npm - @sempdev/semp - Versions diffs - 0.4.3 - Mend

@sempdev/semp 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/LICENSE +21 -0
package/README.md +59 -0
package/dist/brief/address.d.ts +77 -0
package/dist/brief/address.d.ts.map +1 -0
package/dist/brief/address.js +217 -0
package/dist/brief/address.js.map +1 -0
package/dist/brief/brief.d.ts +75 -0
package/dist/brief/brief.d.ts.map +1 -0
package/dist/brief/brief.js +56 -0
package/dist/brief/brief.js.map +1 -0
package/dist/brief/index.d.ts +11 -0
package/dist/brief/index.d.ts.map +1 -0
package/dist/brief/index.js +11 -0
package/dist/brief/index.js.map +1 -0
package/dist/canonical/index.d.ts +8 -0
package/dist/canonical/index.d.ts.map +1 -0
package/dist/canonical/index.js +8 -0
package/dist/canonical/index.js.map +1 -0
package/dist/canonical/marshal.d.ts +35 -0
package/dist/canonical/marshal.d.ts.map +1 -0
package/dist/canonical/marshal.js +107 -0
package/dist/canonical/marshal.js.map +1 -0
package/dist/clockskew/index.d.ts +52 -0
package/dist/clockskew/index.d.ts.map +1 -0
package/dist/clockskew/index.js +62 -0
package/dist/clockskew/index.js.map +1 -0
package/dist/closure/closure.d.ts +106 -0
package/dist/closure/closure.d.ts.map +1 -0
package/dist/closure/closure.js +152 -0
package/dist/closure/closure.js.map +1 -0
package/dist/closure/driver.d.ts +103 -0
package/dist/closure/driver.d.ts.map +1 -0
package/dist/closure/driver.js +126 -0
package/dist/closure/driver.js.map +1 -0
package/dist/closure/index.d.ts +13 -0
package/dist/closure/index.d.ts.map +1 -0
package/dist/closure/index.js +13 -0
package/dist/closure/index.js.map +1 -0
package/dist/closure/store.d.ts +80 -0
package/dist/closure/store.d.ts.map +1 -0
package/dist/closure/store.js +89 -0
package/dist/closure/store.js.map +1 -0
package/dist/crypto/aead.d.ts +29 -0
package/dist/crypto/aead.d.ts.map +1 -0
package/dist/crypto/aead.js +48 -0
package/dist/crypto/aead.js.map +1 -0
package/dist/crypto/argon2.d.ts +20 -0
package/dist/crypto/argon2.d.ts.map +1 -0
package/dist/crypto/argon2.js +28 -0
package/dist/crypto/argon2.js.map +1 -0
package/dist/crypto/index.d.ts +14 -0
package/dist/crypto/index.d.ts.map +1 -0
package/dist/crypto/index.js +14 -0
package/dist/crypto/index.js.map +1 -0
package/dist/crypto/kdf.d.ts +96 -0
package/dist/crypto/kdf.d.ts.map +1 -0
package/dist/crypto/kdf.js +122 -0
package/dist/crypto/kdf.js.map +1 -0
package/dist/crypto/kem.d.ts +85 -0
package/dist/crypto/kem.d.ts.map +1 -0
package/dist/crypto/kem.js +130 -0
package/dist/crypto/kem.js.map +1 -0
package/dist/crypto/mac.d.ts +19 -0
package/dist/crypto/mac.d.ts.map +1 -0
package/dist/crypto/mac.js +32 -0
package/dist/crypto/mac.js.map +1 -0
package/dist/delivery/ack.d.ts +125 -0
package/dist/delivery/ack.d.ts.map +1 -0
package/dist/delivery/ack.js +141 -0
package/dist/delivery/ack.js.map +1 -0
package/dist/delivery/blocklist.d.ts +87 -0
package/dist/delivery/blocklist.d.ts.map +1 -0
package/dist/delivery/blocklist.js +107 -0
package/dist/delivery/blocklist.js.map +1 -0
package/dist/delivery/cancel.d.ts +60 -0
package/dist/delivery/cancel.d.ts.map +1 -0
package/dist/delivery/cancel.js +43 -0
package/dist/delivery/cancel.js.map +1 -0
package/dist/delivery/disposition.d.ts +106 -0
package/dist/delivery/disposition.d.ts.map +1 -0
package/dist/delivery/disposition.js +105 -0
package/dist/delivery/disposition.js.map +1 -0
package/dist/delivery/fetch.d.ts +59 -0
package/dist/delivery/fetch.d.ts.map +1 -0
package/dist/delivery/fetch.js +47 -0
package/dist/delivery/fetch.js.map +1 -0
package/dist/delivery/forwarder.d.ts +106 -0
package/dist/delivery/forwarder.d.ts.map +1 -0
package/dist/delivery/forwarder.js +251 -0
package/dist/delivery/forwarder.js.map +1 -0
package/dist/delivery/inbox.d.ts +42 -0
package/dist/delivery/inbox.d.ts.map +1 -0
package/dist/delivery/inbox.js +68 -0
package/dist/delivery/inbox.js.map +1 -0
package/dist/delivery/index.d.ts +31 -0
package/dist/delivery/index.d.ts.map +1 -0
package/dist/delivery/index.js +31 -0
package/dist/delivery/index.js.map +1 -0
package/dist/delivery/internalroute.d.ts +50 -0
package/dist/delivery/internalroute.d.ts.map +1 -0
package/dist/delivery/internalroute.js +23 -0
package/dist/delivery/internalroute.js.map +1 -0
package/dist/delivery/pipeline.d.ts +153 -0
package/dist/delivery/pipeline.d.ts.map +1 -0
package/dist/delivery/pipeline.js +356 -0
package/dist/delivery/pipeline.js.map +1 -0
package/dist/delivery/policy_state.d.ts +105 -0
package/dist/delivery/policy_state.d.ts.map +1 -0
package/dist/delivery/policy_state.js +293 -0
package/dist/delivery/policy_state.js.map +1 -0
package/dist/delivery/queue.d.ts +47 -0
package/dist/delivery/queue.d.ts.map +1 -0
package/dist/delivery/queue.js +33 -0
package/dist/delivery/queue.js.map +1 -0
package/dist/delivery/receipt.d.ts +137 -0
package/dist/delivery/receipt.d.ts.map +1 -0
package/dist/delivery/receipt.js +181 -0
package/dist/delivery/receipt.js.map +1 -0
package/dist/delivery/receipt_store.d.ts +81 -0
package/dist/delivery/receipt_store.d.ts.map +1 -0
package/dist/delivery/receipt_store.js +74 -0
package/dist/delivery/receipt_store.js.map +1 -0
package/dist/delivery/retry.d.ts +78 -0
package/dist/delivery/retry.d.ts.map +1 -0
package/dist/delivery/retry.js +132 -0
package/dist/delivery/retry.js.map +1 -0
package/dist/delivery/scheduler.d.ts +156 -0
package/dist/delivery/scheduler.d.ts.map +1 -0
package/dist/delivery/scheduler.js +349 -0
package/dist/delivery/scheduler.js.map +1 -0
package/dist/delivery/stage_partition.d.ts +87 -0
package/dist/delivery/stage_partition.d.ts.map +1 -0
package/dist/delivery/stage_partition.js +122 -0
package/dist/delivery/stage_partition.js.map +1 -0
package/dist/delivery/staged_runner.d.ts +100 -0
package/dist/delivery/staged_runner.d.ts.map +1 -0
package/dist/delivery/staged_runner.js +277 -0
package/dist/delivery/staged_runner.js.map +1 -0
package/dist/delivery/submission.d.ts +72 -0
package/dist/delivery/submission.d.ts.map +1 -0
package/dist/delivery/submission.js +58 -0
package/dist/delivery/submission.js.map +1 -0
package/dist/delivery/sync.d.ts +68 -0
package/dist/delivery/sync.d.ts.map +1 -0
package/dist/delivery/sync.js +99 -0
package/dist/delivery/sync.js.map +1 -0
package/dist/delivery/user_policy.d.ts +74 -0
package/dist/delivery/user_policy.d.ts.map +1 -0
package/dist/delivery/user_policy.js +140 -0
package/dist/delivery/user_policy.js.map +1 -0
package/dist/discovery/cache.d.ts +37 -0
package/dist/discovery/cache.d.ts.map +1 -0
package/dist/discovery/cache.js +45 -0
package/dist/discovery/cache.js.map +1 -0
package/dist/discovery/configuration.d.ts +97 -0
package/dist/discovery/configuration.d.ts.map +1 -0
package/dist/discovery/configuration.js +146 -0
package/dist/discovery/configuration.js.map +1 -0
package/dist/discovery/dns.d.ts +56 -0
