@primust/verifier 1.0.0 → 1.0.1

package/dist/chunk-ZADQUKKN.js

@@ -0,0 +1,2963 @@
+// src/key-cache.ts
+import { readFileSync, existsSync } from "fs";
+var cache = /* @__PURE__ */ new Map();
+var DEFAULT_TRUSTED_HOSTS = /* @__PURE__ */ new Set([
+  "keys.primust.com",
+  "keys.eu.primust.com"
+]);
+function trustedHosts() {
+  const env = globalThis.process?.env?.PRIMUST_TRUST_ROOT_HOSTS;
+  if (!env || !env.trim()) return DEFAULT_TRUSTED_HOSTS;
+  return new Set(env.split(",").map((h2) => h2.trim()).filter(Boolean));
+}
+function isTrustedKeyUrl(rawUrl) {
+  try {
+    const u = new URL(rawUrl);
+    if (u.protocol !== "https:") return false;
+    return trustedHosts().has(u.host);
+  } catch {
+    return false;
+  }
+}
+function seedKeyCache(kid, publicKey) {
+  cache.set(kid, publicKey);
+}
+async function getKey(kid, publicKeyUrl, trustRoot) {
+  if (trustRoot) {
+    if (existsSync(trustRoot)) {
+      return readFileSync(trustRoot, "utf-8").trim();
+    }
+    return trustRoot.trim();
+  }
+  const cached = cache.get(kid);
+  if (cached) return cached;
+  if (!publicKeyUrl) {
+    throw new Error(`No public_key_url for kid=${kid}`);
+  }
+  if (!isTrustedKeyUrl(publicKeyUrl)) {
+    throw new Error(
+      `Refusing to fetch verification key from untrusted host: ${publicKeyUrl}. Pass an explicit trust_root or set PRIMUST_TRUST_ROOT_HOSTS to allow this host.`
+    );
+  }
+  let lastError = null;
+  for (let attempt = 0; attempt < 3; attempt++) {
+    try {
+      const resp = await fetch(publicKeyUrl, {
+        headers: { Accept: "application/x-pem-file" },
+        signal: AbortSignal.timeout(1e4)
+      });
+      if (!resp.ok) {
+        throw new Error(`HTTP ${resp.status}`);
+      }
+      const pem = (await resp.text()).trim();
+      if (!pem) {
+        throw new Error("Empty response");
+      }
+      cache.set(kid, pem);
+      return pem;
+    } catch (e) {
+      lastError = e instanceof Error ? e : new Error(String(e));
+      if (attempt < 2) {
+        await new Promise((r) => setTimeout(r, 500 * (attempt + 1)));
+      }
+    }
+  }
+  throw new Error(`Failed to fetch key from ${publicKeyUrl} after 3 attempts: ${lastError?.message}`);
+}
+
+// src/verifier.ts
+import { createHash, createPublicKey } from "crypto";
+
+// ../artifact-core/dist/canonical.js
+function canonical(value) {
+  return serializeValue(value);
+}
+function serializeValue(value) {
+  if (value === null) {
+    return "null";
+  }
+  switch (typeof value) {
+    case "string":
+      return JSON.stringify(value);
+    case "number":
+      if (!Number.isFinite(value)) {
+        throw new TypeError(`canonical: cannot serialize ${value} (NaN/Infinity are not valid JSON)`);
+      }
+      return JSON.stringify(value);
+    case "boolean":
+      return value ? "true" : "false";
+    case "object":
+      if (Array.isArray(value)) {
+        return serializeArray(value);
+      }
+      if (value instanceof Date) {
+        throw new TypeError("canonical: Date objects must be converted to ISO 8601 strings before serialization");
+      }
+      if (value instanceof Uint8Array || typeof Buffer !== "undefined" && Buffer.isBuffer(value)) {
+        throw new TypeError("canonical: byte arrays must be base64url-encoded before serialization");
+      }
+      return serializeObject(value);
+    case "undefined":
+      throw new TypeError("canonical: undefined is not valid JSON");
+    case "function":
+      throw new TypeError("canonical: functions are not valid JSON");
+    case "symbol":
+      throw new TypeError("canonical: symbols are not valid JSON");
+    case "bigint":
+      throw new TypeError("canonical: BigInt must be converted to string or number before serialization");
+    default:
+      throw new TypeError(`canonical: unsupported type ${typeof value}`);
+  }
+}
+function serializeObject(obj) {
+  const keys = Object.keys(obj).sort();
+  const pairs = [];
+  for (const key of keys) {
+    const val = obj[key];
+    if (val === void 0) {
+      continue;
+    }
+    pairs.push(`${JSON.stringify(key)}:${serializeValue(val)}`);
+  }
+  return `{${pairs.join(",")}}`;
+}
+function serializeArray(arr) {
+  const elements = [];
+  for (const item of arr) {
+    elements.push(serializeValue(item));
+  }
+  return `[${elements.join(",")}]`;
+}
+function canonicalLegacy(value) {
+  return serializeValueLegacy(value);
+}
+function serializeValueLegacy(value) {
+  if (value === null)
+    return "null";
+  switch (typeof value) {
+    case "string":
+      return JSON.stringify(value);
+    case "number":
+      if (!Number.isFinite(value)) {
+        throw new TypeError(`canonical_legacy: cannot serialize ${value} (NaN/Infinity are not valid JSON)`);
+      }
+      return pythonFloatRepr(value);
+    case "boolean":
+      return value ? "true" : "false";
+    case "object":
+      if (Array.isArray(value)) {
+        return "[" + value.map((item) => serializeValueLegacy(item)).join(",") + "]";
+      }
+      if (value instanceof Date) {
+        throw new TypeError("canonical_legacy: Date objects must be ISO strings");
+      }
+      if (value instanceof Uint8Array || typeof Buffer !== "undefined" && Buffer.isBuffer(value)) {
+        throw new TypeError("canonical_legacy: byte arrays must be base64url");
+      }
+      return serializeObjectLegacy(value);
+    case "undefined":
+      throw new TypeError("canonical_legacy: undefined is not valid JSON");
+    default:
+      throw new TypeError(`canonical_legacy: unsupported type ${typeof value}`);
+  }
+}
+function serializeObjectLegacy(obj) {
+  const keys = Object.keys(obj).sort();
+  const pairs = [];
+  for (const key of keys) {
+    const val = obj[key];
+    if (val === void 0)
+      continue;
+    pairs.push(`${JSON.stringify(key)}:${serializeValueLegacy(val)}`);
+  }
+  return `{${pairs.join(",")}}`;
+}
+function pythonFloatRepr(n) {
+  if (Number.isInteger(n) && !Object.is(n, -0)) {
+    if (Math.abs(n) < 1e16) {
+      return `${n.toFixed(1)}`;
+    }
+    return pythonScientific(n);
+  }
+  if (Object.is(n, -0))
+    return "-0.0";
+  if (Math.abs(n) >= 1e16 || n !== 0 && Math.abs(n) < 1e-4) {
+    return pythonScientific(n);
+  }
+  return n.toString();
+}
+function pythonScientific(n) {
+  const s = n.toExponential();
+  return s.replace(/e([+-])(\d)$/, "e$10$2");
+}
+
+// ../../node_modules/.pnpm/@noble+ed25519@2.3.0/node_modules/@noble/ed25519/index.js
+var ed25519_CURVE = {
+  p: 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffedn,
+  n: 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3edn,
+  h: 8n,
+  a: 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffecn,
+  d: 0x52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3n,
+  Gx: 0x216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51an,
+  Gy: 0x6666666666666666666666666666666666666666666666666666666666666658n
+};
+var { p: P, n: N, Gx, Gy, a: _a, d: _d } = ed25519_CURVE;
+var h = 8n;
+var L = 32;
+var L2 = 64;
+var err = (m = "") => {
+  throw new Error(m);
+};
+var isBig = (n) => typeof n === "bigint";
+var isStr = (s) => typeof s === "string";
+var isBytes = (a) => a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+var abytes = (a, l) => !isBytes(a) || typeof l === "number" && l > 0 && a.length !== l ? err("Uint8Array expected") : a;
+var u8n = (len) => new Uint8Array(len);
+var u8fr = (buf) => Uint8Array.from(buf);
+var padh = (n, pad) => n.toString(16).padStart(pad, "0");
+var bytesToHex = (b) => Array.from(abytes(b)).map((e) => padh(e, 2)).join("");
+var C = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+var _ch = (ch) => {
+  if (ch >= C._0 && ch <= C._9)
+    return ch - C._0;
+  if (ch >= C.A && ch <= C.F)
+    return ch - (C.A - 10);
+  if (ch >= C.a && ch <= C.f)
+    return ch - (C.a - 10);
+  return;
+};
+var hexToBytes = (hex) => {
+  const e = "hex invalid";
+  if (!isStr(hex))
+    return err(e);
+  const hl = hex.length;
+  const al = hl / 2;
+  if (hl % 2)
+    return err(e);
+  const array = u8n(al);
+  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
+    const n1 = _ch(hex.charCodeAt(hi));
+    const n2 = _ch(hex.charCodeAt(hi + 1));
+    if (n1 === void 0 || n2 === void 0)
+      return err(e);
+    array[ai] = n1 * 16 + n2;
+  }
+  return array;
+};
+var toU8 = (a, len) => abytes(isStr(a) ? hexToBytes(a) : u8fr(abytes(a)), len);
+var cr = () => globalThis?.crypto;
+var subtle = () => cr()?.subtle ?? err("crypto.subtle must be defined");
+var concatBytes = (...arrs) => {
+  const r = u8n(arrs.reduce((sum, a) => sum + abytes(a).length, 0));
+  let pad = 0;
+  arrs.forEach((a) => {
+    r.set(a, pad);
+    pad += a.length;
+  });
+  return r;
+};
+var randomBytes = (len = L) => {
+  const c = cr();
+  return c.getRandomValues(u8n(len));
+};
+var big = BigInt;
+var arange = (n, min, max, msg = "bad number: out of range") => isBig(n) && min <= n && n < max ? n : err(msg);
+var M = (a, b = P) => {
+  const r = a % b;
+  return r >= 0n ? r : b + r;
+};
+var modN = (a) => M(a, N);
+var invert = (num, md) => {
+  if (num === 0n || md <= 0n)
+    err("no inverse n=" + num + " mod=" + md);
+  let a = M(num, md), b = md, x = 0n, y = 1n, u = 1n, v = 0n;
+  while (a !== 0n) {
+    const q = b / a, r = b % a;
+    const m = x - u * q, n = y - v * q;
+    b = a, a = r, x = u, y = v, u = m, v = n;
+  }
+  return b === 1n ? M(x, md) : err("no inverse");
+};
+var callHash = (name) => {
+  const fn = etc[name];
+  if (typeof fn !== "function")
+    err("hashes." + name + " not set");
+  return fn;
+};
+var apoint = (p) => p instanceof Point ? p : err("Point expected");
+var B256 = 2n ** 256n;
+var Point = class _Point {
+  static BASE;
+  static ZERO;
+  ex;
+  ey;
+  ez;
+  et;
+  constructor(ex, ey, ez, et) {
+    const max = B256;
+    this.ex = arange(ex, 0n, max);
+    this.ey = arange(ey, 0n, max);
+    this.ez = arange(ez, 1n, max);
+    this.et = arange(et, 0n, max);
+    Object.freeze(this);
+  }
+  static fromAffine(p) {
+    return new _Point(p.x, p.y, 1n, M(p.x * p.y));
+  }
+  /** RFC8032 5.1.3: Uint8Array to Point. */
+  static fromBytes(hex, zip215 = false) {
+    const d = _d;
+    const normed = u8fr(abytes(hex, L));
+    const lastByte = hex[31];
+    normed[31] = lastByte & ~128;
+    const y = bytesToNumLE(normed);
+    const max = zip215 ? B256 : P;
+    arange(y, 0n, max);
+    const y2 = M(y * y);
+    const u = M(y2 - 1n);
+    const v = M(d * y2 + 1n);
+    let { isValid, value: x } = uvRatio(u, v);
+    if (!isValid)
+      err("bad point: y not sqrt");
+    const isXOdd = (x & 1n) === 1n;
+    const isLastByteOdd = (lastByte & 128) !== 0;
+    if (!zip215 && x === 0n && isLastByteOdd)
+      err("bad point: x==0, isLastByteOdd");
+    if (isLastByteOdd !== isXOdd)
+      x = M(-x);
+    return new _Point(x, y, 1n, M(x * y));
+  }
+  /** Checks if the point is valid and on-curve. */
+  assertValidity() {
+    const a = _a;
+    const d = _d;
+    const p = this;
+    if (p.is0())
+      throw new Error("bad point: ZERO");
+    const { ex: X, ey: Y, ez: Z, et: T } = p;
+    const X2 = M(X * X);
+    const Y2 = M(Y * Y);
+    const Z2 = M(Z * Z);
+    const Z4 = M(Z2 * Z2);
+    const aX2 = M(X2 * a);
+    const left = M(Z2 * M(aX2 + Y2));
+    const right = M(Z4 + M(d * M(X2 * Y2)));
+    if (left !== right)
+      throw new Error("bad point: equation left != right (1)");
+    const XY = M(X * Y);
+    const ZT = M(Z * T);
+    if (XY !== ZT)
+      throw new Error("bad point: equation left != right (2)");
+    return this;
+  }
+  /** Equality check: compare points P&Q. */
+  equals(other) {
+    const { ex: X1, ey: Y1, ez: Z1 } = this;
+    const { ex: X2, ey: Y2, ez: Z2 } = apoint(other);
+    const X1Z2 = M(X1 * Z2);
+    const X2Z1 = M(X2 * Z1);
+    const Y1Z2 = M(Y1 * Z2);
+    const Y2Z1 = M(Y2 * Z1);
+    return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;
+  }
+  is0() {
+    return this.equals(I);
+  }
+  /** Flip point over y coordinate. */
+  negate() {
+    return new _Point(M(-this.ex), this.ey, this.ez, M(-this.et));
+  }
+  /** Point doubling. Complete formula. Cost: `4M + 4S + 1*a + 6add + 1*2`. */
+  double() {
+    const { ex: X1, ey: Y1, ez: Z1 } = this;
+    const a = _a;
+    const A = M(X1 * X1);
+    const B = M(Y1 * Y1);
+    const C2 = M(2n * M(Z1 * Z1));
+    const D = M(a * A);
+    const x1y1 = X1 + Y1;
+    const E = M(M(x1y1 * x1y1) - A - B);
+    const G2 = D + B;
+    const F4 = G2 - C2;
+    const H = D - B;
+    const X3 = M(E * F4);
+    const Y3 = M(G2 * H);
+    const T3 = M(E * H);
+    const Z3 = M(F4 * G2);
+    return new _Point(X3, Y3, Z3, T3);
+  }
+  /** Point addition. Complete formula. Cost: `8M + 1*k + 8add + 1*2`. */
+  add(other) {
+    const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this;
+    const { ex: X2, ey: Y2, ez: Z2, et: T2 } = apoint(other);
+    const a = _a;
+    const d = _d;
+    const A = M(X1 * X2);
+    const B = M(Y1 * Y2);
+    const C2 = M(T1 * d * T2);
+    const D = M(Z1 * Z2);
+    const E = M((X1 + Y1) * (X2 + Y2) - A - B);
+    const F4 = M(D - C2);
+    const G2 = M(D + C2);
+    const H = M(B - a * A);
+    const X3 = M(E * F4);
+    const Y3 = M(G2 * H);
+    const T3 = M(E * H);
+    const Z3 = M(F4 * G2);
+    return new _Point(X3, Y3, Z3, T3);
+  }
+  /**
+   * Point-by-scalar multiplication. Scalar must be in range 1 <= n < CURVE.n.
