'redacted';
56
- }
57
- else if (comp.isUnknownLocation) {
58
- spacePart = 'unknown';
59
- }
60
- else if (comp.latitude !== undefined && comp.longitude !== undefined) {
61
- spacePart = `${comp.latitude},${comp.longitude}`;
62
- if (comp.altitude !== undefined) {
63
- spacePart += `,${comp.altitude}m`;
64
- }
65
- }
66
- // 2. Build Time Part
67
- let timePart = `T:${comp.calendar}`;
68
- if (comp.calendar === 'unix' && comp.unixSeconds !== undefined) {
69
- timePart += `.s${comp.unixSeconds}`;
70
- }
71
- else {
72
- if (comp.millennium !== undefined)
73
- timePart += `.m${comp.millennium}`;
74
- if (comp.century !== undefined)
75
- timePart += `.c${comp.century}`;
76
- if (comp.year !== undefined)
77
- timePart += `.y${comp.year}`;
78
- if (comp.month !== undefined)
79
- timePart += `.M${this.pad(comp.month)}`;
80
- if (comp.day !== undefined)
81
- timePart += `.d${this.pad(comp.day)}`;
82
- if (comp.hour !== undefined)
83
- timePart += `.h${this.pad(comp.hour)}`;
84
- if (comp.minute !== undefined)
85
- timePart += `.n${this.pad(comp.minute)}`;
86
- if (comp.second !== undefined)
87
- timePart += `.s${this.pad(comp.second)}`;
88
- }
89
- // 3. Build Extensions
90
- let extPart = '';
91
- if (comp.extensions && Object.keys(comp.extensions).length > 0) {
92
- const extStrings = Object.entries(comp.extensions).map(([k, v]) => `${k}${v}`);
93
- extPart = `;${extStrings.join('.')}`;
94
- }
95
- return `tps://${spacePart}@${timePart}${extPart}`;
96
- }
97
- /**
98
- * CONVERTER: Creates a TPS Time Object string from a JavaScript Date.
99
- * Supports plugin drivers for non-Gregorian calendars.
100
- * @param date - The JS Date object (defaults to Now).
101
- * @param calendar - The target calendar driver (default 'greg').
102
- * @returns Canonical string (e.g., "T:greg.m3.c1.y26...").
103
- */
104
- static fromDate(date = new Date(), calendar = 'greg') {
105
- // Check for registered driver first
106
- const driver = this.drivers.get(calendar);
107
- if (driver) {
108
- return driver.fromDate(date);
109
- }
110
- // Built-in handlers
111
- if (calendar === 'unix') {
112
- const s = (date.getTime() / 1000).toFixed(3);
113
- return `T:unix.s${s}`;
114
- }
115
- if (calendar === 'greg') {
116
- const fullYear = date.getUTCFullYear();
117
- const m = Math.floor(fullYear / 1000) + 1;
118
- const c = Math.floor((fullYear % 1000) / 100) + 1;
119
- const y = fullYear % 100;
120
- const M = date.getUTCMonth() + 1;
121
- const d = date.getUTCDate();
122
- const h = date.getUTCHours();
123
- const n = date.getUTCMinutes();
124
- const s = date.getUTCSeconds();
125
- return `T:greg.m${m}.c${c}.y${y}.M${this.pad(M)}.d${this.pad(d)}.h${this.pad(h)}.n${this.pad(n)}.s${this.pad(s)}`;
126
- }
127
- throw new Error(`Calendar driver '${calendar}' not implemented. Register a driver.`);
128
- }
129
- /**
130
- * CONVERTER: Converts a TPS string to a Date in a target calendar format.
131
- * Uses plugin drivers for cross-calendar conversion.
132
- * @param tpsString - The source TPS string (any calendar).
133
- * @param targetCalendar - The target calendar code (e.g., 'hij').
134
- * @returns A TPS string in the target calendar, or null if invalid.
135
- */
136
- static to(targetCalendar, tpsString) {
137
- // 1. Parse to components and convert to Gregorian Date
138
- const gregDate = this.toDate(tpsString);
139
- if (!gregDate)
140
- return null;
141
- // 2. Convert Gregorian to target calendar using driver
142
- return this.fromDate(gregDate, targetCalendar);
143
- }
144
- /**
145
- * CONVERTER: Reconstructs a JavaScript Date object from a TPS string.
146
- * Supports plugin drivers for non-Gregorian calendars.
147
- * @param tpsString - The TPS string.
148
- * @returns JS Date object or `null` if invalid.
149
- */
150
- static toDate(tpsString) {
151
- const p = this.parse(tpsString);
152
- if (!p)
153
- return null;
154
- // Check for registered driver first
155
- const driver = this.drivers.get(p.calendar);
156
- if (driver) {
157
- return driver.toGregorian(p);
158
- }
159
- // Built-in handlers
160
- if (p.calendar === 'unix' && p.unixSeconds !== undefined) {
161
- return new Date(p.unixSeconds * 1000);
162
- }
163
- if (p.calendar === 'greg') {
164
- const m = p.millennium || 0;
165
- const c = p.century || 1;
166
- const y = p.year || 0;
167
- const fullYear = (m - 1) * 1000 + (c - 1) * 100 + y;
168
- return new Date(Date.UTC(fullYear, (p.month || 1) - 1, p.day || 1, p.hour || 0, p.minute || 0, Math.floor(p.second || 0)));
169
- }
170
- return null;
171
- }
172
- // --- DRIVER CONVENIENCE METHODS ---
173
- /**
174
- * Parse a calendar-specific date string into TPS components.
175
- * Requires the driver to implement the optional `parseDate` method.
176
- *
177
- * @param calendar - The calendar code (e.g., 'hij')
178
- * @param dateString - Date string in calendar-native format (e.g., '1447-07-21')
179
- * @param format - Optional format string (driver-specific)
180
- * @returns TPS components or null if parsing fails
181
- *
182
- * @example
183
- * ```ts
184
- * const components = TPS.parseCalendarDate('hij', '1447-07-21');
185
- * // { calendar: 'hij', year: 1447, month: 7, day: 21 }
186
- *
187
- * const uri = TPS.toURI({ ...components, latitude: 31.95, longitude: 35.91 });
188
- * // "tps://31.95,35.91@T:hij.y1447.M07.d21"
189
- * ```
190
- */
191
- static parseCalendarDate(calendar, dateString, format) {
192
- const driver = this.drivers.get(calendar);
193
- if (!driver) {
194
- throw new Error(`Calendar driver '${calendar}' not found. Register a driver first.`);
195
- }
196
- if (!driver.parseDate) {
197
- throw new Error(`Driver '${calendar}' does not implement parseDate(). Use fromGregorian() instead.`);
198
- }
199
- return driver.parseDate(dateString, format);
200
- }
201
- /**
202
- * Convert a calendar-specific date string directly to a TPS URI.
203
- * This is a convenience method that combines parseDate + toURI.
204
- *
205
- * @param calendar - The calendar code (e.g., 'hij')
206
- * @param dateString - Date string in calendar-native format
207
- * @param location - Optional location (lat/lon/alt or privacy flag)
208
- * @returns Full TPS URI string
209
- *
210
- * @example
211
- * ```ts
212
- * // With coordinates
213
- * TPS.fromCalendarDate('hij', '1447-07-21', { latitude: 31.95, longitude: 35.91 });
214
- * // "tps://31.95,35.91@T:hij.y1447.M07.d21"
215
- *
216
- * // With privacy flag
217
- * TPS.fromCalendarDate('hij', '1447-07-21', { isHiddenLocation: true });
218
- * // "tps://hidden@T:hij.y1447.M07.d21"
219
- *
220
- * // Without location
221
- * TPS.fromCalendarDate('hij', '1447-07-21');
222
- * // "tps://unknown@T:hij.y1447.M07.d21"
223
- * ```
224
- */
225
- static fromCalendarDate(calendar, dateString, location) {
226
- const components = this.parseCalendarDate(calendar, dateString);
227
- if (!components) {
228
- throw new Error(`Failed to parse date string: ${dateString}`);
229
- }
230
- // Merge with location
231
- const fullComponents = {
232
- calendar,
233
- ...components,
234
- ...location,
235
- };
236
- return this.toURI(fullComponents);
237
- }
238
- /**
239
- * Format TPS components to a calendar-specific date string.
240
- * Requires the driver to implement the optional `format` method.
241
- *
242
- * @param calendar - The calendar code
243
- * @param components - TPS components to format
244
- * @param format - Optional format string (driver-specific)
245
- * @returns Formatted date string in calendar-native format
246
- *
247
- * @example
248
- * ```ts
249
- * const tps = TPS.parse('tps://unknown@T:hij.y1447.M07.d21');
250
- * const formatted = TPS.formatCalendarDate('hij', tps);
251
- * // "1447-07-21"
252
- * ```
253
- */
254
- static formatCalendarDate(calendar, components, format) {
255
- const driver = this.drivers.get(calendar);
256
- if (!driver) {
257
- throw new Error(`Calendar driver '${calendar}' not found.`);
258
- }
259
- if (!driver.format) {
260
- throw new Error(`Driver '${calendar}' does not implement format().`);
261
- }
262
- return driver.format(components, format);
263
- }
264
- // --- INTERNAL HELPERS ---
265
- static _mapGroupsToComponents(g) {
266
- const components = {};
267
- components.calendar = g.calendar;
268
- // Time Mapping
269
- if (components.calendar === 'unix' && g.unix) {
270
- components.unixSeconds = parseFloat(g.unix.substring(1));
271
- }
272
- else {
273
- if (g.millennium)
274
- components.millennium = parseInt(g.millennium, 10);
275
- if (g.century)
276
- components.century = parseInt(g.century, 10);
277
- if (g.year)
278
- components.year = parseInt(g.year, 10);
279
- if (g.month)
280
- components.month = parseInt(g.month, 10);
281
- if (g.day)
282
- components.day = parseInt(g.day, 10);
283
- if (g.hour)
284
- components.hour = parseInt(g.hour, 10);
285
- if (g.minute)
286
- components.minute = parseInt(g.minute, 10);
287
- if (g.second)
288
- components.second = parseFloat(g.second);
289
- }
290
- // Space Mapping
291
- if (g.space) {
292
- if (g.space === 'unknown')
293
- components.isUnknownLocation = true;
294
- else if (g.space === 'redacted')
295
- components.isRedactedLocation = true;
296
- else if (g.space === 'hidden')
297
- components.isHiddenLocation = true;
298
- else {
299
- if (g.lat)
300
- components.latitude = parseFloat(g.lat);
301
- if (g.lon)
302
- components.longitude = parseFloat(g.lon);
303
- if (g.alt)
304
- components.altitude = parseFloat(g.alt);
305
- }
306
- }
307
- // Extensions Mapping
308
- if (g.extensions) {
309
- const extObj = {};
310
- const parts = g.extensions.split('.');
311
- parts.forEach((p) => {
312
- const key = p.charAt(0);
313
- const val = p.substring(1);
314
- if (key && val)
315
- extObj[key] = val;
316
- });
317
- components.extensions = extObj;
318
- }
319
- return components;
320
- }
321
- static pad(n) {
322
- const s = n.toString();
323
- return s.length < 2 ? '0' + s : s;
324
- }
10
+ /**
11
+ * Registers a calendar driver plugin.
