npm - @sempdev/semp - Versions diffs - 0.4.3 - Mend

@sempdev/semp 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/LICENSE +21 -0
package/README.md +59 -0
package/dist/brief/address.d.ts +77 -0
package/dist/brief/address.d.ts.map +1 -0
package/dist/brief/address.js +217 -0
package/dist/brief/address.js.map +1 -0
package/dist/brief/brief.d.ts +75 -0
package/dist/brief/brief.d.ts.map +1 -0
package/dist/brief/brief.js +56 -0
package/dist/brief/brief.js.map +1 -0
package/dist/brief/index.d.ts +11 -0
package/dist/brief/index.d.ts.map +1 -0
package/dist/brief/index.js +11 -0
package/dist/brief/index.js.map +1 -0
package/dist/canonical/index.d.ts +8 -0
package/dist/canonical/index.d.ts.map +1 -0
package/dist/canonical/index.js +8 -0
package/dist/canonical/index.js.map +1 -0
package/dist/canonical/marshal.d.ts +35 -0
package/dist/canonical/marshal.d.ts.map +1 -0
package/dist/canonical/marshal.js +107 -0
package/dist/canonical/marshal.js.map +1 -0
package/dist/clockskew/index.d.ts +52 -0
package/dist/clockskew/index.d.ts.map +1 -0
package/dist/clockskew/index.js +62 -0
package/dist/clockskew/index.js.map +1 -0
package/dist/closure/closure.d.ts +106 -0
package/dist/closure/closure.d.ts.map +1 -0
package/dist/closure/closure.js +152 -0
package/dist/closure/closure.js.map +1 -0
package/dist/closure/driver.d.ts +103 -0
package/dist/closure/driver.d.ts.map +1 -0
package/dist/closure/driver.js +126 -0
package/dist/closure/driver.js.map +1 -0
package/dist/closure/index.d.ts +13 -0
package/dist/closure/index.d.ts.map +1 -0
package/dist/closure/index.js +13 -0
package/dist/closure/index.js.map +1 -0
package/dist/closure/store.d.ts +80 -0
package/dist/closure/store.d.ts.map +1 -0
package/dist/closure/store.js +89 -0
package/dist/closure/store.js.map +1 -0
package/dist/crypto/aead.d.ts +29 -0
package/dist/crypto/aead.d.ts.map +1 -0
package/dist/crypto/aead.js +48 -0
package/dist/crypto/aead.js.map +1 -0
package/dist/crypto/argon2.d.ts +20 -0
package/dist/crypto/argon2.d.ts.map +1 -0
package/dist/crypto/argon2.js +28 -0
package/dist/crypto/argon2.js.map +1 -0
package/dist/crypto/index.d.ts +14 -0
package/dist/crypto/index.d.ts.map +1 -0
package/dist/crypto/index.js +14 -0
package/dist/crypto/index.js.map +1 -0
package/dist/crypto/kdf.d.ts +96 -0
package/dist/crypto/kdf.d.ts.map +1 -0
package/dist/crypto/kdf.js +122 -0
package/dist/crypto/kdf.js.map +1 -0
package/dist/crypto/kem.d.ts +85 -0
package/dist/crypto/kem.d.ts.map +1 -0
package/dist/crypto/kem.js +130 -0
package/dist/crypto/kem.js.map +1 -0
package/dist/crypto/mac.d.ts +19 -0
package/dist/crypto/mac.d.ts.map +1 -0
package/dist/crypto/mac.js +32 -0
package/dist/crypto/mac.js.map +1 -0
package/dist/delivery/ack.d.ts +125 -0
package/dist/delivery/ack.d.ts.map +1 -0
package/dist/delivery/ack.js +141 -0
package/dist/delivery/ack.js.map +1 -0
package/dist/delivery/blocklist.d.ts +87 -0
package/dist/delivery/blocklist.d.ts.map +1 -0
package/dist/delivery/blocklist.js +107 -0
package/dist/delivery/blocklist.js.map +1 -0
package/dist/delivery/cancel.d.ts +60 -0
package/dist/delivery/cancel.d.ts.map +1 -0
package/dist/delivery/cancel.js +43 -0
package/dist/delivery/cancel.js.map +1 -0
package/dist/delivery/disposition.d.ts +106 -0
package/dist/delivery/disposition.d.ts.map +1 -0
package/dist/delivery/disposition.js +105 -0
package/dist/delivery/disposition.js.map +1 -0
package/dist/delivery/fetch.d.ts +59 -0
package/dist/delivery/fetch.d.ts.map +1 -0
package/dist/delivery/fetch.js +47 -0
package/dist/delivery/fetch.js.map +1 -0
package/dist/delivery/forwarder.d.ts +106 -0
package/dist/delivery/forwarder.d.ts.map +1 -0
package/dist/delivery/forwarder.js +251 -0
package/dist/delivery/forwarder.js.map +1 -0
package/dist/delivery/inbox.d.ts +42 -0
package/dist/delivery/inbox.d.ts.map +1 -0
package/dist/delivery/inbox.js +68 -0
package/dist/delivery/inbox.js.map +1 -0
package/dist/delivery/index.d.ts +31 -0
package/dist/delivery/index.d.ts.map +1 -0
package/dist/delivery/index.js +31 -0
package/dist/delivery/index.js.map +1 -0
package/dist/delivery/internalroute.d.ts +50 -0
package/dist/delivery/internalroute.d.ts.map +1 -0
package/dist/delivery/internalroute.js +23 -0
package/dist/delivery/internalroute.js.map +1 -0
package/dist/delivery/pipeline.d.ts +153 -0
package/dist/delivery/pipeline.d.ts.map +1 -0
package/dist/delivery/pipeline.js +356 -0
package/dist/delivery/pipeline.js.map +1 -0
package/dist/delivery/policy_state.d.ts +105 -0
package/dist/delivery/policy_state.d.ts.map +1 -0
package/dist/delivery/policy_state.js +293 -0
package/dist/delivery/policy_state.js.map +1 -0
package/dist/delivery/queue.d.ts +47 -0
package/dist/delivery/queue.d.ts.map +1 -0
package/dist/delivery/queue.js +33 -0
package/dist/delivery/queue.js.map +1 -0
package/dist/delivery/receipt.d.ts +137 -0
package/dist/delivery/receipt.d.ts.map +1 -0
package/dist/delivery/receipt.js +181 -0
package/dist/delivery/receipt.js.map +1 -0
package/dist/delivery/receipt_store.d.ts +81 -0
package/dist/delivery/receipt_store.d.ts.map +1 -0
package/dist/delivery/receipt_store.js +74 -0
package/dist/delivery/receipt_store.js.map +1 -0
package/dist/delivery/retry.d.ts +78 -0
package/dist/delivery/retry.d.ts.map +1 -0
package/dist/delivery/retry.js +132 -0
package/dist/delivery/retry.js.map +1 -0
package/dist/delivery/scheduler.d.ts +156 -0
package/dist/delivery/scheduler.d.ts.map +1 -0
package/dist/delivery/scheduler.js +349 -0
package/dist/delivery/scheduler.js.map +1 -0
package/dist/delivery/stage_partition.d.ts +87 -0
package/dist/delivery/stage_partition.d.ts.map +1 -0
package/dist/delivery/stage_partition.js +122 -0
package/dist/delivery/stage_partition.js.map +1 -0
package/dist/delivery/staged_runner.d.ts +100 -0
package/dist/delivery/staged_runner.d.ts.map +1 -0
package/dist/delivery/staged_runner.js +277 -0
package/dist/delivery/staged_runner.js.map +1 -0
package/dist/delivery/submission.d.ts +72 -0
package/dist/delivery/submission.d.ts.map +1 -0
package/dist/delivery/submission.js +58 -0
package/dist/delivery/submission.js.map +1 -0
