@sempdev/semp 0.5.1 → 0.5.5

package/dist/delivery/pipeline.d.ts

@@ -62,7 +62,7 @@ export type LocalAddressFunc = (address: string) => boolean;
 export type InboxStore = Pick<Inbox, "store">;
 /** Hook returning the current session-id retired status. */
 export type SessionRetiredFunc = (sessionId: string) => Promise<boolean>;
-/** Decoded brief shape — minimal fields the pipeline needs. */
+/** Decoded brief shape - minimal fields the pipeline needs. */
 export interface DecodedBrief {
     to: string[];
     cc?: string[];
@@ -108,7 +108,7 @@ export interface PipelineConfig {
     /** Default clock-skew tolerance for step 2; defaults to 15 minutes. */
     clockSkewMs?: number;
 }
-/** Envelope-wide rejection produced by steps 1–7. */
+/** Envelope-wide rejection produced by steps 1-7. */
 export interface PipelineRejection {
     reasonCode: string;
     reason: string;
@@ -125,14 +125,14 @@ export interface PipelineResult {
      */
     results: SubmissionResult[];
     /**
-     * Envelope-wide rejection (steps 1–7). Implies {@link results} is
+     * Envelope-wide rejection (steps 1-7). Implies {@link results} is
      * empty.
      */
     rejection?: PipelineRejection;
 }
 /**
  * Receive-side delivery pipeline. Single-process, callable across
- * many envelopes. Concurrency is the caller's responsibility — each
+ * many envelopes. Concurrency is the caller's responsibility - each
  * `process()` call is independent and stateless beyond the
  * configured hooks.
  */

package/dist/delivery/pipeline.js

@@ -27,7 +27,7 @@ import { unwrap as sealUnwrap } from "../seal/index.js";
 import { matchBlockList } from "./blocklist.js";
 /**
  * Receive-side delivery pipeline. Single-process, callable across
- * many envelopes. Concurrency is the caller's responsibility — each
+ * many envelopes. Concurrency is the caller's responsibility - each
  * `process()` call is independent and stateless beyond the
  * configured hooks.
  */
@@ -92,7 +92,7 @@ export class Pipeline {
             return result;
         }
         // Steps 6 + 7: home-server brief-only open. We don't need
-        // K_enclosure here — only the recipient client does. Walk the
+        // K_enclosure here - only the recipient client does. Walk the
         // configured candidates and try each against
         // env.seal.brief_recipients.
         let brief;

package/dist/delivery/policy_state.d.ts

@@ -8,7 +8,7 @@
  * rejects the whole message; unrelated operations in the same
  * message MUST NOT be applied.
  *
- * Apply does NOT verify the signature on the message — callers MUST
+ * Apply does NOT verify the signature on the message - callers MUST
  * run {@link verifyUserPolicyMessage} before invoking
  * {@link PolicyState.apply}.
  *
@@ -57,7 +57,7 @@ export interface PolicySnapshot {
  * Per-user policy state. Concurrency-safe within a single JS event
  * loop (no async mutation between read-modify-write).
  *
- * Does NOT enforce DELIVERY.md §7.5 encrypted-at-rest storage —
+ * Does NOT enforce DELIVERY.md §7.5 encrypted-at-rest storage -
  * that is the persistence layer's responsibility.
  */
 export declare class PolicyState {

package/dist/delivery/policy_state.js

@@ -8,7 +8,7 @@
  * rejects the whole message; unrelated operations in the same
  * message MUST NOT be applied.
  *
- * Apply does NOT verify the signature on the message — callers MUST
+ * Apply does NOT verify the signature on the message - callers MUST
  * run {@link verifyUserPolicyMessage} before invoking
  * {@link PolicyState.apply}.
  *
@@ -46,7 +46,7 @@ function messageFor(code, d) {
  * Per-user policy state. Concurrency-safe within a single JS event
  * loop (no async mutation between read-modify-write).
  *
- * Does NOT enforce DELIVERY.md §7.5 encrypted-at-rest storage —
+ * Does NOT enforce DELIVERY.md §7.5 encrypted-at-rest storage -
  * that is the persistence layer's responsibility.
  */
 export class PolicyState {
@@ -138,7 +138,7 @@ export class PolicyState {
                 currentVersion: this.policyVersionValue,
             });
         }
-        // Pre-flight every op for unsupported-kind before mutating —
+        // Pre-flight every op for unsupported-kind before mutating -
         // §7.2 atomicity.
         for (let i = 0; i < m.operations.length; i++) {
             const op = m.operations[i];
@@ -257,7 +257,7 @@ function entryIdFor(op) {
  * not specific op-kind violations.
  *
  * The mapping leans on the validator's stable error-string format
- * (`delivery: user policy operations[N] ...`) — same approach as
+ * (`delivery: user policy operations[N] ...`) - same approach as
  * the semp-go reference.
  */
 function classifyOpInvalid(msg, m) {