package/dist/discovery/dns.d.ts.map +1 -0
package/dist/discovery/dns.js +120 -0
package/dist/discovery/dns.js.map +1 -0
package/dist/discovery/domain_keys.d.ts +62 -0
package/dist/discovery/domain_keys.d.ts.map +1 -0
package/dist/discovery/domain_keys.js +89 -0
package/dist/discovery/domain_keys.js.map +1 -0
package/dist/discovery/index.d.ts +19 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +19 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/lookup.d.ts +72 -0
package/dist/discovery/lookup.d.ts.map +1 -0
package/dist/discovery/lookup.js +121 -0
package/dist/discovery/lookup.js.map +1 -0
package/dist/discovery/onion.d.ts +34 -0
package/dist/discovery/onion.d.ts.map +1 -0
package/dist/discovery/onion.js +61 -0
package/dist/discovery/onion.js.map +1 -0
package/dist/discovery/partition.d.ts +96 -0
package/dist/discovery/partition.d.ts.map +1 -0
package/dist/discovery/partition.js +247 -0
package/dist/discovery/partition.js.map +1 -0
package/dist/discovery/resolver.d.ts +113 -0
package/dist/discovery/resolver.d.ts.map +1 -0
package/dist/discovery/resolver.js +176 -0
package/dist/discovery/resolver.js.map +1 -0
package/dist/discovery/txt.d.ts +39 -0
package/dist/discovery/txt.d.ts.map +1 -0
package/dist/discovery/txt.js +71 -0
package/dist/discovery/txt.js.map +1 -0
package/dist/enclosure/forwarding.d.ts +128 -0
package/dist/enclosure/forwarding.d.ts.map +1 -0
package/dist/enclosure/forwarding.js +119 -0
package/dist/enclosure/forwarding.js.map +1 -0
package/dist/enclosure/index.d.ts +11 -0
package/dist/enclosure/index.d.ts.map +1 -0
package/dist/enclosure/index.js +11 -0
package/dist/enclosure/index.js.map +1 -0
package/dist/envelope/buckets.d.ts +38 -0
package/dist/envelope/buckets.d.ts.map +1 -0
package/dist/envelope/buckets.js +73 -0
package/dist/envelope/buckets.js.map +1 -0
package/dist/envelope/canonical.d.ts +28 -0
package/dist/envelope/canonical.d.ts.map +1 -0
package/dist/envelope/canonical.js +54 -0
package/dist/envelope/canonical.js.map +1 -0
package/dist/envelope/compose.d.ts +171 -0
package/dist/envelope/compose.d.ts.map +1 -0
package/dist/envelope/compose.js +237 -0
package/dist/envelope/compose.js.map +1 -0
package/dist/envelope/encode.d.ts +41 -0
package/dist/envelope/encode.d.ts.map +1 -0
package/dist/envelope/encode.js +69 -0
package/dist/envelope/encode.js.map +1 -0
package/dist/envelope/index.d.ts +20 -0
package/dist/envelope/index.d.ts.map +1 -0
package/dist/envelope/index.js +20 -0
package/dist/envelope/index.js.map +1 -0
package/dist/envelope/open_any.d.ts +48 -0
package/dist/envelope/open_any.d.ts.map +1 -0
package/dist/envelope/open_any.js +81 -0
package/dist/envelope/open_any.js.map +1 -0
package/dist/envelope/open_verified.d.ts +59 -0
package/dist/envelope/open_verified.d.ts.map +1 -0
package/dist/envelope/open_verified.js +67 -0
package/dist/envelope/open_verified.js.map +1 -0
package/dist/envelope/padding.d.ts +55 -0
package/dist/envelope/padding.d.ts.map +1 -0
package/dist/envelope/padding.js +162 -0
package/dist/envelope/padding.js.map +1 -0
package/dist/envelope/rejection.d.ts +22 -0
package/dist/envelope/rejection.d.ts.map +1 -0
package/dist/envelope/rejection.js +30 -0
package/dist/envelope/rejection.js.map +1 -0
package/dist/envelope/sendtime.d.ts +49 -0
package/dist/envelope/sendtime.d.ts.map +1 -0
package/dist/envelope/sendtime.js +87 -0
package/dist/envelope/sendtime.js.map +1 -0
package/dist/envelope/verify.d.ts +29 -0
package/dist/envelope/verify.d.ts.map +1 -0
package/dist/envelope/verify.js +90 -0
package/dist/envelope/verify.js.map +1 -0
package/dist/extensions/index.d.ts +7 -0
package/dist/extensions/index.d.ts.map +1 -0
package/dist/extensions/index.js +7 -0
package/dist/extensions/index.js.map +1 -0
package/dist/extensions/limits.d.ts +101 -0
package/dist/extensions/limits.d.ts.map +1 -0
package/dist/extensions/limits.js +175 -0
package/dist/extensions/limits.js.map +1 -0
package/dist/handshake/abort.d.ts +49 -0
package/dist/handshake/abort.d.ts.map +1 -0
package/dist/handshake/abort.js +82 -0
package/dist/handshake/abort.js.map +1 -0
package/dist/handshake/capabilities.d.ts +46 -0
package/dist/handshake/capabilities.d.ts.map +1 -0
package/dist/handshake/capabilities.js +114 -0
package/dist/handshake/capabilities.js.map +1 -0
package/dist/handshake/client_state.d.ts +186 -0
package/dist/handshake/client_state.d.ts.map +1 -0
package/dist/handshake/client_state.js +520 -0
package/dist/handshake/client_state.js.map +1 -0
package/dist/handshake/confirm.d.ts +21 -0
package/dist/handshake/confirm.d.ts.map +1 -0
package/dist/handshake/confirm.js +27 -0
package/dist/handshake/confirm.js.map +1 -0
package/dist/handshake/driver.d.ts +126 -0
package/dist/handshake/driver.d.ts.map +1 -0
package/dist/handshake/driver.js +251 -0
package/dist/handshake/driver.js.map +1 -0
package/dist/handshake/federation.d.ts +365 -0
package/dist/handshake/federation.d.ts.map +1 -0
package/dist/handshake/federation.js +664 -0
package/dist/handshake/federation.js.map +1 -0
package/dist/handshake/first_contact.d.ts +57 -0
package/dist/handshake/first_contact.d.ts.map +1 -0
package/dist/handshake/first_contact.js +124 -0
package/dist/handshake/first_contact.js.map +1 -0
package/dist/handshake/identity.d.ts +101 -0
package/dist/handshake/identity.d.ts.map +1 -0
package/dist/handshake/identity.js +117 -0
package/dist/handshake/identity.js.map +1 -0
package/dist/handshake/index.d.ts +21 -0
package/dist/handshake/index.d.ts.map +1 -0
package/dist/handshake/index.js +21 -0
package/dist/handshake/index.js.map +1 -0
package/dist/handshake/messages.d.ts +176 -0
package/dist/handshake/messages.d.ts.map +1 -0
package/dist/handshake/messages.js +125 -0
package/dist/handshake/messages.js.map +1 -0
package/dist/handshake/pow.d.ts +53 -0
package/dist/handshake/pow.d.ts.map +1 -0
package/dist/handshake/pow.js +142 -0
package/dist/handshake/pow.js.map +1 -0
package/dist/handshake/resume_driver.d.ts +56 -0
package/dist/handshake/resume_driver.d.ts.map +1 -0
package/dist/handshake/resume_driver.js +75 -0
package/dist/handshake/resume_driver.js.map +1 -0
package/dist/handshake/server.d.ts +112 -0
package/dist/handshake/server.d.ts.map +1 -0
package/dist/handshake/server.js +247 -0
package/dist/handshake/server.js.map +1 -0
package/dist/handshake/server_state.d.ts +102 -0
package/dist/handshake/server_state.d.ts.map +1 -0
package/dist/handshake/server_state.js +278 -0
package/dist/handshake/server_state.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +33 -0
package/dist/index.js.map +1 -0
package/dist/keys/compromise.d.ts +118 -0
package/dist/keys/compromise.d.ts.map +1 -0
package/dist/keys/compromise.js +218 -0
package/dist/keys/compromise.js.map +1 -0
package/dist/keys/device_certificate.d.ts +166 -0
package/dist/keys/device_certificate.d.ts.map +1 -0
