npm - @sempdev/semp - Versions diffs - 0.4.3 - Mend

@sempdev/semp 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/LICENSE +21 -0
package/README.md +59 -0
package/dist/brief/address.d.ts +77 -0
package/dist/brief/address.d.ts.map +1 -0
package/dist/brief/address.js +217 -0
package/dist/brief/address.js.map +1 -0
package/dist/brief/brief.d.ts +75 -0
package/dist/brief/brief.d.ts.map +1 -0
package/dist/brief/brief.js +56 -0
package/dist/brief/brief.js.map +1 -0
package/dist/brief/index.d.ts +11 -0
package/dist/brief/index.d.ts.map +1 -0
package/dist/brief/index.js +11 -0
package/dist/brief/index.js.map +1 -0
package/dist/canonical/index.d.ts +8 -0
package/dist/canonical/index.d.ts.map +1 -0
package/dist/canonical/index.js +8 -0
package/dist/canonical/index.js.map +1 -0
package/dist/canonical/marshal.d.ts +35 -0
package/dist/canonical/marshal.d.ts.map +1 -0
package/dist/canonical/marshal.js +107 -0
package/dist/canonical/marshal.js.map +1 -0
package/dist/clockskew/index.d.ts +52 -0
package/dist/clockskew/index.d.ts.map +1 -0
package/dist/clockskew/index.js +62 -0
package/dist/clockskew/index.js.map +1 -0
package/dist/closure/closure.d.ts +106 -0
package/dist/closure/closure.d.ts.map +1 -0
package/dist/closure/closure.js +152 -0
package/dist/closure/closure.js.map +1 -0
package/dist/closure/driver.d.ts +103 -0
package/dist/closure/driver.d.ts.map +1 -0
package/dist/closure/driver.js +126 -0
package/dist/closure/driver.js.map +1 -0
package/dist/closure/index.d.ts +13 -0
package/dist/closure/index.d.ts.map +1 -0
package/dist/closure/index.js +13 -0
package/dist/closure/index.js.map +1 -0
package/dist/closure/store.d.ts +80 -0
package/dist/closure/store.d.ts.map +1 -0
package/dist/closure/store.js +89 -0
package/dist/closure/store.js.map +1 -0
package/dist/crypto/aead.d.ts +29 -0
package/dist/crypto/aead.d.ts.map +1 -0
package/dist/crypto/aead.js +48 -0
package/dist/crypto/aead.js.map +1 -0
package/dist/crypto/argon2.d.ts +20 -0
package/dist/crypto/argon2.d.ts.map +1 -0
package/dist/crypto/argon2.js +28 -0
package/dist/crypto/argon2.js.map +1 -0
package/dist/crypto/index.d.ts +14 -0
package/dist/crypto/index.d.ts.map +1 -0
package/dist/crypto/index.js +14 -0
package/dist/crypto/index.js.map +1 -0
package/dist/crypto/kdf.d.ts +96 -0
package/dist/crypto/kdf.d.ts.map +1 -0
package/dist/crypto/kdf.js +122 -0
package/dist/crypto/kdf.js.map +1 -0
package/dist/crypto/kem.d.ts +85 -0
package/dist/crypto/kem.d.ts.map +1 -0
package/dist/crypto/kem.js +130 -0
package/dist/crypto/kem.js.map +1 -0
package/dist/crypto/mac.d.ts +19 -0
package/dist/crypto/mac.d.ts.map +1 -0
package/dist/crypto/mac.js +32 -0
package/dist/crypto/mac.js.map +1 -0
package/dist/delivery/ack.d.ts +125 -0
package/dist/delivery/ack.d.ts.map +1 -0
package/dist/delivery/ack.js +141 -0
package/dist/delivery/ack.js.map +1 -0
package/dist/delivery/blocklist.d.ts +87 -0
package/dist/delivery/blocklist.d.ts.map +1 -0
package/dist/delivery/blocklist.js +107 -0
package/dist/delivery/blocklist.js.map +1 -0
package/dist/delivery/cancel.d.ts +60 -0
package/dist/delivery/cancel.d.ts.map +1 -0
package/dist/delivery/cancel.js +43 -0
package/dist/delivery/cancel.js.map +1 -0
package/dist/delivery/disposition.d.ts +106 -0
package/dist/delivery/disposition.d.ts.map +1 -0
package/dist/delivery/disposition.js +105 -0
package/dist/delivery/disposition.js.map +1 -0
package/dist/delivery/fetch.d.ts +59 -0
package/dist/delivery/fetch.d.ts.map +1 -0
package/dist/delivery/fetch.js +47 -0
package/dist/delivery/fetch.js.map +1 -0
package/dist/delivery/forwarder.d.ts +106 -0
package/dist/delivery/forwarder.d.ts.map +1 -0
package/dist/delivery/forwarder.js +251 -0
package/dist/delivery/forwarder.js.map +1 -0
package/dist/delivery/inbox.d.ts +42 -0
package/dist/delivery/inbox.d.ts.map +1 -0
package/dist/delivery/inbox.js +68 -0
package/dist/delivery/inbox.js.map +1 -0
package/dist/delivery/index.d.ts +31 -0
package/dist/delivery/index.d.ts.map +1 -0
package/dist/delivery/index.js +31 -0
package/dist/delivery/index.js.map +1 -0
package/dist/delivery/internalroute.d.ts +50 -0
package/dist/delivery/internalroute.d.ts.map +1 -0
package/dist/delivery/internalroute.js +23 -0
package/dist/delivery/internalroute.js.map +1 -0
package/dist/delivery/pipeline.d.ts +153 -0
package/dist/delivery/pipeline.d.ts.map +1 -0
package/dist/delivery/pipeline.js +356 -0
package/dist/delivery/pipeline.js.map +1 -0
package/dist/delivery/policy_state.d.ts +105 -0
package/dist/delivery/policy_state.d.ts.map +1 -0
package/dist/delivery/policy_state.js +293 -0
package/dist/delivery/policy_state.js.map +1 -0
package/dist/delivery/queue.d.ts +47 -0
package/dist/delivery/queue.d.ts.map +1 -0
package/dist/delivery/queue.js +33 -0
package/dist/delivery/queue.js.map +1 -0
package/dist/delivery/receipt.d.ts +137 -0
package/dist/delivery/receipt.d.ts.map +1 -0
package/dist/delivery/receipt.js +181 -0
package/dist/delivery/receipt.js.map +1 -0
package/dist/delivery/receipt_store.d.ts +81 -0
package/dist/delivery/receipt_store.d.ts.map +1 -0
package/dist/delivery/receipt_store.js +74 -0
package/dist/delivery/receipt_store.js.map +1 -0
package/dist/delivery/retry.d.ts +78 -0
package/dist/delivery/retry.d.ts.map +1 -0
package/dist/delivery/retry.js +132 -0
package/dist/delivery/retry.js.map +1 -0
package/dist/delivery/scheduler.d.ts +156 -0
package/dist/delivery/scheduler.d.ts.map +1 -0
package/dist/delivery/scheduler.js +349 -0
package/dist/delivery/scheduler.js.map +1 -0
package/dist/delivery/stage_partition.d.ts +87 -0
package/dist/delivery/stage_partition.d.ts.map +1 -0
package/dist/delivery/stage_partition.js +122 -0
package/dist/delivery/stage_partition.js.map +1 -0
package/dist/delivery/staged_runner.d.ts +100 -0
package/dist/delivery/staged_runner.d.ts.map +1 -0
package/dist/delivery/staged_runner.js +277 -0
package/dist/delivery/staged_runner.js.map +1 -0
package/dist/delivery/submission.d.ts +72 -0
package/dist/delivery/submission.d.ts.map +1 -0
package/dist/delivery/submission.js +58 -0
package/dist/delivery/submission.js.map +1 -0
package/dist/delivery/sync.d.ts +68 -0
