npm - @sempdev/semp - Versions diffs - 0.4.3 - Mend

@sempdev/semp 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/LICENSE +21 -0
package/README.md +59 -0
package/dist/brief/address.d.ts +77 -0
package/dist/brief/address.d.ts.map +1 -0
package/dist/brief/address.js +217 -0
package/dist/brief/address.js.map +1 -0
package/dist/brief/brief.d.ts +75 -0
package/dist/brief/brief.d.ts.map +1 -0
package/dist/brief/brief.js +56 -0
package/dist/brief/brief.js.map +1 -0
package/dist/brief/index.d.ts +11 -0
package/dist/brief/index.d.ts.map +1 -0
package/dist/brief/index.js +11 -0
package/dist/brief/index.js.map +1 -0
package/dist/canonical/index.d.ts +8 -0
package/dist/canonical/index.d.ts.map +1 -0
package/dist/canonical/index.js +8 -0
package/dist/canonical/index.js.map +1 -0
package/dist/canonical/marshal.d.ts +35 -0
package/dist/canonical/marshal.d.ts.map +1 -0
package/dist/canonical/marshal.js +107 -0
package/dist/canonical/marshal.js.map +1 -0
package/dist/clockskew/index.d.ts +52 -0
package/dist/clockskew/index.d.ts.map +1 -0
package/dist/clockskew/index.js +62 -0
package/dist/clockskew/index.js.map +1 -0
package/dist/closure/closure.d.ts +106 -0
package/dist/closure/closure.d.ts.map +1 -0
package/dist/closure/closure.js +152 -0
package/dist/closure/closure.js.map +1 -0
package/dist/closure/driver.d.ts +103 -0
package/dist/closure/driver.d.ts.map +1 -0
package/dist/closure/driver.js +126 -0
package/dist/closure/driver.js.map +1 -0
package/dist/closure/index.d.ts +13 -0
package/dist/closure/index.d.ts.map +1 -0
package/dist/closure/index.js +13 -0
package/dist/closure/index.js.map +1 -0
package/dist/closure/store.d.ts +80 -0
package/dist/closure/store.d.ts.map +1 -0
package/dist/closure/store.js +89 -0
package/dist/closure/store.js.map +1 -0
package/dist/crypto/aead.d.ts +29 -0
package/dist/crypto/aead.d.ts.map +1 -0
package/dist/crypto/aead.js +48 -0
package/dist/crypto/aead.js.map +1 -0
package/dist/crypto/argon2.d.ts +20 -0
package/dist/crypto/argon2.d.ts.map +1 -0
package/dist/crypto/argon2.js +28 -0
package/dist/crypto/argon2.js.map +1 -0
package/dist/crypto/index.d.ts +14 -0
package/dist/crypto/index.d.ts.map +1 -0
package/dist/crypto/index.js +14 -0
package/dist/crypto/index.js.map +1 -0
package/dist/crypto/kdf.d.ts +96 -0
package/dist/crypto/kdf.d.ts.map +1 -0
package/dist/crypto/kdf.js +122 -0
package/dist/crypto/kdf.js.map +1 -0
package/dist/crypto/kem.d.ts +85 -0
package/dist/crypto/kem.d.ts.map +1 -0
package/dist/crypto/kem.js +130 -0
package/dist/crypto/kem.js.map +1 -0
package/dist/crypto/mac.d.ts +19 -0
package/dist/crypto/mac.d.ts.map +1 -0
package/dist/crypto/mac.js +32 -0
package/dist/crypto/mac.js.map +1 -0
package/dist/delivery/ack.d.ts +125 -0
package/dist/delivery/ack.d.ts.map +1 -0
package/dist/delivery/ack.js +141 -0
package/dist/delivery/ack.js.map +1 -0
package/dist/delivery/blocklist.d.ts +87 -0
package/dist/delivery/blocklist.d.ts.map +1 -0
package/dist/delivery/blocklist.js +107 -0
package/dist/delivery/blocklist.js.map +1 -0
package/dist/delivery/cancel.d.ts +60 -0
package/dist/delivery/cancel.d.ts.map +1 -0
package/dist/delivery/cancel.js +43 -0
package/dist/delivery/cancel.js.map +1 -0
package/dist/delivery/disposition.d.ts +106 -0
package/dist/delivery/disposition.d.ts.map +1 -0
package/dist/delivery/disposition.js +105 -0
package/dist/delivery/disposition.js.map +1 -0
package/dist/delivery/fetch.d.ts +59 -0
package/dist/delivery/fetch.d.ts.map +1 -0
package/dist/delivery/fetch.js +47 -0
package/dist/delivery/fetch.js.map +1 -0
package/dist/delivery/forwarder.d.ts +106 -0
package/dist/delivery/forwarder.d.ts.map +1 -0
package/dist/delivery/forwarder.js +251 -0
package/dist/delivery/forwarder.js.map +1 -0
package/dist/delivery/inbox.d.ts +42 -0
package/dist/delivery/inbox.d.ts.map +1 -0
package/dist/delivery/inbox.js +68 -0
package/dist/delivery/inbox.js.map +1 -0
package/dist/delivery/index.d.ts +31 -0
package/dist/delivery/index.d.ts.map +1 -0
package/dist/delivery/index.js +31 -0
package/dist/delivery/index.js.map +1 -0
package/dist/delivery/internalroute.d.ts +50 -0
package/dist/delivery/internalroute.d.ts.map +1 -0
package/dist/delivery/internalroute.js +23 -0
package/dist/delivery/internalroute.js.map +1 -0
package/dist/delivery/pipeline.d.ts +153 -0
package/dist/delivery/pipeline.d.ts.map +1 -0
package/dist/delivery/pipeline.js +356 -0
package/dist/delivery/pipeline.js.map +1 -0
package/dist/delivery/policy_state.d.ts +105 -0
package/dist/delivery/policy_state.d.ts.map +1 -0
package/dist/delivery/policy_state.js +293 -0
package/dist/delivery/policy_state.js.map +1 -0
package/dist/delivery/queue.d.ts +47 -0
package/dist/delivery/queue.d.ts.map +1 -0
package/dist/delivery/queue.js +33 -0
package/dist/delivery/queue.js.map +1 -0
package/dist/delivery/receipt.d.ts +137 -0
package/dist/delivery/receipt.d.ts.map +1 -0
package/dist/delivery/receipt.js +181 -0
package/dist/delivery/receipt.js.map +1 -0
package/dist/delivery/receipt_store.d.ts +81 -0
package/dist/delivery/receipt_store.d.ts.map +1 -0
package/dist/delivery/receipt_store.js +74 -0
package/dist/delivery/receipt_store.js.map +1 -0
package/dist/delivery/retry.d.ts +78 -0
package/dist/delivery/retry.d.ts.map +1 -0
package/dist/delivery/retry.js +132 -0
package/dist/delivery/retry.js.map +1 -0
package/dist/delivery/scheduler.d.ts +156 -0
package/dist/delivery/scheduler.d.ts.map +1 -0
package/dist/delivery/scheduler.js +349 -0
package/dist/delivery/scheduler.js.map +1 -0
package/dist/delivery/stage_partition.d.ts +87 -0
package/dist/delivery/stage_partition.d.ts.map +1 -0
package/dist/delivery/stage_partition.js +122 -0
package/dist/delivery/stage_partition.js.map +1 -0
package/dist/delivery/staged_runner.d.ts +100 -0
package/dist/delivery/staged_runner.d.ts.map +1 -0
package/dist/delivery/staged_runner.js +277 -0
package/dist/delivery/staged_runner.js.map +1 -0
package/dist/delivery/submission.d.ts +72 -0
package/dist/delivery/submission.d.ts.map +1 -0
package/dist/delivery/submission.js +58 -0
package/dist/delivery/submission.js.map +1 -0
package/dist/delivery/sync.d.ts +68 -0
package/dist/delivery/sync.d.ts.map +1 -0
package/dist/delivery/sync.js +99 -0
package/dist/delivery/sync.js.map +1 -0
package/dist/delivery/user_policy.d.ts +74 -0
package/dist/delivery/user_policy.d.ts.map +1 -0
package/dist/delivery/user_policy.js +140 -0
package/dist/delivery/user_policy.js.map +1 -0
package/dist/discovery/cache.d.ts +37 -0
package/dist/discovery/cache.d.ts.map +1 -0
package/dist/discovery/cache.js +45 -0
package/dist/discovery/cache.js.map +1 -0
package/dist/discovery/configuration.d.ts +97 -0
package/dist/discovery/configuration.d.ts.map +1 -0
package/dist/discovery/configuration.js +146 -0
package/dist/discovery/configuration.js.map +1 -0
package/dist/discovery/dns.d.ts +56 -0
package/dist/discovery/dns.d.ts.map +1 -0
package/dist/discovery/dns.js +120 -0
package/dist/discovery/dns.js.map +1 -0
package/dist/discovery/domain_keys.d.ts +62 -0
package/dist/discovery/domain_keys.d.ts.map +1 -0
package/dist/discovery/domain_keys.js +89 -0
package/dist/discovery/domain_keys.js.map +1 -0
package/dist/discovery/index.d.ts +19 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +19 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/lookup.d.ts +72 -0
package/dist/discovery/lookup.d.ts.map +1 -0
package/dist/discovery/lookup.js +121 -0
package/dist/discovery/lookup.js.map +1 -0
package/dist/discovery/onion.d.ts +34 -0
package/dist/discovery/onion.d.ts.map +1 -0
package/dist/discovery/onion.js +61 -0
package/dist/discovery/onion.js.map +1 -0
package/dist/discovery/partition.d.ts +96 -0
package/dist/discovery/partition.d.ts.map +1 -0
package/dist/discovery/partition.js +247 -0
package/dist/discovery/partition.js.map +1 -0
package/dist/discovery/resolver.d.ts +113 -0
package/dist/discovery/resolver.d.ts.map +1 -0
package/dist/discovery/resolver.js +176 -0
package/dist/discovery/resolver.js.map +1 -0
package/dist/discovery/txt.d.ts +39 -0
package/dist/discovery/txt.d.ts.map +1 -0
package/dist/discovery/txt.js +71 -0
