@peac/http-signatures 0.9.18

package/README.md

@@ -0,0 +1,23 @@
+# @peac/http-signatures
+
+RFC 9421 HTTP Message Signatures parsing and verification
+
+## Installation
+
+```bash
+pnpm add @peac/http-signatures
+```
+
+## Documentation
+
+See [peacprotocol.org](https://peacprotocol.org) for full documentation.
+
+## License
+
+Apache-2.0
+
+---
+
+PEAC Protocol is an open source project stewarded by Originary and community contributors.
+
+[Originary](https://www.originary.xyz) | [Docs](https://peacprotocol.org) | [GitHub](https://github.com/peacprotocol/peac)

package/dist/base.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Signature base construction per RFC 9421 Section 2.5.
+ *
+ * The signature base is a canonical string constructed from
+ * covered components and signature parameters.
+ */
+import { ParsedSignatureParams, SignatureRequest } from './types.js';
+/**
+ * Build signature base string for verification.
+ *
+ * @param request - Request data
+ * @param params - Parsed signature parameters
+ * @returns Signature base string
+ */
+export declare function buildSignatureBase(request: SignatureRequest, params: ParsedSignatureParams): string;
+/**
+ * Convert signature base string to bytes for cryptographic verification.
+ */
+export declare function signatureBaseToBytes(signatureBase: string): Uint8Array;
+//# sourceMappingURL=base.d.ts.map

package/dist/base.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.d.ts","sourceRoot":"","sources":["../src/base.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAErE;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,gBAAgB,EACzB,MAAM,EAAE,qBAAqB,GAC5B,MAAM,CAcR;AA+HD;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,aAAa,EAAE,MAAM,GAAG,UAAU,CAGtE"}

package/dist/base.js

@@ -0,0 +1,143 @@
+/**
+ * Signature base construction per RFC 9421 Section 2.5.
+ *
+ * The signature base is a canonical string constructed from
+ * covered components and signature parameters.
+ */
+/**
+ * Build signature base string for verification.
+ *
+ * @param request - Request data
+ * @param params - Parsed signature parameters
+ * @returns Signature base string
+ */
+export function buildSignatureBase(request, params) {
+    const lines = [];
+    // Add each covered component
+    for (const component of params.coveredComponents) {
+        const value = getComponentValue(request, component);
+        lines.push(`"${component}": ${value}`);
+    }
+    // Add signature params line
+    const paramsLine = buildSignatureParamsLine(params);
+    lines.push(`"@signature-params": ${paramsLine}`);
+    return lines.join('\n');
+}
+/**
+ * Get the canonical value for a component identifier.
+ */
+function getComponentValue(request, component) {
+    // Derived components start with @
+    if (component.startsWith('@')) {
+        return getDerivedComponentValue(request, component);
+    }
+    // Otherwise it's a header field
+    return getHeaderValue(request.headers, component);
+}
+/**
+ * Get derived component value.
+ */
+function getDerivedComponentValue(request, component) {
+    switch (component) {
+        case '@method':
+            return request.method.toUpperCase();
+        case '@target-uri':
+            return request.url;
+        case '@authority': {
+            try {
+                const url = new URL(request.url);
+                return url.host;
+            }
+            catch {
+                // If URL parsing fails, try to extract from headers
+                return getHeaderValue(request.headers, 'host');
+            }
+        }
+        case '@scheme': {
+            try {
+                const url = new URL(request.url);
+                return url.protocol.replace(':', '');
+            }
+            catch {
+                return 'https';
+            }
+        }
+        case '@request-target': {
+            try {
+                const url = new URL(request.url);
+                return url.pathname + url.search;
+            }
+            catch {
+                // If not a full URL, assume it's already a path
+                return request.url;
+            }
+        }
+        case '@path': {
+            try {
+                const url = new URL(request.url);
+                return url.pathname;
+            }
+            catch {
+                const pathMatch = request.url.match(/^[^?]*/);
+                return pathMatch ? pathMatch[0] : request.url;
+            }
+        }
+        case '@query': {
+            try {
+                const url = new URL(request.url);
+                return url.search || '?';
+            }
+            catch {
+                const queryMatch = request.url.match(/\?.*/);
+                return queryMatch ? queryMatch[0] : '?';
+            }
+        }
+        default:
+            // Unknown derived component - return empty
+            return '';
+    }
+}
+/**
+ * Get header value by name (case-insensitive).
+ */
+function getHeaderValue(headers, name) {
+    const lowerName = name.toLowerCase();
+    for (const [key, value] of Object.entries(headers)) {
+        if (key.toLowerCase() === lowerName) {
+            return value;
+        }
+    }
+    return '';
+}
+/**
+ * Build the signature-params line value.
+ *
+ * Format: ("component1" "component2");created=123;keyid="key";alg="ed25519"
+ */
+function buildSignatureParamsLine(params) {
+    // Build inner list of components
+    const components = params.coveredComponents.map((c) => `"${c}"`).join(' ');
+    let line = `(${components})`;
+    // Add required parameters in canonical order
+    line += `;created=${params.created}`;
+    if (params.expires !== undefined) {
+        line += `;expires=${params.expires}`;
+    }
+    if (params.nonce !== undefined) {
+        line += `;nonce="${params.nonce}"`;
+    }
+    line += `;keyid="${params.keyid}"`;
+    line += `;alg="${params.alg}"`;
+    if (params.tag !== undefined) {
+        line += `;tag="${params.tag}"`;
+    }
+    return line;
+}
+/**
+ * Convert signature base string to bytes for cryptographic verification.
+ */
+export function signatureBaseToBytes(signatureBase) {
+    const encoder = new TextEncoder();
+    return encoder.encode(signatureBase);
+}
+//# sourceMappingURL=base.js.map

