npm - @oesp/core - Versions diffs - 5.0.0 → 6.1.0 - Mend

@oesp/core 5.0.0 → 6.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 OESP Team
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.d.ts CHANGED Viewed

@@ -1,10 +1,57 @@
-import { CryptoProvider, KeyStore, ReplayStore, DecodedMessage, VerifiedEnvelope } from './types';
-export interface OESPClientDeps {
+interface CryptoProvider {
+    sha256(bytes: Uint8Array): Uint8Array;
+    ed25519Sign(priv: Uint8Array, data: Uint8Array): Uint8Array;
+    ed25519Verify(pub: Uint8Array, data: Uint8Array, sig: Uint8Array): boolean;
+    x25519Seal(recipientPub: Uint8Array, sessionKey: Uint8Array): Uint8Array;
+    x25519Open(recipientPriv: Uint8Array, sealed: Uint8Array): Uint8Array;
+    aeadEncrypt(key: Uint8Array, plaintext: Uint8Array, aad: Uint8Array): {
+        iv: Uint8Array;
+        ct: Uint8Array;
+        tag?: Uint8Array;
+    };
+    aeadDecrypt(key: Uint8Array, iv: Uint8Array, ct: Uint8Array, aad: Uint8Array, tag?: Uint8Array): Uint8Array;
+    randomBytes(n: number): Uint8Array;
+}
+interface Identity {
+    ed25519Priv: Uint8Array;
+    ed25519Pub: Uint8Array;
+    x25519Priv: Uint8Array;
+    x25519Pub: Uint8Array;
+}
+interface KeyStore {
+    getOrCreateIdentity(): Promise<Identity>;
+}
+interface ReplayStore {
+    seen(fromDid: string, mid: string): Promise<boolean>;
+    markSeen(fromDid: string, mid: string): Promise<void>;
+}
+interface DecodedMessage {
+    mid: string;
+    sid: string;
+    ts: number;
+    exp: number;
+    fromDid: string;
+    toDid: string;
+    plaintext: Uint8Array;
+}
+interface VerifiedEnvelope {
+    envelope: Record<string, unknown>;
+    verified: boolean;
+    signerDid: string;
+}
+declare function b64urlEncode(bytes: Uint8Array): string;
+declare function b64urlDecode(s: string): Uint8Array;
+declare function canonicalJsonBytes(obj: unknown): Uint8Array;
+declare function base64Encode(bytes: Uint8Array): string;
+declare function base64Decode(s: string): Uint8Array;
+interface OESPClientDeps {
     crypto: CryptoProvider;
     keystore: KeyStore;
     replay: ReplayStore;
 }
-export declare class OESPClient {
+declare class OESPClient {
     private deps;
     private identity?;
     constructor(deps: OESPClientDeps);
@@ -22,5 +69,5 @@ export declare class OESPClient {
     }): Promise<DecodedMessage>;
     private ensureIdentity;
 }
-export * from './types';
-export { base64Encode, base64Decode, b64urlEncode, b64urlDecode, canonicalJsonBytes } from './utils';
+export { type CryptoProvider, type DecodedMessage, type Identity, type KeyStore, OESPClient, type OESPClientDeps, type ReplayStore, type VerifiedEnvelope, b64urlDecode, b64urlEncode, base64Decode, base64Encode, canonicalJsonBytes };

package/dist/index.js CHANGED Viewed

@@ -1,156 +1,239 @@
-import { b64urlEncode, b64urlDecode, canonicalJsonBytes, deriveDidWithSha } from './utils';
-export class OESPClient {
-    constructor(deps) {
-        this.deps = deps;
-    }
-    async getDid() {
-        const id = await this.ensureIdentity();
-        return deriveDidWithSha(id.ed25519Pub, this.deps.crypto.sha256);
-    }
-    async pack(toDid, body, opts) {
-        const { crypto } = this.deps;
-        const ttlSec = opts?.ttlSec ?? 600;
-        const now = Math.floor(Date.now() / 1000);
-        const exp = now + ttlSec;
-        const mid = b64urlEncode(crypto.randomBytes(12));
-        const id = await this.ensureIdentity();
-        const sid = deriveDidWithSha(id.ed25519Pub, crypto.sha256);