package/dist/discovery/txt.js.map +1 -0
package/dist/enclosure/forwarding.d.ts +128 -0
package/dist/enclosure/forwarding.d.ts.map +1 -0
package/dist/enclosure/forwarding.js +119 -0
package/dist/enclosure/forwarding.js.map +1 -0
package/dist/enclosure/index.d.ts +11 -0
package/dist/enclosure/index.d.ts.map +1 -0
package/dist/enclosure/index.js +11 -0
package/dist/enclosure/index.js.map +1 -0
package/dist/envelope/buckets.d.ts +38 -0
package/dist/envelope/buckets.d.ts.map +1 -0
package/dist/envelope/buckets.js +73 -0
package/dist/envelope/buckets.js.map +1 -0
package/dist/envelope/canonical.d.ts +28 -0
package/dist/envelope/canonical.d.ts.map +1 -0
package/dist/envelope/canonical.js +54 -0
package/dist/envelope/canonical.js.map +1 -0
package/dist/envelope/compose.d.ts +171 -0
package/dist/envelope/compose.d.ts.map +1 -0
package/dist/envelope/compose.js +237 -0
package/dist/envelope/compose.js.map +1 -0
package/dist/envelope/encode.d.ts +41 -0
package/dist/envelope/encode.d.ts.map +1 -0
package/dist/envelope/encode.js +69 -0
package/dist/envelope/encode.js.map +1 -0
package/dist/envelope/index.d.ts +20 -0
package/dist/envelope/index.d.ts.map +1 -0
package/dist/envelope/index.js +20 -0
package/dist/envelope/index.js.map +1 -0
package/dist/envelope/open_any.d.ts +48 -0
package/dist/envelope/open_any.d.ts.map +1 -0
package/dist/envelope/open_any.js +81 -0
package/dist/envelope/open_any.js.map +1 -0
package/dist/envelope/open_verified.d.ts +59 -0
package/dist/envelope/open_verified.d.ts.map +1 -0
package/dist/envelope/open_verified.js +67 -0
package/dist/envelope/open_verified.js.map +1 -0
package/dist/envelope/padding.d.ts +55 -0
package/dist/envelope/padding.d.ts.map +1 -0
package/dist/envelope/padding.js +162 -0
package/dist/envelope/padding.js.map +1 -0
package/dist/envelope/rejection.d.ts +22 -0
package/dist/envelope/rejection.d.ts.map +1 -0
package/dist/envelope/rejection.js +30 -0
package/dist/envelope/rejection.js.map +1 -0
package/dist/envelope/sendtime.d.ts +49 -0
package/dist/envelope/sendtime.d.ts.map +1 -0
package/dist/envelope/sendtime.js +87 -0
package/dist/envelope/sendtime.js.map +1 -0
package/dist/envelope/verify.d.ts +29 -0
package/dist/envelope/verify.d.ts.map +1 -0
package/dist/envelope/verify.js +90 -0
package/dist/envelope/verify.js.map +1 -0
package/dist/extensions/index.d.ts +7 -0
package/dist/extensions/index.d.ts.map +1 -0
package/dist/extensions/index.js +7 -0
package/dist/extensions/index.js.map +1 -0
package/dist/extensions/limits.d.ts +101 -0
package/dist/extensions/limits.d.ts.map +1 -0
package/dist/extensions/limits.js +175 -0
package/dist/extensions/limits.js.map +1 -0
package/dist/handshake/abort.d.ts +49 -0
package/dist/handshake/abort.d.ts.map +1 -0
package/dist/handshake/abort.js +82 -0
package/dist/handshake/abort.js.map +1 -0
package/dist/handshake/capabilities.d.ts +46 -0
package/dist/handshake/capabilities.d.ts.map +1 -0
package/dist/handshake/capabilities.js +114 -0
package/dist/handshake/capabilities.js.map +1 -0
package/dist/handshake/client_state.d.ts +186 -0
package/dist/handshake/client_state.d.ts.map +1 -0
package/dist/handshake/client_state.js +520 -0
package/dist/handshake/client_state.js.map +1 -0
package/dist/handshake/confirm.d.ts +21 -0
package/dist/handshake/confirm.d.ts.map +1 -0
package/dist/handshake/confirm.js +27 -0
package/dist/handshake/confirm.js.map +1 -0
package/dist/handshake/driver.d.ts +126 -0
package/dist/handshake/driver.d.ts.map +1 -0
package/dist/handshake/driver.js +251 -0
package/dist/handshake/driver.js.map +1 -0
package/dist/handshake/federation.d.ts +365 -0
package/dist/handshake/federation.d.ts.map +1 -0
package/dist/handshake/federation.js +664 -0
package/dist/handshake/federation.js.map +1 -0
package/dist/handshake/first_contact.d.ts +57 -0
package/dist/handshake/first_contact.d.ts.map +1 -0
package/dist/handshake/first_contact.js +124 -0
package/dist/handshake/first_contact.js.map +1 -0
package/dist/handshake/identity.d.ts +101 -0
package/dist/handshake/identity.d.ts.map +1 -0
package/dist/handshake/identity.js +117 -0
package/dist/handshake/identity.js.map +1 -0
package/dist/handshake/index.d.ts +21 -0
package/dist/handshake/index.d.ts.map +1 -0
package/dist/handshake/index.js +21 -0
package/dist/handshake/index.js.map +1 -0
package/dist/handshake/messages.d.ts +176 -0
package/dist/handshake/messages.d.ts.map +1 -0
package/dist/handshake/messages.js +125 -0
package/dist/handshake/messages.js.map +1 -0
package/dist/handshake/pow.d.ts +53 -0
package/dist/handshake/pow.d.ts.map +1 -0
package/dist/handshake/pow.js +142 -0
package/dist/handshake/pow.js.map +1 -0
package/dist/handshake/resume_driver.d.ts +56 -0
package/dist/handshake/resume_driver.d.ts.map +1 -0
package/dist/handshake/resume_driver.js +75 -0
package/dist/handshake/resume_driver.js.map +1 -0
package/dist/handshake/server.d.ts +112 -0
package/dist/handshake/server.d.ts.map +1 -0
package/dist/handshake/server.js +247 -0
package/dist/handshake/server.js.map +1 -0
package/dist/handshake/server_state.d.ts +102 -0
package/dist/handshake/server_state.d.ts.map +1 -0
package/dist/handshake/server_state.js +278 -0
package/dist/handshake/server_state.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +33 -0
package/dist/index.js.map +1 -0
package/dist/keys/compromise.d.ts +118 -0
package/dist/keys/compromise.d.ts.map +1 -0
package/dist/keys/compromise.js +218 -0
package/dist/keys/compromise.js.map +1 -0
package/dist/keys/device_certificate.d.ts +166 -0
package/dist/keys/device_certificate.d.ts.map +1 -0
package/dist/keys/device_certificate.js +328 -0
package/dist/keys/device_certificate.js.map +1 -0
package/dist/keys/device_records.d.ts +175 -0
package/dist/keys/device_records.d.ts.map +1 -0
package/dist/keys/device_records.js +418 -0
package/dist/keys/device_records.js.map +1 -0
package/dist/keys/directory_cache.d.ts +64 -0
package/dist/keys/directory_cache.d.ts.map +1 -0
package/dist/keys/directory_cache.js +98 -0
package/dist/keys/directory_cache.js.map +1 -0
package/dist/keys/directory_state.d.ts +79 -0
package/dist/keys/directory_state.d.ts.map +1 -0
package/dist/keys/directory_state.js +155 -0
package/dist/keys/directory_state.js.map +1 -0
package/dist/keys/index.d.ts +18 -0
package/dist/keys/index.d.ts.map +1 -0
package/dist/keys/index.js +18 -0
package/dist/keys/index.js.map +1 -0
package/dist/keys/key_revocation.d.ts +61 -0
package/dist/keys/key_revocation.d.ts.map +1 -0
package/dist/keys/key_revocation.js +88 -0
package/dist/keys/key_revocation.js.map +1 -0
package/dist/keys/request.d.ts +124 -0
package/dist/keys/request.d.ts.map +1 -0
package/dist/keys/request.js +130 -0
package/dist/keys/request.js.map +1 -0
package/dist/keys/sign.d.ts +49 -0
package/dist/keys/sign.d.ts.map +1 -0
package/dist/keys/sign.js +80 -0
package/dist/keys/sign.js.map +1 -0
package/dist/keys/signed.d.ts +80 -0
package/dist/keys/signed.d.ts.map +1 -0
package/dist/keys/signed.js +138 -0
package/dist/keys/signed.js.map +1 -0
package/dist/keys/store.d.ts +138 -0
package/dist/keys/store.d.ts.map +1 -0
package/dist/keys/store.js +107 -0
package/dist/keys/store.js.map +1 -0
package/dist/largeattachment/crypto.d.ts +47 -0
package/dist/largeattachment/crypto.d.ts.map +1 -0
package/dist/largeattachment/crypto.js +235 -0
package/dist/largeattachment/crypto.js.map +1 -0
package/dist/largeattachment/enclosure.d.ts +48 -0
package/dist/largeattachment/enclosure.d.ts.map +1 -0
package/dist/largeattachment/enclosure.js +102 -0
package/dist/largeattachment/enclosure.js.map +1 -0
package/dist/largeattachment/index.d.ts +15 -0
package/dist/largeattachment/index.d.ts.map +1 -0
package/dist/largeattachment/index.js +15 -0
package/dist/largeattachment/index.js.map +1 -0
package/dist/largeattachment/store.d.ts +36 -0
package/dist/largeattachment/store.d.ts.map +1 -0
package/dist/largeattachment/store.js +37 -0
package/dist/largeattachment/store.js.map +1 -0
package/dist/largeattachment/types.d.ts +56 -0
package/dist/largeattachment/types.d.ts.map +1 -0
package/dist/largeattachment/types.js +31 -0
package/dist/largeattachment/types.js.map +1 -0
