npm - @sempdev/semp - Versions diffs - 0.4.3 - Mend

@sempdev/semp 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/LICENSE +21 -0
package/README.md +59 -0
package/dist/brief/address.d.ts +77 -0
package/dist/brief/address.d.ts.map +1 -0
package/dist/brief/address.js +217 -0
package/dist/brief/address.js.map +1 -0
package/dist/brief/brief.d.ts +75 -0
package/dist/brief/brief.d.ts.map +1 -0
package/dist/brief/brief.js +56 -0
package/dist/brief/brief.js.map +1 -0
package/dist/brief/index.d.ts +11 -0
package/dist/brief/index.d.ts.map +1 -0
package/dist/brief/index.js +11 -0
package/dist/brief/index.js.map +1 -0
package/dist/canonical/index.d.ts +8 -0
package/dist/canonical/index.d.ts.map +1 -0
package/dist/canonical/index.js +8 -0
package/dist/canonical/index.js.map +1 -0
package/dist/canonical/marshal.d.ts +35 -0
package/dist/canonical/marshal.d.ts.map +1 -0
package/dist/canonical/marshal.js +107 -0
package/dist/canonical/marshal.js.map +1 -0
package/dist/clockskew/index.d.ts +52 -0
package/dist/clockskew/index.d.ts.map +1 -0
package/dist/clockskew/index.js +62 -0
package/dist/clockskew/index.js.map +1 -0
package/dist/closure/closure.d.ts +106 -0
package/dist/closure/closure.d.ts.map +1 -0
package/dist/closure/closure.js +152 -0
package/dist/closure/closure.js.map +1 -0
package/dist/closure/driver.d.ts +103 -0
package/dist/closure/driver.d.ts.map +1 -0
package/dist/closure/driver.js +126 -0
package/dist/closure/driver.js.map +1 -0
package/dist/closure/index.d.ts +13 -0
package/dist/closure/index.d.ts.map +1 -0
package/dist/closure/index.js +13 -0
package/dist/closure/index.js.map +1 -0
package/dist/closure/store.d.ts +80 -0
package/dist/closure/store.d.ts.map +1 -0
package/dist/closure/store.js +89 -0
package/dist/closure/store.js.map +1 -0
package/dist/crypto/aead.d.ts +29 -0
package/dist/crypto/aead.d.ts.map +1 -0
package/dist/crypto/aead.js +48 -0
package/dist/crypto/aead.js.map +1 -0
package/dist/crypto/argon2.d.ts +20 -0
package/dist/crypto/argon2.d.ts.map +1 -0
package/dist/crypto/argon2.js +28 -0
package/dist/crypto/argon2.js.map +1 -0
package/dist/crypto/index.d.ts +14 -0
package/dist/crypto/index.d.ts.map +1 -0
package/dist/crypto/index.js +14 -0
package/dist/crypto/index.js.map +1 -0
package/dist/crypto/kdf.d.ts +96 -0
package/dist/crypto/kdf.d.ts.map +1 -0
package/dist/crypto/kdf.js +122 -0
package/dist/crypto/kdf.js.map +1 -0
package/dist/crypto/kem.d.ts +85 -0
package/dist/crypto/kem.d.ts.map +1 -0
package/dist/crypto/kem.js +130 -0
package/dist/crypto/kem.js.map +1 -0
package/dist/crypto/mac.d.ts +19 -0
package/dist/crypto/mac.d.ts.map +1 -0
package/dist/crypto/mac.js +32 -0
package/dist/crypto/mac.js.map +1 -0
package/dist/delivery/ack.d.ts +125 -0
package/dist/delivery/ack.d.ts.map +1 -0
package/dist/delivery/ack.js +141 -0
package/dist/delivery/ack.js.map +1 -0
package/dist/delivery/blocklist.d.ts +87 -0
package/dist/delivery/blocklist.d.ts.map +1 -0
package/dist/delivery/blocklist.js +107 -0
package/dist/delivery/blocklist.js.map +1 -0
package/dist/delivery/cancel.d.ts +60 -0
package/dist/delivery/cancel.d.ts.map +1 -0
package/dist/delivery/cancel.js +43 -0
package/dist/delivery/cancel.js.map +1 -0
package/dist/delivery/disposition.d.ts +106 -0
package/dist/delivery/disposition.d.ts.map +1 -0
package/dist/delivery/disposition.js +105 -0
package/dist/delivery/disposition.js.map +1 -0
package/dist/delivery/fetch.d.ts +59 -0
package/dist/delivery/fetch.d.ts.map +1 -0
package/dist/delivery/fetch.js +47 -0
package/dist/delivery/fetch.js.map +1 -0
package/dist/delivery/forwarder.d.ts +106 -0
package/dist/delivery/forwarder.d.ts.map +1 -0
package/dist/delivery/forwarder.js +251 -0
package/dist/delivery/forwarder.js.map +1 -0
package/dist/delivery/inbox.d.ts +42 -0
package/dist/delivery/inbox.d.ts.map +1 -0
package/dist/delivery/inbox.js +68 -0
package/dist/delivery/inbox.js.map +1 -0
package/dist/delivery/index.d.ts +31 -0
package/dist/delivery/index.d.ts.map +1 -0
package/dist/delivery/index.js +31 -0
package/dist/delivery/index.js.map +1 -0
package/dist/delivery/internalroute.d.ts +50 -0
package/dist/delivery/internalroute.d.ts.map +1 -0
package/dist/delivery/internalroute.js +23 -0
package/dist/delivery/internalroute.js.map +1 -0
package/dist/delivery/pipeline.d.ts +153 -0
package/dist/delivery/pipeline.d.ts.map +1 -0
package/dist/delivery/pipeline.js +356 -0
package/dist/delivery/pipeline.js.map +1 -0
package/dist/delivery/policy_state.d.ts +105 -0
package/dist/delivery/policy_state.d.ts.map +1 -0
package/dist/delivery/policy_state.js +293 -0
package/dist/delivery/policy_state.js.map +1 -0
package/dist/delivery/queue.d.ts +47 -0
package/dist/delivery/queue.d.ts.map +1 -0
package/dist/delivery/queue.js +33 -0
package/dist/delivery/queue.js.map +1 -0
package/dist/delivery/receipt.d.ts +137 -0
package/dist/delivery/receipt.d.ts.map +1 -0
package/dist/delivery/receipt.js +181 -0
package/dist/delivery/receipt.js.map +1 -0
package/dist/delivery/receipt_store.d.ts +81 -0
package/dist/delivery/receipt_store.d.ts.map +1 -0
package/dist/delivery/receipt_store.js +74 -0
package/dist/delivery/receipt_store.js.map +1 -0
package/dist/delivery/retry.d.ts +78 -0
package/dist/delivery/retry.d.ts.map +1 -0
package/dist/delivery/retry.js +132 -0
package/dist/delivery/retry.js.map +1 -0
package/dist/delivery/scheduler.d.ts +156 -0
package/dist/delivery/scheduler.d.ts.map +1 -0
package/dist/delivery/scheduler.js +349 -0
package/dist/delivery/scheduler.js.map +1 -0
package/dist/delivery/stage_partition.d.ts +87 -0
package/dist/delivery/stage_partition.d.ts.map +1 -0
package/dist/delivery/stage_partition.js +122 -0
package/dist/delivery/stage_partition.js.map +1 -0
package/dist/delivery/staged_runner.d.ts +100 -0
package/dist/delivery/staged_runner.d.ts.map +1 -0
package/dist/delivery/staged_runner.js +277 -0
package/dist/delivery/staged_runner.js.map +1 -0
package/dist/delivery/submission.d.ts +72 -0
package/dist/delivery/submission.d.ts.map +1 -0
package/dist/delivery/submission.js +58 -0
package/dist/delivery/submission.js.map +1 -0
package/dist/delivery/sync.d.ts +68 -0
package/dist/delivery/sync.d.ts.map +1 -0
package/dist/delivery/sync.js +99 -0
package/dist/delivery/sync.js.map +1 -0
package/dist/delivery/user_policy.d.ts +74 -0
package/dist/delivery/user_policy.d.ts.map +1 -0
package/dist/delivery/user_policy.js +140 -0
package/dist/delivery/user_policy.js.map +1 -0
package/dist/discovery/cache.d.ts +37 -0
package/dist/discovery/cache.d.ts.map +1 -0
package/dist/discovery/cache.js +45 -0
package/dist/discovery/cache.js.map +1 -0
package/dist/discovery/configuration.d.ts +97 -0