package/dist/keys/device_certificate.js +328 -0
package/dist/keys/device_certificate.js.map +1 -0
package/dist/keys/device_records.d.ts +175 -0
package/dist/keys/device_records.d.ts.map +1 -0
package/dist/keys/device_records.js +418 -0
package/dist/keys/device_records.js.map +1 -0
package/dist/keys/directory_cache.d.ts +64 -0
package/dist/keys/directory_cache.d.ts.map +1 -0
package/dist/keys/directory_cache.js +98 -0
package/dist/keys/directory_cache.js.map +1 -0
package/dist/keys/directory_state.d.ts +79 -0
package/dist/keys/directory_state.d.ts.map +1 -0
package/dist/keys/directory_state.js +155 -0
package/dist/keys/directory_state.js.map +1 -0
package/dist/keys/index.d.ts +18 -0
package/dist/keys/index.d.ts.map +1 -0
package/dist/keys/index.js +18 -0
package/dist/keys/index.js.map +1 -0
package/dist/keys/key_revocation.d.ts +61 -0
package/dist/keys/key_revocation.d.ts.map +1 -0
package/dist/keys/key_revocation.js +88 -0
package/dist/keys/key_revocation.js.map +1 -0
package/dist/keys/request.d.ts +124 -0
package/dist/keys/request.d.ts.map +1 -0
package/dist/keys/request.js +130 -0
package/dist/keys/request.js.map +1 -0
package/dist/keys/sign.d.ts +49 -0
package/dist/keys/sign.d.ts.map +1 -0
package/dist/keys/sign.js +80 -0
package/dist/keys/sign.js.map +1 -0
package/dist/keys/signed.d.ts +80 -0
package/dist/keys/signed.d.ts.map +1 -0
package/dist/keys/signed.js +138 -0
package/dist/keys/signed.js.map +1 -0
package/dist/keys/store.d.ts +138 -0
package/dist/keys/store.d.ts.map +1 -0
package/dist/keys/store.js +107 -0
package/dist/keys/store.js.map +1 -0
package/dist/largeattachment/crypto.d.ts +47 -0
package/dist/largeattachment/crypto.d.ts.map +1 -0
package/dist/largeattachment/crypto.js +235 -0
package/dist/largeattachment/crypto.js.map +1 -0
package/dist/largeattachment/enclosure.d.ts +48 -0
package/dist/largeattachment/enclosure.d.ts.map +1 -0
package/dist/largeattachment/enclosure.js +102 -0
package/dist/largeattachment/enclosure.js.map +1 -0
package/dist/largeattachment/index.d.ts +15 -0
package/dist/largeattachment/index.d.ts.map +1 -0
package/dist/largeattachment/index.js +15 -0
package/dist/largeattachment/index.js.map +1 -0
package/dist/largeattachment/store.d.ts +36 -0
package/dist/largeattachment/store.d.ts.map +1 -0
package/dist/largeattachment/store.js +37 -0
package/dist/largeattachment/store.js.map +1 -0
package/dist/largeattachment/types.d.ts +56 -0
package/dist/largeattachment/types.d.ts.map +1 -0
package/dist/largeattachment/types.js +31 -0
package/dist/largeattachment/types.js.map +1 -0
package/dist/largeattachment/upload.d.ts +62 -0
package/dist/largeattachment/upload.d.ts.map +1 -0
package/dist/largeattachment/upload.js +166 -0
package/dist/largeattachment/upload.js.map +1 -0
package/dist/migration/index.d.ts +17 -0
package/dist/migration/index.d.ts.map +1 -0
package/dist/migration/index.js +17 -0
package/dist/migration/index.js.map +1 -0
package/dist/migration/lockout.d.ts +48 -0
package/dist/migration/lockout.d.ts.map +1 -0
package/dist/migration/lockout.js +57 -0
package/dist/migration/lockout.js.map +1 -0
package/dist/migration/migration.d.ts +48 -0
package/dist/migration/migration.d.ts.map +1 -0
package/dist/migration/migration.js +58 -0
package/dist/migration/migration.js.map +1 -0
package/dist/migration/notice.d.ts +33 -0
package/dist/migration/notice.d.ts.map +1 -0
package/dist/migration/notice.js +85 -0
package/dist/migration/notice.js.map +1 -0
package/dist/migration/orchestrate.d.ts +109 -0
package/dist/migration/orchestrate.d.ts.map +1 -0
package/dist/migration/orchestrate.js +212 -0
package/dist/migration/orchestrate.js.map +1 -0
package/dist/migration/publication_store.d.ts +34 -0
package/dist/migration/publication_store.d.ts.map +1 -0
package/dist/migration/publication_store.js +44 -0
package/dist/migration/publication_store.js.map +1 -0
package/dist/migration/sign.d.ts +65 -0
package/dist/migration/sign.d.ts.map +1 -0
package/dist/migration/sign.js +331 -0
package/dist/migration/sign.js.map +1 -0
package/dist/migration/types.d.ts +92 -0
package/dist/migration/types.d.ts.map +1 -0
package/dist/migration/types.js +26 -0
package/dist/migration/types.js.map +1 -0
package/dist/reasoncodes.d.ts +42 -0
package/dist/reasoncodes.d.ts.map +1 -0
package/dist/reasoncodes.js +80 -0
package/dist/reasoncodes.js.map +1 -0
package/dist/recovery/bundle.d.ts +34 -0
package/dist/recovery/bundle.d.ts.map +1 -0
package/dist/recovery/bundle.js +144 -0
package/dist/recovery/bundle.js.map +1 -0
package/dist/recovery/bundle_crypto.d.ts +60 -0
package/dist/recovery/bundle_crypto.d.ts.map +1 -0
package/dist/recovery/bundle_crypto.js +179 -0
package/dist/recovery/bundle_crypto.js.map +1 -0
package/dist/recovery/bundle_store.d.ts +57 -0
package/dist/recovery/bundle_store.d.ts.map +1 -0
package/dist/recovery/bundle_store.js +104 -0
package/dist/recovery/bundle_store.js.map +1 -0
package/dist/recovery/index.d.ts +19 -0
package/dist/recovery/index.d.ts.map +1 -0
package/dist/recovery/index.js +19 -0
package/dist/recovery/index.js.map +1 -0
package/dist/recovery/manifest_crosscheck.d.ts +59 -0
package/dist/recovery/manifest_crosscheck.d.ts.map +1 -0
package/dist/recovery/manifest_crosscheck.js +59 -0
package/dist/recovery/manifest_crosscheck.js.map +1 -0
package/dist/recovery/shamir.d.ts +51 -0
package/dist/recovery/shamir.d.ts.map +1 -0
package/dist/recovery/shamir.js +181 -0
package/dist/recovery/shamir.js.map +1 -0
package/dist/recovery/sign.d.ts +61 -0
package/dist/recovery/sign.d.ts.map +1 -0
package/dist/recovery/sign.js +359 -0
package/dist/recovery/sign.js.map +1 -0
package/dist/recovery/types.d.ts +180 -0
package/dist/recovery/types.d.ts.map +1 -0
package/dist/recovery/types.js +31 -0
package/dist/recovery/types.js.map +1 -0
package/dist/reputation/abuse_report.d.ts +62 -0
package/dist/reputation/abuse_report.d.ts.map +1 -0
package/dist/reputation/abuse_report.js +111 -0
package/dist/reputation/abuse_report.js.map +1 -0
package/dist/reputation/bucketize.d.ts +31 -0
package/dist/reputation/bucketize.d.ts.map +1 -0
package/dist/reputation/bucketize.js +77 -0
package/dist/reputation/bucketize.js.map +1 -0
package/dist/reputation/gossip.d.ts +24 -0
package/dist/reputation/gossip.d.ts.map +1 -0
package/dist/reputation/gossip.js +64 -0
package/dist/reputation/gossip.js.map +1 -0
package/dist/reputation/gossip_fetch.d.ts +64 -0
package/dist/reputation/gossip_fetch.d.ts.map +1 -0
package/dist/reputation/gossip_fetch.js +114 -0
package/dist/reputation/gossip_fetch.js.map +1 -0
package/dist/reputation/index.d.ts +20 -0
package/dist/reputation/index.d.ts.map +1 -0
package/dist/reputation/index.js +20 -0
package/dist/reputation/index.js.map +1 -0
package/dist/reputation/observation_store.d.ts +67 -0
