@passportsign/core 0.1.0

package/dist/log/rekor.d.ts

@@ -0,0 +1,91 @@
+/**
+ * Rekor client for in-toto v0.0.2 entries.
+ *
+ * Behavior pinned from the Day 5 smoke test against
+ * `rekor.sigstore.dev` (see docs/v0-acceptance.md Day 5 evidence).
+ * The most non-obvious bits live in `buildIntotoEntryBody` below.
+ *
+ * All HTTP failures surface as
+ * `PassportsignError('log_submission_failed', …)` to match spec §4.
+ */
+import { type DsseEnvelope } from '../dsse.js';
+export interface InclusionProof {
+    checkpoint: string;
+    hashes: string[];
+    logIndex: number;
+    rootHash: string;
+    treeSize: number;
+}
+export interface RekorEntryResponse {
+    uuid: string;
+    logIndex: number;
+    integratedTime: number;
+    logID: string;
+    /** base64-encoded canonicalised entry body the server stored. */
+    body: string;
+    /** Optional server-stored attestation (base64). */
+    attestation?: {
+        data?: string;
+    } | undefined;
+    verification: {
+        inclusionProof: InclusionProof;
+        /** Rekor's signed timestamp over the entry (base64). */
+        signedEntryTimestamp: string;
+    };
+}
+export interface RekorLogInfo {
+    /** Hex-encoded current root hash of the active tree. */
+    rootHash: string;
+    /** Number of entries currently in the active tree. */
+    treeSize: number;
+    /** Signed tree head (Rekor's signature over the current root + size). */
+    signedTreeHead: string;
+    /** Active tree ID (string per Rekor's API). */
+    treeID: string;
+}
+export interface RekorConsistencyProof {
+    /** Hex hashes proving treeSize=first is a prefix of treeSize=last. */
+    hashes: string[];
+    /** Hex root hash at the new size (informational; we verify against our own captured one). */
+    rootHash: string;
+}
+export interface RekorClient {
+    submitIntoto(envelope: DsseEnvelope): Promise<RekorEntryResponse>;
+    getEntry(uuid: string): Promise<RekorEntryResponse>;
+    getLogInfo(): Promise<RekorLogInfo>;
+    getConsistencyProof(firstSize: number, lastSize: number): Promise<RekorConsistencyProof>;
+}
+export interface PublicSigstoreRekorClientOptions {
+    baseUrl?: string;
+    fetch?: typeof fetch;
+}
+export declare const DEFAULT_REKOR_BASE_URL = "https://rekor.sigstore.dev";
+export declare class PublicSigstoreRekorClient implements RekorClient {
+    private readonly baseUrl;
+    private readonly fetchImpl;
+    constructor(opts?: PublicSigstoreRekorClientOptions);
+    submitIntoto(envelope: DsseEnvelope): Promise<RekorEntryResponse>;
+    getEntry(uuid: string): Promise<RekorEntryResponse>;
+    getLogInfo(): Promise<RekorLogInfo>;
+    getConsistencyProof(firstSize: number, lastSize: number): Promise<RekorConsistencyProof>;
+    private postEntry;
+}
+/**
+ * Build the Rekor in-toto v0.0.2 entry submission body from a
+ * DSSE envelope. Encoding quirks pinned during the Day 5 smoke test:
+ *
+ * - `payload` and `sig` are **double-base64** at the API boundary
+ *   (Rekor's go-openapi `strfmt.Base64` re-encodes the already-base64
+ *   DSSE strings).
+ * - `publicKey` is **single-base64** over the PEM bytes (raw PEM text).
+ * - `keyid` is **omitted entirely** if empty — sending `""` causes the
+ *   server's canonicalised entry to differ from the client's and the
+ *   submission fails with "error generating canonicalized entry".
+ * - `hash` and `payloadHash` are **required despite the readOnly
+ *   schema markers**. The server compares them to its own computation
+ *   and rejects the submission on mismatch.
+ *
+ * @internal exported for direct testing.
+ */
+export declare function buildIntotoEntryBody(envelope: DsseEnvelope): unknown;
+//# sourceMappingURL=rekor.d.ts.map