-        const edPubB64 = b64urlEncode(id.ed25519Pub);
-        const sessionKey = crypto.randomBytes(32);
-        const sealed = crypto.x25519Seal(id.x25519Pub, sessionKey);
-        const env = {
-            v: 1,
-            typ: 'oesp.envelope',
-            mid,
-            sid,
-            ts: now,
-            exp,
-            from: { did: sid, pub: edPubB64 },
-            to: { did: toDid },
-            enc: 'CHACHA20-POLY1305',
-            kex: 'X25519',
-            ek: b64urlEncode(sealed),
-            iv: '',
-            ct: '',
-            sig_alg: 'Ed25519',
-            sig: ''
-        };
-        const aad = canonicalJsonBytes(envFiltered(env, ['ct', 'sig', 'iv']));
-        const bodyBytes = body instanceof Uint8Array ? body : canonicalJsonBytes(body);
-        const { iv, ct, tag } = crypto.aeadEncrypt(sessionKey, bodyBytes, aad);
-        env.iv = b64urlEncode(iv);
-        env.ct = b64urlEncode(ct);
-        if (tag)
-            env['tag'] = b64urlEncode(tag);
-        const toSignBase = canonicalJsonBytes(envFiltered(env, ['sig']));
-        const dataToSign = concatBytes(toSignBase, b64urlDecode(String(env.ct)));
-        const sig = crypto.ed25519Sign(id.ed25519Priv, dataToSign);
-        env.sig = b64urlEncode(sig);
-        const tokenPayload = canonicalJsonBytes(env);
-        return `OESP1.${b64urlEncode(tokenPayload)}`;
-    }
-    async verify(token, opts) {
-        const env = parseToken(token);
-        const now = opts?.now ?? Math.floor(Date.now() / 1000);
-        const { crypto } = this.deps;
-        if (!opts?.allowExpired && env.exp < now) {
-            throw new Error('ExpiredError');
-        }
-        // DID match
-        const pubBytes = b64urlDecode(env.from.pub);
-        const derived = deriveDidWithSha(pubBytes, crypto.sha256);
-        if (derived !== env.from.did)
-            throw new Error('InvalidDIDError');
-        // Signature check: canonical(envelope without sig) + ct
-        const envDict = envToDict(env);
-        const toSignBase = canonicalJsonBytes(excludeKeys(envDict, ['sig']));
-        const ctBytes = b64urlDecode(env.ct);
-        const dataToSign = concatBytes(toSignBase, ctBytes);
-        const sigBytes = b64urlDecode(env.sig);
-        const ok = crypto.ed25519Verify(pubBytes, dataToSign, sigBytes);
-        if (!ok)
-            throw new Error('InvalidSignatureError');
-        const id = await this.ensureIdentity();
-        const seen = await this.deps.replay.seen(env.sid, env.mid);
-        if (seen)
-            throw new Error('ReplayError');
-        await this.deps.replay.markSeen(env.sid, env.mid);
-        return { envelope: envDict, verified: true, signerDid: env.from.did };
-    }
-    async unpack(token, opts) {
-        const env = parseToken(token);
-        await this.verify(token, opts);
-        const id = await this.ensureIdentity();
-        const ivBytes = b64urlDecode(env.iv);
-        const ctBytes = b64urlDecode(env.ct);
-        const ekBytes = b64urlDecode(env.ek);
-        const sessionKey = this.deps.crypto.x25519Open(id.x25519Priv, ekBytes);
-        const aad = canonicalJsonBytes(envFiltered(envToDict(env), ['ct', 'sig', 'iv']));
-        const plaintext = this.deps.crypto.aeadDecrypt(sessionKey, ivBytes, ctBytes, aad, env.tag ? b64urlDecode(env.tag) : undefined);
-        return {
-            mid: env.mid,
-            sid: env.sid,
-            ts: env.ts,
-            exp: env.exp,
-            fromDid: env.from.did,
