@psavelis/enterprise-blockchain 0.1.0 → 1.1.1

package/dist/p2mr/types.d.ts

@@ -0,0 +1,209 @@
+/**
+ * P2MR (Pay-to-Merkle-Root) Core Types
+ *
+ * BIP-360-inspired quantum-safe output pattern. The on-chain commitment stores
+ * ONLY the Merkle root of a script tree—no public keys exposed until spend time.
+ *
+ * This eliminates the "harvest now, decrypt later" quantum threat.
+ */
+/**
+ * Supported spending condition types for P2MR outputs.
+ *
+ * Each type defines what witness data is required and how verification proceeds.
+ */
+export type ScriptLeafType = "ml-dsa-65-sig" | "timelock" | "multisig-ml-dsa" | "hsm-attested-sig";
+/**
+ * A spending condition in the script tree.
+ *
+ * Each leaf contains:
+ * - The type of condition (signature, timelock, multisig, HSM)
+ * - SHA-256 hashes of authorized ML-DSA-65 public keys (NOT the keys themselves)
+ * - Condition-specific parameters (threshold, locktime, HSM slot)
+ *
+ * The actual public keys are only revealed at spend time in the witness.
+ */
+export interface ScriptLeaf {
+    /** Spending condition type. */
+    type: ScriptLeafType;
+    /**
+     * SHA-256 hashes of authorized ML-DSA-65 public keys.
+     *
+     * For single-signature conditions, this array has exactly one element.
+     * For multisig conditions, this array has n elements (the full set).
+     *
+     * Format: 64 hex characters (32 bytes) per hash.
+     */
+    publicKeyHashes: string[];
+    /**
+     * For multisig: minimum number of valid signatures required.
+     * Defaults to publicKeyHashes.length if not specified (all required).
+     */
+    threshold?: number;
+    /**
+     * For timelock: Unix timestamp (milliseconds) after which spending is allowed.
+     * The witness must include a timestamp >= this value.
+     */
+    locktime?: number;
+    /**
+     * For HSM-attested: identifier of the required HSM slot.
+     * The witness must include attestation proof from this specific HSM.
+     */
+    hsmSlotId?: string;
+}
+/**
+ * A P2MR output stored on-chain.
+ *
+ * The critical property: only the Merkle root is stored—no public keys.
+ * This means a quantum adversary cannot harvest keys from unspent outputs.
+ */
+export interface P2MROutput {
+    /**
+     * Unique identifier for this output.
+     * Format: UUID v4 (36 characters including hyphens).
+     */
+    outputId: string;
+    /**
+     * Merkle root of the script tree.
+     * Format: 64 hex characters (32 bytes SHA-256).
+     *
+     * This is the ONLY commitment stored on-chain.
+     */
+    merkleRoot: string;
+    /**
+     * Value locked in this output.
+     * Units depend on the platform (wei for Besu, cents for fiat, etc.).
+     */
+    value: bigint;
+    /**
+     * Block timestamp when the output was created.
+     * Unix timestamp in milliseconds.
+     */
+    createdAt: number;
+    /**
+     * Optional: SHA-256 hash of off-chain metadata.
+     * Useful for linking to detailed transaction information stored elsewhere.
+     */
+    metadataHash?: string;
+}
+/**
+ * A single node in a Merkle proof path.
+ *
+ * To verify, start with the leaf hash and iteratively combine with siblings:
+ * - If position is "left", compute SHA-256(sibling || current)
+ * - If position is "right", compute SHA-256(current || sibling)
+ */
+export interface MerkleProofNode {
+    /**
+     * Hash of the sibling node.
+     * Format: 64 hex characters (32 bytes SHA-256).
+     */
+    hash: string;
+    /**
+     * Position of the sibling relative to the current node.
+     * "left" means sibling is on the left (comes first in concatenation).
+     * "right" means sibling is on the right (comes second).
+     */
+    position: "left" | "right";
+}
+/**
+ * Witness data revealed at spend time.
+ *
+ * This is the ONLY place where actual public keys appear—at the moment of spending.
+ * By this point, the output is being consumed, so quantum exposure is minimized.
+ */
+export interface SpendWitness {
+    /**
+     * Revealed ML-DSA-65 public keys.
+     * Each key is 1952 bytes (per FIPS 204 ML-DSA-65 spec).
+     *
+     * The SHA-256 hash of each key must match an entry in the script leaf's
+     * publicKeyHashes array.
+     */
+    publicKeys: Uint8Array[];
