@peac/adapter-eat 0.12.6

package/LICENSE

@@ -0,0 +1,190 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+Copyright 2025-2026 PEAC Protocol Contributors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

package/README.md

@@ -0,0 +1,72 @@
+# @peac/adapter-eat
+
+EAT (Entity Attestation Token, RFC 9711) passport decoder and PEAC claim mapper with privacy-first defaults.
+
+## Installation
+
+```bash
+pnpm add @peac/adapter-eat
+```
+
+## What It Does
+
+`@peac/adapter-eat` is a Layer 4 adapter that decodes COSE_Sign1 structures (RFC 9052) containing Entity Attestation Token payloads and maps them into Interaction Record format claims. It verifies Ed25519 signatures, enforces a 64 KB size limit before CBOR decode to prevent denial-of-service, and hashes all claim values with SHA-256 by default so that no raw attestation data leaks into PEAC receipts.
+
+## How Do I Use It?
+
+### Decode and verify an EAT passport
+
+```typescript
+import { decodeEatPassport } from '@peac/adapter-eat';
+
+const result = await decodeEatPassport(coseBytes, publicKey);
+
+if (result.verified) {
+  console.log('Claims:', result.claims);
+  console.log('Algorithm:', result.headers.alg); // -8 (EdDSA)
+}
+```
+
+### Map EAT claims to PEAC receipt claims
+
+```typescript
+import { decodeEatPassport, mapEatClaims } from '@peac/adapter-eat';
+
+const result = await decodeEatPassport(coseBytes, publicKey);
+if (result.verified) {
+  // Privacy-first: all values are SHA-256 hashed by default
+  const mapped = await mapEatClaims(result.claims);
+  console.log('Type:', mapped.type); // 'org.peacprotocol/attestation'
+  console.log('Pillars:', mapped.pillars); // ['identity']
+  console.log('Values:', mapped.values); // Map<number, string> with hashed values
+
+  // Opt in to raw values when needed
+  const raw = await mapEatClaims(result.claims, { includeRawClaims: true });
+}
+```
+
+## Integrates With
+
+- `@peac/kernel` (Layer 0): Wire constants and types
+- `@peac/schema` (Layer 1): Interaction Record format claim schemas
+- `@peac/crypto` (Layer 2): Ed25519 signature verification and SHA-256 hashing
+- `@peac/protocol` (Layer 3): Receipt issuance with mapped EAT claims
+
+## For Agent Developers
+
+If you are building an agent that needs to verify device or entity attestations:
+
+- Use `decodeEatPassport()` to decode and verify COSE_Sign1 tokens from hardware or software attestation sources
+- Use `mapEatClaims()` to convert verified attestations into PEAC receipt claims with privacy-safe defaults
+- Only Ed25519 (COSE algorithm -8) is supported; all other algorithms are rejected
+- See the [llms.txt](https://github.com/peacprotocol/peac/blob/main/llms.txt) for a concise protocol overview
+
+## License
+
+Apache-2.0
+
+---
+
+PEAC Protocol is an open source project stewarded by Originary and community contributors.
+
+[Docs](https://www.peacprotocol.org) | [GitHub](https://github.com/peacprotocol/peac) | [Originary](https://www.originary.xyz)

package/dist/claim-mapper.d.ts

@@ -0,0 +1,24 @@
+/**
+ * EAT Claim Mapper: maps EAT claims to Wire 0.2 receipt claims
+ *
+ * Privacy-first: all claim values are SHA-256 hashed by default.
+ * Callers opt in to raw value inclusion via `includeRawClaims` option.
+ * This prevents accidental PII leakage from EAT attestations into PEAC receipts.
+ *
+ * References:
+ *   - RFC 9711 (Entity Attestation Token)
+ *   - Wire 0.2 spec: kind, type, pillars, extensions
+ */
+import type { EatClaims, ClaimMapperOptions, MappedEatClaims } from './types.js';
+/**
+ * Map EAT claims to Wire 0.2 receipt claims.
+ *
+ * Privacy-first: claim values are SHA-256 hashed unless their integer key
+ * appears in `options.includeRawClaims`. This prevents accidental PII leakage.
+ *
+ * @param claims - Decoded EAT claims map
+ * @param options - Mapper configuration
+ * @returns Mapped claims suitable for Wire 0.2 receipt issuance
+ */
+export declare function mapEatClaims(claims: EatClaims, options?: ClaimMapperOptions): Promise<MappedEatClaims>;
+//# sourceMappingURL=claim-mapper.d.ts.map

package/dist/claim-mapper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"claim-mapper.d.ts","sourceRoot":"","sources":["../src/claim-mapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,KAAK,EAAE,SAAS,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AA0CjF;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,SAAS,EACjB,OAAO,GAAE,kBAAuB,GAC/B,OAAO,CAAC,eAAe,CAAC,CA+B1B"}

