@psavelis/enterprise-blockchain 0.1.0 → 1.1.1

package/dist/mpc/kyber.js

@@ -0,0 +1,143 @@
+/**
+ * ML-KEM (Kyber) — Key Encapsulation Mechanism
+ *
+ * Classical key exchange (ECDH, RSA) relies on the hardness of the discrete
+ * logarithm and integer factorisation problems.  Shor's algorithm, running on
+ * a sufficiently large cryptographically-relevant quantum computer (CRQC),
+ * solves both in polynomial time — meaning today's encrypted traffic could be
+ * recorded now and decrypted later once CRQCs mature ("harvest-now,
+ * decrypt-later" attacks).
+ *
+ * ML-KEM is the NIST-standardised Key Encapsulation Mechanism designed to
+ * replace ECDH in key exchange.  It is based on the Module-Lattice problem
+ * (MLWE), which has no known quantum speedup beyond Grover's algorithm
+ * (affecting only symmetric-key security, and only by halving the bit level).
+ *
+ * Standard: NIST FIPS 203 (finalised August 2024)
+ * Reference: https://csrc.nist.gov/pubs/fips/203/final
+ *
+ * This module wraps @noble/post-quantum, a pure-TypeScript implementation with
+ * zero native-code dependencies, which makes it platform-portable and easy to
+ * audit.
+ */
+import { hkdfSync } from "node:crypto";
+import { ml_kem1024, ml_kem512, ml_kem768, } from "@noble/post-quantum/ml-kem.js";
+import { sha256hex } from "./crypto.js";
+// ---------------------------------------------------------------------------
+// Wire-format byte lengths (from FIPS 203, §7)
+// ---------------------------------------------------------------------------
+/**
+ * Public key, secret key, and ciphertext lengths (in bytes) for each
+ * parameter set.  Useful for validation and test assertions.
+ */
+export const ML_KEM_SIZES = {
+    "ml-kem-512": {
+        publicKey: 800,
+        secretKey: 1632,
+        ciphertext: 768,
+        sharedSecret: 32,
+    },
+    "ml-kem-768": {
+        publicKey: 1184,
+        secretKey: 2400,
+        ciphertext: 1088,
+        sharedSecret: 32,
+    },
+    "ml-kem-1024": {
+        publicKey: 1568,
+        secretKey: 3168,
+        ciphertext: 1568,
+        sharedSecret: 32,
+    },
+};
+// ---------------------------------------------------------------------------
+// KyberKem class
+// ---------------------------------------------------------------------------
+export class KyberKem {
+    /**
+     * Generate a new ML-KEM keypair.
+     *
+     * The public key is shared with anyone who needs to send you an encrypted
+     * session key.  The secret key must be stored securely — ideally in an HSM
+     * or hardware-backed key store.
+     */
+    generateKeyPair(params) {
+        const kem = this.#suite(params);
+        const { publicKey, secretKey } = kem.keygen();
+        return { publicKey, secretKey, params };
+    }
+    /**
+     * Sender-side operation: encapsulate a fresh random shared secret using
+     * the recipient's public key.
+     *
+     * Returns the ciphertext (to send) and the sharedSecret (to use locally for
+     * key derivation).  The sharedSecret is never transmitted.
+     */
+    encapsulate(publicKey, params) {
+        const kem = this.#suite(params);
+        const { cipherText: ciphertext, sharedSecret } = kem.encapsulate(publicKey);
+        return {
+            ciphertext,
+            sharedSecret,
+            auditCommitment: sha256hex(Buffer.from(ciphertext).toString("hex")),
+        };
+    }
+    /**
+     * Receiver-side operation: recover the sharedSecret from a ciphertext using
+     * the secret key.
+     *
+     * If the ciphertext was produced with a different public key, ML-KEM
+     * returns a pseudorandom value instead of the real shared secret — this is
+     * the implicit rejection property that prevents chosen-ciphertext attacks.
+     */
+    decapsulate(ciphertext, secretKey, params) {
+        const kem = this.#suite(params);
+        return kem.decapsulate(ciphertext, secretKey);
+    }
+    /**
+     * Derive a symmetric key from an ML-KEM shared secret using HKDF-SHA256.
+     *
+     * The shared secret from ML-KEM is already 32 bytes of uniform randomness,
+     * but running it through HKDF lets you bind context (e.g., session IDs,
+     * party identifiers) into the derived key — useful for domain separation.
+     *
+     * @param sharedSecret - Raw 32-byte output from encapsulate/decapsulate
+     * @param info - Optional context string bound into the derived key
+     * @param salt - Optional random salt (defaults to 32 zero bytes if omitted)
+     */
+    deriveAesKey(sharedSecret, info = "ml-kem-aes-key-v1", salt) {
+        const saltBytes = salt ?? Buffer.alloc(32, 0);
+        // HKDF-SHA256 producing 32 bytes → suitable for AES-256-GCM.
+        // RFC 5869 (HKDF): https://datatracker.ietf.org/doc/html/rfc5869
+        // NIST SP 800-38D (GCM): https://csrc.nist.gov/pubs/sp/800/38/d/final
+        return Buffer.from(hkdfSync("sha256", sharedSecret, saltBytes, Buffer.from(info, "utf8"), 32));
+    }
+    /**
+     * Build an audit record for a completed encapsulation round.
+     * Suitable for writing to an immutable ledger (Fabric, Besu, Corda) as
+     * proof that a particular key exchange occurred without revealing the
+     * shared secret.
+     */
+    auditRecord(encap, publicKey, params) {
+        return {
+            params,
+            publicKeyHash: sha256hex(Buffer.from(publicKey).toString("hex")),
+            ciphertextHash: encap.auditCommitment,
+            timestamp: new Date().toISOString(),
+            derivedKeyLength: 32,
+        };
+    }
+    // ---------------------------------------------------------------------------
+    // Private helpers
+    // ---------------------------------------------------------------------------
+    #suite(params) {
+        switch (params) {
+            case "ml-kem-512":
+                return ml_kem512;
+            case "ml-kem-768":
+                return ml_kem768;
+            case "ml-kem-1024":
+                return ml_kem1024;
+        }
+    }
+}