+    /**
+     * ML-DSA-65 signatures over the spend message.
+     * Each signature is 3309 bytes (per FIPS 204 ML-DSA-65 spec).
+     *
+     * The number of signatures must satisfy the leaf's condition:
+     * - ml-dsa-65-sig: exactly 1
+     * - timelock: exactly 1
+     * - multisig-ml-dsa: >= threshold
+     * - hsm-attested-sig: exactly 1
+     */
+    signatures: Uint8Array[];
+    /**
+     * Current timestamp for timelock verification.
+     * Required when spending via a "timelock" leaf.
+     * Must be >= leaf.locktime for the spend to be valid.
+     */
+    timestamp?: number;
+    /**
+     * HSM attestation proof for HSM-attested spending.
+     * Required when spending via an "hsm-attested-sig" leaf.
+     * Format depends on the HSM (typically a signed attestation blob).
+     */
+    hsmAttestation?: string;
+}
+/**
+ * Complete proof required to spend a P2MR output.
+ *
+ * Contains:
+ * 1. Which output to spend
+ * 2. Which spending condition (leaf) is being satisfied
+ * 3. Merkle proof from leaf to root
+ * 4. Witness data (keys, signatures, condition-specific data)
+ */
+export interface SpendProof {
+    /**
+     * ID of the output being spent.
+     * Must match an existing unspent P2MR output.
+     */
+    outputId: string;
+    /**
+     * The script leaf being satisfied.
+     * Its hash must be verifiable via the Merkle proof to the output's root.
+     */
+    revealedLeaf: ScriptLeaf;
+    /**
+     * Merkle proof from the leaf to the root.
+     * Array of sibling hashes with position indicators.
+     * Length is O(log n) where n is the number of leaves.
+     */
+    merkleProof: MerkleProofNode[];
+    /**
+     * Witness data satisfying the leaf's spending condition.
+     */
+    witness: SpendWitness;
+}
+/**
+ * Result of verifying a spend proof.
+ */
+export interface SpendVerificationResult {
+    /** Whether the spend proof is valid. */
+    valid: boolean;
+    /** Human-readable reason for the result. */
+    reason: string;
+    /** Detailed audit trail of verification steps. */
+    auditTrail?: VerificationStep[];
+}
+/**
+ * A single step in the verification audit trail.
+ */
+export interface VerificationStep {
+    /** Name of the verification step. */
+    step: string;
+    /** Whether this step passed. */
+    passed: boolean;
+    /** Additional details about this step. */
+    detail?: string;
+}
+/**
+ * Result of script interpretation (condition-specific verification).
+ */
+export interface ScriptVerificationResult {
+    /** Whether the script condition was satisfied. */
+    valid: boolean;
+    /** Human-readable reason for the result. */
+    reason: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/p2mr/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/p2mr/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH;;;;GAIG;AACH,MAAM,MAAM,cAAc,GACtB,eAAe,GACf,UAAU,GACV,iBAAiB,GACjB,kBAAkB,CAAC;AAEvB;;;;;;;;;GASG;AACH,MAAM,WAAW,UAAU;IACzB,+BAA+B;IAC/B,IAAI,EAAE,cAAc,CAAC;IAErB;;;;;;;OAOG;IACH,eAAe,EAAE,MAAM,EAAE,CAAC;IAE1B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAMD;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IACzB;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;OAKG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAMD;;;;;;GAMG;AACH,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;;OAIG;IACH,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;CAC5B;AAMD;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;;;OAMG;IACH,UAAU,EAAE,UAAU,EAAE,CAAC;IAEzB;;;;;;;;;OASG;IACH,UAAU,EAAE,UAAU,EAAE,CAAC;IAEzB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAMD;;;;;;;;GAQG;AACH,MAAM,WAAW,UAAU;IACzB;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,YAAY,EAAE,UAAU,CAAC;IAEzB;;;;OAIG;IACH,WAAW,EAAE,eAAe,EAAE,CAAC;IAE/B;;OAEG;IACH,OAAO,EAAE,YAAY,CAAC;CACvB;AAMD;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,wCAAwC;IACxC,KAAK,EAAE,OAAO,CAAC;IAEf,4CAA4C;IAC5C,MAAM,EAAE,MAAM,CAAC;IAEf,kDAAkD;IAClD,UAAU,CAAC,EAAE,gBAAgB,EAAE,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,qCAAqC;IACrC,IAAI,EAAE,MAAM,CAAC;IAEb,gCAAgC;IAChC,MAAM,EAAE,OAAO,CAAC;IAEhB,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,kDAAkD;IAClD,KAAK,EAAE,OAAO,CAAC;IAEf,4CAA4C;IAC5C,MAAM,EAAE,MAAM,CAAC;CAChB"}

