@primust/artifact-core 1.0.0

package/dist/canonical.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Primust Canonical JSON Serialization
+ *
+ * Produces deterministic JSON output with recursively sorted keys
+ * and no whitespace. Two structurally identical objects always produce
+ * the same string regardless of key insertion order.
+ *
+ * Rules:
+ * - Object keys sorted lexicographically at every nesting depth
+ * - Array element order preserved (never sorted)
+ * - No whitespace (no spaces, no newlines, no indentation)
+ * - Only JSON-native types accepted: string, number, boolean, null, object, array
+ * - Non-JSON-native types (Date, Uint8Array, function, undefined, NaN, Infinity) → TypeError
+ *
+ * Reference: schemas/golden/canonical_vectors.json
+ * Quarantine: Q1 (top-level-only sort), Q6 (no-sort), Q8 (default=str coercion)
+ */
+/**
+ * Recursively serialize a value to canonical JSON.
+ *
+ * @throws TypeError if the value contains non-JSON-native types
+ */
+export declare function canonical(value: unknown): string;
+//# sourceMappingURL=canonical.d.ts.map

package/dist/canonical.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical.d.ts","sourceRoot":"","sources":["../src/canonical.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAEhD"}

package/dist/canonical.js

@@ -0,0 +1,83 @@
+/**
+ * Primust Canonical JSON Serialization
+ *
+ * Produces deterministic JSON output with recursively sorted keys
+ * and no whitespace. Two structurally identical objects always produce
+ * the same string regardless of key insertion order.
+ *
+ * Rules:
+ * - Object keys sorted lexicographically at every nesting depth
+ * - Array element order preserved (never sorted)
+ * - No whitespace (no spaces, no newlines, no indentation)
+ * - Only JSON-native types accepted: string, number, boolean, null, object, array
+ * - Non-JSON-native types (Date, Uint8Array, function, undefined, NaN, Infinity) → TypeError
+ *
+ * Reference: schemas/golden/canonical_vectors.json
+ * Quarantine: Q1 (top-level-only sort), Q6 (no-sort), Q8 (default=str coercion)
+ */
+/**
+ * Recursively serialize a value to canonical JSON.
+ *
+ * @throws TypeError if the value contains non-JSON-native types
+ */
+export function canonical(value) {
+    return serializeValue(value);
+}
+function serializeValue(value) {
+    if (value === null) {
+        return 'null';
+    }
+    switch (typeof value) {
+        case 'string':
+            return JSON.stringify(value);
+        case 'number':
+            if (!Number.isFinite(value)) {
+                throw new TypeError(`canonical: cannot serialize ${value} (NaN/Infinity are not valid JSON)`);
+            }
+            return JSON.stringify(value);
+        case 'boolean':
+            return value ? 'true' : 'false';
+        case 'object':
+            if (Array.isArray(value)) {
+                return serializeArray(value);
+            }
+            if (value instanceof Date) {
+                throw new TypeError('canonical: Date objects must be converted to ISO 8601 strings before serialization');
+            }
+            if (value instanceof Uint8Array || (typeof Buffer !== 'undefined' && Buffer.isBuffer(value))) {
+                throw new TypeError('canonical: byte arrays must be base64url-encoded before serialization');
+            }
+            return serializeObject(value);
+        case 'undefined':
+            throw new TypeError('canonical: undefined is not valid JSON');
+        case 'function':
+            throw new TypeError('canonical: functions are not valid JSON');
+        case 'symbol':
+            throw new TypeError('canonical: symbols are not valid JSON');
+        case 'bigint':
+            throw new TypeError('canonical: BigInt must be converted to string or number before serialization');
+        default:
+            throw new TypeError(`canonical: unsupported type ${typeof value}`);
+    }
+}
+function serializeObject(obj) {
+    const keys = Object.keys(obj).sort();
+    const pairs = [];
+    for (const key of keys) {
+        const val = obj[key];
+        if (val === undefined) {
+            // Skip undefined values (matches JSON.stringify behavior)
+            continue;
+        }
+        pairs.push(`${JSON.stringify(key)}:${serializeValue(val)}`);
+    }
+    return `{${pairs.join(',')}}`;
+}
+function serializeArray(arr) {
+    const elements = [];
+    for (const item of arr) {
+        elements.push(serializeValue(item));
+    }
+    return `[${elements.join(',')}]`;
+}
+//# sourceMappingURL=canonical.js.map

