@private.me/xbind 1.3.0 → 2.3.4

package/dist-standalone/_deps/crypto/cjs/base64.js

@@ -1,103 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.toBase64 = toBase64;
-exports.fromBase64 = fromBase64;
-exports.toBase64Url = toBase64Url;
-exports.fromBase64Url = fromBase64Url;
-const CHARS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
-const URL_CHARS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
-/**
- * Encode bytes to standard Base64 (RFC 4648).
- *
- * @param data - Bytes to encode
- * @returns Base64-encoded string with padding
- */
-function toBase64(data) {
-    return encode(data, CHARS, true);
-}
-/**
- * Decode standard Base64 string to bytes.
- *
- * @param str - Base64-encoded string
- * @returns Decoded bytes
- */
-function fromBase64(str) {
-    return decode(str, CHARS);
-}
-/**
- * Encode bytes to Base64url (RFC 4648 Section 5).
- * Uses URL-safe characters (-_ instead of +/) and no padding.
- *
- * @param data - Bytes to encode
- * @returns Base64url-encoded string without padding
- */
-function toBase64Url(data) {
-    return encode(data, URL_CHARS, false);
-}
-/**
- * Decode Base64url string to bytes.
- *
- * @param str - Base64url-encoded string
- * @returns Decoded bytes
- */
-function fromBase64Url(str) {
-    return decode(str, URL_CHARS);
-}
-/** Encode bytes using the given alphabet. */
-function encode(data, alphabet, pad) {
-    let result = '';
-    for (let i = 0; i < data.length; i += 3) {
-        const a = data[i];
-        const b = i + 1 < data.length ? data[i + 1] : 0;
-        const c = i + 2 < data.length ? data[i + 2] : 0;
-        result += alphabet[(a >> 2)];
-        result += alphabet[((a & 0x03) << 4) | (b >> 4)];
-        if (i + 1 < data.length) {
-            result += alphabet[((b & 0x0f) << 2) | (c >> 6)];
-        }
-        if (i + 2 < data.length) {
-            result += alphabet[c & 0x3f];
-        }
-    }
-    if (pad) {
-        const remainder = data.length % 3;
-        if (remainder === 1)
-            result += '==';
-        else if (remainder === 2)
-            result += '=';
-    }
-    return result;
-}
-/** Build a reverse lookup map for a Base64 alphabet. */
-function buildLookup(alphabet) {
-    const map = new Map();
-    for (let i = 0; i < alphabet.length; i++) {
-        map.set(alphabet[i], i);
-    }
-    return map;
-}
-const STD_LOOKUP = buildLookup(CHARS);
-const URL_LOOKUP = buildLookup(URL_CHARS);
-/** Decode a Base64 string using the given lookup. Tolerates whitespace (RFC 2045). */
-function decode(str, alphabet) {
-    const lookup = alphabet === CHARS ? STD_LOOKUP : URL_LOOKUP;
-    const stripped = str.replace(/\s/g, '');
-    const cleaned = stripped.replace(/=+$/, '');
-    const byteLen = Math.floor((cleaned.length * 3) / 4);
-    const result = new Uint8Array(byteLen);
-    let byteIdx = 0;
-    for (let i = 0; i < cleaned.length; i += 4) {
-        const a = lookup.get(cleaned[i]) ?? 0;
-        const b = lookup.get(cleaned[i + 1]) ?? 0;
-        const c = i + 2 < cleaned.length ? (lookup.get(cleaned[i + 2]) ?? 0) : 0;
-        const d = i + 3 < cleaned.length ? (lookup.get(cleaned[i + 3]) ?? 0) : 0;
-        result[byteIdx++] = (a << 2) | (b >> 4);
-        if (i + 2 < cleaned.length) {
-            result[byteIdx++] = ((b & 0x0f) << 4) | (c >> 2);
-        }
-        if (i + 3 < cleaned.length) {
-            result[byteIdx++] = ((c & 0x03) << 6) | d;
-        }
-    }
-    return result;
-}