package/dist/largeattachment/upload.d.ts +62 -0
package/dist/largeattachment/upload.d.ts.map +1 -0
package/dist/largeattachment/upload.js +166 -0
package/dist/largeattachment/upload.js.map +1 -0
package/dist/migration/index.d.ts +17 -0
package/dist/migration/index.d.ts.map +1 -0
package/dist/migration/index.js +17 -0
package/dist/migration/index.js.map +1 -0
package/dist/migration/lockout.d.ts +48 -0
package/dist/migration/lockout.d.ts.map +1 -0
package/dist/migration/lockout.js +57 -0
package/dist/migration/lockout.js.map +1 -0
package/dist/migration/migration.d.ts +48 -0
package/dist/migration/migration.d.ts.map +1 -0
package/dist/migration/migration.js +58 -0
package/dist/migration/migration.js.map +1 -0
package/dist/migration/notice.d.ts +33 -0
package/dist/migration/notice.d.ts.map +1 -0
package/dist/migration/notice.js +85 -0
package/dist/migration/notice.js.map +1 -0
package/dist/migration/orchestrate.d.ts +109 -0
package/dist/migration/orchestrate.d.ts.map +1 -0
package/dist/migration/orchestrate.js +212 -0
package/dist/migration/orchestrate.js.map +1 -0
package/dist/migration/publication_store.d.ts +34 -0
package/dist/migration/publication_store.d.ts.map +1 -0
package/dist/migration/publication_store.js +44 -0
package/dist/migration/publication_store.js.map +1 -0
package/dist/migration/sign.d.ts +65 -0
package/dist/migration/sign.d.ts.map +1 -0
package/dist/migration/sign.js +331 -0
package/dist/migration/sign.js.map +1 -0
package/dist/migration/types.d.ts +92 -0
package/dist/migration/types.d.ts.map +1 -0
package/dist/migration/types.js +26 -0
package/dist/migration/types.js.map +1 -0
package/dist/reasoncodes.d.ts +42 -0
package/dist/reasoncodes.d.ts.map +1 -0
package/dist/reasoncodes.js +80 -0
package/dist/reasoncodes.js.map +1 -0
package/dist/recovery/bundle.d.ts +34 -0
package/dist/recovery/bundle.d.ts.map +1 -0
package/dist/recovery/bundle.js +144 -0
package/dist/recovery/bundle.js.map +1 -0
package/dist/recovery/bundle_crypto.d.ts +60 -0
package/dist/recovery/bundle_crypto.d.ts.map +1 -0
package/dist/recovery/bundle_crypto.js +179 -0
package/dist/recovery/bundle_crypto.js.map +1 -0
package/dist/recovery/bundle_store.d.ts +57 -0
package/dist/recovery/bundle_store.d.ts.map +1 -0
package/dist/recovery/bundle_store.js +104 -0
package/dist/recovery/bundle_store.js.map +1 -0
package/dist/recovery/index.d.ts +19 -0
package/dist/recovery/index.d.ts.map +1 -0
package/dist/recovery/index.js +19 -0
package/dist/recovery/index.js.map +1 -0
package/dist/recovery/manifest_crosscheck.d.ts +59 -0
package/dist/recovery/manifest_crosscheck.d.ts.map +1 -0
package/dist/recovery/manifest_crosscheck.js +59 -0
package/dist/recovery/manifest_crosscheck.js.map +1 -0
package/dist/recovery/shamir.d.ts +51 -0
package/dist/recovery/shamir.d.ts.map +1 -0
package/dist/recovery/shamir.js +181 -0
package/dist/recovery/shamir.js.map +1 -0
package/dist/recovery/sign.d.ts +61 -0
package/dist/recovery/sign.d.ts.map +1 -0
package/dist/recovery/sign.js +359 -0
package/dist/recovery/sign.js.map +1 -0
package/dist/recovery/types.d.ts +180 -0
package/dist/recovery/types.d.ts.map +1 -0
package/dist/recovery/types.js +31 -0
package/dist/recovery/types.js.map +1 -0
package/dist/reputation/abuse_report.d.ts +62 -0
package/dist/reputation/abuse_report.d.ts.map +1 -0
package/dist/reputation/abuse_report.js +111 -0
package/dist/reputation/abuse_report.js.map +1 -0
package/dist/reputation/bucketize.d.ts +31 -0
package/dist/reputation/bucketize.d.ts.map +1 -0
package/dist/reputation/bucketize.js +77 -0
package/dist/reputation/bucketize.js.map +1 -0
package/dist/reputation/gossip.d.ts +24 -0
package/dist/reputation/gossip.d.ts.map +1 -0
package/dist/reputation/gossip.js +64 -0
package/dist/reputation/gossip.js.map +1 -0
package/dist/reputation/gossip_fetch.d.ts +64 -0
package/dist/reputation/gossip_fetch.d.ts.map +1 -0
package/dist/reputation/gossip_fetch.js +114 -0
package/dist/reputation/gossip_fetch.js.map +1 -0
package/dist/reputation/index.d.ts +20 -0
package/dist/reputation/index.d.ts.map +1 -0
package/dist/reputation/index.js +20 -0
package/dist/reputation/index.js.map +1 -0
package/dist/reputation/observation_store.d.ts +67 -0
package/dist/reputation/observation_store.d.ts.map +1 -0
package/dist/reputation/observation_store.js +171 -0
package/dist/reputation/observation_store.js.map +1 -0
package/dist/reputation/pow.d.ts +91 -0
package/dist/reputation/pow.d.ts.map +1 -0
package/dist/reputation/pow.js +209 -0
package/dist/reputation/pow.js.map +1 -0
package/dist/reputation/sign.d.ts +40 -0
package/dist/reputation/sign.d.ts.map +1 -0
package/dist/reputation/sign.js +202 -0
package/dist/reputation/sign.js.map +1 -0
package/dist/reputation/types.d.ts +133 -0
package/dist/reputation/types.d.ts.map +1 -0
package/dist/reputation/types.js +33 -0
package/dist/reputation/types.js.map +1 -0
package/dist/reputation/whois.d.ts +25 -0
package/dist/reputation/whois.d.ts.map +1 -0
package/dist/reputation/whois.js +20 -0
package/dist/reputation/whois.js.map +1 -0
package/dist/seal/index.d.ts +8 -0
package/dist/seal/index.d.ts.map +1 -0
package/dist/seal/index.js +8 -0
package/dist/seal/index.js.map +1 -0
package/dist/seal/wrap.d.ts +74 -0
package/dist/seal/wrap.d.ts.map +1 -0
package/dist/seal/wrap.js +213 -0
package/dist/seal/wrap.js.map +1 -0
package/dist/session/dispatcher.d.ts +65 -0
package/dist/session/dispatcher.d.ts.map +1 -0
package/dist/session/dispatcher.js +96 -0
package/dist/session/dispatcher.js.map +1 -0
package/dist/session/index.d.ts +15 -0
package/dist/session/index.d.ts.map +1 -0
package/dist/session/index.js +15 -0
package/dist/session/index.js.map +1 -0
package/dist/session/rekey.d.ts +108 -0
package/dist/session/rekey.d.ts.map +1 -0
package/dist/session/rekey.js +207 -0
package/dist/session/rekey.js.map +1 -0
package/dist/session/rekey_seal.d.ts +66 -0
package/dist/session/rekey_seal.d.ts.map +1 -0
package/dist/session/rekey_seal.js +153 -0
package/dist/session/rekey_seal.js.map +1 -0
package/dist/session/resume.d.ts +125 -0
package/dist/session/resume.d.ts.map +1 -0
package/dist/session/resume.js +263 -0
package/dist/session/resume.js.map +1 -0
package/dist/session/session.d.ts +136 -0
package/dist/session/session.d.ts.map +1 -0
package/dist/session/session.js +188 -0
package/dist/session/session.js.map +1 -0
package/dist/transparency/index.d.ts +13 -0
package/dist/transparency/index.d.ts.map +1 -0
package/dist/transparency/index.js +13 -0
package/dist/transparency/index.js.map +1 -0
package/dist/transparency/log.d.ts +61 -0
package/dist/transparency/log.d.ts.map +1 -0
package/dist/transparency/log.js +133 -0
package/dist/transparency/log.js.map +1 -0
package/dist/transparency/merkle.d.ts +59 -0
package/dist/transparency/merkle.d.ts.map +1 -0
package/dist/transparency/merkle.js +314 -0
package/dist/transparency/merkle.js.map +1 -0
package/dist/transparency/sign.d.ts +48 -0
package/dist/transparency/sign.d.ts.map +1 -0
package/dist/transparency/sign.js +140 -0
package/dist/transparency/sign.js.map +1 -0
package/dist/transparency/types.d.ts +97 -0
package/dist/transparency/types.d.ts.map +1 -0
package/dist/transparency/types.js +25 -0
package/dist/transparency/types.js.map +1 -0
package/dist/transport/h2.d.ts +163 -0
package/dist/transport/h2.d.ts.map +1 -0
package/dist/transport/h2.js +397 -0
package/dist/transport/h2.js.map +1 -0
package/dist/transport/index.d.ts +15 -0
package/dist/transport/index.d.ts.map +1 -0
package/dist/transport/index.js +15 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/memory.d.ts +21 -0
package/dist/transport/memory.d.ts.map +1 -0
package/dist/transport/memory.js +112 -0
package/dist/transport/memory.js.map +1 -0
package/dist/transport/transport.d.ts +54 -0
package/dist/transport/transport.d.ts.map +1 -0
package/dist/transport/transport.js +20 -0
package/dist/transport/transport.js.map +1 -0
package/dist/transport/ws.d.ts +40 -0
package/dist/transport/ws.d.ts.map +1 -0
package/dist/transport/ws.js +204 -0
package/dist/transport/ws.js.map +1 -0
package/package.json +147 -0