package/dist/canonical.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical.js","sourceRoot":"","sources":["../src/canonical.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,KAAc;IACtC,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,QAAQ,OAAO,KAAK,EAAE,CAAC;QACrB,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAE/B,KAAK,QAAQ;YACX,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,SAAS,CACjB,+BAA+B,KAAK,oCAAoC,CACzE,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAE/B,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;QAElC,KAAK,QAAQ;YACX,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC;YAC/B,CAAC;YACD,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;gBAC1B,MAAM,IAAI,SAAS,CACjB,oFAAoF,CACrF,CAAC;YACJ,CAAC;YACD,IAAI,KAAK,YAAY,UAAU,IAAI,CAAC,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;gBAC7F,MAAM,IAAI,SAAS,CACjB,uEAAuE,CACxE,CAAC;YACJ,CAAC;YACD,OAAO,eAAe,CAAC,KAAgC,CAAC,CAAC;QAE3D,KAAK,WAAW;YACd,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAC;QAEhE,KAAK,UAAU;YACb,MAAM,IAAI,SAAS,CAAC,yCAAyC,CAAC,CAAC;QAEjE,KAAK,QAAQ;YACX,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAC;QAE/D,KAAK,QAAQ;YACX,MAAM,IAAI,SAAS,CAAC,8EAA8E,CAAC,CAAC;QAEtG;YACE,MAAM,IAAI,SAAS,CAAC,+BAA+B,OAAO,KAAK,EAAE,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,GAA4B;IACnD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACrB,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,0DAA0D;YAC1D,SAAS;QACX,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;AAChC,CAAC;AAED,SAAS,cAAc,CAAC,GAAc;IACpC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;AACnC,CAAC"}

package/dist/canonical.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=canonical.test.d.ts.map

package/dist/canonical.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical.test.d.ts","sourceRoot":"","sources":["../src/canonical.test.ts"],"names":[],"mappings":""}

package/dist/canonical.test.js

@@ -0,0 +1,63 @@
+import { describe, it, expect } from 'vitest';
+import { readFileSync } from 'node:fs';
+import { resolve } from 'node:path';
+import { canonical } from './canonical.js';
+// Load golden vectors
+const vectorsPath = resolve(__dirname, '../../../schemas/golden/canonical_vectors.json');
+const vectors = JSON.parse(readFileSync(vectorsPath, 'utf-8'));
+describe('canonical', () => {
+    describe('golden vectors', () => {
+        for (const vec of vectors.vectors) {
+            it(`${vec.id}: ${vec.description}`, () => {
+                expect(canonical(vec.input)).toBe(vec.expected);
+            });
+        }
+    });
+    describe('hash vectors', () => {
+        it('produces correct canonical form for hash input', () => {
+            const vec = vectors.hash_vectors[0];
+            expect(canonical(vec.input)).toBe(vec.canonical);
+        });
+    });
+    describe('invalid vectors — non-JSON-native types must throw', () => {
+        it('reject-date-object: Date throws TypeError', () => {
+            expect(() => canonical({ ts: new Date() })).toThrow(TypeError);
+        });
+        it('reject-bytes: Uint8Array throws TypeError', () => {
+            expect(() => canonical({ data: new Uint8Array([1, 2, 3]) })).toThrow(TypeError);
+        });
+        it('reject-undefined-function: function throws TypeError', () => {
+            expect(() => canonical({ fn: () => { } })).toThrow(TypeError);
+        });
+        it('reject-nan: NaN throws TypeError', () => {
+            expect(() => canonical({ val: NaN })).toThrow(TypeError);
+        });
+        it('reject-infinity: Infinity throws TypeError', () => {
+            expect(() => canonical({ val: Infinity })).toThrow(TypeError);
+        });
+        it('reject-negative-infinity: -Infinity throws TypeError', () => {
+            expect(() => canonical({ val: -Infinity })).toThrow(TypeError);
+        });
+        it('reject-symbol: Symbol throws TypeError', () => {
+            expect(() => canonical({ val: Symbol('test') })).toThrow(TypeError);
+        });
+        it('reject-bigint: BigInt throws TypeError', () => {
+            expect(() => canonical({ val: BigInt(42) })).toThrow(TypeError);
+        });
+    });
+    describe('edge cases', () => {
+        it('undefined object properties are skipped', () => {
+            expect(canonical({ a: 1, b: undefined, c: 3 })).toBe('{"a":1,"c":3}');
+        });
+        it('recursive sorting is not top-level-only (Q1 quarantine)', () => {
+            // This is the exact pattern that Q1 quarantines:
+            // Object.keys().sort() only sorts top-level
+            const input = { outer: { z: 1, a: 2 } };
+            const result = canonical(input);
+            expect(result).toBe('{"outer":{"a":2,"z":1}}');
+            // Verify it's NOT the broken top-level-only version
+            expect(result).not.toBe('{"outer":{"z":1,"a":2}}');
+        });
+    });
+});
+//# sourceMappingURL=canonical.test.js.map

