@sempdev/semp 0.5.1 → 0.5.5

package/dist/envelope/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/envelope/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAExD,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAOL,oBAAoB,EACpB,OAAO,EACP,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,kBAAkB,GACnB,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEpE,OAAO,EAIL,YAAY,EACZ,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAEvB,OAAO,EAKL,aAAa,GACd,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAEL,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,WAAW,GACZ,MAAM,cAAc,CAAC;AAEtB,OAAO,EAEL,6BAA6B,EAC7B,aAAa,GACd,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/envelope/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAExD,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAOL,oBAAoB,EACpB,OAAO,EACP,qBAAqB,EACrB,yBAAyB,EACzB,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,kBAAkB,GACnB,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEpE,OAAO,EAIL,YAAY,EACZ,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAEvB,OAAO,EAKL,aAAa,GACd,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAEL,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,WAAW,GACZ,MAAM,cAAc,CAAC;AAEtB,OAAO,EAEL,6BAA6B,EAC7B,aAAa,GACd,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/envelope/open_any.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"open_any.d.ts","sourceRoot":"","sources":["../../src/envelope/open_any.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,KAAK,QAAQ,EACb,KAAK,SAAS,EAEf,MAAM,cAAc,CAAC;AAEtB,4DAA4D;AAC5D,MAAM,WAAW,kBAAkB;IACjC,oEAAoE;IACpE,KAAK,EAAE,MAAM,CAAC;IACd,wDAAwD;IACxD,UAAU,EAAE,UAAU,CAAC;IACvB,uDAAuD;IACvD,SAAS,EAAE,UAAU,CAAC;CACvB;AAED,yDAAyD;AACzD,MAAM,WAAW,WAAW;IAC1B,yDAAyD;IACzD,SAAS,EAAE,kBAAkB,CAAC;IAC9B,4DAA4D;IAC5D,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,6DAA6D;AAC7D,MAAM,WAAW,eAAe;IAC9B,6DAA6D;IAC7D,SAAS,EAAE,kBAAkB,CAAC;IAC9B,gEAAgE;IAChE,SAAS,EAAE,OAAO,CAAC;CACpB;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAC1B,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC,EACzB,GAAG,EAAE,QAAQ,EACb,UAAU,EAAE,kBAAkB,EAAE,GAC/B,WAAW,CAiCb;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC,EACzB,GAAG,EAAE,QAAQ,EACb,UAAU,EAAE,kBAAkB,EAAE,GAC/B,eAAe,CAiCjB"}
+{"version":3,"file":"open_any.d.ts","sourceRoot":"","sources":["../../src/envelope/open_any.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,KAAK,QAAQ,EACb,KAAK,SAAS,EAGf,MAAM,cAAc,CAAC;AAEtB,4DAA4D;AAC5D,MAAM,WAAW,kBAAkB;IACjC,oEAAoE;IACpE,KAAK,EAAE,MAAM,CAAC;IACd,wDAAwD;IACxD,UAAU,EAAE,UAAU,CAAC;IACvB,uDAAuD;IACvD,SAAS,EAAE,UAAU,CAAC;CACvB;AAED,yDAAyD;AACzD,MAAM,WAAW,WAAW;IAC1B,yDAAyD;IACzD,SAAS,EAAE,kBAAkB,CAAC;IAC9B,4DAA4D;IAC5D,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,6DAA6D;AAC7D,MAAM,WAAW,eAAe;IAC9B,6DAA6D;IAC7D,SAAS,EAAE,kBAAkB,CAAC;IAC9B,gEAAgE;IAChE,SAAS,EAAE,OAAO,CAAC;CACpB;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAC1B,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC,EACzB,GAAG,EAAE,QAAQ,EACb,UAAU,EAAE,kBAAkB,EAAE,GAC/B,WAAW,CAiCb;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC,EACzB,GAAG,EAAE,QAAQ,EACb,UAAU,EAAE,kBAAkB,EAAE,GAC/B,eAAe,CAiCjB"}

