npm - @sempdev/semp - Versions diffs - 0.4.3 - Mend

@sempdev/semp 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/LICENSE +21 -0
package/README.md +59 -0
package/dist/brief/address.d.ts +77 -0
package/dist/brief/address.d.ts.map +1 -0
package/dist/brief/address.js +217 -0
package/dist/brief/address.js.map +1 -0
package/dist/brief/brief.d.ts +75 -0
package/dist/brief/brief.d.ts.map +1 -0
package/dist/brief/brief.js +56 -0
package/dist/brief/brief.js.map +1 -0
package/dist/brief/index.d.ts +11 -0
package/dist/brief/index.d.ts.map +1 -0
package/dist/brief/index.js +11 -0
package/dist/brief/index.js.map +1 -0
package/dist/canonical/index.d.ts +8 -0
package/dist/canonical/index.d.ts.map +1 -0
package/dist/canonical/index.js +8 -0
package/dist/canonical/index.js.map +1 -0
package/dist/canonical/marshal.d.ts +35 -0
package/dist/canonical/marshal.d.ts.map +1 -0
package/dist/canonical/marshal.js +107 -0
package/dist/canonical/marshal.js.map +1 -0
package/dist/clockskew/index.d.ts +52 -0
package/dist/clockskew/index.d.ts.map +1 -0
package/dist/clockskew/index.js +62 -0
package/dist/clockskew/index.js.map +1 -0
package/dist/closure/closure.d.ts +106 -0
package/dist/closure/closure.d.ts.map +1 -0
package/dist/closure/closure.js +152 -0
package/dist/closure/closure.js.map +1 -0
package/dist/closure/driver.d.ts +103 -0
package/dist/closure/driver.d.ts.map +1 -0
package/dist/closure/driver.js +126 -0
package/dist/closure/driver.js.map +1 -0
package/dist/closure/index.d.ts +13 -0
package/dist/closure/index.d.ts.map +1 -0
package/dist/closure/index.js +13 -0
package/dist/closure/index.js.map +1 -0
package/dist/closure/store.d.ts +80 -0
package/dist/closure/store.d.ts.map +1 -0
package/dist/closure/store.js +89 -0
package/dist/closure/store.js.map +1 -0
package/dist/crypto/aead.d.ts +29 -0
package/dist/crypto/aead.d.ts.map +1 -0
package/dist/crypto/aead.js +48 -0
package/dist/crypto/aead.js.map +1 -0
package/dist/crypto/argon2.d.ts +20 -0
package/dist/crypto/argon2.d.ts.map +1 -0
package/dist/crypto/argon2.js +28 -0
package/dist/crypto/argon2.js.map +1 -0
package/dist/crypto/index.d.ts +14 -0
package/dist/crypto/index.d.ts.map +1 -0
package/dist/crypto/index.js +14 -0
package/dist/crypto/index.js.map +1 -0
package/dist/crypto/kdf.d.ts +96 -0
package/dist/crypto/kdf.d.ts.map +1 -0
package/dist/crypto/kdf.js +122 -0
package/dist/crypto/kdf.js.map +1 -0
package/dist/crypto/kem.d.ts +85 -0
package/dist/crypto/kem.d.ts.map +1 -0
package/dist/crypto/kem.js +130 -0
package/dist/crypto/kem.js.map +1 -0
package/dist/crypto/mac.d.ts +19 -0
package/dist/crypto/mac.d.ts.map +1 -0
package/dist/crypto/mac.js +32 -0
package/dist/crypto/mac.js.map +1 -0
package/dist/delivery/ack.d.ts +125 -0
package/dist/delivery/ack.d.ts.map +1 -0
package/dist/delivery/ack.js +141 -0
package/dist/delivery/ack.js.map +1 -0
package/dist/delivery/blocklist.d.ts +87 -0
package/dist/delivery/blocklist.d.ts.map +1 -0
package/dist/delivery/blocklist.js +107 -0
package/dist/delivery/blocklist.js.map +1 -0
package/dist/delivery/cancel.d.ts +60 -0
package/dist/delivery/cancel.d.ts.map +1 -0
package/dist/delivery/cancel.js +43 -0
package/dist/delivery/cancel.js.map +1 -0
package/dist/delivery/disposition.d.ts +106 -0
package/dist/delivery/disposition.d.ts.map +1 -0
package/dist/delivery/disposition.js +105 -0
package/dist/delivery/disposition.js.map +1 -0
package/dist/delivery/fetch.d.ts +59 -0
package/dist/delivery/fetch.d.ts.map +1 -0
package/dist/delivery/fetch.js +47 -0
package/dist/delivery/fetch.js.map +1 -0
package/dist/delivery/forwarder.d.ts +106 -0
package/dist/delivery/forwarder.d.ts.map +1 -0
package/dist/delivery/forwarder.js +251 -0
package/dist/delivery/forwarder.js.map +1 -0
package/dist/delivery/inbox.d.ts +42 -0
package/dist/delivery/inbox.d.ts.map +1 -0
package/dist/delivery/inbox.js +68 -0
package/dist/delivery/inbox.js.map +1 -0
package/dist/delivery/index.d.ts +31 -0
package/dist/delivery/index.d.ts.map +1 -0
package/dist/delivery/index.js +31 -0
package/dist/delivery/index.js.map +1 -0
package/dist/delivery/internalroute.d.ts +50 -0
package/dist/delivery/internalroute.d.ts.map +1 -0
package/dist/delivery/internalroute.js +23 -0
package/dist/delivery/internalroute.js.map +1 -0
package/dist/delivery/pipeline.d.ts +153 -0
package/dist/delivery/pipeline.d.ts.map +1 -0
package/dist/delivery/pipeline.js +356 -0
package/dist/delivery/pipeline.js.map +1 -0
package/dist/delivery/policy_state.d.ts +105 -0
package/dist/delivery/policy_state.d.ts.map +1 -0
package/dist/delivery/policy_state.js +293 -0
package/dist/delivery/policy_state.js.map +1 -0
package/dist/delivery/queue.d.ts +47 -0
package/dist/delivery/queue.d.ts.map +1 -0
package/dist/delivery/queue.js +33 -0
package/dist/delivery/queue.js.map +1 -0
package/dist/delivery/receipt.d.ts +137 -0
package/dist/delivery/receipt.d.ts.map +1 -0
package/dist/delivery/receipt.js +181 -0
package/dist/delivery/receipt.js.map +1 -0
package/dist/delivery/receipt_store.d.ts +81 -0
package/dist/delivery/receipt_store.d.ts.map +1 -0
package/dist/delivery/receipt_store.js +74 -0
package/dist/delivery/receipt_store.js.map +1 -0
package/dist/delivery/retry.d.ts +78 -0
package/dist/delivery/retry.d.ts.map +1 -0
package/dist/delivery/retry.js +132 -0
package/dist/delivery/retry.js.map +1 -0
package/dist/delivery/scheduler.d.ts +156 -0
package/dist/delivery/scheduler.d.ts.map +1 -0
package/dist/delivery/scheduler.js +349 -0
package/dist/delivery/scheduler.js.map +1 -0
package/dist/delivery/stage_partition.d.ts +87 -0
package/dist/delivery/stage_partition.d.ts.map +1 -0
package/dist/delivery/stage_partition.js +122 -0
package/dist/delivery/stage_partition.js.map +1 -0
package/dist/delivery/staged_runner.d.ts +100 -0
package/dist/delivery/staged_runner.d.ts.map +1 -0
package/dist/delivery/staged_runner.js +277 -0
package/dist/delivery/staged_runner.js.map +1 -0
package/dist/delivery/submission.d.ts +72 -0
package/dist/delivery/submission.d.ts.map +1 -0
package/dist/delivery/submission.js +58 -0
package/dist/delivery/submission.js.map +1 -0
package/dist/delivery/sync.d.ts +68 -0
package/dist/delivery/sync.d.ts.map +1 -0
package/dist/delivery/sync.js +99 -0
package/dist/delivery/sync.js.map +1 -0
package/dist/delivery/user_policy.d.ts +74 -0
package/dist/delivery/user_policy.d.ts.map +1 -0
package/dist/delivery/user_policy.js +140 -0
package/dist/delivery/user_policy.js.map +1 -0
package/dist/discovery/cache.d.ts +37 -0
package/dist/discovery/cache.d.ts.map +1 -0
package/dist/discovery/cache.js +45 -0
package/dist/discovery/cache.js.map +1 -0
package/dist/discovery/configuration.d.ts +97 -0
package/dist/discovery/configuration.d.ts.map +1 -0
package/dist/discovery/configuration.js +146 -0
package/dist/discovery/configuration.js.map +1 -0
package/dist/discovery/dns.d.ts +56 -0
package/dist/discovery/dns.d.ts.map +1 -0
package/dist/discovery/dns.js +120 -0
package/dist/discovery/dns.js.map +1 -0
package/dist/discovery/domain_keys.d.ts +62 -0
package/dist/discovery/domain_keys.d.ts.map +1 -0
package/dist/discovery/domain_keys.js +89 -0
package/dist/discovery/domain_keys.js.map +1 -0
package/dist/discovery/index.d.ts +19 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +19 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/lookup.d.ts +72 -0
package/dist/discovery/lookup.d.ts.map +1 -0
package/dist/discovery/lookup.js +121 -0
package/dist/discovery/lookup.js.map +1 -0
package/dist/discovery/onion.d.ts +34 -0
package/dist/discovery/onion.d.ts.map +1 -0
package/dist/discovery/onion.js +61 -0
package/dist/discovery/onion.js.map +1 -0
package/dist/discovery/partition.d.ts +96 -0
package/dist/discovery/partition.d.ts.map +1 -0
package/dist/discovery/partition.js +247 -0
package/dist/discovery/partition.js.map +1 -0
package/dist/discovery/resolver.d.ts +113 -0
package/dist/discovery/resolver.d.ts.map +1 -0
package/dist/discovery/resolver.js +176 -0
package/dist/discovery/resolver.js.map +1 -0
package/dist/discovery/txt.d.ts +39 -0
package/dist/discovery/txt.d.ts.map +1 -0
package/dist/discovery/txt.js +71 -0