12
+ * @param driver - The driver instance to register.
13
+ */
14
+ static registerDriver(driver) {
15
+ this.drivers.set(driver.code, driver);
16
+ }
17
+ /**
18
+ * Gets a registered calendar driver.
19
+ * @param code - The calendar code.
20
+ * @returns The driver or undefined.
21
+ */
22
+ static getDriver(code) {
23
+ return this.drivers.get(code);
24
+ }
25
+ // --- CORE METHODS ---
26
+ static validate(input) {
27
+ if (input.startsWith("tps://")) return this.REGEX_URI.test(input);
28
+ return this.REGEX_TIME.test(input);
29
+ }
30
+ static parse(input) {
31
+ if (input.startsWith("tps://")) {
32
+ const match = this.REGEX_URI.exec(input);
33
+ if (!match || !match.groups) return null;
34
+ return this._mapGroupsToComponents(match.groups);
35
+ }
36
+ const match = this.REGEX_TIME.exec(input);
37
+ if (!match || !match.groups) return null;
38
+ return this._mapGroupsToComponents(match.groups);
39
+ }
40
+ /**
41
+ * SERIALIZER: Converts a components object into a full TPS URI.
42
+ * @param comp - The TPS components.
43
+ * @returns Full URI string (e.g. "tps://...").
44
+ */
45
+ static toURI(comp) {
46
+ // 1. Build Space Part
47
+ let spacePart = "unknown"; // Default safe fallback
48
+ if (comp.isHiddenLocation) {
49
+ spacePart = "hidden";
50
+ } else if (comp.isRedactedLocation) {
51
+ spacePart = "redacted";
52
+ } else if (comp.isUnknownLocation) {
53
+ spacePart = "unknown";
54
+ } else if (comp.latitude !== undefined && comp.longitude !== undefined) {
55
+ spacePart = `${comp.latitude},${comp.longitude}`;
56
+ if (comp.altitude !== undefined) {
57
+ spacePart += `,${comp.altitude}m`;
58
+ }
59
+ }
60
+ // 2. Build Time Part
61
+ let timePart = `T:${comp.calendar}`;
62
+ if (comp.calendar === "unix" && comp.unixSeconds !== undefined) {
63
+ timePart += `.s${comp.unixSeconds}`;
64
+ } else {
65
+ if (comp.millennium !== undefined) timePart += `.m${comp.millennium}`;
66
+ if (comp.century !== undefined) timePart += `.c${comp.century}`;
67
+ if (comp.year !== undefined) timePart += `.y${comp.year}`;
68
+ if (comp.month !== undefined) timePart += `.M${this.pad(comp.month)}`;
69
+ if (comp.day !== undefined) timePart += `.d${this.pad(comp.day)}`;
70
+ if (comp.hour !== undefined) timePart += `.h${this.pad(comp.hour)}`;
71
+ if (comp.minute !== undefined) timePart += `.n${this.pad(comp.minute)}`;
72
+ if (comp.second !== undefined) timePart += `.s${this.pad(comp.second)}`;
73
+ }
74
+ // 3. Build Extensions
75
+ let extPart = "";
76
+ if (comp.extensions && Object.keys(comp.extensions).length > 0) {
77
+ const extStrings = Object.entries(comp.extensions).map(
78
+ ([k, v]) => `${k}${v}`
79
+ );
80
+ extPart = `;${extStrings.join(".")}`;
81
+ }
82
+ return `tps://${spacePart}@${timePart}${extPart}`;
83
+ }
84
+ /**
85
+ * CONVERTER: Creates a TPS Time Object string from a JavaScript Date.
86
+ * Supports plugin drivers for non-Gregorian calendars.
87
+ * @param date - The JS Date object (defaults to Now).
88
+ * @param calendar - The target calendar driver (default 'greg').
89
+ * @returns Canonical string (e.g., "T:greg.m3.c1.y26...").
90
+ */
91
+ static fromDate(date = new Date(), calendar = "greg") {
92
+ // Check for registered driver first
93
+ const driver = this.drivers.get(calendar);
94
+ if (driver) {
95
+ return driver.fromDate(date);
96
+ }
97
+ // Built-in handlers
98
+ if (calendar === "unix") {
99
+ const s = (date.getTime() / 1000).toFixed(3);
100
+ return `T:unix.s${s}`;
101
+ }
102
+ if (calendar === "greg") {
103
+ const fullYear = date.getUTCFullYear();
104
+ const m = Math.floor(fullYear / 1000) + 1;
105
+ const c = Math.floor((fullYear % 1000) / 100) + 1;
106
+ const y = fullYear % 100;
107
+ const M = date.getUTCMonth() + 1;
108
+ const d = date.getUTCDate();
109
+ const h = date.getUTCHours();
110
+ const n = date.getUTCMinutes();
111
+ const s = date.getUTCSeconds();
112
+ return `T:greg.m${m}.c${c}.y${y}.M${this.pad(M)}.d${this.pad(
113
+ d
114
+ )}.h${this.pad(h)}.n${this.pad(n)}.s${this.pad(s)}`;
115
+ }
116
+ throw new Error(
117
+ `Calendar driver '${calendar}' not implemented. Register a driver.`
118
+ );
119
+ }
120
+ /**
121
+ * CONVERTER: Converts a TPS string to a Date in a target calendar format.
122
+ * Uses plugin drivers for cross-calendar conversion.
123
+ * @param tpsString - The source TPS string (any calendar).
124
+ * @param targetCalendar - The target calendar code (e.g., 'hij').
125
+ * @returns A TPS string in the target calendar, or null if invalid.
126
+ */
127
+ static to(targetCalendar, tpsString) {
128
+ // 1. Parse to components and convert to Gregorian Date
129
+ const gregDate = this.toDate(tpsString);
130
+ if (!gregDate) return null;
131
+ // 2. Convert Gregorian to target calendar using driver
132
+ return this.fromDate(gregDate, targetCalendar);
133
+ }
134
+ /**
135
+ * CONVERTER: Reconstructs a JavaScript Date object from a TPS string.
136
+ * Supports plugin drivers for non-Gregorian calendars.
137
+ * @param tpsString - The TPS string.
138
+ * @returns JS Date object or `null` if invalid.
139
+ */
140
+ static toDate(tpsString) {
141
+ const p = this.parse(tpsString);
142
+ if (!p) return null;
143
+ // Check for registered driver first
144
+ const driver = this.drivers.get(p.calendar);
145
+ if (driver) {
146
+ return driver.toGregorian(p);
147
+ }
148
+ // Built-in handlers
149
+ if (p.calendar === "unix" && p.unixSeconds !== undefined) {
150
+ return new Date(p.unixSeconds * 1000);
151
+ }
152
+ if (p.calendar === "greg") {
153
+ const m = p.millennium || 0;
154
+ const c = p.century || 1;
155
+ const y = p.year || 0;
156
+ const fullYear = (m - 1) * 1000 + (c - 1) * 100 + y;
157
+ return new Date(
158
+ Date.UTC(
159
+ fullYear,
160
+ (p.month || 1) - 1,
161
+ p.day || 1,
162
+ p.hour || 0,
163
+ p.minute || 0,
164
+ Math.floor(p.second || 0)
165
+ )
166
+ );
167
+ }
168
+ return null;
169
+ }
170
+ // --- DRIVER CONVENIENCE METHODS ---
171
+ /**
172
+ * Parse a calendar-specific date string into TPS components.
173
+ * Requires the driver to implement the optional `parseDate` method.
174
+ *
175
+ * @param calendar - The calendar code (e.g., 'hij')
176
+ * @param dateString - Date string in calendar-native format (e.g., '1447-07-21')
177
+ * @param format - Optional format string (driver-specific)
178
+ * @returns TPS components or null if parsing fails
179
+ *
180
+ * @example
181
+ * ```ts
182
+ * const components = TPS.parseCalendarDate('hij', '1447-07-21');
183
+ * // { calendar: 'hij', year: 1447, month: 7, day: 21 }
184
+ *
185
+ * const uri = TPS.toURI({ ...components, latitude: 31.95, longitude: 35.91 });
186
+ * // "tps://31.95,35.91@T:hij.y1447.M07.d21"
187
+ * ```
188
+ */
189
+ static parseCalendarDate(calendar, dateString, format) {
190
+ const driver = this.drivers.get(calendar);
191
+ if (!driver) {
192
+ throw new Error(
193
+ `Calendar driver '${calendar}' not found. Register a driver first.`
194
+ );
195
+ }
196
+ if (!driver.parseDate) {
197
+ throw new Error(
198
+ `Driver '${calendar}' does not implement parseDate(). Use fromGregorian() instead.`
199
+ );
200
+ }
201
+ return driver.parseDate(dateString, format);
202
+ }
203
+ /**
204
+ * Convert a calendar-specific date string directly to a TPS URI.
205
+ * This is a convenience method that combines parseDate + toURI.