-            toDid: env.to.did,
-            plaintext
-        };
-    }
-    async ensureIdentity() {
-        if (!this.identity)
-            this.identity = await this.deps.keystore.getOrCreateIdentity();
-        return this.identity;
+// src/utils.ts
+function b64urlEncode(bytes) {
+  const base64 = base64Encode(bytes);
+  return base64.replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+function b64urlDecode(s) {
+  const pad = s.length % 4 === 0 ? "" : "=".repeat(4 - s.length % 4);
+  const base64 = s.replace(/-/g, "+").replace(/_/g, "/") + pad;
+  return base64Decode(base64);
+}
+function canonicalJsonBytes(obj) {
+  const json = canonicalStringify(obj);
+  return new TextEncoder().encode(json);
+}
+function canonicalStringify(obj) {
+  if (obj === null || typeof obj !== "object") {
+    return JSON.stringify(obj);
+  }
+  if (Array.isArray(obj)) {
+    const arr = obj.map((v) => JSON.parse(canonicalStringify(v)));
+    return JSON.stringify(arr);
+  }
+  const entries = Object.entries(obj).sort(([a], [b]) => a < b ? -1 : a > b ? 1 : 0);
+  const out = {};
+  for (const [k, v] of entries) {
+    out[k] = JSON.parse(canonicalStringify(v));
+  }
+  return JSON.stringify(out);
+}
+function deriveDidWithSha(ed25519Pub, sha256) {
+  const sha = sha256(ed25519Pub);
+  const b32 = base32encode(sha).toLowerCase().replace(/=+$/g, "");
+  return `oesp:did:${b32}`;
+}
+function base32encode(bytes) {
+  const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+  let bits = 0;
+  let value = 0;
+  let output = "";
+  for (const byte of bytes) {
+    value = value << 8 | byte;
+    bits += 8;
+    while (bits >= 5) {
+      output += alphabet[value >>> bits - 5 & 31];
+      bits -= 5;
     }
+  }
+  if (bits > 0) {
+    output += alphabet[value << 5 - bits & 31];
+  }
+  while (output.length % 8 !== 0) output += "=";
+  return output;
+}
+var base64Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+function base64Encode(bytes) {
+  let output = "";
+  let i = 0;
+  while (i < bytes.length) {
+    const a = bytes[i++] ?? 0;
+    const b = bytes[i++] ?? 0;
+    const c = bytes[i++] ?? 0;
+    const triplet = a << 16 | b << 8 | c;
+    output += base64Alphabet[triplet >> 18 & 63];
+    output += base64Alphabet[triplet >> 12 & 63];
+    output += i - 2 < bytes.length ? base64Alphabet[triplet >> 6 & 63] : "=";
+    output += i - 1 < bytes.length ? base64Alphabet[triplet & 63] : "=";
+  }
+  return output;
+}
+function base64Decode(s) {
+  s = s.replace(/\s/g, "");
+  const len = s.length;
+  if (len % 4 !== 0) throw new Error("Invalid base64");
+  const output = [];
+  let i = 0;
+  while (i < len) {
+    const a = base64Alphabet.indexOf(s[i++]);
+    const b = base64Alphabet.indexOf(s[i++]);
+    const c = base64Alphabet.indexOf(s[i++]);
+    const d = base64Alphabet.indexOf(s[i++]);
+    const triplet = a << 18 | b << 12 | (c & 63) << 6 | d & 63;
+    output.push(triplet >> 16 & 255);
+    if (s[i - 2] !== "=") output.push(triplet >> 8 & 255);
+    if (s[i - 1] !== "=") output.push(triplet & 255);
+  }
+  return new Uint8Array(output);
 }
+// src/index.ts
+var OESPClient = class {
+  constructor(deps) {
+    this.deps = deps;
+  }
+  async getDid() {
+    const id = await this.ensureIdentity();
+    return deriveDidWithSha(id.ed25519Pub, this.deps.crypto.sha256);
+  }
+  async pack(toDid, body, opts) {
+    const { crypto } = this.deps;
+    const ttlSec = opts?.ttlSec ?? 600;
+    const now = Math.floor(Date.now() / 1e3);