package/dist/base.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.js","sourceRoot":"","sources":["../src/base.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAyB,EACzB,MAA6B;IAE7B,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,6BAA6B;IAC7B,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,iBAAiB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QACpD,KAAK,CAAC,IAAI,CAAC,IAAI,SAAS,MAAM,KAAK,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,4BAA4B;IAC5B,MAAM,UAAU,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;IACpD,KAAK,CAAC,IAAI,CAAC,wBAAwB,UAAU,EAAE,CAAC,CAAC;IAEjD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,OAAyB,EAAE,SAAiB;IACrE,kCAAkC;IAClC,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,wBAAwB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IACtD,CAAC;IAED,gCAAgC;IAChC,OAAO,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,OAAyB,EAAE,SAAiB;IAC5E,QAAQ,SAAS,EAAE,CAAC;QAClB,KAAK,SAAS;YACZ,OAAO,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QAEtC,KAAK,aAAa;YAChB,OAAO,OAAO,CAAC,GAAG,CAAC;QAErB,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACjC,OAAO,GAAG,CAAC,IAAI,CAAC;YAClB,CAAC;YAAC,MAAM,CAAC;gBACP,oDAAoD;gBACpD,OAAO,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAED,KAAK,SAAS,CAAC,CAAC,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACjC,OAAO,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACvC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,OAAO,CAAC;YACjB,CAAC;QACH,CAAC;QAED,KAAK,iBAAiB,CAAC,CAAC,CAAC;YACvB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACjC,OAAO,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACP,gDAAgD;gBAChD,OAAO,OAAO,CAAC,GAAG,CAAC;YACrB,CAAC;QACH,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACjC,OAAO,GAAG,CAAC,QAAQ,CAAC;YACtB,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAC9C,OAAO,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;YAChD,CAAC;QACH,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACjC,OAAO,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC;YAC3B,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC7C,OAAO,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAC1C,CAAC;QACH,CAAC;QAED;YACE,2CAA2C;YAC3C,OAAO,EAAE,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,OAA+B,EAAE,IAAY;IACnE,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;GAIG;AACH,SAAS,wBAAwB,CAAC,MAA6B;IAC7D,iCAAiC;IACjC,MAAM,UAAU,GAAG,MAAM,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3E,IAAI,IAAI,GAAG,IAAI,UAAU,GAAG,CAAC;IAE7B,6CAA6C;IAC7C,IAAI,IAAI,YAAY,MAAM,CAAC,OAAO,EAAE,CAAC;IAErC,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,IAAI,IAAI,YAAY,MAAM,CAAC,OAAO,EAAE,CAAC;IACvC,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,IAAI,IAAI,WAAW,MAAM,CAAC,KAAK,GAAG,CAAC;IACrC,CAAC;IAED,IAAI,IAAI,WAAW,MAAM,CAAC,KAAK,GAAG,CAAC;IACnC,IAAI,IAAI,SAAS,MAAM,CAAC,GAAG,GAAG,CAAC;IAE/B,IAAI,MAAM,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;QAC7B,IAAI,IAAI,SAAS,MAAM,CAAC,GAAG,GAAG,CAAC;IACjC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,aAAqB;IACxD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,OAAO,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;AACvC,CAAC"}

package/dist/errors.d.ts

@@ -0,0 +1,37 @@
+/**
+ * HTTP Signature error codes per execution pack specification.
+ */
+export declare const ErrorCodes: {
+    /** Signature-Input header parse failed */
+    readonly SIGNATURE_INPUT_MALFORMED: "E_SIGNATURE_INPUT_MALFORMED";
+    /** No Signature header present */
+    readonly SIGNATURE_MISSING: "E_SIGNATURE_MISSING";
+    /** Required param (created/keyid/alg) missing */
+    readonly SIGNATURE_PARAM_MISSING: "E_SIGNATURE_PARAM_MISSING";
+    /** Algorithm not ed25519 */
+    readonly SIGNATURE_ALGORITHM_UNSUPPORTED: "E_SIGNATURE_ALGORITHM_UNSUPPORTED";
+    /** Signature expired (now > expires) */
+    readonly SIGNATURE_EXPIRED: "E_SIGNATURE_EXPIRED";
+    /** Signature from future (created > now + skew) */
+    readonly SIGNATURE_FUTURE: "E_SIGNATURE_FUTURE";
+    /** Cryptographic verification failed */
+    readonly SIGNATURE_INVALID: "E_SIGNATURE_INVALID";
+    /** Ed25519 WebCrypto not supported */
+    readonly WEBCRYPTO_UNAVAILABLE: "E_WEBCRYPTO_UNAVAILABLE";
+    /** Key not found by resolver */
+    readonly KEY_NOT_FOUND: "E_KEY_NOT_FOUND";
+};
+export type ErrorCode = (typeof ErrorCodes)[keyof typeof ErrorCodes];
+/**
+ * HTTP status codes for each error.
+ */
+export declare const ErrorHttpStatus: Record<ErrorCode, number>;
+/**
+ * HTTP Signature error with code and HTTP status.
+ */
+export declare class HttpSignatureError extends Error {
+    readonly code: ErrorCode;
+    readonly httpStatus: number;
+    constructor(code: ErrorCode, message: string);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,eAAO,MAAM,UAAU;IACrB,0CAA0C;;IAE1C,kCAAkC;;IAElC,iDAAiD;;IAEjD,4BAA4B;;IAE5B,wCAAwC;;IAExC,mDAAmD;;IAEnD,wCAAwC;;IAExC,sCAAsC;;IAEtC,gCAAgC;;CAExB,CAAC;AAEX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAErE;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAUrD,CAAC;AAEF;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;IAC3C,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEhB,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM;CAM7C"}