+   * Uses {@link wNAF} for base point.
+   * Uses fake point to mitigate side-channel leakage.
+   * @param n scalar by which point is multiplied
+   * @param safe safe mode guards against timing attacks; unsafe mode is faster
+   */
+  multiply(n, safe = true) {
+    if (!safe && (n === 0n || this.is0()))
+      return I;
+    arange(n, 1n, N);
+    if (n === 1n)
+      return this;
+    if (this.equals(G))
+      return wNAF(n).p;
+    let p = I;
+    let f = G;
+    for (let d = this; n > 0n; d = d.double(), n >>= 1n) {
+      if (n & 1n)
+        p = p.add(d);
+      else if (safe)
+        f = f.add(d);
+    }
+    return p;
+  }
+  /** Convert point to 2d xy affine point. (X, Y, Z) ∋ (x=X/Z, y=Y/Z) */
+  toAffine() {
+    const { ex: x, ey: y, ez: z } = this;
+    if (this.equals(I))
+      return { x: 0n, y: 1n };
+    const iz = invert(z, P);
+    if (M(z * iz) !== 1n)
+      err("invalid inverse");
+    return { x: M(x * iz), y: M(y * iz) };
+  }
+  toBytes() {
+    const { x, y } = this.assertValidity().toAffine();
+    const b = numTo32bLE(y);
+    b[31] |= x & 1n ? 128 : 0;
+    return b;
+  }
+  toHex() {
+    return bytesToHex(this.toBytes());
+  }
+  // encode to hex string
+  clearCofactor() {
+    return this.multiply(big(h), false);
+  }
+  isSmallOrder() {
+    return this.clearCofactor().is0();
+  }
+  isTorsionFree() {
+    let p = this.multiply(N / 2n, false).double();
+    if (N % 2n)
+      p = p.add(this);
+    return p.is0();
+  }
+  static fromHex(hex, zip215) {
+    return _Point.fromBytes(toU8(hex), zip215);
+  }
+  get x() {
+    return this.toAffine().x;
+  }
+  get y() {
+    return this.toAffine().y;
+  }
+  toRawBytes() {
+    return this.toBytes();
+  }
+};
+var G = new Point(Gx, Gy, 1n, M(Gx * Gy));
+var I = new Point(0n, 1n, 1n, 0n);
+Point.BASE = G;
+Point.ZERO = I;
+var numTo32bLE = (num) => hexToBytes(padh(arange(num, 0n, B256), L2)).reverse();
+var bytesToNumLE = (b) => big("0x" + bytesToHex(u8fr(abytes(b)).reverse()));
+var pow2 = (x, power) => {
+  let r = x;
+  while (power-- > 0n) {
+    r *= r;
+    r %= P;
+  }
+  return r;
+};
+var pow_2_252_3 = (x) => {
+  const x2 = x * x % P;
+  const b2 = x2 * x % P;
+  const b4 = pow2(b2, 2n) * b2 % P;
+  const b5 = pow2(b4, 1n) * x % P;
+  const b10 = pow2(b5, 5n) * b5 % P;
+  const b20 = pow2(b10, 10n) * b10 % P;
+  const b40 = pow2(b20, 20n) * b20 % P;
+  const b80 = pow2(b40, 40n) * b40 % P;
+  const b160 = pow2(b80, 80n) * b80 % P;
+  const b240 = pow2(b160, 80n) * b80 % P;
+  const b250 = pow2(b240, 10n) * b10 % P;
+  const pow_p_5_8 = pow2(b250, 2n) * x % P;
+  return { pow_p_5_8, b2 };
+};
+var RM1 = 0x2b8324804fc1df0b2b4d00993dfbd7a72f431806ad2fe478c4ee1b274a0ea0b0n;
+var uvRatio = (u, v) => {
+  const v3 = M(v * v * v);
+  const v7 = M(v3 * v3 * v);
+  const pow = pow_2_252_3(u * v7).pow_p_5_8;
+  let x = M(u * v3 * pow);
+  const vx2 = M(v * x * x);
+  const root1 = x;
+  const root2 = M(x * RM1);
+  const useRoot1 = vx2 === u;
+  const useRoot2 = vx2 === M(-u);
+  const noRoot = vx2 === M(-u * RM1);
+  if (useRoot1)
+    x = root1;
+  if (useRoot2 || noRoot)
+    x = root2;
+  if ((M(x) & 1n) === 1n)
+    x = M(-x);
+  return { isValid: useRoot1 || useRoot2, value: x };
+};
+var modL_LE = (hash) => modN(bytesToNumLE(hash));
+var sha512s = (...m) => callHash("sha512Sync")(...m);
+var hashFinishS = (res) => res.finish(sha512s(res.hashable));
+var veriOpts = { zip215: true };
+var _verify = (sig, msg, pub, opts = veriOpts) => {
+  sig = toU8(sig, L2);
+  msg = toU8(msg);
+  pub = toU8(pub, L);
+  const { zip215 } = opts;
+  let A;
+  let R;
+  let s;
+  let SB;
+  let hashable = Uint8Array.of();
+  try {
+    A = Point.fromHex(pub, zip215);
+    R = Point.fromHex(sig.slice(0, L), zip215);
+    s = bytesToNumLE(sig.slice(L, L2));
+    SB = G.multiply(s, false);
+    hashable = concatBytes(R.toBytes(), A.toBytes(), msg);
+  } catch (error) {
+  }
+  const finish = (hashed) => {
+    if (SB == null)
+      return false;
+    if (!zip215 && A.isSmallOrder())
+      return false;
+    const k = modL_LE(hashed);
+    const RkA = R.add(A.multiply(k, false));
+    return RkA.add(SB.negate()).clearCofactor().is0();
+  };
+  return { hashable, finish };
+};
+var verify = (s, m, p, opts = veriOpts) => hashFinishS(_verify(s, m, p, opts));
+var etc = {
+  sha512Async: async (...messages) => {
+    const s = subtle();
+    const m = concatBytes(...messages);
+    return u8n(await s.digest("SHA-512", m.buffer));
+  },
+  sha512Sync: void 0,
+  bytesToHex,
+  hexToBytes,
+  concatBytes,
+  mod: M,
+  invert,
+  randomBytes
+};
+var W = 8;
+var scalarBits = 256;
+var pwindows = Math.ceil(scalarBits / W) + 1;
+var pwindowSize = 2 ** (W - 1);
+var precompute = () => {
+  const points = [];
+  let p = G;
+  let b = p;
+  for (let w = 0; w < pwindows; w++) {
+    b = p;
+    points.push(b);
+    for (let i = 1; i < pwindowSize; i++) {
+      b = b.add(p);
+      points.push(b);
+    }
+    p = b.double();
+  }
+  return points;
+};
+var Gpows = void 0;
+var ctneg = (cnd, p) => {
+  const n = p.negate();
+  return cnd ? n : p;
+};
+var wNAF = (n) => {
+  const comp = Gpows || (Gpows = precompute());
+  let p = I;
+  let f = G;
+  const pow_2_w = 2 ** W;
+  const maxNum = pow_2_w;
+  const mask = big(pow_2_w - 1);
+  const shiftBy = big(W);
+  for (let w = 0; w < pwindows; w++) {
+    let wbits = Number(n & mask);
+    n >>= shiftBy;
+    if (wbits > pwindowSize) {
+      wbits -= maxNum;
+      n += 1n;
+    }
+    const off = w * pwindowSize;
+    const offF = off;
+    const offP = off + Math.abs(wbits) - 1;
+    const isEven = w % 2 !== 0;
+    const isNeg = wbits < 0;
+    if (wbits === 0) {
+      f = f.add(ctneg(isEven, comp[offF]));
+    } else {
+      p = p.add(ctneg(isNeg, comp[offP]));
+    }
+  }
+  return { p, f };
+};
+
+// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/utils.js
+function isBytes2(a) {
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+function abytes2(b, ...lengths) {
+  if (!isBytes2(b))
+    throw new Error("Uint8Array expected");
+  if (lengths.length > 0 && !lengths.includes(b.length))
+    throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
+}
+function aexists(instance2, checkFinished = true) {
+  if (instance2.destroyed)
+    throw new Error("Hash instance has been destroyed");
+  if (checkFinished && instance2.finished)
+    throw new Error("Hash#digest() has already been called");
+}
+function aoutput(out, instance2) {
+  abytes2(out);
+  const min = instance2.outputLen;
+  if (out.length < min) {
+    throw new Error("digestInto() expects output buffer of length at least " + min);
+  }
+}
+function clean(...arrays) {
+  for (let i = 0; i < arrays.length; i++) {
+    arrays[i].fill(0);
+  }
+}
+function createView(arr) {
+  return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+}
+function rotr(word, shift) {
+  return word << 32 - shift | word >>> shift;
+}
+function utf8ToBytes(str) {
+  if (typeof str !== "string")
+    throw new Error("string expected");
+  return new Uint8Array(new TextEncoder().encode(str));
+}
+function toBytes(data) {
+  if (typeof data === "string")
+    data = utf8ToBytes(data);
+  abytes2(data);
+  return data;
+}
+var Hash = class {
+};
+function createHasher(hashCons) {
+  const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
+  const tmp = hashCons();
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = () => hashCons();
+  return hashC;
+}
+
+// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/_md.js
+function setBigUint64(view, byteOffset, value, isLE) {
+  if (typeof view.setBigUint64 === "function")
+    return view.setBigUint64(byteOffset, value, isLE);
+  const _32n2 = BigInt(32);
+  const _u32_max = BigInt(4294967295);
+  const wh = Number(value >> _32n2 & _u32_max);
+  const wl = Number(value & _u32_max);
+  const h2 = isLE ? 4 : 0;
+  const l = isLE ? 0 : 4;
+  view.setUint32(byteOffset + h2, wh, isLE);
+  view.setUint32(byteOffset + l, wl, isLE);
+}
+function Chi(a, b, c) {
+  return a & b ^ ~a & c;
+}
+function Maj(a, b, c) {
+  return a & b ^ a & c ^ b & c;
+}
+var HashMD = class extends Hash {
+  constructor(blockLen, outputLen, padOffset, isLE) {
+    super();
+    this.finished = false;
+    this.length = 0;
+    this.pos = 0;
+    this.destroyed = false;
+    this.blockLen = blockLen;
+    this.outputLen = outputLen;
+    this.padOffset = padOffset;
+    this.isLE = isLE;
+    this.buffer = new Uint8Array(blockLen);
+    this.view = createView(this.buffer);
+  }
+  update(data) {
+    aexists(this);
+    data = toBytes(data);
+    abytes2(data);
+    const { view, buffer, blockLen } = this;
+    const len = data.length;
+    for (let pos = 0; pos < len; ) {
+      const take = Math.min(blockLen - this.pos, len - pos);
+      if (take === blockLen) {
+        const dataView = createView(data);
+        for (; blockLen <= len - pos; pos += blockLen)
+          this.process(dataView, pos);
+        continue;
+      }
+      buffer.set(data.subarray(pos, pos + take), this.pos);
+      this.pos += take;
+      pos += take;
+      if (this.pos === blockLen) {
+        this.process(view, 0);
+        this.pos = 0;
+      }
+    }
+    this.length += data.length;
+    this.roundClean();
+    return this;
+  }
+  digestInto(out) {
+    aexists(this);
+    aoutput(out, this);
+    this.finished = true;
+    const { buffer, view, blockLen, isLE } = this;
+    let { pos } = this;
+    buffer[pos++] = 128;
+    clean(this.buffer.subarray(pos));
+    if (this.padOffset > blockLen - pos) {
+      this.process(view, 0);
+      pos = 0;
+    }
+    for (let i = pos; i < blockLen; i++)
+      buffer[i] = 0;
+    setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
+    this.process(view, 0);
+    const oview = createView(out);
+    const len = this.outputLen;
+    if (len % 4)
+      throw new Error("_sha2: outputLen should be aligned to 32bit");
+    const outLen = len / 4;
+    const state = this.get();
+    if (outLen > state.length)
+      throw new Error("_sha2: outputLen bigger than state");
+    for (let i = 0; i < outLen; i++)
+      oview.setUint32(4 * i, state[i], isLE);
+  }
+  digest() {
+    const { buffer, outputLen } = this;
+    this.digestInto(buffer);
+    const res = buffer.slice(0, outputLen);
+    this.destroy();
+    return res;
+  }
+  _cloneInto(to) {
+    to || (to = new this.constructor());
+    to.set(...this.get());
+    const { blockLen, buffer, length, finished, destroyed, pos } = this;
+    to.destroyed = destroyed;
+    to.finished = finished;
+    to.length = length;
+    to.pos = pos;
+    if (length % blockLen)
+      to.buffer.set(buffer);
+    return to;
+  }
+  clone() {
+    return this._cloneInto();
+  }
+};
+var SHA256_IV = /* @__PURE__ */ Uint32Array.from([
+  1779033703,
+  3144134277,
+  1013904242,
+  2773480762,
+  1359893119,
+  2600822924,
+  528734635,
+  1541459225
+]);
+var SHA512_IV = /* @__PURE__ */ Uint32Array.from([
+  1779033703,
+  4089235720,
+  3144134277,
+  2227873595,
+  1013904242,
+  4271175723,
+  2773480762,
+  1595750129,
+  1359893119,
+  2917565137,
+  2600822924,
+  725511199,
+  528734635,
+  4215389547,
+  1541459225,
+  327033209
+]);
+
+// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/_u64.js
+var U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
+var _32n = /* @__PURE__ */ BigInt(32);
+function fromBig(n, le = false) {
+  if (le)
+    return { h: Number(n & U32_MASK64), l: Number(n >> _32n & U32_MASK64) };
+  return { h: Number(n >> _32n & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };
+}
+function split(lst, le = false) {
+  const len = lst.length;
+  let Ah = new Uint32Array(len);
