npm - @sempdev/semp - Versions diffs - 0.4.3 - Mend

@sempdev/semp 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/LICENSE +21 -0
package/README.md +59 -0
package/dist/brief/address.d.ts +77 -0
package/dist/brief/address.d.ts.map +1 -0
package/dist/brief/address.js +217 -0
package/dist/brief/address.js.map +1 -0
package/dist/brief/brief.d.ts +75 -0
package/dist/brief/brief.d.ts.map +1 -0
package/dist/brief/brief.js +56 -0
package/dist/brief/brief.js.map +1 -0
package/dist/brief/index.d.ts +11 -0
package/dist/brief/index.d.ts.map +1 -0
package/dist/brief/index.js +11 -0
package/dist/brief/index.js.map +1 -0
package/dist/canonical/index.d.ts +8 -0
package/dist/canonical/index.d.ts.map +1 -0
package/dist/canonical/index.js +8 -0
package/dist/canonical/index.js.map +1 -0
package/dist/canonical/marshal.d.ts +35 -0
package/dist/canonical/marshal.d.ts.map +1 -0
package/dist/canonical/marshal.js +107 -0
package/dist/canonical/marshal.js.map +1 -0
package/dist/clockskew/index.d.ts +52 -0
package/dist/clockskew/index.d.ts.map +1 -0
package/dist/clockskew/index.js +62 -0
package/dist/clockskew/index.js.map +1 -0
package/dist/closure/closure.d.ts +106 -0
package/dist/closure/closure.d.ts.map +1 -0
package/dist/closure/closure.js +152 -0
package/dist/closure/closure.js.map +1 -0
package/dist/closure/driver.d.ts +103 -0
package/dist/closure/driver.d.ts.map +1 -0
package/dist/closure/driver.js +126 -0
package/dist/closure/driver.js.map +1 -0
package/dist/closure/index.d.ts +13 -0
package/dist/closure/index.d.ts.map +1 -0
package/dist/closure/index.js +13 -0
package/dist/closure/index.js.map +1 -0
package/dist/closure/store.d.ts +80 -0
package/dist/closure/store.d.ts.map +1 -0
package/dist/closure/store.js +89 -0
package/dist/closure/store.js.map +1 -0
package/dist/crypto/aead.d.ts +29 -0
package/dist/crypto/aead.d.ts.map +1 -0
package/dist/crypto/aead.js +48 -0
package/dist/crypto/aead.js.map +1 -0
package/dist/crypto/argon2.d.ts +20 -0
package/dist/crypto/argon2.d.ts.map +1 -0
package/dist/crypto/argon2.js +28 -0
package/dist/crypto/argon2.js.map +1 -0
package/dist/crypto/index.d.ts +14 -0
package/dist/crypto/index.d.ts.map +1 -0
package/dist/crypto/index.js +14 -0
package/dist/crypto/index.js.map +1 -0
package/dist/crypto/kdf.d.ts +96 -0
package/dist/crypto/kdf.d.ts.map +1 -0
package/dist/crypto/kdf.js +122 -0
package/dist/crypto/kdf.js.map +1 -0
package/dist/crypto/kem.d.ts +85 -0
package/dist/crypto/kem.d.ts.map +1 -0
package/dist/crypto/kem.js +130 -0
package/dist/crypto/kem.js.map +1 -0
package/dist/crypto/mac.d.ts +19 -0
package/dist/crypto/mac.d.ts.map +1 -0
package/dist/crypto/mac.js +32 -0
package/dist/crypto/mac.js.map +1 -0
package/dist/delivery/ack.d.ts +125 -0
package/dist/delivery/ack.d.ts.map +1 -0
package/dist/delivery/ack.js +141 -0
package/dist/delivery/ack.js.map +1 -0
package/dist/delivery/blocklist.d.ts +87 -0
package/dist/delivery/blocklist.d.ts.map +1 -0
package/dist/delivery/blocklist.js +107 -0
package/dist/delivery/blocklist.js.map +1 -0
package/dist/delivery/cancel.d.ts +60 -0
package/dist/delivery/cancel.d.ts.map +1 -0
package/dist/delivery/cancel.js +43 -0
package/dist/delivery/cancel.js.map +1 -0
package/dist/delivery/disposition.d.ts +106 -0
package/dist/delivery/disposition.d.ts.map +1 -0
package/dist/delivery/disposition.js +105 -0
package/dist/delivery/disposition.js.map +1 -0
package/dist/delivery/fetch.d.ts +59 -0
package/dist/delivery/fetch.d.ts.map +1 -0
package/dist/delivery/fetch.js +47 -0
package/dist/delivery/fetch.js.map +1 -0
package/dist/delivery/forwarder.d.ts +106 -0
package/dist/delivery/forwarder.d.ts.map +1 -0
package/dist/delivery/forwarder.js +251 -0
package/dist/delivery/forwarder.js.map +1 -0
package/dist/delivery/inbox.d.ts +42 -0
package/dist/delivery/inbox.d.ts.map +1 -0
package/dist/delivery/inbox.js +68 -0
package/dist/delivery/inbox.js.map +1 -0
package/dist/delivery/index.d.ts +31 -0
package/dist/delivery/index.d.ts.map +1 -0
package/dist/delivery/index.js +31 -0
package/dist/delivery/index.js.map +1 -0
package/dist/delivery/internalroute.d.ts +50 -0
package/dist/delivery/internalroute.d.ts.map +1 -0
package/dist/delivery/internalroute.js +23 -0
package/dist/delivery/internalroute.js.map +1 -0
package/dist/delivery/pipeline.d.ts +153 -0
package/dist/delivery/pipeline.d.ts.map +1 -0
package/dist/delivery/pipeline.js +356 -0
package/dist/delivery/pipeline.js.map +1 -0
package/dist/delivery/policy_state.d.ts +105 -0
package/dist/delivery/policy_state.d.ts.map +1 -0
package/dist/delivery/policy_state.js +293 -0
package/dist/delivery/policy_state.js.map +1 -0
package/dist/delivery/queue.d.ts +47 -0
package/dist/delivery/queue.d.ts.map +1 -0
package/dist/delivery/queue.js +33 -0
package/dist/delivery/queue.js.map +1 -0
package/dist/delivery/receipt.d.ts +137 -0
package/dist/delivery/receipt.d.ts.map +1 -0
package/dist/delivery/receipt.js +181 -0
package/dist/delivery/receipt.js.map +1 -0
package/dist/delivery/receipt_store.d.ts +81 -0
package/dist/delivery/receipt_store.d.ts.map +1 -0
package/dist/delivery/receipt_store.js +74 -0
package/dist/delivery/receipt_store.js.map +1 -0
package/dist/delivery/retry.d.ts +78 -0
package/dist/delivery/retry.d.ts.map +1 -0
package/dist/delivery/retry.js +132 -0
package/dist/delivery/retry.js.map +1 -0
package/dist/delivery/scheduler.d.ts +156 -0
package/dist/delivery/scheduler.d.ts.map +1 -0
package/dist/delivery/scheduler.js +349 -0
package/dist/delivery/scheduler.js.map +1 -0
package/dist/delivery/stage_partition.d.ts +87 -0
package/dist/delivery/stage_partition.d.ts.map +1 -0
package/dist/delivery/stage_partition.js +122 -0
package/dist/delivery/stage_partition.js.map +1 -0
package/dist/delivery/staged_runner.d.ts +100 -0
package/dist/delivery/staged_runner.d.ts.map +1 -0
package/dist/delivery/staged_runner.js +277 -0
package/dist/delivery/staged_runner.js.map +1 -0
package/dist/delivery/submission.d.ts +72 -0
package/dist/delivery/submission.d.ts.map +1 -0
package/dist/delivery/submission.js +58 -0
package/dist/delivery/submission.js.map +1 -0