+    const exp = now + ttlSec;
+    const mid = b64urlEncode(crypto.randomBytes(12));
+    const id = await this.ensureIdentity();
+    const sid = deriveDidWithSha(id.ed25519Pub, crypto.sha256);
+    const edPubB64 = b64urlEncode(id.ed25519Pub);
+    const sessionKey = crypto.randomBytes(32);
+    const sealed = crypto.x25519Seal(id.x25519Pub, sessionKey);
+    const env = {
+      v: 1,
+      typ: "oesp.envelope",
+      mid,
+      sid,
+      ts: now,
+      exp,
+      from: { did: sid, pub: edPubB64 },
+      to: { did: toDid },
+      enc: "CHACHA20-POLY1305",
+      kex: "X25519",
+      ek: b64urlEncode(sealed),
+      iv: "",
+      ct: "",
+      sig_alg: "Ed25519",
+      sig: ""
+    };
+    const aad = canonicalJsonBytes(envFiltered(env, ["ct", "sig", "iv"]));
+    const bodyBytes = body instanceof Uint8Array ? body : canonicalJsonBytes(body);
+    const { iv, ct, tag } = crypto.aeadEncrypt(sessionKey, bodyBytes, aad);
+    env.iv = b64urlEncode(iv);
+    env.ct = b64urlEncode(ct);
+    if (tag) env["tag"] = b64urlEncode(tag);
+    const toSignBase = canonicalJsonBytes(envFiltered(env, ["sig"]));
+    const dataToSign = concatBytes(toSignBase, b64urlDecode(String(env.ct)));
+    const sig = crypto.ed25519Sign(id.ed25519Priv, dataToSign);
+    env.sig = b64urlEncode(sig);
+    const tokenPayload = canonicalJsonBytes(env);
+    return `OESP1.${b64urlEncode(tokenPayload)}`;
+  }
+  async verify(token, opts) {
+    const env = parseToken(token);
+    const now = opts?.now ?? Math.floor(Date.now() / 1e3);
+    const { crypto } = this.deps;
+    if (!opts?.allowExpired && env.exp < now) {
+      throw new Error("ExpiredError");
+    }
+    const pubBytes = b64urlDecode(env.from.pub);
+    const derived = deriveDidWithSha(pubBytes, crypto.sha256);
+    if (derived !== env.from.did) throw new Error("InvalidDIDError");
+    const envDict = envToDict(env);
+    const toSignBase = canonicalJsonBytes(excludeKeys(envDict, ["sig"]));
+    const ctBytes = b64urlDecode(env.ct);
+    const dataToSign = concatBytes(toSignBase, ctBytes);
+    const sigBytes = b64urlDecode(env.sig);
+    const ok = crypto.ed25519Verify(pubBytes, dataToSign, sigBytes);
+    if (!ok) throw new Error("InvalidSignatureError");
+    const id = await this.ensureIdentity();
+    const seen = await this.deps.replay.seen(env.sid, env.mid);
+    if (seen) throw new Error("ReplayError");
+    await this.deps.replay.markSeen(env.sid, env.mid);
+    return { envelope: envDict, verified: true, signerDid: env.from.did };
+  }
+  async unpack(token, opts) {
+    const env = parseToken(token);
+    await this.verify(token, opts);
+    const id = await this.ensureIdentity();
+    const ivBytes = b64urlDecode(env.iv);
+    const ctBytes = b64urlDecode(env.ct);
+    const ekBytes = b64urlDecode(env.ek);
+    const sessionKey = this.deps.crypto.x25519Open(id.x25519Priv, ekBytes);
+    const aad = canonicalJsonBytes(envFiltered(envToDict(env), ["ct", "sig", "iv"]));
+    const plaintext = this.deps.crypto.aeadDecrypt(sessionKey, ivBytes, ctBytes, aad, env.tag ? b64urlDecode(env.tag) : void 0);
+    return {
+      mid: env.mid,
+      sid: env.sid,
+      ts: env.ts,
+      exp: env.exp,
+      fromDid: env.from.did,
+      toDid: env.to.did,
+      plaintext
+    };
+  }
+  async ensureIdentity() {
+    if (!this.identity) this.identity = await this.deps.keystore.getOrCreateIdentity();
+    return this.identity;
+  }
+};
 function parseToken(token) {
-    if (!token.startsWith('OESP1.'))