+  let Al = new Uint32Array(len);
+  for (let i = 0; i < len; i++) {
+    const { h: h2, l } = fromBig(lst[i], le);
+    [Ah[i], Al[i]] = [h2, l];
+  }
+  return [Ah, Al];
+}
+var shrSH = (h2, _l, s) => h2 >>> s;
+var shrSL = (h2, l, s) => h2 << 32 - s | l >>> s;
+var rotrSH = (h2, l, s) => h2 >>> s | l << 32 - s;
+var rotrSL = (h2, l, s) => h2 << 32 - s | l >>> s;
+var rotrBH = (h2, l, s) => h2 << 64 - s | l >>> s - 32;
+var rotrBL = (h2, l, s) => h2 >>> s - 32 | l << 64 - s;
+function add(Ah, Al, Bh, Bl) {
+  const l = (Al >>> 0) + (Bl >>> 0);
+  return { h: Ah + Bh + (l / 2 ** 32 | 0) | 0, l: l | 0 };
+}
+var add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);
+var add3H = (low, Ah, Bh, Ch) => Ah + Bh + Ch + (low / 2 ** 32 | 0) | 0;
+var add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);
+var add4H = (low, Ah, Bh, Ch, Dh) => Ah + Bh + Ch + Dh + (low / 2 ** 32 | 0) | 0;
+var add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);
+var add5H = (low, Ah, Bh, Ch, Dh, Eh) => Ah + Bh + Ch + Dh + Eh + (low / 2 ** 32 | 0) | 0;
+
+// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/sha2.js
+var SHA256_K = /* @__PURE__ */ Uint32Array.from([
+  1116352408,
+  1899447441,
+  3049323471,
+  3921009573,
+  961987163,
+  1508970993,
+  2453635748,
+  2870763221,
+  3624381080,
+  310598401,
+  607225278,
+  1426881987,
+  1925078388,
+  2162078206,
+  2614888103,
+  3248222580,
+  3835390401,
+  4022224774,
+  264347078,
+  604807628,
+  770255983,
+  1249150122,
+  1555081692,
+  1996064986,
+  2554220882,
+  2821834349,
+  2952996808,
+  3210313671,
+  3336571891,
+  3584528711,
+  113926993,
+  338241895,
+  666307205,
+  773529912,
+  1294757372,
+  1396182291,
+  1695183700,
+  1986661051,
+  2177026350,
+  2456956037,
+  2730485921,
+  2820302411,
+  3259730800,
+  3345764771,
+  3516065817,
+  3600352804,
+  4094571909,
+  275423344,
+  430227734,
+  506948616,
+  659060556,
+  883997877,
+  958139571,
+  1322822218,
+  1537002063,
+  1747873779,
+  1955562222,
+  2024104815,
+  2227730452,
+  2361852424,
+  2428436474,
+  2756734187,
+  3204031479,
+  3329325298
+]);
+var SHA256_W = /* @__PURE__ */ new Uint32Array(64);
+var SHA256 = class extends HashMD {
+  constructor(outputLen = 32) {
+    super(64, outputLen, 8, false);
+    this.A = SHA256_IV[0] | 0;
+    this.B = SHA256_IV[1] | 0;
+    this.C = SHA256_IV[2] | 0;
+    this.D = SHA256_IV[3] | 0;
+    this.E = SHA256_IV[4] | 0;
+    this.F = SHA256_IV[5] | 0;
+    this.G = SHA256_IV[6] | 0;
+    this.H = SHA256_IV[7] | 0;
+  }
+  get() {
+    const { A, B, C: C2, D, E, F: F4, G: G2, H } = this;
+    return [A, B, C2, D, E, F4, G2, H];
+  }
+  // prettier-ignore
+  set(A, B, C2, D, E, F4, G2, H) {
+    this.A = A | 0;
+    this.B = B | 0;
+    this.C = C2 | 0;
+    this.D = D | 0;
+    this.E = E | 0;
+    this.F = F4 | 0;
+    this.G = G2 | 0;
+    this.H = H | 0;
+  }
+  process(view, offset) {
+    for (let i = 0; i < 16; i++, offset += 4)
+      SHA256_W[i] = view.getUint32(offset, false);
+    for (let i = 16; i < 64; i++) {
+      const W15 = SHA256_W[i - 15];
+      const W2 = SHA256_W[i - 2];
+      const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ W15 >>> 3;
+      const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ W2 >>> 10;
+      SHA256_W[i] = s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16] | 0;
+    }
+    let { A, B, C: C2, D, E, F: F4, G: G2, H } = this;
+    for (let i = 0; i < 64; i++) {
+      const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
+      const T1 = H + sigma1 + Chi(E, F4, G2) + SHA256_K[i] + SHA256_W[i] | 0;
+      const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
+      const T2 = sigma0 + Maj(A, B, C2) | 0;
+      H = G2;
+      G2 = F4;
+      F4 = E;
+      E = D + T1 | 0;
+      D = C2;
+      C2 = B;
+      B = A;
+      A = T1 + T2 | 0;
+    }
+    A = A + this.A | 0;
+    B = B + this.B | 0;
+    C2 = C2 + this.C | 0;
+    D = D + this.D | 0;
+    E = E + this.E | 0;
+    F4 = F4 + this.F | 0;
+    G2 = G2 + this.G | 0;
+    H = H + this.H | 0;
+    this.set(A, B, C2, D, E, F4, G2, H);
+  }
+  roundClean() {
+    clean(SHA256_W);
+  }
+  destroy() {
+    this.set(0, 0, 0, 0, 0, 0, 0, 0);
+    clean(this.buffer);
+  }
+};
+var K512 = /* @__PURE__ */ (() => split([
+  "0x428a2f98d728ae22",
+  "0x7137449123ef65cd",
+  "0xb5c0fbcfec4d3b2f",
+  "0xe9b5dba58189dbbc",
+  "0x3956c25bf348b538",
+  "0x59f111f1b605d019",
+  "0x923f82a4af194f9b",
+  "0xab1c5ed5da6d8118",
+  "0xd807aa98a3030242",
+  "0x12835b0145706fbe",
+  "0x243185be4ee4b28c",
+  "0x550c7dc3d5ffb4e2",
+  "0x72be5d74f27b896f",
+  "0x80deb1fe3b1696b1",
+  "0x9bdc06a725c71235",
+  "0xc19bf174cf692694",
+  "0xe49b69c19ef14ad2",
+  "0xefbe4786384f25e3",
+  "0x0fc19dc68b8cd5b5",
+  "0x240ca1cc77ac9c65",
+  "0x2de92c6f592b0275",
+  "0x4a7484aa6ea6e483",
+  "0x5cb0a9dcbd41fbd4",
+  "0x76f988da831153b5",
+  "0x983e5152ee66dfab",
+  "0xa831c66d2db43210",
+  "0xb00327c898fb213f",
+  "0xbf597fc7beef0ee4",
+  "0xc6e00bf33da88fc2",
+  "0xd5a79147930aa725",
+  "0x06ca6351e003826f",
+  "0x142929670a0e6e70",
+  "0x27b70a8546d22ffc",
+  "0x2e1b21385c26c926",
+  "0x4d2c6dfc5ac42aed",
+  "0x53380d139d95b3df",
+  "0x650a73548baf63de",
+  "0x766a0abb3c77b2a8",
+  "0x81c2c92e47edaee6",
+  "0x92722c851482353b",
+  "0xa2bfe8a14cf10364",
+  "0xa81a664bbc423001",
+  "0xc24b8b70d0f89791",
+  "0xc76c51a30654be30",
+  "0xd192e819d6ef5218",
+  "0xd69906245565a910",
+  "0xf40e35855771202a",
+  "0x106aa07032bbd1b8",
+  "0x19a4c116b8d2d0c8",
+  "0x1e376c085141ab53",
+  "0x2748774cdf8eeb99",
+  "0x34b0bcb5e19b48a8",
+  "0x391c0cb3c5c95a63",
+  "0x4ed8aa4ae3418acb",
+  "0x5b9cca4f7763e373",
+  "0x682e6ff3d6b2b8a3",
+  "0x748f82ee5defb2fc",
+  "0x78a5636f43172f60",
+  "0x84c87814a1f0ab72",
+  "0x8cc702081a6439ec",
+  "0x90befffa23631e28",
+  "0xa4506cebde82bde9",
+  "0xbef9a3f7b2c67915",
+  "0xc67178f2e372532b",
+  "0xca273eceea26619c",
+  "0xd186b8c721c0c207",
+  "0xeada7dd6cde0eb1e",
+  "0xf57d4f7fee6ed178",
+  "0x06f067aa72176fba",
+  "0x0a637dc5a2c898a6",
+  "0x113f9804bef90dae",
+  "0x1b710b35131c471b",
+  "0x28db77f523047d84",
+  "0x32caab7b40c72493",
+  "0x3c9ebe0a15c9bebc",
+  "0x431d67c49c100d4c",
+  "0x4cc5d4becb3e42b6",
+  "0x597f299cfc657e2a",
+  "0x5fcb6fab3ad6faec",
+  "0x6c44198c4a475817"
+].map((n) => BigInt(n))))();
+var SHA512_Kh = /* @__PURE__ */ (() => K512[0])();
+var SHA512_Kl = /* @__PURE__ */ (() => K512[1])();
+var SHA512_W_H = /* @__PURE__ */ new Uint32Array(80);
+var SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);
+var SHA512 = class extends HashMD {
+  constructor(outputLen = 64) {
+    super(128, outputLen, 16, false);
+    this.Ah = SHA512_IV[0] | 0;
+    this.Al = SHA512_IV[1] | 0;
+    this.Bh = SHA512_IV[2] | 0;
+    this.Bl = SHA512_IV[3] | 0;
+    this.Ch = SHA512_IV[4] | 0;
+    this.Cl = SHA512_IV[5] | 0;
+    this.Dh = SHA512_IV[6] | 0;
+    this.Dl = SHA512_IV[7] | 0;
+    this.Eh = SHA512_IV[8] | 0;
+    this.El = SHA512_IV[9] | 0;
+    this.Fh = SHA512_IV[10] | 0;
+    this.Fl = SHA512_IV[11] | 0;
+    this.Gh = SHA512_IV[12] | 0;
+    this.Gl = SHA512_IV[13] | 0;
+    this.Hh = SHA512_IV[14] | 0;
+    this.Hl = SHA512_IV[15] | 0;
+  }
+  // prettier-ignore
+  get() {
+    const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
+    return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];
+  }
+  // prettier-ignore
+  set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) {
+    this.Ah = Ah | 0;
+    this.Al = Al | 0;
+    this.Bh = Bh | 0;
+    this.Bl = Bl | 0;
+    this.Ch = Ch | 0;
+    this.Cl = Cl | 0;
+    this.Dh = Dh | 0;
+    this.Dl = Dl | 0;
+    this.Eh = Eh | 0;
+    this.El = El | 0;
+    this.Fh = Fh | 0;
+    this.Fl = Fl | 0;
+    this.Gh = Gh | 0;
+    this.Gl = Gl | 0;
+    this.Hh = Hh | 0;
+    this.Hl = Hl | 0;
+  }
+  process(view, offset) {
+    for (let i = 0; i < 16; i++, offset += 4) {
+      SHA512_W_H[i] = view.getUint32(offset);
+      SHA512_W_L[i] = view.getUint32(offset += 4);
+    }
+    for (let i = 16; i < 80; i++) {
+      const W15h = SHA512_W_H[i - 15] | 0;
+      const W15l = SHA512_W_L[i - 15] | 0;
+      const s0h = rotrSH(W15h, W15l, 1) ^ rotrSH(W15h, W15l, 8) ^ shrSH(W15h, W15l, 7);
+      const s0l = rotrSL(W15h, W15l, 1) ^ rotrSL(W15h, W15l, 8) ^ shrSL(W15h, W15l, 7);
+      const W2h = SHA512_W_H[i - 2] | 0;
+      const W2l = SHA512_W_L[i - 2] | 0;
+      const s1h = rotrSH(W2h, W2l, 19) ^ rotrBH(W2h, W2l, 61) ^ shrSH(W2h, W2l, 6);
+      const s1l = rotrSL(W2h, W2l, 19) ^ rotrBL(W2h, W2l, 61) ^ shrSL(W2h, W2l, 6);
+      const SUMl = add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);
+      const SUMh = add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);
+      SHA512_W_H[i] = SUMh | 0;
+      SHA512_W_L[i] = SUMl | 0;
+    }
+    let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
+    for (let i = 0; i < 80; i++) {
+      const sigma1h = rotrSH(Eh, El, 14) ^ rotrSH(Eh, El, 18) ^ rotrBH(Eh, El, 41);
+      const sigma1l = rotrSL(Eh, El, 14) ^ rotrSL(Eh, El, 18) ^ rotrBL(Eh, El, 41);
+      const CHIh = Eh & Fh ^ ~Eh & Gh;
+      const CHIl = El & Fl ^ ~El & Gl;
+      const T1ll = add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);
+      const T1h = add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);
+      const T1l = T1ll | 0;
+      const sigma0h = rotrSH(Ah, Al, 28) ^ rotrBH(Ah, Al, 34) ^ rotrBH(Ah, Al, 39);
+      const sigma0l = rotrSL(Ah, Al, 28) ^ rotrBL(Ah, Al, 34) ^ rotrBL(Ah, Al, 39);
+      const MAJh = Ah & Bh ^ Ah & Ch ^ Bh & Ch;
+      const MAJl = Al & Bl ^ Al & Cl ^ Bl & Cl;
+      Hh = Gh | 0;
+      Hl = Gl | 0;
+      Gh = Fh | 0;
+      Gl = Fl | 0;
+      Fh = Eh | 0;
+      Fl = El | 0;
+      ({ h: Eh, l: El } = add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));
+      Dh = Ch | 0;
+      Dl = Cl | 0;
+      Ch = Bh | 0;
+      Cl = Bl | 0;
+      Bh = Ah | 0;
+      Bl = Al | 0;
+      const All = add3L(T1l, sigma0l, MAJl);
+      Ah = add3H(All, T1h, sigma0h, MAJh);
+      Al = All | 0;
+    }
+    ({ h: Ah, l: Al } = add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));
+    ({ h: Bh, l: Bl } = add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));
+    ({ h: Ch, l: Cl } = add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));
+    ({ h: Dh, l: Dl } = add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));
+    ({ h: Eh, l: El } = add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));
+    ({ h: Fh, l: Fl } = add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));
+    ({ h: Gh, l: Gl } = add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));
+    ({ h: Hh, l: Hl } = add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));
+    this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);
+  }
+  roundClean() {
+    clean(SHA512_W_H, SHA512_W_L);
+  }
+  destroy() {
+    clean(this.buffer);
+    this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+  }
+};
+var sha256 = /* @__PURE__ */ createHasher(() => new SHA256());
+var sha512 = /* @__PURE__ */ createHasher(() => new SHA512());
+
+// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/sha512.js
+var sha5122 = sha512;
+
+// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/sha256.js
+var sha2562 = sha256;
+
+// ../artifact-core/dist/signing.js
+etc.sha512Sync = (...m) => sha5122(etc.concatBytes(...m));
+function fromBase64Url(b64url) {
+  const b64 = b64url.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = b64 + "=".repeat((4 - b64.length % 4) % 4);
+  const binary = atob(padded);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+function verify2(document, signatureEnvelope, publicKeyB64Url) {
+  let signatureBytes;