package/dist/delivery/sync.d.ts +68 -0
package/dist/delivery/sync.d.ts.map +1 -0
package/dist/delivery/sync.js +99 -0
package/dist/delivery/sync.js.map +1 -0
package/dist/delivery/user_policy.d.ts +74 -0
package/dist/delivery/user_policy.d.ts.map +1 -0
package/dist/delivery/user_policy.js +140 -0
package/dist/delivery/user_policy.js.map +1 -0
package/dist/discovery/cache.d.ts +37 -0
package/dist/discovery/cache.d.ts.map +1 -0
package/dist/discovery/cache.js +45 -0
package/dist/discovery/cache.js.map +1 -0
package/dist/discovery/configuration.d.ts +97 -0
package/dist/discovery/configuration.d.ts.map +1 -0
package/dist/discovery/configuration.js +146 -0
package/dist/discovery/configuration.js.map +1 -0
package/dist/discovery/dns.d.ts +56 -0
package/dist/discovery/dns.d.ts.map +1 -0
package/dist/discovery/dns.js +120 -0
package/dist/discovery/dns.js.map +1 -0
package/dist/discovery/domain_keys.d.ts +62 -0
package/dist/discovery/domain_keys.d.ts.map +1 -0
package/dist/discovery/domain_keys.js +89 -0
package/dist/discovery/domain_keys.js.map +1 -0
package/dist/discovery/index.d.ts +19 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +19 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/lookup.d.ts +72 -0
package/dist/discovery/lookup.d.ts.map +1 -0
package/dist/discovery/lookup.js +121 -0
package/dist/discovery/lookup.js.map +1 -0
package/dist/discovery/onion.d.ts +34 -0
package/dist/discovery/onion.d.ts.map +1 -0
package/dist/discovery/onion.js +61 -0
package/dist/discovery/onion.js.map +1 -0
package/dist/discovery/partition.d.ts +96 -0
package/dist/discovery/partition.d.ts.map +1 -0
package/dist/discovery/partition.js +247 -0
package/dist/discovery/partition.js.map +1 -0
package/dist/discovery/resolver.d.ts +113 -0
package/dist/discovery/resolver.d.ts.map +1 -0
package/dist/discovery/resolver.js +176 -0
package/dist/discovery/resolver.js.map +1 -0
package/dist/discovery/txt.d.ts +39 -0
package/dist/discovery/txt.d.ts.map +1 -0
package/dist/discovery/txt.js +71 -0
package/dist/discovery/txt.js.map +1 -0
package/dist/enclosure/forwarding.d.ts +128 -0
package/dist/enclosure/forwarding.d.ts.map +1 -0
package/dist/enclosure/forwarding.js +119 -0
package/dist/enclosure/forwarding.js.map +1 -0
package/dist/enclosure/index.d.ts +11 -0
package/dist/enclosure/index.d.ts.map +1 -0
package/dist/enclosure/index.js +11 -0
package/dist/enclosure/index.js.map +1 -0
package/dist/envelope/buckets.d.ts +38 -0
package/dist/envelope/buckets.d.ts.map +1 -0
package/dist/envelope/buckets.js +73 -0
package/dist/envelope/buckets.js.map +1 -0
package/dist/envelope/canonical.d.ts +28 -0
package/dist/envelope/canonical.d.ts.map +1 -0
package/dist/envelope/canonical.js +54 -0
package/dist/envelope/canonical.js.map +1 -0
package/dist/envelope/compose.d.ts +171 -0
package/dist/envelope/compose.d.ts.map +1 -0
package/dist/envelope/compose.js +237 -0
package/dist/envelope/compose.js.map +1 -0
package/dist/envelope/encode.d.ts +41 -0
package/dist/envelope/encode.d.ts.map +1 -0
package/dist/envelope/encode.js +69 -0
package/dist/envelope/encode.js.map +1 -0
package/dist/envelope/index.d.ts +20 -0
package/dist/envelope/index.d.ts.map +1 -0
package/dist/envelope/index.js +20 -0
package/dist/envelope/index.js.map +1 -0
package/dist/envelope/open_any.d.ts +48 -0
package/dist/envelope/open_any.d.ts.map +1 -0
package/dist/envelope/open_any.js +81 -0
package/dist/envelope/open_any.js.map +1 -0
package/dist/envelope/open_verified.d.ts +59 -0
package/dist/envelope/open_verified.d.ts.map +1 -0
package/dist/envelope/open_verified.js +67 -0
package/dist/envelope/open_verified.js.map +1 -0
package/dist/envelope/padding.d.ts +55 -0
package/dist/envelope/padding.d.ts.map +1 -0
package/dist/envelope/padding.js +162 -0
package/dist/envelope/padding.js.map +1 -0
package/dist/envelope/rejection.d.ts +22 -0
package/dist/envelope/rejection.d.ts.map +1 -0
package/dist/envelope/rejection.js +30 -0
package/dist/envelope/rejection.js.map +1 -0
package/dist/envelope/sendtime.d.ts +49 -0
package/dist/envelope/sendtime.d.ts.map +1 -0
package/dist/envelope/sendtime.js +87 -0
package/dist/envelope/sendtime.js.map +1 -0
package/dist/envelope/verify.d.ts +29 -0
package/dist/envelope/verify.d.ts.map +1 -0
package/dist/envelope/verify.js +90 -0
package/dist/envelope/verify.js.map +1 -0
package/dist/extensions/index.d.ts +7 -0
package/dist/extensions/index.d.ts.map +1 -0
package/dist/extensions/index.js +7 -0
package/dist/extensions/index.js.map +1 -0
package/dist/extensions/limits.d.ts +101 -0
package/dist/extensions/limits.d.ts.map +1 -0
package/dist/extensions/limits.js +175 -0
package/dist/extensions/limits.js.map +1 -0
package/dist/handshake/abort.d.ts +49 -0
package/dist/handshake/abort.d.ts.map +1 -0
package/dist/handshake/abort.js +82 -0
package/dist/handshake/abort.js.map +1 -0
package/dist/handshake/capabilities.d.ts +46 -0
package/dist/handshake/capabilities.d.ts.map +1 -0
package/dist/handshake/capabilities.js +114 -0
package/dist/handshake/capabilities.js.map +1 -0
package/dist/handshake/client_state.d.ts +186 -0
package/dist/handshake/client_state.d.ts.map +1 -0
package/dist/handshake/client_state.js +520 -0
package/dist/handshake/client_state.js.map +1 -0
package/dist/handshake/confirm.d.ts +21 -0
package/dist/handshake/confirm.d.ts.map +1 -0
package/dist/handshake/confirm.js +27 -0
package/dist/handshake/confirm.js.map +1 -0
package/dist/handshake/driver.d.ts +126 -0
package/dist/handshake/driver.d.ts.map +1 -0
package/dist/handshake/driver.js +251 -0
package/dist/handshake/driver.js.map +1 -0
package/dist/handshake/federation.d.ts +365 -0
package/dist/handshake/federation.d.ts.map +1 -0
package/dist/handshake/federation.js +664 -0
package/dist/handshake/federation.js.map +1 -0
package/dist/handshake/first_contact.d.ts +57 -0
package/dist/handshake/first_contact.d.ts.map +1 -0
package/dist/handshake/first_contact.js +124 -0
package/dist/handshake/first_contact.js.map +1 -0
package/dist/handshake/identity.d.ts +101 -0
package/dist/handshake/identity.d.ts.map +1 -0
