npm - @sempdev/semp - Versions diffs - 0.4.3 - Mend

@sempdev/semp 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/LICENSE +21 -0
package/README.md +59 -0
package/dist/brief/address.d.ts +77 -0
package/dist/brief/address.d.ts.map +1 -0
package/dist/brief/address.js +217 -0
package/dist/brief/address.js.map +1 -0
package/dist/brief/brief.d.ts +75 -0
package/dist/brief/brief.d.ts.map +1 -0
package/dist/brief/brief.js +56 -0
package/dist/brief/brief.js.map +1 -0
package/dist/brief/index.d.ts +11 -0
package/dist/brief/index.d.ts.map +1 -0
package/dist/brief/index.js +11 -0
package/dist/brief/index.js.map +1 -0
package/dist/canonical/index.d.ts +8 -0
package/dist/canonical/index.d.ts.map +1 -0
package/dist/canonical/index.js +8 -0
package/dist/canonical/index.js.map +1 -0
package/dist/canonical/marshal.d.ts +35 -0
package/dist/canonical/marshal.d.ts.map +1 -0
package/dist/canonical/marshal.js +107 -0
package/dist/canonical/marshal.js.map +1 -0
package/dist/clockskew/index.d.ts +52 -0
package/dist/clockskew/index.d.ts.map +1 -0
package/dist/clockskew/index.js +62 -0
package/dist/clockskew/index.js.map +1 -0
package/dist/closure/closure.d.ts +106 -0
package/dist/closure/closure.d.ts.map +1 -0
package/dist/closure/closure.js +152 -0
package/dist/closure/closure.js.map +1 -0
package/dist/closure/driver.d.ts +103 -0
package/dist/closure/driver.d.ts.map +1 -0
package/dist/closure/driver.js +126 -0
package/dist/closure/driver.js.map +1 -0
package/dist/closure/index.d.ts +13 -0
package/dist/closure/index.d.ts.map +1 -0
package/dist/closure/index.js +13 -0
package/dist/closure/index.js.map +1 -0
package/dist/closure/store.d.ts +80 -0
package/dist/closure/store.d.ts.map +1 -0
package/dist/closure/store.js +89 -0
package/dist/closure/store.js.map +1 -0
package/dist/crypto/aead.d.ts +29 -0
package/dist/crypto/aead.d.ts.map +1 -0
package/dist/crypto/aead.js +48 -0
package/dist/crypto/aead.js.map +1 -0
package/dist/crypto/argon2.d.ts +20 -0
package/dist/crypto/argon2.d.ts.map +1 -0
package/dist/crypto/argon2.js +28 -0
package/dist/crypto/argon2.js.map +1 -0
package/dist/crypto/index.d.ts +14 -0
package/dist/crypto/index.d.ts.map +1 -0
package/dist/crypto/index.js +14 -0
package/dist/crypto/index.js.map +1 -0
package/dist/crypto/kdf.d.ts +96 -0
package/dist/crypto/kdf.d.ts.map +1 -0
package/dist/crypto/kdf.js +122 -0
package/dist/crypto/kdf.js.map +1 -0
package/dist/crypto/kem.d.ts +85 -0
package/dist/crypto/kem.d.ts.map +1 -0
package/dist/crypto/kem.js +130 -0
package/dist/crypto/kem.js.map +1 -0
package/dist/crypto/mac.d.ts +19 -0
package/dist/crypto/mac.d.ts.map +1 -0
package/dist/crypto/mac.js +32 -0
package/dist/crypto/mac.js.map +1 -0
package/dist/delivery/ack.d.ts +125 -0
package/dist/delivery/ack.d.ts.map +1 -0
package/dist/delivery/ack.js +141 -0
package/dist/delivery/ack.js.map +1 -0
package/dist/delivery/blocklist.d.ts +87 -0
package/dist/delivery/blocklist.d.ts.map +1 -0
package/dist/delivery/blocklist.js +107 -0
package/dist/delivery/blocklist.js.map +1 -0
package/dist/delivery/cancel.d.ts +60 -0
package/dist/delivery/cancel.d.ts.map +1 -0
package/dist/delivery/cancel.js +43 -0
package/dist/delivery/cancel.js.map +1 -0
package/dist/delivery/disposition.d.ts +106 -0
package/dist/delivery/disposition.d.ts.map +1 -0
package/dist/delivery/disposition.js +105 -0
package/dist/delivery/disposition.js.map +1 -0
package/dist/delivery/fetch.d.ts +59 -0
package/dist/delivery/fetch.d.ts.map +1 -0
package/dist/delivery/fetch.js +47 -0
package/dist/delivery/fetch.js.map +1 -0
package/dist/delivery/forwarder.d.ts +106 -0
package/dist/delivery/forwarder.d.ts.map +1 -0
package/dist/delivery/forwarder.js +251 -0
package/dist/delivery/forwarder.js.map +1 -0
package/dist/delivery/inbox.d.ts +42 -0
package/dist/delivery/inbox.d.ts.map +1 -0
package/dist/delivery/inbox.js +68 -0
package/dist/delivery/inbox.js.map +1 -0
package/dist/delivery/index.d.ts +31 -0
package/dist/delivery/index.d.ts.map +1 -0
package/dist/delivery/index.js +31 -0
package/dist/delivery/index.js.map +1 -0
package/dist/delivery/internalroute.d.ts +50 -0
package/dist/delivery/internalroute.d.ts.map +1 -0
package/dist/delivery/internalroute.js +23 -0
package/dist/delivery/internalroute.js.map +1 -0
package/dist/delivery/pipeline.d.ts +153 -0
package/dist/delivery/pipeline.d.ts.map +1 -0
package/dist/delivery/pipeline.js +356 -0
package/dist/delivery/pipeline.js.map +1 -0
package/dist/delivery/policy_state.d.ts +105 -0
package/dist/delivery/policy_state.d.ts.map +1 -0
package/dist/delivery/policy_state.js +293 -0
package/dist/delivery/policy_state.js.map +1 -0
package/dist/delivery/queue.d.ts +47 -0
package/dist/delivery/queue.d.ts.map +1 -0
package/dist/delivery/queue.js +33 -0
package/dist/delivery/queue.js.map +1 -0
package/dist/delivery/receipt.d.ts +137 -0
package/dist/delivery/receipt.d.ts.map +1 -0
package/dist/delivery/receipt.js +181 -0
package/dist/delivery/receipt.js.map +1 -0
package/dist/delivery/receipt_store.d.ts +81 -0
package/dist/delivery/receipt_store.d.ts.map +1 -0
package/dist/delivery/receipt_store.js +74 -0
package/dist/delivery/receipt_store.js.map +1 -0
package/dist/delivery/retry.d.ts +78 -0
package/dist/delivery/retry.d.ts.map +1 -0
package/dist/delivery/retry.js +132 -0
package/dist/delivery/retry.js.map +1 -0
package/dist/delivery/scheduler.d.ts +156 -0
package/dist/delivery/scheduler.d.ts.map +1 -0
package/dist/delivery/scheduler.js +349 -0
package/dist/delivery/scheduler.js.map +1 -0
package/dist/delivery/stage_partition.d.ts +87 -0
package/dist/delivery/stage_partition.d.ts.map +1 -0
package/dist/delivery/stage_partition.js +122 -0
package/dist/delivery/stage_partition.js.map +1 -0
package/dist/delivery/staged_runner.d.ts +100 -0
package/dist/delivery/staged_runner.d.ts.map +1 -0
package/dist/delivery/staged_runner.js +277 -0
package/dist/delivery/staged_runner.js.map +1 -0
package/dist/delivery/submission.d.ts +72 -0
package/dist/delivery/submission.d.ts.map +1 -0
package/dist/delivery/submission.js +58 -0
package/dist/delivery/submission.js.map +1 -0