package/dist/delivery/receipt.d.ts

@@ -11,7 +11,7 @@
  * This module provides:
  *
  *  - {@link computeEnvelopeHash}: SHA-256 over canonical envelope bytes
- *    (the same canonical form `seal.signature` is computed over —
+ *    (the same canonical form `seal.signature` is computed over -
  *    `signature` and `session_mac` blanked, `hop_count` and `padding`
  *    omitted).
  *  - {@link signDeliveryReceipt}: build + sign a receipt from
@@ -95,7 +95,7 @@ export interface SignDeliveryReceiptResult {
 /**
  * SHA-256 of canonical envelope bytes, base64-encoded, per
  * §1.1.1.3. The caller is responsible for producing the canonical
- * bytes — typically via `envelope.canonicalEnvelopeFor(env)` which
+ * bytes - typically via `envelope.canonicalEnvelopeFor(env)` which
  * applies §4.3 elision (signature, session_mac, hop_count, padding).
  */
 export declare function computeEnvelopeHash(canonicalEnvelopeBytes: Uint8Array): string;
@@ -117,7 +117,7 @@ export interface VerifyDeliveryReceiptInput {
  * structural validation failure (use {@link validateReceipt} ahead
  * of time to surface those as boolean false instead).
  *
- * Does NOT cross-check `accepted_at` against the verifier's clock —
+ * Does NOT cross-check `accepted_at` against the verifier's clock -
  * that is a §1.1.1.5 caller-side decision and MUST be applied with
  * the {@link ReceiptClockSkewToleranceSeconds} tolerance.
  */

package/dist/delivery/receipt.js

@@ -11,7 +11,7 @@
  * This module provides:
  *
  *  - {@link computeEnvelopeHash}: SHA-256 over canonical envelope bytes
- *    (the same canonical form `seal.signature` is computed over —
+ *    (the same canonical form `seal.signature` is computed over -
  *    `signature` and `session_mac` blanked, `hop_count` and `padding`
  *    omitted).
  *  - {@link signDeliveryReceipt}: build + sign a receipt from
@@ -49,7 +49,7 @@ export const ReceiptClockSkewToleranceSeconds = 120;
 /**
  * SHA-256 of canonical envelope bytes, base64-encoded, per
  * §1.1.1.3. The caller is responsible for producing the canonical
- * bytes — typically via `envelope.canonicalEnvelopeFor(env)` which
+ * bytes - typically via `envelope.canonicalEnvelopeFor(env)` which
  * applies §4.3 elision (signature, session_mac, hop_count, padding).
  */
 export function computeEnvelopeHash(canonicalEnvelopeBytes) {
@@ -105,7 +105,7 @@ export function signDeliveryReceipt(input) {
  * structural validation failure (use {@link validateReceipt} ahead
  * of time to surface those as boolean false instead).
  *
- * Does NOT cross-check `accepted_at` against the verifier's clock —
+ * Does NOT cross-check `accepted_at` against the verifier's clock -
  * that is a §1.1.1.5 caller-side decision and MUST be applied with
  * the {@link ReceiptClockSkewToleranceSeconds} tolerance.
  */

package/dist/delivery/receipt_store.d.ts

@@ -68,7 +68,7 @@ export declare const DefaultReceiptRetentionMs: number;
  * Reference {@link ReceiptStore} backed by a Map. Acknowledge drops
  * the receipt immediately so no plaintext archive accumulates.
  *
- * Single-process only — production deployments replace this with a
+ * Single-process only - production deployments replace this with a
  * durable backend.
  */
 export declare class InMemoryReceiptStore implements ReceiptStore {

package/dist/delivery/receipt_store.js

@@ -28,7 +28,7 @@ export const DefaultReceiptRetentionMs = 72 * 60 * 60 * 1000;
  * Reference {@link ReceiptStore} backed by a Map. Acknowledge drops
  * the receipt immediately so no plaintext archive accumulates.
  *
- * Single-process only — production deployments replace this with a
+ * Single-process only - production deployments replace this with a
  * durable backend.
  */
 export class InMemoryReceiptStore {

