npm - @sempdev/semp - Versions diffs - 0.4.3 - Mend

@sempdev/semp 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/LICENSE +21 -0
package/README.md +59 -0
package/dist/brief/address.d.ts +77 -0
package/dist/brief/address.d.ts.map +1 -0
package/dist/brief/address.js +217 -0
package/dist/brief/address.js.map +1 -0
package/dist/brief/brief.d.ts +75 -0
package/dist/brief/brief.d.ts.map +1 -0
package/dist/brief/brief.js +56 -0
package/dist/brief/brief.js.map +1 -0
package/dist/brief/index.d.ts +11 -0
package/dist/brief/index.d.ts.map +1 -0
package/dist/brief/index.js +11 -0
package/dist/brief/index.js.map +1 -0
package/dist/canonical/index.d.ts +8 -0
package/dist/canonical/index.d.ts.map +1 -0
package/dist/canonical/index.js +8 -0
package/dist/canonical/index.js.map +1 -0
package/dist/canonical/marshal.d.ts +35 -0
package/dist/canonical/marshal.d.ts.map +1 -0
package/dist/canonical/marshal.js +107 -0
package/dist/canonical/marshal.js.map +1 -0
package/dist/clockskew/index.d.ts +52 -0
package/dist/clockskew/index.d.ts.map +1 -0
package/dist/clockskew/index.js +62 -0
package/dist/clockskew/index.js.map +1 -0
package/dist/closure/closure.d.ts +106 -0
package/dist/closure/closure.d.ts.map +1 -0
package/dist/closure/closure.js +152 -0
package/dist/closure/closure.js.map +1 -0
package/dist/closure/driver.d.ts +103 -0
package/dist/closure/driver.d.ts.map +1 -0
package/dist/closure/driver.js +126 -0
package/dist/closure/driver.js.map +1 -0
package/dist/closure/index.d.ts +13 -0
package/dist/closure/index.d.ts.map +1 -0
package/dist/closure/index.js +13 -0
package/dist/closure/index.js.map +1 -0
package/dist/closure/store.d.ts +80 -0
package/dist/closure/store.d.ts.map +1 -0
package/dist/closure/store.js +89 -0
package/dist/closure/store.js.map +1 -0
package/dist/crypto/aead.d.ts +29 -0
package/dist/crypto/aead.d.ts.map +1 -0
package/dist/crypto/aead.js +48 -0
package/dist/crypto/aead.js.map +1 -0
package/dist/crypto/argon2.d.ts +20 -0
package/dist/crypto/argon2.d.ts.map +1 -0
package/dist/crypto/argon2.js +28 -0
package/dist/crypto/argon2.js.map +1 -0
package/dist/crypto/index.d.ts +14 -0
package/dist/crypto/index.d.ts.map +1 -0
package/dist/crypto/index.js +14 -0
package/dist/crypto/index.js.map +1 -0
package/dist/crypto/kdf.d.ts +96 -0
package/dist/crypto/kdf.d.ts.map +1 -0
package/dist/crypto/kdf.js +122 -0
package/dist/crypto/kdf.js.map +1 -0
package/dist/crypto/kem.d.ts +85 -0
package/dist/crypto/kem.d.ts.map +1 -0
package/dist/crypto/kem.js +130 -0
package/dist/crypto/kem.js.map +1 -0
package/dist/crypto/mac.d.ts +19 -0
package/dist/crypto/mac.d.ts.map +1 -0
package/dist/crypto/mac.js +32 -0
package/dist/crypto/mac.js.map +1 -0
package/dist/delivery/ack.d.ts +125 -0
package/dist/delivery/ack.d.ts.map +1 -0
package/dist/delivery/ack.js +141 -0
package/dist/delivery/ack.js.map +1 -0
package/dist/delivery/blocklist.d.ts +87 -0
package/dist/delivery/blocklist.d.ts.map +1 -0
package/dist/delivery/blocklist.js +107 -0
package/dist/delivery/blocklist.js.map +1 -0
package/dist/delivery/cancel.d.ts +60 -0
package/dist/delivery/cancel.d.ts.map +1 -0
package/dist/delivery/cancel.js +43 -0
package/dist/delivery/cancel.js.map +1 -0
package/dist/delivery/disposition.d.ts +106 -0
package/dist/delivery/disposition.d.ts.map +1 -0
package/dist/delivery/disposition.js +105 -0
package/dist/delivery/disposition.js.map +1 -0
package/dist/delivery/fetch.d.ts +59 -0
package/dist/delivery/fetch.d.ts.map +1 -0
package/dist/delivery/fetch.js +47 -0
package/dist/delivery/fetch.js.map +1 -0
package/dist/delivery/forwarder.d.ts +106 -0
package/dist/delivery/forwarder.d.ts.map +1 -0
package/dist/delivery/forwarder.js +251 -0
package/dist/delivery/forwarder.js.map +1 -0
package/dist/delivery/inbox.d.ts +42 -0
package/dist/delivery/inbox.d.ts.map +1 -0
package/dist/delivery/inbox.js +68 -0
package/dist/delivery/inbox.js.map +1 -0
package/dist/delivery/index.d.ts +31 -0
package/dist/delivery/index.d.ts.map +1 -0
package/dist/delivery/index.js +31 -0
package/dist/delivery/index.js.map +1 -0
package/dist/delivery/internalroute.d.ts +50 -0
package/dist/delivery/internalroute.d.ts.map +1 -0
package/dist/delivery/internalroute.js +23 -0
package/dist/delivery/internalroute.js.map +1 -0
package/dist/delivery/pipeline.d.ts +153 -0
package/dist/delivery/pipeline.d.ts.map +1 -0
package/dist/delivery/pipeline.js +356 -0
package/dist/delivery/pipeline.js.map +1 -0
package/dist/delivery/policy_state.d.ts +105 -0
package/dist/delivery/policy_state.d.ts.map +1 -0
package/dist/delivery/policy_state.js +293 -0
package/dist/delivery/policy_state.js.map +1 -0
package/dist/delivery/queue.d.ts +47 -0
package/dist/delivery/queue.d.ts.map +1 -0
package/dist/delivery/queue.js +33 -0
package/dist/delivery/queue.js.map +1 -0
package/dist/delivery/receipt.d.ts +137 -0
package/dist/delivery/receipt.d.ts.map +1 -0
package/dist/delivery/receipt.js +181 -0
package/dist/delivery/receipt.js.map +1 -0
package/dist/delivery/receipt_store.d.ts +81 -0
package/dist/delivery/receipt_store.d.ts.map +1 -0
package/dist/delivery/receipt_store.js +74 -0
package/dist/delivery/receipt_store.js.map +1 -0
package/dist/delivery/retry.d.ts +78 -0
package/dist/delivery/retry.d.ts.map +1 -0
package/dist/delivery/retry.js +132 -0
package/dist/delivery/retry.js.map +1 -0
package/dist/delivery/scheduler.d.ts +156 -0
package/dist/delivery/scheduler.d.ts.map +1 -0
package/dist/delivery/scheduler.js +349 -0
package/dist/delivery/scheduler.js.map +1 -0
package/dist/delivery/stage_partition.d.ts +87 -0
package/dist/delivery/stage_partition.d.ts.map +1 -0
package/dist/delivery/stage_partition.js +122 -0
package/dist/delivery/stage_partition.js.map +1 -0
package/dist/delivery/staged_runner.d.ts +100 -0
package/dist/delivery/staged_runner.d.ts.map +1 -0
package/dist/delivery/staged_runner.js +277 -0
package/dist/delivery/staged_runner.js.map +1 -0
package/dist/delivery/submission.d.ts +72 -0
package/dist/delivery/submission.d.ts.map +1 -0
package/dist/delivery/submission.js +58 -0
package/dist/delivery/submission.js.map +1 -0
package/dist/delivery/sync.d.ts +68 -0
package/dist/delivery/sync.d.ts.map +1 -0
package/dist/delivery/sync.js +99 -0
package/dist/delivery/sync.js.map +1 -0
package/dist/delivery/user_policy.d.ts +74 -0
package/dist/delivery/user_policy.d.ts.map +1 -0
package/dist/delivery/user_policy.js +140 -0
package/dist/delivery/user_policy.js.map +1 -0
package/dist/discovery/cache.d.ts +37 -0
package/dist/discovery/cache.d.ts.map +1 -0
package/dist/discovery/cache.js +45 -0
package/dist/discovery/cache.js.map +1 -0
package/dist/discovery/configuration.d.ts +97 -0
package/dist/discovery/configuration.d.ts.map +1 -0
package/dist/discovery/configuration.js +146 -0
package/dist/discovery/configuration.js.map +1 -0
package/dist/discovery/dns.d.ts +56 -0
package/dist/discovery/dns.d.ts.map +1 -0
package/dist/discovery/dns.js +120 -0
package/dist/discovery/dns.js.map +1 -0
package/dist/discovery/domain_keys.d.ts +62 -0
package/dist/discovery/domain_keys.d.ts.map +1 -0
package/dist/discovery/domain_keys.js +89 -0
package/dist/discovery/domain_keys.js.map +1 -0
package/dist/discovery/index.d.ts +19 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +19 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/lookup.d.ts +72 -0
package/dist/discovery/lookup.d.ts.map +1 -0
package/dist/discovery/lookup.js +121 -0
package/dist/discovery/lookup.js.map +1 -0
package/dist/discovery/onion.d.ts +34 -0
package/dist/discovery/onion.d.ts.map +1 -0
package/dist/discovery/onion.js +61 -0
package/dist/discovery/onion.js.map +1 -0
package/dist/discovery/partition.d.ts +96 -0
package/dist/discovery/partition.d.ts.map +1 -0
package/dist/discovery/partition.js +247 -0
package/dist/discovery/partition.js.map +1 -0
package/dist/discovery/resolver.d.ts +113 -0
package/dist/discovery/resolver.d.ts.map +1 -0
package/dist/discovery/resolver.js +176 -0
package/dist/discovery/resolver.js.map +1 -0
package/dist/discovery/txt.d.ts +39 -0
package/dist/discovery/txt.d.ts.map +1 -0
package/dist/discovery/txt.js +71 -0