package/dist/discovery/txt.js.map +1 -0
package/dist/enclosure/forwarding.d.ts +128 -0
package/dist/enclosure/forwarding.d.ts.map +1 -0
package/dist/enclosure/forwarding.js +119 -0
package/dist/enclosure/forwarding.js.map +1 -0
package/dist/enclosure/index.d.ts +11 -0
package/dist/enclosure/index.d.ts.map +1 -0
package/dist/enclosure/index.js +11 -0
package/dist/enclosure/index.js.map +1 -0
package/dist/envelope/buckets.d.ts +38 -0
package/dist/envelope/buckets.d.ts.map +1 -0
package/dist/envelope/buckets.js +73 -0
package/dist/envelope/buckets.js.map +1 -0
package/dist/envelope/canonical.d.ts +28 -0
package/dist/envelope/canonical.d.ts.map +1 -0
package/dist/envelope/canonical.js +54 -0
package/dist/envelope/canonical.js.map +1 -0
package/dist/envelope/compose.d.ts +171 -0
package/dist/envelope/compose.d.ts.map +1 -0
package/dist/envelope/compose.js +237 -0
package/dist/envelope/compose.js.map +1 -0
package/dist/envelope/encode.d.ts +41 -0
package/dist/envelope/encode.d.ts.map +1 -0
package/dist/envelope/encode.js +69 -0
package/dist/envelope/encode.js.map +1 -0
package/dist/envelope/index.d.ts +20 -0
package/dist/envelope/index.d.ts.map +1 -0
package/dist/envelope/index.js +20 -0
package/dist/envelope/index.js.map +1 -0
package/dist/envelope/open_any.d.ts +48 -0
package/dist/envelope/open_any.d.ts.map +1 -0
package/dist/envelope/open_any.js +81 -0
package/dist/envelope/open_any.js.map +1 -0
package/dist/envelope/open_verified.d.ts +59 -0
package/dist/envelope/open_verified.d.ts.map +1 -0
package/dist/envelope/open_verified.js +67 -0
package/dist/envelope/open_verified.js.map +1 -0
package/dist/envelope/padding.d.ts +55 -0
package/dist/envelope/padding.d.ts.map +1 -0
package/dist/envelope/padding.js +162 -0
package/dist/envelope/padding.js.map +1 -0
package/dist/envelope/rejection.d.ts +22 -0
package/dist/envelope/rejection.d.ts.map +1 -0
package/dist/envelope/rejection.js +30 -0
package/dist/envelope/rejection.js.map +1 -0
package/dist/envelope/sendtime.d.ts +49 -0
package/dist/envelope/sendtime.d.ts.map +1 -0
package/dist/envelope/sendtime.js +87 -0
package/dist/envelope/sendtime.js.map +1 -0
package/dist/envelope/verify.d.ts +29 -0
package/dist/envelope/verify.d.ts.map +1 -0
package/dist/envelope/verify.js +90 -0
package/dist/envelope/verify.js.map +1 -0
package/dist/extensions/index.d.ts +7 -0
package/dist/extensions/index.d.ts.map +1 -0
package/dist/extensions/index.js +7 -0
package/dist/extensions/index.js.map +1 -0
package/dist/extensions/limits.d.ts +101 -0
package/dist/extensions/limits.d.ts.map +1 -0
package/dist/extensions/limits.js +175 -0
package/dist/extensions/limits.js.map +1 -0
package/dist/handshake/abort.d.ts +49 -0
package/dist/handshake/abort.d.ts.map +1 -0
package/dist/handshake/abort.js +82 -0
package/dist/handshake/abort.js.map +1 -0
package/dist/handshake/capabilities.d.ts +46 -0
package/dist/handshake/capabilities.d.ts.map +1 -0
package/dist/handshake/capabilities.js +114 -0
package/dist/handshake/capabilities.js.map +1 -0
package/dist/handshake/client_state.d.ts +186 -0
package/dist/handshake/client_state.d.ts.map +1 -0
package/dist/handshake/client_state.js +520 -0
package/dist/handshake/client_state.js.map +1 -0
package/dist/handshake/confirm.d.ts +21 -0
package/dist/handshake/confirm.d.ts.map +1 -0
package/dist/handshake/confirm.js +27 -0
package/dist/handshake/confirm.js.map +1 -0
package/dist/handshake/driver.d.ts +126 -0
package/dist/handshake/driver.d.ts.map +1 -0
package/dist/handshake/driver.js +251 -0
package/dist/handshake/driver.js.map +1 -0
package/dist/handshake/federation.d.ts +365 -0
package/dist/handshake/federation.d.ts.map +1 -0
package/dist/handshake/federation.js +664 -0
package/dist/handshake/federation.js.map +1 -0
package/dist/handshake/first_contact.d.ts +57 -0
package/dist/handshake/first_contact.d.ts.map +1 -0
package/dist/handshake/first_contact.js +124 -0
package/dist/handshake/first_contact.js.map +1 -0
package/dist/handshake/identity.d.ts +101 -0
package/dist/handshake/identity.d.ts.map +1 -0
package/dist/handshake/identity.js +117 -0
package/dist/handshake/identity.js.map +1 -0
package/dist/handshake/index.d.ts +21 -0
package/dist/handshake/index.d.ts.map +1 -0
package/dist/handshake/index.js +21 -0
package/dist/handshake/index.js.map +1 -0
package/dist/handshake/messages.d.ts +176 -0
package/dist/handshake/messages.d.ts.map +1 -0
package/dist/handshake/messages.js +125 -0
package/dist/handshake/messages.js.map +1 -0
package/dist/handshake/pow.d.ts +53 -0
package/dist/handshake/pow.d.ts.map +1 -0
package/dist/handshake/pow.js +142 -0
package/dist/handshake/pow.js.map +1 -0
package/dist/handshake/resume_driver.d.ts +56 -0
package/dist/handshake/resume_driver.d.ts.map +1 -0
package/dist/handshake/resume_driver.js +75 -0
package/dist/handshake/resume_driver.js.map +1 -0
package/dist/handshake/server.d.ts +112 -0
package/dist/handshake/server.d.ts.map +1 -0
package/dist/handshake/server.js +247 -0
package/dist/handshake/server.js.map +1 -0
package/dist/handshake/server_state.d.ts +102 -0
package/dist/handshake/server_state.d.ts.map +1 -0
package/dist/handshake/server_state.js +278 -0
package/dist/handshake/server_state.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +33 -0
package/dist/index.js.map +1 -0
package/dist/keys/compromise.d.ts +118 -0
package/dist/keys/compromise.d.ts.map +1 -0
package/dist/keys/compromise.js +218 -0
package/dist/keys/compromise.js.map +1 -0
package/dist/keys/device_certificate.d.ts +166 -0
package/dist/keys/device_certificate.d.ts.map +1 -0
package/dist/keys/device_certificate.js +328 -0
package/dist/keys/device_certificate.js.map +1 -0
package/dist/keys/device_records.d.ts +175 -0
package/dist/keys/device_records.d.ts.map +1 -0
package/dist/keys/device_records.js +418 -0
package/dist/keys/device_records.js.map +1 -0
package/dist/keys/directory_cache.d.ts +64 -0
package/dist/keys/directory_cache.d.ts.map +1 -0
package/dist/keys/directory_cache.js +98 -0
package/dist/keys/directory_cache.js.map +1 -0
package/dist/keys/directory_state.d.ts +79 -0
package/dist/keys/directory_state.d.ts.map +1 -0
package/dist/keys/directory_state.js +155 -0
package/dist/keys/directory_state.js.map +1 -0
package/dist/keys/index.d.ts +18 -0
package/dist/keys/index.d.ts.map +1 -0
package/dist/keys/index.js +18 -0
package/dist/keys/index.js.map +1 -0
package/dist/keys/key_revocation.d.ts +61 -0
package/dist/keys/key_revocation.d.ts.map +1 -0
package/dist/keys/key_revocation.js +88 -0
package/dist/keys/key_revocation.js.map +1 -0
package/dist/keys/request.d.ts +124 -0
package/dist/keys/request.d.ts.map +1 -0
package/dist/keys/request.js +130 -0
package/dist/keys/request.js.map +1 -0
package/dist/keys/sign.d.ts +49 -0
package/dist/keys/sign.d.ts.map +1 -0
package/dist/keys/sign.js +80 -0
package/dist/keys/sign.js.map +1 -0
package/dist/keys/signed.d.ts +80 -0
package/dist/keys/signed.d.ts.map +1 -0
package/dist/keys/signed.js +138 -0
package/dist/keys/signed.js.map +1 -0
package/dist/keys/store.d.ts +138 -0
package/dist/keys/store.d.ts.map +1 -0
package/dist/keys/store.js +107 -0
package/dist/keys/store.js.map +1 -0
package/dist/largeattachment/crypto.d.ts +47 -0
package/dist/largeattachment/crypto.d.ts.map +1 -0
package/dist/largeattachment/crypto.js +235 -0
package/dist/largeattachment/crypto.js.map +1 -0
package/dist/largeattachment/enclosure.d.ts +48 -0
package/dist/largeattachment/enclosure.d.ts.map +1 -0
package/dist/largeattachment/enclosure.js +102 -0
package/dist/largeattachment/enclosure.js.map +1 -0
package/dist/largeattachment/index.d.ts +15 -0
package/dist/largeattachment/index.d.ts.map +1 -0
package/dist/largeattachment/index.js +15 -0
package/dist/largeattachment/index.js.map +1 -0
package/dist/largeattachment/store.d.ts +36 -0
package/dist/largeattachment/store.d.ts.map +1 -0
package/dist/largeattachment/store.js +37 -0
package/dist/largeattachment/store.js.map +1 -0
package/dist/largeattachment/types.d.ts +56 -0
package/dist/largeattachment/types.d.ts.map +1 -0
package/dist/largeattachment/types.js +31 -0
package/dist/largeattachment/types.js.map +1 -0