package/dist/delivery/sync.d.ts +68 -0
package/dist/delivery/sync.d.ts.map +1 -0
package/dist/delivery/sync.js +99 -0
package/dist/delivery/sync.js.map +1 -0
package/dist/delivery/user_policy.d.ts +74 -0
package/dist/delivery/user_policy.d.ts.map +1 -0
package/dist/delivery/user_policy.js +140 -0
package/dist/delivery/user_policy.js.map +1 -0
package/dist/discovery/cache.d.ts +37 -0
package/dist/discovery/cache.d.ts.map +1 -0
package/dist/discovery/cache.js +45 -0
package/dist/discovery/cache.js.map +1 -0
package/dist/discovery/configuration.d.ts +97 -0
package/dist/discovery/configuration.d.ts.map +1 -0
package/dist/discovery/configuration.js +146 -0
package/dist/discovery/configuration.js.map +1 -0
package/dist/discovery/dns.d.ts +56 -0
package/dist/discovery/dns.d.ts.map +1 -0
package/dist/discovery/dns.js +120 -0
package/dist/discovery/dns.js.map +1 -0
package/dist/discovery/domain_keys.d.ts +62 -0
package/dist/discovery/domain_keys.d.ts.map +1 -0
package/dist/discovery/domain_keys.js +89 -0
package/dist/discovery/domain_keys.js.map +1 -0
package/dist/discovery/index.d.ts +19 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +19 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/lookup.d.ts +72 -0
package/dist/discovery/lookup.d.ts.map +1 -0
package/dist/discovery/lookup.js +121 -0
package/dist/discovery/lookup.js.map +1 -0
package/dist/discovery/onion.d.ts +34 -0
package/dist/discovery/onion.d.ts.map +1 -0
package/dist/discovery/onion.js +61 -0
package/dist/discovery/onion.js.map +1 -0
package/dist/discovery/partition.d.ts +96 -0
package/dist/discovery/partition.d.ts.map +1 -0
package/dist/discovery/partition.js +247 -0
package/dist/discovery/partition.js.map +1 -0
package/dist/discovery/resolver.d.ts +113 -0
package/dist/discovery/resolver.d.ts.map +1 -0
package/dist/discovery/resolver.js +176 -0
package/dist/discovery/resolver.js.map +1 -0
package/dist/discovery/txt.d.ts +39 -0
package/dist/discovery/txt.d.ts.map +1 -0
package/dist/discovery/txt.js +71 -0
package/dist/discovery/txt.js.map +1 -0
package/dist/enclosure/forwarding.d.ts +128 -0
package/dist/enclosure/forwarding.d.ts.map +1 -0
package/dist/enclosure/forwarding.js +119 -0
package/dist/enclosure/forwarding.js.map +1 -0
package/dist/enclosure/index.d.ts +11 -0
package/dist/enclosure/index.d.ts.map +1 -0
package/dist/enclosure/index.js +11 -0
package/dist/enclosure/index.js.map +1 -0
package/dist/envelope/buckets.d.ts +38 -0
package/dist/envelope/buckets.d.ts.map +1 -0
package/dist/envelope/buckets.js +73 -0
package/dist/envelope/buckets.js.map +1 -0
package/dist/envelope/canonical.d.ts +28 -0
package/dist/envelope/canonical.d.ts.map +1 -0
package/dist/envelope/canonical.js +54 -0
package/dist/envelope/canonical.js.map +1 -0
package/dist/envelope/compose.d.ts +171 -0
package/dist/envelope/compose.d.ts.map +1 -0
package/dist/envelope/compose.js +237 -0
package/dist/envelope/compose.js.map +1 -0
package/dist/envelope/encode.d.ts +41 -0
package/dist/envelope/encode.d.ts.map +1 -0
package/dist/envelope/encode.js +69 -0
package/dist/envelope/encode.js.map +1 -0
package/dist/envelope/index.d.ts +20 -0
package/dist/envelope/index.d.ts.map +1 -0
package/dist/envelope/index.js +20 -0
package/dist/envelope/index.js.map +1 -0
package/dist/envelope/open_any.d.ts +48 -0
package/dist/envelope/open_any.d.ts.map +1 -0
package/dist/envelope/open_any.js +81 -0
package/dist/envelope/open_any.js.map +1 -0
package/dist/envelope/open_verified.d.ts +59 -0
package/dist/envelope/open_verified.d.ts.map +1 -0
package/dist/envelope/open_verified.js +67 -0
package/dist/envelope/open_verified.js.map +1 -0
package/dist/envelope/padding.d.ts +55 -0
package/dist/envelope/padding.d.ts.map +1 -0
package/dist/envelope/padding.js +162 -0
package/dist/envelope/padding.js.map +1 -0
package/dist/envelope/rejection.d.ts +22 -0
package/dist/envelope/rejection.d.ts.map +1 -0
package/dist/envelope/rejection.js +30 -0
package/dist/envelope/rejection.js.map +1 -0
package/dist/envelope/sendtime.d.ts +49 -0
package/dist/envelope/sendtime.d.ts.map +1 -0
package/dist/envelope/sendtime.js +87 -0
package/dist/envelope/sendtime.js.map +1 -0
package/dist/envelope/verify.d.ts +29 -0
package/dist/envelope/verify.d.ts.map +1 -0
package/dist/envelope/verify.js +90 -0
package/dist/envelope/verify.js.map +1 -0
package/dist/extensions/index.d.ts +7 -0
package/dist/extensions/index.d.ts.map +1 -0
package/dist/extensions/index.js +7 -0
package/dist/extensions/index.js.map +1 -0
package/dist/extensions/limits.d.ts +101 -0
package/dist/extensions/limits.d.ts.map +1 -0
package/dist/extensions/limits.js +175 -0
package/dist/extensions/limits.js.map +1 -0
package/dist/handshake/abort.d.ts +49 -0
package/dist/handshake/abort.d.ts.map +1 -0
package/dist/handshake/abort.js +82 -0
package/dist/handshake/abort.js.map +1 -0
package/dist/handshake/capabilities.d.ts +46 -0
package/dist/handshake/capabilities.d.ts.map +1 -0
package/dist/handshake/capabilities.js +114 -0
package/dist/handshake/capabilities.js.map +1 -0
package/dist/handshake/client_state.d.ts +186 -0
package/dist/handshake/client_state.d.ts.map +1 -0
package/dist/handshake/client_state.js +520 -0
package/dist/handshake/client_state.js.map +1 -0
package/dist/handshake/confirm.d.ts +21 -0
package/dist/handshake/confirm.d.ts.map +1 -0
package/dist/handshake/confirm.js +27 -0
package/dist/handshake/confirm.js.map +1 -0
package/dist/handshake/driver.d.ts +126 -0
package/dist/handshake/driver.d.ts.map +1 -0
package/dist/handshake/driver.js +251 -0
package/dist/handshake/driver.js.map +1 -0
package/dist/handshake/federation.d.ts +365 -0
package/dist/handshake/federation.d.ts.map +1 -0
package/dist/handshake/federation.js +664 -0
package/dist/handshake/federation.js.map +1 -0
package/dist/handshake/first_contact.d.ts +57 -0
package/dist/handshake/first_contact.d.ts.map +1 -0
package/dist/handshake/first_contact.js +124 -0
package/dist/handshake/first_contact.js.map +1 -0
package/dist/handshake/identity.d.ts +101 -0
package/dist/handshake/identity.d.ts.map +1 -0