package/dist/delivery/sync.d.ts.map +1 -0
package/dist/delivery/sync.js +99 -0
package/dist/delivery/sync.js.map +1 -0
package/dist/delivery/user_policy.d.ts +74 -0
package/dist/delivery/user_policy.d.ts.map +1 -0
package/dist/delivery/user_policy.js +140 -0
package/dist/delivery/user_policy.js.map +1 -0
package/dist/discovery/cache.d.ts +37 -0
package/dist/discovery/cache.d.ts.map +1 -0
package/dist/discovery/cache.js +45 -0
package/dist/discovery/cache.js.map +1 -0
package/dist/discovery/configuration.d.ts +97 -0
package/dist/discovery/configuration.d.ts.map +1 -0
package/dist/discovery/configuration.js +146 -0
package/dist/discovery/configuration.js.map +1 -0
package/dist/discovery/dns.d.ts +56 -0
package/dist/discovery/dns.d.ts.map +1 -0
package/dist/discovery/dns.js +120 -0
package/dist/discovery/dns.js.map +1 -0
package/dist/discovery/domain_keys.d.ts +62 -0
package/dist/discovery/domain_keys.d.ts.map +1 -0
package/dist/discovery/domain_keys.js +89 -0
package/dist/discovery/domain_keys.js.map +1 -0
package/dist/discovery/index.d.ts +19 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +19 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/lookup.d.ts +72 -0
package/dist/discovery/lookup.d.ts.map +1 -0
package/dist/discovery/lookup.js +121 -0
package/dist/discovery/lookup.js.map +1 -0
package/dist/discovery/onion.d.ts +34 -0
package/dist/discovery/onion.d.ts.map +1 -0
package/dist/discovery/onion.js +61 -0
package/dist/discovery/onion.js.map +1 -0
package/dist/discovery/partition.d.ts +96 -0
package/dist/discovery/partition.d.ts.map +1 -0
package/dist/discovery/partition.js +247 -0
package/dist/discovery/partition.js.map +1 -0
package/dist/discovery/resolver.d.ts +113 -0
package/dist/discovery/resolver.d.ts.map +1 -0
package/dist/discovery/resolver.js +176 -0
package/dist/discovery/resolver.js.map +1 -0
package/dist/discovery/txt.d.ts +39 -0
package/dist/discovery/txt.d.ts.map +1 -0
package/dist/discovery/txt.js +71 -0
package/dist/discovery/txt.js.map +1 -0
package/dist/enclosure/forwarding.d.ts +128 -0
package/dist/enclosure/forwarding.d.ts.map +1 -0
package/dist/enclosure/forwarding.js +119 -0
package/dist/enclosure/forwarding.js.map +1 -0
package/dist/enclosure/index.d.ts +11 -0
package/dist/enclosure/index.d.ts.map +1 -0
package/dist/enclosure/index.js +11 -0
package/dist/enclosure/index.js.map +1 -0
package/dist/envelope/buckets.d.ts +38 -0
package/dist/envelope/buckets.d.ts.map +1 -0
package/dist/envelope/buckets.js +73 -0
package/dist/envelope/buckets.js.map +1 -0
package/dist/envelope/canonical.d.ts +28 -0
package/dist/envelope/canonical.d.ts.map +1 -0
package/dist/envelope/canonical.js +54 -0
package/dist/envelope/canonical.js.map +1 -0
package/dist/envelope/compose.d.ts +171 -0
package/dist/envelope/compose.d.ts.map +1 -0
package/dist/envelope/compose.js +237 -0
package/dist/envelope/compose.js.map +1 -0
package/dist/envelope/encode.d.ts +41 -0
package/dist/envelope/encode.d.ts.map +1 -0
package/dist/envelope/encode.js +69 -0
package/dist/envelope/encode.js.map +1 -0
package/dist/envelope/index.d.ts +20 -0
package/dist/envelope/index.d.ts.map +1 -0
package/dist/envelope/index.js +20 -0
package/dist/envelope/index.js.map +1 -0
package/dist/envelope/open_any.d.ts +48 -0
package/dist/envelope/open_any.d.ts.map +1 -0
package/dist/envelope/open_any.js +81 -0
package/dist/envelope/open_any.js.map +1 -0
package/dist/envelope/open_verified.d.ts +59 -0
package/dist/envelope/open_verified.d.ts.map +1 -0
package/dist/envelope/open_verified.js +67 -0
package/dist/envelope/open_verified.js.map +1 -0
package/dist/envelope/padding.d.ts +55 -0
package/dist/envelope/padding.d.ts.map +1 -0
package/dist/envelope/padding.js +162 -0
package/dist/envelope/padding.js.map +1 -0
package/dist/envelope/rejection.d.ts +22 -0
package/dist/envelope/rejection.d.ts.map +1 -0
package/dist/envelope/rejection.js +30 -0
package/dist/envelope/rejection.js.map +1 -0
package/dist/envelope/sendtime.d.ts +49 -0
package/dist/envelope/sendtime.d.ts.map +1 -0
package/dist/envelope/sendtime.js +87 -0
package/dist/envelope/sendtime.js.map +1 -0
package/dist/envelope/verify.d.ts +29 -0
package/dist/envelope/verify.d.ts.map +1 -0
package/dist/envelope/verify.js +90 -0
package/dist/envelope/verify.js.map +1 -0
package/dist/extensions/index.d.ts +7 -0
package/dist/extensions/index.d.ts.map +1 -0
package/dist/extensions/index.js +7 -0
package/dist/extensions/index.js.map +1 -0
package/dist/extensions/limits.d.ts +101 -0
package/dist/extensions/limits.d.ts.map +1 -0
package/dist/extensions/limits.js +175 -0
package/dist/extensions/limits.js.map +1 -0
package/dist/handshake/abort.d.ts +49 -0
package/dist/handshake/abort.d.ts.map +1 -0
package/dist/handshake/abort.js +82 -0
package/dist/handshake/abort.js.map +1 -0
package/dist/handshake/capabilities.d.ts +46 -0
package/dist/handshake/capabilities.d.ts.map +1 -0
package/dist/handshake/capabilities.js +114 -0
package/dist/handshake/capabilities.js.map +1 -0
package/dist/handshake/client_state.d.ts +186 -0
package/dist/handshake/client_state.d.ts.map +1 -0
package/dist/handshake/client_state.js +520 -0
package/dist/handshake/client_state.js.map +1 -0
package/dist/handshake/confirm.d.ts +21 -0
package/dist/handshake/confirm.d.ts.map +1 -0
package/dist/handshake/confirm.js +27 -0
package/dist/handshake/confirm.js.map +1 -0
package/dist/handshake/driver.d.ts +126 -0
package/dist/handshake/driver.d.ts.map +1 -0
package/dist/handshake/driver.js +251 -0
package/dist/handshake/driver.js.map +1 -0
package/dist/handshake/federation.d.ts +365 -0
package/dist/handshake/federation.d.ts.map +1 -0
package/dist/handshake/federation.js +664 -0
package/dist/handshake/federation.js.map +1 -0
package/dist/handshake/first_contact.d.ts +57 -0
package/dist/handshake/first_contact.d.ts.map +1 -0
package/dist/handshake/first_contact.js +124 -0
package/dist/handshake/first_contact.js.map +1 -0
package/dist/handshake/identity.d.ts +101 -0
package/dist/handshake/identity.d.ts.map +1 -0
package/dist/handshake/identity.js +117 -0
package/dist/handshake/identity.js.map +1 -0