package/dist/discovery/txt.js.map +1 -0
package/dist/enclosure/forwarding.d.ts +128 -0
package/dist/enclosure/forwarding.d.ts.map +1 -0
package/dist/enclosure/forwarding.js +119 -0
package/dist/enclosure/forwarding.js.map +1 -0
package/dist/enclosure/index.d.ts +11 -0
package/dist/enclosure/index.d.ts.map +1 -0
package/dist/enclosure/index.js +11 -0
package/dist/enclosure/index.js.map +1 -0
package/dist/envelope/buckets.d.ts +38 -0
package/dist/envelope/buckets.d.ts.map +1 -0
package/dist/envelope/buckets.js +73 -0
package/dist/envelope/buckets.js.map +1 -0
package/dist/envelope/canonical.d.ts +28 -0
package/dist/envelope/canonical.d.ts.map +1 -0
package/dist/envelope/canonical.js +54 -0
package/dist/envelope/canonical.js.map +1 -0
package/dist/envelope/compose.d.ts +171 -0
package/dist/envelope/compose.d.ts.map +1 -0
package/dist/envelope/compose.js +237 -0
package/dist/envelope/compose.js.map +1 -0
package/dist/envelope/encode.d.ts +41 -0
package/dist/envelope/encode.d.ts.map +1 -0
package/dist/envelope/encode.js +69 -0
package/dist/envelope/encode.js.map +1 -0
package/dist/envelope/index.d.ts +20 -0
package/dist/envelope/index.d.ts.map +1 -0
package/dist/envelope/index.js +20 -0
package/dist/envelope/index.js.map +1 -0
package/dist/envelope/open_any.d.ts +48 -0
package/dist/envelope/open_any.d.ts.map +1 -0
package/dist/envelope/open_any.js +81 -0
package/dist/envelope/open_any.js.map +1 -0
package/dist/envelope/open_verified.d.ts +59 -0
package/dist/envelope/open_verified.d.ts.map +1 -0
package/dist/envelope/open_verified.js +67 -0
package/dist/envelope/open_verified.js.map +1 -0
package/dist/envelope/padding.d.ts +55 -0
package/dist/envelope/padding.d.ts.map +1 -0
package/dist/envelope/padding.js +162 -0
package/dist/envelope/padding.js.map +1 -0
package/dist/envelope/rejection.d.ts +22 -0
package/dist/envelope/rejection.d.ts.map +1 -0
package/dist/envelope/rejection.js +30 -0
package/dist/envelope/rejection.js.map +1 -0
package/dist/envelope/sendtime.d.ts +49 -0
package/dist/envelope/sendtime.d.ts.map +1 -0
package/dist/envelope/sendtime.js +87 -0
package/dist/envelope/sendtime.js.map +1 -0
package/dist/envelope/verify.d.ts +29 -0
package/dist/envelope/verify.d.ts.map +1 -0
package/dist/envelope/verify.js +90 -0
package/dist/envelope/verify.js.map +1 -0
package/dist/extensions/index.d.ts +7 -0
package/dist/extensions/index.d.ts.map +1 -0
package/dist/extensions/index.js +7 -0
package/dist/extensions/index.js.map +1 -0
package/dist/extensions/limits.d.ts +101 -0
package/dist/extensions/limits.d.ts.map +1 -0
package/dist/extensions/limits.js +175 -0
package/dist/extensions/limits.js.map +1 -0
package/dist/handshake/abort.d.ts +49 -0
package/dist/handshake/abort.d.ts.map +1 -0
package/dist/handshake/abort.js +82 -0
package/dist/handshake/abort.js.map +1 -0
package/dist/handshake/capabilities.d.ts +46 -0
package/dist/handshake/capabilities.d.ts.map +1 -0
package/dist/handshake/capabilities.js +114 -0
package/dist/handshake/capabilities.js.map +1 -0
package/dist/handshake/client_state.d.ts +186 -0
package/dist/handshake/client_state.d.ts.map +1 -0
package/dist/handshake/client_state.js +520 -0
package/dist/handshake/client_state.js.map +1 -0
package/dist/handshake/confirm.d.ts +21 -0
package/dist/handshake/confirm.d.ts.map +1 -0
package/dist/handshake/confirm.js +27 -0
package/dist/handshake/confirm.js.map +1 -0
package/dist/handshake/driver.d.ts +126 -0
package/dist/handshake/driver.d.ts.map +1 -0
package/dist/handshake/driver.js +251 -0
package/dist/handshake/driver.js.map +1 -0
package/dist/handshake/federation.d.ts +365 -0
package/dist/handshake/federation.d.ts.map +1 -0
package/dist/handshake/federation.js +664 -0
package/dist/handshake/federation.js.map +1 -0
package/dist/handshake/first_contact.d.ts +57 -0
package/dist/handshake/first_contact.d.ts.map +1 -0
package/dist/handshake/first_contact.js +124 -0
package/dist/handshake/first_contact.js.map +1 -0
package/dist/handshake/identity.d.ts +101 -0
package/dist/handshake/identity.d.ts.map +1 -0
package/dist/handshake/identity.js +117 -0
package/dist/handshake/identity.js.map +1 -0
package/dist/handshake/index.d.ts +21 -0
package/dist/handshake/index.d.ts.map +1 -0
package/dist/handshake/index.js +21 -0
package/dist/handshake/index.js.map +1 -0
package/dist/handshake/messages.d.ts +176 -0
package/dist/handshake/messages.d.ts.map +1 -0
package/dist/handshake/messages.js +125 -0
package/dist/handshake/messages.js.map +1 -0
package/dist/handshake/pow.d.ts +53 -0
package/dist/handshake/pow.d.ts.map +1 -0
package/dist/handshake/pow.js +142 -0
package/dist/handshake/pow.js.map +1 -0
package/dist/handshake/resume_driver.d.ts +56 -0
package/dist/handshake/resume_driver.d.ts.map +1 -0
package/dist/handshake/resume_driver.js +75 -0
package/dist/handshake/resume_driver.js.map +1 -0
package/dist/handshake/server.d.ts +112 -0
package/dist/handshake/server.d.ts.map +1 -0
package/dist/handshake/server.js +247 -0
package/dist/handshake/server.js.map +1 -0
package/dist/handshake/server_state.d.ts +102 -0
package/dist/handshake/server_state.d.ts.map +1 -0
package/dist/handshake/server_state.js +278 -0
package/dist/handshake/server_state.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +33 -0
package/dist/index.js.map +1 -0
package/dist/keys/compromise.d.ts +118 -0
package/dist/keys/compromise.d.ts.map +1 -0
package/dist/keys/compromise.js +218 -0
package/dist/keys/compromise.js.map +1 -0
package/dist/keys/device_certificate.d.ts +166 -0
package/dist/keys/device_certificate.d.ts.map +1 -0
package/dist/keys/device_certificate.js +328 -0
package/dist/keys/device_certificate.js.map +1 -0
package/dist/keys/device_records.d.ts +175 -0
package/dist/keys/device_records.d.ts.map +1 -0
package/dist/keys/device_records.js +418 -0
package/dist/keys/device_records.js.map +1 -0
package/dist/keys/directory_cache.d.ts +64 -0
package/dist/keys/directory_cache.d.ts.map +1 -0
package/dist/keys/directory_cache.js +98 -0
package/dist/keys/directory_cache.js.map +1 -0
package/dist/keys/directory_state.d.ts +79 -0
package/dist/keys/directory_state.d.ts.map +1 -0
package/dist/keys/directory_state.js +155 -0
package/dist/keys/directory_state.js.map +1 -0
package/dist/keys/index.d.ts +18 -0
package/dist/keys/index.d.ts.map +1 -0
package/dist/keys/index.js +18 -0
package/dist/keys/index.js.map +1 -0
package/dist/keys/key_revocation.d.ts +61 -0
package/dist/keys/key_revocation.d.ts.map +1 -0
package/dist/keys/key_revocation.js +88 -0
package/dist/keys/key_revocation.js.map +1 -0
package/dist/keys/request.d.ts +124 -0
package/dist/keys/request.d.ts.map +1 -0
package/dist/keys/request.js +130 -0
package/dist/keys/request.js.map +1 -0
package/dist/keys/sign.d.ts +49 -0
package/dist/keys/sign.d.ts.map +1 -0
package/dist/keys/sign.js +80 -0
package/dist/keys/sign.js.map +1 -0
package/dist/keys/signed.d.ts +80 -0
package/dist/keys/signed.d.ts.map +1 -0
package/dist/keys/signed.js +138 -0
package/dist/keys/signed.js.map +1 -0
package/dist/keys/store.d.ts +138 -0
package/dist/keys/store.d.ts.map +1 -0
package/dist/keys/store.js +107 -0
package/dist/keys/store.js.map +1 -0
package/dist/largeattachment/crypto.d.ts +47 -0
package/dist/largeattachment/crypto.d.ts.map +1 -0
package/dist/largeattachment/crypto.js +235 -0
package/dist/largeattachment/crypto.js.map +1 -0
package/dist/largeattachment/enclosure.d.ts +48 -0
package/dist/largeattachment/enclosure.d.ts.map +1 -0
package/dist/largeattachment/enclosure.js +102 -0
package/dist/largeattachment/enclosure.js.map +1 -0
package/dist/largeattachment/index.d.ts +15 -0
package/dist/largeattachment/index.d.ts.map +1 -0
package/dist/largeattachment/index.js +15 -0
package/dist/largeattachment/index.js.map +1 -0
package/dist/largeattachment/store.d.ts +36 -0
package/dist/largeattachment/store.d.ts.map +1 -0
package/dist/largeattachment/store.js +37 -0
package/dist/largeattachment/store.js.map +1 -0
package/dist/largeattachment/types.d.ts +56 -0
package/dist/largeattachment/types.d.ts.map +1 -0
package/dist/largeattachment/types.js +31 -0
package/dist/largeattachment/types.js.map +1 -0