package/dist/mpc/ports.d.ts

@@ -0,0 +1,67 @@
+/**
+ * MPC Module Ports (Hexagonal Architecture)
+ *
+ * These ports define the boundaries between the MPC domain and infrastructure.
+ * Domain code MUST only depend on these interfaces, never on concrete implementations.
+ *
+ * @see docs/adr/ADR-0001-hexagonal-architecture.md
+ */
+/**
+ * Port for cryptographically secure random number generation.
+ *
+ * The MPC domain requires randomness for:
+ * - Generating polynomial coefficients in Shamir sharing
+ * - Creating nonces for share commitments
+ * - Producing random shares in additive sharing
+ *
+ * Implementations MUST provide cryptographically secure randomness.
+ * Using Math.random() or other weak PRNGs is a CRITICAL security vulnerability.
+ */
+export interface RandomnessProvider {
+    /**
+     * Generate random bytes.
+     * @param length Number of bytes to generate.
+     * @returns Buffer containing cryptographically secure random bytes.
+     */
+    randomBytes(length: number): Buffer;
+    /**
+     * Generate a random integer in range [min, max).
+     * @param min Minimum value (inclusive).
+     * @param max Maximum value (exclusive).
+     * @returns Cryptographically secure random integer.
+     */
+    randomInt(min: number, max: number): number;
+}
+/**
+ * Port for commitment and hashing operations.
+ *
+ * The MPC domain uses commitments to:
+ * - Bind parties to their shares before revealing
+ * - Detect tampering during computation
+ * - Provide audit trails with integrity proofs
+ */
+export interface CommitmentProvider {
+    /**
+     * Create a commitment for a secret share.
+     * @param partyId The party identifier.
+     * @param shareIndex The share's index in the sharing scheme.
+     * @param value The share value.
+     * @param nonce Random nonce for binding.
+     * @returns Commitment string (typically a hash).
+     */
+    commitShare(partyId: string, shareIndex: number, value: number | bigint, nonce: string): string;
+    /**
+     * Compute SHA-256 hash of a string.
+     * @param data Input string to hash.
+     * @returns Hex-encoded hash.
+     */
+    sha256hex(data: string): string;
+    /**
+     * Compare two strings in constant time.
+     * @param a First string.
+     * @param b Second string.
+     * @returns True if equal, false otherwise.
+     */
+    timingSafeCompare(a: string, b: string): boolean;
+}
+//# sourceMappingURL=ports.d.ts.map