package/dist/reputation/observation_store.d.ts.map +1 -0
package/dist/reputation/observation_store.js +171 -0
package/dist/reputation/observation_store.js.map +1 -0
package/dist/reputation/pow.d.ts +91 -0
package/dist/reputation/pow.d.ts.map +1 -0
package/dist/reputation/pow.js +209 -0
package/dist/reputation/pow.js.map +1 -0
package/dist/reputation/sign.d.ts +40 -0
package/dist/reputation/sign.d.ts.map +1 -0
package/dist/reputation/sign.js +202 -0
package/dist/reputation/sign.js.map +1 -0
package/dist/reputation/types.d.ts +133 -0
package/dist/reputation/types.d.ts.map +1 -0
package/dist/reputation/types.js +33 -0
package/dist/reputation/types.js.map +1 -0
package/dist/reputation/whois.d.ts +25 -0
package/dist/reputation/whois.d.ts.map +1 -0
package/dist/reputation/whois.js +20 -0
package/dist/reputation/whois.js.map +1 -0
package/dist/seal/index.d.ts +8 -0
package/dist/seal/index.d.ts.map +1 -0
package/dist/seal/index.js +8 -0
package/dist/seal/index.js.map +1 -0
package/dist/seal/wrap.d.ts +74 -0
package/dist/seal/wrap.d.ts.map +1 -0
package/dist/seal/wrap.js +213 -0
package/dist/seal/wrap.js.map +1 -0
package/dist/session/dispatcher.d.ts +65 -0
package/dist/session/dispatcher.d.ts.map +1 -0
package/dist/session/dispatcher.js +96 -0
package/dist/session/dispatcher.js.map +1 -0
package/dist/session/index.d.ts +15 -0
package/dist/session/index.d.ts.map +1 -0
package/dist/session/index.js +15 -0
package/dist/session/index.js.map +1 -0
package/dist/session/rekey.d.ts +108 -0
package/dist/session/rekey.d.ts.map +1 -0
package/dist/session/rekey.js +207 -0
package/dist/session/rekey.js.map +1 -0
package/dist/session/rekey_seal.d.ts +66 -0
package/dist/session/rekey_seal.d.ts.map +1 -0
package/dist/session/rekey_seal.js +153 -0
package/dist/session/rekey_seal.js.map +1 -0
package/dist/session/resume.d.ts +125 -0
package/dist/session/resume.d.ts.map +1 -0
package/dist/session/resume.js +263 -0
package/dist/session/resume.js.map +1 -0
package/dist/session/session.d.ts +136 -0
package/dist/session/session.d.ts.map +1 -0
package/dist/session/session.js +188 -0
package/dist/session/session.js.map +1 -0
package/dist/transparency/index.d.ts +13 -0
package/dist/transparency/index.d.ts.map +1 -0
package/dist/transparency/index.js +13 -0
package/dist/transparency/index.js.map +1 -0
package/dist/transparency/log.d.ts +61 -0
package/dist/transparency/log.d.ts.map +1 -0
package/dist/transparency/log.js +133 -0
package/dist/transparency/log.js.map +1 -0
package/dist/transparency/merkle.d.ts +59 -0
package/dist/transparency/merkle.d.ts.map +1 -0
package/dist/transparency/merkle.js +314 -0
package/dist/transparency/merkle.js.map +1 -0
package/dist/transparency/sign.d.ts +48 -0
package/dist/transparency/sign.d.ts.map +1 -0
package/dist/transparency/sign.js +140 -0
package/dist/transparency/sign.js.map +1 -0
package/dist/transparency/types.d.ts +97 -0
package/dist/transparency/types.d.ts.map +1 -0
package/dist/transparency/types.js +25 -0
package/dist/transparency/types.js.map +1 -0
package/dist/transport/h2.d.ts +163 -0
package/dist/transport/h2.d.ts.map +1 -0
package/dist/transport/h2.js +397 -0
package/dist/transport/h2.js.map +1 -0
package/dist/transport/index.d.ts +15 -0
package/dist/transport/index.d.ts.map +1 -0
package/dist/transport/index.js +15 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/memory.d.ts +21 -0
package/dist/transport/memory.d.ts.map +1 -0
package/dist/transport/memory.js +112 -0
package/dist/transport/memory.js.map +1 -0
package/dist/transport/transport.d.ts +54 -0
package/dist/transport/transport.d.ts.map +1 -0
package/dist/transport/transport.js +20 -0
package/dist/transport/transport.js.map +1 -0
package/dist/transport/ws.d.ts +40 -0
package/dist/transport/ws.d.ts.map +1 -0
package/dist/transport/ws.js +204 -0
package/dist/transport/ws.js.map +1 -0
package/package.json +147 -0

package/dist/session/resume.js ADDED Viewed

@@ -0,0 +1,263 @@
+/**
+ * Session resumption driver per HANDSHAKE.md §2.8 / SESSION.md §2.7.
+ *
+ * Resume condenses the full handshake into ONE round trip:
+ *
+ *   client -> server  step=resume     (client_eph + client_nonce +
+ *                                      resumption_ticket from prior session)
+ *   server -> client  step=accepted   (server_eph + server_nonce +
+ *                                      new session_id + new ticket +
+ *                                      server_signature)
+ *
+ * Both peers derive new session keys by mixing the FRESH X25519
+ * shared secret with the K_resumption secret retained from the
+ * previous session. The retained secret proves continuity of
+ * identity, so no separate identity proof is required.
+ *
+ * Production callers use this when they want a low-latency
+ * reconnect after a brief disconnection. If the server has lost
+ * the session state (or the ticket has expired), the server
+ * MUST respond with step=rejected and the client falls back to
+ * a full {@link "../handshake/driver".runClient} handshake.
+ *
+ * @module
+ */
+import { marshal as canonicalMarshal } from "../canonical/index.js";
+import { deriveResumedSessionKeys, newHKDFSHA512, x25519Agree, x25519PublicKey, } from "../crypto/index.js";
+import { fingerprint, publicKeyFromSeed, signSignedDoc, verify as ed25519Verify } from "../keys/index.js";
+import { HandshakePrefix, } from "../handshake/messages.js";
+import { HandshakeRejectedError } from "../handshake/driver.js";
+import { Session } from "./session.js";
+/**
+ * Drive the client side of a resume. Resolves with a fresh
+ * {@link Session} on success; throws {@link HandshakeRejectedError}
+ * if the server rejects.
+ */
+export async function resumeClient(transport, config) {
+    try {
+        return await resumeClientInner(transport, config);
+    }
+    catch (err) {
+        try {
+            await transport.close();
+        }
+        catch {
+            // already closed
+        }
+        throw err;
+    }
+}
+async function resumeClientInner(transport, config) {
+    const ephPriv = config.clientEphemeralPriv ?? randomBytes(32);
+    const ephPub = x25519PublicKey(ephPriv);
+    const clientNonce = config.clientNonce ?? randomBytes(32);
+    // Build + send resume request.
+    const req = {
+        type: "SEMP_HANDSHAKE",
+        step: "resume",
+        party: "client",
+        version: "1.0.0",
+        nonce: base64Encode(clientNonce),
+        resumption_ticket: config.resumptionTicket,
+        client_ephemeral_key: {
+            algorithm: "x25519-chacha20-poly1305",
+            key: base64Encode(ephPub),
+            key_id: fingerprint(ephPub),
+        },
+        transport: config.transport,
+        extensions: config.extensions ?? {},
+    };
+    await transport.send(canonicalMarshal(req));
+    // Receive accepted (or rejected).