206
+ *
207
+ * @param calendar - The calendar code (e.g., 'hij')
208
+ * @param dateString - Date string in calendar-native format
209
+ * @param location - Optional location (lat/lon/alt or privacy flag)
210
+ * @returns Full TPS URI string
211
+ *
212
+ * @example
213
+ * ```ts
214
+ * // With coordinates
215
+ * TPS.fromCalendarDate('hij', '1447-07-21', { latitude: 31.95, longitude: 35.91 });
216
+ * // "tps://31.95,35.91@T:hij.y1447.M07.d21"
217
+ *
218
+ * // With privacy flag
219
+ * TPS.fromCalendarDate('hij', '1447-07-21', { isHiddenLocation: true });
220
+ * // "tps://hidden@T:hij.y1447.M07.d21"
221
+ *
222
+ * // Without location
223
+ * TPS.fromCalendarDate('hij', '1447-07-21');
224
+ * // "tps://unknown@T:hij.y1447.M07.d21"
225
+ * ```
226
+ */
227
+ static fromCalendarDate(calendar, dateString, location) {
228
+ const components = this.parseCalendarDate(calendar, dateString);
229
+ if (!components) {
230
+ throw new Error(`Failed to parse date string: ${dateString}`);
231
+ }
232
+ // Merge with location
233
+ const fullComponents = {
234
+ calendar,
235
+ ...components,
236
+ ...location,
237
+ };
238
+ return this.toURI(fullComponents);
239
+ }
240
+ /**
241
+ * Format TPS components to a calendar-specific date string.
242
+ * Requires the driver to implement the optional `format` method.
243
+ *
244
+ * @param calendar - The calendar code
245
+ * @param components - TPS components to format
246
+ * @param format - Optional format string (driver-specific)
247
+ * @returns Formatted date string in calendar-native format
248
+ *
249
+ * @example
250
+ * ```ts
251
+ * const tps = TPS.parse('tps://unknown@T:hij.y1447.M07.d21');
252
+ * const formatted = TPS.formatCalendarDate('hij', tps);
253
+ * // "1447-07-21"
254
+ * ```
255
+ */
256
+ static formatCalendarDate(calendar, components, format) {
257
+ const driver = this.drivers.get(calendar);
258
+ if (!driver) {
259
+ throw new Error(`Calendar driver '${calendar}' not found.`);
260
+ }
261
+ if (!driver.format) {
262
+ throw new Error(`Driver '${calendar}' does not implement format().`);
263
+ }
264
+ return driver.format(components, format);
265
+ }
266
+ // --- INTERNAL HELPERS ---
267
+ static _mapGroupsToComponents(g) {
268
+ const components = {};
269
+ components.calendar = g.calendar;
270
+ // Time Mapping
271
+ if (components.calendar === "unix" && g.unix) {
272
+ components.unixSeconds = parseFloat(g.unix.substring(1));
273
+ } else {
274
+ if (g.millennium) components.millennium = parseInt(g.millennium, 10);
275
+ if (g.century) components.century = parseInt(g.century, 10);
276
+ if (g.year) components.year = parseInt(g.year, 10);
277
+ if (g.month) components.month = parseInt(g.month, 10);
278
+ if (g.day) components.day = parseInt(g.day, 10);
279
+ if (g.hour) components.hour = parseInt(g.hour, 10);
280
+ if (g.minute) components.minute = parseInt(g.minute, 10);
281
+ if (g.second) components.second = parseFloat(g.second);
282
+ }
283
+ // Space Mapping
284
+ if (g.space) {
285
+ if (g.space === "unknown") components.isUnknownLocation = true;
286
+ else if (g.space === "redacted") components.isRedactedLocation = true;
287
+ else if (g.space === "hidden") components.isHiddenLocation = true;
288
+ else {
289
+ if (g.lat) components.latitude = parseFloat(g.lat);
290
+ if (g.lon) components.longitude = parseFloat(g.lon);
291
+ if (g.alt) components.altitude = parseFloat(g.alt);
292
+ }
293
+ }
294
+ // Extensions Mapping
295
+ if (g.extensions) {
296
+ const extObj = {};
297
+ const parts = g.extensions.split(".");
298
+ parts.forEach((p) => {
299
+ const key = p.charAt(0);
300
+ const val = p.substring(1);
301
+ if (key && val) extObj[key] = val;
302
+ });
303
+ components.extensions = extObj;
304
+ }
305
+ return components;
306
+ }
307
+ static pad(n) {
308
+ const s = n.toString();
309
+ return s.length < 2 ? "0" + s : s;
310
+ }
325
311
  }
326
312
  // --- PLUGIN REGISTRY ---
327
313
  TPS.drivers = new Map();
328
314
  // --- REGEX ---
329
- TPS.REGEX_URI = new RegExp('^tps://(?<space>unknown|redacted|hidden|(?<lat>-?\\d+(?:\\.\\d+)?),(?<lon>-?\\d+(?:\\.\\d+)?)(?:,(?<alt>-?\\d+(?:\\.\\d+)?)m?)?)@T:(?<calendar>[a-z]{3,4})\\.(?:(?<unix>s\\d+(?:\\.\\d+)?)|m(?<millennium>-?\\d+)(?:\\.c(?<century>\\d+)(?:\\.y(?<year>\\d+)(?:\\.M(?<month>\\d{1,2})(?:\\.d(?<day>\\d{1,2})(?:\\.h(?<hour>\\d{1,2})(?:\\.n(?<minute>\\d{1,2})(?:\\.s(?<second>\\d{1,2}(?:\\.\\d+)?))?)?)?)?)?)?)?)?(?:;(?<extensions>[a-z0-9\\.\\-\\_]+))?$');
330
- TPS.REGEX_TIME = new RegExp('^T:(?<calendar>[a-z]{3,4})\\.(?:(?<unix>s\\d+(?:\\.\\d+)?)|m(?<millennium>-?\\d+)(?:\\.c(?<century>\\d+)(?:\\.y(?<year>\\d+)(?:\\.M(?<month>\\d{1,2})(?:\\.d(?<day>\\d{1,2})(?:\\.h(?<hour>\\d{1,2})(?:\\.n(?<minute>\\d{1,2})(?:\\.s(?<second>\\d{1,2}(?:\\.\\d+)?))?)?)?)?)?)?)?)?$');
315
+ TPS.REGEX_URI = new RegExp(
316
+ "^tps://(?<space>unknown|redacted|hidden|(?<lat>-?\\d+(?:\\.\\d+)?),(?<lon>-?\\d+(?:\\.\\d+)?)(?:,(?<alt>-?\\d+(?:\\.\\d+)?)m?)?)@T:(?<calendar>[a-z]{3,4})\\.(?:(?<unix>s\\d+(?:\\.\\d+)?)|m(?<millennium>-?\\d+)(?:\\.c(?<century>\\d+)(?:\\.y(?<year>\\d+)(?:\\.M(?<month>\\d{1,2})(?:\\.d(?<day>\\d{1,2})(?:\\.h(?<hour>\\d{1,2})(?:\\.n(?<minute>\\d{1,2})(?:\\.s(?<second>\\d{1,2}(?:\\.\\d+)?))?)?)?)?)?)?)?)?(?:;(?<extensions>[a-z0-9\\.\\-\\_]+))?$"
317
+ );
318
+ TPS.REGEX_TIME = new RegExp(
319
+ "^T:(?<calendar>[a-z]{3,4})\\.(?:(?<unix>s\\d+(?:\\.\\d+)?)|m(?<millennium>-?\\d+)(?:\\.c(?<century>\\d+)(?:\\.y(?<year>\\d+)(?:\\.M(?<month>\\d{1,2})(?:\\.d(?<day>\\d{1,2})(?:\\.h(?<hour>\\d{1,2})(?:\\.n(?<minute>\\d{1,2})(?:\\.s(?<second>\\d{1,2}(?:\\.\\d+)?))?)?)?)?)?)?)?)?$"
320
+ );
331
321
  /**
332
322
  * TPS-UID v1 — Temporal Positioning System Identifier (Binary Reversible)
333
323
  *
@@ -363,598 +353,611 @@ TPS.REGEX_TIME = new RegExp('^T:(?<calendar>[a-z]{3,4})\\.(?:(?<unix>s\\d+(?:\\.
363
353
  * ```
364
354
  */
365
355
  export class TPSUID7RB {
366
- // ---------------------------
367
- // Public API
368
- // ---------------------------
369
- /**
370
- * Encode TPS string to binary bytes (Uint8Array).
371
- * This is the canonical form for hashing, signing, and storage.
372
- *
373
- * @param tps - The TPS string to encode
374
- * @param opts - Encoding options (compress, epochMs override)
375
- * @returns Binary TPS-UID as Uint8Array
376
- */
377
- static encodeBinary(tps, opts) {
378
- const compress = opts?.compress ?? false;
379
- const epochMs = opts?.epochMs ?? this.epochMsFromTPSString(tps);
380
- if (!Number.isInteger(epochMs) || epochMs < 0) {
381
- throw new Error('epochMs must be a non-negative integer');
382
- }
383
- if (epochMs > 0xffffffffffff) {
384
- throw new Error('epochMs exceeds 48-bit range');
385
- }
386
- const flags = compress ? 0x01 : 0x00;
387
- // Generate 32-bit nonce
388
- const nonceBuf = this.randomBytes(4);
389
- const nonce = ((nonceBuf[0] << 24) >>> 0) +
390
- ((nonceBuf[1] << 16) >>> 0) +
391
- ((nonceBuf[2] << 8) >>> 0) +
392
- nonceBuf[3];
393
- // Encode TPS to UTF-8
394
- const tpsUtf8 = new TextEncoder().encode(tps);
395
- // Optionally compress
396
- const payload = compress ? this.deflateRaw(tpsUtf8) : tpsUtf8;
397
- // Encode length as varint
398
- const lenVar = this.uvarintEncode(payload.length);
399
- // Construct binary structure
400
- const out = new Uint8Array(4 + 1 + 1 + 6 + 4 + lenVar.length + payload.length);
401
- let offset = 0;
402
- // MAGIC
403
- out.set(this.MAGIC, offset);
404
- offset += 4;
405
- // VER
406
- out[offset++] = this.VER;
407
- // FLAGS
408
- out[offset++] = flags;
409
- // TIME (48-bit big-endian)
410
- const timeBytes = this.writeU48(epochMs);
411
- out.set(timeBytes, offset);
412
- offset += 6;
413
- // NONCE (32-bit big-endian)
414
- out.set(nonceBuf, offset);
415
- offset += 4;
416
- // LEN (varint)
417
- out.set(lenVar, offset);
418
- offset += lenVar.length;
419
- // TPS payload
420
- out.set(payload, offset);
421
- return out;
422
- }
423
- /**
424
- * Decode binary bytes back to original TPS string.