package/dist/mpc/ports.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ports.d.ts","sourceRoot":"","sources":["../../src/mpc/ports.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;;;;;;;GAUG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;;OAIG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IAEpC;;;;;OAKG;IACH,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CAC7C;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;;;;;OAOG;IACH,WAAW,CACT,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,GAAG,MAAM,EACtB,KAAK,EAAE,MAAM,GACZ,MAAM,CAAC;IAEV;;;;OAIG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;IAEhC;;;;;OAKG;IACH,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CAClD"}

package/dist/mpc/ports.js

@@ -0,0 +1,9 @@
+/**
+ * MPC Module Ports (Hexagonal Architecture)
+ *
+ * These ports define the boundaries between the MPC domain and infrastructure.
+ * Domain code MUST only depend on these interfaces, never on concrete implementations.
+ *
+ * @see docs/adr/ADR-0001-hexagonal-architecture.md
+ */
+export {};

package/dist/mpc/quantum.d.ts

@@ -0,0 +1,80 @@
+import { type FieldConfig, type FieldMode } from "./field.js";
+export interface ThresholdShare {
+    partyId: string;
+    shareIndex: number;
+    /** Share value as bigint for production mode compatibility. */
+    value: bigint;
+    /** Legacy number value for backward compatibility (demo mode only). */
+    valueNumber?: number | undefined;
+    nonce: string;
+    commitment: string;
+}
+export interface HashLadderKey {
+    publicRoot: string;
+    depth: number;
+    scheme: "sha256-chain";
+}
+export interface QuantumResistantAnchor {
+    dataHash: string;
+    ladderRoot: string;
+    depth: number;
+    timestamp: string;
+    scheme: "hash-ladder";
+}
+export interface VaultConfig {
+    /** Field mode: "demo" (default) or "production". */
+    fieldMode?: FieldMode;
+}
+/**
+ * Quantum-resistant secret sharing vault using Shamir's Secret Sharing.
+ *
+ * Supports two field sizes:
+ * - Demo mode (default): 2^31-1 prime, fast but NOT secure for production
+ * - Production mode: 256-bit prime, cryptographically secure
+ *
+ * Set MPC_FIELD_MODE=production or pass { fieldMode: "production" } for
+ * production deployments.
+ *
+ * @see skills/mpc-secret-sharing.md for security guidance
+ */
+export declare class QuantumResistantVault {
+    private readonly field;
+    constructor(config?: VaultConfig);
+    /**
+     * Get the current field configuration.
+     */
+    getFieldConfig(): FieldConfig;
+    /**
+     * Check if the vault is configured for production-grade security.
+     */
+    isProductionSecure(): boolean;
+    /**
+     * Distribute `secret` across `parties` using Shamir's Secret Sharing.
+     * Any `threshold` shares reconstruct the secret; fewer reveal nothing.
+     *
+     * @param secret - The secret to share (must be within field range)
+     * @param parties - Party identifiers to receive shares
+     * @param threshold - Minimum shares needed for reconstruction
+     */
+    distributeSecret(secret: number | bigint, parties: string[], threshold: number): Map<string, ThresholdShare>;
+    /**
+     * Reconstruct the secret from a set of shares via Lagrange interpolation.
+     * Returns `null` when fewer than `threshold` shares are supplied.
+     *
+     * @returns The reconstructed secret as bigint, or null if insufficient shares.
+     *          In demo mode, also returns as number for backward compatibility.
+     */
+    reconstructSecret(shares: ThresholdShare[], threshold: number): number | bigint | null;
+    /**
+     * Reconstruct the secret and always return as bigint.
+     * Use this for production mode or when bigint precision is required.
+     */
+    reconstructSecretBigint(shares: ThresholdShare[], threshold: number): bigint | null;
+    /** Build a SHA-256 hash chain of `depth` iterations from a random seed. */
+    createHashLadder(depth: number): HashLadderKey;
+    /** Anchor data with a hash-ladder proof (no asymmetric key involved). */
+    anchorWithPostQuantumProof(data: string): QuantumResistantAnchor;
+    private evalPoly;
+    private lagrangeInterpolate;
+}
+//# sourceMappingURL=quantum.d.ts.map