package/dist/handshake/identity.js +117 -0
package/dist/handshake/identity.js.map +1 -0
package/dist/handshake/index.d.ts +21 -0
package/dist/handshake/index.d.ts.map +1 -0
package/dist/handshake/index.js +21 -0
package/dist/handshake/index.js.map +1 -0
package/dist/handshake/messages.d.ts +176 -0
package/dist/handshake/messages.d.ts.map +1 -0
package/dist/handshake/messages.js +125 -0
package/dist/handshake/messages.js.map +1 -0
package/dist/handshake/pow.d.ts +53 -0
package/dist/handshake/pow.d.ts.map +1 -0
package/dist/handshake/pow.js +142 -0
package/dist/handshake/pow.js.map +1 -0
package/dist/handshake/resume_driver.d.ts +56 -0
package/dist/handshake/resume_driver.d.ts.map +1 -0
package/dist/handshake/resume_driver.js +75 -0
package/dist/handshake/resume_driver.js.map +1 -0
package/dist/handshake/server.d.ts +112 -0
package/dist/handshake/server.d.ts.map +1 -0
package/dist/handshake/server.js +247 -0
package/dist/handshake/server.js.map +1 -0
package/dist/handshake/server_state.d.ts +102 -0
package/dist/handshake/server_state.d.ts.map +1 -0
package/dist/handshake/server_state.js +278 -0
package/dist/handshake/server_state.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +33 -0
package/dist/index.js.map +1 -0
package/dist/keys/compromise.d.ts +118 -0
package/dist/keys/compromise.d.ts.map +1 -0
package/dist/keys/compromise.js +218 -0
package/dist/keys/compromise.js.map +1 -0
package/dist/keys/device_certificate.d.ts +166 -0
package/dist/keys/device_certificate.d.ts.map +1 -0
package/dist/keys/device_certificate.js +328 -0
package/dist/keys/device_certificate.js.map +1 -0
package/dist/keys/device_records.d.ts +175 -0
package/dist/keys/device_records.d.ts.map +1 -0
package/dist/keys/device_records.js +418 -0
package/dist/keys/device_records.js.map +1 -0
package/dist/keys/directory_cache.d.ts +64 -0
package/dist/keys/directory_cache.d.ts.map +1 -0
package/dist/keys/directory_cache.js +98 -0
package/dist/keys/directory_cache.js.map +1 -0
package/dist/keys/directory_state.d.ts +79 -0
package/dist/keys/directory_state.d.ts.map +1 -0
package/dist/keys/directory_state.js +155 -0
package/dist/keys/directory_state.js.map +1 -0
package/dist/keys/index.d.ts +18 -0
package/dist/keys/index.d.ts.map +1 -0
package/dist/keys/index.js +18 -0
package/dist/keys/index.js.map +1 -0
package/dist/keys/key_revocation.d.ts +61 -0
package/dist/keys/key_revocation.d.ts.map +1 -0
package/dist/keys/key_revocation.js +88 -0
package/dist/keys/key_revocation.js.map +1 -0
package/dist/keys/request.d.ts +124 -0
package/dist/keys/request.d.ts.map +1 -0
package/dist/keys/request.js +130 -0
package/dist/keys/request.js.map +1 -0
package/dist/keys/sign.d.ts +49 -0
package/dist/keys/sign.d.ts.map +1 -0
package/dist/keys/sign.js +80 -0
package/dist/keys/sign.js.map +1 -0
package/dist/keys/signed.d.ts +80 -0
package/dist/keys/signed.d.ts.map +1 -0
package/dist/keys/signed.js +138 -0
package/dist/keys/signed.js.map +1 -0
package/dist/keys/store.d.ts +138 -0
package/dist/keys/store.d.ts.map +1 -0
package/dist/keys/store.js +107 -0
package/dist/keys/store.js.map +1 -0
package/dist/largeattachment/crypto.d.ts +47 -0
package/dist/largeattachment/crypto.d.ts.map +1 -0
package/dist/largeattachment/crypto.js +235 -0
package/dist/largeattachment/crypto.js.map +1 -0
package/dist/largeattachment/enclosure.d.ts +48 -0
package/dist/largeattachment/enclosure.d.ts.map +1 -0
package/dist/largeattachment/enclosure.js +102 -0
package/dist/largeattachment/enclosure.js.map +1 -0
package/dist/largeattachment/index.d.ts +15 -0
package/dist/largeattachment/index.d.ts.map +1 -0
package/dist/largeattachment/index.js +15 -0
package/dist/largeattachment/index.js.map +1 -0
package/dist/largeattachment/store.d.ts +36 -0
package/dist/largeattachment/store.d.ts.map +1 -0
package/dist/largeattachment/store.js +37 -0
package/dist/largeattachment/store.js.map +1 -0
package/dist/largeattachment/types.d.ts +56 -0
package/dist/largeattachment/types.d.ts.map +1 -0
package/dist/largeattachment/types.js +31 -0
package/dist/largeattachment/types.js.map +1 -0
package/dist/largeattachment/upload.d.ts +62 -0
package/dist/largeattachment/upload.d.ts.map +1 -0
package/dist/largeattachment/upload.js +166 -0
package/dist/largeattachment/upload.js.map +1 -0
package/dist/migration/index.d.ts +17 -0
package/dist/migration/index.d.ts.map +1 -0
package/dist/migration/index.js +17 -0
package/dist/migration/index.js.map +1 -0
package/dist/migration/lockout.d.ts +48 -0
package/dist/migration/lockout.d.ts.map +1 -0
package/dist/migration/lockout.js +57 -0
package/dist/migration/lockout.js.map +1 -0
package/dist/migration/migration.d.ts +48 -0
package/dist/migration/migration.d.ts.map +1 -0
package/dist/migration/migration.js +58 -0
package/dist/migration/migration.js.map +1 -0
package/dist/migration/notice.d.ts +33 -0
package/dist/migration/notice.d.ts.map +1 -0
package/dist/migration/notice.js +85 -0
package/dist/migration/notice.js.map +1 -0
package/dist/migration/orchestrate.d.ts +109 -0
package/dist/migration/orchestrate.d.ts.map +1 -0
package/dist/migration/orchestrate.js +212 -0
package/dist/migration/orchestrate.js.map +1 -0
package/dist/migration/publication_store.d.ts +34 -0
package/dist/migration/publication_store.d.ts.map +1 -0
package/dist/migration/publication_store.js +44 -0
package/dist/migration/publication_store.js.map +1 -0
package/dist/migration/sign.d.ts +65 -0
package/dist/migration/sign.d.ts.map +1 -0
package/dist/migration/sign.js +331 -0
package/dist/migration/sign.js.map +1 -0
package/dist/migration/types.d.ts +92 -0
package/dist/migration/types.d.ts.map +1 -0
package/dist/migration/types.js +26 -0
package/dist/migration/types.js.map +1 -0
package/dist/reasoncodes.d.ts +42 -0
package/dist/reasoncodes.d.ts.map +1 -0
package/dist/reasoncodes.js +80 -0
package/dist/reasoncodes.js.map +1 -0
package/dist/recovery/bundle.d.ts +34 -0
package/dist/recovery/bundle.d.ts.map +1 -0
package/dist/recovery/bundle.js +144 -0
package/dist/recovery/bundle.js.map +1 -0
package/dist/recovery/bundle_crypto.d.ts +60 -0