package/dist/log/rekor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rekor.d.ts","sourceRoot":"","sources":["../../src/log/rekor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,iEAAiE;IACjE,IAAI,EAAE,MAAM,CAAC;IACb,mDAAmD;IACnD,WAAW,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS,CAAC;IAC5C,YAAY,EAAE;QACZ,cAAc,EAAE,cAAc,CAAC;QAC/B,wDAAwD;QACxD,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,wDAAwD;IACxD,QAAQ,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,QAAQ,EAAE,MAAM,CAAC;IACjB,yEAAyE;IACzE,cAAc,EAAE,MAAM,CAAC;IACvB,+CAA+C;IAC/C,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,sEAAsE;IACtE,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,6FAA6F;IAC7F,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAClE,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACpD,UAAU,IAAI,OAAO,CAAC,YAAY,CAAC,CAAC;IACpC,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;CAC1F;AAED,MAAM,WAAW,gCAAgC;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB;AAED,eAAO,MAAM,sBAAsB,+BAA+B,CAAC;AAEnE,qBAAa,yBAA0B,YAAW,WAAW;IAC3D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAe;gBAE7B,IAAI,GAAE,gCAAqC;IAKjD,YAAY,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAKjE,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAsBnD,UAAU,IAAI,OAAO,CAAC,YAAY,CAAC;IAoCnC,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;YA2ChF,SAAS;CAyBxB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAwDpE"}