package/dist/handshake/identity.js +117 -0
package/dist/handshake/identity.js.map +1 -0
package/dist/handshake/index.d.ts +21 -0
package/dist/handshake/index.d.ts.map +1 -0
package/dist/handshake/index.js +21 -0
package/dist/handshake/index.js.map +1 -0
package/dist/handshake/messages.d.ts +176 -0
package/dist/handshake/messages.d.ts.map +1 -0
package/dist/handshake/messages.js +125 -0
package/dist/handshake/messages.js.map +1 -0
package/dist/handshake/pow.d.ts +53 -0
package/dist/handshake/pow.d.ts.map +1 -0
package/dist/handshake/pow.js +142 -0
package/dist/handshake/pow.js.map +1 -0
package/dist/handshake/resume_driver.d.ts +56 -0
package/dist/handshake/resume_driver.d.ts.map +1 -0
package/dist/handshake/resume_driver.js +75 -0
package/dist/handshake/resume_driver.js.map +1 -0
package/dist/handshake/server.d.ts +112 -0
package/dist/handshake/server.d.ts.map +1 -0
package/dist/handshake/server.js +247 -0
package/dist/handshake/server.js.map +1 -0
package/dist/handshake/server_state.d.ts +102 -0
package/dist/handshake/server_state.d.ts.map +1 -0
package/dist/handshake/server_state.js +278 -0
package/dist/handshake/server_state.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +33 -0
package/dist/index.js.map +1 -0
package/dist/keys/compromise.d.ts +118 -0
package/dist/keys/compromise.d.ts.map +1 -0
package/dist/keys/compromise.js +218 -0
package/dist/keys/compromise.js.map +1 -0
package/dist/keys/device_certificate.d.ts +166 -0
package/dist/keys/device_certificate.d.ts.map +1 -0
package/dist/keys/device_certificate.js +328 -0
package/dist/keys/device_certificate.js.map +1 -0
package/dist/keys/device_records.d.ts +175 -0
package/dist/keys/device_records.d.ts.map +1 -0
package/dist/keys/device_records.js +418 -0
package/dist/keys/device_records.js.map +1 -0
package/dist/keys/directory_cache.d.ts +64 -0
package/dist/keys/directory_cache.d.ts.map +1 -0
package/dist/keys/directory_cache.js +98 -0
package/dist/keys/directory_cache.js.map +1 -0
package/dist/keys/directory_state.d.ts +79 -0
package/dist/keys/directory_state.d.ts.map +1 -0
package/dist/keys/directory_state.js +155 -0
package/dist/keys/directory_state.js.map +1 -0
package/dist/keys/index.d.ts +18 -0
package/dist/keys/index.d.ts.map +1 -0
package/dist/keys/index.js +18 -0
package/dist/keys/index.js.map +1 -0
package/dist/keys/key_revocation.d.ts +61 -0
package/dist/keys/key_revocation.d.ts.map +1 -0
package/dist/keys/key_revocation.js +88 -0
package/dist/keys/key_revocation.js.map +1 -0
package/dist/keys/request.d.ts +124 -0
package/dist/keys/request.d.ts.map +1 -0
package/dist/keys/request.js +130 -0
package/dist/keys/request.js.map +1 -0
package/dist/keys/sign.d.ts +49 -0
package/dist/keys/sign.d.ts.map +1 -0
package/dist/keys/sign.js +80 -0
package/dist/keys/sign.js.map +1 -0
package/dist/keys/signed.d.ts +80 -0
package/dist/keys/signed.d.ts.map +1 -0
package/dist/keys/signed.js +138 -0
package/dist/keys/signed.js.map +1 -0
package/dist/keys/store.d.ts +138 -0
package/dist/keys/store.d.ts.map +1 -0
package/dist/keys/store.js +107 -0
package/dist/keys/store.js.map +1 -0
package/dist/largeattachment/crypto.d.ts +47 -0
package/dist/largeattachment/crypto.d.ts.map +1 -0
package/dist/largeattachment/crypto.js +235 -0
package/dist/largeattachment/crypto.js.map +1 -0
package/dist/largeattachment/enclosure.d.ts +48 -0
package/dist/largeattachment/enclosure.d.ts.map +1 -0
package/dist/largeattachment/enclosure.js +102 -0
package/dist/largeattachment/enclosure.js.map +1 -0
package/dist/largeattachment/index.d.ts +15 -0
package/dist/largeattachment/index.d.ts.map +1 -0
package/dist/largeattachment/index.js +15 -0
package/dist/largeattachment/index.js.map +1 -0
package/dist/largeattachment/store.d.ts +36 -0
package/dist/largeattachment/store.d.ts.map +1 -0
package/dist/largeattachment/store.js +37 -0
package/dist/largeattachment/store.js.map +1 -0
package/dist/largeattachment/types.d.ts +56 -0
package/dist/largeattachment/types.d.ts.map +1 -0
package/dist/largeattachment/types.js +31 -0
package/dist/largeattachment/types.js.map +1 -0
package/dist/largeattachment/upload.d.ts +62 -0
package/dist/largeattachment/upload.d.ts.map +1 -0
package/dist/largeattachment/upload.js +166 -0
package/dist/largeattachment/upload.js.map +1 -0
package/dist/migration/index.d.ts +17 -0
package/dist/migration/index.d.ts.map +1 -0
package/dist/migration/index.js +17 -0
package/dist/migration/index.js.map +1 -0
package/dist/migration/lockout.d.ts +48 -0
package/dist/migration/lockout.d.ts.map +1 -0
package/dist/migration/lockout.js +57 -0
package/dist/migration/lockout.js.map +1 -0
package/dist/migration/migration.d.ts +48 -0
package/dist/migration/migration.d.ts.map +1 -0
package/dist/migration/migration.js +58 -0
package/dist/migration/migration.js.map +1 -0
package/dist/migration/notice.d.ts +33 -0
package/dist/migration/notice.d.ts.map +1 -0
package/dist/migration/notice.js +85 -0
package/dist/migration/notice.js.map +1 -0
package/dist/migration/orchestrate.d.ts +109 -0
package/dist/migration/orchestrate.d.ts.map +1 -0
package/dist/migration/orchestrate.js +212 -0
package/dist/migration/orchestrate.js.map +1 -0
package/dist/migration/publication_store.d.ts +34 -0
package/dist/migration/publication_store.d.ts.map +1 -0
package/dist/migration/publication_store.js +44 -0
package/dist/migration/publication_store.js.map +1 -0
package/dist/migration/sign.d.ts +65 -0
package/dist/migration/sign.d.ts.map +1 -0
package/dist/migration/sign.js +331 -0
package/dist/migration/sign.js.map +1 -0
package/dist/migration/types.d.ts +92 -0
package/dist/migration/types.d.ts.map +1 -0
package/dist/migration/types.js +26 -0
package/dist/migration/types.js.map +1 -0
package/dist/reasoncodes.d.ts +42 -0
package/dist/reasoncodes.d.ts.map +1 -0
package/dist/reasoncodes.js +80 -0
package/dist/reasoncodes.js.map +1 -0
package/dist/recovery/bundle.d.ts +34 -0
package/dist/recovery/bundle.d.ts.map +1 -0
package/dist/recovery/bundle.js +144 -0
package/dist/recovery/bundle.js.map +1 -0
package/dist/recovery/bundle_crypto.d.ts +60 -0