package/dist/discovery/configuration.d.ts.map +1 -0
package/dist/discovery/configuration.js +146 -0
package/dist/discovery/configuration.js.map +1 -0
package/dist/discovery/dns.d.ts +56 -0
package/dist/discovery/dns.d.ts.map +1 -0
package/dist/discovery/dns.js +120 -0
package/dist/discovery/dns.js.map +1 -0
package/dist/discovery/domain_keys.d.ts +62 -0
package/dist/discovery/domain_keys.d.ts.map +1 -0
package/dist/discovery/domain_keys.js +89 -0
package/dist/discovery/domain_keys.js.map +1 -0
package/dist/discovery/index.d.ts +19 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +19 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/lookup.d.ts +72 -0
package/dist/discovery/lookup.d.ts.map +1 -0
package/dist/discovery/lookup.js +121 -0
package/dist/discovery/lookup.js.map +1 -0
package/dist/discovery/onion.d.ts +34 -0
package/dist/discovery/onion.d.ts.map +1 -0
package/dist/discovery/onion.js +61 -0
package/dist/discovery/onion.js.map +1 -0
package/dist/discovery/partition.d.ts +96 -0
package/dist/discovery/partition.d.ts.map +1 -0
package/dist/discovery/partition.js +247 -0
package/dist/discovery/partition.js.map +1 -0
package/dist/discovery/resolver.d.ts +113 -0
package/dist/discovery/resolver.d.ts.map +1 -0
package/dist/discovery/resolver.js +176 -0
package/dist/discovery/resolver.js.map +1 -0
package/dist/discovery/txt.d.ts +39 -0
package/dist/discovery/txt.d.ts.map +1 -0
package/dist/discovery/txt.js +71 -0
package/dist/discovery/txt.js.map +1 -0
package/dist/enclosure/forwarding.d.ts +128 -0
package/dist/enclosure/forwarding.d.ts.map +1 -0
package/dist/enclosure/forwarding.js +119 -0
package/dist/enclosure/forwarding.js.map +1 -0
package/dist/enclosure/index.d.ts +11 -0
package/dist/enclosure/index.d.ts.map +1 -0
package/dist/enclosure/index.js +11 -0
package/dist/enclosure/index.js.map +1 -0
package/dist/envelope/buckets.d.ts +38 -0
package/dist/envelope/buckets.d.ts.map +1 -0
package/dist/envelope/buckets.js +73 -0
package/dist/envelope/buckets.js.map +1 -0
package/dist/envelope/canonical.d.ts +28 -0
package/dist/envelope/canonical.d.ts.map +1 -0
package/dist/envelope/canonical.js +54 -0
package/dist/envelope/canonical.js.map +1 -0
package/dist/envelope/compose.d.ts +171 -0
package/dist/envelope/compose.d.ts.map +1 -0
package/dist/envelope/compose.js +237 -0
package/dist/envelope/compose.js.map +1 -0
package/dist/envelope/encode.d.ts +41 -0
package/dist/envelope/encode.d.ts.map +1 -0
package/dist/envelope/encode.js +69 -0
package/dist/envelope/encode.js.map +1 -0
package/dist/envelope/index.d.ts +20 -0
package/dist/envelope/index.d.ts.map +1 -0
package/dist/envelope/index.js +20 -0
package/dist/envelope/index.js.map +1 -0
package/dist/envelope/open_any.d.ts +48 -0
package/dist/envelope/open_any.d.ts.map +1 -0
package/dist/envelope/open_any.js +81 -0
package/dist/envelope/open_any.js.map +1 -0
package/dist/envelope/open_verified.d.ts +59 -0
package/dist/envelope/open_verified.d.ts.map +1 -0
package/dist/envelope/open_verified.js +67 -0
package/dist/envelope/open_verified.js.map +1 -0
package/dist/envelope/padding.d.ts +55 -0
package/dist/envelope/padding.d.ts.map +1 -0
package/dist/envelope/padding.js +162 -0
package/dist/envelope/padding.js.map +1 -0
package/dist/envelope/rejection.d.ts +22 -0
package/dist/envelope/rejection.d.ts.map +1 -0
package/dist/envelope/rejection.js +30 -0
package/dist/envelope/rejection.js.map +1 -0
package/dist/envelope/sendtime.d.ts +49 -0
package/dist/envelope/sendtime.d.ts.map +1 -0
package/dist/envelope/sendtime.js +87 -0
package/dist/envelope/sendtime.js.map +1 -0
package/dist/envelope/verify.d.ts +29 -0
package/dist/envelope/verify.d.ts.map +1 -0
package/dist/envelope/verify.js +90 -0
package/dist/envelope/verify.js.map +1 -0
package/dist/extensions/index.d.ts +7 -0
package/dist/extensions/index.d.ts.map +1 -0
package/dist/extensions/index.js +7 -0
package/dist/extensions/index.js.map +1 -0
package/dist/extensions/limits.d.ts +101 -0
package/dist/extensions/limits.d.ts.map +1 -0
package/dist/extensions/limits.js +175 -0
package/dist/extensions/limits.js.map +1 -0
package/dist/handshake/abort.d.ts +49 -0
package/dist/handshake/abort.d.ts.map +1 -0
package/dist/handshake/abort.js +82 -0
package/dist/handshake/abort.js.map +1 -0
package/dist/handshake/capabilities.d.ts +46 -0
package/dist/handshake/capabilities.d.ts.map +1 -0
package/dist/handshake/capabilities.js +114 -0
package/dist/handshake/capabilities.js.map +1 -0
package/dist/handshake/client_state.d.ts +186 -0
package/dist/handshake/client_state.d.ts.map +1 -0
package/dist/handshake/client_state.js +520 -0
package/dist/handshake/client_state.js.map +1 -0
package/dist/handshake/confirm.d.ts +21 -0
package/dist/handshake/confirm.d.ts.map +1 -0
package/dist/handshake/confirm.js +27 -0
package/dist/handshake/confirm.js.map +1 -0
package/dist/handshake/driver.d.ts +126 -0
package/dist/handshake/driver.d.ts.map +1 -0
package/dist/handshake/driver.js +251 -0
package/dist/handshake/driver.js.map +1 -0
package/dist/handshake/federation.d.ts +365 -0
package/dist/handshake/federation.d.ts.map +1 -0
package/dist/handshake/federation.js +664 -0
package/dist/handshake/federation.js.map +1 -0
package/dist/handshake/first_contact.d.ts +57 -0
package/dist/handshake/first_contact.d.ts.map +1 -0
package/dist/handshake/first_contact.js +124 -0
package/dist/handshake/first_contact.js.map +1 -0
package/dist/handshake/identity.d.ts +101 -0
package/dist/handshake/identity.d.ts.map +1 -0
package/dist/handshake/identity.js +117 -0
package/dist/handshake/identity.js.map +1 -0
package/dist/handshake/index.d.ts +21 -0
package/dist/handshake/index.d.ts.map +1 -0
package/dist/handshake/index.js +21 -0
package/dist/handshake/index.js.map +1 -0
package/dist/handshake/messages.d.ts +176 -0
package/dist/handshake/messages.d.ts.map +1 -0
package/dist/handshake/messages.js +125 -0
package/dist/handshake/messages.js.map +1 -0
package/dist/handshake/pow.d.ts +53 -0
package/dist/handshake/pow.d.ts.map +1 -0
package/dist/handshake/pow.js +142 -0
package/dist/handshake/pow.js.map +1 -0
package/dist/handshake/resume_driver.d.ts +56 -0
package/dist/handshake/resume_driver.d.ts.map +1 -0
package/dist/handshake/resume_driver.js +75 -0
package/dist/handshake/resume_driver.js.map +1 -0
package/dist/handshake/server.d.ts +112 -0
package/dist/handshake/server.d.ts.map +1 -0
package/dist/handshake/server.js +247 -0
package/dist/handshake/server.js.map +1 -0
package/dist/handshake/server_state.d.ts +102 -0
package/dist/handshake/server_state.d.ts.map +1 -0
package/dist/handshake/server_state.js +278 -0
package/dist/handshake/server_state.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +33 -0