package/dist/errors.js

@@ -0,0 +1,51 @@
+/**
+ * HTTP Signature error codes per execution pack specification.
+ */
+export const ErrorCodes = {
+    /** Signature-Input header parse failed */
+    SIGNATURE_INPUT_MALFORMED: 'E_SIGNATURE_INPUT_MALFORMED',
+    /** No Signature header present */
+    SIGNATURE_MISSING: 'E_SIGNATURE_MISSING',
+    /** Required param (created/keyid/alg) missing */
+    SIGNATURE_PARAM_MISSING: 'E_SIGNATURE_PARAM_MISSING',
+    /** Algorithm not ed25519 */
+    SIGNATURE_ALGORITHM_UNSUPPORTED: 'E_SIGNATURE_ALGORITHM_UNSUPPORTED',
+    /** Signature expired (now > expires) */
+    SIGNATURE_EXPIRED: 'E_SIGNATURE_EXPIRED',
+    /** Signature from future (created > now + skew) */
+    SIGNATURE_FUTURE: 'E_SIGNATURE_FUTURE',
+    /** Cryptographic verification failed */
+    SIGNATURE_INVALID: 'E_SIGNATURE_INVALID',
+    /** Ed25519 WebCrypto not supported */
+    WEBCRYPTO_UNAVAILABLE: 'E_WEBCRYPTO_UNAVAILABLE',
+    /** Key not found by resolver */
+    KEY_NOT_FOUND: 'E_KEY_NOT_FOUND',
+};
+/**
+ * HTTP status codes for each error.
+ */
+export const ErrorHttpStatus = {
+    [ErrorCodes.SIGNATURE_INPUT_MALFORMED]: 400,
+    [ErrorCodes.SIGNATURE_MISSING]: 401,
+    [ErrorCodes.SIGNATURE_PARAM_MISSING]: 400,
+    [ErrorCodes.SIGNATURE_ALGORITHM_UNSUPPORTED]: 400,
+    [ErrorCodes.SIGNATURE_EXPIRED]: 401,
+    [ErrorCodes.SIGNATURE_FUTURE]: 401,
+    [ErrorCodes.SIGNATURE_INVALID]: 401,
+    [ErrorCodes.WEBCRYPTO_UNAVAILABLE]: 500,
+    [ErrorCodes.KEY_NOT_FOUND]: 401,
+};
+/**
+ * HTTP Signature error with code and HTTP status.
+ */
+export class HttpSignatureError extends Error {
+    code;
+    httpStatus;
+    constructor(code, message) {
+        super(message);
+        this.name = 'HttpSignatureError';
+        this.code = code;
+        this.httpStatus = ErrorHttpStatus[code];
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,0CAA0C;IAC1C,yBAAyB,EAAE,6BAA6B;IACxD,kCAAkC;IAClC,iBAAiB,EAAE,qBAAqB;IACxC,iDAAiD;IACjD,uBAAuB,EAAE,2BAA2B;IACpD,4BAA4B;IAC5B,+BAA+B,EAAE,mCAAmC;IACpE,wCAAwC;IACxC,iBAAiB,EAAE,qBAAqB;IACxC,mDAAmD;IACnD,gBAAgB,EAAE,oBAAoB;IACtC,wCAAwC;IACxC,iBAAiB,EAAE,qBAAqB;IACxC,sCAAsC;IACtC,qBAAqB,EAAE,yBAAyB;IAChD,gCAAgC;IAChC,aAAa,EAAE,iBAAiB;CACxB,CAAC;AAIX;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAA8B;IACxD,CAAC,UAAU,CAAC,yBAAyB,CAAC,EAAE,GAAG;IAC3C,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,GAAG;IACnC,CAAC,UAAU,CAAC,uBAAuB,CAAC,EAAE,GAAG;IACzC,CAAC,UAAU,CAAC,+BAA+B,CAAC,EAAE,GAAG;IACjD,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,GAAG;IACnC,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,GAAG;IAClC,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,GAAG;IACnC,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,GAAG;IACvC,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,GAAG;CAChC,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAClC,IAAI,CAAY;IAChB,UAAU,CAAS;IAE5B,YAAY,IAAe,EAAE,OAAe;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;QACjC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * @peac/http-signatures
+ *
+ * RFC 9421 HTTP Message Signatures parsing and verification.
+ * Runtime-neutral - no DOM dependencies in public API.
+ */
+export type { SignatureVerifier, KeyResolver, ParsedSignatureParams, ParsedSignature, VerificationResult, SignatureRequest, VerifyOptions, } from './types.js';
+export { parseSignatureInput, parseSignatureHeader, parseSignature } from './parser.js';
+export { buildSignatureBase, signatureBaseToBytes } from './base.js';
+export { verifySignature, isExpired, isCreatedInFuture, isEd25519WebCryptoSupported, createWebCryptoVerifier, } from './verify.js';
+export { ErrorCodes, ErrorHttpStatus, HttpSignatureError } from './errors.js';
+export type { ErrorCode } from './errors.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,YAAY,EACV,iBAAiB,EACjB,WAAW,EACX,qBAAqB,EACrB,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,aAAa,GACd,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAGxF,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAGrE,OAAO,EACL,eAAe,EACf,SAAS,EACT,iBAAiB,EACjB,2BAA2B,EAC3B,uBAAuB,GACxB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC9E,YAAY,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -0,0 +1,15 @@
+/**
+ * @peac/http-signatures
+ *
+ * RFC 9421 HTTP Message Signatures parsing and verification.
+ * Runtime-neutral - no DOM dependencies in public API.
+ */
+// Parser
+export { parseSignatureInput, parseSignatureHeader, parseSignature } from './parser.js';
+// Signature base
+export { buildSignatureBase, signatureBaseToBytes } from './base.js';
+// Verification
+export { verifySignature, isExpired, isCreatedInFuture, isEd25519WebCryptoSupported, createWebCryptoVerifier, } from './verify.js';
+// Errors
+export { ErrorCodes, ErrorHttpStatus, HttpSignatureError } from './errors.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAaH,SAAS;AACT,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAExF,iBAAiB;AACjB,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAErE,eAAe;AACf,OAAO,EACL,eAAe,EACf,SAAS,EACT,iBAAiB,EACjB,2BAA2B,EAC3B,uBAAuB,GACxB,MAAM,aAAa,CAAC;AAErB,SAAS;AACT,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC"}

package/dist/parser.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Parser for RFC 9421 Signature-Input and Signature headers.
+ *
+ * Implements minimal RFC 8941 Structured Fields parsing for
+ * Dictionary and Inner List types as needed by HTTP Signatures.
+ */
+import { ParsedSignatureParams, ParsedSignature } from './types.js';
+/**
+ * Parse Signature-Input header value into structured parameters.
+ *
+ * Format: label=("component1" "component2");param1=value1;param2=value2
+ *
+ * @param headerValue - Raw Signature-Input header value
+ * @returns Map of label to parsed parameters
+ */
+export declare function parseSignatureInput(headerValue: string): Map<string, ParsedSignatureParams>;
+/**
+ * Parse Signature header value into raw signature bytes.
+ *
+ * Format: label=:base64signature:
+ *
+ * @param headerValue - Raw Signature header value
+ * @returns Map of label to signature bytes
+ */
+export declare function parseSignatureHeader(headerValue: string): Map<string, {
+    bytes: Uint8Array;
+    base64: string;
+}>;
+/**
+ * Parse complete signature from both headers.
+ *
+ * @param signatureInput - Signature-Input header value
+ * @param signature - Signature header value
+ * @param label - Optional specific label to parse (defaults to first)
+ * @returns Parsed signature or throws HttpSignatureError
+ */
+export declare function parseSignature(signatureInput: string, signature: string, label?: string): ParsedSignature;
+//# sourceMappingURL=parser.d.ts.map