package/dist/handshake/index.d.ts +21 -0
package/dist/handshake/index.d.ts.map +1 -0
package/dist/handshake/index.js +21 -0
package/dist/handshake/index.js.map +1 -0
package/dist/handshake/messages.d.ts +176 -0
package/dist/handshake/messages.d.ts.map +1 -0
package/dist/handshake/messages.js +125 -0
package/dist/handshake/messages.js.map +1 -0
package/dist/handshake/pow.d.ts +53 -0
package/dist/handshake/pow.d.ts.map +1 -0
package/dist/handshake/pow.js +142 -0
package/dist/handshake/pow.js.map +1 -0
package/dist/handshake/resume_driver.d.ts +56 -0
package/dist/handshake/resume_driver.d.ts.map +1 -0
package/dist/handshake/resume_driver.js +75 -0
package/dist/handshake/resume_driver.js.map +1 -0
package/dist/handshake/server.d.ts +112 -0
package/dist/handshake/server.d.ts.map +1 -0
package/dist/handshake/server.js +247 -0
package/dist/handshake/server.js.map +1 -0
package/dist/handshake/server_state.d.ts +102 -0
package/dist/handshake/server_state.d.ts.map +1 -0
package/dist/handshake/server_state.js +278 -0
package/dist/handshake/server_state.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +33 -0
package/dist/index.js.map +1 -0
package/dist/keys/compromise.d.ts +118 -0
package/dist/keys/compromise.d.ts.map +1 -0
package/dist/keys/compromise.js +218 -0
package/dist/keys/compromise.js.map +1 -0
package/dist/keys/device_certificate.d.ts +166 -0
package/dist/keys/device_certificate.d.ts.map +1 -0
package/dist/keys/device_certificate.js +328 -0
package/dist/keys/device_certificate.js.map +1 -0
package/dist/keys/device_records.d.ts +175 -0
package/dist/keys/device_records.d.ts.map +1 -0
package/dist/keys/device_records.js +418 -0
package/dist/keys/device_records.js.map +1 -0
package/dist/keys/directory_cache.d.ts +64 -0
package/dist/keys/directory_cache.d.ts.map +1 -0
package/dist/keys/directory_cache.js +98 -0
package/dist/keys/directory_cache.js.map +1 -0
package/dist/keys/directory_state.d.ts +79 -0
package/dist/keys/directory_state.d.ts.map +1 -0
package/dist/keys/directory_state.js +155 -0
package/dist/keys/directory_state.js.map +1 -0
package/dist/keys/index.d.ts +18 -0
package/dist/keys/index.d.ts.map +1 -0
package/dist/keys/index.js +18 -0
package/dist/keys/index.js.map +1 -0
package/dist/keys/key_revocation.d.ts +61 -0
package/dist/keys/key_revocation.d.ts.map +1 -0
package/dist/keys/key_revocation.js +88 -0
package/dist/keys/key_revocation.js.map +1 -0
package/dist/keys/request.d.ts +124 -0
package/dist/keys/request.d.ts.map +1 -0
package/dist/keys/request.js +130 -0
package/dist/keys/request.js.map +1 -0
package/dist/keys/sign.d.ts +49 -0
package/dist/keys/sign.d.ts.map +1 -0
package/dist/keys/sign.js +80 -0
package/dist/keys/sign.js.map +1 -0
package/dist/keys/signed.d.ts +80 -0
package/dist/keys/signed.d.ts.map +1 -0
package/dist/keys/signed.js +138 -0
package/dist/keys/signed.js.map +1 -0
package/dist/keys/store.d.ts +138 -0
package/dist/keys/store.d.ts.map +1 -0
package/dist/keys/store.js +107 -0
package/dist/keys/store.js.map +1 -0
package/dist/largeattachment/crypto.d.ts +47 -0
package/dist/largeattachment/crypto.d.ts.map +1 -0
package/dist/largeattachment/crypto.js +235 -0
package/dist/largeattachment/crypto.js.map +1 -0
package/dist/largeattachment/enclosure.d.ts +48 -0
package/dist/largeattachment/enclosure.d.ts.map +1 -0
package/dist/largeattachment/enclosure.js +102 -0
package/dist/largeattachment/enclosure.js.map +1 -0
package/dist/largeattachment/index.d.ts +15 -0
package/dist/largeattachment/index.d.ts.map +1 -0
package/dist/largeattachment/index.js +15 -0
package/dist/largeattachment/index.js.map +1 -0
package/dist/largeattachment/store.d.ts +36 -0
package/dist/largeattachment/store.d.ts.map +1 -0
package/dist/largeattachment/store.js +37 -0
package/dist/largeattachment/store.js.map +1 -0
package/dist/largeattachment/types.d.ts +56 -0
package/dist/largeattachment/types.d.ts.map +1 -0
package/dist/largeattachment/types.js +31 -0
package/dist/largeattachment/types.js.map +1 -0
package/dist/largeattachment/upload.d.ts +62 -0
package/dist/largeattachment/upload.d.ts.map +1 -0
package/dist/largeattachment/upload.js +166 -0
package/dist/largeattachment/upload.js.map +1 -0
package/dist/migration/index.d.ts +17 -0
package/dist/migration/index.d.ts.map +1 -0
package/dist/migration/index.js +17 -0
package/dist/migration/index.js.map +1 -0
package/dist/migration/lockout.d.ts +48 -0
package/dist/migration/lockout.d.ts.map +1 -0
package/dist/migration/lockout.js +57 -0
package/dist/migration/lockout.js.map +1 -0
package/dist/migration/migration.d.ts +48 -0
package/dist/migration/migration.d.ts.map +1 -0
package/dist/migration/migration.js +58 -0
package/dist/migration/migration.js.map +1 -0
package/dist/migration/notice.d.ts +33 -0
package/dist/migration/notice.d.ts.map +1 -0
package/dist/migration/notice.js +85 -0
package/dist/migration/notice.js.map +1 -0
package/dist/migration/orchestrate.d.ts +109 -0
package/dist/migration/orchestrate.d.ts.map +1 -0
package/dist/migration/orchestrate.js +212 -0
package/dist/migration/orchestrate.js.map +1 -0
package/dist/migration/publication_store.d.ts +34 -0
package/dist/migration/publication_store.d.ts.map +1 -0
package/dist/migration/publication_store.js +44 -0
package/dist/migration/publication_store.js.map +1 -0
package/dist/migration/sign.d.ts +65 -0
package/dist/migration/sign.d.ts.map +1 -0
package/dist/migration/sign.js +331 -0
package/dist/migration/sign.js.map +1 -0
package/dist/migration/types.d.ts +92 -0
package/dist/migration/types.d.ts.map +1 -0
package/dist/migration/types.js +26 -0
package/dist/migration/types.js.map +1 -0
package/dist/reasoncodes.d.ts +42 -0
package/dist/reasoncodes.d.ts.map +1 -0
package/dist/reasoncodes.js +80 -0
package/dist/reasoncodes.js.map +1 -0
package/dist/recovery/bundle.d.ts +34 -0
package/dist/recovery/bundle.d.ts.map +1 -0
package/dist/recovery/bundle.js +144 -0
package/dist/recovery/bundle.js.map +1 -0
package/dist/recovery/bundle_crypto.d.ts +60 -0
package/dist/recovery/bundle_crypto.d.ts.map +1 -0
package/dist/recovery/bundle_crypto.js +179 -0
