npm - @sempdev/semp - Versions diffs - 0.4.3 - Mend

@sempdev/semp 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/LICENSE +21 -0
package/README.md +59 -0
package/dist/brief/address.d.ts +77 -0
package/dist/brief/address.d.ts.map +1 -0
package/dist/brief/address.js +217 -0
package/dist/brief/address.js.map +1 -0
package/dist/brief/brief.d.ts +75 -0
package/dist/brief/brief.d.ts.map +1 -0
package/dist/brief/brief.js +56 -0
package/dist/brief/brief.js.map +1 -0
package/dist/brief/index.d.ts +11 -0
package/dist/brief/index.d.ts.map +1 -0
package/dist/brief/index.js +11 -0
package/dist/brief/index.js.map +1 -0
package/dist/canonical/index.d.ts +8 -0
package/dist/canonical/index.d.ts.map +1 -0
package/dist/canonical/index.js +8 -0
package/dist/canonical/index.js.map +1 -0
package/dist/canonical/marshal.d.ts +35 -0
package/dist/canonical/marshal.d.ts.map +1 -0
package/dist/canonical/marshal.js +107 -0
package/dist/canonical/marshal.js.map +1 -0
package/dist/clockskew/index.d.ts +52 -0
package/dist/clockskew/index.d.ts.map +1 -0
package/dist/clockskew/index.js +62 -0
package/dist/clockskew/index.js.map +1 -0
package/dist/closure/closure.d.ts +106 -0
package/dist/closure/closure.d.ts.map +1 -0
package/dist/closure/closure.js +152 -0
package/dist/closure/closure.js.map +1 -0
package/dist/closure/driver.d.ts +103 -0
package/dist/closure/driver.d.ts.map +1 -0
package/dist/closure/driver.js +126 -0
package/dist/closure/driver.js.map +1 -0
package/dist/closure/index.d.ts +13 -0
package/dist/closure/index.d.ts.map +1 -0
package/dist/closure/index.js +13 -0
package/dist/closure/index.js.map +1 -0
package/dist/closure/store.d.ts +80 -0
package/dist/closure/store.d.ts.map +1 -0
package/dist/closure/store.js +89 -0
package/dist/closure/store.js.map +1 -0
package/dist/crypto/aead.d.ts +29 -0
package/dist/crypto/aead.d.ts.map +1 -0
package/dist/crypto/aead.js +48 -0
package/dist/crypto/aead.js.map +1 -0
package/dist/crypto/argon2.d.ts +20 -0
package/dist/crypto/argon2.d.ts.map +1 -0
package/dist/crypto/argon2.js +28 -0
package/dist/crypto/argon2.js.map +1 -0
package/dist/crypto/index.d.ts +14 -0
package/dist/crypto/index.d.ts.map +1 -0
package/dist/crypto/index.js +14 -0
package/dist/crypto/index.js.map +1 -0
package/dist/crypto/kdf.d.ts +96 -0
package/dist/crypto/kdf.d.ts.map +1 -0
package/dist/crypto/kdf.js +122 -0
package/dist/crypto/kdf.js.map +1 -0
package/dist/crypto/kem.d.ts +85 -0
package/dist/crypto/kem.d.ts.map +1 -0
package/dist/crypto/kem.js +130 -0
package/dist/crypto/kem.js.map +1 -0
package/dist/crypto/mac.d.ts +19 -0
package/dist/crypto/mac.d.ts.map +1 -0
package/dist/crypto/mac.js +32 -0
package/dist/crypto/mac.js.map +1 -0
package/dist/delivery/ack.d.ts +125 -0
package/dist/delivery/ack.d.ts.map +1 -0
package/dist/delivery/ack.js +141 -0
package/dist/delivery/ack.js.map +1 -0
package/dist/delivery/blocklist.d.ts +87 -0
package/dist/delivery/blocklist.d.ts.map +1 -0
package/dist/delivery/blocklist.js +107 -0
package/dist/delivery/blocklist.js.map +1 -0
package/dist/delivery/cancel.d.ts +60 -0
package/dist/delivery/cancel.d.ts.map +1 -0
package/dist/delivery/cancel.js +43 -0
package/dist/delivery/cancel.js.map +1 -0
package/dist/delivery/disposition.d.ts +106 -0
package/dist/delivery/disposition.d.ts.map +1 -0
package/dist/delivery/disposition.js +105 -0
package/dist/delivery/disposition.js.map +1 -0
package/dist/delivery/fetch.d.ts +59 -0
package/dist/delivery/fetch.d.ts.map +1 -0
package/dist/delivery/fetch.js +47 -0
package/dist/delivery/fetch.js.map +1 -0
package/dist/delivery/forwarder.d.ts +106 -0
package/dist/delivery/forwarder.d.ts.map +1 -0
package/dist/delivery/forwarder.js +251 -0
package/dist/delivery/forwarder.js.map +1 -0
package/dist/delivery/inbox.d.ts +42 -0
package/dist/delivery/inbox.d.ts.map +1 -0
package/dist/delivery/inbox.js +68 -0
package/dist/delivery/inbox.js.map +1 -0
package/dist/delivery/index.d.ts +31 -0
package/dist/delivery/index.d.ts.map +1 -0
package/dist/delivery/index.js +31 -0
package/dist/delivery/index.js.map +1 -0
package/dist/delivery/internalroute.d.ts +50 -0
package/dist/delivery/internalroute.d.ts.map +1 -0
package/dist/delivery/internalroute.js +23 -0
package/dist/delivery/internalroute.js.map +1 -0
package/dist/delivery/pipeline.d.ts +153 -0
package/dist/delivery/pipeline.d.ts.map +1 -0
package/dist/delivery/pipeline.js +356 -0
package/dist/delivery/pipeline.js.map +1 -0
package/dist/delivery/policy_state.d.ts +105 -0
package/dist/delivery/policy_state.d.ts.map +1 -0
package/dist/delivery/policy_state.js +293 -0
package/dist/delivery/policy_state.js.map +1 -0
package/dist/delivery/queue.d.ts +47 -0
package/dist/delivery/queue.d.ts.map +1 -0
package/dist/delivery/queue.js +33 -0
package/dist/delivery/queue.js.map +1 -0
package/dist/delivery/receipt.d.ts +137 -0
package/dist/delivery/receipt.d.ts.map +1 -0
package/dist/delivery/receipt.js +181 -0
package/dist/delivery/receipt.js.map +1 -0
package/dist/delivery/receipt_store.d.ts +81 -0
package/dist/delivery/receipt_store.d.ts.map +1 -0
package/dist/delivery/receipt_store.js +74 -0
package/dist/delivery/receipt_store.js.map +1 -0
package/dist/delivery/retry.d.ts +78 -0
package/dist/delivery/retry.d.ts.map +1 -0
package/dist/delivery/retry.js +132 -0
package/dist/delivery/retry.js.map +1 -0
package/dist/delivery/scheduler.d.ts +156 -0
package/dist/delivery/scheduler.d.ts.map +1 -0
package/dist/delivery/scheduler.js +349 -0
package/dist/delivery/scheduler.js.map +1 -0
package/dist/delivery/stage_partition.d.ts +87 -0
package/dist/delivery/stage_partition.d.ts.map +1 -0
package/dist/delivery/stage_partition.js +122 -0
package/dist/delivery/stage_partition.js.map +1 -0
package/dist/delivery/staged_runner.d.ts +100 -0
package/dist/delivery/staged_runner.d.ts.map +1 -0
package/dist/delivery/staged_runner.js +277 -0
package/dist/delivery/staged_runner.js.map +1 -0
package/dist/delivery/submission.d.ts +72 -0
package/dist/delivery/submission.d.ts.map +1 -0
package/dist/delivery/submission.js +58 -0
package/dist/delivery/submission.js.map +1 -0
package/dist/delivery/sync.d.ts +68 -0
package/dist/delivery/sync.d.ts.map +1 -0
package/dist/delivery/sync.js +99 -0
package/dist/delivery/sync.js.map +1 -0
package/dist/delivery/user_policy.d.ts +74 -0
package/dist/delivery/user_policy.d.ts.map +1 -0
package/dist/delivery/user_policy.js +140 -0
package/dist/delivery/user_policy.js.map +1 -0
package/dist/discovery/cache.d.ts +37 -0
package/dist/discovery/cache.d.ts.map +1 -0
package/dist/discovery/cache.js +45 -0
package/dist/discovery/cache.js.map +1 -0
package/dist/discovery/configuration.d.ts +97 -0
package/dist/discovery/configuration.d.ts.map +1 -0
package/dist/discovery/configuration.js +146 -0
package/dist/discovery/configuration.js.map +1 -0
package/dist/discovery/dns.d.ts +56 -0
package/dist/discovery/dns.d.ts.map +1 -0
package/dist/discovery/dns.js +120 -0
package/dist/discovery/dns.js.map +1 -0
package/dist/discovery/domain_keys.d.ts +62 -0
package/dist/discovery/domain_keys.d.ts.map +1 -0
package/dist/discovery/domain_keys.js +89 -0
package/dist/discovery/domain_keys.js.map +1 -0
package/dist/discovery/index.d.ts +19 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +19 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/lookup.d.ts +72 -0
package/dist/discovery/lookup.d.ts.map +1 -0
package/dist/discovery/lookup.js +121 -0
package/dist/discovery/lookup.js.map +1 -0
package/dist/discovery/onion.d.ts +34 -0
package/dist/discovery/onion.d.ts.map +1 -0
package/dist/discovery/onion.js +61 -0
package/dist/discovery/onion.js.map +1 -0
package/dist/discovery/partition.d.ts +96 -0
package/dist/discovery/partition.d.ts.map +1 -0
package/dist/discovery/partition.js +247 -0
package/dist/discovery/partition.js.map +1 -0
package/dist/discovery/resolver.d.ts +113 -0
package/dist/discovery/resolver.d.ts.map +1 -0
package/dist/discovery/resolver.js +176 -0
package/dist/discovery/resolver.js.map +1 -0
package/dist/discovery/txt.d.ts +39 -0
package/dist/discovery/txt.d.ts.map +1 -0
package/dist/discovery/txt.js +71 -0