package/dist/largeattachment/upload.d.ts +62 -0
package/dist/largeattachment/upload.d.ts.map +1 -0
package/dist/largeattachment/upload.js +166 -0
package/dist/largeattachment/upload.js.map +1 -0
package/dist/migration/index.d.ts +17 -0
package/dist/migration/index.d.ts.map +1 -0
package/dist/migration/index.js +17 -0
package/dist/migration/index.js.map +1 -0
package/dist/migration/lockout.d.ts +48 -0
package/dist/migration/lockout.d.ts.map +1 -0
package/dist/migration/lockout.js +57 -0
package/dist/migration/lockout.js.map +1 -0
package/dist/migration/migration.d.ts +48 -0
package/dist/migration/migration.d.ts.map +1 -0
package/dist/migration/migration.js +58 -0
package/dist/migration/migration.js.map +1 -0
package/dist/migration/notice.d.ts +33 -0
package/dist/migration/notice.d.ts.map +1 -0
package/dist/migration/notice.js +85 -0
package/dist/migration/notice.js.map +1 -0
package/dist/migration/orchestrate.d.ts +109 -0
package/dist/migration/orchestrate.d.ts.map +1 -0
package/dist/migration/orchestrate.js +212 -0
package/dist/migration/orchestrate.js.map +1 -0
package/dist/migration/publication_store.d.ts +34 -0
package/dist/migration/publication_store.d.ts.map +1 -0
package/dist/migration/publication_store.js +44 -0
package/dist/migration/publication_store.js.map +1 -0
package/dist/migration/sign.d.ts +65 -0
package/dist/migration/sign.d.ts.map +1 -0
package/dist/migration/sign.js +331 -0
package/dist/migration/sign.js.map +1 -0
package/dist/migration/types.d.ts +92 -0
package/dist/migration/types.d.ts.map +1 -0
package/dist/migration/types.js +26 -0
package/dist/migration/types.js.map +1 -0
package/dist/reasoncodes.d.ts +42 -0
package/dist/reasoncodes.d.ts.map +1 -0
package/dist/reasoncodes.js +80 -0
package/dist/reasoncodes.js.map +1 -0
package/dist/recovery/bundle.d.ts +34 -0
package/dist/recovery/bundle.d.ts.map +1 -0
package/dist/recovery/bundle.js +144 -0
package/dist/recovery/bundle.js.map +1 -0
package/dist/recovery/bundle_crypto.d.ts +60 -0
package/dist/recovery/bundle_crypto.d.ts.map +1 -0
package/dist/recovery/bundle_crypto.js +179 -0
package/dist/recovery/bundle_crypto.js.map +1 -0
package/dist/recovery/bundle_store.d.ts +57 -0
package/dist/recovery/bundle_store.d.ts.map +1 -0
package/dist/recovery/bundle_store.js +104 -0
package/dist/recovery/bundle_store.js.map +1 -0
package/dist/recovery/index.d.ts +19 -0
package/dist/recovery/index.d.ts.map +1 -0
package/dist/recovery/index.js +19 -0
package/dist/recovery/index.js.map +1 -0
package/dist/recovery/manifest_crosscheck.d.ts +59 -0
package/dist/recovery/manifest_crosscheck.d.ts.map +1 -0
package/dist/recovery/manifest_crosscheck.js +59 -0
package/dist/recovery/manifest_crosscheck.js.map +1 -0
package/dist/recovery/shamir.d.ts +51 -0
package/dist/recovery/shamir.d.ts.map +1 -0
package/dist/recovery/shamir.js +181 -0
package/dist/recovery/shamir.js.map +1 -0
package/dist/recovery/sign.d.ts +61 -0
package/dist/recovery/sign.d.ts.map +1 -0
package/dist/recovery/sign.js +359 -0
package/dist/recovery/sign.js.map +1 -0
package/dist/recovery/types.d.ts +180 -0
package/dist/recovery/types.d.ts.map +1 -0
package/dist/recovery/types.js +31 -0
package/dist/recovery/types.js.map +1 -0
package/dist/reputation/abuse_report.d.ts +62 -0
package/dist/reputation/abuse_report.d.ts.map +1 -0
package/dist/reputation/abuse_report.js +111 -0
package/dist/reputation/abuse_report.js.map +1 -0
package/dist/reputation/bucketize.d.ts +31 -0
package/dist/reputation/bucketize.d.ts.map +1 -0
package/dist/reputation/bucketize.js +77 -0
package/dist/reputation/bucketize.js.map +1 -0
package/dist/reputation/gossip.d.ts +24 -0
package/dist/reputation/gossip.d.ts.map +1 -0
package/dist/reputation/gossip.js +64 -0
package/dist/reputation/gossip.js.map +1 -0
package/dist/reputation/gossip_fetch.d.ts +64 -0
package/dist/reputation/gossip_fetch.d.ts.map +1 -0
package/dist/reputation/gossip_fetch.js +114 -0
package/dist/reputation/gossip_fetch.js.map +1 -0
package/dist/reputation/index.d.ts +20 -0
package/dist/reputation/index.d.ts.map +1 -0
package/dist/reputation/index.js +20 -0
package/dist/reputation/index.js.map +1 -0
package/dist/reputation/observation_store.d.ts +67 -0
package/dist/reputation/observation_store.d.ts.map +1 -0
package/dist/reputation/observation_store.js +171 -0
package/dist/reputation/observation_store.js.map +1 -0
package/dist/reputation/pow.d.ts +91 -0
package/dist/reputation/pow.d.ts.map +1 -0
package/dist/reputation/pow.js +209 -0
package/dist/reputation/pow.js.map +1 -0
package/dist/reputation/sign.d.ts +40 -0
package/dist/reputation/sign.d.ts.map +1 -0
package/dist/reputation/sign.js +202 -0
package/dist/reputation/sign.js.map +1 -0
package/dist/reputation/types.d.ts +133 -0
package/dist/reputation/types.d.ts.map +1 -0
package/dist/reputation/types.js +33 -0
package/dist/reputation/types.js.map +1 -0
package/dist/reputation/whois.d.ts +25 -0
package/dist/reputation/whois.d.ts.map +1 -0
package/dist/reputation/whois.js +20 -0
package/dist/reputation/whois.js.map +1 -0
package/dist/seal/index.d.ts +8 -0
package/dist/seal/index.d.ts.map +1 -0
package/dist/seal/index.js +8 -0
package/dist/seal/index.js.map +1 -0
package/dist/seal/wrap.d.ts +74 -0
package/dist/seal/wrap.d.ts.map +1 -0
package/dist/seal/wrap.js +213 -0
package/dist/seal/wrap.js.map +1 -0
package/dist/session/dispatcher.d.ts +65 -0
package/dist/session/dispatcher.d.ts.map +1 -0
package/dist/session/dispatcher.js +96 -0
package/dist/session/dispatcher.js.map +1 -0
package/dist/session/index.d.ts +15 -0
package/dist/session/index.d.ts.map +1 -0
package/dist/session/index.js +15 -0
package/dist/session/index.js.map +1 -0
package/dist/session/rekey.d.ts +108 -0
package/dist/session/rekey.d.ts.map +1 -0
package/dist/session/rekey.js +207 -0
package/dist/session/rekey.js.map +1 -0
package/dist/session/rekey_seal.d.ts +66 -0
package/dist/session/rekey_seal.d.ts.map +1 -0
package/dist/session/rekey_seal.js +153 -0
package/dist/session/rekey_seal.js.map +1 -0
package/dist/session/resume.d.ts +125 -0
package/dist/session/resume.d.ts.map +1 -0
package/dist/session/resume.js +263 -0
package/dist/session/resume.js.map +1 -0
package/dist/session/session.d.ts +136 -0
package/dist/session/session.d.ts.map +1 -0
package/dist/session/session.js +188 -0
package/dist/session/session.js.map +1 -0
package/dist/transparency/index.d.ts +13 -0
package/dist/transparency/index.d.ts.map +1 -0
package/dist/transparency/index.js +13 -0
package/dist/transparency/index.js.map +1 -0
package/dist/transparency/log.d.ts +61 -0
package/dist/transparency/log.d.ts.map +1 -0
package/dist/transparency/log.js +133 -0
package/dist/transparency/log.js.map +1 -0
package/dist/transparency/merkle.d.ts +59 -0
package/dist/transparency/merkle.d.ts.map +1 -0
package/dist/transparency/merkle.js +314 -0
package/dist/transparency/merkle.js.map +1 -0
package/dist/transparency/sign.d.ts +48 -0
package/dist/transparency/sign.d.ts.map +1 -0
package/dist/transparency/sign.js +140 -0
package/dist/transparency/sign.js.map +1 -0
package/dist/transparency/types.d.ts +97 -0
package/dist/transparency/types.d.ts.map +1 -0
package/dist/transparency/types.js +25 -0
package/dist/transparency/types.js.map +1 -0
package/dist/transport/h2.d.ts +163 -0
package/dist/transport/h2.d.ts.map +1 -0
package/dist/transport/h2.js +397 -0
package/dist/transport/h2.js.map +1 -0
package/dist/transport/index.d.ts +15 -0
package/dist/transport/index.d.ts.map +1 -0
package/dist/transport/index.js +15 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/memory.d.ts +21 -0
package/dist/transport/memory.d.ts.map +1 -0
package/dist/transport/memory.js +112 -0
package/dist/transport/memory.js.map +1 -0
package/dist/transport/transport.d.ts +54 -0
package/dist/transport/transport.d.ts.map +1 -0
package/dist/transport/transport.js +20 -0
package/dist/transport/transport.js.map +1 -0
package/dist/transport/ws.d.ts +40 -0
package/dist/transport/ws.d.ts.map +1 -0
package/dist/transport/ws.js +204 -0
package/dist/transport/ws.js.map +1 -0
package/package.json +147 -0