package/dist/index.js.map +1 -0
package/dist/keys/compromise.d.ts +118 -0
package/dist/keys/compromise.d.ts.map +1 -0
package/dist/keys/compromise.js +218 -0
package/dist/keys/compromise.js.map +1 -0
package/dist/keys/device_certificate.d.ts +166 -0
package/dist/keys/device_certificate.d.ts.map +1 -0
package/dist/keys/device_certificate.js +328 -0
package/dist/keys/device_certificate.js.map +1 -0
package/dist/keys/device_records.d.ts +175 -0
package/dist/keys/device_records.d.ts.map +1 -0
package/dist/keys/device_records.js +418 -0
package/dist/keys/device_records.js.map +1 -0
package/dist/keys/directory_cache.d.ts +64 -0
package/dist/keys/directory_cache.d.ts.map +1 -0
package/dist/keys/directory_cache.js +98 -0
package/dist/keys/directory_cache.js.map +1 -0
package/dist/keys/directory_state.d.ts +79 -0
package/dist/keys/directory_state.d.ts.map +1 -0
package/dist/keys/directory_state.js +155 -0
package/dist/keys/directory_state.js.map +1 -0
package/dist/keys/index.d.ts +18 -0
package/dist/keys/index.d.ts.map +1 -0
package/dist/keys/index.js +18 -0
package/dist/keys/index.js.map +1 -0
package/dist/keys/key_revocation.d.ts +61 -0
package/dist/keys/key_revocation.d.ts.map +1 -0
package/dist/keys/key_revocation.js +88 -0
package/dist/keys/key_revocation.js.map +1 -0
package/dist/keys/request.d.ts +124 -0
package/dist/keys/request.d.ts.map +1 -0
package/dist/keys/request.js +130 -0
package/dist/keys/request.js.map +1 -0
package/dist/keys/sign.d.ts +49 -0
package/dist/keys/sign.d.ts.map +1 -0
package/dist/keys/sign.js +80 -0
package/dist/keys/sign.js.map +1 -0
package/dist/keys/signed.d.ts +80 -0
package/dist/keys/signed.d.ts.map +1 -0
package/dist/keys/signed.js +138 -0
package/dist/keys/signed.js.map +1 -0
package/dist/keys/store.d.ts +138 -0
package/dist/keys/store.d.ts.map +1 -0
package/dist/keys/store.js +107 -0
package/dist/keys/store.js.map +1 -0
package/dist/largeattachment/crypto.d.ts +47 -0
package/dist/largeattachment/crypto.d.ts.map +1 -0
package/dist/largeattachment/crypto.js +235 -0
package/dist/largeattachment/crypto.js.map +1 -0
package/dist/largeattachment/enclosure.d.ts +48 -0
package/dist/largeattachment/enclosure.d.ts.map +1 -0
package/dist/largeattachment/enclosure.js +102 -0
package/dist/largeattachment/enclosure.js.map +1 -0
package/dist/largeattachment/index.d.ts +15 -0
package/dist/largeattachment/index.d.ts.map +1 -0
package/dist/largeattachment/index.js +15 -0
package/dist/largeattachment/index.js.map +1 -0
package/dist/largeattachment/store.d.ts +36 -0
package/dist/largeattachment/store.d.ts.map +1 -0
package/dist/largeattachment/store.js +37 -0
package/dist/largeattachment/store.js.map +1 -0
package/dist/largeattachment/types.d.ts +56 -0
package/dist/largeattachment/types.d.ts.map +1 -0
package/dist/largeattachment/types.js +31 -0
package/dist/largeattachment/types.js.map +1 -0
package/dist/largeattachment/upload.d.ts +62 -0
package/dist/largeattachment/upload.d.ts.map +1 -0
package/dist/largeattachment/upload.js +166 -0
package/dist/largeattachment/upload.js.map +1 -0
package/dist/migration/index.d.ts +17 -0
package/dist/migration/index.d.ts.map +1 -0
package/dist/migration/index.js +17 -0
package/dist/migration/index.js.map +1 -0
package/dist/migration/lockout.d.ts +48 -0
package/dist/migration/lockout.d.ts.map +1 -0
package/dist/migration/lockout.js +57 -0
package/dist/migration/lockout.js.map +1 -0
package/dist/migration/migration.d.ts +48 -0
package/dist/migration/migration.d.ts.map +1 -0
package/dist/migration/migration.js +58 -0
package/dist/migration/migration.js.map +1 -0
package/dist/migration/notice.d.ts +33 -0
package/dist/migration/notice.d.ts.map +1 -0
package/dist/migration/notice.js +85 -0
package/dist/migration/notice.js.map +1 -0
package/dist/migration/orchestrate.d.ts +109 -0
package/dist/migration/orchestrate.d.ts.map +1 -0
package/dist/migration/orchestrate.js +212 -0
package/dist/migration/orchestrate.js.map +1 -0
package/dist/migration/publication_store.d.ts +34 -0
package/dist/migration/publication_store.d.ts.map +1 -0
package/dist/migration/publication_store.js +44 -0
package/dist/migration/publication_store.js.map +1 -0
package/dist/migration/sign.d.ts +65 -0
package/dist/migration/sign.d.ts.map +1 -0
package/dist/migration/sign.js +331 -0
package/dist/migration/sign.js.map +1 -0
package/dist/migration/types.d.ts +92 -0
package/dist/migration/types.d.ts.map +1 -0
package/dist/migration/types.js +26 -0
package/dist/migration/types.js.map +1 -0
package/dist/reasoncodes.d.ts +42 -0
package/dist/reasoncodes.d.ts.map +1 -0
package/dist/reasoncodes.js +80 -0
package/dist/reasoncodes.js.map +1 -0
package/dist/recovery/bundle.d.ts +34 -0
package/dist/recovery/bundle.d.ts.map +1 -0
package/dist/recovery/bundle.js +144 -0
package/dist/recovery/bundle.js.map +1 -0
package/dist/recovery/bundle_crypto.d.ts +60 -0
package/dist/recovery/bundle_crypto.d.ts.map +1 -0
package/dist/recovery/bundle_crypto.js +179 -0
package/dist/recovery/bundle_crypto.js.map +1 -0
package/dist/recovery/bundle_store.d.ts +57 -0
package/dist/recovery/bundle_store.d.ts.map +1 -0
package/dist/recovery/bundle_store.js +104 -0
package/dist/recovery/bundle_store.js.map +1 -0
package/dist/recovery/index.d.ts +19 -0
package/dist/recovery/index.d.ts.map +1 -0
package/dist/recovery/index.js +19 -0
package/dist/recovery/index.js.map +1 -0
package/dist/recovery/manifest_crosscheck.d.ts +59 -0
package/dist/recovery/manifest_crosscheck.d.ts.map +1 -0
package/dist/recovery/manifest_crosscheck.js +59 -0
package/dist/recovery/manifest_crosscheck.js.map +1 -0
package/dist/recovery/shamir.d.ts +51 -0
package/dist/recovery/shamir.d.ts.map +1 -0
package/dist/recovery/shamir.js +181 -0
package/dist/recovery/shamir.js.map +1 -0
package/dist/recovery/sign.d.ts +61 -0
package/dist/recovery/sign.d.ts.map +1 -0
package/dist/recovery/sign.js +359 -0
package/dist/recovery/sign.js.map +1 -0
package/dist/recovery/types.d.ts +180 -0
package/dist/recovery/types.d.ts.map +1 -0
package/dist/recovery/types.js +31 -0
package/dist/recovery/types.js.map +1 -0
package/dist/reputation/abuse_report.d.ts +62 -0
package/dist/reputation/abuse_report.d.ts.map +1 -0
package/dist/reputation/abuse_report.js +111 -0
package/dist/reputation/abuse_report.js.map +1 -0
package/dist/reputation/bucketize.d.ts +31 -0
package/dist/reputation/bucketize.d.ts.map +1 -0
package/dist/reputation/bucketize.js +77 -0
package/dist/reputation/bucketize.js.map +1 -0
package/dist/reputation/gossip.d.ts +24 -0
package/dist/reputation/gossip.d.ts.map +1 -0
package/dist/reputation/gossip.js +64 -0