+  let publicKeyBytes;
+  try {
+    signatureBytes = fromBase64Url(signatureEnvelope.signature);
+    publicKeyBytes = fromBase64Url(publicKeyB64Url);
+  } catch {
+    return false;
+  }
+  for (const canonFn of [canonical, canonicalLegacy]) {
+    try {
+      const canonicalStr = canonFn(document);
+      const hashBytes = sha2562(new TextEncoder().encode(canonicalStr));
+      if (verify(signatureBytes, hashBytes, publicKeyBytes)) {
+        return true;
+      }
+    } catch {
+    }
+  }
+  return false;
+}
+
+// ../../node_modules/.pnpm/@zkpassport+poseidon2@0.6.2/node_modules/@zkpassport/poseidon2/dist/esm/core/field.js
+var F1Field = class {
+  constructor(prime) {
+    this.zero = BigInt(0);
+    this.one = BigInt(1);
+    this.prime = prime;
+  }
+  e(x) {
+    if (typeof x === "bigint") {
+      return x % this.prime;
+    } else {
+      return BigInt(x) % this.prime;
+    }
+  }
+  add(x, y) {
+    return (x + y) % this.prime;
+  }
+  sub(x, y) {
+    return (this.prime + x - y) % this.prime;
+  }
+  mul(x, y) {
+    return x * y % this.prime;
+  }
+  square(x) {
+    return x * x % this.prime;
+  }
+  div(x, y) {
+    return x / y % this.prime;
+  }
+};
+
+// ../../node_modules/.pnpm/@zkpassport+poseidon2@0.6.2/node_modules/@zkpassport/poseidon2/dist/esm/core/poseidon2.js
+var Poseidon2 = class {
+  constructor(params, primeField) {
+    this.params = params;
+    this.primeField = primeField;
+  }
+  getT() {
+    return this.params.t;
+  }
+  sbox(input) {
+    return input.map((x) => this.sboxP(x));
+  }
+  sboxP(input) {
+    const input2 = this.primeField.square(input);
+    if (this.params.d == 3) {
+      return this.primeField.mul(input2, input);
+    } else if (this.params.d == 5) {
+      return this.primeField.mul(this.primeField.square(input2), input);
+    } else if (this.params.d == 7) {
+      return this.primeField.mul(this.primeField.square(input2), this.primeField.mul(input2, input));
+    } else {
+      throw new Error("Invalid d paramter, must be 3, 5 or 7");
+    }
+  }
+  matmulExternal(input) {
+    const t = this.params.t;
+    if (t == 2) {
+      const sum = this.primeField.add(input[0], input[1]);
+      input[0] = this.primeField.add(input[0], sum);
+      input[1] = this.primeField.add(input[1], sum);
+    } else if (t == 3) {
+      const sum = this.primeField.add(this.primeField.add(input[0], input[1]), input[2]);
+      input[0] = this.primeField.add(input[0], sum);
+      input[1] = this.primeField.add(input[1], sum);
+      input[2] = this.primeField.add(input[2], sum);
+    } else if (t == 4 || t == 8 || t == 12 || t == 16 || t == 20 || t == 24) {
+      const t4 = t / 4;
+      for (let i = 0; i < t4; i++) {
+        const startIndex = i * 4;
+        let t_0 = input[startIndex];
+        t_0 = this.primeField.add(t_0, input[startIndex + 1]);
+        let t_1 = input[startIndex + 2];
+        t_1 = this.primeField.add(t_1, input[startIndex + 3]);
+        let t_2 = input[startIndex + 1];
+        t_2 = this.primeField.add(t_2, t_2);
+        t_2 = this.primeField.add(t_2, t_1);
+        let t_3 = input[startIndex + 3];
+        t_3 = this.primeField.add(t_3, t_3);
+        t_3 = this.primeField.add(t_3, t_0);
+        let t_4 = t_1;
+        t_4 = this.primeField.add(t_4, t_4);
+        t_4 = this.primeField.add(t_4, t_4);
+        t_4 = this.primeField.add(t_4, t_3);
+        let t_5 = t_0;
+        t_5 = this.primeField.add(t_5, t_5);
+        t_5 = this.primeField.add(t_5, t_5);
+        t_5 = this.primeField.add(t_5, t_2);
+        let t_6 = t_3;
+        t_6 = this.primeField.add(t_6, t_5);
+        let t_7 = t_2;
+        t_7 = this.primeField.add(t_7, t_4);
+        input[startIndex] = t_6;
+        input[startIndex + 1] = t_5;
+        input[startIndex + 2] = t_7;
+        input[startIndex + 3] = t_4;
+      }
+      if (t > 4) {
+        const stored = [
+          this.primeField.zero,
+          this.primeField.zero,
+          this.primeField.zero,
+          this.primeField.zero
+        ];
+        for (let l = 0; l < 4; l++) {
+          stored[l] = input[l];
+          for (let j = 1; j < t4; j++) {
+            stored[l] = this.primeField.add(stored[l], input[4 * j + l]);
+          }
+        }
+        for (let i = 0; i < input.length; i++) {
+          input[i] = this.primeField.add(input[i], stored[i % 4]);
+        }
+      }
+    } else {
+      throw new Error("Invalid t parameter, must be 2, 3, 4, 8, 12, 16, 20 or 24");
+    }
+    return input;
+  }
+  matmulInternal(input) {
+    const t = this.params.t;
+    if (t == 2) {
+      const sum = this.primeField.add(input[0], input[1]);
+      input[0] = this.primeField.add(input[0], sum);
+      input[1] = this.primeField.add(this.primeField.add(input[1], input[1]), sum);
+    } else if (t == 3) {
+      const sum = this.primeField.add(this.primeField.add(input[0], input[1]), input[2]);
+      input[0] = this.primeField.add(input[0], sum);
+      input[1] = this.primeField.add(input[1], sum);
+      input[2] = this.primeField.add(this.primeField.add(input[2], input[2]), sum);
+    } else if (t == 4 || t == 8 || t == 12 || t == 16 || t == 20 || t == 24) {
+      let sum = input[0];
+      for (let i = 1; i < t; i++) {
+        sum = this.primeField.add(sum, input[i]);
+      }
+      for (let i = 0; i < input.length; i++) {
+        input[i] = this.primeField.add(this.primeField.mul(this.params.mat_internal_diag_m_1[i], input[i]), sum);
+      }
+    } else {
+      throw new Error("Invalid t parameter, must be 2, 3, 4, 8, 12, 16, 20 or 24");
+    }
+    return input;
+  }
+  permute(input) {
+    const t = this.params.t;
+    if (input.length != t) {
+      throw new Error("Invalid input length");
+    }
+    let current_state = input;
+    this.matmulExternal(current_state);
+    for (let r = 0; r < this.params.rounds_f_beginning; r++) {
+      current_state = this.addRc(current_state, this.params.round_constants[r]);
+      current_state = this.sbox(current_state);
+      this.matmulExternal(current_state);
+    }
+    const p_end = this.params.rounds_f_beginning + this.params.rounds_p;
+    for (let r = this.params.rounds_f_beginning; r < p_end; r++) {
+      current_state[0] = this.primeField.add(current_state[0], this.params.round_constants[r][0]);
+      current_state[0] = this.sboxP(current_state[0]);
+      this.matmulInternal(current_state);
+    }
+    for (let r = p_end; r < this.params.rounds; r++) {
+      current_state = this.addRc(current_state, this.params.round_constants[r]);
+      current_state = this.sbox(current_state);
+      this.matmulExternal(current_state);
+    }
+    return current_state;
+  }
+  addRc(input, rc) {
+    return input.map((a, i) => this.primeField.add(a, rc[i]));
+  }
+};
+
+// ../../node_modules/.pnpm/@zkpassport+poseidon2@0.6.2/node_modules/@zkpassport/poseidon2/dist/esm/core/poseidon2params.js
+function getPoseidon2Params(t, d, rounds_f, rounds_p, mat_internal_diag_m_1, mat_internal, round_constants) {
+  const r = rounds_f / 2;
+  const rounds = rounds_f + rounds_p;
+  return {
+    t,
+    d,
+    rounds_f_beginning: r,
+    rounds_p,
+    rounds_f_end: r,
+    rounds,
+    mat_internal_diag_m_1,
+    _mat_internal: mat_internal,
+    round_constants
+  };
+}
+
+// ../../node_modules/.pnpm/@zkpassport+poseidon2@0.6.2/node_modules/@zkpassport/poseidon2/dist/esm/bn254/constants.js
+var MAT_DIAG4_M_1 = [
+  BigInt("0x10dc6e9c006ea38b04b1e03b4bd9490c0d03f98929ca1d7fb56821fd19d3b6e7"),
+  BigInt("0x0c28145b6a44df3e0149b3d0a30b3bb599df9756d4dd9b84a86b38cfb45a740b"),
+  BigInt("0x00544b8338791518b2c7645a50392798b21f75bb60e3596170067d00141cac15"),
+  BigInt("0x222c01175718386f2e2e82eb122789e352e105a3b8fa852613bc534433ee428b")
+];
+var MAT_INTERNAL4 = [
+  [
+    BigInt("0x10dc6e9c006ea38b04b1e03b4bd9490c0d03f98929ca1d7fb56821fd19d3b6e8"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000001"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000001"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000001")
+  ],
+  [
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000001"),
+    BigInt("0x0c28145b6a44df3e0149b3d0a30b3bb599df9756d4dd9b84a86b38cfb45a740c"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000001"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000001")
+  ],
+  [
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000001"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000001"),
+    BigInt("0x00544b8338791518b2c7645a50392798b21f75bb60e3596170067d00141cac16"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000001")
+  ],
+  [
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000001"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000001"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000001"),
+    BigInt("0x222c01175718386f2e2e82eb122789e352e105a3b8fa852613bc534433ee428c")
+  ]
+];
+var RC4 = [
+  [
+    BigInt("0x19b849f69450b06848da1d39bd5e4a4302bb86744edc26238b0878e269ed23e5"),
+    BigInt("0x265ddfe127dd51bd7239347b758f0a1320eb2cc7450acc1dad47f80c8dcf34d6"),
+    BigInt("0x199750ec472f1809e0f66a545e1e51624108ac845015c2aa3dfc36bab497d8aa"),
+    BigInt("0x157ff3fe65ac7208110f06a5f74302b14d743ea25067f0ffd032f787c7f1cdf8")
+  ],
+  [
+    BigInt("0x2e49c43c4569dd9c5fd35ac45fca33f10b15c590692f8beefe18f4896ac94902"),
+    BigInt("0x0e35fb89981890520d4aef2b6d6506c3cb2f0b6973c24fa82731345ffa2d1f1e"),
+    BigInt("0x251ad47cb15c4f1105f109ae5e944f1ba9d9e7806d667ffec6fe723002e0b996"),
+    BigInt("0x13da07dc64d428369873e97160234641f8beb56fdd05e5f3563fa39d9c22df4e")
+  ],
+  [
+    BigInt("0x0c009b84e650e6d23dc00c7dccef7483a553939689d350cd46e7b89055fd4738"),
+    BigInt("0x011f16b1c63a854f01992e3956f42d8b04eb650c6d535eb0203dec74befdca06"),
+    BigInt("0x0ed69e5e383a688f209d9a561daa79612f3f78d0467ad45485df07093f367549"),
+    BigInt("0x04dba94a7b0ce9e221acad41472b6bbe3aec507f5eb3d33f463672264c9f789b")
+  ],
+  [
+    BigInt("0x0a3f2637d840f3a16eb094271c9d237b6036757d4bb50bf7ce732ff1d4fa28e8"),
+    BigInt("0x259a666f129eea198f8a1c502fdb38fa39b1f075569564b6e54a485d1182323f"),
+    BigInt("0x28bf7459c9b2f4c6d8e7d06a4ee3a47f7745d4271038e5157a32fdf7ede0d6a1"),
+    BigInt("0x0a1ca941f057037526ea200f489be8d4c37c85bbcce6a2aeec91bd6941432447")
+  ],
+  [