package/dist/largeattachment/upload.d.ts +62 -0
package/dist/largeattachment/upload.d.ts.map +1 -0
package/dist/largeattachment/upload.js +166 -0
package/dist/largeattachment/upload.js.map +1 -0
package/dist/migration/index.d.ts +17 -0
package/dist/migration/index.d.ts.map +1 -0
package/dist/migration/index.js +17 -0
package/dist/migration/index.js.map +1 -0
package/dist/migration/lockout.d.ts +48 -0
package/dist/migration/lockout.d.ts.map +1 -0
package/dist/migration/lockout.js +57 -0
package/dist/migration/lockout.js.map +1 -0
package/dist/migration/migration.d.ts +48 -0
package/dist/migration/migration.d.ts.map +1 -0
package/dist/migration/migration.js +58 -0
package/dist/migration/migration.js.map +1 -0
package/dist/migration/notice.d.ts +33 -0
package/dist/migration/notice.d.ts.map +1 -0
package/dist/migration/notice.js +85 -0
package/dist/migration/notice.js.map +1 -0
package/dist/migration/orchestrate.d.ts +109 -0
package/dist/migration/orchestrate.d.ts.map +1 -0
package/dist/migration/orchestrate.js +212 -0
package/dist/migration/orchestrate.js.map +1 -0
package/dist/migration/publication_store.d.ts +34 -0
package/dist/migration/publication_store.d.ts.map +1 -0
package/dist/migration/publication_store.js +44 -0
package/dist/migration/publication_store.js.map +1 -0
package/dist/migration/sign.d.ts +65 -0
package/dist/migration/sign.d.ts.map +1 -0
package/dist/migration/sign.js +331 -0
package/dist/migration/sign.js.map +1 -0
package/dist/migration/types.d.ts +92 -0
package/dist/migration/types.d.ts.map +1 -0
package/dist/migration/types.js +26 -0
package/dist/migration/types.js.map +1 -0
package/dist/reasoncodes.d.ts +42 -0
package/dist/reasoncodes.d.ts.map +1 -0
package/dist/reasoncodes.js +80 -0
package/dist/reasoncodes.js.map +1 -0
package/dist/recovery/bundle.d.ts +34 -0
package/dist/recovery/bundle.d.ts.map +1 -0
package/dist/recovery/bundle.js +144 -0
package/dist/recovery/bundle.js.map +1 -0
package/dist/recovery/bundle_crypto.d.ts +60 -0
package/dist/recovery/bundle_crypto.d.ts.map +1 -0
package/dist/recovery/bundle_crypto.js +179 -0
package/dist/recovery/bundle_crypto.js.map +1 -0
package/dist/recovery/bundle_store.d.ts +57 -0
package/dist/recovery/bundle_store.d.ts.map +1 -0
package/dist/recovery/bundle_store.js +104 -0
package/dist/recovery/bundle_store.js.map +1 -0
package/dist/recovery/index.d.ts +19 -0
package/dist/recovery/index.d.ts.map +1 -0
package/dist/recovery/index.js +19 -0
package/dist/recovery/index.js.map +1 -0
package/dist/recovery/manifest_crosscheck.d.ts +59 -0
package/dist/recovery/manifest_crosscheck.d.ts.map +1 -0
package/dist/recovery/manifest_crosscheck.js +59 -0
package/dist/recovery/manifest_crosscheck.js.map +1 -0
package/dist/recovery/shamir.d.ts +51 -0
package/dist/recovery/shamir.d.ts.map +1 -0
package/dist/recovery/shamir.js +181 -0
package/dist/recovery/shamir.js.map +1 -0
package/dist/recovery/sign.d.ts +61 -0
package/dist/recovery/sign.d.ts.map +1 -0
package/dist/recovery/sign.js +359 -0
package/dist/recovery/sign.js.map +1 -0
package/dist/recovery/types.d.ts +180 -0
package/dist/recovery/types.d.ts.map +1 -0
package/dist/recovery/types.js +31 -0
package/dist/recovery/types.js.map +1 -0
package/dist/reputation/abuse_report.d.ts +62 -0
package/dist/reputation/abuse_report.d.ts.map +1 -0
package/dist/reputation/abuse_report.js +111 -0
package/dist/reputation/abuse_report.js.map +1 -0
package/dist/reputation/bucketize.d.ts +31 -0
package/dist/reputation/bucketize.d.ts.map +1 -0
package/dist/reputation/bucketize.js +77 -0
package/dist/reputation/bucketize.js.map +1 -0
package/dist/reputation/gossip.d.ts +24 -0
package/dist/reputation/gossip.d.ts.map +1 -0
package/dist/reputation/gossip.js +64 -0
package/dist/reputation/gossip.js.map +1 -0
package/dist/reputation/gossip_fetch.d.ts +64 -0
package/dist/reputation/gossip_fetch.d.ts.map +1 -0
package/dist/reputation/gossip_fetch.js +114 -0
package/dist/reputation/gossip_fetch.js.map +1 -0
package/dist/reputation/index.d.ts +20 -0
package/dist/reputation/index.d.ts.map +1 -0
package/dist/reputation/index.js +20 -0
package/dist/reputation/index.js.map +1 -0
package/dist/reputation/observation_store.d.ts +67 -0
package/dist/reputation/observation_store.d.ts.map +1 -0
package/dist/reputation/observation_store.js +171 -0
package/dist/reputation/observation_store.js.map +1 -0
package/dist/reputation/pow.d.ts +91 -0
package/dist/reputation/pow.d.ts.map +1 -0
package/dist/reputation/pow.js +209 -0
package/dist/reputation/pow.js.map +1 -0
package/dist/reputation/sign.d.ts +40 -0
package/dist/reputation/sign.d.ts.map +1 -0
package/dist/reputation/sign.js +202 -0
package/dist/reputation/sign.js.map +1 -0
package/dist/reputation/types.d.ts +133 -0
package/dist/reputation/types.d.ts.map +1 -0
package/dist/reputation/types.js +33 -0
package/dist/reputation/types.js.map +1 -0
package/dist/reputation/whois.d.ts +25 -0
package/dist/reputation/whois.d.ts.map +1 -0
package/dist/reputation/whois.js +20 -0
package/dist/reputation/whois.js.map +1 -0
package/dist/seal/index.d.ts +8 -0
package/dist/seal/index.d.ts.map +1 -0
package/dist/seal/index.js +8 -0
package/dist/seal/index.js.map +1 -0
package/dist/seal/wrap.d.ts +74 -0
package/dist/seal/wrap.d.ts.map +1 -0
package/dist/seal/wrap.js +213 -0
package/dist/seal/wrap.js.map +1 -0
package/dist/session/dispatcher.d.ts +65 -0
package/dist/session/dispatcher.d.ts.map +1 -0
package/dist/session/dispatcher.js +96 -0
package/dist/session/dispatcher.js.map +1 -0
package/dist/session/index.d.ts +15 -0
package/dist/session/index.d.ts.map +1 -0
package/dist/session/index.js +15 -0
package/dist/session/index.js.map +1 -0
package/dist/session/rekey.d.ts +108 -0
package/dist/session/rekey.d.ts.map +1 -0
package/dist/session/rekey.js +207 -0
package/dist/session/rekey.js.map +1 -0
package/dist/session/rekey_seal.d.ts +66 -0
package/dist/session/rekey_seal.d.ts.map +1 -0
package/dist/session/rekey_seal.js +153 -0
package/dist/session/rekey_seal.js.map +1 -0
package/dist/session/resume.d.ts +125 -0
package/dist/session/resume.d.ts.map +1 -0
package/dist/session/resume.js +263 -0
package/dist/session/resume.js.map +1 -0
package/dist/session/session.d.ts +136 -0
package/dist/session/session.d.ts.map +1 -0
package/dist/session/session.js +188 -0
package/dist/session/session.js.map +1 -0
package/dist/transparency/index.d.ts +13 -0
package/dist/transparency/index.d.ts.map +1 -0
package/dist/transparency/index.js +13 -0
package/dist/transparency/index.js.map +1 -0
package/dist/transparency/log.d.ts +61 -0
package/dist/transparency/log.d.ts.map +1 -0
package/dist/transparency/log.js +133 -0
package/dist/transparency/log.js.map +1 -0
package/dist/transparency/merkle.d.ts +59 -0
package/dist/transparency/merkle.d.ts.map +1 -0
package/dist/transparency/merkle.js +314 -0
package/dist/transparency/merkle.js.map +1 -0
package/dist/transparency/sign.d.ts +48 -0
package/dist/transparency/sign.d.ts.map +1 -0
package/dist/transparency/sign.js +140 -0
package/dist/transparency/sign.js.map +1 -0
package/dist/transparency/types.d.ts +97 -0
package/dist/transparency/types.d.ts.map +1 -0
package/dist/transparency/types.js +25 -0
package/dist/transparency/types.js.map +1 -0
package/dist/transport/h2.d.ts +163 -0
package/dist/transport/h2.d.ts.map +1 -0
package/dist/transport/h2.js +397 -0
package/dist/transport/h2.js.map +1 -0
package/dist/transport/index.d.ts +15 -0
package/dist/transport/index.d.ts.map +1 -0
package/dist/transport/index.js +15 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/memory.d.ts +21 -0
package/dist/transport/memory.d.ts.map +1 -0
package/dist/transport/memory.js +112 -0
package/dist/transport/memory.js.map +1 -0
package/dist/transport/transport.d.ts +54 -0
package/dist/transport/transport.d.ts.map +1 -0
package/dist/transport/transport.js +20 -0
package/dist/transport/transport.js.map +1 -0
package/dist/transport/ws.d.ts +40 -0
package/dist/transport/ws.d.ts.map +1 -0
package/dist/transport/ws.js +204 -0
package/dist/transport/ws.js.map +1 -0
package/package.json +147 -0