package/dist/index.cjs

@@ -0,0 +1,262 @@
+'use strict';
+
+var cbor = require('cbor');
+var crypto = require('@peac/crypto');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var cbor__default = /*#__PURE__*/_interopDefault(cbor);
+
+// src/types.ts
+var COSE_ALG = {
+  /** EdDSA (Ed25519 or Ed448) */
+  EdDSA: -8
+};
+var EAT_CLAIM_KEY = {
+  iss: 1,
+  sub: 2,
+  aud: 3,
+  exp: 4,
+  nbf: 5,
+  iat: 6,
+  cti: 7,
+  nonce: 10,
+  ueid: 256,
+  sueids: 257,
+  oemid: 258,
+  hwmodel: 259,
+  hwversion: 260,
+  swname: 271,
+  swversion: 272,
+  oemueid: 273,
+  secboot: 262,
+  dbgstat: 263,
+  location: 264,
+  profile: 265,
+  submods: 266,
+  uptime: 261,
+  intuse: 267,
+  dloas: 268,
+  manifests: 269,
+  measurements: 270
+};
+var EAT_SIZE_LIMIT = 65536;
+var cborDecode = cbor__default.default.decode;
+var cborEncode = cbor__default.default.encode;
+var EatAdapterError = class extends Error {
+  constructor(message, code) {
+    super(message);
+    this.code = code;
+    this.name = "EatAdapterError";
+  }
+};
+function decodeCoseSign1(data) {
+  let decoded;
+  try {
+    decoded = cborDecode(data);
+  } catch {
+    throw new EatAdapterError("EAT token is not valid CBOR", "E_EAT_INVALID_CBOR");
+  }
+  if (!Array.isArray(decoded) || decoded.length !== 4) {
+    throw new EatAdapterError(
+      "EAT token is not a valid COSE_Sign1 structure (expected 4-element array)",
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  const [protectedBytes, unprotectedMap, payload, signature] = decoded;
+  if (!(protectedBytes instanceof Uint8Array)) {
+    throw new EatAdapterError(
+      "COSE_Sign1 protected header must be a byte string",
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  if (payload === null) {
+    throw new EatAdapterError(
+      "Detached COSE_Sign1 payload (null) is not supported; EAT tokens require an attached payload",
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  if (!(payload instanceof Uint8Array)) {
+    throw new EatAdapterError("COSE_Sign1 payload must be a byte string", "E_EAT_INVALID_COSE");
+  }
+  if (!(signature instanceof Uint8Array)) {
+    throw new EatAdapterError("COSE_Sign1 signature must be a byte string", "E_EAT_INVALID_COSE");
+  }
+  if (signature.length !== 64) {
+    throw new EatAdapterError(
+      `COSE_Sign1 signature has unexpected length ${signature.length} (expected 64 for Ed25519)`,
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  return {
+    protected: protectedBytes,
+    unprotected: unprotectedMap instanceof Map ? unprotectedMap : /* @__PURE__ */ new Map(),
+    payload,
+    signature
+  };
+}
+function decodeProtectedHeaders(protectedBytes) {
+  if (protectedBytes.length === 0) {
+    throw new EatAdapterError("COSE_Sign1 protected headers are empty", "E_EAT_INVALID_COSE");
+  }
+  let headerMap;
+  try {
+    headerMap = cborDecode(protectedBytes);
+  } catch {
+    throw new EatAdapterError(
+      "COSE_Sign1 protected headers are not valid CBOR",
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  if (!(headerMap instanceof Map)) {
+    throw new EatAdapterError(
+      "COSE_Sign1 protected headers must be a CBOR map",
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  const alg = headerMap.get(1);
+  if (typeof alg !== "number") {
+    throw new EatAdapterError(
+      "COSE_Sign1 protected headers missing algorithm (label 1)",
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  if (alg !== COSE_ALG.EdDSA) {
+    throw new EatAdapterError(
+      `Unsupported COSE algorithm ${alg}; only EdDSA (-8) is supported`,
+      "E_EAT_UNSUPPORTED_ALG"
+    );
+  }
+  const kid = headerMap.get(4);
+  return {
+    alg,
+    kid: kid instanceof Uint8Array || typeof kid === "string" ? kid : void 0
+  };
+}
+function decodeEatClaims(payload) {
+  if (payload.length === 0) {
+    return /* @__PURE__ */ new Map();
+  }
+  let decoded;
+  try {
+    decoded = cborDecode(payload);
+  } catch {
+    throw new EatAdapterError("EAT payload is not valid CBOR", "E_EAT_INVALID_CBOR");
+  }
+  if (decoded instanceof Map) {
+    return decoded;
+  }
+  if (typeof decoded === "object" && decoded !== null && !Array.isArray(decoded)) {
+    const map = /* @__PURE__ */ new Map();
+    for (const [k, v] of Object.entries(decoded)) {
+      const numKey = Number(k);
+      map.set(Number.isInteger(numKey) ? numKey : k, v);
+    }
+    return map;
+  }
+  throw new EatAdapterError("EAT payload must be a CBOR map", "E_EAT_INVALID_CBOR");
+}
+function buildSigStructure(protectedBytes, payload, externalAad = new Uint8Array(0)) {
+  const sigStructure = ["Signature1", protectedBytes, externalAad, payload];
+  return cborEncode(sigStructure);
+}
+async function decodeEatPassport(data, publicKey) {
+  if (data.length > EAT_SIZE_LIMIT) {
+    throw new EatAdapterError(
+      `EAT token is ${data.length} bytes, exceeding ${EAT_SIZE_LIMIT} byte limit`,
+      "E_EAT_SIZE_EXCEEDED"
+    );
+  }
+  if (data.length === 0) {
+    throw new EatAdapterError("EAT token is empty", "E_EAT_INVALID_CBOR");
+  }
+  const coseSign1 = decodeCoseSign1(data);
+  const headers = decodeProtectedHeaders(coseSign1.protected);
+  const claims = decodeEatClaims(coseSign1.payload);
+  let signatureValid;
+  if (publicKey !== void 0) {
+    if (publicKey.length !== 32) {
+      throw new EatAdapterError(
+        `Ed25519 public key must be 32 bytes, got ${publicKey.length}`,
+        "E_EAT_SIGNATURE_FAILED"
+      );
+    }
+    const sigStructureBytes = buildSigStructure(coseSign1.protected, coseSign1.payload);
+    try {
+      signatureValid = await crypto.ed25519Verify(coseSign1.signature, sigStructureBytes, publicKey);
+    } catch {
+      throw new EatAdapterError("Ed25519 signature verification failed", "E_EAT_SIGNATURE_FAILED");
+    }
+    if (!signatureValid) {
+      throw new EatAdapterError(
+        "COSE_Sign1 Ed25519 signature is invalid",
+        "E_EAT_SIGNATURE_FAILED"
+      );
+    }
+  }
+  return { headers, claims, signatureValid };
+}
+var DEFAULT_TYPE = "org.peacprotocol/attestation";
+var DEFAULT_PILLARS = ["identity"];
+var CLAIM_LABEL_NAMES = {
+  [EAT_CLAIM_KEY.iss]: "iss",
+  [EAT_CLAIM_KEY.sub]: "sub",
+  [EAT_CLAIM_KEY.aud]: "aud",
+  [EAT_CLAIM_KEY.exp]: "exp",
+  [EAT_CLAIM_KEY.nbf]: "nbf",
+  [EAT_CLAIM_KEY.iat]: "iat",
+  [EAT_CLAIM_KEY.cti]: "cti",
+  [EAT_CLAIM_KEY.nonce]: "nonce",
+  [EAT_CLAIM_KEY.ueid]: "ueid",
+  [EAT_CLAIM_KEY.sueids]: "sueids",
+  [EAT_CLAIM_KEY.oemid]: "oemid",
+  [EAT_CLAIM_KEY.hwmodel]: "hwmodel",
+  [EAT_CLAIM_KEY.hwversion]: "hwversion",
+  [EAT_CLAIM_KEY.swname]: "swname",
+  [EAT_CLAIM_KEY.swversion]: "swversion",
+  [EAT_CLAIM_KEY.secboot]: "secboot",
+  [EAT_CLAIM_KEY.dbgstat]: "dbgstat"
+};
+function serializeClaimValue(value) {
+  if (value instanceof Uint8Array) {
+    return Array.from(value).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  if (typeof value === "string") return value;
+  if (typeof value === "number") return String(value);
+  if (typeof value === "boolean") return String(value);
+  return JSON.stringify(value);
+}
+async function mapEatClaims(claims, options = {}) {
+  const { includeRawClaims = [], type = DEFAULT_TYPE, pillars = DEFAULT_PILLARS } = options;
+  const rawSet = new Set(includeRawClaims);
+  const attestationClaims = {};
+  for (const [key, value] of claims) {
+    if (typeof key !== "number") continue;
+    const labelName = CLAIM_LABEL_NAMES[key] ?? `claim_${key}`;
+    const serialized = serializeClaimValue(value);
+    if (rawSet.has(key)) {
+      attestationClaims[labelName] = serialized;
+    } else {
+      attestationClaims[labelName] = `sha256:${await crypto.sha256Hex(serialized)}`;
+    }
+  }
+  const issValue = claims.get(EAT_CLAIM_KEY.iss);
+  const subValue = claims.get(EAT_CLAIM_KEY.sub);
+  return {
+    kind: "evidence",
+    type,
+    pillars,
+    attestation_claims: attestationClaims,
+    eat_iss: typeof issValue === "string" ? issValue : void 0,
+    eat_sub: typeof subValue === "string" ? subValue : void 0
+  };
+}
+
+exports.COSE_ALG = COSE_ALG;
+exports.EAT_CLAIM_KEY = EAT_CLAIM_KEY;
+exports.EAT_SIZE_LIMIT = EAT_SIZE_LIMIT;
+exports.EatAdapterError = EatAdapterError;
+exports.decodeEatPassport = decodeEatPassport;
+exports.mapEatClaims = mapEatClaims;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/types.ts","../src/passport.ts","../src/claim-mapper.ts"],"names":["cbor","ed25519Verify","sha256Hex"],"mappings":";;;;;;;;;;AAwCO,IAAM,QAAA,GAAW;AAAA;AAAA,EAEtB,KAAA,EAAO;AACT;AAOO,IAAM,aAAA,GAAgB;AAAA,EAC3B,GAAA,EAAK,CAAA;AAAA,EACL,GAAA,EAAK,CAAA;AAAA,EACL,GAAA,EAAK,CAAA;AAAA,EACL,GAAA,EAAK,CAAA;AAAA,EACL,GAAA,EAAK,CAAA;AAAA,EACL,GAAA,EAAK,CAAA;AAAA,EACL,GAAA,EAAK,CAAA;AAAA,EACL,KAAA,EAAO,EAAA;AAAA,EACP,IAAA,EAAM,GAAA;AAAA,EACN,MAAA,EAAQ,GAAA;AAAA,EACR,KAAA,EAAO,GAAA;AAAA,EACP,OAAA,EAAS,GAAA;AAAA,EACT,SAAA,EAAW,GAAA;AAAA,EACX,MAAA,EAAQ,GAAA;AAAA,EACR,SAAA,EAAW,GAAA;AAAA,EACX,OAAA,EAAS,GAAA;AAAA,EACT,OAAA,EAAS,GAAA;AAAA,EACT,OAAA,EAAS,GAAA;AAAA,EACT,QAAA,EAAU,GAAA;AAAA,EACV,OAAA,EAAS,GAAA;AAAA,EACT,OAAA,EAAS,GAAA;AAAA,EACT,MAAA,EAAQ,GAAA;AAAA,EACR,MAAA,EAAQ,GAAA;AAAA,EACR,KAAA,EAAO,GAAA;AAAA,EACP,SAAA,EAAW,GAAA;AAAA,EACX,YAAA,EAAc;AAChB;AAgDO,IAAM,cAAA,GAAiB;ACvG9B,IAAM,aAAaA,qBAAA,CAAK,MAAA;AACxB,IAAM,aAAaA,qBAAA,CAAK,MAAA;AAMjB,IAAM,eAAA,GAAN,cAA8B,KAAA,CAAM;AAAA,EACzC,WAAA,CACE,SACgB,IAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AAAA,EACd;AACF;AAYA,SAAS,gBAAgB,IAAA,EAA6B;AACpD,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI;AACF,IAAA,OAAA,GAAU,WAAW,IAAI,CAAA;AAAA,EAC3B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,eAAA,CAAgB,6BAAA,EAA+B,oBAAoB,CAAA;AAAA,EAC/E;AAGA,EAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,IAAK,OAAA,CAAQ,WAAW,CAAA,EAAG;AACnD,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,0EAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,CAAC,cAAA,EAAgB,cAAA,EAAgB,OAAA,EAAS,SAAS,CAAA,GAAI,OAAA;AAE7D,EAAA,IAAI,EAAE,0BAA0B,UAAA,CAAA,EAAa;AAC3C,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,mDAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,YAAY,IAAA,EAAM;AACpB,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,6FAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,EAAE,mBAAmB,UAAA,CAAA,EAAa;AACpC,IAAA,MAAM,IAAI,eAAA,CAAgB,0CAAA,EAA4C,oBAAoB,CAAA;AAAA,EAC5F;AAEA,EAAA,IAAI,EAAE,qBAAqB,UAAA,CAAA,EAAa;AACtC,IAAA,MAAM,IAAI,eAAA,CAAgB,4CAAA,EAA8C,oBAAoB,CAAA;AAAA,EAC9F;AAGA,EAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,CAAA,2CAAA,EAA8C,UAAU,MAAM,CAAA,0BAAA,CAAA;AAAA,MAC9D;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,cAAA;AAAA,IACX,WAAA,EAAa,cAAA,YAA0B,GAAA,GAAM,cAAA,uBAAqB,GAAA,EAAqB;AAAA,IACvF,OAAA;AAAA,IACA;AAAA,GACF;AACF;AASA,SAAS,uBAAuB,cAAA,EAAkD;AAChF,EAAA,IAAI,cAAA,CAAe,WAAW,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,eAAA,CAAgB,wCAAA,EAA0C,oBAAoB,CAAA;AAAA,EAC1F;AAEA,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI;AACF,IAAA,SAAA,GAAY,WAAW,cAAc,CAAA;AAAA,EACvC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,iDAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,EAAE,qBAAqB,GAAA,CAAA,EAAM;AAC/B,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,iDAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAGA,EAAA,MAAM,GAAA,GAAM,SAAA,CAAU,GAAA,CAAI,CAAC,CAAA;AAC3B,EAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,0DAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,GAAA,KAAQ,SAAS,KAAA,EAAO;AAC1B,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,8BAA8B,GAAG,CAAA,8BAAA,CAAA;AAAA,MACjC;AAAA,KACF;AAAA,EACF;AAGA,EAAA,MAAM,GAAA,GAAM,SAAA,CAAU,GAAA,CAAI,CAAC,CAAA;AAE3B,EAAA,OAAO;AAAA,IACL,GAAA;AAAA,IACA,KAAK,GAAA,YAAe,UAAA,IAAc,OAAO,GAAA,KAAQ,WAAW,GAAA,GAAM;AAAA,GACpE;AACF;AASA,SAAS,gBAAgB,OAAA,EAAgC;AACvD,EAAA,IAAI,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxB,IAAA,2BAAW,GAAA,EAAI;AAAA,EACjB;AAEA,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI;AACF,IAAA,OAAA,GAAU,WAAW,OAAO,CAAA;AAAA,EAC9B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,eAAA,CAAgB,+BAAA,EAAiC,oBAAoB,CAAA;AAAA,EACjF;AAEA,EAAA,IAAI,mBAAmB,GAAA,EAAK;AAC1B,IAAA,OAAO,OAAA;AAAA,EACT;AAIA,EAAA,IAAI,OAAO,YAAY,QAAA,IAAY,OAAA,KAAY,QAAQ,CAAC,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,EAAG;AAC9E,IAAA,MAAM,GAAA,uBAAU,GAAA,EAA8B;AAC9C,IAAA,KAAA,MAAW,CAAC,CAAA,EAAG,CAAC,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAkC,CAAA,EAAG;AACvE,MAAA,MAAM,MAAA,GAAS,OAAO,CAAC,CAAA;AACvB,MAAA,GAAA,CAAI,IAAI,MAAA,CAAO,SAAA,CAAU,MAAM,CAAA,GAAI,MAAA,GAAS,GAAG,CAAC,CAAA;AAAA,IAClD;AACA,IAAA,OAAO,GAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAI,eAAA,CAAgB,gCAAA,EAAkC,oBAAoB,CAAA;AAClF;AAiBA,SAAS,kBACP,cAAA,EACA,OAAA,EACA,cAA0B,IAAI,UAAA,CAAW,CAAC,CAAA,EAC9B;AACZ,EAAA,MAAM,YAAA,GAAe,CAAC,YAAA,EAAc,cAAA,EAAgB,aAAa,OAAO,CAAA;AACxE,EAAA,OAAO,WAAW,YAAY,CAAA;AAChC;AAcA,eAAsB,iBAAA,CACpB,MACA,SAAA,EAC4B;AAE5B,EAAA,IAAI,IAAA,CAAK,SAAS,cAAA,EAAgB;AAChC,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,CAAA,aAAA,EAAgB,IAAA,CAAK,MAAM,CAAA,kBAAA,EAAqB,cAAc,CAAA,WAAA,CAAA;AAAA,MAC9D;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACrB,IAAA,MAAM,IAAI,eAAA,CAAgB,oBAAA,EAAsB,oBAAoB,CAAA;AAAA,EACtE;AAGA,EAAA,MAAM,SAAA,GAAY,gBAAgB,IAAI,CAAA;AAGtC,EAAA,MAAM,OAAA,GAAU,sBAAA,CAAuB,SAAA,CAAU,SAAS,CAAA;AAG1D,EAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,SAAA,CAAU,OAAO,CAAA;AAGhD,EAAA,IAAI,cAAA;AACJ,EAAA,IAAI,cAAc,MAAA,EAAW;AAC3B,IAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,MAAA,MAAM,IAAI,eAAA;AAAA,QACR,CAAA,yCAAA,EAA4C,UAAU,MAAM,CAAA,CAAA;AAAA,QAC5D;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,iBAAA,GAAoB,iBAAA,CAAkB,SAAA,CAAU,SAAA,EAAW,UAAU,OAAO,CAAA;AAElF,IAAA,IAAI;AACF,MAAA,cAAA,GAAiB,MAAMC,oBAAA,CAAc,SAAA,CAAU,SAAA,EAAW,mBAAmB,SAAS,CAAA;AAAA,IACxF,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAI,eAAA,CAAgB,uCAAA,EAAyC,wBAAwB,CAAA;AAAA,IAC7F;AAEA,IAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,MAAA,MAAM,IAAI,eAAA;AAAA,QACR,yCAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,OAAA,EAAS,MAAA,EAAQ,cAAA,EAAe;AAC3C;AC5QA,IAAM,YAAA,GAAe,8BAAA;AACrB,IAAM,eAAA,GAAkB,CAAC,UAAU,CAAA;AAGnC,IAAM,iBAAA,GAA4C;AAAA,EAChD,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,KAAK,GAAG,OAAA;AAAA,EACvB,CAAC,aAAA,CAAc,IAAI,GAAG,MAAA;AAAA,EACtB,CAAC,aAAA,CAAc,MAAM,GAAG,QAAA;AAAA,EACxB,CAAC,aAAA,CAAc,KAAK,GAAG,OAAA;AAAA,EACvB,CAAC,aAAA,CAAc,OAAO,GAAG,SAAA;AAAA,EACzB,CAAC,aAAA,CAAc,SAAS,GAAG,WAAA;AAAA,EAC3B,CAAC,aAAA,CAAc,MAAM,GAAG,QAAA;AAAA,EACxB,CAAC,aAAA,CAAc,SAAS,GAAG,WAAA;AAAA,EAC3B,CAAC,aAAA,CAAc,OAAO,GAAG,SAAA;AAAA,EACzB,CAAC,aAAA,CAAc,OAAO,GAAG;AAC3B,CAAA;AAMA,SAAS,oBAAoB,KAAA,EAAwB;AACnD,EAAA,IAAI,iBAAiB,UAAA,EAAY;AAC/B,IAAA,OAAO,MAAM,IAAA,CAAK,KAAK,CAAA,CACpB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AAAA,EACZ;AACA,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA;AACtC,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,OAAO,KAAK,CAAA;AAClD,EAAA,IAAI,OAAO,KAAA,KAAU,SAAA,EAAW,OAAO,OAAO,KAAK,CAAA;AACnD,EAAA,OAAO,IAAA,CAAK,UAAU,KAAK,CAAA;AAC7B;AAYA,eAAsB,YAAA,CACpB,MAAA,EACA,OAAA,GAA8B,EAAC,EACL;AAC1B,EAAA,MAAM,EAAE,mBAAmB,EAAC,EAAG,OAAO,YAAA,EAAc,OAAA,GAAU,iBAAgB,GAAI,OAAA;AAElF,EAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,gBAAgB,CAAA;AACvC,EAAA,MAAM,oBAA4C,EAAC;AAEnD,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,CAAA,IAAK,MAAA,EAAQ;AACjC,IAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAE7B,IAAA,MAAM,SAAA,GAAY,iBAAA,CAAkB,GAAG,CAAA,IAAK,SAAS,GAAG,CAAA,CAAA;AACxD,IAAA,MAAM,UAAA,GAAa,oBAAoB,KAAK,CAAA;AAE5C,IAAA,IAAI,MAAA,CAAO,GAAA,CAAI,GAAG,CAAA,EAAG;AACnB,MAAA,iBAAA,CAAkB,SAAS,CAAA,GAAI,UAAA;AAAA,IACjC,CAAA,MAAO;AACL,MAAA,iBAAA,CAAkB,SAAS,CAAA,GAAI,CAAA,OAAA,EAAU,MAAMC,gBAAA,CAAU,UAAU,CAAC,CAAA,CAAA;AAAA,IACtE;AAAA,EACF;AAGA,EAAA,MAAM,QAAA,GAAW,MAAA,CAAO,GAAA,CAAI,aAAA,CAAc,GAAG,CAAA;AAC7C,EAAA,MAAM,QAAA,GAAW,MAAA,CAAO,GAAA,CAAI,aAAA,CAAc,GAAG,CAAA;AAE7C,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,UAAA;AAAA,IACN,IAAA;AAAA,IACA,OAAA;AAAA,IACA,kBAAA,EAAoB,iBAAA;AAAA,IACpB,OAAA,EAAS,OAAO,QAAA,KAAa,QAAA,GAAW,QAAA,GAAW,MAAA;AAAA,IACnD,OAAA,EAAS,OAAO,QAAA,KAAa,QAAA,GAAW,QAAA,GAAW;AAAA,GACrD;AACF","file":"index.cjs","sourcesContent":["/**\n * EAT (Entity Attestation Token) and COSE types\n *\n * References:\n *   - RFC 9711 (Entity Attestation Token)\n *   - RFC 9052 Section 4.2 (COSE_Sign1)\n *   - RFC 9053 (COSE Initial Algorithms)\n *   - RFC 8949 (CBOR)\n */\n\n/**\n * COSE_Sign1 structure per RFC 9052 Section 4.2.\n *\n * COSE_Sign1 = [\n *   protected : bstr,        -- Serialized protected headers (CBOR-encoded map)\n *   unprotected : map,       -- Unprotected headers (CBOR map, may be empty)\n *   payload : bstr / nil,    -- Payload bytes\n *   signature : bstr         -- Signature bytes\n * ]\n */\nexport interface CoseSign1 {\n  protected: Uint8Array;\n  unprotected: Map<number, unknown>;\n  payload: Uint8Array;\n  signature: Uint8Array;\n}\n\n/**\n * Decoded COSE protected headers.\n *\n * COSE header parameter labels (integer keys per RFC 9052 Section 3.1):\n *   1 = alg (algorithm)\n *   4 = kid (key identifier)\n */\nexport interface CoseProtectedHeaders {\n  alg: number;\n  kid?: Uint8Array | string;\n}\n\n/** COSE algorithm identifiers per RFC 9053 Table 2 */\nexport const COSE_ALG = {\n  /** EdDSA (Ed25519 or Ed448) */\n  EdDSA: -8,\n} as const;\n\n/**\n * EAT standard claim keys (CBOR integer labels per RFC 9711 Section 4).\n *\n * Many of these inherit from CWT (RFC 8392) claim labels.\n */\nexport const EAT_CLAIM_KEY = {\n  iss: 1,\n  sub: 2,\n  aud: 3,\n  exp: 4,\n  nbf: 5,\n  iat: 6,\n  cti: 7,\n  nonce: 10,\n  ueid: 256,\n  sueids: 257,\n  oemid: 258,\n  hwmodel: 259,\n  hwversion: 260,\n  swname: 271,\n  swversion: 272,\n  oemueid: 273,\n  secboot: 262,\n  dbgstat: 263,\n  location: 264,\n  profile: 265,\n  submods: 266,\n  uptime: 261,\n  intuse: 267,\n  dloas: 268,\n  manifests: 269,\n  measurements: 270,\n} as const;\n\n/**\n * Decoded EAT claims (CBOR map with integer or string keys).\n *\n * The decoder preserves the raw CBOR map. The claim mapper extracts\n * specific claims by integer key.\n */\nexport type EatClaims = Map<number | string, unknown>;\n\n/** Result of decoding and verifying an EAT passport */\nexport interface EatPassportResult {\n  /** Decoded protected headers */\n  headers: CoseProtectedHeaders;\n  /** Raw EAT claims map */\n  claims: EatClaims;\n  /** Whether the Ed25519 signature is valid (only present if publicKey provided) */\n  signatureValid?: boolean;\n}\n\n/** Options for the claim mapper */\nexport interface ClaimMapperOptions {\n  /**\n   * Claim keys whose raw values should be included in the mapped output.\n   * By default, all claim values are hashed (SHA-256 digest) for privacy.\n   * List specific integer keys here to include their raw values.\n   */\n  includeRawClaims?: number[];\n  /** Receipt type (reverse-DNS or URI). Defaults to 'org.peacprotocol/attestation' */\n  type?: string;\n  /** Pillars to include on the receipt. Defaults to ['identity'] */\n  pillars?: string[];\n}\n\n/** Mapped Wire 0.2 claims from an EAT passport */\nexport interface MappedEatClaims {\n  kind: 'evidence';\n  type: string;\n  pillars?: string[];\n  /** Hashed or raw claim values, keyed by claim label */\n  attestation_claims: Record<string, string>;\n  /** Original issuer from EAT (if present) */\n  eat_iss?: string;\n  /** Original subject from EAT (if present) */\n  eat_sub?: string;\n}\n\n/** Size limit for EAT tokens (64 KB, consistent with carrier transport limits) */\nexport const EAT_SIZE_LIMIT = 65_536;\n","/**\n * EAT Passport Decoder\n *\n * Decodes COSE_Sign1 structures containing EAT (Entity Attestation Token)\n * payloads per RFC 9711. Optionally verifies Ed25519 signatures per\n * RFC 9052 Section 4.4 (Sig_structure construction).\n *\n * References:\n *   - RFC 9052 Section 4.2 (COSE_Sign1 structure)\n *   - RFC 9052 Section 4.4 (Signing and Verification Process)\n *   - RFC 9053 Table 2 (EdDSA algorithm identifier: -8)\n *   - RFC 9711 (Entity Attestation Token)\n *   - RFC 8949 (CBOR encoding)\n *\n * Security:\n *   - 64 KB size limit enforced BEFORE CBOR decode (DoS prevention)\n *   - Only Ed25519 (COSE alg -8) supported; all others rejected\n *   - No network I/O\n */\n\nimport cbor from 'cbor';\n\nconst cborDecode = cbor.decode;\nconst cborEncode = cbor.encode;\nimport { ed25519Verify } from '@peac/crypto';\nimport type { CoseSign1, CoseProtectedHeaders, EatClaims, EatPassportResult } from './types.js';\nimport { COSE_ALG, EAT_SIZE_LIMIT } from './types.js';\n\n/** Error class for EAT adapter failures */\nexport class EatAdapterError extends Error {\n  constructor(\n    message: string,\n    public readonly code: string\n  ) {\n    super(message);\n    this.name = 'EatAdapterError';\n  }\n}\n\n/**\n * Decode a COSE_Sign1 array from raw CBOR bytes.\n *\n * Validates the COSE_Sign1 structure per RFC 9052 Section 4.2:\n *   [protected, unprotected, payload, signature]\n *\n * @param data - Raw CBOR bytes\n * @returns Parsed COSE_Sign1 structure\n * @throws EatAdapterError on invalid CBOR or COSE structure\n */\nfunction decodeCoseSign1(data: Uint8Array): CoseSign1 {\n  let decoded: unknown;\n  try {\n    decoded = cborDecode(data);\n  } catch {\n    throw new EatAdapterError('EAT token is not valid CBOR', 'E_EAT_INVALID_CBOR');\n  }\n\n  // COSE_Sign1 is a CBOR array of exactly 4 elements\n  if (!Array.isArray(decoded) || decoded.length !