+    BigInt("0x0c6f8f958be0e93053d7fd4fc54512855535ed1539f051dcb43a26fd926361cf"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x123106a93cd17578d426e8128ac9d90aa9e8a00708e296e084dd57e69caaf811"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x26e1ba52ad9285d97dd3ab52f8e840085e8fa83ff1e8f1877b074867cd2dee75"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x1cb55cad7bd133de18a64c5c47b9c97cbe4d8b7bf9e095864471537e6a4ae2c5"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x1dcd73e46acd8f8e0e2c7ce04bde7f6d2a53043d5060a41c7143f08e6e9055d0"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x011003e32f6d9c66f5852f05474a4def0cda294a0eb4e9b9b12b9bb4512e5574"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x2b1e809ac1d10ab29ad5f20d03a57dfebadfe5903f58bafed7c508dd2287ae8c"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x2539de1785b735999fb4dac35ee17ed0ef995d05ab2fc5faeaa69ae87bcec0a5"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x0c246c5a2ef8ee0126497f222b3e0a0ef4e1c3d41c86d46e43982cb11d77951d"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x192089c4974f68e95408148f7c0632edbb09e6a6ad1a1c2f3f0305f5d03b527b"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x1eae0ad8ab68b2f06a0ee36eeb0d0c058529097d91096b756d8fdc2fb5a60d85"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x179190e5d0e22179e46f8282872abc88db6e2fdc0dee99e69768bd98c5d06bfb"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x29bb9e2c9076732576e9a81c7ac4b83214528f7db00f31bf6cafe794a9b3cd1c"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x225d394e42207599403efd0c2464a90d52652645882aac35b10e590e6e691e08"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x064760623c25c8cf753d238055b444532be13557451c087de09efd454b23fd59"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x10ba3a0e01df92e87f301c4b716d8a394d67f4bf42a75c10922910a78f6b5b87"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x0e070bf53f8451b24f9c6e96b0c2a801cb511bc0c242eb9d361b77693f21471c"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x1b94cd61b051b04dd39755ff93821a73ccd6cb11d2491d8aa7f921014de252fb"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x1d7cb39bafb8c744e148787a2e70230f9d4e917d5713bb050487b5aa7d74070b"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x2ec93189bd1ab4f69117d0fe980c80ff8785c2961829f701bb74ac1f303b17db"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x2db366bfdd36d277a692bb825b86275beac404a19ae07a9082ea46bd83517926"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x062100eb485db06269655cf186a68532985275428450359adc99cec6960711b8"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x0761d33c66614aaa570e7f1e8244ca1120243f92fa59e4f900c567bf41f5a59b"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x20fc411a114d13992c2705aa034e3f315d78608a0f7de4ccf7a72e494855ad0d"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x25b5c004a4bdfcb5add9ec4e9ab219ba102c67e8b3effb5fc3a30f317250bc5a"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x23b1822d278ed632a494e58f6df6f5ed038b186d8474155ad87e7dff62b37f4b"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x22734b4c5c3f9493606c4ba9012499bf0f14d13bfcfcccaa16102a29cc2f69e0"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x26c0c8fe09eb30b7e27a74dc33492347e5bdff409aa3610254413d3fad795ce5"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x070dd0ccb6bd7bbae88eac03fa1fbb26196be3083a809829bbd626df348ccad9"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x12b6595bdb329b6fb043ba78bb28c3bec2c0a6de46d8c5ad6067c4ebfd4250da"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x248d97d7f76283d63bec30e7a5876c11c06fca9b275c671c5e33d95bb7e8d729"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x1a306d439d463b0816fc6fd64cc939318b45eb759ddde4aa106d15d9bd9baaaa"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x28a8f8372e3c38daced7c00421cb4621f4f1b54ddc27821b0d62d3d6ec7c56cf"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x0094975717f9a8a8bb35152f24d43294071ce320c829f388bc852183e1e2ce7e"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x04d5ee4c3aa78f7d80fde60d716480d3593f74d4f653ae83f4103246db2e8d65"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x2a6cf5e9aa03d4336349ad6fb8ed2269c7bef54b8822cc76d08495c12efde187"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x2304d31eaab960ba9274da43e19ddeb7f792180808fd6e43baae48d7efcba3f3"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x03fd9ac865a4b2a6d5e7009785817249bff08a7e0726fcb4e1c11d39d199f0b0"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x00b7258ded52bbda2248404d55ee5044798afc3a209193073f7954d4d63b0b64"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x159f81ada0771799ec38fca2d4bf65ebb13d3a74f3298db36272c5ca65e92d9a"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x1ef90e67437fbc8550237a75bc28e3bb9000130ea25f0c5471e144cf4264431f"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x1e65f838515e5ff0196b49aa41a2d2568df739bc176b08ec95a79ed82932e30d"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x2b1b045def3a166cec6ce768d079ba74b18c844e570e1f826575c1068c94c33f"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x0832e5753ceb0ff6402543b1109229c165dc2d73bef715e3f1c6e07c168bb173"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x02f614e9cedfb3dc6b762ae0a37d41bab1b841c2e8b6451bc5a8e3c390b6ad16"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x0e2427d38bd46a60dd640b8e362cad967370ebb777bedff40f6a0be27e7ed705"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x0493630b7c670b6deb7c84d414e7ce79049f0ec098c3c7c50768bbe29214a53a"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x22ead100e8e482674decdab17066c5a26bb1515355d5461a3dc06cc85327cea9"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x25b3e56e655b42cdaae2626ed2554d48583f1ae35626d04de5084e0b6d2a6f16"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x1e32752ada8836ef5837a6cde8ff13dbb599c336349e4c584b4fdc0a0cf6f9d0"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x2fa2a871c15a387cc50f68f6f3c3455b23c00995f05078f672a9864074d412e5"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x2f569b8a9a4424c9278e1db7311e889f54ccbf10661bab7fcd18e7c7a7d83505"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x044cb455110a8fdd531ade530234c518a7df93f7332ffd2144165374b246b43d"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x227808de93906d5d420246157f2e42b191fe8c90adfe118178ddc723a5319025"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x02fcca2934e046bc623adead873579865d03781ae090ad4a8579d2e7a6800355"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x0ef915f0ac120b876abccceb344a1d36bad3f3c5ab91a8ddcbec2e060d8befac"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000"),
+    BigInt("0x0000000000000000000000000000000000000000000000000000000000000000")
+  ],
+  [
+    BigInt("0x1797130f4b7a3e1777eb757bc6f287f6ab0fb85f6be63b09f3b16ef2b1405d38"),
+    BigInt("0x0a76225dc04170ae3306c85abab59e608c7f497c20156d4d36c668555decc6e5"),
+    BigInt("0x1fffb9ec1992d66ba1e77a7b93209af6f8fa76d48acb664796174b5326a31a5c"),
+    BigInt("0x25721c4fc15a3f2853b57c338fa538d85f8fbba6c6b9c6090611889b797b9c5f")
+  ],
+  [
+    BigInt("0x0c817fd42d5f7a41215e3d07ba197216adb4c3790705da95eb63b982bfcaf75a"),
+    BigInt("0x13abe3f5239915d39f7e13c2c24970b6df8cf86ce00a22002bc15866e52b5a96"),
+    BigInt("0x2106feea546224ea12ef7f39987a46c85c1bc3dc29bdbd7a92cd60acb4d391ce"),
+    BigInt("0x21ca859468a746b6aaa79474a37dab49f1ca5a28c748bc7157e1b3345bb0f959")
+  ],
+  [
+    BigInt("0x05ccd6255c1e6f0c5cf1f0df934194c62911d14d0321662a8f1a48999e34185b"),
+    BigInt("0x0f0e34a64b70a626e464d846674c4c8816c4fb267fe44fe6ea28678cb09490a4"),
+    BigInt("0x0558531a4e25470c6157794ca36d0e9647dbfcfe350d64838f5b1a8a2de0d4bf"),
+    BigInt("0x09d3dca9173ed2faceea125157683d18924cadad3f655a60b72f5864961f1455")
+  ],
+  [
+    BigInt("0x0328cbd54e8c0913493f866ed03d218bf23f92d68aaec48617d4c722e5bd4335"),
+    BigInt("0x2bf07216e2aff0a223a487b1a7094e07e79e7bcc9798c648ee3347dd5329d34b"),
+    BigInt("0x1daf345a58006b736499c583cb76c316d6f78ed6a6dffc82111e11a63fe412df"),
+    BigInt("0x176563472456aaa746b694c60e1823611ef39039b2edc7ff391e6f2293d2c404")
+  ]
+];
+
+// ../../node_modules/.pnpm/@zkpassport+poseidon2@0.6.2/node_modules/@zkpassport/poseidon2/dist/esm/bn254/instance.js
+var bn254Field = new F1Field(BigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617"));
+var instance = null;
+function getPoseidon2BN254() {
+  if (!instance) {
+    instance = new Poseidon2(getPoseidon2Params(4, 5, 8, 56, MAT_DIAG4_M_1, MAT_INTERNAL4, RC4), bn254Field);
+  }
+  return instance;
+}
+
+// ../../node_modules/.pnpm/@zkpassport+poseidon2@0.6.2/node_modules/@zkpassport/poseidon2/dist/esm/bn254/hash.js
+var F = getPoseidon2BN254().primeField;
+var permute = getPoseidon2BN254().permute.bind(getPoseidon2BN254());
+var Mode;
+(function(Mode3) {
+  Mode3[Mode3["ABSORB"] = 0] = "ABSORB";
+  Mode3[Mode3["SQUEEZE"] = 1] = "SQUEEZE";
+})(Mode || (Mode = {}));
+var FieldSponge = class _FieldSponge {
+  constructor(domainIv = 0n) {
+    this.rate = getPoseidon2BN254().getT() - 1;
+    this.t = getPoseidon2BN254().getT();
+    this.state = new Array(this.t).fill(0n);
+    this.state[this.rate] = domainIv;
+    this.cache = new Array(this.rate).fill(0n);
+    this.cacheSize = 0;
+    this.mode = Mode.ABSORB;
+  }
+  performDuplex() {
+    for (let i = this.cacheSize; i < this.rate; i++) {
+      this.cache[i] = 0n;
+    }
+    for (let i = 0; i < this.rate; i++) {
+      this.state[i] = F.add(this.state[i], this.cache[i]);
+    }
+    this.state = permute(this.state);
+    return this.state.slice(0, this.rate);
+  }
+  absorb(input) {
+    if (this.mode === Mode.ABSORB && this.cacheSize === this.rate) {
+      this.performDuplex();
+      this.cache[0] = input;
+      this.cacheSize = 1;
+    } else if (this.mode === Mode.ABSORB && this.cacheSize < this.rate) {
+      this.cache[this.cacheSize] = input;
+      this.cacheSize += 1;
+    } else if (this.mode === Mode.SQUEEZE) {
+      this.cache[0] = input;
+      this.cacheSize = 1;
+      this.mode = Mode.ABSORB;
+    }
+  }
+  squeeze() {
+    if (this.mode === Mode.SQUEEZE && this.cacheSize === 0) {
+      this.mode = Mode.ABSORB;
+      this.cacheSize = 0;
+    }
+    if (this.mode === Mode.ABSORB) {
+      const newOutputElements = this.performDuplex();
+      this.mode = Mode.SQUEEZE;
+      for (let i = 0; i < this.rate; i++) {
+        this.cache[i] = newOutputElements[i];
+      }
+      this.cacheSize = this.rate;
+    }
+    const result = this.cache[0];
+    for (let i = 1; i < this.cacheSize; i++) {
+      this.cache[i - 1] = this.cache[i];
+    }
+    this.cacheSize -= 1;
+    this.cache[this.cacheSize] = 0n;
+    return result;
+  }
+  static hashInternal(input, outLen, isVariableLength) {
+    const iv = (BigInt(input.length) << BigInt(64n)) + BigInt(outLen - 1);
+    const sponge = new _FieldSponge(iv);
+    for (let i = 0; i < input.length; i++) {
+      sponge.absorb(input[i]);
+    }
+    if (isVariableLength) {
+      sponge.absorb(1n);
+    }
+    const output = [];
+    for (let i = 0; i < outLen; i++) {
+      output.push(sponge.squeeze());
+    }
+    return output;
+  }
+  static hashFixedLength(input, outLen = 1) {
+    return this.hashInternal(input, outLen, false);
+  }
+  static hashVariableLength(input, outLen = 1) {
+    return this.hashInternal(input, outLen, true);
+  }
+};
+function hashToField(input) {
+  return FieldSponge.hashFixedLength(input)[0];
+}
+
+// ../../node_modules/.pnpm/@zkpassport+poseidon2@0.6.2/node_modules/@zkpassport/poseidon2/dist/esm/bn254/hash-async.js
+var F2 = getPoseidon2BN254().primeField;
+var permute2 = getPoseidon2BN254().permute.bind(getPoseidon2BN254());
+var Mode2;
+(function(Mode3) {
+  Mode3[Mode3["ABSORB"] = 0] = "ABSORB";
+  Mode3[Mode3["SQUEEZE"] = 1] = "SQUEEZE";
+})(Mode2 || (Mode2 = {}));
+
+// ../../node_modules/.pnpm/@zkpassport+poseidon2@0.6.2/node_modules/@zkpassport/poseidon2/dist/esm/bn254/index.js
+var F3 = getPoseidon2BN254().primeField;
+
+// ../artifact-core/dist/commitment.js
+var BN254_MODULUS = 21888242871839275222246405745257275088548364400416034343698204186575808495617n;
+
+// ../artifact-core/dist/validate-artifact.js
+var PROOF_LEVELS = [
+  "mathematical",
+  "verifiable_inference",
+  "operator_bound",
+  "execution",
+  "witnessed",
+  "attestation"
+];
+var GAP_TYPES = /* @__PURE__ */ new Set([
+  // Original runtime-governance set (migration 019)
+  "admission_gate_override",
+  "check_degraded",
+  "check_not_executed",
+  "check_timing_suspect",
+  "deterministic_consistency_violation",
+  "enforcement_override",
+  "engine_error",
+  "external_boundary_traversal",
+  "lineage_token_missing",
+  "policy_config_drift",
+  "reviewer_credential_invalid",
+  "skip_rationale_missing",
+  "witnessed_display_missing",
+  "witnessed_rationale_missing",
+  "zkml_proof_failed",
+  "zkml_proof_pending_timeout",
+  // Server-emitted during run enrichment / VPEC assembly (migration 076)
+  "archetype_unmapped",
+  "bias_audit_missing",
+  "bounded_inference_downgrade",
+  "explanation_missing",