425
- *
426
- * @param bytes - Binary TPS-UID
427
- * @returns Decoded result with original TPS string
428
- */
429
- static decodeBinary(bytes) {
430
- // Header min size: 4+1+1+6+4 + 1 (at least 1 byte varint) = 17
431
- if (bytes.length < 17) {
432
- throw new Error('TPSUID7RB: too short');
433
- }
434
- // MAGIC
435
- if (bytes[0] !== 0x54 ||
436
- bytes[1] !== 0x50 ||
437
- bytes[2] !== 0x55 ||
438
- bytes[3] !== 0x37) {
439
- throw new Error('TPSUID7RB: bad magic');
440
- }
441
- // VERSION
442
- const ver = bytes[4];
443
- if (ver !== this.VER) {
444
- throw new Error(`TPSUID7RB: unsupported version ${ver}`);
445
- }
446
- // FLAGS
447
- const flags = bytes[5];
448
- const compressed = (flags & 0x01) === 0x01;
449
- // TIME (48-bit big-endian)
450
- const epochMs = this.readU48(bytes, 6);
451
- // NONCE (32-bit big-endian)
452
- const nonce = ((bytes[12] << 24) >>> 0) +
453
- ((bytes[13] << 16) >>> 0) +
454
- ((bytes[14] << 8) >>> 0) +
455
- bytes[15];
456
- // LEN (varint at offset 16)
457
- let offset = 16;
458
- const { value: tpsLen, bytesRead } = this.uvarintDecode(bytes, offset);
459
- offset += bytesRead;
460
- if (offset + tpsLen > bytes.length) {
461
- throw new Error('TPSUID7RB: length overflow');
462
- }
463
- // TPS payload
464
- const payload = bytes.slice(offset, offset + tpsLen);
465
- const tpsUtf8 = compressed ? this.inflateRaw(payload) : payload;
466
- const tps = new TextDecoder().decode(tpsUtf8);
467
- return { version: 'tpsuid7rb', epochMs, compressed, nonce, tps };
468
- }
469
- /**
470
- * Encode TPS to base64url string with prefix.
471
- * This is the transport/storage form.
472
- *
473
- * @param tps - The TPS string to encode
474
- * @param opts - Encoding options
475
- * @returns Base64url encoded TPS-UID with prefix
476
- */
477
- static encodeBinaryB64(tps, opts) {
478
- const bytes = this.encodeBinary(tps, opts);
479
- return `${this.PREFIX}${this.base64UrlEncode(bytes)}`;
480
- }
481
- /**
482
- * Decode base64url string back to original TPS string.
483
- *
484
- * @param id - Base64url encoded TPS-UID with prefix
485
- * @returns Decoded result with original TPS string
486
- */
487
- static decodeBinaryB64(id) {
488
- const s = id.trim();
489
- if (!s.startsWith(this.PREFIX)) {
490
- throw new Error('TPSUID7RB: missing prefix');
491
- }
492
- const b64 = s.slice(this.PREFIX.length);
493
- const bytes = this.base64UrlDecode(b64);
494
- return this.decodeBinary(bytes);
495
- }
496
- /**
497
- * Validate base64url encoded TPS-UID format.
498
- * Note: This validates shape only; binary decode is authoritative.
499
- *
500
- * @param id - String to validate
501
- * @returns true if format is valid
502
- */
503
- static validateBinaryB64(id) {
504
- return this.REGEX.test(id.trim());
505
- }
506
- /**
507
- * Generate a TPS-UID from the current time and optional location.
508
- *
509
- * @param opts - Generation options
510
- * @returns Base64url encoded TPS-UID
511
- */
512
- static generate(opts) {
513
- const now = new Date();
514
- const tps = this.generateTPSString(now, opts);
515
- return this.encodeBinaryB64(tps, {
516
- compress: opts?.compress,
517
- epochMs: now.getTime(),
518
- });
519
- }
520
- // ---------------------------
521
- // TPS String Helpers
522
- // ---------------------------
523
- /**
524
- * Generate a TPS string from a Date and optional location.
525
- */
526
- static generateTPSString(date, opts) {
527
- const fullYear = date.getUTCFullYear();
528
- const m = Math.floor(fullYear / 1000) + 1;
529
- const c = Math.floor((fullYear % 1000) / 100) + 1;
530
- const y = fullYear % 100;
531
- const M = date.getUTCMonth() + 1;
532
- const d = date.getUTCDate();
533
- const h = date.getUTCHours();
534
- const n = date.getUTCMinutes();
535
- const s = date.getUTCSeconds();
536
- const pad = (num) => num.toString().padStart(2, '0');
537
- const timePart = `T:greg.m${m}.c${c}.y${y}.M${pad(M)}.d${pad(d)}.h${pad(h)}.n${pad(n)}.s${pad(s)}`;
538
- let spacePart = 'unknown';
539
- if (opts?.latitude !== undefined && opts?.longitude !== undefined) {
540
- spacePart = `${opts.latitude},${opts.longitude}`;
541
- if (opts.altitude !== undefined) {
542
- spacePart += `,${opts.altitude}m`;
543
- }
544
- }
545
- return `tps://${spacePart}@${timePart}`;
546
- }
547
- /**
548
- * Parse epoch milliseconds from a TPS string.
549
- * Supports both URI format (tps://...) and time-only format (T:greg...)
550
- */
551
- static epochMsFromTPSString(tps) {
552
- let time;
553
- if (tps.includes('@')) {
554
- // URI format: tps://...@T:greg...
555
- const at = tps.indexOf('@');
556
- time = tps.slice(at + 1).trim();
557
- }
558
- else if (tps.startsWith('T:')) {
559
- // Time-only format
560
- time = tps;
561
- }
562
- else {
563
- throw new Error('TPS: unrecognized format');
564
- }
565
- if (!time.startsWith('T:greg.')) {
566
- throw new Error('TPS: only T:greg.* parsing is supported');
567
- }
568
- // Extract m (millennium), c (century), y (year)
569
- const mMatch = time.match(/\.m(-?\d+)/);
570
- const cMatch = time.match(/\.c(\d+)/);
571
- const yMatch = time.match(/\.y(\d{1,4})/);
572
- const MMatch = time.match(/\.M(\d{1,2})/);
573
- const dMatch = time.match(/\.d(\d{1,2})/);
574
- const hMatch = time.match(/\.h(\d{1,2})/);
575
- const nMatch = time.match(/\.n(\d{1,2})/);
576
- const sMatch = time.match(/\.s(\d{1,2})/);
577
- // Calculate full year from millennium, century, year
578
- let fullYear;
579
- if (mMatch && cMatch && yMatch) {
580
- const millennium = parseInt(mMatch[1], 10);
581
- const century = parseInt(cMatch[1], 10);
582
- const year = parseInt(yMatch[1], 10);
583
- fullYear = (millennium - 1) * 1000 + (century - 1) * 100 + year;
584
- }
585
- else if (yMatch) {
586
- // Fallback: interpret y as 2-digit year
587
- let year = parseInt(yMatch[1], 10);
588
- if (year < 100) {
589
- year = year <= 69 ? 2000 + year : 1900 + year;
590
- }
591
- fullYear = year;
592
- }
593
- else {
594
- throw new Error('TPS: missing year component');
595
- }
596
- const month = MMatch ? parseInt(MMatch[1], 10) : 1;
597
- const day = dMatch ? parseInt(dMatch[1], 10) : 1;
598
- const hour = hMatch ? parseInt(hMatch[1], 10) : 0;
599
- const minute = nMatch ? parseInt(nMatch[1], 10) : 0;
600
- const second = sMatch ? parseInt(sMatch[1], 10) : 0;
601
- const epoch = Date.UTC(fullYear, month - 1, day, hour, minute, second);
602
- if (!Number.isFinite(epoch)) {
603
- throw new Error('TPS: failed to compute epochMs');
604
- }
605
- return epoch;
606
- }
607
- // ---------------------------
608
- // Binary Helpers
609
- // ---------------------------
610
- /** Write 48-bit unsigned integer (big-endian) */
611
- static writeU48(epochMs) {
612
- const b = new Uint8Array(6);
613
- // Use BigInt for proper 48-bit handling
614
- const v = BigInt(epochMs);
615
- b[0] = Number((v >> 40n) & 0xffn);
616
- b[1] = Number((v >> 32n) & 0xffn);
617
- b[2] = Number((v >> 24n) & 0xffn);
618
- b[3] = Number((v >> 16n) & 0xffn);
619
- b[4] = Number((v >> 8n) & 0xffn);
620
- b[5] = Number(v & 0xffn);
621
- return b;
622
- }
623
- /** Read 48-bit unsigned integer (big-endian) */
624
- static readU48(bytes, offset) {
625
- const v = (BigInt(bytes[offset]) << 40n) +
626
- (BigInt(bytes[offset + 1]) << 32n) +
627
- (BigInt(bytes[offset + 2]) << 24n) +
628
- (BigInt(bytes[offset + 3]) << 16n) +
629
- (BigInt(bytes[offset + 4]) << 8n) +
630
- BigInt(bytes[offset + 5]);
631
- const n = Number(v);
632
- if (!Number.isSafeInteger(n)) {
633
- throw new Error('TPSUID7RB: u48 not safe integer');
634
- }
635
- return n;
636
- }
637
- /** Encode unsigned integer as LEB128 varint */
638
- static uvarintEncode(n) {
639
- if (!Number.isInteger(n) || n < 0) {
640
- throw new Error('uvarint must be non-negative int');
641
- }
642
- const out = [];
643
- let x = n >>> 0;
644
- while (x >= 0x80) {
645
- out.push((x & 0x7f) | 0x80);
646
- x >>>= 7;
647
- }
648
- out.push(x);
649
- return new Uint8Array(out);
650
- }
651
- /** Decode LEB128 varint */
652
- static uvarintDecode(bytes, offset) {
653
- let x = 0;
654
- let s = 0;
655
- let i = 0;
656
- while (true) {
657
- if (offset + i >= bytes.length) {
658
- throw new Error('uvarint overflow');
659
- }
660
- const b = bytes[offset + i];
661
- if (b < 0x80) {
662
- if (i > 9 || (i === 9 && b > 1)) {
663
- throw new Error('uvarint too large');
664
- }
665
- x |= b << s;
666
- return { value: x >>> 0, bytesRead: i + 1 };
667
- }
668
- x |= (b & 0x7f) << s;
669
- s += 7;
670
- i++;
671
- if (i > 10) {
672
