@sempdev/semp 0.5.1 → 0.5.5

package/dist/recovery/sign.js

@@ -9,7 +9,7 @@ import { sign as ed25519Sign, verify as ed25519Verify } from "../keys/index.js";
 import { signSignedDoc, verifySignedDoc } from "../keys/index.js";
 import { RecoveryManifestPrefix, RecoveryShareSignaturePrefix, SignatureAlgorithmEd25519, SuccessorRecordPrefix, } from "./types.js";
 // ---------------------------------------------------------------------------
-// SuccessorRecord — three-signature record per §7.3
+// SuccessorRecord - three-signature record per §7.3
 /**
  * Pre-populate the algorithm + key_id fields on all three signature
  * blocks so the canonical bytes are stable across the three signing
@@ -148,7 +148,7 @@ function canonicalSuccessorBytesElidingThreeSignatures(r) {
     return canonicalMarshal(clone);
 }
 // ---------------------------------------------------------------------------
-// RecoverySetManifest — single user-identity signature per §5.2
+// RecoverySetManifest - single user-identity signature per §5.2
 /**
  * Sign `m.signature` with the user's identity private key per §5.2.
  * Pre-populates algorithm + key_id so the canonical bytes cover them.
@@ -240,7 +240,7 @@ export function validateManifest(m, opts = {}) {
     }
 }
 // ---------------------------------------------------------------------------
-// RecoveryShareRecord — single device-identity signature per §5.3
+// RecoveryShareRecord - single device-identity signature per §5.3
 /** Sign `s.device_signature` with the device's identity private key per §5.3. */
 export function signShareRecord(s, devicePriv, deviceKeyId) {
     if (deviceKeyId === "") {

package/dist/recovery/types.d.ts

@@ -35,7 +35,7 @@ export interface RecoverySignatureBlock {
     value: string;
 }
 /**
- * SEMP_SUCCESSOR per §7.2 — links a prior identity key to a new one
+ * SEMP_SUCCESSOR per §7.2 - links a prior identity key to a new one
  * after recovery or rotation. Carries three independent signatures
  * so third-party domains can verify continuity without needing the
  * prior identity private key.
@@ -68,7 +68,7 @@ export interface RecoveryContributor {
     device_identity_pubkey: DeviceIdentityPubkey;
 }
 /**
- * SEMP_RECOVERY_SET_MANIFEST per §5.2 — binds each Shamir share
+ * SEMP_RECOVERY_SET_MANIFEST per §5.2 - binds each Shamir share
  * index to a specific device's identity public key.
  */
 export interface RecoverySetManifest {
@@ -83,7 +83,7 @@ export interface RecoverySetManifest {
     signature: RecoverySignatureBlock;
 }
 /**
- * SEMP_RECOVERY_SHARE per §5.3 — one device's holding of a Shamir
+ * SEMP_RECOVERY_SHARE per §5.3 - one device's holding of a Shamir
  * share, authenticated by the device's identity-key signature.
  */
 export interface RecoveryShareRecord {

package/dist/reputation/abuse_report.d.ts

@@ -3,7 +3,7 @@
  * §3.7.
  *
  * Abuse reports flow user → home-server over an authenticated
- * session — the handshake identifies the reporting user so the
+ * session - the handshake identifies the reporting user so the
  * report itself does NOT carry its own signature. The report's
  * evidence MAY include decrypted envelope fragments, in which case
  * an embedded {@link DisclosureAuthorization} signed by the
@@ -35,7 +35,7 @@ export interface AbuseReportInput {
 export declare function newAbuseReport(input: AbuseReportInput): AbuseReport;
 /**
  * Lookup hook used by {@link validateEvidence} to resolve a user's
- * identity public key. Returning `null` means "unknown user" —
+ * identity public key. Returning `null` means "unknown user" -
  * callers MUST treat that as a §3.7 verification failure.
  */
 export type UserKeyLookup = (user: string) => Promise<Uint8Array | null>;
@@ -44,7 +44,7 @@ export type UserKeyLookup = (user: string) => Promise<Uint8Array | null>;
  * content requires a valid {@link DisclosureAuthorization} signed
  * by the affected user.
  *
- * Metadata-only evidence is always acceptable — postmark + seal
+ * Metadata-only evidence is always acceptable - postmark + seal
  * data is verifiable from the sender's published domain key without
  * disclosing user content.
  *