package/dist/reputation/gossip.js.map +1 -0
package/dist/reputation/gossip_fetch.d.ts +64 -0
package/dist/reputation/gossip_fetch.d.ts.map +1 -0
package/dist/reputation/gossip_fetch.js +114 -0
package/dist/reputation/gossip_fetch.js.map +1 -0
package/dist/reputation/index.d.ts +20 -0
package/dist/reputation/index.d.ts.map +1 -0
package/dist/reputation/index.js +20 -0
package/dist/reputation/index.js.map +1 -0
package/dist/reputation/observation_store.d.ts +67 -0
package/dist/reputation/observation_store.d.ts.map +1 -0
package/dist/reputation/observation_store.js +171 -0
package/dist/reputation/observation_store.js.map +1 -0
package/dist/reputation/pow.d.ts +91 -0
package/dist/reputation/pow.d.ts.map +1 -0
package/dist/reputation/pow.js +209 -0
package/dist/reputation/pow.js.map +1 -0
package/dist/reputation/sign.d.ts +40 -0
package/dist/reputation/sign.d.ts.map +1 -0
package/dist/reputation/sign.js +202 -0
package/dist/reputation/sign.js.map +1 -0
package/dist/reputation/types.d.ts +133 -0
package/dist/reputation/types.d.ts.map +1 -0
package/dist/reputation/types.js +33 -0
package/dist/reputation/types.js.map +1 -0
package/dist/reputation/whois.d.ts +25 -0
package/dist/reputation/whois.d.ts.map +1 -0
package/dist/reputation/whois.js +20 -0
package/dist/reputation/whois.js.map +1 -0
package/dist/seal/index.d.ts +8 -0
package/dist/seal/index.d.ts.map +1 -0
package/dist/seal/index.js +8 -0
package/dist/seal/index.js.map +1 -0
package/dist/seal/wrap.d.ts +74 -0
package/dist/seal/wrap.d.ts.map +1 -0
package/dist/seal/wrap.js +213 -0
package/dist/seal/wrap.js.map +1 -0
package/dist/session/dispatcher.d.ts +65 -0
package/dist/session/dispatcher.d.ts.map +1 -0
package/dist/session/dispatcher.js +96 -0
package/dist/session/dispatcher.js.map +1 -0
package/dist/session/index.d.ts +15 -0
package/dist/session/index.d.ts.map +1 -0
package/dist/session/index.js +15 -0
package/dist/session/index.js.map +1 -0
package/dist/session/rekey.d.ts +108 -0
package/dist/session/rekey.d.ts.map +1 -0
package/dist/session/rekey.js +207 -0
package/dist/session/rekey.js.map +1 -0
package/dist/session/rekey_seal.d.ts +66 -0
package/dist/session/rekey_seal.d.ts.map +1 -0
package/dist/session/rekey_seal.js +153 -0
package/dist/session/rekey_seal.js.map +1 -0
package/dist/session/resume.d.ts +125 -0
package/dist/session/resume.d.ts.map +1 -0
package/dist/session/resume.js +263 -0
package/dist/session/resume.js.map +1 -0
package/dist/session/session.d.ts +136 -0
package/dist/session/session.d.ts.map +1 -0
package/dist/session/session.js +188 -0
package/dist/session/session.js.map +1 -0
package/dist/transparency/index.d.ts +13 -0
package/dist/transparency/index.d.ts.map +1 -0
package/dist/transparency/index.js +13 -0
package/dist/transparency/index.js.map +1 -0
package/dist/transparency/log.d.ts +61 -0
package/dist/transparency/log.d.ts.map +1 -0
package/dist/transparency/log.js +133 -0
package/dist/transparency/log.js.map +1 -0
package/dist/transparency/merkle.d.ts +59 -0
package/dist/transparency/merkle.d.ts.map +1 -0
package/dist/transparency/merkle.js +314 -0
package/dist/transparency/merkle.js.map +1 -0
package/dist/transparency/sign.d.ts +48 -0
package/dist/transparency/sign.d.ts.map +1 -0
package/dist/transparency/sign.js +140 -0
package/dist/transparency/sign.js.map +1 -0
package/dist/transparency/types.d.ts +97 -0
package/dist/transparency/types.d.ts.map +1 -0
package/dist/transparency/types.js +25 -0
package/dist/transparency/types.js.map +1 -0
package/dist/transport/h2.d.ts +163 -0
package/dist/transport/h2.d.ts.map +1 -0
package/dist/transport/h2.js +397 -0
package/dist/transport/h2.js.map +1 -0
package/dist/transport/index.d.ts +15 -0
package/dist/transport/index.d.ts.map +1 -0
package/dist/transport/index.js +15 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/memory.d.ts +21 -0
package/dist/transport/memory.d.ts.map +1 -0
package/dist/transport/memory.js +112 -0
package/dist/transport/memory.js.map +1 -0
package/dist/transport/transport.d.ts +54 -0
package/dist/transport/transport.d.ts.map +1 -0
package/dist/transport/transport.js +20 -0
package/dist/transport/transport.js.map +1 -0
package/dist/transport/ws.d.ts +40 -0
package/dist/transport/ws.d.ts.map +1 -0
package/dist/transport/ws.js +204 -0
package/dist/transport/ws.js.map +1 -0
package/package.json +147 -0

package/dist/keys/device_certificate.js ADDED Viewed

@@ -0,0 +1,328 @@
+/**
+ * Scoped device certificates per KEY.md §10.3.
+ *
+ * A `SEMP_DEVICE_CERTIFICATE` binds a delegated device's public key
+ * to a permission scope and is signed by an existing full-access
+ * device of the account (the issuer). The home server enforces the
+ * scope on every relevant operation by the delegated device.
+ *
+ * This module provides:
+ *
+ *   - {@link DeviceCertificate} typed shape + the supporting
+ *     {@link Scope}, {@link ScopeMatcher}, {@link ScopeResource},
+ *     {@link ScopeEntry}, {@link RateLimitTier} types.
+ *   - {@link signDeviceCertificate}: build + Ed25519-sign a certificate
+ *     under the issuing device's signing seed (path
+ *     `signature.value`, prefix `SEMP-DEVICE-AUTHORIZE:`).
+ *   - {@link verifyDeviceCertificate}: Ed25519-verify against the
+ *     issuer's published device public key.
+ *   - {@link validateDeviceCertificate}: structural checks per
+ *     §10.3.2 / §10.3.3 / §10.3.8 (lifetime cap, scope rules).
+ *   - {@link scopeAllowsRecipient} / {@link scopeAllowsSender}:
+ *     enforcement helpers that the home server invokes on each
+ *     operation per §10.3.4.
+ *
+ * @module
+ */
+import { signSignedDoc, verifySignedDoc } from "./signed.js";
+/** `type` discriminator for a device certificate. */
+export const DeviceCertificateType = "SEMP_DEVICE_CERTIFICATE";
+/** Domain-separation prefix for the issuer signature, per ENVELOPE.md §4.3. */
+export const DeviceAuthorizePrefix = "SEMP-DEVICE-AUTHORIZE:";
+/** Combined cap on `allow + deny` size in a single matcher per §10.3.3.1. */
+export const MaxScopeMatcherEntries = 10_000;
+/** Cap on rate-limit tiers per scope field per §10.3.3.3. */
+export const MaxScopeRateLimitTiers = 16;
+/** Cap on certificate lifetime per §10.3.8: 365 days, in milliseconds. */
+export const MaxDeviceCertificateLifetimeMs = 365 * 24 * 3600 * 1000;
+/**
+ * Compute the issuer's signature over the canonical certificate
+ * bytes, then return a copy with `signature.{algorithm,key_id,value}`
+ * populated. Pre-populates the algorithm + key_id BEFORE
+ * canonicalization so the canonical bytes cover both — an attacker
+ * cannot downgrade the signing algorithm or forge a different
+ * issuer fingerprint.