package/dist/canonical.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical.test.js","sourceRoot":"","sources":["../src/canonical.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAE3C,sBAAsB;AACtB,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,EAAE,gDAAgD,CAAC,CAAC;AACzF,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AAE/D,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAClC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,WAAW,EAAE,EAAE,GAAG,EAAE;gBACvC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAClD,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC5B,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACpC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAClE,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;YAC9D,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;YAC9D,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YACjE,iDAAiD;YACjD,4CAA4C;YAC5C,MAAM,KAAK,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;YAC/C,oDAAoD;YACpD,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/commitment.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Primust Artifact Core — Commitment Layer (P6-A)
+ *
+ * SHA-256 (default) and Poseidon2 (opt-in via PRIMUST_COMMITMENT_ALGORITHM=poseidon2) commitments.
+ * Poseidon2 uses a pure implementation — opt-in only until an audited reference
+ * (e.g. Barretenberg) is validated.
+ *
+ * PRIVACY INVARIANT: Raw content NEVER leaves the customer environment.
+ * Only the commitment hash transits to Primust API.
+ */
+import type { CommitmentAlgorithm, ProofLevel } from './types/artifact.js';
+/** ZK proof generation is always non-blocking. Non-negotiable. */
+export declare const ZK_IS_BLOCKING: false;
+export interface CommitmentResult {
+    hash: string;
+    algorithm: CommitmentAlgorithm;
+}
+/**
+ * Compute a commitment hash over input bytes.
+ *
+ * @param input - Raw content bytes (NEVER transmitted — only the hash leaves the environment)
+ * @param algorithm - 'sha256' (default) or 'poseidon2' (opt-in). If not specified, uses
+ *                    PRIMUST_COMMITMENT_ALGORITHM env var or defaults to 'sha256'.
+ */
+export declare function commit(input: Uint8Array, algorithm?: CommitmentAlgorithm): CommitmentResult;
+/**
+ * Compute a commitment hash for check output. Uses resolved algorithm.
+ */
+export declare function commitOutput(output: Uint8Array): CommitmentResult;
+/**
+ * Build a Merkle root over an array of commitment hashes.
+ * Uses the resolved algorithm (SHA-256 default, Poseidon2 opt-in) for intermediate nodes.
+ *
+ * @returns Merkle root, or null for empty array.
+ *          Single hash → returns that hash unchanged.
+ */
+export declare function buildCommitmentRoot(hashes: string[], algorithm?: CommitmentAlgorithm): string | null;
+/** Stage types that map to proof levels. */
+type StageType = 'deterministic_rule' | 'ml_model' | 'zkml_model' | 'statistical_test' | 'custom_code' | 'witnessed' | 'policy_engine';
+/**
+ * Select the proof level for a given stage type.
+ *
+ * Mapping:
+ *   deterministic_rule → mathematical
+ *   zkml_model         → verifiable_inference
+ *   ml_model           → execution
+ *   statistical_test   → execution (default; non-deterministic sampling/bootstrapping)
+ *   custom_code        → execution
+ *   witnessed          → witnessed
+ *
+ * Note: attestation is the weakest level and only applies from explicit manifest
+ * declaration, not from stage type mapping.
+ */
+export declare function selectProofLevel(stageType: StageType): ProofLevel;
+export {};
+//# sourceMappingURL=commitment.d.ts.map

package/dist/commitment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"commitment.d.ts","sourceRoot":"","sources":["../src/commitment.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,KAAK,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAI3E,kEAAkE;AAClE,eAAO,MAAM,cAAc,EAAG,KAAc,CAAC;AAU7C,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,mBAAmB,CAAC;CAChC;AA6ED;;;;;;GAMG;AACH,wBAAgB,MAAM,CACpB,KAAK,EAAE,UAAU,EACjB,SAAS,CAAC,EAAE,mBAAmB,GAC9B,gBAAgB,CAMlB;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,UAAU,GAAG,gBAAgB,CAMjE;AA4BD;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,SAAS,CAAC,EAAE,mBAAmB,GAAG,MAAM,GAAG,IAAI,CASpG;AAuCD,4CAA4C;AAC5C,KAAK,SAAS,GACV,oBAAoB,GACpB,UAAU,GACV,YAAY,GACZ,kBAAkB,GAClB,aAAa,GACb,WAAW,GACX,eAAe,CAAC;AAEpB;;;;;;;;;;;;;GAaG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,SAAS,GAAG,UAAU,CAiBjE"}