package/dist/recovery/bundle_crypto.js.map +1 -0
package/dist/recovery/bundle_store.d.ts +57 -0
package/dist/recovery/bundle_store.d.ts.map +1 -0
package/dist/recovery/bundle_store.js +104 -0
package/dist/recovery/bundle_store.js.map +1 -0
package/dist/recovery/index.d.ts +19 -0
package/dist/recovery/index.d.ts.map +1 -0
package/dist/recovery/index.js +19 -0
package/dist/recovery/index.js.map +1 -0
package/dist/recovery/manifest_crosscheck.d.ts +59 -0
package/dist/recovery/manifest_crosscheck.d.ts.map +1 -0
package/dist/recovery/manifest_crosscheck.js +59 -0
package/dist/recovery/manifest_crosscheck.js.map +1 -0
package/dist/recovery/shamir.d.ts +51 -0
package/dist/recovery/shamir.d.ts.map +1 -0
package/dist/recovery/shamir.js +181 -0
package/dist/recovery/shamir.js.map +1 -0
package/dist/recovery/sign.d.ts +61 -0
package/dist/recovery/sign.d.ts.map +1 -0
package/dist/recovery/sign.js +359 -0
package/dist/recovery/sign.js.map +1 -0
package/dist/recovery/types.d.ts +180 -0
package/dist/recovery/types.d.ts.map +1 -0
package/dist/recovery/types.js +31 -0
package/dist/recovery/types.js.map +1 -0
package/dist/reputation/abuse_report.d.ts +62 -0
package/dist/reputation/abuse_report.d.ts.map +1 -0
package/dist/reputation/abuse_report.js +111 -0
package/dist/reputation/abuse_report.js.map +1 -0
package/dist/reputation/bucketize.d.ts +31 -0
package/dist/reputation/bucketize.d.ts.map +1 -0
package/dist/reputation/bucketize.js +77 -0
package/dist/reputation/bucketize.js.map +1 -0
package/dist/reputation/gossip.d.ts +24 -0
package/dist/reputation/gossip.d.ts.map +1 -0
package/dist/reputation/gossip.js +64 -0
package/dist/reputation/gossip.js.map +1 -0
package/dist/reputation/gossip_fetch.d.ts +64 -0
package/dist/reputation/gossip_fetch.d.ts.map +1 -0
package/dist/reputation/gossip_fetch.js +114 -0
package/dist/reputation/gossip_fetch.js.map +1 -0
package/dist/reputation/index.d.ts +20 -0
package/dist/reputation/index.d.ts.map +1 -0
package/dist/reputation/index.js +20 -0
package/dist/reputation/index.js.map +1 -0
package/dist/reputation/observation_store.d.ts +67 -0
package/dist/reputation/observation_store.d.ts.map +1 -0
package/dist/reputation/observation_store.js +171 -0
package/dist/reputation/observation_store.js.map +1 -0
package/dist/reputation/pow.d.ts +91 -0
package/dist/reputation/pow.d.ts.map +1 -0
package/dist/reputation/pow.js +209 -0
package/dist/reputation/pow.js.map +1 -0
package/dist/reputation/sign.d.ts +40 -0
package/dist/reputation/sign.d.ts.map +1 -0
package/dist/reputation/sign.js +202 -0
package/dist/reputation/sign.js.map +1 -0
package/dist/reputation/types.d.ts +133 -0
package/dist/reputation/types.d.ts.map +1 -0
package/dist/reputation/types.js +33 -0
package/dist/reputation/types.js.map +1 -0
package/dist/reputation/whois.d.ts +25 -0
package/dist/reputation/whois.d.ts.map +1 -0
package/dist/reputation/whois.js +20 -0
package/dist/reputation/whois.js.map +1 -0
package/dist/seal/index.d.ts +8 -0
package/dist/seal/index.d.ts.map +1 -0
package/dist/seal/index.js +8 -0
package/dist/seal/index.js.map +1 -0
package/dist/seal/wrap.d.ts +74 -0
package/dist/seal/wrap.d.ts.map +1 -0
package/dist/seal/wrap.js +213 -0
package/dist/seal/wrap.js.map +1 -0
package/dist/session/dispatcher.d.ts +65 -0
package/dist/session/dispatcher.d.ts.map +1 -0
package/dist/session/dispatcher.js +96 -0
package/dist/session/dispatcher.js.map +1 -0
package/dist/session/index.d.ts +15 -0
package/dist/session/index.d.ts.map +1 -0
package/dist/session/index.js +15 -0
package/dist/session/index.js.map +1 -0
package/dist/session/rekey.d.ts +108 -0
package/dist/session/rekey.d.ts.map +1 -0
package/dist/session/rekey.js +207 -0
package/dist/session/rekey.js.map +1 -0
package/dist/session/rekey_seal.d.ts +66 -0
package/dist/session/rekey_seal.d.ts.map +1 -0
package/dist/session/rekey_seal.js +153 -0
package/dist/session/rekey_seal.js.map +1 -0
package/dist/session/resume.d.ts +125 -0
package/dist/session/resume.d.ts.map +1 -0
package/dist/session/resume.js +263 -0
package/dist/session/resume.js.map +1 -0
package/dist/session/session.d.ts +136 -0
package/dist/session/session.d.ts.map +1 -0
package/dist/session/session.js +188 -0
package/dist/session/session.js.map +1 -0
package/dist/transparency/index.d.ts +13 -0
package/dist/transparency/index.d.ts.map +1 -0
package/dist/transparency/index.js +13 -0
package/dist/transparency/index.js.map +1 -0
package/dist/transparency/log.d.ts +61 -0
package/dist/transparency/log.d.ts.map +1 -0
package/dist/transparency/log.js +133 -0
package/dist/transparency/log.js.map +1 -0
package/dist/transparency/merkle.d.ts +59 -0
package/dist/transparency/merkle.d.ts.map +1 -0
package/dist/transparency/merkle.js +314 -0
package/dist/transparency/merkle.js.map +1 -0
package/dist/transparency/sign.d.ts +48 -0
package/dist/transparency/sign.d.ts.map +1 -0
package/dist/transparency/sign.js +140 -0
package/dist/transparency/sign.js.map +1 -0
package/dist/transparency/types.d.ts +97 -0
package/dist/transparency/types.d.ts.map +1 -0
package/dist/transparency/types.js +25 -0
package/dist/transparency/types.js.map +1 -0
package/dist/transport/h2.d.ts +163 -0
package/dist/transport/h2.d.ts.map +1 -0
package/dist/transport/h2.js +397 -0
package/dist/transport/h2.js.map +1 -0
package/dist/transport/index.d.ts +15 -0
package/dist/transport/index.d.ts.map +1 -0
package/dist/transport/index.js +15 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/memory.d.ts +21 -0
package/dist/transport/memory.d.ts.map +1 -0
package/dist/transport/memory.js +112 -0
package/dist/transport/memory.js.map +1 -0
package/dist/transport/transport.d.ts +54 -0
package/dist/transport/transport.d.ts.map +1 -0
package/dist/transport/transport.js +20 -0
package/dist/transport/transport.js.map +1 -0
package/dist/transport/ws.d.ts +40 -0
package/dist/transport/ws.d.ts.map +1 -0
package/dist/transport/ws.js +204 -0
package/dist/transport/ws.js.map +1 -0
package/package.json +147 -0

package/dist/handshake/server.d.ts ADDED Viewed

@@ -0,0 +1,112 @@
+/**
+ * Handshake server driver per HANDSHAKE.md §2.