package/dist/log/rekor.js

@@ -0,0 +1,218 @@
+/**
+ * Rekor client for in-toto v0.0.2 entries.
+ *
+ * Behavior pinned from the Day 5 smoke test against
+ * `rekor.sigstore.dev` (see docs/v0-acceptance.md Day 5 evidence).
+ * The most non-obvious bits live in `buildIntotoEntryBody` below.
+ *
+ * All HTTP failures surface as
+ * `PassportsignError('log_submission_failed', …)` to match spec §4.
+ */
+import { createHash } from 'node:crypto';
+import { canonicalize } from '../canonical.js';
+import {} from '../dsse.js';
+import { PassportsignError } from '../errors.js';
+export const DEFAULT_REKOR_BASE_URL = 'https://rekor.sigstore.dev';
+export class PublicSigstoreRekorClient {
+    baseUrl;
+    fetchImpl;
+    constructor(opts = {}) {
+        this.baseUrl = opts.baseUrl ?? DEFAULT_REKOR_BASE_URL;
+        this.fetchImpl = opts.fetch ?? globalThis.fetch;
+    }
+    async submitIntoto(envelope) {
+        const body = buildIntotoEntryBody(envelope);
+        return this.postEntry(body);
+    }
+    async getEntry(uuid) {
+        let response;
+        try {
+            response = await this.fetchImpl(`${this.baseUrl}/api/v1/log/entries/${uuid}`);
+        }
+        catch (err) {
+            throw new PassportsignError('log_submission_failed', `Rekor get-entry request failed: ${err instanceof Error ? err.message : String(err)}`, err);
+        }
+        if (!response.ok) {
+            let errBody = '';
+            try {
+                errBody = await response.text();
+            }
+            catch { /* ignore */ }
+            throw new PassportsignError('log_submission_failed', `Rekor get-entry returned ${response.status}: ${errBody}`);
+        }
+        return parseEntryResponse(await response.json().catch(() => null));
+    }
+    async getLogInfo() {
+        let response;
+        try {
+            response = await this.fetchImpl(`${this.baseUrl}/api/v1/log`);
+        }
+        catch (err) {
+            throw new PassportsignError('log_submission_failed', `Rekor log-info request failed: ${err instanceof Error ? err.message : String(err)}`, err);
+        }
+        if (!response.ok) {
+            throw new PassportsignError('log_submission_failed', `Rekor log-info returned ${response.status}`);
+        }
+        const body = (await response.json().catch(() => null));
+        if (!body || typeof body !== 'object') {
+            throw new PassportsignError('log_submission_failed', 'Rekor log-info returned non-object');
+        }
+        const rootHash = body['rootHash'];
+        const treeSize = body['treeSize'];
+        const signedTreeHead = body['signedTreeHead'];
+        const treeID = body['treeID'];
+        if (typeof rootHash !== 'string' ||
+            typeof treeSize !== 'number' ||
+            typeof signedTreeHead !== 'string' ||
+            typeof treeID !== 'string') {
+            throw new PassportsignError('log_submission_failed', 'Rekor log-info missing required fields');
+        }
+        return { rootHash, treeSize, signedTreeHead, treeID };
+    }
+    async getConsistencyProof(firstSize, lastSize) {
+        let response;
+        try {
+            response = await this.fetchImpl(`${this.baseUrl}/api/v1/log/proof?firstSize=${firstSize}&lastSize=${lastSize}`);
+        }
+        catch (err) {
+            throw new PassportsignError('log_submission_failed', `Rekor consistency-proof request failed: ${err instanceof Error ? err.message : String(err)}`, err);
+        }
+        if (!response.ok) {
+            throw new PassportsignError('log_submission_failed', `Rekor consistency-proof returned ${response.status}`);
+        }
+        const body = (await response.json().catch(() => null));
+        if (!body || typeof body !== 'object') {
+            throw new PassportsignError('log_submission_failed', 'Rekor consistency-proof returned non-object');
+        }
+        const hashes = body['hashes'];
+        const rootHash = body['rootHash'];
+        if (!Array.isArray(hashes) || !hashes.every((h) => typeof h === 'string')) {
+            throw new PassportsignError('log_submission_failed', 'Rekor consistency-proof has no hashes array');
+        }
+        if (typeof rootHash !== 'string') {
+            throw new PassportsignError('log_submission_failed', 'Rekor consistency-proof has no rootHash');
+        }
+        return { hashes: hashes, rootHash };
+    }
+    async postEntry(body) {
+        let response;
+        try {
+            response = await this.fetchImpl(`${this.baseUrl}/api/v1/log/entries`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+                body: JSON.stringify(body),
+            });
+        }
+        catch (err) {
+            throw new PassportsignError('log_submission_failed', `Rekor submit request failed: ${err instanceof Error ? err.message : String(err)}`, err);
+        }
+        if (!response.ok) {
+            let errBody = '';
+            try {
+                errBody = await response.text();
+            }
+            catch { /* ignore */ }
+            throw new PassportsignError('log_submission_failed', `Rekor submit returned ${response.status}: ${errBody}`);
+        }
+        return parseEntryResponse(await response.json().catch(() => null));
+    }
+}
+/**
+ * Build the Rekor in-toto v0.0.2 entry submission body from a
+ * DSSE envelope. Encoding quirks pinned during the Day 5 smoke test:
+ *
+ * - `payload` and `sig` are **double-base64** at the API boundary
+ *   (Rekor's go-openapi `strfmt.Base64` re-encodes the already-base64
+ *   DSSE strings).
+ * - `publicKey` is **single-base64** over the PEM bytes (raw PEM text).
+ * - `keyid` is **omitted entirely** if empty — sending `""` causes the
+ *   server's canonicalised entry to differ from the client's and the
+ *   submission fails with "error generating canonicalized entry".
+ * - `hash` and `payloadHash` are **required despite the readOnly
+ *   schema markers**. The server compares them to its own computation
+ *   and rejects the submission on mismatch.
+ *
+ * @internal exported for direct testing.
+ */
+export function buildIntotoEntryBody(envelope) {
+    if (envelope.signatures.length === 0) {
+        throw new PassportsignError('log_submission_failed', 'envelope must have at least one signature');
+    }
+    const sig0 = envelope.signatures[0];
+    // payloadHash = sha256 of raw payload bytes.
+    const payloadBytes = new Uint8Array(Buffer.from(envelope.payload, 'base64'));
+    const payloadHashHex = createHash('sha256').update(payloadBytes).digest('hex');
+    // envelopeHash = sha256 of canonical JSON of {payloadType, payload-base64,
+    // signatures:[{sig-base64, publicKey: PEM-string [, keyid]}]} — note
+    // publicKey is the raw PEM string for this hash (not base64).
+    const sigForHash = {
+        sig: sig0.sig,
+        publicKey: sig0.publicKey,
+    };
+    if (sig0.keyid && sig0.keyid.length > 0) {
+        sigForHash['keyid'] = sig0.keyid;
+    }
+    const envelopeForHash = {
+        payloadType: envelope.payloadType,
+        payload: envelope.payload,
+        signatures: [sigForHash],
+    };
+    const envelopeHashHex = createHash('sha256')
+        .update(canonicalize(envelopeForHash))
+        .digest('hex');
+    // Build the actual submission body.
+    const sigItem = {
+        sig: Buffer.from(sig0.sig).toString('base64'),
+        publicKey: Buffer.from(sig0.publicKey).toString('base64'),
+    };
+    if (sig0.keyid && sig0.keyid.length > 0) {
+        sigItem['keyid'] = sig0.keyid;
+    }
+    return {
+        apiVersion: '0.0.2',
+        kind: 'intoto',
+        spec: {
+            content: {
+                envelope: {
+                    payloadType: envelope.payloadType,
+                    payload: Buffer.from(envelope.payload).toString('base64'),
+                    signatures: [sigItem],
+                },
+                hash: { algorithm: 'sha256', value: envelopeHashHex },
+                payloadHash: { algorithm: 'sha256', value: payloadHashHex },
+            },
+        },
+    };
+}
+function parseEntryResponse(raw) {
+    if (typeof raw !== 'object' || raw === null) {
+        throw new PassportsignError('log_submission_failed', 'malformed Rekor response (not a JSON object)');
+    }
+    const entries = Object.entries(raw);
+    if (entries.length !== 1) {
+        throw new PassportsignError('log_submission_failed', `expected exactly one UUID in Rekor response, got ${entries.length}`);
+    }
+    const [uuid, entryRaw] = entries[0];
+    const entry = entryRaw;
+    const verification = entry['verification'];
+    if (!verification) {
+        throw new PassportsignError('log_submission_failed', 'Rekor response missing verification block');
+    }
+    const inclusionProof = verification['inclusionProof'];
+    const signedEntryTimestamp = verification['signedEntryTimestamp'];
+    if (!inclusionProof || typeof signedEntryTimestamp !== 'string') {
+        throw new PassportsignError('log_submission_failed', 'Rekor response missing inclusionProof or signedEntryTimestamp');
+    }
+    return {
+        uuid,
+        logIndex: entry['logIndex'],
+        integratedTime: entry['integratedTime'],
+        logID: entry['logID'],
+        body: entry['body'],
+        ...(entry['attestation']
+            ? { attestation: entry['attestation'] }
+            : {}),
+        verification: { inclusionProof, signedEntryTimestamp },
+    };
+}
+//# sourceMappingURL=rekor.js.map