package/dist/recovery/bundle_crypto.d.ts.map +1 -0
package/dist/recovery/bundle_crypto.js +179 -0
package/dist/recovery/bundle_crypto.js.map +1 -0
package/dist/recovery/bundle_store.d.ts +57 -0
package/dist/recovery/bundle_store.d.ts.map +1 -0
package/dist/recovery/bundle_store.js +104 -0
package/dist/recovery/bundle_store.js.map +1 -0
package/dist/recovery/index.d.ts +19 -0
package/dist/recovery/index.d.ts.map +1 -0
package/dist/recovery/index.js +19 -0
package/dist/recovery/index.js.map +1 -0
package/dist/recovery/manifest_crosscheck.d.ts +59 -0
package/dist/recovery/manifest_crosscheck.d.ts.map +1 -0
package/dist/recovery/manifest_crosscheck.js +59 -0
package/dist/recovery/manifest_crosscheck.js.map +1 -0
package/dist/recovery/shamir.d.ts +51 -0
package/dist/recovery/shamir.d.ts.map +1 -0
package/dist/recovery/shamir.js +181 -0
package/dist/recovery/shamir.js.map +1 -0
package/dist/recovery/sign.d.ts +61 -0
package/dist/recovery/sign.d.ts.map +1 -0
package/dist/recovery/sign.js +359 -0
package/dist/recovery/sign.js.map +1 -0
package/dist/recovery/types.d.ts +180 -0
package/dist/recovery/types.d.ts.map +1 -0
package/dist/recovery/types.js +31 -0
package/dist/recovery/types.js.map +1 -0
package/dist/reputation/abuse_report.d.ts +62 -0
package/dist/reputation/abuse_report.d.ts.map +1 -0
package/dist/reputation/abuse_report.js +111 -0
package/dist/reputation/abuse_report.js.map +1 -0
package/dist/reputation/bucketize.d.ts +31 -0
package/dist/reputation/bucketize.d.ts.map +1 -0
package/dist/reputation/bucketize.js +77 -0
package/dist/reputation/bucketize.js.map +1 -0
package/dist/reputation/gossip.d.ts +24 -0
package/dist/reputation/gossip.d.ts.map +1 -0
package/dist/reputation/gossip.js +64 -0
package/dist/reputation/gossip.js.map +1 -0
package/dist/reputation/gossip_fetch.d.ts +64 -0
package/dist/reputation/gossip_fetch.d.ts.map +1 -0
package/dist/reputation/gossip_fetch.js +114 -0
package/dist/reputation/gossip_fetch.js.map +1 -0
package/dist/reputation/index.d.ts +20 -0
package/dist/reputation/index.d.ts.map +1 -0
package/dist/reputation/index.js +20 -0
package/dist/reputation/index.js.map +1 -0
package/dist/reputation/observation_store.d.ts +67 -0
package/dist/reputation/observation_store.d.ts.map +1 -0
package/dist/reputation/observation_store.js +171 -0
package/dist/reputation/observation_store.js.map +1 -0
package/dist/reputation/pow.d.ts +91 -0
package/dist/reputation/pow.d.ts.map +1 -0
package/dist/reputation/pow.js +209 -0
package/dist/reputation/pow.js.map +1 -0
package/dist/reputation/sign.d.ts +40 -0
package/dist/reputation/sign.d.ts.map +1 -0
package/dist/reputation/sign.js +202 -0
package/dist/reputation/sign.js.map +1 -0
package/dist/reputation/types.d.ts +133 -0
package/dist/reputation/types.d.ts.map +1 -0
package/dist/reputation/types.js +33 -0
package/dist/reputation/types.js.map +1 -0
package/dist/reputation/whois.d.ts +25 -0
package/dist/reputation/whois.d.ts.map +1 -0
package/dist/reputation/whois.js +20 -0
package/dist/reputation/whois.js.map +1 -0
package/dist/seal/index.d.ts +8 -0
package/dist/seal/index.d.ts.map +1 -0
package/dist/seal/index.js +8 -0
package/dist/seal/index.js.map +1 -0
package/dist/seal/wrap.d.ts +74 -0
package/dist/seal/wrap.d.ts.map +1 -0
package/dist/seal/wrap.js +213 -0
package/dist/seal/wrap.js.map +1 -0
package/dist/session/dispatcher.d.ts +65 -0
package/dist/session/dispatcher.d.ts.map +1 -0
package/dist/session/dispatcher.js +96 -0
package/dist/session/dispatcher.js.map +1 -0
package/dist/session/index.d.ts +15 -0
package/dist/session/index.d.ts.map +1 -0
package/dist/session/index.js +15 -0
package/dist/session/index.js.map +1 -0
package/dist/session/rekey.d.ts +108 -0
package/dist/session/rekey.d.ts.map +1 -0
package/dist/session/rekey.js +207 -0
package/dist/session/rekey.js.map +1 -0
package/dist/session/rekey_seal.d.ts +66 -0
package/dist/session/rekey_seal.d.ts.map +1 -0
package/dist/session/rekey_seal.js +153 -0
package/dist/session/rekey_seal.js.map +1 -0
package/dist/session/resume.d.ts +125 -0
package/dist/session/resume.d.ts.map +1 -0
package/dist/session/resume.js +263 -0
package/dist/session/resume.js.map +1 -0
package/dist/session/session.d.ts +136 -0
package/dist/session/session.d.ts.map +1 -0
package/dist/session/session.js +188 -0
package/dist/session/session.js.map +1 -0
package/dist/transparency/index.d.ts +13 -0
package/dist/transparency/index.d.ts.map +1 -0
package/dist/transparency/index.js +13 -0
package/dist/transparency/index.js.map +1 -0
package/dist/transparency/log.d.ts +61 -0
package/dist/transparency/log.d.ts.map +1 -0
package/dist/transparency/log.js +133 -0
package/dist/transparency/log.js.map +1 -0
package/dist/transparency/merkle.d.ts +59 -0
package/dist/transparency/merkle.d.ts.map +1 -0
package/dist/transparency/merkle.js +314 -0
package/dist/transparency/merkle.js.map +1 -0
package/dist/transparency/sign.d.ts +48 -0
package/dist/transparency/sign.d.ts.map +1 -0
package/dist/transparency/sign.js +140 -0
package/dist/transparency/sign.js.map +1 -0
package/dist/transparency/types.d.ts +97 -0
package/dist/transparency/types.d.ts.map +1 -0
package/dist/transparency/types.js +25 -0
package/dist/transparency/types.js.map +1 -0
package/dist/transport/h2.d.ts +163 -0
package/dist/transport/h2.d.ts.map +1 -0
package/dist/transport/h2.js +397 -0
package/dist/transport/h2.js.map +1 -0
package/dist/transport/index.d.ts +15 -0
package/dist/transport/index.d.ts.map +1 -0
package/dist/transport/index.js +15 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/memory.d.ts +21 -0
package/dist/transport/memory.d.ts.map +1 -0
package/dist/transport/memory.js +112 -0
package/dist/transport/memory.js.map +1 -0
package/dist/transport/transport.d.ts +54 -0
package/dist/transport/transport.d.ts.map +1 -0
package/dist/transport/transport.js +20 -0
package/dist/transport/transport.js.map +1 -0
package/dist/transport/ws.d.ts +40 -0
package/dist/transport/ws.d.ts.map +1 -0
package/dist/transport/ws.js +204 -0
package/dist/transport/ws.js.map +1 -0
package/package.json +147 -0