package/dist/recovery/bundle_crypto.d.ts.map +1 -0
package/dist/recovery/bundle_crypto.js +179 -0
package/dist/recovery/bundle_crypto.js.map +1 -0
package/dist/recovery/bundle_store.d.ts +57 -0
package/dist/recovery/bundle_store.d.ts.map +1 -0
package/dist/recovery/bundle_store.js +104 -0
package/dist/recovery/bundle_store.js.map +1 -0
package/dist/recovery/index.d.ts +19 -0
package/dist/recovery/index.d.ts.map +1 -0
package/dist/recovery/index.js +19 -0
package/dist/recovery/index.js.map +1 -0
package/dist/recovery/manifest_crosscheck.d.ts +59 -0
package/dist/recovery/manifest_crosscheck.d.ts.map +1 -0
package/dist/recovery/manifest_crosscheck.js +59 -0
package/dist/recovery/manifest_crosscheck.js.map +1 -0
package/dist/recovery/shamir.d.ts +51 -0
package/dist/recovery/shamir.d.ts.map +1 -0
package/dist/recovery/shamir.js +181 -0
package/dist/recovery/shamir.js.map +1 -0
package/dist/recovery/sign.d.ts +61 -0
package/dist/recovery/sign.d.ts.map +1 -0
package/dist/recovery/sign.js +359 -0
package/dist/recovery/sign.js.map +1 -0
package/dist/recovery/types.d.ts +180 -0
package/dist/recovery/types.d.ts.map +1 -0
package/dist/recovery/types.js +31 -0
package/dist/recovery/types.js.map +1 -0
package/dist/reputation/abuse_report.d.ts +62 -0
package/dist/reputation/abuse_report.d.ts.map +1 -0
package/dist/reputation/abuse_report.js +111 -0
package/dist/reputation/abuse_report.js.map +1 -0
package/dist/reputation/bucketize.d.ts +31 -0
package/dist/reputation/bucketize.d.ts.map +1 -0
package/dist/reputation/bucketize.js +77 -0
package/dist/reputation/bucketize.js.map +1 -0
package/dist/reputation/gossip.d.ts +24 -0
package/dist/reputation/gossip.d.ts.map +1 -0
package/dist/reputation/gossip.js +64 -0
package/dist/reputation/gossip.js.map +1 -0
package/dist/reputation/gossip_fetch.d.ts +64 -0
package/dist/reputation/gossip_fetch.d.ts.map +1 -0
package/dist/reputation/gossip_fetch.js +114 -0
package/dist/reputation/gossip_fetch.js.map +1 -0
package/dist/reputation/index.d.ts +20 -0
package/dist/reputation/index.d.ts.map +1 -0
package/dist/reputation/index.js +20 -0
package/dist/reputation/index.js.map +1 -0
package/dist/reputation/observation_store.d.ts +67 -0
package/dist/reputation/observation_store.d.ts.map +1 -0
package/dist/reputation/observation_store.js +171 -0
package/dist/reputation/observation_store.js.map +1 -0
package/dist/reputation/pow.d.ts +91 -0
package/dist/reputation/pow.d.ts.map +1 -0
package/dist/reputation/pow.js +209 -0
package/dist/reputation/pow.js.map +1 -0
package/dist/reputation/sign.d.ts +40 -0
package/dist/reputation/sign.d.ts.map +1 -0
package/dist/reputation/sign.js +202 -0
package/dist/reputation/sign.js.map +1 -0
package/dist/reputation/types.d.ts +133 -0
package/dist/reputation/types.d.ts.map +1 -0
package/dist/reputation/types.js +33 -0
package/dist/reputation/types.js.map +1 -0
package/dist/reputation/whois.d.ts +25 -0
package/dist/reputation/whois.d.ts.map +1 -0
package/dist/reputation/whois.js +20 -0
package/dist/reputation/whois.js.map +1 -0
package/dist/seal/index.d.ts +8 -0
package/dist/seal/index.d.ts.map +1 -0
package/dist/seal/index.js +8 -0
package/dist/seal/index.js.map +1 -0
package/dist/seal/wrap.d.ts +74 -0
package/dist/seal/wrap.d.ts.map +1 -0
package/dist/seal/wrap.js +213 -0
package/dist/seal/wrap.js.map +1 -0
package/dist/session/dispatcher.d.ts +65 -0
package/dist/session/dispatcher.d.ts.map +1 -0
package/dist/session/dispatcher.js +96 -0
package/dist/session/dispatcher.js.map +1 -0
package/dist/session/index.d.ts +15 -0
package/dist/session/index.d.ts.map +1 -0
package/dist/session/index.js +15 -0
package/dist/session/index.js.map +1 -0
package/dist/session/rekey.d.ts +108 -0
package/dist/session/rekey.d.ts.map +1 -0
package/dist/session/rekey.js +207 -0
package/dist/session/rekey.js.map +1 -0
package/dist/session/rekey_seal.d.ts +66 -0
package/dist/session/rekey_seal.d.ts.map +1 -0
package/dist/session/rekey_seal.js +153 -0
package/dist/session/rekey_seal.js.map +1 -0
package/dist/session/resume.d.ts +125 -0
package/dist/session/resume.d.ts.map +1 -0
package/dist/session/resume.js +263 -0
package/dist/session/resume.js.map +1 -0
package/dist/session/session.d.ts +136 -0
package/dist/session/session.d.ts.map +1 -0
package/dist/session/session.js +188 -0
package/dist/session/session.js.map +1 -0
package/dist/transparency/index.d.ts +13 -0
package/dist/transparency/index.d.ts.map +1 -0
package/dist/transparency/index.js +13 -0
package/dist/transparency/index.js.map +1 -0
package/dist/transparency/log.d.ts +61 -0
package/dist/transparency/log.d.ts.map +1 -0
package/dist/transparency/log.js +133 -0
package/dist/transparency/log.js.map +1 -0
package/dist/transparency/merkle.d.ts +59 -0
package/dist/transparency/merkle.d.ts.map +1 -0
package/dist/transparency/merkle.js +314 -0
package/dist/transparency/merkle.js.map +1 -0
package/dist/transparency/sign.d.ts +48 -0
package/dist/transparency/sign.d.ts.map +1 -0
package/dist/transparency/sign.js +140 -0
package/dist/transparency/sign.js.map +1 -0
package/dist/transparency/types.d.ts +97 -0
package/dist/transparency/types.d.ts.map +1 -0
package/dist/transparency/types.js +25 -0
package/dist/transparency/types.js.map +1 -0
package/dist/transport/h2.d.ts +163 -0
package/dist/transport/h2.d.ts.map +1 -0
package/dist/transport/h2.js +397 -0
package/dist/transport/h2.js.map +1 -0
package/dist/transport/index.d.ts +15 -0
package/dist/transport/index.d.ts.map +1 -0
package/dist/transport/index.js +15 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/memory.d.ts +21 -0
package/dist/transport/memory.d.ts.map +1 -0
package/dist/transport/memory.js +112 -0
package/dist/transport/memory.js.map +1 -0
package/dist/transport/transport.d.ts +54 -0
package/dist/transport/transport.d.ts.map +1 -0
package/dist/transport/transport.js +20 -0
package/dist/transport/transport.js.map +1 -0
package/dist/transport/ws.d.ts +40 -0
package/dist/transport/ws.d.ts.map +1 -0
package/dist/transport/ws.js +204 -0
package/dist/transport/ws.js.map +1 -0
package/package.json +147 -0