== 4) {\n    throw new EatAdapterError(\n      'EAT token is not a valid COSE_Sign1 structure (expected 4-element array)',\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  const [protectedBytes, unprotectedMap, payload, signature] = decoded;\n\n  if (!(protectedBytes instanceof Uint8Array)) {\n    throw new EatAdapterError(\n      'COSE_Sign1 protected header must be a byte string',\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  if (payload === null) {\n    throw new EatAdapterError(\n      'Detached COSE_Sign1 payload (null) is not supported; EAT tokens require an attached payload',\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  if (!(payload instanceof Uint8Array)) {\n    throw new EatAdapterError('COSE_Sign1 payload must be a byte string', 'E_EAT_INVALID_COSE');\n  }\n\n  if (!(signature instanceof Uint8Array)) {\n    throw new EatAdapterError('COSE_Sign1 signature must be a byte string', 'E_EAT_INVALID_COSE');\n  }\n\n  // Ed25519 signatures are exactly 64 bytes\n  if (signature.length !== 64) {\n    throw new EatAdapterError(\n      `COSE_Sign1 signature has unexpected length ${signature.length} (expected 64 for Ed25519)`,\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  return {\n    protected: protectedBytes,\n    unprotected: unprotectedMap instanceof Map ? unprotectedMap : new Map<number, unknown>(),\n    payload,\n    signature,\n  };\n}\n\n/**\n * Decode and validate COSE protected headers.\n *\n * @param protectedBytes - CBOR-encoded protected headers\n * @returns Decoded headers with algorithm and optional kid\n * @throws EatAdapterError if algorithm is not EdDSA (-8)\n */\nfunction decodeProtectedHeaders(protectedBytes: Uint8Array): CoseProtectedHeaders {\n  if (protectedBytes.length === 0) {\n    throw new EatAdapterError('COSE_Sign1 protected headers are empty', 'E_EAT_INVALID_COSE');\n  }\n\n  let headerMap: unknown;\n  try {\n    headerMap = cborDecode(protectedBytes);\n  } catch {\n    throw new EatAdapterError(\n      'COSE_Sign1 protected headers are not valid CBOR',\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  if (!(headerMap instanceof Map)) {\n    throw new EatAdapterError(\n      'COSE_Sign1 protected headers must be a CBOR map',\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  // Label 1 = alg\n  const alg = headerMap.get(1);\n  if (typeof alg !== 'number') {\n    throw new EatAdapterError(\n      'COSE_Sign1 protected headers missing algorithm (label 1)',\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  if (alg !== COSE_ALG.EdDSA) {\n    throw new EatAdapterError(\n      `Unsupported COSE algorithm ${alg}; only EdDSA (-8) is supported`,\n      'E_EAT_UNSUPPORTED_ALG'\n    );\n  }\n\n  // Label 4 = kid (optional)\n  const kid = headerMap.get(4);\n\n  return {\n    alg,\n    kid: kid instanceof Uint8Array || typeof kid === 'string' ? kid : undefined,\n  };\n}\n\n/**\n * Decode EAT claims from COSE payload bytes.\n *\n * @param payload - CBOR-encoded payload\n * @returns EAT claims as a Map\n * @throws EatAdapterError if payload is not valid CBOR\n */\nfunction decodeEatClaims(payload: Uint8Array): EatClaims {\n  if (payload.length === 0) {\n    return new Map();\n  }\n\n  let decoded: unknown;\n  try {\n    decoded = cborDecode(payload);\n  } catch {\n    throw new EatAdapterError('EAT payload is not valid CBOR', 'E_EAT_INVALID_CBOR');\n  }\n\n  if (decoded instanceof Map) {\n    return decoded as EatClaims;\n  }\n\n  // Some CBOR decoders return plain objects for empty maps or when\n  // configured without Map preference. Convert to Map for consistency.\n  if (typeof decoded === 'object' && decoded !== null && !Array.isArray(decoded)) {\n    const map = new Map<number | string, unknown>();\n    for (const [k, v] of Object.entries(decoded as Record<string, unknown>)) {\n      const numKey = Number(k);\n      map.set(Number.isInteger(numKey) ? numKey : k, v);\n    }\n    return map;\n  }\n\n  throw new EatAdapterError('EAT payload must be a CBOR map', 'E_EAT_INVALID_CBOR');\n}\n\n/**\n * Construct the Sig_structure for COSE_Sign1 verification per RFC 9052 Section 4.4.\n *\n * Sig_structure1 = [\n *   context : \"Signature1\",\n *   body_protected : bstr,\n *   external_aad : bstr,\n *   payload : bstr\n * ]\n *\n * @param protectedBytes - Serialized protected headers\n * @param payload - Payload bytes\n * @param externalAad - External additional authenticated data (defaults to empty)\n * @returns CBOR-encoded Sig_structure bytes\n */\nfunction buildSigStructure(\n  protectedBytes: Uint8Array,\n  payload: Uint8Array,\n  externalAad: Uint8Array = new Uint8Array(0)\n): Uint8Array {\n  const sigStructure = ['Signature1', protectedBytes, externalAad, payload];\n  return cborEncode(sigStructure);\n}\n\n/**\n * Decode an EAT passport from COSE_Sign1 CBOR bytes.\n *\n * Enforces a 64 KB size limit before CBOR decode (DoS prevention).\n * Validates COSE_Sign1 structure per RFC 9052 Section 4.2.\n * Optionally verifies Ed25519 signature per RFC 9052 Section 4.4.\n *\n * @param data - Raw COSE_Sign1 CBOR bytes\n * @param publicKey - Optional Ed25519 public key (32 bytes) for signature verification\n * @returns Decoded EAT passport with headers, claims, and optional signature validity\n * @throws EatAdapterError on size, CBOR, COSE, or algorithm errors\n */\nexport async function decodeEatPassport(\n  data: Uint8Array,\n  publicKey?: Uint8Array\n): Promise<EatPassportResult> {\n  // Size limit: 64 KB enforced BEFORE any CBOR decode\n  if (data.length > EAT_SIZE_LIMIT) {\n    throw new EatAdapterError(\n      `EAT token is ${data.length} bytes, exceeding ${EAT_SIZE_LIMIT} byte limit`,\n      'E_EAT_SIZE_EXCEEDED'\n    );\n  }\n\n  if (data.length === 0) {\n    throw new EatAdapterError('EAT token is empty', 'E_EAT_INVALID_CBOR');\n  }\n\n  // Step 1: Decode COSE_Sign1 structure\n  const coseSign1 = decodeCoseSign1(data);\n\n  // Step 2: Decode and validate protected headers\n  const headers = decodeProtectedHeaders(coseSign1.protected);\n\n  // Step 3: Decode EAT claims from payload\n  const claims = decodeEatClaims(coseSign1.payload);\n\n  // Step 4: Optionally verify Ed25519 signature\n  let signatureValid: boolean | undefined;\n  if (publicKey !== undefined) {\n    if (publicKey.length !== 32) {\n      throw new EatAdapterError(\n        `Ed25519 public key must be 32 bytes, got ${publicKey.length}`,\n        'E_EAT_SIGNATURE_FAILED'\n      );\n    }\n\n    const sigStructureBytes = buildSigStructure(coseSign1.protected, coseSign1.payload);\n\n    try {\n      signatureValid = await ed25519Verify(coseSign1.signature, sigStructureBytes, publicKey);\n    } catch {\n      throw new EatAdapterError('Ed25519 signature verification failed', 'E_EAT_SIGNATURE_FAILED');\n    }\n\n    if (!signatureValid) {\n      throw new EatAdapterError(\n        'COSE_Sign1 Ed25519 signature is invalid',\n        'E_EAT_SIGNATURE_FAILED'\n      );\n    }\n  }\n\n  return { headers, claims, signatureValid };\n}\n","/**\n * EAT Claim Mapper: maps EAT claims to Wire 0.2 receipt claims\n *\n * Privacy-first: all claim values are SHA-256 hashed by default.\n * Callers opt in to raw value inclusion via `includeRawClaims` option.\n * This prevents accidental PII leakage from EAT attestations into PEAC receipts.\n *\n * References:\n *   - RFC 9711 (Entity Attestation Token)\n *   - Wire 0.2 spec: kind, type, pillars, extensions\n */\n\nimport { sha256Hex } from '@peac/crypto';\nimport { EAT_CLAIM_KEY } from './types.js';\nimport type { EatClaims, ClaimMapperOptions, MappedEatClaims } from './types.js';\n\nconst DEFAULT_TYPE = 'org.peacprotocol/attestation';\nconst DEFAULT_PILLARS = ['identity'];\n\n/** Well-known EAT claim labels (integer to string name) */\nconst CLAIM_LABEL_NAMES: Record<number, string> = {\n  [EAT_CLAIM_KEY.iss]: 'iss',\n  [EAT_CLAIM_KEY.sub]: 'sub',\n  [EAT_CLAIM_KEY.aud]: 'aud',\n  [EAT_CLAIM_KEY.exp]: 'exp',\n  [EAT_CLAIM_KEY.nbf]: 'nbf',\n  [EAT_CLAIM_KEY.iat]: 'iat',\n  [EAT_CLAIM_KEY.cti]: 'cti',\n  [EAT_CLAIM_KEY.nonce]: 'nonce',\n  [EAT_CLAIM_KEY.ueid]: 'ueid',\n  [EAT_CLAIM_KEY.sueids]: 'sueids',\n  [EAT_CLAIM_KEY.oemid]: 'oemid',\n  [EAT_CLAIM_KEY.hwmodel]: 'hwmodel',\n  [EAT_CLAIM_KEY.hwversion]: 'hwversion',\n  [EAT_CLAIM_KEY.swname]: 'swname',\n  [EAT_CLAIM_KEY.swversion]: 'swversion',\n  [EAT_CLAIM_KEY.secboot]: 'secboot',\n  [EAT_CLAIM_KEY.dbgstat]: 'dbgstat',\n};\n\n/**\n * Serialize a claim value to a deterministic string for hashing.\n * Handles Uint8Array (hex), numbers, strings, and falls back to JSON.\n */\nfunction serializeClaimValue(value: unknown): string {\n  if (value instanceof Uint8Array) {\n    return Array.from(value)\n      .map((b) => b.toString(16).padStart(2, '0'))\n      .join('');\n  }\n  if (typeof value === 'string') return value;\n  if (typeof value === 'number') return String(value);\n  if (typeof value === 'boolean') return String(value);\n  return JSON.stringify(value);\n}\n\n/**\n * Map EAT claims to Wire 0.2 receipt claims.\n *\n * Privacy-first: claim values are SHA-256 hashed unless their integer key\n * appears in `options.includeRawClaims`. This prevents accidental PII leakage.\n *\n * @param claims - Decoded EAT claims map\n * @param options - Mapper configuration\n * @returns Mapped claims suitable for Wire 0.2 receipt issuance\n */\nexport async function mapEatClaims(\n  claims: EatClaims,\n  options: ClaimMapperOptions = {}\n): Promise<MappedEatClaims> {\n  const { includeRawClaims = [], type = DEFAULT_TYPE, pillars = DEFAULT_PILLARS } = options;\n\n  const rawSet = new Set(includeRawClaims);\n  const attestationClaims: Record<string, string> = {};\n\n  for (const [key, value] of claims) {\n    if (typeof key !== 'number') continue;\n\n    const labelName = CLAIM_LABEL_NAMES[key] ?? `claim_${key}`;\n    const serialized = serializeClaimValue(value);\n\n    if (rawSet.has(key)) {\n      attestationClaims[labelName] = serialized;\n    } else {\n      attestationClaims[labelName] = `sha256:${await sha256Hex(serialized)}`;\n    }\n  }\n\n  // Extract standard identifiers (if present and opted-in to raw)\n  const issValue = claims.get(EAT_CLAIM_KEY.iss);\n  const subValue = claims.get(EAT_CLAIM_KEY.sub);\n\n  return {\n    kind: 'evidence',\n    type,\n    pillars,\n    attestation_claims: attestationClaims,\n    eat_iss: typeof issValue === 'string' ? issValue : undefined,\n    eat_sub: typeof subValue === 'string' ? subValue : undefined,\n  };\n}\n"]}

