@prooflog/node 0.1.0

package/dist/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../node_modules/.pnpm/fast-json-stable-stringify@2.1.0/node_modules/fast-json-stable-stringify/index.js","../src/client.ts","../../db/src/schema.ts","../../../node_modules/.pnpm/@noble+hashes@2.2.0/node_modules/@noble/hashes/src/utils.ts","../../../node_modules/.pnpm/@noble+hashes@2.2.0/node_modules/@noble/hashes/src/_md.ts","../../../node_modules/.pnpm/@noble+hashes@2.2.0/node_modules/@noble/hashes/src/sha2.ts","../../crypto/src/hash.ts"],"sourcesContent":["'use strict';\n\nmodule.exports = function (data, opts) {\n    if (!opts) opts = {};\n    if (typeof opts === 'function') opts = { cmp: opts };\n    var cycles = (typeof opts.cycles === 'boolean') ? opts.cycles : false;\n\n    var cmp = opts.cmp && (function (f) {\n        return function (node) {\n            return function (a, b) {\n                var aobj = { key: a, value: node[a] };\n                var bobj = { key: b, value: node[b] };\n                return f(aobj, bobj);\n            };\n        };\n    })(opts.cmp);\n\n    var seen = [];\n    return (function stringify (node) {\n        if (node && node.toJSON && typeof node.toJSON === 'function') {\n            node = node.toJSON();\n        }\n\n        if (node === undefined) return;\n        if (typeof node == 'number') return isFinite(node) ? '' + node : 'null';\n        if (typeof node !== 'object') return JSON.stringify(node);\n\n        var i, out;\n        if (Array.isArray(node)) {\n            out = '[';\n            for (i = 0; i < node.length; i++) {\n                if (i) out += ',';\n                out += stringify(node[i]) || 'null';\n            }\n            return out + ']';\n        }\n\n        if (node === null) return 'null';\n\n        if (seen.indexOf(node) !== -1) {\n            if (cycles) return JSON.stringify('__cycle__');\n            throw new TypeError('Converting circular structure to JSON');\n        }\n\n        var seenIndex = seen.push(node) - 1;\n        var keys = Object.keys(node).sort(cmp && cmp(node));\n        out = '';\n        for (i = 0; i < keys.length; i++) {\n            var key = keys[i];\n            var value = stringify(node[key]);\n\n            if (!value) continue;\n            if (out) out += ',';\n            out += JSON.stringify(key) + ':' + value;\n        }\n        seen.splice(seenIndex, 1);\n        return '{' + out + '}';\n    })(data);\n};\n","import { drizzle } from \"drizzle-orm/neon-http\";\nimport { neon } from \"@neondatabase/serverless\";\nimport { eq, desc, asc, and, gt } from \"drizzle-orm\";\nimport { auditLogs } from \"@prooflog/db\";\nimport { computeHash, GENESIS_HASH } from \"@prooflog/crypto\";\nimport type {\n  ProofLogConfig,\n  IngestOptions,\n  IngestResult,\n  VerifyResult,\n} from \"./types\";\n\nexport class ProofLog {\n  private db: ReturnType<typeof drizzle>;\n  constructor(config: ProofLogConfig) {\n    if (!config.databaseUrl) throw new Error(\"databaseUrl is required\");\n    const sql = neon(config.databaseUrl);\n    this.db = drizzle(sql);\n  }\n\n  /**\n   * Pushes a new audit log event directly to the database.\n   * Handles concurrency retries internally.\n   */\n  async ingest(organisationId: string, options: IngestOptions): Promise<IngestResult> {\n    const maxRetries = 3;\n    \n    for (let attempt = 0; attempt < maxRetries; attempt++) {\n      try {\n        const lastEntry = await this.db\n          .select()\n          .from(auditLogs)\n          .where(eq(auditLogs.organisationId, organisationId))\n          .orderBy(desc(auditLogs.sequence))\n          .limit(1);\n\n        const previousHash = lastEntry.length ? lastEntry[0].hash : GENESIS_HASH;\n        const sequence = lastEntry.length ? lastEntry[0].sequence + 1 : 1;\n        const createdAt = new Date().toISOString();\n\n        const hash = computeHash(\n          {\n            organisationId,\n            sequence,\n            action: options.action,\n            actor: options.actor,\n            target: options.target ?? null,\n            metadata: options.metadata ?? null,\n            createdAt,\n          },\n          previousHash,\n        );\n\n        await this.db.insert(auditLogs).values({\n          organisationId,\n          sequence,\n          action: options.action,\n          actor: options.actor,\n          target: options.target ?? null,\n          metadata: options.metadata ?? null,\n          hash,\n          previousHash,\n          createdAt: new Date(createdAt),\n        });\n\n        return { sequence, hash };\n      } catch (error: any) {\n        if (error.code === '23505' || error.message?.includes('23505') || error.message?.includes('unique constraint')) {\n          if (attempt === maxRetries - 1) {\n            throw new Error(\"Failed to ingest audit log due to high concurrency. Please try again.\");\n          }\n          continue;\n        }\n        throw error;\n      }\n    }\n    \n    throw new Error(\"Unreachable\");\n  }\n\n  /**\n   * Triggers a cryptographic verification of the audit log chain for the organisation in batches.\n   */\n  async verify(organisationId: string): Promise<VerifyResult> {\n    const batchSize = 1000;\n    let hasMore = true;\n    let currentSequence = 0;\n    let totalEntries = 0;\n    let expectedPreviousHash = GENESIS_HASH;\n\n    while (hasMore) {\n      const batch = await this.db\n        .select()\n        .from(auditLogs)\n        .where(\n          and(\n            eq(auditLogs.organisationId, organisationId),\n            gt(auditLogs.sequence, currentSequence)\n          )\n        )\n        .orderBy(asc(auditLogs.sequence))\n        .limit(batchSize);\n\n      if (batch.length === 0) {\n        hasMore = false;\n        break;\n      }\n\n      for (const entry of batch) {\n        if (entry.previousHash !== expectedPreviousHash) {\n          return {\n            valid: false,\n            totalEntries,\n            tamperedAt: entry.sequence,\n            reason: `Chain broken at sequence ${entry.sequence}`,\n          };\n        }\n\n        const recomputed = computeHash({\n          organisationId: entry.organisationId,\n          sequence: entry.sequence,\n          action: entry.action,\n          actor: entry.actor,\n          target: entry.target,\n          metadata: entry.metadata,\n          createdAt: entry.createdAt.toISOString(),\n        }, entry.previousHash);\n\n        if (recomputed !== entry.hash) {\n          return {\n            valid: false,\n            totalEntries,\n            tamperedAt: entry.sequence,\n            reason: `Hash mismatch at sequence ${entry.sequence} — data tampered`,\n          };\n        }\n\n        expectedPreviousHash = entry.hash;\n        currentSequence = entry.sequence;\n        totalEntries++;\n      }\n    }\n\n    return { valid: true, totalEntries };\n  }\n}\n","import {\n  pgTable,\n  uuid,\n  text,\n  timestamp,\n  bigint,\n  jsonb,\n  unique,\n} from \"drizzle-orm/pg-core\";\n\nexport const organisations = pgTable(\"organisations\", {\n  id: uuid(\"id\").primaryKey().defaultRandom(),\n  name: text(\"name\").notNull(),\n  plan: text(\"plan\").notNull().default(\"free\"),\n  createdAt: timestamp(\"created_at\").notNull().defaultNow(),\n});\n\n// Audit log entries — hash chain yahan store hoti hai\nexport const auditLogs = pgTable(\n  \"audit_logs\",\n  {\n    id: uuid(\"id\").primaryKey().defaultRandom(),\n    organisationId: uuid(\"organisation_id\")\n      .notNull()\n      .references(() => organisations.id),\n    sequence: bigint(\"sequence\", { mode: \"number\" }).notNull(),\n    action: text(\"action\").notNull(),\n    actor: jsonb(\"actor\").notNull(),\n    target: jsonb(\"target\"),\n    metadata: jsonb(\"metadata\"),\n    hash: text(\"hash\").notNull(),\n    previousHash: text(\"previous_hash\").notNull(),\n    createdAt: timestamp(\"created_at\").notNull().defaultNow(),\n  },\n  (t) => [\n    unique(\"audit_logs_org_sequence_idx\").on(t.organisationId, t.sequence),\n  ],\n);\n","/**\n * Utilities for hex, bytes, CSPRNG.\n * @module\n */\n/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n/**\n * Bytes API type helpers for old + new TypeScript.\n *\n * TS 5.6 has `Uint8Array`, while TS 5.9+ made it generic `Uint8Array<ArrayBuffer>`.\n * We can't use specific return type, because TS 5.6 will error.\n * We can't use generic return type, because most TS 5.9 software will expect specific type.\n *\n * Maps typed-array input leaves to broad forms.\n * These are compatibility adapters, not ownership guarantees.\n *\n * - `TArg` keeps byte inputs broad.\n * - `TRet` marks byte outputs for TS 5.6 and TS 5.9+ compatibility.\n */\nexport type TypedArg<T> = T extends BigInt64Array\n  ? BigInt64Array\n  : T extends BigUint64Array\n    ? BigUint64Array\n    : T extends Float32Array\n      ? Float32Array\n      : T extends Float64Array\n        ? Float64Array\n        : T extends Int16Array\n          ? Int16Array\n          : T extends Int32Array\n            ? Int32Array\n            : T extends Int8Array\n              ? Int8Array\n              : T extends Uint16Array\n                ? Uint16Array\n                : T extends Uint32Array\n                  ? Uint32Array\n                  : T extends Uint8ClampedArray\n                    ? Uint8ClampedArray\n                    : T extends Uint8Array\n                      ? Uint8Array\n                      : never;\n/** Maps typed-array output leaves to narrow TS-compatible forms. */\nexport type TypedRet<T> = T extends BigInt64Array\n  ? ReturnType<typeof BigInt64Array.of>\n  : T extends BigUint64Array\n    ? ReturnType<typeof BigUint64Array.of>\n    : T extends Float32Array\n      ? ReturnType<typeof Float32Array.of>\n      : T extends Float64Array\n        ? ReturnType<typeof Float64Array.of>\n        : T extends Int16Array\n          ? ReturnType<typeof Int16Array.of>\n          : T extends Int32Array\n            ? ReturnType<typeof Int32Array.of>\n            : T extends Int8Array\n              ? ReturnType<typeof Int8Array.of>\n              : T extends Uint16Array\n                ? ReturnType<typeof Uint16Array.of>\n                : T extends Uint32Array\n                  ? ReturnType<typeof Uint32Array.of>\n                  : T extends Uint8ClampedArray\n                    ? ReturnType<typeof Uint8ClampedArray.of>\n                    : T extends Uint8Array\n                      ? ReturnType<typeof Uint8Array.of>\n                      : never;\n/** Recursively adapts byte-carrying API input types. See {@link TypedArg}. */\nexport type TArg<T> =\n  | T\n  | ([TypedArg<T>] extends [never]\n      ? T extends (...args: infer A) => infer R\n        ? ((...args: { [K in keyof A]: TRet<A[K]> }) => TArg<R>) & {\n            [K in keyof T]: T[K] extends (...args: any) => any ? T[K] : TArg<T[K]>;\n          }\n        : T extends [infer A, ...infer R]\n          ? [TArg<A>, ...