package/dist/discovery/txt.js.map +1 -0
package/dist/enclosure/forwarding.d.ts +128 -0
package/dist/enclosure/forwarding.d.ts.map +1 -0
package/dist/enclosure/forwarding.js +119 -0
package/dist/enclosure/forwarding.js.map +1 -0
package/dist/enclosure/index.d.ts +11 -0
package/dist/enclosure/index.d.ts.map +1 -0
package/dist/enclosure/index.js +11 -0
package/dist/enclosure/index.js.map +1 -0
package/dist/envelope/buckets.d.ts +38 -0
package/dist/envelope/buckets.d.ts.map +1 -0
package/dist/envelope/buckets.js +73 -0
package/dist/envelope/buckets.js.map +1 -0
package/dist/envelope/canonical.d.ts +28 -0
package/dist/envelope/canonical.d.ts.map +1 -0
package/dist/envelope/canonical.js +54 -0
package/dist/envelope/canonical.js.map +1 -0
package/dist/envelope/compose.d.ts +171 -0
package/dist/envelope/compose.d.ts.map +1 -0
package/dist/envelope/compose.js +237 -0
package/dist/envelope/compose.js.map +1 -0
package/dist/envelope/encode.d.ts +41 -0
package/dist/envelope/encode.d.ts.map +1 -0
package/dist/envelope/encode.js +69 -0
package/dist/envelope/encode.js.map +1 -0
package/dist/envelope/index.d.ts +20 -0
package/dist/envelope/index.d.ts.map +1 -0
package/dist/envelope/index.js +20 -0
package/dist/envelope/index.js.map +1 -0
package/dist/envelope/open_any.d.ts +48 -0
package/dist/envelope/open_any.d.ts.map +1 -0
package/dist/envelope/open_any.js +81 -0
package/dist/envelope/open_any.js.map +1 -0
package/dist/envelope/open_verified.d.ts +59 -0
package/dist/envelope/open_verified.d.ts.map +1 -0
package/dist/envelope/open_verified.js +67 -0
package/dist/envelope/open_verified.js.map +1 -0
package/dist/envelope/padding.d.ts +55 -0
package/dist/envelope/padding.d.ts.map +1 -0
package/dist/envelope/padding.js +162 -0
package/dist/envelope/padding.js.map +1 -0
package/dist/envelope/rejection.d.ts +22 -0
package/dist/envelope/rejection.d.ts.map +1 -0
package/dist/envelope/rejection.js +30 -0
package/dist/envelope/rejection.js.map +1 -0
package/dist/envelope/sendtime.d.ts +49 -0
package/dist/envelope/sendtime.d.ts.map +1 -0
package/dist/envelope/sendtime.js +87 -0
package/dist/envelope/sendtime.js.map +1 -0
package/dist/envelope/verify.d.ts +29 -0
package/dist/envelope/verify.d.ts.map +1 -0
package/dist/envelope/verify.js +90 -0
package/dist/envelope/verify.js.map +1 -0
package/dist/extensions/index.d.ts +7 -0
package/dist/extensions/index.d.ts.map +1 -0
package/dist/extensions/index.js +7 -0
package/dist/extensions/index.js.map +1 -0
package/dist/extensions/limits.d.ts +101 -0
package/dist/extensions/limits.d.ts.map +1 -0
package/dist/extensions/limits.js +175 -0
package/dist/extensions/limits.js.map +1 -0
package/dist/handshake/abort.d.ts +49 -0
package/dist/handshake/abort.d.ts.map +1 -0
package/dist/handshake/abort.js +82 -0
package/dist/handshake/abort.js.map +1 -0
package/dist/handshake/capabilities.d.ts +46 -0
package/dist/handshake/capabilities.d.ts.map +1 -0
package/dist/handshake/capabilities.js +114 -0
package/dist/handshake/capabilities.js.map +1 -0
package/dist/handshake/client_state.d.ts +186 -0
package/dist/handshake/client_state.d.ts.map +1 -0
package/dist/handshake/client_state.js +520 -0
package/dist/handshake/client_state.js.map +1 -0
package/dist/handshake/confirm.d.ts +21 -0
package/dist/handshake/confirm.d.ts.map +1 -0
package/dist/handshake/confirm.js +27 -0
package/dist/handshake/confirm.js.map +1 -0
package/dist/handshake/driver.d.ts +126 -0
package/dist/handshake/driver.d.ts.map +1 -0
package/dist/handshake/driver.js +251 -0
package/dist/handshake/driver.js.map +1 -0
package/dist/handshake/federation.d.ts +365 -0
package/dist/handshake/federation.d.ts.map +1 -0
package/dist/handshake/federation.js +664 -0
package/dist/handshake/federation.js.map +1 -0
package/dist/handshake/first_contact.d.ts +57 -0
package/dist/handshake/first_contact.d.ts.map +1 -0
package/dist/handshake/first_contact.js +124 -0
package/dist/handshake/first_contact.js.map +1 -0
package/dist/handshake/identity.d.ts +101 -0
package/dist/handshake/identity.d.ts.map +1 -0
package/dist/handshake/identity.js +117 -0
package/dist/handshake/identity.js.map +1 -0
package/dist/handshake/index.d.ts +21 -0
package/dist/handshake/index.d.ts.map +1 -0
package/dist/handshake/index.js +21 -0
package/dist/handshake/index.js.map +1 -0
package/dist/handshake/messages.d.ts +176 -0
package/dist/handshake/messages.d.ts.map +1 -0
package/dist/handshake/messages.js +125 -0
package/dist/handshake/messages.js.map +1 -0
package/dist/handshake/pow.d.ts +53 -0
package/dist/handshake/pow.d.ts.map +1 -0
package/dist/handshake/pow.js +142 -0
package/dist/handshake/pow.js.map +1 -0
package/dist/handshake/resume_driver.d.ts +56 -0
package/dist/handshake/resume_driver.d.ts.map +1 -0
package/dist/handshake/resume_driver.js +75 -0
package/dist/handshake/resume_driver.js.map +1 -0
package/dist/handshake/server.d.ts +112 -0
package/dist/handshake/server.d.ts.map +1 -0
package/dist/handshake/server.js +247 -0
package/dist/handshake/server.js.map +1 -0
package/dist/handshake/server_state.d.ts +102 -0
package/dist/handshake/server_state.d.ts.map +1 -0
package/dist/handshake/server_state.js +278 -0
package/dist/handshake/server_state.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +33 -0
package/dist/index.js.map +1 -0
package/dist/keys/compromise.d.ts +118 -0
package/dist/keys/compromise.d.ts.map +1 -0
package/dist/keys/compromise.js +218 -0
package/dist/keys/compromise.js.map +1 -0
package/dist/keys/device_certificate.d.ts +166 -0
package/dist/keys/device_certificate.d.ts.map +1 -0
package/dist/keys/device_certificate.js +328 -0
package/dist/keys/device_certificate.js.map +1 -0
package/dist/keys/device_records.d.ts +175 -0
package/dist/keys/device_records.d.ts.map +1 -0
package/dist/keys/device_records.js +418 -0
package/dist/keys/device_records.js.map +1 -0
package/dist/keys/directory_cache.d.ts +64 -0
package/dist/keys/directory_cache.d.ts.map +1 -0
package/dist/keys/directory_cache.js +98 -0
package/dist/keys/directory_cache.js.map +1 -0
package/dist/keys/directory_state.d.ts +79 -0
package/dist/keys/directory_state.d.ts.map +1 -0
package/dist/keys/directory_state.js +155 -0
package/dist/keys/directory_state.js.map +1 -0
package/dist/keys/index.d.ts +18 -0
package/dist/keys/index.d.ts.map +1 -0
package/dist/keys/index.js +18 -0
package/dist/keys/index.js.map +1 -0
package/dist/keys/key_revocation.d.ts +61 -0
package/dist/keys/key_revocation.d.ts.map +1 -0
package/dist/keys/key_revocation.js +88 -0
package/dist/keys/key_revocation.js.map +1 -0
package/dist/keys/request.d.ts +124 -0
package/dist/keys/request.d.ts.map +1 -0
package/dist/keys/request.js +130 -0
package/dist/keys/request.js.map +1 -0
package/dist/keys/sign.d.ts +49 -0
package/dist/keys/sign.d.ts.map +1 -0
package/dist/keys/sign.js +80 -0
package/dist/keys/sign.js.map +1 -0
package/dist/keys/signed.d.ts +80 -0
package/dist/keys/signed.d.ts.map +1 -0
package/dist/keys/signed.js +138 -0
package/dist/keys/signed.js.map +1 -0
package/dist/keys/store.d.ts +138 -0
package/dist/keys/store.d.ts.map +1 -0
package/dist/keys/store.js +107 -0
package/dist/keys/store.js.map +1 -0
package/dist/largeattachment/crypto.d.ts +47 -0
package/dist/largeattachment/crypto.d.ts.map +1 -0
package/dist/largeattachment/crypto.js +235 -0
package/dist/largeattachment/crypto.js.map +1 -0
package/dist/largeattachment/enclosure.d.ts +48 -0
package/dist/largeattachment/enclosure.d.ts.map +1 -0
package/dist/largeattachment/enclosure.js +102 -0
package/dist/largeattachment/enclosure.js.map +1 -0
package/dist/largeattachment/index.d.ts +15 -0
package/dist/largeattachment/index.d.ts.map +1 -0
package/dist/largeattachment/index.js +15 -0
package/dist/largeattachment/index.js.map +1 -0
package/dist/largeattachment/store.d.ts +36 -0
package/dist/largeattachment/store.d.ts.map +1 -0
package/dist/largeattachment/store.js +37 -0
package/dist/largeattachment/store.js.map +1 -0
package/dist/largeattachment/types.d.ts +56 -0
package/dist/largeattachment/types.d.ts.map +1 -0
package/dist/largeattachment/types.js +31 -0
package/dist/largeattachment/types.js.map +1 -0