package/dist/p2mr/types.js

@@ -0,0 +1,9 @@
+/**
+ * P2MR (Pay-to-Merkle-Root) Core Types
+ *
+ * BIP-360-inspired quantum-safe output pattern. The on-chain commitment stores
+ * ONLY the Merkle root of a script tree—no public keys exposed until spend time.
+ *
+ * This eliminates the "harvest now, decrypt later" quantum threat.
+ */
+export {};

package/dist/privacy/application/view-projector.d.ts

@@ -0,0 +1,13 @@
+import type { Audience, SharedOrderView } from "../domain/entities.js";
+import type { OrderRepository } from "../domain/ports.js";
+import type { HsmClient } from "../../hsm/index.js";
+import type { Logger } from "../../shared/logger.js";
+export declare class ViewProjector {
+    private readonly repo;
+    private readonly hsm?;
+    private readonly signerKeyLabel?;
+    private readonly logger;
+    constructor(repo: OrderRepository, logger?: Logger, hsm?: HsmClient | undefined, signerKeyLabel?: string | undefined);
+    createView(orderId: string, audience: Audience): SharedOrderView;
+}
+//# sourceMappingURL=view-projector.d.ts.map

package/dist/privacy/application/view-projector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"view-projector.d.ts","sourceRoot":"","sources":["../../../src/privacy/application/view-projector.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,QAAQ,EAER,eAAe,EAEhB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AA4CrD,qBAAa,aAAa;IAItB,OAAO,CAAC,QAAQ,CAAC,IAAI;IAErB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;IACrB,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;IANlC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;gBAGb,IAAI,EAAE,eAAe,EACtC,MAAM,CAAC,EAAE,MAAM,EACE,GAAG,CAAC,EAAE,SAAS,YAAA,EACf,cAAc,CAAC,EAAE,MAAM,YAAA;IAK1C,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,GAAG,eAAe;CAqCjE"}