{ [K in keyof R]: TArg<R[K]> }]\n          : T extends readonly [infer A, ...infer R]\n            ? readonly [TArg<A>, ...{ [K in keyof R]: TArg<R[K]> }]\n            : T extends (infer A)[]\n              ? TArg<A>[]\n              : T extends readonly (infer A)[]\n                ? readonly TArg<A>[]\n                : T extends Promise<infer A>\n                  ? Promise<TArg<A>>\n                  : T extends object\n                    ? { [K in keyof T]: TArg<T[K]> }\n                    : T\n      : TypedArg<T>);\n/** Recursively adapts byte-carrying API output types. See {@link TypedArg}. */\nexport type TRet<T> = T extends unknown\n  ? T &\n      ([TypedRet<T>] extends [never]\n        ? T extends (...args: infer A) => infer R\n          ? ((...args: { [K in keyof A]: TArg<A[K]> }) => TRet<R>) & {\n              [K in keyof T]: T[K] extends (...args: any) => any ? T[K] : TRet<T[K]>;\n            }\n          : T extends [infer A, ...infer R]\n            ? [TRet<A>, ...{ [K in keyof R]: TRet<R[K]> }]\n            : T extends readonly [infer A, ...infer R]\n              ? readonly [TRet<A>, ...{ [K in keyof R]: TRet<R[K]> }]\n              : T extends (infer A)[]\n                ? TRet<A>[]\n                : T extends readonly (infer A)[]\n                  ? readonly TRet<A>[]\n                  : T extends Promise<infer A>\n                    ? Promise<TRet<A>>\n                    : T extends object\n                      ? { [K in keyof T]: TRet<T[K]> }\n                      : T\n        : TypedRet<T>)\n  : never;\n/**\n * Checks if something is Uint8Array. Be careful: nodejs Buffer will return true.\n * @param a - value to test\n * @returns `true` when the value is a Uint8Array-compatible view.\n * @example\n * Check whether a value is a Uint8Array-compatible view.\n * ```ts\n * isBytes(new Uint8Array([1, 2, 3]));\n * ```\n */\nexport function isBytes(a: unknown): a is Uint8Array {\n  // Plain `instanceof Uint8Array` is too strict for some Buffer / proxy / cross-realm cases.\n  // The fallback still requires a real ArrayBuffer view, so plain\n  // JSON-deserialized `{ constructor: ... }` spoofing is rejected, and\n  // `BYTES_PER_ELEMENT === 1` keeps the fallback on byte-oriented views.\n  return (\n    a instanceof Uint8Array ||\n    (ArrayBuffer.isView(a) &&\n      a.constructor.name === 'Uint8Array' &&\n      'BYTES_PER_ELEMENT' in a &&\n      a.BYTES_PER_ELEMENT === 1)\n  );\n}\n\n/**\n * Asserts something is a non-negative integer.\n * @param n - number to validate\n * @param title - label included in thrown errors\n * @throws On wrong argument types. {@link TypeError}\n * @throws On wrong argument ranges or values. {@link RangeError}\n * @example\n * Validate a non-negative integer option.\n * ```ts\n * anumber(32, 'length');\n * ```\n */\nexport function anumber(n: number, title: string = ''): void {\n  if (typeof n !== 'number') {\n    const prefix = title && `\"${title}\" `;\n    throw new TypeError(`${prefix}expected number, got ${typeof n}`);\n  }\n  if (!Number.isSafeInteger(n) || n < 0) {\n    const prefix = title && `\"${title}\" `;\n    throw new RangeError(`${prefix}expected integer >= 0, got ${n}`);\n  }\n}\n\n/**\n * Asserts something is Uint8Array.\n * @param value - value to validate\n * @param length - optional exact length constraint\n * @param title - label included in thrown errors\n * @returns The validated byte array.\n * @throws On wrong argument types. {@link TypeError}\n * @throws On wrong argument ranges or values. {@link RangeError}\n * @example\n * Validate that a value is a byte array.\n * ```ts\n * abytes(new Uint8Array([1, 2, 3]));\n * ```\n */\nexport function abytes(\n  value: TArg<Uint8Array>,\n  length?: number,\n  title: string = ''\n): TRet<Uint8Array> {\n  const bytes = isBytes(value);\n  const len = value?.length;\n  const needsLen = length !== undefined;\n  if (!bytes || (needsLen && len !== length)) {\n    const prefix = title && `\"${title}\" `;\n    const ofLen = needsLen ? ` of length ${length}` : '';\n    const got = bytes ? `length=${len}` : `type=${typeof value}`;\n    const message = prefix + 'expected Uint8Array' + ofLen + ', got ' + got;\n    if (!bytes) throw new TypeError(message);\n    throw new RangeError(message);\n  }\n  return value as TRet<Uint8Array>;\n}\n\n/**\n * Copies bytes into a fresh Uint8Array.\n * Buffer-style slices can alias the same backing store, so callers that need ownership should copy.\n * @param bytes - source bytes to clone\n * @returns Freshly allocated copy of `bytes`.\n * @throws On wrong argument types. {@link TypeError}\n * @example\n * Clone a byte array before mutating it.\n * ```ts\n * const copy = copyBytes(new Uint8Array([1, 2, 3]));\n * ```\n */\nexport function copyBytes(bytes: TArg<Uint8Array>): TRet<Uint8Array> {\n  // `Uint8Array.from(...)` would also accept arrays / other typed arrays. Keep this helper strict\n  // because callers use it at byte-validation boundaries before mutating the detached copy.\n  return Uint8Array.from(abytes(bytes)) as TRet<Uint8Array>;\n}\n\n/**\n * Asserts something is a wrapped hash constructor.\n * @param h - hash constructor to validate\n * @throws On wrong argument types or invalid hash wrapper shape. {@link TypeError}\n * @throws On invalid hash metadata ranges or values. {@link RangeError}\n * @throws If the hash metadata allows empty outputs or block sizes. {@link Error}\n * @example\n * Validate a callable hash wrapper.\n * ```ts\n * import { ahash } from '@noble/hashes/utils.js';\n * import { sha256 } from '@noble/hashes/sha2.js';\n * ahash(sha256);\n * ```\n */\nexport function ahash(h: TArg<CHash>): void {\n  if (typeof h !== 'function' || typeof h.create !== 'function')\n    throw new TypeError('Hash must wrapped by utils.createHasher');\n  anumber(h.outputLen);\n  anumber(h.blockLen);\n  // HMAC and KDF callers treat these as real byte lengths; allowing zero lets fake wrappers pass\n  // validation and can produce empty outputs instead of failing fast.\n  if (h.outputLen < 1) throw new Error('\"outputLen\" must be >= 1');\n  if (h.blockLen < 1) throw new Error('\"blockLen\" must be >= 1');\n}\n\n/**\n * Asserts a hash instance has not been destroyed or finished.\n * @param instance - hash instance to validate\n * @param checkFinished - whether to reject finalized instances\n * @throws If the hash instance has already been destroyed or finalized. {@link Error}\n * @example\n * Validate that a hash instance is still usable.\n * ```ts\n * import { aexists } from '@noble/hashes/utils.js';\n * import { sha256 } from '@noble/hashes/sha2.js';\n * const hash = sha256.create();\n * aexists(hash);\n * ```\n */\nexport function aexists(instance: any, checkFinished = true): void {\n  if (instance.destroyed) throw new Error('Hash instance has been destroyed');\n  if (checkFinished && instance.finished) throw new Error('Hash#digest() has already been called');\n}\n\n/**\n * Asserts output is a sufficiently-sized byte array.\n * @param out - destination buffer\n * @param instance - hash instance providing output length\n * Oversized buffers are allowed; downstream code only promises to fill the first `outputLen` bytes.\n * @throws On wrong argument types. {@link TypeError}\n * @throws On wrong argument ranges or values. {@link RangeError}\n * @example\n * Validate a caller-provided digest buffer.\n * ```ts\n * import { aoutput } from '@noble/hashes/utils.js';\n * import { sha256 } from '@noble/hashes/sha2.js';\n * const hash = sha256.create();\n * aoutput(new Uint8Array(hash.outputLen), hash);\n * ```\n */\nexport function aoutput(out: any, instance: any): void {\n  abytes(out, undefined, 'digestInto() output');\n  const min = instance.outputLen;\n  if (out.length < min) {\n    throw new RangeError('\"digestInto() output\" expected to be of length >=' + min);\n  }\n}\n\n/** Generic type encompassing 8/16/32-byte array views, but not 64-bit variants. */\n// prettier-ignore\nexport type TypedArray = Int8Array | Uint8ClampedArray | Uint8Array |\n  Uint16Array | Int16Array | Uint32Array | Int32Array;\n\n/**\n * Casts a typed array view to Uint8Array.\n * @param arr - source typed array\n * @returns Uint8Array view over the same buffer.\n * @example\n * Reinterpret a typed array as bytes.\n * ```ts\n * u8(new Uint32Array([1, 2]));\n * ```\n */\nexport function u8(arr: TArg<TypedArray>): TRet<Uint8Array> {\n  return new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength) as TRet<Uint8Array>;\n}\n\n/**\n * Casts a typed array view to Uint32Array.\n * `arr.byteOffset` must already be 4-byte aligned or the platform\n * Uint32Array constructor will throw.\n * @param arr - source typed array\n * @returns Uint32Array view over the same buffer.\n * @example\n * Reinterpret a byte array as 32-bit words.\n * ```ts\n * u32(new Uint8Array(8));\n * ```\n */\nexport function u32(arr: TArg<TypedArray>): TRet<Uint32Array> {\n  return new Uint32Array(\n    arr.buffer,\n    arr.byteOffset,\n    Math.floor(arr.byteLength / 4)\n  ) as TRet<Uint32Array>;\n}\n\n/**\n * Zeroizes typed arrays in place. Warning: JS provides no guarantees.\n * @param arrays - arrays to overwrite with zeros\n * @example\n * Zeroize sensitive buffers in place.\n * ```ts\n * clean(new Uint8Array([1, 2, 3]));\n * ```\n */\nexport function clean(...arrays: TArg<TypedArray[]>): void {\n  for (let i = 0; i < arrays.length; i++) {\n    arrays[i].fill(0);\n  }\n}\n\n/**\n * Creates a DataView for byte-level manipulation.\n * @param arr - source typed array\n * @returns DataView over the same buffer region.\n * @example\n * Create a DataView over an existing buffer.\n * ```ts\n * createView(new Uint8Array(4));\n * ```\n */\nexport function createView(arr: TArg<TypedArray>): DataView {\n  return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n}\n\n/**\n * Rotate-right operation for uint32 values.\n * @param word - source word\n * @param shift - shift amount in bits\n * @returns Rotated word.\n * @example\n * Rotate a 32-bit word to the right.\n * ```ts\n * rotr(0x12345678, 8);\n * ```\n */\nexport function rotr(word: number, shift: number): number {\n  return (word << (32 - shift)) | (word >>> shift);\n}\n\n/**\n * Rotate-left operation for uint32 values.\n * @param word - source word\n * @param shift - shift amount in bits\n * @returns Rotated word.\n * @example\n * Rotate a 32-bit word to the left.\n * ```ts\n * rotl(0x12345678, 8);\n * ```\n */\nexport function rotl(word: number, shift: number): number {\n  return (word << shift) | ((word >>> (32 - shift)) >>> 0);\n}\n\n/** Whether the current platform is little-endian. */\nexport const isLE: boolean = /* @__PURE__ */ (() =>\n  new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44)();\n\n/**\n * Byte-swap operation for uint32 values.\n * @param word - source word\n * @returns Word with reversed byte order.