package/dist/delivery/sync.d.ts +68 -0
package/dist/delivery/sync.d.ts.map +1 -0
package/dist/delivery/sync.js +99 -0
package/dist/delivery/sync.js.map +1 -0
package/dist/delivery/user_policy.d.ts +74 -0
package/dist/delivery/user_policy.d.ts.map +1 -0
package/dist/delivery/user_policy.js +140 -0
package/dist/delivery/user_policy.js.map +1 -0
package/dist/discovery/cache.d.ts +37 -0
package/dist/discovery/cache.d.ts.map +1 -0
package/dist/discovery/cache.js +45 -0
package/dist/discovery/cache.js.map +1 -0
package/dist/discovery/configuration.d.ts +97 -0
package/dist/discovery/configuration.d.ts.map +1 -0
package/dist/discovery/configuration.js +146 -0
package/dist/discovery/configuration.js.map +1 -0
package/dist/discovery/dns.d.ts +56 -0
package/dist/discovery/dns.d.ts.map +1 -0
package/dist/discovery/dns.js +120 -0
package/dist/discovery/dns.js.map +1 -0
package/dist/discovery/domain_keys.d.ts +62 -0
package/dist/discovery/domain_keys.d.ts.map +1 -0
package/dist/discovery/domain_keys.js +89 -0
package/dist/discovery/domain_keys.js.map +1 -0
package/dist/discovery/index.d.ts +19 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +19 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/lookup.d.ts +72 -0
package/dist/discovery/lookup.d.ts.map +1 -0
package/dist/discovery/lookup.js +121 -0
package/dist/discovery/lookup.js.map +1 -0
package/dist/discovery/onion.d.ts +34 -0
package/dist/discovery/onion.d.ts.map +1 -0
package/dist/discovery/onion.js +61 -0
package/dist/discovery/onion.js.map +1 -0
package/dist/discovery/partition.d.ts +96 -0
package/dist/discovery/partition.d.ts.map +1 -0
package/dist/discovery/partition.js +247 -0
package/dist/discovery/partition.js.map +1 -0
package/dist/discovery/resolver.d.ts +113 -0
package/dist/discovery/resolver.d.ts.map +1 -0
package/dist/discovery/resolver.js +176 -0
package/dist/discovery/resolver.js.map +1 -0
package/dist/discovery/txt.d.ts +39 -0
package/dist/discovery/txt.d.ts.map +1 -0
package/dist/discovery/txt.js +71 -0
package/dist/discovery/txt.js.map +1 -0
package/dist/enclosure/forwarding.d.ts +128 -0
package/dist/enclosure/forwarding.d.ts.map +1 -0
package/dist/enclosure/forwarding.js +119 -0
package/dist/enclosure/forwarding.js.map +1 -0
package/dist/enclosure/index.d.ts +11 -0
package/dist/enclosure/index.d.ts.map +1 -0
package/dist/enclosure/index.js +11 -0
package/dist/enclosure/index.js.map +1 -0
package/dist/envelope/buckets.d.ts +38 -0
package/dist/envelope/buckets.d.ts.map +1 -0
package/dist/envelope/buckets.js +73 -0
package/dist/envelope/buckets.js.map +1 -0
package/dist/envelope/canonical.d.ts +28 -0
package/dist/envelope/canonical.d.ts.map +1 -0
package/dist/envelope/canonical.js +54 -0
package/dist/envelope/canonical.js.map +1 -0
package/dist/envelope/compose.d.ts +171 -0
package/dist/envelope/compose.d.ts.map +1 -0
package/dist/envelope/compose.js +237 -0
package/dist/envelope/compose.js.map +1 -0
package/dist/envelope/encode.d.ts +41 -0
package/dist/envelope/encode.d.ts.map +1 -0
package/dist/envelope/encode.js +69 -0
package/dist/envelope/encode.js.map +1 -0
package/dist/envelope/index.d.ts +20 -0
package/dist/envelope/index.d.ts.map +1 -0
package/dist/envelope/index.js +20 -0
package/dist/envelope/index.js.map +1 -0
package/dist/envelope/open_any.d.ts +48 -0
package/dist/envelope/open_any.d.ts.map +1 -0
package/dist/envelope/open_any.js +81 -0
package/dist/envelope/open_any.js.map +1 -0
package/dist/envelope/open_verified.d.ts +59 -0
package/dist/envelope/open_verified.d.ts.map +1 -0
package/dist/envelope/open_verified.js +67 -0
package/dist/envelope/open_verified.js.map +1 -0
package/dist/envelope/padding.d.ts +55 -0
package/dist/envelope/padding.d.ts.map +1 -0
package/dist/envelope/padding.js +162 -0
package/dist/envelope/padding.js.map +1 -0
package/dist/envelope/rejection.d.ts +22 -0
package/dist/envelope/rejection.d.ts.map +1 -0
package/dist/envelope/rejection.js +30 -0
package/dist/envelope/rejection.js.map +1 -0
package/dist/envelope/sendtime.d.ts +49 -0
package/dist/envelope/sendtime.d.ts.map +1 -0
package/dist/envelope/sendtime.js +87 -0
package/dist/envelope/sendtime.js.map +1 -0
package/dist/envelope/verify.d.ts +29 -0
package/dist/envelope/verify.d.ts.map +1 -0
package/dist/envelope/verify.js +90 -0
package/dist/envelope/verify.js.map +1 -0
package/dist/extensions/index.d.ts +7 -0
package/dist/extensions/index.d.ts.map +1 -0
package/dist/extensions/index.js +7 -0
package/dist/extensions/index.js.map +1 -0
package/dist/extensions/limits.d.ts +101 -0
package/dist/extensions/limits.d.ts.map +1 -0
package/dist/extensions/limits.js +175 -0
package/dist/extensions/limits.js.map +1 -0
package/dist/handshake/abort.d.ts +49 -0
package/dist/handshake/abort.d.ts.map +1 -0
package/dist/handshake/abort.js +82 -0
package/dist/handshake/abort.js.map +1 -0
package/dist/handshake/capabilities.d.ts +46 -0
package/dist/handshake/capabilities.d.ts.map +1 -0
package/dist/handshake/capabilities.js +114 -0
package/dist/handshake/capabilities.js.map +1 -0
package/dist/handshake/client_state.d.ts +186 -0
package/dist/handshake/client_state.d.ts.map +1 -0
package/dist/handshake/client_state.js +520 -0
package/dist/handshake/client_state.js.map +1 -0
package/dist/handshake/confirm.d.ts +21 -0
package/dist/handshake/confirm.d.ts.map +1 -0
package/dist/handshake/confirm.js +27 -0
package/dist/handshake/confirm.js.map +1 -0
package/dist/handshake/driver.d.ts +126 -0
package/dist/handshake/driver.d.ts.map +1 -0
package/dist/handshake/driver.js +251 -0
package/dist/handshake/driver.js.map +1 -0
package/dist/handshake/federation.d.ts +365 -0
package/dist/handshake/federation.d.ts.map +1 -0
package/dist/handshake/federation.js +664 -0
package/dist/handshake/federation.js.map +1 -0
package/dist/handshake/first_contact.d.ts +57 -0
package/dist/handshake/first_contact.d.ts.map +1 -0
package/dist/handshake/first_contact.js +124 -0
package/dist/handshake/first_contact.js.map +1 -0
package/dist/handshake/identity.d.ts +101 -0
package/dist/handshake/identity.d.ts.map +1 -0