+ */
+export function signDeviceCertificate(input) {
+    if (input.issuerKeyId === "") {
+        throw new Error("device certificate: empty issuer key_id");
+    }
+    validateDeviceCertificate(input.certificate, { skipSignatureCheck: true });
+    const preSign = {
+        ...input.certificate,
+        signature: {
+            algorithm: "ed25519",
+            key_id: input.issuerKeyId,
+            value: "",
+        },
+    };
+    const { signedJSON, signatureB64 } = signSignedDoc({
+        preSignJSON: preSign,
+        seed: input.issuerSigningSeed,
+        signaturePath: "signature.value",
+        prefix: DeviceAuthorizePrefix,
+    });
+    return {
+        certificate: signedJSON,
+        signatureB64,
+    };
+}
+/**
+ * Ed25519-verify a certificate's signature under `issuerPub`. Returns
+ * true when the signature verifies. Does NOT cross-check that the
+ * issuer is currently a registered, non-revoked full-access device
+ * for the account — that requires a key directory store and is the
+ * caller's responsibility.
+ */
+export function verifyDeviceCertificate(certificate, issuerPub) {
+    validateDeviceCertificate(certificate);
+    if (certificate.signature.value === "") {
+        return false;
+    }
+    const { ok } = verifySignedDoc({
+        signedJSON: certificate,
+        publicKey: issuerPub,
+        signaturePath: "signature.value",
+        prefix: DeviceAuthorizePrefix,
+    });
+    return ok;
+}
+/**
+ * Structural validation per §10.3.2 / §10.3.3 / §10.3.8. Throws on
+ * the first violation. Does NOT verify the signature; pair with
+ * {@link verifyDeviceCertificate}.
+ */
+export function validateDeviceCertificate(c, opts = {}) {
+    if (c.type !== DeviceCertificateType) {
+        throw new Error(`device certificate: type ${JSON.stringify(c.type)}, want ${DeviceCertificateType}`);
+    }
+    if (typeof c.version !== "string" || c.version === "") {
+        throw new Error("device certificate: missing version");
+    }
+    for (const f of ["device_id", "device_public_key", "account", "issued_by"]) {
+        if (typeof c[f] !== "string" || c[f] === "") {
+            throw new Error(`device certificate: missing ${f}`);
+        }
+    }
+    for (const f of ["issued_at", "expires_at"]) {
+        if (typeof c[f] !== "string" || c[f] === "") {
+            throw new Error(`device certificate: missing ${f}`);
+        }
+    }
+    const issued = Date.parse(c.issued_at);
+    const expires = Date.parse(c.expires_at);
+    if (Number.isNaN(issued)) {
+        throw new Error(`device certificate: issued_at is not ISO 8601: ${c.issued_at}`);
+    }
+    if (Number.isNaN(expires)) {
+        throw new Error(`device certificate: expires_at is not ISO 8601: ${c.expires_at}`);
+    }
+    if (expires <= issued) {
+        throw new Error("device certificate: expires_at MUST be after issued_at");
+    }
+    if (expires - issued > MaxDeviceCertificateLifetimeMs) {
+        throw new Error(`device certificate: lifetime ${expires - issued} ms exceeds 365-day cap (KEY.md §10.3.8)`);
+    }
+    validateScope(c.scope);
+    if (typeof c.signature?.algorithm !== "string" || c.signature.algorithm === "") {
+        throw new Error("device certificate: missing signature.algorithm");
+    }
+    if (typeof c.signature?.key_id !== "string" || c.signature.key_id === "") {
+        throw new Error("device certificate: missing signature.key_id");
+    }
+    if (typeof c.signature?.value !== "string") {
+        throw new Error("device certificate: signature.value must be a string");
+    }
+    if (!opts.skipSignatureCheck && c.signature.value === "") {
+        throw new Error("device certificate: signature.value is empty (unsigned)");
+    }
+}
+/** Structural validation of a {@link Scope} per §10.3.3. */
+export function validateScope(scope) {
+    if (scope === undefined || scope === null) {
+        throw new Error("scope: missing");
+    }
+    validateMatcher(scope.send, "scope.send", false);
+    validateMatcher(scope.receive, "scope.receive", true);
+    validateResource(scope.blocklist, "scope.blocklist");
+    validateResource(scope.keys, "scope.keys");
+    validateResource(scope.devices, "scope.devices");
+}
+function validateMatcher(m, path, allowDeliveryStage) {
+    if (m === undefined || m === null) {
+        throw new Error(`${path}: missing`);
+    }
+    if (!Array.isArray(m.rate_limits)) {
+        throw new Error(`${path}.rate_limits: missing or not an array`);
+    }
+    validateRateLimits(m.rate_limits, `${path}.rate_limits`);
+    const allow = m.allow ?? [];
+    const deny = m.deny ?? [];
+    switch (m.mode) {
+        case "unrestricted":
+        case "none":
+            if (allow.length > 0 || deny.length > 0) {
+                throw new Error(`${path}: mode=${m.mode} requires allow + deny absent or empty`);
+            }
+            break;
+        case "restricted":
+            if (allow.length === 0) {
+                throw new Error(`${path}: mode=restricted requires non-empty allow`);
+            }
+            if (deny.length > 0) {
+                throw new Error(`${path}: mode=restricted forbids deny`);
+            }
+            break;
+        case "denylist":
+            if (deny.length === 0) {
+                throw new Error(`${path}: mode=denylist requires non-empty deny`);
+            }
+            if (allow.length > 0) {
+                throw new Error(`${path}: mode=denylist forbids allow`);
+            }
+            break;
+        default:
+            throw new Error(`${path}: invalid mode ${JSON.stringify(m.mode)}`);
+    }
+    if (allow.length + deny.length > MaxScopeMatcherEntries) {
+        throw new Error(`${path}: allow + deny size ${allow.length + deny.length} exceeds cap ${MaxScopeMatcherEntries}`);
+    }
+    for (let i = 0; i < allow.length; i++) {
+        validateScopeEntry(allow[i], `${path}.allow[${i}]`);
+    }
+    for (let i = 0; i < deny.length; i++) {
+        validateScopeEntry(deny[i], `${path}.deny[${i}]`);
+    }
+    if (m.delivery_stage !== undefined) {
+        if (!allowDeliveryStage) {
+            throw new Error(`${path}: delivery_stage MUST be omitted on send matcher`);
+        }
+        if (!Number.isInteger(m.delivery_stage) || m.delivery_stage < 1) {
+            throw new Error(`${path}.delivery_stage: ${m.delivery_stage} MUST be a positive integer`);
+        }
+    }
+}
+function validateScopeEntry(e, path) {
+    switch (e.type) {
+        case "user":
+            if (typeof e.address !== "string" || e.address === "") {
+                throw new Error(`${path}: type=user requires address`);
+            }
+            break;
+        case "domain":
+            if (typeof e.domain !== "string" || e.domain === "") {
+                throw new Error(`${path}: type=domain requires domain`);
+            }
+            break;
+        case "server":
+            // Spec allows either `server` or `domain` as the matching key on
+            // server entries; the example schemas in DELIVERY.md §5.3 use
+            // `server`, but the device-cert example uses `domain`. Accept
+            // either.
+            if ((typeof e.server !== "string" || e.server === "") &&
+                (typeof e.domain !== "string" || e.domain === "")) {
+                throw new Error(`${path}: type=server requires server or domain`);
+            }
+            break;
+        default:
+            throw new Error(`${path}: invalid entity type ${JSON.stringify(e.type)}`);
+    }
+}
+function validateResource(r, path) {
+    if (r === undefined || r === null) {
+        throw new Error(`${path}: missing`);
+    }
+    if (typeof r.read !== "boolean") {
+        throw new Error(`${path}.read: must be boolean`);
+    }
+    if (typeof r.write !== "boolean") {
+        throw new Error(`${path}.write: must be boolean`);
+    }
+    if (!Array.isArray(r.rate_limits)) {
+        throw new Error(`${path}.rate_limits: missing or not an array`);
+    }
+    validateRateLimits(r.rate_limits, `${path}.rate_limits`);
+}
+function validateRateLimits(tiers, path) {
+    if (tiers.length > MaxScopeRateLimitTiers) {
+        throw new Error(`${path}: ${tiers.length} tiers exceeds cap ${MaxScopeRateLimitTiers}`);
+    }
+    for (let i = 0; i < tiers.length; i++) {
+        const t = tiers[i];
+        if (!Number.isInteger(t.period_seconds) || t.period_seconds < 1) {
+            throw new Error(`${path}[${i}].period_seconds: ${t.period_seconds} MUST be >= 1`);
+        }
+        if (!Number.isInteger(t.amount_allowed) || t.amount_allowed < 0) {
+            throw new Error(`${path}[${i}].amount_allowed: ${t.amount_allowed} MUST be >= 0`);
+        }
+    }
+}
+/**
+ * Report whether `matcher` permits sending to `recipient` per
+ * §10.3.3.1. Does NOT evaluate rate limits — the caller applies
+ * rate-limit tiers separately per §10.3.4.