package/dist/largeattachment/upload.d.ts +62 -0
package/dist/largeattachment/upload.d.ts.map +1 -0
package/dist/largeattachment/upload.js +166 -0
package/dist/largeattachment/upload.js.map +1 -0
package/dist/migration/index.d.ts +17 -0
package/dist/migration/index.d.ts.map +1 -0
package/dist/migration/index.js +17 -0
package/dist/migration/index.js.map +1 -0
package/dist/migration/lockout.d.ts +48 -0
package/dist/migration/lockout.d.ts.map +1 -0
package/dist/migration/lockout.js +57 -0
package/dist/migration/lockout.js.map +1 -0
package/dist/migration/migration.d.ts +48 -0
package/dist/migration/migration.d.ts.map +1 -0
package/dist/migration/migration.js +58 -0
package/dist/migration/migration.js.map +1 -0
package/dist/migration/notice.d.ts +33 -0
package/dist/migration/notice.d.ts.map +1 -0
package/dist/migration/notice.js +85 -0
package/dist/migration/notice.js.map +1 -0
package/dist/migration/orchestrate.d.ts +109 -0
package/dist/migration/orchestrate.d.ts.map +1 -0
package/dist/migration/orchestrate.js +212 -0
package/dist/migration/orchestrate.js.map +1 -0
package/dist/migration/publication_store.d.ts +34 -0
package/dist/migration/publication_store.d.ts.map +1 -0
package/dist/migration/publication_store.js +44 -0
package/dist/migration/publication_store.js.map +1 -0
package/dist/migration/sign.d.ts +65 -0
package/dist/migration/sign.d.ts.map +1 -0
package/dist/migration/sign.js +331 -0
package/dist/migration/sign.js.map +1 -0
package/dist/migration/types.d.ts +92 -0
package/dist/migration/types.d.ts.map +1 -0
package/dist/migration/types.js +26 -0
package/dist/migration/types.js.map +1 -0
package/dist/reasoncodes.d.ts +42 -0
package/dist/reasoncodes.d.ts.map +1 -0
package/dist/reasoncodes.js +80 -0
package/dist/reasoncodes.js.map +1 -0
package/dist/recovery/bundle.d.ts +34 -0
package/dist/recovery/bundle.d.ts.map +1 -0
package/dist/recovery/bundle.js +144 -0
package/dist/recovery/bundle.js.map +1 -0
package/dist/recovery/bundle_crypto.d.ts +60 -0
package/dist/recovery/bundle_crypto.d.ts.map +1 -0
package/dist/recovery/bundle_crypto.js +179 -0
package/dist/recovery/bundle_crypto.js.map +1 -0
package/dist/recovery/bundle_store.d.ts +57 -0
package/dist/recovery/bundle_store.d.ts.map +1 -0
package/dist/recovery/bundle_store.js +104 -0
package/dist/recovery/bundle_store.js.map +1 -0
package/dist/recovery/index.d.ts +19 -0
package/dist/recovery/index.d.ts.map +1 -0
package/dist/recovery/index.js +19 -0
package/dist/recovery/index.js.map +1 -0
package/dist/recovery/manifest_crosscheck.d.ts +59 -0
package/dist/recovery/manifest_crosscheck.d.ts.map +1 -0
package/dist/recovery/manifest_crosscheck.js +59 -0
package/dist/recovery/manifest_crosscheck.js.map +1 -0
package/dist/recovery/shamir.d.ts +51 -0
package/dist/recovery/shamir.d.ts.map +1 -0
package/dist/recovery/shamir.js +181 -0
package/dist/recovery/shamir.js.map +1 -0
package/dist/recovery/sign.d.ts +61 -0
package/dist/recovery/sign.d.ts.map +1 -0
package/dist/recovery/sign.js +359 -0
package/dist/recovery/sign.js.map +1 -0
package/dist/recovery/types.d.ts +180 -0
package/dist/recovery/types.d.ts.map +1 -0
package/dist/recovery/types.js +31 -0
package/dist/recovery/types.js.map +1 -0
package/dist/reputation/abuse_report.d.ts +62 -0
package/dist/reputation/abuse_report.d.ts.map +1 -0
package/dist/reputation/abuse_report.js +111 -0
package/dist/reputation/abuse_report.js.map +1 -0
package/dist/reputation/bucketize.d.ts +31 -0
package/dist/reputation/bucketize.d.ts.map +1 -0
package/dist/reputation/bucketize.js +77 -0
package/dist/reputation/bucketize.js.map +1 -0
package/dist/reputation/gossip.d.ts +24 -0
package/dist/reputation/gossip.d.ts.map +1 -0
package/dist/reputation/gossip.js +64 -0
package/dist/reputation/gossip.js.map +1 -0
package/dist/reputation/gossip_fetch.d.ts +64 -0
package/dist/reputation/gossip_fetch.d.ts.map +1 -0
package/dist/reputation/gossip_fetch.js +114 -0
package/dist/reputation/gossip_fetch.js.map +1 -0
package/dist/reputation/index.d.ts +20 -0
package/dist/reputation/index.d.ts.map +1 -0
package/dist/reputation/index.js +20 -0
package/dist/reputation/index.js.map +1 -0
package/dist/reputation/observation_store.d.ts +67 -0
package/dist/reputation/observation_store.d.ts.map +1 -0
package/dist/reputation/observation_store.js +171 -0
package/dist/reputation/observation_store.js.map +1 -0
package/dist/reputation/pow.d.ts +91 -0
package/dist/reputation/pow.d.ts.map +1 -0
package/dist/reputation/pow.js +209 -0
package/dist/reputation/pow.js.map +1 -0
package/dist/reputation/sign.d.ts +40 -0
package/dist/reputation/sign.d.ts.map +1 -0
package/dist/reputation/sign.js +202 -0
package/dist/reputation/sign.js.map +1 -0
package/dist/reputation/types.d.ts +133 -0
package/dist/reputation/types.d.ts.map +1 -0
package/dist/reputation/types.js +33 -0
package/dist/reputation/types.js.map +1 -0
package/dist/reputation/whois.d.ts +25 -0
package/dist/reputation/whois.d.ts.map +1 -0
package/dist/reputation/whois.js +20 -0
package/dist/reputation/whois.js.map +1 -0
package/dist/seal/index.d.ts +8 -0
package/dist/seal/index.d.ts.map +1 -0
package/dist/seal/index.js +8 -0
package/dist/seal/index.js.map +1 -0
package/dist/seal/wrap.d.ts +74 -0
package/dist/seal/wrap.d.ts.map +1 -0
package/dist/seal/wrap.js +213 -0
package/dist/seal/wrap.js.map +1 -0
package/dist/session/dispatcher.d.ts +65 -0
package/dist/session/dispatcher.d.ts.map +1 -0
package/dist/session/dispatcher.js +96 -0
package/dist/session/dispatcher.js.map +1 -0
package/dist/session/index.d.ts +15 -0
package/dist/session/index.d.ts.map +1 -0
package/dist/session/index.js +15 -0
package/dist/session/index.js.map +1 -0
package/dist/session/rekey.d.ts +108 -0
package/dist/session/rekey.d.ts.map +1 -0
package/dist/session/rekey.js +207 -0
package/dist/session/rekey.js.map +1 -0
package/dist/session/rekey_seal.d.ts +66 -0
package/dist/session/rekey_seal.d.ts.map +1 -0
package/dist/session/rekey_seal.js +153 -0
package/dist/session/rekey_seal.js.map +1 -0
package/dist/session/resume.d.ts +125 -0
package/dist/session/resume.d.ts.map +1 -0
package/dist/session/resume.js +263 -0
package/dist/session/resume.js.map +1 -0
package/dist/session/session.d.ts +136 -0
package/dist/session/session.d.ts.map +1 -0
package/dist/session/session.js +188 -0
package/dist/session/session.js.map +1 -0
package/dist/transparency/index.d.ts +13 -0
package/dist/transparency/index.d.ts.map +1 -0
package/dist/transparency/index.js +13 -0
package/dist/transparency/index.js.map +1 -0
package/dist/transparency/log.d.ts +61 -0
package/dist/transparency/log.d.ts.map +1 -0
package/dist/transparency/log.js +133 -0
package/dist/transparency/log.js.map +1 -0
package/dist/transparency/merkle.d.ts +59 -0
package/dist/transparency/merkle.d.ts.map +1 -0
package/dist/transparency/merkle.js +314 -0
package/dist/transparency/merkle.js.map +1 -0
package/dist/transparency/sign.d.ts +48 -0
package/dist/transparency/sign.d.ts.map +1 -0
package/dist/transparency/sign.js +140 -0
package/dist/transparency/sign.js.map +1 -0
package/dist/transparency/types.d.ts +97 -0
package/dist/transparency/types.d.ts.map +1 -0
package/dist/transparency/types.js +25 -0
package/dist/transparency/types.js.map +1 -0
package/dist/transport/h2.d.ts +163 -0
package/dist/transport/h2.d.ts.map +1 -0
package/dist/transport/h2.js +397 -0
package/dist/transport/h2.js.map +1 -0
package/dist/transport/index.d.ts +15 -0
package/dist/transport/index.d.ts.map +1 -0
package/dist/transport/index.js +15 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/memory.d.ts +21 -0
package/dist/transport/memory.d.ts.map +1 -0
package/dist/transport/memory.js +112 -0
package/dist/transport/memory.js.map +1 -0
package/dist/transport/transport.d.ts +54 -0
package/dist/transport/transport.d.ts.map +1 -0
package/dist/transport/transport.js +20 -0
package/dist/transport/transport.js.map +1 -0
package/dist/transport/ws.d.ts +40 -0
package/dist/transport/ws.d.ts.map +1 -0
package/dist/transport/ws.js +204 -0
package/dist/transport/ws.js.map +1 -0
package/package.json +147 -0