package/dist/delivery/retry.d.ts

@@ -14,7 +14,7 @@ export declare const MinRetryInitialIntervalMs = 60000;
 export declare const MinRetryMultiplier = 2;
 /** Cap on individual inter-attempt intervals per §2.3 (6 hours). */
 export declare const MaxRetryIntervalMs: number;
-/** Minimum jitter half-width per §2.3 (10% — RECOMMENDED 25%). */
+/** Minimum jitter half-width per §2.3 (10% - RECOMMENDED 25%). */
 export declare const MinRetryJitterFraction = 0.1;
 /**
  * Lower bound on the realized jittered interval per §2.3:
@@ -69,7 +69,7 @@ export declare function nextAttemptAt(cfg: RetryConfig, previous: Date, attempt:
  */
 export declare function isRecoverableReason(reasonCode: string): boolean;
 /**
- * Effective delivery deadline per §2.4 — the earlier of
+ * Effective delivery deadline per §2.4 - the earlier of
  * `postmark.expires` and `queuedAt + horizon`. `horizon <= 0`
  * defaults to {@link DefaultMaxRetryHorizonMs}; values larger than
  * {@link MaxRetryHorizonCapMs} clamp down.

package/dist/delivery/retry.js

@@ -14,7 +14,7 @@ export const MinRetryInitialIntervalMs = 60_000;
 export const MinRetryMultiplier = 2.0;
 /** Cap on individual inter-attempt intervals per §2.3 (6 hours). */
 export const MaxRetryIntervalMs = 6 * 60 * 60 * 1000;
-/** Minimum jitter half-width per §2.3 (10% — RECOMMENDED 25%). */
+/** Minimum jitter half-width per §2.3 (10% - RECOMMENDED 25%). */
 export const MinRetryJitterFraction = 0.10;
 /**
  * Lower bound on the realized jittered interval per §2.3:
@@ -103,7 +103,7 @@ export function isRecoverableReason(reasonCode) {
     }
 }
 /**
- * Effective delivery deadline per §2.4 — the earlier of
+ * Effective delivery deadline per §2.4 - the earlier of
  * `postmark.expires` and `queuedAt + horizon`. `horizon <= 0`
  * defaults to {@link DefaultMaxRetryHorizonMs}; values larger than
  * {@link MaxRetryHorizonCapMs} clamp down.

package/dist/delivery/scheduler.d.ts

@@ -141,7 +141,7 @@ export declare class Scheduler {
 }
 /**
  * Reference in-memory {@link SchedulerStore}. Tests / single-process
- * demos only — production deployments back the queue with durable
+ * demos only - production deployments back the queue with durable
  * storage per DELIVERY.md §2.1.
  */
 export declare class InMemorySchedulerStore implements SchedulerStore {

package/dist/delivery/scheduler.js

@@ -288,7 +288,7 @@ export class Scheduler {
 }
 /**
  * Reference in-memory {@link SchedulerStore}. Tests / single-process
- * demos only — production deployments back the queue with durable
+ * demos only - production deployments back the queue with durable
  * storage per DELIVERY.md §2.1.
  */
 export class InMemorySchedulerStore {

package/dist/delivery/stage_partition.d.ts

@@ -66,7 +66,7 @@ export interface PartitionInput {
  *       excluded from the partition entirely.
  *  2. Compute the implicit full-access stage as
  *     `max(delegated_stages_with_mode_not_none) + 1`, taken across
- *     ALL delegates with `receive.mode !== "none"` — not just those
+ *     ALL delegates with `receive.mode !== "none"` - not just those
  *     that allowed THIS envelope. Matches §10.3.3.1's "the maximum
  *     is taken over all delegated devices of the account that have
  *     a receive matcher whose mode is not none". When no such

package/dist/delivery/stage_partition.js

@@ -26,7 +26,7 @@ import { scopeAllowsSender } from "../keys/device_certificate.js";
  *       excluded from the partition entirely.
  *  2. Compute the implicit full-access stage as
  *     `max(delegated_stages_with_mode_not_none) + 1`, taken across
- *     ALL delegates with `receive.mode !== "none"` — not just those
+ *     ALL delegates with `receive.mode !== "none"` - not just those
  *     that allowed THIS envelope. Matches §10.3.3.1's "the maximum
  *     is taken over all delegated devices of the account that have
  *     a receive matcher whose mode is not none". When no such

package/dist/delivery/staged_runner.d.ts

@@ -66,7 +66,7 @@ export declare class StagedRunner {
      * `submitterDeviceId` is the device_id bound to the session that
      * delivered the disposition; it MUST equal `d.device_id`.
      *
-     * Idempotent on repeats from the same device — keeps the FIRST
+     * Idempotent on repeats from the same device - keeps the FIRST
      * disposition (conservative aggregation).
      */
     ingestDisposition(envelopeId: string, submitterDeviceId: string, d: Disposition): void;