package/dist-standalone/_deps/crypto/cjs/errors.js

@@ -1,119 +0,0 @@
-"use strict";
-/**
- * @module errors
- * Named error class hierarchy for @private.me/crypto.
- *
- * Provides structured error types for XorIDA threshold sharing,
- * HMAC integrity verification, PKCS#7 padding, and TLV serialization.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ERROR_DETAILS = exports.ERROR_MESSAGES = exports.CryptoSerializationError = exports.CryptoPaddingError = exports.CryptoIntegrityError = exports.CryptoSplitError = exports.CryptoError = void 0;
-exports.toCryptoError = toCryptoError;
-exports.isCryptoError = isCryptoError;
-const DOC_BASE = 'https://private.me/docs/packages/crypto';
-/** Base error class for all crypto operations. */
-class CryptoError extends Error {
-    code;
-    subCode;
-    docUrl;
-    constructor(code, message, docUrl) {
-        super(message);
-        this.name = 'CryptoError';
-        const parts = code.split(':');
-        this.code = parts[0] ?? code;
-        this.subCode = parts.length > 1 ? parts.slice(1).join(':') : undefined;
-        this.docUrl = docUrl;
-    }
-}
-exports.CryptoError = CryptoError;
-/** Error thrown during XorIDA split or reconstruction operations. */
-class CryptoSplitError extends CryptoError {
-    constructor(code, message) {
-        super(code, message, `${DOC_BASE}#splitting`);
-        this.name = 'CryptoSplitError';
-    }
-}
-exports.CryptoSplitError = CryptoSplitError;
-/** Error thrown when HMAC integrity verification fails. */
-class CryptoIntegrityError extends CryptoError {
-    constructor(code, message) {
-        super(code, message, `${DOC_BASE}#integrity`);
-        this.name = 'CryptoIntegrityError';
-    }
-}
-exports.CryptoIntegrityError = CryptoIntegrityError;
-/** Error thrown for PKCS#7 padding issues. */
-class CryptoPaddingError extends CryptoError {
-    constructor(code, message) {
-        super(code, message, `${DOC_BASE}#padding`);
-        this.name = 'CryptoPaddingError';
-    }
-}
-exports.CryptoPaddingError = CryptoPaddingError;
-/** Error thrown during TLV serialization or deserialization. */
-class CryptoSerializationError extends CryptoError {
-    constructor(code, message) {
-        super(code, message, `${DOC_BASE}#serialization`);
-        this.name = 'CryptoSerializationError';
-    }
-}
-exports.CryptoSerializationError = CryptoSerializationError;
-/** Human-readable messages for each error code. */
-exports.ERROR_MESSAGES = {
-    SPLIT_FAILED: 'XorIDA split operation failed',
-    RECONSTRUCTION_FAILED: 'XorIDA reconstruction failed',
-    INSUFFICIENT_SHARES: 'Not enough shares provided for reconstruction',
-    INVALID_SHARES: 'Shares have inconsistent UUID, n, or k values',
-    INVALID_INDEX: 'Share index is out of range or duplicated',
-    HMAC_FAILURE: 'HMAC integrity verification failed -- data may be corrupted',
-    UUID_MISMATCH: 'Envelope UUID does not match TLV payload UUID',
-    INVALID_PADDING: 'PKCS#7 padding is invalid or corrupted',
-    INVALID_TLV: 'TLV buffer is malformed or truncated',
-    BUFFER_OVERFLOW: 'TLV value length exceeds buffer bounds',
-    MISSING_FIELD: 'Required TLV field is missing from serialized data',
-    INVALID_CONFIG: 'Split configuration is invalid (n < 2, k < 2, or k > n)',
-};
-/**
- * Detailed descriptions for each error code.
- * Maps error codes to comprehensive explanations including cause and resolution.
- */
-exports.ERROR_DETAILS = {
-    INVALID_PADDING: 'PKCS#7 padding bytes are invalid or inconsistent. Data may be corrupted.',
-    HMAC_FAILURE: 'HMAC-SHA256 verification failed during reconstruction. One or more shares have been tampered with.',
-    INVALID_SHARES: 'Shares have inconsistent lengths, duplicate indices, or mismatched parameters.',
-    INSUFFICIENT_SHARES: 'Fewer shares provided than the required threshold k.',
-    INVALID_INDEX: 'A share index is out of range (must be 0 to n-1).',
-    UUID_MISMATCH: 'Shares reference different message UUIDs and cannot be combined.',
-    INVALID_TLV: 'TLV data is malformed or truncated.',
-    BUFFER_OVERFLOW: 'TLV length field exceeds available data.',
-    MISSING_FIELD: 'A required TLV field (e.g., MESSAGE_UUID) is absent.',
-    INVALID_TYPE: 'An unrecognized TLV type tag was encountered in a required position.',
-    HMAC_MISMATCH: 'Standalone HMAC verification failed. Data or key is incorrect.',
-    KEY_ERROR: 'HMAC key import failed (invalid length or format).',
-    SPLIT_FAILED: 'XorIDA split operation failed due to invalid input or configuration.',
-    RECONSTRUCTION_FAILED: 'XorIDA reconstruction failed. Check share integrity and parameters.',
-    INVALID_CONFIG: 'Split configuration is invalid. Requires n >= 2, k >= 2, and k <= n.',
-};
-/**
- * Convert an unknown error into a CryptoError.
- *
- * @param error - The unknown error to convert
- * @returns A CryptoError instance
- */
-function toCryptoError(error) {
-    if (error instanceof CryptoError)
-        return error;
-    if (error instanceof Error) {
-        return new CryptoError('SPLIT_FAILED', error.message);
-    }
-    return new CryptoError('SPLIT_FAILED', String(error));
-}
-/**
- * Type guard to check if an error is a CryptoError.
- *
- * @param error - The value to check
- * @returns true if the value is a CryptoError instance
- */
-function isCryptoError(error) {
-    return error instanceof CryptoError;
-}