package/dist/keys/directory_state.d.ts ADDED Viewed

@@ -0,0 +1,79 @@
+/**
+ * Server-side per-user device directory state per KEY.md §10.6.
+ *
+ * A home server keeps a {@link DirectoryState} per account. Every
+ * enrollment (§10.1) or revocation (§10.5) bumps `revision` and
+ * produces a fresh signed {@link DeviceDirectory} record consumers
+ * fetch via the directory endpoint.
+ *
+ * @module
+ */
+import { type DeviceDirectory, type DeviceDirectoryEntry } from "./device_records.js";
+/** Inputs to {@link DirectoryState}. */
+export interface DirectoryStateConfig {
+    userId: string;
+    /** 32-byte Ed25519 seed for the user's identity key. */
+    identitySeed: Uint8Array;
+    identityKeyId: string;
+    /**
+     * Initial seed of devices, typically loaded from durable storage at
+     * startup. The constructor sorts them by `device_id` and emits
+     * revision 1. Pass `[]` to start empty (revision 0; first add bumps
+     * to 1).
+     */
+    initial?: DeviceDirectoryEntry[];
+    /** Wall-clock used to stamp `issued_at`. Defaults to `() => new Date()`. */
+    now?: () => Date;
+}
+/**
+ * Per-user directory state: tracks the active device set, increments
+ * a monotonic revision counter, and emits a freshly signed
+ * {@link DeviceDirectory} on every change.
+ */
+export declare class DirectoryState {
+    private readonly userId;
+    private readonly identitySeed;
+    private readonly identityKeyId;
+    private readonly nowFn;
+    private readonly devices;
+    private revisionCounter;
+    private currentDir;
+    constructor(cfg: DirectoryStateConfig);
+    /**
+     * Record an enrollment per §10.1 and emit a new directory revision.
+     * Throws when `device_id` is empty or already present.
+     */
+    addDevice(entry: DeviceDirectoryEntry): DeviceDirectory;
+    /**
+     * Record a revocation per §10.5 by removing `deviceId` from the
+     * active set and emitting a new directory revision. Returns
+     * `{ directory, removed }` where `removed === false` means the
+     * device wasn't in the directory and the directory is unchanged
+     * (no new revision was emitted).
+     */
+    revokeDevice(deviceId: string): {
+        directory: DeviceDirectory | null;
+        removed: boolean;
+    };
+    /**
+     * Most recently emitted directory, or `null` when the state has
+     * never emitted (empty initial set and no `addDevice` calls). The
+     * returned object is the live record; callers MUST NOT mutate it.
+     */
+    current(): DeviceDirectory | null;
+    /** Current monotonic revision counter. */
+    revision(): number;
+    private emit;
+}
+/**
+ * Multi-user wrapper a home server keeps: one {@link DirectoryState}
+ * per account it hosts. Lookups are by `user_id`.
+ */
+export declare class DirectoryStore {
+    private states;
+    /** Associate a fresh state with `userId`. Throws when `userId` is already present. */
+    register(userId: string, state: DirectoryState): void;
+    /** Return the state for `userId`, or `null` when not registered. */
+    lookup(userId: string): DirectoryState | null;
+}
+//# sourceMappingURL=directory_state.d.ts.map

package/dist/keys/directory_state.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"directory_state.d.ts","sourceRoot":"","sources":["../../src/keys/directory_state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,oBAAoB,EAI1B,MAAM,qBAAqB,CAAC;AAE7B,wCAAwC;AACxC,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB;;;;;OAKG;IACH,OAAO,CAAC,EAAE,oBAAoB,EAAE,CAAC;IACjC,4EAA4E;IAC5E,GAAG,CAAC,EAAE,MAAM,IAAI,CAAC;CAClB;AAED;;;;GAIG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAa;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAa;IACnC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA2C;IACnE,OAAO,CAAC,eAAe,CAAK;IAC5B,OAAO,CAAC,UAAU,CAAgC;gBAEtC,GAAG,EAAE,oBAAoB;IA+BrC;;;OAGG;IACH,SAAS,CAAC,KAAK,EAAE,oBAAoB,GAAG,eAAe;IA6BvD;;;;;;OAMG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG;QAC9B,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;QAClC,OAAO,EAAE,OAAO,CAAC;KAClB;IAYD;;;;OAIG;IACH,OAAO,IAAI,eAAe,GAAG,IAAI;IAIjC,0CAA0C;IAC1C,QAAQ,IAAI,MAAM;IAIlB,OAAO,CAAC,IAAI;CA0Bb;AAED;;;GAGG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAqC;IAEnD,sFAAsF;IACtF,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,GAAG,IAAI;IAYrD,oEAAoE;IACpE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI;CAG9C"}