package/dist/delivery/staged_runner.js

@@ -114,7 +114,7 @@ export class StagedRunner {
      * `submitterDeviceId` is the device_id bound to the session that
      * delivered the disposition; it MUST equal `d.device_id`.
      *
-     * Idempotent on repeats from the same device — keeps the FIRST
+     * Idempotent on repeats from the same device - keeps the FIRST
      * disposition (conservative aggregation).
      */
     ingestDisposition(envelopeId, submitterDeviceId, d) {
@@ -256,7 +256,7 @@ export class StagedRunner {
             });
         }
         if (rebuilt.length === 0) {
-            // No stages remain — let the next tick detect completion.
+            // No stages remain - let the next tick detect completion.
             rec.stages = [];
             return;
         }

package/dist/delivery/status_message.d.ts

@@ -0,0 +1,75 @@
+/**
+ * SEMP_STATUS recipient-status configuration message per
+ * draft-gokce-semp-delivery §1.6.5.
+ *
+ * The client composes a signed StatusMessage carrying the user's
+ * state, optional message and until, plus the visibility rule
+ * that determines which senders may receive the status in
+ * acknowledgments. The client transmits the record to the home
+ * server as a signed message under the originating device's key;
+ * the home server verifies, checks device_id against the
+ * registered device set, and applies the latest update by
+ * updated_at.
+ *
+ * This is distinct from the runtime recipient-status surface in
+ * `./status.ts` (the value attached to delivery acknowledgments).
+ *
+ * @module
+ */
+/** Wire-level type discriminator. */
+export declare const StatusMessageType = "SEMP_STATUS";
+/** Wire-level version. */
+export declare const StatusMessageVersion = "1.0.0";
+/** Domain-separation prefix for SEMP_STATUS signatures. */
+export declare const StatusMessagePrefix = "SEMP-STATUS:";
+/** Recipient state value pinned by §1.6.3. */
+export type StatusState = "available" | "away" | "do_not_disturb";
+/** Visibility mode for the SEMP_STATUS record per §1.6.5. */
+export type StatusVisibilityMode = "nobody" | "everyone" | "users";
+/** Single entry in StatusVisibility.allow. */
+export type StatusVisibilityEntry = {
+    type: "domain";
+    domain: string;
+} | {
+    type: "user";
+    address: string;
+};
+/** Visibility configuration per §1.6.5. */
+export interface StatusVisibility {
+    mode: StatusVisibilityMode;
+    allow?: StatusVisibilityEntry[];
+}
+/** Signature block on a SEMP_STATUS message. */
+export interface StatusMessageSignature {
+    algorithm: string;
+    key_id: string;
+    value: string;
+}
+/** SEMP_STATUS configuration record per §1.6.5. */
+export interface StatusMessage {
+    type: typeof StatusMessageType;
+    version: string;
+    user_id: string;
+    state: StatusState | string;
+    message?: string;
+    /** ISO 8601 UTC. */
+    until?: string;
+    visibility: StatusVisibility;
+    /** ISO 8601 UTC. */
+    updated_at: string;
+    device_id: string;
+    signature: StatusMessageSignature;
+}
+/**
+ * Sign `m.signature` with the originating device's identity
+ * private key under the SEMP-STATUS: prefix. Mutates m in place
+ * and returns the base64 signature value.
+ */
+export declare function signStatusMessage(m: StatusMessage, devicePriv: Uint8Array, deviceKeyId: string): string;
+/** Verify `m.signature` against the originating device's public key. */
+export declare function verifyStatusMessage(m: StatusMessage, devicePub: Uint8Array): boolean;
+/** Structural validation per §1.6.5. */
+export declare function validateStatusMessage(m: StatusMessage, opts?: {
+    skipSignatureCheck?: boolean;
+}): void;
+//# sourceMappingURL=status_message.d.ts.map