package/dist/handshake/identity.js +117 -0
package/dist/handshake/identity.js.map +1 -0
package/dist/handshake/index.d.ts +21 -0
package/dist/handshake/index.d.ts.map +1 -0
package/dist/handshake/index.js +21 -0
package/dist/handshake/index.js.map +1 -0
package/dist/handshake/messages.d.ts +176 -0
package/dist/handshake/messages.d.ts.map +1 -0
package/dist/handshake/messages.js +125 -0
package/dist/handshake/messages.js.map +1 -0
package/dist/handshake/pow.d.ts +53 -0
package/dist/handshake/pow.d.ts.map +1 -0
package/dist/handshake/pow.js +142 -0
package/dist/handshake/pow.js.map +1 -0
package/dist/handshake/resume_driver.d.ts +56 -0
package/dist/handshake/resume_driver.d.ts.map +1 -0
package/dist/handshake/resume_driver.js +75 -0
package/dist/handshake/resume_driver.js.map +1 -0
package/dist/handshake/server.d.ts +112 -0
package/dist/handshake/server.d.ts.map +1 -0
package/dist/handshake/server.js +247 -0
package/dist/handshake/server.js.map +1 -0
package/dist/handshake/server_state.d.ts +102 -0
package/dist/handshake/server_state.d.ts.map +1 -0
package/dist/handshake/server_state.js +278 -0
package/dist/handshake/server_state.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +33 -0
package/dist/index.js.map +1 -0
package/dist/keys/compromise.d.ts +118 -0
package/dist/keys/compromise.d.ts.map +1 -0
package/dist/keys/compromise.js +218 -0
package/dist/keys/compromise.js.map +1 -0
package/dist/keys/device_certificate.d.ts +166 -0
package/dist/keys/device_certificate.d.ts.map +1 -0
package/dist/keys/device_certificate.js +328 -0
package/dist/keys/device_certificate.js.map +1 -0
package/dist/keys/device_records.d.ts +175 -0
package/dist/keys/device_records.d.ts.map +1 -0
package/dist/keys/device_records.js +418 -0
package/dist/keys/device_records.js.map +1 -0
package/dist/keys/directory_cache.d.ts +64 -0
package/dist/keys/directory_cache.d.ts.map +1 -0
package/dist/keys/directory_cache.js +98 -0
package/dist/keys/directory_cache.js.map +1 -0
package/dist/keys/directory_state.d.ts +79 -0
package/dist/keys/directory_state.d.ts.map +1 -0
package/dist/keys/directory_state.js +155 -0
package/dist/keys/directory_state.js.map +1 -0
package/dist/keys/index.d.ts +18 -0
package/dist/keys/index.d.ts.map +1 -0
package/dist/keys/index.js +18 -0
package/dist/keys/index.js.map +1 -0
package/dist/keys/key_revocation.d.ts +61 -0
package/dist/keys/key_revocation.d.ts.map +1 -0
package/dist/keys/key_revocation.js +88 -0
package/dist/keys/key_revocation.js.map +1 -0
package/dist/keys/request.d.ts +124 -0
package/dist/keys/request.d.ts.map +1 -0
package/dist/keys/request.js +130 -0
package/dist/keys/request.js.map +1 -0
package/dist/keys/sign.d.ts +49 -0
package/dist/keys/sign.d.ts.map +1 -0
package/dist/keys/sign.js +80 -0
package/dist/keys/sign.js.map +1 -0
package/dist/keys/signed.d.ts +80 -0
package/dist/keys/signed.d.ts.map +1 -0
package/dist/keys/signed.js +138 -0
package/dist/keys/signed.js.map +1 -0
package/dist/keys/store.d.ts +138 -0
package/dist/keys/store.d.ts.map +1 -0
package/dist/keys/store.js +107 -0
package/dist/keys/store.js.map +1 -0
package/dist/largeattachment/crypto.d.ts +47 -0
package/dist/largeattachment/crypto.d.ts.map +1 -0
package/dist/largeattachment/crypto.js +235 -0
package/dist/largeattachment/crypto.js.map +1 -0
package/dist/largeattachment/enclosure.d.ts +48 -0
package/dist/largeattachment/enclosure.d.ts.map +1 -0
package/dist/largeattachment/enclosure.js +102 -0
package/dist/largeattachment/enclosure.js.map +1 -0
package/dist/largeattachment/index.d.ts +15 -0
package/dist/largeattachment/index.d.ts.map +1 -0
package/dist/largeattachment/index.js +15 -0
package/dist/largeattachment/index.js.map +1 -0
package/dist/largeattachment/store.d.ts +36 -0
package/dist/largeattachment/store.d.ts.map +1 -0
package/dist/largeattachment/store.js +37 -0
package/dist/largeattachment/store.js.map +1 -0
package/dist/largeattachment/types.d.ts +56 -0
package/dist/largeattachment/types.d.ts.map +1 -0
package/dist/largeattachment/types.js +31 -0
package/dist/largeattachment/types.js.map +1 -0
package/dist/largeattachment/upload.d.ts +62 -0
package/dist/largeattachment/upload.d.ts.map +1 -0
package/dist/largeattachment/upload.js +166 -0
package/dist/largeattachment/upload.js.map +1 -0
package/dist/migration/index.d.ts +17 -0
package/dist/migration/index.d.ts.map +1 -0
package/dist/migration/index.js +17 -0
package/dist/migration/index.js.map +1 -0
package/dist/migration/lockout.d.ts +48 -0
package/dist/migration/lockout.d.ts.map +1 -0
package/dist/migration/lockout.js +57 -0
package/dist/migration/lockout.js.map +1 -0
package/dist/migration/migration.d.ts +48 -0
package/dist/migration/migration.d.ts.map +1 -0
package/dist/migration/migration.js +58 -0
package/dist/migration/migration.js.map +1 -0
package/dist/migration/notice.d.ts +33 -0
package/dist/migration/notice.d.ts.map +1 -0
package/dist/migration/notice.js +85 -0
package/dist/migration/notice.js.map +1 -0
package/dist/migration/orchestrate.d.ts +109 -0
package/dist/migration/orchestrate.d.ts.map +1 -0
package/dist/migration/orchestrate.js +212 -0
package/dist/migration/orchestrate.js.map +1 -0
package/dist/migration/publication_store.d.ts +34 -0
package/dist/migration/publication_store.d.ts.map +1 -0
package/dist/migration/publication_store.js +44 -0
package/dist/migration/publication_store.js.map +1 -0
package/dist/migration/sign.d.ts +65 -0
package/dist/migration/sign.d.ts.map +1 -0
package/dist/migration/sign.js +331 -0
package/dist/migration/sign.js.map +1 -0
package/dist/migration/types.d.ts +92 -0
package/dist/migration/types.d.ts.map +1 -0
package/dist/migration/types.js +26 -0
package/dist/migration/types.js.map +1 -0
package/dist/reasoncodes.d.ts +42 -0
package/dist/reasoncodes.d.ts.map +1 -0
package/dist/reasoncodes.js +80 -0
package/dist/reasoncodes.js.map +1 -0
package/dist/recovery/bundle.d.ts +34 -0
package/dist/recovery/bundle.d.ts.map +1 -0
package/dist/recovery/bundle.js +144 -0
package/dist/recovery/bundle.js.map +1 -0
package/dist/recovery/bundle_crypto.d.ts +60 -0