package/dist/privacy/application/view-projector.js

@@ -0,0 +1,85 @@
+import { sha256hex } from "../../shared/crypto.js";
+import { noopLogger } from "../../shared/logger.js";
+// Audience-specific field projection rules.
+// Ref: W3C Verifiable Credentials Data Model — selective disclosure
+// https://www.w3.org/TR/vc-data-model-2.0/#selective-disclosure
+const fieldProjections = {
+    logistics: (o) => ({
+        buyer: o.buyer,
+        supplier: o.supplier,
+        sku: o.sku,
+        quantity: o.quantity,
+        incoterm: o.incoterm,
+        destinationPort: o.destinationPort,
+    }),
+    bank: (o) => ({
+        buyer: o.buyer,
+        supplier: o.supplier,
+        totalValueUsd: o.quantity * o.unitPriceUsd,
+        destinationPort: o.destinationPort,
+        financingBank: o.financingBank ?? "n/a",
+        sustainabilityGrade: o.sustainabilityGrade,
+    }),
+    regulator: (o) => ({
+        buyer: o.buyer,
+        supplier: o.supplier,
+        sku: o.sku,
+        quantity: o.quantity,
+        destinationPort: o.destinationPort,
+        sustainabilityGrade: o.sustainabilityGrade,
+    }),
+    supplier: (o) => ({
+        buyer: o.buyer,
+        sku: o.sku,
+        quantity: o.quantity,
+        unitPriceUsd: o.unitPriceUsd,
+        incoterm: o.incoterm,
+        destinationPort: o.destinationPort,
+    }),
+};
+export class ViewProjector {
+    repo;
+    hsm;
+    signerKeyLabel;
+    logger;
+    constructor(repo, logger, hsm, signerKeyLabel) {
+        this.repo = repo;
+        this.hsm = hsm;
+        this.signerKeyLabel = signerKeyLabel;
+        this.logger = logger ?? noopLogger;
+    }
+    createView(orderId, audience) {
+        const order = this.repo.orders.get(orderId);
+        if (!order) {
+            throw new Error(`Unknown order ${orderId}`);
+        }
+        const timestamp = new Date().toISOString();
+        // Use null byte delimiter to prevent ambiguous preimages
+        const preimage = [JSON.stringify(order), audience, timestamp].join("\0");
+        const hash = sha256hex(preimage);
+        let auditProof;
+        if (this.hsm && this.signerKeyLabel) {
+            // Sign the preimage directly — the HSM's createSign("SHA256") handles
+            // hashing internally.  Signing `hash` would result in double-SHA-256.
+            const { signature } = this.hsm.sign(this.signerKeyLabel, preimage);
+            auditProof = {
+                hash,
+                signature,
+                signerKeyLabel: this.signerKeyLabel,
+                timestamp,
+            };
+        }
+        else {
+            // Use the same preimage-based hash as the signed path for consistency.
+            // This ensures auditProof is identical regardless of HSM availability,
+            // enabling verification and replay detection across configurations.
+            auditProof = hash;
+        }
+        return {
+            orderId,
+            audience,
+            data: fieldProjections[audience](order),
+            auditProof,
+        };
+    }
+}

package/dist/privacy/domain/entities.d.ts

@@ -0,0 +1,26 @@
+export interface PurchaseOrder {
+    readonly id: string;
+    readonly buyer: string;
+    readonly supplier: string;
+    readonly sku: string;
+    readonly quantity: number;
+    readonly unitPriceUsd: number;
+    readonly incoterm: string;
+    readonly destinationPort: string;
+    readonly financingBank?: string;
+    readonly sustainabilityGrade: "A" | "B" | "C";
+}
+export type Audience = "logistics" | "bank" | "regulator" | "supplier";
+export interface SignedAuditProof {
+    readonly hash: string;
+    readonly signature: string;
+    readonly signerKeyLabel: string;
+    readonly timestamp: string;
+}
+export interface SharedOrderView {
+    readonly orderId: string;
+    readonly audience: Audience;
+    readonly data: Record<string, string | number>;
+    readonly auditProof: string | SignedAuditProof;
+}
+//# sourceMappingURL=entities.d.ts.map

package/dist/privacy/domain/entities.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entities.d.ts","sourceRoot":"","sources":["../../../src/privacy/domain/entities.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,mBAAmB,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;CAC/C;AAED,MAAM,MAAM,QAAQ,GAAG,WAAW,GAAG,MAAM,GAAG,WAAW,GAAG,UAAU,CAAC;AAEvE,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IAC/C,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,gBAAgB,CAAC;CAChD"}

package/dist/privacy/domain/entities.js

@@ -0,0 +1 @@
+export {};

package/dist/privacy/domain/ports.d.ts

@@ -0,0 +1,7 @@
+import type { ReadonlyStore } from "../../shared/store.js";
+import type { PurchaseOrder } from "./entities.js";
+export interface OrderRepository {
+    readonly orders: ReadonlyStore<string, PurchaseOrder>;
+    addOrder(order: PurchaseOrder): void;
+}
+//# sourceMappingURL=ports.d.ts.map

package/dist/privacy/domain/ports.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ports.d.ts","sourceRoot":"","sources":["../../../src/privacy/domain/ports.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACtD,QAAQ,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI,CAAC;CACtC"}

package/dist/privacy/domain/ports.js

@@ -0,0 +1 @@
+export {};