package/dist-standalone/_deps/crypto/cjs/hmac.js

@@ -1,71 +0,0 @@
-"use strict";
-/**
- * HMAC-SHA256 integrity verification using Web Crypto API.
- *
- * Provides message-level integrity for the XorIDA pipeline.
- * The HMAC is computed over the padded payload (after TLV serialization + PKCS#7 padding)
- * and verified after reconstruction, before unpadding.
- *
- * Uses crypto.subtle for constant-time verification (no manual byte comparison).
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateHMAC = generateHMAC;
-exports.verifyHMAC = verifyHMAC;
-exports.signHMAC = signHMAC;
-/** HMAC key length in bytes. */
-const HMAC_KEY_LENGTH = 32;
-/** HMAC algorithm config. */
-const HMAC_ALGO = { name: 'HMAC', hash: 'SHA-256' };
-/** Copy a Uint8Array into a fresh ArrayBuffer (avoids SharedArrayBuffer type issues). */
-function toArrayBuffer(data) {
-    const buf = new ArrayBuffer(data.byteLength);
-    new Uint8Array(buf).set(data);
-    return buf;
-}
-/**
- * Import a raw key buffer for HMAC operations.
- * Copies to a fresh ArrayBuffer to satisfy Web Crypto API typing.
- */
-async function importKey(keyBytes, usage) {
-    return crypto.subtle.importKey('raw', toArrayBuffer(keyBytes), HMAC_ALGO, false, [usage]);
-}
-/**
- * Generate a fresh random HMAC key and sign data with HMAC-SHA256.
- *
- * @param data - Bytes to sign (the padded payload)
- * @returns Object containing the raw key bytes and the 32-byte signature
- */
-async function generateHMAC(data) {
-    const keyBytes = new Uint8Array(HMAC_KEY_LENGTH);
-    crypto.getRandomValues(keyBytes);
-    const cryptoKey = await importKey(keyBytes, 'sign');
-    const sig = await crypto.subtle.sign('HMAC', cryptoKey, toArrayBuffer(data));
-    return { key: keyBytes, signature: new Uint8Array(sig) };
-}
-/**
- * Verify an HMAC-SHA256 signature using constant-time comparison.
- *
- * Uses crypto.subtle.verify() which is constant-time by specification.
- * NEVER manually compare HMAC bytes (timing attack risk).
- *
- * @param key - Raw HMAC key bytes (32 bytes)
- * @param data - Data that was signed
- * @param signature - Expected HMAC-SHA256 signature (32 bytes)
- * @returns true if signature is valid, false otherwise
- */
-async function verifyHMAC(key, data, signature) {
-    const cryptoKey = await importKey(key, 'verify');
-    return crypto.subtle.verify('HMAC', cryptoKey, toArrayBuffer(signature), toArrayBuffer(data));
-}
-/**
- * Sign data with a provided HMAC key (for cases where the key is already known).
- *
- * @param key - Raw HMAC key bytes (32 bytes)
- * @param data - Bytes to sign
- * @returns 32-byte HMAC-SHA256 signature
- */
-async function signHMAC(key, data) {
-    const cryptoKey = await importKey(key, 'sign');
-    const sig = await crypto.subtle.sign('HMAC', cryptoKey, toArrayBuffer(data));
-    return new Uint8Array(sig);
-}