- throw new Error('uvarint too long');
673
- }
674
- }
675
- }
676
- // ---------------------------
677
- // Base64url Helpers
678
- // ---------------------------
679
- /** Encode bytes to base64url (no padding) */
680
- static base64UrlEncode(bytes) {
681
- // Node.js environment
682
- if (typeof Buffer !== 'undefined') {
683
- return Buffer.from(bytes)
684
- .toString('base64')
685
- .replace(/\+/g, '-')
686
- .replace(/\//g, '_')
687
- .replace(/=+$/g, '');
688
- }
689
- // Browser environment
690
- let binary = '';
691
- for (let i = 0; i < bytes.length; i++) {
692
- binary += String.fromCharCode(bytes[i]);
693
- }
694
- return btoa(binary)
695
- .replace(/\+/g, '-')
696
- .replace(/\//g, '_')
697
- .replace(/=+$/g, '');
698
- }
699
- /** Decode base64url to bytes */
700
- static base64UrlDecode(b64url) {
701
- // Add padding
702
- const padLen = (4 - (b64url.length % 4)) % 4;
703
- const b64 = (b64url + '='.repeat(padLen))
704
- .replace(/-/g, '+')
705
- .replace(/_/g, '/');
706
- // Node.js environment
707
- if (typeof Buffer !== 'undefined') {
708
- return new Uint8Array(Buffer.from(b64, 'base64'));
709
- }
710
- // Browser environment
711
- const binary = atob(b64);
712
- const bytes = new Uint8Array(binary.length);
713
- for (let i = 0; i < binary.length; i++) {
714
- bytes[i] = binary.charCodeAt(i);
715
- }
716
- return bytes;
717
- }
718
- // ---------------------------
719
- // Compression Helpers
720
- // ---------------------------
721
- /** Compress using zlib deflate raw */
722
- static deflateRaw(data) {
723
- // Node.js environment
724
- if (typeof require !== 'undefined') {
725
- try {
726
- // eslint-disable-next-line @typescript-eslint/no-require-imports
727
- const zlib = require('zlib');
728
- return new Uint8Array(zlib.deflateRawSync(Buffer.from(data)));
729
- }
730
- catch {
731
- throw new Error('TPSUID7RB: compression not available');
732
- }
733
- }
734
- // Browser: would need pako or similar library
735
- throw new Error('TPSUID7RB: compression not available in browser');
736
- }
737
- /** Decompress using zlib inflate raw */
738
- static inflateRaw(data) {
739
- // Node.js environment
740
- if (typeof require !== 'undefined') {
741
- try {
742
- // eslint-disable-next-line @typescript-eslint/no-require-imports
743
- const zlib = require('zlib');
744
- return new Uint8Array(zlib.inflateRawSync(Buffer.from(data)));
745
- }
746
- catch {
747
- throw new Error('TPSUID7RB: decompression failed');
748
- }
749
- }
750
- // Browser: would need pako or similar library
751
- throw new Error('TPSUID7RB: decompression not available in browser');
752
- }
753
- // ---------------------------
754
- // Cryptographic Sealing (Ed25519)
755
- // ---------------------------
756
- /**
757
- * Seal (sign) a TPS string to create a cryptographically verifiable TPS-UID.
758
- * This appends an Ed25519 signature to the binary form.
759
- *
760
- * @param tps - The TPS string to seal
761
- * @param privateKey - Ed25519 private key (hex or buffer)
762
- * @param opts - Encoding options
763
- * @returns Sealed binary TPS-UID
764
- */
765
- static seal(tps, privateKey, opts) {
766
- // 1. Create standard binary (unsealed first)
767
- // We force the SEAL flag (bit 1) to be 0 initially for the "content to sign"
768
- // But wait, we want the signature to cover the header too.
769
- // Strategy: Construct the full binary with SEAL flag OFF, sign it, then set SEAL flag ON and append sig.
770
- // Actually, the standard way is:
771
- // Content = MAGIC + VER + FLAGS(with seal bit set) + TIME + NONCE + LEN + PAYLOAD
772
- // Signature = Sign(Content)
773
- // Final = Content + SEAL_TYPE + SIGNATURE
774
- const compress = opts?.compress ?? false;
775
- const epochMs = opts?.epochMs ?? this.epochMsFromTPSString(tps);
776
- // Validate epoch
777
- if (!Number.isInteger(epochMs) || epochMs < 0 || epochMs > 0xffffffffffff) {
778
- throw new Error('epochMs must be a valid 48-bit non-negative integer');
779
- }
780
- // Flags: Bit 0 = compress, Bit 1 = sealed
781
- const flags = (compress ? 0x01 : 0x00) | 0x02; // Set SEAL bit
782
- // Generate Nonce
783
- const nonceBuf = this.randomBytes(4);
784
- // Encode Payload
785
- const tpsUtf8 = new TextEncoder().encode(tps);
786
- const payload = compress ? this.deflateRaw(tpsUtf8) : tpsUtf8;
787
- const lenVar = this.uvarintEncode(payload.length);
788
- // Construct Content (Header + Payload)
789
- const contentLen = 4 + 1 + 1 + 6 + 4 + lenVar.length + payload.length;
790
- const content = new Uint8Array(contentLen);
791
- let offset = 0;
792
- content.set(this.MAGIC, offset);
793
- offset += 4;
794
- content[offset++] = this.VER;
795
- content[offset++] = flags;
796
- content.set(this.writeU48(epochMs), offset);
797
- offset += 6;
798
- content.set(nonceBuf, offset);
799
- offset += 4;
800
- content.set(lenVar, offset);
801
- offset += lenVar.length;
802
- content.set(payload, offset);
803
- // Sign the content
804
- const signature = this.signEd25519(content, privateKey);
805
- const sealType = 0x01; // Ed25519
806
- // Final Output: Content + SealType (1) + Signature (64)
807
- const final = new Uint8Array(contentLen + 1 + signature.length);
808
- final.set(content, 0);
809
- final.set([sealType], contentLen);
810
- final.set(signature, contentLen + 1);
811
- return final;
812
- }
813
- /**
814
- * Verify a sealed TPS-UID and decode it.
815
- * Throws if signature is invalid or not sealed.
816
- *
817
- * @param sealedBytes - The binary sealed TPS-UID
818
- * @param publicKey - Ed25519 public key (hex or buffer) to verify against
819
- * @returns Decoded result
820
- */
821
- static verifyAndDecode(sealedBytes, publicKey) {
822
- if (sealedBytes.length < 18)
823
- throw new Error('TPSUID7RB: too short');
824
- // Check Magic
825
- if (sealedBytes[0] !== 0x54 ||
826
- sealedBytes[1] !== 0x50 ||
827
- sealedBytes[2] !== 0x55 ||
828
- sealedBytes[3] !== 0x37) {
829
- throw new Error('TPSUID7RB: bad magic');
830
- }
831
- // Check Flags for Sealed Bit (bit 1)
832
- const flags = sealedBytes[5];
833
- if ((flags & 0x02) === 0) {
834
- throw new Error('TPSUID7RB: not a sealed UID');
835
- }
836
- // 1. Parse the structure to find where content ends
837
- // We need to parse LEN and Payload to find the split point
838
- let offset = 16; // Start of LEN
839
- // Decode LEN
840
- const { value: tpsLen, bytesRead } = this.uvarintDecode(sealedBytes, offset);
841
- offset += bytesRead;
842
- const payloadEnd = offset + tpsLen;
843
- if (payloadEnd > sealedBytes.length) {
844
- throw new Error('TPSUID7RB: length overflow (truncated)');
845
- }
846
- // The Content to verify matches exactly [0 ... payloadEnd]
847
- const content = sealedBytes.slice(0, payloadEnd);
848
- // After content: SealType (1 byte) + Signature
849
- if (sealedBytes.length <= payloadEnd + 1) {
850
- throw new Error('TPSUID7RB: missing signature data');
851
- }
852
- const sealType = sealedBytes[payloadEnd];
853
- if (sealType !== 0x01) {
854
- throw new Error(`TPSUID7RB: unsupported seal type 0x${sealType.toString(16)}`);
855
- }
856
- const signature = sealedBytes.slice(payloadEnd + 1);
857
- if (signature.length !== 64) {
858
- throw new Error(`TPSUID7RB: invalid Ed25519 signature length ${signature.length}`);
859
- }
860
- // Verify
861
- const isValid = this.verifyEd25519(content, signature, publicKey);
862
- if (!isValid) {
863
- throw new Error('TPSUID7RB: signature verification failed');
864
- }
865
- // Decode (reuse standard logic, but ignoring the extra bytes at end is fine?)
866
- // Actually standard logic doesn't expect trailing bytes unless we tell it to.
867
- // But since we verified, we can just slice the content and decode that as a strict binary
868
- // EXCEPT standard decodeBinary checks strict length.
869
- // So we manually decode the components here to be safe and efficient.
870
- return this.decodeBinary(content); // Reuse strict decoder on the content part
871
- }
872
- // --- Crypto Implementation (Ed25519) ---
873
- static signEd25519(data, privateKey) {
874
- if (typeof require !== 'undefined') {
875
- try {
876
- // eslint-disable-next-line @typescript-eslint/no-require-imports
877
- const crypto = require('crypto');
878
- // Node's crypto.sign uses PEM or KeyObject, but for raw Ed25519 keys we might need 'crypto.sign(null, data, key)'
879
- // or ensure key is properly formatted.
880
- // For simplicity in Node 20+, crypto.sign(null, data, privateKey) works if key is KeyObject.
881
- // If raw bytes: establish KeyObject.