package/dist/keys/directory_state.js ADDED Viewed

@@ -0,0 +1,155 @@
+/**
+ * Server-side per-user device directory state per KEY.md §10.6.
+ *
+ * A home server keeps a {@link DirectoryState} per account. Every
+ * enrollment (§10.1) or revocation (§10.5) bumps `revision` and
+ * produces a fresh signed {@link DeviceDirectory} record consumers
+ * fetch via the directory endpoint.
+ *
+ * @module
+ */
+import { DeviceDirectoryType, DeviceRecordVersion, signDeviceDirectory, } from "./device_records.js";
+/**
+ * Per-user directory state: tracks the active device set, increments
+ * a monotonic revision counter, and emits a freshly signed
+ * {@link DeviceDirectory} on every change.
+ */
+export class DirectoryState {
+    userId;
+    identitySeed;
+    identityKeyId;
+    nowFn;
+    devices = new Map();
+    revisionCounter = 0;
+    currentDir = null;
+    constructor(cfg) {
+        if (cfg.userId === "") {
+            throw new Error("keys: directory state missing user_id");
+        }
+        if (cfg.identitySeed.length === 0 || cfg.identityKeyId === "") {
+            throw new Error("keys: directory state missing identity key");
+        }
+        this.userId = cfg.userId;
+        this.identitySeed = cfg.identitySeed;
+        this.identityKeyId = cfg.identityKeyId;
+        this.nowFn = cfg.now ?? (() => new Date());
+        if (cfg.initial !== undefined) {
+            for (const d of cfg.initial) {
+                if (d.device_id === "") {
+                    throw new Error("keys: directory initial seed entry missing device_id");
+                }
+                if (this.devices.has(d.device_id)) {
+                    throw new Error(`keys: directory initial seed has duplicate device_id ${JSON.stringify(d.device_id)}`);
+                }
+                this.devices.set(d.device_id, d);
+            }
+            if (this.devices.size > 0) {
+                this.emit();
+            }
+        }
+    }
+    /**
+     * Record an enrollment per §10.1 and emit a new directory revision.
+     * Throws when `device_id` is empty or already present.
+     */
+    addDevice(entry) {
+        if (entry.device_id === "") {
+            throw new Error("keys: directory entry missing device_id");
+        }
+        if (entry.device_public_key === "") {
+            throw new Error("keys: directory entry missing device_public_key");
+        }
+        if (entry.role === "full_access" && entry.certificate_id !== null) {
+            throw new Error("keys: directory entry full_access MUST have certificate_id = null");
+        }
+        if (entry.role === "delegated") {
+            if (entry.certificate_id === null || entry.certificate_id === "") {
+                throw new Error("keys: directory entry delegated MUST set certificate_id");
+            }
+        }
+        if (this.devices.has(entry.device_id)) {
+            throw new Error(`keys: directory already contains device_id ${JSON.stringify(entry.device_id)}`);
+        }
+        this.devices.set(entry.device_id, entry);
+        this.emit();
+        return this.currentDir;
+    }
+    /**
+     * Record a revocation per §10.5 by removing `deviceId` from the
+     * active set and emitting a new directory revision. Returns
+     * `{ directory, removed }` where `removed === false` means the
+     * device wasn't in the directory and the directory is unchanged
+     * (no new revision was emitted).
+     */
+    revokeDevice(deviceId) {
+        if (deviceId === "") {
+            throw new Error("keys: directory revoke missing device_id");
+        }
+        if (!this.devices.has(deviceId)) {
+            return { directory: this.currentDir, removed: false };
+        }
+        this.devices.delete(deviceId);
+        this.emit();
+        return { directory: this.currentDir, removed: true };
+    }
+    /**
+     * Most recently emitted directory, or `null` when the state has
+     * never emitted (empty initial set and no `addDevice` calls). The
+     * returned object is the live record; callers MUST NOT mutate it.
+     */
+    current() {
+        return this.currentDir;
+    }
+    /** Current monotonic revision counter. */
+    revision() {
+        return this.revisionCounter;
+    }
+    emit() {
+        this.revisionCounter += 1;
+        const entries = Array.from(this.devices.values()).sort((a, b) => a.device_id < b.device_id ? -1 : a.device_id > b.device_id ? 1 : 0);
+        const dir = {
+            type: DeviceDirectoryType,
+            version: DeviceRecordVersion,
+            user_id: this.userId,
+            revision: this.revisionCounter,
+            issued_at: isoSecond(this.nowFn()),
+            devices: entries,
+            signature: { algorithm: "", key_id: "", value: "" },
+        };
+        try {
+            signDeviceDirectory(dir, this.identitySeed, this.identityKeyId);
+        }
+        catch (err) {
+            // Roll back the revision bump so the next attempt does not skip
+            // a number.
+            this.revisionCounter -= 1;
+            throw new Error(`keys: sign device directory: ${err instanceof Error ? err.message : String(err)}`);
+        }
+        this.currentDir = dir;
+    }
+}
+/**
+ * Multi-user wrapper a home server keeps: one {@link DirectoryState}
+ * per account it hosts. Lookups are by `user_id`.
+ */
+export class DirectoryStore {
+    states = new Map();
+    /** Associate a fresh state with `userId`. Throws when `userId` is already present. */
+    register(userId, state) {
+        if (userId === "") {
+            throw new Error("keys: directory store register missing user_id");
+        }
+        if (this.states.has(userId)) {
+            throw new Error(`keys: directory store already has user ${JSON.stringify(userId)}`);
+        }
+        this.states.set(userId, state);
+    }
+    /** Return the state for `userId`, or `null` when not registered. */
+    lookup(userId) {
+        return this.states.get(userId) ?? null;
+    }
+}
+function isoSecond(d) {
+    return d.toISOString().replace(/\.\d{3}Z$/, "Z");
+}
+//# sourceMappingURL=directory_state.js.map

package/dist/keys/directory_state.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"directory_state.js","sourceRoot":"","sources":["../../src/keys/directory_state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAGL,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAmB7B;;;;GAIG;AACH,MAAM,OAAO,cAAc;IACR,MAAM,CAAS;IACf,YAAY,CAAa;IACzB,aAAa,CAAS;IACtB,KAAK,CAAa;IAClB,OAAO,GAAG,IAAI,GAAG,EAAgC,CAAC;IAC3D,eAAe,GAAG,CAAC,CAAC;IACpB,UAAU,GAA2B,IAAI,CAAC;IAElD,YAAY,GAAyB;QACnC,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,GAAG,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,aAAa,KAAK,EAAE,EAAE,CAAC;YAC9D,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC;QACrC,IAAI,CAAC,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;QACvC,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QAC3C,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC9B,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;gBAC5B,IAAI,CAAC,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;oBACvB,MAAM,IAAI,KAAK,CACb,sDAAsD,CACvD,CAAC;gBACJ,CAAC;gBACD,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;oBAClC,MAAM,IAAI,KAAK,CACb,wDAAwD,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CACtF,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;YACnC,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,SAAS,CAAC,KAA2B;QACnC,IAAI,KAAK,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QACD,IAAI,KAAK,CAAC,iBAAiB,KAAK,EAAE,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,KAAK,CAAC,IAAI,KAAK,aAAa,IAAI,KAAK,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;YAClE,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;QACJ,CAAC;QACD,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YAC/B,IAAI,KAAK,CAAC,cAAc,KAAK,IAAI,IAAI,KAAK,CAAC,cAAc,KAAK,EAAE,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CACb,8CAA8C,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAChF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC,UAAW,CAAC;IAC1B,CAAC;IAED;;;;;;OAMG;IACH,YAAY,CAAC,QAAgB;QAI3B,IAAI,QAAQ,KAAK,EAAE,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QACxD,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,EAAE,CAAC;QACZ,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACvD,CAAC;IAED;;;;OAIG;IACH,OAAO;QACL,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,0CAA0C;IAC1C,QAAQ;QACN,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAEO,IAAI;QACV,IAAI,CAAC,eAAe,IAAI,CAAC,CAAC;QAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAC9D,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACnE,CAAC;QACF,MAAM,GAAG,GAAoB;YAC3B,IAAI,EAAE,mBAAmB;YACzB,OAAO,EAAE,mBAAmB;YAC5B,OAAO,EAAE,IAAI,CAAC,MAAM;YACpB,QAAQ,EAAE,IAAI,CAAC,eAAe;YAC9B,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;SACpD,CAAC;QACF,IAAI,CAAC;YACH,mBAAmB,CAAC,GAAG,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,gEAAgE;YAChE,YAAY;YACZ,IAAI,CAAC,eAAe,IAAI,CAAC,CAAC;YAC1B,MAAM,IAAI,KAAK,CACb,gCAAgC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACnF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC;IACxB,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,cAAc;IACjB,MAAM,GAAG,IAAI,GAAG,EAA0B,CAAC;IAEnD,sFAAsF;IACtF,QAAQ,CAAC,MAAc,EAAE,KAAqB;QAC5C,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CACb,0CAA0C,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CACnE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACjC,CAAC;IAED,oEAAoE;IACpE,MAAM,CAAC,MAAc;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC;IACzC,CAAC;CACF;AAED,SAAS,SAAS,CAAC,CAAO;IACxB,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;AACnD,CAAC"}