package/dist/commitment.js

@@ -0,0 +1,214 @@
+/**
+ * Primust Artifact Core — Commitment Layer (P6-A)
+ *
+ * SHA-256 (default) and Poseidon2 (opt-in via PRIMUST_COMMITMENT_ALGORITHM=poseidon2) commitments.
+ * Poseidon2 uses a pure implementation — opt-in only until an audited reference
+ * (e.g. Barretenberg) is validated.
+ *
+ * PRIVACY INVARIANT: Raw content NEVER leaves the customer environment.
+ * Only the commitment hash transits to Primust API.
+ */
+import { sha256 } from '@noble/hashes/sha256';
+import { poseidon2Hash } from '@zkpassport/poseidon2';
+// ── Constants ──
+/** ZK proof generation is always non-blocking. Non-negotiable. */
+export const ZK_IS_BLOCKING = false;
+/**
+ * BN254 scalar field modulus.
+ * All Poseidon2 field arithmetic operates modulo this prime.
+ */
+const BN254_MODULUS = 21888242871839275222246405745257275088548364400416034343698204186575808495617n;
+// ── Helpers ──
+/**
+ * Convert bytes to BN254 field elements.
+ * Each chunk of 31 bytes is interpreted as a big-endian unsigned integer
+ * to stay within the BN254 scalar field modulus.
+ */
+function bytesToFieldElements(input) {
+    if (input.length === 0)
+        return [0n];
+    const elements = [];
+    const chunkSize = 31; // 31 bytes < 254 bits, always fits in BN254 field
+    for (let i = 0; i < input.length; i += chunkSize) {
+        const end = Math.min(i + chunkSize, input.length);
+        let value = 0n;
+        for (let j = i; j < end; j++) {
+            value = (value << 8n) | BigInt(input[j]);
+        }
+        elements.push(value % BN254_MODULUS);
+    }
+    return elements;
+}
+/**
+ * Poseidon2 hash over arbitrary bytes.
+ * Converts to field elements, then applies Poseidon2 sponge-style:
+ * absorb pairs of elements, squeeze final hash.
+ */
+function poseidon2(input) {
+    const elements = bytesToFieldElements(input);
+    // Sponge: absorb pairs of field elements
+    let state = 0n;
+    for (let i = 0; i < elements.length; i += 2) {
+        const left = elements[i];
+        const right = i + 1 < elements.length ? elements[i + 1] : 0n;
+        state = poseidon2Hash([state + left, right]);
+    }
+    return 'poseidon2:' + state.toString(16).padStart(64, '0');
+}
+/**
+ * SHA-256 hash over arbitrary bytes.
+ */
+function sha256Commit(input) {
+    const hash = sha256(input);
+    const hex = Array.from(hash)
+        .map((b) => b.toString(16).padStart(2, '0'))
+        .join('');
+    return 'sha256:' + hex;
+}
+/**
+ * Poseidon2 hash of two field elements (for Merkle tree internal nodes).
+ */
+function poseidon2Pair(left, right) {
+    return poseidon2Hash([left, right]);
+}
+/**
+ * Parse a commitment hash string to extract the raw bigint value.
+ * Accepts both 'poseidon2:hex' and 'sha256:hex' formats.
+ */
+function parseHashToField(hash) {
+    const colonIdx = hash.indexOf(':');
+    if (colonIdx === -1)
+        throw new Error(`Invalid hash format: ${hash}`);
+    const hex = hash.slice(colonIdx + 1);
+    return BigInt('0x' + hex) % BN254_MODULUS;
+}
+// ── Public API ──
+/**
+ * Compute a commitment hash over input bytes.
+ *
+ * @param input - Raw content bytes (NEVER transmitted — only the hash leaves the environment)
+ * @param algorithm - 'sha256' (default) or 'poseidon2' (opt-in). If not specified, uses
+ *                    PRIMUST_COMMITMENT_ALGORITHM env var or defaults to 'sha256'.
+ */
+export function commit(input, algorithm) {
+    const alg = algorithm ?? resolveAlgorithm();
+    if (alg === 'poseidon2') {
+        return { hash: poseidon2(input), algorithm: 'poseidon2' };
+    }
+    return { hash: sha256Commit(input), algorithm: 'sha256' };
+}
+/**
+ * Compute a commitment hash for check output. Uses resolved algorithm.
+ */
+export function commitOutput(output) {
+    const alg = resolveAlgorithm();