\n * @example\n * Reverse the byte order of a 32-bit word.\n * ```ts\n * byteSwap(0x11223344);\n * ```\n */\nexport function byteSwap(word: number): number {\n  return (\n    ((word << 24) & 0xff000000) |\n    ((word << 8) & 0xff0000) |\n    ((word >>> 8) & 0xff00) |\n    ((word >>> 24) & 0xff)\n  );\n}\n/**\n * Conditionally byte-swaps one 32-bit word on big-endian platforms.\n * @param n - source word\n * @returns Original or byte-swapped word depending on platform endianness.\n * @example\n * Normalize a 32-bit word for host endianness.\n * ```ts\n * swap8IfBE(0x11223344);\n * ```\n */\nexport const swap8IfBE: (n: number) => number = isLE\n  ? (n: number) => n\n  : (n: number) => byteSwap(n) >>> 0;\n\n/**\n * Byte-swaps every word of a Uint32Array in place.\n * @param arr - array to mutate\n * @returns The same array after mutation; callers pass live state arrays here.\n * @example\n * Reverse the byte order of every word in place.\n * ```ts\n * byteSwap32(new Uint32Array([0x11223344]));\n * ```\n */\nexport function byteSwap32(arr: TArg<Uint32Array>): TRet<Uint32Array> {\n  for (let i = 0; i < arr.length; i++) {\n    arr[i] = byteSwap(arr[i]);\n  }\n  return arr as TRet<Uint32Array>;\n}\n\n/**\n * Conditionally byte-swaps a Uint32Array on big-endian platforms.\n * @param u - array to normalize for host endianness\n * @returns Original or byte-swapped array depending on platform endianness.\n *   On big-endian runtimes this mutates `u` in place via `byteSwap32(...)`.\n * @example\n * Normalize a word array for host endianness.\n * ```ts\n * swap32IfBE(new Uint32Array([0x11223344]));\n * ```\n */\nexport const swap32IfBE: (u: TArg<Uint32Array>) => TRet<Uint32Array> = isLE\n  ? (u: TArg<Uint32Array>) => u as TRet<Uint32Array>\n  : byteSwap32;\n\n// Built-in hex conversion https://caniuse.com/mdn-javascript_builtins_uint8array_fromhex\nconst hasHexBuiltin: boolean = /* @__PURE__ */ (() =>\n  // @ts-ignore\n  typeof Uint8Array.from([]).toHex === 'function' && typeof Uint8Array.fromHex === 'function')();\n\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>\n  i.toString(16).padStart(2, '0')\n);\n\n/**\n * Convert byte array to hex string.\n * Uses the built-in function when available and assumes it matches the tested\n * fallback semantics.\n * @param bytes - bytes to encode\n * @returns Lowercase hexadecimal string.\n * @throws On wrong argument types. {@link TypeError}\n * @example\n * Convert bytes to lowercase hexadecimal.\n * ```ts\n * bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])); // 'cafe0123'\n * ```\n */\nexport function bytesToHex(bytes: TArg<Uint8Array>): string {\n  abytes(bytes);\n  // @ts-ignore\n  if (hasHexBuiltin) return bytes.toHex();\n  // pre-caching improves the speed 6x\n  let hex = '';\n  for (let i = 0; i < bytes.length; i++) {\n    hex += hexes[bytes[i]];\n  }\n  return hex;\n}\n\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 } as const;\nfunction asciiToBase16(ch: number): number | undefined {\n  if (ch >= asciis._0 && ch <= asciis._9) return ch - asciis._0; // '2' => 50-48\n  if (ch >= asciis.A && ch <= asciis.F) return ch - (asciis.A - 10); // 'B' => 66-(65-10)\n  if (ch >= asciis.a && ch <= asciis.f) return ch - (asciis.a - 10); // 'b' => 98-(97-10)\n  return;\n}\n\n/**\n * Convert hex string to byte array. Uses built-in function, when available.\n * @param hex - hexadecimal string to decode\n * @returns Decoded bytes.\n * @throws On wrong argument types. {@link TypeError}\n * @throws On wrong argument ranges or values. {@link RangeError}\n * @example\n * Decode lowercase hexadecimal into bytes.\n * ```ts\n * hexToBytes('cafe0123'); // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n * ```\n */\nexport function hexToBytes(hex: string): TRet<Uint8Array> {\n  if (typeof hex !== 'string') throw new TypeError('hex string expected, got ' + typeof hex);\n  if (hasHexBuiltin) {\n    try {\n      return (Uint8Array as any).fromHex(hex);\n    } catch (error) {\n      if (error instanceof SyntaxError) throw new RangeError(error.message);\n      throw error;\n    }\n  }\n  const hl = hex.length;\n  const al = hl / 2;\n  if (hl % 2) throw new RangeError('hex string expected, got unpadded hex of length ' + hl);\n  const array = new Uint8Array(al);\n  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n    const n1 = asciiToBase16(hex.charCodeAt(hi));\n    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n    if (n1 === undefined || n2 === undefined) {\n      const char = hex[hi] + hex[hi + 1];\n      throw new RangeError(\n        'hex string expected, got non-hex character \"' + char + '\" at index ' + hi\n      );\n    }\n    array[ai] = n1 * 16 + n2; // multiply first octet, e.g. 'a3' => 10*16+3 => 160 + 3 => 163\n  }\n  return array;\n}\n\n/**\n * There is no setImmediate in browser and setTimeout is slow.\n * This yields to the Promise/microtask scheduler queue, not to timers or the\n * full macrotask event loop.\n * @example\n * Yield to the next scheduler tick.\n * ```ts\n * await nextTick();\n * ```\n */\nexport const nextTick = async (): Promise<void> => {};\n\n/**\n * Returns control to the Promise/microtask scheduler every `tick`\n * milliseconds to avoid blocking long loops.\n * @param iters - number of loop iterations to run\n * @param tick - maximum time slice in milliseconds\n * @param cb - callback executed on each iteration\n * @example\n * Run a loop that periodically yields back to the event loop.\n * ```ts\n * await asyncLoop(2, 0, () => {});\n * ```\n */\nexport async function asyncLoop(\n  iters: number,\n  tick: number,\n  cb: (i: number) => void\n): Promise<void> {\n  let ts = Date.now();\n  for (let i = 0; i < iters; i++) {\n    cb(i);\n    // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n    const diff = Date.now() - ts;\n    if (diff >= 0 && diff < tick) continue;\n    await nextTick();\n    ts += diff;\n  }\n}\n\n// Global symbols, but ts doesn't see them: https://github.com/microsoft/TypeScript/issues/31535\ndeclare const TextEncoder: any;\n\n/**\n * Converts string to bytes using UTF8 encoding.\n * Built-in doesn't validate input to be string: we do the check.\n * Non-ASCII details are delegated to the platform `TextEncoder`.\n * @param str - string to encode\n * @returns UTF-8 encoded bytes.\n * @throws On wrong argument types. {@link TypeError}\n * @example\n * Encode a string as UTF-8 bytes.\n * ```ts\n * utf8ToBytes('abc'); // Uint8Array.from([97, 98, 99])\n * ```\n */\nexport function utf8ToBytes(str: string): TRet<Uint8Array> {\n  if (typeof str !== 'string') throw new TypeError('string expected');\n  return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n\n/** KDFs can accept string or Uint8Array for user convenience. */\nexport type KDFInput = string | Uint8Array;\n\n/**\n * Helper for KDFs: consumes Uint8Array or string.\n * String inputs are UTF-8 encoded; byte-array inputs stay aliased to the caller buffer.\n * @param data - user-provided KDF input\n * @param errorTitle - label included in thrown errors\n * @returns Byte representation of the input.\n * @throws On wrong argument types. {@link TypeError}\n * @example\n * Normalize KDF input to bytes.\n * ```ts\n * kdfInputToBytes('password');\n * ```\n */\nexport function kdfInputToBytes(data: TArg<KDFInput>, errorTitle = ''): TRet<Uint8Array> {\n  if (typeof data === 'string') return utf8ToBytes(data);\n  return abytes(data, undefined, errorTitle);\n}\n\n/**\n * Copies several Uint8Arrays into one.\n * @param arrays - arrays to concatenate\n * @returns Concatenated byte array.\n * @throws On wrong argument types. {@link TypeError}\n * @example\n * Concatenate multiple byte arrays.\n * ```ts\n * concatBytes(new Uint8Array([1]), new Uint8Array([2]));\n * ```\n */\nexport function concatBytes(...arrays: TArg<Uint8Array[]>): TRet<Uint8Array> {\n  let sum = 0;\n  for (let i = 0; i < arrays.length; i++) {\n    const a = arrays[i];\n    abytes(a);\n    sum += a.length;\n  }\n  const res = new Uint8Array(sum);\n  for (let i = 0, pad = 0; i < arrays.length; i++) {\n    const a = arrays[i];\n    res.set(a, pad);\n    pad += a.length;\n  }\n  return res;\n}\n\ntype EmptyObj = {};\n/**\n * Merges default options and passed options.\n * @param defaults - base option object\n * @param opts - user overrides\n * @returns Merged option object. The merge mutates `defaults` in place.\n * @throws On wrong argument types. {@link TypeError}\n * @example\n * Merge user overrides onto default options.\n * ```ts\n * checkOpts({ dkLen: 32 }, { asyncTick: 10 });\n * ```\n */\nexport function checkOpts<T1 extends EmptyObj, T2 extends EmptyObj>(\n  defaults: T1,\n  opts?: T2\n): T1 & T2 {\n  if (opts !== undefined && {}.toString.call(opts) !== '[object Object]')\n    throw new TypeError('options must be object or undefined');\n  const merged = Object.assign(defaults, opts);\n  return merged as T1 & T2;\n}\n\n/** Common interface for all hash instances. */\nexport interface Hash<T> {\n  /** Bytes processed per compression block. */\n  blockLen: number;\n  /** Bytes produced by `digest()`. */\n  outputLen: number;\n  /** Whether the instance supports XOF-style variable-length output via `xof()` / `xofInto()`. */\n  canXOF: boolean;\n  /**\n   * Absorbs more message bytes into the running hash state.\n   * @param buf - message chunk to absorb\n   * @returns The same hash instance for chaining.\n   */\n  update(buf: TArg<Uint8Array>): this;\n  /**\n   * Finalizes the hash into a caller-provided buffer.\n   * @param buf - destination buffer\n   * @returns Nothing. Implementations write into `buf` in place.\n   */\n  digestInto(buf: TArg<Uint8Array>): void;\n  /**\n   * Finalizes the hash and returns a freshly allocated digest.\n   * @returns Digest bytes.\n   */\n  digest(): TRet<Uint8Array>;\n  /** Wipes internal state and makes the instance unusable. */\n  destroy(): void;\n  /**\n   * Copies the current hash state into an existing or new instance.\n   * @param to - Optional destination instance to reuse.\n   * @returns Cloned hash state.\n   */\n  _cloneInto(to?: T): T;\n  /**\n   * Creates an independent copy of the current hash state.\n   * @returns Cloned hash instance.\n   */\n  clone(): T;\n}\n\n/** Pseudorandom generator interface. */\nexport interface PRG {\n  /**\n   * Mixes more entropy into the generator state.\n   * @param seed - fresh entropy bytes\n   * @returns Nothing. Implementations update internal state in place.\n   */\n  addEntropy(seed: TArg<Uint8Array>): void;\n  /**\n   * Generates pseudorandom output bytes.\n   * @param length - number of bytes to generate\n   * @returns Generated pseudorandom bytes.\n   */\n  randomBytes(length: number): TRet<Uint8Array>;\n  /** Wipes generator state and makes the instance unusable. */\n  clean(): void;\n}\n\n/**\n * XOF: streaming API to read digest in chunks.\n * Same as 'squeeze' in keccak/k12 and 'seek' in blake3, but more generic name.