@sempdev/semp 0.5.1 → 0.5.5

package/dist/handshake/server_state.d.ts

@@ -3,7 +3,7 @@
  *
  * Mirror of `semp-go/handshake.Server`: a state machine the caller
  * drives over a transport. The class never performs network I/O
- * directly — the caller moves bytes between this object and the
+ * directly - the caller moves bytes between this object and the
  * underlying transport.
  *
  * Lifecycle:
@@ -77,7 +77,7 @@ export declare class HandshakeServerRejectionError extends Error {
 }
 /**
  * Stateful handshake server. One instance handles exactly one
- * handshake — discard after success or error. Re-using an instance
+ * handshake - discard after success or error. Re-using an instance
  * is a programming error (the state machine is single-shot).
  */
 export declare class HandshakeServer {
@@ -96,7 +96,7 @@ export declare class HandshakeServer {
     /**
      * Process the client's INIT and produce signed RESPONSE bytes per
      * §2.2 / §2.3. Throws {@link HandshakeServerRejectionError} on
-     * suite mismatch — the rejection bytes are accessible on the
+     * suite mismatch - the rejection bytes are accessible on the
      * thrown error for the caller to transmit before closing the
      * transport.
      */

package/dist/handshake/server_state.js

@@ -3,7 +3,7 @@
  *
  * Mirror of `semp-go/handshake.Server`: a state machine the caller
  * drives over a transport. The class never performs network I/O
- * directly — the caller moves bytes between this object and the
+ * directly - the caller moves bytes between this object and the
  * underlying transport.
  *
  * Lifecycle:
@@ -55,7 +55,7 @@ export class HandshakeServerRejectionError extends Error {
 }
 /**
  * Stateful handshake server. One instance handles exactly one
- * handshake — discard after success or error. Re-using an instance
+ * handshake - discard after success or error. Re-using an instance
  * is a programming error (the state machine is single-shot).
  */
 export class HandshakeServer {
@@ -88,7 +88,7 @@ export class HandshakeServer {
     /**
      * Process the client's INIT and produce signed RESPONSE bytes per
      * §2.2 / §2.3. Throws {@link HandshakeServerRejectionError} on
-     * suite mismatch — the rejection bytes are accessible on the
+     * suite mismatch - the rejection bytes are accessible on the
      * thrown error for the caller to transmit before closing the
      * transport.
      */

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 /**
- * SEMP: Sealed Envelope Messaging Protocol — TypeScript implementation.
+ * SEMP: Sealed Envelope Messaging Protocol - TypeScript implementation.
  *
  * @see {@link https://github.com/semp-dev/semp-spec}
  *

package/dist/index.js

@@ -1,5 +1,5 @@
 /**
- * SEMP: Sealed Envelope Messaging Protocol — TypeScript implementation.
+ * SEMP: Sealed Envelope Messaging Protocol - TypeScript implementation.
  *
  * @see {@link https://github.com/semp-dev/semp-spec}
  *

package/dist/keys/compromise.d.ts

@@ -3,7 +3,7 @@
  *
  * Revoking a device with reason `key_compromise` MUST be done in
  * the same transaction as rotating to a new identity key plus a new
- * encryption key — the compromised device held the shared identity
+ * encryption key - the compromised device held the shared identity
  * private key, so the adversary holds it too. A partial cascade
  * (device revoked but identity key not rotated) leaves the account
  * vulnerable and is a specification violation.
@@ -61,7 +61,7 @@ export interface CompromiseRotationInput {
     userId: string;
     /** Device being revoked. */
     compromisedDeviceId: string;
-    /** Device producing the cascade — recorded as `revoked_by_device_id`. */
+    /** Device producing the cascade - recorded as `revoked_by_device_id`. */
     revokingDeviceId: string;
     /** 32-byte Ed25519 seed for the prior identity key. */
     priorIdentitySeed: Uint8Array;

package/dist/keys/compromise.js

@@ -3,7 +3,7 @@
  *
  * Revoking a device with reason `key_compromise` MUST be done in
  * the same transaction as rotating to a new identity key plus a new
- * encryption key — the compromised device held the shared identity
+ * encryption key - the compromised device held the shared identity
  * private key, so the adversary holds it too. A partial cascade
  * (device revoked but identity key not rotated) leaves the account
  * vulnerable and is a specification violation.

package/dist/keys/device_certificate.d.ts

@@ -115,7 +115,7 @@ export interface SignDeviceCertificateResult {
  * Compute the issuer's signature over the canonical certificate
  * bytes, then return a copy with `signature.{algorithm,key_id,value}`
  * populated. Pre-populates the algorithm + key_id BEFORE
- * canonicalization so the canonical bytes cover both — an attacker
+ * canonicalization so the canonical bytes cover both - an attacker
  * cannot downgrade the signing algorithm or forge a different
  * issuer fingerprint.
  */
@@ -124,7 +124,7 @@ export declare function signDeviceCertificate(input: SignDeviceCertificateInput)
  * Ed25519-verify a certificate's signature under `issuerPub`. Returns
  * true when the signature verifies. Does NOT cross-check that the
  * issuer is currently a registered, non-revoked full-access device
- * for the account — that requires a key directory store and is the
+ * for the account - that requires a key directory store and is the
  * caller's responsibility.
  */
 export declare function verifyDeviceCertificate(certificate: DeviceCertificate, issuerPub: Uint8Array): boolean;
@@ -153,7 +153,7 @@ export interface AddressIdentity {
 }
 /**
  * Report whether `matcher` permits sending to `recipient` per
- * §10.3.3.1. Does NOT evaluate rate limits — the caller applies
+ * §10.3.3.1. Does NOT evaluate rate limits - the caller applies
  * rate-limit tiers separately per §10.3.4.
  */
 export declare function scopeAllowsRecipient(matcher: ScopeMatcher, recipient: AddressIdentity): boolean;