package/dist/envelope/open_any.js

@@ -8,7 +8,7 @@
  *
  * @module
  */
-import { openForRecipient, } from "./compose.js";
+import { openBriefForRecipient, openEnclosureForRecipient, } from "./compose.js";
 /**
  * Walk `candidates` and try each recipient identity against
  * `env.seal.brief_recipients`. Returns the brief plaintext from the
@@ -25,14 +25,14 @@ export function openBriefAny(suite, env, candidates) {
             continue; // not a brief recipient
         }
         try {
-            const opened = openForRecipient({
+            const brief = openBriefForRecipient({
                 suite,
                 envelope: env,
                 recipientKeyId: c.keyId,
                 recipientPrivateKey: c.privateKey,
                 recipientPublicKey: c.publicKey,
             });
-            return { candidate: c, brief: opened.brief };
+            return { candidate: c, brief };
         }
         catch (err) {
             errors.push(`${c.keyId}: ${err instanceof Error ? err.message : String(err)}`);
@@ -59,14 +59,14 @@ export function openEnclosureAny(suite, env, candidates) {
             continue; // not an enclosure recipient
         }
         try {
-            const opened = openForRecipient({
+            const enclosure = openEnclosureForRecipient({
                 suite,
                 envelope: env,
                 recipientKeyId: c.keyId,
                 recipientPrivateKey: c.privateKey,
                 recipientPublicKey: c.publicKey,
             });
-            return { candidate: c, enclosure: opened.enclosure };
+            return { candidate: c, enclosure };
         }
         catch (err) {
             errors.push(`${c.keyId}: ${err instanceof Error ? err.message : String(err)}`);

package/dist/envelope/open_any.js.map

@@ -1 +1 @@
-{"version":3,"file":"open_any.js","sourceRoot":"","sources":["../../src/envelope/open_any.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAGL,gBAAgB,GACjB,MAAM,cAAc,CAAC;AA4BtB;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAC1B,KAAyB,EACzB,GAAa,EACb,UAAgC;IAEhC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,SAAS,EAAE,CAAC;YACrD,SAAS,CAAC,wBAAwB;QACpC,CAAC;QACD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,gBAAgB,CAAC;gBAC9B,KAAK;gBACL,QAAQ,EAAE,GAAG;gBACb,cAAc,EAAE,CAAC,CAAC,KAAK;gBACvB,mBAAmB,EAAE,CAAC,CAAC,UAAU;gBACjC,kBAAkB,EAAE,CAAC,CAAC,SAAS;aAChC,CAAC,CAAC;YACH,OAAO,EAAE,SAAS,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CACT,GAAG,CAAC,CAAC,KAAK,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAClE,CAAC;YACF,SAAS;QACX,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,qEAAqE,CACtE,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,KAAK,CACb,mDAAmD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACvE,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAAyB,EACzB,GAAa,EACb,UAAgC;IAEhC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,GAAG,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,SAAS,EAAE,CAAC;YACzD,SAAS,CAAC,6BAA6B;QACzC,CAAC;QACD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,gBAAgB,CAAC;gBAC9B,KAAK;gBACL,QAAQ,EAAE,GAAG;gBACb,cAAc,EAAE,CAAC,CAAC,KAAK;gBACvB,mBAAmB,EAAE,CAAC,CAAC,UAAU;gBACjC,kBAAkB,EAAE,CAAC,CAAC,SAAS;aAChC,CAAC,CAAC;YACH,OAAO,EAAE,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC;QACvD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CACT,GAAG,CAAC,CAAC,KAAK,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAClE,CAAC;YACF,SAAS;QACX,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,KAAK,CACb,uDAAuD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC3E,CAAC;AACJ,CAAC"}
+{"version":3,"file":"open_any.js","sourceRoot":"","sources":["../../src/envelope/open_any.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAGL,qBAAqB,EACrB,yBAAyB,GAC1B,MAAM,cAAc,CAAC;AA4BtB;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAC1B,KAAyB,EACzB,GAAa,EACb,UAAgC;IAEhC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,SAAS,EAAE,CAAC;YACrD,SAAS,CAAC,wBAAwB;QACpC,CAAC;QACD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,qBAAqB,CAAC;gBAClC,KAAK;gBACL,QAAQ,EAAE,GAAG;gBACb,cAAc,EAAE,CAAC,CAAC,KAAK;gBACvB,mBAAmB,EAAE,CAAC,CAAC,UAAU;gBACjC,kBAAkB,EAAE,CAAC,CAAC,SAAS;aAChC,CAAC,CAAC;YACH,OAAO,EAAE,SAAS,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CACT,GAAG,CAAC,CAAC,KAAK,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAClE,CAAC;YACF,SAAS;QACX,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,qEAAqE,CACtE,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,KAAK,CACb,mDAAmD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACvE,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAAyB,EACzB,GAAa,EACb,UAAgC;IAEhC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,GAAG,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,SAAS,EAAE,CAAC;YACzD,SAAS,CAAC,6BAA6B;QACzC,CAAC;QACD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,yBAAyB,CAAC;gBAC1C,KAAK;gBACL,QAAQ,EAAE,GAAG;gBACb,cAAc,EAAE,CAAC,CAAC,KAAK;gBACvB,mBAAmB,EAAE,CAAC,CAAC,UAAU;gBACjC,kBAAkB,EAAE,CAAC,CAAC,SAAS;aAChC,CAAC,CAAC;YACH,OAAO,EAAE,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC;QACrC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CACT,GAAG,CAAC,CAAC,KAAK,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAClE,CAAC;YACF,SAAS;QACX,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,KAAK,CACb,uDAAuD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC3E,CAAC;AACJ,CAAC"}