package/dist/keys/index.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * Identity-key primitives. Layer 1 surface of `KEY.md`: Ed25519
+ * sign / verify and the SEMP fingerprint format. Higher-level
+ * registry / revocation logic lands in later waves.
+ *
+ * @module
+ */
+export { PublicKeySize, SeedSize, SignatureSize, fingerprint, publicKeyFromSeed, sign, verify, } from "./sign.js";
+export { type SignSignedDocResult, type SignSignedDocSpec, type VerifySignedDocResult, type VerifySignedDocSpec, signSignedDoc, verifySignedDoc, } from "./signed.js";
+export { type AddressIdentity, type CertificateSignature, type DeviceCertificate, type EntityType, type MatcherMode, type RateLimitTier, type Scope, type ScopeEntry, type ScopeMatcher, type ScopeResource, type SignDeviceCertificateInput, type SignDeviceCertificateResult, type ValidateOptions, DeviceAuthorizePrefix, DeviceCertificateType, MaxDeviceCertificateLifetimeMs, MaxScopeMatcherEntries, MaxScopeRateLimitTiers, scopeAllowsRecipient, scopeAllowsSender, signDeviceCertificate, validateDeviceCertificate, validateScope, verifyDeviceCertificate, } from "./device_certificate.js";
+export { type DeviceAuthorization, type DeviceAuthorizationMethod, type DeviceDirectory, type DeviceDirectoryEntry, type DeviceRegistration, type DeviceRevocation, type DeviceRevocationReason, type DeviceRole, type KeysSignature, type SignDeviceAuthorizationInput, DeviceAuthorizeRecordPrefix, DeviceDirectoryPrefix, DeviceDirectoryType, DeviceRecordVersion, DeviceRegisterPrefix, DeviceRegistrationStep, DeviceRegistrationType, DeviceRevocationPrefix, DeviceRevocationType, findDevice, requiresIdentityRotation, signDeviceAuthorization, signDeviceDirectory, signDeviceRegistration, signDeviceRevocation, validateDeviceDirectory, validateDeviceRegistration, validateDeviceRevocation, verifyDeviceAuthorization, verifyDeviceDirectory, verifyDeviceRegistration, verifyDeviceRevocation, } from "./device_records.js";
+export { type PublicationSignature, type Revocation, type RevocationPublication, type RevocationReason, type RevokedKeyEntry, RevocationPrefix, RevocationPublicationType, RevocationVersion, isReversibleReason, signRevocationPublication, validateRevocationPublication, verifyRevocationPublication, } from "./key_revocation.js";
+export { type KeyRecord, type KeysClientStream, type KeysRequest, type KeysRequestStep, type KeysResponse, type KeysResponseResult, type KeysResultStatus, type KeysSignatureBlock, KeysRequestType, KeysRequestVersion, fetchKeys, newKeysRequest, newKeysResponse, validateKeysRequest, } from "./request.js";
+export { type CompromiseRotation, type CompromiseRotationInput, buildCompromiseRotation, verifyCompromiseRotation, } from "./compromise.js";
+export { type CertificateCheck, DirectoryCache, DirectoryRollbackError, } from "./directory_cache.js";
+export { type DirectoryStateConfig, DirectoryState, DirectoryStore, } from "./directory_state.js";
+export { type KeyStore, type KeyStoreRecord, type KeyStoreSignature, type KeyType, type PrivateKeyStore, InMemoryKeyStore, } from "./store.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/keys/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/keys/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,aAAa,EACb,QAAQ,EACR,aAAa,EACb,WAAW,EACX,iBAAiB,EACjB,IAAI,EACJ,MAAM,GACP,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,KAAK,mBAAmB,EACxB,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,EAC1B,KAAK,mBAAmB,EACxB,aAAa,EACb,eAAe,GAChB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,KAAK,EACV,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,0BAA0B,EAC/B,KAAK,2BAA2B,EAChC,KAAK,eAAe,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,8BAA8B,EAC9B,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,qBAAqB,EACrB,yBAAyB,EACzB,aAAa,EACb,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,KAAK,mBAAmB,EACxB,KAAK,yBAAyB,EAC9B,KAAK,eAAe,EACpB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,UAAU,EACf,KAAK,aAAa,EAClB,KAAK,4BAA4B,EACjC,2BAA2B,EAC3B,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,sBAAsB,EACtB,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,EACpB,UAAU,EACV,wBAAwB,EACxB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,yBAAyB,EACzB,qBAAqB,EACrB,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,KAAK,oBAAoB,EACzB,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,gBAAgB,EAChB,yBAAyB,EACzB,iBAAiB,EACjB,kBAAkB,EAClB,yBAAyB,EACzB,6BAA6B,EAC7B,2BAA2B,GAC5B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,KAAK,SAAS,EACd,KAAK,gBAAgB,EACrB,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,eAAe,EACf,kBAAkB,EAClB,SAAS,EACT,cAAc,EACd,eAAe,EACf,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,KAAK,gBAAgB,EACrB,cAAc,EACd,sBAAsB,GACvB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,KAAK,oBAAoB,EACzB,cAAc,EACd,cAAc,GACf,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,KAAK,QAAQ,EACb,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,KAAK,OAAO,EACZ,KAAK,eAAe,EACpB,gBAAgB,GACjB,MAAM,YAAY,CAAC"}

package/dist/keys/index.js ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * Identity-key primitives. Layer 1 surface of `KEY.md`: Ed25519
+ * sign / verify and the SEMP fingerprint format. Higher-level
+ * registry / revocation logic lands in later waves.
+ *
+ * @module
+ */
+export { PublicKeySize, SeedSize, SignatureSize, fingerprint, publicKeyFromSeed, sign, verify, } from "./sign.js";
+export { signSignedDoc, verifySignedDoc, } from "./signed.js";
+export { DeviceAuthorizePrefix, DeviceCertificateType, MaxDeviceCertificateLifetimeMs, MaxScopeMatcherEntries, MaxScopeRateLimitTiers, scopeAllowsRecipient, scopeAllowsSender, signDeviceCertificate, validateDeviceCertificate, validateScope, verifyDeviceCertificate, } from "./device_certificate.js";
+export { DeviceAuthorizeRecordPrefix, DeviceDirectoryPrefix, DeviceDirectoryType, DeviceRecordVersion, DeviceRegisterPrefix, DeviceRegistrationStep, DeviceRegistrationType, DeviceRevocationPrefix, DeviceRevocationType, findDevice, requiresIdentityRotation, signDeviceAuthorization, signDeviceDirectory, signDeviceRegistration, signDeviceRevocation, validateDeviceDirectory, validateDeviceRegistration, validateDeviceRevocation, verifyDeviceAuthorization, verifyDeviceDirectory, verifyDeviceRegistration, verifyDeviceRevocation, } from "./device_records.js";
+export { RevocationPrefix, RevocationPublicationType, RevocationVersion, isReversibleReason, signRevocationPublication, validateRevocationPublication, verifyRevocationPublication, } from "./key_revocation.js";
+export { KeysRequestType, KeysRequestVersion, fetchKeys, newKeysRequest, newKeysResponse, validateKeysRequest, } from "./request.js";
+export { buildCompromiseRotation, verifyCompromiseRotation, } from "./compromise.js";
+export { DirectoryCache, DirectoryRollbackError, } from "./directory_cache.js";
+export { DirectoryState, DirectoryStore, } from "./directory_state.js";
+export { InMemoryKeyStore, } from "./store.js";
+//# sourceMappingURL=index.js.map

package/dist/keys/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/keys/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,aAAa,EACb,QAAQ,EACR,aAAa,EACb,WAAW,EACX,iBAAiB,EACjB,IAAI,EACJ,MAAM,GACP,MAAM,WAAW,CAAC;AAEnB,OAAO,EAKL,aAAa,EACb,eAAe,GAChB,MAAM,aAAa,CAAC;AAErB,OAAO,EAcL,qBAAqB,EACrB,qBAAqB,EACrB,8BAA8B,EAC9B,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,qBAAqB,EACrB,yBAAyB,EACzB,aAAa,EACb,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAWL,2BAA2B,EAC3B,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,sBAAsB,EACtB,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,EACpB,UAAU,EACV,wBAAwB,EACxB,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,yBAAyB,EACzB,qBAAqB,EACrB,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAML,gBAAgB,EAChB,yBAAyB,EACzB,iBAAiB,EACjB,kBAAkB,EAClB,yBAAyB,EACzB,6BAA6B,EAC7B,2BAA2B,GAC5B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EASL,eAAe,EACf,kBAAkB,EAClB,SAAS,EACT,cAAc,EACd,eAAe,EACf,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAGL,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAEL,cAAc,EACd,sBAAsB,GACvB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAEL,cAAc,EACd,cAAc,GACf,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAML,gBAAgB,GACjB,MAAM,YAAY,CAAC"}