-        throw new Error('InvalidFormatError');
-    const payloadB64 = token.slice('OESP1.'.length);
-    const jsonBytes = b64urlDecode(payloadB64);
-    const json = new TextDecoder().decode(jsonBytes);
-    const d = JSON.parse(json);
-    return d;
+  if (!token.startsWith("OESP1.")) throw new Error("InvalidFormatError");
+  const payloadB64 = token.slice("OESP1.".length);
+  const jsonBytes = b64urlDecode(payloadB64);
+  const json = new TextDecoder().decode(jsonBytes);
+  const d = JSON.parse(json);
+  return d;
 }
-function envFiltered(env, excludeKeys) {
-    const e = envToDict(env);
-    for (const k of excludeKeys)
-        delete e[k];
-    return e;
+function envFiltered(env, excludeKeys2) {
+  const e = envToDict(env);
+  for (const k of excludeKeys2) delete e[k];
+  return e;
 }
 function envToDict(env) {
-    const d = {
-        v: env.v,
-        typ: env.typ,
-        mid: env.mid,
-        sid: env.sid,
-        ts: env.ts,
-        exp: env.exp,
-        from: env.from,
-        to: env.to,
-        enc: env.enc,
-        kex: env.kex,
-        ek: env.ek,
-        iv: env.iv,
-        ct: env.ct,
-        sig_alg: env.sig_alg,
-        sig: env.sig
-    };
-    if (env.tag)
-        d['tag'] = env.tag;
-    return d;
+  const d = {
+    v: env.v,
+    typ: env.typ,
+    mid: env.mid,
+    sid: env.sid,
+    ts: env.ts,
+    exp: env.exp,
+    from: env.from,
+    to: env.to,
+    enc: env.enc,
+    kex: env.kex,
+    ek: env.ek,
+    iv: env.iv,
+    ct: env.ct,
+    sig_alg: env.sig_alg,
+    sig: env.sig
+  };
+  if (env.tag) d["tag"] = env.tag;
+  return d;
 }
 function excludeKeys(obj, keys) {
-    const out = { ...obj };
-    for (const k of keys)
-        delete out[k];
-    return out;
+  const out = { ...obj };
+  for (const k of keys) delete out[k];
+  return out;
 }
 function concatBytes(a, b) {
-    const out = new Uint8Array(a.length + b.length);
-    out.set(a, 0);
-    out.set(b, a.length);
-    return out;
+  const out = new Uint8Array(a.length + b.length);
+  out.set(a, 0);
+  out.set(b, a.length);
+  return out;
 }
-export * from './types';
-export { base64Encode, base64Decode, b64urlEncode, b64urlDecode, canonicalJsonBytes } from './utils';
+export {
+  OESPClient,
+  b64urlDecode,
+  b64urlEncode,
+  base64Decode,
+  base64Encode,
+  canonicalJsonBytes
+};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@oesp/core",
-  "version": "5.0.0",
+  "version": "6.1.0",
   "private": false,
   "description": "OESP core SDK (agnostique)",
   "license": "MIT",
@@ -8,14 +8,6 @@
   "main": "dist/index.js",
   "module": "dist/index.js",
   "types": "dist/index.d.ts",
-  "exports": {
-    ".": {
-      "types": "./dist/index.d.ts",
-      "import": "./dist/index.js",
-      "require": "./dist/index.cjs"
-    }
-  },
-  "sideEffects": false,
   "files": [
     "dist"
   ],
@@ -23,7 +15,7 @@
     "access": "public"
   },
   "scripts": {
-    "build": "tsc -p tsconfig.build.json",
+    "build": "tsup src/index.ts --dts --format esm,cjs",
     "test": "vitest run",
     "lint": "tsc -p tsconfig.json --noEmit"
   },

package/dist/types.d.ts DELETED Viewed

@@ -1,41 +0,0 @@
-export interface CryptoProvider {
-    sha256(bytes: Uint8Array): Uint8Array;
-    ed25519Sign(priv: Uint8Array, data: Uint8Array): Uint8Array;
-    ed25519Verify(pub: Uint8Array, data: Uint8Array, sig: Uint8Array): boolean;
-    x25519Seal(recipientPub: Uint8Array, sessionKey: Uint8Array): Uint8Array;
-    x25519Open(recipientPriv: Uint8Array, sealed: Uint8Array): Uint8Array;
-    aeadEncrypt(key: Uint8Array, plaintext: Uint8Array, aad: Uint8Array): {
-        iv: Uint8Array;
-        ct: Uint8Array;
-        tag?: Uint8Array;
-    };
-    aeadDecrypt(key: Uint8Array, iv: Uint8Array, ct: Uint8Array, aad: Uint8Array, tag?: Uint8Array): Uint8Array;
-    randomBytes(n: number): Uint8Array;
-}
-export interface Identity {
-    ed25519Priv: Uint8Array;
-    ed25519Pub: Uint8Array;
-    x25519Priv: Uint8Array;
-    x25519Pub: Uint8Array;
-}
-export interface KeyStore {
-    getOrCreateIdentity(): Promise<Identity>;
-}
-export interface ReplayStore {
-    seen(fromDid: string, mid: string): Promise<boolean>;
-    markSeen(fromDid: string, mid: string): Promise<void>;