package/dist/envelope/open_verified.d.ts

@@ -10,7 +10,7 @@
  *   3. Walk the supplied recipient candidates and open the brief +
  *      enclosure for the first matching device key.
  *
- * `openAndVerify` does NOT run `seal.session_mac` — that is the
+ * `openAndVerify` does NOT run `seal.session_mac` - that is the
  * routing-server / receiving-server check between adjacent SEMP
  * peers; the recipient client uses {@link "./verify".verifySessionMAC}
  * separately when it has access to the K_env_mac.

package/dist/envelope/open_verified.js

@@ -10,7 +10,7 @@
  *   3. Walk the supplied recipient candidates and open the brief +
  *      enclosure for the first matching device key.
  *
- * `openAndVerify` does NOT run `seal.session_mac` — that is the
+ * `openAndVerify` does NOT run `seal.session_mac` - that is the
  * routing-server / receiving-server check between adjacent SEMP
  * peers; the recipient client uses {@link "./verify".verifySessionMAC}
  * separately when it has access to the K_env_mac.

package/dist/envelope/padding.d.ts

@@ -35,7 +35,7 @@ export interface PadConfig {
 /**
  * Populate `env.padding` so that `JSON.stringify(env)` lands on
  * exactly the size of the chosen bucket. Safe to call before OR
- * after `compose` populates `seal.signature` / `seal.session_mac` —
+ * after `compose` populates `seal.signature` / `seal.session_mac` -
  * if either is empty, fillPadding temporarily substitutes a
  * fixed-length placeholder for measurement so the post-sign size
  * is correct either way.
@@ -47,7 +47,7 @@ export declare function fillPadding(env: Envelope, cfg?: PadConfig): number;
 /**
  * Build a string of exactly `targetLen` base64-alphabet characters,
  * drawn from a CSPRNG. The bulk is a base64 encoding of CSPRNG
- * bytes; the final 1–3 characters (when targetLen is not reachable
+ * bytes; the final 1-3 characters (when targetLen is not reachable
  * by `btoa` 4-character chunks) are CSPRNG-seeded alphabet
  * characters appended for length alignment per §2.4.2.
  */

package/dist/envelope/padding.js

@@ -28,7 +28,7 @@ const Base64AlphabetFillers = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvw
 /**
  * Populate `env.padding` so that `JSON.stringify(env)` lands on
  * exactly the size of the chosen bucket. Safe to call before OR
- * after `compose` populates `seal.signature` / `seal.session_mac` —
+ * after `compose` populates `seal.signature` / `seal.session_mac` -
  * if either is empty, fillPadding temporarily substitutes a
  * fixed-length placeholder for measurement so the post-sign size
  * is correct either way.
@@ -83,7 +83,7 @@ export function fillPadding(env, cfg = {}) {
 /**
  * Build a string of exactly `targetLen` base64-alphabet characters,
  * drawn from a CSPRNG. The bulk is a base64 encoding of CSPRNG
- * bytes; the final 1–3 characters (when targetLen is not reachable
+ * bytes; the final 1-3 characters (when targetLen is not reachable
  * by `btoa` 4-character chunks) are CSPRNG-seeded alphabet
  * characters appended for length alignment per §2.4.2.
  */
@@ -96,7 +96,7 @@ export function buildPaddingValue(targetLen, rand = defaultRand) {
     }
     // base64 emits 4 chars per 3 input bytes. Pick the largest
     // multiple of 4 ≤ targetLen as the base64-encoded portion; the
-    // remainder (0–3 chars) is filled from the alphabet pool.
+    // remainder (0-3 chars) is filled from the alphabet pool.
     const baseChars = targetLen - (targetLen % 4);
     const inputBytes = (baseChars / 4) * 3;
     const out = [];

package/dist/envelope/verify.d.ts

@@ -15,7 +15,7 @@ import { type Envelope } from "./compose.js";
  * true when the Ed25519 signature over the canonical envelope bytes
  * (prefixed with `SEMP-ENVELOPE:`) verifies. Does NOT cross-check
  * that the supplied public key actually belongs to the
- * `postmark.from_domain` — that lookup is the caller's responsibility.
+ * `postmark.from_domain` - that lookup is the caller's responsibility.
  */
 export declare function verifySealSignature(env: Envelope, senderDomainPub: Uint8Array): boolean;
 /**