package/dist/log/rekor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rekor.js","sourceRoot":"","sources":["../../src/log/rekor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAqB,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAwDjD,MAAM,CAAC,MAAM,sBAAsB,GAAG,4BAA4B,CAAC;AAEnE,MAAM,OAAO,yBAAyB;IACnB,OAAO,CAAS;IAChB,SAAS,CAAe;IAEzC,YAAY,OAAyC,EAAE;QACrD,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,sBAAsB,CAAC;QACtD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAsB;QACvC,MAAM,IAAI,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY;QACzB,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,OAAO,uBAAuB,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,mCAAmC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACrF,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,CAAC;gBAAC,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC/D,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,4BAA4B,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAC1D,CAAC;QACJ,CAAC;QACD,OAAO,kBAAkB,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,OAAO,aAAa,CAAC,CAAC;QAChE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,kCAAkC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACpF,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,2BAA2B,QAAQ,CAAC,MAAM,EAAE,CAC7C,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAC;QACzF,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,iBAAiB,CAAC,uBAAuB,EAAE,oCAAoC,CAAC,CAAC;QAC7F,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,IACE,OAAO,QAAQ,KAAK,QAAQ;YAC5B,OAAO,QAAQ,KAAK,QAAQ;YAC5B,OAAO,cAAc,KAAK,QAAQ;YAClC,OAAO,MAAM,KAAK,QAAQ,EAC1B,CAAC;YACD,MAAM,IAAI,iBAAiB,CAAC,uBAAuB,EAAE,wCAAwC,CAAC,CAAC;QACjG,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,SAAiB,EAAE,QAAgB;QAC3D,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAC7B,GAAG,IAAI,CAAC,OAAO,+BAA+B,SAAS,aAAa,QAAQ,EAAE,CAC/E,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,2CAA2C,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAC7F,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CACtD,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAC;QACzF,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,6CAA6C,CAC9C,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EAAE,CAAC;YAC1E,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,6CAA6C,CAC9C,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,yCAAyC,CAC1C,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,MAAkB,EAAE,QAAQ,EAAE,CAAC;IAClD,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,IAAa;QACnC,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,OAAO,qBAAqB,EAAE;gBACpE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,EAAE,kBAAkB,EAAE;gBAC3E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;aAC3B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,gCAAgC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAClF,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,CAAC;gBAAC,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC/D,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,yBAAyB,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CACvD,CAAC;QACJ,CAAC;QACD,OAAO,kBAAkB,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,CAAC;CACF;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,oBAAoB,CAAC,QAAsB;IACzD,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,2CAA2C,CAC5C,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC;IAErC,6CAA6C;IAC7C,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC7E,MAAM,cAAc,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE/E,2EAA2E;IAC3E,qEAAqE;IACrE,8DAA8D;IAC9D,MAAM,UAAU,GAA2B;QACzC,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAC;IACF,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,UAAU,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;IACnC,CAAC;IACD,MAAM,eAAe,GAAG;QACtB,WAAW,EAAE,QAAQ,CAAC,WAAW;QACjC,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,UAAU,EAAE,CAAC,UAAU,CAAC;KACzB,CAAC;IACF,MAAM,eAAe,GAAG,UAAU,CAAC,QAAQ,CAAC;SACzC,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;SACrC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEjB,oCAAoC;IACpC,MAAM,OAAO,GAA2B;QACtC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC7C,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;KAC1D,CAAC;IACF,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;IAChC,CAAC;IAED,OAAO;QACL,UAAU,EAAE,OAAO;QACnB,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE;YACJ,OAAO,EAAE;gBACP,QAAQ,EAAE;oBACR,WAAW,EAAE,QAAQ,CAAC,WAAW;oBACjC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBACzD,UAAU,EAAE,CAAC,OAAO,CAAC;iBACtB;gBACD,IAAI,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE;gBACrD,WAAW,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE;aAC5D;SACF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAY;IACtC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,GAA8B,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,oDAAoD,OAAO,CAAC,MAAM,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;IACrC,MAAM,KAAK,GAAG,QAAmC,CAAC;IAClD,MAAM,YAAY,GAAG,KAAK,CAAC,cAAc,CAAwC,CAAC;IAClF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,2CAA2C,CAC5C,CAAC;IACJ,CAAC;IACD,MAAM,cAAc,GAAG,YAAY,CAAC,gBAAgB,CAA+B,CAAC;IACpF,MAAM,oBAAoB,GAAG,YAAY,CAAC,sBAAsB,CAAuB,CAAC;IACxF,IAAI,CAAC,cAAc,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;QAChE,MAAM,IAAI,iBAAiB,CACzB,uBAAuB,EACvB,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI;QACJ,QAAQ,EAAE,KAAK,CAAC,UAAU,CAAW;QACrC,cAAc,EAAE,KAAK,CAAC,gBAAgB,CAAW;QACjD,KAAK,EAAE,KAAK,CAAC,OAAO,CAAW;QAC/B,IAAI,EAAE,KAAK,CAAC,MAAM,CAAW;QAC7B,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;YACtB,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,aAAa,CAAsB,EAAE;YAC5D,CAAC,CAAC,EAAE,CAAC;QACP,YAAY,EAAE,EAAE,cAAc,EAAE,oBAAoB,EAAE;KACvD,CAAC;AACJ,CAAC"}