package/dist/mpc/quantum.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"quantum.d.ts","sourceRoot":"","sources":["../../src/mpc/quantum.ts"],"names":[],"mappings":"AAGA,OAAO,EAGL,KAAK,WAAW,EAChB,KAAK,SAAS,EACf,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,+DAA+D;IAC/D,KAAK,EAAE,MAAM,CAAC;IACd,uEAAuE;IACvE,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,cAAc,CAAC;CACxB;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,aAAa,CAAC;CACvB;AAED,MAAM,WAAW,WAAW;IAC1B,oDAAoD;IACpD,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAkB;gBAE5B,MAAM,CAAC,EAAE,WAAW;IAKhC;;OAEG;IACH,cAAc,IAAI,WAAW;IAI7B;;OAEG;IACH,kBAAkB,IAAI,OAAO;IAG7B;;;;;;;OAOG;IACH,gBAAgB,CACd,MAAM,EAAE,MAAM,GAAG,MAAM,EACvB,OAAO,EAAE,MAAM,EAAE,EACjB,SAAS,EAAE,MAAM,GAChB,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC;IAqE9B;;;;;;OAMG;IACH,iBAAiB,CACf,MAAM,EAAE,cAAc,EAAE,EACxB,SAAS,EAAE,MAAM,GAChB,MAAM,GAAG,MAAM,GAAG,IAAI;IAuBzB;;;OAGG;IACH,uBAAuB,CACrB,MAAM,EAAE,cAAc,EAAE,EACxB,SAAS,EAAE,MAAM,GAChB,MAAM,GAAG,IAAI;IAahB,2EAA2E;IAC3E,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa;IAU9C,yEAAyE;IACzE,0BAA0B,CAAC,IAAI,EAAE,MAAM,GAAG,sBAAsB;IAchE,OAAO,CAAC,QAAQ;IAUhB,OAAO,CAAC,mBAAmB;CAoB5B"}