package/dist/envelope/verify.js

@@ -19,7 +19,7 @@ const EnvelopePrefix = "SEMP-ENVELOPE:";
  * true when the Ed25519 signature over the canonical envelope bytes
  * (prefixed with `SEMP-ENVELOPE:`) verifies. Does NOT cross-check
  * that the supplied public key actually belongs to the
- * `postmark.from_domain` — that lookup is the caller's responsibility.
+ * `postmark.from_domain` - that lookup is the caller's responsibility.
  */
 export function verifySealSignature(env, senderDomainPub) {
     if (env.seal?.signature === undefined || env.seal.signature === "") {

package/dist/extensions/index.d.ts

@@ -4,4 +4,5 @@
  * @module
  */
 export { type Entry, type Layer, type Map, type RegistryEntry, KeyError, MaxKeyLength, NamespacePrefixCore, Registry, SizeError, UnsupportedError, maxBytesFor, validate, validateKey, validateSize, } from "./limits.js";
+export { type ValidationFailureCode, type ValidationFailureItem, type ValidationFailureRejection, DefinitionPathPrefix, newValidationFailureRejection, } from "./validation_failure.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/extensions/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/extensions/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,KAAK,KAAK,EACV,KAAK,KAAK,EACV,KAAK,GAAG,EACR,KAAK,aAAa,EAClB,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,QAAQ,EACR,SAAS,EACT,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACR,WAAW,EACX,YAAY,GACb,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/extensions/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,KAAK,KAAK,EACV,KAAK,KAAK,EACV,KAAK,GAAG,EACR,KAAK,aAAa,EAClB,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,QAAQ,EACR,SAAS,EACT,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACR,WAAW,EACX,YAAY,GACb,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,KAAK,qBAAqB,EAC1B,KAAK,qBAAqB,EAC1B,KAAK,0BAA0B,EAC/B,oBAAoB,EACpB,6BAA6B,GAC9B,MAAM,yBAAyB,CAAC"}

package/dist/extensions/index.js

@@ -4,4 +4,5 @@
  * @module
  */
 export { KeyError, MaxKeyLength, NamespacePrefixCore, Registry, SizeError, UnsupportedError, maxBytesFor, validate, validateKey, validateSize, } from "./limits.js";
+export { DefinitionPathPrefix, newValidationFailureRejection, } from "./validation_failure.js";
 //# sourceMappingURL=index.js.map

package/dist/extensions/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/extensions/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAKL,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,QAAQ,EACR,SAAS,EACT,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACR,WAAW,EACX,YAAY,GACb,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/extensions/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAKL,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,QAAQ,EACR,SAAS,EACT,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACR,WAAW,EACX,YAAY,GACb,MAAM,aAAa,CAAC;AAErB,OAAO,EAIL,oBAAoB,EACpB,6BAA6B,GAC9B,MAAM,yBAAyB,CAAC"}

package/dist/extensions/limits.d.ts

@@ -8,7 +8,7 @@
  * ```
  *
  * Per-layer byte-size ceilings (§4) are enforced before signature
- * verification — an over-large `extensions` map MUST be rejected
+ * verification - an over-large `extensions` map MUST be rejected
  * outright, regardless of any signature it might carry.
  *
  * Required extensions a recipient does not understand MUST be
@@ -90,7 +90,7 @@ export declare function validateKey(key: string): Error | null;
  *     ({@link SizeError})
  *
  * Non-required (`required: false`) extensions are passed through
- * unconditionally — the receiver is free to ignore them.
+ * unconditionally - the receiver is free to ignore them.
  */
 export declare function validate(registry: Registry | null, layer: Layer, m: Map | null | undefined): Error | null;
 /**

package/dist/extensions/limits.js

@@ -8,7 +8,7 @@
  * ```
  *
  * Per-layer byte-size ceilings (§4) are enforced before signature
- * verification — an over-large `extensions` map MUST be rejected
+ * verification - an over-large `extensions` map MUST be rejected
  * outright, regardless of any signature it might carry.
  *
  * Required extensions a recipient does not understand MUST be
@@ -121,7 +121,7 @@ export function validateKey(key) {
  *     ({@link SizeError})
  *
  * Non-required (`required: false`) extensions are passed through
- * unconditionally — the receiver is free to ignore them.
+ * unconditionally - the receiver is free to ignore them.
  */
 export function validate(registry, layer, m) {
     if (m === null || m === undefined || Object.keys(m).length === 0) {

