@peac/schema 0.12.1 → 0.12.3

package/dist/receipt-parser.mjs

@@ -1,5 +1,5 @@
 import { z } from 'zod';
-import { ALGORITHMS, HEADERS, POLICY, ISSUER_CONFIG, DISCOVERY, WIRE_TYPE, TYPE_GRAMMAR, ISS_CANONICAL, POLICY_BLOCK, HASH } from '@peac/kernel';
+import { ALGORITHMS, HEADERS, POLICY, ISSUER_CONFIG, DISCOVERY, WIRE_TYPE, HASH, TYPE_GRAMMAR, ISS_CANONICAL, POLICY_BLOCK, ERROR_CODES as ERROR_CODES$1, EXTENSION_BUDGET } from '@peac/kernel';
 
 // src/validators.ts
 var PEAC_WIRE_TYP = WIRE_TYPE;
@@ -44,7 +44,7 @@ var JsonObjectSchema = PlainObjectSchema.transform(
 ).pipe(z.record(z.string(), JsonValueSchema));
 z.array(JsonValueSchema);
 var ERROR_CODES = {
-  // Wire 0.2 extension errors (400, DD-153/DD-156)
+  // Wire 0.2 extension errors (400/)
   E_INVALID_EXTENSION_KEY: "E_INVALID_EXTENSION_KEY"
 };
 
@@ -323,7 +323,7 @@ function isOriginOnly(value) {
 var ActorBindingSchema = z.object({
   /** Stable actor identifier (opaque, no PII) */
   id: z.string().min(1).max(256),
-  /** Proof type from DD-143 multi-root vocabulary */
+  /** Proof type from multi-root vocabulary */
   proof_type: ProofTypeSchema,
   /** URI or hash of external proof artifact */
   proof_ref: z.string().max(2048).optional(),
@@ -331,7 +331,7 @@ var ActorBindingSchema = z.object({
   origin: z.string().max(2048).refine(isOriginOnly, {
     message: "origin must be an origin-only URL (scheme + host + optional port; no path, query, or fragment)"
   }),
-  /** SHA-256 hash of the intent (hash-first per DD-138) */
+  /** SHA-256 hash of the intent (hash-first per ) */
   intent_hash: z.string().regex(/^sha256:[a-f0-9]{64}$/, {
     message: "intent_hash must match sha256:<64 hex chars>"
   }).optional()
@@ -457,8 +457,52 @@ var EXTENSION_LIMITS = {
   maxSpanIdLength: 16,
   maxWorkflowIdLength: 256,
   maxParentJtiLength: 256,
-  maxDependsOnLength: 64
-};
+  maxDependsOnLength: 64,
+  // Consent
+  maxConsentBasisLength: 128,
+  maxConsentMethodLength: 128,
+  maxDataCategoriesCount: 64,
+  maxDataCategoryLength: 128,
+  maxConsentScopeLength: 256,
+  maxJurisdictionLength: 16,
+  // Compliance
+  maxFrameworkLength: 256,
+  maxAuditRefLength: 256,
+  maxAuditorLength: 256,
+  maxComplianceScopeLength: 512,
+  // Privacy
+  maxDataClassificationLength: 128,
+  maxProcessingBasisLength: 128,
+  maxAnonymizationMethodLength: 128,
+  maxDataSubjectCategoryLength: 128,
+  maxTransferMechanismLength: 128,
+  // Safety
+  maxAssessmentMethodLength: 256,
+  maxSafetyMeasuresCount: 32,
+  maxSafetyMeasureLength: 256,
+  maxIncidentRefLength: 256,
+  maxModelRefLength: 256,
+  maxSafetyCategoryLength: 128,
+  // Provenance
+  maxSourceTypeLength: 128,
+  maxSourceRefLength: 256,
+  maxVerificationMethodLength: 128,
+  maxCustodyChainCount: 16,
+  maxCustodianLength: 256,
+  maxCustodyActionLength: 128,
+  maxSlsaTrackLength: 64,
+  maxSlsaVersionLength: 16,
+  // Attribution
+  maxCreatorRefLength: 256,
+  maxObligationTypeLength: 128,
+  maxAttributionTextLength: 1024,
+  // Purpose
+  maxExternalPurposesCount: 32,
+  maxExternalPurposeLength: 128,
+  maxPurposeBasisLength: 128,
+  maxCompatiblePurposesCount: 32};
+
+// src/wire-02-extensions/grammar.ts
 var DNS_LABEL = /^[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/;
 var SEGMENT_PATTERN = /^[a-z0-9][a-z0-9_-]*$/;
 function isValidExtensionKey(key) {
@@ -479,10 +523,6 @@ function isValidExtensionKey(key) {
   return true;
 }
 var COMMERCE_EXTENSION_KEY = "org.peacprotocol/commerce";
-var ACCESS_EXTENSION_KEY = "org.peacprotocol/access";
-var CHALLENGE_EXTENSION_KEY = "org.peacprotocol/challenge";
-var IDENTITY_EXTENSION_KEY = "org.peacprotocol/identity";
-var CORRELATION_EXTENSION_KEY = "org.peacprotocol/correlation";
 var AMOUNT_MINOR_PATTERN = /^-?[0-9]+$/;
 var CommerceExtensionSchema = z.object({
   /** Payment rail identifier (e.g., 'stripe', 'x402', 'lightning') */
@@ -503,8 +543,11 @@ var CommerceExtensionSchema = z.object({
   /** Asset identifier for non-fiat (e.g., token address) */
   asset: z.string().max(EXTENSION_LIMITS.maxAssetLength).optional(),
   /** Environment discriminant */
-  env: z.enum(["live", "test"]).optional()
+  env: z.enum(["live", "test"]).optional(),