package/dist/canonical/marshal.js ADDED Viewed

@@ -0,0 +1,107 @@
+/**
+ * Canonical JSON serialization per ENVELOPE.md §4.3.
+ *
+ * The canonical form is the byte stream over which signatures and
+ * MACs are computed. Two implementations producing different
+ * canonical bytes for the same logical document do not interoperate
+ * at the seal layer.
+ *
+ * Rules:
+ *   - Keys sorted lexicographically at every nesting level.
+ *   - No insignificant whitespace.
+ *   - UTF-8 encoding.
+ *   - Strings escaped per RFC 8259 §7.
+ *   - Numbers preserved exactly (no reformatting).
+ *
+ * Per-document elision rules (e.g. blanking `seal.signature`,
+ * omitting `postmark.hop_count` and `padding` for envelopes) are
+ * applied by callers via {@link marshalWithElision} before this
+ * generic marshal sees the value.
+ *
+ * @module
+ */
+/** Canonicalize a JSON-serializable value to UTF-8 bytes. */
+export function marshal(v) {
+    // Round-trip through JSON.parse so the input shape is normalized:
+    // any types the caller passed (Map, Date, etc.) become plain JSON
+    // values. This also catches non-JSON-serializable inputs early.
+    const raw = JSON.stringify(v);
+    if (raw === undefined) {
+        throw new Error("canonical: value is not JSON-serializable");
+    }
+    const generic = JSON.parse(raw);
+    return new TextEncoder().encode(serialize(generic));
+}
+/**
+ * Apply an in-place elision callback to a deep copy of `v`, then
+ * canonicalize. The elider can mutate `map[string]any` / `any[]`
+ * structures freely — the original is untouched.
+ *
+ * Use case: envelope canonicalization sets `seal.signature` and
+ * `seal.session_mac` to "", omits `postmark.hop_count`, omits
+ * `padding` — all by mutating the deep copy before serialization.
+ */
+export function marshalWithElision(v, elide) {
+    const raw = JSON.stringify(v);
+    if (raw === undefined) {
+        throw new Error("canonical: value is not JSON-serializable");
+    }
+    const clone = JSON.parse(raw);
+    elide(clone);
+    return new TextEncoder().encode(serialize(clone));
+}
+function serialize(v) {
+    if (v === null) {
+        return "null";
+    }
+    if (typeof v === "boolean") {
+        return v ? "true" : "false";
+    }
+    if (typeof v === "number") {
+        if (!Number.isFinite(v)) {
+            throw new Error(`canonical: non-finite number ${v}`);
+        }
+        // JSON.stringify emits the shortest accurate decimal form.
+        // For SEMP this is fine: vectors do not pin numeric edge cases
+        // requiring a different formatter.
+        return JSON.stringify(v);
+    }
+    if (typeof v === "string") {
+        return JSON.stringify(v);
+    }
+    if (Array.isArray(v)) {
+        let out = "[";
+        for (let i = 0; i < v.length; i++) {
+            if (i > 0) {
+                out += ",";
+            }
+            out += serialize(v[i]);
+        }
+        out += "]";
+        return out;
+    }
+    if (typeof v === "object") {
+        const obj = v;
+        const keys = Object.keys(obj).sort();
+        let out = "{";
+        let first = true;
+        for (const k of keys) {
+            // JSON.parse never produces undefined values, but be defensive.
+            const val = obj[k];
+            if (val === undefined) {
+                continue;
+            }
+            if (!first) {
+                out += ",";
+            }
+            out += JSON.stringify(k);
+            out += ":";
+            out += serialize(val);
+            first = false;
+        }
+        out += "}";
+        return out;
+    }
+    throw new Error(`canonical: unsupported type ${typeof v}`);
+}
+//# sourceMappingURL=marshal.js.map