package/dist/extensions/validation_failure.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Canonical URL path prefix at which an extension's definition
+ * document is published per EXTENSIONS.md §3.5 and RFC 8615. The
+ * full URL is
+ *   "https://<host>" + DefinitionPathPrefix + "<name>.json"
+ * where <name> is the namespace-prefixed identifier such as
+ * "semp.dev/foo" or "vendor.example.com/feature1".
+ */
+export declare const DefinitionPathPrefix = "/.well-known/semp-extensions/";
+/**
+ * Extension validation failure reporting per EXTENSIONS.md §3.9.3.
+ *
+ * Runtime validation failures across one or more extensions in an
+ * envelope are reported with the `extension_unsupported` reason
+ * code and an `errors` array carrying per-extension diagnostics.
+ * Implementations MAY stop at the first failure and report a
+ * single-entry array or continue and report all failures.
+ *
+ * @module
+ */
+/** Defined validation_failure diagnostics per §3.9.3 table. */
+export type ValidationFailureCode = "definition_unfetchable" | "definition_signature_invalid" | "data_schema_mismatch" | "placement_violation" | "authority_violation" | "dependency_unsatisfied" | "conflict_present";
+/** Single entry in the §3.9.3 `errors` array. */
+export interface ValidationFailureItem {
+    extension: string;
+    validation_failure: ValidationFailureCode;
+}
+/**
+ * Envelope-rejection wire shape carrying one or more extension
+ * validation failures. The reason_code is always
+ * `extension_unsupported`; per-rule diagnostics live in
+ * `errors[i].validation_failure`.
+ */
+export interface ValidationFailureRejection {
+    type: "SEMP_ENVELOPE";
+    step: "rejected";
+    version: string;
+    reason_code: "extension_unsupported";
+    reason: string;
+    errors: ValidationFailureItem[];
+}
+/**
+ * Wrap one or more validation failures in the §3.9.3 envelope
+ * rejection. The reason defaults to "Extension validation failed"
+ * when omitted.
+ */
+export declare function newValidationFailureRejection(items: ValidationFailureItem[], reason?: string): ValidationFailureRejection;
+//# sourceMappingURL=validation_failure.d.ts.map

package/dist/extensions/validation_failure.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation_failure.d.ts","sourceRoot":"","sources":["../../src/extensions/validation_failure.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,kCAAkC,CAAC;AAEpE;;;;;;;;;;GAUG;AAEH,+DAA+D;AAC/D,MAAM,MAAM,qBAAqB,GAC7B,wBAAwB,GACxB,8BAA8B,GAC9B,sBAAsB,GACtB,qBAAqB,GACrB,qBAAqB,GACrB,wBAAwB,GACxB,kBAAkB,CAAC;AAEvB,iDAAiD;AACjD,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,qBAAqB,CAAC;CAC3C;AAED;;;;;GAKG;AACH,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,eAAe,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,uBAAuB,CAAC;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,qBAAqB,EAAE,CAAC;CACjC;AAED;;;;GAIG;AACH,wBAAgB,6BAA6B,CAC3C,KAAK,EAAE,qBAAqB,EAAE,EAC9B,MAAM,SAAgC,GACrC,0BAA0B,CAS5B"}

package/dist/extensions/validation_failure.js

@@ -0,0 +1,25 @@
+/**
+ * Canonical URL path prefix at which an extension's definition
+ * document is published per EXTENSIONS.md §3.5 and RFC 8615. The
+ * full URL is
+ *   "https://<host>" + DefinitionPathPrefix + "<name>.json"
+ * where <name> is the namespace-prefixed identifier such as
+ * "semp.dev/foo" or "vendor.example.com/feature1".
+ */
+export const DefinitionPathPrefix = "/.well-known/semp-extensions/";
+/**
+ * Wrap one or more validation failures in the §3.9.3 envelope
+ * rejection. The reason defaults to "Extension validation failed"
+ * when omitted.
+ */
+export function newValidationFailureRejection(items, reason = "Extension validation failed") {
+    return {
+        type: "SEMP_ENVELOPE",
+        step: "rejected",
+        version: "1.0.0",
+        reason_code: "extension_unsupported",
+        reason,
+        errors: items,
+    };
+}
+//# sourceMappingURL=validation_failure.js.map

package/dist/extensions/validation_failure.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation_failure.js","sourceRoot":"","sources":["../../src/extensions/validation_failure.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,+BAA+B,CAAC;AA6CpE;;;;GAIG;AACH,MAAM,UAAU,6BAA6B,CAC3C,KAA8B,EAC9B,MAAM,GAAG,6BAA6B;IAEtC,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE,uBAAuB;QACpC,MAAM;QACN,MAAM,EAAE,KAAK;KACd,CAAC;AACJ,CAAC"}