+ *
+ * Mirror of {@link "./driver".runClient}: drives one transport
+ * through the v1 handshake from the server side, producing a
+ * Session on success.
+ *
+ * Flow:
+ *
+ *   1. Receive INIT. Pull capabilities, transport identifier,
+ *      client ephemeral key, client nonce.
+ *   2. Negotiate the encryption algorithm (server picks the
+ *      strongest mutually supported suite per HANDSHAKE.md §3).
+ *   3. Generate a server ephemeral X25519 keypair and a 32-byte
+ *      server nonce. Pick a session_id (ULID by convention).
+ *   4. Derive the five SEMP session keys + K_resumption via
+ *      HKDF-SHA-512 over the X25519 shared secret with salt
+ *      `client_nonce || server_nonce`.
+ *   5. Build and send a signed RESPONSE.
+ *   6. Receive CONFIRM. Verify the confirmation hash matches
+ *      SHA-256(canonical(INIT) || canonical(RESPONSE)).
+ *   7. (Optional) Verify the identity proof via a caller-supplied
+ *      hook. v1 driver: if no hook is supplied, skip; otherwise
+ *      reject on hook rejection.
+ *   8. Build and send a signed ACCEPTED with permissions, TTL,
+ *      and an optional resumption ticket.
+ *
+ * Errors close the transport so the peer's pending receive
+ * unblocks.
+ *
+ * @module
+ */
+import { type SessionKeys } from "../crypto/index.js";
+import { Session } from "../session/index.js";
+import type { Transport } from "../transport/index.js";
+import { type ResumptionTicket } from "./messages.js";
+/** Result the identity-proof hook returns. */
+export interface IdentityProofVerdict {
+    /** True if the proof is acceptable. */
+    ok: boolean;
+    /**
+     * On `ok=false`, the reason_code surfaced in the REJECTED
+     * message (default: "auth_failed").
+     */
+    reasonCode?: string;
+    /** On `ok=false`, the optional human-readable reason. */
+    reason?: string;
+}
+/** Configuration for the server side of a handshake. */
+export interface ServerConfig {
+    /** 32-byte Ed25519 secret seed for the server's domain signing key. */
+    serverDomainSigningSeed: Uint8Array;
+    /** The server's domain, surfaced in `server_identity_proof.domain`. */
+    domain: string;
+    /**
+     * Suites this server accepts, in preference order. The server
+     * picks the first one that's also in the client's offered set.
+     */
+    supportedSuites: ReadonlyArray<"x25519-chacha20-poly1305">;
+    /**
+     * Per-session identity-proof signature. The driver embeds this
+     * into RESPONSE.server_identity_proof. Production servers compute
+     * it per HANDSHAKE.md §2.3 over the agreed handshake parameters;
+     * v1 driver accepts a caller-supplied callback so the higher
+     * layer keeps the per-session signing key out of this module.
+     */
+    identityProofSignature: (input: {
+        serverEphemeralKey: {
+            algorithm: string;
+            key: string;
+            key_id: string;
+        };
+        clientNonce: string;
+        serverNonce: string;
+    }) => string;
+    /**
+     * Optional verifier for the client's identity proof carried in
+     * CONFIRM. If omitted, the v1 driver accepts any non-empty
+     * proof (and an empty proof, since the v1 client driver leaves
+     * it empty).
+     */
+    verifyIdentityProof?: (input: {
+        identityProofB64: string;
+        sessionKeys: SessionKeys;
+    }) => IdentityProofVerdict;
+    /**
+     * Permissions to grant on ACCEPTED. v1 driver does no
+     * authorization; the caller decides.
+     */
+    permissions: ReadonlyArray<string>;
+    /** Session TTL in seconds. */
+    sessionTTL: number;
+    /** Optional resumption ticket builder; called once after CONFIRM. */
+    resumptionTicket?: (sessionKeys: SessionKeys) => ResumptionTicket;
+    /** Generator for session_id (ULID-shaped string). Required. */
+    generateSessionId: () => string;
+    /** Optional bytes for the server ephemeral private key (tests). */
+    serverEphemeralPriv?: Uint8Array;
+    /** Optional 32-byte server nonce (tests). */
+    serverNonce?: Uint8Array;
+    /** Optional extensions echoed back on ACCEPTED. */
+    acceptedExtensions?: Record<string, unknown>;
+}
+/**
+ * Drive a handshake from the server side over `transport`. Resolves
+ * with a Session (role="server") that owns the transport on
+ * success. On rejection (suite mismatch, identity proof failure,
+ * confirmation hash mismatch) sends a signed REJECTED then closes
+ * the transport.
+ */
+export declare function runServer(transport: Transport, config: ServerConfig): Promise<Session>;
+//# sourceMappingURL=server.d.ts.map

package/dist/handshake/server.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/handshake/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAGH,OAAO,EACL,KAAK,WAAW,EAKjB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAGvD,OAAO,EAKL,KAAK,gBAAgB,EAKtB,MAAM,eAAe,CAAC;AAEvB,8CAA8C;AAC9C,MAAM,WAAW,oBAAoB;IACnC,uCAAuC;IACvC,EAAE,EAAE,OAAO,CAAC;IACZ;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wDAAwD;AACxD,MAAM,WAAW,YAAY;IAC3B,uEAAuE;IACvE,uBAAuB,EAAE,UAAU,CAAC;IACpC,uEAAuE;IACvE,MAAM,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,eAAe,EAAE,aAAa,CAAC,0BAA0B,CAAC,CAAC;IAC3D;;;;;;OAMG;IACH,sBAAsB,EAAE,CAAC,KAAK,EAAE;QAC9B,kBAAkB,EAAE;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,GAAG,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC;QACvE,WAAW,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC;KACrB,KAAK,MAAM,CAAC;IACb;;;;;OAKG;IACH,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE;QAC5B,gBAAgB,EAAE,MAAM,CAAC;QACzB,WAAW,EAAE,WAAW,CAAC;KAC1B,KAAK,oBAAoB,CAAC;IAC3B;;;OAGG;IACH,WAAW,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACnC,8BAA8B;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,qEAAqE;IACrE,gBAAgB,CAAC,EAAE,CAAC,WAAW,EAAE,WAAW,KAAK,gBAAgB,CAAC;IAClE,+DAA+D;IAC/D,iBAAiB,EAAE,MAAM,MAAM,CAAC;IAChC,mEAAmE;IACnE,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,6CAA6C;IAC7C,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,mDAAmD;IACnD,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9C;AAED;;;;;;GAMG;AACH,wBAAsB,SAAS,CAC7B,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,YAAY,GACnB,OAAO,CAAC,OAAO,CAAC,CAWlB"}

package/dist/handshake/server.js ADDED Viewed

@@ -0,0 +1,247 @@
+/**
+ * Handshake server driver per HANDSHAKE.md §2.