package/dist/canonical/marshal.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"marshal.js","sourceRoot":"","sources":["../../src/canonical/marshal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,6DAA6D;AAC7D,MAAM,UAAU,OAAO,CAAC,CAAU;IAChC,kEAAkE;IAClE,kEAAkE;IAClE,gEAAgE;IAChE,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IACD,MAAM,OAAO,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;AACtD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAChC,CAAU,EACV,KAA+B;IAE/B,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IACD,MAAM,KAAK,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvC,KAAK,CAAC,KAAK,CAAC,CAAC;IACb,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,SAAS,CAAC,CAAU;IAC3B,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QACf,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IAC9B,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,EAAE,CAAC,CAAC;QACvD,CAAC;QACD,2DAA2D;QAC3D,+DAA+D;QAC/D,mCAAmC;QACnC,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC3B,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC3B,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QACrB,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACV,GAAG,IAAI,GAAG,CAAC;YACb,CAAC;YACD,GAAG,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;QACD,GAAG,IAAI,GAAG,CAAC;QACX,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,CAA4B,CAAC;QACzC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACrC,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,KAAK,GAAG,IAAI,CAAC;QACjB,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;YACrB,gEAAgE;YAChE,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YACnB,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,SAAS;YACX,CAAC;YACD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,GAAG,IAAI,GAAG,CAAC;YACb,CAAC;YACD,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;YACzB,GAAG,IAAI,GAAG,CAAC;YACX,GAAG,IAAI,SAAS,CAAC,GAAG,CAAC,CAAC;YACtB,KAAK,GAAG,KAAK,CAAC;QAChB,CAAC;QACD,GAAG,IAAI,GAAG,CAAC;QACX,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,+BAA+B,OAAO,CAAC,EAAE,CAAC,CAAC;AAC7D,CAAC"}

package/dist/clockskew/index.d.ts ADDED Viewed

@@ -0,0 +1,52 @@
+/**
+ * Tiered clock-skew tolerance per CONFORMANCE.md §9.3.
+ *
+ * SEMP timestamps appear in many places: postmark.expires, PoW
+ * challenge expires, session expires_at, block list sync timestamps,
+ * queue state records, backup bundle created_at, migration
+ * migrated_at, forwarder attestations, and delegated certificate
+ * lifetimes. Every validator MUST enforce a consistent tolerance.
+ *
+ * Tiers:
+ *   - Future-dated: MUST reject if T > now + 15 min; SHOULD reject
+ *     if T > now + 5 min; MUST accept T within 0..5 min of now.
+ *   - Expired:      MUST reject when now > T + 15 min; SHOULD reject
+ *     at now > T; MAY grace 5 min.
+ *
+ * Senders MUST NOT rely on grace windows. Senders MUST set expiry
+ * far enough in the future that a well-behaved verifier accepts
+ * them without grace.
+ *
+ * @module
+ */
+/** Clock-skew tolerance, in milliseconds on each side. */
+export interface Tolerance {
+    /** Maximum (T - now) accepted for a future-dated timestamp. */
+    forwardMs: number;
+    /** Maximum (now - T) accepted for an expired timestamp. */
+    graceMs: number;
+}
+/**
+ * MUST-level tolerance: 15 minutes on either side. Matches the
+ * boundary CONFORMANCE.md §9.3.1 sets as the hard reject threshold.
+ */
+export declare function defaultTolerance(): Tolerance;
+/**
+ * SHOULD-level tolerance: 5 minutes future, no grace on expiry.
+ * Verifiers that want the tighter SHOULD interpretation use this.
+ */
+export declare function strictTolerance(): Tolerance;
+/**
+ * Check that `t` is not too far in the future relative to `now`.
+ * Returns null on accept; an Error on reject. A timestamp at or
+ * before `now` is always accepted (past timestamps are the expiry
+ * path, not the future-dated path).
+ */
+export declare function checkFutureTimestamp(t: Date, now: Date, tol: Tolerance): Error | null;
+/**
+ * Check that `expiresAt` is not too far in the past relative to
+ * `now`. Returns null on accept; an Error on reject. A timestamp
+ * after `now` is always accepted.
+ */
+export declare function checkExpiry(expiresAt: Date, now: Date, tol: Tolerance): Error | null;
+//# sourceMappingURL=index.d.ts.map

package/dist/clockskew/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/clockskew/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,0DAA0D;AAC1D,MAAM,WAAW,SAAS;IACxB,+DAA+D;IAC/D,SAAS,EAAE,MAAM,CAAC;IAClB,2DAA2D;IAC3D,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,SAAS,CAE5C;AAED;;;GAGG;AACH,wBAAgB,eAAe,IAAI,SAAS,CAE3C;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAClC,CAAC,EAAE,IAAI,EACP,GAAG,EAAE,IAAI,EACT,GAAG,EAAE,SAAS,GACb,KAAK,GAAG,IAAI,CAUd;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CACzB,SAAS,EAAE,IAAI,EACf,GAAG,EAAE,IAAI,EACT,GAAG,EAAE,SAAS,GACb,KAAK,GAAG,IAAI,CAOd"}

package/dist/clockskew/index.js ADDED Viewed

@@ -0,0 +1,62 @@
+/**
+ * Tiered clock-skew tolerance per CONFORMANCE.md §9.3.
+ *
+ * SEMP timestamps appear in many places: postmark.expires, PoW
+ * challenge expires, session expires_at, block list sync timestamps,
+ * queue state records, backup bundle created_at, migration
+ * migrated_at, forwarder attestations, and delegated certificate
+ * lifetimes. Every validator MUST enforce a consistent tolerance.
+ *
+ * Tiers:
+ *   - Future-dated: MUST reject if T > now + 15 min; SHOULD reject
+ *     if T > now + 5 min; MUST accept T within 0..5 min of now.
+ *   - Expired:      MUST reject when now > T + 15 min; SHOULD reject
+ *     at now > T; MAY grace 5 min.
+ *
+ * Senders MUST NOT rely on grace windows. Senders MUST set expiry
+ * far enough in the future that a well-behaved verifier accepts
+ * them without grace.
+ *
+ * @module
+ */
+/**
+ * MUST-level tolerance: 15 minutes on either side. Matches the
+ * boundary CONFORMANCE.md §9.3.1 sets as the hard reject threshold.
+ */
+export function defaultTolerance() {
+    return { forwardMs: 15 * 60 * 1000, graceMs: 15 * 60 * 1000 };
+}
+/**
+ * SHOULD-level tolerance: 5 minutes future, no grace on expiry.
+ * Verifiers that want the tighter SHOULD interpretation use this.
+ */
+export function strictTolerance() {
+    return { forwardMs: 5 * 60 * 1000, graceMs: 0 };
+}
+/**
+ * Check that `t` is not too far in the future relative to `now`.
+ * Returns null on accept; an Error on reject. A timestamp at or
+ * before `now` is always accepted (past timestamps are the expiry
+ * path, not the future-dated path).
+ */
+export function checkFutureTimestamp(t, now, tol) {
+    if (t.getTime() <= now.getTime()) {
+        return null;
+    }
+    if (t.getTime() - now.getTime() > tol.forwardMs) {
+        return new Error(`clockskew: timestamp ${t.toISOString()} is more than ${tol.forwardMs}ms in the future of ${now.toISOString()}`);
+    }
+    return null;
+}
+/**
+ * Check that `expiresAt` is not too far in the past relative to
+ * `now`. Returns null on accept; an Error on reject. A timestamp
+ * after `now` is always accepted.
+ */
+export function checkExpiry(expiresAt, now, tol) {
+    if (now.getTime() <= expiresAt.getTime() + tol.graceMs) {
+        return null;
+    }
+    return new Error(`clockskew: expiry ${expiresAt.toISOString()} is more than ${tol.graceMs}ms in the past of ${now.toISOString()}`);
+}
+//# sourceMappingURL=index.js.map