-}
-export interface DecodedMessage {
-    mid: string;
-    sid: string;
-    ts: number;
-    exp: number;
-    fromDid: string;
-    toDid: string;
-    plaintext: Uint8Array;
-}
-export interface VerifiedEnvelope {
-    envelope: Record<string, unknown>;
-    verified: boolean;
-    signerDid: string;
-}

package/dist/types.js DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/dist/utils.d.ts DELETED Viewed

@@ -1,6 +0,0 @@
-export declare function b64urlEncode(bytes: Uint8Array): string;
-export declare function b64urlDecode(s: string): Uint8Array;
-export declare function canonicalJsonBytes(obj: unknown): Uint8Array;
-export declare function deriveDidWithSha(ed25519Pub: Uint8Array, sha256: (bytes: Uint8Array) => Uint8Array): string;
-export declare function base64Encode(bytes: Uint8Array): string;
-export declare function base64Decode(s: string): Uint8Array;

package/dist/utils.js DELETED Viewed

@@ -1,92 +0,0 @@
-export function b64urlEncode(bytes) {
-    const base64 = base64Encode(bytes);
-    return base64.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
-}
-export function b64urlDecode(s) {
-    const pad = s.length % 4 === 0 ? '' : '='.repeat(4 - (s.length % 4));
-    const base64 = s.replace(/-/g, '+').replace(/_/g, '/') + pad;
-    return base64Decode(base64);
-}
-export function canonicalJsonBytes(obj) {
-    const json = canonicalStringify(obj);
-    return new TextEncoder().encode(json);
-}
-function canonicalStringify(obj) {
-    if (obj === null || typeof obj !== 'object') {
-        return JSON.stringify(obj);
-    }
-    if (Array.isArray(obj)) {
-        const arr = obj.map((v) => JSON.parse(canonicalStringify(v)));
-        return JSON.stringify(arr);
-    }
-    const entries = Object.entries(obj).sort(([a], [b]) => (a < b ? -1 : a > b ? 1 : 0));
-    const out = {};
-    for (const [k, v] of entries) {
-        out[k] = JSON.parse(canonicalStringify(v));
-    }
-    return JSON.stringify(out);
-}
-export function deriveDidWithSha(ed25519Pub, sha256) {
-    const sha = sha256(ed25519Pub);
-    const b32 = base32encode(sha).toLowerCase().replace(/=+$/g, '');
-    return `oesp:did:${b32}`;
-}
-function base32encode(bytes) {
-    const alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
-    let bits = 0;
-    let value = 0;
-    let output = '';
-    for (const byte of bytes) {
-        value = (value << 8) | byte;
-        bits += 8;
-        while (bits >= 5) {
-            output += alphabet[(value >>> (bits - 5)) & 31];
-            bits -= 5;
-        }
-    }
-    if (bits > 0) {
-        output += alphabet[(value << (5 - bits)) & 31];
-    }
-    // pad with '=' to multiple of 8 chars (we'll strip later)
-    while (output.length % 8 !== 0)
-        output += '=';
-    return output;
-}
-const base64Alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
-export function base64Encode(bytes) {
-    let output = '';
-    let i = 0;
-    while (i < bytes.length) {
-        const a = bytes[i++] ?? 0;
-        const b = bytes[i++] ?? 0;
-        const c = bytes[i++] ?? 0;
-        const triplet = (a << 16) | (b << 8) | c;
-        output += base64Alphabet[(triplet >> 18) & 63];
-        output += base64Alphabet[(triplet >> 12) & 63];
-        output += i - 2 < bytes.length ? base64Alphabet[(triplet >> 6) & 63] : '=';
-        output += i - 1 < bytes.length ? base64Alphabet[triplet & 63] : '=';
-    }
-    return output;
-}
-export function base64Decode(s) {
-    // Remove whitespace
-    s = s.replace(/\s/g, '');
-    const len = s.length;
-    if (len % 4 !== 0)
-        throw new Error('Invalid base64');
-    const output = [];
-    let i = 0;
-    while (i < len) {
-        const a = base64Alphabet.indexOf(s[i++]);
-        const b = base64Alphabet.indexOf(s[i++]);
-        const c = base64Alphabet.indexOf(s[i++]);
-        const d = base64Alphabet.indexOf(s[i++]);
-        const triplet = (a << 18) | (b << 12) | ((c & 63) << 6) | (d & 63);
-        output.push((triplet >> 16) & 255);
-        if (s[i - 2] !== '=')
-            output.push((triplet >> 8) & 255);
-        if (s[i - 1] !== '=')
-            output.push(triplet & 255);
-    }
-    return new Uint8Array(output);
-}