882
- let keyObj;
883
- if (Buffer.isBuffer(privateKey) || privateKey instanceof Uint8Array) {
884
- // Assuming raw 64-byte private key (or 32-byte seed properly expanded by crypto)
885
- // Node < 16 is tricky with raw keys.
886
- // Let's assume standard Ed25519 standard implementation pattern logic:
887
- keyObj = crypto.createPrivateKey({
888
- key: Buffer.from(privateKey),
889
- format: 'der', // or 'pem' - strict.
890
- type: 'pkcs8'
891
- });
892
- // Actually, simpler: construct key object from raw bytes if possible?
893
- // Node's crypto is strict. Let's try the simplest:
894
- // If hex string provided, convert to buffer.
895
- }
896
- // Simpler fallback: If user passed a PEM string, great.
897
- // If they passed raw bytes, we might need 'ed25519' key type.
898
- // For this implementation, let's target Node's high-level sign/verify
899
- // and assume the user provides a VALID key object or compatible format (PEM/DER).
900
- // Handling RAW Ed25519 keys in Node requires specific 'crypto.createPrivateKey' with 'raw' format (Node 11.6+).
901
- const key = typeof privateKey === 'string' && !privateKey.includes('PRIVATE KEY')
902
- ? crypto.createPrivateKey({ key: Buffer.from(privateKey, 'hex'), format: 'pem', type: 'pkcs8' }) // Fallback guess
903
- : privateKey;
904
- // Note: Raw Ed25519 key support in Node.js 'crypto' acts via 'generateKeyPair' or KeyObject.
905
- // Direct raw signing is via crypto.sign(null, data, key).
906
- return new Uint8Array(crypto.sign(null, data, key));
907
- }
908
- catch (e) {
909
- // If standard crypto fails (e.g. key format issue), throw
910
- throw new Error('TPSUID7RB: signing failed (check key format)');
911
- }
912
- }
913
- throw new Error('TPSUID7RB: signing not available in browser');
914
- }
915
- static verifyEd25519(data, signature, publicKey) {
916
- if (typeof require !== 'undefined') {
917
- try {
918
- // eslint-disable-next-line @typescript-eslint/no-require-imports
919
- const crypto = require('crypto');
920
- return crypto.verify(null, data, publicKey, signature);
921
- }
922
- catch {
923
- return false;
924
- }
925
- }
926
- throw new Error('TPSUID7RB: verification not available in browser');
927
- }
928
- // ---------------------------
929
- // Random Bytes
930
- // ---------------------------
931
- /** Generate cryptographically secure random bytes */
932
- static randomBytes(length) {
933
- // Node.js environment
934
- if (typeof require !== 'undefined') {
935
- try {
936
- // eslint-disable-next-line @typescript-eslint/no-require-imports
937
- const crypto = require('crypto');
938
- return new Uint8Array(crypto.randomBytes(length));
939
- }
940
- catch {
941
- // Fallback to crypto.getRandomValues
942
- }
943
- }
944
- // Browser or fallback
945
- if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
946
- const bytes = new Uint8Array(length);
947
- crypto.getRandomValues(bytes);
948
- return bytes;
949
- }
950
- throw new Error('TPSUID7RB: no crypto available');
951
- }
356
+ // ---------------------------
357
+ // Public API
358
+ // ---------------------------
359
+ /**
360
+ * Encode TPS string to binary bytes (Uint8Array).
361
+ * This is the canonical form for hashing, signing, and storage.
362
+ *
363
+ * @param tps - The TPS string to encode
364
+ * @param opts - Encoding options (compress, epochMs override)
365
+ * @returns Binary TPS-UID as Uint8Array
366
+ */
367
+ static encodeBinary(tps, opts) {
368
+ const compress = opts?.compress ?? false;
369
+ const epochMs = opts?.epochMs ?? this.epochMsFromTPSString(tps);
370
+ if (!Number.isInteger(epochMs) || epochMs < 0) {
371
+ throw new Error("epochMs must be a non-negative integer");
372
+ }
373
+ if (epochMs > 0xffffffffffff) {
374
+ throw new Error("epochMs exceeds 48-bit range");
375
+ }
376
+ const flags = compress ? 0x01 : 0x00;
377
+ // Generate 32-bit nonce
378
+ const nonceBuf = this.randomBytes(4);
379
+ const nonce =
380
+ ((nonceBuf[0] << 24) >>> 0) +
381
+ ((nonceBuf[1] << 16) >>> 0) +
382
+ ((nonceBuf[2] << 8) >>> 0) +
383
+ nonceBuf[3];
384
+ // Encode TPS to UTF-8
385
+ const tpsUtf8 = new TextEncoder().encode(tps);
386
+ // Optionally compress
387
+ const payload = compress ? this.deflateRaw(tpsUtf8) : tpsUtf8;
388
+ // Encode length as varint
389
+ const lenVar = this.uvarintEncode(payload.length);
390
+ // Construct binary structure
391
+ const out = new Uint8Array(
392
+ 4 + 1 + 1 + 6 + 4 + lenVar.length + payload.length
393
+ );
394
+ let offset = 0;
395
+ // MAGIC
396
+ out.set(this.MAGIC, offset);
397
+ offset += 4;
398
+ // VER
399
+ out[offset++] = this.VER;
400
+ // FLAGS
401
+ out[offset++] = flags;
402
+ // TIME (48-bit big-endian)
403
+ const timeBytes = this.writeU48(epochMs);
404
+ out.set(timeBytes, offset);
405
+ offset += 6;
406
+ // NONCE (32-bit big-endian)
407
+ out.set(nonceBuf, offset);
408
+ offset += 4;
409
+ // LEN (varint)
410
+ out.set(lenVar, offset);
411
+ offset += lenVar.length;
412
+ // TPS payload
413
+ out.set(payload, offset);
414
+ return out;
415
+ }
416
+ /**
417
+ * Decode binary bytes back to original TPS string.
418
+ *
419
+ * @param bytes - Binary TPS-UID
420
+ * @returns Decoded result with original TPS string
421
+ */
422
+ static decodeBinary(bytes) {
423
+ // Header min size: 4+1+1+6+4 + 1 (at least 1 byte varint) = 17
424
+ if (bytes.length < 17) {
425
+ throw new Error("TPSUID7RB: too short");
426
+ }
427
+ // MAGIC
428
+ if (
429
+ bytes[0] !== 0x54 ||
430
+ bytes[1] !== 0x50 ||
431
+ bytes[2] !== 0x55 ||
432
+ bytes[3] !== 0x37
433
+ ) {
434
+ throw new Error("TPSUID7RB: bad magic");
435
+ }
436
+ // VERSION
437
+ const ver = bytes[4];
438
+ if (ver !== this.VER) {
439
+ throw new Error(`TPSUID7RB: unsupported version ${ver}`);
440
+ }
441
+ // FLAGS
442
+ const flags = bytes[5];
443
+ const compressed = (flags & 0x01) === 0x01;
444
+ // TIME (48-bit big-endian)
445
+ const epochMs = this.readU48(bytes, 6);
446
+ // NONCE (32-bit big-endian)
447
+ const nonce =
448
+ ((bytes[12] << 24) >>> 0) +
449
+ ((bytes[13] << 16) >>> 0) +
450
+ ((bytes[14] << 8) >>> 0) +
451
+ bytes[15];
452
+ // LEN (varint at offset 16)
453
+ let offset = 16;
454
+ const { value: tpsLen, bytesRead } = this.uvarintDecode(bytes, offset);
455
+ offset += bytesRead;
456
+ if (offset + tpsLen > bytes.length) {
457
+ throw new Error("TPSUID7RB: length overflow");
458
+ }
459
+ // TPS payload
460
+ const payload = bytes.slice(offset, offset + tpsLen);
461
+ const tpsUtf8 = compressed ? this.inflateRaw(payload) : payload;
462
+ const tps = new TextDecoder().decode(tpsUtf8);
463
+ return { version: "tpsuid7rb", epochMs, compressed, nonce, tps };
464
+ }
465
+ /**
466
+ * Encode TPS to base64url string with prefix.
467
+ * This is the transport/storage form.
468
+ *
469
+ * @param tps - The TPS string to encode
470
+ * @param opts - Encoding options
471
+ * @returns Base64url encoded TPS-UID with prefix
472
+ */
473
+ static encodeBinaryB64(tps, opts) {
474
+ const bytes = this.encodeBinary(tps, opts);
475
+ return `${this.PREFIX}${this.base64UrlEncode(bytes)}`;
476
+ }
477
+ /**
478
+ * Decode base64url string back to original TPS string.
479
+ *
480
+ * @param id - Base64url encoded TPS-UID with prefix
481
+ * @returns Decoded result with original TPS string
482
+ */
483
+ static decodeBinaryB64(id) {
484
+ const s = id.trim();
485
+ if (!s.startsWith(this.PREFIX)) {
486
+ throw new Error("TPSUID7RB: missing prefix");
487
+ }
488
+ const b64 = s.slice(this.PREFIX.length);
489
+ const bytes = this.base64UrlDecode(b64);
490
+ return this.decodeBinary(bytes);
491
+ }
492
+ /**
493
+ * Validate base64url encoded TPS-UID format.
494
+ * Note: This validates shape only; binary decode is authoritative.
495
+ *
496
+ * @param id - String to validate
497
+ * @returns true if format is valid
498
+ */
499
+ static validateBinaryB64(id) {
500
+ return this.REGEX.test(id.trim());
501
+ }
502
+ /**
503
+ * Generate a TPS-UID from the current time and optional location.
504
+ *
505
+ * @param opts - Generation options
506
+ * @returns Base64url encoded TPS-UID
507
+ */
508
+ static generate(opts) {
509
+ const now = new Date();
510
+ const tps = this.generateTPSString(now, opts);
511
+ return this.encodeBinaryB64(tps, {
512
+ compress: opts?.compress,
513
+ epochMs: now.getTime(),
514
+ });
515
+ }
516
+ // ---------------------------
517
+ // TPS String Helpers
518
+ // ---------------------------
519
+ /**
520
+ * Generate a TPS string from a Date and optional location.
