@passportsign/core 0.1.0 → 0.2.0

package/dist/dsse-web.js

@@ -0,0 +1,81 @@
+/**
+ * WebCrypto variant of the DSSE envelope signer for runtimes without
+ * `node:crypto` sign APIs (browsers, edge workers). Same semantics as
+ * `dsse.ts`'s `signEnvelope`: ephemeral ECDSA P-256 key, discarded
+ * after signing; the signature is a Rekor schema requirement, not a
+ * trust mechanism.
+ *
+ * Two impedance mismatches with what Rekor expects, both handled here:
+ * - WebCrypto emits raw P1363 (`r || s`) signatures; Rekor needs DER.
+ * - WebCrypto exports SPKI as raw bytes; Rekor needs PEM text.
+ *
+ * The drift test in `test/dsse-web.test.ts` verifies output with
+ * `node:crypto.createVerify` so the two signers cannot diverge silently.
+ */
+import { bytesToBase64 } from './encoding.js';
+import { pae } from './dsse-common.js';
+/** Strip leading zero bytes, then re-add one if the high bit is set (DER INTEGER rule). */
+function derInteger(bytes) {
+    let start = 0;
+    while (start < bytes.length - 1 && bytes[start] === 0)
+        start++;
+    const trimmed = bytes.subarray(start);
+    if (trimmed[0] & 0x80) {
+        const padded = new Uint8Array(trimmed.length + 1);
+        padded.set(trimmed, 1);
+        return padded;
+    }
+    return trimmed;
+}
+/** Convert a P1363 (r||s) ECDSA signature to DER SEQUENCE(INTEGER r, INTEGER s). */
+export function p1363ToDer(sig) {
+    if (sig.length % 2 !== 0) {
+        throw new TypeError(`p1363ToDer: signature length ${sig.length} is not even`);
+    }
+    const half = sig.length / 2;
+    const r = derInteger(sig.subarray(0, half));
+    const s = derInteger(sig.subarray(half));
+    const body = new Uint8Array(2 + r.length + 2 + s.length);
+    body[0] = 0x02;
+    body[1] = r.length;
+    body.set(r, 2);
+    body[2 + r.length] = 0x02;
+    body[3 + r.length] = s.length;
+    body.set(s, 4 + r.length);
+    // P-256 DER bodies are < 128 bytes, so a single length byte suffices.
+    const out = new Uint8Array(2 + body.length);
+    out[0] = 0x30;
+    out[1] = body.length;
+    out.set(body, 2);
+    return out;
+}
+function spkiToPem(spki) {
+    const b64 = bytesToBase64(spki);
+    const lines = b64.match(/.{1,64}/g) ?? [];
+    return `-----BEGIN PUBLIC KEY-----\n${lines.join('\n')}\n-----END PUBLIC KEY-----\n`;
+}
+/**
+ * Generate an ephemeral ECDSA P-256 keypair via WebCrypto, sign
+ * PAE(payloadType, payload), and return a DSSE envelope. Async because
+ * WebCrypto is; otherwise interchangeable with `signEnvelope`.
+ */
+export async function signEnvelopeWeb(payload, payloadType) {
+    const subtle = globalThis.crypto.subtle;
+    const keyPair = await subtle.generateKey({ name: 'ECDSA', namedCurve: 'P-256' }, true, [
+        'sign',
+    ]);
+    const paeBytes = pae(payloadType, payload);
+    const rawSig = new Uint8Array(await subtle.sign({ name: 'ECDSA', hash: 'SHA-256' }, keyPair.privateKey, paeBytes));
+    const derSig = p1363ToDer(rawSig);
+    const spki = new Uint8Array(await subtle.exportKey('spki', keyPair.publicKey));
+    const publicKeyPem = spkiToPem(spki);
+    return {
+        envelope: {
+            payloadType,
+            payload: bytesToBase64(payload),
+            signatures: [{ sig: bytesToBase64(derSig), publicKey: publicKeyPem }],
+        },
+        publicKeyPem,
+    };
+}
+//# sourceMappingURL=dsse-web.js.map

package/dist/dsse-web.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dsse-web.js","sourceRoot":"","sources":["../src/dsse-web.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,GAAG,EAAqB,MAAM,kBAAkB,CAAC;AAO1D,2FAA2F;AAC3F,SAAS,UAAU,CAAC,KAAiB;IACnC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,OAAO,KAAK,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC;QAAE,KAAK,EAAE,CAAC;IAC/D,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtC,IAAI,OAAO,CAAC,CAAC,CAAE,GAAG,IAAI,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAClD,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACvB,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,oFAAoF;AACpF,MAAM,UAAU,UAAU,CAAC,GAAe;IACxC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,SAAS,CAAC,gCAAgC,GAAG,CAAC,MAAM,cAAc,CAAC,CAAC;IAChF,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IAC5B,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;IAC5C,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IACzC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IACzD,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACf,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACnB,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACf,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;IAC1B,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAC1B,sEAAsE;IACtE,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACd,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;IACrB,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACjB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,SAAS,CAAC,IAAgB;IACjC,MAAM,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC1C,OAAO,+BAA+B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,8BAA8B,CAAC;AACvF,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAmB,EACnB,WAAmB;IAEnB,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC;IACxC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE;QACrF,MAAM;KACP,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,UAAU,CAC3B,MAAM,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CACpF,CAAC;IACF,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAElC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;IAC/E,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAErC,OAAO;QACL,QAAQ,EAAE;YACR,WAAW;YACX,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC;YAC/B,UAAU,EAAE,CAAC,EAAE,GAAG,EAAE,aAAa,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;SACtE;QACD,YAAY;KACb,CAAC;AACJ,CAAC"}

package/dist/dsse.d.ts

@@ -15,32 +15,8 @@
  * it during the Day 5 smoke test (500 "error generating canonicalized
  * entry"). See `docs/v0-acceptance.md` Day 5 evidence.
  */
-export declare const DSSE_VERSION = "DSSEv1";
-export declare const IN_TOTO_PAYLOAD_TYPE = "application/vnd.in-toto+json";
-export interface DsseSignature {
-    /** Single-base64 of the raw signature bytes. */
-    sig: string;
-    /** PEM-encoded SubjectPublicKeyInfo. */
-    publicKey: string;
-    /** Optional key identifier. Omit (don't pass empty string) when not set. */
-    keyid?: string;
-}
-export interface DsseEnvelope {
-    /** Media type of the payload (e.g. `application/vnd.in-toto+json`). */
-    payloadType: string;
-    /** Single-base64 of the raw payload bytes. */
-    payload: string;
-    signatures: DsseSignature[];
-}
-/**
- * DSSE Pre-Authentication Encoding (PAE):
- *
- *   "DSSEv1" SP LEN(type) SP type SP LEN(body) SP body
- *
- * Where SP is a single 0x20 space, LEN is the ASCII-decimal length of
- * the following byte string.
- */
-export declare function pae(type: string, body: Uint8Array): Uint8Array;
+import { type DsseEnvelope } from './dsse-common.js';
+export { DSSE_VERSION, IN_TOTO_PAYLOAD_TYPE, pae, type DsseEnvelope, type DsseSignature, } from './dsse-common.js';
 export interface SignEnvelopeResult {
     envelope: DsseEnvelope;
     /** PEM of the ephemeral public key (also embedded in envelope.signatures[0].publicKey). */