package/dist/reputation/sign.js ADDED Viewed

@@ -0,0 +1,202 @@
+/**
+ * Sign / verify primitives for reputation wire records per
+ * REPUTATION.md §4.2 + §3.5 + §5.
+ *
+ * Reputation records use a NO-PREFIX signing input — the canonical
+ * bytes with `signature.value` elided are signed directly under
+ * Ed25519. Other SEMP records use SEMP-* domain-separation
+ * prefixes (registered in ENVELOPE.md §4.3) but reputation ones do
+ * not in the current spec.
+ *
+ * @module
+ */
+import { marshal as canonicalMarshal } from "../canonical/index.js";
+import { sign as ed25519Sign, verify as ed25519Verify, } from "../keys/index.js";
+import { applyBucketing } from "./bucketize.js";
+import {} from "./types.js";
+/** Only signature algorithm currently defined. */
+export const SignatureAlgorithmEd25519 = "ed25519";
+// ---------------------------------------------------------------------------
+// Observation
+/**
+ * Bucketize metrics in place (per §4.5.1), then Ed25519-sign
+ * `obs.signature` over the canonical bytes with `signature.value`
+ * elided.
+ */
+export function signObservation(obs, observerPriv, observerKeyId) {
+    if (observerKeyId === "") {
+        throw new Error("reputation: empty observer key_id");
+    }
+    if (obs.extensions === undefined) {
+        obs.extensions = {};
+    }
+    applyBucketing(obs.metrics);
+    obs.signature.algorithm = SignatureAlgorithmEd25519;
+    obs.signature.key_id = observerKeyId;
+    obs.signature.value = "";
+    const canonicalBytes = canonicalRecordBytes(obs, "signature");
+    const sig = ed25519Sign(observerPriv, canonicalBytes);
+    const sigB64 = base64Encode(sig);
+    obs.signature.value = sigB64;
+    return sigB64;
+}
+/** Verify `obs.signature` against `observerPub`. */
+export function verifyObservation(obs, observerPub) {
+    if (obs.signature.value === "") {
+        return false;
+    }
+    let sig;
+    try {
+        sig = base64Decode(obs.signature.value);
+    }
+    catch {
+        return false;
+    }
+    const canonicalBytes = canonicalRecordBytes(obs, "signature");
+    return ed25519Verify(observerPub, sig, canonicalBytes);
+}
+// ---------------------------------------------------------------------------
+// TrustObservations envelope
+/** Sign a {@link TrustObservations} response under the observer's signing key. */
+export function signTrustObservations(resp, observerPriv, observerKeyId) {
+    if (observerKeyId === "") {
+        throw new Error("reputation: empty observer key_id");
+    }
+    resp.signature.algorithm = SignatureAlgorithmEd25519;
+    resp.signature.key_id = observerKeyId;
+    resp.signature.value = "";
+    const canonicalBytes = canonicalRecordBytes(resp, "signature");
+    const sig = ed25519Sign(observerPriv, canonicalBytes);
+    const sigB64 = base64Encode(sig);
+    resp.signature.value = sigB64;
+    return sigB64;
+}
+/** Verify a {@link TrustObservations} response. */
+export function verifyTrustObservations(resp, observerPub) {
+    if (resp.signature.value === "") {
+        return false;
+    }
+    let sig;
+    try {
+        sig = base64Decode(resp.signature.value);
+    }
+    catch {
+        return false;
+    }
+    const canonicalBytes = canonicalRecordBytes(resp, "signature");
+    return ed25519Verify(observerPub, sig, canonicalBytes);
+}
+// ---------------------------------------------------------------------------
+// DisclosureAuthorization (embedded inside abuse reports)
+/** Sign a {@link DisclosureAuthorization} under the affected user's identity key. */
+export function signDisclosureAuthorization(auth, userPriv, userKeyId) {
+    if (userKeyId === "") {
+        throw new Error("reputation: empty user key_id");
+    }
+    auth.signature.algorithm = SignatureAlgorithmEd25519;
+    auth.signature.key_id = userKeyId;
+    auth.signature.value = "";
+    const canonicalBytes = canonicalRecordBytes(auth, "signature");
+    const sig = ed25519Sign(userPriv, canonicalBytes);
+    const sigB64 = base64Encode(sig);
+    auth.signature.value = sigB64;
+    return sigB64;
+}
+/** Verify a {@link DisclosureAuthorization} against the user's identity public key. */
+export function verifyDisclosureAuthorization(auth, userPub) {
+    if (auth.signature.value === "") {
+        return false;
+    }
+    let sig;
+    try {
+        sig = base64Decode(auth.signature.value);
+    }
+    catch {
+        return false;
+    }
+    const canonicalBytes = canonicalRecordBytes(auth, "signature");
+    return ed25519Verify(userPub, sig, canonicalBytes);
+}
+/** Report whether the scope permits disclosing brief content. */
+export function authAllowsBrief(auth) {
+    return auth.scope === "brief_only" || auth.scope === "brief_and_enclosure";
+}
+/** Report whether the scope permits disclosing enclosure content. */
+export function authAllowsEnclosure(auth) {
+    return auth.scope === "enclosure_only" || auth.scope === "brief_and_enclosure";
+}
+// ---------------------------------------------------------------------------
+// AbuseReport — sent over an authenticated session, no own signature
+/** Structural validation of an {@link AbuseReport} per §3.2. Throws on first violation. */
+export function validateAbuseReport(r) {
+    if (r.type !== "SEMP_ABUSE_REPORT") {
+        throw new Error(`reputation: abuse report type ${JSON.stringify(r.type)}, want SEMP_ABUSE_REPORT`);
+    }
+    for (const f of ["id", "reporter", "reported_domain", "category", "timestamp"]) {
+        if (typeof r[f] !== "string" || r[f] === "") {
+            throw new Error(`reputation: abuse report missing ${f}`);
+        }
+    }
+    if (Number.isNaN(Date.parse(r.timestamp))) {
+        throw new Error("reputation: abuse report timestamp is not ISO 8601");
+    }
+    if (r.evidence === undefined || r.evidence === null) {
+        throw new Error("reputation: abuse report missing evidence");
+    }
+    const evType = r.evidence.type;
+    if (evType !== "envelope_metadata" && evType !== "sealed_evidence") {
+        throw new Error(`reputation: abuse report evidence type ${JSON.stringify(evType)} is not valid`);
+    }
+    if (r.evidence.type === "sealed_evidence") {
+        if (!Array.isArray(r.evidence.envelopes) || r.evidence.envelopes.length === 0) {
+            throw new Error("reputation: sealed_evidence requires non-empty envelopes array");
+        }
+        // §3.7 MUST: when disclosed_brief / disclosed_enclosure is
+        // present, disclosure_authorization MUST also be present.
+        for (let i = 0; i < r.evidence.envelopes.length; i++) {
+            const env = r.evidence.envelopes[i];
+            const hasDisclosed = env.disclosed_brief !== undefined || env.disclosed_enclosure !== undefined;
+            if (hasDisclosed && env.disclosure_authorization === undefined) {
+                throw new Error(`reputation: envelopes[${i}]: disclosed content requires disclosure_authorization (§3.7)`);
+            }
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// Helpers
+/**
+ * Canonical bytes with `<topField>.value` elided. The reputation
+ * records sign the canonical bytes directly (no domain-separation
+ * prefix); other SEMP records use SEMP-* prefixes.
+ */
+function canonicalRecordBytes(obj, topField) {
+    const clone = JSON.parse(JSON.stringify(obj));
+    const sig = clone[topField];
+    if (sig === undefined) {
+        throw new Error(`reputation: object has no ${topField} block`);
+    }
+    sig.value = "";
+    return canonicalMarshal(clone);
+}
+function base64Encode(b) {
+    if (typeof Buffer !== "undefined") {
+        return Buffer.from(b).toString("base64");
+    }
+    let bin = "";
+    for (let i = 0; i < b.length; i++) {
+        bin += String.fromCharCode(b[i] ?? 0);
+    }
+    return btoa(bin);
+}
+function base64Decode(s) {
+    if (typeof Buffer !== "undefined") {
+        return new Uint8Array(Buffer.from(s, "base64"));
+    }
+    const bin = atob(s);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++) {
+        out[i] = bin.charCodeAt(i);
+    }
+    return out;
+}
+//# sourceMappingURL=sign.js.map