+  /** Commerce lifecycle phase. Observational metadata only: does not encode settlement finality or protocol state transitions */
+  event: z.enum(["authorization", "capture", "settlement", "refund", "void", "chargeback"]).optional()
 }).strict();
+var ACCESS_EXTENSION_KEY = "org.peacprotocol/access";
 var AccessExtensionSchema = z.object({
   /** Resource being accessed (URI or identifier) */
   resource: z.string().min(1).max(EXTENSION_LIMITS.maxResourceLength),
@@ -513,6 +556,7 @@ var AccessExtensionSchema = z.object({
   /** Access decision */
   decision: z.enum(["allow", "deny", "review"])
 }).strict();
+var CHALLENGE_EXTENSION_KEY = "org.peacprotocol/challenge";
 var CHALLENGE_TYPES = [
   "payment_required",
   "identity_required",
@@ -547,10 +591,12 @@ var ChallengeExtensionSchema = z.object({
   /** Caller-defined requirements for resolving the challenge */
   requirements: z.record(z.string(), z.unknown()).optional()
 }).strict();
+var IDENTITY_EXTENSION_KEY = "org.peacprotocol/identity";
 var IdentityExtensionSchema = z.object({
   /** Proof reference (opaque string; no actor_binding: top-level actor is sole location) */
   proof_ref: z.string().max(EXTENSION_LIMITS.maxProofRefLength).optional()
 }).strict();
+var CORRELATION_EXTENSION_KEY = "org.peacprotocol/correlation";
 var TRACE_ID_PATTERN = /^[0-9a-f]{32}$/;
 var SPAN_ID_PATTERN = /^[0-9a-f]{16}$/;
 var CorrelationExtensionSchema = z.object({
@@ -565,15 +611,554 @@ var CorrelationExtensionSchema = z.object({
   /** JTIs this receipt depends on */
   depends_on: z.array(z.string().min(1).max(EXTENSION_LIMITS.maxParentJtiLength)).max(EXTENSION_LIMITS.maxDependsOnLength).optional()
 }).strict();
+var Sha256DigestSchema = z.string().max(71).regex(HASH.pattern, "must be a valid SHA-256 digest (sha256:<64 lowercase hex>)");
+var CONTROL_CHAR_PATTERN = /[\x00-\x1f\x7f]/;
+var HttpsUriHintSchema = z.string().min(1).max(2048).refine(
+  (value) => {
+    if (CONTROL_CHAR_PATTERN.test(value)) return false;
+    if (value.includes("#")) return false;
+    try {
+      const url = new URL(value);
+      if (url.protocol !== "https:") return false;
+      if (url.username !== "" || url.password !== "") return false;
+      if (!url.hostname) return false;
+      return true;
+    } catch {
+      return false;
+    }
+  },
+  {
+    message: "must be a valid HTTPS URI (no credentials, no fragments, no control characters)"
+  }
+);
+var DATE_DESIGNATOR_ORDER = ["Y", "M", "W", "D"];
+var TIME_DESIGNATOR_ORDER = ["H", "M", "S"];
+function parseIso8601Duration(value) {
+  if (typeof value !== "string" || value.length === 0 || value.length > 64) {
+    return null;
+  }
+  if (value.charAt(0) !== "P") return null;
+  let pos = 1;
+  const len = value.length;
+  if (pos >= len) return null;
+  const result = {
+    years: 0,
+    months: 0,
+    weeks: 0,
+    days: 0,
+    hours: 0,
+    minutes: 0,
+    seconds: 0
+  };
+  let inTimePart = false;
+  let hasAnyComponent = false;
+  const seenDesignators = /* @__PURE__ */ new Set();
+  let dateOrderIdx = 0;
+  let timeOrderIdx = 0;
+  while (pos < len) {
+    if (value.charAt(pos) === "T") {
+      if (inTimePart) return null;
+      inTimePart = true;
+      pos++;
+      if (pos >= len) return null;
+      continue;
+    }
+    const numStart = pos;
+    while (pos < len && value.charAt(pos) >= "0" && value.charAt(pos) <= "9") {
+      pos++;
+    }
+    if (pos === numStart) return null;
+    const digits = value.slice(numStart, pos);
+    if (digits.length > 15) return null;
+    const num = parseInt(digits, 10);
+    if (!Number.isFinite(num) || num < 0) return null;
+    if (pos >= len) return null;
+    const designator = value.charAt(pos);
+    pos++;
+    const designatorKey = (inTimePart ? "T" : "") + designator;
+    if (seenDesignators.has(designatorKey)) return null;
+    seenDesignators.add(designatorKey);
+    if (inTimePart) {
+      const timeIdx = TIME_DESIGNATOR_ORDER.indexOf(designator);
+      if (timeIdx === -1) return null;
+      if (timeIdx < timeOrderIdx) return null;
+      timeOrderIdx = timeIdx + 1;
+      switch (designator) {
+        case "H":
+          result.hours = num;
+          break;
+        case "M":