package/dist/dsse.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dsse.d.ts","sourceRoot":"","sources":["../src/dsse.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,eAAO,MAAM,YAAY,WAAW,CAAC;AACrC,eAAO,MAAM,oBAAoB,iCAAiC,CAAC;AAEnE,MAAM,WAAW,aAAa;IAC5B,gDAAgD;IAChD,GAAG,EAAE,MAAM,CAAC;IACZ,wCAAwC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,4EAA4E;IAC5E,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAY;IAC3B,uEAAuE;IACvE,WAAW,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,aAAa,EAAE,CAAC;CAC7B;AAED;;;;;;;GAOG;AACH,wBAAgB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,UAAU,CAQ9D;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,YAAY,CAAC;IACvB,2FAA2F;IAC3F,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,GAAG,kBAAkB,CAqBzF"}
+{"version":3,"file":"dsse.d.ts","sourceRoot":"","sources":["../src/dsse.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EAAO,KAAK,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAE1D,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,GAAG,EACH,KAAK,YAAY,EACjB,KAAK,aAAa,GACnB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,YAAY,CAAC;IACvB,2FAA2F;IAC3F,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,GAAG,kBAAkB,CAqBzF"}

package/dist/dsse.js

@@ -16,25 +16,8 @@
  * entry"). See `docs/v0-acceptance.md` Day 5 evidence.
  */
 import { createSign, generateKeyPairSync } from 'node:crypto';
-export const DSSE_VERSION = 'DSSEv1';
-export const IN_TOTO_PAYLOAD_TYPE = 'application/vnd.in-toto+json';
-/**
- * DSSE Pre-Authentication Encoding (PAE):
- *
- *   "DSSEv1" SP LEN(type) SP type SP LEN(body) SP body
- *
- * Where SP is a single 0x20 space, LEN is the ASCII-decimal length of
- * the following byte string.
- */
-export function pae(type, body) {
-    const typeBytes = new TextEncoder().encode(type);
-    const prefix = `${DSSE_VERSION} ${typeBytes.length} ${type} ${body.length} `;
-    const prefixBytes = new TextEncoder().encode(prefix);
-    const out = new Uint8Array(prefixBytes.length + body.length);
-    out.set(prefixBytes);
-    out.set(body, prefixBytes.length);
-    return out;
-}
+import { pae } from './dsse-common.js';
+export { DSSE_VERSION, IN_TOTO_PAYLOAD_TYPE, pae, } from './dsse-common.js';
 /**
  * Generate an ephemeral ECDSA P-256 keypair, sign PAE(payloadType,
  * payload), and return a DSSE envelope. The private key is discarded

package/dist/dsse.js.map

@@ -1 +1 @@
-{"version":3,"file":"dsse.js","sourceRoot":"","sources":["../src/dsse.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAE9D,MAAM,CAAC,MAAM,YAAY,GAAG,QAAQ,CAAC;AACrC,MAAM,CAAC,MAAM,oBAAoB,GAAG,8BAA8B,CAAC;AAmBnE;;;;;;;GAOG;AACH,MAAM,UAAU,GAAG,CAAC,IAAY,EAAE,IAAgB;IAChD,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,GAAG,YAAY,IAAI,SAAS,CAAC,MAAM,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;IAC7E,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7D,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACrB,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,GAAG,CAAC;AACb,CAAC;AAQD;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,OAAmB,EAAE,WAAmB;IACnE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IACrF,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;IAEjF,OAAO;QACL,QAAQ,EAAE;YACR,WAAW;YACX,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAChD,UAAU,EAAE;gBACV;oBACE,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAC9B,SAAS,EAAE,YAAY;iBACxB;aACF;SACF;QACD,YAAY;KACb,CAAC;AACJ,CAAC"}
+{"version":3,"file":"dsse.js","sourceRoot":"","sources":["../src/dsse.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAE9D,OAAO,EAAE,GAAG,EAAqB,MAAM,kBAAkB,CAAC;AAE1D,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,GAAG,GAGJ,MAAM,kBAAkB,CAAC;AAQ1B;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,OAAmB,EAAE,WAAmB;IACnE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IACrF,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;IAEjF,OAAO;QACL,QAAQ,EAAE;YACR,WAAW;YACX,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAChD,UAAU,EAAE;gBACV;oBACE,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAC9B,SAAS,EAAE,YAAY;iBACxB;aACF;SACF;QACD,YAAY;KACb,CAAC;AACJ,CAAC"}

package/dist/encoding.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Runtime-neutral byte/string primitives.
+ *
+ * Every module that needs hashing or hex/base64 goes through here so
+ * the rest of core has no `node:crypto` / `Buffer` dependency and runs
+ * unchanged on Node, Cloudflare Workers, and browsers. SHA-256 comes
+ * from `@noble/hashes` (pure JS, synchronous — WebCrypto's async
+ * digest would force async signatures through the whole verify path).
+ */
+export declare function bytesToHex(bytes: Uint8Array): string;
+export declare function hexToBytes(hex: string): Uint8Array;
+export declare function bytesToBase64(bytes: Uint8Array): string;
+export declare function base64ToBytes(b64: string): Uint8Array;
+export declare function utf8ToBytes(s: string): Uint8Array;
+export declare function bytesToUtf8(bytes: Uint8Array): string;
+export declare function sha256Bytes(bytes: Uint8Array): Uint8Array;
+export declare function sha256Hex(bytes: Uint8Array): string;
+/** Cryptographically secure random bytes via the platform's WebCrypto. */
+export declare function randomBytes(length: number): Uint8Array;
+//# sourceMappingURL=encoding.d.ts.map

package/dist/encoding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.d.ts","sourceRoot":"","sources":["../src/encoding.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAMpD;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CASlD;AAMD,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAYvD;AAED,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAkBrD;AAKD,wBAAgB,WAAW,CAAC,CAAC,EAAE,MAAM,GAAG,UAAU,CAEjD;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAErD;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,CAEzD;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAEnD;AAED,0EAA0E;AAC1E,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAItD"}