+    const respBytes = await transport.receive();
+    if (respBytes === null) {
+        throw new Error("resume: connection closed waiting for response");
+    }
+    const respMsg = JSON.parse(new TextDecoder().decode(respBytes));
+    if (respMsg.step === "rejected") {
+        const r = respMsg;
+        throw new HandshakeRejectedError(r.session_id ?? "", r.reason_code ?? "auth_failed", r.reason);
+    }
+    if (respMsg.step !== "accepted") {
+        throw new Error(`resume: expected step=accepted, got ${respMsg.step ?? "?"}`);
+    }
+    const accepted = respMsg;
+    // Verify server_signature.
+    verifyAcceptedSignature(accepted, config.serverDomainPub);
+    // Derive new session keys.
+    const serverEphPub = base64Decode(accepted.server_ephemeral_key.key);
+    const serverNonce = base64Decode(accepted.server_nonce);
+    const ephSharedSecret = x25519Agree(ephPriv, serverEphPub);
+    const kdf = newHKDFSHA512();
+    const keys = deriveResumedSessionKeys(kdf, ephSharedSecret, config.kResumption, clientNonce, serverNonce);
+    return new Session({
+        role: "client",
+        sessionId: accepted.session_id,
+        sessionTTL: accepted.session_ttl,
+        establishedAt: new Date(),
+        permissions: [], // resume preserves the prior permission set; the
+        // higher-level client carries it over from the previous session
+        keys,
+        transport,
+        resumptionTicket: accepted.resumption_ticket,
+        extensions: accepted.extensions,
+    });
+}
+function verifyAcceptedSignature(accepted, serverDomainPub) {
+    const sig = base64Decode(accepted.server_signature);
+    const blanked = { ...accepted, server_signature: "" };
+    const canonical = canonicalMarshal(blanked);
+    const signingInput = concat(new TextEncoder().encode(HandshakePrefix), canonical);
+    if (!ed25519Verify(serverDomainPub, sig, signingInput)) {
+        throw new Error("resume: server_signature did not verify under server domain pub");
+    }
+}
+/**
+ * Drive the server side of a resume. Reads the resume request,
+ * looks up the ticket, generates a fresh ephemeral + nonce + new
+ * session_id, builds and signs the accepted response, and returns
+ * a Session.
+ */
+export async function resumeServer(transport, config) {
+    try {
+        return await resumeServerInner(transport, config);
+    }
+    catch (err) {
+        try {
+            await transport.close();
+        }
+        catch {
+            // already closed
+        }
+        throw err;
+    }
+}
+async function resumeServerInner(transport, config) {
+    // Receive resume request.
+    const reqBytes = await transport.receive();
+    if (reqBytes === null) {
+        throw new Error("resume: connection closed waiting for request");
+    }
+    const req = JSON.parse(new TextDecoder().decode(reqBytes));
+    if (req.type !== "SEMP_HANDSHAKE" || req.step !== "resume") {
+        throw new Error(`resume: expected step=resume, got ${req.step}`);
+    }
+    // Validate ticket.
+    const lookup = await config.lookupTicket(req.resumption_ticket);
+    if (!lookup.ok) {
+        await sendRejected(transport, req, lookup.reasonCode, lookup.reason, config.serverDomainSigningSeed);
+        throw new Error(`resume: ticket invalid: ${lookup.reasonCode}`);
+    }
+    // Fresh ephemeral + nonce + new session_id + new ticket.
+    const ephPriv = config.serverEphemeralPriv ?? randomBytes(32);
+    const ephPub = x25519PublicKey(ephPriv);
+    const serverNonce = config.serverNonce ?? randomBytes(32);
+    const newSessionId = config.generateSessionId();
+    const newTicket = config.generateNewTicket();
+    // Derive new session keys using the retained K_resumption.
+    const clientEphPub = base64Decode(req.client_ephemeral_key.key);
+    const clientNonce = base64Decode(req.nonce);
+    const ephSharedSecret = x25519Agree(ephPriv, clientEphPub);
+    const kdf = newHKDFSHA512();
+    const keys = deriveResumedSessionKeys(kdf, ephSharedSecret, lookup.kResumption, clientNonce, serverNonce);
+    // Build + sign accepted.
+    const accepted = {
+        type: "SEMP_HANDSHAKE",
+        step: "accepted",
+        party: "server",
+        version: "1.0.0",
+        session_id: newSessionId,
+        session_ttl: config.sessionTTL,
+        server_nonce: base64Encode(serverNonce),
+        server_ephemeral_key: {
+            algorithm: "x25519-chacha20-poly1305",
+            key: base64Encode(ephPub),
+            key_id: fingerprint(ephPub),
+        },
+        resumption_ticket: newTicket,
+        server_signature: "",
+        extensions: config.acceptedExtensions ?? {},
+    };
+    const { signedJSON } = signSignedDoc({
+        preSignJSON: accepted,
+        seed: config.serverDomainSigningSeed,
+        signaturePath: "server_signature",
+        prefix: HandshakePrefix,
+    });
+    await transport.send(canonicalMarshal(signedJSON));
+    return new Session({
+        role: "server",
+        sessionId: newSessionId,
+        sessionTTL: config.sessionTTL,
+        establishedAt: new Date(),
+        permissions: [...lookup.permissions],
+        keys,
+        transport,
+        resumptionTicket: newTicket,
+        serverIdentityProofKeyId: fingerprint(publicKeyFromSeed(config.serverDomainSigningSeed)),
+        extensions: config.acceptedExtensions ?? {},
+    });
+}
+async function sendRejected(transport, req, reasonCode, reason, serverDomainSigningSeed) {
+    const rejected = {
+        type: "SEMP_HANDSHAKE",
+        step: "rejected",
+        party: "server",
+        version: "1.0.0",
+        session_id: "",
+        reason_code: reasonCode,
+        server_signature: "",
+        extensions: {},
+    };
+    if (reason !== undefined) {
+        rejected.reason = reason;
+    }
+    void req; // request kept for trace context if logging is added later
+    const { signedJSON } = signSignedDoc({
+        preSignJSON: rejected,
+        seed: serverDomainSigningSeed,
+        signaturePath: "server_signature",
+        prefix: HandshakePrefix,
+    });
+    try {
+        await transport.send(canonicalMarshal(signedJSON));
+    }
+    catch {
+        // peer may have already disconnected
+    }
+}
+// ---------------------------------------------------------------------------
+// Helpers
+function concat(a, b) {
+    const out = new Uint8Array(a.length + b.length);
+    out.set(a, 0);
+    out.set(b, a.length);
+    return out;
+}
+function randomBytes(n) {
+    const out = new Uint8Array(n);
+    globalThis.crypto.getRandomValues(out);
+    return out;
+}
+function base64Encode(b) {
+    if (typeof Buffer !== "undefined") {
+        return Buffer.from(b).toString("base64");
+    }
+    let bin = "";
+    for (let i = 0; i < b.length; i++) {
+        bin += String.fromCharCode(b[i] ?? 0);
+    }
+    return btoa(bin);
+}
+function base64Decode(s) {
+    if (typeof Buffer !== "undefined") {
+        return new Uint8Array(Buffer.from(s, "base64"));
+    }
+    const bin = atob(s);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++) {
+        out[i] = bin.charCodeAt(i);
+    }
+    return out;
+}
+//# sourceMappingURL=resume.js.map