package/dist/index.d.ts

@@ -0,0 +1,17 @@
+/**
+ * @peac/adapter-eat
+ *
+ * EAT (Entity Attestation Token, RFC 9711) passport decoder and
+ * PEAC Wire 0.2 claim mapper.
+ *
+ * Decodes COSE_Sign1 structures (RFC 9052) with Ed25519 signatures,
+ * extracts EAT claims, and maps them to Wire 0.2 receipt claims
+ * with privacy-first defaults (SHA-256 hashing of claim values).
+ *
+ * @packageDocumentation
+ */
+export type { CoseSign1, CoseProtectedHeaders, EatClaims, EatPassportResult, ClaimMapperOptions, MappedEatClaims, } from './types.js';
+export { COSE_ALG, EAT_CLAIM_KEY, EAT_SIZE_LIMIT } from './types.js';
+export { decodeEatPassport, EatAdapterError } from './passport.js';
+export { mapEatClaims } from './claim-mapper.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,YAAY,EACV,SAAS,EACT,oBAAoB,EACpB,SAAS,EACT,iBAAiB,EACjB,kBAAkB,EAClB,eAAe,GAChB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAGrE,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAGnE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/index.mjs

@@ -0,0 +1,251 @@
+import cbor from 'cbor';
+import { ed25519Verify, sha256Hex } from '@peac/crypto';
+
+// src/types.ts
+var COSE_ALG = {
+  /** EdDSA (Ed25519 or Ed448) */
+  EdDSA: -8
+};
+var EAT_CLAIM_KEY = {
+  iss: 1,
+  sub: 2,
+  aud: 3,
+  exp: 4,
+  nbf: 5,
+  iat: 6,
+  cti: 7,
+  nonce: 10,
+  ueid: 256,
+  sueids: 257,
+  oemid: 258,
+  hwmodel: 259,
+  hwversion: 260,
+  swname: 271,
+  swversion: 272,
+  oemueid: 273,
+  secboot: 262,
+  dbgstat: 263,
+  location: 264,
+  profile: 265,
+  submods: 266,
+  uptime: 261,
+  intuse: 267,
+  dloas: 268,
+  manifests: 269,
+  measurements: 270
+};
+var EAT_SIZE_LIMIT = 65536;
+var cborDecode = cbor.decode;
+var cborEncode = cbor.encode;
+var EatAdapterError = class extends Error {
+  constructor(message, code) {
+    super(message);
+    this.code = code;
+    this.name = "EatAdapterError";
+  }
+};
+function decodeCoseSign1(data) {
+  let decoded;
+  try {
+    decoded = cborDecode(data);
+  } catch {
+    throw new EatAdapterError("EAT token is not valid CBOR", "E_EAT_INVALID_CBOR");
+  }
+  if (!Array.isArray(decoded) || decoded.length !== 4) {
+    throw new EatAdapterError(
+      "EAT token is not a valid COSE_Sign1 structure (expected 4-element array)",
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  const [protectedBytes, unprotectedMap, payload, signature] = decoded;
+  if (!(protectedBytes instanceof Uint8Array)) {
+    throw new EatAdapterError(
+      "COSE_Sign1 protected header must be a byte string",
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  if (payload === null) {
+    throw new EatAdapterError(
+      "Detached COSE_Sign1 payload (null) is not supported; EAT tokens require an attached payload",
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  if (!(payload instanceof Uint8Array)) {
+    throw new EatAdapterError("COSE_Sign1 payload must be a byte string", "E_EAT_INVALID_COSE");
+  }
+  if (!(signature instanceof Uint8Array)) {
+    throw new EatAdapterError("COSE_Sign1 signature must be a byte string", "E_EAT_INVALID_COSE");
+  }
+  if (signature.length !== 64) {
+    throw new EatAdapterError(
+      `COSE_Sign1 signature has unexpected length ${signature.length} (expected 64 for Ed25519)`,
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  return {
+    protected: protectedBytes,
+    unprotected: unprotectedMap instanceof Map ? unprotectedMap : /* @__PURE__ */ new Map(),
+    payload,
+    signature
+  };
+}
+function decodeProtectedHeaders(protectedBytes) {
+  if (protectedBytes.length === 0) {
+    throw new EatAdapterError("COSE_Sign1 protected headers are empty", "E_EAT_INVALID_COSE");
+  }
+  let headerMap;
+  try {
+    headerMap = cborDecode(protectedBytes);
+  } catch {
+    throw new EatAdapterError(
+      "COSE_Sign1 protected headers are not valid CBOR",
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  if (!(headerMap instanceof Map)) {
+    throw new EatAdapterError(
+      "COSE_Sign1 protected headers must be a CBOR map",
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  const alg = headerMap.get(1);
+  if (typeof alg !== "number") {
+    throw new EatAdapterError(
+      "COSE_Sign1 protected headers missing algorithm (label 1)",
+      "E_EAT_INVALID_COSE"
+    );
+  }
+  if (alg !== COSE_ALG.EdDSA) {
+    throw new EatAdapterError(
+      `Unsupported COSE algorithm ${alg}; only EdDSA (-8) is supported`,
+      "E_EAT_UNSUPPORTED_ALG"
+    );
+  }
+  const kid = headerMap.get(4);
+  return {
+    alg,
+    kid: kid instanceof Uint8Array || typeof kid === "string" ? kid : void 0
+  };
+}
+function decodeEatClaims(payload) {
+  if (payload.length === 0) {
+    return /* @__PURE__ */ new Map();
+  }
+  let decoded;
+  try {
+    decoded = cborDecode(payload);
+  } catch {
+    throw new EatAdapterError("EAT payload is not valid CBOR", "E_EAT_INVALID_CBOR");
+  }
+  if (decoded instanceof Map) {
+    return decoded;
+  }
+  if (typeof decoded === "object" && decoded !== null && !Array.isArray(decoded)) {
+    const map = /* @__PURE__ */ new Map();
+    for (const [k, v] of Object.entries(decoded)) {
+      const numKey = Number(k);
+      map.set(Number.isInteger(numKey) ? numKey : k, v);
+    }
+    return map;
+  }
+  throw new EatAdapterError("EAT payload must be a CBOR map", "E_EAT_INVALID_CBOR");
+}
+function buildSigStructure(protectedBytes, payload, externalAad = new Uint8Array(0)) {
+  const sigStructure = ["Signature1", protectedBytes, externalAad, payload];
+  return cborEncode(sigStructure);
+}
+async function decodeEatPassport(data, publicKey) {
+  if (data.length > EAT_SIZE_LIMIT) {
+    throw new EatAdapterError(
+      `EAT token is ${data.length} bytes, exceeding ${EAT_SIZE_LIMIT} byte limit`,
+      "E_EAT_SIZE_EXCEEDED"
+    );
+  }
+  if (data.length === 0) {
+    throw new EatAdapterError("EAT token is empty", "E_EAT_INVALID_CBOR");
+  }
+  const coseSign1 = decodeCoseSign1(data);
+  const headers = decodeProtectedHeaders(coseSign1.protected);
+  const claims = decodeEatClaims(coseSign1.payload);
+  let signatureValid;
+  if (publicKey !== void 0) {
+    if (publicKey.length !== 32) {
+      throw new EatAdapterError(
+        `Ed25519 public key must be 32 bytes, got ${publicKey.length}`,
+        "E_EAT_SIGNATURE_FAILED"
+      );
+    }
+    const sigStructureBytes = buildSigStructure(coseSign1.protected, coseSign1.payload);
+    try {
+      signatureValid = await ed25519Verify(coseSign1.signature, sigStructureBytes, publicKey);
+    } catch {
+      throw new EatAdapterError("Ed25519 signature verification failed", "E_EAT_SIGNATURE_FAILED");
+    }
+    if (!signatureValid) {
+      throw new EatAdapterError(
+        "COSE_Sign1 Ed25519 signature is invalid",
+        "E_EAT_SIGNATURE_FAILED"
+      );
+    }
+  }
+  return { headers, claims, signatureValid };
+}
+var DEFAULT_TYPE = "org.peacprotocol/attestation";
+var DEFAULT_PILLARS = ["identity"];
+var CLAIM_LABEL_NAMES = {
+  [EAT_CLAIM_KEY.iss]: "iss",
+  [EAT_CLAIM_KEY.sub]: "sub",
+  [EAT_CLAIM_KEY.aud]: "aud",
+  [EAT_CLAIM_KEY.exp]: "exp",
+  [EAT_CLAIM_KEY.nbf]: "nbf",
+  [EAT_CLAIM_KEY.iat]: "iat",
+  [EAT_CLAIM_KEY.cti]: "cti",
+  [EAT_CLAIM_KEY.nonce]: "nonce",
+  [EAT_CLAIM_KEY.ueid]: "ueid",
+  [EAT_CLAIM_KEY.sueids]: "sueids",
+  [EAT_CLAIM_KEY.oemid]: "oemid",
+  [EAT_CLAIM_KEY.hwmodel]: "hwmodel",
+  [EAT_CLAIM_KEY.hwversion]: "hwversion",
+  [EAT_CLAIM_KEY.swname]: "swname",
+  [EAT_CLAIM_KEY.swversion]: "swversion",
+  [EAT_CLAIM_KEY.secboot]: "secboot",
+  [EAT_CLAIM_KEY.dbgstat]: "dbgstat"
+};
+function serializeClaimValue(value) {
+  if (value instanceof Uint8Array) {
+    return Array.from(value).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  if (typeof value === "string") return value;
+  if (typeof value === "number") return String(value);
+  if (typeof value === "boolean") return String(value);
+  return JSON.stringify(value);
+}
+async function mapEatClaims(claims, options = {}) {
+  const { includeRawClaims = [], type = DEFAULT_TYPE, pillars = DEFAULT_PILLARS } = options;
+  const rawSet = new Set(includeRawClaims);
+  const attestationClaims = {};
+  for (const [key, value] of claims) {
+    if (typeof key !== "number") continue;
+    const labelName = CLAIM_LABEL_NAMES[key] ?? `claim_${key}`;
+    const serialized = serializeClaimValue(value);
+    if (rawSet.has(key)) {
+      attestationClaims[labelName] = serialized;
+    } else {
+      attestationClaims[labelName] = `sha256:${await sha256Hex(serialized)}`;
+    }
+  }
+  const issValue = claims.get(EAT_CLAIM_KEY.iss);
+  const subValue = claims.get(EAT_CLAIM_KEY.sub);
+  return {
+    kind: "evidence",
+    type,
+    pillars,
+    attestation_claims: attestationClaims,
+    eat_iss: typeof issValue === "string" ? issValue : void 0,
+    eat_sub: typeof subValue === "string" ? subValue : void 0
+  };
+}
+
+export { COSE_ALG, EAT_CLAIM_KEY, EAT_SIZE_LIMIT, EatAdapterError, decodeEatPassport, mapEatClaims };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/types.ts","../src/passport.ts","../src/claim-mapper.ts"],"names":[],"mappings":";;;;AAwCO,IAAM,QAAA,GAAW;AAAA;AAAA,EAEtB,KAAA,EAAO;AACT;AAOO,IAAM,aAAA,GAAgB;AAAA,EAC3B,GAAA,EAAK,CAAA;AAAA,EACL,GAAA,EAAK,CAAA;AAAA,EACL,GAAA,EAAK,CAAA;AAAA,EACL,GAAA,EAAK,CAAA;AAAA,EACL,GAAA,EAAK,CAAA;AAAA,EACL,GAAA,EAAK,CAAA;AAAA,EACL,GAAA,EAAK,CAAA;AAAA,EACL,KAAA,EAAO,EAAA;AAAA,EACP,IAAA,EAAM,GAAA;AAAA,EACN,MAAA,EAAQ,GAAA;AAAA,EACR,KAAA,EAAO,GAAA;AAAA,EACP,OAAA,EAAS,GAAA;AAAA,EACT,SAAA,EAAW,GAAA;AAAA,EACX,MAAA,EAAQ,GAAA;AAAA,EACR,SAAA,EAAW,GAAA;AAAA,EACX,OAAA,EAAS,GAAA;AAAA,EACT,OAAA,EAAS,GAAA;AAAA,EACT,OAAA,EAAS,GAAA;AAAA,EACT,QAAA,EAAU,GAAA;AAAA,EACV,OAAA,EAAS,GAAA;AAAA,EACT,OAAA,EAAS,GAAA;AAAA,EACT,MAAA,EAAQ,GAAA;AAAA,EACR,MAAA,EAAQ,GAAA;AAAA,EACR,KAAA,EAAO,GAAA;AAAA,EACP,SAAA,EAAW,GAAA;AAAA,EACX,YAAA,EAAc;AAChB;AAgDO,IAAM,cAAA,GAAiB;ACvG9B,IAAM,aAAa,IAAA,CAAK,MAAA;AACxB,IAAM,aAAa,IAAA,CAAK,MAAA;AAMjB,IAAM,eAAA,GAAN,cAA8B,KAAA,CAAM;AAAA,EACzC,WAAA,CACE,SACgB,IAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AAAA,EACd;AACF;AAYA,SAAS,gBAAgB,IAAA,EAA6B;AACpD,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI;AACF,IAAA,OAAA,GAAU,WAAW,IAAI,CAAA;AAAA,EAC3B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,eAAA,CAAgB,6BAAA,EAA+B,oBAAoB,CAAA;AAAA,EAC/E;AAGA,EAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,IAAK,OAAA,CAAQ,WAAW,CAAA,EAAG;AACnD,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,0EAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,CAAC,cAAA,EAAgB,cAAA,EAAgB,OAAA,EAAS,SAAS,CAAA,GAAI,OAAA;AAE7D,EAAA,IAAI,EAAE,0BAA0B,UAAA,CAAA,EAAa;AAC3C,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,mDAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,YAAY,IAAA,EAAM;AACpB,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,6FAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,EAAE,mBAAmB,UAAA,CAAA,EAAa;AACpC,IAAA,MAAM,IAAI,eAAA,CAAgB,0CAAA,EAA4C,oBAAoB,CAAA;AAAA,EAC5F;AAEA,EAAA,IAAI,EAAE,qBAAqB,UAAA,CAAA,EAAa;AACtC,IAAA,MAAM,IAAI,eAAA,CAAgB,4CAAA,EAA8C,oBAAoB,CAAA;AAAA,EAC9F;AAGA,EAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,CAAA,2CAAA,EAA8C,UAAU,MAAM,CAAA,0BAAA,CAAA;AAAA,MAC9D;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,SAAA,EAAW,cAAA;AAAA,IACX,WAAA,EAAa,cAAA,YAA0B,GAAA,GAAM,cAAA,uBAAqB,GAAA,EAAqB;AAAA,IACvF,OAAA;AAAA,IACA;AAAA,GACF;AACF;AASA,SAAS,uBAAuB,cAAA,EAAkD;AAChF,EAAA,IAAI,cAAA,CAAe,WAAW,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,eAAA,CAAgB,wCAAA,EAA0C,oBAAoB,CAAA;AAAA,EAC1F;AAEA,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI;AACF,IAAA,SAAA,GAAY,WAAW,cAAc,CAAA;AAAA,EACvC,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,iDAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,EAAE,qBAAqB,GAAA,CAAA,EAAM;AAC/B,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,iDAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAGA,EAAA,MAAM,GAAA,GAAM,SAAA,CAAU,GAAA,CAAI,CAAC,CAAA;AAC3B,EAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,0DAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,GAAA,KAAQ,SAAS,KAAA,EAAO;AAC1B,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,8BAA8B,GAAG,CAAA,8BAAA,CAAA;AAAA,MACjC;AAAA,KACF;AAAA,EACF;AAGA,EAAA,MAAM,GAAA,GAAM,SAAA,CAAU,GAAA,CAAI,CAAC,CAAA;AAE3B,EAAA,OAAO;AAAA,IACL,GAAA;AAAA,IACA,KAAK,GAAA,YAAe,UAAA,IAAc,OAAO,GAAA,KAAQ,WAAW,GAAA,GAAM;AAAA,GACpE;AACF;AASA,SAAS,gBAAgB,OAAA,EAAgC;AACvD,EAAA,IAAI,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxB,IAAA,2BAAW,GAAA,EAAI;AAAA,EACjB;AAEA,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI;AACF,IAAA,OAAA,GAAU,WAAW,OAAO,CAAA;AAAA,EAC9B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,eAAA,CAAgB,+BAAA,EAAiC,oBAAoB,CAAA;AAAA,EACjF;AAEA,EAAA,IAAI,mBAAmB,GAAA,EAAK;AAC1B,IAAA,OAAO,OAAA;AAAA,EACT;AAIA,EAAA,IAAI,OAAO,YAAY,QAAA,IAAY,OAAA,KAAY,QAAQ,CAAC,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,EAAG;AAC9E,IAAA,MAAM,GAAA,uBAAU,GAAA,EAA8B;AAC9C,IAAA,KAAA,MAAW,CAAC,CAAA,EAAG,CAAC,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAkC,CAAA,EAAG;AACvE,MAAA,MAAM,MAAA,GAAS,OAAO,CAAC,CAAA;AACvB,MAAA,GAAA,CAAI,IAAI,MAAA,CAAO,SAAA,CAAU,MAAM,CAAA,GAAI,MAAA,GAAS,GAAG,CAAC,CAAA;AAAA,IAClD;AACA,IAAA,OAAO,GAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAI,eAAA,CAAgB,gCAAA,EAAkC,oBAAoB,CAAA;AAClF;AAiBA,SAAS,kBACP,cAAA,EACA,OAAA,EACA,cAA0B,IAAI,UAAA,CAAW,CAAC,CAAA,EAC9B;AACZ,EAAA,MAAM,YAAA,GAAe,CAAC,YAAA,EAAc,cAAA,EAAgB,aAAa,OAAO,CAAA;AACxE,EAAA,OAAO,WAAW,YAAY,CAAA;AAChC;AAcA,eAAsB,iBAAA,CACpB,MACA,SAAA,EAC4B;AAE5B,EAAA,IAAI,IAAA,CAAK,SAAS,cAAA,EAAgB;AAChC,IAAA,MAAM,IAAI,eAAA;AAAA,MACR,CAAA,aAAA,EAAgB,IAAA,CAAK,MAAM,CAAA,kBAAA,EAAqB,cAAc,CAAA,WAAA,CAAA;AAAA,MAC9D;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACrB,IAAA,MAAM,IAAI,eAAA,CAAgB,oBAAA,EAAsB,oBAAoB,CAAA;AAAA,EACtE;AAGA,EAAA,MAAM,SAAA,GAAY,gBAAgB,IAAI,CAAA;AAGtC,EAAA,MAAM,OAAA,GAAU,sBAAA,CAAuB,SAAA,CAAU,SAAS,CAAA;AAG1D,EAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,SAAA,CAAU,OAAO,CAAA;AAGhD,EAAA,IAAI,cAAA;AACJ,EAAA,IAAI,cAAc,MAAA,EAAW;AAC3B,IAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,MAAA,MAAM,IAAI,eAAA;AAAA,QACR,CAAA,yCAAA,EAA4C,UAAU,MAAM,CAAA,CAAA;AAAA,QAC5D;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,iBAAA,GAAoB,iBAAA,CAAkB,SAAA,CAAU,SAAA,EAAW,UAAU,OAAO,CAAA;AAElF,IAAA,IAAI;AACF,MAAA,cAAA,GAAiB,MAAM,aAAA,CAAc,SAAA,CAAU,SAAA,EAAW,mBAAmB,SAAS,CAAA;AAAA,IACxF,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAI,eAAA,CAAgB,uCAAA,EAAyC,wBAAwB,CAAA;AAAA,IAC7F;AAEA,IAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,MAAA,MAAM,IAAI,eAAA;AAAA,QACR,yCAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,OAAA,EAAS,MAAA,EAAQ,cAAA,EAAe;AAC3C;AC5QA,IAAM,YAAA,GAAe,8BAAA;AACrB,IAAM,eAAA,GAAkB,CAAC,UAAU,CAAA;AAGnC,IAAM,iBAAA,GAA4C;AAAA,EAChD,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,GAAG,GAAG,KAAA;AAAA,EACrB,CAAC,aAAA,CAAc,KAAK,GAAG,OAAA;AAAA,EACvB,CAAC,aAAA,CAAc,IAAI,GAAG,MAAA;AAAA,EACtB,CAAC,aAAA,CAAc,MAAM,GAAG,QAAA;AAAA,EACxB,CAAC,aAAA,CAAc,KAAK,GAAG,OAAA;AAAA,EACvB,CAAC,aAAA,CAAc,OAAO,GAAG,SAAA;AAAA,EACzB,CAAC,aAAA,CAAc,SAAS,GAAG,WAAA;AAAA,EAC3B,CAAC,aAAA,CAAc,MAAM,GAAG,QAAA;AAAA,EACxB,CAAC,aAAA,CAAc,SAAS,GAAG,WAAA;AAAA,EAC3B,CAAC,aAAA,CAAc,OAAO,GAAG,SAAA;AAAA,EACzB,CAAC,aAAA,CAAc,OAAO,GAAG;AAC3B,CAAA;AAMA,SAAS,oBAAoB,KAAA,EAAwB;AACnD,EAAA,IAAI,iBAAiB,UAAA,EAAY;AAC/B,IAAA,OAAO,MAAM,IAAA,CAAK,KAAK,CAAA,CACpB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AAAA,EACZ;AACA,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA;AACtC,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,OAAO,KAAK,CAAA;AAClD,EAAA,IAAI,OAAO,KAAA,KAAU,SAAA,EAAW,OAAO,OAAO,KAAK,CAAA;AACnD,EAAA,OAAO,IAAA,CAAK,UAAU,KAAK,CAAA;AAC7B;AAYA,eAAsB,YAAA,CACpB,MAAA,EACA,OAAA,GAA8B,EAAC,EACL;AAC1B,EAAA,MAAM,EAAE,mBAAmB,EAAC,EAAG,OAAO,YAAA,EAAc,OAAA,GAAU,iBAAgB,GAAI,OAAA;AAElF,EAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,gBAAgB,CAAA;AACvC,EAAA,MAAM,oBAA4C,EAAC;AAEnD,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,CAAA,IAAK,MAAA,EAAQ;AACjC,IAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAE7B,IAAA,MAAM,SAAA,GAAY,iBAAA,CAAkB,GAAG,CAAA,IAAK,SAAS,GAAG,CAAA,CAAA;AACxD,IAAA,MAAM,UAAA,GAAa,oBAAoB,KAAK,CAAA;AAE5C,IAAA,IAAI,MAAA,CAAO,GAAA,CAAI,GAAG,CAAA,EAAG;AACnB,MAAA,iBAAA,CAAkB,SAAS,CAAA,GAAI,UAAA;AAAA,IACjC,CAAA,MAAO;AACL,MAAA,iBAAA,CAAkB,SAAS,CAAA,GAAI,CAAA,OAAA,EAAU,MAAM,SAAA,CAAU,UAAU,CAAC,CAAA,CAAA;AAAA,IACtE;AAAA,EACF;AAGA,EAAA,MAAM,QAAA,GAAW,MAAA,CAAO,GAAA,CAAI,aAAA,CAAc,GAAG,CAAA;AAC7C,EAAA,MAAM,QAAA,GAAW,MAAA,CAAO,GAAA,CAAI,aAAA,CAAc,GAAG,CAAA;AAE7C,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,UAAA;AAAA,IACN,IAAA;AAAA,IACA,OAAA;AAAA,IACA,kBAAA,EAAoB,iBAAA;AAAA,IACpB,OAAA,EAAS,OAAO,QAAA,KAAa,QAAA,GAAW,QAAA,GAAW,MAAA;AAAA,IACnD,OAAA,EAAS,OAAO,QAAA,KAAa,QAAA,GAAW,QAAA,GAAW;AAAA,GACrD;AACF","file":"index.mjs","sourcesContent":["/**\n * EAT (Entity Attestation Token) and COSE types\n *\n * References:\n *   - RFC 9711 (Entity Attestation Token)\n *   - RFC 9052 Section 4.2 (COSE_Sign1)\n *   - RFC 9053 (COSE Initial Algorithms)\n *   - RFC 8949 (CBOR)\n */\n\n/**\n * COSE_Sign1 structure per RFC 9052 Section 4.2.\n *\n * COSE_Sign1 = [\n *   protected : bstr,        -- Serialized protected headers (CBOR-encoded map)\n *   unprotected : map,       -- Unprotected headers (CBOR map, may be empty)\n *   payload : bstr / nil,    -- Payload bytes\n *   signature : bstr         -- Signature bytes\n * ]\n */\nexport interface CoseSign1 {\n  protected: Uint8Array;\n  unprotected: Map<number, unknown>;\n  payload: Uint8Array;\n  signature: Uint8Array;\n}\n\n/**\n * Decoded COSE protected headers.\n *\n * COSE header parameter labels (integer keys per RFC 9052 Section 3.1):\n *   1 = alg (algorithm)\n *   4 = kid (key identifier)\n */\nexport interface CoseProtectedHeaders {\n  alg: number;\n  kid?: Uint8Array | string;\n}\n\n/** COSE algorithm identifiers per RFC 9053 Table 2 */\nexport const COSE_ALG = {\n  /** EdDSA (Ed25519 or Ed448) */\n  EdDSA: -8,\n} as const;\n\n/**\n * EAT standard claim keys (CBOR integer labels per RFC 9711 Section 4).\n *\n * Many of these inherit from CWT (RFC 8392) claim labels.\n */\nexport const EAT_CLAIM_KEY = {\n  iss: 1,\n  sub: 2,\n  aud: 3,\n  exp: 4,\n  nbf: 5,\n  iat: 6,\n  cti: 7,\n  nonce: 10,\n  ueid: 256,\n  sueids: 257,\n  oemid: 258,\n  hwmodel: 259,\n  hwversion: 260,\n  swname: 271,\n  swversion: 272,\n  oemueid: 273,\n  secboot: 262,\n  dbgstat: 263,\n  location: 264,\n  profile: 265,\n  submods: 266,\n  uptime: 261,\n  intuse: 267,\n  dloas: 268,\n  manifests: 269,\n  measurements: 270,\n} as const;\n\n/**\n * Decoded EAT claims (CBOR map with integer or string keys).\n *\n * The decoder preserves the raw CBOR map. The claim mapper extracts\n * specific claims by integer key.\n */\nexport type EatClaims = Map<number | string, unknown>;\n\n/** Result of decoding and verifying an EAT passport */\nexport interface EatPassportResult {\n  /** Decoded protected headers */\n  headers: CoseProtectedHeaders;\n  /** Raw EAT claims map */\n  claims: EatClaims;\n  /** Whether the Ed25519 signature is valid (only present if publicKey provided) */\n  signatureValid?: boolean;\n}\n\n/** Options for the claim mapper */\nexport interface ClaimMapperOptions {\n  /**\n   * Claim keys whose raw values should be included in the mapped output.\n   * By default, all claim values are hashed (SHA-256 digest) for privacy.\n   * List specific integer keys here to include their raw values.\n   */\n  includeRawClaims?: number[];\n  /** Receipt type (reverse-DNS or URI). Defaults to 'org.peacprotocol/attestation' */\n  type?: string;\n  /** Pillars to include on the receipt. Defaults to ['identity'] */\n  pillars?: string[];\n}\n\n/** Mapped Wire 0.2 claims from an EAT passport */\nexport interface MappedEatClaims {\n  kind: 'evidence';\n  type: string;\n  pillars?: string[];\n  /** Hashed or raw claim values, keyed by claim label */\n  attestation_claims: Record<string, string>;\n  /** Original issuer from EAT (if present) */\n  eat_iss?: string;\n  /** Original subject from EAT (if present) */\n  eat_sub?: string;\n}\n\n/** Size limit for EAT tokens (64 KB, consistent with carrier transport limits) */\nexport const EAT_SIZE_LIMIT = 65_536;\n","/**\n * EAT Passport Decoder\n *\n * Decodes COSE_Sign1 structures containing EAT (Entity Attestation Token)\n * payloads per RFC 9711. Optionally verifies Ed25519 signatures per\n * RFC 9052 Section 4.4 (Sig_structure construction).\n *\n * References:\n *   - RFC 9052 Section 4.2 (COSE_Sign1 structure)\n *   - RFC 9052 Section 4.4 (Signing and Verification Process)\n *   - RFC 9053 Table 2 (EdDSA algorithm identifier: -8)\n *   - RFC 9711 (Entity Attestation Token)\n *   - RFC 8949 (CBOR encoding)\n *\n * Security:\n *   - 64 KB size limit enforced BEFORE CBOR decode (DoS prevention)\n *   - Only Ed25519 (COSE alg -8) supported; all others rejected\n *   - No network I/O\n */\n\nimport cbor from 'cbor';\n\nconst cborDecode = cbor.decode;\nconst cborEncode = cbor.encode;\nimport { ed25519Verify } from '@peac/crypto';\nimport type { CoseSign1, CoseProtectedHeaders, EatClaims, EatPassportResult } from './types.js';\nimport { COSE_ALG, EAT_SIZE_LIMIT } from './types.js';\n\n/** Error class for EAT adapter failures */\nexport class EatAdapterError extends Error {\n  constructor(\n    message: string,\n    public readonly code: string\n  ) {\n    super(message);\n    this.name = 'EatAdapterError';\n  }\n}\n\n/**\n * Decode a COSE_Sign1 array from raw CBOR bytes.