package/dist-standalone/_deps/crypto/cjs/index.js

@@ -1,86 +0,0 @@
-"use strict";
-// @private.me/crypto — public API
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.splitWithRandom = exports.hasShareHeader = exports.parseShareHeader = exports.formatShareHeader = exports.reconstructMessage = exports.createShares = exports.fromBase64Url = exports.toBase64Url = exports.fromBase64 = exports.toBase64 = exports.bytesToUuid = exports.uuidToBytes = exports.generateUUID = exports.deserializeMessage = exports.serializeMessage = exports.signHMAC = exports.verifyHMAC = exports.generateHMAC = exports.pkcs7Unpad = exports.pkcs7Pad = exports.nextOddPrime = exports.reconstructXorIDA = exports.splitXorIDA = void 0;
-exports.isSupported = isSupported;
-// Errors
-__exportStar(require("./errors.js"), exports);
-// XorIDA Threshold Sharing
-var xorida_js_1 = require("./xorida.js");
-Object.defineProperty(exports, "splitXorIDA", { enumerable: true, get: function () { return xorida_js_1.splitXorIDA; } });
-Object.defineProperty(exports, "reconstructXorIDA", { enumerable: true, get: function () { return xorida_js_1.reconstructXorIDA; } });
-Object.defineProperty(exports, "nextOddPrime", { enumerable: true, get: function () { return xorida_js_1.nextOddPrime; } });
-// Padding
-var padding_js_1 = require("./padding.js");
-Object.defineProperty(exports, "pkcs7Pad", { enumerable: true, get: function () { return padding_js_1.pkcs7Pad; } });
-Object.defineProperty(exports, "pkcs7Unpad", { enumerable: true, get: function () { return padding_js_1.pkcs7Unpad; } });
-// Integrity
-var hmac_js_1 = require("./hmac.js");
-Object.defineProperty(exports, "generateHMAC", { enumerable: true, get: function () { return hmac_js_1.generateHMAC; } });
-Object.defineProperty(exports, "verifyHMAC", { enumerable: true, get: function () { return hmac_js_1.verifyHMAC; } });
-Object.defineProperty(exports, "signHMAC", { enumerable: true, get: function () { return hmac_js_1.signHMAC; } });
-// Serialization
-var tlv_js_1 = require("./tlv.js");
-Object.defineProperty(exports, "serializeMessage", { enumerable: true, get: function () { return tlv_js_1.serializeMessage; } });
-Object.defineProperty(exports, "deserializeMessage", { enumerable: true, get: function () { return tlv_js_1.deserializeMessage; } });
-// UUID
-var uuid_js_1 = require("./uuid.js");
-Object.defineProperty(exports, "generateUUID", { enumerable: true, get: function () { return uuid_js_1.generateUUID; } });
-Object.defineProperty(exports, "uuidToBytes", { enumerable: true, get: function () { return uuid_js_1.uuidToBytes; } });
-Object.defineProperty(exports, "bytesToUuid", { enumerable: true, get: function () { return uuid_js_1.bytesToUuid; } });
-// Base64
-var base64_js_1 = require("./base64.js");
-Object.defineProperty(exports, "toBase64", { enumerable: true, get: function () { return base64_js_1.toBase64; } });
-Object.defineProperty(exports, "fromBase64", { enumerable: true, get: function () { return base64_js_1.fromBase64; } });
-Object.defineProperty(exports, "toBase64Url", { enumerable: true, get: function () { return base64_js_1.toBase64Url; } });
-Object.defineProperty(exports, "fromBase64Url", { enumerable: true, get: function () { return base64_js_1.fromBase64Url; } });
-// High-level API
-var shares_js_1 = require("./shares.js");
-Object.defineProperty(exports, "createShares", { enumerable: true, get: function () { return shares_js_1.createShares; } });
-Object.defineProperty(exports, "reconstructMessage", { enumerable: true, get: function () { return shares_js_1.reconstructMessage; } });
-// Branded Share Header (IDA5 copyright layer)
-var share_header_js_1 = require("./share-header.js");
-Object.defineProperty(exports, "formatShareHeader", { enumerable: true, get: function () { return share_header_js_1.formatShareHeader; } });
-Object.defineProperty(exports, "parseShareHeader", { enumerable: true, get: function () { return share_header_js_1.parseShareHeader; } });
-Object.defineProperty(exports, "hasShareHeader", { enumerable: true, get: function () { return share_header_js_1.hasShareHeader; } });
-// Capability check
-/**
- * Check if the runtime supports the required Web Crypto APIs.
- *
- * Verifies that `crypto.subtle` is available with HMAC, AES-GCM,
- * and `crypto.getRandomValues`. Call this before using any crypto
- * operations to provide a clear error message on unsupported runtimes.
- *
- * @returns `true` if the runtime has the required Web Crypto APIs.
- */
-function isSupported() {
-    try {
-        return (typeof globalThis.crypto !== 'undefined' &&
-            typeof globalThis.crypto.subtle !== 'undefined' &&
-            typeof globalThis.crypto.subtle.importKey === 'function' &&
-            typeof globalThis.crypto.subtle.sign === 'function' &&
-            typeof globalThis.crypto.subtle.verify === 'function' &&
-            typeof globalThis.crypto.subtle.encrypt === 'function' &&
-            typeof globalThis.crypto.getRandomValues === 'function');
-    }
-    catch {
-        return false;
-    }
-}
-// Re-export for testing (internal, not part of public API contract)
-var xorida_js_2 = require("./xorida.js");
-Object.defineProperty(exports, "splitWithRandom", { enumerable: true, get: function () { return xorida_js_2.splitWithRandom; } });