package/dist/delivery/status_message.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"status_message.d.ts","sourceRoot":"","sources":["../../src/delivery/status_message.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAIH,qCAAqC;AACrC,eAAO,MAAM,iBAAiB,gBAAgB,CAAC;AAE/C,0BAA0B;AAC1B,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C,2DAA2D;AAC3D,eAAO,MAAM,mBAAmB,iBAAiB,CAAC;AAElD,8CAA8C;AAC9C,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,MAAM,GAAG,gBAAgB,CAAC;AAElE,6DAA6D;AAC7D,MAAM,MAAM,oBAAoB,GAAG,QAAQ,GAAG,UAAU,GAAG,OAAO,CAAC;AAEnE,8CAA8C;AAC9C,MAAM,MAAM,qBAAqB,GAC7B;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAClC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtC,2CAA2C;AAC3C,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,oBAAoB,CAAC;IAC3B,KAAK,CAAC,EAAE,qBAAqB,EAAE,CAAC;CACjC;AAED,gDAAgD;AAChD,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf;AAED,mDAAmD;AACnD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,OAAO,iBAAiB,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,WAAW,GAAG,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,gBAAgB,CAAC;IAC7B,oBAAoB;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,sBAAsB,CAAC;CACnC;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAC/B,CAAC,EAAE,aAAa,EAChB,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE,MAAM,GAClB,MAAM,CAsBR;AAED,wEAAwE;AACxE,wBAAgB,mBAAmB,CACjC,CAAC,EAAE,aAAa,EAChB,SAAS,EAAE,UAAU,GACpB,OAAO,CAYT;AAED,wCAAwC;AACxC,wBAAgB,qBAAqB,CACnC,CAAC,EAAE,aAAa,EAChB,IAAI,GAAE;IAAE,kBAAkB,CAAC,EAAE,OAAO,CAAA;CAAO,GAC1C,IAAI,CA6CN"}

package/dist/delivery/status_message.js

@@ -0,0 +1,109 @@
+/**
+ * SEMP_STATUS recipient-status configuration message per
+ * draft-gokce-semp-delivery §1.6.5.
+ *
+ * The client composes a signed StatusMessage carrying the user's
+ * state, optional message and until, plus the visibility rule
+ * that determines which senders may receive the status in
+ * acknowledgments. The client transmits the record to the home
+ * server as a signed message under the originating device's key;
+ * the home server verifies, checks device_id against the
+ * registered device set, and applies the latest update by
+ * updated_at.
+ *
+ * This is distinct from the runtime recipient-status surface in
+ * `./status.ts` (the value attached to delivery acknowledgments).
+ *
+ * @module
+ */
+import { signSignedDoc, verifySignedDoc } from "../keys/index.js";
+/** Wire-level type discriminator. */
+export const StatusMessageType = "SEMP_STATUS";
+/** Wire-level version. */
+export const StatusMessageVersion = "1.0.0";
+/** Domain-separation prefix for SEMP_STATUS signatures. */
+export const StatusMessagePrefix = "SEMP-STATUS:";
+/**
+ * Sign `m.signature` with the originating device's identity
+ * private key under the SEMP-STATUS: prefix. Mutates m in place
+ * and returns the base64 signature value.
+ */
+export function signStatusMessage(m, devicePriv, deviceKeyId) {
+    if (deviceKeyId === "") {
+        throw new Error("delivery: empty device key_id");
+    }
+    if (m.type === "") {
+        m.type = StatusMessageType;
+    }
+    if (m.version === "") {
+        m.version = StatusMessageVersion;
+    }
+    validateStatusMessage(m, { skipSignatureCheck: true });
+    m.signature.algorithm = "ed25519";
+    m.signature.key_id = deviceKeyId;
+    m.signature.value = "";
+    const { signedJSON, signatureB64 } = signSignedDoc({
+        preSignJSON: m,
+        seed: devicePriv,
+        signaturePath: "signature.value",
+        prefix: StatusMessagePrefix,
+    });
+    m.signature.value = signedJSON.signature.value;
+    return signatureB64;
+}
+/** Verify `m.signature` against the originating device's public key. */
+export function verifyStatusMessage(m, devicePub) {
+    validateStatusMessage(m);
+    if (m.signature.value === "") {
+        return false;
+    }
+    const { ok } = verifySignedDoc({
+        signedJSON: m,
+        publicKey: devicePub,
+        signaturePath: "signature.value",
+        prefix: StatusMessagePrefix,
+    });
+    return ok;
+}
+/** Structural validation per §1.6.5. */
+export function validateStatusMessage(m, opts = {}) {
+    if (m.type !== StatusMessageType) {
+        throw new Error(`delivery: status message type ${JSON.stringify(m.type)}, want ${StatusMessageType}`);
+    }
+    if (m.version === "") {
+        throw new Error("delivery: status message missing version");
+    }
+    if (m.user_id === "") {
+        throw new Error("delivery: status message missing user_id");
+    }
+    if (m.state === "") {
+        throw new Error("delivery: status message missing state");
+    }
+    if (m.device_id === "") {
+        throw new Error("delivery: status message missing device_id");
+    }
+    if (m.updated_at === "") {
+        throw new Error("delivery: status message missing updated_at");
+    }
+    if (m.visibility.mode === "") {
+        throw new Error("delivery: status message visibility.mode is empty");
+    }
+    if (m.visibility.allow !== undefined) {
+        for (let i = 0; i < m.visibility.allow.length; i++) {
+            const e = m.visibility.allow[i];
+            if (e === undefined) {
+                continue;
+            }
+            if (e.type === "domain" && e.domain === "") {
+                throw new Error(`delivery: status visibility.allow[${i}] type=domain missing domain`);
+            }
+            if (e.type === "user" && e.address === "") {
+                throw new Error(`delivery: status visibility.allow[${i}] type=user missing address`);
+            }
+        }
+    }
+    if (!opts.skipSignatureCheck && m.signature === undefined) {
+        throw new Error("delivery: status message missing signature");
+    }
+}
+//# sourceMappingURL=status_message.js.map