\n *\n * Validates the COSE_Sign1 structure per RFC 9052 Section 4.2:\n *   [protected, unprotected, payload, signature]\n *\n * @param data - Raw CBOR bytes\n * @returns Parsed COSE_Sign1 structure\n * @throws EatAdapterError on invalid CBOR or COSE structure\n */\nfunction decodeCoseSign1(data: Uint8Array): CoseSign1 {\n  let decoded: unknown;\n  try {\n    decoded = cborDecode(data);\n  } catch {\n    throw new EatAdapterError('EAT token is not valid CBOR', 'E_EAT_INVALID_CBOR');\n  }\n\n  // COSE_Sign1 is a CBOR array of exactly 4 elements\n  if (!Array.isArray(decoded) || decoded.length !== 4) {\n    throw new EatAdapterError(\n      'EAT token is not a valid COSE_Sign1 structure (expected 4-element array)',\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  const [protectedBytes, unprotectedMap, payload, signature] = decoded;\n\n  if (!(protectedBytes instanceof Uint8Array)) {\n    throw new EatAdapterError(\n      'COSE_Sign1 protected header must be a byte string',\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  if (payload === null) {\n    throw new EatAdapterError(\n      'Detached COSE_Sign1 payload (null) is not supported; EAT tokens require an attached payload',\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  if (!(payload instanceof Uint8Array)) {\n    throw new EatAdapterError('COSE_Sign1 payload must be a byte string', 'E_EAT_INVALID_COSE');\n  }\n\n  if (!(signature instanceof Uint8Array)) {\n    throw new EatAdapterError('COSE_Sign1 signature must be a byte string', 'E_EAT_INVALID_COSE');\n  }\n\n  // Ed25519 signatures are exactly 64 bytes\n  if (signature.length !== 64) {\n    throw new EatAdapterError(\n      `COSE_Sign1 signature has unexpected length ${signature.length} (expected 64 for Ed25519)`,\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  return {\n    protected: protectedBytes,\n    unprotected: unprotectedMap instanceof Map ? unprotectedMap : new Map<number, unknown>(),\n    payload,\n    signature,\n  };\n}\n\n/**\n * Decode and validate COSE protected headers.\n *\n * @param protectedBytes - CBOR-encoded protected headers\n * @returns Decoded headers with algorithm and optional kid\n * @throws EatAdapterError if algorithm is not EdDSA (-8)\n */\nfunction decodeProtectedHeaders(protectedBytes: Uint8Array): CoseProtectedHeaders {\n  if (protectedBytes.length === 0) {\n    throw new EatAdapterError('COSE_Sign1 protected headers are empty', 'E_EAT_INVALID_COSE');\n  }\n\n  let headerMap: unknown;\n  try {\n    headerMap = cborDecode(protectedBytes);\n  } catch {\n    throw new EatAdapterError(\n      'COSE_Sign1 protected headers are not valid CBOR',\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  if (!(headerMap instanceof Map)) {\n    throw new EatAdapterError(\n      'COSE_Sign1 protected headers must be a CBOR map',\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  // Label 1 = alg\n  const alg = headerMap.get(1);\n  if (typeof alg !== 'number') {\n    throw new EatAdapterError(\n      'COSE_Sign1 protected headers missing algorithm (label 1)',\n      'E_EAT_INVALID_COSE'\n    );\n  }\n\n  if (alg !== COSE_ALG.EdDSA) {\n    throw new EatAdapterError(\n      `Unsupported COSE algorithm ${alg}; only EdDSA (-8) is supported`,\n      'E_EAT_UNSUPPORTED_ALG'\n    );\n  }\n\n  // Label 4 = kid (optional)\n  const kid = headerMap.get(4);\n\n  return {\n    alg,\n    kid: kid instanceof Uint8Array || typeof kid === 'string' ? kid : undefined,\n  };\n}\n\n/**\n * Decode EAT claims from COSE payload bytes.\n *\n * @param payload - CBOR-encoded payload\n * @returns EAT claims as a Map\n * @throws EatAdapterError if payload is not valid CBOR\n */\nfunction decodeEatClaims(payload: Uint8Array): EatClaims {\n  if (payload.length === 0) {\n    return new Map();\n  }\n\n  let decoded: unknown;\n  try {\n    decoded = cborDecode(payload);\n  } catch {\n    throw new EatAdapterError('EAT payload is not valid CBOR', 'E_EAT_INVALID_CBOR');\n  }\n\n  if (decoded instanceof Map) {\n    return decoded as EatClaims;\n  }\n\n  // Some CBOR decoders return plain objects for empty maps or when\n  // configured without Map preference. Convert to Map for consistency.\n  if (typeof decoded === 'object' && decoded !== null && !Array.isArray(decoded)) {\n    const map = new Map<number | string, unknown>();\n    for (const [k, v] of Object.entries(decoded as Record<string, unknown>)) {\n      const numKey = Number(k);\n      map.set(Number.isInteger(numKey) ? numKey : k, v);\n    }\n    return map;\n  }\n\n  throw new EatAdapterError('EAT payload must be a CBOR map', 'E_EAT_INVALID_CBOR');\n}\n\n/**\n * Construct the Sig_structure for COSE_Sign1 verification per RFC 9052 Section 4.4.\n *\n * Sig_structure1 = [\n *   context : \"Signature1\",\n *   body_protected : bstr,\n *   external_aad : bstr,\n *   payload : bstr\n * ]\n *\n * @param protectedBytes - Serialized protected headers\n * @param payload - Payload bytes\n * @param externalAad - External additional authenticated data (defaults to empty)\n * @returns CBOR-encoded Sig_structure bytes\n */\nfunction buildSigStructure(\n  protectedBytes: Uint8Array,\n  payload: Uint8Array,\n  externalAad: Uint8Array = new Uint8Array(0)\n): Uint8Array {\n  const sigStructure = ['Signature1', protectedBytes, externalAad, payload];\n  return cborEncode(sigStructure);\n}\n\n/**\n * Decode an EAT passport from COSE_Sign1 CBOR bytes.\n *\n * Enforces a 64 KB size limit before CBOR decode (DoS prevention).\n * Validates COSE_Sign1 structure per RFC 9052 Section 4.2.\n * Optionally verifies Ed25519 signature per RFC 9052 Section 4.4.\n *\n * @param data - Raw COSE_Sign1 CBOR bytes\n * @param publicKey - Optional Ed25519 public key (32 bytes) for signature verification\n * @returns Decoded EAT passport with headers, claims, and optional signature validity\n * @throws EatAdapterError on size, CBOR, COSE, or algorithm errors\n */\nexport async function decodeEatPassport(\n  data: Uint8Array,\n  publicKey?: Uint8Array\n): Promise<EatPassportResult> {\n  // Size limit: 64 KB enforced BEFORE any CBOR decode\n  if (data.length > EAT_SIZE_LIMIT) {\n    throw new EatAdapterError(\n      `EAT token is ${data.length} bytes, exceeding ${EAT_SIZE_LIMIT} byte limit`,\n      'E_EAT_SIZE_EXCEEDED'\n    );\n  }\n\n  if (data.length === 0) {\n    throw new EatAdapterError('EAT token is empty', 'E_EAT_INVALID_CBOR');\n  }\n\n  // Step 1: Decode COSE_Sign1 structure\n  const coseSign1 = decodeCoseSign1(data);\n\n  // Step 2: Decode and validate protected headers\n  const headers = decodeProtectedHeaders(coseSign1.protected);\n\n  // Step 3: Decode EAT claims from payload\n  const claims = decodeEatClaims(coseSign1.payload);\n\n  // Step 4: Optionally verify Ed25519 signature\n  let signatureValid: boolean | undefined;\n  if (publicKey !== undefined) {\n    if (publicKey.length !== 32) {\n      throw new EatAdapterError(\n        `Ed25519 public key must be 32 bytes, got ${publicKey.length}`,\n        'E_EAT_SIGNATURE_FAILED'\n      );\n    }\n\n    const sigStructureBytes = buildSigStructure(coseSign1.protected, coseSign1.payload);\n\n    try {\n      signatureValid = await ed25519Verify(coseSign1.signature, sigStructureBytes, publicKey);\n    } catch {\n      throw new EatAdapterError('Ed25519 signature verification failed', 'E_EAT_SIGNATURE_FAILED');\n    }\n\n    if (!signatureValid) {\n      throw new EatAdapterError(\n        'COSE_Sign1 Ed25519 signature is invalid',\n        'E_EAT_SIGNATURE_FAILED'\n      );\n    }\n  }\n\n  return { headers, claims, signatureValid };\n}\n","/**\n * EAT Claim Mapper: maps EAT claims to Wire 0.2 receipt claims\n *\n * Privacy-first: all claim values are SHA-256 hashed by default.\n * Callers opt in to raw value inclusion via `includeRawClaims` option.\n * This prevents accidental PII leakage from EAT attestations into PEAC receipts.\n *\n * References:\n *   - RFC 9711 (Entity Attestation Token)\n *   - Wire 0.2 spec: kind, type, pillars, extensions\n */\n\nimport { sha256Hex } from '@peac/crypto';\nimport { EAT_CLAIM_KEY } from './types.js';\nimport type { EatClaims, ClaimMapperOptions, MappedEatClaims } from './types.js';\n\nconst DEFAULT_TYPE = 'org.peacprotocol/attestation';\nconst DEFAULT_PILLARS = ['identity'];\n\n/** Well-known EAT claim labels (integer to string name) */\nconst CLAIM_LABEL_NAMES: Record<number, string> = {\n  [EAT_CLAIM_KEY.iss]: 'iss',\n  [EAT_CLAIM_KEY.sub]: 'sub',\n  [EAT_CLAIM_KEY.aud]: 'aud',\n  [EAT_CLAIM_KEY.exp]: 'exp',\n  [EAT_CLAIM_KEY.nbf]: 'nbf',\n  [EAT_CLAIM_KEY.iat]: 'iat',\n  [EAT_CLAIM_KEY.cti]: 'cti',\n  [EAT_CLAIM_KEY.nonce]: 'nonce',\n  [EAT_CLAIM_KEY.ueid]: 'ueid',\n  [EAT_CLAIM_KEY.sueids]: 'sueids',\n  [EAT_CLAIM_KEY.oemid]: 'oemid',\n  [EAT_CLAIM_KEY.hwmodel]: 'hwmodel',\n  [EAT_CLAIM_KEY.hwversion]: 'hwversion',\n  [EAT_CLAIM_KEY.swname]: 'swname',\n  [EAT_CLAIM_KEY.swversion]: 'swversion',\n  [EAT_CLAIM_KEY.secboot]: 'secboot',\n  [EAT_CLAIM_KEY.dbgstat]: 'dbgstat',\n};\n\n/**\n * Serialize a claim value to a deterministic string for hashing.\n * Handles Uint8Array (hex), numbers, strings, and falls back to JSON.\n */\nfunction serializeClaimValue(value: unknown): string {\n  if (value instanceof Uint8Array) {\n    return Array.from(value)\n      .map((b) => b.toString(16).padStart(2, '0'))\n      .join('');\n  }\n  if (typeof value === 'string') return value;\n  if (typeof value === 'number') return String(value);\n  if (typeof value === 'boolean') return String(value);\n  return JSON.stringify(value);\n}\n\n/**\n * Map EAT claims to Wire 0.2 receipt claims.\n *\n * Privacy-first: claim values are SHA-256 hashed unless their integer key\n * appears in `options.includeRawClaims`. This prevents accidental PII leakage.\n *\n * @param claims - Decoded EAT claims map\n * @param options - Mapper configuration\n * @returns Mapped claims suitable for Wire 0.2 receipt issuance\n */\nexport async function mapEatClaims(\n  claims: EatClaims,\n  options: ClaimMapperOptions = {}\n): Promise<MappedEatClaims> {\n  const { includeRawClaims = [], type = DEFAULT_TYPE, pillars = DEFAULT_PILLARS } = options;\n\n  const rawSet = new Set(includeRawClaims);\n  const attestationClaims: Record<string, string> = {};\n\n  for (const [key, value] of claims) {\n    if (typeof key !== 'number') continue;\n\n    const labelName = CLAIM_LABEL_NAMES[key] ?? `claim_${key}`;\n    const serialized = serializeClaimValue(value);\n\n    if (rawSet.has(key)) {\n      attestationClaims[labelName] = serialized;\n    } else {\n      attestationClaims[labelName] = `sha256:${await sha256Hex(serialized)}`;\n    }\n  }\n\n  // Extract standard identifiers (if present and opted-in to raw)\n  const issValue = claims.get(EAT_CLAIM_KEY.iss);\n  const subValue = claims.get(EAT_CLAIM_KEY.sub);\n\n  return {\n    kind: 'evidence',\n    type,\n    pillars,\n    attestation_claims: attestationClaims,\n    eat_iss: typeof issValue === 'string' ? issValue : undefined,\n    eat_sub: typeof subValue === 'string' ? subValue : undefined,\n  };\n}\n"]}