package/dist/keys/device_certificate.js

@@ -39,7 +39,7 @@ export const MaxDeviceCertificateLifetimeMs = 365 * 24 * 3600 * 1000;
  * Compute the issuer's signature over the canonical certificate
  * bytes, then return a copy with `signature.{algorithm,key_id,value}`
  * populated. Pre-populates the algorithm + key_id BEFORE
- * canonicalization so the canonical bytes cover both — an attacker
+ * canonicalization so the canonical bytes cover both - an attacker
  * cannot downgrade the signing algorithm or forge a different
  * issuer fingerprint.
  */
@@ -71,7 +71,7 @@ export function signDeviceCertificate(input) {
  * Ed25519-verify a certificate's signature under `issuerPub`. Returns
  * true when the signature verifies. Does NOT cross-check that the
  * issuer is currently a registered, non-revoked full-access device
- * for the account — that requires a key directory store and is the
+ * for the account - that requires a key directory store and is the
  * caller's responsibility.
  */
 export function verifyDeviceCertificate(certificate, issuerPub) {
@@ -259,7 +259,7 @@ function validateRateLimits(tiers, path) {
 }
 /**
  * Report whether `matcher` permits sending to `recipient` per
- * §10.3.3.1. Does NOT evaluate rate limits — the caller applies
+ * §10.3.3.1. Does NOT evaluate rate limits - the caller applies
  * rate-limit tiers separately per §10.3.4.
  */
 export function scopeAllowsRecipient(matcher, recipient) {
@@ -273,7 +273,7 @@ export function scopeAllowsRecipient(matcher, recipient) {
         case "denylist":
             return !matchAny(matcher.deny ?? [], recipient);
         default:
-            // Unknown mode — fail closed.
+            // Unknown mode - fail closed.
             return false;
     }
 }

package/dist/keys/key_revocation.d.ts

@@ -1,7 +1,7 @@
 /**
  * Per-key revocation primitives per KEY.md §8.
  *
- * The published wire shape is `SEMP_KEY_REVOCATION` — a list of
+ * The published wire shape is `SEMP_KEY_REVOCATION` - a list of
  * revoked keys signed by the publishing party (a domain or a user).
  * The signature uses the `SEMP-REVOCATION:` domain-separation
  * prefix per ENVELOPE.md §4.3.
@@ -23,7 +23,7 @@ export interface PublicationSignature {
     value: string;
 }
 /**
- * Per-key revocation record per §8.4 — embedded in a key response
+ * Per-key revocation record per §8.4 - embedded in a key response
  * or in a {@link RevocationPublication}.
  */
 export interface Revocation {

package/dist/keys/key_revocation.js

@@ -1,7 +1,7 @@
 /**
  * Per-key revocation primitives per KEY.md §8.
  *
- * The published wire shape is `SEMP_KEY_REVOCATION` — a list of
+ * The published wire shape is `SEMP_KEY_REVOCATION` - a list of
  * revoked keys signed by the publishing party (a domain or a user).
  * The signature uses the `SEMP-REVOCATION:` domain-separation
  * prefix per ENVELOPE.md §4.3.

package/dist/keys/request.d.ts

@@ -15,8 +15,22 @@ export declare const KeysRequestType = "SEMP_KEYS";
 export declare const KeysRequestVersion = "1.0.0";
 /** Step discriminator for SEMP_KEYS messages. */
 export type KeysRequestStep = "request" | "response";
-/** Per-address lookup status per CLIENT.md §5.4.5. */
-export type KeysResultStatus = "found" | "not_found" | "error";
+/**
+ * Per-address lookup status per draft-gokce-semp-client §6.4. The
+ * set mirrors the submission-time status vocabulary so the client
+ * can share dispatch logic between key fetch and submission.
+ *
+ *  - "found": the home server returned a current key set.
+ *  - "not_found": the address is registered with the home server
+ *    but has no current published key.
+ *  - "legacy_required": the address belongs to a domain that does
+ *    not run SEMP; client SHOULD fall back to legacy interop.
+ *  - "recipient_not_found": no record of the address at the home
+ *    server.
+ *  - "error": the lookup failed for a transient or unspecified
+ *    reason. `error_reason` carries the diagnostic.
+ */
+export type KeysResultStatus = "found" | "not_found" | "legacy_required" | "recipient_not_found" | "error";
 /** A single key record per KEY.md §3 / §10.6. */
 export interface KeyRecord {
     algorithm: string;
@@ -53,7 +67,7 @@ export interface KeysRequest {
     type: typeof KeysRequestType;
     step: "request";
     version: string;
-    /** ULID for the request — used to correlate the response. */
+    /** ULID for the request - used to correlate the response. */
     id: string;
     /** ISO 8601 UTC. */
     timestamp: string;