package/dist/closure/driver.js ADDED Viewed

@@ -0,0 +1,126 @@
+/**
+ * Home-server closure driver per CLOSURE.md §3 + §4 + §5.
+ *
+ * Orchestrates closure lifecycle on a {@link ClosureStore}:
+ *  - {@link Driver.submit}: accept a request or cancel
+ *  - {@link Driver.tick}: drive due requests to finalization
+ *  - {@link Driver.isAccountClosed}: §5 ingress enforcement
+ *  - {@link Driver.recipientPolicy}: returns a delivery-policy
+ *    adapter that rejects envelopes addressed to closed accounts
+ *
+ * @module
+ */
+import { isFinalizable, validateClosureRecord, } from "./closure.js";
+import { AlreadyPendingError } from "./store.js";
+/** Closure driver. */
+export class Driver {
+    store;
+    nowFn;
+    constructor(cfg) {
+        this.store = cfg.store;
+        this.nowFn = cfg.nowFn ?? (() => new Date());
+    }
+    /**
+     * Apply `record` to the store. Caller MUST verify the record's
+     * signature and authority (§2.3 — the issuing device must be a
+     * full-access device of the account) BEFORE calling submit.
+     */
+    async submit(record) {
+        try {
+            validateClosureRecord(record);
+        }
+        catch (err) {
+            return {
+                kind: "invalid",
+                reason: err instanceof Error ? err.message : String(err),
+            };
+        }
+        if (record.step === "request") {
+            try {
+                await this.store.putPending(record);
+                return { kind: "accepted" };
+            }
+            catch (err) {
+                if (err instanceof AlreadyPendingError) {
+                    return { kind: "already_pending" };
+                }
+                throw err;
+            }
+        }
+        // step === "cancel"
+        const existing = await this.store.getPending(record.user_id);
+        if (existing === null) {
+            return { kind: "not_pending" };
+        }
+        await this.store.deletePending(record.user_id);
+        return { kind: "accepted" };
+    }
+    /**
+     * Drive any pending requests whose finalization timestamp has
+     * arrived to the finalized state. Returns the list of accounts
+     * finalized in this tick (deterministically ordered).
+     */
+    async tick() {
+        const now = this.nowFn();
+        const due = await this.store.duePending(now);
+        const out = [];
+        for (const r of due) {
+            if (!isFinalizable(r, now)) {
+                continue; // defensive
+            }
+            await this.store.putFinalized(r.user_id, now);
+            await this.store.deletePending(r.user_id);
+            out.push({ user_id: r.user_id, finalized_at: now });
+        }
+        return out;
+    }
+    /**
+     * Report whether `userId`'s account is currently closed within
+     * the §6.1 retention window.
+     *
+     * Returns true when `getFinalized(userId)` yields a timestamp
+     * (the store enforces retention via its prune path; once an
+     * entry is pruned, this returns false and the local-part is
+     * eligible for §6.2 reassignment).
+     */
+    async isAccountClosed(userId) {
+        const finalized = await this.store.getFinalized(userId);
+        return finalized !== null;
+    }
+    /**
+     * Return a per-recipient delivery-policy adapter that rejects
+     * envelopes addressed to closed accounts per §5.1, preserving
+     * existence indistinguishability per DESIGN.md §2.7 (the
+     * `policy_forbidden` reason is the same one a non-existent
+     * address receives).
+     *
+     * Pass `useSilent: true` to return the `silent` acknowledgment
+     * instead. Both preserve indistinguishability; the choice is
+     * operator policy.
+     */
+    recipientPolicy(opts = {}) {
+        return async (recipientAddress) => {
+            let closed;
+            try {
+                closed = await this.isAccountClosed(recipientAddress);
+            }
+            catch {
+                // Fail open per §5.1: a transient store error MUST NOT
+                // silently drop deliveries to active accounts.
+                return null;
+            }
+            if (!closed) {
+                return null;
+            }
+            if (opts.useSilent === true) {
+                return { acknowledgment: "silent" };
+            }
+            return {
+                acknowledgment: "rejected",
+                reason_code: "policy_forbidden",
+                reason: "recipient policy",
+            };
+        };
+    }
+}
+//# sourceMappingURL=driver.js.map