package/dist/reputation/sign.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sign.js","sourceRoot":"","sources":["../../src/reputation/sign.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,EACL,IAAI,IAAI,WAAW,EACnB,MAAM,IAAI,aAAa,GACxB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAMN,MAAM,YAAY,CAAC;AAEpB,kDAAkD;AAClD,MAAM,CAAC,MAAM,yBAAyB,GAAG,SAAS,CAAC;AAEnD,8EAA8E;AAC9E,cAAc;AAEd;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAC7B,GAAgB,EAChB,YAAwB,EACxB,aAAqB;IAErB,IAAI,aAAa,KAAK,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACjC,GAAG,CAAC,UAAU,GAAG,EAAE,CAAC;IACtB,CAAC;IACD,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAE5B,GAAG,CAAC,SAAS,CAAC,SAAS,GAAG,yBAAyB,CAAC;IACpD,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,aAAa,CAAC;IACrC,GAAG,CAAC,SAAS,CAAC,KAAK,GAAG,EAAE,CAAC;IAEzB,MAAM,cAAc,GAAG,oBAAoB,CACzC,GAAyC,EACzC,WAAW,CACZ,CAAC;IACF,MAAM,GAAG,GAAG,WAAW,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACjC,GAAG,CAAC,SAAS,CAAC,KAAK,GAAG,MAAM,CAAC;IAC7B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,oDAAoD;AACpD,MAAM,UAAU,iBAAiB,CAC/B,GAAgB,EAChB,WAAuB;IAEvB,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,GAAe,CAAC;IACpB,IAAI,CAAC;QACH,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,cAAc,GAAG,oBAAoB,CACzC,GAAyC,EACzC,WAAW,CACZ,CAAC;IACF,OAAO,aAAa,CAAC,WAAW,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;AACzD,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAE7B,kFAAkF;AAClF,MAAM,UAAU,qBAAqB,CACnC,IAAuB,EACvB,YAAwB,EACxB,aAAqB;IAErB,IAAI,aAAa,KAAK,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,GAAG,yBAAyB,CAAC;IACrD,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,aAAa,CAAC;IACtC,IAAI,CAAC,SAAS,CAAC,KAAK,GAAG,EAAE,CAAC;IAC1B,MAAM,cAAc,GAAG,oBAAoB,CACzC,IAA0C,EAC1C,WAAW,CACZ,CAAC;IACF,MAAM,GAAG,GAAG,WAAW,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,CAAC,SAAS,CAAC,KAAK,GAAG,MAAM,CAAC;IAC9B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,uBAAuB,CACrC,IAAuB,EACvB,WAAuB;IAEvB,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,GAAe,CAAC;IACpB,IAAI,CAAC;QACH,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,cAAc,GAAG,oBAAoB,CACzC,IAA0C,EAC1C,WAAW,CACZ,CAAC;IACF,OAAO,aAAa,CAAC,WAAW,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;AACzD,CAAC;AAED,8EAA8E;AAC9E,0DAA0D;AAE1D,qFAAqF;AACrF,MAAM,UAAU,2BAA2B,CACzC,IAA6B,EAC7B,QAAoB,EACpB,SAAiB;IAEjB,IAAI,SAAS,KAAK,EAAE,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,GAAG,yBAAyB,CAAC;IACrD,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,SAAS,CAAC;IAClC,IAAI,CAAC,SAAS,CAAC,KAAK,GAAG,EAAE,CAAC;IAC1B,MAAM,cAAc,GAAG,oBAAoB,CACzC,IAA0C,EAC1C,WAAW,CACZ,CAAC;IACF,MAAM,GAAG,GAAG,WAAW,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,CAAC,SAAS,CAAC,KAAK,GAAG,MAAM,CAAC;IAC9B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uFAAuF;AACvF,MAAM,UAAU,6BAA6B,CAC3C,IAA6B,EAC7B,OAAmB;IAEnB,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,GAAe,CAAC;IACpB,IAAI,CAAC;QACH,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,cAAc,GAAG,oBAAoB,CACzC,IAA0C,EAC1C,WAAW,CACZ,CAAC;IACF,OAAO,aAAa,CAAC,OAAO,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;AACrD,CAAC;AAED,iEAAiE;AACjE,MAAM,UAAU,eAAe,CAAC,IAA6B;IAC3D,OAAO,IAAI,CAAC,KAAK,KAAK,YAAY,IAAI,IAAI,CAAC,KAAK,KAAK,qBAAqB,CAAC;AAC7E,CAAC;AAED,qEAAqE;AACrE,MAAM,UAAU,mBAAmB,CAAC,IAA6B;IAC/D,OAAO,IAAI,CAAC,KAAK,KAAK,gBAAgB,IAAI,IAAI,CAAC,KAAK,KAAK,qBAAqB,CAAC;AACjF,CAAC;AAED,8EAA8E;AAC9E,qEAAqE;AAErE,2FAA2F;AAC3F,MAAM,UAAU,mBAAmB,CAAC,CAAc;IAChD,IAAI,CAAC,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CACb,iCAAiC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAClF,CAAC;IACJ,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,iBAAiB,EAAE,UAAU,EAAE,WAAW,CAAU,EAAE,CAAC;QACxF,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,CAAC,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IACD,MAAM,MAAM,GAAI,CAAC,CAAC,QAA6B,CAAC,IAAI,CAAC;IACrD,IAAI,MAAM,KAAK,mBAAmB,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CACb,0CAA0C,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAChF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QAC1C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9E,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;QACJ,CAAC;QACD,2DAA2D;QAC3D,0DAA0D;QAC1D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrD,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAE,CAAC;YACrC,MAAM,YAAY,GAChB,GAAG,CAAC,eAAe,KAAK,SAAS,IAAI,GAAG,CAAC,mBAAmB,KAAK,SAAS,CAAC;YAC7E,IAAI,YAAY,IAAI,GAAG,CAAC,wBAAwB,KAAK,SAAS,EAAE,CAAC;gBAC/D,MAAM,IAAI,KAAK,CACb,yBAAyB,CAAC,+DAA+D,CAC1F,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,UAAU;AAEV;;;;GAIG;AACH,SAAS,oBAAoB,CAC3B,GAA4B,EAC5B,QAAgB;IAEhB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAA4B,CAAC;IACzE,MAAM,GAAG,GAAG,KAAK,CAAC,QAAQ,CAAwC,CAAC;IACnE,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,QAAQ,CAAC,CAAC;IACjE,CAAC;IACD,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC;IACf,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;AACjC,CAAC;AAKD,SAAS,YAAY,CAAC,CAAa;IACjC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/reputation/types.d.ts ADDED Viewed