package/dist/keys/request.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../src/keys/request.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,qCAAqC;AACrC,eAAO,MAAM,eAAe,cAAc,CAAC;AAE3C,+CAA+C;AAC/C,eAAO,MAAM,kBAAkB,UAAU,CAAC;AAE1C,iDAAiD;AACjD,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,UAAU,CAAC;AAErD,sDAAsD;AACtD,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,WAAW,GAAG,OAAO,CAAC;AAE/D,iDAAiD;AACjD,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yDAAyD;IACzD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8DAA8D;IAC9D,UAAU,CAAC,EAAE;QACX,MAAM,EAAE,MAAM,CAAC;QACf,oBAAoB;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,0CAA0C;QAC1C,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;CACH;AAED,gCAAgC;AAChC,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED,2CAA2C;AAC3C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,OAAO,eAAe,CAAC;IAC7B,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,6DAA6D;IAC7D,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,yEAAyE;IACzE,mBAAmB,EAAE,OAAO,CAAC;CAC9B;AAED,4CAA4C;AAC5C,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,OAAO,eAAe,CAAC;IAC7B,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,kBAAkB,EAAE,CAAC;CAC/B;AAED,sDAAsD;AACtD,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,gBAAgB,CAAC;IACzB,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uEAAuE;IACvE,UAAU,CAAC,EAAE,SAAS,CAAC;IACvB,0EAA0E;IAC1E,cAAc,CAAC,EAAE,SAAS,CAAC;IAC3B,iFAAiF;IACjF,SAAS,EAAE,SAAS,EAAE,CAAC;IACvB,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,kBAAkB,CAAC;IACtC,yEAAyE;IACzE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAC5B,EAAE,EAAE,MAAM,EACV,SAAS,EAAE,MAAM,EAAE,EACnB,KAAK,GAAE,MAAM,IAAuB,GACnC,WAAW,CAgBb;AAED,0DAA0D;AAC1D,wBAAgB,eAAe,CAC7B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,kBAAkB,EAAE,EAC7B,KAAK,GAAE,MAAM,IAAuB,GACnC,YAAY,CAYd;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,WAAW,GAAG,IAAI,CA8B1D;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;CACvC;AAED;;;;;;;;GAQG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,WAAW,GACf,OAAO,CAAC,YAAY,CAAC,CAuCvB"}
+{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../src/keys/request.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,qCAAqC;AACrC,eAAO,MAAM,eAAe,cAAc,CAAC;AAE3C,+CAA+C;AAC/C,eAAO,MAAM,kBAAkB,UAAU,CAAC;AAE1C,iDAAiD;AACjD,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,UAAU,CAAC;AAErD;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,gBAAgB,GACxB,OAAO,GACP,WAAW,GACX,iBAAiB,GACjB,qBAAqB,GACrB,OAAO,CAAC;AAEZ,iDAAiD;AACjD,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yDAAyD;IACzD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8DAA8D;IAC9D,UAAU,CAAC,EAAE;QACX,MAAM,EAAE,MAAM,CAAC;QACf,oBAAoB;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,0CAA0C;QAC1C,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;CACH;AAED,gCAAgC;AAChC,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED,2CAA2C;AAC3C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,OAAO,eAAe,CAAC;IAC7B,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,6DAA6D;IAC7D,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,yEAAyE;IACzE,mBAAmB,EAAE,OAAO,CAAC;CAC9B;AAED,4CAA4C;AAC5C,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,OAAO,eAAe,CAAC;IAC7B,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,kBAAkB,EAAE,CAAC;CAC/B;AAED,sDAAsD;AACtD,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,gBAAgB,CAAC;IACzB,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uEAAuE;IACvE,UAAU,CAAC,EAAE,SAAS,CAAC;IACvB,0EAA0E;IAC1E,cAAc,CAAC,EAAE,SAAS,CAAC;IAC3B,iFAAiF;IACjF,SAAS,EAAE,SAAS,EAAE,CAAC;IACvB,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,kBAAkB,CAAC;IACtC,yEAAyE;IACzE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAC5B,EAAE,EAAE,MAAM,EACV,SAAS,EAAE,MAAM,EAAE,EACnB,KAAK,GAAE,MAAM,IAAuB,GACnC,WAAW,CAgBb;AAED,0DAA0D;AAC1D,wBAAgB,eAAe,CAC7B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,kBAAkB,EAAE,EAC7B,KAAK,GAAE,MAAM,IAAuB,GACnC,YAAY,CAYd;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,WAAW,GAAG,IAAI,CA8B1D;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;CACvC;AAED;;;;;;;;GAQG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,WAAW,GACf,OAAO,CAAC,YAAY,CAAC,CAuCvB"}