+          result.minutes = num;
+          break;
+        case "S":
+          result.seconds = num;
+          break;
+      }
+    } else {
+      const dateIdx = DATE_DESIGNATOR_ORDER.indexOf(designator);
+      if (dateIdx === -1) return null;
+      if (dateIdx < dateOrderIdx) return null;
+      dateOrderIdx = dateIdx + 1;
+      switch (designator) {
+        case "Y":
+          result.years = num;
+          break;
+        case "M":
+          result.months = num;
+          break;
+        case "W":
+          result.weeks = num;
+          break;
+        case "D":
+          result.days = num;
+          break;
+      }
+    }
+    hasAnyComponent = true;
+  }
+  if (!hasAnyComponent) return null;
+  if (result.weeks > 0 && (result.years > 0 || result.months > 0 || result.days > 0)) {
+    return null;
+  }
+  return result;
+}
+var Iso8601DurationSchema = z.string().min(2).max(64).refine((value) => parseIso8601Duration(value) !== null, {
+  message: "must be a valid ISO 8601 duration (e.g., P30D, P1Y6M, PT1H30M)"
+});
+var Iso8601DateStringSchema = z.string().length(10).regex(/^\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12]\d|3[01])$/, {
+  message: "must be a structurally valid date string (YYYY-MM-DD)"
+});
+z.iso.datetime({ offset: true });
+var RFC3339_SECONDS_PATTERN = /T\d{2}:\d{2}:\d{2}/;
+var Rfc3339DateTimeSchema = z.iso.datetime({ offset: true }).refine((value) => RFC3339_SECONDS_PATTERN.test(value), {
+  message: "RFC 3339 requires seconds precision (e.g., 2026-03-14T12:00:00Z)"
+});
+function isValidSpdxSubsetExpression(expr) {
+  if (typeof expr !== "string" || expr.length === 0 || expr.length > 128) {
+    return false;
+  }
+  const tokens = [];
+  let current = "";
+  for (let i = 0; i < expr.length; i++) {
+    const ch = expr.charAt(i);
+    if (ch === "(" || ch === ")") {
+      if (current.length > 0) {
+        tokens.push(current);
+        current = "";
+      }
+      tokens.push(ch);
+    } else if (ch === " " || ch === "	") {
+      if (current.length > 0) {
+        tokens.push(current);
+        current = "";
+      }
+    } else {
+      current += ch;
+    }
+  }
+  if (current.length > 0) {
+    tokens.push(current);
+  }
+  if (tokens.length === 0) return false;
+  let pos = 0;
+  function peek() {
+    return tokens[pos];
+  }
+  function advance() {
+    return tokens[pos++];
+  }
+  function isLicenseId(token) {
+    const base = token.endsWith("+") ? token.slice(0, -1) : token;
+    if (base.length === 0) return false;
+    if (base.startsWith("LicenseRef-")) {
+      const ref = base.slice(11);
+      return ref.length > 0 && /^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(ref);
+    }
+    return /^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(base);
+  }
+  function isExceptionId(token) {
+    return /^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(token);
+  }
+  function parseExpr() {
+    if (!parseTerm()) return false;
+    while (pos < tokens.length) {
+      const op = peek();
+      if (op === "AND" || op === "OR") {
+        advance();
+        if (!parseTerm()) return false;
+      } else {
+        break;
+      }
+    }
+    return true;
+  }
+  function parseTerm() {
+    if (!parseAtom()) return false;
+    if (peek() === "WITH") {
+      advance();
+      const exception = peek();
+      if (exception === void 0 || !isExceptionId(exception)) return false;
+      advance();
+    }
+    return true;
+  }
+  function parseAtom() {
+    const token = peek();
+    if (token === void 0) return false;
+    if (token === "(") {
+      advance();
+      if (!parseExpr()) return false;
+      if (peek() !== ")") return false;
+      advance();
+      return true;
+    }
+    if (token === ")" || token === "AND" || token === "OR" || token === "WITH") {
+      return false;
+    }
+    if (!isLicenseId(token)) return false;
+    advance();
+    return true;
+  }
+  const result = parseExpr();
+  return result && pos === tokens.length;
+}
+var SpdxExpressionSchema = z.string().min(1).max(128).refine(isValidSpdxSubsetExpression, {
+  message: "must be a valid SPDX license expression (e.g., MIT, Apache-2.0, MIT AND Apache-2.0). DocumentRef-* not yet supported."