package/dist/clockskew/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/clockskew/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAUH;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;AAChE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe;IAC7B,OAAO,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAClC,CAAO,EACP,GAAS,EACT,GAAc;IAEd,IAAI,CAAC,CAAC,OAAO,EAAE,IAAI,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;QAChD,OAAO,IAAI,KAAK,CACd,wBAAwB,CAAC,CAAC,WAAW,EAAE,iBAAiB,GAAG,CAAC,SAAS,uBAAuB,GAAG,CAAC,WAAW,EAAE,EAAE,CAChH,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CACzB,SAAe,EACf,GAAS,EACT,GAAc;IAEd,IAAI,GAAG,CAAC,OAAO,EAAE,IAAI,SAAS,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,KAAK,CACd,qBAAqB,SAAS,CAAC,WAAW,EAAE,iBAAiB,GAAG,CAAC,OAAO,qBAAqB,GAAG,CAAC,WAAW,EAAE,EAAE,CACjH,CAAC;AACJ,CAAC"}

package/dist/closure/closure.d.ts ADDED Viewed

@@ -0,0 +1,106 @@
+/**
+ * SEMP_ACCOUNT_CLOSURE record types and signing primitives per
+ * CLOSURE.md.
+ *
+ * A closure is a two-step lifecycle: a full-access device submits
+ * a `request` with a grace period; during the grace period any
+ * full-access device may submit a `cancel` to abort. At
+ * `requested_at + grace_period_seconds` the home server finalizes
+ * per §4.
+ *
+ * This module covers the wire records and their signing /
+ * verifying primitives. Home-server orchestration (driver state,
+ * finalization side effects, ingress handling, local-part
+ * reassignment) lives in {@link "./driver"} + {@link "./store"}.
+ *
+ * @module
+ */
+/** Wire-level constants per §2.1. */
+export declare const RecordType = "SEMP_ACCOUNT_CLOSURE";
+export declare const RecordVersion = "1.0.0";
+/** Domain-separation prefix per ENVELOPE.md §4.3. */
+export declare const AccountClosurePrefix = "SEMP-ACCOUNT-CLOSURE:";
+/** Only signature algorithm currently defined. */
+export declare const SignatureAlgorithmEd25519 = "ed25519";
+/** Step discriminator per §2.2. */
+export type Step = "request" | "cancel";
+/** Grace-period bounds per §3.1, in seconds. */
+export declare const MinGracePeriodSeconds: number;
+export declare const MaxGracePeriodSeconds: number;
+export declare const RecommendedGracePeriodSeconds: number;
+/** Reusable signature block. */
+export interface ClosureSignature {
+    algorithm: string;
+    key_id: string;
+    value: string;
+}
+/**
+ * SEMP_ACCOUNT_CLOSURE request or cancel record per §2.1. The same
+ * shape covers both steps; `step` disambiguates.
+ */
+export interface ClosureRecord {
+    type: typeof RecordType;
+    step: Step;
+    version: string;
+    user_id: string;
+    /** ISO 8601 UTC timestamp. */
+    requested_at: string;
+    grace_period_seconds: number;
+    /** Issuing device's fingerprint. */
+    issued_by: string;
+    signature: ClosureSignature;
+}
+/** Inputs to {@link signClosureRecord}. */
+export interface SignClosureRecordInput {
+    /** Pre-sign record; signature will be replaced. */
+    record: ClosureRecord;
+    /** 32-byte Ed25519 secret seed for the issuing full-access device. */
+    deviceSigningSeed: Uint8Array;
+    /** Lowercase-hex SHA-256 fingerprint of the device public key. */
+    deviceKeyId: string;
+}
+/** Result of a successful {@link signClosureRecord}. */
+export interface SignClosureRecordResult {
+    record: ClosureRecord;
+    signatureB64: string;
+}
+/**
+ * Build and Ed25519-sign a closure record per §2.3. Pre-populates
+ * `signature.{algorithm,key_id}` so the canonical bytes cover them
+ * (defense against algorithm/issuer downgrade).
+ */
+export declare function signClosureRecord(input: SignClosureRecordInput): SignClosureRecordResult;
+/**
+ * Ed25519-verify a closure record under `devicePub`. Returns true
+ * on success. Does NOT enforce the §2.3 authority rule (the signing
+ * device MUST be a current full-access device of the account); the
+ * home server applies that check via the device directory.
+ */
+export declare function verifyClosureRecord(record: ClosureRecord, devicePub: Uint8Array): boolean;
+/** Options for {@link validateClosureRecord}. */
+export interface ValidateClosureOptions {
+    /**
+     * When true, do not require `signature.value` to be a non-empty
+     * string. Used during the compose path before signing.
+     */
+    skipSignatureCheck?: boolean;
+}
+/**
+ * Structural validation per §2.2. Throws on the first violation.
+ * Cancel records skip the grace-period bound check (§3.2: the
+ * cancellation does not introduce a new grace period; the request
+ * being canceled already validated its bound).
+ */
+export declare function validateClosureRecord(r: ClosureRecord, opts?: ValidateClosureOptions): void;
+/**
+ * Wall-clock at which the home server MUST finalize per §4.1:
+ * `requested_at + grace_period_seconds`.
+ */
+export declare function finalizationAt(record: ClosureRecord): Date;
+/**
+ * Report whether `now` has reached or passed the finalization
+ * timestamp per §4.1. Returns false for cancel records (only
+ * requests finalize).
+ */
+export declare function isFinalizable(record: ClosureRecord, now: Date): boolean;
+//# sourceMappingURL=closure.d.ts.map

package/dist/closure/closure.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"closure.d.ts","sourceRoot":"","sources":["../../src/closure/closure.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,qCAAqC;AACrC,eAAO,MAAM,UAAU,yBAAyB,CAAC;AACjD,eAAO,MAAM,aAAa,UAAU,CAAC;AAErC,qDAAqD;AACrD,eAAO,MAAM,oBAAoB,0BAA0B,CAAC;AAE5D,kDAAkD;AAClD,eAAO,MAAM,yBAAyB,YAAY,CAAC;AAEnD,mCAAmC;AACnC,MAAM,MAAM,IAAI,GAAG,SAAS,GAAG,QAAQ,CAAC;AAExC,gDAAgD;AAChD,eAAO,MAAM,qBAAqB,QAAmB,CAAC;AACtD,eAAO,MAAM,qBAAqB,QAAoB,CAAC;AACvD,eAAO,MAAM,6BAA6B,QAAoB,CAAC;AAE/D,gCAAgC;AAChC,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,OAAO,UAAU,CAAC;IACxB,IAAI,EAAE,IAAI,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,oCAAoC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,gBAAgB,CAAC;CAC7B;AAED,2CAA2C;AAC3C,MAAM,WAAW,sBAAsB;IACrC,mDAAmD;IACnD,MAAM,EAAE,aAAa,CAAC;IACtB,sEAAsE;IACtE,iBAAiB,EAAE,UAAU,CAAC;IAC9B,kEAAkE;IAClE,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wDAAwD;AACxD,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,aAAa,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,sBAAsB,GAC5B,uBAAuB,CAwBzB;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,aAAa,EACrB,SAAS,EAAE,UAAU,GACpB,OAAO,CAYT;AAED,iDAAiD;AACjD,MAAM,WAAW,sBAAsB;IACrC;;;OAGG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,CAAC,EAAE,aAAa,EAChB,IAAI,GAAE,sBAA2B,GAChC,IAAI,CAiDN;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAM1D;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAKvE"}