package/dist/crypto/kdf.js ADDED Viewed

@@ -0,0 +1,122 @@
+/**
+ * HKDF-SHA-512 derivation per HANDSHAKE.md §2.4 and SESSION.md §2.1.
+ *
+ * SEMP uses HKDF-SHA-512 for both currently defined algorithm suites.
+ * The five per-key info labels (and the resumption label) are bound
+ * contexts that prevent cross-context key confusion if an
+ * implementation accidentally reuses a PRK across derivations.
+ *
+ * @module
+ */
+import { extract, expand } from "@noble/hashes/hkdf.js";
+import { sha512 } from "@noble/hashes/sha2.js";
+/**
+ * Per-key HKDF info labels for the five session keys derived from
+ * the initial-handshake PRK. Per VECTORS.md §2.2, the rekey
+ * derivation reuses these same labels — cross-context separation
+ * comes from the salt change (rekey nonces vs handshake nonces),
+ * not from a different label namespace.
+ */
+export const InfoSessionEncC2S = "SEMP-v1-session-enc-c2s";
+export const InfoSessionEncS2C = "SEMP-v1-session-enc-s2c";
+export const InfoSessionMACC2S = "SEMP-v1-session-mac-c2s";
+export const InfoSessionMACS2C = "SEMP-v1-session-mac-s2c";
+export const InfoSessionEnvMAC = "SEMP-v1-session-env-mac";
+/**
+ * K_resumption label per HANDSHAKE.md §2.8.3 and SESSION.md §2.7.
+ * K_resumption is NOT used to encrypt or MAC any message in the
+ * current session; it is the secret a server retains so that, mixed
+ * with a fresh ephemeral DH on a later resume attempt, the resumed
+ * session derives a new key schedule.
+ */
+export const InfoSessionResumption = "SEMP-v1-session-resumption";
+/** Length in bytes of every derived session key (SESSION.md §2.1). */
+export const SessionKeyLength = 32;
+class HKDFSHA512 {
+    extract(salt, ikm) {
+        return extract(sha512, ikm, salt);
+    }
+    expand(prk, info, length) {
+        return expand(sha512, prk, info, length);
+    }
+}
+/**
+ * Returns a stateless HKDF-SHA-512 KDF instance. Safe for concurrent
+ * use; no state is held between calls.
+ */
+export function newHKDFSHA512() {
+    return new HKDFSHA512();
+}
+/**
+ * Derive the five session keys from a handshake. The salt is
+ * `clientNonce || serverNonce`. Per VECTORS.md §2.1, the IKM is the
+ * shared secret from the negotiated KEM; for rekey, the same five
+ * keys are derived under the rekey nonces but the resumption secret
+ * is NOT regenerated.
+ */
+export function deriveSessionKeys(kdf, sharedSecret, clientNonce, serverNonce) {
+    const salt = concat(clientNonce, serverNonce);
+    const prk = kdf.extract(salt, sharedSecret);
+    return {
+        encC2S: kdf.expand(prk, utf8(InfoSessionEncC2S), SessionKeyLength),
+        encS2C: kdf.expand(prk, utf8(InfoSessionEncS2C), SessionKeyLength),
+        macC2S: kdf.expand(prk, utf8(InfoSessionMACC2S), SessionKeyLength),
+        macS2C: kdf.expand(prk, utf8(InfoSessionMACS2C), SessionKeyLength),
+        envMAC: kdf.expand(prk, utf8(InfoSessionEnvMAC), SessionKeyLength),
+    };
+}
+/**
+ * Like {@link deriveSessionKeys} but also derives K_resumption.
+ * Used on the initial handshake; rekey derivations skip the
+ * resumption expansion.
+ */
+export function deriveSessionKeysWithResumption(kdf, sharedSecret, clientNonce, serverNonce) {
+    const salt = concat(clientNonce, serverNonce);
+    const prk = kdf.extract(salt, sharedSecret);
+    return {
+        encC2S: kdf.expand(prk, utf8(InfoSessionEncC2S), SessionKeyLength),
+        encS2C: kdf.expand(prk, utf8(InfoSessionEncS2C), SessionKeyLength),
+        macC2S: kdf.expand(prk, utf8(InfoSessionMACC2S), SessionKeyLength),
+        macS2C: kdf.expand(prk, utf8(InfoSessionMACS2C), SessionKeyLength),
+        envMAC: kdf.expand(prk, utf8(InfoSessionEnvMAC), SessionKeyLength),
+        resumption: kdf.expand(prk, utf8(InfoSessionResumption), SessionKeyLength),
+    };
+}
+/**
+ * Derive the resumed-session keys from a rekey ECDH and a retained
+ * resumption secret per HANDSHAKE.md §2.8.3 and SESSION.md §2.7.
+ * IKM is `ephemeralSharedSecret || kResumption`, salt is
+ * `clientNonce || serverNonce`. The five expand labels are the same
+ * SEMP-v1-session-* labels as the initial derivation.
+ */
+export function deriveResumedSessionKeys(kdf, ephemeralSharedSecret, kResumption, clientNonce, serverNonce) {
+    const ikm = concat(ephemeralSharedSecret, kResumption);
+    const salt = concat(clientNonce, serverNonce);
+    const prk = kdf.extract(salt, ikm);
+    return {
+        encC2S: kdf.expand(prk, utf8(InfoSessionEncC2S), SessionKeyLength),
+        encS2C: kdf.expand(prk, utf8(InfoSessionEncS2C), SessionKeyLength),
+        macC2S: kdf.expand(prk, utf8(InfoSessionMACC2S), SessionKeyLength),
+        macS2C: kdf.expand(prk, utf8(InfoSessionMACS2C), SessionKeyLength),
+        envMAC: kdf.expand(prk, utf8(InfoSessionEnvMAC), SessionKeyLength),
+    };
+}
+/**
+ * Derive rekey keys per SESSION.md §3.3. Identical to the initial
+ * derivation in label set; the cross-context separation comes from
+ * the salt construction (rekeyNonce || responderNonce) and a fresh
+ * shared secret.
+ */
+export function deriveRekeyKeys(kdf, sharedSecret, rekeyNonce, responderNonce) {
+    return deriveSessionKeys(kdf, sharedSecret, rekeyNonce, responderNonce);
+}
+function utf8(s) {
+    return new TextEncoder().encode(s);
+}
+function concat(a, b) {
+    const out = new Uint8Array(a.length + b.length);
+    out.set(a, 0);
+    out.set(b, a.length);
+    return out;
+}
+//# sourceMappingURL=kdf.js.map

package/dist/crypto/kdf.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"kdf.js","sourceRoot":"","sources":["../../src/crypto/kdf.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,yBAAyB,CAAC;AAC3D,MAAM,CAAC,MAAM,iBAAiB,GAAG,yBAAyB,CAAC;AAC3D,MAAM,CAAC,MAAM,iBAAiB,GAAG,yBAAyB,CAAC;AAC3D,MAAM,CAAC,MAAM,iBAAiB,GAAG,yBAAyB,CAAC;AAC3D,MAAM,CAAC,MAAM,iBAAiB,GAAG,yBAAyB,CAAC;AAE3D;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,4BAA4B,CAAC;AAElE,sEAAsE;AACtE,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE,CAAC;AAanC,MAAM,UAAU;IACd,OAAO,CAAC,IAAgB,EAAE,GAAe;QACvC,OAAO,OAAO,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,CAAC,GAAe,EAAE,IAAgB,EAAE,MAAc;QACtD,OAAO,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,IAAI,UAAU,EAAE,CAAC;AAC1B,CAAC;AAsBD;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAC/B,GAAQ,EACR,YAAwB,EACxB,WAAuB,EACvB,WAAuB;IAEvB,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC5C,OAAO;QACL,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;KACnE,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,+BAA+B,CAC7C,GAAQ,EACR,YAAwB,EACxB,WAAuB,EACvB,WAAuB;IAEvB,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC5C,OAAO;QACL,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,qBAAqB,CAAC,EAAE,gBAAgB,CAAC;KAC3E,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CACtC,GAAQ,EACR,qBAAiC,EACjC,WAAuB,EACvB,WAAuB,EACvB,WAAuB;IAEvB,MAAM,GAAG,GAAG,MAAM,CAAC,qBAAqB,EAAE,WAAW,CAAC,CAAC;IACvD,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACnC,OAAO;QACL,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;QAClE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;KACnE,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,GAAQ,EACR,YAAwB,EACxB,UAAsB,EACtB,cAA0B;IAE1B,OAAO,iBAAiB,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,IAAI,CAAC,CAAS;IACrB,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,MAAM,CAAC,CAAa,EAAE,CAAa;IAC1C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/crypto/kem.d.ts ADDED Viewed

@@ -0,0 +1,85 @@
+/**
+ * Key encapsulation primitives for the two SEMP suites.
+ *
+ *   - X25519 (baseline, classical ECDH treated as a KEM).
+ *   - Kyber768 + X25519 hybrid (PQ; ML-KEM-768 final per FIPS 203).
+ *
+ * The hybrid wire layout matches ENVELOPE.md §4.4.1 and the
+ * cross-language vectors:
+ *
+ *   - public key:  kyber_pub (1184)  || x25519_pub (32)        = 1216
+ *   - private key: kyber_priv (2400) || x25519_priv (32)       = 2432
+ *   - ciphertext:  kyber_ct (1088)   || x25519_eph_pub (32)    = 1120
+ *   - shared:      K_kyber (32)      || K_x25519 (32)          = 64
+ *
+ * The order is Kyber-FIRST in every layout. Earlier semp-go releases
+ * placed X25519 first; the cross-language vectors enforce this
+ * ordering.
+ *
+ * @module
+ */
+/** ML-KEM-768 public key size. */
+export declare const Kyber768PublicKeySize = 1184;
+/** ML-KEM-768 private key size. */
+export declare const Kyber768PrivateKeySize = 2400;
+/** ML-KEM-768 ciphertext size. */
+export declare const Kyber768CiphertextSize = 1088;
+/** ML-KEM-768 shared-key size (also matches X25519). */
+export declare const Kyber768SharedKeySize = 32;
+/** X25519 byte width (point + scalar). */
+export declare const X25519Size = 32;
+/** Hybrid public-key wire size. */
+export declare const HybridPublicKeySize: number;
+/** Hybrid private-key wire size. */
+export declare const HybridPrivateKeySize: number;
+/** Hybrid ciphertext wire size. */
+export declare const HybridCiphertextSize: number;
+/** Combined hybrid shared secret width. */
+export declare const HybridSharedSecretSize: number;
+/** X25519 ECDH treated as KEM: pub^priv = shared secret. */
+export declare function x25519Agree(secretKey: Uint8Array, publicKey: Uint8Array): Uint8Array;
+/** X25519 derive public key from a 32-byte secret seed. */
+export declare function x25519PublicKey(secretKey: Uint8Array): Uint8Array;
+/**
+ * Derive an ML-KEM-768 keypair deterministically from a 64-byte
+ * seed (FIPS 203 internal `d || z`). USE CASES are intentionally
+ * narrow: cross-language test vectors and determinism audits.
+ * Production keygen MUST use entropy.
+ */
+export declare function kyber768KeyPairFromSeed(seed: Uint8Array): {
+    publicKey: Uint8Array;
+    secretKey: Uint8Array;
+};
+/**
+ * ML-KEM-768 deterministic encapsulation. `m` is the 32-byte
+ * randomness FIPS 203 names; pinning it lets the wrap output be
+ * byte-deterministic for cross-language test vectors.
+ */
+export declare function kyber768EncapsulateDeterministic(publicKey: Uint8Array, m: Uint8Array): {
+    ciphertext: Uint8Array;
+    sharedSecret: Uint8Array;
+};
+/** ML-KEM-768 decapsulation. */
+export declare function kyber768Decapsulate(secretKey: Uint8Array, ciphertext: Uint8Array): Uint8Array;
+/**
+ * Assemble a hybrid private key from the Kyber768 private bytes
+ * and an X25519 32-byte private. Layout: `kyberPriv || x25519Priv`.
+ *
+ * Test/vector-only helper. Production code MUST get hybrid keys
+ * from a real entropy-driven keygen.
+ */
+export declare function hybridPrivateKeyFromKyberAndX25519(x25519Priv: Uint8Array, kyberPriv: Uint8Array): Uint8Array;
+/**
+ * Hybrid Decapsulate. Reverses the responder-side encapsulation
+ * (kyber half + X25519 ECDH against the sender's ephemeral pub)
+ * and returns the combined shared secret `K_kyber || K_x25519`.
+ *
+ * Wire layout:
+ *   - localPriv:  kyberPriv (2400) || x25519Priv (32)
+ *   - ciphertext: kyberCt   (1088) || x25519EphPub (32)
+ *
+ * Used by the seal Unwrap path. Production code goes through the
+ * seal package; this primitive is exposed for the vectors runner.
+ */
+export declare function hybridDecapsulate(ciphertext: Uint8Array, localPriv: Uint8Array): Uint8Array;
+//# sourceMappingURL=kem.d.ts.map