package/dist/reputation/abuse_report.js

@@ -3,7 +3,7 @@
  * §3.7.
  *
  * Abuse reports flow user → home-server over an authenticated
- * session — the handshake identifies the reporting user so the
+ * session - the handshake identifies the reporting user so the
  * report itself does NOT carry its own signature. The report's
  * evidence MAY include decrypted envelope fragments, in which case
  * an embedded {@link DisclosureAuthorization} signed by the
@@ -56,7 +56,7 @@ export function newAbuseReport(input) {
  * content requires a valid {@link DisclosureAuthorization} signed
  * by the affected user.
  *
- * Metadata-only evidence is always acceptable — postmark + seal
+ * Metadata-only evidence is always acceptable - postmark + seal
  * data is verifiable from the sender's published domain key without
  * disclosing user content.
  *

package/dist/reputation/eligibility.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Publication eligibility helpers per REPUTATION.md §4.6.2 /
+ * draft-gokce-semp-delivery §11.7.
+ *
+ * A server SHOULD NOT publish an observation about a subject
+ * domain unless it has directly observed enough interaction with
+ * the subject to back the metrics. The two publisher-side gates:
+ *
+ *  - At least {@link MinPublishVolumeEnvelopes} envelopes (or
+ *    equivalent handshake attempts) observed during the window.
+ *  - At least one metrics field non-zero. Records with uniformly
+ *    zero metrics MUST NOT be published.
+ *
+ * A consumer that receives an observation violating either rule
+ * SHOULD treat the publishing observer as a candidate for
+ * `observation_record_abuse` reporting per §3.4.
+ *
+ * @module
+ */
+import type { Metrics } from "./types.js";
+/**
+ * §4.6.2 RECOMMENDED minimum number of envelopes (or handshake
+ * attempts) the observer should have observed during the window
+ * before publishing an observation about a subject domain.
+ */
+export declare const MinPublishVolumeEnvelopes = 16;
+/**
+ * Reports whether the metrics carry at least
+ * {@link MinPublishVolumeEnvelopes} envelopes or handshake
+ * attempts (post-bucketing).
+ */
+export declare function meetsPublishVolume(m: Metrics): boolean;
+/**
+ * Reports whether every metric field is zero and
+ * `abuse_categories` is empty.
+ */
+export declare function allMetricsZero(m: Metrics): boolean;
+/**
+ * Convenience predicate: true when the metrics satisfy both the
+ * volume threshold and the non-all-zero rule. Publishers SHOULD
+ * gate every outgoing observation on this check.
+ */
+export declare function eligibleForPublication(m: Metrics): boolean;
+//# sourceMappingURL=eligibility.d.ts.map

package/dist/reputation/eligibility.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"eligibility.d.ts","sourceRoot":"","sources":["../../src/reputation/eligibility.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE1C;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,KAAK,CAAC;AAE5C;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,EAAE,OAAO,GAAG,OAAO,CAMtD;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,OAAO,GAAG,OAAO,CAUlD;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,CAAC,EAAE,OAAO,GAAG,OAAO,CAE1D"}