+ *
+ * Mirror of {@link "./driver".runClient}: drives one transport
+ * through the v1 handshake from the server side, producing a
+ * Session on success.
+ *
+ * Flow:
+ *
+ *   1. Receive INIT. Pull capabilities, transport identifier,
+ *      client ephemeral key, client nonce.
+ *   2. Negotiate the encryption algorithm (server picks the
+ *      strongest mutually supported suite per HANDSHAKE.md §3).
+ *   3. Generate a server ephemeral X25519 keypair and a 32-byte
+ *      server nonce. Pick a session_id (ULID by convention).
+ *   4. Derive the five SEMP session keys + K_resumption via
+ *      HKDF-SHA-512 over the X25519 shared secret with salt
+ *      `client_nonce || server_nonce`.
+ *   5. Build and send a signed RESPONSE.
+ *   6. Receive CONFIRM. Verify the confirmation hash matches
+ *      SHA-256(canonical(INIT) || canonical(RESPONSE)).
+ *   7. (Optional) Verify the identity proof via a caller-supplied
+ *      hook. v1 driver: if no hook is supplied, skip; otherwise
+ *      reject on hook rejection.
+ *   8. Build and send a signed ACCEPTED with permissions, TTL,
+ *      and an optional resumption ticket.
+ *
+ * Errors close the transport so the peer's pending receive
+ * unblocks.
+ *
+ * @module
+ */
+import { marshal as canonicalMarshal } from "../canonical/index.js";
+import { deriveSessionKeysWithResumption, newHKDFSHA512, x25519Agree, x25519PublicKey, } from "../crypto/index.js";
+import { fingerprint, publicKeyFromSeed } from "../keys/index.js";
+import { Session } from "../session/index.js";
+import { confirmationHash } from "./confirm.js";
+import { buildAccepted, buildRejected, buildResponse, } from "./messages.js";
+/**
+ * Drive a handshake from the server side over `transport`. Resolves
+ * with a Session (role="server") that owns the transport on
+ * success. On rejection (suite mismatch, identity proof failure,
+ * confirmation hash mismatch) sends a signed REJECTED then closes
+ * the transport.
+ */
+export async function runServer(transport, config) {
+    try {
+        return await runServerInner(transport, config);
+    }
+    catch (err) {
+        try {
+            await transport.close();
+        }
+        catch {
+            // already closed
+        }
+        throw err;
+    }
+}
+async function runServerInner(transport, config) {
+    // Step 1: receive INIT.
+    const initBytes = await receiveOrThrow(transport, "init");
+    const initMsg = parseHandshakeMessage(initBytes);
+    if (initMsg.step !== "init") {
+        throw new Error(`handshake: expected step="init", got "${initMsg.step}"`);
+    }
+    const init = JSON.parse(new TextDecoder().decode(initBytes));
+    // Step 2: negotiate.
+    const negotiated = pickSuite(init.capabilities.encryption_algorithms, config.supportedSuites);
+    const sessionId = config.generateSessionId();
+    if (negotiated === undefined) {
+        await sendRejected(transport, sessionId, "version_unsupported", config.serverDomainSigningSeed);
+        throw new Error("handshake: no mutually supported suite");
+    }
+    // Step 3: ephemeral + nonce + session_id.
+    const serverEphPriv = config.serverEphemeralPriv ?? randomBytes(32);
+    const serverEphPub = x25519PublicKey(serverEphPriv);
+    const serverEphKeyId = fingerprint(serverEphPub);
+    const serverNonce = config.serverNonce ?? randomBytes(32);
+    // Step 4: derive session keys.
+    const clientEphPub = base64Decode(init.client_ephemeral_key.key);
+    const clientNonce = base64Decode(init.nonce);
+    const sharedSecret = x25519Agree(serverEphPriv, clientEphPub);
+    const kdf = newHKDFSHA512();
+    const keys = deriveSessionKeysWithResumption(kdf, sharedSecret, clientNonce, serverNonce);
+    // Step 5: signed RESPONSE.
+    const serverIdentityProof = {
+        domain: config.domain,
+        key_id: fingerprint(publicKeyFromSeed(config.serverDomainSigningSeed)),
+        signature: config.identityProofSignature({
+            serverEphemeralKey: {
+                algorithm: negotiated,
+                key: base64Encode(serverEphPub),
+                key_id: serverEphKeyId,
+            },
+            clientNonce: init.nonce,
+            serverNonce: base64Encode(serverNonce),
+        }),
+    };
+    const resp = buildResponse({
+        sessionId,
+        clientNonce: init.nonce,
+        serverNonce: base64Encode(serverNonce),
+        serverEphemeralKey: {
+            algorithm: negotiated,
+            key: base64Encode(serverEphPub),
+            key_id: serverEphKeyId,
+        },
+        serverIdentityProof,
+        negotiated: {
+            encryption_algorithm: negotiated,
+            extensions: [],
+        },
+        serverDomainSigningSeed: config.serverDomainSigningSeed,
+    });
+    await transport.send(canonicalMarshal(resp));
+    // Step 6: CONFIRM.
+    const confirmBytes = await receiveOrThrow(transport, "confirm");
+    const confirmMsg = parseHandshakeMessage(confirmBytes);
+    if (confirmMsg.step !== "confirm") {
+        throw new Error(`handshake: expected step="confirm", got "${confirmMsg.step}"`);
+    }
+    const confirm = JSON.parse(new TextDecoder().decode(confirmBytes));
+    // Verify confirmation_hash.
+    const wantHash = confirmationHash(initBytes, canonicalMarshal(resp));
+    const gotHash = base64Decode(confirm.confirmation_hash);
+    if (!constantTimeEqual(gotHash, wantHash)) {
+        await sendRejected(transport, sessionId, "handshake_invalid", config.serverDomainSigningSeed);
+        throw new Error("handshake: confirmation hash mismatch");
+    }
+    // Step 7: optional identity proof verification.
+    if (config.verifyIdentityProof !== undefined) {
+        const verdict = config.verifyIdentityProof({
+            identityProofB64: confirm.identity_proof,
+            sessionKeys: keys,
+        });
+        if (!verdict.ok) {
+            await sendRejected(transport, sessionId, verdict.reasonCode ?? "auth_failed", config.serverDomainSigningSeed, verdict.reason);
+            throw new Error(`handshake: identity proof rejected (${verdict.reasonCode ?? "auth_failed"})`);
+        }
+    }
+    // Step 8: signed ACCEPTED.