\n * When hash used in XOF mode it is up to user to call '.destroy' afterwards, since we cannot\n * destroy state, next call can require more bytes.\n */\nexport type HashXOF<T extends Hash<T>> = Hash<T> & {\n  /**\n   * Reads more bytes from the XOF stream.\n   * @param bytes - number of bytes to read\n   * @returns Requested digest bytes.\n   */\n  xof(bytes: number): TRet<Uint8Array>;\n  /**\n   * Reads more bytes from the XOF stream into a caller-provided buffer.\n   * @param buf - destination buffer\n   * @returns Filled output buffer.\n   */\n  xofInto(buf: TArg<Uint8Array>): TRet<Uint8Array>;\n};\n\n/** Hash constructor or factory type. */\nexport type HasherCons<T, Opts = undefined> = Opts extends undefined ? () => T : (opts?: Opts) => T;\n/** Optional hash metadata. */\nexport type HashInfo = {\n  /** DER-encoded object identifier bytes for the hash algorithm. */\n  oid?: TRet<Uint8Array>;\n};\n/** Callable hash function type. */\nexport type CHash<T extends Hash<T> = Hash<any>, Opts = undefined> = {\n  /** Digest size in bytes. */\n  outputLen: number;\n  /** Input block size in bytes. */\n  blockLen: number;\n  /** Whether `.create()` returns a hash instance that can be used as an XOF stream. */\n  canXOF: boolean;\n} & HashInfo &\n  (Opts extends undefined\n    ? {\n        (msg: TArg<Uint8Array>): TRet<Uint8Array>;\n        create(): T;\n      }\n    : {\n        (msg: TArg<Uint8Array>, opts?: TArg<Opts>): TRet<Uint8Array>;\n        create(opts?: Opts): T;\n      });\n/** Callable extendable-output hash function type. */\nexport type CHashXOF<T extends HashXOF<T> = HashXOF<any>, Opts = undefined> = CHash<T, Opts>;\n\n/**\n * Creates a callable hash function from a stateful class constructor.\n * @param hashCons - hash constructor or factory\n * @param info - optional metadata such as DER OID\n * @returns Frozen callable hash wrapper with `.create()`.\n *   Wrapper construction eagerly calls `hashCons(undefined)` once to read\n *   `outputLen` / `blockLen`, so constructor side effects happen at module\n *   init time.\n * @example\n * Wrap a stateful hash constructor into a callable helper.\n * ```ts\n * import { createHasher } from '@noble/hashes/utils.js';\n * import { sha256 } from '@noble/hashes/sha2.js';\n * const wrapped = createHasher(sha256.create, { oid: sha256.oid });\n * wrapped(new Uint8Array([1]));\n * ```\n */\nexport function createHasher<T extends Hash<T>, Opts = undefined>(\n  hashCons: HasherCons<T, Opts>,\n  info: TArg<HashInfo> = {}\n): TRet<CHash<T, Opts>> {\n  const hashC: any = (msg: TArg<Uint8Array>, opts?: TArg<Opts>) =>\n    hashCons(opts as Opts)\n      .update(msg)\n      .digest();\n  const tmp = hashCons(undefined);\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.canXOF = tmp.canXOF;\n  hashC.create = (opts?: Opts) => hashCons(opts);\n  Object.assign(hashC, info);\n  return Object.freeze(hashC) as TRet<CHash<T, Opts>>;\n}\n\n/**\n * Cryptographically secure PRNG backed by `crypto.getRandomValues`.\n * @param bytesLength - number of random bytes to generate\n * @returns Random bytes.\n * The platform `getRandomValues()` implementation still defines any\n * single-call length cap, and this helper rejects oversize requests\n * with a stable library `RangeError` instead of host-specific errors.\n * @throws On wrong argument types. {@link TypeError}\n * @throws On wrong argument ranges or values. {@link RangeError}\n * @throws If the current runtime does not provide `crypto.getRandomValues`. {@link Error}\n * @example\n * Generate a fresh random key or nonce.\n * ```ts\n * const key = randomBytes(16);\n * ```\n */\nexport function randomBytes(bytesLength = 32): TRet<Uint8Array> {\n  // Match the repo's other length-taking helpers instead of relying on Uint8Array coercion.\n  anumber(bytesLength, 'bytesLength');\n  const cr = typeof globalThis === 'object' ? (globalThis as any).crypto : null;\n  if (typeof cr?.getRandomValues !== 'function')\n    throw new Error('crypto.getRandomValues must be defined');\n  // Web Cryptography API Level 2 §10.1.1:\n  // if `byteLength > 65536`, throw `QuotaExceededError`.\n  // Keep the guard explicit so callers can see the quota in code\n  // instead of discovering it by reading the spec or host errors.\n  // This wrapper surfaces the same quota as a stable library RangeError.\n  if (bytesLength > 65536)\n    throw new RangeError(`\"bytesLength\" expected <= 65536, got ${bytesLength}`);\n  return cr.getRandomValues(new Uint8Array(bytesLength));\n}\n\n/**\n * Creates OID metadata for NIST hashes with prefix `06 09 60 86 48 01 65 03 04 02`.\n * @param suffix - final OID byte for the selected hash.\n *   The helper accepts any byte even though only the documented NIST hash\n *   suffixes are meaningful downstream.\n * @returns Object containing the DER-encoded OID.\n * @example\n * Build OID metadata for a NIST hash.\n * ```ts\n * oidNist(0x01);\n * ```\n */\nexport const oidNist = (suffix: number): TRet<Required<HashInfo>> => ({\n  // Current NIST hashAlgs suffixes used here fit in one DER subidentifier octet.\n  // Larger suffix values would need base-128 OID encoding and a different length byte.\n  oid: Uint8Array.from([0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, suffix]),\n});\n","/**\n * Internal Merkle-Damgard hash utils.\n * @module\n */\nimport {\n  abytes,\n  aexists,\n  aoutput,\n  clean,\n  createView,\n  type Hash,\n  type TArg,\n  type TRet,\n} from './utils.ts';\n\n/**\n * Shared 32-bit conditional boolean primitive reused by SHA-256, SHA-1, and MD5 `F`.\n * Returns bits from `b` when `a` is set, otherwise from `c`.\n * The XOR form is equivalent to MD5's `F(X,Y,Z) = XY v not(X)Z` because the masked terms never\n * set the same bit.\n * @param a - selector word\n * @param b - word chosen when selector bit is set\n * @param c - word chosen when selector bit is clear\n * @returns Mixed 32-bit word.\n * @example\n * Combine three words with the shared 32-bit choice primitive.\n * ```ts\n * Chi(0xffffffff, 0x12345678, 0x87654321);\n * ```\n */\nexport function Chi(a: number, b: number, c: number): number {\n  return (a & b) ^ (~a & c);\n}\n\n/**\n * Shared 32-bit majority primitive reused by SHA-256 and SHA-1.\n * Returns bits shared by at least two inputs.\n * @param a - first input word\n * @param b - second input word\n * @param c - third input word\n * @returns Mixed 32-bit word.\n * @example\n * Combine three words with the shared 32-bit majority primitive.\n * ```ts\n * Maj(0xffffffff, 0x12345678, 0x87654321);\n * ```\n */\nexport function Maj(a: number, b: number, c: number): number {\n  return (a & b) ^ (a & c) ^ (b & c);\n}\n\n/**\n * Merkle-Damgard hash construction base class.\n * Could be used to create MD5, RIPEMD, SHA1, SHA2.\n * Accepts only byte-aligned `Uint8Array` input, even when the underlying spec describes bit\n * strings with partial-byte tails.\n * @param blockLen - internal block size in bytes\n * @param outputLen - digest size in bytes\n * @param padOffset - trailing length field size in bytes\n * @param isLE - whether length and state words are encoded in little-endian\n * @example\n * Use a concrete subclass to get the shared Merkle-Damgard update/digest flow.\n * ```ts\n * import { _SHA1 } from '@noble/hashes/legacy.js';\n * const hash = new _SHA1();\n * hash.update(new Uint8Array([97, 98, 99]));\n * hash.digest();\n * ```\n */\nexport abstract class HashMD<T extends HashMD<T>> implements Hash<T> {\n  // Subclasses must treat `buf` as read-only: `update()` may pass a direct view over caller input\n  // when it can process whole blocks without buffering first.\n  protected abstract process(buf: DataView, offset: number): void;\n  protected abstract get(): number[];\n  protected abstract set(...args: number[]): void;\n  abstract destroy(): void;\n  protected abstract roundClean(): void;\n\n  readonly blockLen: number;\n  readonly outputLen: number;\n  readonly canXOF = false;\n  readonly padOffset: number;\n  readonly isLE: boolean;\n\n  // For partial updates less than block size\n  protected buffer: Uint8Array;\n  protected view: DataView;\n  protected finished = false;\n  protected length = 0;\n  protected pos = 0;\n  protected destroyed = false;\n\n  constructor(blockLen: number, outputLen: number, padOffset: number, isLE: boolean) {\n    this.blockLen = blockLen;\n    this.outputLen = outputLen;\n    this.padOffset = padOffset;\n    this.isLE = isLE;\n    this.buffer = new Uint8Array(blockLen);\n    this.view = createView(this.buffer);\n  }\n  update(data: TArg<Uint8Array>): this {\n    aexists(this);\n    abytes(data);\n    const { view, buffer, blockLen } = this;\n    const len = data.length;\n    for (let pos = 0; pos < len; ) {\n      const take = Math.min(blockLen - this.pos, len - pos);\n      // Fast path only when there is no buffered partial block: `take === blockLen` implies\n      // `this.pos === 0`, so we can process full blocks directly from the input view.\n      if (take === blockLen) {\n        const dataView = createView(data);\n        for (; blockLen <= len - pos; pos += blockLen) this.process(dataView, pos);\n        continue;\n      }\n      buffer.set(data.subarray(pos, pos + take), this.pos);\n      this.pos += take;\n      pos += take;\n      if (this.pos === blockLen) {\n        this.process(view, 0);\n        this.pos = 0;\n      }\n    }\n    this.length += data.length;\n    this.roundClean();\n    return this;\n  }\n  digestInto(out: TArg<Uint8Array>): void {\n    aexists(this);\n    aoutput(out, this);\n    this.finished = true;\n    // Padding\n    // We can avoid allocation of buffer for padding completely if it\n    // was previously not allocated here. But it won't change performance.\n    const { buffer, view, blockLen, isLE } = this;\n    let { pos } = this;\n    // append the bit '1' to the message\n    buffer[pos++] = 0b10000000;\n    clean(this.buffer.subarray(pos));\n    // we have less than padOffset left in buffer, so we cannot put length in\n    // current block, need process it and pad again\n    if (this.padOffset > blockLen - pos) {\n      this.process(view, 0);\n      pos = 0;\n    }\n    // Pad until full block byte with zeros\n    for (let i = pos; i < blockLen; i++) buffer[i] = 0;\n    // `padOffset` reserves the whole length field. For SHA-384/512 the high 64 bits stay zero from\n    // the padding fill above, and JS will overflow before user input can make that half non-zero.\n    // So we only need to write the low 64 bits here.\n    view.setBigUint64(blockLen - 8, BigInt(this.length * 8), isLE);\n    this.process(view, 0);\n    const oview = createView(out);\n    const len = this.outputLen;\n    // NOTE: we do division by 4 later, which must be fused in single op with modulo by JIT\n    if (len % 4) throw new Error('_sha2: outputLen must be aligned to 32bit');\n    const outLen = len / 4;\n    const state = this.get();\n    if (outLen > state.length) throw new Error('_sha2: outputLen bigger than state');\n    for (let i = 0; i < outLen; i++) oview.setUint32(4 * i, state[i], isLE);\n  }\n  digest(): TRet<Uint8Array> {\n    const { buffer, outputLen } = this;\n    this.digestInto(buffer);\n    // Copy before destroy(): subclasses wipe `buffer` during cleanup, but `digest()` must return\n    // fresh bytes to the caller.