+ */
+export function scopeAllowsRecipient(matcher, recipient) {
+    switch (matcher.mode) {
+        case "unrestricted":
+            return true;
+        case "none":
+            return false;
+        case "restricted":
+            return matchAny(matcher.allow ?? [], recipient);
+        case "denylist":
+            return !matchAny(matcher.deny ?? [], recipient);
+        default:
+            // Unknown mode — fail closed.
+            return false;
+    }
+}
+/**
+ * Report whether `matcher` permits receiving from `sender` per
+ * §10.3.3.1. Identical evaluation to {@link scopeAllowsRecipient};
+ * separate name reads clearly at call sites.
+ */
+export function scopeAllowsSender(matcher, sender) {
+    return scopeAllowsRecipient(matcher, sender);
+}
+function matchAny(entries, addr) {
+    const peer = addr.address.toLowerCase();
+    const peerDomain = peer.includes("@") ? peer.split("@").pop() ?? "" : "";
+    const peerServer = (addr.server ?? "").toLowerCase();
+    for (const entry of entries) {
+        switch (entry.type) {
+            case "user":
+                if (typeof entry.address === "string" &&
+                    entry.address !== "" &&
+                    entry.address.toLowerCase() === peer) {
+                    return true;
+                }
+                break;
+            case "domain":
+                if (typeof entry.domain === "string" &&
+                    entry.domain !== "" &&
+                    entry.domain.toLowerCase() === peerDomain) {
+                    return true;
+                }
+                break;
+            case "server": {
+                const ent = (entry.server ?? entry.domain ?? "").toLowerCase();
+                if (ent === "") {
+                    continue;
+                }
+                // Server entries match either the routing server hostname (when
+                // known) or the recipient's domain (which is approximately the
+                // server identity for direct-domain deployments).
+                if (peerServer !== "" && ent === peerServer) {
+                    return true;
+                }
+                if (peerServer === "" && ent === peerDomain) {
+                    return true;
+                }
+                break;
+            }
+        }
+    }
+    return false;
+}
+//# sourceMappingURL=device_certificate.js.map

package/dist/keys/device_certificate.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"device_certificate.js","sourceRoot":"","sources":["../../src/keys/device_certificate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE7D,qDAAqD;AACrD,MAAM,CAAC,MAAM,qBAAqB,GAAG,yBAAyB,CAAC;AAE/D,+EAA+E;AAC/E,MAAM,CAAC,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AAE9D,6EAA6E;AAC7E,MAAM,CAAC,MAAM,sBAAsB,GAAG,MAAM,CAAC;AAE7C,6DAA6D;AAC7D,MAAM,CAAC,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAEzC,0EAA0E;AAC1E,MAAM,CAAC,MAAM,8BAA8B,GAAG,GAAG,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AA0FrE;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAiC;IAEjC,IAAI,KAAK,CAAC,WAAW,KAAK,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IAED,yBAAyB,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;IAE3E,MAAM,OAAO,GAAsB;QACjC,GAAG,KAAK,CAAC,WAAW;QACpB,SAAS,EAAE;YACT,SAAS,EAAE,SAAS;YACpB,MAAM,EAAE,KAAK,CAAC,WAAW;YACzB,KAAK,EAAE,EAAE;SACV;KACF,CAAC;IAEF,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;QACjD,WAAW,EAAE,OAA6C;QAC1D,IAAI,EAAE,KAAK,CAAC,iBAAiB;QAC7B,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,qBAAqB;KAC9B,CAAC,CAAC;IAEH,OAAO;QACL,WAAW,EAAE,UAA0C;QACvD,YAAY;KACb,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CACrC,WAA8B,EAC9B,SAAqB;IAErB,yBAAyB,CAAC,WAAW,CAAC,CAAC;IACvC,IAAI,WAAW,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QACvC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,EAAE,EAAE,EAAE,GAAG,eAAe,CAAC;QAC7B,UAAU,EAAE,WAAiD;QAC7D,SAAS,EAAE,SAAS;QACpB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,qBAAqB;KAC9B,CAAC,CAAC;IACH,OAAO,EAAE,CAAC;AACZ,CAAC;AAWD;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CACvC,CAAoB,EACpB,OAAwB,EAAE;IAE1B,IAAI,CAAC,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,4BAA4B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,qBAAqB,EAAE,CACpF,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,mBAAmB,EAAE,SAAS,EAAE,WAAW,CAAU,EAAE,CAAC;QACpF,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAU,EAAE,CAAC;QACrD,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IACzC,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;IACnF,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,OAAO,GAAG,MAAM,GAAG,8BAA8B,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,gCAAgC,OAAO,GAAG,MAAM,0CAA0C,CAC3F,CAAC;IACJ,CAAC;IAED,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAEvB,IAAI,OAAO,CAAC,CAAC,SAAS,EAAE,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;QAC/E,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,SAAS,EAAE,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACzE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,aAAa,CAAC,KAAY;IACxC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;IACpC,CAAC;IACD,eAAe,CAAC,KAAK,CAAC,IAAI,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;IACjD,eAAe,CAAC,KAAK,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;IACtD,gBAAgB,CAAC,KAAK,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IACrD,gBAAgB,CAAC,KAAK,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC3C,gBAAgB,CAAC,KAAK,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,eAAe,CACtB,CAAe,EACf,IAAY,EACZ,kBAA2B;IAE3B,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,WAAW,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,uCAAuC,CAAC,CAAC;IAClE,CAAC;IACD,kBAAkB,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,cAAc,CAAC,CAAC;IAEzD,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IAC1B,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;QACf,KAAK,cAAc,CAAC;QACpB,KAAK,MAAM;YACT,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,wCAAwC,CAChE,CAAC;YACJ,CAAC;YACD,MAAM;QACR,KAAK,YAAY;YACf,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,4CAA4C,CAAC,CAAC;YACvE,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,gCAAgC,CAAC,CAAC;YAC3D,CAAC;YACD,MAAM;QACR,KAAK,UAAU;YACb,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,yCAAyC,CAAC,CAAC;YACpE,CAAC;YACD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,+BAA+B,CAAC,CAAC;YAC1D,CAAC;YACD,MAAM;QACR;YACE,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,kBAAkB,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,uBAAuB,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,gBAAgB,sBAAsB,EAAE,CACjG,CAAC;IACJ,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAe,EAAE,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IACpE,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAe,EAAE,GAAG,IAAI,SAAS,CAAC,GAAG,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,CAAC,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;QACnC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,kDAAkD,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,oBAAoB,CAAC,CAAC,cAAc,6BAA6B,CACzE,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAa,EAAE,IAAY;IACrD,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;QACf,KAAK,MAAM;YACT,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,8BAA8B,CAAC,CAAC;YACzD,CAAC;YACD,MAAM;QACR,KAAK,QAAQ;YACX,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACpD,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,+BAA+B,CAAC,CAAC;YAC1D,CAAC;YACD,MAAM;QACR,KAAK,QAAQ;YACX,iEAAiE;YACjE,8DAA8D;YAC9D,8DAA8D;YAC9D,UAAU;YACV,IACE,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,EAAE,CAAC;gBACjD,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,EAAE,CAAC,EACjD,CAAC;gBACD,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,yCAAyC,CAAC,CAAC;YACpE,CAAC;YACD,MAAM;QACR;YACE,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,yBAAyB,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAgB,EAAE,IAAY;IACtD,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,WAAW,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,wBAAwB,CAAC,CAAC;IACnD,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,yBAAyB,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,uCAAuC,CAAC,CAAC;IAClE,CAAC;IACD,kBAAkB,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,cAAc,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAsB,EAAE,IAAY;IAC9D,IAAI,KAAK,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,KAAK,KAAK,CAAC,MAAM,sBAAsB,sBAAsB,EAAE,CACvE,CAAC;IACJ,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAkB,CAAC;QACpC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,IAAI,CAAC,qBAAqB,CAAC,CAAC,cAAc,eAAe,CACjE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,IAAI,CAAC,qBAAqB,CAAC,CAAC,cAAc,eAAe,CACjE,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAaD;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAqB,EACrB,SAA0B;IAE1B,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;QACrB,KAAK,cAAc;YACjB,OAAO,IAAI,CAAC;QACd,KAAK,MAAM;YACT,OAAO,KAAK,CAAC;QACf,KAAK,YAAY;YACf,OAAO,QAAQ,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,EAAE,SAAS,CAAC,CAAC;QAClD,KAAK,UAAU;YACb,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,EAAE,SAAS,CAAC,CAAC;QAClD;YACE,8BAA8B;YAC9B,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,OAAqB,EACrB,MAAuB;IAEvB,OAAO,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,QAAQ,CAAC,OAAqB,EAAE,IAAqB;IAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;IACxC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACzE,MAAM,UAAU,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;YACnB,KAAK,MAAM;gBACT,IACE,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ;oBACjC,KAAK,CAAC,OAAO,KAAK,EAAE;oBACpB,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,IAAI,EACpC,CAAC;oBACD,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,MAAM;YACR,KAAK,QAAQ;gBACX,IACE,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ;oBAChC,KAAK,CAAC,MAAM,KAAK,EAAE;oBACnB,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,UAAU,EACzC,CAAC;oBACD,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,MAAM;YACR,KAAK,QAAQ,CAAC,CAAC,CAAC;gBACd,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC/D,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;oBACf,SAAS;gBACX,CAAC;gBACD,gEAAgE;gBAChE,+DAA+D;gBAC/D,kDAAkD;gBAClD,IAAI,UAAU,KAAK,EAAE,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;oBAC5C,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,IAAI,UAAU,KAAK,EAAE,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;oBAC5C,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/keys/device_records.d.ts ADDED Viewed

@@ -0,0 +1,175 @@
+/**
+ * Multi-device record primitives per KEY.md §10.1, §10.5, §10.6.