package/dist/privacy/index.d.ts

@@ -0,0 +1,21 @@
+export type { PurchaseOrder, Audience, SharedOrderView, SignedAuditProof, } from "./domain/entities.js";
+export type { OrderRepository } from "./domain/ports.js";
+export { ViewProjector } from "./application/view-projector.js";
+export { InMemoryOrderRepository } from "./infrastructure/in-memory-store.js";
+import type { Audience, PurchaseOrder, SharedOrderView } from "./domain/entities.js";
+import type { OrderRepository } from "./domain/ports.js";
+import type { HsmClient } from "../hsm/index.js";
+import type { Logger } from "../shared/logger.js";
+export declare class SelectiveDisclosureLedger {
+    private readonly repo;
+    private readonly projector;
+    constructor(options?: {
+        repo?: OrderRepository;
+        hsm?: HsmClient;
+        signerKeyLabel?: string;
+        logger?: Logger;
+    });
+    publishOrder(order: PurchaseOrder): void;
+    createView(orderId: string, audience: Audience): SharedOrderView;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/privacy/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/privacy/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,aAAa,EACb,QAAQ,EACR,eAAe,EACf,gBAAgB,GACjB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAGzD,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAGhE,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAM9E,OAAO,KAAK,EACV,QAAQ,EACR,aAAa,EACb,eAAe,EAChB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAGzD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAElD,qBAAa,yBAAyB;IACpC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAkB;IACvC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAgB;gBAE9B,OAAO,CAAC,EAAE;QACpB,IAAI,CAAC,EAAE,eAAe,CAAC;QACvB,GAAG,CAAC,EAAE,SAAS,CAAC;QAChB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB;IAiBD,YAAY,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI;IAIxC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,GAAG,eAAe;CAGjE"}

package/dist/privacy/index.js

@@ -0,0 +1,25 @@
+// Application
+export { ViewProjector } from "./application/view-projector.js";
+// Infrastructure
+export { InMemoryOrderRepository } from "./infrastructure/in-memory-store.js";
+import { InMemoryOrderRepository } from "./infrastructure/in-memory-store.js";
+import { ViewProjector } from "./application/view-projector.js";
+export class SelectiveDisclosureLedger {
+    repo;
+    projector;
+    constructor(options) {
+        const hsm = options?.hsm;
+        const signerKeyLabel = options?.signerKeyLabel;
+        if ((hsm && !signerKeyLabel) || (!hsm && signerKeyLabel)) {
+            throw new Error("Both hsm and signerKeyLabel must be provided together for signed audit proofs");
+        }
+        this.repo = options?.repo ?? new InMemoryOrderRepository();
+        this.projector = new ViewProjector(this.repo, options?.logger, hsm, signerKeyLabel);
+    }
+    publishOrder(order) {
+        this.repo.addOrder(order);
+    }
+    createView(orderId, audience) {
+        return this.projector.createView(orderId, audience);
+    }
+}

package/dist/privacy/infrastructure/in-memory-store.d.ts

@@ -0,0 +1,8 @@
+import { InMemoryStore } from "../../shared/store.js";
+import type { PurchaseOrder } from "../domain/entities.js";
+import type { OrderRepository } from "../domain/ports.js";
+export declare class InMemoryOrderRepository implements OrderRepository {
+    readonly orders: InMemoryStore<string, PurchaseOrder>;
+    addOrder(order: PurchaseOrder): void;
+}
+//# sourceMappingURL=in-memory-store.d.ts.map

package/dist/privacy/infrastructure/in-memory-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"in-memory-store.d.ts","sourceRoot":"","sources":["../../../src/privacy/infrastructure/in-memory-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAE1D,qBAAa,uBAAwB,YAAW,eAAe;IAC7D,QAAQ,CAAC,MAAM,uCAA8C;IAE7D,QAAQ,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI;CAGrC"}

package/dist/privacy/infrastructure/in-memory-store.js

@@ -0,0 +1,7 @@
+import { InMemoryStore } from "../../shared/store.js";
+export class InMemoryOrderRepository {
+    orders = new InMemoryStore();
+    addOrder(order) {
+        this.orders.set(order.id, order);
+    }
+}