package/dist/delivery/status_message.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"status_message.js","sourceRoot":"","sources":["../../src/delivery/status_message.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAElE,qCAAqC;AACrC,MAAM,CAAC,MAAM,iBAAiB,GAAG,aAAa,CAAC;AAE/C,0BAA0B;AAC1B,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C,2DAA2D;AAC3D,MAAM,CAAC,MAAM,mBAAmB,GAAG,cAAc,CAAC;AA0ClD;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,CAAgB,EAChB,UAAsB,EACtB,WAAmB;IAEnB,IAAI,WAAW,KAAK,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,IAAK,CAAC,CAAC,IAAe,KAAK,EAAE,EAAE,CAAC;QAC9B,CAAC,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAC7B,CAAC;IACD,IAAI,CAAC,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;QACrB,CAAC,CAAC,OAAO,GAAG,oBAAoB,CAAC;IACnC,CAAC;IACD,qBAAqB,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;IACvD,CAAC,CAAC,SAAS,CAAC,SAAS,GAAG,SAAS,CAAC;IAClC,CAAC,CAAC,SAAS,CAAC,MAAM,GAAG,WAAW,CAAC;IACjC,CAAC,CAAC,SAAS,CAAC,KAAK,GAAG,EAAE,CAAC;IACvB,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;QACjD,WAAW,EAAE,CAAuC;QACpD,IAAI,EAAE,UAAU;QAChB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,mBAAmB;KAC5B,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CAAC,KAAK,GAAI,UAAU,CAAC,SAA+B,CAAC,KAAK,CAAC;IACtE,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,mBAAmB,CACjC,CAAgB,EAChB,SAAqB;IAErB,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACzB,IAAI,CAAC,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,EAAE,EAAE,EAAE,GAAG,eAAe,CAAC;QAC7B,UAAU,EAAE,CAAuC;QACnD,SAAS,EAAE,SAAS;QACpB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,mBAAmB;KAC5B,CAAC,CAAC;IACH,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,qBAAqB,CACnC,CAAgB,EAChB,OAAyC,EAAE;IAE3C,IAAI,CAAC,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,iCAAiC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,iBAAiB,EAAE,CACrF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,CAAC,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IACD,IAAK,CAAC,CAAC,KAAgB,KAAK,EAAE,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,CAAC,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,CAAC,CAAC,UAAU,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,IAAK,CAAC,CAAC,UAAU,CAAC,IAAe,KAAK,EAAE,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,CAAC,CAAC,UAAU,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACnD,MAAM,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACpB,SAAS;YACX,CAAC;YACD,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,KAAK,CACb,qCAAqC,CAAC,8BAA8B,CACrE,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;gBAC1C,MAAM,IAAI,KAAK,CACb,qCAAqC,CAAC,6BAA6B,CACpE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;AACH,CAAC"}