package/dist/keys/store.js ADDED Viewed

@@ -0,0 +1,107 @@
+/**
+ * Persistence interfaces and reference in-memory implementation for
+ * SEMP key records per KEY.md §4 / §8 / §9.
+ *
+ * The `KeyStore` interface is the layer-1 contract: it holds public
+ * key records (domain + user) and revocation state. `PrivateKeyStore`
+ * adds access to the user's own private key material in
+ * encrypted-at-rest form per KEY.md §9.1.
+ *
+ * Server implementations and client implementations have different
+ * storage needs but expose the same interfaces so handshake,
+ * envelope, and delivery code can be written once.
+ *
+ * The reference {@link InMemoryKeyStore} is intended for tests,
+ * single-process demos, and reference-implementation builds. It is
+ * NOT a production storage layer:
+ *
+ *   - Private keys are held in memory in plaintext (no encryption at
+ *     rest, no KDF, no hardware backing). This violates KEY.md §9.1.
+ *   - There is no persistence: process restart loses everything.
+ *
+ * @module
+ */
+/**
+ * Reference in-memory {@link KeyStore} + {@link PrivateKeyStore}.
+ * Tests, demos, and the reference build only.
+ */
+export class InMemoryKeyStore {
+    domainKeys = new Map();
+    userKeys = new Map();
+    privateKeys = new Map();
+    deviceCerts = new Map();
+    /** Persist a domain record under `domain`. */
+    putDomainRecord(domain, rec) {
+        this.domainKeys.set(domain, rec);
+    }
+    lookupDomainKey(domain) {
+        return this.domainKeys.get(domain) ?? null;
+    }
+    lookupUserKeys(address, keyTypes) {
+        const all = this.userKeys.get(address) ?? [];
+        if (keyTypes === undefined || keyTypes.length === 0) {
+            return all.slice();
+        }
+        const want = new Set(keyTypes);
+        return all.filter((r) => want.has(r.key_type));
+    }
+    putRecord(rec) {
+        if (rec.key_type === "domain") {
+            // Domain records are addressed by domain; callers should use
+            // putDomainRecord directly. No-op here to match the semp-go
+            // reference shape.
+            return;
+        }
+        if (rec.address === undefined || rec.address === "") {
+            throw new Error("keys: putRecord on user key requires address");
+        }
+        const list = this.userKeys.get(rec.address);
+        if (list === undefined) {
+            this.userKeys.set(rec.address, [rec]);
+        }
+        else {
+            list.push(rec);
+        }
+    }
+    putRevocation(keyId, rev) {
+        for (const list of this.userKeys.values()) {
+            for (const r of list) {
+                if (r.key_id === keyId) {
+                    r.revocation = rev;
+                }
+            }
+        }
+        for (const r of this.domainKeys.values()) {
+            if (r.key_id === keyId) {
+                r.revocation = rev;
+            }
+        }
+    }
+    lookupDeviceCertificate(deviceKeyId) {
+        return this.deviceCerts.get(deviceKeyId) ?? null;
+    }
+    putDeviceCertificate(cert) {
+        // Stored under the delegated device's public-key fingerprint —
+        // matches the LookupDeviceCertificate(fp) parameter shape used
+        // by the scope-enforcement path. Callers compute the fingerprint
+        // from cert.device_public_key.
+        if (cert.device_id === "") {
+            throw new Error("keys: putDeviceCertificate certificate missing device_id");
+        }
+        this.deviceCerts.set(cert.device_id, cert);
+    }
+    loadPrivateKey(keyId) {
+        const k = this.privateKeys.get(keyId);
+        if (k === undefined) {
+            throw new Error(`keys: private key ${JSON.stringify(keyId)} not found`);
+        }
+        return k.slice();
+    }
+    storePrivateKey(keyId, privateKey) {
+        if (keyId === "") {
+            throw new Error("keys: storePrivateKey empty keyId");
+        }
+        this.privateKeys.set(keyId, privateKey.slice());
+    }
+}
+//# sourceMappingURL=store.js.map