package/dist/mpc/quantum.js

@@ -0,0 +1,180 @@
+import { randomBytes } from "node:crypto";
+import { commitShare, sha256hex } from "./crypto.js";
+import { FieldArithmetic, getFieldConfig, } from "./field.js";
+/**
+ * Quantum-resistant secret sharing vault using Shamir's Secret Sharing.
+ *
+ * Supports two field sizes:
+ * - Demo mode (default): 2^31-1 prime, fast but NOT secure for production
+ * - Production mode: 256-bit prime, cryptographically secure
+ *
+ * Set MPC_FIELD_MODE=production or pass { fieldMode: "production" } for
+ * production deployments.
+ *
+ * @see skills/mpc-secret-sharing.md for security guidance
+ */
+export class QuantumResistantVault {
+    field;
+    constructor(config) {
+        const fieldConfig = getFieldConfig(config?.fieldMode);
+        this.field = new FieldArithmetic(fieldConfig);
+    }
+    /**
+     * Get the current field configuration.
+     */
+    getFieldConfig() {
+        return { mode: this.field.mode, prime: this.field.prime };
+    }
+    /**
+     * Check if the vault is configured for production-grade security.
+     */
+    isProductionSecure() {
+        return this.field.isProductionSecure();
+    }
+    /**
+     * Distribute `secret` across `parties` using Shamir's Secret Sharing.
+     * Any `threshold` shares reconstruct the secret; fewer reveal nothing.
+     *
+     * @param secret - The secret to share (must be within field range)
+     * @param parties - Party identifiers to receive shares
+     * @param threshold - Minimum shares needed for reconstruction
+     */
+    distributeSecret(secret, parties, threshold) {
+        // Input validation to prevent security issues
+        if (parties.length === 0) {
+            throw new Error("At least one party is required");
+        }
+        if (threshold < 2) {
+            throw new Error("Threshold must be at least 2");
+        }
+        if (threshold > parties.length) {
+            throw new Error("Threshold cannot exceed party count");
+        }
+        // Validate party ID uniqueness - duplicate IDs would break t-of-n security
+        const uniqueParties = new Set(parties);
+        if (uniqueParties.size !== parties.length) {
+            throw new Error("Duplicate party IDs detected. Each party must have a unique identifier.");
+        }
+        // Validate party ID format - prevent injection and excessively long IDs
+        const MAX_PARTY_ID_LENGTH = 256;
+        for (const partyId of parties) {
+            if (!partyId || partyId.trim().length === 0) {
+                throw new Error("Party ID cannot be empty or whitespace-only");
+            }
+            if (partyId.length > MAX_PARTY_ID_LENGTH) {
+                throw new Error(`Party ID exceeds maximum length of ${MAX_PARTY_ID_LENGTH} characters`);
+            }
+        }
+        const secretBigint = BigInt(secret);
+        if (secretBigint < 0n || secretBigint >= this.field.prime) {
+            throw new Error(`Secret must be in range [0, ${this.field.prime}). ` +
+                `Current field mode: ${this.field.mode}`);
+        }
+        // Random polynomial of degree (threshold − 1) with secret as constant term.
+        const coeffs = [secretBigint];
+        for (let i = 1; i < threshold; i++) {
+            coeffs.push(this.field.random());
+        }
+        const shares = new Map();
+        for (let i = 0; i < parties.length; i++) {
+            const x = BigInt(i + 1);
+            const y = this.evalPoly(coeffs, x);
+            const nonce = randomBytes(16).toString("hex");
+            // For commitment, use number if in demo mode for backward compatibility
+            const commitValue = this.field.mode === "demo" ? Number(y) : y;
+            shares.set(parties[i], {
+                partyId: parties[i],
+                shareIndex: i,
+                value: y,
+                valueNumber: this.field.mode === "demo" ? Number(y) : undefined,
+                nonce,
+                commitment: commitShare(parties[i], i, commitValue, nonce),
+            });
+        }
+        return shares;
+    }
+    /**
+     * Reconstruct the secret from a set of shares via Lagrange interpolation.
+     * Returns `null` when fewer than `threshold` shares are supplied.
+     *
+     * @returns The reconstructed secret as bigint, or null if insufficient shares.
+     *          In demo mode, also returns as number for backward compatibility.
+     */
+    reconstructSecret(shares, threshold) {
+        if (shares.length < threshold) {
+            return null;
+        }
+        const points = shares.map((s) => [
+            BigInt(s.shareIndex + 1),
+            BigInt(s.value),
+        ]);
+        const result = this.lagrangeInterpolate(points);
+        // Return number for backward compatibility in demo mode
+        if (this.field.mode === "demo" &&
+            result <= BigInt(Number.MAX_SAFE_INTEGER)) {
+            return Number(result);
+        }
+        return result;
+    }
+    /**
+     * Reconstruct the secret and always return as bigint.
+     * Use this for production mode or when bigint precision is required.
+     */
+    reconstructSecretBigint(shares, threshold) {
+        if (shares.length < threshold) {
+            return null;
+        }
+        const points = shares.map((s) => [
+            BigInt(s.shareIndex + 1),
+            BigInt(s.value),
+        ]);
+        return this.lagrangeInterpolate(points);
+    }
+    /** Build a SHA-256 hash chain of `depth` iterations from a random seed. */
+    createHashLadder(depth) {
+        let current = sha256hex(randomBytes(32).toString("hex"));
+        for (let i = 0; i < depth; i++) {
+            current = sha256hex(current);
+        }
+        return { publicRoot: current, depth, scheme: "sha256-chain" };
+    }
+    /** Anchor data with a hash-ladder proof (no asymmetric key involved). */
+    anchorWithPostQuantumProof(data) {
+        const ladder = this.createHashLadder(256);
+        return {
+            dataHash: sha256hex(data),
+            ladderRoot: ladder.publicRoot,
+            depth: ladder.depth,
+            timestamp: new Date().toISOString(),
+            scheme: "hash-ladder",
+        };
+    }
+    // --- Shamir arithmetic using configurable field ---
+    evalPoly(coeffs, x) {
+        let result = 0n;
+        let power = 1n;
+        for (const c of coeffs) {
+            result = this.field.add(result, this.field.mul(c, power));
+            power = this.field.mul(power, x);
+        }
+        return result;
+    }
+    lagrangeInterpolate(points) {
+        let result = 0n;
+        for (let i = 0; i < points.length; i++) {
+            const [xi, yi] = points[i];
+            let num = 1n;
+            let den = 1n;
+            for (let j = 0; j < points.length; j++) {
+                if (i === j)
+                    continue;
+                const xj = points[j][0];
+                num = this.field.mul(num, this.field.mod(-xj));
+                den = this.field.mul(den, this.field.sub(xi, xj));
+            }
+            const inv = this.field.inverse(den);
+            result = this.field.add(result, this.field.mul(yi, this.field.mul(num, inv)));
+        }
+        return result;
+    }
+}