+    if (alg === 'poseidon2') {
+        return { hash: poseidon2(output), algorithm: 'poseidon2' };
+    }
+    return { hash: sha256Commit(output), algorithm: 'sha256' };
+}
+/**
+ * Resolve the commitment algorithm.
+ * Default is "sha256". Poseidon2 is opt-in via PRIMUST_COMMITMENT_ALGORITHM=poseidon2
+ * until an audited implementation (e.g. Barretenberg) is validated.
+ */
+function resolveAlgorithm() {
+    if (typeof process !== 'undefined' && process.env?.PRIMUST_COMMITMENT_ALGORITHM === 'poseidon2') {
+        return 'poseidon2';
+    }
+    return 'sha256';
+}
+/**
+ * Parse a commitment hash string to raw bytes.
+ */
+function parseHashToRawBytes(hash) {
+    const colonIdx = hash.indexOf(':');
+    if (colonIdx === -1)
+        throw new Error(`Invalid hash format: ${hash}`);
+    const hex = hash.slice(colonIdx + 1);
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < bytes.length; i++) {
+        bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+    }
+    return bytes;
+}
+/**
+ * Build a Merkle root over an array of commitment hashes.
+ * Uses the resolved algorithm (SHA-256 default, Poseidon2 opt-in) for intermediate nodes.
+ *
+ * @returns Merkle root, or null for empty array.
+ *          Single hash → returns that hash unchanged.
+ */
+export function buildCommitmentRoot(hashes, algorithm) {
+    const alg = algorithm ?? resolveAlgorithm();
+    if (hashes.length === 0)
+        return null;
+    if (hashes.length === 1)
+        return hashes[0];
+    if (alg === 'poseidon2') {
+        return buildPoseidon2MerkleRoot(hashes);
+    }
+    return buildSha256MerkleRoot(hashes);
+}
+function buildPoseidon2MerkleRoot(hashes) {
+    let layer = hashes.map(parseHashToField);
+    while (layer.length > 1) {
+        const next = [];
+        for (let i = 0; i < layer.length; i += 2) {
+            const left = layer[i];
+            const right = i + 1 < layer.length ? layer[i + 1] : layer[i];
+            next.push(poseidon2Pair(left, right));
+        }
+        layer = next;
+    }
+    return 'poseidon2:' + layer[0].toString(16).padStart(64, '0');
+}
+function buildSha256MerkleRoot(hashes) {
+    let layer = hashes.map(parseHashToRawBytes);
+    while (layer.length > 1) {
+        const next = [];
+        for (let i = 0; i < layer.length; i += 2) {
+            const left = layer[i];
+            const right = i + 1 < layer.length ? layer[i + 1] : layer[i];
+            const combined = new Uint8Array(left.length + right.length);
+            combined.set(left);
+            combined.set(right, left.length);
+            next.push(sha256(combined));
+        }
+        layer = next;
+    }
+    return 'sha256:' + Array.from(layer[0]).map(b => b.toString(16).padStart(2, '0')).join('');
+}
+/**
+ * Select the proof level for a given stage type.
+ *
+ * Mapping:
+ *   deterministic_rule → mathematical
+ *   zkml_model         → verifiable_inference
+ *   ml_model           → execution
+ *   statistical_test   → execution (default; non-deterministic sampling/bootstrapping)
+ *   custom_code        → execution
+ *   witnessed          → witnessed
+ *
+ * Note: attestation is the weakest level and only applies from explicit manifest
+ * declaration, not from stage type mapping.
+ */
+export function selectProofLevel(stageType) {
+    switch (stageType) {
+        case 'deterministic_rule':
+            return 'mathematical';
+        case 'zkml_model':
+            return 'verifiable_inference';
+        case 'ml_model':
+            return 'execution';
+        case 'statistical_test':
+            return 'execution';
+        case 'custom_code':
+            return 'execution';
+        case 'witnessed':
+            return 'witnessed';
+        case 'policy_engine':
+            return 'mathematical';
+    }
+}
+//# sourceMappingURL=commitment.js.map