package/dist/recovery/bundle_crypto.d.ts.map +1 -0
package/dist/recovery/bundle_crypto.js +179 -0
package/dist/recovery/bundle_crypto.js.map +1 -0
package/dist/recovery/bundle_store.d.ts +57 -0
package/dist/recovery/bundle_store.d.ts.map +1 -0
package/dist/recovery/bundle_store.js +104 -0
package/dist/recovery/bundle_store.js.map +1 -0
package/dist/recovery/index.d.ts +19 -0
package/dist/recovery/index.d.ts.map +1 -0
package/dist/recovery/index.js +19 -0
package/dist/recovery/index.js.map +1 -0
package/dist/recovery/manifest_crosscheck.d.ts +59 -0
package/dist/recovery/manifest_crosscheck.d.ts.map +1 -0
package/dist/recovery/manifest_crosscheck.js +59 -0
package/dist/recovery/manifest_crosscheck.js.map +1 -0
package/dist/recovery/shamir.d.ts +51 -0
package/dist/recovery/shamir.d.ts.map +1 -0
package/dist/recovery/shamir.js +181 -0
package/dist/recovery/shamir.js.map +1 -0
package/dist/recovery/sign.d.ts +61 -0
package/dist/recovery/sign.d.ts.map +1 -0
package/dist/recovery/sign.js +359 -0
package/dist/recovery/sign.js.map +1 -0
package/dist/recovery/types.d.ts +180 -0
package/dist/recovery/types.d.ts.map +1 -0
package/dist/recovery/types.js +31 -0
package/dist/recovery/types.js.map +1 -0
package/dist/reputation/abuse_report.d.ts +62 -0
package/dist/reputation/abuse_report.d.ts.map +1 -0
package/dist/reputation/abuse_report.js +111 -0
package/dist/reputation/abuse_report.js.map +1 -0
package/dist/reputation/bucketize.d.ts +31 -0
package/dist/reputation/bucketize.d.ts.map +1 -0
package/dist/reputation/bucketize.js +77 -0
package/dist/reputation/bucketize.js.map +1 -0
package/dist/reputation/gossip.d.ts +24 -0
package/dist/reputation/gossip.d.ts.map +1 -0
package/dist/reputation/gossip.js +64 -0
package/dist/reputation/gossip.js.map +1 -0
package/dist/reputation/gossip_fetch.d.ts +64 -0
package/dist/reputation/gossip_fetch.d.ts.map +1 -0
package/dist/reputation/gossip_fetch.js +114 -0
package/dist/reputation/gossip_fetch.js.map +1 -0
package/dist/reputation/index.d.ts +20 -0
package/dist/reputation/index.d.ts.map +1 -0
package/dist/reputation/index.js +20 -0
package/dist/reputation/index.js.map +1 -0
package/dist/reputation/observation_store.d.ts +67 -0
package/dist/reputation/observation_store.d.ts.map +1 -0
package/dist/reputation/observation_store.js +171 -0
package/dist/reputation/observation_store.js.map +1 -0
package/dist/reputation/pow.d.ts +91 -0
package/dist/reputation/pow.d.ts.map +1 -0
package/dist/reputation/pow.js +209 -0
package/dist/reputation/pow.js.map +1 -0
package/dist/reputation/sign.d.ts +40 -0
package/dist/reputation/sign.d.ts.map +1 -0
package/dist/reputation/sign.js +202 -0
package/dist/reputation/sign.js.map +1 -0
package/dist/reputation/types.d.ts +133 -0
package/dist/reputation/types.d.ts.map +1 -0
package/dist/reputation/types.js +33 -0
package/dist/reputation/types.js.map +1 -0
package/dist/reputation/whois.d.ts +25 -0
package/dist/reputation/whois.d.ts.map +1 -0
package/dist/reputation/whois.js +20 -0
package/dist/reputation/whois.js.map +1 -0
package/dist/seal/index.d.ts +8 -0
package/dist/seal/index.d.ts.map +1 -0
package/dist/seal/index.js +8 -0
package/dist/seal/index.js.map +1 -0
package/dist/seal/wrap.d.ts +74 -0
package/dist/seal/wrap.d.ts.map +1 -0
package/dist/seal/wrap.js +213 -0
package/dist/seal/wrap.js.map +1 -0
package/dist/session/dispatcher.d.ts +65 -0
package/dist/session/dispatcher.d.ts.map +1 -0
package/dist/session/dispatcher.js +96 -0
package/dist/session/dispatcher.js.map +1 -0
package/dist/session/index.d.ts +15 -0
package/dist/session/index.d.ts.map +1 -0
package/dist/session/index.js +15 -0
package/dist/session/index.js.map +1 -0
package/dist/session/rekey.d.ts +108 -0
package/dist/session/rekey.d.ts.map +1 -0
package/dist/session/rekey.js +207 -0
package/dist/session/rekey.js.map +1 -0
package/dist/session/rekey_seal.d.ts +66 -0
package/dist/session/rekey_seal.d.ts.map +1 -0
package/dist/session/rekey_seal.js +153 -0
package/dist/session/rekey_seal.js.map +1 -0
package/dist/session/resume.d.ts +125 -0
package/dist/session/resume.d.ts.map +1 -0
package/dist/session/resume.js +263 -0
package/dist/session/resume.js.map +1 -0
package/dist/session/session.d.ts +136 -0
package/dist/session/session.d.ts.map +1 -0
package/dist/session/session.js +188 -0
package/dist/session/session.js.map +1 -0
package/dist/transparency/index.d.ts +13 -0
package/dist/transparency/index.d.ts.map +1 -0
package/dist/transparency/index.js +13 -0
package/dist/transparency/index.js.map +1 -0
package/dist/transparency/log.d.ts +61 -0
package/dist/transparency/log.d.ts.map +1 -0
package/dist/transparency/log.js +133 -0
package/dist/transparency/log.js.map +1 -0
package/dist/transparency/merkle.d.ts +59 -0
package/dist/transparency/merkle.d.ts.map +1 -0
package/dist/transparency/merkle.js +314 -0
package/dist/transparency/merkle.js.map +1 -0
package/dist/transparency/sign.d.ts +48 -0
package/dist/transparency/sign.d.ts.map +1 -0
package/dist/transparency/sign.js +140 -0
package/dist/transparency/sign.js.map +1 -0
package/dist/transparency/types.d.ts +97 -0
package/dist/transparency/types.d.ts.map +1 -0
package/dist/transparency/types.js +25 -0
package/dist/transparency/types.js.map +1 -0
package/dist/transport/h2.d.ts +163 -0
package/dist/transport/h2.d.ts.map +1 -0
package/dist/transport/h2.js +397 -0
package/dist/transport/h2.js.map +1 -0
package/dist/transport/index.d.ts +15 -0
package/dist/transport/index.d.ts.map +1 -0
package/dist/transport/index.js +15 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/memory.d.ts +21 -0
package/dist/transport/memory.d.ts.map +1 -0
package/dist/transport/memory.js +112 -0
package/dist/transport/memory.js.map +1 -0
package/dist/transport/transport.d.ts +54 -0
package/dist/transport/transport.d.ts.map +1 -0
package/dist/transport/transport.js +20 -0
package/dist/transport/transport.js.map +1 -0
package/dist/transport/ws.d.ts +40 -0
package/dist/transport/ws.d.ts.map +1 -0
package/dist/transport/ws.js +204 -0
package/dist/transport/ws.js.map +1 -0
package/package.json +147 -0