package/dist/crypto/kem.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"kem.d.ts","sourceRoot":"","sources":["../../src/crypto/kem.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAKH,kCAAkC;AAClC,eAAO,MAAM,qBAAqB,OAAO,CAAC;AAC1C,mCAAmC;AACnC,eAAO,MAAM,sBAAsB,OAAO,CAAC;AAC3C,kCAAkC;AAClC,eAAO,MAAM,sBAAsB,OAAO,CAAC;AAC3C,wDAAwD;AACxD,eAAO,MAAM,qBAAqB,KAAK,CAAC;AACxC,0CAA0C;AAC1C,eAAO,MAAM,UAAU,KAAK,CAAC;AAE7B,mCAAmC;AACnC,eAAO,MAAM,mBAAmB,QAAqC,CAAC;AACtE,oCAAoC;AACpC,eAAO,MAAM,oBAAoB,QAAsC,CAAC;AACxE,mCAAmC;AACnC,eAAO,MAAM,oBAAoB,QAAsC,CAAC;AACxE,2CAA2C;AAC3C,eAAO,MAAM,sBAAsB,QAAqC,CAAC;AAKzE,4DAA4D;AAC5D,wBAAgB,WAAW,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,UAAU,CAEpF;AAED,2DAA2D;AAC3D,wBAAgB,eAAe,CAAC,SAAS,EAAE,UAAU,GAAG,UAAU,CAEjE;AAKD;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,UAAU,GAAG;IACzD,SAAS,EAAE,UAAU,CAAC;IACtB,SAAS,EAAE,UAAU,CAAC;CACvB,CAMA;AAED;;;;GAIG;AACH,wBAAgB,gCAAgC,CAC9C,SAAS,EAAE,UAAU,EACrB,CAAC,EAAE,UAAU,GACZ;IAAE,UAAU,EAAE,UAAU,CAAC;IAAC,YAAY,EAAE,UAAU,CAAA;CAAE,CAGtD;AAED,gCAAgC;AAChC,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,UAAU,EACrB,UAAU,EAAE,UAAU,GACrB,UAAU,CAEZ;AAKD;;;;;;GAMG;AACH,wBAAgB,kCAAkC,CAChD,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,UAAU,GACpB,UAAU,CAWZ;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,iBAAiB,CAC/B,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,UAAU,GACpB,UAAU,CAuBZ"}

package/dist/crypto/kem.js ADDED Viewed

@@ -0,0 +1,130 @@
+/**
+ * Key encapsulation primitives for the two SEMP suites.
+ *
+ *   - X25519 (baseline, classical ECDH treated as a KEM).
+ *   - Kyber768 + X25519 hybrid (PQ; ML-KEM-768 final per FIPS 203).
+ *
+ * The hybrid wire layout matches ENVELOPE.md §4.4.1 and the
+ * cross-language vectors:
+ *
+ *   - public key:  kyber_pub (1184)  || x25519_pub (32)        = 1216
+ *   - private key: kyber_priv (2400) || x25519_priv (32)       = 2432
+ *   - ciphertext:  kyber_ct (1088)   || x25519_eph_pub (32)    = 1120
+ *   - shared:      K_kyber (32)      || K_x25519 (32)          = 64
+ *
+ * The order is Kyber-FIRST in every layout. Earlier semp-go releases
+ * placed X25519 first; the cross-language vectors enforce this
+ * ordering.
+ *
+ * @module
+ */
+import { x25519 } from "@noble/curves/ed25519.js";
+import { ml_kem768 } from "@noble/post-quantum/ml-kem.js";
+/** ML-KEM-768 public key size. */
+export const Kyber768PublicKeySize = 1184;
+/** ML-KEM-768 private key size. */
+export const Kyber768PrivateKeySize = 2400;
+/** ML-KEM-768 ciphertext size. */
+export const Kyber768CiphertextSize = 1088;
+/** ML-KEM-768 shared-key size (also matches X25519). */
+export const Kyber768SharedKeySize = 32;
+/** X25519 byte width (point + scalar). */
+export const X25519Size = 32;
+/** Hybrid public-key wire size. */
+export const HybridPublicKeySize = Kyber768PublicKeySize + X25519Size; // 1216
+/** Hybrid private-key wire size. */
+export const HybridPrivateKeySize = Kyber768PrivateKeySize + X25519Size; // 2432
+/** Hybrid ciphertext wire size. */
+export const HybridCiphertextSize = Kyber768CiphertextSize + X25519Size; // 1120
+/** Combined hybrid shared secret width. */
+export const HybridSharedSecretSize = Kyber768SharedKeySize + X25519Size; // 64
+// ---------------------------------------------------------------------------
+// X25519 (baseline KEM)
+/** X25519 ECDH treated as KEM: pub^priv = shared secret. */
+export function x25519Agree(secretKey, publicKey) {
+    return x25519.getSharedSecret(secretKey, publicKey);
+}
+/** X25519 derive public key from a 32-byte secret seed. */
+export function x25519PublicKey(secretKey) {
+    return x25519.getPublicKey(secretKey);
+}
+// ---------------------------------------------------------------------------
+// Kyber768 / ML-KEM-768
+/**
+ * Derive an ML-KEM-768 keypair deterministically from a 64-byte
+ * seed (FIPS 203 internal `d || z`). USE CASES are intentionally
+ * narrow: cross-language test vectors and determinism audits.
+ * Production keygen MUST use entropy.
+ */
+export function kyber768KeyPairFromSeed(seed) {
+    if (seed.length !== 64) {
+        throw new Error(`kyber768KeyPairFromSeed: seed must be 64 bytes, got ${seed.length}`);
+    }
+    const { secretKey, publicKey } = ml_kem768.keygen(seed);
+    return { publicKey, secretKey };
+}
+/**
+ * ML-KEM-768 deterministic encapsulation. `m` is the 32-byte
+ * randomness FIPS 203 names; pinning it lets the wrap output be
+ * byte-deterministic for cross-language test vectors.
+ */
+export function kyber768EncapsulateDeterministic(publicKey, m) {
+    const { cipherText, sharedSecret } = ml_kem768.encapsulate(publicKey, m);
+    return { ciphertext: cipherText, sharedSecret };
+}
+/** ML-KEM-768 decapsulation. */
+export function kyber768Decapsulate(secretKey, ciphertext) {
+    return ml_kem768.decapsulate(ciphertext, secretKey);
+}
+// ---------------------------------------------------------------------------
+// Hybrid (Kyber768 + X25519) per SEMP suite `pq-kyber768-x25519`.
+/**
+ * Assemble a hybrid private key from the Kyber768 private bytes
+ * and an X25519 32-byte private. Layout: `kyberPriv || x25519Priv`.
+ *
+ * Test/vector-only helper. Production code MUST get hybrid keys
+ * from a real entropy-driven keygen.
+ */
+export function hybridPrivateKeyFromKyberAndX25519(x25519Priv, kyberPriv) {
+    if (x25519Priv.length !== X25519Size) {
+        throw new Error(`x25519 priv must be ${X25519Size} bytes`);
+    }
+    if (kyberPriv.length !== Kyber768PrivateKeySize) {
+        throw new Error(`kyber priv must be ${Kyber768PrivateKeySize} bytes`);
+    }
+    const out = new Uint8Array(HybridPrivateKeySize);
+    out.set(kyberPriv, 0);
+    out.set(x25519Priv, Kyber768PrivateKeySize);
+    return out;
+}
+/**
+ * Hybrid Decapsulate. Reverses the responder-side encapsulation
+ * (kyber half + X25519 ECDH against the sender's ephemeral pub)
+ * and returns the combined shared secret `K_kyber || K_x25519`.
+ *
+ * Wire layout:
+ *   - localPriv:  kyberPriv (2400) || x25519Priv (32)
+ *   - ciphertext: kyberCt   (1088) || x25519EphPub (32)
+ *
+ * Used by the seal Unwrap path. Production code goes through the
+ * seal package; this primitive is exposed for the vectors runner.
+ */
+export function hybridDecapsulate(ciphertext, localPriv) {
+    if (ciphertext.length !== HybridCiphertextSize) {
+        throw new Error(`hybrid Decapsulate: ciphertext ${ciphertext.length} bytes, want ${HybridCiphertextSize}`);
+    }
+    if (localPriv.length !== HybridPrivateKeySize) {
+        throw new Error(`hybrid Decapsulate: priv ${localPriv.length} bytes, want ${HybridPrivateKeySize}`);
+    }
+    const kyberCt = ciphertext.slice(0, Kyber768CiphertextSize);
+    const xEphPub = ciphertext.slice(Kyber768CiphertextSize);
+    const kyberPriv = localPriv.slice(0, Kyber768PrivateKeySize);
+    const xLocalPriv = localPriv.slice(Kyber768PrivateKeySize);
+    const kyberSS = kyber768Decapsulate(kyberPriv, kyberCt);
+    const xSS = x25519Agree(xLocalPriv, xEphPub);
+    const shared = new Uint8Array(HybridSharedSecretSize);
+    shared.set(kyberSS, 0);
+    shared.set(xSS, Kyber768SharedKeySize);
+    return shared;
+}
+//# sourceMappingURL=kem.js.map