package/dist/session/resume.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"resume.js","sourceRoot":"","sources":["../../src/session/resume.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,EACL,wBAAwB,EACxB,aAAa,EACb,WAAW,EACX,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,IAAI,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAC1G,OAAO,EACL,eAAe,GAEhB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAGhE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAkDvC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,SAAoB,EACpB,MAA0B;IAE1B,IAAI,CAAC;QACH,OAAO,MAAM,iBAAiB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,SAAoB,EACpB,MAA0B;IAE1B,MAAM,OAAO,GAAG,MAAM,CAAC,mBAAmB,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAE1D,+BAA+B;IAC/B,MAAM,GAAG,GAAkB;QACzB,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,QAAQ;QACd,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,OAAO;QAChB,KAAK,EAAE,YAAY,CAAC,WAAW,CAAC;QAChC,iBAAiB,EAAE,MAAM,CAAC,gBAAgB;QAC1C,oBAAoB,EAAE;YACpB,SAAS,EAAE,0BAA0B;YACrC,GAAG,EAAE,YAAY,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC;SAC5B;QACD,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,EAAE;KACpC,CAAC;IACF,MAAM,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;IAE5C,kCAAkC;IAClC,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;IAC5C,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAsB,CAAC;IACrF,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAChC,MAAM,CAAC,GAAG,OAAyE,CAAC;QACpF,MAAM,IAAI,sBAAsB,CAC9B,CAAC,CAAC,UAAU,IAAI,EAAE,EAClB,CAAC,CAAC,WAAW,IAAI,aAAa,EAC9B,CAAC,CAAC,MAAM,CACT,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,uCAAuC,OAAO,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,MAAM,QAAQ,GAAG,OAAyB,CAAC;IAE3C,2BAA2B;IAC3B,uBAAuB,CAAC,QAAQ,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IAE1D,2BAA2B;IAC3B,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,WAAW,GAAG,YAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IACxD,MAAM,eAAe,GAAG,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,wBAAwB,CACnC,GAAG,EACH,eAAe,EACf,MAAM,CAAC,WAAW,EAClB,WAAW,EACX,WAAW,CACZ,CAAC;IAEF,OAAO,IAAI,OAAO,CAAC;QACjB,IAAI,EAAE,QAAQ;QACd,SAAS,EAAE,QAAQ,CAAC,UAAU;QAC9B,UAAU,EAAE,QAAQ,CAAC,WAAW;QAChC,aAAa,EAAE,IAAI,IAAI,EAAE;QACzB,WAAW,EAAE,EAAE,EAAG,iDAAiD;QACnE,gEAAgE;QAChE,IAAI;QACJ,SAAS;QACT,gBAAgB,EAAE,QAAQ,CAAC,iBAAiB;QAC5C,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,uBAAuB,CAC9B,QAAwB,EACxB,eAA2B;IAE3B,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,EAAE,GAAG,QAAQ,EAAE,gBAAgB,EAAE,EAAE,EAAE,CAAC;IACtD,MAAM,SAAS,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,SAAS,CAAC,CAAC;IAClF,IAAI,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,YAAY,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;AACH,CAAC;AAuCD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,SAAoB,EACpB,MAA0B;IAE1B,IAAI,CAAC;QACH,OAAO,MAAM,iBAAiB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,SAAoB,EACpB,MAA0B;IAE1B,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;IAC3C,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAkB,CAAC;IAC5E,IAAI,GAAG,CAAC,IAAI,KAAK,gBAAgB,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,mBAAmB;IACnB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAChE,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,YAAY,CAAC,SAAS,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,uBAAuB,CAAC,CAAC;QACrG,MAAM,IAAI,KAAK,CAAC,2BAA2B,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,yDAAyD;IACzD,MAAM,OAAO,GAAG,MAAM,CAAC,mBAAmB,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAC1D,MAAM,YAAY,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAChD,MAAM,SAAS,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAE7C,2DAA2D;IAC3D,MAAM,YAAY,GAAG,YAAY,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;IAChE,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC5C,MAAM,eAAe,GAAG,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,wBAAwB,CACnC,GAAG,EACH,eAAe,EACf,MAAM,CAAC,WAAW,EAClB,WAAW,EACX,WAAW,CACZ,CAAC;IAEF,yBAAyB;IACzB,MAAM,QAAQ,GAAmB;QAC/B,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,YAAY;QACxB,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,YAAY,EAAE,YAAY,CAAC,WAAW,CAAC;QACvC,oBAAoB,EAAE;YACpB,SAAS,EAAE,0BAA0B;YACrC,GAAG,EAAE,YAAY,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC;SAC5B;QACD,iBAAiB,EAAE,SAAS;QAC5B,gBAAgB,EAAE,EAAE;QACpB,UAAU,EAAE,MAAM,CAAC,kBAAkB,IAAI,EAAE;KAC5C,CAAC;IACF,MAAM,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;QACnC,WAAW,EAAE,QAA8C;QAC3D,IAAI,EAAE,MAAM,CAAC,uBAAuB;QACpC,aAAa,EAAE,kBAAkB;QACjC,MAAM,EAAE,eAAe;KACxB,CAAC,CAAC;IACH,MAAM,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC;IAEnD,OAAO,IAAI,OAAO,CAAC;QACjB,IAAI,EAAE,QAAQ;QACd,SAAS,EAAE,YAAY;QACvB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,aAAa,EAAE,IAAI,IAAI,EAAE;QACzB,WAAW,EAAE,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC;QACpC,IAAI;QACJ,SAAS;QACT,gBAAgB,EAAE,SAAS;QAC3B,wBAAwB,EAAE,WAAW,CAAC,iBAAiB,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC;QACxF,UAAU,EAAE,MAAM,CAAC,kBAAkB,IAAI,EAAE;KAC5C,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,SAAoB,EACpB,GAAkB,EAClB,UAAkB,EAClB,MAA0B,EAC1B,uBAAmC;IAEnC,MAAM,QAAQ,GAA4B;QACxC,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,EAAE;QACd,WAAW,EAAE,UAAU;QACvB,gBAAgB,EAAE,EAAE;QACpB,UAAU,EAAE,EAAE;KACf,CAAC;IACF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC;IAC3B,CAAC;IACD,KAAK,GAAG,CAAC,CAAC,2DAA2D;IACrE,MAAM,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;QACnC,WAAW,EAAE,QAAQ;QACrB,IAAI,EAAE,uBAAuB;QAC7B,aAAa,EAAE,kBAAkB;QACjC,MAAM,EAAE,eAAe;KACxB,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;IACvC,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,UAAU;AAEV,SAAS,MAAM,CAAC,CAAa,EAAE,CAAa;IAC1C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACvC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,CAAa;IACjC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/session/session.d.ts ADDED Viewed

@@ -0,0 +1,136 @@
+/**
+ * Session lifecycle per `SESSION.md` §2.
+ *
+ * A Session holds the post-handshake state both peers retain:
+ *
+ *   - The five SEMP session keys (encC2S, encS2C, macC2S, macS2C,
+ *     envMAC) plus K_resumption.
+ *   - session_id and the negotiated TTL.
+ *   - permissions and resumption_ticket if the server supplied one.
+ *   - The underlying transport, surfaced for the next-layer envelope
+ *     sender/receiver.
+ *
+ * State transitions:
+ *
+ *   active   ── close() ──>  closed
+ *   active   ── ttl elapsed, isExpired() returns true ──>  active
+ *                (state stays "active"; callers MUST check
+ *                 isExpired() before trusting envelope verification)
+ *   active   ── erase() ──>  closed (keys zeroized)
+ *
+ * The v1 module is intentionally minimal: it does not implement
+ * rekey, resume, or per-direction sequence number tracking. Those
+ * land in the next slice.
+ *
+ * @module
+ */
+import { type SessionKeys } from "../crypto/index.js";
+import type { Transport } from "../transport/index.js";
+/** Session role: "client" if the local end ran runClient. */
+export type Role = "client" | "server";
+/** New keys + new session id installed by a successful rekey. */
+export interface RekeyApply {
+    /** Replacement session_id from RekeyAccepted. */
+    newSessionId: string;
+    /** Newly derived session keys per SESSION.md §3.3. */
+    newKeys: SessionKeys;
+}
+/** Configuration to construct a Session from a completed handshake. */
+export interface SessionConfig {
+    role: Role;
+    sessionId: string;
+    /** TTL in seconds returned by ACCEPTED. */
+    sessionTTL: number;
+    /** Wall-clock instant when the session was established. */
+    establishedAt: Date;
+    permissions: string[];
+    keys: SessionKeys;
+    transport: Transport;
+    /** Optional resumption ticket from ACCEPTED. */
+    resumptionTicket?: {
+        value: string;
+        expires_at: string;
+    };
+    /** Server identity proof from RESPONSE (forwarded for higher layers). */
+    serverIdentityProofKeyId?: string;
+    serverIdentityProofSignature?: string;
+    /** Extensions echoed back from ACCEPTED. */
+    extensions?: Record<string, unknown>;
+}
+/**
+ * Live SEMP session. Outlives the handshake; lives until close()
+ * or until the underlying transport drops. Higher-level senders
+ * borrow `keys.envMAC` for envelope MAC computation and the
+ * transport for raw send/receive of envelope bytes.
+ */
+export declare class Session {
+    readonly role: Role;
+    /**
+     * Current session_id. Mutable: a successful rekey installs a new
+     * id atomically with the new keys (see {@link applyRekey}).