package/dist/handshake/messages.d.ts ADDED Viewed

@@ -0,0 +1,176 @@
+/**
+ * Handshake message builders per HANDSHAKE.md §2.
+ *
+ * Five message kinds in the v1 handshake flow:
+ *
+ *   INIT      client -> server (step="init", no signature)
+ *   RESPONSE  server -> client (step="response", server_signature)
+ *   CONFIRM   client -> server (step="confirm", carries identity_proof)
+ *   ACCEPTED  server -> client (step="accepted", server_signature)
+ *   REJECTED  server -> client (step="rejected", reason_code,
+ *                               server_signature)
+ *
+ * The signed messages share the canonical-bytes pattern every other
+ * SEMP-signed document uses: blank `server_signature`, canonicalize,
+ * prepend `SEMP-HANDSHAKE:`, Ed25519-sign with the server domain
+ * signing key, write the signature back into the message.
+ *
+ * @module
+ */
+/** Domain-separation prefix for all handshake signatures. */
+export declare const HandshakePrefix = "SEMP-HANDSHAKE:";
+/** Common version string. */
+export declare const HandshakeVersion = "1.0.0";
+/** A keyref (algorithm + key bytes + fingerprint) shared by both parties. */
+export interface KeyRef {
+    algorithm: string;
+    /** base64 encoding of the public key bytes */
+    key: string;
+    /** lowercase-hex SHA-256 fingerprint of the key */
+    key_id: string;
+}
+/** Capabilities section advertised by the client in INIT. */
+export interface Capabilities {
+    encryption_algorithms: string[];
+    extensions: string[];
+}
+/** Negotiated subset agreed on in RESPONSE. */
+export interface Negotiated {
+    encryption_algorithm: string;
+    extensions: string[];
+    /**
+     * Optional max envelope size negotiation. The server may pin a
+     * stricter ceiling than the protocol default; the client honors
+     * whichever value the server returns.
+     */
+    max_envelope_size?: number;
+}
+/** Server's identity-proof signature reference attached to RESPONSE. */
+export interface ServerIdentityProof {
+    domain: string;
+    key_id: string;
+    /** base64 of the identity-proof signature; computation defined in §2.3. */
+    signature: string;
+}
+export interface InitMessage {
+    type: "SEMP_HANDSHAKE";
+    step: "init";
+    party: "client";
+    version: string;
+    /** base64 of 32-byte client nonce */
+    nonce: string;
+    /** Transport identifier; one of "ws", "h2", "quic". */
+    transport: string;
+    /** Client ephemeral public key for the negotiated KEM. */
+    client_ephemeral_key: KeyRef;
+    capabilities: Capabilities;
+    extensions: Record<string, unknown>;
+}
+export interface BuildInitInput {
+    nonce: string;
+    transport: string;
+    clientEphemeralKey: KeyRef;
+    capabilities: Capabilities;
+    extensions?: Record<string, unknown>;
+}
+/** Build a canonical-shape INIT message. INIT is unsigned. */
+export declare function buildInit(input: BuildInitInput): InitMessage;
+export interface ResponseMessage {
+    type: "SEMP_HANDSHAKE";
+    step: "response";
+    party: "server";
+    version: string;
+    session_id: string;
+    client_nonce: string;
+    server_nonce: string;
+    server_ephemeral_key: KeyRef;
+    server_identity_proof: ServerIdentityProof;
+    negotiated: Negotiated;
+    server_signature: string;
+    extensions: Record<string, unknown>;
+}
+export interface BuildResponseInput {
+    sessionId: string;
+    clientNonce: string;
+    serverNonce: string;
+    serverEphemeralKey: KeyRef;
+    serverIdentityProof: ServerIdentityProof;
+    negotiated: Negotiated;
+    /** 32-byte Ed25519 secret seed for the server domain signing key. */
+    serverDomainSigningSeed: Uint8Array;
+    extensions?: Record<string, unknown>;
+}
+/**
+ * Build a signed RESPONSE message. Composes the canonical pre-sign
+ * shape, signs over `SEMP-HANDSHAKE: || canonical(blanked)`, and
+ * writes the base64-encoded signature back into `server_signature`.
+ */
+export declare function buildResponse(input: BuildResponseInput): ResponseMessage;
+export interface ConfirmMessage {
+    type: "SEMP_HANDSHAKE";
+    step: "confirm";
+    party: "client";
+    version: string;
+    session_id: string;
+    /** base64 of the SHA-256 confirmation hash; see handshake.confirmationHash. */
+    confirmation_hash: string;
+    /** Opaque identity-proof ciphertext (encrypted under the agreed session key). */
+    identity_proof: string;
+    extensions: Record<string, unknown>;
+}
+export interface BuildConfirmInput {
+    sessionId: string;
+    confirmationHashB64: string;
+    identityProofB64: string;
+    extensions?: Record<string, unknown>;
+}
+/** Build a canonical-shape CONFIRM message. CONFIRM is unsigned at this layer. */
+export declare function buildConfirm(input: BuildConfirmInput): ConfirmMessage;
+export interface ResumptionTicket {
+    /** Opaque ticket value (server-defined opaque blob). */
+    value: string;
+    /** ISO 8601 timestamp at which the ticket stops being valid. */
+    expires_at: string;
+}
+export interface AcceptedMessage {
+    type: "SEMP_HANDSHAKE";
+    step: "accepted";
+    party: "server";
+    version: string;
+    session_id: string;
+    session_ttl: number;
+    permissions: string[];
+    resumption_ticket?: ResumptionTicket;
+    server_signature: string;
+    extensions: Record<string, unknown>;
+}
+export interface BuildAcceptedInput {
+    sessionId: string;
+    sessionTTL: number;
+    permissions: string[];
+    resumptionTicket?: ResumptionTicket;
+    serverDomainSigningSeed: Uint8Array;
+    extensions?: Record<string, unknown>;
+}
+export declare function buildAccepted(input: BuildAcceptedInput): AcceptedMessage;
+export interface RejectedMessage {
+    type: "SEMP_HANDSHAKE";
+    step: "rejected";
+    party: "server";
+    version: string;
+    session_id: string;
+    reason_code: string;
+    /** Optional human-readable reason. */
+    reason?: string;
+    server_signature: string;
+    extensions: Record<string, unknown>;
+}
+export interface BuildRejectedInput {
+    sessionId: string;
+    reasonCode: string;
+    reason?: string;
+    serverDomainSigningSeed: Uint8Array;
+    extensions?: Record<string, unknown>;
+}
+export declare function buildRejected(input: BuildRejectedInput): RejectedMessage;
+//# sourceMappingURL=messages.d.ts.map

package/dist/handshake/messages.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"messages.d.ts","sourceRoot":"","sources":["../../src/handshake/messages.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH,6DAA6D;AAC7D,eAAO,MAAM,eAAe,oBAAoB,CAAC;AAEjD,6BAA6B;AAC7B,eAAO,MAAM,gBAAgB,UAAU,CAAC;AAExC,6EAA6E;AAC7E,MAAM,WAAW,MAAM;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,GAAG,EAAE,MAAM,CAAC;IACZ,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,6DAA6D;AAC7D,MAAM,WAAW,YAAY;IAC3B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,+CAA+C;AAC/C,MAAM,WAAW,UAAU;IACzB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,wEAAwE;AACxE,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,2EAA2E;IAC3E,SAAS,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,qCAAqC;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;IAClB,0DAA0D;IAC1D,oBAAoB,EAAE,MAAM,CAAC;IAC7B,YAAY,EAAE,YAAY,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,YAAY,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,8DAA8D;AAC9D,wBAAgB,SAAS,CAAC,KAAK,EAAE,cAAc,GAAG,WAAW,CAY5D;AAKD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,EAAE,UAAU,CAAC;IACjB,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,mBAAmB,CAAC;IAC3C,UAAU,EAAE,UAAU,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,UAAU,EAAE,UAAU,CAAC;IACvB,qEAAqE;IACrE,uBAAuB,EAAE,UAAU,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,kBAAkB,GAAG,eAAe,CAsBxE;AAKD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,+EAA+E;IAC/E,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iFAAiF;IACjF,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,kFAAkF;AAClF,wBAAgB,YAAY,CAAC,KAAK,EAAE,iBAAiB,GAAG,cAAc,CAWrE;AAKD,MAAM,WAAW,gBAAgB;IAC/B,wDAAwD;IACxD,KAAK,EAAE,MAAM,CAAC;IACd,gEAAgE;IAChE,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,EAAE,UAAU,CAAC;IACjB,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;IACrC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,uBAAuB,EAAE,UAAU,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,kBAAkB,GAAG,eAAe,CAsBxE;AAKD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,EAAE,UAAU,CAAC;IACjB,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,sCAAsC;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,uBAAuB,EAAE,UAAU,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,kBAAkB,GAAG,eAAe,CAqBxE"}

package/dist/handshake/messages.js ADDED Viewed

@@ -0,0 +1,125 @@
+/**
+ * Handshake message builders per HANDSHAKE.md §2.
+ *
+ * Five message kinds in the v1 handshake flow:
+ *
+ *   INIT      client -> server (step="init", no signature)
+ *   RESPONSE  server -> client (step="response", server_signature)
+ *   CONFIRM   client -> server (step="confirm", carries identity_proof)
+ *   ACCEPTED  server -> client (step="accepted", server_signature)
+ *   REJECTED  server -> client (step="rejected", reason_code,
+ *                               server_signature)
+ *
+ * The signed messages share the canonical-bytes pattern every other
+ * SEMP-signed document uses: blank `server_signature`, canonicalize,
+ * prepend `SEMP-HANDSHAKE:`, Ed25519-sign with the server domain
+ * signing key, write the signature back into the message.
+ *
+ * @module
+ */
+import { signSignedDoc } from "../keys/signed.js";
+/** Domain-separation prefix for all handshake signatures. */
+export const HandshakePrefix = "SEMP-HANDSHAKE:";
+/** Common version string. */
+export const HandshakeVersion = "1.0.0";
+/** Build a canonical-shape INIT message. INIT is unsigned. */
+export function buildInit(input) {
+    return {
+        type: "SEMP_HANDSHAKE",
+        step: "init",
+        party: "client",
+        version: HandshakeVersion,
+        nonce: input.nonce,
+        transport: input.transport,
+        client_ephemeral_key: input.clientEphemeralKey,
+        capabilities: input.capabilities,
+        extensions: input.extensions ?? {},
+    };
+}
+/**
+ * Build a signed RESPONSE message. Composes the canonical pre-sign
+ * shape, signs over `SEMP-HANDSHAKE: || canonical(blanked)`, and
+ * writes the base64-encoded signature back into `server_signature`.
+ */
+export function buildResponse(input) {
+    const preSign = {
+        type: "SEMP_HANDSHAKE",
+        step: "response",
+        party: "server",
+        version: HandshakeVersion,
+        session_id: input.sessionId,
+        client_nonce: input.clientNonce,
+        server_nonce: input.serverNonce,
+        server_ephemeral_key: input.serverEphemeralKey,
+        server_identity_proof: input.serverIdentityProof,
+        negotiated: input.negotiated,
+        server_signature: "",
+        extensions: input.extensions ?? {},
+    };
+    const { signedJSON } = signSignedDoc({
+        preSignJSON: preSign,
+        seed: input.serverDomainSigningSeed,
+        signaturePath: "server_signature",
+        prefix: HandshakePrefix,
+    });
+    return signedJSON;
+}
+/** Build a canonical-shape CONFIRM message. CONFIRM is unsigned at this layer. */
+export function buildConfirm(input) {
+    return {
+        type: "SEMP_HANDSHAKE",
+        step: "confirm",
+        party: "client",
+        version: HandshakeVersion,
+        session_id: input.sessionId,
+        confirmation_hash: input.confirmationHashB64,
+        identity_proof: input.identityProofB64,
+        extensions: input.extensions ?? {},
+    };
+}
+export function buildAccepted(input) {
+    const preSign = {
+        type: "SEMP_HANDSHAKE",
+        step: "accepted",
+        party: "server",
+        version: HandshakeVersion,
+        session_id: input.sessionId,
+        session_ttl: input.sessionTTL,
+        permissions: input.permissions,
+        server_signature: "",
+        extensions: input.extensions ?? {},
+    };
+    if (input.resumptionTicket !== undefined) {
+        preSign.resumption_ticket = input.resumptionTicket;
+    }
+    const { signedJSON } = signSignedDoc({
+        preSignJSON: preSign,
+        seed: input.serverDomainSigningSeed,
+        signaturePath: "server_signature",
+        prefix: HandshakePrefix,
+    });
+    return signedJSON;
+}
+export function buildRejected(input) {
+    const preSign = {
+        type: "SEMP_HANDSHAKE",
+        step: "rejected",
+        party: "server",
+        version: HandshakeVersion,
+        session_id: input.sessionId,
+        reason_code: input.reasonCode,
+        server_signature: "",
+        extensions: input.extensions ?? {},
+    };
+    if (input.reason !== undefined) {
+        preSign.reason = input.reason;
+    }
+    const { signedJSON } = signSignedDoc({
+        preSignJSON: preSign,
+        seed: input.serverDomainSigningSeed,
+        signaturePath: "server_signature",
+        prefix: HandshakePrefix,
+    });
+    return signedJSON;
+}
+//# sourceMappingURL=messages.js.map