package/dist/closure/closure.js ADDED Viewed

@@ -0,0 +1,152 @@
+/**
+ * SEMP_ACCOUNT_CLOSURE record types and signing primitives per
+ * CLOSURE.md.
+ *
+ * A closure is a two-step lifecycle: a full-access device submits
+ * a `request` with a grace period; during the grace period any
+ * full-access device may submit a `cancel` to abort. At
+ * `requested_at + grace_period_seconds` the home server finalizes
+ * per §4.
+ *
+ * This module covers the wire records and their signing /
+ * verifying primitives. Home-server orchestration (driver state,
+ * finalization side effects, ingress handling, local-part
+ * reassignment) lives in {@link "./driver"} + {@link "./store"}.
+ *
+ * @module
+ */
+import { signSignedDoc, verifySignedDoc } from "../keys/index.js";
+/** Wire-level constants per §2.1. */
+export const RecordType = "SEMP_ACCOUNT_CLOSURE";
+export const RecordVersion = "1.0.0";
+/** Domain-separation prefix per ENVELOPE.md §4.3. */
+export const AccountClosurePrefix = "SEMP-ACCOUNT-CLOSURE:";
+/** Only signature algorithm currently defined. */
+export const SignatureAlgorithmEd25519 = "ed25519";
+/** Grace-period bounds per §3.1, in seconds. */
+export const MinGracePeriodSeconds = 7 * 24 * 60 * 60;
+export const MaxGracePeriodSeconds = 90 * 24 * 60 * 60;
+export const RecommendedGracePeriodSeconds = 30 * 24 * 60 * 60;
+/**
+ * Build and Ed25519-sign a closure record per §2.3. Pre-populates
+ * `signature.{algorithm,key_id}` so the canonical bytes cover them
+ * (defense against algorithm/issuer downgrade).
+ */
+export function signClosureRecord(input) {
+    if (input.deviceKeyId === "") {
+        throw new Error("closure: empty device key_id");
+    }
+    validateClosureRecord(input.record, { skipSignatureCheck: true });
+    const preSign = {
+        ...input.record,
+        signature: {
+            algorithm: SignatureAlgorithmEd25519,
+            key_id: input.deviceKeyId,
+            value: "",
+        },
+    };
+    const { signedJSON, signatureB64 } = signSignedDoc({
+        preSignJSON: preSign,
+        seed: input.deviceSigningSeed,
+        signaturePath: "signature.value",
+        prefix: AccountClosurePrefix,
+    });
+    return {
+        record: signedJSON,
+        signatureB64,
+    };
+}
+/**
+ * Ed25519-verify a closure record under `devicePub`. Returns true
+ * on success. Does NOT enforce the §2.3 authority rule (the signing
+ * device MUST be a current full-access device of the account); the
+ * home server applies that check via the device directory.
+ */
+export function verifyClosureRecord(record, devicePub) {
+    validateClosureRecord(record);
+    if (record.signature.value === "") {
+        return false;
+    }
+    const { ok } = verifySignedDoc({
+        signedJSON: record,
+        publicKey: devicePub,
+        signaturePath: "signature.value",
+        prefix: AccountClosurePrefix,
+    });
+    return ok;
+}
+/**
+ * Structural validation per §2.2. Throws on the first violation.
+ * Cancel records skip the grace-period bound check (§3.2: the
+ * cancellation does not introduce a new grace period; the request
+ * being canceled already validated its bound).
+ */
+export function validateClosureRecord(r, opts = {}) {
+    if (r.type !== RecordType) {
+        throw new Error(`closure: type ${JSON.stringify(r.type)}, want ${RecordType}`);
+    }
+    if (r.step !== "request" && r.step !== "cancel") {
+        throw new Error(`closure: step ${JSON.stringify(r.step)} is not request or cancel`);
+    }
+    if (typeof r.version !== "string" || r.version === "") {
+        throw new Error("closure: missing version");
+    }
+    if (typeof r.user_id !== "string" || r.user_id === "") {
+        throw new Error("closure: missing user_id");
+    }
+    if (typeof r.requested_at !== "string" || r.requested_at === "") {
+        throw new Error("closure: missing requested_at");
+    }
+    if (Number.isNaN(Date.parse(r.requested_at))) {
+        throw new Error("closure: requested_at is not ISO 8601");
+    }
+    if (typeof r.issued_by !== "string" || r.issued_by === "") {
+        throw new Error("closure: missing issued_by");
+    }
+    if (r.step === "request") {
+        if (!Number.isInteger(r.grace_period_seconds)) {
+            throw new Error("closure: grace_period_seconds must be an integer");
+        }
+        if (r.grace_period_seconds < MinGracePeriodSeconds) {
+            throw new Error(`closure: grace_period_seconds ${r.grace_period_seconds} below minimum ${MinGracePeriodSeconds} (7 days)`);
+        }
+        if (r.grace_period_seconds > MaxGracePeriodSeconds) {
+            throw new Error(`closure: grace_period_seconds ${r.grace_period_seconds} exceeds maximum ${MaxGracePeriodSeconds} (90 days)`);
+        }
+    }
+    if (typeof r.signature?.algorithm !== "string") {
+        throw new Error("closure: missing signature.algorithm");
+    }
+    if (typeof r.signature?.key_id !== "string") {
+        throw new Error("closure: missing signature.key_id");
+    }
+    if (typeof r.signature?.value !== "string") {
+        throw new Error("closure: signature.value must be a string");
+    }
+    if (!opts.skipSignatureCheck && r.signature.value === "") {
+        throw new Error("closure: record is unsigned");
+    }
+}
+/**
+ * Wall-clock at which the home server MUST finalize per §4.1:
+ * `requested_at + grace_period_seconds`.
+ */
+export function finalizationAt(record) {
+    const ts = Date.parse(record.requested_at);
+    if (Number.isNaN(ts)) {
+        throw new Error("closure: requested_at is not ISO 8601");
+    }
+    return new Date(ts + record.grace_period_seconds * 1000);
+}
+/**
+ * Report whether `now` has reached or passed the finalization
+ * timestamp per §4.1. Returns false for cancel records (only
+ * requests finalize).
+ */
+export function isFinalizable(record, now) {
+    if (record.step !== "request") {
+        return false;
+    }
+    return now.getTime() >= finalizationAt(record).getTime();
+}
+//# sourceMappingURL=closure.js.map