+    const ticket = config.resumptionTicket?.(keys);
+    const accepted = buildAccepted({
+        sessionId,
+        sessionTTL: config.sessionTTL,
+        permissions: [...config.permissions],
+        serverDomainSigningSeed: config.serverDomainSigningSeed,
+        ...(ticket !== undefined ? { resumptionTicket: ticket } : {}),
+        ...(config.acceptedExtensions !== undefined
+            ? { extensions: config.acceptedExtensions }
+            : {}),
+    });
+    await transport.send(canonicalMarshal(accepted));
+    return new Session({
+        role: "server",
+        sessionId,
+        sessionTTL: config.sessionTTL,
+        establishedAt: new Date(),
+        permissions: [...config.permissions],
+        keys,
+        transport,
+        ...(ticket !== undefined ? { resumptionTicket: ticket } : {}),
+        serverIdentityProofKeyId: serverIdentityProof.key_id,
+        serverIdentityProofSignature: serverIdentityProof.signature,
+        extensions: config.acceptedExtensions ?? {},
+    });
+}
+// ---------------------------------------------------------------------------
+// Internals
+function pickSuite(clientOffers, serverSupports) {
+    for (const s of serverSupports) {
+        if (clientOffers.includes(s)) {
+            return s;
+        }
+    }
+    return undefined;
+}
+async function sendRejected(transport, sessionId, reasonCode, serverDomainSigningSeed, reason) {
+    const r = buildRejected({
+        sessionId,
+        reasonCode,
+        serverDomainSigningSeed,
+        ...(reason !== undefined ? { reason } : {}),
+    });
+    try {
+        await transport.send(canonicalMarshal(r));
+    }
+    catch {
+        // peer may have already disconnected; ignore.
+    }
+}
+async function receiveOrThrow(transport, expected) {
+    const msg = await transport.receive();
+    if (msg === null) {
+        throw new Error(`handshake: connection closed waiting for ${expected}`);
+    }
+    return msg;
+}
+function parseHandshakeMessage(bytes) {
+    const text = new TextDecoder().decode(bytes);
+    const obj = JSON.parse(text);
+    if (obj.type !== "SEMP_HANDSHAKE") {
+        throw new Error(`handshake: expected type=SEMP_HANDSHAKE, got "${obj.type ?? "?"}"`);
+    }
+    if (typeof obj.step !== "string") {
+        throw new Error("handshake: missing step field");
+    }
+    return obj;
+}
+function constantTimeEqual(a, b) {
+    if (a.length !== b.length) {
+        return false;
+    }
+    let diff = 0;
+    for (let i = 0; i < a.length; i++) {
+        diff |= (a[i] ?? 0) ^ (b[i] ?? 0);
+    }
+    return diff === 0;
+}
+function randomBytes(n) {
+    const out = new Uint8Array(n);
+    globalThis.crypto.getRandomValues(out);
+    return out;
+}
+function base64Encode(b) {
+    if (typeof Buffer !== "undefined") {
+        return Buffer.from(b).toString("base64");
+    }
+    let bin = "";
+    for (let i = 0; i < b.length; i++) {
+        bin += String.fromCharCode(b[i] ?? 0);
+    }
+    return btoa(bin);
+}
+function base64Decode(s) {
+    if (typeof Buffer !== "undefined") {
+        return new Uint8Array(Buffer.from(s, "base64"));
+    }
+    const bin = atob(s);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++) {
+        out[i] = bin.charCodeAt(i);
+    }
+    return out;
+}
+//# sourceMappingURL=server.js.map

package/dist/handshake/server.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/handshake/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,EAEL,+BAA+B,EAC/B,aAAa,EACb,WAAW,EACX,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAG9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAOL,aAAa,EACb,aAAa,EACb,aAAa,GACd,MAAM,eAAe,CAAC;AAmEvB;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,SAAoB,EACpB,MAAoB;IAEpB,IAAI,CAAC;QACH,OAAO,MAAM,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,SAAoB,EACpB,MAAoB;IAEpB,wBAAwB;IACxB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,yCAAyC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAgB,CAAC;IAE5E,qBAAqB;IACrB,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IAC9F,MAAM,SAAS,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAC7C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,YAAY,CAAC,SAAS,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,CAAC,uBAAuB,CAAC,CAAC;QAChG,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,CAAC;IAED,0CAA0C;IAC1C,MAAM,aAAa,GAAG,MAAM,CAAC,mBAAmB,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,eAAe,CAAC,aAAa,CAAC,CAAC;IACpD,MAAM,cAAc,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAE1D,+BAA+B;IAC/B,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACjE,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,YAAY,GAAG,WAAW,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAC9D,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,+BAA+B,CAC1C,GAAG,EACH,YAAY,EACZ,WAAW,EACX,WAAW,CACZ,CAAC;IAEF,2BAA2B;IAC3B,MAAM,mBAAmB,GAAwB;QAC/C,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,MAAM,EAAE,WAAW,CAAC,iBAAiB,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC;QACtE,SAAS,EAAE,MAAM,CAAC,sBAAsB,CAAC;YACvC,kBAAkB,EAAE;gBAClB,SAAS,EAAE,UAAU;gBACrB,GAAG,EAAE,YAAY,CAAC,YAAY,CAAC;gBAC/B,MAAM,EAAE,cAAc;aACvB;YACD,WAAW,EAAE,IAAI,CAAC,KAAK;YACvB,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC;SACvC,CAAC;KACH,CAAC;IACF,MAAM,IAAI,GAAoB,aAAa,CAAC;QAC1C,SAAS;QACT,WAAW,EAAE,IAAI,CAAC,KAAK;QACvB,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC;QACtC,kBAAkB,EAAE;YAClB,SAAS,EAAE,UAAU;YACrB,GAAG,EAAE,YAAY,CAAC,YAAY,CAAC;YAC/B,MAAM,EAAE,cAAc;SACvB;QACD,mBAAmB;QACnB,UAAU,EAAE;YACV,oBAAoB,EAAE,UAAU;YAChC,UAAU,EAAE,EAAE;SACf;QACD,uBAAuB,EAAE,MAAM,CAAC,uBAAuB;KACxD,CAAC,CAAC;IACH,MAAM,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;IAE7C,mBAAmB;IACnB,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;IACvD,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,4CAA4C,UAAU,CAAC,IAAI,GAAG,CAAC,CAAC;IAClF,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAmB,CAAC;IAErF,4BAA4B;IAC5B,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACxD,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC1C,MAAM,YAAY,CAAC,SAAS,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,CAAC,uBAAuB,CAAC,CAAC;QAC9F,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IAED,gDAAgD;IAChD,IAAI,MAAM,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,CAAC,mBAAmB,CAAC;YACzC,gBAAgB,EAAE,OAAO,CAAC,cAAc;YACxC,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,YAAY,CAChB,SAAS,EACT,SAAS,EACT,OAAO,CAAC,UAAU,IAAI,aAAa,EACnC,MAAM,CAAC,uBAAuB,EAC9B,OAAO,CAAC,MAAM,CACf,CAAC;YACF,MAAM,IAAI,KAAK,CACb,uCAAuC,OAAO,CAAC,UAAU,IAAI,aAAa,GAAG,CAC9E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,MAAM,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAoB,aAAa,CAAC;QAC9C,SAAS;QACT,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,WAAW,EAAE,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC;QACpC,uBAAuB,EAAE,MAAM,CAAC,uBAAuB;QACvD,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,GAAG,CAAC,MAAM,CAAC,kBAAkB,KAAK,SAAS;YACzC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,kBAAkB,EAAE;YAC3C,CAAC,CAAC,EAAE,CAAC;KACR,CAAC,CAAC;IACH,MAAM,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEjD,OAAO,IAAI,OAAO,CAAC;QACjB,IAAI,EAAE,QAAQ;QACd,SAAS;QACT,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,aAAa,EAAE,IAAI,IAAI,EAAE;QACzB,WAAW,EAAE,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC;QACpC,IAAI;QACJ,SAAS;QACT,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,wBAAwB,EAAE,mBAAmB,CAAC,MAAM;QACpD,4BAA4B,EAAE,mBAAmB,CAAC,SAAS;QAC3D,UAAU,EAAE,MAAM,CAAC,kBAAkB,IAAI,EAAE;KAC5C,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,YAAY;AAEZ,SAAS,SAAS,CAChB,YAAsB,EACtB,cAAyD;IAEzD,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;QAC/B,IAAI,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,SAAoB,EACpB,SAAiB,EACjB,UAAkB,EAClB,uBAAmC,EACnC,MAAe;IAEf,MAAM,CAAC,GAAG,aAAa,CAAC;QACtB,SAAS;QACT,UAAU;QACV,uBAAuB;QACvB,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5C,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;IAChD,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,SAAoB,EAAE,QAAgB;IAClE,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;IACtC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,4CAA4C,QAAQ,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAiB;IAC9C,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAqC,CAAC;IACjE,IAAI,GAAG,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,iDAAiD,GAAG,CAAC,IAAI,IAAI,GAAG,GAAG,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,GAAuB,CAAC;AACjC,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAa,EAAE,CAAa;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACvC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,CAAa;IACjC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/handshake/server_state.d.ts ADDED Viewed

@@ -0,0 +1,102 @@
+/**
+ * Stateful handshake server per HANDSHAKE.md §2.