+});
+
+// src/wire-02-extensions/consent.ts
+var CONSENT_EXTENSION_KEY = "org.peacprotocol/consent";
+var CONSENT_STATUSES = ["granted", "withdrawn", "denied", "expired"];
+var ConsentStatusSchema = z.enum(CONSENT_STATUSES);
+var ConsentExtensionSchema = z.object({
+  /**
+   * Legal basis identifier for consent.
+   * Open string: jurisdictions define different bases
+   * (e.g., explicit, implied, opt_out, legitimate_interest, contractual, legal_obligation).
+   */
+  consent_basis: z.string().min(1).max(EXTENSION_LIMITS.maxConsentBasisLength),
+  /** Consent lifecycle state (closed vocabulary) */
+  consent_status: ConsentStatusSchema,
+  /**
+   * Data categories covered by this consent.
+   * Open vocabulary (e.g., personal, sensitive, biometric).
+   */
+  data_categories: z.array(z.string().min(1).max(EXTENSION_LIMITS.maxDataCategoryLength)).max(EXTENSION_LIMITS.maxDataCategoriesCount).optional(),
+  /** Data retention period as ISO 8601 duration. */
+  retention_period: Iso8601DurationSchema.optional(),
+  /**
+   * How consent was collected.
+   * Open vocabulary (e.g., click_through, double_opt_in, verbal, written).
+   */
+  consent_method: z.string().min(1).max(EXTENSION_LIMITS.maxConsentMethodLength).optional(),
+  /**
+   * HTTPS URI hint for consent withdrawal.
+   * Locator hint only: callers MUST NOT auto-fetch.
+   * Rejects non-HTTPS, embedded credentials, fragments, control chars.
+   */
+  withdrawal_uri: HttpsUriHintSchema.optional(),
+  /** Free-text scope description */
+  scope: z.string().min(1).max(EXTENSION_LIMITS.maxConsentScopeLength).optional(),
+  /**
+   * Jurisdiction code: ISO 3166-1 alpha-2 or composite.
+   * Examples: EU, US-CA, BR, GB, DE, JP, IN.
+   */
+  jurisdiction: z.string().min(1).max(EXTENSION_LIMITS.maxJurisdictionLength).optional()
+}).strict();
+var PRIVACY_EXTENSION_KEY = "org.peacprotocol/privacy";
+var RETENTION_MODES = ["time_bound", "indefinite", "session_only"];
+var RetentionModeSchema = z.enum(RETENTION_MODES);
+var RECIPIENT_SCOPES = ["internal", "processor", "third_party", "public"];
+var RecipientScopeSchema = z.enum(RECIPIENT_SCOPES);
+var PrivacyExtensionSchema = z.object({
+  /**
+   * Data classification level.
+   * Open taxonomy (e.g., public, internal, confidential, restricted, pii, sensitive_pii).
+   */
+  data_classification: z.string().min(1).max(EXTENSION_LIMITS.maxDataClassificationLength),
+  /**
+   * Legal basis for data processing.
+   * Open vocabulary (e.g., consent, legitimate_interest, contract, legal_obligation).
+   */
+  processing_basis: z.string().min(1).max(EXTENSION_LIMITS.maxProcessingBasisLength).optional(),
+  /**
+   * Data retention period as ISO 8601 duration.
+   * For non-duration retention semantics, use retention_mode instead.