521
+ */
522
+ static generateTPSString(date, opts) {
523
+ const fullYear = date.getUTCFullYear();
524
+ const m = Math.floor(fullYear / 1000) + 1;
525
+ const c = Math.floor((fullYear % 1000) / 100) + 1;
526
+ const y = fullYear % 100;
527
+ const M = date.getUTCMonth() + 1;
528
+ const d = date.getUTCDate();
529
+ const h = date.getUTCHours();
530
+ const n = date.getUTCMinutes();
531
+ const s = date.getUTCSeconds();
532
+ const pad = (num) => num.toString().padStart(2, "0");
533
+ const timePart = `T:greg.m${m}.c${c}.y${y}.M${pad(M)}.d${pad(d)}.h${pad(
534
+ h
535
+ )}.n${pad(n)}.s${pad(s)}`;
536
+ let spacePart = "unknown";
537
+ if (opts?.latitude !== undefined && opts?.longitude !== undefined) {
538
+ spacePart = `${opts.latitude},${opts.longitude}`;
539
+ if (opts.altitude !== undefined) {
540
+ spacePart += `,${opts.altitude}m`;
541
+ }
542
+ }
543
+ return `tps://${spacePart}@${timePart}`;
544
+ }
545
+ /**
546
+ * Parse epoch milliseconds from a TPS string.
547
+ * Supports both URI format (tps://...) and time-only format (T:greg...)
548
+ */
549
+ static epochMsFromTPSString(tps) {
550
+ let time;
551
+ if (tps.includes("@")) {
552
+ // URI format: tps://...@T:greg...
553
+ const at = tps.indexOf("@");
554
+ time = tps.slice(at + 1).trim();
555
+ } else if (tps.startsWith("T:")) {
556
+ // Time-only format
557
+ time = tps;
558
+ } else {
559
+ throw new Error("TPS: unrecognized format");
560
+ }
561
+ if (!time.startsWith("T:greg.")) {
562
+ throw new Error("TPS: only T:greg.* parsing is supported");
563
+ }
564
+ // Extract m (millennium), c (century), y (year)
565
+ const mMatch = time.match(/\.m(-?\d+)/);
566
+ const cMatch = time.match(/\.c(\d+)/);
567
+ const yMatch = time.match(/\.y(\d{1,4})/);
568
+ const MMatch = time.match(/\.M(\d{1,2})/);
569
+ const dMatch = time.match(/\.d(\d{1,2})/);
570
+ const hMatch = time.match(/\.h(\d{1,2})/);
571
+ const nMatch = time.match(/\.n(\d{1,2})/);
572
+ const sMatch = time.match(/\.s(\d{1,2})/);
573
+ // Calculate full year from millennium, century, year
574
+ let fullYear;
575
+ if (mMatch && cMatch && yMatch) {
576
+ const millennium = parseInt(mMatch[1], 10);
577
+ const century = parseInt(cMatch[1], 10);
578
+ const year = parseInt(yMatch[1], 10);
579
+ fullYear = (millennium - 1) * 1000 + (century - 1) * 100 + year;
580
+ } else if (yMatch) {
581
+ // Fallback: interpret y as 2-digit year
582
+ let year = parseInt(yMatch[1], 10);
583
+ if (year < 100) {
584
+ year = year <= 69 ? 2000 + year : 1900 + year;
585
+ }
586
+ fullYear = year;
587
+ } else {
588
+ throw new Error("TPS: missing year component");
589
+ }
590
+ const month = MMatch ? parseInt(MMatch[1], 10) : 1;
591
+ const day = dMatch ? parseInt(dMatch[1], 10) : 1;
592
+ const hour = hMatch ? parseInt(hMatch[1], 10) : 0;
593
+ const minute = nMatch ? parseInt(nMatch[1], 10) : 0;
594
+ const second = sMatch ? parseInt(sMatch[1], 10) : 0;
595
+ const epoch = Date.UTC(fullYear, month - 1, day, hour, minute, second);
596
+ if (!Number.isFinite(epoch)) {
597
+ throw new Error("TPS: failed to compute epochMs");
598
+ }
599
+ return epoch;
600
+ }
601
+ // ---------------------------
602
+ // Binary Helpers
603
+ // ---------------------------
604
+ /** Write 48-bit unsigned integer (big-endian) */
605
+ static writeU48(epochMs) {
606
+ const b = new Uint8Array(6);
607
+ // Use BigInt for proper 48-bit handling
608
+ const v = BigInt(epochMs);
609
+ b[0] = Number((v >> 40n) & 0xffn);
610
+ b[1] = Number((v >> 32n) & 0xffn);
611
+ b[2] = Number((v >> 24n) & 0xffn);
612
+ b[3] = Number((v >> 16n) & 0xffn);
613
+ b[4] = Number((v >> 8n) & 0xffn);
614
+ b[5] = Number(v & 0xffn);
615
+ return b;
616
+ }
617
+ /** Read 48-bit unsigned integer (big-endian) */
618
+ static readU48(bytes, offset) {
619
+ const v =
620
+ (BigInt(bytes[offset]) << 40n) +
621
+ (BigInt(bytes[offset + 1]) << 32n) +
622
+ (BigInt(bytes[offset + 2]) << 24n) +
623
+ (BigInt(bytes[offset + 3]) << 16n) +
624
+ (BigInt(bytes[offset + 4]) << 8n) +
625
+ BigInt(bytes[offset + 5]);
626
+ const n = Number(v);
627
+ if (!Number.isSafeInteger(n)) {
628
+ throw new Error("TPSUID7RB: u48 not safe integer");
629
+ }
630
+ return n;
631
+ }
632
+ /** Encode unsigned integer as LEB128 varint */
633
+ static uvarintEncode(n) {
634
+ if (!Number.isInteger(n) || n < 0) {
635
+ throw new Error("uvarint must be non-negative int");
636
+ }
637
+ const out = [];
638
+ let x = n >>> 0;
639
+ while (x >= 0x80) {
640
+ out.push((x & 0x7f) | 0x80);
641
+ x >>>= 7;
642
+ }
643
+ out.push(x);
644
+ return new Uint8Array(out);
645
+ }
646
+ /** Decode LEB128 varint */
647
+ static uvarintDecode(bytes, offset) {
648
+ let x = 0;
649
+ let s = 0;
650
+ let i = 0;
651
+ while (true) {
652
+ if (offset + i >= bytes.length) {
653
+ throw new Error("uvarint overflow");
654
+ }
655
+ const b = bytes[offset + i];
656
+ if (b < 0x80) {
657
+ if (i > 9 || (i === 9 && b > 1)) {
658
+ throw new Error("uvarint too large");
659
+ }
660
+ x |= b << s;
661
+ return { value: x >>> 0, bytesRead: i + 1 };
662
+ }
663
+ x |= (b & 0x7f) << s;
664
+ s += 7;
665
+ i++;
666
+ if (i > 10) {
667
+ throw new Error("uvarint too long");
668
+ }
669
+ }
670
+ }
671
+ // ---------------------------
672
+ // Base64url Helpers
673
+ // ---------------------------
674
+ /** Encode bytes to base64url (no padding) */
675
+ static base64UrlEncode(bytes) {
676
+ // Node.js environment
677
+ if (typeof Buffer !== "undefined") {
678
+ return Buffer.from(bytes)
679
+ .toString("base64")
680
+ .replace(/\+/g, "-")
681
+ .replace(/\//g, "_")
682
+ .replace(/=+$/g, "");
683
+ }
684
+ // Browser environment
685
+ let binary = "";
686
+ for (let i = 0; i < bytes.length; i++) {
687
+ binary += String.fromCharCode(bytes[i]);
688
+ }
689
+ return btoa(binary)
690
+ .replace(/\+/g, "-")
691
+ .replace(/\//g, "_")
692
+ .replace(/=+$/g, "");
693
+ }
694
+ /** Decode base64url to bytes */
695
+ static base64UrlDecode(b64url) {
696
+ // Add padding
697
+ const padLen = (4 - (b64url.length % 4)) % 4;
698
+ const b64 = (b64url + "=".repeat(padLen))
699
+ .replace(/-/g, "+")
700
+ .replace(/_/g, "/");
701
+ // Node.js environment
702
+ if (typeof Buffer !== "undefined") {
703
+ return new Uint8Array(Buffer.from(b64, "base64"));
704
+ }
705
+ // Browser environment
706
+ const binary = atob(b64);
707
+ const bytes = new Uint8Array(binary.length);
708
+ for (let i = 0; i < binary.length; i++) {
709
+ bytes[i] = binary.charCodeAt(i);
710
+ }
711
+ return bytes;
712
+ }
713
+ // ---------------------------
714
+ // Compression Helpers
715
+ // ---------------------------
716
+ /** Compress using zlib deflate raw */
717
+ static deflateRaw(data) {
718
+ // Node.js environment
719
+ if (typeof require !== "undefined") {
720
+ try {
721
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
722
+ const zlib = require("zlib");
723
+ return new Uint8Array(zlib.deflateRawSync(Buffer.from(data)));
724
+ } catch {
725
+ throw new Error("TPSUID7RB: compression not available");
726
+ }
727
+ }
728
+ // Browser: would need pako or similar library
729
+ throw new Error("TPSUID7RB: compression not available in browser");
730
+ }
731
+ /** Decompress using zlib inflate raw */
732
+ static inflateRaw(data) {
733
+ // Node.js environment
734
+ if (typeof require !== "undefined") {
735
+ try {
736
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
737
+ const zlib = require("zlib");
738
+ return new Uint8Array(zlib.inflateRawSync(Buffer.from(data)));
739
+ } catch {
740
+ throw new Error("TPSUID7RB: decompression failed");
741
+ }
742
+ }
743
+ // Browser: would need pako or similar library
744
+ throw new Error("TPSUID7RB: decompression not available in browser");
745
+ }
746
+ // ---------------------------
747
+ // Cryptographic Sealing (Ed25519)
748
+ // ---------------------------
749
+ /**
750
+ * Seal (sign) a TPS string to create a cryptographically verifiable TPS-UID.
751
+ * This appends an Ed25519 signature to the binary form.
752
+ *
753
+ * @param tps - The TPS string to seal
754
+ * @param privateKey - Ed25519 private key (hex or buffer)
755
+ * @param opts - Encoding options
756
+ * @returns Sealed binary TPS-UID
757
+ */
758
+ static seal(tps, privateKey, opts) {
759
+ // 1. Create standard binary (unsealed first)
760
+ // We force the SEAL flag (bit 1) to be 0 initially for the "content to sign"
761
+ // But wait, we want the signature to cover the header too.