package/dist/keys/request.js.map

@@ -1 +1 @@
-{"version":3,"file":"request.js","sourceRoot":"","sources":["../../src/keys/request.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,qCAAqC;AACrC,MAAM,CAAC,MAAM,eAAe,GAAG,WAAW,CAAC;AAE3C,+CAA+C;AAC/C,MAAM,CAAC,MAAM,kBAAkB,GAAG,OAAO,CAAC;AAqF1C;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAC5B,EAAU,EACV,SAAmB,EACnB,QAAoB,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE;IAEpC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,kBAAkB;QAC3B,EAAE;QACF,SAAS,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC;QAC7B,SAAS;QACT,mBAAmB,EAAE,IAAI;KAC1B,CAAC;AACJ,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,eAAe,CAC7B,SAAiB,EACjB,OAA6B,EAC7B,QAAoB,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE;IAEpC,IAAI,SAAS,KAAK,EAAE,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,kBAAkB;QAC3B,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC;QAC7B,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAgB;IAClD,IAAI,GAAG,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,eAAe,EAAE,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ,IAAI,GAAG,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,IAAI,OAAO,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAYD;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,MAAwB,EACxB,GAAgB;IAEhB,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;IACzC,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,yBAAyB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC5E,CAAC;IACJ,CAAC;IACD,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,IAAI;QACf,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EACrB,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,IAAI,GAAG,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,uBAAuB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,eAAe,EAAE,CAC3E,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CACb,uBAAuB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,mBAAmB,CACnE,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,qBAAqB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,2BAA2B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAC/F,CAAC;IACJ,CAAC;IACD,OAAO,GAA8B,CAAC;AACxC,CAAC;AAED,SAAS,SAAS,CAAC,CAAO;IACxB,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;AACnD,CAAC"}
+{"version":3,"file":"request.js","sourceRoot":"","sources":["../../src/keys/request.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,qCAAqC;AACrC,MAAM,CAAC,MAAM,eAAe,GAAG,WAAW,CAAC;AAE3C,+CAA+C;AAC/C,MAAM,CAAC,MAAM,kBAAkB,GAAG,OAAO,CAAC;AAwG1C;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAC5B,EAAU,EACV,SAAmB,EACnB,QAAoB,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE;IAEpC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,kBAAkB;QAC3B,EAAE;QACF,SAAS,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC;QAC7B,SAAS;QACT,mBAAmB,EAAE,IAAI;KAC1B,CAAC;AACJ,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,eAAe,CAC7B,SAAiB,EACjB,OAA6B,EAC7B,QAAoB,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE;IAEpC,IAAI,SAAS,KAAK,EAAE,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,kBAAkB;QAC3B,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC;QAC7B,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAgB;IAClD,IAAI,GAAG,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,eAAe,EAAE,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ,IAAI,GAAG,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,IAAI,OAAO,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAYD;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,MAAwB,EACxB,GAAgB;IAEhB,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;IACzC,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,yBAAyB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC5E,CAAC;IACJ,CAAC;IACD,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,IAAI;QACf,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EACrB,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,IAAI,GAAG,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,uBAAuB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,eAAe,EAAE,CAC3E,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CACb,uBAAuB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,mBAAmB,CACnE,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,qBAAqB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,2BAA2B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAC/F,CAAC;IACJ,CAAC;IACD,OAAO,GAA8B,CAAC;AACxC,CAAC;AAED,SAAS,SAAS,CAAC,CAAO;IACxB,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;AACnD,CAAC"}

package/dist/keys/sign.d.ts

@@ -41,7 +41,7 @@ export declare function sign(seed: Uint8Array, message: Uint8Array): Uint8Array;
  */
 export declare function verify(publicKey: Uint8Array, signature: Uint8Array, message: Uint8Array): boolean;
 /**
- * Compute the SEMP key fingerprint per `KEY.md` §3 — SHA-256 of
+ * Compute the SEMP key fingerprint per `KEY.md` §3 - SHA-256 of
  * the raw 32-byte public key, lowercase-hex encoded. Used as the
  * `key_id` field everywhere keys are referenced.
  */

package/dist/keys/sign.js

@@ -59,7 +59,7 @@ export function verify(publicKey, signature, message) {
     }
 }
 /**
- * Compute the SEMP key fingerprint per `KEY.md` §3 — SHA-256 of
+ * Compute the SEMP key fingerprint per `KEY.md` §3 - SHA-256 of
  * the raw 32-byte public key, lowercase-hex encoded. Used as the
  * `key_id` field everywhere keys are referenced.
  */

package/dist/keys/signed.d.ts

@@ -1,10 +1,10 @@
 /**
  * Signed-document compose helpers.
  *
- * Every Ed25519-signed SEMP document — closure request, configuration
+ * Every Ed25519-signed SEMP document - closure request, configuration
  * update, user policy, migration record, sender-signature enclosure,
  * delivery receipt, transparency STH, recovery manifest, recovery
- * share, handshake response/accepted/rejected — follows the same
+ * share, handshake response/accepted/rejected - follows the same
  * shape: build the document with the signature value blanked,
  * canonicalize per ENVELOPE.md §4.3, prepend a domain-separation
  * prefix, sign with Ed25519, write the signature back into the
@@ -73,7 +73,7 @@ export interface VerifySignedDocResult {
  * Throws if the document is structurally malformed (path missing,
  * signature not a string, signature not valid base64). A successful
  * parse with a bad signature returns `{ ok: false, canonicalBlanked }`
- * — the canonical bytes are returned so callers can cross-check
+ * - the canonical bytes are returned so callers can cross-check
  * pinned `intermediates.canonical_with_blanked_signature_utf8`.
  */
 export declare function verifySignedDoc(spec: VerifySignedDocSpec): VerifySignedDocResult;

package/dist/keys/signed.js

@@ -1,10 +1,10 @@
 /**
  * Signed-document compose helpers.
  *
- * Every Ed25519-signed SEMP document — closure request, configuration
+ * Every Ed25519-signed SEMP document - closure request, configuration
  * update, user policy, migration record, sender-signature enclosure,
  * delivery receipt, transparency STH, recovery manifest, recovery
- * share, handshake response/accepted/rejected — follows the same
+ * share, handshake response/accepted/rejected - follows the same
  * shape: build the document with the signature value blanked,
  * canonicalize per ENVELOPE.md §4.3, prepend a domain-separation
  * prefix, sign with Ed25519, write the signature back into the
@@ -42,7 +42,7 @@ export function signSignedDoc(spec) {
  * Throws if the document is structurally malformed (path missing,
  * signature not a string, signature not valid base64). A successful
  * parse with a bad signature returns `{ ok: false, canonicalBlanked }`
- * — the canonical bytes are returned so callers can cross-check
+ * - the canonical bytes are returned so callers can cross-check
  * pinned `intermediates.canonical_with_blanked_signature_utf8`.
  */
 export function verifySignedDoc(spec) {

package/dist/keys/store.js

@@ -81,7 +81,7 @@ export class InMemoryKeyStore {
         return this.deviceCerts.get(deviceKeyId) ?? null;
     }
     putDeviceCertificate(cert) {
-        // Stored under the delegated device's public-key fingerprint —
+        // Stored under the delegated device's public-key fingerprint -
         // matches the LookupDeviceCertificate(fp) parameter shape used
         // by the scope-enforcement path. Callers compute the fingerprint
         // from cert.device_public_key.