+     */
+    sessionId: string;
+    readonly sessionTTL: number;
+    readonly establishedAt: Date;
+    readonly permissions: ReadonlySet<string>;
+    readonly resumptionTicket: {
+        value: string;
+        expires_at: string;
+    } | undefined;
+    readonly serverIdentityProofKeyId: string | undefined;
+    readonly serverIdentityProofSignature: string | undefined;
+    readonly extensions: Readonly<Record<string, unknown>>;
+    private _keys;
+    private _transport;
+    private _closed;
+    constructor(config: SessionConfig);
+    /** True after close() or erase(). */
+    get closed(): boolean;
+    /** Wall-clock instant the session expires (establishedAt + TTL). */
+    expiresAt(): Date;
+    /** Reports whether the session has passed its TTL relative to `now`. */
+    isExpired(now?: Date): boolean;
+    /**
+     * Live session keys. Throws if the session has been closed or
+     * erased — once erase() runs, the bytes are zeroized and any
+     * caller still holding a Session reference cannot accidentally
+     * encrypt under invalidated material.
+     */
+    get keys(): SessionKeys;
+    /** The underlying transport. Throws if the session is closed. */
+    get transport(): Transport;
+    /**
+     * Send raw bytes (typically a canonical envelope) over the
+     * transport. Caller is responsible for envelope composition,
+     * including the envelope-level MAC computed over the canonical
+     * bytes with `keys.envMAC`.
+     */
+    send(message: Uint8Array): Promise<void>;
+    /**
+     * Receive raw bytes from the transport. Returns null on clean
+     * peer close. Caller verifies the envelope's session_mac with
+     * `keys.envMAC` before trusting the contents.
+     */
+    receive(): Promise<Uint8Array | null>;
+    /**
+     * Close the session and the underlying transport. Idempotent.
+     * Does NOT zeroize keys — callers that want zeroization use
+     * {@link erase}.
+     */
+    close(): Promise<void>;
+    /**
+     * Atomically install new session keys + a new session_id from a
+     * successful rekey. Zeroizes the prior keys before swapping. The
+     * session retains its TTL boundary (TTL counts from the original
+     * establishedAt) — rekey rolls forward the keys, not the lifetime.
+     */
+    applyRekey(apply: RekeyApply): void;
+    /**
+     * Close the session AND zeroize all session keys. After this,
+     * `keys` throws and the underlying byte buffers are filled with
+     * zero. Safe to call multiple times. RECOMMENDED on logout / app
+     * suspend / any time the session is no longer needed.
+     */
+    erase(): Promise<void>;
+}
+//# sourceMappingURL=session.d.ts.map

package/dist/session/session.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/session/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAEvD,6DAA6D;AAC7D,MAAM,MAAM,IAAI,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEvC,iEAAiE;AACjE,MAAM,WAAW,UAAU;IACzB,iDAAiD;IACjD,YAAY,EAAE,MAAM,CAAC;IACrB,sDAAsD;IACtD,OAAO,EAAE,WAAW,CAAC;CACtB;AAED,uEAAuE;AACvE,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,IAAI,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,2DAA2D;IAC3D,aAAa,EAAE,IAAI,CAAC;IACpB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,IAAI,EAAE,WAAW,CAAC;IAClB,SAAS,EAAE,SAAS,CAAC;IACrB,gDAAgD;IAChD,gBAAgB,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IACzD,yEAAyE;IACzE,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,4CAA4C;IAC5C,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED;;;;;GAKG;AACH,qBAAa,OAAO;IAClB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;IACpB;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC;IAC7B,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC1C,QAAQ,CAAC,gBAAgB,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS,CAAC;IAC7E,QAAQ,CAAC,wBAAwB,EAAE,MAAM,GAAG,SAAS,CAAC;IACtD,QAAQ,CAAC,4BAA4B,EAAE,MAAM,GAAG,SAAS,CAAC;IAC1D,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAEvD,OAAO,CAAC,KAAK,CAAqB;IAClC,OAAO,CAAC,UAAU,CAAY;IAC9B,OAAO,CAAC,OAAO,CAAS;gBAEZ,MAAM,EAAE,aAAa;IAcjC,qCAAqC;IACrC,IAAI,MAAM,IAAI,OAAO,CAEpB;IAED,oEAAoE;IACpE,SAAS,IAAI,IAAI;IAIjB,wEAAwE;IACxE,SAAS,CAAC,GAAG,GAAE,IAAiB,GAAG,OAAO;IAI1C;;;;;OAKG;IACH,IAAI,IAAI,IAAI,WAAW,CAKtB;IAED,iEAAiE;IACjE,IAAI,SAAS,IAAI,SAAS,CAKzB;IAED;;;;;OAKG;IACG,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAO9C;;;;OAIG;IACG,OAAO,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAO3C;;;;OAIG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAY5B;;;;;OAKG;IACH,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI;IAqBnC;;;;;OAKG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAe7B"}

package/dist/session/session.js ADDED Viewed

@@ -0,0 +1,188 @@
+/**
+ * Session lifecycle per `SESSION.md` §2.
+ *
+ * A Session holds the post-handshake state both peers retain:
+ *
+ *   - The five SEMP session keys (encC2S, encS2C, macC2S, macS2C,
+ *     envMAC) plus K_resumption.
+ *   - session_id and the negotiated TTL.
+ *   - permissions and resumption_ticket if the server supplied one.
+ *   - The underlying transport, surfaced for the next-layer envelope
+ *     sender/receiver.
+ *
+ * State transitions:
+ *
+ *   active   ── close() ──>  closed
+ *   active   ── ttl elapsed, isExpired() returns true ──>  active
+ *                (state stays "active"; callers MUST check
+ *                 isExpired() before trusting envelope verification)
+ *   active   ── erase() ──>  closed (keys zeroized)
+ *
+ * The v1 module is intentionally minimal: it does not implement
+ * rekey, resume, or per-direction sequence number tracking. Those
+ * land in the next slice.
+ *
+ * @module
+ */
+import {} from "../crypto/index.js";
+/**
+ * Live SEMP session. Outlives the handshake; lives until close()
+ * or until the underlying transport drops. Higher-level senders
+ * borrow `keys.envMAC` for envelope MAC computation and the
+ * transport for raw send/receive of envelope bytes.
+ */
+export class Session {
+    role;
+    /**
+     * Current session_id. Mutable: a successful rekey installs a new
+     * id atomically with the new keys (see {@link applyRekey}).
+     */
+    sessionId;
+    sessionTTL;
+    establishedAt;
+    permissions;
+    resumptionTicket;
+    serverIdentityProofKeyId;
+    serverIdentityProofSignature;
+    extensions;
+    _keys;
+    _transport;
+    _closed = false;
+    constructor(config) {
+        this.role = config.role;
+        this.sessionId = config.sessionId;
+        this.sessionTTL = config.sessionTTL;
+        this.establishedAt = config.establishedAt;
+        this.permissions = new Set(config.permissions);
+        this.resumptionTicket = config.resumptionTicket;
+        this.serverIdentityProofKeyId = config.serverIdentityProofKeyId;
+        this.serverIdentityProofSignature = config.serverIdentityProofSignature;
+        this.extensions = Object.freeze({ ...(config.extensions ?? {}) });
+        this._keys = config.keys;
+        this._transport = config.transport;
+    }
+    /** True after close() or erase(). */
+    get closed() {
+        return this._closed;
+    }
+    /** Wall-clock instant the session expires (establishedAt + TTL). */
+    expiresAt() {
+        return new Date(this.establishedAt.getTime() + this.sessionTTL * 1000);
+    }
+    /** Reports whether the session has passed its TTL relative to `now`. */
+    isExpired(now = new Date()) {
+        return now.getTime() >= this.expiresAt().getTime();
+    }
+    /**
+     * Live session keys. Throws if the session has been closed or
+     * erased — once erase() runs, the bytes are zeroized and any
+     * caller still holding a Session reference cannot accidentally
+     * encrypt under invalidated material.
+     */
+    get keys() {
+        if (this._keys === null) {
+            throw new Error("session: keys have been erased");
+        }
+        return this._keys;
+    }
+    /** The underlying transport. Throws if the session is closed. */
+    get transport() {
+        if (this._closed) {
+            throw new Error("session: closed");
+        }
+        return this._transport;
+    }
+    /**
+     * Send raw bytes (typically a canonical envelope) over the
+     * transport. Caller is responsible for envelope composition,
+     * including the envelope-level MAC computed over the canonical
+     * bytes with `keys.envMAC`.