package/dist/crypto/kem.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"kem.js","sourceRoot":"","sources":["../../src/crypto/kem.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,+BAA+B,CAAC;AAE1D,kCAAkC;AAClC,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,CAAC;AAC1C,mCAAmC;AACnC,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,CAAC;AAC3C,kCAAkC;AAClC,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,CAAC;AAC3C,wDAAwD;AACxD,MAAM,CAAC,MAAM,qBAAqB,GAAG,EAAE,CAAC;AACxC,0CAA0C;AAC1C,MAAM,CAAC,MAAM,UAAU,GAAG,EAAE,CAAC;AAE7B,mCAAmC;AACnC,MAAM,CAAC,MAAM,mBAAmB,GAAG,qBAAqB,GAAG,UAAU,CAAC,CAAC,OAAO;AAC9E,oCAAoC;AACpC,MAAM,CAAC,MAAM,oBAAoB,GAAG,sBAAsB,GAAG,UAAU,CAAC,CAAC,OAAO;AAChF,mCAAmC;AACnC,MAAM,CAAC,MAAM,oBAAoB,GAAG,sBAAsB,GAAG,UAAU,CAAC,CAAC,OAAO;AAChF,2CAA2C;AAC3C,MAAM,CAAC,MAAM,sBAAsB,GAAG,qBAAqB,GAAG,UAAU,CAAC,CAAC,KAAK;AAE/E,8EAA8E;AAC9E,wBAAwB;AAExB,4DAA4D;AAC5D,MAAM,UAAU,WAAW,CAAC,SAAqB,EAAE,SAAqB;IACtE,OAAO,MAAM,CAAC,eAAe,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;AACtD,CAAC;AAED,2DAA2D;AAC3D,MAAM,UAAU,eAAe,CAAC,SAAqB;IACnD,OAAO,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;AACxC,CAAC;AAED,8EAA8E;AAC9E,wBAAwB;AAExB;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAgB;IAItD,IAAI,IAAI,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,uDAAuD,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACxF,CAAC;IACD,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACxD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AAClC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gCAAgC,CAC9C,SAAqB,EACrB,CAAa;IAEb,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,SAAS,CAAC,WAAW,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IACzE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC;AAClD,CAAC;AAED,gCAAgC;AAChC,MAAM,UAAU,mBAAmB,CACjC,SAAqB,EACrB,UAAsB;IAEtB,OAAO,SAAS,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;AACtD,CAAC;AAED,8EAA8E;AAC9E,kEAAkE;AAElE;;;;;;GAMG;AACH,MAAM,UAAU,kCAAkC,CAChD,UAAsB,EACtB,SAAqB;IAErB,IAAI,UAAU,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,uBAAuB,UAAU,QAAQ,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,KAAK,sBAAsB,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,sBAAsB,sBAAsB,QAAQ,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IACtB,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,sBAAsB,CAAC,CAAC;IAC5C,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,iBAAiB,CAC/B,UAAsB,EACtB,SAAqB;IAErB,IAAI,UAAU,CAAC,MAAM,KAAK,oBAAoB,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,kCAAkC,UAAU,CAAC,MAAM,gBAAgB,oBAAoB,EAAE,CAC1F,CAAC;IACJ,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,KAAK,oBAAoB,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,4BAA4B,SAAS,CAAC,MAAM,gBAAgB,oBAAoB,EAAE,CACnF,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,sBAAsB,CAAC,CAAC;IAC5D,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,sBAAsB,CAAC,CAAC;IAC7D,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAE3D,MAAM,OAAO,GAAG,mBAAmB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAE7C,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,sBAAsB,CAAC,CAAC;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IACvB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC;IACvC,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/crypto/mac.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * HMAC-SHA-256 helpers per ENVELOPE.md §4.3 (envelope session_mac)
+ * and SESSION.md §2.1 (per-direction message MAC keys).
+ *
+ * @module
+ */
+/**
+ * Compute HMAC-SHA-256 over `message` keyed by `key`. The output is
+ * always 32 bytes — the same width every SEMP MAC field expects.
+ */
+export declare function computeMAC(key: Uint8Array, message: Uint8Array): Uint8Array;
+/**
+ * Constant-time MAC comparison. Returns true iff `expected` and
+ * `actual` are byte-for-byte identical. Use when verifying a
+ * received MAC against a recomputed one to avoid leaking bit-by-bit
+ * timing information about the expected value.
+ */
+export declare function verifyMAC(expected: Uint8Array, actual: Uint8Array): boolean;
+//# sourceMappingURL=mac.d.ts.map

package/dist/crypto/mac.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"mac.d.ts","sourceRoot":"","sources":["../../src/crypto/mac.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH;;;GAGG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,GAAG,UAAU,CAE3E;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAS3E"}

package/dist/crypto/mac.js ADDED Viewed

@@ -0,0 +1,32 @@
+/**
+ * HMAC-SHA-256 helpers per ENVELOPE.md §4.3 (envelope session_mac)
+ * and SESSION.md §2.1 (per-direction message MAC keys).
+ *
+ * @module
+ */
+import { hmac } from "@noble/hashes/hmac.js";
+import { sha256 } from "@noble/hashes/sha2.js";
+/**
+ * Compute HMAC-SHA-256 over `message` keyed by `key`. The output is
+ * always 32 bytes — the same width every SEMP MAC field expects.
+ */
+export function computeMAC(key, message) {
+    return hmac(sha256, key, message);
+}
+/**
+ * Constant-time MAC comparison. Returns true iff `expected` and
+ * `actual` are byte-for-byte identical. Use when verifying a
+ * received MAC against a recomputed one to avoid leaking bit-by-bit
+ * timing information about the expected value.
+ */
+export function verifyMAC(expected, actual) {
+    if (expected.length !== actual.length) {
+        return false;
+    }
+    let diff = 0;
+    for (let i = 0; i < expected.length; i++) {
+        diff |= (expected[i] ?? 0) ^ (actual[i] ?? 0);
+    }
+    return diff === 0;
+}
+//# sourceMappingURL=mac.js.map