+ *
+ * Three record kinds share an account-identity-key signature on the
+ * outer envelope so a home server or correspondent can verify
+ * "this record was authored by the account's current identity key"
+ * without knowing the device graph in advance:
+ *
+ *   - {@link DeviceRegistration} (`SEMP_DEVICE`, step="register"):
+ *     announces a new device. Carries device pubkey, role, and an
+ *     INNER authorization signature from an existing full-access
+ *     device that authorized the enrollment (§10.2).
+ *   - {@link DeviceRevocation} (`SEMP_DEVICE_REVOCATION`): removes
+ *     a device from the active set per §10.5.
+ *   - {@link DeviceDirectory} (`SEMP_DEVICE_DIRECTORY`): the
+ *     home server's signed list of currently active devices, with
+ *     a monotonically increasing revision so correspondents can
+ *     detect rollback per §10.6.
+ *
+ * The SEMP_DEVICE_CERTIFICATE (scoped delegation) lives in
+ * {@link "./device_certificate"}.
+ *
+ * @module
+ */
+/** Wire-level type discriminators. */
+export declare const DeviceRegistrationType = "SEMP_DEVICE";
+export declare const DeviceRegistrationStep = "register";
+export declare const DeviceRevocationType = "SEMP_DEVICE_REVOCATION";
+export declare const DeviceDirectoryType = "SEMP_DEVICE_DIRECTORY";
+export declare const DeviceRecordVersion = "1.0.0";
+/** Domain-separation prefixes per ENVELOPE.md §4.3. */
+export declare const DeviceRegisterPrefix = "SEMP-DEVICE-REGISTER:";
+export declare const DeviceAuthorizeRecordPrefix = "SEMP-DEVICE-AUTHORIZE:";
+export declare const DeviceRevocationPrefix = "SEMP-DEVICE-REVOCATION:";
+export declare const DeviceDirectoryPrefix = "SEMP-DEVICE-DIRECTORY:";
+/** Device authority levels per §10.1. */
+export type DeviceRole = "full_access" | "delegated";
+/** Authorization methods per §10.2.1. */
+export type DeviceAuthorizationMethod = "qr_scan" | "numeric_code";
+/** Reasons a device may be revoked per §10.5.2. */
+export type DeviceRevocationReason = "key_compromise" | "lost" | "retired" | "superseded";
+/**
+ * Report whether `r` is the kind of revocation that triggers
+ * mandatory identity-key rotation per §10.5.5.
+ */
+export declare function requiresIdentityRotation(r: DeviceRevocationReason): boolean;
+/** Reusable signature block. */
+export interface KeysSignature {
+    algorithm: string;
+    key_id: string;
+    value: string;
+}
+/** Inner authorization block embedded in a {@link DeviceRegistration}. */
+export interface DeviceAuthorization {
+    method: DeviceAuthorizationMethod;
+    authorizing_device_id: string;
+    authorizing_signature: KeysSignature;
+}
+/** SEMP_DEVICE register record per §10.1. */
+export interface DeviceRegistration {
+    type: typeof DeviceRegistrationType;
+    step: typeof DeviceRegistrationStep;
+    version: string;
+    user_id: string;
+    device_id: string;
+    device_name: string;
+    device_type: string;
+    device_public_key: string;
+    device_identity_pubkey_algorithm: string;
+    /** ISO 8601 UTC. */
+    enrolled_at: string;
+    role: DeviceRole;
+    /** For `delegated`: matches a SEMP_DEVICE_CERTIFICATE device_id. For `full_access`: null. */
+    certificate_id: string | null;
+    authorization: DeviceAuthorization;
+    signature: KeysSignature;
+}
+/** SEMP_DEVICE_REVOCATION record per §10.5.1. */
+export interface DeviceRevocation {
+    type: typeof DeviceRevocationType;
+    version: string;
+    user_id: string;
+    device_id: string;
+    reason: DeviceRevocationReason;
+    /** ISO 8601 UTC. */
+    revoked_at: string;
+    revoked_by_device_id: string;
+    /** Non-null only for reason="superseded". */
+    replacement_device_id: string | null;
+    signature: KeysSignature;
+}
+/** One entry inside a {@link DeviceDirectory} per §10.6.1. */
+export interface DeviceDirectoryEntry {
+    device_id: string;
+    device_public_key: string;
+    device_identity_pubkey_algorithm: string;
+    role: DeviceRole;
+    certificate_id: string | null;
+    /** ISO 8601 UTC. */
+    enrolled_at: string;
+    device_name: string;
+    device_type: string;
+}
+/** SEMP_DEVICE_DIRECTORY record per §10.6.1. */
+export interface DeviceDirectory {
+    type: typeof DeviceDirectoryType;
+    version: string;
+    user_id: string;
+    /** Monotonically non-decreasing per emission. */
+    revision: number;
+    /** ISO 8601 UTC. */
+    issued_at: string;
+    devices: DeviceDirectoryEntry[];
+    signature: KeysSignature;
+}
+/**
+ * Inputs to {@link signDeviceAuthorization}. The signature covers the
+ * length-prefixed (NUL-separated) concatenation of
+ * `device_id || device_public_key || enrolled_at || enroll_nonce`,
+ * prefixed with `SEMP-DEVICE-AUTHORIZE:`.
+ */
+export interface SignDeviceAuthorizationInput {
+    /** The half-built registration; `authorization` will be replaced. */
+    registration: DeviceRegistration;
+    /** 32-byte Ed25519 secret seed for the authorizing full-access device. */
+    authorizingDeviceSeed: Uint8Array;
+    /** Stable id of the authorizing device. */
+    authorizingDeviceId: string;
+    /** Lowercase-hex SHA-256 fingerprint of the authorizing device pub. */
+    authorizingDeviceKeyId: string;
+    /** Fresh 32-byte enrollment nonce (single-use per attempt). */
+    enrollNonce: Uint8Array;
+    /** `qr_scan` or `numeric_code`. */
+    method: DeviceAuthorizationMethod;
+}
+/**
+ * Sign the inner authorization block and place it on
+ * `registration.authorization`. The caller MUST have populated
+ * `registration.device_id`, `device_public_key`, `enrolled_at`
+ * before calling.