+     */
+    async send(message) {
+        if (this._closed) {
+            throw new Error("session: closed");
+        }
+        await this._transport.send(message);
+    }
+    /**
+     * Receive raw bytes from the transport. Returns null on clean
+     * peer close. Caller verifies the envelope's session_mac with
+     * `keys.envMAC` before trusting the contents.
+     */
+    async receive() {
+        if (this._closed) {
+            throw new Error("session: closed");
+        }
+        return this._transport.receive();
+    }
+    /**
+     * Close the session and the underlying transport. Idempotent.
+     * Does NOT zeroize keys — callers that want zeroization use
+     * {@link erase}.
+     */
+    async close() {
+        if (this._closed) {
+            return;
+        }
+        this._closed = true;
+        try {
+            await this._transport.close();
+        }
+        catch {
+            // already closing
+        }
+    }
+    /**
+     * Atomically install new session keys + a new session_id from a
+     * successful rekey. Zeroizes the prior keys before swapping. The
+     * session retains its TTL boundary (TTL counts from the original
+     * establishedAt) — rekey rolls forward the keys, not the lifetime.
+     */
+    applyRekey(apply) {
+        if (this._keys === null) {
+            throw new Error("session: applyRekey after erase");
+        }
+        if (this._closed) {
+            throw new Error("session: applyRekey on closed session");
+        }
+        // Zeroize previous keys before dropping the reference.
+        const prev = this._keys;
+        zero(prev.encC2S);
+        zero(prev.encS2C);
+        zero(prev.macC2S);
+        zero(prev.macS2C);
+        zero(prev.envMAC);
+        if (prev.resumption !== undefined) {
+            zero(prev.resumption);
+        }
+        this._keys = apply.newKeys;
+        this.sessionId = apply.newSessionId;
+    }
+    /**
+     * Close the session AND zeroize all session keys. After this,
+     * `keys` throws and the underlying byte buffers are filled with
+     * zero. Safe to call multiple times. RECOMMENDED on logout / app
+     * suspend / any time the session is no longer needed.
+     */
+    async erase() {
+        await this.close();
+        if (this._keys !== null) {
+            const k = this._keys;
+            zero(k.encC2S);
+            zero(k.encS2C);
+            zero(k.macC2S);
+            zero(k.macS2C);
+            zero(k.envMAC);
+            if (k.resumption !== undefined) {
+                zero(k.resumption);
+            }
+            this._keys = null;
+        }
+    }
+}
+function zero(b) {
+    for (let i = 0; i < b.length; i++) {
+        b[i] = 0;
+    }
+}
+//# sourceMappingURL=session.js.map

package/dist/session/session.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAoB,MAAM,oBAAoB,CAAC;AAkCtD;;;;;GAKG;AACH,MAAM,OAAO,OAAO;IACT,IAAI,CAAO;IACpB;;;OAGG;IACH,SAAS,CAAS;IACT,UAAU,CAAS;IACnB,aAAa,CAAO;IACpB,WAAW,CAAsB;IACjC,gBAAgB,CAAoD;IACpE,wBAAwB,CAAqB;IAC7C,4BAA4B,CAAqB;IACjD,UAAU,CAAoC;IAE/C,KAAK,CAAqB;IAC1B,UAAU,CAAY;IACtB,OAAO,GAAG,KAAK,CAAC;IAExB,YAAY,MAAqB;QAC/B,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACxB,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;QAClC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;QACpC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC1C,IAAI,CAAC,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC/C,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAChD,IAAI,CAAC,wBAAwB,GAAG,MAAM,CAAC,wBAAwB,CAAC;QAChE,IAAI,CAAC,4BAA4B,GAAG,MAAM,CAAC,4BAA4B,CAAC;QACxE,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QAClE,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC;IACrC,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,oEAAoE;IACpE,SAAS;QACP,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACzE,CAAC;IAED,wEAAwE;IACxE,SAAS,CAAC,MAAY,IAAI,IAAI,EAAE;QAC9B,OAAO,GAAG,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,CAAC;IACrD,CAAC;IAED;;;;;OAKG;IACH,IAAI,IAAI;QACN,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,iEAAiE;IACjE,IAAI,SAAS;QACX,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,IAAI,CAAC,OAAmB;QAC5B,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QACD,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;IACnC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,kBAAkB;QACpB,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,UAAU,CAAC,KAAiB;QAC1B,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,uDAAuD;QACvD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClB,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YAClC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACxB,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC;QAC3B,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,YAAY,CAAC;IACtC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YACxB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;YACrB,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YACf,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YACf,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YACf,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YACf,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YACf,IAAI,CAAC,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;gBAC/B,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;YACrB,CAAC;YACD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;CACF;AAED,SAAS,IAAI,CAAC,CAAa;IACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACX,CAAC;AACH,CAAC"}

package/dist/transparency/index.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Key transparency layer per TRANSPARENCY.md.
+ *
+ * RFC 6962 Merkle math + STH sign/verify/freshness +
+ * append-only Log with inclusion/consistency proof generation.
+ *
+ * @module
+ */
+export { type ConsistencyProof, type InclusionProof, type LogEntry, type LogEntryEvent, type LogKeyType, type SignedTreeHead, type TransparencySignature, InteriorPrefix, LeafPrefix, LogEntryVersion, MaxSTHFreshnessMs, SignedTreeHeadVersion, } from "./types.js";
+export { auditPath, encodeHash, hashInterior, hashLeaf, hashLeafFromEntry, largestPowerOfTwoLessThan, subproof, subtreeRoot, verifyConsistencyProof, verifyInclusionProof, } from "./merkle.js";
+export { type SignSTHInput, type SignSTHResult, SignatureAlgorithmEd25519, TransparencySTHPrefix, checkSTHFresh, signSTH, validateLogEntry, validateSTH, verifySTH, } from "./sign.js";
+export { type LogConfig, Log } from "./log.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/transparency/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/transparency/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,QAAQ,EACb,KAAK,aAAa,EAClB,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,qBAAqB,EAC1B,cAAc,EACd,UAAU,EACV,eAAe,EACf,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,SAAS,EACT,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,iBAAiB,EACjB,yBAAyB,EACzB,QAAQ,EACR,WAAW,EACX,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,yBAAyB,EACzB,qBAAqB,EACrB,aAAa,EACb,OAAO,EACP,gBAAgB,EAChB,WAAW,EACX,SAAS,GACV,MAAM,WAAW,CAAC;AAEnB,OAAO,EAAE,KAAK,SAAS,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC"}

package/dist/transparency/index.js ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Key transparency layer per TRANSPARENCY.md.
+ *
+ * RFC 6962 Merkle math + STH sign/verify/freshness +
+ * append-only Log with inclusion/consistency proof generation.
+ *
+ * @module
+ */
+export { InteriorPrefix, LeafPrefix, LogEntryVersion, MaxSTHFreshnessMs, SignedTreeHeadVersion, } from "./types.js";
+export { auditPath, encodeHash, hashInterior, hashLeaf, hashLeafFromEntry, largestPowerOfTwoLessThan, subproof, subtreeRoot, verifyConsistencyProof, verifyInclusionProof, } from "./merkle.js";
+export { SignatureAlgorithmEd25519, TransparencySTHPrefix, checkSTHFresh, signSTH, validateLogEntry, validateSTH, verifySTH, } from "./sign.js";
+export { Log } from "./log.js";
+//# sourceMappingURL=index.js.map

package/dist/transparency/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/transparency/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAQL,cAAc,EACd,UAAU,EACV,eAAe,EACf,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,SAAS,EACT,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,iBAAiB,EACjB,yBAAyB,EACzB,QAAQ,EACR,WAAW,EACX,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAErB,OAAO,EAGL,yBAAyB,EACzB,qBAAqB,EACrB,aAAa,EACb,OAAO,EACP,gBAAgB,EAChB,WAAW,EACX,SAAS,GACV,MAAM,WAAW,CAAC;AAEnB,OAAO,EAAkB,GAAG,EAAE,MAAM,UAAU,CAAC"}