package/dist/encoding.js

@@ -0,0 +1,88 @@
+/**
+ * Runtime-neutral byte/string primitives.
+ *
+ * Every module that needs hashing or hex/base64 goes through here so
+ * the rest of core has no `node:crypto` / `Buffer` dependency and runs
+ * unchanged on Node, Cloudflare Workers, and browsers. SHA-256 comes
+ * from `@noble/hashes` (pure JS, synchronous — WebCrypto's async
+ * digest would force async signatures through the whole verify path).
+ */
+import { sha256 } from '@noble/hashes/sha256';
+const HEX_CHARS = '0123456789abcdef';
+export function bytesToHex(bytes) {
+    let out = '';
+    for (const b of bytes) {
+        out += HEX_CHARS[b >> 4] + HEX_CHARS[b & 0x0f];
+    }
+    return out;
+}
+export function hexToBytes(hex) {
+    if (hex.length % 2 !== 0 || !/^[0-9a-fA-F]*$/.test(hex)) {
+        throw new TypeError(`hexToBytes: invalid hex string (length ${hex.length})`);
+    }
+    const out = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        out[i] = parseInt(hex.substring(i * 2, i * 2 + 2), 16);
+    }
+    return out;
+}
+const B64_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+const B64_LOOKUP = {};
+for (let i = 0; i < B64_ALPHABET.length; i++)
+    B64_LOOKUP[B64_ALPHABET[i]] = i;
+export function bytesToBase64(bytes) {
+    let out = '';
+    for (let i = 0; i < bytes.length; i += 3) {
+        const b0 = bytes[i];
+        const b1 = i + 1 < bytes.length ? bytes[i + 1] : 0;
+        const b2 = i + 2 < bytes.length ? bytes[i + 2] : 0;
+        out += B64_ALPHABET[b0 >> 2];
+        out += B64_ALPHABET[((b0 & 0x03) << 4) | (b1 >> 4)];
+        out += i + 1 < bytes.length ? B64_ALPHABET[((b1 & 0x0f) << 2) | (b2 >> 6)] : '=';
+        out += i + 2 < bytes.length ? B64_ALPHABET[b2 & 0x3f] : '=';
+    }
+    return out;
+}
+export function base64ToBytes(b64) {
+    if (b64.length % 4 !== 0 || !/^[A-Za-z0-9+/]*={0,2}$/.test(b64)) {
+        throw new TypeError('base64ToBytes: invalid base64 string');
+    }
+    const padding = b64.endsWith('==') ? 2 : b64.endsWith('=') ? 1 : 0;
+    const byteLength = (b64.length / 4) * 3 - padding;
+    const out = new Uint8Array(byteLength);
+    let outIdx = 0;
+    for (let i = 0; i < b64.length; i += 4) {
+        const c0 = B64_LOOKUP[b64[i]];
+        const c1 = B64_LOOKUP[b64[i + 1]];
+        const c2 = b64[i + 2] === '=' ? 0 : B64_LOOKUP[b64[i + 2]];
+        const c3 = b64[i + 3] === '=' ? 0 : B64_LOOKUP[b64[i + 3]];
+        if (outIdx < byteLength)
+            out[outIdx++] = (c0 << 2) | (c1 >> 4);
+        if (outIdx < byteLength)
+            out[outIdx++] = ((c1 & 0x0f) << 4) | (c2 >> 2);
+        if (outIdx < byteLength)
+            out[outIdx++] = ((c2 & 0x03) << 6) | c3;
+    }
+    return out;
+}
+const textEncoder = new TextEncoder();
+const textDecoder = new TextDecoder();
+export function utf8ToBytes(s) {
+    return textEncoder.encode(s);
+}
+export function bytesToUtf8(bytes) {
+    return textDecoder.decode(bytes);
+}
+export function sha256Bytes(bytes) {
+    return sha256(bytes);
+}
+export function sha256Hex(bytes) {
+    return bytesToHex(sha256(bytes));
+}
+/** Cryptographically secure random bytes via the platform's WebCrypto. */
+export function randomBytes(length) {
+    const out = new Uint8Array(length);
+    globalThis.crypto.getRandomValues(out);
+    return out;
+}
+//# sourceMappingURL=encoding.js.map

package/dist/encoding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.js","sourceRoot":"","sources":["../src/encoding.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAE9C,MAAM,SAAS,GAAG,kBAAkB,CAAC;AAErC,MAAM,UAAU,UAAU,CAAC,KAAiB;IAC1C,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,GAAG,IAAI,SAAS,CAAC,CAAC,IAAI,CAAC,CAAE,GAAG,SAAS,CAAC,CAAC,GAAG,IAAI,CAAE,CAAC;IACnD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,SAAS,CAAC,0CAA0C,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IAC/E,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,YAAY,GAAG,kEAAkE,CAAC;AACxF,MAAM,UAAU,GAA2B,EAAE,CAAC;AAC9C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE;IAAE,UAAU,CAAC,YAAY,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC,CAAC;AAE/E,MAAM,UAAU,aAAa,CAAC,KAAiB;IAC7C,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACrB,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,GAAG,IAAI,YAAY,CAAC,EAAE,IAAI,CAAC,CAAE,CAAC;QAC9B,GAAG,IAAI,YAAY,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAE,CAAC;QACrD,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,GAAG,CAAC;QAClF,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,GAAG,IAAI,CAAE,CAAC,CAAC,CAAC,GAAG,CAAC;IAC/D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAC;IAC9D,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACnE,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;IACvC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAE,CAAE,CAAC;QAChC,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAE,CAAE,CAAC;QACpC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAE,CAAE,CAAC;QAC7D,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAE,CAAE,CAAC;QAC7D,IAAI,MAAM,GAAG,UAAU;YAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QAC/D,IAAI,MAAM,GAAG,UAAU;YAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QACxE,IAAI,MAAM,GAAG,UAAU;YAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IACnE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;AACtC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;AAEtC,MAAM,UAAU,WAAW,CAAC,CAAS;IACnC,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAiB;IAC3C,OAAO,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAiB;IAC3C,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;AACvB,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAiB;IACzC,OAAO,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,WAAW,CAAC,MAAc;IACxC,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACnC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACvC,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/github.js

@@ -10,12 +10,12 @@
  * The optional `token` is **purely for rate-limit headroom** — it
  * carries zero special access. Unauth'd: 60 req/hr; with token: 5000.
  */
-import { createHash } from 'node:crypto';
+import { sha256Hex as sha256HexOfBytes, utf8ToBytes } from './encoding.js';
 import { PassportsignError } from './errors.js';
 const DEFAULT_BASE_URL = 'https://api.github.com';
 const GIST_LIST_PER_PAGE = 100;
 function sha256Hex(content) {
-    return createHash('sha256').update(content, 'utf8').digest('hex');
+    return sha256HexOfBytes(utf8ToBytes(content));
 }
 function authHeaders(token) {
     return {