package/dist/largeattachment/crypto.d.ts

@@ -22,7 +22,7 @@ export declare function deriveAttachmentKey(kEnclosure: Uint8Array, attachmentId
  * AEAD additional-data input bound into each attachment's
  * ciphertext per §3.2: canonical UTF-8 JSON of the item with
  * `ciphertext_hash`, `aead_nonce`, and `extensions` set to empty
- * values (`""`, `""`, `{}` — but `extensions` is dropped by the
+ * values (`""`, `""`, `{}` - but `extensions` is dropped by the
  * canonicalizer when it's the optional `extensions` field).
  *
  * Binding the metadata into AAD prevents an attacker from swapping

package/dist/largeattachment/crypto.js

@@ -37,7 +37,7 @@ export function deriveAttachmentKey(kEnclosure, attachmentId, outputLen) {
  * AEAD additional-data input bound into each attachment's
  * ciphertext per §3.2: canonical UTF-8 JSON of the item with
  * `ciphertext_hash`, `aead_nonce`, and `extensions` set to empty
- * values (`""`, `""`, `{}` — but `extensions` is dropped by the
+ * values (`""`, `""`, `{}` - but `extensions` is dropped by the
  * canonicalizer when it's the optional `extensions` field).
  *
  * Binding the metadata into AAD prevents an attacker from swapping
@@ -112,7 +112,7 @@ export function validateUrl(raw) {
     // URL may still reveal them. We accept IPv6 if it parses as an IP
     // and contains ':'.
     if (looksLikeIPv6(host)) {
-        return; // IPv6 literal — accepted
+        return; // IPv6 literal - accepted
     }
     if (looksLikeIPv4(host)) {
         throw new Error(`largeattachment: url host ${JSON.stringify(host)} is a bare IPv4 literal; FQDN required`);

package/dist/largeattachment/upload.d.ts

@@ -9,7 +9,7 @@ import { type Item } from "./types.js";
 export type AttachmentSuite = "x25519-chacha20-poly1305" | "pq-kyber768-x25519";
 /** Inputs to {@link encryptAttachment}. */
 export interface EncryptAttachmentInput {
-    /** Negotiated session suite — selects the AEAD per §3.2. */
+    /** Negotiated session suite - selects the AEAD per §3.2. */
     suite: AttachmentSuite;
     /** 32-byte K_enclosure from the envelope this item belongs to. */
     kEnclosure: Uint8Array;
@@ -32,7 +32,7 @@ export interface EncryptAttachmentInput {
 export interface EncryptAttachmentResult {
     /** Fully populated item ready to drop into the enclosure. */
     item: Item;
-    /** AEAD ciphertext bytes — uploaded by the caller to `item.url`. */
+    /** AEAD ciphertext bytes - uploaded by the caller to `item.url`. */
     ciphertext: Uint8Array;
 }
 /**
@@ -40,7 +40,7 @@ export interface EncryptAttachmentResult {
  * plaintext, populate the item with `ciphertext_hash` and return
  * the bytes the caller uploads to `item.url`.
  *
- * Does NOT upload anything — the caller PUTs `ciphertext` to `url`.
+ * Does NOT upload anything - the caller PUTs `ciphertext` to `url`.
  */
 export declare function encryptAttachment(input: EncryptAttachmentInput): EncryptAttachmentResult;
 /**

package/dist/largeattachment/upload.js

@@ -12,7 +12,7 @@ import { AEADChaCha20Poly1305, AEADXChaCha20Poly1305, } from "./types.js";
  * plaintext, populate the item with `ciphertext_hash` and return
  * the bytes the caller uploads to `item.url`.
  *
- * Does NOT upload anything — the caller PUTs `ciphertext` to `url`.
+ * Does NOT upload anything - the caller PUTs `ciphertext` to `url`.
  */
 export function encryptAttachment(input) {
     if (input.kEnclosure.length === 0) {

package/dist/migration/index.d.ts

@@ -7,7 +7,7 @@
  *
  * @module
  */
-export { type MigrationMode, type MigrationNotice, type MigrationNoticeRejection, type MigrationRecord, type MigrationSignatureBlock, MaxForwardingWindowMs, MigrationNoticeType, MigrationPrefix, MigrationRecordType, MigrationRecordVersion, MinForwardingWindowMs, RecommendedForwardingWindowMs, SignatureAlgorithmEd25519, } from "./types.js";
+export { type MigrationMode, type MigrationNotice, type MigrationNoticeRejection, type MigrationRecord, type MigrationSignatureBlock, MaxNoticeWindowMs, MigrationPrefix, MigrationRecordType, MigrationRecordVersion, MinNoticeWindowMs, RecommendedNoticeWindowMs, SignatureAlgorithmEd25519, } from "./types.js";
 export { checkMigratedAtBound, prepareSignatures, signNewDomain, signNewIdentity, signOldDomain, signOldIdentity, validateMigrationRecord, verifyMigrationPass, verifyMigrationRecord, } from "./sign.js";
 export { type ComposeMigrationInput, composeMigrationRecord, } from "./migration.js";
 export { type AcceptSubmissionInput, type BuildSubmissionInput, type ThirdPartyHook, type ThirdPartyPolicy, acceptSubmission, applyThirdPartyPolicy, buildSubmission, } from "./orchestrate.js";