package/dist/commitment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"commitment.js","sourceRoot":"","sources":["../src/commitment.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAItD,kBAAkB;AAElB,kEAAkE;AAClE,MAAM,CAAC,MAAM,cAAc,GAAG,KAAc,CAAC;AAE7C;;;GAGG;AACH,MAAM,aAAa,GAAG,8EAA8E,CAAC;AASrG,gBAAgB;AAEhB;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,KAAiB;IAC7C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,EAAE,CAAC,CAAC;IAEpC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAG,EAAE,CAAC,CAAC,kDAAkD;IAExE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,SAAS,EAAE,CAAC;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAClD,IAAI,KAAK,GAAG,EAAE,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7B,KAAK,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC,KAAK,GAAG,aAAa,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;GAIG;AACH,SAAS,SAAS,CAAC,KAAiB;IAClC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IAE7C,yCAAyC;IACzC,IAAI,KAAK,GAAG,EAAE,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,KAAK,GAAG,aAAa,CAAC,CAAC,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAiB;IACrC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;SACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;IACZ,OAAO,SAAS,GAAG,GAAG,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,IAAY,EAAE,KAAa;IAChD,OAAO,aAAa,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,IAAI,QAAQ,KAAK,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC;IACrE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;IACrC,OAAO,MAAM,CAAC,IAAI,GAAG,GAAG,CAAC,GAAG,aAAa,CAAC;AAC5C,CAAC;AAED,mBAAmB;AAEnB;;;;;;GAMG;AACH,MAAM,UAAU,MAAM,CACpB,KAAiB,EACjB,SAA+B;IAE/B,MAAM,GAAG,GAAG,SAAS,IAAI,gBAAgB,EAAE,CAAC;IAC5C,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC;IAC5D,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,YAAY,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,MAAkB;IAC7C,MAAM,GAAG,GAAG,gBAAgB,EAAE,CAAC;IAC/B,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC;IAC7D,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AAC7D,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB;IACvB,IAAI,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,4BAA4B,KAAK,WAAW,EAAE,CAAC;QAChG,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,IAAY;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,IAAI,QAAQ,KAAK,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC;IACrE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,KAAK,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAgB,EAAE,SAA+B;IACnF,MAAM,GAAG,GAAG,SAAS,IAAI,gBAAgB,EAAE,CAAC;IAC5C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;IAE1C,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QACxB,OAAO,wBAAwB,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,qBAAqB,CAAC,MAAM,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,wBAAwB,CAAC,MAAgB;IAChD,IAAI,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAEzC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC7D,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QACxC,CAAC;QACD,KAAK,GAAG,IAAI,CAAC;IACf,CAAC;IAED,OAAO,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,qBAAqB,CAAC,MAAgB;IAC7C,IAAI,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IAE5C,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,GAAiB,EAAE,CAAC;QAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC7D,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;YAC5D,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACnB,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACjC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC9B,CAAC;QACD,KAAK,GAAG,IAAI,CAAC;IACf,CAAC;IAED,OAAO,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC7F,CAAC;AAcD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAoB;IACnD,QAAQ,SAAS,EAAE,CAAC;QAClB,KAAK,oBAAoB;YACvB,OAAO,cAAc,CAAC;QACxB,KAAK,YAAY;YACf,OAAO,sBAAsB,CAAC;QAChC,KAAK,UAAU;YACb,OAAO,WAAW,CAAC;QACrB,KAAK,kBAAkB;YACrB,OAAO,WAAW,CAAC;QACrB,KAAK,aAAa;YAChB,OAAO,WAAW,CAAC;QACrB,KAAK,WAAW;YACd,OAAO,WAAW,CAAC;QACrB,KAAK,eAAe;YAClB,OAAO,cAAc,CAAC;IAC1B,CAAC;AACH,CAAC"}