package/dist/parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAGpE;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAc3F;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAClC,WAAW,EAAE,MAAM,GAClB,GAAG,CAAC,MAAM,EAAE;IAAE,KAAK,EAAE,UAAU,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAuBpD;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,cAAc,EAAE,MAAM,EACtB,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,GACb,eAAe,CAwEjB"}

package/dist/parser.js

@@ -0,0 +1,253 @@
+/**
+ * Parser for RFC 9421 Signature-Input and Signature headers.
+ *
+ * Implements minimal RFC 8941 Structured Fields parsing for
+ * Dictionary and Inner List types as needed by HTTP Signatures.
+ */
+import { ErrorCodes, HttpSignatureError } from './errors.js';
+/**
+ * Parse Signature-Input header value into structured parameters.
+ *
+ * Format: label=("component1" "component2");param1=value1;param2=value2
+ *
+ * @param headerValue - Raw Signature-Input header value
+ * @returns Map of label to parsed parameters
+ */
+export function parseSignatureInput(headerValue) {
+    const results = new Map();
+    // Split by comma for multiple signatures (outer dictionary members)
+    const members = splitDictionaryMembers(headerValue);
+    for (const member of members) {
+        const parsed = parseDictionaryMember(member.trim());
+        if (parsed) {
+            results.set(parsed.label, parsed.params);
+        }
+    }
+    return results;
+}
+/**
+ * Parse Signature header value into raw signature bytes.
+ *
+ * Format: label=:base64signature:
+ *
+ * @param headerValue - Raw Signature header value
+ * @returns Map of label to signature bytes
+ */
+export function parseSignatureHeader(headerValue) {
+    const results = new Map();
+    const members = splitDictionaryMembers(headerValue);
+    for (const member of members) {
+        const [label, value] = splitKeyValue(member.trim());
+        if (!label || !value)
+            continue;
+        // Extract base64 from :...: byte sequence format
+        const match = value.match(/^:([A-Za-z0-9+/=_-]+):$/);
+        if (!match)
+            continue;
+        const base64 = match[1];
+        try {
+            const bytes = base64ToBytes(base64);
+            results.set(label, { bytes, base64 });
+        }
+        catch {
+            // Skip invalid base64
+        }
+    }
+    return results;
+}
+/**
+ * Parse complete signature from both headers.
+ *
+ * @param signatureInput - Signature-Input header value
+ * @param signature - Signature header value
+ * @param label - Optional specific label to parse (defaults to first)
+ * @returns Parsed signature or throws HttpSignatureError
+ */
+export function parseSignature(signatureInput, signature, label) {
+    if (!signatureInput) {
+        throw new HttpSignatureError(ErrorCodes.SIGNATURE_INPUT_MALFORMED, 'Missing Signature-Input header');
+    }
+    if (!signature) {
+        throw new HttpSignatureError(ErrorCodes.SIGNATURE_MISSING, 'Missing Signature header');
+    }
+    const inputMap = parseSignatureInput(signatureInput);
+    const sigMap = parseSignatureHeader(signature);
+    if (inputMap.size === 0) {
+        throw new HttpSignatureError(ErrorCodes.SIGNATURE_INPUT_MALFORMED, 'Failed to parse Signature-Input header');
+    }
+    // Use specified label or first available
+    const targetLabel = label ?? inputMap.keys().next().value;
+    if (!targetLabel) {
+        throw new HttpSignatureError(ErrorCodes.SIGNATURE_INPUT_MALFORMED, 'No signature label found');
+    }
+    const params = inputMap.get(targetLabel);
+    if (!params) {
+        throw new HttpSignatureError(ErrorCodes.SIGNATURE_INPUT_MALFORMED, `Signature label "${targetLabel}" not found in Signature-Input`);
+    }
+    const sigData = sigMap.get(targetLabel);
+    if (!sigData) {
+        throw new HttpSignatureError(ErrorCodes.SIGNATURE_MISSING, `Signature label "${targetLabel}" not found in Signature header`);
+    }
+    // Validate required parameters
+    if (!params.keyid) {
+        throw new HttpSignatureError(ErrorCodes.SIGNATURE_PARAM_MISSING, 'Missing required parameter: keyid');
+    }
+    if (!params.alg) {
+        throw new HttpSignatureError(ErrorCodes.SIGNATURE_PARAM_MISSING, 'Missing required parameter: alg');
+    }
+    if (params.created === undefined || params.created === null) {
+        throw new HttpSignatureError(ErrorCodes.SIGNATURE_PARAM_MISSING, 'Missing required parameter: created');
+    }
+    return {
+        label: targetLabel,
+        params,
+        signatureBytes: sigData.bytes,
+        signatureBase64: sigData.base64,
+    };
+}
+// --- Internal parsing helpers ---
+/**
+ * Split dictionary members by comma, respecting inner lists and strings.
+ */
+function splitDictionaryMembers(value) {
+    const members = [];
+    let current = '';
+    let depth = 0;
+    let inString = false;
+    let inByteSeq = false;
+    for (let i = 0; i < value.length; i++) {
+        const char = value[i];
+        if (char === '"' && !inByteSeq) {
+            inString = !inString;
+            current += char;
+        }
+        else if (char === ':' && !inString) {
+            inByteSeq = !inByteSeq;
+            current += char;
+        }
+        else if (char === '(' && !inString && !inByteSeq) {
+            depth++;
+            current += char;
+        }
+        else if (char === ')' && !inString && !inByteSeq) {
+            depth--;
+            current += char;
+        }
+        else if (char === ',' && depth === 0 && !inString && !inByteSeq) {
+            if (current.trim()) {
+                members.push(current.trim());
+            }
+            current = '';
+        }
+        else {
+            current += char;
+        }
+    }
+    if (current.trim()) {
+        members.push(current.trim());
+    }
+    return members;
+}
+/**
+ * Split a dictionary member into key=value pair.
+ */
+function splitKeyValue(member) {
+    const eqIndex = member.indexOf('=');
+    if (eqIndex === -1) {
+        return [member, ''];
+    }
+    return [member.slice(0, eqIndex), member.slice(eqIndex + 1)];
+}
+/**
+ * Parse a single dictionary member (label=inner-list;params).
+ */
+function parseDictionaryMember(member) {
+    const [label, rest] = splitKeyValue(member);
+    if (!label || !rest)
+        return null;
+    // Parse inner list and parameters
+    // Format: ("component1" "component2");param1=value1;param2=value2
+    const innerListMatch = rest.match(/^\(([^)]*)\)(.*)$/);
+    if (!innerListMatch)
+        return null;
+    const innerListContent = innerListMatch[1];
+    const paramsString = innerListMatch[2];
+    // Parse covered components from inner list
+    const coveredComponents = parseInnerList(innerListContent);
+    // Parse parameters
+    const rawParams = parseParameters(paramsString);
+    const params = {
+        keyid: String(rawParams.keyid ?? ''),
+        alg: String(rawParams.alg ?? ''),
+        created: rawParams.created !== undefined ? Number(rawParams.created) : 0,
+        coveredComponents,
+    };
+    if (rawParams.expires !== undefined) {
+        params.expires = Number(rawParams.expires);
+    }
+    if (rawParams.nonce !== undefined) {
+        params.nonce = String(rawParams.nonce);
+    }
+    if (rawParams.tag !== undefined) {
+        params.tag = String(rawParams.tag);
+    }
+    return { label, params };
+}
+/**
+ * Parse inner list content (space-separated quoted strings).
+ */
+function parseInnerList(content) {
+    const items = [];
+    const regex = /"([^"]*)"/g;
+    let match;
+    while ((match = regex.exec(content)) !== null) {
+        items.push(match[1]);
+    }
+    return items;
+}
+/**
+ * Parse parameters from ;key=value;key2=value2 format.
+ */
+function parseParameters(paramsString) {
+    const params = {};
+    // Split by semicolon
+    const parts = paramsString.split(';').filter((p) => p.trim());
+    for (const part of parts) {
+        const [key, value] = splitKeyValue(part.trim());
+        if (!key)
+            continue;
+        // Parse value - could be integer, string, or token
+        if (!value) {
+            params[key] = true;
+        }
+        else if (value.startsWith('"') && value.endsWith('"')) {
+            // Quoted string
+            params[key] = value.slice(1, -1);
+        }
+        else if (/^-?\d+$/.test(value)) {
+            // Integer
+            params[key] = parseInt(value, 10);
+        }
+        else {
+            // Token or other
+            params[key] = value;
+        }
+    }
+    return params;
+}
+/**
+ * Decode base64 (standard or URL-safe) to bytes.
+ */
+function base64ToBytes(base64) {
+    // Handle URL-safe base64
+    const normalized = base64.replace(/-/g, '+').replace(/_/g, '/');
+    // Add padding if needed
+    const padded = normalized.padEnd(normalized.length + ((4 - (normalized.length % 4)) % 4), '=');
+    const binary = atob(padded);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+//# sourceMappingURL=parser.js.map