762
+ // Strategy: Construct the full binary with SEAL flag OFF, sign it, then set SEAL flag ON and append sig.
763
+ // Actually, the standard way is:
764
+ // Content = MAGIC + VER + FLAGS(with seal bit set) + TIME + NONCE + LEN + PAYLOAD
765
+ // Signature = Sign(Content)
766
+ // Final = Content + SEAL_TYPE + SIGNATURE
767
+ const compress = opts?.compress ?? false;
768
+ const epochMs = opts?.epochMs ?? this.epochMsFromTPSString(tps);
769
+ // Validate epoch
770
+ if (!Number.isInteger(epochMs) || epochMs < 0 || epochMs > 0xffffffffffff) {
771
+ throw new Error("epochMs must be a valid 48-bit non-negative integer");
772
+ }
773
+ // Flags: Bit 0 = compress, Bit 1 = sealed
774
+ const flags = (compress ? 0x01 : 0x00) | 0x02; // Set SEAL bit
775
+ // Generate Nonce
776
+ const nonceBuf = this.randomBytes(4);
777
+ // Encode Payload
778
+ const tpsUtf8 = new TextEncoder().encode(tps);
779
+ const payload = compress ? this.deflateRaw(tpsUtf8) : tpsUtf8;
780
+ const lenVar = this.uvarintEncode(payload.length);
781
+ // Construct Content (Header + Payload)
782
+ const contentLen = 4 + 1 + 1 + 6 + 4 + lenVar.length + payload.length;
783
+ const content = new Uint8Array(contentLen);
784
+ let offset = 0;
785
+ content.set(this.MAGIC, offset);
786
+ offset += 4;
787
+ content[offset++] = this.VER;
788
+ content[offset++] = flags;
789
+ content.set(this.writeU48(epochMs), offset);
790
+ offset += 6;
791
+ content.set(nonceBuf, offset);
792
+ offset += 4;
793
+ content.set(lenVar, offset);
794
+ offset += lenVar.length;
795
+ content.set(payload, offset);
796
+ // Sign the content
797
+ const signature = this.signEd25519(content, privateKey);
798
+ const sealType = 0x01; // Ed25519
799
+ // Final Output: Content + SealType (1) + Signature (64)
800
+ const final = new Uint8Array(contentLen + 1 + signature.length);
801
+ final.set(content, 0);
802
+ final.set([sealType], contentLen);
803
+ final.set(signature, contentLen + 1);
804
+ return final;
805
+ }
806
+ /**
807
+ * Verify a sealed TPS-UID and decode it.
808
+ * Throws if signature is invalid or not sealed.
809
+ *
810
+ * @param sealedBytes - The binary sealed TPS-UID
811
+ * @param publicKey - Ed25519 public key (hex or buffer) to verify against
812
+ * @returns Decoded result
813
+ */
814
+ static verifyAndDecode(sealedBytes, publicKey) {
815
+ if (sealedBytes.length < 18) throw new Error("TPSUID7RB: too short");
816
+ // Check Magic
817
+ if (
818
+ sealedBytes[0] !== 0x54 ||
819
+ sealedBytes[1] !== 0x50 ||
820
+ sealedBytes[2] !== 0x55 ||
821
+ sealedBytes[3] !== 0x37
822
+ ) {
823
+ throw new Error("TPSUID7RB: bad magic");
824
+ }
825
+ // Check Flags for Sealed Bit (bit 1)
826
+ const flags = sealedBytes[5];
827
+ if ((flags & 0x02) === 0) {
828
+ throw new Error("TPSUID7RB: not a sealed UID");
829
+ }
830
+ // 1. Parse the structure to find where content ends
831
+ // We need to parse LEN and Payload to find the split point
832
+ let offset = 16; // Start of LEN
833
+ // Decode LEN
834
+ const { value: tpsLen, bytesRead } = this.uvarintDecode(
835
+ sealedBytes,
836
+ offset
837
+ );
838
+ offset += bytesRead;
839
+ const payloadEnd = offset + tpsLen;
840
+ if (payloadEnd > sealedBytes.length) {
841
+ throw new Error("TPSUID7RB: length overflow (truncated)");
842
+ }
843
+ // The Content to verify matches exactly [0 ... payloadEnd]
844
+ const content = sealedBytes.slice(0, payloadEnd);
845
+ // After content: SealType (1 byte) + Signature
846
+ if (sealedBytes.length <= payloadEnd + 1) {
847
+ throw new Error("TPSUID7RB: missing signature data");
848
+ }
849
+ const sealType = sealedBytes[payloadEnd];
850
+ if (sealType !== 0x01) {
851
+ throw new Error(
852
+ `TPSUID7RB: unsupported seal type 0x${sealType.toString(16)}`
853
+ );
854
+ }
855
+ const signature = sealedBytes.slice(payloadEnd + 1);
856
+ if (signature.length !== 64) {
857
+ throw new Error(
858
+ `TPSUID7RB: invalid Ed25519 signature length ${signature.length}`
859
+ );
860
+ }
861
+ // Verify
862
+ const isValid = this.verifyEd25519(content, signature, publicKey);
863
+ if (!isValid) {
864
+ throw new Error("TPSUID7RB: signature verification failed");
865
+ }
866
+ // Decode (reuse standard logic, but ignoring the extra bytes at end is fine?)
867
+ // Actually standard logic doesn't expect trailing bytes unless we tell it to.
868
+ // But since we verified, we can just slice the content and decode that as a strict binary
869
+ // EXCEPT standard decodeBinary checks strict length.
870
+ // So we manually decode the components here to be safe and efficient.
871
+ return this.decodeBinary(content); // Reuse strict decoder on the content part
872
+ }
873
+ // --- Crypto Implementation (Ed25519) ---
874
+ static signEd25519(data, privateKey) {
875
+ if (typeof require !== "undefined") {
876
+ try {
877
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
878
+ const crypto = require("crypto");
879
+ // Node's crypto.sign uses PEM or KeyObject, but for raw Ed25519 keys we might need 'crypto.sign(null, data, key)'
880
+ // or ensure key is properly formatted.
881
+ // For simplicity in Node 20+, crypto.sign(null, data, privateKey) works if key is KeyObject.
882
+ // If raw bytes: establish KeyObject.
883
+ let keyObj;
884
+ if (Buffer.isBuffer(privateKey) || privateKey instanceof Uint8Array) {
885
+ // Assuming raw 64-byte private key (or 32-byte seed properly expanded by crypto)
886
+ // Node < 16 is tricky with raw keys.
887
+ // Let's assume standard Ed25519 standard implementation pattern logic:
888
+ keyObj = crypto.createPrivateKey({
889
+ key: Buffer.from(privateKey),
890
+ format: "der", // or 'pem' - strict.
891
+ type: "pkcs8",
892
+ });
893
+ // Actually, simpler: construct key object from raw bytes if possible?
894
+ // Node's crypto is strict. Let's try the simplest:
895
+ // If hex string provided, convert to buffer.
896
+ }
897
+ // Simpler fallback: If user passed a PEM string, great.
898
+ // If they passed raw bytes, we might need 'ed25519' key type.
899
+ // For this implementation, let's target Node's high-level sign/verify
900
+ // and assume the user provides a VALID key object or compatible format (PEM/DER).
901
+ // Handling RAW Ed25519 keys in Node requires specific 'crypto.createPrivateKey' with 'raw' format (Node 11.6+).
902
+ const key =
903
+ typeof privateKey === "string" && !privateKey.includes("PRIVATE KEY")
904
+ ? crypto.createPrivateKey({
905
+ key: Buffer.from(privateKey, "hex"),
906
+ format: "pem",
907
+ type: "pkcs8",
908
+ }) // Fallback guess
909
+ : privateKey;
910
+ // Note: Raw Ed25519 key support in Node.js 'crypto' acts via 'generateKeyPair' or KeyObject.
911
+ // Direct raw signing is via crypto.sign(null, data, key).
912
+ return new Uint8Array(crypto.sign(null, data, key));
913
+ } catch (e) {
914
+ // If standard crypto fails (e.g. key format issue), throw
915
+ throw new Error("TPSUID7RB: signing failed (check key format)");
916
+ }
917
+ }
918
+ throw new Error("TPSUID7RB: signing not available in browser");
919
+ }
920
+ static verifyEd25519(data, signature, publicKey) {
921
+ if (typeof require !== "undefined") {
922
+ try {
923
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
924
+ const crypto = require("crypto");
925
+ return crypto.verify(null, data, publicKey, signature);
926
+ } catch {
927
+ return false;
928
+ }
929
+ }
930
+ throw new Error("TPSUID7RB: verification not available in browser");
931
+ }
932
+ // ---------------------------
933
+ // Random Bytes
934
+ // ---------------------------
935
+ /** Generate cryptographically secure random bytes */
936
+ static randomBytes(length) {
937
+ // Node.js environment
938
+ if (typeof require !== "undefined") {
939
+ try {
940
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
941
+ const crypto = require("crypto");
942
+ return new Uint8Array(crypto.randomBytes(length));
943
+ } catch {
944
+ // Fallback to crypto.getRandomValues
945
+ }
946
+ }
947
+ // Browser or fallback
948
+ if (typeof crypto !== "undefined" && crypto.getRandomValues) {
949
+ const bytes = new Uint8Array(length);
950
+ crypto.getRandomValues(bytes);
951
+ return bytes;
952
+ }
953
+ throw new Error("TPSUID7RB: no crypto available");
954
+ }
952
955
  }
953
956
  /** Magic bytes: "TPU7" */
954
957
  TPSUID7RB.MAGIC = new Uint8Array([0x54, 0x50, 0x55, 0x37]);
955
958
  /** Version 1 */
956
959
  TPSUID7RB.VER = 0x01;
957
960
  /** String prefix for base64url encoded form */
958
- TPSUID7RB.PREFIX = 'tpsuid7rb_';
961
+ TPSUID7RB.PREFIX = "tpsuid7rb_";
959
962
  /** Regex for validating base64url encoded form */
960
963
  TPSUID7RB.REGEX = /^tpsuid7rb_[A-Za-z0-9_-]+$/;