package/dist/p2mr/adapters.d.ts

@@ -0,0 +1,31 @@
+/**
+ * P2MR Module Infrastructure Adapters
+ *
+ * These adapters implement the ports defined in ports.ts.
+ * They live in the infrastructure layer and are injected into domain services.
+ *
+ * @see modules/p2mr/src/ports.ts
+ */
+import type { SignatureVerificationPort, HashingPort, SignatureAlgorithm } from "./ports.js";
+/**
+ * ML-DSA implementation of SignatureVerificationPort.
+ *
+ * Uses the MlDsaSigner from the MPC module for post-quantum signature verification.
+ */
+export declare class MlDsaSignatureVerifier implements SignatureVerificationPort {
+    private readonly signer;
+    verify(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array, algorithm: SignatureAlgorithm): boolean;
+}
+/**
+ * SHA-256 implementation of HashingPort.
+ */
+export declare class Sha256Hasher implements HashingPort {
+    sha256hex(data: string): string;
+}
+/**
+ * Default instances for convenience.
+ * Domain code should prefer dependency injection over these singletons.
+ */
+export declare const defaultSignatureVerifier: MlDsaSignatureVerifier;
+export declare const defaultHasher: Sha256Hasher;
+//# sourceMappingURL=adapters.d.ts.map

package/dist/p2mr/adapters.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"adapters.d.ts","sourceRoot":"","sources":["../../src/p2mr/adapters.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EACV,yBAAyB,EACzB,WAAW,EACX,kBAAkB,EACnB,MAAM,YAAY,CAAC;AAEpB;;;;GAIG;AACH,qBAAa,sBAAuB,YAAW,yBAAyB;IACtE,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqB;IAE5C,MAAM,CACJ,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,UAAU,EACrB,SAAS,EAAE,UAAU,EACrB,SAAS,EAAE,kBAAkB,GAC5B,OAAO;CAGX;AAED;;GAEG;AACH,qBAAa,YAAa,YAAW,WAAW;IAC9C,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;CAGhC;AAED;;;GAGG;AACH,eAAO,MAAM,wBAAwB,wBAA+B,CAAC;AACrE,eAAO,MAAM,aAAa,cAAqB,CAAC"}

package/dist/p2mr/adapters.js

@@ -0,0 +1,35 @@
+/**
+ * P2MR Module Infrastructure Adapters
+ *
+ * These adapters implement the ports defined in ports.ts.
+ * They live in the infrastructure layer and are injected into domain services.
+ *
+ * @see modules/p2mr/src/ports.ts
+ */
+import { MlDsaSigner } from "../mpc/dsa.js";
+import { sha256hex } from "../shared/crypto.js";
+/**
+ * ML-DSA implementation of SignatureVerificationPort.
+ *
+ * Uses the MlDsaSigner from the MPC module for post-quantum signature verification.
+ */
+export class MlDsaSignatureVerifier {
+    signer = new MlDsaSigner();
+    verify(message, signature, publicKey, algorithm) {
+        return this.signer.verify(message, signature, publicKey, algorithm);
+    }
+}
+/**
+ * SHA-256 implementation of HashingPort.
+ */
+export class Sha256Hasher {
+    sha256hex(data) {
+        return sha256hex(data);
+    }
+}
+/**
+ * Default instances for convenience.
+ * Domain code should prefer dependency injection over these singletons.
+ */
+export const defaultSignatureVerifier = new MlDsaSignatureVerifier();
+export const defaultHasher = new Sha256Hasher();