package/dist/keys/store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/keys/store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAsGH;;;GAGG;AACH,MAAM,OAAO,gBAAgB;IACnB,UAAU,GAAG,IAAI,GAAG,EAA0B,CAAC;IAC/C,QAAQ,GAAG,IAAI,GAAG,EAA4B,CAAC;IAC/C,WAAW,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC5C,WAAW,GAAG,IAAI,GAAG,EAA6B,CAAC;IAE3D,8CAA8C;IAC9C,eAAe,CAAC,MAAc,EAAE,GAAmB;QACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACnC,CAAC;IAED,eAAe,CAAC,MAAc;QAC5B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC;IAC7C,CAAC;IAED,cAAc,CAAC,OAAe,EAAE,QAAoB;QAClD,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC7C,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpD,OAAO,GAAG,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC/B,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,SAAS,CAAC,GAAmB;QAC3B,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC9B,6DAA6D;YAC7D,4DAA4D;YAC5D,mBAAmB;YACnB,OAAO;QACT,CAAC;QACD,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,IAAI,GAAG,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACxC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,aAAa,CAAC,KAAa,EAAE,GAAe;QAC1C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1C,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;gBACrB,IAAI,CAAC,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBACvB,CAAC,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,CAAC;YACH,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC;YACzC,IAAI,CAAC,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBACvB,CAAC,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,CAAC;QACH,CAAC;IACH,CAAC;IAED,uBAAuB,CAAC,WAAmB;QACzC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;IACnD,CAAC;IAED,oBAAoB,CAAC,IAAuB;QAC1C,+DAA+D;QAC/D,+DAA+D;QAC/D,iEAAiE;QACjE,+BAA+B;QAC/B,IAAI,IAAI,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAC7C,CAAC;IAED,cAAc,CAAC,KAAa;QAC1B,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;IAED,eAAe,CAAC,KAAa,EAAE,UAAsB;QACnD,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;IAClD,CAAC;CACF"}

package/dist/largeattachment/crypto.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+/**
+ * Per-attachment key derivation, AAD construction, ciphertext hash,
+ * URL/item validation per ATTACHMENTS.md §2.3, §3.1, §3.2, §4.1.
+ *
+ * @module
+ */
+import { type Item } from "./types.js";
+/**
+ * Derive K_attachment from K_enclosure per §3.1: `HKDF-Expand(PRK =
+ * K_enclosure, info = "semp-attachment:" || attachment_id, L)`.
+ *
+ * `kEnclosure` is used directly as the PRK (no Extract step). This
+ * runs the RFC 5869 §2.3 expansion loop manually because @noble's
+ * strict `expand` rejects PRK shorter than HashLen, while §3.1
+ * passes a 32-byte K_enclosure as the PRK to a SHA-512-based HKDF.
+ *
+ * `outputLen` MUST equal the AEAD's key length for the negotiated
+ * suite (32 bytes for both ChaCha20-Poly1305 and XChaCha20-Poly1305).
+ */
+export declare function deriveAttachmentKey(kEnclosure: Uint8Array, attachmentId: string, outputLen: number): Uint8Array;
+/**
+ * AEAD additional-data input bound into each attachment's
+ * ciphertext per §3.2: canonical UTF-8 JSON of the item with
+ * `ciphertext_hash`, `aead_nonce`, and `extensions` set to empty
+ * values (`""`, `""`, `{}` — but `extensions` is dropped by the
+ * canonicalizer when it's the optional `extensions` field).
+ *
+ * Binding the metadata into AAD prevents an attacker from swapping
+ * `filename` or `mime_type` while leaving the ciphertext intact.
+ */
+export declare function additionalData(item: Item): Uint8Array;
+/** §2.3 ciphertext_hash for `ciphertext`, in `sha256:hex` form. */
+export declare function ciphertextHash(ciphertext: Uint8Array): string;
+/**
+ * Report whether `item.ciphertext_hash` matches the SHA-256 of
+ * `ciphertext` per §6 step 3c. Returns true on match.
+ */
+export declare function verifyCiphertextHash(item: Item, ciphertext: Uint8Array): boolean;
+/**
+ * Apply the §4.1 URL rules: scheme MUST be `https`; host MUST be a
+ * fully qualified domain name or an IPv6 literal in brackets; bare
+ * IPv4 literals MUST NOT be used. Throws on the first violation.
+ */
+export declare function validateUrl(raw: string): void;
+/** Structural validation per §2.3 + §4.1. Throws on first violation. */
+export declare function validateItem(item: Item): void;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/largeattachment/crypto.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/largeattachment/crypto.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,OAAO,EACL,KAAK,IAAI,EAGV,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;GAWG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,UAAU,EACtB,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,MAAM,GAChB,UAAU,CAYZ;AAED;;;;;;;;;GASG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,IAAI,GAAG,UAAU,CASrD;AAED,mEAAmE;AACnE,wBAAgB,cAAc,CAAC,UAAU,EAAE,UAAU,GAAG,MAAM,CAG7D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,UAAU,GACrB,OAAO,CAqBT;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAqC7C;AAED,wEAAwE;AACxE,wBAAgB,YAAY,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,CA8B7C"}