package/dist/protocols/besu-port.d.ts

@@ -0,0 +1,80 @@
+import type { TransactionRequest } from "ethers";
+/**
+ * Protocol-level port for Besu/EVM blockchain capabilities.
+ *
+ * This defines what operations are available at the protocol level,
+ * independent of specific domain use cases (traceability, privacy, etc.).
+ *
+ * @see skills/platform-selection.md for protocol selection criteria
+ */
+export interface BesuTransactionResult {
+    txHash: string;
+    blockNumber: number;
+    gasUsed: bigint;
+}
+export interface BesuGasEstimate {
+    gasLimit: bigint;
+    gasPrice: bigint;
+    maxFeePerGas?: bigint;
+    maxPriorityFeePerGas?: bigint;
+}
+/**
+ * Port for EVM transaction submission.
+ *
+ * Implementations handle provider connection, nonce management, and signing.
+ */
+export interface IBesuTransactionPort {
+    /**
+     * Submit a signed transaction to the network.
+     * @returns Transaction hash and receipt metadata
+     */
+    submitTransaction(tx: TransactionRequest): Promise<BesuTransactionResult>;
+    /**
+     * Estimate gas for a transaction without submitting.
+     * @param tx Transaction to estimate
+     * @returns Gas estimate with price information
+     */
+    estimateGas(tx: TransactionRequest): Promise<BesuGasEstimate>;
+    /**
+     * Get the current nonce for an address.
+     * @param address Ethereum address
+     * @returns Current pending nonce
+     */
+    getNonce(address: string): Promise<number>;
+}
+/**
+ * Port for EVM contract queries (read-only operations).
+ */
+export interface IBesuQueryPort {
+    /**
+     * Call a contract method without submitting a transaction.
+     * @param to Contract address
+     * @param data Encoded function call
+     * @returns Encoded return value
+     */
+    call(to: string, data: string): Promise<string>;
+    /**
+     * Get contract bytecode at an address.
+     * @param address Contract address
+     * @returns Bytecode hex string
+     */
+    getCode(address: string): Promise<string>;
+}
+/**
+ * Port for Besu privacy group operations (Tessera integration).
+ */
+export interface IBesuPrivacyPort {
+    /**
+     * Create a new privacy group.
+     * @param members Public keys of privacy group members
+     * @returns Privacy group ID
+     */
+    createPrivacyGroup(members: string[]): Promise<string>;
+    /**
+     * Find existing privacy groups for a set of members.
+     * @param members Public keys to search for
+     * @returns Matching privacy group IDs
+     */
+    findPrivacyGroups(members: string[]): Promise<string[]>;
+}
+//# sourceMappingURL=besu-port.d.ts.map

package/dist/protocols/besu-port.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"besu-port.d.ts","sourceRoot":"","sources":["../../src/protocols/besu-port.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,QAAQ,CAAC;AAEjD;;;;;;;GAOG;AAEH,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,iBAAiB,CAAC,EAAE,EAAE,kBAAkB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAE1E;;;;OAIG;IACH,WAAW,CAAC,EAAE,EAAE,kBAAkB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAE9D;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC5C;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEhD;;;;OAIG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvD;;;;OAIG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CACzD"}

package/dist/protocols/besu-port.js

@@ -0,0 +1 @@
+export {};