+  "manifest_metadata_missing",
+  "model_profile_missing",
+  "nesting_depth_exceeded",
+  "orphan_run_gap",
+  "parent_run_invalid",
+  "partial_submission",
+  "proof_level_floor_breach",
+  "provable_surface_invariant_violation",
+  "queue_drain_exhausted",
+  "record_count_mismatch",
+  "run_expired_without_close",
+  "sla_breach",
+  "stage_type_unresolved",
+  "subagent_identity_ambiguous",
+  "system_error",
+  "system_unavailable",
+  "witnessed_timestamp_invalid",
+  // Upstream VPEC verification failures
+  "upstream_vpec_insufficient_proof_level",
+  "upstream_vpec_invalid_signature",
+  "upstream_vpec_issuer_mismatch",
+  "upstream_vpec_key_revoked",
+  "upstream_vpec_missing",
+  "upstream_vpec_missing_claim",
+  "upstream_vpec_sandbox",
+  // Connector adapter errors (per-vendor allowlist)
+  "actimize_api_error",
+  "actimize_auth_failure",
+  "blaze_api_error",
+  "blaze_auth_failure",
+  "complyadvantage_api_error",
+  "complyadvantage_auth_failure",
+  "falcon_api_error",
+  "falcon_auth_failure",
+  "guidewire_api_error",
+  "guidewire_auth_failure",
+  "odm_api_error",
+  "odm_auth_failure",
+  "pega_api_error",
+  "pega_auth_failure",
+  "wolters_kluwer_api_error",
+  "wolters_kluwer_auth_failure",
+  // Migration-tool error categories
+  "migration_auth_failed",
+  "migration_record_unmigratable",
+  // Control-plan binding gaps (not yet in migration 076 but emitted by runs.py / auto_dispatcher)
+  "control_plan_binding_missing",
+  "control_plan_hash_mismatch",
+  "control_plan_system_mismatch",
+  // GRT / signing gaps
+  "grt_signing_failed",
+  "signing_delayed",
+  // Action-level gaps (ungoverned action discovery)
+  "ungoverned_action",
+  "consequential_ungoverned_action",
+  "missing_executor",
+  // Phase 6 bridge taxonomy (migration 134; docs/v29/ZK_BRIDGE_BUILD_PLAN.md §3)
+  "proof_dispatch_failure",
+  "proof_timeout",
+  "proof_verification_failure",
+  "circuit_not_green_yellow_quarantined",
+  "circuit_not_green_red_quarantined",
+  "witness_build_failure",
+  // Pre-bridge proof-failed webhook emits this; was missing from earlier allowlists
+  "proof_generation_failed"
+]);
+var GAP_SEVERITIES = /* @__PURE__ */ new Set(["Critical", "High", "Medium", "Low", "Informational"]);
+var PUBLIC_KEY_URL_PATTERN = /^https:\/\/(?:primust|keys\.primust)\.com\/\.well-known\/primust-pubkeys\/.+\.pem$/;
+function validateArtifact(artifact) {
+  const errors = [];
+  if ("reliance_mode" in artifact) {
+    errors.push({
+      code: "RELIANCE_MODE_FORBIDDEN",
+      message: "reliance_mode field is forbidden in VPEC artifacts",
+      path: "reliance_mode"
+    });
+  }
+  checkNestedRelianceMode(artifact, "", errors);
+  if (artifact.schema_version !== "4.0.0") {
+    errors.push({
+      code: "INVALID_SCHEMA_VERSION",
+      message: `schema_version must be "4.0.0", got "${artifact.schema_version}"`,
+      path: "schema_version"
+    });
+  }
+  const proofDist = artifact.proof_distribution;
+  if (proofDist && artifact.proof_level !== proofDist.weakest_link) {
+    errors.push({
+      code: "PROOF_LEVEL_MISMATCH",
+      message: `proof_level "${artifact.proof_level}" does not match proof_distribution.weakest_link "${proofDist.weakest_link}"`,
+      path: "proof_level"
+    });
+  }
+  if (artifact.proof_level && !PROOF_LEVELS.includes(artifact.proof_level)) {
+    errors.push({
+      code: "INVALID_PROOF_LEVEL",
+      message: `proof_level "${artifact.proof_level}" is not a valid proof level`,
+      path: "proof_level"
+    });
+  }
+  if (Array.isArray(artifact.manifest_hashes)) {
+    errors.push({
+      code: "MANIFEST_HASHES_NOT_MAP",
+      message: "manifest_hashes must be an object (map), not an array",
+      path: "manifest_hashes"
+    });
+  }
+  const gaps = artifact.gaps;
+  if (Array.isArray(gaps)) {
+    for (let i = 0; i < gaps.length; i++) {
+      const gap = gaps[i];
+      if (typeof gap === "string") {
+        errors.push({
+          code: "GAP_BARE_STRING",
+          message: `gaps[${i}] is a bare string \u2014 must be an object with gap_type and severity`,
+          path: `gaps[${i}]`
+        });
+        continue;
+      }
+      if (typeof gap !== "object" || gap === null) {
+        errors.push({
+          code: "GAP_INVALID_TYPE",
+          message: `gaps[${i}] must be an object with gap_type and severity`,
+          path: `gaps[${i}]`
+        });
+        continue;
+      }
+      if (!gap.gap_type || !gap.severity) {
+        errors.push({
+          code: "GAP_MISSING_FIELDS",
+          message: `gaps[${i}] must have gap_type and severity fields`,
+          path: `gaps[${i}]`
+        });
+      }
+      if (gap.gap_type && !GAP_TYPES.has(gap.gap_type)) {
+        errors.push({
+          code: "GAP_INVALID_TYPE_VALUE",
+          message: `gaps[${i}].gap_type "${gap.gap_type}" is not a valid gap type`,
+          path: `gaps[${i}].gap_type`
+        });
+      }
+      if (gap.severity && !GAP_SEVERITIES.has(gap.severity)) {
+        errors.push({
+          code: "GAP_INVALID_SEVERITY",
+          message: `gaps[${i}].severity "${gap.severity}" is not a valid severity`,
+          path: `gaps[${i}].severity`
+        });
+      }
+    }
+  }
+  const coverage = artifact.coverage;
+  if (artifact.partial === true && coverage) {
+    if (typeof coverage.policy_coverage_pct === "number" && coverage.policy_coverage_pct !== 0) {
+      errors.push({
+        code: "PARTIAL_COVERAGE_NOT_ZERO",
+        message: `partial: true requires policy_coverage_pct to be 0, got ${coverage.policy_coverage_pct}`,
+        path: "coverage.policy_coverage_pct"
+      });
+    }
+  }
+  const issuer = artifact.issuer;
+  if (issuer && typeof issuer.public_key_url === "string") {
+    if (!PUBLIC_KEY_URL_PATTERN.test(issuer.public_key_url)) {
+      errors.push({
+        code: "ISSUER_URL_INVALID",
+        message: `issuer.public_key_url must match https://primust.com/.well-known/primust-pubkeys/*.pem or https://keys.primust.com/.well-known/primust-pubkeys/*.pem, got "${issuer.public_key_url}"`,
+        path: "issuer.public_key_url"
+      });
+    }
+  }
+  return { valid: errors.length === 0, errors };
+}
+function checkNestedRelianceMode(obj, path, errors) {
+  for (const [key, value] of Object.entries(obj)) {
+    const currentPath = path ? `${path}.${key}` : key;
+    if (key === "reliance_mode" && currentPath !== "reliance_mode") {
+      errors.push({
+        code: "RELIANCE_MODE_FORBIDDEN",
+        message: `reliance_mode field is forbidden in VPEC artifacts (found at ${currentPath})`,
+        path: currentPath
+      });
+    }
+    if (value && typeof value === "object" && !Array.isArray(value)) {
+      checkNestedRelianceMode(value, currentPath, errors);
+    }
+  }
+}
+
+// src/verifier.ts
+function hasRelianceMode(obj, path = "") {
+  for (const [key, value] of Object.entries(obj)) {
+    const currentPath = path ? `${path}.${key}` : key;
+    if (key === "reliance_mode") {
+      return currentPath;
+    }
+    if (value && typeof value === "object" && !Array.isArray(value)) {
+      const found = hasRelianceMode(value, currentPath);
+      if (found) return found;
+    }
+  }
+  return null;
+}
+function baseResult(artifact) {
+  const sig = artifact.signature;
+  const issuer = artifact.issuer;
+  const proofDist = artifact.proof_distribution;
+  const coverage = artifact.coverage;
+  const gaps = Array.isArray(artifact.gaps) ? artifact.gaps : [];
+  return {
+    vpec_id: artifact.vpec_id ?? "",
+    valid: false,
+    schema_version: artifact.schema_version ?? "",
+    proof_level: artifact.proof_level ?? "",
+    proof_distribution: proofDist ?? {},
+    org_id: artifact.org_id ?? "",
+    workflow_id: artifact.workflow_id ?? "",
+    process_context_hash: artifact.process_context_hash ?? null,
+    partial: artifact.partial ?? false,
+    test_mode: artifact.test_mode ?? false,
+    signer_id: issuer?.signer_id ?? sig?.signer_id ?? "",
+    kid: issuer?.kid ?? sig?.kid ?? "",
+    signed_at: sig?.signed_at ?? "",
+    timestamp_anchor_valid: null,
+    rekor_status: "skipped",
+    zk_proof_valid: null,
+    commitment_root_valid: null,
+    manifest_hashes: {},
+    gaps: gaps.map((g) => ({
+      gap_id: g.gap_id ?? "",
+      gap_type: g.gap_type ?? "",
+      severity: g.severity ?? ""
+    })),
+    violations_present: false,
+    violation_count: 0,
+    coverage: coverage ?? {},
+    errors: [],
+    warnings: []
+  };
+}
+function signatureBody(artifact) {
+  const { signature: _sig, ...documentBody } = artifact;
+  void _sig;
+  return documentBody;
+}
+function timestampBody(artifact) {
+  const { signature: _sig, timestamp_anchor: _ts, ...documentBody } = artifact;
+  void _sig;
+  void _ts;
+  return documentBody;
+}
+async function verify3(artifact, options = {}, upstreamRootResolver) {
+  const result = baseResult(artifact);
+  const { production = false, skip_network = false, trust_root } = options;
+  const schemaResult = validateArtifact(artifact);
+  if (!schemaResult.valid) {
+    for (const err2 of schemaResult.errors) {
+      if (err2.code === "RELIANCE_MODE_FORBIDDEN") {
+        result.errors.push("banned_field_reliance_mode");
+      } else if (err2.code === "MANIFEST_HASHES_NOT_MAP") {
+        result.errors.push("manifest_hashes_not_object");
+      } else {
+        result.errors.push(`schema_validation_failed: ${err2.code}`);
+      }
+    }
+    return result;
+  }
+  const reliancePath = hasRelianceMode(artifact);
+  if (reliancePath) {
+    result.errors.push("banned_field_reliance_mode");
+    return result;
+  }
+  const issuer = artifact.issuer;
+  const sig = artifact.signature;
+  if (!issuer || !sig) {
+    result.errors.push("missing_issuer_or_signature");
+    return result;
+  }
+  if (issuer.kid !== sig.kid) {
+    result.errors.push("kid_mismatch");
+    return result;
+  }
+  const documentBody = signatureBody(artifact);
+  let publicKeyB64Url;
+  try {
+    const pem = await getKey(
+      sig.kid,
+      issuer.public_key_url,
+      trust_root
+    );
+    publicKeyB64Url = extractKeyFromPem(pem);
+  } catch (err2) {
+    result.errors.push(err2.message);
+    return result;
+  }
+  const signatureEnvelope = {
+    signer_id: sig.signer_id,
+    kid: sig.kid,
+    algorithm: sig.algorithm,
+    signature: sig.signature,
+    signed_at: sig.signed_at
+  };
+  const sigValid = verify2(documentBody, signatureEnvelope, publicKeyB64Url);
+  if (!sigValid) {
+    result.errors.push("integrity_check_failed");
+    return result;
+  }
+  if (skip_network) {
+    result.rekor_status = "skipped";
+  } else {
+    result.rekor_status = await checkRekor(publicKeyB64Url, sig.kid);
+    if (result.rekor_status === "unavailable") {
+      result.warnings.push("rekor_check_unavailable");
+    } else if (result.rekor_status === "revoked") {
+      result.errors.push("signer_key_revoked");
+      return result;
+    }
+  }
+  const tsAnchor = artifact.timestamp_anchor;
+  if (tsAnchor && tsAnchor.type === "rfc3161" && typeof tsAnchor.value === "string") {
+    result.timestamp_anchor_valid = verifyTimestampImprint(
+      tsAnchor.value,
+      timestampBody(artifact)
+    );
+    if (result.timestamp_anchor_valid === false) {
+      result.warnings.push("rfc3161_imprint_mismatch");
+    } else if (result.timestamp_anchor_valid === true) {
+      result.warnings.push("rfc3161_tsa_cert_chain_not_verified");
+    }
+  } else {
+    result.timestamp_anchor_valid = null;
+  }
+  const proofDist = artifact.proof_distribution;
+  if (artifact.proof_level !== proofDist.weakest_link) {
+    result.errors.push("proof_level_mismatch");
+    return result;
+  }