package/dist/github.js.map

@@ -1 +1 @@
-{"version":3,"file":"github.js","sourceRoot":"","sources":["../src/github.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AA+BhD,MAAM,gBAAgB,GAAG,wBAAwB,CAAC;AAClD,MAAM,kBAAkB,GAAG,GAAG,CAAC;AAE/B,SAAS,SAAS,CAAC,OAAe;IAChC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,WAAW,CAAC,KAAyB;IAC5C,OAAO;QACL,MAAM,EAAE,6BAA6B;QACrC,sBAAsB,EAAE,YAAY;QACpC,YAAY,EAAE,kBAAkB;QAChC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACvD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAsB;IAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,gBAAgB,CAAC;IACjD,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAExC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAiB,CAAC,kBAAkB,EAAE,4BAA4B,CAAC,CAAC;IAChF,CAAC;IAED,qDAAqD;IACrD,MAAM,OAAO,GAAG,GAAG,OAAO,UAAU,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,kBAAkB,EAAE,CAAC;IAC7G,IAAI,YAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,qCAAqC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACvF,GAAG,CACJ,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAChC,MAAM,IAAI,iBAAiB,CACzB,kBAAkB,EAClB,gBAAgB,IAAI,CAAC,QAAQ,aAAa,CAC3C,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACrB,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,mCAAmC,YAAY,CAAC,MAAM,EAAE,CACzD,CAAC;IACJ,CAAC;IAED,IAAI,QAAiB,CAAC;IACtB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,qCAAqC,EACrC,GAAG,CACJ,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,2CAA2C,CAC5C,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAI,QAA0B;SACxC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,iBAAiB,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;SACtF,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE1D,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACzB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,4BAA4B,IAAI,CAAC,QAAQ,oBAAoB,IAAI,CAAC,iBAAiB,GAAG,CACvF,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,IAAI,cAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,cAAc,GAAG,MAAM,SAAS,CAAC,GAAG,OAAO,UAAU,KAAK,CAAC,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IAChF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,mCAAmC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACrF,GAAG,CACJ,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,iCAAiC,cAAc,CAAC,MAAM,EAAE,CACzD,CAAC;IACJ,CAAC;IAED,IAAI,MAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,MAAM,cAAc,CAAC,IAAI,EAAE,CAAgB,CAAC;IACxD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,iBAAiB,CAAC,gBAAgB,EAAE,mCAAmC,EAAE,GAAG,CAAC,CAAC;IAC1F,CAAC;IAED,6DAA6D;IAC7D,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC;IACvC,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QAC5E,MAAM,IAAI,iBAAiB,CACzB,kBAAkB,EAClB,QAAQ,KAAK,CAAC,EAAE,WAAW,UAAU,IAAI,SAAS,8BAA8B,IAAI,CAAC,QAAQ,GAAG,CACjG,CAAC;IACJ,CAAC;IAED,+BAA+B;IAC/B,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,IAAI,EAAE,OAAO,CAAC;IAC9B,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,IAAI,iBAAiB,CACzB,oBAAoB,EACpB,QAAQ,KAAK,CAAC,EAAE,iCAAiC,IAAI,CAAC,iBAAiB,GAAG,CAC3E,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,KAAK,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtC,MAAM,IAAI,iBAAiB,CACzB,oBAAoB,EACpB,QAAQ,KAAK,CAAC,EAAE,oDAAoD,CACrE,CAAC;IACJ,CAAC;IAED,+DAA+D;IAC/D,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,QAAQ,KAAK,CAAC,EAAE,+BAA+B,MAAM,CAAC,UAAU,EAAE,CACnE,CAAC;IACJ,CAAC;IACD,IAAI,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5C,MAAM,IAAI,iBAAiB,CACzB,oBAAoB,EACpB,QAAQ,KAAK,CAAC,EAAE,gBAAgB,MAAM,CAAC,UAAU,oBAAoB,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,GAAG,CACtG,CAAC;IACJ,CAAC;IAED,OAAO;QACL,GAAG,EAAE,MAAM,CAAC,QAAQ;QACpB,cAAc,EAAE,SAAS,CAAC,OAAO,CAAC;QAClC,UAAU,EAAE,MAAM,CAAC,UAAU;KAC9B,CAAC;AACJ,CAAC"}
+{"version":3,"file":"github.js","sourceRoot":"","sources":["../src/github.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,SAAS,IAAI,gBAAgB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC3E,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AA+BhD,MAAM,gBAAgB,GAAG,wBAAwB,CAAC;AAClD,MAAM,kBAAkB,GAAG,GAAG,CAAC;AAE/B,SAAS,SAAS,CAAC,OAAe;IAChC,OAAO,gBAAgB,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,WAAW,CAAC,KAAyB;IAC5C,OAAO;QACL,MAAM,EAAE,6BAA6B;QACrC,sBAAsB,EAAE,YAAY;QACpC,YAAY,EAAE,kBAAkB;QAChC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACvD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAsB;IAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,gBAAgB,CAAC;IACjD,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAExC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAiB,CAAC,kBAAkB,EAAE,4BAA4B,CAAC,CAAC;IAChF,CAAC;IAED,qDAAqD;IACrD,MAAM,OAAO,GAAG,GAAG,OAAO,UAAU,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,kBAAkB,EAAE,CAAC;IAC7G,IAAI,YAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,qCAAqC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACvF,GAAG,CACJ,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAChC,MAAM,IAAI,iBAAiB,CACzB,kBAAkB,EAClB,gBAAgB,IAAI,CAAC,QAAQ,aAAa,CAC3C,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACrB,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,mCAAmC,YAAY,CAAC,MAAM,EAAE,CACzD,CAAC;IACJ,CAAC;IAED,IAAI,QAAiB,CAAC;IACtB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,qCAAqC,EACrC,GAAG,CACJ,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,2CAA2C,CAC5C,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAI,QAA0B;SACxC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,iBAAiB,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;SACtF,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE1D,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACzB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,4BAA4B,IAAI,CAAC,QAAQ,oBAAoB,IAAI,CAAC,iBAAiB,GAAG,CACvF,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,IAAI,cAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,cAAc,GAAG,MAAM,SAAS,CAAC,GAAG,OAAO,UAAU,KAAK,CAAC,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IAChF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,mCAAmC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACrF,GAAG,CACJ,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,iCAAiC,cAAc,CAAC,MAAM,EAAE,CACzD,CAAC;IACJ,CAAC;IAED,IAAI,MAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,MAAM,cAAc,CAAC,IAAI,EAAE,CAAgB,CAAC;IACxD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,iBAAiB,CAAC,gBAAgB,EAAE,mCAAmC,EAAE,GAAG,CAAC,CAAC;IAC1F,CAAC;IAED,6DAA6D;IAC7D,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC;IACvC,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QAC5E,MAAM,IAAI,iBAAiB,CACzB,kBAAkB,EAClB,QAAQ,KAAK,CAAC,EAAE,WAAW,UAAU,IAAI,SAAS,8BAA8B,IAAI,CAAC,QAAQ,GAAG,CACjG,CAAC;IACJ,CAAC;IAED,+BAA+B;IAC/B,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,IAAI,EAAE,OAAO,CAAC;IAC9B,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,IAAI,iBAAiB,CACzB,oBAAoB,EACpB,QAAQ,KAAK,CAAC,EAAE,iCAAiC,IAAI,CAAC,iBAAiB,GAAG,CAC3E,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,KAAK,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtC,MAAM,IAAI,iBAAiB,CACzB,oBAAoB,EACpB,QAAQ,KAAK,CAAC,EAAE,oDAAoD,CACrE,CAAC;IACJ,CAAC;IAED,+DAA+D;IAC/D,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,iBAAiB,CACzB,gBAAgB,EAChB,QAAQ,KAAK,CAAC,EAAE,+BAA+B,MAAM,CAAC,UAAU,EAAE,CACnE,CAAC;IACJ,CAAC;IACD,IAAI,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5C,MAAM,IAAI,iBAAiB,CACzB,oBAAoB,EACpB,QAAQ,KAAK,CAAC,EAAE,gBAAgB,MAAM,CAAC,UAAU,oBAAoB,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,GAAG,CACtG,CAAC;IACJ,CAAC;IAED,OAAO;QACL,GAAG,EAAE,MAAM,CAAC,QAAQ;QACpB,cAAc,EAAE,SAAS,CAAC,OAAO,CAAC;QAClC,UAAU,EAAE,MAAM,CAAC,UAAU;KAC9B,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -6,17 +6,23 @@