package/dist/handshake/messages.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"messages.js","sourceRoot":"","sources":["../../src/handshake/messages.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD,6DAA6D;AAC7D,MAAM,CAAC,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAEjD,6BAA6B;AAC7B,MAAM,CAAC,MAAM,gBAAgB,GAAG,OAAO,CAAC;AA+DxC,8DAA8D;AAC9D,MAAM,UAAU,SAAS,CAAC,KAAqB;IAC7C,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,gBAAgB;QACzB,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,oBAAoB,EAAE,KAAK,CAAC,kBAAkB;QAC9C,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,EAAE;KACnC,CAAC;AACJ,CAAC;AAgCD;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,KAAyB;IACrD,MAAM,OAAO,GAAoB;QAC/B,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,gBAAgB;QACzB,UAAU,EAAE,KAAK,CAAC,SAAS;QAC3B,YAAY,EAAE,KAAK,CAAC,WAAW;QAC/B,YAAY,EAAE,KAAK,CAAC,WAAW;QAC/B,oBAAoB,EAAE,KAAK,CAAC,kBAAkB;QAC9C,qBAAqB,EAAE,KAAK,CAAC,mBAAmB;QAChD,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,gBAAgB,EAAE,EAAE;QACpB,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,EAAE;KACnC,CAAC;IACF,MAAM,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;QACnC,WAAW,EAAE,OAA6C;QAC1D,IAAI,EAAE,KAAK,CAAC,uBAAuB;QACnC,aAAa,EAAE,kBAAkB;QACjC,MAAM,EAAE,eAAe;KACxB,CAAC,CAAC;IACH,OAAO,UAAwC,CAAC;AAClD,CAAC;AAyBD,kFAAkF;AAClF,MAAM,UAAU,YAAY,CAAC,KAAwB;IACnD,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,gBAAgB;QACzB,UAAU,EAAE,KAAK,CAAC,SAAS;QAC3B,iBAAiB,EAAE,KAAK,CAAC,mBAAmB;QAC5C,cAAc,EAAE,KAAK,CAAC,gBAAgB;QACtC,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,EAAE;KACnC,CAAC;AACJ,CAAC;AAkCD,MAAM,UAAU,aAAa,CAAC,KAAyB;IACrD,MAAM,OAAO,GAAoB;QAC/B,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,gBAAgB;QACzB,UAAU,EAAE,KAAK,CAAC,SAAS;QAC3B,WAAW,EAAE,KAAK,CAAC,UAAU;QAC7B,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,gBAAgB,EAAE,EAAE;QACpB,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,EAAE;KACnC,CAAC;IACF,IAAI,KAAK,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACzC,OAAO,CAAC,iBAAiB,GAAG,KAAK,CAAC,gBAAgB,CAAC;IACrD,CAAC;IACD,MAAM,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;QACnC,WAAW,EAAE,OAA6C;QAC1D,IAAI,EAAE,KAAK,CAAC,uBAAuB;QACnC,aAAa,EAAE,kBAAkB;QACjC,MAAM,EAAE,eAAe;KACxB,CAAC,CAAC;IACH,OAAO,UAAwC,CAAC;AAClD,CAAC;AA0BD,MAAM,UAAU,aAAa,CAAC,KAAyB;IACrD,MAAM,OAAO,GAAoB;QAC/B,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,gBAAgB;QACzB,UAAU,EAAE,KAAK,CAAC,SAAS;QAC3B,WAAW,EAAE,KAAK,CAAC,UAAU;QAC7B,gBAAgB,EAAE,EAAE;QACpB,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,EAAE;KACnC,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAChC,CAAC;IACD,MAAM,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;QACnC,WAAW,EAAE,OAA6C;QAC1D,IAAI,EAAE,KAAK,CAAC,uBAAuB;QACnC,aAAa,EAAE,kBAAkB;QACjC,MAAM,EAAE,eAAe;KACxB,CAAC,CAAC;IACH,OAAO,UAAwC,CAAC;AAClD,CAAC"}

package/dist/handshake/pow.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * Proof-of-Work verification per HANDSHAKE.md §2.2b and REPUTATION.md §8.3.
+ *
+ * Two PoW preimages exist in the spec:
+ *
+ * - **Challenge PoW** (this module): preimage is the UTF-8 string
+ *   `base64(prefix) || ":" || challenge_id || ":" || base64(nonce)`.
+ *   Used by the standard handshake-time difficulty challenge.
+ * - **First-contact PoW** (HANDSHAKE.md §2.2a.4): preimage is the
+ *   raw byte concatenation `prefix || nonce`. Different shape because
+ *   §2.2a.4 binds the first-contact tuple via the prefix derivation
+ *   itself, not via the preimage. See {@link verifyFirstContactSolution}.
+ *
+ * @module
+ */
+/** Maximum difficulty the verifier accepts (HANDSHAKE.md §2.2b). */
+export declare const MaxPoWDifficulty = 28;
+/**
+ * Verify a challenge-PoW solution. Returns null on success; an Error
+ * on rejection so callers can surface a specific failure reason.
+ *
+ * - `prefix` is the raw 16-byte challenge prefix.
+ * - `challengeId` is the ULID of the issued challenge.
+ * - `nonceB64` is the candidate nonce as base64 (RFC 4648 §4).
+ * - `claimedHashHex` is the hex digest the sender claims; the
+ *   verifier MUST recompute and compare.
+ * - `difficulty` is the required leading-zero-bit count of the SHA-256
+ *   digest; verification rejects if the recomputed hash has fewer
+ *   leading zeros.
+ *
+ * Cap at {@link MaxPoWDifficulty}: a verifier that accepts a higher
+ * difficulty would silently validate a non-conformant challenge.
+ */
+export declare function verifyChallengeSolution(prefix: Uint8Array, challengeId: string, nonceB64: string, claimedHashHex: string, difficulty: number): Error | null;
+/**
+ * First-contact PoW verifier per HANDSHAKE.md §2.2a.4. The
+ * preimage is the raw concatenation `prefix || nonce`, hashed with
+ * SHA-256. Returns the recomputed hash and the leading-zero bit
+ * count; the caller decides whether the bit count meets its
+ * difficulty threshold (the difficulty is a recipient policy, not a
+ * protocol constant here).
+ */
+export declare function firstContactDigest(prefix: Uint8Array, nonce: Uint8Array): {
+    hash: Uint8Array;
+    leadingZeroBits: number;
+};
+/**
+ * Count the number of leading zero bits in a hash. Used by both
+ * PoW preimages to assess whether a candidate solution meets the
+ * required difficulty.
+ */
+export declare function leadingZeroBits(hash: Uint8Array): number;
+//# sourceMappingURL=pow.d.ts.map