package/dist/parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.js","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAE7D;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,WAAmB;IACrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiC,CAAC;IAEzD,oEAAoE;IACpE,MAAM,OAAO,GAAG,sBAAsB,CAAC,WAAW,CAAC,CAAC;IAEpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,qBAAqB,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACpD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,oBAAoB,CAClC,WAAmB;IAEnB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiD,CAAC;IAEzE,MAAM,OAAO,GAAG,sBAAsB,CAAC,WAAW,CAAC,CAAC;IAEpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK;YAAE,SAAS;QAE/B,iDAAiD;QACjD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;QACrD,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAC5B,cAAsB,EACtB,SAAiB,EACjB,KAAc;IAEd,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,kBAAkB,CAC1B,UAAU,CAAC,yBAAyB,EACpC,gCAAgC,CACjC,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,kBAAkB,CAAC,UAAU,CAAC,iBAAiB,EAAE,0BAA0B,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,QAAQ,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC;IACrD,MAAM,MAAM,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IAE/C,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,kBAAkB,CAC1B,UAAU,CAAC,yBAAyB,EACpC,wCAAwC,CACzC,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,MAAM,WAAW,GAAG,KAAK,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC;IAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,kBAAkB,CAAC,UAAU,CAAC,yBAAyB,EAAE,0BAA0B,CAAC,CAAC;IACjG,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,kBAAkB,CAC1B,UAAU,CAAC,yBAAyB,EACpC,oBAAoB,WAAW,gCAAgC,CAChE,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,kBAAkB,CAC1B,UAAU,CAAC,iBAAiB,EAC5B,oBAAoB,WAAW,iCAAiC,CACjE,CAAC;IACJ,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,kBAAkB,CAC1B,UAAU,CAAC,uBAAuB,EAClC,mCAAmC,CACpC,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,IAAI,kBAAkB,CAC1B,UAAU,CAAC,uBAAuB,EAClC,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,IAAI,MAAM,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;QAC5D,MAAM,IAAI,kBAAkB,CAC1B,UAAU,CAAC,uBAAuB,EAClC,qCAAqC,CACtC,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,WAAW;QAClB,MAAM;QACN,cAAc,EAAE,OAAO,CAAC,KAAK;QAC7B,eAAe,EAAE,OAAO,CAAC,MAAM;KAChC,CAAC;AACJ,CAAC;AAED,mCAAmC;AAEnC;;GAEG;AACH,SAAS,sBAAsB,CAAC,KAAa;IAC3C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,QAAQ,GAAG,CAAC,QAAQ,CAAC;YACrB,OAAO,IAAI,IAAI,CAAC;QAClB,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YACrC,SAAS,GAAG,CAAC,SAAS,CAAC;YACvB,OAAO,IAAI,IAAI,CAAC;QAClB,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,SAAS,EAAE,CAAC;YACnD,KAAK,EAAE,CAAC;YACR,OAAO,IAAI,IAAI,CAAC;QAClB,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,SAAS,EAAE,CAAC;YACnD,KAAK,EAAE,CAAC;YACR,OAAO,IAAI,IAAI,CAAC;QAClB,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,SAAS,EAAE,CAAC;YAClE,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACnB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/B,CAAC;YACD,OAAO,GAAG,EAAE,CAAC;QACf,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,IAAI,CAAC;QAClB,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,MAAc;IACnC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,OAAO,KAAK,CAAC,CAAC,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACtB,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,MAAc;IAEd,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEjC,kCAAkC;IAClC,kEAAkE;IAClE,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvD,IAAI,CAAC,cAAc;QAAE,OAAO,IAAI,CAAC;IAEjC,MAAM,gBAAgB,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;IAEvC,2CAA2C;IAC3C,MAAM,iBAAiB,GAAG,cAAc,CAAC,gBAAgB,CAAC,CAAC;IAE3D,mBAAmB;IACnB,MAAM,SAAS,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAEhD,MAAM,MAAM,GAA0B;QACpC,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,KAAK,IAAI,EAAE,CAAC;QACpC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,CAAC;QAChC,OAAO,EAAE,SAAS,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,iBAAiB;KAClB,CAAC;IAEF,IAAI,SAAS,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACpC,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,SAAS,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAClC,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,SAAS,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,YAAY,CAAC;IAC3B,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,YAAoB;IAC3C,MAAM,MAAM,GAAoC,EAAE,CAAC;IAEnD,qBAAqB;IACrB,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAE9D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG;YAAE,SAAS;QAEnB,mDAAmD;QACnD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,CAAC,GAAG,CAAC,GAAG,IAAyB,CAAC;QAC1C,CAAC;aAAM,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACxD,gBAAgB;YAChB,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC;aAAM,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACjC,UAAU;YACV,MAAM,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACpC,CAAC;aAAM,CAAC;YACN,iBAAiB;YACjB,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,MAAc;IACnC,yBAAyB;IACzB,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAEhE,wBAAwB;IACxB,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAE/F,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,90 @@