@@ -0,0 +1,133 @@
+/**
+ * Wire-record types for SEMP reputation per REPUTATION.md.
+ *
+ * @module
+ */
+/** `type` discriminators per REPUTATION.md. */
+export declare const ObservationType = "SEMP_TRUST_OBSERVATION";
+export declare const ObservationsEnvelopeType = "SEMP_TRUST_OBSERVATIONS";
+export declare const AbuseReportType = "SEMP_ABUSE_REPORT";
+export declare const Version = "1.0.0";
+/** Reputation publication path per §5. */
+export declare const PublicationPath = "/.well-known/semp/reputation/";
+/** Assessment classification per §4.6. */
+export type Assessment = "trusted" | "neutral" | "suspicious" | "hostile";
+/** Abuse category per §3.4 + ERRORS.md §9. */
+export type AbuseCategory = "spam" | "harassment" | "phishing" | "malware" | "protocol_abuse" | "impersonation" | "other";
+/**
+ * Report whether `c` is one of the categories defined in §3.4.
+ * Unknown categories are permitted for forward compatibility.
+ */
+export declare function isKnownAbuseCategory(c: string): c is AbuseCategory;
+/** Reusable signature block. */
+export interface ReputationSignature {
+    algorithm: string;
+    key_id: string;
+    value: string;
+}
+/** Time window of an Observation per §4.4. */
+export interface Window {
+    /** ISO 8601 UTC. */
+    start: string;
+    /** ISO 8601 UTC. */
+    end: string;
+}
+/** Quantitative payload of an Observation per §4.5. */
+export interface Metrics {
+    envelopes_received: number;
+    envelopes_rejected: number;
+    abuse_reports: number;
+    abuse_categories?: AbuseCategory[];
+    unique_senders_observed?: number;
+    handshakes_completed?: number;
+    handshakes_rejected?: number;
+}
+/** Cap applied by Bucketize: counts at/above this clamp here. */
+export declare const MaxMetricBucket: number;
+/** Single signed observation record per §4.2. */
+export interface Observation {
+    type: typeof ObservationType;
+    version: string;
+    id: string;
+    observer: string;
+    subject: string;
+    window: Window;
+    metrics: Metrics;
+    assessment: Assessment;
+    evidence_available: boolean;
+    evidence_uri?: string;
+    /** ISO 8601 UTC. */
+    timestamp: string;
+    /** ISO 8601 UTC hard expiry. */
+    expires: string;
+    signature: ReputationSignature;
+    /** Always emitted (even when empty) so canonical bytes are stable. */
+    extensions: Record<string, unknown>;
+}
+/** Publication envelope carrying a list of observations per §5.1. */
+export interface TrustObservations {
+    type: typeof ObservationsEnvelopeType;
+    version: string;
+    /** Observer domain. */
+    observer: string;
+    /** Subject domain (or empty when the response is a per-observer index). */
+    subject: string;
+    observations: Observation[];
+    /** ISO 8601 UTC. */
+    timestamp: string;
+    signature: ReputationSignature;
+}
+/** Publishable hash summary per §5. */
+export interface GossipHash {
+    domain: string;
+    /** Lowercase hex SHA-256. */
+    hash: string;
+    algorithm: string;
+    /** ISO 8601 UTC. */
+    as_of: string;
+}
+/** Disclosure scope per §3.5. */
+export type DisclosureScope = "brief_only" | "enclosure_only" | "brief_and_enclosure";
+/** Affected user's signed permission to include decrypted content per §3.5 + §3.7. */
+export interface DisclosureAuthorization {
+    user: string;
+    /** ISO 8601 UTC. */
+    authorized_at: string;
+    scope: DisclosureScope;
+    signature: ReputationSignature;
+}
+/** Sealed-evidence envelope-shaped record per §3.5. */
+export interface SealedEnvelopeEvidence {
+    postmark: Record<string, unknown>;
+    seal: Record<string, unknown>;
+    disclosed_brief?: Record<string, unknown>;
+    disclosed_enclosure?: Record<string, unknown>;
+    disclosure_authorization?: DisclosureAuthorization;
+}
+/** Polymorphic evidence payload per §3.5. */
+export type Evidence = {
+    type: "envelope_metadata";
+    postmark_ids?: string[];
+    count?: number;
+    /** ISO 8601 interval string. */
+    window?: string;
+} | {
+    type: "sealed_evidence";
+    envelopes: SealedEnvelopeEvidence[];
+};
+/** SEMP_ABUSE_REPORT message per §3.2. */
+export interface AbuseReport {
+    type: typeof AbuseReportType;
+    version: string;
+    id: string;
+    reporter: string;
+    reported_domain: string;
+    reported_address?: string;
+    category: AbuseCategory | string;
+    /** ISO 8601 UTC. */
+    timestamp: string;
+    evidence: Evidence;
+    description?: string;
+    extensions: Record<string, unknown>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/reputation/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/reputation/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,+CAA+C;AAC/C,eAAO,MAAM,eAAe,2BAA2B,CAAC;AACxD,eAAO,MAAM,wBAAwB,4BAA4B,CAAC;AAClE,eAAO,MAAM,eAAe,sBAAsB,CAAC;AACnD,eAAO,MAAM,OAAO,UAAU,CAAC;AAE/B,0CAA0C;AAC1C,eAAO,MAAM,eAAe,kCAAkC,CAAC;AAE/D,0CAA0C;AAC1C,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,SAAS,GAAG,YAAY,GAAG,SAAS,CAAC;AAE1E,8CAA8C;AAC9C,MAAM,MAAM,aAAa,GACrB,MAAM,GACN,YAAY,GACZ,UAAU,GACV,SAAS,GACT,gBAAgB,GAChB,eAAe,GACf,OAAO,CAAC;AAEZ;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,CAAC,EAAE,MAAM,GAAG,CAAC,IAAI,aAAa,CAalE;AAED,gCAAgC;AAChC,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf;AAED,8CAA8C;AAC9C,MAAM,WAAW,MAAM;IACrB,oBAAoB;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,oBAAoB;IACpB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,uDAAuD;AACvD,MAAM,WAAW,OAAO;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,aAAa,EAAE,CAAC;IACnC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,iEAAiE;AACjE,eAAO,MAAM,eAAe,QAAU,CAAC;AAEvC,iDAAiD;AACjD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,OAAO,eAAe,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,UAAU,CAAC;IACvB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,gCAAgC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,mBAAmB,CAAC;IAC/B,sEAAsE;IACtE,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,qEAAqE;AACrE,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,OAAO,wBAAwB,CAAC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,2EAA2E;IAC3E,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAED,uCAAuC;AACvC,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,oBAAoB;IACpB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,iCAAiC;AACjC,MAAM,MAAM,eAAe,GACvB,YAAY,GACZ,gBAAgB,GAChB,qBAAqB,CAAC;AAE1B,sFAAsF;AACtF,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,eAAe,CAAC;IACvB,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAED,uDAAuD;AACvD,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC1C,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9C,wBAAwB,CAAC,EAAE,uBAAuB,CAAC;CACpD;AAED,6CAA6C;AAC7C,MAAM,MAAM,QAAQ,GAChB;IACE,IAAI,EAAE,mBAAmB,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GACD;IACE,IAAI,EAAE,iBAAiB,CAAC;IACxB,SAAS,EAAE,sBAAsB,EAAE,CAAC;CACrC,CAAC;AAEN,0CAA0C;AAC1C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,OAAO,eAAe,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,aAAa,GAAG,MAAM,CAAC;IACjC,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,QAAQ,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC"}

package/dist/reputation/types.js ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Wire-record types for SEMP reputation per REPUTATION.md.
+ *
+ * @module
+ */
+/** `type` discriminators per REPUTATION.md. */
+export const ObservationType = "SEMP_TRUST_OBSERVATION";
+export const ObservationsEnvelopeType = "SEMP_TRUST_OBSERVATIONS";
+export const AbuseReportType = "SEMP_ABUSE_REPORT";
+export const Version = "1.0.0";
+/** Reputation publication path per §5. */
+export const PublicationPath = "/.well-known/semp/reputation/";
+/**
+ * Report whether `c` is one of the categories defined in §3.4.
+ * Unknown categories are permitted for forward compatibility.
+ */
+export function isKnownAbuseCategory(c) {
+    switch (c) {
+        case "spam":
+        case "harassment":
+        case "phishing":
+        case "malware":
+        case "protocol_abuse":
+        case "impersonation":
+        case "other":
+            return true;
+        default:
+            return false;
+    }
+}
+/** Cap applied by Bucketize: counts at/above this clamp here. */
+export const MaxMetricBucket = 1 << 20;
+//# sourceMappingURL=types.js.map

package/dist/reputation/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/reputation/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,+CAA+C;AAC/C,MAAM,CAAC,MAAM,eAAe,GAAG,wBAAwB,CAAC;AACxD,MAAM,CAAC,MAAM,wBAAwB,GAAG,yBAAyB,CAAC;AAClE,MAAM,CAAC,MAAM,eAAe,GAAG,mBAAmB,CAAC;AACnD,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC;AAE/B,0CAA0C;AAC1C,MAAM,CAAC,MAAM,eAAe,GAAG,+BAA+B,CAAC;AAe/D;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,CAAS;IAC5C,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,MAAM,CAAC;QACZ,KAAK,YAAY,CAAC;QAClB,KAAK,UAAU,CAAC;QAChB,KAAK,SAAS,CAAC;QACf,KAAK,gBAAgB,CAAC;QACtB,KAAK,eAAe,CAAC;QACrB,KAAK,OAAO;YACV,OAAO,IAAI,CAAC;QACd;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AA4BD,iEAAiE;AACjE,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,IAAI,EAAE,CAAC"}

package/dist/reputation/whois.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * WHOIS hooks per REPUTATION.md §2.1.
+ *
+ * Operators supply their own WHOIS implementation — there is no de
+ * facto WHOIS library that is both reliable and free of rate limits,
+ * so this is intentionally pluggable.
+ *
+ * @module
+ */
+/**
+ * Recommended minimum domain registration age before a domain
+ * receives baseline trust per REPUTATION.md §2.1: 30 days, in
+ * milliseconds.
+ */
+export declare const MinDomainAgeMs: number;
+/**
+ * Pluggable WHOIS lookup. {@link domainAgeMs} returns the age in
+ * milliseconds since the domain was first registered.
+ */
+export interface WHOIS {
+    domainAgeMs(domain: string): Promise<number>;
+}
+/** Whether `ageMs` meets the {@link MinDomainAgeMs} floor. */
+export declare function meetsMinAge(ageMs: number): boolean;
+//# sourceMappingURL=whois.d.ts.map