\n    const res = buffer.slice(0, outputLen);\n    this.destroy();\n    return res as TRet<Uint8Array>;\n  }\n  _cloneInto(to?: T): T {\n    to ||= new (this.constructor as any)() as T;\n    to.set(...this.get());\n    const { blockLen, buffer, length, finished, destroyed, pos } = this;\n    to.destroyed = destroyed;\n    to.finished = finished;\n    to.length = length;\n    to.pos = pos;\n    // Only partial-block bytes need copying: when `length % blockLen === 0`, `pos === 0` and\n    // later `update()` / `digestInto()` overwrite `to.buffer` from the start before reading it.\n    if (length % blockLen) to.buffer.set(buffer);\n    return to as unknown as any;\n  }\n  clone(): T {\n    return this._cloneInto();\n  }\n}\n\n/**\n * Initial SHA-2 state: fractional parts of square roots of first 16 primes 2..53.\n * Check out `test/misc/sha2-gen-iv.js` for recomputation guide.\n */\n\n/** Initial SHA256 state from RFC 6234 §6.1: the first 32 bits of the fractional parts of the\n * square roots of the first eight prime numbers. Exported as a shared table; callers must treat\n * it as read-only because constructors copy words from it by index. */\nexport const SHA256_IV: TRet<Uint32Array> = /* @__PURE__ */ Uint32Array.from([\n  0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19,\n]);\n\n/** Initial SHA224 state `H(0)` from RFC 6234 §6.1. Exported as a shared table; callers must\n * treat it as read-only because constructors copy words from it by index. */\nexport const SHA224_IV: TRet<Uint32Array> = /* @__PURE__ */ Uint32Array.from([\n  0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4,\n]);\n\n/** Initial SHA384 state from RFC 6234 §6.3: eight RFC 64-bit `H(0)` words stored as sixteen\n * big-endian 32-bit halves. Derived from the fractional parts of the square roots of the ninth\n * through sixteenth prime numbers. Exported as a shared table; callers must treat it as read-only\n * because constructors copy halves from it by index. */\nexport const SHA384_IV: TRet<Uint32Array> = /* @__PURE__ */ Uint32Array.from([\n  0xcbbb9d5d, 0xc1059ed8, 0x629a292a, 0x367cd507, 0x9159015a, 0x3070dd17, 0x152fecd8, 0xf70e5939,\n  0x67332667, 0xffc00b31, 0x8eb44a87, 0x68581511, 0xdb0c2e0d, 0x64f98fa7, 0x47b5481d, 0xbefa4fa4,\n]);\n\n/** Initial SHA512 state from RFC 6234 §6.3: eight RFC 64-bit `H(0)` words stored as sixteen\n * big-endian 32-bit halves. Derived from the fractional parts of the square roots of the first\n * eight prime numbers. Exported as a shared table; callers must treat it as read-only because\n * constructors copy halves from it by index. */\nexport const SHA512_IV: TRet<Uint32Array> = /* @__PURE__ */ Uint32Array.from([\n  0x6a09e667, 0xf3bcc908, 0xbb67ae85, 0x84caa73b, 0x3c6ef372, 0xfe94f82b, 0xa54ff53a, 0x5f1d36f1,\n  0x510e527f, 0xade682d1, 0x9b05688c, 0x2b3e6c1f, 0x1f83d9ab, 0xfb41bd6b, 0x5be0cd19, 0x137e2179,\n]);\n","/**\n * SHA2 hash function. A.k.a. sha256, sha384, sha512, sha512_224, sha512_256.\n * SHA256 is the fastest hash implementable in JS, even faster than Blake3.\n * Check out {@link https://www.rfc-editor.org/rfc/rfc4634 | RFC 4634} and\n * {@link https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf | FIPS 180-4}.\n * @module\n */\nimport { Chi, HashMD, Maj, SHA224_IV, SHA256_IV, SHA384_IV, SHA512_IV } from './_md.ts';\nimport * as u64 from './_u64.ts';\nimport { type CHash, clean, createHasher, oidNist, rotr, type TRet } from './utils.ts';\n\n/**\n * SHA-224 / SHA-256 round constants from RFC 6234 §5.1: the first 32 bits\n * of the cube roots of the first 64 primes (2..311).\n */\n// prettier-ignore\nconst SHA256_K = /* @__PURE__ */ Uint32Array.from([\n  0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n  0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n  0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n  0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n  0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n  0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n  0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n  0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2\n]);\n\n/** Reusable SHA-224 / SHA-256 message schedule buffer `W_t` from RFC 6234 §6.2 step 1. */\nconst SHA256_W = /* @__PURE__ */ new Uint32Array(64);\n\n/** Internal SHA-224 / SHA-256 compression engine from RFC 6234 §6.2. */\nabstract class SHA2_32B<T extends SHA2_32B<T>> extends HashMD<T> {\n  // We cannot use array here since array allows indexing by variable\n  // which means optimizer/compiler cannot use registers.\n  protected abstract A: number;\n  protected abstract B: number;\n  protected abstract C: number;\n  protected abstract D: number;\n  protected abstract E: number;\n  protected abstract F: number;\n  protected abstract G: number;\n  protected abstract H: number;\n\n  constructor(outputLen: number) {\n    super(64, outputLen, 8, false);\n  }\n  protected get(): [number, number, number, number, number, number, number, number] {\n    const { A, B, C, D, E, F, G, H } = this;\n    return [A, B, C, D, E, F, G, H];\n  }\n  // prettier-ignore\n  protected set(\n    A: number, B: number, C: number, D: number, E: number, F: number, G: number, H: number\n  ): void {\n    this.A = A | 0;\n    this.B = B | 0;\n    this.C = C | 0;\n    this.D = D | 0;\n    this.E = E | 0;\n    this.F = F | 0;\n    this.G = G | 0;\n    this.H = H | 0;\n  }\n  protected process(view: DataView, offset: number): void {\n    // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array\n    for (let i = 0; i < 16; i++, offset += 4) SHA256_W[i] = view.getUint32(offset, false);\n    for (let i = 16; i < 64; i++) {\n      const W15 = SHA256_W[i - 15];\n      const W2 = SHA256_W[i - 2];\n      const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3);\n      const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10);\n      SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0;\n    }\n    // Compression function main loop, 64 rounds\n    let { A, B, C, D, E, F, G, H } = this;\n    for (let i = 0; i < 64; i++) {\n      const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);\n      const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;\n      const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);\n      const T2 = (sigma0 + Maj(A, B, C)) | 0;\n      H = G;\n      G = F;\n      F = E;\n      E = (D + T1) | 0;\n      D = C;\n      C = B;\n      B = A;\n      A = (T1 + T2) | 0;\n    }\n    // Add the compressed chunk to the current hash value\n    A = (A + this.A) | 0;\n    B = (B + this.B) | 0;\n    C = (C + this.C) | 0;\n    D = (D + this.D) | 0;\n    E = (E + this.E) | 0;\n    F = (F + this.F) | 0;\n    G = (G + this.G) | 0;\n    H = (H + this.H) | 0;\n    this.set(A, B, C, D, E, F, G, H);\n  }\n  protected roundClean(): void {\n    clean(SHA256_W);\n  }\n  destroy(): void {\n    // HashMD callers route post-destroy usability through `destroyed`; zeroizing alone still leaves\n    // update()/digest() callable on reused instances.\n    this.destroyed = true;\n    this.set(0, 0, 0, 0, 0, 0, 0, 0);\n    clean(this.buffer);\n  }\n}\n\n/** Internal SHA-256 hash class grounded in RFC 6234 §6.2. */\nexport class _SHA256 extends SHA2_32B<_SHA256> {\n  // We cannot use array here since array allows indexing by variable\n  // which means optimizer/compiler cannot use registers.\n  protected A: number = SHA256_IV[0] | 0;\n  protected B: number = SHA256_IV[1] | 0;\n  protected C: number = SHA256_IV[2] | 0;\n  protected D: number = SHA256_IV[3] | 0;\n  protected E: number = SHA256_IV[4] | 0;\n  protected F: number = SHA256_IV[5] | 0;\n  protected G: number = SHA256_IV[6] | 0;\n  protected H: number = SHA256_IV[7] | 0;\n  constructor() {\n    super(32);\n  }\n}\n\n/** Internal SHA-224 hash class grounded in RFC 6234 §6.2 and §8.5. */\nexport class _SHA224 extends SHA2_32B<_SHA224> {\n  protected A: number = SHA224_IV[0] | 0;\n  protected B: number = SHA224_IV[1] | 0;\n  protected C: number = SHA224_IV[2] | 0;\n  protected D: number = SHA224_IV[3] | 0;\n  protected E: number = SHA224_IV[4] | 0;\n  protected F: number = SHA224_IV[5] | 0;\n  protected G: number = SHA224_IV[6] | 0;\n  protected H: number = SHA224_IV[7] | 0;\n  constructor() {\n    super(28);\n  }\n}\n\n// SHA2-512 is slower than sha256 in js because u64 operations are slow.\n\n// SHA-384 / SHA-512 round constants from RFC 6234 §5.2:\n// 80 full 64-bit words split into high/low halves.\n// prettier-ignore\nconst K512 = /* @__PURE__ */ (() => u64.split([\n  '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc',\n  '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118',\n  '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2',\n  '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694',\n  '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65',\n  '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5',\n  '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4',\n  '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70',\n  '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df',\n  '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b',\n  '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30',\n  '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8',\n  '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8',\n  '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3',\n  '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec',\n  '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b',\n  '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178',\n  '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b',\n  '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c',\n  '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817'\n].map(n => BigInt(n))))();\nconst SHA512_Kh = /* @__PURE__ */ (() => K512[0])();\nconst SHA512_Kl = /* @__PURE__ */ (() => K512[1])();\n\n// Reusable high-half schedule buffer for the RFC 6234 §6.4 64-bit `W_t` words.\nconst SHA512_W_H = /* @__PURE__ */ new Uint32Array(80);\n// Reusable low-half schedule buffer for the RFC 6234 §6.4 64-bit `W_t` words.\nconst SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);\n\n/** Internal SHA-384 / SHA-512 compression engine from RFC 6234 §6.4. */\nabstract class SHA2_64B<T extends SHA2_64B<T>> extends HashMD<T> {\n  // We cannot use array here since array allows indexing by variable\n  // which means optimizer/compiler cannot use registers.