package/dist/commitment.test.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Tests for commitment layer — P6-A.
+ * 9 MUST PASS tests covering poseidon2/sha256 commitments, golden vectors,
+ * Merkle root, proof level selection, and privacy invariant.
+ */
+export {};
+//# sourceMappingURL=commitment.test.d.ts.map

package/dist/commitment.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"commitment.test.d.ts","sourceRoot":"","sources":["../src/commitment.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/commitment.test.js

@@ -0,0 +1,125 @@
+/**
+ * Tests for commitment layer — P6-A.
+ * 9 MUST PASS tests covering poseidon2/sha256 commitments, golden vectors,
+ * Merkle root, proof level selection, and privacy invariant.
+ */
+import { readFileSync } from 'node:fs';
+import { resolve } from 'node:path';
+import { describe, expect, it, vi } from 'vitest';
+import { ZK_IS_BLOCKING, buildCommitmentRoot, commit, commitOutput, selectProofLevel, } from './commitment.js';
+// ── Helpers ──
+function hexToBytes(hex) {
+    if (hex === '')
+        return new Uint8Array(0);
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < hex.length; i += 2) {
+        bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
+    }
+    return bytes;
+}
+const vectorsPath = resolve(__dirname, '../../../schemas/golden/commitment_vectors.json');
+const vectorsFile = JSON.parse(readFileSync(vectorsPath, 'utf-8'));
+// v2.0.0 structure: separate sha256_vectors, poseidon2_vectors, merkle_* sections
+const sha256Vectors = vectorsFile.sha256_vectors ?? [];
+const poseidon2Vectors = vectorsFile.poseidon2_vectors ?? [];
+const merkleSha256Vectors = vectorsFile.merkle_sha256_vectors ?? [];
+const merklePoseidon2Vectors = vectorsFile.merkle_poseidon2_vectors ?? [];
+// Combined for backward-compatible iteration
+const vectors = [
+    ...sha256Vectors.map(v => ({ ...v, type: 'commitment' })),
+    ...poseidon2Vectors.map(v => ({ ...v, type: 'commitment' })),
+    ...merkleSha256Vectors.map(v => ({ ...v, type: 'merkle_root' })),
+    ...merklePoseidon2Vectors.map(v => ({ ...v, type: 'merkle_root' })),
+];
+// ── Tests ──
+describe('commitment', () => {
+    it('MUST PASS: poseidon2 commitment is deterministic', () => {
+        const input = new TextEncoder().encode('deterministic test input');
+        const a = commit(input, 'poseidon2');
+        const b = commit(input, 'poseidon2');
+        expect(a.hash).toBe(b.hash);
+        expect(a.algorithm).toBe('poseidon2');
+        expect(a.hash).toMatch(/^poseidon2:[0-9a-f]{64}$/);
+    });
+    it('MUST PASS: sha256 commitment is deterministic', () => {
+        const input = new TextEncoder().encode('deterministic test input');
+        const a = commit(input, 'sha256');
+        const b = commit(input, 'sha256');
+        expect(a.hash).toBe(b.hash);
+        expect(a.algorithm).toBe('sha256');
+        expect(a.hash).toMatch(/^sha256:[0-9a-f]{64}$/);
+    });
+    it('MUST PASS: all golden vectors pass', () => {
+        for (const vec of vectors) {
+            if (vec.type === 'merkle_root') {
+                const root = buildCommitmentRoot(vec.input_hashes, vec.algorithm);
+                expect(root).toBe(vec.expected_root);
+            }
+            else {
+                const input = vec.input_hex !== undefined
+                    ? hexToBytes(vec.input_hex)
+                    : new TextEncoder().encode(vec.input_utf8);
+                const result = commit(input, vec.algorithm);
+                expect(result.hash).toBe(vec.expected_hash);
+            }
+        }
+    });
+    it('MUST PASS: commitOutput uses default algorithm (sha256)', () => {
+        const output = new TextEncoder().encode('some output content');
+        const result = commitOutput(output);
+        expect(result.algorithm).toBe('sha256');
+        expect(result.hash).toMatch(/^sha256:/);
+    });
+    it('MUST PASS: buildCommitmentRoot(empty array) returns null', () => {
+        expect(buildCommitmentRoot([])).toBeNull();
+    });
+    it('MUST PASS: ZK_IS_BLOCKING === false', () => {
+        expect(ZK_IS_BLOCKING).toBe(false);
+    });
+    it('MUST PASS: raw content not present in HTTP request body', () => {
+        const originalFetch = globalThis.fetch;
+        const mockFetch = vi.fn();
+        globalThis.fetch = mockFetch;
+        try {
+            const rawContent = new TextEncoder().encode('sensitive raw content');
+            commit(rawContent, 'poseidon2');
+            commit(rawContent, 'sha256');
+            commitOutput(rawContent);
+            // No HTTP calls should have been made — raw content stays local
+            expect(mockFetch).not.toHaveBeenCalled();
+        }
+        finally {
+            globalThis.fetch = originalFetch;
+        }
+    });
+    it('MUST PASS: all 5 proof levels present in proof level selection logic', () => {
+        const stageTypes = [
+            'deterministic_rule',
+            'ml_model',
+            'zkml_model',
+            'statistical_test',
+            'custom_code',
+            'witnessed',
+        ];
+        const proofLevels = new Set(stageTypes.map(selectProofLevel));
+        expect(proofLevels).toContain('mathematical');
+        expect(proofLevels).toContain('verifiable_inference');
+        expect(proofLevels).toContain('execution');
+        expect(proofLevels).toContain('witnessed');
+    });
+    it('MUST PASS: verifiable_inference proof level triggers only for zkml_model stage type', () => {
+        expect(selectProofLevel('zkml_model')).toBe('verifiable_inference');
+        // No other stage type should produce verifiable_inference
+        const others = [
+            'deterministic_rule',
+            'ml_model',
+            'statistical_test',
+            'custom_code',
+            'witnessed',
+        ];
+        for (const st of others) {
+            expect(selectProofLevel(st)).not.toBe('verifiable_inference');
+        }
+    });
+});
+//# sourceMappingURL=commitment.test.js.map