package/dist/migration/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/migration/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,wBAAwB,EAC7B,KAAK,eAAe,EACpB,KAAK,uBAAuB,EAC5B,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,6BAA6B,EAC7B,yBAAyB,GAC1B,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,aAAa,EACb,eAAe,EACf,uBAAuB,EACvB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,KAAK,qBAAqB,EAC1B,sBAAsB,GACvB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,KAAK,qBAAqB,EAC1B,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,kBAAkB,EACvB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,KAAK,yBAAyB,EAC9B,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,KAAK,gBAAgB,EACrB,wBAAwB,GACzB,MAAM,wBAAwB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/migration/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,wBAAwB,EAC7B,KAAK,eAAe,EACpB,KAAK,uBAAuB,EAC5B,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,yBAAyB,EACzB,yBAAyB,GAC1B,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,aAAa,EACb,eAAe,EACf,uBAAuB,EACvB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,KAAK,qBAAqB,EAC1B,sBAAsB,GACvB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,KAAK,qBAAqB,EAC1B,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,kBAAkB,EACvB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,KAAK,yBAAyB,EAC9B,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,KAAK,gBAAgB,EACrB,wBAAwB,GACzB,MAAM,wBAAwB,CAAC"}

package/dist/migration/index.js

@@ -7,7 +7,7 @@
  *
  * @module
  */
-export { MaxForwardingWindowMs, MigrationNoticeType, MigrationPrefix, MigrationRecordType, MigrationRecordVersion, MinForwardingWindowMs, RecommendedForwardingWindowMs, SignatureAlgorithmEd25519, } from "./types.js";
+export { MaxNoticeWindowMs, MigrationPrefix, MigrationRecordType, MigrationRecordVersion, MinNoticeWindowMs, RecommendedNoticeWindowMs, SignatureAlgorithmEd25519, } from "./types.js";
 export { checkMigratedAtBound, prepareSignatures, signNewDomain, signNewIdentity, signOldDomain, signOldIdentity, validateMigrationRecord, verifyMigrationPass, verifyMigrationRecord, } from "./sign.js";
 export { composeMigrationRecord, } from "./migration.js";
 export { acceptSubmission, applyThirdPartyPolicy, buildSubmission, } from "./orchestrate.js";

package/dist/migration/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/migration/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAML,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,6BAA6B,EAC7B,yBAAyB,GAC1B,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,aAAa,EACb,eAAe,EACf,uBAAuB,EACvB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,WAAW,CAAC;AAEnB,OAAO,EAEL,sBAAsB,GACvB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAKL,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAGL,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAEL,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,aAAa,CAAC;AAErB,OAAO,EAEL,wBAAwB,GACzB,MAAM,wBAAwB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/migration/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAML,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,yBAAyB,EACzB,yBAAyB,GAC1B,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,aAAa,EACb,eAAe,EACf,uBAAuB,EACvB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,WAAW,CAAC;AAEnB,OAAO,EAEL,sBAAsB,GACvB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAKL,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAGL,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAEL,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,aAAa,CAAC;AAErB,OAAO,EAEL,wBAAwB,GACzB,MAAM,wBAAwB,CAAC"}

package/dist/migration/lockout.d.ts

@@ -2,9 +2,9 @@
  * Local-part lockout registry per MIGRATION.md §6.
  *
  * After a cooperative migration finalizes, the old provider MUST
- * lock out the old local-part for the duration of the forwarding
+ * lock out the old local-part for the duration of the notice
  * window so a different account cannot be reassigned the old
- * address while forwarding is still expected to honor it.
+ * address while the migration notice is still being served.
  *
  * @module
  */

package/dist/migration/lockout.js

@@ -2,9 +2,9 @@
  * Local-part lockout registry per MIGRATION.md §6.
  *
  * After a cooperative migration finalizes, the old provider MUST
- * lock out the old local-part for the duration of the forwarding
+ * lock out the old local-part for the duration of the notice
  * window so a different account cannot be reassigned the old
- * address while forwarding is still expected to honor it.
+ * address while the migration notice is still being served.
  *
  * @module
  */

package/dist/migration/migration.d.ts

@@ -18,11 +18,13 @@ export interface ComposeMigrationInput {
     /** ISO 8601 UTC timestamp the migration was effected. */
     migratedAt: string;
     /**
-     * ISO 8601 UTC timestamp until which the old domain forwards.
-     * REQUIRED when `mode === "cooperative"`. Pass null/undefined in
-     * unilateral mode to omit.
+     * ISO 8601 UTC end of the migration notice window. During this
+     * window the old provider serves migration_notice on rejections
+     * and migration_to on key fetches. REQUIRED when
+     * `mode === "cooperative"`. Pass null/undefined in unilateral
+     * mode to omit.
      */
-    forwardingWindowUntil?: string | null;
+    noticeWindowUntil?: string | null;
     oldAddress: string;
     newAddress: string;
     oldIdentityKeyId: string;

package/dist/migration/migration.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"migration.d.ts","sourceRoot":"","sources":["../../src/migration/migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AASH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,eAAe,EAGhB,MAAM,YAAY,CAAC;AAEpB,gDAAgD;AAChD,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,aAAa,CAAC;IACpB,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,UAAU,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IAEnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,UAAU,CAAC;IAE5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,8CAA8C;IAC9C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,eAAe,EAAE,UAAU,CAAC;IAE5B,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,UAAU,CAAC;IAE1B,6BAA6B;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,6BAA6B;IAC7B,aAAa,CAAC,EAAE,UAAU,CAAC;IAE3B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,qBAAqB,GAC3B,eAAe,CAgDjB;AAGD,OAAO,EAAE,eAAe,EAAE,CAAC"}
+{"version":3,"file":"migration.d.ts","sourceRoot":"","sources":["../../src/migration/migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AASH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,eAAe,EAGhB,MAAM,YAAY,CAAC;AAEpB,gDAAgD;AAChD,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,aAAa,CAAC;IACpB,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,UAAU,EAAE,MAAM,CAAC;IACnB;;;;;;OAMG;IACH,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IAEnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,UAAU,CAAC;IAE5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,8CAA8C;IAC9C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,eAAe,EAAE,UAAU,CAAC;IAE5B,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,UAAU,CAAC;IAE1B,6BAA6B;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,6BAA6B;IAC7B,aAAa,CAAC,EAAE,UAAU,CAAC;IAE3B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,qBAAqB,GAC3B,eAAe,CAgDjB;AAGD,OAAO,EAAE,eAAe,EAAE,CAAC"}