package/dist/closure/driver.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"driver.js","sourceRoot":"","sources":["../../src/closure/driver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH,OAAO,EAEL,aAAa,EACb,qBAAqB,GACtB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAqB,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAiCpE,sBAAsB;AACtB,MAAM,OAAO,MAAM;IACA,KAAK,CAAe;IACpB,KAAK,CAAa;IAEnC,YAAY,GAAiB;QAC3B,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACvB,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,MAAqB;QAChC,IAAI,CAAC;YACH,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACzD,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;gBACpC,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;YAC9B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,GAAG,YAAY,mBAAmB,EAAE,CAAC;oBACvC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC;gBACrC,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QACD,oBAAoB;QACpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7D,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;QACjC,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC/C,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;IAC9B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,IAAI;QACR,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAC7C,MAAM,GAAG,GAAqB,EAAE,CAAC;QACjC,KAAK,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;YACpB,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;gBAC3B,SAAS,CAAC,YAAY;YACxB,CAAC;YACD,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAC9C,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAC1C,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACxD,OAAO,SAAS,KAAK,IAAI,CAAC;IAC5B,CAAC;IAED;;;;;;;;;;OAUG;IACH,eAAe,CAAC,OAAgC,EAAE;QAChD,OAAO,KAAK,EAAE,gBAAgB,EAAE,EAAE;YAChC,IAAI,MAAe,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC;gBACP,uDAAuD;gBACvD,+CAA+C;gBAC/C,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,IAAI,CAAC,SAAS,KAAK,IAAI,EAAE,CAAC;gBAC5B,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC;YACtC,CAAC;YACD,OAAO;gBACL,cAAc,EAAE,UAAU;gBAC1B,WAAW,EAAE,kBAAkB;gBAC/B,MAAM,EAAE,kBAAkB;aAC3B,CAAC;QACJ,CAAC,CAAC;IACJ,CAAC;CACF"}

package/dist/closure/index.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Account closure layer per CLOSURE.md.
+ *
+ * Wire records (request + cancel) and signing primitives, plus
+ * the home-server driver that orchestrates pending → finalized
+ * lifecycle on a {@link ClosureStore}.
+ *
+ * @module
+ */
+export { type ClosureRecord, type ClosureSignature, type SignClosureRecordInput, type SignClosureRecordResult, type Step, type ValidateClosureOptions, AccountClosurePrefix, MaxGracePeriodSeconds, MinGracePeriodSeconds, RecommendedGracePeriodSeconds, RecordType, RecordVersion, SignatureAlgorithmEd25519, finalizationAt, isFinalizable, signClosureRecord, validateClosureRecord, verifyClosureRecord, } from "./closure.js";
+export { type ClosureStore, AlreadyPendingError, InMemoryClosureStore, MinRetentionMs, RecommendedRetentionMs, } from "./store.js";
+export { type DriverConfig, type FinalizeResult, type RecipientPolicyFunc, type SubmitResult, Driver, } from "./driver.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/closure/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/closure/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,EAC5B,KAAK,IAAI,EACT,KAAK,sBAAsB,EAC3B,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,6BAA6B,EAC7B,UAAU,EACV,aAAa,EACb,yBAAyB,EACzB,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,KAAK,YAAY,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,cAAc,EACd,sBAAsB,GACvB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,YAAY,EACjB,MAAM,GACP,MAAM,aAAa,CAAC"}

package/dist/closure/index.js ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Account closure layer per CLOSURE.md.
+ *
+ * Wire records (request + cancel) and signing primitives, plus
+ * the home-server driver that orchestrates pending → finalized
+ * lifecycle on a {@link ClosureStore}.
+ *
+ * @module
+ */
+export { AccountClosurePrefix, MaxGracePeriodSeconds, MinGracePeriodSeconds, RecommendedGracePeriodSeconds, RecordType, RecordVersion, SignatureAlgorithmEd25519, finalizationAt, isFinalizable, signClosureRecord, validateClosureRecord, verifyClosureRecord, } from "./closure.js";
+export { AlreadyPendingError, InMemoryClosureStore, MinRetentionMs, RecommendedRetentionMs, } from "./store.js";
+export { Driver, } from "./driver.js";
+//# sourceMappingURL=index.js.map

package/dist/closure/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/closure/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAOL,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,6BAA6B,EAC7B,UAAU,EACV,aAAa,EACb,yBAAyB,EACzB,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAEL,mBAAmB,EACnB,oBAAoB,EACpB,cAAc,EACd,sBAAsB,GACvB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAKL,MAAM,GACP,MAAM,aAAa,CAAC"}

package/dist/closure/store.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/**
+ * Persistence interface for closure state per CLOSURE.md §2.4 +
+ * §6.1.
+ *
+ * Used by the {@link "./driver".Driver} for two distinct concerns:
+ *
+ *  - Pending state: active closure requests (submit / cancel /
+ *    tick-due).
+ *  - Finalized state: closed accounts within the §6.1 retention
+ *    window. Used by ingress enforcement (§5) and by §6 local-part
+ *    reassignment checks.
+ *
+ * Production deployments plug in a durable backend; tests + demos
+ * use {@link InMemoryClosureStore}.
+ *
+ * @module
+ */
+import type { ClosureRecord } from "./closure.js";
+/**
+ * Spec-mandated retention bounds for the §6.1 post-finalization
+ * retention window: at least 180 days, RECOMMENDED 365 days.
+ */
+export declare const MinRetentionMs: number;
+export declare const RecommendedRetentionMs: number;
+/** Thrown by {@link ClosureStore.putPending} on collision. */
+export declare class AlreadyPendingError extends Error {
+    readonly name = "AlreadyPendingError";
+}
+/** Persistence interface for closure state. */
+export interface ClosureStore {
+    /**
+     * Insert `record` as the active pending request for
+     * `record.user_id`. Throws {@link AlreadyPendingError} if a
+     * request is already pending for the same user (the §2.4
+     * "at most one active closure" rule).
+     */
+    putPending(record: ClosureRecord): Promise<void>;
+    /** Return the pending request for `userId`, or null when none. */
+    getPending(userId: string): Promise<ClosureRecord | null>;
+    /** Remove the pending request for `userId`. Idempotent. */
+    deletePending(userId: string): Promise<void>;
+    /**
+     * Return every pending request whose finalization timestamp is
+     * at or before `now`, in deterministic order (by user_id
+     * ascending). The driver's `tick` consumes this slice.
+     */
+    duePending(now: Date): Promise<ClosureRecord[]>;
+    /** Number of pending requests, for operator monitoring. */
+    countPending(): Promise<number>;
+    /**
+     * Record that `userId`'s closure finalized at the given timestamp.
+     * Used by `isAccountClosed` and the §6.1 retention prune.
+     */
+    putFinalized(userId: string, finalizedAt: Date): Promise<void>;
+    /**
+     * Return the finalization timestamp for `userId`, or null if no
+     * finalization is recorded.
+     */
+    getFinalized(userId: string): Promise<Date | null>;
+    /**
+     * Evict finalized entries older than `retainForMs`. Values smaller
+     * than {@link MinRetentionMs} are clamped up. Returns the number
+     * of entries evicted.
+     */
+    pruneFinalized(retainForMs: number, now?: Date): Promise<number>;
+}
+/** Reference in-memory {@link ClosureStore}. Single-process only. */
+export declare class InMemoryClosureStore implements ClosureStore {
+    private readonly pending;
+    private readonly finalized;
+    putPending(record: ClosureRecord): Promise<void>;
+    getPending(userId: string): Promise<ClosureRecord | null>;
+    deletePending(userId: string): Promise<void>;
+    duePending(now: Date): Promise<ClosureRecord[]>;
+    countPending(): Promise<number>;
+    putFinalized(userId: string, finalizedAt: Date): Promise<void>;
+    getFinalized(userId: string): Promise<Date | null>;
+    pruneFinalized(retainForMs: number, now?: Date): Promise<number>;
+}
+//# sourceMappingURL=store.d.ts.map

package/dist/closure/store.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/closure/store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAGlD;;;GAGG;AACH,eAAO,MAAM,cAAc,QAA4B,CAAC;AACxD,eAAO,MAAM,sBAAsB,QAA4B,CAAC;AAEhE,8DAA8D;AAC9D,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,SAAkB,IAAI,yBAAyB;CAChD;AAED,+CAA+C;AAC/C,MAAM,WAAW,YAAY;IAC3B;;;;;OAKG;IACH,UAAU,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjD,kEAAkE;IAClE,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IAE1D,2DAA2D;IAC3D,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7C;;;;OAIG;IACH,UAAU,CAAC,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAEhD,2DAA2D;IAC3D,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAEhC;;;OAGG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/D;;;OAGG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IAEnD;;;;OAIG;IACH,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAClE;AAED,qEAAqE;AACrE,qBAAa,oBAAqB,YAAW,YAAY;IACvD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAoC;IAC5D,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA2B;IAE/C,UAAU,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAYhD,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAKzD,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5C,UAAU,CAAC,GAAG,EAAE,IAAI,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAW/C,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAI/B,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAU9D,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAIlD,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,GAAE,IAAiB,GAAG,OAAO,CAAC,MAAM,CAAC;CAcnF"}