package/dist/handshake/pow.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pow.d.ts","sourceRoot":"","sources":["../../src/handshake/pow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,oEAAoE;AACpE,eAAO,MAAM,gBAAgB,KAAK,CAAC;AAEnC;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,UAAU,EAClB,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,GACjB,KAAK,GAAG,IAAI,CA+Bd;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,UAAU,EAClB,KAAK,EAAE,UAAU,GAChB;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,CAM/C;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CAkBxD"}

package/dist/handshake/pow.js ADDED Viewed

@@ -0,0 +1,142 @@
+/**
+ * Proof-of-Work verification per HANDSHAKE.md §2.2b and REPUTATION.md §8.3.
+ *
+ * Two PoW preimages exist in the spec:
+ *
+ * - **Challenge PoW** (this module): preimage is the UTF-8 string
+ *   `base64(prefix) || ":" || challenge_id || ":" || base64(nonce)`.
+ *   Used by the standard handshake-time difficulty challenge.
+ * - **First-contact PoW** (HANDSHAKE.md §2.2a.4): preimage is the
+ *   raw byte concatenation `prefix || nonce`. Different shape because
+ *   §2.2a.4 binds the first-contact tuple via the prefix derivation
+ *   itself, not via the preimage. See {@link verifyFirstContactSolution}.
+ *
+ * @module
+ */
+import { sha256 } from "@noble/hashes/sha2.js";
+/** Maximum difficulty the verifier accepts (HANDSHAKE.md §2.2b). */
+export const MaxPoWDifficulty = 28;
+/**
+ * Verify a challenge-PoW solution. Returns null on success; an Error
+ * on rejection so callers can surface a specific failure reason.
+ *
+ * - `prefix` is the raw 16-byte challenge prefix.
+ * - `challengeId` is the ULID of the issued challenge.
+ * - `nonceB64` is the candidate nonce as base64 (RFC 4648 §4).
+ * - `claimedHashHex` is the hex digest the sender claims; the
+ *   verifier MUST recompute and compare.
+ * - `difficulty` is the required leading-zero-bit count of the SHA-256
+ *   digest; verification rejects if the recomputed hash has fewer
+ *   leading zeros.
+ *
+ * Cap at {@link MaxPoWDifficulty}: a verifier that accepts a higher
+ * difficulty would silently validate a non-conformant challenge.
+ */
+export function verifyChallengeSolution(prefix, challengeId, nonceB64, claimedHashHex, difficulty) {
+    if (difficulty < 0) {
+        return new Error("handshake: negative PoW difficulty");
+    }
+    if (difficulty > MaxPoWDifficulty) {
+        return new Error("handshake: PoW difficulty exceeds protocol cap (28)");
+    }
+    if (challengeId === "") {
+        return new Error("handshake: empty PoW challenge_id");
+    }
+    if (nonceB64 === "") {
+        return new Error("handshake: empty PoW nonce");
+    }
+    // Nonce must be valid base64 — but we accept its bytes as-is in
+    // the preimage (the spec hashes the base64 string, not the
+    // decoded bytes).
+    try {
+        decodeBase64Strict(nonceB64);
+    }
+    catch {
+        return new Error("handshake: PoW nonce is not valid base64");
+    }
+    const preimage = challengePreimage(prefix, challengeId, nonceB64);
+    const sum = sha256(preimage);
+    const computedHex = bytesToHex(sum);
+    if (computedHex.toLowerCase() !== claimedHashHex.toLowerCase()) {
+        return new Error("handshake: PoW hash mismatch");
+    }
+    if (leadingZeroBits(sum) < difficulty) {
+        return new Error("handshake: PoW insufficient difficulty");
+    }
+    return null;
+}
+/**
+ * First-contact PoW verifier per HANDSHAKE.md §2.2a.4. The
+ * preimage is the raw concatenation `prefix || nonce`, hashed with
+ * SHA-256. Returns the recomputed hash and the leading-zero bit
+ * count; the caller decides whether the bit count meets its
+ * difficulty threshold (the difficulty is a recipient policy, not a
+ * protocol constant here).
+ */
+export function firstContactDigest(prefix, nonce) {
+    const buf = new Uint8Array(prefix.length + nonce.length);
+    buf.set(prefix, 0);
+    buf.set(nonce, prefix.length);
+    const sum = sha256(buf);
+    return { hash: sum, leadingZeroBits: leadingZeroBits(sum) };
+}
+/**
+ * Count the number of leading zero bits in a hash. Used by both
+ * PoW preimages to assess whether a candidate solution meets the
+ * required difficulty.
+ */
+export function leadingZeroBits(hash) {
+    let n = 0;
+    for (let i = 0; i < hash.length; i++) {
+        const b = hash[i] ?? 0;
+        if (b === 0) {
+            n += 8;
+            continue;
+        }
+        let bb = b;
+        let bits = 8;
+        while (bb !== 0) {
+            bb = bb >>> 1;
+            bits--;
+        }
+        n += bits;
+        return n;
+    }
+    return n;
+}
+function challengePreimage(prefix, challengeId, nonceB64) {
+    const prefixB64 = bytesToBase64(prefix);
+    return new TextEncoder().encode(`${prefixB64}:${challengeId}:${nonceB64}`);
+}
+function bytesToHex(b) {
+    let s = "";
+    for (let i = 0; i < b.length; i++) {
+        s += (b[i] ?? 0).toString(16).padStart(2, "0");
+    }
+    return s;
+}
+function bytesToBase64(b) {
+    // Node and modern browsers both support btoa via TextDecoder, but
+    // the cleanest portable path is Buffer when available, falling
+    // back to a binary-string + btoa for browsers.
+    if (typeof Buffer !== "undefined") {
+        return Buffer.from(b).toString("base64");
+    }
+    let bin = "";
+    for (let i = 0; i < b.length; i++) {
+        bin += String.fromCharCode(b[i] ?? 0);
+    }
+    return btoa(bin);
+}
+function decodeBase64Strict(s) {
+    if (typeof Buffer !== "undefined") {
+        return new Uint8Array(Buffer.from(s, "base64"));
+    }
+    const bin = atob(s);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++) {
+        out[i] = bin.charCodeAt(i);
+    }
+    return out;
+}
+//# sourceMappingURL=pow.js.map

package/dist/handshake/pow.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pow.js","sourceRoot":"","sources":["../../src/handshake/pow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,oEAAoE;AACpE,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE,CAAC;AAEnC;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,uBAAuB,CACrC,MAAkB,EAClB,WAAmB,EACnB,QAAgB,EAChB,cAAsB,EACtB,UAAkB;IAElB,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACnB,OAAO,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,UAAU,GAAG,gBAAgB,EAAE,CAAC;QAClC,OAAO,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,WAAW,KAAK,EAAE,EAAE,CAAC;QACvB,OAAO,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,QAAQ,KAAK,EAAE,EAAE,CAAC;QACpB,OAAO,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IACjD,CAAC;IACD,gEAAgE;IAChE,2DAA2D;IAC3D,kBAAkB;IAClB,IAAI,CAAC;QACH,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC/D,CAAC;IACD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;IAClE,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,WAAW,CAAC,WAAW,EAAE,KAAK,cAAc,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/D,OAAO,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IACnD,CAAC;IACD,IAAI,eAAe,CAAC,GAAG,CAAC,GAAG,UAAU,EAAE,CAAC;QACtC,OAAO,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAAkB,EAClB,KAAiB;IAEjB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IACzD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACnB,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9B,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACxB,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,eAAe,EAAE,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,IAAgB;IAC9C,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACvB,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACZ,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,EAAE,GAAG,CAAC,CAAC;QACX,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;YAChB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;YACd,IAAI,EAAE,CAAC;QACT,CAAC;QACD,CAAC,IAAI,IAAI,CAAC;QACV,OAAO,CAAC,CAAC;IACX,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,iBAAiB,CACxB,MAAkB,EAClB,WAAmB,EACnB,QAAgB;IAEhB,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACxC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,SAAS,IAAI,WAAW,IAAI,QAAQ,EAAE,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,UAAU,CAAC,CAAa;IAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,aAAa,CAAC,CAAa;IAClC,kEAAkE;IAClE,+DAA+D;IAC/D,+CAA+C;IAC/C,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAS;IACnC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/handshake/resume_driver.d.ts ADDED Viewed