+   */
+  retention_period: Iso8601DurationSchema.optional(),
+  /**
+   * Retention mode for non-duration semantics.
+   * Closed enum: time_bound, indefinite, session_only.
+   * When time_bound, retention_period SHOULD also be present.
+   */
+  retention_mode: RetentionModeSchema.optional(),
+  /**
+   * Data recipient classification.
+   * Closed enum aligned with GDPR Art 13-14 disclosure categories.
+   */
+  recipient_scope: RecipientScopeSchema.optional(),
+  /**
+   * Anonymization or pseudonymization method applied.
+   * Open vocabulary (e.g., k_anonymity, differential_privacy, pseudonymization,
+   * tokenization, aggregation).
+   */
+  anonymization_method: z.string().min(1).max(EXTENSION_LIMITS.maxAnonymizationMethodLength).optional(),
+  /**
+   * Data subject category.
+   * Open vocabulary (e.g., customer, employee, minor, patient, student).
+   */
+  data_subject_category: z.string().min(1).max(EXTENSION_LIMITS.maxDataSubjectCategoryLength).optional(),
+  /**
+   * Cross-border data transfer mechanism.
+   * Open vocabulary (e.g., adequacy_decision, scc, bcr, derogation, consent).
+   */
+  transfer_mechanism: z.string().min(1).max(EXTENSION_LIMITS.maxTransferMechanismLength).optional()
+}).strict();
+var SAFETY_EXTENSION_KEY = "org.peacprotocol/safety";
+var REVIEW_STATUSES = ["reviewed", "pending", "flagged", "not_applicable"];
+var ReviewStatusSchema = z.enum(REVIEW_STATUSES);
+var RISK_LEVELS = ["unacceptable", "high", "limited", "minimal"];
+var RiskLevelSchema = z.enum(RISK_LEVELS);
+var SafetyExtensionSchema = z.object({
+  /** Safety review status (closed vocabulary, universal lifecycle) */
+  review_status: ReviewStatusSchema,
+  /**
+   * Risk classification level.
+   * Optional at schema level; usage profiles may require it.
+   * Converges across EU AI Act Art 6, NIST AI RMF, ISO 23894.
+   */
+  risk_level: RiskLevelSchema.optional(),
+  /**
+   * Assessment method used.
+   * Open vocabulary (e.g., automated_scan, human_review, red_team,
+   * penetration_test, static_analysis, model_evaluation).
+   */
+  assessment_method: z.string().min(1).max(EXTENSION_LIMITS.maxAssessmentMethodLength).optional(),
+  /**
+   * Safety measures applied.
+   * Open vocabulary. Array bounded by maxSafetyMeasuresCount.
+   */
+  safety_measures: z.array(z.string().min(1).max(EXTENSION_LIMITS.maxSafetyMeasureLength)).max(EXTENSION_LIMITS.maxSafetyMeasuresCount).optional(),
+  /** Incident report reference. Opaque identifier (e.g., ticket ID or digest). */
+  incident_ref: z.string().min(1).max(EXTENSION_LIMITS.maxIncidentRefLength).optional(),
+  /** AI model reference. Opaque identifier (e.g., model version string). */
+  model_ref: z.string().min(1).max(EXTENSION_LIMITS.maxModelRefLength).optional(),
+  /**
+   * Safety category.
+   * Open vocabulary (e.g., content_safety, bias, hallucination,
+   * toxicity, fairness, robustness, privacy_risk).
+   */
+  category: z.string().min(1).max(EXTENSION_LIMITS.maxSafetyCategoryLength).optional()
+}).strict();
+var COMPLIANCE_EXTENSION_KEY = "org.peacprotocol/compliance";
+var COMPLIANCE_STATUSES = [
+  "compliant",
+  "non_compliant",
+  "partial",
+  "under_review",
+  "exempt"
+];
+var ComplianceStatusSchema = z.enum(COMPLIANCE_STATUSES);
+var ComplianceExtensionSchema = z.object({
+  /**
+   * Framework identifier evaluated.
+   * Open string: preferred grammar is lowercase slugs with hyphens
+   * (e.g., eu-ai-act, soc2-type2, iso-27001, nist-ai-rmf, gdpr, hipaa).