package/dist/migration/migration.js

@@ -26,10 +26,10 @@ export function composeMigrationRecord(input) {
         new_identity_key_id: input.newIdentityKeyId,
         new_identity_public_key: input.newIdentityPublicKey,
         migrated_at: input.migratedAt,
-        forwarding_window_until: input.forwardingWindowUntil === undefined ||
-            input.forwardingWindowUntil === ""
+        notice_window_until: input.noticeWindowUntil === undefined ||
+            input.noticeWindowUntil === ""
             ? null
-            : input.forwardingWindowUntil,
+            : input.noticeWindowUntil,
         mode: input.mode,
         old_identity_signature: { algorithm: "", key_id: "", value: "" },
         new_identity_signature: { algorithm: "", key_id: "", value: "" },

package/dist/migration/migration.js.map

@@ -1 +1 @@
-{"version":3,"file":"migration.js","sourceRoot":"","sources":["../../src/migration/migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,aAAa,EACb,eAAe,GAChB,MAAM,WAAW,CAAC;AACnB,OAAO,EAGL,eAAe,EACf,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,YAAY,CAAC;AAqCpB;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAA4B;IAE5B,MAAM,CAAC,GAAoB;QACzB,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,sBAAsB;QAC/B,SAAS,EAAE,KAAK,CAAC,QAAQ;QACzB,WAAW,EAAE,KAAK,CAAC,UAAU;QAC7B,WAAW,EAAE,KAAK,CAAC,UAAU;QAC7B,mBAAmB,EAAE,KAAK,CAAC,gBAAgB;QAC3C,mBAAmB,EAAE,KAAK,CAAC,gBAAgB;QAC3C,uBAAuB,EAAE,KAAK,CAAC,oBAAoB;QACnD,WAAW,EAAE,KAAK,CAAC,UAAU;QAC7B,uBAAuB,EACrB,KAAK,CAAC,qBAAqB,KAAK,SAAS;YACzC,KAAK,CAAC,qBAAqB,KAAK,EAAE;YAChC,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,KAAK,CAAC,qBAAqB;QACjC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,sBAAsB,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;QAChE,sBAAsB,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;QAChE,oBAAoB,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;QAC9D,oBAAoB,EAAE,IAAI;KAC3B,CAAC;IACF,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACnC,CAAC,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;IAClC,CAAC;IACD,iBAAiB,CACf,CAAC,EACD,KAAK,CAAC,gBAAgB,EACtB,KAAK,CAAC,gBAAgB,EACtB,KAAK,CAAC,cAAc,EACpB,KAAK,CAAC,cAAc,CACrB,CAAC;IACF,eAAe,CAAC,CAAC,EAAE,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAClE,eAAe,CAAC,CAAC,EAAE,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAClE,aAAa,CAAC,CAAC,EAAE,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAC5D,IAAI,KAAK,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACjC,IACE,KAAK,CAAC,aAAa,KAAK,SAAS;YACjC,KAAK,CAAC,cAAc,KAAK,SAAS;YAClC,KAAK,CAAC,cAAc,KAAK,EAAE,EAC3B,CAAC;YACD,MAAM,IAAI,KAAK,CACb,qEAAqE,CACtE,CAAC;QACJ,CAAC;QACD,aAAa,CAAC,CAAC,EAAE,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,8CAA8C;AAC9C,OAAO,EAAE,eAAe,EAAE,CAAC"}
+{"version":3,"file":"migration.js","sourceRoot":"","sources":["../../src/migration/migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,aAAa,EACb,eAAe,GAChB,MAAM,WAAW,CAAC;AACnB,OAAO,EAGL,eAAe,EACf,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,YAAY,CAAC;AAuCpB;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAA4B;IAE5B,MAAM,CAAC,GAAoB;QACzB,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,sBAAsB;QAC/B,SAAS,EAAE,KAAK,CAAC,QAAQ;QACzB,WAAW,EAAE,KAAK,CAAC,UAAU;QAC7B,WAAW,EAAE,KAAK,CAAC,UAAU;QAC7B,mBAAmB,EAAE,KAAK,CAAC,gBAAgB;QAC3C,mBAAmB,EAAE,KAAK,CAAC,gBAAgB;QAC3C,uBAAuB,EAAE,KAAK,CAAC,oBAAoB;QACnD,WAAW,EAAE,KAAK,CAAC,UAAU;QAC7B,mBAAmB,EACjB,KAAK,CAAC,iBAAiB,KAAK,SAAS;YACrC,KAAK,CAAC,iBAAiB,KAAK,EAAE;YAC5B,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,KAAK,CAAC,iBAAiB;QAC7B,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,sBAAsB,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;QAChE,sBAAsB,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;QAChE,oBAAoB,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;QAC9D,oBAAoB,EAAE,IAAI;KAC3B,CAAC;IACF,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACnC,CAAC,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;IAClC,CAAC;IACD,iBAAiB,CACf,CAAC,EACD,KAAK,CAAC,gBAAgB,EACtB,KAAK,CAAC,gBAAgB,EACtB,KAAK,CAAC,cAAc,EACpB,KAAK,CAAC,cAAc,CACrB,CAAC;IACF,eAAe,CAAC,CAAC,EAAE,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAClE,eAAe,CAAC,CAAC,EAAE,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAClE,aAAa,CAAC,CAAC,EAAE,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAC5D,IAAI,KAAK,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACjC,IACE,KAAK,CAAC,aAAa,KAAK,SAAS;YACjC,KAAK,CAAC,cAAc,KAAK,SAAS;YAClC,KAAK,CAAC,cAAc,KAAK,EAAE,EAC3B,CAAC;YACD,MAAM,IAAI,KAAK,CACb,qEAAqE,CACtE,CAAC;QACJ,CAAC;QACD,aAAa,CAAC,CAAC,EAAE,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,8CAA8C;AAC9C,OAAO,EAAE,eAAe,EAAE,CAAC"}