package/dist/largeattachment/crypto.js ADDED Viewed

@@ -0,0 +1,235 @@
+/**
+ * Per-attachment key derivation, AAD construction, ciphertext hash,
+ * URL/item validation per ATTACHMENTS.md §2.3, §3.1, §3.2, §4.1.
+ *
+ * @module
+ */
+import { hmac } from "@noble/hashes/hmac.js";
+import { sha256, sha512 } from "@noble/hashes/sha2.js";
+import { marshal as canonicalMarshal } from "../canonical/index.js";
+import { HKDFInfoPrefix, HashAlgorithmSHA256, } from "./types.js";
+/**
+ * Derive K_attachment from K_enclosure per §3.1: `HKDF-Expand(PRK =
+ * K_enclosure, info = "semp-attachment:" || attachment_id, L)`.
+ *
+ * `kEnclosure` is used directly as the PRK (no Extract step). This
+ * runs the RFC 5869 §2.3 expansion loop manually because @noble's
+ * strict `expand` rejects PRK shorter than HashLen, while §3.1
+ * passes a 32-byte K_enclosure as the PRK to a SHA-512-based HKDF.
+ *
+ * `outputLen` MUST equal the AEAD's key length for the negotiated
+ * suite (32 bytes for both ChaCha20-Poly1305 and XChaCha20-Poly1305).
+ */
+export function deriveAttachmentKey(kEnclosure, attachmentId, outputLen) {
+    if (kEnclosure.length === 0) {
+        throw new Error("largeattachment: empty K_enclosure");
+    }
+    if (attachmentId === "") {
+        throw new Error("largeattachment: empty attachment_id");
+    }
+    if (!Number.isInteger(outputLen) || outputLen <= 0) {
+        throw new Error(`largeattachment: invalid output length ${outputLen}`);
+    }
+    const info = new TextEncoder().encode(HKDFInfoPrefix + attachmentId);
+    return hkdfExpandSHA512(kEnclosure, info, outputLen);
+}
+/**
+ * AEAD additional-data input bound into each attachment's
+ * ciphertext per §3.2: canonical UTF-8 JSON of the item with
+ * `ciphertext_hash`, `aead_nonce`, and `extensions` set to empty
+ * values (`""`, `""`, `{}` — but `extensions` is dropped by the
+ * canonicalizer when it's the optional `extensions` field).
+ *
+ * Binding the metadata into AAD prevents an attacker from swapping
+ * `filename` or `mime_type` while leaving the ciphertext intact.
+ */
+export function additionalData(item) {
+    const clone = { ...item };
+    clone.ciphertext_hash = "";
+    clone.aead_nonce = "";
+    // Per §3.2 the AAD form has extensions zeroed. Drop the optional
+    // field entirely so omission and an empty object produce identical
+    // canonical bytes.
+    delete clone.extensions;
+    return canonicalMarshal(clone);
+}
+/** §2.3 ciphertext_hash for `ciphertext`, in `sha256:hex` form. */
+export function ciphertextHash(ciphertext) {
+    const sum = sha256(ciphertext);
+    return HashAlgorithmSHA256 + ":" + bytesToHex(sum);
+}
+/**
+ * Report whether `item.ciphertext_hash` matches the SHA-256 of
+ * `ciphertext` per §6 step 3c. Returns true on match.
+ */
+export function verifyCiphertextHash(item, ciphertext) {
+    if (item.ciphertext_hash === "") {
+        return false;
+    }
+    const colon = item.ciphertext_hash.indexOf(":");
+    if (colon < 0) {
+        return false;
+    }
+    const algo = item.ciphertext_hash.slice(0, colon);
+    const hex = item.ciphertext_hash.slice(colon + 1);
+    if (algo !== HashAlgorithmSHA256) {
+        return false;
+    }
+    let want;
+    try {
+        want = hexToBytes(hex);
+    }
+    catch {
+        return false;
+    }
+    const got = sha256(ciphertext);
+    return bytesEqual(want, got);
+}
+/**
+ * Apply the §4.1 URL rules: scheme MUST be `https`; host MUST be a
+ * fully qualified domain name or an IPv6 literal in brackets; bare
+ * IPv4 literals MUST NOT be used. Throws on the first violation.
+ */
+export function validateUrl(raw) {
+    if (raw === "") {
+        throw new Error("largeattachment: empty url");
+    }
+    let u;
+    try {
+        u = new URL(raw);
+    }
+    catch (err) {
+        throw new Error(`largeattachment: parse url: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    if (u.protocol !== "https:") {
+        throw new Error(`largeattachment: url scheme ${JSON.stringify(u.protocol.replace(/:$/, ""))}, want https`);
+    }
+    const host = u.hostname;
+    if (host === "") {
+        throw new Error("largeattachment: url has no host");
+    }
+    // u.hostname strips brackets from IPv6 literals; the original raw
+    // URL may still reveal them. We accept IPv6 if it parses as an IP
+    // and contains ':'.
+    if (looksLikeIPv6(host)) {
+        return; // IPv6 literal — accepted
+    }
+    if (looksLikeIPv4(host)) {
+        throw new Error(`largeattachment: url host ${JSON.stringify(host)} is a bare IPv4 literal; FQDN required`);
+    }
+    if (!host.includes(".")) {
+        throw new Error(`largeattachment: url host ${JSON.stringify(host)} is not a fully qualified domain name`);
+    }
+}
+/** Structural validation per §2.3 + §4.1. Throws on first violation. */
+export function validateItem(item) {
+    if (typeof item.id !== "string" || item.id === "") {
+        throw new Error("largeattachment: item missing id");
+    }
+    if (typeof item.filename !== "string" || item.filename === "") {
+        throw new Error("largeattachment: item missing filename");
+    }
+    if (item.filename.includes("/") || item.filename.includes("\\")) {
+        throw new Error(`largeattachment: filename ${JSON.stringify(item.filename)} contains path separator`);
+    }
+    if (typeof item.mime_type !== "string" || item.mime_type === "") {
+        throw new Error("largeattachment: item missing mime_type");
+    }
+    if (!Number.isInteger(item.plaintext_size) || item.plaintext_size < 0) {
+        throw new Error(`largeattachment: plaintext_size ${item.plaintext_size} MUST be >= 0`);
+    }
+    validateUrl(item.url);
+    if (typeof item.ciphertext_hash !== "string" || item.ciphertext_hash === "") {
+        throw new Error("largeattachment: item missing ciphertext_hash");
+    }
+    if (typeof item.aead_algorithm !== "string" || item.aead_algorithm === "") {
+        throw new Error("largeattachment: item missing aead_algorithm");
+    }
+    if (typeof item.aead_nonce !== "string" || item.aead_nonce === "") {
+        throw new Error("largeattachment: item missing aead_nonce");
+    }
+}
+// ---------------------------------------------------------------------------
+// Internal helpers
+function looksLikeIPv6(host) {
+    // u.hostname for `https://[::1]/` returns `::1` (no brackets).
+    return host.includes(":");
+}
+function looksLikeIPv4(host) {
+    // Strict dotted-quad: 4 numeric octets in [0, 255].
+    const parts = host.split(".");
+    if (parts.length !== 4) {
+        return false;
+    }
+    for (const p of parts) {
+        if (p === "" || /[^\d]/.test(p)) {
+            return false;
+        }
+        const n = Number.parseInt(p, 10);
+        if (!Number.isFinite(n) || n < 0 || n > 255) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * RFC 5869 HKDF-Expand with HMAC-SHA-512. Permits PRK shorter than
+ * HashLen (matches §3.1's "PRK = K_enclosure" semantics).
+ */
+function hkdfExpandSHA512(prk, info, length) {
+    const hashLen = 64;
+    const N = Math.ceil(length / hashLen);
+    if (N > 255) {
+        throw new Error("largeattachment: HKDF-Expand requested length too large");
+    }
+    let prev = new Uint8Array(0);
+    const out = new Uint8Array(length);
+    let written = 0;
+    for (let i = 1; i <= N; i++) {
+        const buf = new Uint8Array(prev.length + info.length + 1);
+        buf.set(prev, 0);
+        buf.set(info, prev.length);
+        buf[prev.length + info.length] = i;
+        const t = hmac(sha512, prk, buf);
+        const take = Math.min(hashLen, length - written);
+        out.set(t.slice(0, take), written);
+        written += take;
+        prev = t;
+    }
+    return out;
+}
+function bytesEqual(a, b) {
+    if (a.length !== b.length) {
+        return false;
+    }
+    let diff = 0;
+    for (let i = 0; i < a.length; i++) {
+        diff |= (a[i] ?? 0) ^ (b[i] ?? 0);
+    }
+    return diff === 0;
+}
+function bytesToHex(b) {
+    if (typeof Buffer !== "undefined") {
+        return Buffer.from(b).toString("hex");
+    }
+    let out = "";
+    for (let i = 0; i < b.length; i++) {
+        out += (b[i] ?? 0).toString(16).padStart(2, "0");
+    }
+    return out;
+}
+function hexToBytes(hex) {
+    if (hex.length % 2 !== 0) {
+        throw new Error("hex: odd length");
+    }
+    const out = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        const byte = Number.parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+        if (Number.isNaN(byte)) {
+            throw new Error("hex: invalid character");
+        }
+        out[i] = byte;
+    }
+    return out;
+}
+//# sourceMappingURL=crypto.js.map