  *          SQLite cache + bind orchestrator (no Rekor yet).
  */
 export { canonicalize, canonicalSha256Hex, } from './canonical.js';
-export { IN_TOTO_STATEMENT_TYPE, PASSPORTSIGN_PREDICATE_TYPE, buildStatement, type BuildStatementInput, type DisclosureLevel, type PassportsignPredicate, type PassportsignStatement, } from './statement.js';
-export { BUNDLE_FORMAT_VERSION, BundleValidationError, readBundle, validateBundle, writeBundle, type PassportsignBundle, type RekorBundleFields, } from './bundle.js';
+export { IN_TOTO_STATEMENT_TYPE, PASSPORTSIGN_PREDICATE_TYPE, PASSPORTSIGN_REVOCATION_PREDICATE_TYPE, buildRevocationStatement, buildStatement, type BuildRevocationStatementInput, type BuildStatementInput, type DisclosureLevel, type PassportsignPredicate, type PassportsignRevocationPredicate, type PassportsignRevocationStatement, type PassportsignStatement, } from './statement.js';
+export { BUNDLE_FORMAT_VERSION, BundleValidationError, assembleBundle, validateBundle, type PassportsignBundle, type RekorBundleFields, } from './bundle.js';
+export { readBundle, writeBundle } from './bundle-fs.js';
 export { ERROR_CODES, PassportsignError, type ErrorCode, } from './errors.js';
 export { NONCE_BYTES, NONCE_BASE32_LENGTH, base32Encode, generateNonce, } from './nonce.js';
 export { checkGistControl, type CheckGistOptions, type GistEvidence, } from './github.js';
 export { prepareBinding, type PrepareBindingDeps, type PrepareBindingInit, type PrepareBindingInput, type PreparedBinding, } from './bind.js';
 export { DSSE_VERSION, IN_TOTO_PAYLOAD_TYPE, pae, signEnvelope, type DsseEnvelope, type DsseSignature, type SignEnvelopeResult, } from './dsse.js';
+export { p1363ToDer, signEnvelopeWeb, type SignEnvelopeWebResult, } from './dsse-web.js';
 export { DEFAULT_REKOR_BASE_URL, PublicSigstoreRekorClient, buildIntotoEntryBody, type InclusionProof, type PublicSigstoreRekorClientOptions, type RekorClient, type RekorEntryResponse, } from './log/rekor.js';
-export { submitBinding, type SubmitBindingDeps, type SubmitBindingResult, } from './submit.js';
+export { submitBinding, type SubmitBindingDeps, type SubmitBindingResult, type SubmittableStatement, } from './submit.js';
+export { prepareRevocation, type PrepareRevocationInput, type PreparedRevocation, } from './revoke.js';
 export { hashLeaf, hashPair, verifyConsistency, verifyInclusion, } from './merkle.js';
 export { packSdkPayload, unpackSdkPayload, type PackedSdkPayload, type SdkPayload, } from './sdk-payload.js';
 export { renderBadgeMarkdown, renderBadgeSvg, type BadgeInput, } from './badge.js';
+export { PROFILE_INDEX_FILENAME, PROFILE_INDEX_VERSION, ProfileIndexValidationError, addBinding, addRevocation, createProfileIndex, fetchProfileIndex, mergeProfileIndexes, profileIndexUrl, validateProfileIndex, type FetchProfileIndexOptions, type ProfileIndex, type ProfileIndexBinding, type ProfileIndexRevocation, } from './profile-index.js';
+export { EntryParseError, STALENESS_WINDOW_MS, classifyBindings, parseIntotoEntry, type BindingState, type ClassifiedBinding, type ClassifyBindingsInput, type InTotoStatement, type ParsedIntotoEntry, } from './classify.js';
+export { lookupBindings, lookupFromIndex, type LookupBindingsDeps, type LookupDeps, type LookupEntryProblem, type LookupResult, } from './lookup.js';
 export { verifyBundle, type BundleVerifyResult, type CheckResult, type SdkVerifier, type SdkVerifyInput, type SdkVerifyResult, type VerifyBundleDeps, } from './verifier.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,YAAY,EACZ,kBAAkB,GACnB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,sBAAsB,EACtB,2BAA2B,EAC3B,cAAc,EACd,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,qBAAqB,EAC1B,KAAK,qBAAqB,GAC3B,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,UAAU,EACV,cAAc,EACd,WAAW,EACX,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,GACvB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,KAAK,SAAS,GACf,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,WAAW,EACX,mBAAmB,EACnB,YAAY,EACZ,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,gBAAgB,EAChB,KAAK,gBAAgB,EACrB,KAAK,YAAY,GAClB,MAAM,aAAa,CAAC;AAQrB,OAAO,EACL,cAAc,EACd,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,EACxB,KAAK,eAAe,GACrB,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,GAAG,EACH,YAAY,EACZ,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,kBAAkB,GACxB,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,sBAAsB,EACtB,yBAAyB,EACzB,oBAAoB,EACpB,KAAK,cAAc,EACnB,KAAK,gCAAgC,EACrC,KAAK,WAAW,EAChB,KAAK,kBAAkB,GACxB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,aAAa,EACb,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,GACzB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,QAAQ,EACR,QAAQ,EACR,iBAAiB,EACjB,eAAe,GAChB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,KAAK,gBAAgB,EACrB,KAAK,UAAU,GAChB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,mBAAmB,EACnB,cAAc,EACd,KAAK,UAAU,GAChB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,YAAY,EACZ,KAAK,kBAAkB,EACvB,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,gBAAgB,GACtB,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,YAAY,EACZ,kBAAkB,GACnB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,sBAAsB,EACtB,2BAA2B,EAC3B,sCAAsC,EACtC,wBAAwB,EACxB,cAAc,EACd,KAAK,6BAA6B,EAClC,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,qBAAqB,EAC1B,KAAK,+BAA+B,EACpC,KAAK,+BAA+B,EACpC,KAAK,qBAAqB,GAC3B,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,cAAc,EACd,cAAc,EACd,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,GACvB,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAEzD,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,KAAK,SAAS,GACf,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,WAAW,EACX,mBAAmB,EACnB,YAAY,EACZ,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,gBAAgB,EAChB,KAAK,gBAAgB,EACrB,KAAK,YAAY,GAClB,MAAM,aAAa,CAAC;AAQrB,OAAO,EACL,cAAc,EACd,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,EACxB,KAAK,eAAe,GACrB,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,GAAG,EACH,YAAY,EACZ,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,kBAAkB,GACxB,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,UAAU,EACV,eAAe,EACf,KAAK,qBAAqB,GAC3B,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,sBAAsB,EACtB,yBAAyB,EACzB,oBAAoB,EACpB,KAAK,cAAc,EACnB,KAAK,gCAAgC,EACrC,KAAK,WAAW,EAChB,KAAK,kBAAkB,GACxB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,aAAa,EACb,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,GAC1B,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,iBAAiB,EACjB,KAAK,sBAAsB,EAC3B,KAAK,kBAAkB,GACxB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,QAAQ,EACR,QAAQ,EACR,iBAAiB,EACjB,eAAe,GAChB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,KAAK,gBAAgB,EACrB,KAAK,UAAU,GAChB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,mBAAmB,EACnB,cAAc,EACd,KAAK,UAAU,GAChB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,2BAA2B,EAC3B,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,KAAK,wBAAwB,EAC7B,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,GAC5B,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,KAAK,YAAY,EACjB,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,EAC1B,KAAK,eAAe,EACpB,KAAK,iBAAiB,GACvB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,cAAc,EACd,eAAe,EACf,KAAK,kBAAkB,EACvB,KAAK,UAAU,EACf,KAAK,kBAAkB,EACvB,KAAK,YAAY,GAClB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,YAAY,EACZ,KAAK,kBAAkB,EACvB,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,gBAAgB,GACtB,MAAM,eAAe,CAAC"}