package/dist/migration/notice.d.ts

@@ -1,10 +1,16 @@
 /**
- * Migration notice messages per MIGRATION.md §4.
+ * Migration notice body construction per MIGRATION.md §5.3.
  *
- * A `SEMP_MIGRATION_NOTICE` is what a server returns to a sender
- * that attempted to deliver to a migrated address. It carries a
- * pointer to the published migration record (URL + record_id) so
- * the sender's stack can fetch and verify it before redirecting.
+ * The migration notice is a body field attached to a
+ * policy_forbidden envelope rejection that the old provider emits
+ * during the migration notice window. It points the sender at the
+ * recipient's new address and at the published migration record
+ * (URL + record_id) so the sender's stack can fetch and verify the
+ * record before redirecting.
+ *
+ * After the notice window elapses the old provider stops attaching
+ * the notice and handles the old address the same way it handles a
+ * non-existent address.
  *
  * @module
  */
@@ -12,22 +18,28 @@ import { type MigrationNotice, type MigrationNoticeRejection, type MigrationReco
 /** Inputs to {@link buildMigrationNotice}. */
 export interface BuildMigrationNoticeInput {
     record: MigrationRecord;
-    /** URL pattern with `{record_id}` placeholder, e.g. `https://old.example/migration/{record_id}`. */
-    recordUrlPattern: string;
-    /** Optional pre-assigned notice id; auto-generated when omitted. */
-    noticeId?: string;
-    /** Wall-clock; defaults to `() => new Date()`. */
-    nowFn?: () => Date;
-    /** Random source for ULID generation. */
-    rand?: (n: number) => Uint8Array;
+    /**
+     * Optional URL template the operator uses to expose published
+     * records (typically
+     * "https://<old-domain>/.well-known/semp/migration/<record_id>"
+     * per §5.3 example). When the template contains the literal
+     * "<record_id>" placeholder the record's ID is substituted;
+     * otherwise the template is used verbatim. Omit to exclude
+     * migration_record_url from the notice.
+     */
+    recordUrlPattern?: string;
 }
 /**
- * Build a {@link MigrationNotice} that points at the published
- * `record`. The notice is unsigned — the recipient sender verifies
- * the underlying record by fetching `record_url` and running
- * `verifyMigrationRecord`.
+ * Build a {@link MigrationNotice} from a published migration
+ * record. The notice is unsigned; the receiving sender verifies
+ * the underlying record by fetching migration_record_url and
+ * running `verifyMigrationRecord`.
  */
 export declare function buildMigrationNotice(input: BuildMigrationNoticeInput): MigrationNotice;
-/** Construct a rejection wrapper to refuse honoring a notice. */
-export declare function newMigrationNoticeRejection(notice: MigrationNotice, reason: string): MigrationNoticeRejection;
+/**
+ * Wrap a {@link MigrationNotice} in the §5.3 SEMP_ENVELOPE
+ * step=rejected response. The reason is a human-readable
+ * description; the spec example uses "Recipient has migrated."
+ */
+export declare function newMigrationNoticeRejection(notice: MigrationNotice, reason?: string): MigrationNoticeRejection;
 //# sourceMappingURL=notice.d.ts.map

package/dist/migration/notice.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"notice.d.ts","sourceRoot":"","sources":["../../src/migration/notice.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,wBAAwB,EAC7B,KAAK,eAAe,EAGrB,MAAM,YAAY,CAAC;AAEpB,8CAA8C;AAC9C,MAAM,WAAW,yBAAyB;IACxC,MAAM,EAAE,eAAe,CAAC;IACxB,oGAAoG;IACpG,gBAAgB,EAAE,MAAM,CAAC;IACzB,oEAAoE;IACpE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,KAAK,CAAC,EAAE,MAAM,IAAI,CAAC;IACnB,yCAAyC;IACzC,IAAI,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;CAClC;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,yBAAyB,GAC/B,eAAe,CAuBjB;AAED,iEAAiE;AACjE,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,eAAe,EACvB,MAAM,EAAE,MAAM,GACb,wBAAwB,CAE1B"}
+{"version":3,"file":"notice.d.ts","sourceRoot":"","sources":["../../src/migration/notice.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,wBAAwB,EAC7B,KAAK,eAAe,EAErB,MAAM,YAAY,CAAC;AAEpB,8CAA8C;AAC9C,MAAM,WAAW,yBAAyB;IACxC,MAAM,EAAE,eAAe,CAAC;IACxB;;;;;;;;OAQG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,yBAAyB,GAC/B,eAAe,CAcjB;AAED;;;;GAIG;AACH,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,eAAe,EACvB,MAAM,SAA4B,GACjC,wBAAwB,CAS1B"}