package/dist/passport.d.ts

@@ -0,0 +1,39 @@
+/**
+ * EAT Passport Decoder
+ *
+ * Decodes COSE_Sign1 structures containing EAT (Entity Attestation Token)
+ * payloads per RFC 9711. Optionally verifies Ed25519 signatures per
+ * RFC 9052 Section 4.4 (Sig_structure construction).
+ *
+ * References:
+ *   - RFC 9052 Section 4.2 (COSE_Sign1 structure)
+ *   - RFC 9052 Section 4.4 (Signing and Verification Process)
+ *   - RFC 9053 Table 2 (EdDSA algorithm identifier: -8)
+ *   - RFC 9711 (Entity Attestation Token)
+ *   - RFC 8949 (CBOR encoding)
+ *
+ * Security:
+ *   - 64 KB size limit enforced BEFORE CBOR decode (DoS prevention)
+ *   - Only Ed25519 (COSE alg -8) supported; all others rejected
+ *   - No network I/O
+ */
+import type { EatPassportResult } from './types.js';
+/** Error class for EAT adapter failures */
+export declare class EatAdapterError extends Error {
+    readonly code: string;
+    constructor(message: string, code: string);
+}
+/**
+ * Decode an EAT passport from COSE_Sign1 CBOR bytes.
+ *
+ * Enforces a 64 KB size limit before CBOR decode (DoS prevention).
+ * Validates COSE_Sign1 structure per RFC 9052 Section 4.2.
+ * Optionally verifies Ed25519 signature per RFC 9052 Section 4.4.
+ *
+ * @param data - Raw COSE_Sign1 CBOR bytes
+ * @param publicKey - Optional Ed25519 public key (32 bytes) for signature verification
+ * @returns Decoded EAT passport with headers, claims, and optional signature validity
+ * @throws EatAdapterError on size, CBOR, COSE, or algorithm errors
+ */
+export declare function decodeEatPassport(data: Uint8Array, publicKey?: Uint8Array): Promise<EatPassportResult>;
+//# sourceMappingURL=passport.d.ts.map

package/dist/passport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"passport.d.ts","sourceRoot":"","sources":["../src/passport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAOH,OAAO,KAAK,EAA8C,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAGhG,2CAA2C;AAC3C,qBAAa,eAAgB,SAAQ,KAAK;aAGtB,IAAI,EAAE,MAAM;gBAD5B,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM;CAK/B;AAuLD;;;;;;;;;;;GAWG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,UAAU,EAChB,SAAS,CAAC,EAAE,UAAU,GACrB,OAAO,CAAC,iBAAiB,CAAC,CAiD5B"}

package/dist/types.d.ts

@@ -0,0 +1,118 @@
+/**
+ * EAT (Entity Attestation Token) and COSE types
+ *
+ * References:
+ *   - RFC 9711 (Entity Attestation Token)
+ *   - RFC 9052 Section 4.2 (COSE_Sign1)
+ *   - RFC 9053 (COSE Initial Algorithms)
+ *   - RFC 8949 (CBOR)
+ */
+/**
+ * COSE_Sign1 structure per RFC 9052 Section 4.2.
+ *
+ * COSE_Sign1 = [
+ *   protected : bstr,        -- Serialized protected headers (CBOR-encoded map)
+ *   unprotected : map,       -- Unprotected headers (CBOR map, may be empty)
+ *   payload : bstr / nil,    -- Payload bytes
+ *   signature : bstr         -- Signature bytes
+ * ]
+ */
+export interface CoseSign1 {
+    protected: Uint8Array;
+    unprotected: Map<number, unknown>;
+    payload: Uint8Array;
+    signature: Uint8Array;
+}
+/**
+ * Decoded COSE protected headers.
+ *
+ * COSE header parameter labels (integer keys per RFC 9052 Section 3.1):
+ *   1 = alg (algorithm)
+ *   4 = kid (key identifier)
+ */
+export interface CoseProtectedHeaders {
+    alg: number;
+    kid?: Uint8Array | string;
+}
+/** COSE algorithm identifiers per RFC 9053 Table 2 */
+export declare const COSE_ALG: {
+    /** EdDSA (Ed25519 or Ed448) */
+    readonly EdDSA: -8;
+};
+/**
+ * EAT standard claim keys (CBOR integer labels per RFC 9711 Section 4).
+ *
+ * Many of these inherit from CWT (RFC 8392) claim labels.
+ */
+export declare const EAT_CLAIM_KEY: {
+    readonly iss: 1;
+    readonly sub: 2;
+    readonly aud: 3;
+    readonly exp: 4;
+    readonly nbf: 5;
+    readonly iat: 6;
+    readonly cti: 7;
+    readonly nonce: 10;
+    readonly ueid: 256;
+    readonly sueids: 257;
+    readonly oemid: 258;
+    readonly hwmodel: 259;
+    readonly hwversion: 260;
+    readonly swname: 271;
+    readonly swversion: 272;
+    readonly oemueid: 273;
+    readonly secboot: 262;
+    readonly dbgstat: 263;
+    readonly location: 264;
+    readonly profile: 265;
+    readonly submods: 266;
+    readonly uptime: 261;
+    readonly intuse: 267;
+    readonly dloas: 268;
+    readonly manifests: 269;
+    readonly measurements: 270;
+};
+/**
+ * Decoded EAT claims (CBOR map with integer or string keys).
+ *
+ * The decoder preserves the raw CBOR map. The claim mapper extracts
+ * specific claims by integer key.
+ */
+export type EatClaims = Map<number | string, unknown>;
+/** Result of decoding and verifying an EAT passport */
+export interface EatPassportResult {
+    /** Decoded protected headers */
+    headers: CoseProtectedHeaders;
+    /** Raw EAT claims map */
+    claims: EatClaims;
+    /** Whether the Ed25519 signature is valid (only present if publicKey provided) */
+    signatureValid?: boolean;
+}
+/** Options for the claim mapper */
+export interface ClaimMapperOptions {
+    /**
+     * Claim keys whose raw values should be included in the mapped output.
+     * By default, all claim values are hashed (SHA-256 digest) for privacy.
+     * List specific integer keys here to include their raw values.
+     */
+    includeRawClaims?: number[];
+    /** Receipt type (reverse-DNS or URI). Defaults to 'org.peacprotocol/attestation' */
+    type?: string;
+    /** Pillars to include on the receipt. Defaults to ['identity'] */
+    pillars?: string[];
+}
+/** Mapped Wire 0.2 claims from an EAT passport */
+export interface MappedEatClaims {
+    kind: 'evidence';
+    type: string;
+    pillars?: string[];
+    /** Hashed or raw claim values, keyed by claim label */
+    attestation_claims: Record<string, string>;
+    /** Original issuer from EAT (if present) */
+    eat_iss?: string;
+    /** Original subject from EAT (if present) */
+    eat_sub?: string;
+}
+/** Size limit for EAT tokens (64 KB, consistent with carrier transport limits) */
+export declare const EAT_SIZE_LIMIT = 65536;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;;;;;;;GASG;AACH,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,UAAU,CAAC;IACtB,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,EAAE,UAAU,CAAC;IACpB,SAAS,EAAE,UAAU,CAAC;CACvB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,oBAAoB;IACnC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,UAAU,GAAG,MAAM,CAAC;CAC3B;AAED,sDAAsD;AACtD,eAAO,MAAM,QAAQ;IACnB,+BAA+B;;CAEvB,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BhB,CAAC;AAEX;;;;;GAKG;AACH,MAAM,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,GAAG,MAAM,EAAE,OAAO,CAAC,CAAC;AAEtD,uDAAuD;AACvD,MAAM,WAAW,iBAAiB;IAChC,gCAAgC;IAChC,OAAO,EAAE,oBAAoB,CAAC;IAC9B,yBAAyB;IACzB,MAAM,EAAE,SAAS,CAAC;IAClB,kFAAkF;IAClF,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,mCAAmC;AACnC,MAAM,WAAW,kBAAkB;IACjC;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,oFAAoF;IACpF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,kDAAkD;AAClD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,UAAU,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,uDAAuD;IACvD,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3C,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,kFAAkF;AAClF,eAAO,MAAM,cAAc,QAAS,CAAC"}

package/package.json

@@ -0,0 +1,69 @@
+{
+  "name": "@peac/adapter-eat",
+  "version": "0.12.6",
+  "description": "EAT (Entity Attestation Token, RFC 9711) passport decoder and PEAC claim mapper",
+  "main": "dist/index.cjs",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.cjs",
+      "default": "./dist/index.mjs"
+    },
+    "./package.json": "./package.json"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/peacprotocol/peac.git",
+    "directory": "packages/adapters/eat"
+  },
+  "author": "PEAC Protocol Contributors",
+  "license": "Apache-2.0",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "cbor": "^9.0.0",
+    "@peac/kernel": "0.12.6",
+    "@peac/crypto": "0.12.6",
+    "@peac/schema": "0.12.6"
+  },
+  "devDependencies": {
+    "@types/node": "^22.19.11",
+    "tsup": "^8.0.0",
+    "typescript": "^5.3.3",
+    "vitest": "^4.0.0"
+  },
+  "bugs": {
+    "url": "https://github.com/peacprotocol/peac/issues"
+  },
+  "homepage": "https://github.com/peacprotocol/peac#readme",
+  "keywords": [
+    "peac",
+    "peacprotocol",
+    "interaction-records",
+    "signed-records",
+    "receipts",
+    "originary",
+    "eat",
+    "entity-attestation-token",
+    "attestation",
+    "cose",
+    "cbor",
+    "rfc9711"
+  ],
+  "scripts": {
+    "prebuild": "rm -rf dist",
+    "build": "pnpm run build:js && pnpm run build:types",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "clean": "rm -rf dist",
+    "build:js": "tsup",
+    "build:types": "rm -f dist/.tsbuildinfo && tsc && rm -f dist/.tsbuildinfo"
+  }
+}