package/dist/closure/store.js ADDED Viewed

@@ -0,0 +1,89 @@
+/**
+ * Persistence interface for closure state per CLOSURE.md §2.4 +
+ * §6.1.
+ *
+ * Used by the {@link "./driver".Driver} for two distinct concerns:
+ *
+ *  - Pending state: active closure requests (submit / cancel /
+ *    tick-due).
+ *  - Finalized state: closed accounts within the §6.1 retention
+ *    window. Used by ingress enforcement (§5) and by §6 local-part
+ *    reassignment checks.
+ *
+ * Production deployments plug in a durable backend; tests + demos
+ * use {@link InMemoryClosureStore}.
+ *
+ * @module
+ */
+import { finalizationAt } from "./closure.js";
+/**
+ * Spec-mandated retention bounds for the §6.1 post-finalization
+ * retention window: at least 180 days, RECOMMENDED 365 days.
+ */
+export const MinRetentionMs = 180 * 24 * 60 * 60 * 1000;
+export const RecommendedRetentionMs = 365 * 24 * 60 * 60 * 1000;
+/** Thrown by {@link ClosureStore.putPending} on collision. */
+export class AlreadyPendingError extends Error {
+    name = "AlreadyPendingError";
+}
+/** Reference in-memory {@link ClosureStore}. Single-process only. */
+export class InMemoryClosureStore {
+    pending = new Map();
+    finalized = new Map();
+    async putPending(record) {
+        if (record.user_id === "") {
+            throw new Error("closure: store put_pending missing user_id");
+        }
+        if (this.pending.has(record.user_id)) {
+            throw new AlreadyPendingError(`closure: pending request already exists for ${record.user_id}`);
+        }
+        this.pending.set(record.user_id, { ...record });
+    }
+    async getPending(userId) {
+        const r = this.pending.get(userId);
+        return r === undefined ? null : { ...r };
+    }
+    async deletePending(userId) {
+        this.pending.delete(userId);
+    }
+    async duePending(now) {
+        const due = [];
+        for (const r of this.pending.values()) {
+            if (now.getTime() >= finalizationAt(r).getTime()) {
+                due.push({ ...r });
+            }
+        }
+        due.sort((a, b) => (a.user_id < b.user_id ? -1 : a.user_id > b.user_id ? 1 : 0));
+        return due;
+    }
+    async countPending() {
+        return this.pending.size;
+    }
+    async putFinalized(userId, finalizedAt) {
+        if (userId === "") {
+            throw new Error("closure: store put_finalized missing user_id");
+        }
+        if (Number.isNaN(finalizedAt.getTime())) {
+            throw new Error("closure: store put_finalized invalid timestamp");
+        }
+        this.finalized.set(userId, finalizedAt);
+    }
+    async getFinalized(userId) {
+        return this.finalized.get(userId) ?? null;
+    }
+    async pruneFinalized(retainForMs, now = new Date()) {
+        if (retainForMs < MinRetentionMs) {
+            retainForMs = MinRetentionMs;
+        }
+        const cutoff = now.getTime() - retainForMs;
+        let removed = 0;
+        for (const [userId, finalizedAtTs] of this.finalized) {
+            if (finalizedAtTs.getTime() < cutoff) {
+                this.finalized.delete(userId);
+                removed++;
+            }
+        }
+        return removed;
+    }
+}
+//# sourceMappingURL=store.js.map

package/dist/closure/store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/closure/store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACxD,MAAM,CAAC,MAAM,sBAAsB,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEhE,8DAA8D;AAC9D,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC1B,IAAI,GAAG,qBAAqB,CAAC;CAChD;AAgDD,qEAAqE;AACrE,MAAM,OAAO,oBAAoB;IACd,OAAO,GAAG,IAAI,GAAG,EAAyB,CAAC;IAC3C,SAAS,GAAG,IAAI,GAAG,EAAgB,CAAC;IAErD,KAAK,CAAC,UAAU,CAAC,MAAqB;QACpC,IAAI,MAAM,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,mBAAmB,CAC3B,+CAA+C,MAAM,CAAC,OAAO,EAAE,CAChE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAc;QAC7B,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACnC,OAAO,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,MAAc;QAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAS;QACxB,MAAM,GAAG,GAAoB,EAAE,CAAC;QAChC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YACtC,IAAI,GAAG,CAAC,OAAO,EAAE,IAAI,cAAc,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;gBACjD,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YACrB,CAAC;QACH,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACjF,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,WAAiB;QAClD,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAAc;QAC/B,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,WAAmB,EAAE,MAAY,IAAI,IAAI,EAAE;QAC9D,IAAI,WAAW,GAAG,cAAc,EAAE,CAAC;YACjC,WAAW,GAAG,cAAc,CAAC;QAC/B,CAAC;QACD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,WAAW,CAAC;QAC3C,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACrD,IAAI,aAAa,CAAC,OAAO,EAAE,GAAG,MAAM,EAAE,CAAC;gBACrC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAC9B,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}

package/dist/crypto/aead.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * AEAD primitives for SEMP.
+ *
+ * The two currently defined algorithm suites use different AEAD
+ * variants:
+ *
+ *   - `x25519-chacha20-poly1305` — ChaCha20-Poly1305, 12-byte nonce.
+ *   - `pq-kyber768-x25519`       — XChaCha20-Poly1305, 24-byte nonce.
+ *
+ * The sealing flow is identical in both cases: AEAD.Seal(key, nonce,
+ * plaintext, aad) -> ciphertext || tag. Returns a single byte slice
+ * with the authentication tag appended.
+ *
+ * @module
+ */
+/** Algorithm name used in vectors and on the wire. */
+export type AEADAlgorithm = "chacha20-poly1305" | "xchacha20-poly1305";
+/**
+ * Seal `plaintext` with the negotiated AEAD. Returns
+ * `ciphertext || tag` (no nonce prefix; the caller composes the
+ * wire layout per ENVELOPE.md §7.1.1).
+ */
+export declare function aeadSeal(algorithm: AEADAlgorithm, key: Uint8Array, nonce: Uint8Array, plaintext: Uint8Array, aad: Uint8Array): Uint8Array;
+/**
+ * Open AEAD ciphertext. Throws on tag mismatch (Poly1305 fail).
+ * Returns the plaintext on success.
+ */
+export declare function aeadOpen(algorithm: AEADAlgorithm, key: Uint8Array, nonce: Uint8Array, ciphertext: Uint8Array, aad: Uint8Array): Uint8Array;
+//# sourceMappingURL=aead.d.ts.map

package/dist/crypto/aead.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"aead.d.ts","sourceRoot":"","sources":["../../src/crypto/aead.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,sDAAsD;AACtD,MAAM,MAAM,aAAa,GAAG,mBAAmB,GAAG,oBAAoB,CAAC;AAEvE;;;;GAIG;AACH,wBAAgB,QAAQ,CACtB,SAAS,EAAE,aAAa,EACxB,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,EACjB,SAAS,EAAE,UAAU,EACrB,GAAG,EAAE,UAAU,GACd,UAAU,CAGZ;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CACtB,SAAS,EAAE,aAAa,EACxB,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,EACjB,UAAU,EAAE,UAAU,EACtB,GAAG,EAAE,UAAU,GACd,UAAU,CAGZ"}