+  const manifestHashes = artifact.manifest_hashes;
+  result.manifest_hashes = manifestHashes;
+  if (artifact.commitment_root != null) {
+    const commitmentRoot = artifact.commitment_root;
+    const checkRecords = artifact.check_execution_records;
+    const hashes = [];
+    if (Array.isArray(checkRecords)) {
+      for (const rec of checkRecords) {
+        const h2 = rec.commitment_hash ?? rec.input_commitment_hash;
+        if (h2) hashes.push(h2);
+      }
+    }
+    if (hashes.length > 0) {
+      const recomputed = computeMerkleRoot(hashes);
+      if (recomputed === commitmentRoot) {
+        result.commitment_root_valid = true;
+      } else {
+        result.commitment_root_valid = false;
+        result.errors.push("commitment_root_mismatch");
+        return result;
+      }
+    } else {
+      result.commitment_root_valid = null;
+      result.warnings.push("commitment_root_no_hashes_to_verify");
+    }
+  } else {
+    result.commitment_root_valid = null;
+    result.warnings.push("no_commitment_root");
+  }
+  const skipAnchorResult = verifySkipConditionProofAnchoring(artifact);
+  if (skipAnchorResult === "mismatch") {
+    result.errors.push("skip_condition_proof_root_mismatch");
+    return result;
+  }
+  if (skipAnchorResult === "no_proof_artifact_for_multi_record_artifact") {
+    result.errors.push(
+      "skip_condition_proof_no_proof_artifact_for_multi_record_artifact"
+    );
+    return result;
+  }
+  if (skipAnchorResult === "unanchored") {
+    result.warnings.push("skip_condition_proof_no_skipped_record_to_anchor");
+  }
+  const upstreamAnchorResult = verifyUpstreamVpecInclusionAnchoring(
+    artifact,
+    upstreamRootResolver
+  );
+  if (upstreamAnchorResult === "mismatch") {
+    result.errors.push("upstream_vpec_proof_root_mismatch");
+    return result;
+  }
+  if (upstreamAnchorResult === "no_proof_artifact_for_multi_record_artifact") {
+    result.errors.push(
+      "upstream_vpec_inclusion_no_proof_artifact_for_multi_record_artifact"
+    );
+    return result;
+  }
+  if (upstreamAnchorResult === "unanchored") {
+    result.warnings.push("upstream_vpec_proof_no_anchor_root_in_artifact");
+  }
+  const pendingFlags = artifact.pending_flags;
+  const proofPending = pendingFlags?.proof_pending === true;
+  const proofArtifacts = Array.isArray(artifact.proof_artifacts) ? artifact.proof_artifacts : [];
+  if (artifact.zk_proof && !proofPending) {
+    const zkProof = artifact.zk_proof;
+    const provingSystem = zkProof.prover_system ?? zkProof.proving_system;
+    if (provingSystem === "ultrahonk") {
+      result.zk_proof_valid = await verifyUltraHonk(zkProof);
+      if (result.zk_proof_valid === false) {
+        result.errors.push("zk_proof_invalid");
+      }
+    } else if (provingSystem === "ezkl") {
+      result.zk_proof_valid = null;
+      result.warnings.push("ezkl_verification_not_implemented");
+    } else {
+      result.zk_proof_valid = null;
+      result.warnings.push(`unknown_proving_system: ${provingSystem ?? "none"}`);
+    }
+  } else if (proofPending) {
+    result.zk_proof_valid = null;
+    result.warnings.push("proof_pending");
+  } else {
+    result.zk_proof_valid = null;
+  }
+  if (result.zk_proof_valid === false) {
+    result.errors.push("zk_proof_verification_failed");
+    return result;
+  }
+  if (artifact.zk_proof && result.zk_proof_valid === null) {
+    result.warnings.push("zk_proof_verifier_unavailable");
+  }
+  if (proofArtifacts.length > 0) {
+    const pendingArtifacts = proofArtifacts.filter(
+      (artifactEntry) => artifactEntry.verification_status === "pending"
+    ).length;
+    const failedArtifacts = proofArtifacts.filter(
+      (artifactEntry) => artifactEntry.verification_status === "failed"
+    ).length;
+    const verifiedArtifacts = proofArtifacts.filter(
+      (artifactEntry) => artifactEntry.verification_status === "verified"
+    ).length;
+    if (pendingArtifacts > 0) {
+      result.warnings.push(`proof_artifacts_pending:${pendingArtifacts}`);
+    }
+    if (failedArtifacts > 0) {
+      result.warnings.push(`proof_artifacts_failed:${failedArtifacts}`);
+    }
+    if (!artifact.zk_proof) {
+      result.warnings.push(`proof_artifacts_present:${verifiedArtifacts}`);
+    }
+  }
+  if (artifact.test_mode === true) {
+    if (production) {
+      result.errors.push("test_mode_rejected_in_production");
+      return result;
+    }
+    result.warnings.push("test_credential");
+  }
+  const violations = artifact.violations;
+  if (Array.isArray(violations) && violations.length > 0) {
+    result.violations_present = true;
+    result.violation_count = violations.length;
+  } else {
+    result.violations_present = false;
+    result.violation_count = 0;
+  }
+  const gdSummary = artifact.governance_decision_summary;
+  if (gdSummary && typeof gdSummary === "object") {
+    if (!("deferred" in gdSummary)) {
+      result.warnings.push("governance_decision_summary_missing_deferred");
+    }
+  }
+  if (artifact.envelope_version != null && (artifact.run_header || artifact.records)) {
+    try {
+      const { verifyV29 } = await import("./v29-envelope-GFVVA2S6.js");
+      const shapeEnvelope = {
+        envelope_version: artifact.envelope_version,
+        run_header: artifact.run_header ?? {},
+        // Mirror the Py CLI's read-side fallback (envelope_records shim
+        // for envelopes signed before the legacy records → envelope.records
+        // rename landed).
+        records: artifact.records ?? artifact.envelope_records ?? [],
+        aggregations: artifact.aggregations ?? {}
+      };
+      const rh = shapeEnvelope.run_header ?? {};
+      const rb = rh.runtime_binding;
+      const v29Result = verifyV29({
+        envelope: shapeEnvelope,
+        runtimeBinding: rb
+        // Pubkey resolver wiring is deferred — when the trust-root path
+        // is wired the CLI will pass one, and require_signatures: true
+        // will then enforce the strict-mode preconditions.
+      });
+      if (!v29Result.ok) {
+        result.errors.push(`v29_conformance_failed:${v29Result.reasonCode}`);
+      }
+    } catch (e) {
+      result.warnings.push(`v29_conformance_error:${e.message}`);
+    }
+  }
+  result.valid = result.errors.length === 0;
+  return result;
+}
+function computeMerkleRoot(hashes) {
+  let leaves = hashes.map((h2) => {
+    const hex = h2.startsWith("sha256:") ? h2.slice(7) : h2;
+    return Buffer.from(hex, "hex");
+  });
+  while (leaves.length > 1) {
+    if (leaves.length % 2 !== 0) {
+      leaves.push(leaves[leaves.length - 1]);
+    }
+    const next = [];
+    for (let i = 0; i < leaves.length; i += 2) {
+      const combined = Buffer.concat([leaves[i], leaves[i + 1]]);
+      next.push(createHash("sha256").update(combined).digest());
+    }
+    leaves = next;
+  }
+  return "sha256:" + leaves[0].toString("hex");
+}
+function parsePoseidon2HashToField(hash) {
+  if (typeof hash !== "string") return null;
+  const colonIdx = hash.indexOf(":");
+  if (colonIdx === -1) return null;
+  const algorithm = hash.slice(0, colonIdx);
+  if (algorithm !== "poseidon2") return null;
+  const hex = hash.slice(colonIdx + 1);
+  if (!/^[0-9a-f]+$/i.test(hex)) return null;
+  try {
+    return BigInt("0x" + hex) % BN254_MODULUS;
+  } catch {
+    return null;
+  }
+}
+function extractSkipConditionPublicInputs(zkProof) {
+  const inputs = zkProof.public_inputs;
+  if (!Array.isArray(inputs) || inputs.length < 2) return null;
+  const skipConditionHash = inputs[0];
+  const commitmentRoot = inputs[1];
+  if (typeof skipConditionHash !== "string" || typeof commitmentRoot !== "string") {
+    return null;
+  }
+  return { skipConditionHash, commitmentRoot };
+}
+function recomputeSkipConditionModifiedRoot(skipConditionField, leaves, skippedIndex) {
+  if (leaves.length === 0) return null;
+  if (skippedIndex < 0 || skippedIndex >= leaves.length) return null;
+  const overrideLeaf = hashToField([
+    skipConditionField,
+    leaves[skippedIndex]
+  ]);
+  if (leaves.length === 1) return overrideLeaf;
+  let layer = leaves.map(
+    (leaf, i) => i === skippedIndex ? overrideLeaf : leaf
+  );
+  while (layer.length > 1) {
+    const next = [];
+    for (let i = 0; i < layer.length; i += 2) {
+      const left = layer[i];
+      const right = i + 1 < layer.length ? layer[i + 1] : layer[i];
+      next.push(hashToField([left, right]));
+    }
+    layer = next;
+  }
+  return layer[0];
+}
+function verifySkipConditionProofAnchoring(artifact) {
+  const checkRecords = artifact.check_execution_records;
+  const recordCount = Array.isArray(checkRecords) ? checkRecords.length : 0;
+  const proofs = collectMatchingProofs(artifact, ["skip_condition_proof"]);
+  if (recordCount > 1 && proofs.fromArray.length === 0) {
+    if (proofs.legacy !== null) {
+      return "no_proof_artifact_for_multi_record_artifact";
+    }
+  }
+  const candidates = [...proofs.fromArray];
+  if (proofs.legacy && (recordCount <= 1 || proofs.fromArray.length > 0)) {
+    candidates.push(proofs.legacy);
+  }
+  if (candidates.length === 0) return "not_applicable";
+  if (recordCount === 0) return "unanchored";
+  const allLeafFields = (checkRecords ?? []).map((rec) => {
+    const h2 = rec.commitment_hash;
+    return typeof h2 === "string" ? parsePoseidon2HashToField(h2) : null;
+  });
+  const fullyParsed = allLeafFields.every((f) => f !== null);
+  let sawSkippedRecord = false;
+  for (const proof of candidates) {
+    const inputs = extractSkipConditionPublicInputs(proof);
+    if (!inputs) return "not_applicable";
+    const skipConditionField = parsePoseidon2HashToField(inputs.skipConditionHash);
+    if (skipConditionField === null) return "not_applicable";
+    const proofRootField = parsePoseidon2HashToField(inputs.commitmentRoot);
+    if (proofRootField === null) return "not_applicable";
+    let matched = false;
+    for (let i = 0; i < (checkRecords ?? []).length; i++) {
+      const rec = (checkRecords ?? [])[i];
+      if (rec.check_result !== "skipped") continue;
+      sawSkippedRecord = true;
+      const skippedLeafField = allLeafFields[i];
+      if (skippedLeafField === null) continue;
+      if (fullyParsed && (checkRecords ?? []).length > 1) {
+        const modifiedRoot = recomputeSkipConditionModifiedRoot(
+          skipConditionField,
+          allLeafFields,
+          i
+        );
+        if (modifiedRoot !== null && modifiedRoot === proofRootField) {
+          matched = true;
+          break;
+        }
+      }
+      const overrideLeaf = hashToField([
+        skipConditionField,
+        skippedLeafField
+      ]);
+      if (overrideLeaf === proofRootField) {
+        matched = true;
+        break;
+      }
+    }
+    if (!matched) {
+      if (!sawSkippedRecord) return "unanchored";
+      return "mismatch";
+    }
+  }
+  if (!sawSkippedRecord) return "unanchored";
+  return "ok";
+}
+function parseStringToFieldLocal(s) {
+  const bytes = new TextEncoder().encode(s);
+  const digest = sha2562(bytes);
+  let n = 0n;
+  for (let i = 0; i < 32; i++) {
+    n = n << 8n | BigInt(digest[i]);
+  }
+  return n % BN254_MODULUS;
+}
+function computeLineageCommitmentLocal(runId, upstreamVpecIds) {
+  const inputs = [
+    parseStringToFieldLocal(runId),
+    ...upstreamVpecIds.map(parseStringToFieldLocal)
+  ];
+  return hashToField(inputs);
+}
+function readCircuitName(entry) {
+  const cn = entry.circuit_name;
+  if (typeof cn === "string" && cn.length > 0) return cn;
+  const c = entry.circuit;
+  if (typeof c === "string" && c.length > 0) return c;
+  return null;
+}
+function collectMatchingProofs(artifact, circuitNames) {