package/dist/commitment.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"commitment.test.js","sourceRoot":"","sources":["../src/commitment.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAElD,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,MAAM,EACN,YAAY,EACZ,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AAEzB,gBAAgB;AAEhB,SAAS,UAAU,CAAC,GAAW;IAC7B,IAAI,GAAG,KAAK,EAAE;QAAE,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAaD,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,EAAE,iDAAiD,CAAC,CAAC;AAC1F,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AACnE,kFAAkF;AAClF,MAAM,aAAa,GAAuB,WAAW,CAAC,cAAc,IAAI,EAAE,CAAC;AAC3E,MAAM,gBAAgB,GAAuB,WAAW,CAAC,iBAAiB,IAAI,EAAE,CAAC;AACjF,MAAM,mBAAmB,GAAuB,WAAW,CAAC,qBAAqB,IAAI,EAAE,CAAC;AACxF,MAAM,sBAAsB,GAAuB,WAAW,CAAC,wBAAwB,IAAI,EAAE,CAAC;AAC9F,6CAA6C;AAC7C,MAAM,OAAO,GAAuB;IAClC,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;IACzD,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;IAC5D,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,CAAC;IAChE,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,CAAC;CACpE,CAAC;AAEF,cAAc;AAEd,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC;QACnE,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QACrC,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QACrC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC5B,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC;QACnE,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAClC,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAClC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC5B,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;gBAC/B,MAAM,IAAI,GAAG,mBAAmB,CAAC,GAAG,CAAC,YAAa,EAAE,GAAG,CAAC,SAAmC,CAAC,CAAC;gBAC7F,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACvC,CAAC;iBAAM,CAAC;gBACN,MAAM,KAAK,GAAG,GAAG,CAAC,SAAS,KAAK,SAAS;oBACvC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC;oBAC3B,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,UAAW,CAAC,CAAC;gBAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,SAAmC,CAAC,CAAC;gBACtE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;QAClE,MAAM,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC;QACvC,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1B,UAAU,CAAC,KAAK,GAAG,SAAS,CAAC;QAE7B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC;YACrE,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YAChC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YAC7B,YAAY,CAAC,UAAU,CAAC,CAAC;YAEzB,gEAAgE;YAChE,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC3C,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,GAAG,aAAa,CAAC;QACnC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC9E,MAAM,UAAU,GAAG;YACjB,oBAAoB;YACpB,UAAU;YACV,YAAY;YACZ,kBAAkB;YAClB,aAAa;YACb,WAAW;SACH,CAAC;QAEX,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAE9D,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAC9C,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;QACtD,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC3C,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qFAAqF,EAAE,GAAG,EAAE;QAC7F,MAAM,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAEpE,0DAA0D;QAC1D,MAAM,MAAM,GAAG;YACb,oBAAoB;YACpB,UAAU;YACV,kBAAkB;YAClB,aAAa;YACb,WAAW;SACH,CAAC;QAEX,KAAK,MAAM,EAAE,IAAI,MAAM,EAAE,CAAC;YACxB,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAChE,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export { canonical } from './canonical.js';
+export { generateKeyPair, sign, verify, rotateKey, toBase64Url, fromBase64Url } from './signing.js';
+export { commit, commitOutput, buildCommitmentRoot, selectProofLevel, ZK_IS_BLOCKING, } from './commitment.js';
+export type { CommitmentResult } from './commitment.js';
+export { validateArtifact } from './validate-artifact.js';
+export type { ValidationError, ValidationResult } from './validate-artifact.js';
+export type { SignerRecord, SignatureEnvelope, KeyStatus, RevocationReason, SignerType, } from './types.js';
+export type { VPECArtifact, ProofLevel, SurfaceEntry, ProofDistribution, Coverage, GapEntry, ZkProof, ArtifactIssuer, ArtifactSignature, TimestampAnchor, TransparencyLog, PendingFlags, GapType, GapSeverity, SurfaceType, ObservationMode, ScopeType, PolicyBasis, ArtifactState, CommitmentAlgorithm, Prover, ProverSystem, TsaProvider, OrgRegion, } from './types/artifact.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AACpG,OAAO,EACL,MAAM,EACN,YAAY,EACZ,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,GACf,MAAM,iBAAiB,CAAC;AACzB,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,YAAY,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAChF,YAAY,EACV,YAAY,EACZ,iBAAiB,EACjB,SAAS,EACT,gBAAgB,EAChB,UAAU,GACX,MAAM,YAAY,CAAC;AACpB,YAAY,EACV,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,eAAe,EACf,YAAY,EACZ,OAAO,EACP,WAAW,EACX,WAAW,EACX,eAAe,EACf,SAAS,EACT,WAAW,EACX,aAAa,EACb,mBAAmB,EACnB,MAAM,EACN,YAAY,EACZ,WAAW,EACX,SAAS,GACV,MAAM,qBAAqB,CAAC"}