package/dist/crypto/aead.js ADDED Viewed

@@ -0,0 +1,48 @@
+/**
+ * AEAD primitives for SEMP.
+ *
+ * The two currently defined algorithm suites use different AEAD
+ * variants:
+ *
+ *   - `x25519-chacha20-poly1305` — ChaCha20-Poly1305, 12-byte nonce.
+ *   - `pq-kyber768-x25519`       — XChaCha20-Poly1305, 24-byte nonce.
+ *
+ * The sealing flow is identical in both cases: AEAD.Seal(key, nonce,
+ * plaintext, aad) -> ciphertext || tag. Returns a single byte slice
+ * with the authentication tag appended.
+ *
+ * @module
+ */
+import { chacha20poly1305, xchacha20poly1305 } from "@noble/ciphers/chacha.js";
+/**
+ * Seal `plaintext` with the negotiated AEAD. Returns
+ * `ciphertext || tag` (no nonce prefix; the caller composes the
+ * wire layout per ENVELOPE.md §7.1.1).
+ */
+export function aeadSeal(algorithm, key, nonce, plaintext, aad) {
+    const c = newCipher(algorithm, key, nonce, aad);
+    return c.encrypt(plaintext);
+}
+/**
+ * Open AEAD ciphertext. Throws on tag mismatch (Poly1305 fail).
+ * Returns the plaintext on success.
+ */
+export function aeadOpen(algorithm, key, nonce, ciphertext, aad) {
+    const c = newCipher(algorithm, key, nonce, aad);
+    return c.decrypt(ciphertext);
+}
+function newCipher(algorithm, key, nonce, aad) {
+    switch (algorithm) {
+        case "chacha20-poly1305":
+            if (nonce.length !== 12) {
+                throw new Error(`chacha20-poly1305 nonce must be 12 bytes, got ${nonce.length}`);
+            }
+            return chacha20poly1305(key, nonce, aad);
+        case "xchacha20-poly1305":
+            if (nonce.length !== 24) {
+                throw new Error(`xchacha20-poly1305 nonce must be 24 bytes, got ${nonce.length}`);
+            }
+            return xchacha20poly1305(key, nonce, aad);
+    }
+}
+//# sourceMappingURL=aead.js.map

package/dist/crypto/aead.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"aead.js","sourceRoot":"","sources":["../../src/crypto/aead.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAK/E;;;;GAIG;AACH,MAAM,UAAU,QAAQ,CACtB,SAAwB,EACxB,GAAe,EACf,KAAiB,EACjB,SAAqB,EACrB,GAAe;IAEf,MAAM,CAAC,GAAG,SAAS,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IAChD,OAAO,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAC9B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,QAAQ,CACtB,SAAwB,EACxB,GAAe,EACf,KAAiB,EACjB,UAAsB,EACtB,GAAe;IAEf,MAAM,CAAC,GAAG,SAAS,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IAChD,OAAO,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,SAAS,CAChB,SAAwB,EACxB,GAAe,EACf,KAAiB,EACjB,GAAe;IAEf,QAAQ,SAAS,EAAE,CAAC;QAClB,KAAK,mBAAmB;YACtB,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,iDAAiD,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;YACnF,CAAC;YACD,OAAO,gBAAgB,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QAC3C,KAAK,oBAAoB;YACvB,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,kDAAkD,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;YACpF,CAAC;YACD,OAAO,iBAAiB,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC"}

package/dist/crypto/argon2.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * Argon2id KDF wrapper for SEMP recovery bundles per RECOVERY.md
+ * §2.4. The vectors fix all four parameters (memory, iterations,
+ * parallelism, output length) so the runner can re-derive the
+ * bundle key deterministically.
+ *
+ * @module
+ */
+/**
+ * Argon2id key derivation.
+ *
+ * @param secret raw secret bytes (the recovery secret).
+ * @param salt 16-byte salt.
+ * @param memoryKB memory cost in KiB (e.g. 65536 for 64 MiB).
+ * @param iterations time cost.
+ * @param parallelism degree of parallelism (lanes).
+ * @param outputLength output length in bytes (typically 32).
+ */
+export declare function argon2idKDF(secret: Uint8Array, salt: Uint8Array, memoryKB: number, iterations: number, parallelism: number, outputLength: number): Uint8Array;
+//# sourceMappingURL=argon2.d.ts.map

package/dist/crypto/argon2.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"argon2.d.ts","sourceRoot":"","sources":["../../src/crypto/argon2.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH;;;;;;;;;GASG;AACH,wBAAgB,WAAW,CACzB,MAAM,EAAE,UAAU,EAClB,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,UAAU,CAOZ"}

package/dist/crypto/argon2.js ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * Argon2id KDF wrapper for SEMP recovery bundles per RECOVERY.md
+ * §2.4. The vectors fix all four parameters (memory, iterations,
+ * parallelism, output length) so the runner can re-derive the
+ * bundle key deterministically.
+ *
+ * @module
+ */
+import { argon2id } from "@noble/hashes/argon2.js";
+/**
+ * Argon2id key derivation.
+ *
+ * @param secret raw secret bytes (the recovery secret).
+ * @param salt 16-byte salt.
+ * @param memoryKB memory cost in KiB (e.g. 65536 for 64 MiB).
+ * @param iterations time cost.
+ * @param parallelism degree of parallelism (lanes).
+ * @param outputLength output length in bytes (typically 32).
+ */
+export function argon2idKDF(secret, salt, memoryKB, iterations, parallelism, outputLength) {
+    return argon2id(secret, salt, {
+        m: memoryKB,
+        t: iterations,
+        p: parallelism,
+        dkLen: outputLength,
+    });
+}
+//# sourceMappingURL=argon2.js.map

package/dist/crypto/argon2.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"argon2.js","sourceRoot":"","sources":["../../src/crypto/argon2.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AAEnD;;;;;;;;;GASG;AACH,MAAM,UAAU,WAAW,CACzB,MAAkB,EAClB,IAAgB,EAChB,QAAgB,EAChB,UAAkB,EAClB,WAAmB,EACnB,YAAoB;IAEpB,OAAO,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE;QAC5B,CAAC,EAAE,QAAQ;QACX,CAAC,EAAE,UAAU;QACb,CAAC,EAAE,WAAW;QACd,KAAK,EAAE,YAAY;KACpB,CAAC,CAAC;AACL,CAAC"}

package/dist/crypto/index.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Layer 1 cryptographic primitives. Mirrors the semp-go `crypto`
+ * package: KDF, MAC, signature, KEM, AEAD, and suite glue. The
+ * implementation is the audited @noble suite end-to-end; no native
+ * bindings, browser-compatible.
+ *
+ * @module
+ */
+export { newHKDFSHA512, deriveSessionKeys, deriveSessionKeysWithResumption, deriveResumedSessionKeys, deriveRekeyKeys, InfoSessionEncC2S, InfoSessionEncS2C, InfoSessionMACC2S, InfoSessionMACS2C, InfoSessionEnvMAC, InfoSessionResumption, SessionKeyLength, type KDF, type SessionKeys, } from "./kdf.js";
+export { computeMAC, verifyMAC } from "./mac.js";
+export { type AEADAlgorithm, aeadOpen, aeadSeal } from "./aead.js";
+export { argon2idKDF } from "./argon2.js";
+export { HybridCiphertextSize, HybridPrivateKeySize, HybridPublicKeySize, HybridSharedSecretSize, Kyber768CiphertextSize, Kyber768PrivateKeySize, Kyber768PublicKeySize, Kyber768SharedKeySize, X25519Size, hybridDecapsulate, hybridPrivateKeyFromKyberAndX25519, kyber768Decapsulate, kyber768EncapsulateDeterministic, kyber768KeyPairFromSeed, x25519Agree, x25519PublicKey, } from "./kem.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/crypto/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,+BAA+B,EAC/B,wBAAwB,EACxB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,KAAK,GAAG,EACR,KAAK,WAAW,GACjB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAEjD,OAAO,EAAE,KAAK,aAAa,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAEnE,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,sBAAsB,EACtB,sBAAsB,EACtB,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,UAAU,EACV,iBAAiB,EACjB,kCAAkC,EAClC,mBAAmB,EACnB,gCAAgC,EAChC,uBAAuB,EACvB,WAAW,EACX,eAAe,GAChB,MAAM,UAAU,CAAC"}

package/dist/crypto/index.js ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Layer 1 cryptographic primitives. Mirrors the semp-go `crypto`
+ * package: KDF, MAC, signature, KEM, AEAD, and suite glue. The
+ * implementation is the audited @noble suite end-to-end; no native
+ * bindings, browser-compatible.
+ *
+ * @module
+ */
+export { newHKDFSHA512, deriveSessionKeys, deriveSessionKeysWithResumption, deriveResumedSessionKeys, deriveRekeyKeys, InfoSessionEncC2S, InfoSessionEncS2C, InfoSessionMACC2S, InfoSessionMACS2C, InfoSessionEnvMAC, InfoSessionResumption, SessionKeyLength, } from "./kdf.js";
+export { computeMAC, verifyMAC } from "./mac.js";
+export { aeadOpen, aeadSeal } from "./aead.js";
+export { argon2idKDF } from "./argon2.js";
+export { HybridCiphertextSize, HybridPrivateKeySize, HybridPublicKeySize, HybridSharedSecretSize, Kyber768CiphertextSize, Kyber768PrivateKeySize, Kyber768PublicKeySize, Kyber768SharedKeySize, X25519Size, hybridDecapsulate, hybridPrivateKeyFromKyberAndX25519, kyber768Decapsulate, kyber768EncapsulateDeterministic, kyber768KeyPairFromSeed, x25519Agree, x25519PublicKey, } from "./kem.js";
+//# sourceMappingURL=index.js.map