@@ -0,0 +1,56 @@
+/**
+ * Session-resume driver per HANDSHAKE.md §2.8.
+ *
+ * Wraps the stateful {@link HandshakeClient} for the resume path:
+ *
+ *   1. Send `step="resume"` with the ticket value + a fresh client
+ *      nonce.
+ *   2. Receive ACCEPTED (or REJECTED).
+ *   3. On ACCEPTED, derive resumed session keys and return both
+ *      the new session and the new ticket the server issued for
+ *      chaining a future resume.
+ *
+ * On REJECTED with `reason_code` ∈ {`resumption_failed`,
+ * `configuration_stale`, `no_session`}, throw an error that
+ * satisfies {@link "./abort".isResumptionFailed}; the caller MUST
+ * discard the resume attempt and fall back to a fresh full
+ * handshake. {@link runClientResumeOrFull} composes this for callers
+ * who want one-call fallback.
+ *
+ * @module
+ */
+import type { Transport } from "../transport/index.js";
+import { type HandshakeClient, type HandshakeClientSession } from "./client_state.js";
+/**
+ * Drive a client-side resume exchange to completion over `transport`.
+ * Returns the resumed session plus the new ticket bytes the server
+ * issued for chaining (`undefined` if the server didn't issue one).
+ */
+export declare function runClientResume(transport: Transport, client: HandshakeClient, ticket: string): Promise<{
+    session: HandshakeClientSession;
+    newTicket: string | undefined;
+}>;
+/**
+ * Try a resume against `resumeTransport` / `resumeClient` /
+ * `ticket` per §2.8.5. If the resume fails with a fallback-eligible
+ * reason (resumption_failed / configuration_stale / no_session),
+ * discard the resume attempt and perform a full handshake against a
+ * fresh transport + client supplied by the caller.
+ *
+ * The caller supplies factories rather than reusing the prior
+ * transport / client because:
+ *
+ *   - The prior transport was already used for the failed Resume
+ *     exchange.
+ *   - The prior client has accumulated state from `resume()` that
+ *     would interfere with a fresh `init()`.
+ *
+ * Returns `{ session, newTicket, fellBack }`. `fellBack` is `true`
+ * when the function fell back to a full handshake.
+ */
+export declare function runClientResumeOrFull(resumeTransport: Transport, resumeClient: HandshakeClient, ticket: string, freshTransport: () => Promise<Transport>, fullHandshake: (transport: Transport) => Promise<HandshakeClientSession>): Promise<{
+    session: HandshakeClientSession;
+    newTicket: string | undefined;
+    fellBack: boolean;
+}>;
+//# sourceMappingURL=resume_driver.d.ts.map

package/dist/handshake/resume_driver.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"resume_driver.d.ts","sourceRoot":"","sources":["../../src/handshake/resume_driver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAEvD,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,sBAAsB,EAE5B,MAAM,mBAAmB,CAAC;AAG3B;;;;GAIG;AACH,wBAAsB,eAAe,CACnC,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,eAAe,EACvB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IAAE,OAAO,EAAE,sBAAsB,CAAC;IAAC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAA;CAAE,CAAC,CAW7E;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,qBAAqB,CACzC,eAAe,EAAE,SAAS,EAC1B,YAAY,EAAE,eAAe,EAC7B,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,OAAO,CAAC,SAAS,CAAC,EACxC,aAAa,EAAE,CACb,SAAS,EAAE,SAAS,KACjB,OAAO,CAAC,sBAAsB,CAAC,GACnC,OAAO,CAAC;IACT,OAAO,EAAE,sBAAsB,CAAC;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,QAAQ,EAAE,OAAO,CAAC;CACnB,CAAC,CAgBD"}

package/dist/handshake/resume_driver.js ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * Session-resume driver per HANDSHAKE.md §2.8.
+ *
+ * Wraps the stateful {@link HandshakeClient} for the resume path:
+ *
+ *   1. Send `step="resume"` with the ticket value + a fresh client
+ *      nonce.
+ *   2. Receive ACCEPTED (or REJECTED).
+ *   3. On ACCEPTED, derive resumed session keys and return both
+ *      the new session and the new ticket the server issued for
+ *      chaining a future resume.
+ *
+ * On REJECTED with `reason_code` ∈ {`resumption_failed`,
+ * `configuration_stale`, `no_session`}, throw an error that
+ * satisfies {@link "./abort".isResumptionFailed}; the caller MUST
+ * discard the resume attempt and fall back to a fresh full
+ * handshake. {@link runClientResumeOrFull} composes this for callers
+ * who want one-call fallback.
+ *
+ * @module
+ */
+import { HandshakeRejectedError, } from "./client_state.js";
+import { isResumptionFailed } from "./abort.js";
+/**
+ * Drive a client-side resume exchange to completion over `transport`.
+ * Returns the resumed session plus the new ticket bytes the server
+ * issued for chaining (`undefined` if the server didn't issue one).
+ */
+export async function runClientResume(transport, client, ticket) {
+    if (ticket === "") {
+        throw new Error("handshake: empty resumption ticket");
+    }
+    const resumeBytes = client.resume(ticket);
+    await transport.send(resumeBytes);
+    const respBytes = await transport.receive();
+    if (respBytes === null) {
+        throw new Error("handshake: connection closed waiting for resume response");
+    }
+    return client.onResumeAccepted(respBytes);
+}
+/**
+ * Try a resume against `resumeTransport` / `resumeClient` /
+ * `ticket` per §2.8.5. If the resume fails with a fallback-eligible
+ * reason (resumption_failed / configuration_stale / no_session),
+ * discard the resume attempt and perform a full handshake against a
+ * fresh transport + client supplied by the caller.
+ *
+ * The caller supplies factories rather than reusing the prior
+ * transport / client because:
+ *
+ *   - The prior transport was already used for the failed Resume
+ *     exchange.
+ *   - The prior client has accumulated state from `resume()` that
+ *     would interfere with a fresh `init()`.
+ *
+ * Returns `{ session, newTicket, fellBack }`. `fellBack` is `true`
+ * when the function fell back to a full handshake.
+ */
+export async function runClientResumeOrFull(resumeTransport, resumeClient, ticket, freshTransport, fullHandshake) {
+    try {
+        const r = await runClientResume(resumeTransport, resumeClient, ticket);
+        return { session: r.session, newTicket: r.newTicket, fellBack: false };
+    }
+    catch (err) {
+        if (!(err instanceof HandshakeRejectedError) ||
+            !isResumptionFailed(err)) {
+            throw err;
+        }
+        // Fall back to a full handshake on a fresh transport + client.
+        const t = await freshTransport();
+        const session = await fullHandshake(t);
+        return { session, newTicket: undefined, fellBack: true };
+    }
+}
+//# sourceMappingURL=resume_driver.js.map

package/dist/handshake/resume_driver.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"resume_driver.js","sourceRoot":"","sources":["../../src/handshake/resume_driver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAIH,OAAO,EAGL,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEhD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,SAAoB,EACpB,MAAuB,EACvB,MAAc;IAEd,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;IAC5C,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IACD,OAAO,MAAM,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;AAC5C,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,eAA0B,EAC1B,YAA6B,EAC7B,MAAc,EACd,cAAwC,EACxC,aAEoC;IAMpC,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,eAAe,CAAC,eAAe,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;QACvE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IACzE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IACE,CAAC,CAAC,GAAG,YAAY,sBAAsB,CAAC;YACxC,CAAC,kBAAkB,CAAC,GAAG,CAAC,EACxB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QACD,+DAA+D;QAC/D,MAAM,CAAC,GAAG,MAAM,cAAc,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACvC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC3D,CAAC;AACH,CAAC"}