+/**
+ * @peac/http-signatures - RFC 9421 HTTP Message Signatures
+ *
+ * Runtime-neutral types. No DOM dependencies (CryptoKey, Headers, etc.)
+ * in public API surface.
+ */
+/**
+ * Ed25519 signature verifier function (runtime-neutral).
+ * Takes raw data and signature bytes, returns verification result.
+ */
+export type SignatureVerifier = (data: Uint8Array, signature: Uint8Array) => Promise<boolean>;
+/**
+ * Key resolver function type (runtime-neutral).
+ * Given a key ID, returns a SignatureVerifier or null if key not found.
+ */
+export type KeyResolver = (keyid: string) => Promise<SignatureVerifier | null>;
+/**
+ * Parsed parameters from Signature-Input header.
+ * All fields exposed for TAP and other higher-level protocol enforcement.
+ */
+export interface ParsedSignatureParams {
+    /** Key identifier */
+    keyid: string;
+    /** Algorithm (must be "ed25519" for PEAC) */
+    alg: string;
+    /** Unix timestamp when signature was created */
+    created: number;
+    /** Unix timestamp when signature expires (optional) */
+    expires?: number;
+    /** Nonce for replay prevention (optional) */
+    nonce?: string;
+    /** Tag for interaction type (e.g., "agent-browser-auth") (optional) */
+    tag?: string;
+    /** Covered component identifiers */
+    coveredComponents: string[];
+}
+/**
+ * Complete parsed signature with raw signature bytes.
+ */
+export interface ParsedSignature {
+    /** Signature label from Signature-Input header */
+    label: string;
+    /** Parsed parameters */
+    params: ParsedSignatureParams;
+    /** Raw signature bytes (decoded from base64) */
+    signatureBytes: Uint8Array;
+    /** Original base64-encoded signature */
+    signatureBase64: string;
+}
+/**
+ * Verification result with detailed information.
+ */
+export interface VerificationResult {
+    /** Whether the signature is valid */
+    valid: boolean;
+    /** Parsed signature (if parsing succeeded) */
+    signature?: ParsedSignature;
+    /** Error code if verification failed */
+    errorCode?: string;
+    /** Human-readable error message */
+    errorMessage?: string;
+}
+/**
+ * Request-like object for signature verification.
+ * Uses Record<string, string> instead of Headers for runtime neutrality.
+ */
+export interface SignatureRequest {
+    /** HTTP method */
+    method: string;
+    /** Request URL (full or path) */
+    url: string;
+    /** Request headers as Record */
+    headers: Record<string, string>;
+    /** Request body (optional, for content-digest) */
+    body?: string | ArrayBuffer | Uint8Array;
+}
+/**
+ * Options for signature verification.
+ */
+export interface VerifyOptions {
+    /** Key resolver function */
+    keyResolver: KeyResolver;
+    /** Current timestamp (defaults to Date.now() / 1000) */
+    now?: number;
+    /** Clock skew tolerance in seconds (defaults to 60) */
+    clockSkewSeconds?: number;
+    /** Signature label to verify (defaults to first available) */
+    label?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAE9F;;;GAGG;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC;AAE/E;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,qBAAqB;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,6CAA6C;IAC7C,GAAG,EAAE,MAAM,CAAC;IACZ,gDAAgD;IAChD,OAAO,EAAE,MAAM,CAAC;IAChB,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,uEAAuE;IACvE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,oCAAoC;IACpC,iBAAiB,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,kDAAkD;IAClD,KAAK,EAAE,MAAM,CAAC;IACd,wBAAwB;IACxB,MAAM,EAAE,qBAAqB,CAAC;IAC9B,gDAAgD;IAChD,cAAc,EAAE,UAAU,CAAC;IAC3B,wCAAwC;IACxC,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,qCAAqC;IACrC,KAAK,EAAE,OAAO,CAAC;IACf,8CAA8C;IAC9C,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,wCAAwC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kBAAkB;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,iCAAiC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,gCAAgC;IAChC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,kDAAkD;IAClD,IAAI,CAAC,EAAE,MAAM,GAAG,WAAW,GAAG,UAAU,CAAC;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,WAAW,EAAE,WAAW,CAAC;IACzB,wDAAwD;IACxD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,uDAAuD;IACvD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,8DAA8D;IAC9D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB"}