package/dist/handshake/abort.d.ts

@@ -30,7 +30,7 @@ export declare function isChallengeInvalid(err: unknown): err is ChallengeInvali
 /**
  * Build an unsigned client-initiator abort message per §2.2a.6.
  *
- * The wire shape is `party: "client"` with no `server_signature` —
+ * The wire shape is `party: "client"` with no `server_signature` -
  * the initiator has not authenticated to the server at this point
  * and MUST NOT do so as part of an abort.
  *

package/dist/handshake/abort.js

@@ -38,7 +38,7 @@ export function isChallengeInvalid(err) {
 /**
  * Build an unsigned client-initiator abort message per §2.2a.6.
  *
- * The wire shape is `party: "client"` with no `server_signature` —
+ * The wire shape is `party: "client"` with no `server_signature` -
  * the initiator has not authenticated to the server at this point
  * and MUST NOT do so as part of an abort.
  *

package/dist/handshake/client_state.d.ts

@@ -3,7 +3,7 @@
  *
  * Mirror of `semp-go/handshake.Client`: a state machine the caller
  * drives over a transport. The class never performs network I/O
- * directly — the caller moves bytes between this object and the
+ * directly - the caller moves bytes between this object and the
  * underlying transport.
  *
  * Lifecycle:
@@ -90,7 +90,7 @@ export interface HandshakeClientSession {
 export { HandshakeRejectedError };
 /**
  * Stateful handshake client. One instance handles exactly one
- * handshake — discard after success or error. Re-using an instance
+ * handshake - discard after success or error. Re-using an instance
  * is a programming error (the state machine is single-shot).
  */
 export declare class HandshakeClient {
@@ -109,7 +109,7 @@ export declare class HandshakeClient {
     private serverIdProofSignature;
     private resumptionSecret;
     private resumeNonce;
-    /** Final session — populated by {@link onAccepted}. */
+    /** Final session - populated by {@link onAccepted}. */
     private finalSession;
     constructor(cfg: HandshakeClientConfig);
     /**
@@ -124,12 +124,12 @@ export declare class HandshakeClient {
      *
      * Throws {@link ChallengeInvalidError} when the difficulty
      * exceeds the protocol cap or the challenge has already
-     * expired — the caller follows up with a §2.2a.6 client abort.
+     * expired - the caller follows up with a §2.2a.6 client abort.
      */
     onChallenge(data: Uint8Array): Promise<Uint8Array>;
     /**
      * Process the server's RESPONSE, derive session keys, and produce
-     * CONFIRM bytes per §2.3 — §2.5. The ephemeral private key is
+     * CONFIRM bytes per §2.3 - §2.5. The ephemeral private key is
      * zeroed before return.
      */
     onResponse(data: Uint8Array): Uint8Array;

package/dist/handshake/client_state.js

@@ -3,7 +3,7 @@
  *
  * Mirror of `semp-go/handshake.Client`: a state machine the caller
  * drives over a transport. The class never performs network I/O
- * directly — the caller moves bytes between this object and the
+ * directly - the caller moves bytes between this object and the
  * underlying transport.
  *
  * Lifecycle:
@@ -55,7 +55,7 @@ const POW_HARDCAP = MaxPoWDifficulty;
 export { HandshakeRejectedError };
 /**
  * Stateful handshake client. One instance handles exactly one
- * handshake — discard after success or error. Re-using an instance
+ * handshake - discard after success or error. Re-using an instance
  * is a programming error (the state machine is single-shot).
  */
 export class HandshakeClient {
@@ -78,7 +78,7 @@ export class HandshakeClient {
     // Resume state (HANDSHAKE.md §2.8).
     resumptionSecret = null;
     resumeNonce = null;
-    /** Final session — populated by {@link onAccepted}. */
+    /** Final session - populated by {@link onAccepted}. */
     finalSession = null;
     constructor(cfg) {
         if (cfg.suite !== "x25519-chacha20-poly1305" &&
@@ -151,7 +151,7 @@ export class HandshakeClient {
      *
      * Throws {@link ChallengeInvalidError} when the difficulty
      * exceeds the protocol cap or the challenge has already
-     * expired — the caller follows up with a §2.2a.6 client abort.
+     * expired - the caller follows up with a §2.2a.6 client abort.
      */
     async onChallenge(data) {
         if (this.initCanonical === null) {
@@ -206,7 +206,7 @@ export class HandshakeClient {
     }
     /**
      * Process the server's RESPONSE, derive session keys, and produce
-     * CONFIRM bytes per §2.3 — §2.5. The ephemeral private key is
+     * CONFIRM bytes per §2.3 - §2.5. The ephemeral private key is
      * zeroed before return.
      */
     onResponse(data) {

package/dist/handshake/confirm.d.ts

@@ -11,8 +11,8 @@
 /**
  * Compute SHA-256 over the concatenation of canonical(message_1)
  * and canonical(message_2). The caller MUST pass the canonical
- * bytes — sorted keys, no insignificant whitespace, as defined in
- * ENVELOPE.md §4.3 — not the wire-format bytes.
+ * bytes - sorted keys, no insignificant whitespace, as defined in
+ * ENVELOPE.md §4.3 - not the wire-format bytes.
  *
  * The output is the 32-byte digest the client signs as part of its
  * identity proof.