package/dist/largeattachment/crypto.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/largeattachment/crypto.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAEvD,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEpE,OAAO,EAEL,cAAc,EACd,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,mBAAmB,CACjC,UAAsB,EACtB,YAAoB,EACpB,SAAiB;IAEjB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,YAAY,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,0CAA0C,SAAS,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,GAAG,YAAY,CAAC,CAAC;IACrE,OAAO,gBAAgB,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,cAAc,CAAC,IAAU;IACvC,MAAM,KAAK,GAA4B,EAAE,GAAG,IAAI,EAAE,CAAC;IACnD,KAAK,CAAC,eAAe,GAAG,EAAE,CAAC;IAC3B,KAAK,CAAC,UAAU,GAAG,EAAE,CAAC;IACtB,iEAAiE;IACjE,mEAAmE;IACnE,mBAAmB;IACnB,OAAO,KAAK,CAAC,UAAU,CAAC;IACxB,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;AACjC,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,cAAc,CAAC,UAAsB;IACnD,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IAC/B,OAAO,mBAAmB,GAAG,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,IAAU,EACV,UAAsB;IAEtB,IAAI,IAAI,CAAC,eAAe,KAAK,EAAE,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChD,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;IAClD,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,IAAgB,CAAC;IACrB,IAAI,CAAC;QACH,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IAC/B,OAAO,UAAU,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AAC/B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,+BAA+B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAClF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CACb,+BAA+B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,cAAc,CAC1F,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC;IACxB,IAAI,IAAI,KAAK,EAAE,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,kEAAkE;IAClE,kEAAkE;IAClE,oBAAoB;IACpB,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,0BAA0B;IACpC,CAAC;IACD,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,6BAA6B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,wCAAwC,CAC1F,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,6BAA6B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,uCAAuC,CACzF,CAAC;IACJ,CAAC;AACH,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,YAAY,CAAC,IAAU;IACrC,IAAI,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,IAAI,IAAI,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CACb,6BAA6B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CACrF,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,IAAI,IAAI,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QACtE,MAAM,IAAI,KAAK,CACb,mCAAmC,IAAI,CAAC,cAAc,eAAe,CACtE,CAAC;IACJ,CAAC;IACD,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtB,IAAI,OAAO,IAAI,CAAC,eAAe,KAAK,QAAQ,IAAI,IAAI,CAAC,eAAe,KAAK,EAAE,EAAE,CAAC;QAC5E,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ,IAAI,IAAI,CAAC,cAAc,KAAK,EAAE,EAAE,CAAC;QAC1E,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,KAAK,EAAE,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AAEnB,SAAS,aAAa,CAAC,IAAY;IACjC,+DAA+D;IAC/D,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,oDAAoD;IACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,KAAK,EAAE,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAChC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;YAC5C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CACvB,GAAe,EACf,IAAgB,EAChB,MAAc;IAEd,MAAM,OAAO,GAAG,EAAE,CAAC;IACnB,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC;IACtC,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,IAAI,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACnC,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC1D,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACjB,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3B,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC;QACjD,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;QACnC,OAAO,IAAI,IAAI,CAAC;QAChB,IAAI,GAAG,CAAC,CAAC;IACX,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,CAAa,EAAE,CAAa;IAC9C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,UAAU,CAAC,CAAa;IAC/B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/largeattachment/enclosure.d.ts ADDED Viewed

@@ -0,0 +1,48 @@
+/**
+ * Helpers for placing / reading large-attachment items inside an
+ * enclosure's `extensions` map per ATTACHMENTS.md §2.1.
+ *
+ * The wire shape under the enclosure is:
+ *
+ * ```json
+ * {
+ *   "extensions": {
+ *     "semp.dev/large-attachment": { "data": { "items": [ ... ] } }
+ *   }
+ * }
+ * ```
+ *
+ * @module
+ */
+import { type Item } from "./types.js";
+/**
+ * Read the array of items from the extensions map. Returns an
+ * empty array when the extension is absent. Throws when the
+ * entry is present but malformed.
+ */
+export declare function readFromExtensions(extensions: Record<string, unknown> | undefined): Item[];
+/**
+ * Append `newItems` to the existing items list under the
+ * `semp.dev/large-attachment` extension. Returns a NEW extensions
+ * map (input not mutated). Use when the caller may already have
+ * other items in the list.
+ */
+export declare function appendToExtensions(extensions: Record<string, unknown> | undefined, newItems: Item[]): Record<string, unknown>;
+/**
+ * Replace the entire items list under the
+ * `semp.dev/large-attachment` extension. Returns a NEW extensions
+ * map (input not mutated). When `items` is empty, removes the
+ * extension entirely.
+ */
+export declare function setOnExtensions(extensions: Record<string, unknown> | undefined, items: Item[]): Record<string, unknown>;
+/**
+ * Remove the `semp.dev/large-attachment` extension entry, if any.
+ * Returns a NEW extensions map (input not mutated).
+ */
+export declare function removeFromExtensions(extensions: Record<string, unknown> | undefined): Record<string, unknown>;
+/**
+ * Look up an item by its `id`. Returns the item or `null` when not
+ * found. Throws if the extension entry is structurally malformed.
+ */
+export declare function findById(extensions: Record<string, unknown> | undefined, id: string): Item | null;
+//# sourceMappingURL=enclosure.d.ts.map

package/dist/largeattachment/enclosure.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"enclosure.d.ts","sourceRoot":"","sources":["../../src/largeattachment/enclosure.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAsB,KAAK,IAAI,EAAgB,MAAM,YAAY,CAAC;AAEzE;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GAC9C,IAAI,EAAE,CAiCR;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,EAC/C,QAAQ,EAAE,IAAI,EAAE,GACf,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAGzB;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,EAC/C,KAAK,EAAE,IAAI,EAAE,GACZ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CASzB;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GAC9C,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAIzB;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CACtB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,EAC/C,EAAE,EAAE,MAAM,GACT,IAAI,GAAG,IAAI,CAOb"}

package/dist/largeattachment/enclosure.js ADDED Viewed

@@ -0,0 +1,102 @@
+/**
+ * Helpers for placing / reading large-attachment items inside an
+ * enclosure's `extensions` map per ATTACHMENTS.md §2.1.
+ *
+ * The wire shape under the enclosure is:
+ *
+ * ```json
+ * {
+ *   "extensions": {
+ *     "semp.dev/large-attachment": { "data": { "items": [ ... ] } }
+ *   }
+ * }
+ * ```
+ *
+ * @module
+ */
+import { ExtensionKey } from "./types.js";
+/**
+ * Read the array of items from the extensions map. Returns an
+ * empty array when the extension is absent. Throws when the
+ * entry is present but malformed.
+ */
+export function readFromExtensions(extensions) {
+    if (extensions === undefined) {
+        return [];
+    }
+    const entry = extensions[ExtensionKey];
+    if (entry === undefined) {
+        return [];
+    }
+    if (typeof entry !== "object" || entry === null || Array.isArray(entry)) {
+        throw new Error(`largeattachment: extensions[${JSON.stringify(ExtensionKey)}] is not an object`);
+    }
+    const data = entry.data;
+    if (data === undefined) {
+        return [];
+    }
+    if (typeof data !== "object" || data === null || Array.isArray(data)) {
+        throw new Error("largeattachment: extension data is not an object");
+    }
+    const items = data.items;
+    if (items === undefined) {
+        return [];
+    }
+    if (!Array.isArray(items)) {
+        throw new Error("largeattachment: extension data.items is not an array");
+    }
+    for (let i = 0; i < items.length; i++) {
+        if (typeof items[i] !== "object" || items[i] === null || Array.isArray(items[i])) {
+            throw new Error(`largeattachment: extension data.items[${i}] is not an object`);
+        }
+    }
+    return items;
+}
+/**
+ * Append `newItems` to the existing items list under the
+ * `semp.dev/large-attachment` extension. Returns a NEW extensions
+ * map (input not mutated). Use when the caller may already have
+ * other items in the list.
+ */
+export function appendToExtensions(extensions, newItems) {
+    const existing = readFromExtensions(extensions);
+    return setOnExtensions(extensions, [...existing, ...newItems]);
+}
+/**
+ * Replace the entire items list under the
+ * `semp.dev/large-attachment` extension. Returns a NEW extensions
+ * map (input not mutated). When `items` is empty, removes the
+ * extension entirely.
+ */
+export function setOnExtensions(extensions, items) {
+    const out = { ...(extensions ?? {}) };
+    if (items.length === 0) {
+        delete out[ExtensionKey];
+        return out;
+    }
+    const data = { items };
+    out[ExtensionKey] = { data };
+    return out;
+}
+/**
+ * Remove the `semp.dev/large-attachment` extension entry, if any.
+ * Returns a NEW extensions map (input not mutated).
+ */
+export function removeFromExtensions(extensions) {
+    const out = { ...(extensions ?? {}) };
+    delete out[ExtensionKey];
+    return out;
+}
+/**
+ * Look up an item by its `id`. Returns the item or `null` when not
+ * found. Throws if the extension entry is structurally malformed.
+ */
+export function findById(extensions, id) {
+    for (const item of readFromExtensions(extensions)) {
+        if (item.id === id) {
+            return item;
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=enclosure.js.map