package/dist/types.js

@@ -0,0 +1,8 @@
+/**
+ * @peac/http-signatures - RFC 9421 HTTP Message Signatures
+ *
+ * Runtime-neutral types. No DOM dependencies (CryptoKey, Headers, etc.)
+ * in public API surface.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/verify.d.ts

@@ -0,0 +1,49 @@
+/**
+ * HTTP Message Signature verification.
+ *
+ * Runtime-neutral verification using SignatureVerifier function type.
+ * WebCrypto is used internally but NOT exposed in public API.
+ */
+import { SignatureVerifier, SignatureRequest, VerifyOptions, VerificationResult, ParsedSignatureParams } from './types.js';
+/**
+ * Verify an HTTP Message Signature.
+ *
+ * @param request - Request data with headers
+ * @param options - Verification options including key resolver
+ * @returns Verification result
+ */
+export declare function verifySignature(request: SignatureRequest, options: VerifyOptions): Promise<VerificationResult>;
+/**
+ * Check if signature is expired.
+ *
+ * @param params - Parsed signature parameters
+ * @param now - Current Unix timestamp (defaults to current time)
+ * @returns true if signature is expired
+ */
+export declare function isExpired(params: ParsedSignatureParams, now?: number): boolean;
+/**
+ * Check if signature was created in the future (accounting for clock skew).
+ *
+ * @param params - Parsed signature parameters
+ * @param now - Current Unix timestamp (defaults to current time)
+ * @param skewSeconds - Allowed clock skew in seconds (defaults to 60)
+ * @returns true if signature is from the future
+ */
+export declare function isCreatedInFuture(params: ParsedSignatureParams, now?: number, skewSeconds?: number): boolean;
+/**
+ * Check if Ed25519 WebCrypto is supported in current runtime.
+ *
+ * @returns true if Ed25519 WebCrypto is available
+ */
+export declare function isEd25519WebCryptoSupported(): Promise<boolean>;
+/**
+ * Create a SignatureVerifier from a WebCrypto CryptoKey.
+ *
+ * This is a helper for consumers who have CryptoKey objects.
+ * The function is runtime-neutral as it accepts unknown and casts internally.
+ *
+ * @param key - WebCrypto CryptoKey (passed as unknown for runtime neutrality)
+ * @returns SignatureVerifier function
+ */
+export declare function createWebCryptoVerifier(key: unknown): SignatureVerifier;
+//# sourceMappingURL=verify.d.ts.map

package/dist/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,iBAAiB,EAEjB,gBAAgB,EAChB,aAAa,EACb,kBAAkB,EAClB,qBAAqB,EACtB,MAAM,YAAY,CAAC;AAKpB;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,gBAAgB,EACzB,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,kBAAkB,CAAC,CAwD7B;AA2BD;;;;;;GAMG;AACH,wBAAgB,SAAS,CACvB,MAAM,EAAE,qBAAqB,EAC7B,GAAG,GAAE,MAAsC,GAC1C,OAAO,CAKT;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,qBAAqB,EAC7B,GAAG,GAAE,MAAsC,EAC3C,WAAW,GAAE,MAAW,GACvB,OAAO,CAET;AAED;;;;GAIG;AACH,wBAAsB,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC,CAWpE;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,OAAO,GAAG,iBAAiB,CAWvE"}

package/dist/verify.js

@@ -0,0 +1,144 @@
+/**
+ * HTTP Message Signature verification.
+ *
+ * Runtime-neutral verification using SignatureVerifier function type.
+ * WebCrypto is used internally but NOT exposed in public API.
+ */
+import { parseSignature } from './parser.js';
+import { buildSignatureBase, signatureBaseToBytes } from './base.js';
+import { ErrorCodes, HttpSignatureError } from './errors.js';
+/**
+ * Verify an HTTP Message Signature.
+ *
+ * @param request - Request data with headers
+ * @param options - Verification options including key resolver
+ * @returns Verification result
+ */
+export async function verifySignature(request, options) {
+    const { keyResolver, now = Math.floor(Date.now() / 1000), clockSkewSeconds = 60 } = options;
+    try {
+        // Get signature headers
+        const signatureInput = getHeader(request.headers, 'signature-input');
+        const signature = getHeader(request.headers, 'signature');
+        // Parse signature
+        const parsed = parseSignature(signatureInput, signature, options.label);
+        // Validate algorithm
+        if (parsed.params.alg !== 'ed25519') {
+            throw new HttpSignatureError(ErrorCodes.SIGNATURE_ALGORITHM_UNSUPPORTED, `Unsupported algorithm: ${parsed.params.alg} (only ed25519 is supported)`);
+        }
+        // Validate time constraints
+        validateTimeConstraints(parsed.params, now, clockSkewSeconds);
+        // Resolve key
+        const verifier = await keyResolver(parsed.params.keyid);
+        if (!verifier) {
+            throw new HttpSignatureError(ErrorCodes.KEY_NOT_FOUND, `Key not found: ${parsed.params.keyid}`);
+        }
+        // Build signature base
+        const signatureBase = buildSignatureBase(request, parsed.params);
+        const signatureBaseBytes = signatureBaseToBytes(signatureBase);
+        // Verify signature
+        const valid = await verifier(signatureBaseBytes, parsed.signatureBytes);
+        if (!valid) {
+            throw new HttpSignatureError(ErrorCodes.SIGNATURE_INVALID, 'Signature verification failed');
+        }
+        return {
+            valid: true,
+            signature: parsed,
+        };
+    }
+    catch (error) {
+        if (error instanceof HttpSignatureError) {
+            return {
+                valid: false,
+                errorCode: error.code,
+                errorMessage: error.message,
+            };
+        }
+        throw error;
+    }
+}
+/**
+ * Validate time constraints on signature parameters.
+ */
+function validateTimeConstraints(params, now, clockSkewSeconds) {
+    // Check if signature is from the future (with skew tolerance)
+    if (isCreatedInFuture(params, now, clockSkewSeconds)) {
+        throw new HttpSignatureError(ErrorCodes.SIGNATURE_FUTURE, `Signature created in future: ${params.created} > ${now + clockSkewSeconds}`);
+    }
+    // Check if signature is expired
+    if (isExpired(params, now)) {
+        throw new HttpSignatureError(ErrorCodes.SIGNATURE_EXPIRED, `Signature expired: ${params.expires} < ${now}`);
+    }
+}
+/**
+ * Check if signature is expired.
+ *
+ * @param params - Parsed signature parameters
+ * @param now - Current Unix timestamp (defaults to current time)
+ * @returns true if signature is expired
+ */
+export function isExpired(params, now = Math.floor(Date.now() / 1000)) {
+    if (params.expires === undefined) {
+        return false;
+    }
+    return now > params.expires;
+}
+/**
+ * Check if signature was created in the future (accounting for clock skew).
+ *
+ * @param params - Parsed signature parameters
+ * @param now - Current Unix timestamp (defaults to current time)
+ * @param skewSeconds - Allowed clock skew in seconds (defaults to 60)
+ * @returns true if signature is from the future
+ */
+export function isCreatedInFuture(params, now = Math.floor(Date.now() / 1000), skewSeconds = 60) {
+    return params.created > now + skewSeconds;
+}
+/**
+ * Check if Ed25519 WebCrypto is supported in current runtime.
+ *
+ * @returns true if Ed25519 WebCrypto is available
+ */
+export async function isEd25519WebCryptoSupported() {
+    try {
+        // Try to generate a key pair to test support
+        const keyPair = await globalThis.crypto.subtle.generateKey('Ed25519', false, [
+            'sign',
+            'verify',
+        ]);
+        return keyPair !== null;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Create a SignatureVerifier from a WebCrypto CryptoKey.
+ *
+ * This is a helper for consumers who have CryptoKey objects.
+ * The function is runtime-neutral as it accepts unknown and casts internally.
+ *
+ * @param key - WebCrypto CryptoKey (passed as unknown for runtime neutrality)
+ * @returns SignatureVerifier function
+ */
+export function createWebCryptoVerifier(key) {
+    return async (data, signature) => {
+        // Create proper ArrayBuffer views to satisfy TypeScript
+        const sigBuffer = new Uint8Array(signature).buffer;
+        const dataBuffer = new Uint8Array(data).buffer;
+        return globalThis.crypto.subtle.verify('Ed25519', key, sigBuffer, dataBuffer);
+    };
+}
+/**
+ * Get header value by name (case-insensitive).
+ */
+function getHeader(headers, name) {
+    const lowerName = name.toLowerCase();
+    for (const [key, value] of Object.entries(headers)) {
+        if (key.toLowerCase() === lowerName) {
+            return value;
+        }
+    }
+    return '';
+}
+//# sourceMappingURL=verify.js.map