package/dist/merkle.d.ts

@@ -0,0 +1,37 @@
+/**
+ * RFC 6962 Merkle tree primitives — the math underneath Rekor's
+ * inclusion and consistency proofs.
+ *
+ * Algorithm ported from
+ * https://github.com/google/certificate-transparency-go/blob/master/merkle/log_verifier.go
+ * (the canonical reference implementation Sigstore tracks).
+ *
+ * Leaf hash:  sha256(0x00 || leaf-bytes)
+ * Inner hash: sha256(0x01 || left-hash || right-hash)
+ *
+ * A proof of length n+m has n "inner" hashes (siblings along the path
+ * from leaf up to the highest common ancestor with the rightmost
+ * leaf) followed by m "border" hashes (always left-leaning siblings
+ * above that ancestor). The split is determined by bit-decomposition
+ * of leafIndex against treeSize - 1.
+ */
+export declare function hashLeaf(data: Uint8Array): Uint8Array;
+export declare function hashPair(left: Uint8Array, right: Uint8Array): Uint8Array;
+/**
+ * Verify an RFC 6962 inclusion proof: prove that a leaf with hash
+ * `leafHash` at position `leafIndex` is included in a tree of size
+ * `treeSize` with root `rootHash`, using the supplied path of
+ * sibling hashes.
+ */
+export declare function verifyInclusion(leafHash: Uint8Array, leafIndex: number, treeSize: number, proof: Uint8Array[], rootHash: Uint8Array): boolean;
+/**
+ * Verify an RFC 6962 consistency proof: prove that the tree of size
+ * `firstSize` with root `firstRoot` is a prefix of the tree of size
+ * `secondSize` with root `secondRoot`. Used to detect log rewrites —
+ * if our captured root is no longer an ancestor of the current root,
+ * the log has been tampered with.
+ *
+ * Algorithm port of certificate-transparency-go's `VerifyConsistencyProof`.
+ */
+export declare function verifyConsistency(firstSize: number, secondSize: number, firstRoot: Uint8Array, secondRoot: Uint8Array, proof: Uint8Array[]): boolean;
+//# sourceMappingURL=merkle.d.ts.map

package/dist/merkle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"merkle.d.ts","sourceRoot":"","sources":["../src/merkle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,CAKrD;AAED,wBAAgB,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,GAAG,UAAU,CAMxE;AA6ED;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,UAAU,EACpB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,UAAU,EAAE,EACnB,QAAQ,EAAE,UAAU,GACnB,OAAO,CAST;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,UAAU,EACrB,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,UAAU,EAAE,GAClB,OAAO,CAsCT"}