package/dist/delivery/upgrade_signal.d.ts

@@ -0,0 +1,48 @@
+/**
+ * SEMP upgrade-signaling SMTP headers per
+ * draft-gokce-semp-client §5.7.
+ *
+ * A SEMP-capable client SHOULD include these on every outbound
+ * SMTP message so a receiving SEMP-capable client can offer a
+ * thread upgrade without an additional DNS lookup. A recipient
+ * client that acts on the signal MUST verify the advertised
+ * identity by completing SEMP discovery against
+ * {@link UpgradeHeaderDomain} and fetching the identity key from
+ * that domain before treating the upgrade as trusted.
+ *
+ * The signal is unauthenticated at the SMTP layer; treat the
+ * headers as a hint only.
+ *
+ * @module
+ */
+/**
+ * Boolean-style header name set to {@link UpgradeCapabilityPresent}
+ * whenever the sender's client can receive via SEMP at a published
+ * SEMP address.
+ */
+export declare const UpgradeHeaderCapability = "SEMP-Capability";
+/**
+ * Header carrying the fingerprint of the sender's current SEMP
+ * identity public key in `<algorithm>:<hex>` form (for example
+ * `ed25519:abc123...`).
+ */
+export declare const UpgradeHeaderIdentity = "SEMP-Identity";
+/**
+ * Header naming the sender's SEMP domain (the domain part of the
+ * sender's SEMP address). MAY differ from the domain of the SMTP
+ * `From` header.
+ */
+export declare const UpgradeHeaderDomain = "SEMP-Domain";
+/**
+ * Header carrying the full SEMP address of the sender so the
+ * recipient does not have to infer it from the SMTP `From`
+ * local-part when the SMTP and SEMP local-parts differ.
+ */
+export declare const UpgradeHeaderAddress = "SEMP-Address";
+/**
+ * Value the sender writes into the {@link UpgradeHeaderCapability}
+ * header. Single fixed value; future spec versions may extend the
+ * vocabulary.
+ */
+export declare const UpgradeCapabilityPresent = "1";
+//# sourceMappingURL=upgrade_signal.d.ts.map

package/dist/delivery/upgrade_signal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"upgrade_signal.d.ts","sourceRoot":"","sources":["../../src/delivery/upgrade_signal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;;;GAIG;AACH,eAAO,MAAM,uBAAuB,oBAAoB,CAAC;AAEzD;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,kBAAkB,CAAC;AAErD;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,gBAAgB,CAAC;AAEjD;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,iBAAiB,CAAC;AAEnD;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,MAAM,CAAC"}

package/dist/delivery/upgrade_signal.js

@@ -0,0 +1,48 @@
+/**
+ * SEMP upgrade-signaling SMTP headers per
+ * draft-gokce-semp-client §5.7.
+ *
+ * A SEMP-capable client SHOULD include these on every outbound
+ * SMTP message so a receiving SEMP-capable client can offer a
+ * thread upgrade without an additional DNS lookup. A recipient
+ * client that acts on the signal MUST verify the advertised
+ * identity by completing SEMP discovery against
+ * {@link UpgradeHeaderDomain} and fetching the identity key from
+ * that domain before treating the upgrade as trusted.
+ *
+ * The signal is unauthenticated at the SMTP layer; treat the
+ * headers as a hint only.
+ *
+ * @module
+ */
+/**
+ * Boolean-style header name set to {@link UpgradeCapabilityPresent}
+ * whenever the sender's client can receive via SEMP at a published
+ * SEMP address.
+ */
+export const UpgradeHeaderCapability = "SEMP-Capability";
+/**
+ * Header carrying the fingerprint of the sender's current SEMP
+ * identity public key in `<algorithm>:<hex>` form (for example
+ * `ed25519:abc123...`).
+ */
+export const UpgradeHeaderIdentity = "SEMP-Identity";
+/**
+ * Header naming the sender's SEMP domain (the domain part of the
+ * sender's SEMP address). MAY differ from the domain of the SMTP
+ * `From` header.
+ */
+export const UpgradeHeaderDomain = "SEMP-Domain";
+/**
+ * Header carrying the full SEMP address of the sender so the
+ * recipient does not have to infer it from the SMTP `From`
+ * local-part when the SMTP and SEMP local-parts differ.
+ */
+export const UpgradeHeaderAddress = "SEMP-Address";
+/**
+ * Value the sender writes into the {@link UpgradeHeaderCapability}
+ * header. Single fixed value; future spec versions may extend the
+ * vocabulary.
+ */
+export const UpgradeCapabilityPresent = "1";
+//# sourceMappingURL=upgrade_signal.js.map

package/dist/delivery/upgrade_signal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upgrade_signal.js","sourceRoot":"","sources":["../../src/delivery/upgrade_signal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;;;GAIG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,iBAAiB,CAAC;AAEzD;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,eAAe,CAAC;AAErD;;;;GAIG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,aAAa,CAAC;AAEjD;;;;GAIG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,cAAc,CAAC;AAEnD;;;;GAIG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,GAAG,CAAC"}