+   */
+  framework: z.string().min(1).max(EXTENSION_LIMITS.maxFrameworkLength),
+  /** Observed compliance status (closed vocabulary) */
+  compliance_status: ComplianceStatusSchema,
+  /** Opaque reference to audit report or evidence (e.g., report ID, ticket number). */
+  audit_ref: z.string().min(1).max(EXTENSION_LIMITS.maxAuditRefLength).optional(),
+  /** Auditor identifier (organization name or DID). */
+  auditor: z.string().min(1).max(EXTENSION_LIMITS.maxAuditorLength).optional(),
+  /** Date the compliance check was performed (YYYY-MM-DD). */
+  audit_date: Iso8601DateStringSchema.optional(),
+  /** Scope of the compliance check. */
+  scope: z.string().min(1).max(EXTENSION_LIMITS.maxComplianceScopeLength).optional(),
+  /** How long this finding remains valid as an ISO 8601 duration. */
+  validity_period: Iso8601DurationSchema.optional(),
+  /** SHA-256 digest of supporting evidence document. */
+  evidence_ref: Sha256DigestSchema.optional()
+}).strict();
+var PROVENANCE_EXTENSION_KEY = "org.peacprotocol/provenance";
+var CustodyEntrySchema = z.object({
+  /** Custodian identifier (organization name, DID, or opaque ID). */
+  custodian: z.string().min(1).max(EXTENSION_LIMITS.maxCustodianLength),
+  /** Action performed (e.g., received, transformed, verified, released). */
+  action: z.string().min(1).max(EXTENSION_LIMITS.maxCustodyActionLength),
+  /** When the custody event occurred (RFC 3339 with seconds). */
+  timestamp: Rfc3339DateTimeSchema
+}).strict();
+var SlsaLevelSchema = z.object({
+  /** SLSA track identifier (e.g., build, source). */
+  track: z.string().min(1).max(EXTENSION_LIMITS.maxSlsaTrackLength),
+  /** SLSA level within the track (0-4). */
+  level: z.number().int().min(0).max(4),
+  /** SLSA spec version this metadata references (e.g., 1.0, 1.2). */
+  version: z.string().min(1).max(EXTENSION_LIMITS.maxSlsaVersionLength)
+}).strict();
+var ProvenanceExtensionSchema = z.object({
+  /**
+   * Type of source or derivation.
+   * Open vocabulary (e.g., original, derived, curated, synthetic, aggregated, transformed).
+   */
+  source_type: z.string().min(1).max(EXTENSION_LIMITS.maxSourceTypeLength),
+  /** Opaque source reference identifier (e.g., commit hash, artifact ID). */
+  source_ref: z.string().min(1).max(EXTENSION_LIMITS.maxSourceRefLength).optional(),
+  /**
+   * HTTPS URI hint for the source artifact.
+   * Locator hint only: callers MUST NOT auto-fetch.
+   */
+  source_uri: HttpsUriHintSchema.optional(),
+  /**
+   * HTTPS URI hint for build provenance metadata.
+   * Locator hint only: callers MUST NOT auto-fetch.
+   */
+  build_provenance_uri: HttpsUriHintSchema.optional(),
+  /**
+   * How provenance was verified.
+   * Open vocabulary (e.g., signature_check, hash_chain,
+   * manual_attestation, transparency_log).
+   */
+  verification_method: z.string().min(1).max(EXTENSION_LIMITS.maxVerificationMethodLength).optional(),
+  /**
+   * Ordered custody chain entries.
+   * Each entry records a custodian, action, and timestamp.
+   */
+  custody_chain: z.array(CustodyEntrySchema).max(EXTENSION_LIMITS.maxCustodyChainCount).optional(),
+  /**
+   * Structured SLSA-aligned provenance metadata.
+   * Records track, level, and spec version.
+   */
+  slsa: SlsaLevelSchema.optional()
+}).strict();
+var ATTRIBUTION_EXTENSION_KEY = "org.peacprotocol/attribution";
+var CONTENT_SIGNAL_SOURCES = [
+  "tdmrep_json",
+  "content_signal_header",
+  "content_usage_header",
+  "robots_txt",
+  "custom"
+];
+var ContentSignalSourceSchema = z.enum(CONTENT_SIGNAL_SOURCES);
+var AttributionExtensionSchema = z.object({
+  /**
+   * Creator identifier (DID, URI, or opaque ID).
+   * Not an identity attestation; records observed attribution metadata.
+   */
+  creator_ref: z.string().min(1).max(EXTENSION_LIMITS.maxCreatorRefLength),
+  /** SPDX license expression (parser-grade structural subset validator). */
+  license_spdx: SpdxExpressionSchema.optional(),
+  /**
+   * Obligation type.
+   * Open vocabulary (e.g., attribution_required, share_alike, non_commercial).