+ */
+export declare function signDeviceAuthorization(input: SignDeviceAuthorizationInput): void;
+/**
+ * Verify the inner authorizing-device signature on `registration`
+ * using the supplied authorizing-device public key and the SAME
+ * `enrollNonce` that was used at sign time. Returns true on success.
+ */
+export declare function verifyDeviceAuthorization(registration: DeviceRegistration, authorizingDevicePub: Uint8Array, enrollNonce: Uint8Array): boolean;
+/** Sign the outer identity-key signature on a registration record. */
+export declare function signDeviceRegistration(reg: DeviceRegistration, identityPriv: Uint8Array, identityKeyId: string): string;
+/** Verify the outer identity-key signature on a registration record. */
+export declare function verifyDeviceRegistration(reg: DeviceRegistration, identityPub: Uint8Array): boolean;
+/** Structural validation per §10.1. Throws on first violation. */
+export declare function validateDeviceRegistration(reg: DeviceRegistration, opts?: {
+    skipSignatureCheck?: boolean;
+}): void;
+/** Sign the identity-key signature on a device revocation record. */
+export declare function signDeviceRevocation(rev: DeviceRevocation, identityPriv: Uint8Array, identityKeyId: string): string;
+/** Verify a device revocation record. */
+export declare function verifyDeviceRevocation(rev: DeviceRevocation, identityPub: Uint8Array): boolean;
+/** Structural validation per §10.5.1. Throws on first violation. */
+export declare function validateDeviceRevocation(rev: DeviceRevocation, opts?: {
+    skipSignatureCheck?: boolean;
+}): void;
+/** Sign the identity-key signature on a device directory record. */
+export declare function signDeviceDirectory(dir: DeviceDirectory, identityPriv: Uint8Array, identityKeyId: string): string;
+/** Verify a device directory record. */
+export declare function verifyDeviceDirectory(dir: DeviceDirectory, identityPub: Uint8Array): boolean;
+/** Structural validation per §10.6.1. Throws on first violation. */
+export declare function validateDeviceDirectory(dir: DeviceDirectory, opts?: {
+    skipSignatureCheck?: boolean;
+}): void;
+/** Look up a device entry by id. Returns null when not found. */
+export declare function findDevice(dir: DeviceDirectory, deviceId: string): DeviceDirectoryEntry | null;
+//# sourceMappingURL=device_records.d.ts.map

package/dist/keys/device_records.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"device_records.d.ts","sourceRoot":"","sources":["../../src/keys/device_records.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAKH,sCAAsC;AACtC,eAAO,MAAM,sBAAsB,gBAAgB,CAAC;AACpD,eAAO,MAAM,sBAAsB,aAAa,CAAC;AACjD,eAAO,MAAM,oBAAoB,2BAA2B,CAAC;AAC7D,eAAO,MAAM,mBAAmB,0BAA0B,CAAC;AAC3D,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAE3C,uDAAuD;AACvD,eAAO,MAAM,oBAAoB,0BAA0B,CAAC;AAC5D,eAAO,MAAM,2BAA2B,2BAA2B,CAAC;AACpE,eAAO,MAAM,sBAAsB,4BAA4B,CAAC;AAChE,eAAO,MAAM,qBAAqB,2BAA2B,CAAC;AAE9D,yCAAyC;AACzC,MAAM,MAAM,UAAU,GAAG,aAAa,GAAG,WAAW,CAAC;AAErD,yCAAyC;AACzC,MAAM,MAAM,yBAAyB,GAAG,SAAS,GAAG,cAAc,CAAC;AAEnE,mDAAmD;AACnD,MAAM,MAAM,sBAAsB,GAC9B,gBAAgB,GAChB,MAAM,GACN,SAAS,GACT,YAAY,CAAC;AAEjB;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,CAAC,EAAE,sBAAsB,GAAG,OAAO,CAE3E;AAED,gCAAgC;AAChC,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf;AAED,0EAA0E;AAC1E,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,yBAAyB,CAAC;IAClC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,qBAAqB,EAAE,aAAa,CAAC;CACtC;AAED,6CAA6C;AAC7C,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,OAAO,sBAAsB,CAAC;IACpC,IAAI,EAAE,OAAO,sBAAsB,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gCAAgC,EAAE,MAAM,CAAC;IACzC,oBAAoB;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,UAAU,CAAC;IACjB,6FAA6F;IAC7F,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,aAAa,EAAE,mBAAmB,CAAC;IACnC,SAAS,EAAE,aAAa,CAAC;CAC1B;AAED,iDAAiD;AACjD,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,OAAO,oBAAoB,CAAC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,sBAAsB,CAAC;IAC/B,oBAAoB;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,6CAA6C;IAC7C,qBAAqB,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,SAAS,EAAE,aAAa,CAAC;CAC1B;AAED,8DAA8D;AAC9D,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gCAAgC,EAAE,MAAM,CAAC;IACzC,IAAI,EAAE,UAAU,CAAC;IACjB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,oBAAoB;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,gDAAgD;AAChD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,OAAO,mBAAmB,CAAC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,iDAAiD;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,oBAAoB,EAAE,CAAC;IAChC,SAAS,EAAE,aAAa,CAAC;CAC1B;AAKD;;;;;GAKG;AACH,MAAM,WAAW,4BAA4B;IAC3C,qEAAqE;IACrE,YAAY,EAAE,kBAAkB,CAAC;IACjC,0EAA0E;IAC1E,qBAAqB,EAAE,UAAU,CAAC;IAClC,2CAA2C;IAC3C,mBAAmB,EAAE,MAAM,CAAC;IAC5B,uEAAuE;IACvE,sBAAsB,EAAE,MAAM,CAAC;IAC/B,+DAA+D;IAC/D,WAAW,EAAE,UAAU,CAAC;IACxB,mCAAmC;IACnC,MAAM,EAAE,yBAAyB,CAAC;CACnC;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,4BAA4B,GAClC,IAAI,CAoCN;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,CACvC,YAAY,EAAE,kBAAkB,EAChC,oBAAoB,EAAE,UAAU,EAChC,WAAW,EAAE,UAAU,GACtB,OAAO,CAsBT;AAoCD,sEAAsE;AACtE,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,kBAAkB,EACvB,YAAY,EAAE,UAAU,EACxB,aAAa,EAAE,MAAM,GACpB,MAAM,CAgBR;AAED,wEAAwE;AACxE,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,kBAAkB,EACvB,WAAW,EAAE,UAAU,GACtB,OAAO,CAYT;AAED,kEAAkE;AAClE,wBAAgB,0BAA0B,CACxC,GAAG,EAAE,kBAAkB,EACvB,IAAI,GAAE;IAAE,kBAAkB,CAAC,EAAE,OAAO,CAAA;CAAO,GAC1C,IAAI,CA2EN;AAKD,qEAAqE;AACrE,wBAAgB,oBAAoB,CAClC,GAAG,EAAE,gBAAgB,EACrB,YAAY,EAAE,UAAU,EACxB,aAAa,EAAE,MAAM,GACpB,MAAM,CAgBR;AAED,yCAAyC;AACzC,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,gBAAgB,EACrB,WAAW,EAAE,UAAU,GACtB,OAAO,CAYT;AAED,oEAAoE;AACpE,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,gBAAgB,EACrB,IAAI,GAAE;IAAE,kBAAkB,CAAC,EAAE,OAAO,CAAA;CAAO,GAC1C,IAAI,CAyCN;AAKD,oEAAoE;AACpE,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,eAAe,EACpB,YAAY,EAAE,UAAU,EACxB,aAAa,EAAE,MAAM,GACpB,MAAM,CAgBR;AAED,wCAAwC;AACxC,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,eAAe,EACpB,WAAW,EAAE,UAAU,GACtB,OAAO,CAYT;AAED,oEAAoE;AACpE,wBAAgB,uBAAuB,CACrC,GAAG,EAAE,eAAe,EACpB,IAAI,GAAE;IAAE,kBAAkB,CAAC,EAAE,OAAO,CAAA;CAAO,GAC1C,IAAI,CAiEN;AAED,iEAAiE;AACjE,wBAAgB,UAAU,CACxB,GAAG,EAAE,eAAe,EACpB,QAAQ,EAAE,MAAM,GACf,oBAAoB,GAAG,IAAI,CAO7B"}