package/dist/keys/key_revocation.d.ts ADDED Viewed

@@ -0,0 +1,61 @@
+/**
+ * Per-key revocation primitives per KEY.md §8.
+ *
+ * The published wire shape is `SEMP_KEY_REVOCATION` — a list of
+ * revoked keys signed by the publishing party (a domain or a user).
+ * The signature uses the `SEMP-REVOCATION:` domain-separation
+ * prefix per ENVELOPE.md §4.3.
+ *
+ * @module
+ */
+/** Wire-level constants. */
+export declare const RevocationPublicationType = "SEMP_KEY_REVOCATION";
+export declare const RevocationVersion = "1.0.0";
+export declare const RevocationPrefix = "SEMP-REVOCATION:";
+/** Reasons per §8.2 + ERRORS.md §8. */
+export type RevocationReason = "key_compromise" | "superseded" | "cessation_of_operation" | "temporary_hold";
+/** Report whether the revocation is potentially reversible. */
+export declare function isReversibleReason(r: RevocationReason): boolean;
+/** Reusable signature block. */
+export interface PublicationSignature {
+    algorithm: string;
+    key_id: string;
+    value: string;
+}
+/**
+ * Per-key revocation record per §8.4 — embedded in a key response
+ * or in a {@link RevocationPublication}.
+ */
+export interface Revocation {
+    reason: RevocationReason;
+    /** ISO 8601 UTC timestamp the key was revoked. */
+    revoked_at: string;
+    /** Fingerprint of the successor key, when known. */
+    replacement_key_id?: string;
+}
+/** One row inside a {@link RevocationPublication}. */
+export interface RevokedKeyEntry {
+    key_id: string;
+    /** Address (for user-key revocations); empty for domain-key revocations. */
+    address?: string;
+    reason: RevocationReason;
+    /** ISO 8601 UTC. */
+    revoked_at: string;
+    replacement_key_id?: string;
+}
+/** Wire shape per §8.1. */
+export interface RevocationPublication {
+    type: typeof RevocationPublicationType;
+    version: string;
+    revoked_keys: RevokedKeyEntry[];
+    signature: PublicationSignature;
+}
+/** Sign a {@link RevocationPublication} under the publisher's identity key. */
+export declare function signRevocationPublication(pub: RevocationPublication, signingPriv: Uint8Array, signingKeyId: string): string;
+/** Verify a {@link RevocationPublication} under the publisher's identity public key. */
+export declare function verifyRevocationPublication(pub: RevocationPublication, publisherPub: Uint8Array): boolean;
+/** Structural validation per §8.1. Throws on first violation. */
+export declare function validateRevocationPublication(pub: RevocationPublication, opts?: {
+    skipSignatureCheck?: boolean;
+}): void;
+//# sourceMappingURL=key_revocation.d.ts.map

package/dist/keys/key_revocation.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"key_revocation.d.ts","sourceRoot":"","sources":["../../src/keys/key_revocation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,4BAA4B;AAC5B,eAAO,MAAM,yBAAyB,wBAAwB,CAAC;AAC/D,eAAO,MAAM,iBAAiB,UAAU,CAAC;AACzC,eAAO,MAAM,gBAAgB,qBAAqB,CAAC;AAEnD,uCAAuC;AACvC,MAAM,MAAM,gBAAgB,GACxB,gBAAgB,GAChB,YAAY,GACZ,wBAAwB,GACxB,gBAAgB,CAAC;AAErB,+DAA+D;AAC/D,wBAAgB,kBAAkB,CAAC,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAE/D;AAED,gCAAgC;AAChC,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,gBAAgB,CAAC;IACzB,kDAAkD;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,oDAAoD;IACpD,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,sDAAsD;AACtD,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,4EAA4E;IAC5E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,gBAAgB,CAAC;IACzB,oBAAoB;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,2BAA2B;AAC3B,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,OAAO,yBAAyB,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,eAAe,EAAE,CAAC;IAChC,SAAS,EAAE,oBAAoB,CAAC;CACjC;AAED,+EAA+E;AAC/E,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,qBAAqB,EAC1B,WAAW,EAAE,UAAU,EACvB,YAAY,EAAE,MAAM,GACnB,MAAM,CAgBR;AAED,wFAAwF;AACxF,wBAAgB,2BAA2B,CACzC,GAAG,EAAE,qBAAqB,EAC1B,YAAY,EAAE,UAAU,GACvB,OAAO,CAYT;AAED,iEAAiE;AACjE,wBAAgB,6BAA6B,CAC3C,GAAG,EAAE,qBAAqB,EAC1B,IAAI,GAAE;IAAE,kBAAkB,CAAC,EAAE,OAAO,CAAA;CAAO,GAC1C,IAAI,CAwCN"}

package/dist/keys/key_revocation.js ADDED Viewed

@@ -0,0 +1,88 @@
+/**
+ * Per-key revocation primitives per KEY.md §8.
+ *
+ * The published wire shape is `SEMP_KEY_REVOCATION` — a list of
+ * revoked keys signed by the publishing party (a domain or a user).
+ * The signature uses the `SEMP-REVOCATION:` domain-separation
+ * prefix per ENVELOPE.md §4.3.
+ *
+ * @module
+ */
+import { signSignedDoc, verifySignedDoc } from "./signed.js";
+/** Wire-level constants. */
+export const RevocationPublicationType = "SEMP_KEY_REVOCATION";
+export const RevocationVersion = "1.0.0";
+export const RevocationPrefix = "SEMP-REVOCATION:";
+/** Report whether the revocation is potentially reversible. */
+export function isReversibleReason(r) {
+    return r === "temporary_hold";
+}
+/** Sign a {@link RevocationPublication} under the publisher's identity key. */
+export function signRevocationPublication(pub, signingPriv, signingKeyId) {
+    if (signingKeyId === "") {
+        throw new Error("keys: empty signing key_id");
+    }
+    validateRevocationPublication(pub, { skipSignatureCheck: true });
+    pub.signature.algorithm = "ed25519";
+    pub.signature.key_id = signingKeyId;
+    pub.signature.value = "";
+    const { signedJSON, signatureB64 } = signSignedDoc({
+        preSignJSON: pub,
+        seed: signingPriv,
+        signaturePath: "signature.value",
+        prefix: RevocationPrefix,
+    });
+    pub.signature.value = signedJSON.signature.value;
+    return signatureB64;
+}
+/** Verify a {@link RevocationPublication} under the publisher's identity public key. */
+export function verifyRevocationPublication(pub, publisherPub) {
+    validateRevocationPublication(pub);
+    if (pub.signature.value === "") {
+        return false;
+    }
+    const { ok } = verifySignedDoc({
+        signedJSON: pub,
+        publicKey: publisherPub,
+        signaturePath: "signature.value",
+        prefix: RevocationPrefix,
+    });
+    return ok;
+}
+/** Structural validation per §8.1. Throws on first violation. */
+export function validateRevocationPublication(pub, opts = {}) {
+    if (pub.type !== RevocationPublicationType) {
+        throw new Error(`keys: revocation publication type ${JSON.stringify(pub.type)}, want ${RevocationPublicationType}`);
+    }
+    if (typeof pub.version !== "string" || pub.version === "") {
+        throw new Error("keys: revocation publication missing version");
+    }
+    if (!Array.isArray(pub.revoked_keys)) {
+        throw new Error("keys: revocation publication revoked_keys must be an array");
+    }
+    for (let i = 0; i < pub.revoked_keys.length; i++) {
+        const e = pub.revoked_keys[i];
+        if (typeof e.key_id !== "string" || e.key_id === "") {
+            throw new Error(`keys: revoked_keys[${i}] missing key_id`);
+        }
+        if (e.reason !== "key_compromise" &&
+            e.reason !== "superseded" &&
+            e.reason !== "cessation_of_operation" &&
+            e.reason !== "temporary_hold") {
+            throw new Error(`keys: revoked_keys[${i}] reason ${JSON.stringify(e.reason)} is invalid`);
+        }
+        if (typeof e.revoked_at !== "string" || e.revoked_at === "") {
+            throw new Error(`keys: revoked_keys[${i}] missing revoked_at`);
+        }
+        if (Number.isNaN(Date.parse(e.revoked_at))) {
+            throw new Error(`keys: revoked_keys[${i}] revoked_at is not ISO 8601`);
+        }
+    }
+    if (typeof pub.signature?.value !== "string") {
+        throw new Error("keys: revocation publication signature.value must be a string");
+    }
+    if (!opts.skipSignatureCheck && pub.signature.value === "") {
+        throw new Error("keys: revocation publication is unsigned");
+    }
+}
+//# sourceMappingURL=key_revocation.js.map