package/dist-standalone/_deps/crypto/cjs/padding.js

@@ -1,57 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.pkcs7Pad = pkcs7Pad;
-exports.pkcs7Unpad = pkcs7Unpad;
-const shared_1 = require("../../shared/index.js");
-/**
- * PKCS#7 pad data to a multiple of blockSize bytes.
- * Always adds at least 1 byte of padding, even when already aligned.
- *
- * @param data - Input bytes to pad
- * @param blockSize - Block size in bytes (must be 1–255)
- * @returns Padded byte array
- */
-function pkcs7Pad(data, blockSize) {
-    const padLen = blockSize - (data.length % blockSize);
-    const padded = new Uint8Array(data.length + padLen);
-    padded.set(data);
-    for (let i = data.length; i < padded.length; i++) {
-        padded[i] = padLen;
-    }
-    return padded;
-}
-/**
- * Remove PKCS#7 padding. Validates that padding bytes are consistent.
- * Returns an error if padding is invalid (possible tampering).
- *
- * @param data - Padded byte array
- * @param blockSize - Block size used during padding (must be 1–255)
- * @returns Unpadded bytes, or PaddingError if invalid
- */
-function pkcs7Unpad(data, blockSize) {
-    if (data.length === 0) {
-        return (0, shared_1.err)({ code: 'INVALID_PADDING', message: 'Input is empty' });
-    }
-    if (data.length % blockSize !== 0) {
-        return (0, shared_1.err)({
-            code: 'INVALID_PADDING',
-            message: 'Input length is not a multiple of block size',
-        });
-    }
-    const padLen = data[data.length - 1];
-    if (padLen === undefined || padLen < 1 || padLen > blockSize) {
-        return (0, shared_1.err)({
-            code: 'INVALID_PADDING',
-            message: `Invalid padding value: ${padLen}`,
-        });
-    }
-    for (let i = data.length - padLen; i < data.length; i++) {
-        if (data[i] !== padLen) {
-            return (0, shared_1.err)({
-                code: 'INVALID_PADDING',
-                message: 'Inconsistent padding bytes',
-            });
-        }
-    }
-    return (0, shared_1.ok)(data.slice(0, data.length - padLen));
-}