package/dist/crypto/mac.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"mac.js","sourceRoot":"","sources":["../../src/crypto/mac.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,GAAe,EAAE,OAAmB;IAC7D,OAAO,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,SAAS,CAAC,QAAoB,EAAE,MAAkB;IAChE,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;QACtC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC"}

package/dist/delivery/ack.d.ts ADDED Viewed

@@ -0,0 +1,125 @@
+/**
+ * Per-attempt delivery acknowledgment objects per DELIVERY.md §1.
+ *
+ * A recipient server returns exactly one of three acknowledgments
+ * for every envelope delivery attempt:
+ *
+ *   - `delivered`  — accepted; carries a signed
+ *     {@link "./receipt".DeliveryReceipt} per §1.1.1, MAY include a
+ *     {@link RecipientStatus} per §1.6 if the sender matches the
+ *     recipient's visibility rules.
+ *   - `rejected`   — explicitly refused with a reason code per §1.2.
+ *   - `silent`     — no response within the sender's timeout window
+ *     per §1.3. The wire form for silent is "no response sent at
+ *     all"; this module exposes a constant value the sending server
+ *     uses internally to record the outcome on its own queue state.
+ *
+ * The {@link DeliveryAck} JSON shape is what the recipient server
+ * places in its response body (§1.1.1.5 example).
+ *
+ * @module
+ */
+import type { ReasonCode } from "../reasoncodes.js";
+import type { DeliveryReceipt } from "./receipt.js";
+/** The three protocol-level outcomes per §1.1. */
+export type Acknowledgment = "delivered" | "rejected" | "silent";
+/** Per-§1.6.3 recipient state values. */
+export type RecipientState = "available" | "away" | "do_not_disturb";
+/** Per-§1.6.4 visibility modes. */
+export type VisibilityMode = "everyone" | "domains" | "servers" | "users" | "nobody";
+/** One entry in a {@link Visibility} allow list. */
+export interface VisibilityEntry {
+    /** Entry kind. The mode constrains which kinds are honored. */
+    type: "domain" | "server" | "user";
+    /** For `type: "domain"`. */
+    domain?: string;
+    /** For `type: "server"`. */
+    server?: string;
+    /** For `type: "user"`: full address. */
+    address?: string;
+}
+/** Visibility configuration per §1.6.4. */
+export interface Visibility {
+    mode: VisibilityMode;
+    /** Allow list. Entries whose `type` does not match `mode` are ignored. */
+    allow?: VisibilityEntry[];
+}
+/**
+ * Optional recipient status object included in `delivered`
+ * acknowledgments per §1.6.1.
+ */
+export interface RecipientStatus {
+    state: RecipientState;
+    /** Freetext, max 256 UTF-8 bytes. */
+    message?: string;
+    /** ISO 8601 UTC timestamp. */
+    until?: string;
+}
+/** Maximum length of {@link RecipientStatus.message} per §1.6.2. */
+export declare const MaxStatusMessageBytes = 256;
+/**
+ * Per-attempt acknowledgment body returned inline by a recipient
+ * server, per §1.1.1.5 / §1.6.1. Exactly one of:
+ *
+ *   - acknowledgment="delivered" with `receipt` populated and an
+ *     optional `recipient_status`;
+ *   - acknowledgment="rejected" with `reason_code` populated and an
+ *     optional `reason`.
+ *
+ * The `silent` outcome is not represented on the wire — the
+ * recipient simply does not respond.
+ */
+export interface DeliveryAck {
+    acknowledgment: Exclude<Acknowledgment, "silent">;
+    receipt?: DeliveryReceipt;
+    recipient_status?: RecipientStatus;
+    reason_code?: ReasonCode;
+    reason?: string;
+}
+/**
+ * Build a `delivered` ack from a signed receipt and optional
+ * recipient status. Per §1.6.4 the caller is responsible for
+ * deciding whether `recipientStatus` should be attached at all
+ * (call {@link matchVisibility} first).
+ */
+export declare function buildDeliveredAck(receipt: DeliveryReceipt, recipientStatus?: RecipientStatus): DeliveryAck;
+/** Build a `rejected` ack with a reason code and optional reason text. */
+export declare function buildRejectedAck(reasonCode: ReasonCode, reason?: string): DeliveryAck;
+/**
+ * Sender-identity inputs for {@link matchVisibility}. All three
+ * fields are optional; an empty value disables matching for the
+ * corresponding entry type.
+ */
+export interface SenderIdentity {
+    /** Full sender address (e.g., `alice@example.com`). */
+    address?: string;
+    /** Sender domain (e.g., `example.com`). */
+    domain?: string;
+    /** Routing server hostname when known. */
+    server?: string;
+}
+/**
+ * Resolve visibility per §1.6.4. Returns true when the
+ * recipient_status should be attached to the acknowledgment.
+ *
+ *  - `nobody` (default): never disclose, regardless of the allow list.
+ *  - `everyone`: always disclose, regardless of the allow list.
+ *  - `domains` / `servers` / `users`: walk the allow list looking for
+ *    a match. The mode constrains which entry kinds are honored — in
+ *    `domains` mode only entries with `type: "domain"`, etc.
+ *    Mismatched entries in the allow list are ignored.
+ *
+ * All comparisons are case-insensitive. Multiple rules combine as a
+ * union: any matching entry returns true.
+ *
+ * A nil/undefined visibility (no configuration at all) is equivalent
+ * to mode=nobody.
+ */
+export declare function matchVisibility(visibility: Visibility | undefined, sender: SenderIdentity): boolean;
+/**
+ * Validate a {@link RecipientStatus} per §1.6.2: the `message` field
+ * MUST NOT exceed 256 UTF-8 bytes, and `state` MUST be one of the
+ * three documented values. Throws on the first violation.
+ */
+export declare function validateRecipientStatus(s: RecipientStatus): void;
+//# sourceMappingURL=ack.d.ts.map

package/dist/delivery/ack.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ack.d.ts","sourceRoot":"","sources":["../../src/delivery/ack.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAEpD,kDAAkD;AAClD,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,UAAU,GAAG,QAAQ,CAAC;AAEjE,yCAAyC;AACzC,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,MAAM,GAAG,gBAAgB,CAAC;AAErE,mCAAmC;AACnC,MAAM,MAAM,cAAc,GACtB,UAAU,GACV,SAAS,GACT,SAAS,GACT,OAAO,GACP,QAAQ,CAAC;AAEb,oDAAoD;AACpD,MAAM,WAAW,eAAe;IAC9B,+DAA+D;IAC/D,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;IACnC,4BAA4B;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,2CAA2C;AAC3C,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,0EAA0E;IAC1E,KAAK,CAAC,EAAE,eAAe,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,cAAc,CAAC;IACtB,qCAAqC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,oEAAoE;AACpE,eAAO,MAAM,qBAAqB,MAAM,CAAC;AAEzC;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,WAAW;IAC1B,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAClD,OAAO,CAAC,EAAE,eAAe,CAAC;IAC1B,gBAAgB,CAAC,EAAE,eAAe,CAAC;IACnC,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,eAAe,EACxB,eAAe,CAAC,EAAE,eAAe,GAChC,WAAW,CASb;AAED,0EAA0E;AAC1E,wBAAgB,gBAAgB,CAC9B,UAAU,EAAE,UAAU,EACtB,MAAM,CAAC,EAAE,MAAM,GACd,WAAW,CASb;AAED;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,eAAe,CAC7B,UAAU,EAAE,UAAU,GAAG,SAAS,EAClC,MAAM,EAAE,cAAc,GACrB,OAAO,CAgET;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,CAAC,EAAE,eAAe,GAAG,IAAI,CAYhE"}