package/dist/index.js

@@ -6,8 +6,9 @@
  *          SQLite cache + bind orchestrator (no Rekor yet).
  */
 export { canonicalize, canonicalSha256Hex, } from './canonical.js';
-export { IN_TOTO_STATEMENT_TYPE, PASSPORTSIGN_PREDICATE_TYPE, buildStatement, } from './statement.js';
-export { BUNDLE_FORMAT_VERSION, BundleValidationError, readBundle, validateBundle, writeBundle, } from './bundle.js';
+export { IN_TOTO_STATEMENT_TYPE, PASSPORTSIGN_PREDICATE_TYPE, PASSPORTSIGN_REVOCATION_PREDICATE_TYPE, buildRevocationStatement, buildStatement, } from './statement.js';
+export { BUNDLE_FORMAT_VERSION, BundleValidationError, assembleBundle, validateBundle, } from './bundle.js';
+export { readBundle, writeBundle } from './bundle-fs.js';
 export { ERROR_CODES, PassportsignError, } from './errors.js';
 export { NONCE_BYTES, NONCE_BASE32_LENGTH, base32Encode, generateNonce, } from './nonce.js';
 export { checkGistControl, } from './github.js';
@@ -18,10 +19,15 @@ export { checkGistControl, } from './github.js';
 // directly. The v0 CLI doesn't use the cache; rebuild is v1 work.
 export { prepareBinding, } from './bind.js';
 export { DSSE_VERSION, IN_TOTO_PAYLOAD_TYPE, pae, signEnvelope, } from './dsse.js';
+export { p1363ToDer, signEnvelopeWeb, } from './dsse-web.js';
 export { DEFAULT_REKOR_BASE_URL, PublicSigstoreRekorClient, buildIntotoEntryBody, } from './log/rekor.js';
 export { submitBinding, } from './submit.js';
+export { prepareRevocation, } from './revoke.js';
 export { hashLeaf, hashPair, verifyConsistency, verifyInclusion, } from './merkle.js';
 export { packSdkPayload, unpackSdkPayload, } from './sdk-payload.js';
 export { renderBadgeMarkdown, renderBadgeSvg, } from './badge.js';
+export { PROFILE_INDEX_FILENAME, PROFILE_INDEX_VERSION, ProfileIndexValidationError, addBinding, addRevocation, createProfileIndex, fetchProfileIndex, mergeProfileIndexes, profileIndexUrl, validateProfileIndex, } from './profile-index.js';
+export { EntryParseError, STALENESS_WINDOW_MS, classifyBindings, parseIntotoEntry, } from './classify.js';
+export { lookupBindings, lookupFromIndex, } from './lookup.js';
 export { verifyBundle, } from './verifier.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,YAAY,EACZ,kBAAkB,GACnB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,sBAAsB,EACtB,2BAA2B,EAC3B,cAAc,GAKf,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,UAAU,EACV,cAAc,EACd,WAAW,GAGZ,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,WAAW,EACX,iBAAiB,GAElB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,WAAW,EACX,mBAAmB,EACnB,YAAY,EACZ,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,gBAAgB,GAGjB,MAAM,aAAa,CAAC;AAErB,sEAAsE;AACtE,0EAA0E;AAC1E,sEAAsE;AACtE,qEAAqE;AACrE,kEAAkE;AAElE,OAAO,EACL,cAAc,GAKf,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,GAAG,EACH,YAAY,GAIb,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,sBAAsB,EACtB,yBAAyB,EACzB,oBAAoB,GAKrB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,aAAa,GAGd,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,QAAQ,EACR,QAAQ,EACR,iBAAiB,EACjB,eAAe,GAChB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,cAAc,EACd,gBAAgB,GAGjB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,mBAAmB,EACnB,cAAc,GAEf,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,YAAY,GAOb,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,YAAY,EACZ,kBAAkB,GACnB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,sBAAsB,EACtB,2BAA2B,EAC3B,sCAAsC,EACtC,wBAAwB,EACxB,cAAc,GAQf,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,cAAc,EACd,cAAc,GAGf,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAEzD,OAAO,EACL,WAAW,EACX,iBAAiB,GAElB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,WAAW,EACX,mBAAmB,EACnB,YAAY,EACZ,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,gBAAgB,GAGjB,MAAM,aAAa,CAAC;AAErB,sEAAsE;AACtE,0EAA0E;AAC1E,sEAAsE;AACtE,qEAAqE;AACrE,kEAAkE;AAElE,OAAO,EACL,cAAc,GAKf,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,GAAG,EACH,YAAY,GAIb,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,UAAU,EACV,eAAe,GAEhB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,sBAAsB,EACtB,yBAAyB,EACzB,oBAAoB,GAKrB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,aAAa,GAId,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,iBAAiB,GAGlB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,QAAQ,EACR,QAAQ,EACR,iBAAiB,EACjB,eAAe,GAChB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,cAAc,EACd,gBAAgB,GAGjB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,mBAAmB,EACnB,cAAc,GAEf,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,2BAA2B,EAC3B,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,GAKrB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GAMjB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,cAAc,EACd,eAAe,GAKhB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,YAAY,GAOb,MAAM,eAAe,CAAC"}

package/dist/log/rekor.d.ts

@@ -8,7 +8,7 @@
  * All HTTP failures surface as
  * `PassportsignError('log_submission_failed', …)` to match spec §4.
  */
-import { type DsseEnvelope } from '../dsse.js';
+import { type DsseEnvelope } from '../dsse-common.js';
 export interface InclusionProof {
     checkpoint: string;
     hashes: string[];

package/dist/log/rekor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rekor.d.ts","sourceRoot":"","sources":["../../src/log/rekor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,iEAAiE;IACjE,IAAI,EAAE,MAAM,CAAC;IACb,mDAAmD;IACnD,WAAW,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS,CAAC;IAC5C,YAAY,EAAE;QACZ,cAAc,EAAE,cAAc,CAAC;QAC/B,wDAAwD;QACxD,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,wDAAwD;IACxD,QAAQ,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,QAAQ,EAAE,MAAM,CAAC;IACjB,yEAAyE;IACzE,cAAc,EAAE,MAAM,CAAC;IACvB,+CAA+C;IAC/C,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,sEAAsE;IACtE,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,6FAA6F;IAC7F,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAClE,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACpD,UAAU,IAAI,OAAO,CAAC,YAAY,CAAC,CAAC;IACpC,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;CAC1F;AAED,MAAM,WAAW,gCAAgC;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB;AAED,eAAO,MAAM,sBAAsB,+BAA+B,CAAC;AAEnE,qBAAa,yBAA0B,YAAW,WAAW;IAC3D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAe;gBAE7B,IAAI,GAAE,gCAAqC;IAKjD,YAAY,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAKjE,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAsBnD,UAAU,IAAI,OAAO,CAAC,YAAY,CAAC;IAoCnC,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;YA2ChF,SAAS;CAyBxB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAwDpE"}
+{"version":3,"file":"rekor.d.ts","sourceRoot":"","sources":["../../src/log/rekor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAItD,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,iEAAiE;IACjE,IAAI,EAAE,MAAM,CAAC;IACb,mDAAmD;IACnD,WAAW,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS,CAAC;IAC5C,YAAY,EAAE;QACZ,cAAc,EAAE,cAAc,CAAC;QAC/B,wDAAwD;QACxD,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,wDAAwD;IACxD,QAAQ,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,QAAQ,EAAE,MAAM,CAAC;IACjB,yEAAyE;IACzE,cAAc,EAAE,MAAM,CAAC;IACvB,+CAA+C;IAC/C,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,sEAAsE;IACtE,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,6FAA6F;IAC7F,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAClE,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACpD,UAAU,IAAI,OAAO,CAAC,YAAY,CAAC,CAAC;IACpC,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;CAC1F;AAED,MAAM,WAAW,gCAAgC;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB;AAED,eAAO,MAAM,sBAAsB,+BAA+B,CAAC;AAEnE,qBAAa,yBAA0B,YAAW,WAAW;IAC3D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAe;gBAE7B,IAAI,GAAE,gCAAqC;IAKjD,YAAY,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAKjE,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAsBnD,UAAU,IAAI,OAAO,CAAC,YAAY,CAAC;IAoCnC,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;YA2ChF,SAAS;CAyBxB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAqDpE"}