package/dist/merkle.js

@@ -0,0 +1,160 @@
+/**
+ * RFC 6962 Merkle tree primitives — the math underneath Rekor's
+ * inclusion and consistency proofs.
+ *
+ * Algorithm ported from
+ * https://github.com/google/certificate-transparency-go/blob/master/merkle/log_verifier.go
+ * (the canonical reference implementation Sigstore tracks).
+ *
+ * Leaf hash:  sha256(0x00 || leaf-bytes)
+ * Inner hash: sha256(0x01 || left-hash || right-hash)
+ *
+ * A proof of length n+m has n "inner" hashes (siblings along the path
+ * from leaf up to the highest common ancestor with the rightmost
+ * leaf) followed by m "border" hashes (always left-leaning siblings
+ * above that ancestor). The split is determined by bit-decomposition
+ * of leafIndex against treeSize - 1.
+ */
+import { createHash } from 'node:crypto';
+export function hashLeaf(data) {
+    const buf = new Uint8Array(1 + data.length);
+    buf[0] = 0x00;
+    buf.set(data, 1);
+    return new Uint8Array(createHash('sha256').update(buf).digest());
+}
+export function hashPair(left, right) {
+    const buf = new Uint8Array(1 + left.length + right.length);
+    buf[0] = 0x01;
+    buf.set(left, 1);
+    buf.set(right, 1 + left.length);
+    return new Uint8Array(createHash('sha256').update(buf).digest());
+}
+function bytesEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    for (let i = 0; i < a.length; i++) {
+        if (a[i] !== b[i])
+            return false;
+    }
+    return true;
+}
+function bitLength(n) {
+    let len = 0;
+    while (n > 0) {
+        len++;
+        n = Math.floor(n / 2);
+    }
+    return len;
+}
+function popcount(n) {
+    let count = 0;
+    while (n > 0) {
+        count += n & 1;
+        n = Math.floor(n / 2);
+    }
+    return count;
+}
+function trailingZeros(n) {
+    if (n === 0)
+        return 64;
+    let count = 0;
+    while ((n & 1) === 0) {
+        count++;
+        n = Math.floor(n / 2);
+    }
+    return count;
+}
+function decompInclProof(leafIndex, treeSize) {
+    const inner = bitLength(leafIndex ^ (treeSize - 1));
+    const border = popcount(Math.floor(leafIndex / Math.pow(2, inner)));
+    return { inner, border };
+}
+function chainInner(seed, proof, leafIndex) {
+    let res = seed;
+    for (let i = 0; i < proof.length; i++) {
+        const bit = (Math.floor(leafIndex / Math.pow(2, i))) & 1;
+        res = bit === 0 ? hashPair(res, proof[i]) : hashPair(proof[i], res);
+    }
+    return res;
+}
+function chainInnerRight(seed, proof, leafIndex) {
+    let res = seed;
+    for (let i = 0; i < proof.length; i++) {
+        const bit = (Math.floor(leafIndex / Math.pow(2, i))) & 1;
+        if (bit === 1) {
+            res = hashPair(proof[i], res);
+        }
+    }
+    return res;
+}
+function chainBorderRight(seed, proof) {
+    let res = seed;
+    for (const p of proof) {
+        res = hashPair(p, res);
+    }
+    return res;
+}
+/**
+ * Verify an RFC 6962 inclusion proof: prove that a leaf with hash
+ * `leafHash` at position `leafIndex` is included in a tree of size
+ * `treeSize` with root `rootHash`, using the supplied path of
+ * sibling hashes.
+ */
+export function verifyInclusion(leafHash, leafIndex, treeSize, proof, rootHash) {
+    if (leafIndex < 0 || treeSize < 0 || leafIndex >= treeSize)
+        return false;
+    const { inner, border } = decompInclProof(leafIndex, treeSize);
+    if (proof.length !== inner + border)
+        return false;
+    let res = chainInner(leafHash, proof.slice(0, inner), leafIndex);
+    res = chainBorderRight(res, proof.slice(inner));
+    return bytesEqual(res, rootHash);
+}
+/**
+ * Verify an RFC 6962 consistency proof: prove that the tree of size
+ * `firstSize` with root `firstRoot` is a prefix of the tree of size
+ * `secondSize` with root `secondRoot`. Used to detect log rewrites —
+ * if our captured root is no longer an ancestor of the current root,
+ * the log has been tampered with.
+ *
+ * Algorithm port of certificate-transparency-go's `VerifyConsistencyProof`.
+ */
+export function verifyConsistency(firstSize, secondSize, firstRoot, secondRoot, proof) {
+    if (firstSize < 0 || secondSize < firstSize)
+        return false;
+    if (firstSize === secondSize) {
+        return proof.length === 0 && bytesEqual(firstRoot, secondRoot);
+    }
+    if (firstSize === 0) {
+        return proof.length === 0;
+    }
+    let { inner, border } = decompInclProof(firstSize - 1, secondSize);
+    const shift = trailingZeros(firstSize);
+    inner -= shift;
+    let seed;
+    let start;
+    if ((firstSize & (firstSize - 1)) !== 0) {
+        if (proof.length === 0)
+            return false;
+        seed = proof[0];
+        start = 1;
+    }
+    else {
+        seed = firstRoot;
+        start = 0;
+    }
+    if (proof.length !== start + inner + border)
+        return false;
+    const subProof = proof.slice(start);
+    const mask = Math.floor((firstSize - 1) / Math.pow(2, shift));
+    let hash1 = chainInnerRight(seed, subProof.slice(0, inner), mask);
+    hash1 = chainBorderRight(hash1, subProof.slice(inner));
+    if (!bytesEqual(hash1, firstRoot))
+        return false;
+    let hash2 = chainInner(seed, subProof.slice(0, inner), mask);
+    hash2 = chainBorderRight(hash2, subProof.slice(inner));
+    if (!bytesEqual(hash2, secondRoot))
+        return false;
+    return true;
+}
+//# sourceMappingURL=merkle.js.map