package/dist/protocols/corda-port.d.ts

@@ -0,0 +1,103 @@
+/**
+ * Protocol-level port for R3 Corda capabilities.
+ *
+ * This defines what operations are available at the protocol level,
+ * independent of specific domain use cases (credentialing, settlement, etc.).
+ *
+ * @see skills/platform-selection.md for protocol selection criteria
+ */
+export interface CordaFlowResult<T = unknown> {
+    flowId: string;
+    status: "COMPLETED" | "FAILED" | "RUNNING";
+    result?: T;
+    error?: string;
+    timestamp: string;
+}
+export interface CordaTransactionInfo {
+    txId: string;
+    notary: string;
+    signers: string[];
+    timestamp: string;
+}
+/**
+ * Port for Corda flow invocation.
+ *
+ * Implementations handle REST API communication and flow session management.
+ */
+export interface ICordaFlowPort {
+    /**
+     * Start a Corda flow.
+     * @param flowClass Fully qualified flow class name
+     * @param flowArgs Flow constructor arguments
+     * @returns Flow execution result
+     */
+    startFlow<T = unknown>(flowClass: string, flowArgs: Record<string, unknown>): Promise<CordaFlowResult<T>>;
+    /**
+     * Check the status of a running flow.
+     * @param flowId Flow run ID
+     * @returns Current flow status
+     */
+    getFlowStatus<T = unknown>(flowId: string): Promise<CordaFlowResult<T>>;
+}
+/**
+ * Port for Corda vault queries.
+ */
+export interface ICordaVaultPort {
+    /**
+     * Query states from the vault.
+     * @param stateClass State class to query
+     * @param criteria Query criteria
+     * @returns Matching vault states
+     */
+    queryStates<T = unknown>(stateClass: string, criteria?: CordaQueryCriteria): Promise<CordaVaultState<T>[]>;
+    /**
+     * Get a specific state by its state ref.
+     * @param txId Transaction ID
+     * @param index Output index
+     * @returns State if found
+     */
+    getState<T = unknown>(txId: string, index: number): Promise<CordaVaultState<T> | undefined>;
+}
+export interface CordaQueryCriteria {
+    status?: "UNCONSUMED" | "CONSUMED" | "ALL";
+    contractStateTypes?: string[];
+    participants?: string[];
+    notary?: string;
+}
+export interface CordaVaultState<T = unknown> {
+    state: T;
+    ref: {
+        txId: string;
+        index: number;
+    };
+    notary: string;
+    constraint: string;
+}
+/**
+ * Port for Corda node identity operations.
+ */
+export interface ICordaIdentityPort {
+    /**
+     * Get the current node's identity.
+     * @returns Node X500 name
+     */
+    getNodeIdentity(): Promise<string>;
+    /**
+     * Look up a party by name.
+     * @param name X500 name or organization name
+     * @returns Party information or undefined
+     */
+    lookupParty(name: string): Promise<CordaPartyInfo | undefined>;
+    /**
+     * Get all known network participants.
+     * @returns List of network participants
+     */
+    getNetworkMap(): Promise<CordaPartyInfo[]>;
+}
+export interface CordaPartyInfo {
+    name: string;
+    owningKey: string;
+    host: string;
+    port: number;
+}
+//# sourceMappingURL=corda-port.d.ts.map

package/dist/protocols/corda-port.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"corda-port.d.ts","sourceRoot":"","sources":["../../src/protocols/corda-port.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,eAAe,CAAC,CAAC,GAAG,OAAO;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,WAAW,GAAG,QAAQ,GAAG,SAAS,CAAC;IAC3C,MAAM,CAAC,EAAE,CAAC,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,SAAS,CAAC,CAAC,GAAG,OAAO,EACnB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IAE/B;;;;OAIG;IACH,aAAa,CAAC,CAAC,GAAG,OAAO,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;CACzE;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;OAKG;IACH,WAAW,CAAC,CAAC,GAAG,OAAO,EACrB,UAAU,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,kBAAkB,GAC5B,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAEjC;;;;;OAKG;IACH,QAAQ,CAAC,CAAC,GAAG,OAAO,EAClB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC;CAC5C;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,CAAC,EAAE,YAAY,GAAG,UAAU,GAAG,KAAK,CAAC;IAC3C,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,eAAe,CAAC,CAAC,GAAG,OAAO;IAC1C,KAAK,EAAE,CAAC,CAAC;IACT,GAAG,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;OAGG;IACH,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnC;;;;OAIG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,SAAS,CAAC,CAAC;IAE/D;;;OAGG;IACH,aAAa,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;CAC5C;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd"}

package/dist/protocols/corda-port.js

@@ -0,0 +1,9 @@
+/**
+ * Protocol-level port for R3 Corda capabilities.
+ *
+ * This defines what operations are available at the protocol level,
+ * independent of specific domain use cases (credentialing, settlement, etc.).
+ *
+ * @see skills/platform-selection.md for protocol selection criteria
+ */
+export {};