package/dist/handshake/confirm.js

@@ -12,8 +12,8 @@ import { sha256 } from "@noble/hashes/sha2.js";
 /**
  * Compute SHA-256 over the concatenation of canonical(message_1)
  * and canonical(message_2). The caller MUST pass the canonical
- * bytes — sorted keys, no insignificant whitespace, as defined in
- * ENVELOPE.md §4.3 — not the wire-format bytes.
+ * bytes - sorted keys, no insignificant whitespace, as defined in
+ * ENVELOPE.md §4.3 - not the wire-format bytes.
  *
  * The output is the 32-byte digest the client signs as part of its
  * identity proof.

package/dist/handshake/driver.d.ts

@@ -76,7 +76,7 @@ export interface ClientConfig {
      * AEAD-Seal under K_enc_c2s with AAD = session_id.
      *
      * When omitted (the default), the driver leaves identity_proof
-     * empty — the higher-level client wraps runClient with its
+     * empty - the higher-level client wraps runClient with its
      * own auth supply.
      */
     identity?: {
@@ -131,7 +131,7 @@ export declare class HandshakeRejectedError extends Error {
  *
  * On error the transport is closed so the peer's pending `receive`
  * unblocks. Successful completion leaves the transport owned by
- * the returned Session — closing the Session closes the transport.
+ * the returned Session - closing the Session closes the transport.
  */
 export declare function runClient(transport: Transport, config: ClientConfig): Promise<Session>;
 //# sourceMappingURL=driver.d.ts.map

package/dist/handshake/driver.js

@@ -59,7 +59,7 @@ export class HandshakeRejectedError extends Error {
  *
  * On error the transport is closed so the peer's pending `receive`
  * unblocks. Successful completion leaves the transport owned by
- * the returned Session — closing the Session closes the transport.
+ * the returned Session - closing the Session closes the transport.
  */
 export async function runClient(transport, config) {
     if (config.suite !== "x25519-chacha20-poly1305" &&

package/dist/handshake/federation.d.ts

@@ -2,7 +2,7 @@
  * Federation handshake (server ↔ server) per HANDSHAKE.md §5.
  *
  * Two servers establish a federation session by exchanging four
- * messages — symmetric in shape to the client handshake but with
+ * messages - symmetric in shape to the client handshake but with
  * domain identity in plaintext on both sides plus a domain-proof
  * verification step:
  *
@@ -181,7 +181,7 @@ export interface FederationResume {
 /**
  * Domain-ownership verifier invoked by the responder during the
  * handshake. `verify` resolves on success; rejects (or throws) on
- * failure — the rejection reason is surfaced in
+ * failure - the rejection reason is surfaced in
  * {@link DomainVerificationResult.detail}.
  */
 export interface DomainVerifier {
@@ -189,7 +189,7 @@ export interface DomainVerifier {
 }
 /**
  * Permissive verifier that accepts every proof. Tests / single-
- * process deployments only — production MUST NOT use it.
+ * process deployments only - production MUST NOT use it.
  */
 export declare class TrustingDomainVerifier implements DomainVerifier {
     verify(): Promise<void>;
@@ -197,7 +197,7 @@ export declare class TrustingDomainVerifier implements DomainVerifier {
 /**
  * Decide which of two simultaneously-initiated federation handshakes
  * proceeds per SESSION.md §2.5.2. Both peers agree on the winner
- * without external coordination — lexicographic compare provides
+ * without external coordination - lexicographic compare provides
  * exactly this property.
  *
  * Returns the winning `session_id` (the one that proceeds).
@@ -246,7 +246,7 @@ export interface FederationInitiatorSession {
 }
 /**
  * Stateful federation initiator. Mirror of `semp-go/handshake.Initiator`.
- * Single-shot — discard after success or error.
+ * Single-shot - discard after success or error.
  */
 export declare class FederationInitiator {
     private readonly cfg;
@@ -325,7 +325,7 @@ export interface FederationResponderSession {
 }
 /**
  * Stateful federation responder. Mirror of `semp-go/handshake.Responder`.
- * Single-shot — discard after success or error.
+ * Single-shot - discard after success or error.
  */
 export declare class FederationResponder {
     private readonly cfg;