package/dist/log/rekor.js

@@ -8,9 +8,9 @@
  * All HTTP failures surface as
  * `PassportsignError('log_submission_failed', …)` to match spec §4.
  */
-import { createHash } from 'node:crypto';
 import { canonicalize } from '../canonical.js';
-import {} from '../dsse.js';
+import {} from '../dsse-common.js';
+import { base64ToBytes, bytesToBase64, sha256Hex, utf8ToBytes } from '../encoding.js';
 import { PassportsignError } from '../errors.js';
 export const DEFAULT_REKOR_BASE_URL = 'https://rekor.sigstore.dev';
 export class PublicSigstoreRekorClient {
@@ -140,8 +140,7 @@ export function buildIntotoEntryBody(envelope) {
     }
     const sig0 = envelope.signatures[0];
     // payloadHash = sha256 of raw payload bytes.
-    const payloadBytes = new Uint8Array(Buffer.from(envelope.payload, 'base64'));
-    const payloadHashHex = createHash('sha256').update(payloadBytes).digest('hex');
+    const payloadHashHex = sha256Hex(base64ToBytes(envelope.payload));
     // envelopeHash = sha256 of canonical JSON of {payloadType, payload-base64,
     // signatures:[{sig-base64, publicKey: PEM-string [, keyid]}]} — note
     // publicKey is the raw PEM string for this hash (not base64).
@@ -157,13 +156,11 @@ export function buildIntotoEntryBody(envelope) {
         payload: envelope.payload,
         signatures: [sigForHash],
     };
-    const envelopeHashHex = createHash('sha256')
-        .update(canonicalize(envelopeForHash))
-        .digest('hex');
+    const envelopeHashHex = sha256Hex(canonicalize(envelopeForHash));
     // Build the actual submission body.
     const sigItem = {
-        sig: Buffer.from(sig0.sig).toString('base64'),
-        publicKey: Buffer.from(sig0.publicKey).toString('base64'),
+        sig: bytesToBase64(utf8ToBytes(sig0.sig)),
+        publicKey: bytesToBase64(utf8ToBytes(sig0.publicKey)),
     };
     if (sig0.keyid && sig0.keyid.length > 0) {
         sigItem['keyid'] = sig0.keyid;
@@ -175,7 +172,7 @@ export function buildIntotoEntryBody(envelope) {
             content: {
                 envelope: {
                     payloadType: envelope.payloadType,
-                    payload: Buffer.from(envelope.payload).toString('base64'),
+                    payload: bytesToBase64(utf8ToBytes(envelope.payload)),
                     signatures: [sigItem],
                 },
                 hash: { algorithm: 'sha256', value: envelopeHashHex },

package/dist/log/rekor.js.map

@@ -1 +1 @@
-{"version":3,"file":"rekor.js","sourceRoot":"","sources":["../../src/log/rekor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAqB,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAwDjD,MAAM,CAAC,MAAM,sBAAsB,GAAG,4BAA4B,CAAC;AAEnE,MAAM,OAAO,yBAAyB;IACnB,OAAO,CAAS;IAChB,SAAS,CAAe;IAEzC,YAAY,OAAyC,EAAE;QACrD,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,sBAAsB,CAAC;QACtD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAsB;QACvC,MAAM,IAAI,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY;QACzB,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,OAAO,uBAAuB,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,mCAAmC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACrF,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,CAAC;gBAAC,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC/D,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,4BAA4B,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAC1D,CAAC;QACJ,CAAC;QACD,OAAO,kBAAkB,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,OAAO,aAAa,CAAC,CAAC;QAChE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,kCAAkC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACpF,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,2BAA2B,QAAQ,CAAC,MAAM,EAAE,CAC7C,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAC;QACzF,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,iBAAiB,CAAC,uBAAuB,EAAE,oCAAoC,CAAC,CAAC;QAC7F,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,IACE,OAAO,QAAQ,KAAK,QAAQ;YAC5B,OAAO,QAAQ,KAAK,QAAQ;YAC5B,OAAO,cAAc,KAAK,QAAQ;YAClC,OAAO,MAAM,KAAK,QAAQ,EAC1B,CAAC;YACD,MAAM,IAAI,iBAAiB,CAAC,uBAAuB,EAAE,wCAAwC,CAAC,CAAC;QACjG,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,SAAiB,EAAE,QAAgB;QAC3D,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAC7B,GAAG,IAAI,CAAC,OAAO,+BAA+B,SAAS,aAAa,QAAQ,EAAE,CAC/E,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,2CAA2C,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAC7F,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CACtD,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAC;QACzF,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,6CAA6C,CAC9C,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EAAE,CAAC;YAC1E,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,6CAA6C,CAC9C,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,yCAAyC,CAC1C,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,MAAkB,EAAE,QAAQ,EAAE,CAAC;IAClD,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,IAAa;QACnC,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,OAAO,qBAAqB,EAAE;gBACpE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,EAAE,kBAAkB,EAAE;gBAC3E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;aAC3B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,gCAAgC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAClF,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,CAAC;gBAAC,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC/D,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,yBAAyB,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CACvD,CAAC;QACJ,CAAC;QACD,OAAO,kBAAkB,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,CAAC;CACF;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,oBAAoB,CAAC,QAAsB;IACzD,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,2CAA2C,CAC5C,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC;IAErC,6CAA6C;IAC7C,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC7E,MAAM,cAAc,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE/E,2EAA2E;IAC3E,qEAAqE;IACrE,8DAA8D;IAC9D,MAAM,UAAU,GAA2B;QACzC,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAC;IACF,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,UAAU,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;IACnC,CAAC;IACD,MAAM,eAAe,GAAG;QACtB,WAAW,EAAE,QAAQ,CAAC,WAAW;QACjC,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,UAAU,EAAE,CAAC,UAAU,CAAC;KACzB,CAAC;IACF,MAAM,eAAe,GAAG,UAAU,CAAC,QAAQ,CAAC;SACzC,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;SACrC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEjB,oCAAoC;IACpC,MAAM,OAAO,GAA2B;QACtC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC7C,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;KAC1D,CAAC;IACF,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;IAChC,CAAC;IAED,OAAO;QACL,UAAU,EAAE,OAAO;QACnB,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE;YACJ,OAAO,EAAE;gBACP,QAAQ,EAAE;oBACR,WAAW,EAAE,QAAQ,CAAC,WAAW;oBACjC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBACzD,UAAU,EAAE,CAAC,OAAO,CAAC;iBACtB;gBACD,IAAI,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE;gBACrD,WAAW,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE;aAC5D;SACF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAY;IACtC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,GAA8B,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,oDAAoD,OAAO,CAAC,MAAM,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;IACrC,MAAM,KAAK,GAAG,QAAmC,CAAC;IAClD,MAAM,YAAY,GAAG,KAAK,CAAC,cAAc,CAAwC,CAAC;IAClF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,2CAA2C,CAC5C,CAAC;IACJ,CAAC;IACD,MAAM,cAAc,GAAG,YAAY,CAAC,gBAAgB,CAA+B,CAAC;IACpF,MAAM,oBAAoB,GAAG,YAAY,CAAC,sBAAsB,CAAuB,CAAC;IACxF,IAAI,CAAC,cAAc,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;QAChE,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI;QACJ,QAAQ,EAAE,KAAK,CAAC,UAAU,CAAW;QACrC,cAAc,EAAE,KAAK,CAAC,gBAAgB,CAAW;QACjD,KAAK,EAAE,KAAK,CAAC,OAAO,CAAW;QAC/B,IAAI,EAAE,KAAK,CAAC,MAAM,CAAW;QAC7B,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;YACtB,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,aAAa,CAAsB,EAAE;YAC5D,CAAC,CAAC,EAAE,CAAC;QACP,YAAY,EAAE,EAAE,cAAc,EAAE,oBAAoB,EAAE;KACvD,CAAC;AACJ,CAAC"}
+{"version":3,"file":"rekor.js","sourceRoot":"","sources":["../../src/log/rekor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAqB,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAwDjD,MAAM,CAAC,MAAM,sBAAsB,GAAG,4BAA4B,CAAC;AAEnE,MAAM,OAAO,yBAAyB;IACnB,OAAO,CAAS;IAChB,SAAS,CAAe;IAEzC,YAAY,OAAyC,EAAE;QACrD,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,sBAAsB,CAAC;QACtD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAsB;QACvC,MAAM,IAAI,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY;QACzB,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,OAAO,uBAAuB,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,mCAAmC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACrF,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,CAAC;gBAAC,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC/D,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,4BAA4B,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAC1D,CAAC;QACJ,CAAC;QACD,OAAO,kBAAkB,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,OAAO,aAAa,CAAC,CAAC;QAChE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,kCAAkC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACpF,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,2BAA2B,QAAQ,CAAC,MAAM,EAAE,CAC7C,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAC;QACzF,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,iBAAiB,CAAC,uBAAuB,EAAE,oCAAoC,CAAC,CAAC;QAC7F,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,IACE,OAAO,QAAQ,KAAK,QAAQ;YAC5B,OAAO,QAAQ,KAAK,QAAQ;YAC5B,OAAO,cAAc,KAAK,QAAQ;YAClC,OAAO,MAAM,KAAK,QAAQ,EAC1B,CAAC;YACD,MAAM,IAAI,iBAAiB,CAAC,uBAAuB,EAAE,wCAAwC,CAAC,CAAC;QACjG,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,SAAiB,EAAE,QAAgB;QAC3D,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAC7B,GAAG,IAAI,CAAC,OAAO,+BAA+B,SAAS,aAAa,QAAQ,EAAE,CAC/E,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,2CAA2C,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAC7F,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CACtD,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAC;QACzF,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,6CAA6C,CAC9C,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EAAE,CAAC;YAC1E,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,6CAA6C,CAC9C,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,yCAAyC,CAC1C,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,MAAkB,EAAE,QAAQ,EAAE,CAAC;IAClD,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,IAAa;QACnC,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,OAAO,qBAAqB,EAAE;gBACpE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,EAAE,kBAAkB,EAAE;gBAC3E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;aAC3B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,gCAAgC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAClF,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,CAAC;gBAAC,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC/D,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,yBAAyB,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CACvD,CAAC;QACJ,CAAC;QACD,OAAO,kBAAkB,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,CAAC;CACF;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,oBAAoB,CAAC,QAAsB;IACzD,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,2CAA2C,CAC5C,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC;IAErC,6CAA6C;IAC7C,MAAM,cAAc,GAAG,SAAS,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAElE,2EAA2E;IAC3E,qEAAqE;IACrE,8DAA8D;IAC9D,MAAM,UAAU,GAA2B;QACzC,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAC;IACF,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,UAAU,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;IACnC,CAAC;IACD,MAAM,eAAe,GAAG;QACtB,WAAW,EAAE,QAAQ,CAAC,WAAW;QACjC,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,UAAU,EAAE,CAAC,UAAU,CAAC;KACzB,CAAC;IACF,MAAM,eAAe,GAAG,SAAS,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC;IAEjE,oCAAoC;IACpC,MAAM,OAAO,GAA2B;QACtC,GAAG,EAAE,aAAa,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzC,SAAS,EAAE,aAAa,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;KACtD,CAAC;IACF,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;IAChC,CAAC;IAED,OAAO;QACL,UAAU,EAAE,OAAO;QACnB,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE;YACJ,OAAO,EAAE;gBACP,QAAQ,EAAE;oBACR,WAAW,EAAE,QAAQ,CAAC,WAAW;oBACjC,OAAO,EAAE,aAAa,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBACrD,UAAU,EAAE,CAAC,OAAO,CAAC;iBACtB;gBACD,IAAI,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE;gBACrD,WAAW,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE;aAC5D;SACF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAY;IACtC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,GAA8B,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,oDAAoD,OAAO,CAAC,MAAM,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;IACrC,MAAM,KAAK,GAAG,QAAmC,CAAC;IAClD,MAAM,YAAY,GAAG,KAAK,CAAC,cAAc,CAAwC,CAAC;IAClF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,2CAA2C,CAC5C,CAAC;IACJ,CAAC;IACD,MAAM,cAAc,GAAG,YAAY,CAAC,gBAAgB,CAA+B,CAAC;IACpF,MAAM,oBAAoB,GAAG,YAAY,CAAC,sBAAsB,CAAuB,CAAC;IACxF,IAAI,CAAC,cAAc,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;QAChE,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI;QACJ,QAAQ,EAAE,KAAK,CAAC,UAAU,CAAW;QACrC,cAAc,EAAE,KAAK,CAAC,gBAAgB,CAAW;QACjD,KAAK,EAAE,KAAK,CAAC,OAAO,CAAW;QAC/B,IAAI,EAAE,KAAK,CAAC,MAAM,CAAW;QAC7B,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;YACtB,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,aAAa,CAAsB,EAAE;YAC5D,CAAC,CAAC,EAAE,CAAC;QACP,YAAY,EAAE,EAAE,cAAc,EAAE,oBAAoB,EAAE;KACvD,CAAC;AACJ,CAAC"}