+   */
+  obligation_type: z.string().min(1).max(EXTENSION_LIMITS.maxObligationTypeLength).optional(),
+  /** Required attribution text. */
+  attribution_text: z.string().min(1).max(EXTENSION_LIMITS.maxAttributionTextLength).optional(),
+  /** Content signal observation source (closed vocabulary). */
+  content_signal_source: ContentSignalSourceSchema.optional(),
+  /** SHA-256 digest of the attributed content. */
+  content_digest: Sha256DigestSchema.optional()
+}).strict();
+var PURPOSE_EXTENSION_KEY = "org.peacprotocol/purpose";
+var MachineSafePurposeTokenSchema = z.string().min(1).max(EXTENSION_LIMITS.maxExternalPurposeLength).regex(PURPOSE_TOKEN_REGEX, "must be a machine-safe lowercase token");
+function hasUniqueItems(items) {
+  return new Set(items).size === items.length;
+}
+var PurposeExtensionSchema = z.object({
+  /**
+   * External/legal/business purpose labels.
+   * Machine-safe tokens: lowercase alphanumeric with underscores, hyphens,
+   * and optional vendor prefix (e.g., ai_training, analytics, marketing).
+   * Not PEAC operational tokens; use peac_purpose_mapping for bridging.
+   * Items must be unique.
+   */
+  external_purposes: z.array(MachineSafePurposeTokenSchema).min(1).max(EXTENSION_LIMITS.maxExternalPurposesCount).refine(hasUniqueItems, { message: "external_purposes must contain unique items" }),
+  /**
+   * Legal or policy basis for the declared purposes.
+   * Open vocabulary (e.g., consent, legitimate_interest, contract).
+   */
+  purpose_basis: z.string().min(1).max(EXTENSION_LIMITS.maxPurposeBasisLength).optional(),
+  /** Whether purpose limitation applies. */
+  purpose_limitation: z.boolean().optional(),
+  /** Whether data minimization was applied. */
+  data_minimization: z.boolean().optional(),
+  /**
+   * Compatible purposes for secondary use.
+   * Same machine-safe token grammar as external_purposes.
+   * Items must be unique.
+   */
+  compatible_purposes: z.array(MachineSafePurposeTokenSchema).max(EXTENSION_LIMITS.maxCompatiblePurposesCount).refine(hasUniqueItems, { message: "compatible_purposes must contain unique items" }).optional(),
+  /**
+   * Explicit mapping to a PEAC operational CanonicalPurpose token.
+   * Validated against PURPOSE_TOKEN_REGEX from purpose.ts.
+   * Bridges external purpose vocabulary to operational tokens.
+   */
+  peac_purpose_mapping: z.string().min(1).max(MAX_PURPOSE_TOKEN_LENGTH).regex(PURPOSE_TOKEN_REGEX, "must be a valid PEAC purpose token").optional()
+}).strict();
+
+// src/wire-02-extensions/schema-map.ts
 var EXTENSION_SCHEMA_MAP = /* @__PURE__ */ new Map();
 EXTENSION_SCHEMA_MAP.set(COMMERCE_EXTENSION_KEY, CommerceExtensionSchema);
 EXTENSION_SCHEMA_MAP.set(ACCESS_EXTENSION_KEY, AccessExtensionSchema);
 EXTENSION_SCHEMA_MAP.set(CHALLENGE_EXTENSION_KEY, ChallengeExtensionSchema);
 EXTENSION_SCHEMA_MAP.set(IDENTITY_EXTENSION_KEY, IdentityExtensionSchema);
 EXTENSION_SCHEMA_MAP.set(CORRELATION_EXTENSION_KEY, CorrelationExtensionSchema);
+EXTENSION_SCHEMA_MAP.set(CONSENT_EXTENSION_KEY, ConsentExtensionSchema);
+EXTENSION_SCHEMA_MAP.set(PRIVACY_EXTENSION_KEY, PrivacyExtensionSchema);
+EXTENSION_SCHEMA_MAP.set(SAFETY_EXTENSION_KEY, SafetyExtensionSchema);
+EXTENSION_SCHEMA_MAP.set(COMPLIANCE_EXTENSION_KEY, ComplianceExtensionSchema);
+EXTENSION_SCHEMA_MAP.set(PROVENANCE_EXTENSION_KEY, ProvenanceExtensionSchema);
+EXTENSION_SCHEMA_MAP.set(ATTRIBUTION_EXTENSION_KEY, AttributionExtensionSchema);
+EXTENSION_SCHEMA_MAP.set(PURPOSE_EXTENSION_KEY, PurposeExtensionSchema);
+
+// src/wire-02-extensions/validation.ts
+var textEncoder = new TextEncoder();
+function jsonUtf8ByteLength(value) {
+  try {
+    return textEncoder.encode(JSON.stringify(value)).byteLength;
+  } catch {
+    return Infinity;
+  }
+}
+var MAX_JSON_GUARD_DEPTH = 64;