+  const wanted = new Set(circuitNames);
+  const fromArray = [];
+  const proofArtifacts = Array.isArray(artifact.proof_artifacts) ? artifact.proof_artifacts : [];
+  for (const entry of proofArtifacts) {
+    if (!entry || typeof entry !== "object") continue;
+    const status = entry.verification_status;
+    if (typeof status === "string" && status !== "verified") continue;
+    const name = readCircuitName(entry);
+    if (name && wanted.has(name)) {
+      fromArray.push(entry);
+    }
+  }
+  let legacy = null;
+  const zkProof = artifact.zk_proof;
+  if (zkProof && typeof zkProof === "object") {
+    const name = readCircuitName(zkProof);
+    if (name && wanted.has(name)) legacy = zkProof;
+  }
+  return { fromArray, legacy };
+}
+function matchCandidatesAgainstExpectedRoot(candidates, expectedRootField) {
+  for (const proof of candidates) {
+    const inputs = proof.public_inputs;
+    let proofMerkleRoot = null;
+    if (Array.isArray(inputs) && inputs.length > 0) {
+      const root = inputs[0];
+      if (typeof root === "string") proofMerkleRoot = root;
+    }
+    if (typeof proof.merkle_root === "string") {
+      proofMerkleRoot = proof.merkle_root;
+    }
+    if (proofMerkleRoot === null) return "mismatch";
+    const proofRootField = parsePoseidon2HashToField(proofMerkleRoot);
+    if (proofRootField === null) return "mismatch";
+    if (proofRootField !== expectedRootField) {
+      return "mismatch";
+    }
+  }
+  return "ok";
+}
+function verifyUpstreamVpecInclusionAnchoring(artifact, upstreamRootResolver) {
+  const checkRecords = artifact.check_execution_records;
+  const recordCount = Array.isArray(checkRecords) ? checkRecords.length : 0;
+  const proofs = collectMatchingProofs(artifact, [
+    "governance_upstream_vpec_inclusion",
+    "merkle_inclusion"
+  ]);
+  if (recordCount > 1 && proofs.fromArray.length === 0) {
+    if (proofs.legacy !== null) {
+      return "no_proof_artifact_for_multi_record_artifact";
+    }
+  }
+  const candidates = [...proofs.fromArray];
+  if (proofs.legacy && (recordCount <= 1 || proofs.fromArray.length > 0)) {
+    candidates.push(proofs.legacy);
+  }
+  if (candidates.length === 0) return "not_applicable";
+  const VERIFIER_MAX_CHAIN_DEPTH = 8;
+  const upstreamVpecIdsRaw = artifact.upstream_vpec_ids;
+  const upstreamVpecIds = Array.isArray(upstreamVpecIdsRaw) ? upstreamVpecIdsRaw.filter((x) => typeof x === "string") : [];
+  const chainRootsRaw = artifact.upstream_vpec_chain_roots;
+  const hasArtifactChainRoots = Array.isArray(chainRootsRaw) && chainRootsRaw.length > 0;
+  if (upstreamVpecIds.length > 0 && hasArtifactChainRoots) {
+    if (chainRootsRaw.length !== upstreamVpecIds.length) {
+      return "mismatch";
+    }
+    if (chainRootsRaw.length > VERIFIER_MAX_CHAIN_DEPTH) {
+      return "unanchored";
+    }
+    const chainFields = [];
+    for (const raw of chainRootsRaw) {
+      if (typeof raw !== "string" || raw.length === 0) return "unanchored";
+      const field = parsePoseidon2HashToField(raw);
+      if (field === null) return "unanchored";
+      chainFields.push(field);
+    }
+    const runId = typeof artifact.run_id === "string" ? artifact.run_id : "";
+    const lineage = computeLineageCommitmentLocal(runId, upstreamVpecIds);
+    let node = lineage;
+    for (const ancestorField of chainFields) {
+      node = hashToField([node, ancestorField]);
+    }
+    return matchCandidatesAgainstExpectedRoot(candidates, node);
+  }
+  if (upstreamRootResolver && upstreamVpecIds.length > 0) {
+    if (upstreamVpecIds.length > VERIFIER_MAX_CHAIN_DEPTH) {
+      return "unanchored";
+    }
+    const runId = typeof artifact.run_id === "string" ? artifact.run_id : "";
+    const lineage = computeLineageCommitmentLocal(runId, upstreamVpecIds);
+    let expectedRootField;
+    if (upstreamVpecIds.length === 1) {
+      const directParentId = upstreamVpecIds[0];
+      const parentRoot = upstreamRootResolver(directParentId);
+      if (typeof parentRoot !== "string" || parentRoot.length === 0) {
+        return "unanchored";
+      }
+      const parentRootField = parsePoseidon2HashToField(parentRoot);
+      if (parentRootField === null) return "unanchored";
+      expectedRootField = hashToField([lineage, parentRootField]);
+    } else {
+      let node = lineage;
+      for (const ancestorId of upstreamVpecIds) {
+        const root = upstreamRootResolver(ancestorId);
+        if (typeof root !== "string" || root.length === 0) {
+          return "unanchored";
+        }
+        const rootField = parsePoseidon2HashToField(root);
+        if (rootField === null) return "unanchored";
+        node = hashToField([node, rootField]);
+      }
+      expectedRootField = node;
+    }
+    return matchCandidatesAgainstExpectedRoot(candidates, expectedRootField);
+  }
+  const hasArtifactRoot = typeof artifact.commitment_root_poseidon2 === "string" && artifact.commitment_root_poseidon2.length > 0;
+  const hasPerEntryRoot = candidates.some(
+    (p) => typeof p.merkle_root === "string"
+  );
+  if (!hasArtifactRoot && !hasPerEntryRoot) return "unanchored";
+  const artifactRootField = parsePoseidon2HashToField(
+    typeof artifact.commitment_root_poseidon2 === "string" ? artifact.commitment_root_poseidon2 : ""
+  );
+  for (const proof of candidates) {
+    const inputs = proof.public_inputs;
+    let proofMerkleRoot = null;
+    if (Array.isArray(inputs) && inputs.length > 0) {
+      const root = inputs[0];
+      if (typeof root === "string") proofMerkleRoot = root;
+    }
+    if (typeof proof.merkle_root === "string") {
+      proofMerkleRoot = proof.merkle_root;
+    }
+    if (proofMerkleRoot === null) return "mismatch";
+    const proofRootField = parsePoseidon2HashToField(proofMerkleRoot);
+    let matched = false;
+    if (artifactRootField !== null && proofRootField !== null && proofRootField === artifactRootField) {
+      matched = true;
+    }
+    if (!matched && typeof proof.merkle_root === "string") {
+      if (proof.merkle_root === proofMerkleRoot) {
+        matched = true;
+      }
+    }
+    if (!matched) return "mismatch";
+  }
+  return "ok";
+}
+function extractKeyFromPem(pem) {
+  const cleaned = pem.trim();
+  if (cleaned.includes("-----BEGIN")) {
+    try {
+      const jwk = createPublicKey(cleaned).export({ format: "jwk" });
+      if (jwk.kty === "OKP" && jwk.crv === "Ed25519" && typeof jwk.x === "string") {
+        return jwk.x;
+      }
+    } catch {
+    }
+    const b64 = cleaned.replace(/-----BEGIN [A-Z ]+-----/g, "").replace(/-----END [A-Z ]+-----/g, "").replace(/\s/g, "");
+    return b64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  }
+  return cleaned.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function verifyTimestampImprint(tsTokenB64, documentBody) {
+  try {
+    const tsResp = Buffer.from(tsTokenB64, "base64");
+    const sha256Oid = Buffer.from([96, 134, 72, 1, 101, 3, 4, 2, 1]);
+    const oidIdx = findBuffer(tsResp, sha256Oid);
+    if (oidIdx === -1) return null;
+    const searchStart = oidIdx + sha256Oid.length;
+    for (let i = searchStart; i < Math.min(searchStart + 20, tsResp.length - 33); i++) {
+      if (tsResp[i] === 4 && tsResp[i + 1] === 32) {
+        const extractedHash = tsResp.subarray(i + 2, i + 2 + 32);
+        const canonicalDoc = canonical(documentBody);
+        const expectedHash = createHash("sha256").update(canonicalDoc).digest();
+        return extractedHash.equals(expectedHash);
+      }
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+function findBuffer(haystack, needle) {
+  for (let i = 0; i <= haystack.length - needle.length; i++) {
+    if (haystack.subarray(i, i + needle.length).equals(needle)) return i;
+  }
+  return -1;
+}
+var REKOR_API = "https://rekor.sigstore.dev/api/v1";
+async function checkRekor(publicKeyB64Url, kid) {
+  try {
+    const keyBytes = fromBase64Url(publicKeyB64Url);
+    const fingerprint = createHash("sha256").update(Buffer.from(keyBytes)).digest("hex");
+    const resp = await fetch(`${REKOR_API}/index/retrieve`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ hash: `sha256:${fingerprint}` }),
+      signal: AbortSignal.timeout(5e3)
+    });
+    if (!resp.ok) {
+      return "unavailable";
+    }
+    const entries = await resp.json();
+    if (!entries || entries.length === 0) {
+      return "not_found";
+    }
+    return "active";
+  } catch {
+    return "unavailable";
+  }
+}
+async function verifyUltraHonk(zkProof) {
+  try {
+    const bb = await import("@aztec/bb.js").catch(() => null);
+    if (!bb) {
+      return null;
+    }
+    const proofB64 = zkProof.proof;
+    const publicInputs = zkProof.public_inputs;
+    const vkB64 = zkProof.verification_key;
+    if (!proofB64 || !publicInputs || !vkB64) {
+      return false;
+    }
+    const proofBytes = Buffer.from(proofB64, "base64");
+    const vkBytes = Buffer.from(vkB64, "base64");
+    const api = await bb.newBarretenbergApiAsync();
+    const valid = await api.acirVerifyUltraHonk(proofBytes, vkBytes);
+    return valid;
+  } catch {
+    return null;
+  }
+}
+
+// src/upstream_resolver.ts
+import { createRequire } from "module";
+var _sqliteMissingWarned = false;
+function warnSqliteMissingOnce(err2) {
+  if (_sqliteMissingWarned) return;
+  _sqliteMissingWarned = true;
+  console.warn(
+    "@primust/verifier: better-sqlite3 not installed in this environment; upstream root resolver via SqliteStore is disabled and resolution falls back to the envelopes Map (or null when none provided). Install with: npm install better-sqlite3",
+    err2 instanceof Error ? err2.message : err2
+  );
+}
+function openDbHandle(dbPath) {
+  let Database;
+  try {
+    const require_ = createRequire(import.meta.url);
+    Database = require_("better-sqlite3");
+  } catch (err2) {
+    warnSqliteMissingOnce(err2);
+    return null;
+  }
+  try {
+    const db = new Database(dbPath, { readonly: true, fileMustExist: true });
+    return {
+      vpecStmt: db.prepare(
+        `SELECT root FROM vpec_commitment_roots WHERE key = ? AND kind = 'vpec'`
+      ),
+      runStmt: db.prepare(
+        `SELECT root FROM vpec_commitment_roots WHERE key = ? AND kind = 'run'`
+      ),
+      close: () => db.close()
+    };
+  } catch (err2) {
+    console.warn(
+      "[primust-verify] upstream resolver: cannot open SQLite store at",
+      dbPath,
+      err2
+    );
+    return null;
+  }
+}
+function createUpstreamRootResolver(opts) {
+  const envelopes = opts.envelopes ?? null;
+  let dbHandle;
+  return function resolveUpstreamRoot(vpecId) {
+    if (!vpecId) return null;
+    if (envelopes) {
+      const fromMap = envelopes.get(vpecId);
+      if (fromMap) return fromMap;
+    }
+    if (opts.dbPath) {
+      if (dbHandle === void 0) {
+        dbHandle = openDbHandle(opts.dbPath);
+      }
+      if (dbHandle) {
+        try {
+          const vpecRow = dbHandle.vpecStmt.get(vpecId);
+          if (vpecRow?.root) return vpecRow.root;
+          const runRow = dbHandle.runStmt.get(vpecId);
+          if (runRow?.root) return runRow.root;
+        } catch (err2) {
+          console.warn(
+            `[primust-verify] upstream resolver: query failed for ${vpecId}:`,
+            err2
+          );
+        }
+      }
+    }
+    return null;
+  };
+}
+function closeResolver(resolver) {
+  void resolver;
+}
+
+export {
+  seedKeyCache,
+  verify3 as verify,
+  createUpstreamRootResolver,
+  closeResolver
+};
+/*! Bundled license information:
+
+@noble/ed25519/index.js:
+  (*! noble-ed25519 - MIT License (c) 2019 Paul Miller (paulmillr.com) *)
+
+@noble/hashes/esm/utils.js:
+  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+*/