package/dist/reputation/whois.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"whois.d.ts","sourceRoot":"","sources":["../../src/reputation/whois.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;;GAIG;AACH,eAAO,MAAM,cAAc,QAA0B,CAAC;AAEtD;;;GAGG;AACH,MAAM,WAAW,KAAK;IACpB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC9C;AAED,8DAA8D;AAC9D,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAElD"}

package/dist/reputation/whois.js ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * WHOIS hooks per REPUTATION.md §2.1.
+ *
+ * Operators supply their own WHOIS implementation — there is no de
+ * facto WHOIS library that is both reliable and free of rate limits,
+ * so this is intentionally pluggable.
+ *
+ * @module
+ */
+/**
+ * Recommended minimum domain registration age before a domain
+ * receives baseline trust per REPUTATION.md §2.1: 30 days, in
+ * milliseconds.
+ */
+export const MinDomainAgeMs = 30 * 24 * 3_600 * 1_000;
+/** Whether `ageMs` meets the {@link MinDomainAgeMs} floor. */
+export function meetsMinAge(ageMs) {
+    return ageMs >= MinDomainAgeMs;
+}
+//# sourceMappingURL=whois.js.map

package/dist/reputation/whois.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"whois.js","sourceRoot":"","sources":["../../src/reputation/whois.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,GAAG,KAAK,CAAC;AAUtD,8DAA8D;AAC9D,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,OAAO,KAAK,IAAI,cAAc,CAAC;AACjC,CAAC"}

package/dist/seal/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Seal layer per ENVELOPE.md §4.4. Per-recipient key wrap +
+ * eventual signature/MAC over the canonical envelope bytes.
+ *
+ * @module
+ */
+export { type Suite, type WrapRandomness, WrapInfo, unwrap, wrap, wrapWithRandomness, } from "./wrap.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/seal/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/seal/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,KAAK,KAAK,EACV,KAAK,cAAc,EACnB,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,kBAAkB,GACnB,MAAM,WAAW,CAAC"}

package/dist/seal/index.js ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Seal layer per ENVELOPE.md §4.4. Per-recipient key wrap +
+ * eventual signature/MAC over the canonical envelope bytes.
+ *
+ * @module
+ */
+export { WrapInfo, unwrap, wrap, wrapWithRandomness, } from "./wrap.js";
+//# sourceMappingURL=index.js.map

package/dist/seal/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/seal/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAGL,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,kBAAkB,GACnB,MAAM,WAAW,CAAC"}

package/dist/seal/wrap.d.ts ADDED Viewed

@@ -0,0 +1,74 @@
+/**
+ * Seal-layer key wrap per ENVELOPE.md §4.4.1.
+ *
+ * The wrap protects a fresh symmetric key (K_brief or K_enclosure)
+ * for one recipient. The construction is HPKE-Base style:
+ *
+ *   1. KEM: encapsulate against the recipient's public key. For
+ *      X25519 the encapsulation generates a fresh ephemeral and
+ *      computes ECDH; for Kyber768+X25519 hybrid both halves run
+ *      in parallel.
+ *   2. KDF: HKDF-SHA-512 over the shared secret with salt
+ *      `kemCt || recipientPub` and info "SEMP-v1-wrap".
+ *   3. AEAD: zero nonce, recipient pub as AAD, plaintext = the
+ *      symmetric key being wrapped. The zero nonce is safe because
+ *      the wrap key is unique per call (fresh ephemeral feeds
+ *      into the KDF).
+ *
+ * Output: `kemCt || aeadCt`, base64-encoded.
+ *
+ * @module
+ */
+/** HKDF info context for the wrap-key expansion. */
+export declare const WrapInfo = "SEMP-v1-wrap";
+/** Algorithm suite identifiers used on the wire. */
+export type Suite = "x25519-chacha20-poly1305" | "pq-kyber768-x25519";
+/**
+ * Unwrap a wrapped symmetric key per §4.4.1. Reverses the wrap
+ * computation: split kemCt from aeadCt by AEAD-overhead size,
+ * decapsulate, derive wrap_key, AEAD-open.
+ *
+ * @param suite negotiated suite that produced the wrap.
+ * @param recipientPrivateKey for X25519: 32 bytes; for hybrid:
+ *   2432 bytes (kyberPriv || x25519Priv per §4.4.1).
+ * @param recipientPublicKey for X25519: 32 bytes; for hybrid:
+ *   1216 bytes (kyberPub || x25519Pub per §4.4.1).
+ * @param wrappedB64 base64 of (kemCt || aeadCt).
+ */
+export declare function unwrap(suite: Suite, recipientPrivateKey: Uint8Array, recipientPublicKey: Uint8Array, wrappedB64: string): Uint8Array;
+/**
+ * Wrap `symmetricKey` for the given recipient under the negotiated
+ * suite. Production code path: uses the platform CSPRNG to generate
+ * a fresh ephemeral every call, which is what the §4.4.1 wrap
+ * construction requires — wrap-key uniqueness is what makes the
+ * zero-nonce AEAD safe.
+ *
+ * For deterministic byte-level reproducibility (vectors, audits),
+ * use {@link wrapWithRandomness} instead and pass pinned
+ * ephemeral inputs.
+ */
+export declare function wrap(suite: Suite, recipientPublicKey: Uint8Array, symmetricKey: Uint8Array): string;
+/**
+ * Inputs to a deterministic wrap. The fields a caller must pin to
+ * reproduce the exact wrap bytes a previous run produced.
+ */
+export interface WrapRandomness {
+    /** 32-byte X25519 ephemeral private key. Required for both suites. */
+    ephemeralX25519Priv: Uint8Array;
+    /**
+     * 32-byte ML-KEM-768 encapsulation randomness (FIPS 203 `m`).
+     * Required for the PQ suite, ignored for baseline.
+     */
+    kyberEncapsRandomnessM?: Uint8Array;
+}
+/**
+ * Deterministic wrap for vector reproduction and audits. Production
+ * code MUST use {@link wrap} (which sources fresh entropy) — a
+ * deterministic wrap that leaks `ephemeralX25519Priv` reduces to
+ * "the adversary has the wrap key". Exposed here only because
+ * cross-language vectors pin these inputs.
+ *
+ * Returns base64(kemCt || aeadCt) per ENVELOPE.md §4.4.1.
+ */
+export declare function wrapWithRandomness(suite: Suite, recipientPublicKey: Uint8Array, symmetricKey: Uint8Array, randomness: WrapRandomness): string;
+//# sourceMappingURL=wrap.d.ts.map

package/dist/seal/wrap.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wrap.d.ts","sourceRoot":"","sources":["../../src/seal/wrap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAgBH,oDAAoD;AACpD,eAAO,MAAM,QAAQ,iBAAiB,CAAC;AAEvC,oDAAoD;AACpD,MAAM,MAAM,KAAK,GAAG,0BAA0B,GAAG,oBAAoB,CAAC;AAEtE;;;;;;;;;;;GAWG;AACH,wBAAgB,MAAM,CACpB,KAAK,EAAE,KAAK,EACZ,mBAAmB,EAAE,UAAU,EAC/B,kBAAkB,EAAE,UAAU,EAC9B,UAAU,EAAE,MAAM,GACjB,UAAU,CAqCZ;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,IAAI,CAClB,KAAK,EAAE,KAAK,EACZ,kBAAkB,EAAE,UAAU,EAC9B,YAAY,EAAE,UAAU,GACvB,MAAM,CAiBR;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,sEAAsE;IACtE,mBAAmB,EAAE,UAAU,CAAC;IAChC;;;OAGG;IACH,sBAAsB,CAAC,EAAE,UAAU,CAAC;CACrC;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,KAAK,EACZ,kBAAkB,EAAE,UAAU,EAC9B,YAAY,EAAE,UAAU,EACxB,UAAU,EAAE,cAAc,GACzB,MAAM,CA2BR"}