package/dist-standalone/_deps/crypto/cjs/share-header.js

@@ -1,68 +0,0 @@
-"use strict";
-/**
- * Branded share header — IDA5 copyright layer.
- *
- * Wraps every XorIDA share output with the patent-locked branded string:
- *
- *   Xecret (TM) -> PRIVATE .ME (R) -> IDA5 -> Encrypted:// [data] => Generated by Xecret (TM)
- *
- * This provides triple legal protection on every share artifact:
- * - Patent (20 years): XorIDA algorithm and split-channel architecture
- * - Copyright (95 years): the literal branded header expression
- * - Trademark (indefinite): Xecret(TM) and PRIVATE .ME(R) marks
- *
- * NEVER modify the header format. It is patent-locked.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.formatShareHeader = formatShareHeader;
-exports.parseShareHeader = parseShareHeader;
-exports.hasShareHeader = hasShareHeader;
-/** Start marker for the branded share data region. */
-const START_MARKER = 'Encrypted://';
-/** End marker for the branded share data region. */
-const END_MARKER = '=> Generated by Xecret (TM)';
-/** Branded prefix before the start marker. */
-const BRAND_PREFIX = 'Xecret (TM) -> PRIVATE .ME (R) -> IDA5 -> ';
-/**
- * Wrap share data with the branded IDA5 copyright header.
- *
- * Output format (patent-locked, NEVER change):
- *   Xecret (TM) -> PRIVATE .ME (R) -> IDA5 -> Encrypted:// [data] => Generated by Xecret (TM)
- *
- * @param data - Base64-encoded share data (or any string payload)
- * @returns Branded string with copyright header wrapping the data
- */
-function formatShareHeader(data) {
-    return `${BRAND_PREFIX}${START_MARKER} ${data} ${END_MARKER}`;
-}
-/**
- * Extract share data from a branded IDA5 header string.
- *
- * Backward-compatible: if the branded markers are not found, returns
- * the input string trimmed (handles legacy headerless shares).
- *
- * @param input - Branded share string or legacy raw data
- * @returns Extracted share data with whitespace trimmed
- */
-function parseShareHeader(input) {
-    const startIdx = input.indexOf(START_MARKER);
-    if (startIdx < 0)
-        return input.trim();
-    const dataStart = startIdx + START_MARKER.length;
-    const endIdx = input.indexOf(END_MARKER, dataStart);
-    if (endIdx < 0)
-        return input.trim();
-    return input.substring(dataStart, endIdx).trim();
-}
-/**
- * Check whether a string contains the branded IDA5 share header.
- *
- * Useful for format detection — distinguishing branded shares from
- * legacy raw base64 shares.
- *
- * @param input - String to check
- * @returns true if the branded markers are present
- */
-function hasShareHeader(input) {
-    return input.includes(START_MARKER) && input.includes(END_MARKER);
-}