package/dist/crypto/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,+BAA+B,EAC/B,wBAAwB,EACxB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,GAGjB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAEjD,OAAO,EAAsB,QAAQ,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAEnE,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,sBAAsB,EACtB,sBAAsB,EACtB,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,UAAU,EACV,iBAAiB,EACjB,kCAAkC,EAClC,mBAAmB,EACnB,gCAAgC,EAChC,uBAAuB,EACvB,WAAW,EACX,eAAe,GAChB,MAAM,UAAU,CAAC"}

package/dist/crypto/kdf.d.ts ADDED Viewed

@@ -0,0 +1,96 @@
+/**
+ * HKDF-SHA-512 derivation per HANDSHAKE.md §2.4 and SESSION.md §2.1.
+ *
+ * SEMP uses HKDF-SHA-512 for both currently defined algorithm suites.
+ * The five per-key info labels (and the resumption label) are bound
+ * contexts that prevent cross-context key confusion if an
+ * implementation accidentally reuses a PRK across derivations.
+ *
+ * @module
+ */
+/**
+ * Per-key HKDF info labels for the five session keys derived from
+ * the initial-handshake PRK. Per VECTORS.md §2.2, the rekey
+ * derivation reuses these same labels — cross-context separation
+ * comes from the salt change (rekey nonces vs handshake nonces),
+ * not from a different label namespace.
+ */
+export declare const InfoSessionEncC2S = "SEMP-v1-session-enc-c2s";
+export declare const InfoSessionEncS2C = "SEMP-v1-session-enc-s2c";
+export declare const InfoSessionMACC2S = "SEMP-v1-session-mac-c2s";
+export declare const InfoSessionMACS2C = "SEMP-v1-session-mac-s2c";
+export declare const InfoSessionEnvMAC = "SEMP-v1-session-env-mac";
+/**
+ * K_resumption label per HANDSHAKE.md §2.8.3 and SESSION.md §2.7.
+ * K_resumption is NOT used to encrypt or MAC any message in the
+ * current session; it is the secret a server retains so that, mixed
+ * with a fresh ephemeral DH on a later resume attempt, the resumed
+ * session derives a new key schedule.
+ */
+export declare const InfoSessionResumption = "SEMP-v1-session-resumption";
+/** Length in bytes of every derived session key (SESSION.md §2.1). */
+export declare const SessionKeyLength = 32;
+/**
+ * Generic KDF interface. Both currently defined SEMP suites use
+ * HKDF-SHA-512; future suites may swap to a different hash.
+ */
+export interface KDF {
+    /** HKDF-Extract(salt, ikm) -> PRK. */
+    extract(salt: Uint8Array, ikm: Uint8Array): Uint8Array;
+    /** HKDF-Expand(prk, info, length) -> length bytes of OKM. */
+    expand(prk: Uint8Array, info: Uint8Array, length: number): Uint8Array;
+}
+/**
+ * Returns a stateless HKDF-SHA-512 KDF instance. Safe for concurrent
+ * use; no state is held between calls.
+ */
+export declare function newHKDFSHA512(): KDF;
+/** The five session keys derived from a handshake PRK. */
+export interface SessionKeys {
+    /** Client -> server message encryption key. */
+    encC2S: Uint8Array;
+    /** Server -> client message encryption key. */
+    encS2C: Uint8Array;
+    /** Client -> server message MAC key. */
+    macC2S: Uint8Array;
+    /** Server -> client message MAC key. */
+    macS2C: Uint8Array;
+    /** Envelope-layer MAC key (HMAC-SHA-256 over canonical envelopes). */
+    envMAC: Uint8Array;
+    /**
+     * Resumption secret (32 bytes). Set on initial-handshake derivation
+     * via {@link deriveSessionKeysWithResumption}; absent on rekey
+     * derivations.
+     */
+    resumption?: Uint8Array;
+}
+/**
+ * Derive the five session keys from a handshake. The salt is
+ * `clientNonce || serverNonce`. Per VECTORS.md §2.1, the IKM is the
+ * shared secret from the negotiated KEM; for rekey, the same five
+ * keys are derived under the rekey nonces but the resumption secret
+ * is NOT regenerated.
+ */
+export declare function deriveSessionKeys(kdf: KDF, sharedSecret: Uint8Array, clientNonce: Uint8Array, serverNonce: Uint8Array): SessionKeys;
+/**
+ * Like {@link deriveSessionKeys} but also derives K_resumption.
+ * Used on the initial handshake; rekey derivations skip the
+ * resumption expansion.
+ */
+export declare function deriveSessionKeysWithResumption(kdf: KDF, sharedSecret: Uint8Array, clientNonce: Uint8Array, serverNonce: Uint8Array): SessionKeys;
+/**
+ * Derive the resumed-session keys from a rekey ECDH and a retained
+ * resumption secret per HANDSHAKE.md §2.8.3 and SESSION.md §2.7.
+ * IKM is `ephemeralSharedSecret || kResumption`, salt is
+ * `clientNonce || serverNonce`. The five expand labels are the same
+ * SEMP-v1-session-* labels as the initial derivation.
+ */
+export declare function deriveResumedSessionKeys(kdf: KDF, ephemeralSharedSecret: Uint8Array, kResumption: Uint8Array, clientNonce: Uint8Array, serverNonce: Uint8Array): SessionKeys;
+/**
+ * Derive rekey keys per SESSION.md §3.3. Identical to the initial
+ * derivation in label set; the cross-context separation comes from
+ * the salt construction (rekeyNonce || responderNonce) and a fresh
+ * shared secret.
+ */
+export declare function deriveRekeyKeys(kdf: KDF, sharedSecret: Uint8Array, rekeyNonce: Uint8Array, responderNonce: Uint8Array): SessionKeys;
+//# sourceMappingURL=kdf.d.ts.map

package/dist/crypto/kdf.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"kdf.d.ts","sourceRoot":"","sources":["../../src/crypto/kdf.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH;;;;;;GAMG;AACH,eAAO,MAAM,iBAAiB,4BAA4B,CAAC;AAC3D,eAAO,MAAM,iBAAiB,4BAA4B,CAAC;AAC3D,eAAO,MAAM,iBAAiB,4BAA4B,CAAC;AAC3D,eAAO,MAAM,iBAAiB,4BAA4B,CAAC;AAC3D,eAAO,MAAM,iBAAiB,4BAA4B,CAAC;AAE3D;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,+BAA+B,CAAC;AAElE,sEAAsE;AACtE,eAAO,MAAM,gBAAgB,KAAK,CAAC;AAEnC;;;GAGG;AACH,MAAM,WAAW,GAAG;IAClB,sCAAsC;IACtC,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,GAAG,UAAU,CAAC;IACvD,6DAA6D;IAC7D,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,GAAG,UAAU,CAAC;CACvE;AAWD;;;GAGG;AACH,wBAAgB,aAAa,IAAI,GAAG,CAEnC;AAED,0DAA0D;AAC1D,MAAM,WAAW,WAAW;IAC1B,+CAA+C;IAC/C,MAAM,EAAE,UAAU,CAAC;IACnB,+CAA+C;IAC/C,MAAM,EAAE,UAAU,CAAC;IACnB,wCAAwC;IACxC,MAAM,EAAE,UAAU,CAAC;IACnB,wCAAwC;IACxC,MAAM,EAAE,UAAU,CAAC;IACnB,sEAAsE;IACtE,MAAM,EAAE,UAAU,CAAC;IACnB;;;;OAIG;IACH,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,GAAG,EAAE,GAAG,EACR,YAAY,EAAE,UAAU,EACxB,WAAW,EAAE,UAAU,EACvB,WAAW,EAAE,UAAU,GACtB,WAAW,CAUb;AAED;;;;GAIG;AACH,wBAAgB,+BAA+B,CAC7C,GAAG,EAAE,GAAG,EACR,YAAY,EAAE,UAAU,EACxB,WAAW,EAAE,UAAU,EACvB,WAAW,EAAE,UAAU,GACtB,WAAW,CAWb;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,GAAG,EACR,qBAAqB,EAAE,UAAU,EACjC,WAAW,EAAE,UAAU,EACvB,WAAW,EAAE,UAAU,EACvB,WAAW,EAAE,UAAU,GACtB,WAAW,CAWb;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,GAAG,EAAE,GAAG,EACR,YAAY,EAAE,UAAU,EACxB,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,UAAU,GACzB,WAAW,CAEb"}