package/dist/closure/closure.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"closure.js","sourceRoot":"","sources":["../../src/closure/closure.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAElE,qCAAqC;AACrC,MAAM,CAAC,MAAM,UAAU,GAAG,sBAAsB,CAAC;AACjD,MAAM,CAAC,MAAM,aAAa,GAAG,OAAO,CAAC;AAErC,qDAAqD;AACrD,MAAM,CAAC,MAAM,oBAAoB,GAAG,uBAAuB,CAAC;AAE5D,kDAAkD;AAClD,MAAM,CAAC,MAAM,yBAAyB,GAAG,SAAS,CAAC;AAKnD,gDAAgD;AAChD,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AACtD,MAAM,CAAC,MAAM,qBAAqB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AACvD,MAAM,CAAC,MAAM,6BAA6B,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AA0C/D;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,KAA6B;IAE7B,IAAI,KAAK,CAAC,WAAW,KAAK,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAClD,CAAC;IACD,qBAAqB,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;IAElE,MAAM,OAAO,GAAkB;QAC7B,GAAG,KAAK,CAAC,MAAM;QACf,SAAS,EAAE;YACT,SAAS,EAAE,yBAAyB;YACpC,MAAM,EAAE,KAAK,CAAC,WAAW;YACzB,KAAK,EAAE,EAAE;SACV;KACF,CAAC;IACF,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;QACjD,WAAW,EAAE,OAA6C;QAC1D,IAAI,EAAE,KAAK,CAAC,iBAAiB;QAC7B,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,oBAAoB;KAC7B,CAAC,CAAC;IACH,OAAO;QACL,MAAM,EAAE,UAAsC;QAC9C,YAAY;KACb,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAqB,EACrB,SAAqB;IAErB,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC9B,IAAI,MAAM,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAClC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,EAAE,EAAE,EAAE,GAAG,eAAe,CAAC;QAC7B,UAAU,EAAE,MAA4C;QACxD,SAAS,EAAE,SAAS;QACpB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,oBAAoB;KAC7B,CAAC,CAAC;IACH,OAAO,EAAE,CAAC;AACZ,CAAC;AAWD;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CACnC,CAAgB,EAChB,OAA+B,EAAE;IAEjC,IAAI,CAAC,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,UAAU,EAAE,CAAC,CAAC;IACjF,CAAC;IACD,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACtF,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,CAAC,YAAY,KAAK,EAAE,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACzB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QACD,IAAI,CAAC,CAAC,oBAAoB,GAAG,qBAAqB,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,iCAAiC,CAAC,CAAC,oBAAoB,kBAAkB,qBAAqB,WAAW,CAC1G,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,CAAC,oBAAoB,GAAG,qBAAqB,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,iCAAiC,CAAC,CAAC,oBAAoB,oBAAoB,qBAAqB,YAAY,CAC7G,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,SAAS,EAAE,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,SAAS,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,MAAqB;IAClD,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC3C,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,IAAI,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;AAC3D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,MAAqB,EAAE,GAAS;IAC5D,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,GAAG,CAAC,OAAO,EAAE,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC;AAC3D,CAAC"}

package/dist/closure/driver.d.ts ADDED Viewed

@@ -0,0 +1,103 @@
+/**
+ * Home-server closure driver per CLOSURE.md §3 + §4 + §5.
+ *
+ * Orchestrates closure lifecycle on a {@link ClosureStore}:
+ *  - {@link Driver.submit}: accept a request or cancel
+ *  - {@link Driver.tick}: drive due requests to finalization
+ *  - {@link Driver.isAccountClosed}: §5 ingress enforcement
+ *  - {@link Driver.recipientPolicy}: returns a delivery-policy
+ *    adapter that rejects envelopes addressed to closed accounts
+ *
+ * @module
+ */
+import type { Acknowledgment, RecipientStatus } from "../delivery/index.js";
+import type { ReasonCode } from "../reasoncodes.js";
+import { type ClosureRecord } from "./closure.js";
+import { type ClosureStore } from "./store.js";
+/** Inputs to the {@link Driver} constructor. */
+export interface DriverConfig {
+    /** Persistence backend. Tests pass {@link InMemoryClosureStore}. */
+    store: ClosureStore;
+    /** Wall-clock provider. Defaults to `() => new Date()`. */
+    nowFn?: () => Date;
+}
+/**
+ * Outcome of a {@link Driver.submit} call.
+ *
+ *  - `accepted`: the request was inserted (for `step=request`) or
+ *    a pending request was canceled (for `step=cancel`).
+ *  - `already_pending`: a request is already pending for this
+ *    user_id; the §2.4 rule rejects double-requests.
+ *  - `not_pending`: a cancel arrived for an account with no
+ *    pending request — the spec treats this as a no-op success.
+ *  - `invalid`: the record failed structural validation.
+ */
+export type SubmitResult = {
+    kind: "accepted";
+} | {
+    kind: "already_pending";
+} | {
+    kind: "not_pending";
+} | {
+    kind: "invalid";
+    reason: string;
+};
+/** Outcome entry returned by {@link Driver.tick}. */
+export interface FinalizeResult {
+    user_id: string;
+    finalized_at: Date;
+}
+/** Closure driver. */
+export declare class Driver {
+    private readonly store;
+    private readonly nowFn;
+    constructor(cfg: DriverConfig);
+    /**
+     * Apply `record` to the store. Caller MUST verify the record's
+     * signature and authority (§2.3 — the issuing device must be a
+     * full-access device of the account) BEFORE calling submit.
+     */
+    submit(record: ClosureRecord): Promise<SubmitResult>;
+    /**
+     * Drive any pending requests whose finalization timestamp has
+     * arrived to the finalized state. Returns the list of accounts
+     * finalized in this tick (deterministically ordered).
+     */
+    tick(): Promise<FinalizeResult[]>;
+    /**
+     * Report whether `userId`'s account is currently closed within
+     * the §6.1 retention window.
+     *
+     * Returns true when `getFinalized(userId)` yields a timestamp
+     * (the store enforces retention via its prune path; once an
+     * entry is pruned, this returns false and the local-part is
+     * eligible for §6.2 reassignment).
+     */
+    isAccountClosed(userId: string): Promise<boolean>;
+    /**
+     * Return a per-recipient delivery-policy adapter that rejects
+     * envelopes addressed to closed accounts per §5.1, preserving
+     * existence indistinguishability per DESIGN.md §2.7 (the
+     * `policy_forbidden` reason is the same one a non-existent
+     * address receives).
+     *
+     * Pass `useSilent: true` to return the `silent` acknowledgment
+     * instead. Both preserve indistinguishability; the choice is
+     * operator policy.
+     */
+    recipientPolicy(opts?: {
+        useSilent?: boolean;
+    }): RecipientPolicyFunc;
+}
+/**
+ * Per-recipient policy gate signature. Returns `null` to pass
+ * through to subsequent checks; returns a structured outcome to
+ * short-circuit delivery.
+ */
+export type RecipientPolicyFunc = (recipientAddress: string) => Promise<null | {
+    acknowledgment: Acknowledgment;
+    reason_code?: ReasonCode;
+    reason?: string;
+    recipient_status?: RecipientStatus;
+}>;
+//# sourceMappingURL=driver.d.ts.map

package/dist/closure/driver.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"driver.d.ts","sourceRoot":"","sources":["../../src/closure/driver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,EACL,KAAK,aAAa,EAGnB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,KAAK,YAAY,EAAuB,MAAM,YAAY,CAAC;AAEpE,gDAAgD;AAChD,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,KAAK,EAAE,YAAY,CAAC;IACpB,2DAA2D;IAC3D,KAAK,CAAC,EAAE,MAAM,IAAI,CAAC;CACpB;AAED;;;;;;;;;;GAUG;AACH,MAAM,MAAM,YAAY,GACpB;IAAE,IAAI,EAAE,UAAU,CAAA;CAAE,GACpB;IAAE,IAAI,EAAE,iBAAiB,CAAA;CAAE,GAC3B;IAAE,IAAI,EAAE,aAAa,CAAA;CAAE,GACvB;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAExC,qDAAqD;AACrD,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,IAAI,CAAC;CACpB;AAED,sBAAsB;AACtB,qBAAa,MAAM;IACjB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAe;IACrC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAa;gBAEvB,GAAG,EAAE,YAAY;IAK7B;;;;OAIG;IACG,MAAM,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;IA8B1D;;;;OAIG;IACG,IAAI,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAevC;;;;;;;;OAQG;IACG,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKvD;;;;;;;;;;OAUG;IACH,eAAe,CAAC,IAAI,GAAE;QAAE,SAAS,CAAC,EAAE,OAAO,CAAA;KAAO,GAAG,mBAAmB;CAuBzE;AAED;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,gBAAgB,EAAE,MAAM,KAAK,OAAO,CACnE,IAAI,GACJ;IACE,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gBAAgB,CAAC,EAAE,eAAe,CAAC;CACpC,CACJ,CAAC"}