package/dist-standalone/_deps/crypto/cjs/shares.js

@@ -1,152 +0,0 @@
-"use strict";
-/**
- * High-level share creation and reconstruction API.
- *
- * Sender pipeline:  serialize (TLV) → pad (PKCS#7) → HMAC (sign) → split (XorIDA)
- * Receiver pipeline: reconstruct (XorIDA) → verify (HMAC) → unpad (PKCS#7) → deserialize (TLV)
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createShares = createShares;
-exports.reconstructMessage = reconstructMessage;
-const shared_1 = require("../../shared/index.js");
-const tlv_js_1 = require("./tlv.js");
-const padding_js_1 = require("./padding.js");
-const hmac_js_1 = require("./hmac.js");
-const xorida_js_1 = require("./xorida.js");
-const uuid_js_1 = require("./uuid.js");
-/**
- * Create shares from a XailMessage.
- *
- * Pipeline: serialize → pad → HMAC → split → package as XailShare[]
- *
- * @param message - The message to split into shares
- * @param n - Total number of shares to produce
- * @param k - Threshold: minimum shares needed for reconstruction
- * @returns Array of n XailShare objects ready for transport
- */
-async function createShares(message, n, k) {
-    // Ensure UUID is set before serialization so TLV and share headers match.
-    const uuid = message.uuid || (0, uuid_js_1.generateUUID)();
-    const messageWithUuid = uuid !== message.uuid ? { ...message, uuid } : message;
-    // Step 1: Serialize to TLV
-    const tlvPayload = (0, tlv_js_1.serializeMessage)(messageWithUuid);
-    // Step 2: Pad to XorIDA block boundary
-    const p = (0, xorida_js_1.nextOddPrime)(n);
-    const blockSize = p - 1;
-    const padded = (0, padding_js_1.pkcs7Pad)(tlvPayload, blockSize);
-    // Step 3: HMAC the padded payload
-    const { key: hmacKey, signature: hmacSignature } = await (0, hmac_js_1.generateHMAC)(padded);
-    // Step 4: Split via XorIDA
-    const shareDataArrays = (0, xorida_js_1.splitXorIDA)(padded, n, k);
-    const shares = shareDataArrays.map((data, index) => ({
-        uuid,
-        index,
-        totalShares: n,
-        threshold: k,
-        data,
-        hmacKey: hmacKey.slice(), // each share carries a copy
-        hmacSignature: hmacSignature.slice(),
-    }));
-    return shares;
-}
-/**
- * Reconstruct a XailMessage from k shares.
- *
- * Pipeline: validate → reconstruct → verify HMAC → unpad → deserialize
- *
- * @param shares - Array of k XailShare objects (must share the same UUID)
- * @returns Reconstructed message, or ReconstructionError
- */
-async function reconstructMessage(shares) {
-    // Validation: need at least k shares
-    if (shares.length === 0) {
-        return (0, shared_1.err)({ code: 'INSUFFICIENT_SHARES', message: 'No shares provided' });
-    }
-    const first = shares[0];
-    const k = first.threshold;
-    const n = first.totalShares;
-    if (shares.length < k) {
-        return (0, shared_1.err)({
-            code: 'INSUFFICIENT_SHARES',
-            message: `Need ${k} shares, got ${shares.length}`,
-        });
-    }
-    // Validate consistency
-    const indices = [];
-    const indexSet = new Set();
-    for (const share of shares) {
-        if (share.uuid !== first.uuid) {
-            return (0, shared_1.err)({
-                code: 'INVALID_SHARES',
-                message: 'Shares have different UUIDs',
-            });
-        }
-        if (share.totalShares !== n || share.threshold !== k) {
-            return (0, shared_1.err)({
-                code: 'INVALID_SHARES',
-                message: 'Shares have inconsistent n/k values',
-            });
-        }
-        if (share.index < 0 || share.index >= n) {
-            return (0, shared_1.err)({
-                code: 'INVALID_INDEX',
-                message: `Share index ${share.index} out of range [0, ${n})`,
-            });
-        }
-        if (indexSet.has(share.index)) {
-            return (0, shared_1.err)({
-                code: 'INVALID_INDEX',
-                message: `Duplicate share index ${share.index}`,
-            });
-        }
-        indexSet.add(share.index);
-        indices.push(share.index);
-    }
-    // Take first k shares
-    const usedShares = shares.slice(0, k);
-    const usedIndices = indices.slice(0, k);
-    const shareData = usedShares.map((s) => s.data);
-    // Step 1: Reconstruct padded payload
-    const padded = (0, xorida_js_1.reconstructXorIDA)(shareData, usedIndices, n, k);
-    // Step 2: Verify HMAC (before unpadding — fail closed)
-    const hmacValid = await (0, hmac_js_1.verifyHMAC)(first.hmacKey, padded, first.hmacSignature);
-    if (!hmacValid) {
-        return (0, shared_1.err)({
-            code: 'HMAC_FAILURE',
-            message: 'HMAC verification failed — data may be corrupted or tampered',
-        });
-    }
-    // Step 3: Unpad
-    const p = (0, xorida_js_1.nextOddPrime)(n);
-    const blockSize = p - 1;
-    const unpadResult = (0, padding_js_1.pkcs7Unpad)(padded, blockSize);
-    if (!unpadResult.ok) {
-        return (0, shared_1.err)({
-            code: 'HMAC_FAILURE',
-            message: `Unpadding failed: ${unpadResult.error.message}`,
-        });
-    }
-    // Step 4: Deserialize TLV
-    const msgResult = (0, tlv_js_1.deserializeMessage)(unpadResult.value);
-    if (!msgResult.ok) {
-        return (0, shared_1.err)({
-            code: 'INVALID_SHARES',
-            message: `Deserialization failed: ${msgResult.error.message}`,
-        });
-    }
-    // UUID cross-check: if the TLV payload contains a UUID, it must match the envelope UUID.
-    // Normalize both to lowercase+trimmed — bytesToUuid() always returns lowercase,
-    // but envelope UUIDs from email headers may differ in casing or have whitespace.
-    const tlvUuid = msgResult.value.uuid;
-    if (tlvUuid && tlvUuid.toLowerCase().trim() !== first.uuid.toLowerCase().trim()) {
-        return (0, shared_1.err)({
-            code: 'UUID_MISMATCH',
-            message: 'TLV UUID does not match envelope UUID',
-        });
-    }
-    // The share headers carry the authoritative UUID (X-Xail-UUID).
-    // The TLV payload may have a stale or empty UUID if the sender didn't
-    // pre-populate message.uuid before calling createShares(). Stamp the
-    // share-header UUID onto the reconstructed message.
-    return (0, shared_1.ok)({ ...msgResult.value, uuid: first.uuid });
-}