package/dist/p2mr/index.d.ts

@@ -0,0 +1,63 @@
+/**
+ * @psavelis/enterprise-blockchain/p2mr
+ *
+ * BIP-360-inspired Pay-to-Merkle-Root quantum-safe outputs.
+ *
+ * P2MR eliminates the "harvest now, decrypt later" quantum threat by:
+ * 1. Storing ONLY a Merkle root on-chain (no public keys exposed)
+ * 2. Using post-quantum ML-DSA-65 signatures for spending
+ * 3. Revealing public keys only at spend time (minimizing exposure window)
+ *
+ * @example
+ * ```typescript
+ * import {
+ *   createP2MROutput,
+ *   createSingleSigLeaf,
+ *   createTimelockLeaf,
+ *   buildSpendProof,
+ *   verifySpendProofStructure,
+ * } from "@psavelis/enterprise-blockchain/p2mr";
+ *
+ * // Create an output with two spending paths
+ * const { output, tree } = createP2MROutput({
+ *   leaves: [
+ *     createSingleSigLeaf(primaryKeyHash),   // Path 0: primary key
+ *     createTimelockLeaf(backupKeyHash, locktime), // Path 1: backup after locktime
+ *   ],
+ *   value: 1_000_000n,
+ * });
+ *
+ * // Store `output` on-chain (only merkleRoot exposed)
+ * // Keep `tree` off-chain for generating spend proofs
+ *
+ * // Later, spend via path 0:
+ * const proof = buildSpendProof({
+ *   outputId: output.outputId,
+ *   tree,
+ *   leafIndex: 0,
+ *   witness: {
+ *     publicKeys: [primaryKey],
+ *     signatures: [signature],
+ *   },
+ * });
+ *
+ * // Verify proof structure and Merkle path
+ * const result = verifySpendProofStructure(proof, output);
+ * console.log(result.valid); // true
+ * ```
+ *
+ * @packageDocumentation
+ */
+export type { ScriptLeafType, ScriptLeaf, P2MROutput, MerkleProofNode, SpendWitness, SpendProof, SpendVerificationResult, VerificationStep, ScriptVerificationResult, } from "./types.js";
+export { MerkleTree, canonicalJSON, hashScriptLeaf } from "./merkle-tree.js";
+export type { ValidationResult } from "./script-leaf.js";
+export { validateScriptLeaf, createSingleSigLeaf, createTimelockLeaf, createMultisigLeaf, createHsmAttestedLeaf, } from "./script-leaf.js";
+export type { CreateP2MROutputOptions, CreateP2MROutputResult, } from "./p2mr-output.js";
+export { createP2MROutput, P2MROutputStore } from "./p2mr-output.js";
+export type { BuildSpendProofOptions } from "./spend-proof.js";
+export { buildSpendProof, validateSpendProofStructure, verifyMerkleProof, verifySpendProofStructure, } from "./spend-proof.js";
+export type { InterpretScriptOptions, InterpretScriptResult, } from "./script-interpreter.js";
+export { interpretScript, hashPublicKey, configureInterpreter, resetInterpreter, } from "./script-interpreter.js";
+export type { SignatureVerificationPort, HashingPort, SignatureAlgorithm, } from "./ports.js";
+export { MlDsaSignatureVerifier, Sha256Hasher, defaultSignatureVerifier, defaultHasher, } from "./adapters.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/p2mr/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/p2mr/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AAMH,YAAY,EACV,cAAc,EACd,UAAU,EACV,UAAU,EACV,eAAe,EACf,YAAY,EACZ,UAAU,EACV,uBAAuB,EACvB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,YAAY,CAAC;AAMpB,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAM7E,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEzD,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAM1B,YAAY,EACV,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAMrE,YAAY,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAE/D,OAAO,EACL,eAAe,EACf,2BAA2B,EAC3B,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,kBAAkB,CAAC;AAM1B,YAAY,EACV,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,yBAAyB,CAAC;AAMjC,YAAY,EACV,yBAAyB,EACzB,WAAW,EACX,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,wBAAwB,EACxB,aAAa,GACd,MAAM,eAAe,CAAC"}