\n  // h -- high 32 bits, l -- low 32 bits\n  protected abstract Ah: number;\n  protected abstract Al: number;\n  protected abstract Bh: number;\n  protected abstract Bl: number;\n  protected abstract Ch: number;\n  protected abstract Cl: number;\n  protected abstract Dh: number;\n  protected abstract Dl: number;\n  protected abstract Eh: number;\n  protected abstract El: number;\n  protected abstract Fh: number;\n  protected abstract Fl: number;\n  protected abstract Gh: number;\n  protected abstract Gl: number;\n  protected abstract Hh: number;\n  protected abstract Hl: number;\n\n  constructor(outputLen: number) {\n    super(128, outputLen, 16, false);\n  }\n  // prettier-ignore\n  protected get(): [\n    number, number, number, number, number, number, number, number,\n    number, number, number, number, number, number, number, number\n  ] {\n    const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;\n    return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];\n  }\n  // prettier-ignore\n  protected set(\n    Ah: number, Al: number, Bh: number, Bl: number, Ch: number, Cl: number, Dh: number, Dl: number,\n    Eh: number, El: number, Fh: number, Fl: number, Gh: number, Gl: number, Hh: number, Hl: number\n  ): void {\n    this.Ah = Ah | 0;\n    this.Al = Al | 0;\n    this.Bh = Bh | 0;\n    this.Bl = Bl | 0;\n    this.Ch = Ch | 0;\n    this.Cl = Cl | 0;\n    this.Dh = Dh | 0;\n    this.Dl = Dl | 0;\n    this.Eh = Eh | 0;\n    this.El = El | 0;\n    this.Fh = Fh | 0;\n    this.Fl = Fl | 0;\n    this.Gh = Gh | 0;\n    this.Gl = Gl | 0;\n    this.Hh = Hh | 0;\n    this.Hl = Hl | 0;\n  }\n  protected process(view: DataView, offset: number): void {\n    // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array\n    for (let i = 0; i < 16; i++, offset += 4) {\n      SHA512_W_H[i] = view.getUint32(offset);\n      SHA512_W_L[i] = view.getUint32((offset += 4));\n    }\n    for (let i = 16; i < 80; i++) {\n      // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7)\n      const W15h = SHA512_W_H[i - 15] | 0;\n      const W15l = SHA512_W_L[i - 15] | 0;\n      const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7);\n      const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7);\n      // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6)\n      const W2h = SHA512_W_H[i - 2] | 0;\n      const W2l = SHA512_W_L[i - 2] | 0;\n      const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6);\n      const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6);\n      // SHA512_W[i] = s0 + s1 + SHA512_W[i - 7] + SHA512_W[i - 16];\n      const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);\n      const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);\n      SHA512_W_H[i] = SUMh | 0;\n      SHA512_W_L[i] = SUMl | 0;\n    }\n    let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;\n    // Compression function main loop, 80 rounds\n    for (let i = 0; i < 80; i++) {\n      // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41)\n      const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41);\n      const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41);\n      //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;\n      const CHIh = (Eh & Fh) ^ (~Eh & Gh);\n      const CHIl = (El & Fl) ^ (~El & Gl);\n      // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i]\n      // prettier-ignore\n      const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);\n      const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);\n      const T1l = T1ll | 0;\n      // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39)\n      const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39);\n      const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39);\n      const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch);\n      const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl);\n      Hh = Gh | 0;\n      Hl = Gl | 0;\n      Gh = Fh | 0;\n      Gl = Fl | 0;\n      Fh = Eh | 0;\n      Fl = El | 0;\n      ({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));\n      Dh = Ch | 0;\n      Dl = Cl | 0;\n      Ch = Bh | 0;\n      Cl = Bl | 0;\n      Bh = Ah | 0;\n      Bl = Al | 0;\n      const All = u64.add3L(T1l, sigma0l, MAJl);\n      Ah = u64.add3H(All, T1h, sigma0h, MAJh);\n      Al = All | 0;\n    }\n    // Add the compressed chunk to the current hash value\n    ({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));\n    ({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));\n    ({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));\n    ({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));\n    ({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));\n    ({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));\n    ({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));\n    ({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));\n    this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);\n  }\n  protected roundClean(): void {\n    clean(SHA512_W_H, SHA512_W_L);\n  }\n  destroy(): void {\n    // HashMD callers route post-destroy usability through `destroyed`; zeroizing alone still leaves\n    // update()/digest() callable on reused instances.\n    this.destroyed = true;\n    clean(this.buffer);\n    this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);\n  }\n}\n\n/** Internal SHA-512 hash class grounded in RFC 6234 §6.3 and §6.4. */\nexport class _SHA512 extends SHA2_64B<_SHA512> {\n  protected Ah: number = SHA512_IV[0] | 0;\n  protected Al: number = SHA512_IV[1] | 0;\n  protected Bh: number = SHA512_IV[2] | 0;\n  protected Bl: number = SHA512_IV[3] | 0;\n  protected Ch: number = SHA512_IV[4] | 0;\n  protected Cl: number = SHA512_IV[5] | 0;\n  protected Dh: number = SHA512_IV[6] | 0;\n  protected Dl: number = SHA512_IV[7] | 0;\n  protected Eh: number = SHA512_IV[8] | 0;\n  protected El: number = SHA512_IV[9] | 0;\n  protected Fh: number = SHA512_IV[10] | 0;\n  protected Fl: number = SHA512_IV[11] | 0;\n  protected Gh: number = SHA512_IV[12] | 0;\n  protected Gl: number = SHA512_IV[13] | 0;\n  protected Hh: number = SHA512_IV[14] | 0;\n  protected Hl: number = SHA512_IV[15] | 0;\n\n  constructor() {\n    super(64);\n  }\n}\n\n/** Internal SHA-384 hash class grounded in RFC 6234 §6.3 and §6.4. */\nexport class _SHA384 extends SHA2_64B<_SHA384> {\n  protected Ah: number = SHA384_IV[0] | 0;\n  protected Al: number = SHA384_IV[1] | 0;\n  protected Bh: number = SHA384_IV[2] | 0;\n  protected Bl: number = SHA384_IV[3] | 0;\n  protected Ch: number = SHA384_IV[4] | 0;\n  protected Cl: number = SHA384_IV[5] | 0;\n  protected Dh: number = SHA384_IV[6] | 0;\n  protected Dl: number = SHA384_IV[7] | 0;\n  protected Eh: number = SHA384_IV[8] | 0;\n  protected El: number = SHA384_IV[9] | 0;\n  protected Fh: number = SHA384_IV[10] | 0;\n  protected Fl: number = SHA384_IV[11] | 0;\n  protected Gh: number = SHA384_IV[12] | 0;\n  protected Gl: number = SHA384_IV[13] | 0;\n  protected Hh: number = SHA384_IV[14] | 0;\n  protected Hl: number = SHA384_IV[15] | 0;\n\n  constructor() {\n    super(48);\n  }\n}\n\n/**\n * Truncated SHA512/256 and SHA512/224.\n * SHA512_IV is XORed with 0xa5a5a5a5a5a5a5a5, then used as \"intermediary\" IV of SHA512/t.\n * Then t hashes string to produce result IV.\n * See the repo-side derivation recipe in `test/misc/sha2-gen-iv.js`.\n * These IV literals are checked against that script rather than a dedicated\n * local RFC section.\n */\n\n/** SHA-512/224 IV derived by the SHA-512/t recipe in `test/misc/sha2-gen-iv.js` and\n * stored as sixteen big-endian 32-bit halves. */\nconst T224_IV = /* @__PURE__ */ Uint32Array.from([\n  0x8c3d37c8, 0x19544da2, 0x73e19966, 0x89dcd4d6, 0x1dfab7ae, 0x32ff9c82, 0x679dd514, 0x582f9fcf,\n  0x0f6d2b69, 0x7bd44da8, 0x77e36f73, 0x04c48942, 0x3f9d85a8, 0x6a1d36c8, 0x1112e6ad, 0x91d692a1,\n]);\n\n/** SHA-512/256 IV derived by the SHA-512/t recipe in `test/misc/sha2-gen-iv.js` and\n * stored as sixteen big-endian 32-bit halves. */\nconst T256_IV = /* @__PURE__ */ Uint32Array.from([\n  0x22312194, 0xfc2bf72c, 0x9f555fa3, 0xc84c64c2, 0x2393b86b, 0x6f53b151, 0x96387719, 0x5940eabd,\n  0x96283ee2, 0xa88effe3, 0xbe5e1e25, 0x53863992, 0x2b0199fc, 0x2c85b8aa, 0x0eb72ddc, 0x81c52ca2,\n]);\n\n/** Internal SHA-512/224 hash class using the derived `T224_IV` and the shared\n * RFC 6234 §6.4 compression engine. */\nexport class _SHA512_224 extends SHA2_64B<_SHA512_224> {\n  protected Ah: number = T224_IV[0] | 0;\n  protected Al: number = T224_IV[1] | 0;\n  protected Bh: number = T224_IV[2] | 0;\n  protected Bl: number = T224_IV[3] | 0;\n  protected Ch: number = T224_IV[4] | 0;\n  protected Cl: number = T224_IV[5] | 0;\n  protected Dh: number = T224_IV[6] | 0;\n  protected Dl: number = T224_IV[7] | 0;\n  protected Eh: number = T224_IV[8] | 0;\n  protected El: number = T224_IV[9] | 0;\n  protected Fh: number = T224_IV[10] | 0;\n  protected Fl: number = T224_IV[11] | 0;\n  protected Gh: number = T224_IV[12] | 0;\n  protected Gl: number = T224_IV[13] | 0;\n  protected Hh: number = T224_IV[14] | 0;\n  protected Hl: number = T224_IV[15] | 0;\n\n  constructor() {\n    super(28);\n  }\n}\n\n/** Internal SHA-512/256 hash class using the derived `T256_IV` and the shared\n * RFC 6234 §6.4 compression engine. */\nexport class _SHA512_256 extends SHA2_64B<_SHA512_256> {\n  protected Ah: number = T256_IV[0] | 0;\n  protected Al: number = T256_IV[1] | 0;\n  protected Bh: number = T256_IV[2] | 0;\n  protected Bl: number = T256_IV[3] | 0;\n  protected Ch: number = T256_IV[4] | 0;\n  protected Cl: number = T256_IV[5] | 0;\n  protected Dh: number = T256_IV[6] | 0;\n  protected Dl: number = T256_IV[7] | 0;\n  protected Eh: number = T256_IV[8] | 0;\n  protected El: number = T256_IV[9] | 0;\n  protected Fh: number = T256_IV[10] | 0;\n  protected Fl: number = T256_IV[11] | 0;\n  protected Gh: number = T256_IV[12] | 0;\n  protected Gl: number = T256_IV[13] | 0;\n  protected Hh: number = T256_IV[14] | 0;\n  protected Hl: number = T256_IV[15] | 0;\n\n  constructor() {\n    super(32);\n  }\n}\n\n/**\n * SHA2-256 hash function from RFC 4634. In JS it's the fastest: even faster than Blake3. Some info:\n *\n * - Trying 2^128 hashes would get 50% chance of collision, using birthday attack.\n * - BTC network is doing 2^70 hashes/sec (2^95 hashes/year) as per 2025.\n * - Each sha256 hash is executing 2^18 bit operations.\n * - Good 2024 ASICs can do 200Th/sec with 3500 watts of power, corresponding to 2^36 hashes/joule.\n * @param msg - message bytes to hash\n * @returns Digest bytes.\n * @example\n * Hash a message with SHA2-256.\n * ```ts\n * sha256(new Uint8Array([97, 98, 99]));\n * ```\n */\nexport const sha256: TRet<CHash<_SHA256>> = /* @__PURE__ */ createHasher(\n  () => new _SHA256(),\n  /* @__PURE__ */ oidNist(0x01)\n);\n/**\n * SHA2-224 hash function from RFC 4634.\n * @param msg - message bytes to hash\n * @returns Digest bytes.\n * @example\n * Hash a message with SHA2-224.