package/dist/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAUH,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AACrE,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAE7D;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAyB,EACzB,OAAsB;IAEtB,MAAM,EAAE,WAAW,EAAE,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,gBAAgB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC;IAE5F,IAAI,CAAC;QACH,wBAAwB;QACxB,MAAM,cAAc,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAE1D,kBAAkB;QAClB,MAAM,MAAM,GAAG,cAAc,CAAC,cAAc,EAAE,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QAExE,qBAAqB;QACrB,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YACpC,MAAM,IAAI,kBAAkB,CAC1B,UAAU,CAAC,+BAA+B,EAC1C,0BAA0B,MAAM,CAAC,MAAM,CAAC,GAAG,8BAA8B,CAC1E,CAAC;QACJ,CAAC;QAED,4BAA4B;QAC5B,uBAAuB,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,gBAAgB,CAAC,CAAC;QAE9D,cAAc;QACd,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,kBAAkB,CAC1B,UAAU,CAAC,aAAa,EACxB,kBAAkB,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CACxC,CAAC;QACJ,CAAC;QAED,uBAAuB;QACvB,MAAM,aAAa,GAAG,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACjE,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;QAE/D,mBAAmB;QACnB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;QAExE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,kBAAkB,CAAC,UAAU,CAAC,iBAAiB,EAAE,+BAA+B,CAAC,CAAC;QAC9F,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI;YACX,SAAS,EAAE,MAAM;SAClB,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,kBAAkB,EAAE,CAAC;YACxC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,YAAY,EAAE,KAAK,CAAC,OAAO;aAC5B,CAAC;QACJ,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAC9B,MAA6B,EAC7B,GAAW,EACX,gBAAwB;IAExB,8DAA8D;IAC9D,IAAI,iBAAiB,CAAC,MAAM,EAAE,GAAG,EAAE,gBAAgB,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,kBAAkB,CAC1B,UAAU,CAAC,gBAAgB,EAC3B,gCAAgC,MAAM,CAAC,OAAO,MAAM,GAAG,GAAG,gBAAgB,EAAE,CAC7E,CAAC;IACJ,CAAC;IAED,gCAAgC;IAChC,IAAI,SAAS,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,kBAAkB,CAC1B,UAAU,CAAC,iBAAiB,EAC5B,sBAAsB,MAAM,CAAC,OAAO,MAAM,GAAG,EAAE,CAChD,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CACvB,MAA6B,EAC7B,MAAc,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IAE3C,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC;AAC9B,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAC/B,MAA6B,EAC7B,MAAc,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAC3C,cAAsB,EAAE;IAExB,OAAO,MAAM,CAAC,OAAO,GAAG,GAAG,GAAG,WAAW,CAAC;AAC5C,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B;IAC/C,IAAI,CAAC;QACH,6CAA6C;QAC7C,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,KAAK,EAAE;YAC3E,MAAM;YACN,QAAQ;SACT,CAAC,CAAC;QACH,OAAO,OAAO,KAAK,IAAI,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAY;IAClD,OAAO,KAAK,EAAE,IAAgB,EAAE,SAAqB,EAAoB,EAAE;QACzE,wDAAwD;QACxD,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC;QACnD,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QAK/C,OAAO,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,GAAgB,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAC7F,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,SAAS,CAAC,OAA+B,EAAE,IAAY;IAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACrC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "@peac/http-signatures",
+  "version": "0.9.18",
+  "description": "RFC 9421 HTTP Message Signatures parsing and verification",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  },
+  "keywords": [
+    "http",
+    "signatures",
+    "rfc9421",
+    "ed25519",
+    "peac"
+  ],
+  "author": "PEAC Protocol Contributors",
+  "license": "Apache-2.0",
+  "bugs": {
+    "url": "https://github.com/peacprotocol/peac/issues"
+  },
+  "homepage": "https://peacprotocol.org",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/peacprotocol/peac.git",
+    "directory": "packages/http-signatures"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "devDependencies": {
+    "typescript": "^5.3.0",
+    "vitest": "^2.0.0"
+  }
+}