package/dist/keys/key_revocation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"key_revocation.js","sourceRoot":"","sources":["../../src/keys/key_revocation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE7D,4BAA4B;AAC5B,MAAM,CAAC,MAAM,yBAAyB,GAAG,qBAAqB,CAAC;AAC/D,MAAM,CAAC,MAAM,iBAAiB,GAAG,OAAO,CAAC;AACzC,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC;AASnD,+DAA+D;AAC/D,MAAM,UAAU,kBAAkB,CAAC,CAAmB;IACpD,OAAO,CAAC,KAAK,gBAAgB,CAAC;AAChC,CAAC;AAwCD,+EAA+E;AAC/E,MAAM,UAAU,yBAAyB,CACvC,GAA0B,EAC1B,WAAuB,EACvB,YAAoB;IAEpB,IAAI,YAAY,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IACD,6BAA6B,CAAC,GAAG,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;IACjE,GAAG,CAAC,SAAS,CAAC,SAAS,GAAG,SAAS,CAAC;IACpC,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,YAAY,CAAC;IACpC,GAAG,CAAC,SAAS,CAAC,KAAK,GAAG,EAAE,CAAC;IACzB,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;QACjD,WAAW,EAAE,GAAyC;QACtD,IAAI,EAAE,WAAW;QACjB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,gBAAgB;KACzB,CAAC,CAAC;IACH,GAAG,CAAC,SAAS,CAAC,KAAK,GAAI,UAAU,CAAC,SAA+B,CAAC,KAAK,CAAC;IACxE,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,wFAAwF;AACxF,MAAM,UAAU,2BAA2B,CACzC,GAA0B,EAC1B,YAAwB;IAExB,6BAA6B,CAAC,GAAG,CAAC,CAAC;IACnC,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,EAAE,EAAE,EAAE,GAAG,eAAe,CAAC;QAC7B,UAAU,EAAE,GAAyC;QACrD,SAAS,EAAE,YAAY;QACvB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,gBAAgB;KACzB,CAAC,CAAC;IACH,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,iEAAiE;AACjE,MAAM,UAAU,6BAA6B,CAC3C,GAA0B,EAC1B,OAAyC,EAAE;IAE3C,IAAI,GAAG,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CACb,qCAAqC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,yBAAyB,EAAE,CACnG,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;IAChF,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACjD,MAAM,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC,CAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,kBAAkB,CAAC,CAAC;QAC7D,CAAC;QACD,IACE,CAAC,CAAC,MAAM,KAAK,gBAAgB;YAC7B,CAAC,CAAC,MAAM,KAAK,YAAY;YACzB,CAAC,CAAC,MAAM,KAAK,wBAAwB;YACrC,CAAC,CAAC,MAAM,KAAK,gBAAgB,EAC7B,CAAC;YACD,MAAM,IAAI,KAAK,CACb,sBAAsB,CAAC,YAAY,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CACzE,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,KAAK,EAAE,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,sBAAsB,CAAC,CAAC;QACjE,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,8BAA8B,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,SAAS,EAAE,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;IACnF,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;AACH,CAAC"}

package/dist/keys/request.d.ts ADDED Viewed

@@ -0,0 +1,124 @@
+/**
+ * SEMP_KEYS request / response per CLIENT.md §5.4 + KEY.md §4.
+ *
+ * Clients send a SEMP_KEYS request over their authenticated session
+ * to ask the home server for one or more recipient users' published
+ * keys. The home server fulfills the request from cache or by
+ * fetching from the remote domain's well-known URI / federation
+ * session and returns a SEMP_KEYS response.
+ *
+ * @module
+ */
+/** Wire-level type discriminator. */
+export declare const KeysRequestType = "SEMP_KEYS";
+/** Wire-level version per ENVELOPE.md §1.4. */
+export declare const KeysRequestVersion = "1.0.0";
+/** Step discriminator for SEMP_KEYS messages. */
+export type KeysRequestStep = "request" | "response";
+/** Per-address lookup status per CLIENT.md §5.4.5. */
+export type KeysResultStatus = "found" | "not_found" | "error";
+/** A single key record per KEY.md §3 / §10.6. */
+export interface KeyRecord {
+    algorithm: string;
+    /** Base64-encoded public key. */
+    public_key: string;
+    /** Lowercase-hex SHA-256 fingerprint. */
+    key_id: string;
+    /** Key kind: "identity" | "encryption". */
+    key_type?: string;
+    /** Address the key belongs to (for user-key records). */
+    address?: string;
+    /** ISO 8601 UTC. */
+    created?: string;
+    /** ISO 8601 UTC; absent for non-expiring keys. */
+    expires?: string;
+    /** Per-key revocation block when the key has been revoked. */
+    revocation?: {
+        reason: string;
+        /** ISO 8601 UTC. */
+        revoked_at: string;
+        /** Optional successor key fingerprint. */
+        replacement_key_id?: string;
+    };
+}
+/** Reusable signature block. */
+export interface KeysSignatureBlock {
+    algorithm: string;
+    key_id: string;
+    /** Base64. */
+    value: string;
+}
+/** SEMP_KEYS request schema per §5.4.1. */
+export interface KeysRequest {
+    type: typeof KeysRequestType;
+    step: "request";
+    version: string;
+    /** ULID for the request — used to correlate the response. */
+    id: string;
+    /** ISO 8601 UTC. */
+    timestamp: string;
+    addresses: string[];
+    /** Default `true`. When false, the response omits domain key records. */
+    include_domain_keys: boolean;
+}
+/** SEMP_KEYS response schema per §5.4.3. */
+export interface KeysResponse {
+    type: typeof KeysRequestType;
+    step: "response";
+    version: string;
+    /** Echo of the originating request id. */
+    id: string;
+    /** ISO 8601 UTC. */
+    timestamp: string;
+    results: KeysResponseResult[];
+}
+/** One entry in a {@link KeysResponse} per §5.4.5. */
+export interface KeysResponseResult {
+    address: string;
+    status: KeysResultStatus;
+    /** Recipient's domain (suffix of `address` after `@`). */
+    domain: string;
+    /** Domain signing key record (when `include_domain_keys === true`). */
+    domain_key?: KeyRecord;
+    /** Domain encryption key record (when `include_domain_keys === true`). */
+    domain_enc_key?: KeyRecord;
+    /** Per-user key set. Always present (possibly empty) on `status === "found"`. */
+    user_keys: KeyRecord[];
+    /** Remote domain's signature over the key material per §5.4.5. */
+    origin_signature?: KeysSignatureBlock;
+    /** Human-readable diagnostic; populated only on `status === "error"`. */
+    error_reason?: string;
+}
+/**
+ * Construct a SEMP_KEYS request with `version` + `timestamp`
+ * pre-populated and `include_domain_keys` set to the spec default
+ * (true).
+ */
+export declare function newKeysRequest(id: string, addresses: string[], nowFn?: () => Date): KeysRequest;
+/** Construct a SEMP_KEYS response echoing `requestId`. */
+export declare function newKeysResponse(requestId: string, results: KeysResponseResult[], nowFn?: () => Date): KeysResponse;
+/**
+ * Validate a SEMP_KEYS request structurally per §5.4.1. Throws on
+ * the first violation.
+ */
+export declare function validateKeysRequest(req: KeysRequest): void;
+/**
+ * Minimal stream interface a {@link KeysFetcher} consumes. Both the
+ * h2 client's turn-based Conn and an in-memory channel pair satisfy
+ * this shape.
+ */
+export interface KeysClientStream {
+    send(message: Uint8Array): Promise<void>;
+    receive(): Promise<Uint8Array | null>;
+}
+/**
+ * Send a SEMP_KEYS request on the supplied stream and parse the
+ * response. The home server is expected to fulfill the request
+ * synchronously and respond on the same stream.
+ *
+ * Returns the parsed {@link KeysResponse}. Throws on transport
+ * failure, malformed JSON, response that is not a SEMP_KEYS
+ * response, or response whose `id` does not match the request.
+ */
+export declare function fetchKeys(stream: KeysClientStream, req: KeysRequest): Promise<KeysResponse>;
+//# sourceMappingURL=request.d.ts.map

package/dist/keys/request.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../src/keys/request.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,qCAAqC;AACrC,eAAO,MAAM,eAAe,cAAc,CAAC;AAE3C,+CAA+C;AAC/C,eAAO,MAAM,kBAAkB,UAAU,CAAC;AAE1C,iDAAiD;AACjD,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,UAAU,CAAC;AAErD,sDAAsD;AACtD,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,WAAW,GAAG,OAAO,CAAC;AAE/D,iDAAiD;AACjD,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yDAAyD;IACzD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8DAA8D;IAC9D,UAAU,CAAC,EAAE;QACX,MAAM,EAAE,MAAM,CAAC;QACf,oBAAoB;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,0CAA0C;QAC1C,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;CACH;AAED,gCAAgC;AAChC,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED,2CAA2C;AAC3C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,OAAO,eAAe,CAAC;IAC7B,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,6DAA6D;IAC7D,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,yEAAyE;IACzE,mBAAmB,EAAE,OAAO,CAAC;CAC9B;AAED,4CAA4C;AAC5C,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,OAAO,eAAe,CAAC;IAC7B,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,kBAAkB,EAAE,CAAC;CAC/B;AAED,sDAAsD;AACtD,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,gBAAgB,CAAC;IACzB,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uEAAuE;IACvE,UAAU,CAAC,EAAE,SAAS,CAAC;IACvB,0EAA0E;IAC1E,cAAc,CAAC,EAAE,SAAS,CAAC;IAC3B,iFAAiF;IACjF,SAAS,EAAE,SAAS,EAAE,CAAC;IACvB,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,kBAAkB,CAAC;IACtC,yEAAyE;IACzE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAC5B,EAAE,EAAE,MAAM,EACV,SAAS,EAAE,MAAM,EAAE,EACnB,KAAK,GAAE,MAAM,IAAuB,GACnC,WAAW,CAgBb;AAED,0DAA0D;AAC1D,wBAAgB,eAAe,CAC7B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,kBAAkB,EAAE,EAC7B,KAAK,GAAE,MAAM,IAAuB,GACnC,YAAY,CAYd;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,WAAW,GAAG,IAAI,CA8B1D;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;CACvC;AAED;;;;;;;;GAQG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,WAAW,GACf,OAAO,CAAC,YAAY,CAAC,CAuCvB"}