+function isPlainJsonValueRecursive(value, depth, seen) {
+  if (depth > MAX_JSON_GUARD_DEPTH) return false;
+  if (value === null) return true;
+  const t = typeof value;
+  if (t === "string" || t === "boolean") return true;
+  if (t === "number") return Number.isFinite(value);
+  if (t === "function" || t === "symbol" || t === "bigint" || t === "undefined") return false;
+  if (t !== "object") return false;
+  const obj = value;
+  if (seen.has(obj)) return false;
+  seen.add(obj);
+  if (Array.isArray(obj)) {
+    for (let i = 0; i < obj.length; i++) {
+      if (!isPlainJsonValueRecursive(obj[i], depth + 1, seen)) return false;
+    }
+    return true;
+  }
+  const proto = Object.getPrototypeOf(obj);
+  if (proto !== Object.prototype && proto !== null) return false;
+  if (typeof obj.toJSON === "function") return false;
+  const keys = Object.keys(obj);
+  for (const key of keys) {
+    if (!isPlainJsonValueRecursive(obj[key], depth + 1, seen)) {
+      return false;
+    }
+  }
+  return true;
+}
+function isPlainJsonValue(value) {
+  return isPlainJsonValueRecursive(value, 0, /* @__PURE__ */ new WeakSet());
+}
 function validateKnownExtensions(extensions, ctx) {
   if (extensions === void 0) return;
-  for (const key of Object.keys(extensions)) {
+  const keys = Object.keys(extensions);
+  for (const key of keys) {
     if (!isValidExtensionKey(key)) {
       ctx.addIssue({
         code: "custom",
@@ -582,6 +1167,14 @@ function validateKnownExtensions(extensions, ctx) {
       });
       continue;
     }
+    if (!isPlainJsonValue(extensions[key])) {
+      ctx.addIssue({
+        code: "custom",
+        message: ERROR_CODES$1.E_EXTENSION_NON_JSON_VALUE,
+        path: ["extensions", key]
+      });
+      continue;
+    }
     const schema = EXTENSION_SCHEMA_MAP.get(key);
     if (schema !== void 0) {
       const result = schema.safeParse(extensions[key]);
@@ -596,6 +1189,25 @@ function validateKnownExtensions(extensions, ctx) {
       }
     }
   }
+  const totalBytes = jsonUtf8ByteLength(extensions);
+  if (totalBytes > EXTENSION_BUDGET.maxTotalBytes) {
+    ctx.addIssue({
+      code: "custom",
+      message: ERROR_CODES$1.E_EXTENSION_SIZE_EXCEEDED,
+      path: ["extensions"]
+    });
+    return;
+  }
+  for (const key of keys) {
+    const groupBytes = jsonUtf8ByteLength(extensions[key]);
+    if (groupBytes > EXTENSION_BUDGET.maxGroupBytes) {
+      ctx.addIssue({
+        code: "custom",
+        message: ERROR_CODES$1.E_EXTENSION_SIZE_EXCEEDED,
+        path: ["extensions", key]
+      });
+    }
+  }
 }
 
 // src/wire-02-envelope.ts
@@ -673,7 +1285,7 @@ var PolicyBlockSchema = z.object({
   /**
    * HTTPS locator hint for the policy document.
    * MUST be an https:// URL (max 2048 chars).
-   * MUST NOT trigger auto-fetch; callers use this as a hint only (DD-55).
+   * MUST NOT trigger auto-fetch; callers use this as a hint only.
    */
   uri: z.string().max(POLICY_BLOCK.uriMaxLength).url().refine((u) => u.startsWith("https://"), "policy.uri must be an https:// URL").optional(),
   /** Caller-assigned version label (max 256 chars) */
@@ -698,9 +1310,9 @@ var Wire02ClaimsSchema = z.object({
   pillars: PillarsSchema.optional(),
   /** Top-level actor binding (sole location for ActorBinding in Wire 0.2) */
   actor: ActorBindingSchema.optional(),
-  /** Policy binding block (DD-151) */
+  /** Policy binding block */
   policy: PolicyBlockSchema.optional(),
-  /** Representation fields (DD-152): FingerprintRef validation, sha256-only, strict */
+  /** Representation fields: FingerprintRef validation, sha256-only, strict */
   representation: Wire02RepresentationFieldsSchema.optional(),
   /** ISO 8601 / RFC 3339 timestamp when the interaction occurred; evidence kind only */
   occurred_at: z.string().datetime({ offset: true }).optional(),