package/dist/discovery/configuration.d.ts

@@ -50,10 +50,28 @@ export interface ConfigEndpoints {
     backup?: string;
     migration?: string;
     transparency_log?: string;
-    attachment_storage?: string;
     /** Forward-compatible: any unknown endpoint URL keys land here. */
     [key: string]: string | TransportEndpoints | undefined;
 }
+/**
+ * Trust-gossip reciprocity policy mode per DISCOVERY.md §3.1.5 /
+ * DELIVERY.md §12.1. A peer that enforces reciprocity MUST
+ * disclose its policy in the configuration document so prospective
+ * consumers can capability-negotiate before fetching.
+ *
+ *  - "none": no reciprocity requirement.
+ *  - "lenient": prefers reciprocity but serves non-publishers; MAY
+ *    weight their observations lower.
+ *  - "strict": refuses to serve consumers that do not meet
+ *    `minimum_publish_volume` across `evaluation_window_days`.
+ */
+export type ReciprocityMode = "none" | "lenient" | "strict";
+/** Reciprocity policy disclosure per §3.1.5. */
+export interface ReciprocityPolicy {
+    mode: ReciprocityMode;
+    minimum_publish_volume?: number;
+    evaluation_window_days?: number;
+}
 /** Operational limits per §3.1.3. */
 export interface ConfigLimits {
     max_envelope_size: number;
@@ -76,6 +94,7 @@ export interface Configuration {
     suites: string[];
     limits: ConfigLimits;
     extensions?: ConfigExtension[];
+    reciprocity?: ReciprocityPolicy;
     /** Forward-compatible: unknown top-level fields preserved here. */
     [key: string]: unknown;
 }

package/dist/discovery/configuration.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"configuration.d.ts","sourceRoot":"","sources":["../../src/discovery/configuration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,+DAA+D;AAC/D,eAAO,MAAM,aAAa,oCAAoC,CAAC;AAE/D,qCAAqC;AACrC,eAAO,MAAM,iBAAiB,uBAAuB,CAAC;AAEtD;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,QAAY,CAAC;AAE3C,kDAAkD;AAClD,MAAM,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAExD,mCAAmC;AACnC,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,kBAAkB,CAAC;IAC3B,UAAU,EAAE,kBAAkB,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mEAAmE;IACnE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,kBAAkB,GAAG,SAAS,CAAC;CACxD;AAED,qCAAqC;AACrC,MAAM,WAAW,YAAY;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACnC;AAED,wCAAwC;AACxC,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,gDAAgD;AAChD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,OAAO,iBAAiB,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,eAAe,CAAC;IAC3B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,MAAM,EAAE,YAAY,CAAC;IACrB,UAAU,CAAC,EAAE,eAAe,EAAE,CAAC;IAC/B,mEAAmE;IACnE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,aAAa,CAyDhE;AAKD,wBAAgB,QAAQ,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAEjE;AAED,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAM/E;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAM5E;AAED,wBAAgB,aAAa,CAC3B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5B,GAAG,EAAE,MAAM,GACV,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5B,GAAG,EAAE,MAAM,GACV,MAAM,EAAE,CAWV"}
+{"version":3,"file":"configuration.d.ts","sourceRoot":"","sources":["../../src/discovery/configuration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,+DAA+D;AAC/D,eAAO,MAAM,aAAa,oCAAoC,CAAC;AAE/D,qCAAqC;AACrC,eAAO,MAAM,iBAAiB,uBAAuB,CAAC;AAEtD;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,QAAY,CAAC;AAE3C,kDAAkD;AAClD,MAAM,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAExD,mCAAmC;AACnC,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,kBAAkB,CAAC;IAC3B,UAAU,EAAE,kBAAkB,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mEAAmE;IACnE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,kBAAkB,GAAG,SAAS,CAAC;CACxD;AAED;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG,SAAS,GAAG,QAAQ,CAAC;AAE5D,gDAAgD;AAChD,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,eAAe,CAAC;IACtB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,qCAAqC;AACrC,MAAM,WAAW,YAAY;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACnC;AAED,wCAAwC;AACxC,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,gDAAgD;AAChD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,OAAO,iBAAiB,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,eAAe,CAAC;IAC3B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,MAAM,EAAE,YAAY,CAAC;IACrB,UAAU,CAAC,EAAE,eAAe,EAAE,CAAC;IAC/B,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,mEAAmE;IACnE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,aAAa,CAyDhE;AAKD,wBAAgB,QAAQ,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAEjE;AAED,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAM/E;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAM5E;AAED,wBAAgB,aAAa,CAC3B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5B,GAAG,EAAE,MAAM,GACV,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5B,GAAG,EAAE,MAAM,GACV,MAAM,EAAE,CAWV"}