package/dist/handshake/federation.js

@@ -2,7 +2,7 @@
  * Federation handshake (server ↔ server) per HANDSHAKE.md §5.
  *
  * Two servers establish a federation session by exchanging four
- * messages — symmetric in shape to the client handshake but with
+ * messages - symmetric in shape to the client handshake but with
  * domain identity in plaintext on both sides plus a domain-proof
  * verification step:
  *
@@ -32,7 +32,7 @@ import { HandshakePrefix, HandshakeVersion, } from "./messages.js";
 export const FederationMessageType = "SEMP_HANDSHAKE";
 /**
  * Permissive verifier that accepts every proof. Tests / single-
- * process deployments only — production MUST NOT use it.
+ * process deployments only - production MUST NOT use it.
  */
 export class TrustingDomainVerifier {
     async verify() {
@@ -42,7 +42,7 @@ export class TrustingDomainVerifier {
 /**
  * Decide which of two simultaneously-initiated federation handshakes
  * proceeds per SESSION.md §2.5.2. Both peers agree on the winner
- * without external coordination — lexicographic compare provides
+ * without external coordination - lexicographic compare provides
  * exactly this property.
  *
  * Returns the winning `session_id` (the one that proceeds).
@@ -54,7 +54,7 @@ export function resolveCollision(idA, idB) {
 export const acceptAllPolicies = () => null;
 /**
  * Stateful federation initiator. Mirror of `semp-go/handshake.Initiator`.
- * Single-shot — discard after success or error.
+ * Single-shot - discard after success or error.
  */
 export class FederationInitiator {
     cfg;
@@ -374,7 +374,7 @@ export class FederationInitiator {
 }
 /**
  * Stateful federation responder. Mirror of `semp-go/handshake.Responder`.
- * Single-shot — discard after success or error.
+ * Single-shot - discard after success or error.
  */
 export class FederationResponder {
     cfg;

package/dist/handshake/first_contact.d.ts

@@ -48,7 +48,7 @@ export declare function computeFirstContactPrefix(senderDomain: string, recipien
  * trailing 32 bytes of the prefix are SHA-256 of the canonical
  * binding input.
  *
- * Does NOT verify the PoW solution itself — pair with
+ * Does NOT verify the PoW solution itself - pair with
  * `verifyChallengeSolution` from {@link "./pow"} for a full check.
  */
 export declare function verifyFirstContactBinding(prefix: Uint8Array, senderDomain: string, recipientAddress: string, postmarkId: string): boolean;

package/dist/handshake/first_contact.js

@@ -62,7 +62,7 @@ export function computeFirstContactPrefix(senderDomain, recipientAddress, postma
  * trailing 32 bytes of the prefix are SHA-256 of the canonical
  * binding input.
  *
- * Does NOT verify the PoW solution itself — pair with
+ * Does NOT verify the PoW solution itself - pair with
  * `verifyChallengeSolution` from {@link "./pow"} for a full check.
  */
 export function verifyFirstContactBinding(prefix, senderDomain, recipientAddress, postmarkId) {

package/dist/handshake/identity.d.ts

@@ -2,7 +2,7 @@
  * Identity-proof composition per HANDSHAKE.md §2.5.
  *
  * The client's CONFIRM message carries an encrypted identity-proof
- * block — a self-contained JSON object proving control of the
+ * block - a self-contained JSON object proving control of the
  * client's long-term identity key, encrypted under the freshly
  * derived `K_enc_c2s` so a passive observer sees only opaque
  * ciphertext.

package/dist/handshake/identity.js

@@ -2,7 +2,7 @@
  * Identity-proof composition per HANDSHAKE.md §2.5.
  *
  * The client's CONFIRM message carries an encrypted identity-proof
- * block — a self-contained JSON object proving control of the
+ * block - a self-contained JSON object proving control of the
  * client's long-term identity key, encrypted under the freshly
  * derived `K_enc_c2s` so a passive observer sees only opaque
  * ciphertext.

package/dist/handshake/pow.js

@@ -45,7 +45,7 @@ export function verifyChallengeSolution(prefix, challengeId, nonceB64, claimedHa
     if (nonceB64 === "") {
         return new Error("handshake: empty PoW nonce");
     }
-    // Nonce must be valid base64 — but we accept its bytes as-is in
+    // Nonce must be valid base64 - but we accept its bytes as-is in
     // the preimage (the spec hashes the base64 string, not the
     // decoded bytes).
     try {