+ *
+ * Mirror of `semp-go/handshake.Server`: a state machine the caller
+ * drives over a transport. The class never performs network I/O
+ * directly — the caller moves bytes between this object and the
+ * underlying transport.
+ *
+ * Lifecycle:
+ *
+ * ```ts
+ * const s = new HandshakeServer({ ... });
+ * const initBytes = await transport.receive();
+ * const respBytes = s.onInit(initBytes);
+ * await transport.send(respBytes);
+ *
+ * const confirmBytes = await transport.receive();
+ * const acceptedBytes = s.onConfirm(confirmBytes);
+ * await transport.send(acceptedBytes);
+ *
+ * // s.session() now usable
+ * ```
+ *
+ * The high-level {@link "./server".runServer} wraps this state
+ * machine with the transport plumbing for callers who don't want
+ * to manage step ordering manually.
+ *
+ * @module
+ */
+import { type SessionKeys } from "../crypto/index.js";
+import { type ResumptionTicket } from "./messages.js";
+import type { IdentityProofVerdict, ServerConfig } from "./server.js";
+/**
+ * Configuration for a {@link HandshakeServer}. Same fields as
+ * {@link "./server".ServerConfig}; surfaced as a separate type so
+ * the stateful class lifecycle is independent of the high-level
+ * `runServer` orchestrator.
+ */
+export type HandshakeServerConfig = ServerConfig;
+/** Outcome of a successful server-side handshake. */
+export interface HandshakeServerSession {
+    sessionId: string;
+    sessionTTL: number;
+    permissions: string[];
+    keys: SessionKeys;
+    serverIdentityProofKeyId: string;
+    serverIdentityProofSignature: string;
+    extensions: Record<string, unknown>;
+    resumptionTicket?: ResumptionTicket;
+}
+/**
+ * Error thrown when a built-in policy check rejects the peer
+ * (suite mismatch, confirmation-hash mismatch, identity-proof
+ * verdict). The associated `step="rejected"` bytes have already
+ * been written to {@link HandshakeServer.lastRejectedBytes} so the
+ * caller can transmit them before closing the transport.
+ */
+export declare class HandshakeServerRejectionError extends Error {
+    readonly reasonCode: string;
+    readonly reason: string | undefined;
+    readonly rejectedBytes: Uint8Array;
+    readonly name = "HandshakeServerRejectionError";
+    constructor(reasonCode: string, reason: string | undefined, rejectedBytes: Uint8Array);
+}
+/**
+ * Stateful handshake server. One instance handles exactly one
+ * handshake — discard after success or error. Re-using an instance
+ * is a programming error (the state machine is single-shot).
+ */
+export declare class HandshakeServer {
+    private readonly cfg;
+    private sessionId;
+    private serverEphPriv;
+    private serverNonce;
+    private initCanonical;
+    private respCanonical;
+    private sessionKeys;
+    private serverIdProof;
+    private finalSession;
+    constructor(cfg: HandshakeServerConfig);
+    /**
+     * Process the client's INIT and produce signed RESPONSE bytes per
+     * §2.2 / §2.3. Throws {@link HandshakeServerRejectionError} on
+     * suite mismatch — the rejection bytes are accessible on the
+     * thrown error for the caller to transmit before closing the
+     * transport.
+     */
+    onInit(data: Uint8Array): Uint8Array;
+    /**
+     * Process the client's CONFIRM and produce signed ACCEPTED bytes
+     * per §2.4 / §2.5. Throws {@link HandshakeServerRejectionError}
+     * on confirmation-hash mismatch or identity-proof verdict
+     * failure.
+     */
+    onConfirm(data: Uint8Array): Uint8Array;
+    /** Final session, populated by {@link onConfirm}. */
+    session(): HandshakeServerSession;
+    /** Wipe in-memory secret state. Idempotent. */
+    erase(): void;
+}
+export type { IdentityProofVerdict };
+//# sourceMappingURL=server_state.d.ts.map

package/dist/handshake/server_state.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"server_state.d.ts","sourceRoot":"","sources":["../../src/handshake/server_state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAGH,OAAO,EACL,KAAK,WAAW,EAKjB,MAAM,oBAAoB,CAAC;AAI5B,OAAO,EAKL,KAAK,gBAAgB,EAKtB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEtE;;;;;GAKG;AACH,MAAM,MAAM,qBAAqB,GAAG,YAAY,CAAC;AAEjD,qDAAqD;AACrD,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,IAAI,EAAE,WAAW,CAAC;IAClB,wBAAwB,EAAE,MAAM,CAAC;IACjC,4BAA4B,EAAE,MAAM,CAAC;IACrC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC;AAED;;;;;;GAMG;AACH,qBAAa,6BAA8B,SAAQ,KAAK;aAGpC,UAAU,EAAE,MAAM;aAClB,MAAM,EAAE,MAAM,GAAG,SAAS;aAC1B,aAAa,EAAE,UAAU;IAJ3C,SAAkB,IAAI,mCAAmC;gBAEvC,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,aAAa,EAAE,UAAU;CAM5C;AAED;;;;GAIG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAwB;IAE5C,OAAO,CAAC,SAAS,CAAM;IACvB,OAAO,CAAC,aAAa,CAA2B;IAChD,OAAO,CAAC,WAAW,CAA2B;IAC9C,OAAO,CAAC,aAAa,CAA2B;IAChD,OAAO,CAAC,aAAa,CAA2B;IAChD,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,aAAa,CAAoC;IACzD,OAAO,CAAC,YAAY,CAAuC;gBAE/C,GAAG,EAAE,qBAAqB;IAatC;;;;;;OAMG;IACH,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU;IAkFpC;;;;;OAKG;IACH,SAAS,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU;IA+EvC,qDAAqD;IACrD,OAAO,IAAI,sBAAsB;IASjC,+CAA+C;IAC/C,KAAK,IAAI,IAAI;CAOd;AAsED,YAAY,EAAE,oBAAoB,EAAE,CAAC"}