package/dist/lookup.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Resolve a user's published bindings: index file → Rekor entries →
+ * integrity + sanity checks → state classification.
+ *
+ * This is the shared read pipeline behind `passportsign list` and the
+ * hosted badge service. The index file is user-controlled, so nothing
+ * from it is trusted: every referenced entry is fetched from the log,
+ * its attestation integrity-checked ({@link parseIntotoEntry}), its
+ * inclusion proof verified, and its subject/predicateType checked
+ * against what the index claimed it was.
+ */
+import { type ClassifiedBinding } from './classify.js';
+import { type ProfileIndex } from './profile-index.js';
+import { type RekorClient } from './log/rekor.js';
+export interface LookupDeps {
+    rekor: RekorClient;
+    /** Epoch ms for staleness classification; defaults to the current time. */
+    now?: number;
+}
+export interface LookupEntryProblem {
+    uuid: string;
+    error: string;
+}
+export interface LookupResult {
+    index: ProfileIndex | null;
+    classified: ClassifiedBinding[];
+    /** Entries the log could not return (network, 404). */
+    unreachable: LookupEntryProblem[];
+    /** Entries that failed integrity or sanity checks — treat as hostile index content. */
+    invalid: LookupEntryProblem[];
+}
+/**
+ * Run the lookup pipeline over an already-obtained index (e.g. the
+ * user's file merged with an operator overlay).
+ */
+export declare function lookupFromIndex(index: ProfileIndex, deps: LookupDeps): Promise<LookupResult>;
+export interface LookupBindingsDeps extends LookupDeps {
+    /** Injectable fetch for the index file request. */
+    fetch?: typeof fetch;
+}
+/**
+ * Fetch the user's published `passportsign-index.json` and resolve it.
+ * `index: null` in the result means the user has not published one.
+ */
+export declare function lookupBindings(githubUsername: string, deps: LookupBindingsDeps): Promise<LookupResult>;
+//# sourceMappingURL=lookup.d.ts.map

package/dist/lookup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lookup.d.ts","sourceRoot":"","sources":["../src/lookup.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,EAGL,KAAK,iBAAiB,EAEvB,MAAM,eAAe,CAAC;AAGvB,OAAO,EAAqB,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,KAAK,WAAW,EAA2B,MAAM,gBAAgB,CAAC;AAE3E,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,WAAW,CAAC;IACnB,2EAA2E;IAC3E,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,YAAY,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,uDAAuD;IACvD,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAClC,uFAAuF;IACvF,OAAO,EAAE,kBAAkB,EAAE,CAAC;CAC/B;AAsED;;;GAGG;AACH,wBAAsB,eAAe,CACnC,KAAK,EAAE,YAAY,EACnB,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,YAAY,CAAC,CA8BvB;AAED,MAAM,WAAW,kBAAmB,SAAQ,UAAU;IACpD,mDAAmD;IACnD,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,kBAAkB,GACvB,OAAO,CAAC,YAAY,CAAC,CAQvB"}