\n * ```ts\n * sha224(new Uint8Array([97, 98, 99]));\n * ```\n */\nexport const sha224: TRet<CHash<_SHA224>> = /* @__PURE__ */ createHasher(\n  () => new _SHA224(),\n  /* @__PURE__ */ oidNist(0x04)\n);\n\n/**\n * SHA2-512 hash function from RFC 4634.\n * @param msg - message bytes to hash\n * @returns Digest bytes.\n * @example\n * Hash a message with SHA2-512.\n * ```ts\n * sha512(new Uint8Array([97, 98, 99]));\n * ```\n */\nexport const sha512: TRet<CHash<_SHA512>> = /* @__PURE__ */ createHasher(\n  () => new _SHA512(),\n  /* @__PURE__ */ oidNist(0x03)\n);\n/**\n * SHA2-384 hash function from RFC 4634.\n * @param msg - message bytes to hash\n * @returns Digest bytes.\n * @example\n * Hash a message with SHA2-384.\n * ```ts\n * sha384(new Uint8Array([97, 98, 99]));\n * ```\n */\nexport const sha384: TRet<CHash<_SHA384>> = /* @__PURE__ */ createHasher(\n  () => new _SHA384(),\n  /* @__PURE__ */ oidNist(0x02)\n);\n\n/**\n * SHA2-512/256 \"truncated\" hash function, with improved resistance to length extension attacks.\n * See the paper on {@link https://eprint.iacr.org/2010/548.pdf | truncated SHA512}.\n * @param msg - message bytes to hash\n * @returns Digest bytes.\n * @example\n * Hash a message with SHA2-512/256.\n * ```ts\n * sha512_256(new Uint8Array([97, 98, 99]));\n * ```\n */\nexport const sha512_256: TRet<CHash<_SHA512_256>> = /* @__PURE__ */ createHasher(\n  () => new _SHA512_256(),\n  /* @__PURE__ */ oidNist(0x06)\n);\n/**\n * SHA2-512/224 \"truncated\" hash function, with improved resistance to length extension attacks.\n * See the paper on {@link https://eprint.iacr.org/2010/548.pdf | truncated SHA512}.\n * @param msg - message bytes to hash\n * @returns Digest bytes.\n * @example\n * Hash a message with SHA2-512/224.\n * ```ts\n * sha512_224(new Uint8Array([97, 98, 99]));\n * ```\n */\nexport const sha512_224: TRet<CHash<_SHA512_224>> = /* @__PURE__ */ createHasher(\n  () => new _SHA512_224(),\n  /* @__PURE__ */ oidNist(0x05)\n);\n","import { sha256 } from \"@noble/hashes/sha2.js\";\nimport { bytesToHex } from \"@noble/hashes/utils.js\";\n\nimport stringify from \"fast-json-stable-stringify\";\n\nexport const GENESIS_HASH = \"0\".repeat(64);\n\nexport interface AuditEvent {\n  organisationId: string;\n  sequence: number;\n  action: string;\n  actor: unknown;\n  target?: unknown;\n  metadata?: unknown;\n  createdAt: string;\n}\n\nexport function computeHash(event: AuditEvent, previousHash: string): string {\n  const payload = stringify({\n    organisationId: event.organisationId,\n    sequence: event.sequence,\n    action: event.action,\n    actor: event.actor,\n    target: event.target ?? null,\n    metadata: event.metadata ?? null,\n    createdAt: event.createdAt,\n    previousHash,\n  });\n  return bytesToHex(sha256(new TextEncoder().encode(payload)));\n}\n\nexport interface ChainEntry extends AuditEvent {\n  hash: string;\n  previousHash: string;\n}\n\nexport interface VerificationResult {\n  valid: boolean;\n  totalEntries: number;\n  tamperedAt?: number;\n  reason?: string;\n}\n\nexport function verifyChain(entries: ChainEntry[]): VerificationResult {\n  if (entries.length === 0) {\n    return { valid: true, totalEntries: 0 };\n  }\n\n  const sorted = [...entries].sort((a, b) => a.sequence - b.sequence);\n\n  for (let i = 0; i < sorted.length; i++) {\n    const entry = sorted[i];\n    const expectedPreviousHash = i === 0 ? GENESIS_HASH : sorted[i - 1].hash;\n\n    if (entry.previousHash !== expectedPreviousHash) {\n      return {\n        valid: false,\n        totalEntries: entries.length,\n        tamperedAt: entry.sequence,\n        reason: `Chain broken at sequence ${entry.sequence}`,\n      };\n    }\n\n    const recomputed = computeHash(entry, entry.previousHash);\n\n    if (recomputed !== entry.hash) {\n      return {\n        valid: false,\n        totalEntries: entries.length,\n        tamperedAt: entry.sequence,\n        reason: `Hash mismatch at sequence ${entry.sequence} — data tampered`,\n      };\n    }\n  }\n\n  return { valid: true, totalEntries: entries.length };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAEA,WAAO,UAAU,SAAU,MAAM,MAAM;AACnC,UAAI,CAAC,KAAM,QAAO,CAAC;AACnB,UAAI,OAAO,SAAS,WAAY,QAAO,EAAE,KAAK,KAAK;AACnD,UAAI,SAAU,OAAO,KAAK,WAAW,YAAa,KAAK,SAAS;AAEhE,UAAI,MAAM,KAAK,OAAQ,0BAAU,GAAG;AAChC,eAAO,SAAU,MAAM;AACnB,iBAAO,SAAU,GAAG,GAAG;AACnB,gBAAI,OAAO,EAAE,KAAK,GAAG,OAAO,KAAK,CAAC,EAAE;AACpC,gBAAI,OAAO,EAAE,KAAK,GAAG,OAAO,KAAK,CAAC,EAAE;AACpC,mBAAO,EAAE,MAAM,IAAI;AAAA,UACvB;AAAA,QACJ;AAAA,MACJ,GAAG,KAAK,GAAG;AAEX,UAAI,OAAO,CAAC;AACZ,cAAQ,SAASA,WAAW,MAAM;AAC9B,YAAI,QAAQ,KAAK,UAAU,OAAO,KAAK,WAAW,YAAY;AAC1D,iBAAO,KAAK,OAAO;AAAA,QACvB;AAEA,YAAI,SAAS,OAAW;AACxB,YAAI,OAAO,QAAQ,SAAU,QAAO,SAAS,IAAI,IAAI,KAAK,OAAO;AACjE,YAAI,OAAO,SAAS,SAAU,QAAO,KAAK,UAAU,IAAI;AAExD,YAAI,GAAG;AACP,YAAI,MAAM,QAAQ,IAAI,GAAG;AACrB,gBAAM;AACN,eAAK,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK;AAC9B,gBAAI,EAAG,QAAO;AACd,mBAAOA,WAAU,KAAK,CAAC,CAAC,KAAK;AAAA,UACjC;AACA,iBAAO,MAAM;AAAA,QACjB;AAEA,YAAI,SAAS,KAAM,QAAO;AAE1B,YAAI,KAAK,QAAQ,IAAI,MAAM,IAAI;AAC3B,cAAI,OAAQ,QAAO,KAAK,UAAU,WAAW;AAC7C,gBAAM,IAAI,UAAU,uCAAuC;AAAA,QAC/D;AAEA,YAAI,YAAY,KAAK,KAAK,IAAI,IAAI;AAClC,YAAI,OAAO,OAAO,KAAK,IAAI,EAAE,KAAK,OAAO,IAAI,IAAI,CAAC;AAClD,cAAM;AACN,aAAK,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK;AAC9B,cAAI,MAAM,KAAK,CAAC;AAChB,cAAI,QAAQA,WAAU,KAAK,GAAG,CAAC;AAE/B,cAAI,CAAC,MAAO;AACZ,cAAI,IAAK,QAAO;AAChB,iBAAO,KAAK,UAAU,GAAG,IAAI,MAAM;AAAA,QACvC;AACA,aAAK,OAAO,WAAW,CAAC;AACxB,eAAO,MAAM,MAAM;AAAA,MACvB,GAAG,IAAI;AAAA,IACX;AAAA;AAAA;;;AC1DA,SAAS,eAAe;AACxB,SAAS,YAAY;AACrB,SAAS,IAAI,MAAM,KAAK,KAAK,UAAU;;;ACFvC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEA,IAAM,gBAAgB,QAAQ,iBAAiB;AAAA,EACpD,IAAI,KAAK,IAAI,EAAE,WAAW,EAAE,cAAc;AAAA,EAC1C,MAAM,KAAK,MAAM,EAAE,QAAQ;AAAA,EAC3B,MAAM,KAAK,MAAM,EAAE,QAAQ,EAAE,QAAQ,MAAM;AAAA,EAC3C,WAAW,UAAU,YAAY,EAAE,QAAQ,EAAE,WAAW;AAC1D,CAAC;AAGM,IAAM,YAAY;AAAA,EACvB;AAAA,EACA;AAAA,IACE,IAAI,KAAK,IAAI,EAAE,WAAW,EAAE,cAAc;AAAA,IAC1C,gBAAgB,KAAK,iBAAiB,EACnC,QAAQ,EACR,WAAW,MAAM,cAAc,EAAE;AAAA,IACpC,UAAU,OAAO,YAAY,EAAE,MAAM,SAAS,CAAC,EAAE,QAAQ;AAAA,IACzD,QAAQ,KAAK,QAAQ,EAAE,QAAQ;AAAA,IAC/B,OAAO,MAAM,OAAO,EAAE,QAAQ;AAAA,IAC9B,QAAQ,MAAM,QAAQ;AAAA,IACtB,UAAU,MAAM,UAAU;AAAA,IAC1B,MAAM,KAAK,MAAM,EAAE,QAAQ;AAAA,IAC3B,cAAc,KAAK,eAAe,EAAE,QAAQ;AAAA,IAC5C,WAAW,UAAU,YAAY,EAAE,QAAQ,EAAE,WAAW;AAAA,EAC1D;AAAA,EACA,CAAC,MAAM;AAAA,IACL,OAAO,6BAA6B,EAAE,GAAG,EAAE,gBAAgB,EAAE,QAAQ;AAAA,EACvE;AACF;;;ACmFM,SAAU,QAAQ,GAAU;AAKhC,SACE,aAAa,cACZ,YAAY,OAAO,CAAC,KACnB,EAAE,YAAY,SAAS,gBACvB,uBAAuB,KACvB,EAAE,sBAAsB;AAE9B;AAuCM,SAAU,OACd,OACA,QACA,QAAgB,IAAE;AAElB,QAAM,QAAQ,QAAQ,KAAK;AAC3B,QAAM,MAAM,OAAO;AACnB,QAAM,WAAW,WAAW;AAC5B,MAAI,CAAC,SAAU,YAAY,QAAQ,QAAS;AAC1C,UAAM,SAAS,SAAS,IAAI,KAAK;AACjC,UAAM,QAAQ,WAAW,cAAc,MAAM,KAAK;AAClD,UAAM,MAAM,QAAQ,UAAU,GAAG,KAAK,QAAQ,OAAO,KAAK;AAC1D,UAAM,UAAU,SAAS,wBAAwB,QAAQ,WAAW;AACpE,QAAI,CAAC;AAAO,YAAM,IAAI,UAAU,OAAO;AACvC,UAAM,IAAI,WAAW,OAAO;EAC9B;AACA,SAAO;AACT;AA2DM,SAAU,QAAQ,UAAe,gBAAgB,MAAI;AACzD,MAAI,SAAS;AAAW,UAAM,IAAI,MAAM,kCAAkC;AAC1E,MAAI,iBAAiB,SAAS;AAAU,UAAM,IAAI,MAAM,uCAAuC;AACjG;AAkBM,SAAU,QAAQ,KAAU,UAAa;AAC7C,SAAO,KAAK,QAAW,qBAAqB;AAC5C,QAAM,MAAM,SAAS;AACrB,MAAI,IAAI,SAAS,KAAK;AACpB,UAAM,IAAI,WAAW,sDAAsD,GAAG;EAChF;AACF;AAkDM,SAAU,SAAS,QAA0B;AACjD,WAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,WAAO,CAAC,EAAE,KAAK,CAAC;EAClB;AACF;AAYM,SAAU,WAAW,KAAqB;AAC9C,SAAO,IAAI,SAAS,IAAI,QAAQ,IAAI,YAAY,IAAI,UAAU;AAChE;AAaM,SAAU,KAAK,MAAc,OAAa;AAC9C,SAAQ,QAAS,KAAK,QAAW,SAAS;AAC5C;AAsFA,IAAM,gBAA0C;;EAE9C,OAAO,WAAW,KAAK,CAAA,CAAE,EAAE,UAAU,cAAc,OAAO,WAAW,YAAY;GAAW;AAG9F,IAAM,QAAwB,sBAAM,KAAK,EAAE,QAAQ,IAAG,GAAI,CAAC,GAAG,MAC5D,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC;AAgB3B,SAAU,WAAW,OAAuB;AAChD,SAAO,KAAK;AAEZ,MAAI;AAAe,WAAO,MAAM,MAAK;AAErC,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,WAAO,MAAM,MAAM,CAAC,CAAC;EACvB;AACA,SAAO;AACT;AAmTM,SAAU,aACd,UACA,OAAuB,CAAA,GAAE;AAEzB,QAAM,QAAa,CAAC,KAAuB,SACzC,SAAS,IAAY,EAClB,OAAO,GAAG,EACV,OAAM;AACX,QAAM,MAAM,SAAS,MAAS;AAC9B,QAAM,YAAY,IAAI;AACtB,QAAM,WAAW,IAAI;AACrB,QAAM,SAAS,IAAI;AACnB,QAAM,SAAS,CAAC,SAAgB,SAAS,IAAI;AAC7C,SAAO,OAAO,OAAO,IAAI;AACzB,SAAO,OAAO,OAAO,KAAK;AAC5B;AA8CO,IAAM,UAAU,CAAC,YAA8C;;;EAGpE,KAAK,WAAW,KAAK,CAAC,GAAM,GAAM,IAAM,KAAM,IAAM,GAAM,KAAM,GAAM,GAAM,GAAM,MAAM,CAAC;;;;AChzBrF,SAAU,IAAI,GAAW,GAAW,GAAS;AACjD,SAAQ,IAAI,IAAM,CAAC,IAAI;AACzB;AAeM,SAAU,IAAI,GAAW,GAAW,GAAS;AACjD,SAAQ,IAAI,IAAM,IAAI,IAAM,IAAI;AAClC;AAoBM,IAAgB,SAAhB,MAAsB;EASjB;EACA;EACA,SAAS;EACT;EACA;;EAGC;EACA;EACA,WAAW;EACX,SAAS;EACT,MAAM;EACN,YAAY;EAEtB,YAAY,UAAkB,WAAmB,WAAmB,MAAa;AAC/E,SAAK,WAAW;AAChB,SAAK,YAAY;AACjB,SAAK,YAAY;AACjB,SAAK,OAAO;AACZ,SAAK,SAAS,IAAI,WAAW,QAAQ;AACrC,SAAK,OAAO,WAAW,KAAK,MAAM;EACpC;EACA,OAAO,MAAsB;AAC3B,YAAQ,IAAI;AACZ,WAAO,IAAI;AACX,UAAM,EAAE,MAAM,QAAQ,SAAQ,IAAK;AACnC,UAAM,MAAM,KAAK;AACjB,aAAS,MAAM,GAAG,MAAM,OAAO;AAC7B,YAAM,OAAO,KAAK,IAAI,WAAW,KAAK,KAAK,MAAM,GAAG;AAGpD,UAAI,SAAS,UAAU;AACrB,cAAM,WAAW,WAAW,IAAI;AAChC,eAAO,YAAY,MAAM,KAAK,OAAO;AAAU,eAAK,QAAQ,UAAU,GAAG;AACzE;MACF;AACA,aAAO,IAAI,KAAK,SAAS,KAAK,MAAM,IAAI,GAAG,KAAK,GAAG;AACnD,WAAK,OAAO;AACZ,aAAO;AACP,UAAI,KAAK,QAAQ,UAAU;AACzB,aAAK,QAAQ,MAAM,CAAC;AACpB,aAAK,MAAM;MACb;IACF;AACA,SAAK,UAAU,KAAK;AACpB,SAAK,WAAU;AACf,WAAO;EACT;EACA,WAAW,KAAqB;AAC9B,YAAQ,IAAI;AACZ,YAAQ,KAAK,IAAI;AACjB,SAAK,WAAW;AAIhB,UAAM,EAAE,QAAQ,MAAM,UAAU,KAAI,IAAK;AACzC,QAAI,EAAE,IAAG,IAAK;AAEd,WAAO,KAAK,IAAI;AAChB,UAAM,KAAK,OAAO,SAAS,GAAG,CAAC;AAG/B,QAAI,KAAK,YAAY,WAAW,KAAK;AACnC,WAAK,QAAQ,MAAM,CAAC;AACpB,YAAM;IACR;AAEA,aAAS,IAAI,KAAK,IAAI,UAAU;AAAK,aAAO,CAAC,IAAI;AAIjD,SAAK,aAAa,WAAW,GAAG,OAAO,KAAK,SAAS,CAAC,GAAG,IAAI;AAC7D,SAAK,QAAQ,MAAM,CAAC;AACpB,UAAM,QAAQ,WAAW,GAAG;AAC5B,UAAM,MAAM,KAAK;AAEjB,QAAI,MAAM;AAAG,YAAM,IAAI,MAAM,2CAA2C;AACxE,UAAM,SAAS,MAAM;AACrB,UAAM,QAAQ,KAAK,IAAG;AACtB,QAAI,SAAS,MAAM;AAAQ,YAAM,IAAI,MAAM,oCAAoC;AAC/E,aAAS,IAAI,GAAG,IAAI,QAAQ;AAAK,YAAM,UAAU,IAAI,GAAG,MAAM,CAAC,GAAG,IAAI;EACxE;EACA,SAAM;AACJ,UAAM,EAAE,QAAQ,UAAS,IAAK;AAC9B,SAAK,WAAW,MAAM;AAGtB,UAAM,MAAM,OAAO,MAAM,GAAG,SAAS;AACrC,SAAK,QAAO;AACZ,WAAO;EACT;EACA,WAAW,IAAM;AACf,WAAO,IAAK,KAAK,YAAmB;AACpC,OAAG,IAAI,GAAG,KAAK,IAAG,CAAE;AACpB,UAAM,EAAE,UAAU,QAAQ,QAAQ,UAAU,WAAW,IAAG,IAAK;AAC/D,OAAG,YAAY;AACf,OAAG,WAAW;AACd,OAAG,SAAS;AACZ,OAAG,MAAM;AAGT,QAAI,SAAS;AAAU,SAAG,OAAO,IAAI,MAAM;AAC3C,WAAO;EACT;EACA,QAAK;AACH,WAAO,KAAK,WAAU;EACxB;;AAWK,IAAM,YAA+C,4BAAY,KAAK;EAC3E;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;CACrF;;;ACrLD,IAAM,WAA2B,4BAAY,KAAK;EAChD;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EACpF;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EACpF;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EACpF;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EACpF;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EACpF;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EACpF;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EACpF;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;EAAY;CACrF;AAGD,IAAM,WAA2B,oBAAI,YAAY,EAAE;AAGnD,IAAe,WAAf,cAAuD,OAAS;EAY9D,YAAY,WAAiB;AAC3B,UAAM,IAAI,WAAW,GAAG,KAAK;EAC/B;EACU,MAAG;AACX,UAAM,