package/dist/largeattachment/enclosure.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"enclosure.js","sourceRoot":"","sources":["../../src/largeattachment/enclosure.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAiC,YAAY,EAAE,MAAM,YAAY,CAAC;AAEzE;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAChC,UAA+C;IAE/C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IACvC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,KAAK,CACb,+BAA+B,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,oBAAoB,CAChF,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAI,KAAiC,CAAC,IAAI,CAAC;IACrD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,KAAK,GAAI,IAAgC,CAAC,KAAK,CAAC;IACtD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjF,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,oBAAoB,CAAC,CAAC;QAClF,CAAC;IACH,CAAC;IACD,OAAO,KAAe,CAAC;AACzB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAChC,UAA+C,EAC/C,QAAgB;IAEhB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAChD,OAAO,eAAe,CAAC,UAAU,EAAE,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC;AACjE,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,UAA+C,EAC/C,KAAa;IAEb,MAAM,GAAG,GAA4B,EAAE,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE,CAAC;IAC/D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,GAAG,CAAC,YAAY,CAAC,CAAC;QACzB,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,IAAI,GAAkB,EAAE,KAAK,EAAE,CAAC;IACtC,GAAG,CAAC,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;IAC7B,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,UAA+C;IAE/C,MAAM,GAAG,GAA4B,EAAE,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE,CAAC;IAC/D,OAAO,GAAG,CAAC,YAAY,CAAC,CAAC;IACzB,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,QAAQ,CACtB,UAA+C,EAC/C,EAAU;IAEV,KAAK,MAAM,IAAI,IAAI,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC;QAClD,IAAI,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/largeattachment/index.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * Large attachments per ATTACHMENTS.md.
+ *
+ * Sender-side encrypt + recipient-side decrypt flow, per-attachment
+ * key derivation, AAD construction, ciphertext-hash binding,
+ * extension-map helpers, plus a reference in-memory blob store.
+ *
+ * @module
+ */
+export { type ExtensionData, type Item, AEADChaCha20Poly1305, AEADXChaCha20Poly1305, ExtensionKey, HKDFInfoPrefix, HashAlgorithmSHA256, } from "./types.js";
+export { additionalData, ciphertextHash, deriveAttachmentKey, validateItem, validateUrl, verifyCiphertextHash, } from "./crypto.js";
+export { type AttachmentSuite, type EncryptAttachmentInput, type EncryptAttachmentResult, CiphertextHashMismatchError, decryptAttachment, encryptAttachment, } from "./upload.js";
+export { appendToExtensions, findById, readFromExtensions, removeFromExtensions, setOnExtensions, } from "./enclosure.js";
+export { type AttachmentStore, InMemoryAttachmentStore, } from "./store.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/largeattachment/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/largeattachment/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,IAAI,EACT,oBAAoB,EACpB,qBAAqB,EACrB,YAAY,EACZ,cAAc,EACd,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,cAAc,EACd,cAAc,EACd,mBAAmB,EACnB,YAAY,EACZ,WAAW,EACX,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,EAC5B,2BAA2B,EAC3B,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,kBAAkB,EAClB,QAAQ,EACR,kBAAkB,EAClB,oBAAoB,EACpB,eAAe,GAChB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,KAAK,eAAe,EACpB,uBAAuB,GACxB,MAAM,YAAY,CAAC"}

package/dist/largeattachment/index.js ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * Large attachments per ATTACHMENTS.md.
+ *
+ * Sender-side encrypt + recipient-side decrypt flow, per-attachment
+ * key derivation, AAD construction, ciphertext-hash binding,
+ * extension-map helpers, plus a reference in-memory blob store.
+ *
+ * @module
+ */
+export { AEADChaCha20Poly1305, AEADXChaCha20Poly1305, ExtensionKey, HKDFInfoPrefix, HashAlgorithmSHA256, } from "./types.js";
+export { additionalData, ciphertextHash, deriveAttachmentKey, validateItem, validateUrl, verifyCiphertextHash, } from "./crypto.js";
+export { CiphertextHashMismatchError, decryptAttachment, encryptAttachment, } from "./upload.js";
+export { appendToExtensions, findById, readFromExtensions, removeFromExtensions, setOnExtensions, } from "./enclosure.js";
+export { InMemoryAttachmentStore, } from "./store.js";
+//# sourceMappingURL=index.js.map

package/dist/largeattachment/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/largeattachment/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAGL,oBAAoB,EACpB,qBAAqB,EACrB,YAAY,EACZ,cAAc,EACd,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,cAAc,EACd,cAAc,EACd,mBAAmB,EACnB,YAAY,EACZ,WAAW,EACX,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAErB,OAAO,EAIL,2BAA2B,EAC3B,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,kBAAkB,EAClB,QAAQ,EACR,kBAAkB,EAClB,oBAAoB,EACpB,eAAe,GAChB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAEL,uBAAuB,GACxB,MAAM,YAAY,CAAC"}

package/dist/largeattachment/store.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * Operator-side store interface for large-attachment ciphertext
+ * blobs per ATTACHMENTS.md §4.2 + §4.3.
+ *
+ * The store holds the encrypted blobs that envelopes reference by
+ * URL. Production deployments wrap S3, GCS, a CDN, etc.; this
+ * module ships an in-memory reference for tests + demos.
+ *
+ * @module
+ */
+/**
+ * Minimal storage interface: `put` an attachment by id;
+ * `get` retrieves the bytes; `stat` returns size + presence; `del`
+ * removes.
+ */
+export interface AttachmentStore {
+    put(id: string, ciphertext: Uint8Array): Promise<void>;
+    get(id: string): Promise<Uint8Array | null>;
+    stat(id: string): Promise<{
+        size: number;
+        present: boolean;
+    }>;
+    del(id: string): Promise<void>;
+}
+/** Reference in-memory store. Single-process only. */
+export declare class InMemoryAttachmentStore implements AttachmentStore {
+    private readonly blobs;
+    put(id: string, ciphertext: Uint8Array): Promise<void>;
+    get(id: string): Promise<Uint8Array | null>;
+    stat(id: string): Promise<{
+        size: number;
+        present: boolean;
+    }>;
+    del(id: string): Promise<void>;
+}
+//# sourceMappingURL=store.d.ts.map

package/dist/largeattachment/store.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/largeattachment/store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAC9D,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAChC;AAED,sDAAsD;AACtD,qBAAa,uBAAwB,YAAW,eAAe;IAC7D,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAiC;IAEjD,GAAG,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAUtD,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAI3C,IAAI,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAQ7D,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGrC"}