package/dist/merkle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"merkle.js","sourceRoot":"","sources":["../src/merkle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,UAAU,QAAQ,CAAC,IAAgB;IACvC,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACd,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACjB,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,IAAgB,EAAE,KAAiB;IAC1D,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3D,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACd,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACjB,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAChC,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,UAAU,CAAC,CAAa,EAAE,CAAa;IAC9C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IAClC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,SAAS,CAAC,CAAS;IAC1B,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACb,GAAG,EAAE,CAAC;QACN,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS;IACzB,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACvB,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QACrB,KAAK,EAAE,CAAC;QACR,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAOD,SAAS,eAAe,CAAC,SAAiB,EAAE,QAAgB;IAC1D,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;IACpE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AAC3B,CAAC;AAED,SAAS,UAAU,CAAC,IAAgB,EAAE,KAAmB,EAAE,SAAiB;IAC1E,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACzD,GAAG,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,GAAG,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,eAAe,CAAC,IAAgB,EAAE,KAAmB,EAAE,SAAiB;IAC/E,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACzD,IAAI,GAAG,KAAK,CAAC,EAAE,CAAC;YACd,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAgB,EAAE,KAAmB;IAC7D,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,GAAG,GAAG,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAoB,EACpB,SAAiB,EACjB,QAAgB,EAChB,KAAmB,EACnB,QAAoB;IAEpB,IAAI,SAAS,GAAG,CAAC,IAAI,QAAQ,GAAG,CAAC,IAAI,SAAS,IAAI,QAAQ;QAAE,OAAO,KAAK,CAAC;IAEzE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,eAAe,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC/D,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,GAAG,MAAM;QAAE,OAAO,KAAK,CAAC;IAElD,IAAI,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;IACjE,GAAG,GAAG,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;IAChD,OAAO,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;AACnC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAC/B,SAAiB,EACjB,UAAkB,EAClB,SAAqB,EACrB,UAAsB,EACtB,KAAmB;IAEnB,IAAI,SAAS,GAAG,CAAC,IAAI,UAAU,GAAG,SAAS;QAAE,OAAO,KAAK,CAAC;IAC1D,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACpB,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,eAAe,CAAC,SAAS,GAAG,CAAC,EAAE,UAAU,CAAC,CAAC;IACnE,MAAM,KAAK,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;IACvC,KAAK,IAAI,KAAK,CAAC;IAEf,IAAI,IAAgB,CAAC;IACrB,IAAI,KAAa,CAAC;IAClB,IAAI,CAAC,SAAS,GAAG,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QACxC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QACrC,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACjB,KAAK,GAAG,CAAC,CAAC;IACZ,CAAC;SAAM,CAAC;QACN,IAAI,GAAG,SAAS,CAAC;QACjB,KAAK,GAAG,CAAC,CAAC;IACZ,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,GAAG,KAAK,GAAG,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1D,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEpC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;IAE9D,IAAI,KAAK,GAAG,eAAe,CAAC,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;IAClE,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;IACvD,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,SAAS,CAAC;QAAE,OAAO,KAAK,CAAC;IAEhD,IAAI,KAAK,GAAG,UAAU,CAAC,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;IAC7D,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;IACvD,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,UAAU,CAAC;QAAE,OAAO,KAAK,CAAC;IAEjD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/nonce.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Binding nonce per spec §3 step 1: cryptographically random, ≥128 bits,
+ * base32-encoded for gist-friendliness, prefixed with the service
+ * namespace ("zkm-") and the username for human readability.
+ *
+ * Format: `zkm-{username}-{base32}`
+ * Entropy: 160 bits (20 bytes → 32 base32 chars).
+ */
+export declare const NONCE_BYTES = 20;
+export declare const NONCE_BASE32_LENGTH = 32;
+/**
+ * RFC 4648 base32 (lowercase, no padding) of the input bytes.
+ *
+ * Uses BigInt to avoid 32-bit overflow when accumulating ≥4 bytes.
+ */
+export declare function base32Encode(bytes: Uint8Array): string;
+/**
+ * Generate a fresh nonce for a binding session.
+ *
+ * @param username - GitHub username to embed in the nonce (case preserved).
+ * @returns `zkm-<username>-<32 base32 chars>` (length-stable for valid usernames).
+ */
+export declare function generateNonce(username: string): string;
+//# sourceMappingURL=nonce.d.ts.map