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAC,IAAK;AACnC,WAAO,CAAC,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;EAChC;;EAEU,IACR,GAAW,GAAW,GAAW,GAAW,GAAW,GAAW,GAAW,GAAS;AAEtF,SAAK,IAAI,IAAI;AACb,SAAK,IAAI,IAAI;AACb,SAAK,IAAI,IAAI;AACb,SAAK,IAAI,IAAI;AACb,SAAK,IAAI,IAAI;AACb,SAAK,IAAI,IAAI;AACb,SAAK,IAAI,IAAI;AACb,SAAK,IAAI,IAAI;EACf;EACU,QAAQ,MAAgB,QAAc;AAE9C,aAAS,IAAI,GAAG,IAAI,IAAI,KAAK,UAAU;AAAG,eAAS,CAAC,IAAI,KAAK,UAAU,QAAQ,KAAK;AACpF,aAAS,IAAI,IAAI,IAAI,IAAI,KAAK;AAC5B,YAAM,MAAM,SAAS,IAAI,EAAE;AAC3B,YAAM,KAAK,SAAS,IAAI,CAAC;AACzB,YAAM,KAAK,KAAK,KAAK,CAAC,IAAI,KAAK,KAAK,EAAE,IAAK,QAAQ;AACnD,YAAM,KAAK,KAAK,IAAI,EAAE,IAAI,KAAK,IAAI,EAAE,IAAK,OAAO;AACjD,eAAS,CAAC,IAAK,KAAK,SAAS,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,EAAE,IAAK;IACjE;AAEA,QAAI,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAC,IAAK;AACjC,aAAS,IAAI,GAAG,IAAI,IAAI,KAAK;AAC3B,YAAM,SAAS,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,EAAE,IAAI,KAAK,GAAG,EAAE;AACpD,YAAM,KAAM,IAAI,SAAS,IAAI,GAAG,GAAG,CAAC,IAAI,SAAS,CAAC,IAAI,SAAS,CAAC,IAAK;AACrE,YAAM,SAAS,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,EAAE,IAAI,KAAK,GAAG,EAAE;AACpD,YAAM,KAAM,SAAS,IAAI,GAAG,GAAG,CAAC,IAAK;AACrC,UAAI;AACJ,UAAI;AACJ,UAAI;AACJ,UAAK,IAAI,KAAM;AACf,UAAI;AACJ,UAAI;AACJ,UAAI;AACJ,UAAK,KAAK,KAAM;IAClB;AAEA,QAAK,IAAI,KAAK,IAAK;AACnB,QAAK,IAAI,KAAK,IAAK;AACnB,QAAK,IAAI,KAAK,IAAK;AACnB,QAAK,IAAI,KAAK,IAAK;AACnB,QAAK,IAAI,KAAK,IAAK;AACnB,QAAK,IAAI,KAAK,IAAK;AACnB,QAAK,IAAI,KAAK,IAAK;AACnB,QAAK,IAAI,KAAK,IAAK;AACnB,SAAK,IAAI,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;EACjC;EACU,aAAU;AAClB,UAAM,QAAQ;EAChB;EACA,UAAO;AAGL,SAAK,YAAY;AACjB,SAAK,IAAI,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAC/B,UAAM,KAAK,MAAM;EACnB;;AAII,IAAO,UAAP,cAAuB,SAAiB;;;EAGlC,IAAY,UAAU,CAAC,IAAI;EAC3B,IAAY,UAAU,CAAC,IAAI;EAC3B,IAAY,UAAU,CAAC,IAAI;EAC3B,IAAY,UAAU,CAAC,IAAI;EAC3B,IAAY,UAAU,CAAC,IAAI;EAC3B,IAAY,UAAU,CAAC,IAAI;EAC3B,IAAY,UAAU,CAAC,IAAI;EAC3B,IAAY,UAAU,CAAC,IAAI;EACrC,cAAA;AACE,UAAM,EAAE;EACV;;AAsUK,IAAM,SAA+C;EAC1D,MAAM,IAAI,QAAO;EACD,wBAAQ,CAAI;AAAC;;;ACnc/B,wCAAsB;AAEf,IAAM,eAAe,IAAI,OAAO,EAAE;AAYlC,SAAS,YAAY,OAAmB,cAA8B;AAC3E,QAAM,cAAU,kCAAAC,SAAU;AAAA,IACxB,gBAAgB,MAAM;AAAA,IACtB,UAAU,MAAM;AAAA,IAChB,QAAQ,MAAM;AAAA,IACd,OAAO,MAAM;AAAA,IACb,QAAQ,MAAM,UAAU;AAAA,IACxB,UAAU,MAAM,YAAY;AAAA,IAC5B,WAAW,MAAM;AAAA,IACjB;AAAA,EACF,CAAC;AACD,SAAO,WAAW,OAAO,IAAI,YAAY,EAAE,OAAO,OAAO,CAAC,CAAC;AAC7D;;;ALjBO,IAAM,WAAN,MAAe;AAAA,EACZ;AAAA,EACR,YAAY,QAAwB;AAClC,QAAI,CAAC,OAAO,YAAa,OAAM,IAAI,MAAM,yBAAyB;AAClE,UAAM,MAAM,KAAK,OAAO,WAAW;AACnC,SAAK,KAAK,QAAQ,GAAG;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAO,gBAAwB,SAA+C;AAClF,UAAM,aAAa;AAEnB,aAAS,UAAU,GAAG,UAAU,YAAY,WAAW;AACrD,UAAI;AACF,cAAM,YAAY,MAAM,KAAK,GAC1B,OAAO,EACP,KAAK,SAAS,EACd,MAAM,GAAG,UAAU,gBAAgB,cAAc,CAAC,EAClD,QAAQ,KAAK,UAAU,QAAQ,CAAC,EAChC,MAAM,CAAC;AAEV,cAAM,eAAe,UAAU,SAAS,UAAU,CAAC,EAAE,OAAO;AAC5D,cAAM,WAAW,UAAU,SAAS,UAAU,CAAC,EAAE,WAAW,IAAI;AAChE,cAAM,aAAY,oBAAI,KAAK,GAAE,YAAY;AAEzC,cAAM,OAAO;AAAA,UACX;AAAA,YACE;AAAA,YACA;AAAA,YACA,QAAQ,QAAQ;AAAA,YAChB,OAAO,QAAQ;AAAA,YACf,QAAQ,QAAQ,UAAU;AAAA,YAC1B,UAAU,QAAQ,YAAY;AAAA,YAC9B;AAAA,UACF;AAAA,UACA;AAAA,QACF;AAEA,cAAM,KAAK,GAAG,OAAO,SAAS,EAAE,OAAO;AAAA,UACrC;AAAA,UACA;AAAA,UACA,QAAQ,QAAQ;AAAA,UAChB,OAAO,QAAQ;AAAA,UACf,QAAQ,QAAQ,UAAU;AAAA,UAC1B,UAAU,QAAQ,YAAY;AAAA,UAC9B;AAAA,UACA;AAAA,UACA,WAAW,IAAI,KAAK,SAAS;AAAA,QAC/B,CAAC;AAED,eAAO,EAAE,UAAU,KAAK;AAAA,MAC1B,SAAS,OAAY;AACnB,YAAI,MAAM,SAAS,WAAW,MAAM,SAAS,SAAS,OAAO,KAAK,MAAM,SAAS,SAAS,mBAAmB,GAAG;AAC9G,cAAI,YAAY,aAAa,GAAG;AAC9B,kBAAM,IAAI,MAAM,uEAAuE;AAAA,UACzF;AACA;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,IAAI,MAAM,aAAa;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,gBAA+C;AAC1D,UAAM,YAAY;AAClB,QAAI,UAAU;AACd,QAAI,kBAAkB;AACtB,QAAI,eAAe;AACnB,QAAI,uBAAuB;AAE3B,WAAO,SAAS;AACd,YAAM,QAAQ,MAAM,KAAK,GACtB,OAAO,EACP,KAAK,SAAS,EACd;AAAA,QACC;AAAA,UACE,GAAG,UAAU,gBAAgB,cAAc;AAAA,UAC3C,GAAG,UAAU,UAAU,eAAe;AAAA,QACxC;AAAA,MACF,EACC,QAAQ,IAAI,UAAU,QAAQ,CAAC,EAC/B,MAAM,SAAS;AAElB,UAAI,MAAM,WAAW,GAAG;AACtB,kBAAU;AACV;AAAA,MACF;AAEA,iBAAW,SAAS,OAAO;AACzB,YAAI,MAAM,iBAAiB,sBAAsB;AAC/C,iBAAO;AAAA,YACL,OAAO;AAAA,YACP;AAAA,YACA,YAAY,MAAM;AAAA,YAClB,QAAQ,4BAA4B,MAAM,QAAQ;AAAA,UACpD;AAAA,QACF;AAEA,cAAM,aAAa,YAAY;AAAA,UAC7B,gBAAgB,MAAM;AAAA,UACtB,UAAU,MAAM;AAAA,UAChB,QAAQ,MAAM;AAAA,UACd,OAAO,MAAM;AAAA,UACb,QAAQ,MAAM;AAAA,UACd,UAAU,MAAM;AAAA,UAChB,WAAW,MAAM,UAAU,YAAY;AAAA,QACzC,GAAG,MAAM,YAAY;AAErB,YAAI,eAAe,MAAM,MAAM;AAC7B,iBAAO;AAAA,YACL,OAAO;AAAA,YACP;AAAA,YACA,YAAY,MAAM;AAAA,YAClB,QAAQ,6BAA6B,MAAM,QAAQ;AAAA,UACrD;AAAA,QACF;AAEA,+BAAuB,MAAM;AAC7B,0BAAkB,MAAM;AACxB;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,OAAO,MAAM,aAAa;AAAA,EACrC;AACF;","names":["stringify","stringify"]}

package/package.json

@@ -0,0 +1,33 @@
+{
+  "name": "@prooflog/node",
+  "version": "0.1.0",
+  "description": "Cryptographically tamper-proof audit logging for Node.js",
+  "license": "MIT",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch"
+  },
+  "peerDependencies": {
+    "drizzle-orm": ">=0.45.0"
+  },
+  "dependencies": {
+    "@neondatabase/serverless": "^1.1.0"
+  },
+  "devDependencies": {
+    "@prooflog/crypto": "workspace:*",
+    "@prooflog/db": "workspace:*",
+    "drizzle-orm": "^0.45.2",
+    "tsup": "^8.5.0",
+    "typescript": "^5"
+  }
+}

package/src/client.ts

@@ -0,0 +1,146 @@
+import { drizzle } from "drizzle-orm/neon-http";
+import { neon } from "@neondatabase/serverless";
+import { eq, desc, asc, and, gt } from "drizzle-orm";
+import { auditLogs } from "@prooflog/db";
+import { computeHash, GENESIS_HASH } from "@prooflog/crypto";
+import type {
+  ProofLogConfig,
+  IngestOptions,
+  IngestResult,
+  VerifyResult,
+} from "./types";
+
+export class ProofLog {
+  private db: ReturnType<typeof drizzle>;
+  constructor(config: ProofLogConfig) {
+    if (!config.databaseUrl) throw new Error("databaseUrl is required");
+    const sql = neon(config.databaseUrl);
+    this.db = drizzle(sql);
+  }
+
+  /**
+   * Pushes a new audit log event directly to the database.
+   * Handles concurrency retries internally.
+   */
+  async ingest(organisationId: string, options: IngestOptions): Promise<IngestResult> {
+    const maxRetries = 3;
+    
+    for (let attempt = 0; attempt < maxRetries; attempt++) {
+      try {
+        const lastEntry = await this.db
+          .select()
+          .from(auditLogs)
+          .where(eq(auditLogs.organisationId, organisationId))
+          .orderBy(desc(auditLogs.sequence))
+          .limit(1);
+
+        const previousHash = lastEntry.length ? lastEntry[0].hash : GENESIS_HASH;
+        const sequence = lastEntry.length ? lastEntry[0].sequence + 1 : 1;
+        const createdAt = new Date().toISOString();
+
+        const hash = computeHash(
+          {
+            organisationId,
+            sequence,
+            action: options.action,
+            actor: options.actor,
+            target: options.target ?? null,
+            metadata: options.metadata ?? null,
+            createdAt,
+          },
+          previousHash,
+        );
+
+        await this.db.insert(auditLogs).values({
+          organisationId,
+          sequence,
+          action: options.action,
+          actor: options.actor,
+          target: options.target ?? null,
+          metadata: options.metadata ?? null,
+          hash,
+          previousHash,
+          createdAt: new Date(createdAt),
+        });
+
+        return { sequence, hash };
+      } catch (error: any) {
+        if (error.code === '23505' || error.message?.includes('23505') || error.message?.includes('unique constraint')) {
+          if (attempt === maxRetries - 1) {
+            throw new Error("Failed to ingest audit log due to high concurrency. Please try again.");
+          }
+          continue;
+        }
+        throw error;
+      }
+    }
+    
+    throw new Error("Unreachable");
+  }
+
+  /**
+   * Triggers a cryptographic verification of the audit log chain for the organisation in batches.
+   */
+  async verify(organisationId: string): Promise<VerifyResult> {
+    const batchSize = 1000;
+    let hasMore = true;
+    let currentSequence = 0;
+    let totalEntries = 0;
+    let expectedPreviousHash = GENESIS_HASH;
+
+    while (hasMore) {
+      const batch = await this.db
+        .select()
+        .from(auditLogs)
+        .where(
+          and(
+            eq(auditLogs.organisationId, organisationId),
+            gt(auditLogs.sequence, currentSequence)
+          )
+        )
+        .orderBy(asc(auditLogs.sequence))
+        .limit(batchSize);
+
+      if (batch.length === 0) {
+        hasMore = false;
+        break;
+      }
+
+      for (const entry of batch) {
+        if (entry.previousHash !== expectedPreviousHash) {
+          return {
+            valid: false,
+            totalEntries,
+            tamperedAt: entry.sequence,
+            reason: `Chain broken at sequence ${entry.sequence}`,
+          };
+        }
+
+        const recomputed = computeHash({
+          organisationId: entry.organisationId,
+          sequence: entry.sequence,
+          action: entry.action,
+          actor: entry.actor,
+          target: entry.target,
+          metadata: entry.metadata,
+          createdAt: entry.createdAt.toISOString(),
+        }, entry.previousHash);
+
+        if (recomputed !== entry.hash) {
+          return {
+            valid: false,
+            totalEntries,
+            tamperedAt: entry.sequence,
+            reason: `Hash mismatch at sequence ${entry.sequence} — data tampered`,
+          };
+        }
+
+        expectedPreviousHash = entry.hash;
+        currentSequence = entry.sequence;
+        totalEntries++;
+      }
+    }
+
+    return { valid: true, totalEntries };
+  }
+}

package/src/index.ts

@@ -0,0 +1,10 @@
+// Main class
+export { ProofLog } from "./client";
+
+// Types — developer ke TypeScript projects mein kaam aayenge
+export type {
+  ProofLogConfig,
+  IngestOptions,
+  IngestResult,
+  VerifyResult,
+} from "./types";

package/src/types.ts

@@ -0,0 +1,22 @@
+export interface ProofLogConfig {
+  databaseUrl: string;
+}
+
+export interface IngestOptions {
+  action: string;
+  actor: Record<string, unknown> & { id: string };
+  target?: Record<string, unknown>;
+  metadata?: Record<string, unknown>;
+}
+
+export interface IngestResult {
+  sequence: number;
+  hash: string;
+}
+
+export interface VerifyResult {
+  valid: boolean;
+  totalEntries: number;
+  tamperedAt?: number;
+  reason?: string;
+}

package/tsconfig.json

@@ -0,0 +1,7 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "moduleResolution": "bundler"
+  },
+  "include": ["src"]
+}

package/tsup.config.ts

@@ -0,0 +1,13 @@
+import { defineConfig } from "tsup";
+
+export default defineConfig({
+  entry: ["src/index.ts"],
+  format: ["cjs", "esm"],
+  dts: true,
+  clean: true,
+  sourcemap: true,
+  external: [
+    "drizzle-orm",
+    "@neondatabase/serverless",
+  ],
+});