package/dist/nonce.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nonce.d.ts","sourceRoot":"","sources":["../src/nonce.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,eAAO,MAAM,WAAW,KAAK,CAAC;AAC9B,eAAO,MAAM,mBAAmB,KAAK,CAAC;AAEtC;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAkBtD;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAMtD"}

package/dist/nonce.js

@@ -0,0 +1,50 @@
+/**
+ * Binding nonce per spec §3 step 1: cryptographically random, ≥128 bits,
+ * base32-encoded for gist-friendliness, prefixed with the service
+ * namespace ("zkm-") and the username for human readability.
+ *
+ * Format: `zkm-{username}-{base32}`
+ * Entropy: 160 bits (20 bytes → 32 base32 chars).
+ */
+import { randomBytes } from 'node:crypto';
+const BASE32_ALPHABET = 'abcdefghijklmnopqrstuvwxyz234567';
+export const NONCE_BYTES = 20;
+export const NONCE_BASE32_LENGTH = 32; // (20 * 8) / 5
+/**
+ * RFC 4648 base32 (lowercase, no padding) of the input bytes.
+ *
+ * Uses BigInt to avoid 32-bit overflow when accumulating ≥4 bytes.
+ */
+export function base32Encode(bytes) {
+    let bits = 0n;
+    let bitCount = 0;
+    let result = '';
+    for (const byte of bytes) {
+        bits = (bits << 8n) | BigInt(byte);
+        bitCount += 8;
+        while (bitCount >= 5) {
+            bitCount -= 5;
+            const idx = Number((bits >> BigInt(bitCount)) & 0x1fn);
+            result += BASE32_ALPHABET[idx];
+        }
+    }
+    if (bitCount > 0) {
+        const idx = Number((bits << BigInt(5 - bitCount)) & 0x1fn);
+        result += BASE32_ALPHABET[idx];
+    }
+    return result;
+}
+/**
+ * Generate a fresh nonce for a binding session.
+ *
+ * @param username - GitHub username to embed in the nonce (case preserved).
+ * @returns `zkm-<username>-<32 base32 chars>` (length-stable for valid usernames).
+ */
+export function generateNonce(username) {
+    if (username.length === 0) {
+        throw new TypeError('generateNonce: username must be non-empty');
+    }
+    const bytes = randomBytes(NONCE_BYTES);
+    return `zkm-${username}-${base32Encode(bytes)}`;
+}
+//# sourceMappingURL=nonce.js.map

package/dist/nonce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nonce.js","sourceRoot":"","sources":["../src/nonce.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,MAAM,eAAe,GAAG,kCAAkC,CAAC;AAC3D,MAAM,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC9B,MAAM,CAAC,MAAM,mBAAmB,GAAG,EAAE,CAAC,CAAC,eAAe;AAEtD;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,KAAiB;IAC5C,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QACnC,QAAQ,IAAI,CAAC,CAAC;QACd,OAAO,QAAQ,IAAI,CAAC,EAAE,CAAC;YACrB,QAAQ,IAAI,CAAC,CAAC;YACd,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;QACjB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;QAC3D,MAAM,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC5C,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAC;IACnE,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACvC,OAAO,OAAO,QAAQ,IAAI,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;AAClD,CAAC"}

package/dist/sdk-payload.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Pack/unpack the zkPassport SDK inputs that a verifier needs to re-run
+ * proof verification offline.
+ *
+ * Rather than expanding the bundle schema, we re-purpose the existing
+ * `proof_blob` field: it's the base64 of canonical JCS bytes of an
+ * {@link SdkPayload} object. The statement's `proof_blob_sha256` already
+ * binds those bytes to the rest of the binding — Day 5's hash check
+ * carries through.
+ */
+export interface SdkPayload {
+    /** The zkPassport SDK version that produced these proofs. */
+    sdk_version: string;
+    /** Array of ProofResult objects from onProofGenerated callbacks. */
+    proofs: unknown[];
+    /** The Query object from queryBuilder, in serialised form. */
+    original_query: unknown;
+    /** The QueryResult from the SDK's onResult callback. */
+    query_result: unknown;
+    /** Whether the proofs are mock (zkPassport dev mode). */
+    dev_mode: boolean;
+}
+export interface PackedSdkPayload {
+    /** Canonical bytes (RFC 8785 JCS UTF-8). */
+    bytes: Uint8Array;
+    /** Base64 of `bytes` — the value that goes into `bundle.proof_blob`. */
+    b64: string;
+    /** Lowercase-hex SHA-256 of `bytes` — the value that goes into the statement's `proof_blob_sha256`. */
+    sha256Hex: string;
+}
+export declare function packSdkPayload(payload: SdkPayload): PackedSdkPayload;
+export declare function unpackSdkPayload(b64: string): SdkPayload;
+//# sourceMappingURL=sdk-payload.d.ts.map