package/dist/reputation/eligibility.js

@@ -0,0 +1,58 @@
+/**
+ * Publication eligibility helpers per REPUTATION.md §4.6.2 /
+ * draft-gokce-semp-delivery §11.7.
+ *
+ * A server SHOULD NOT publish an observation about a subject
+ * domain unless it has directly observed enough interaction with
+ * the subject to back the metrics. The two publisher-side gates:
+ *
+ *  - At least {@link MinPublishVolumeEnvelopes} envelopes (or
+ *    equivalent handshake attempts) observed during the window.
+ *  - At least one metrics field non-zero. Records with uniformly
+ *    zero metrics MUST NOT be published.
+ *
+ * A consumer that receives an observation violating either rule
+ * SHOULD treat the publishing observer as a candidate for
+ * `observation_record_abuse` reporting per §3.4.
+ *
+ * @module
+ */
+/**
+ * §4.6.2 RECOMMENDED minimum number of envelopes (or handshake
+ * attempts) the observer should have observed during the window
+ * before publishing an observation about a subject domain.
+ */
+export const MinPublishVolumeEnvelopes = 16;
+/**
+ * Reports whether the metrics carry at least
+ * {@link MinPublishVolumeEnvelopes} envelopes or handshake
+ * attempts (post-bucketing).
+ */
+export function meetsPublishVolume(m) {
+    const total = (m.envelopes_received ?? 0) +
+        (m.handshakes_completed ?? 0) +
+        (m.handshakes_rejected ?? 0);
+    return total >= MinPublishVolumeEnvelopes;
+}
+/**
+ * Reports whether every metric field is zero and
+ * `abuse_categories` is empty.
+ */
+export function allMetricsZero(m) {
+    return ((m.envelopes_received ?? 0) === 0 &&
+        (m.envelopes_rejected ?? 0) === 0 &&
+        (m.abuse_reports ?? 0) === 0 &&
+        (m.unique_senders_observed ?? 0) === 0 &&
+        (m.handshakes_completed ?? 0) === 0 &&
+        (m.handshakes_rejected ?? 0) === 0 &&
+        (m.abuse_categories === undefined || m.abuse_categories.length === 0));
+}
+/**
+ * Convenience predicate: true when the metrics satisfy both the
+ * volume threshold and the non-all-zero rule. Publishers SHOULD
+ * gate every outgoing observation on this check.
+ */
+export function eligibleForPublication(m) {
+    return meetsPublishVolume(m) && !allMetricsZero(m);
+}
+//# sourceMappingURL=eligibility.js.map

package/dist/reputation/eligibility.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"eligibility.js","sourceRoot":"","sources":["../../src/reputation/eligibility.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH;;;;GAIG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAE5C;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,CAAU;IAC3C,MAAM,KAAK,GACT,CAAC,CAAC,CAAC,kBAAkB,IAAI,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC,oBAAoB,IAAI,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC,mBAAmB,IAAI,CAAC,CAAC,CAAC;IAC/B,OAAO,KAAK,IAAI,yBAAyB,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,CAAU;IACvC,OAAO,CACL,CAAC,CAAC,CAAC,kBAAkB,IAAI,CAAC,CAAC,KAAK,CAAC;QACjC,CAAC,CAAC,CAAC,kBAAkB,IAAI,CAAC,CAAC,KAAK,CAAC;QACjC,CAAC,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,KAAK,CAAC;QAC5B,CAAC,CAAC,CAAC,uBAAuB,IAAI,CAAC,CAAC,KAAK,CAAC;QACtC,CAAC,CAAC,CAAC,oBAAoB,IAAI,CAAC,CAAC,KAAK,CAAC;QACnC,CAAC,CAAC,CAAC,mBAAmB,IAAI,CAAC,CAAC,KAAK,CAAC;QAClC,CAAC,CAAC,CAAC,gBAAgB,KAAK,SAAS,IAAI,CAAC,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC,CAAC,CACtE,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CAAC,CAAU;IAC/C,OAAO,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;AACrD,CAAC"}

package/dist/reputation/evidence.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Evidence-hash binding helpers per REPUTATION.md §5.5.1.
+ *
+ * A SEMP_TRUST_OBSERVATION that claims `evidence_available: true`
+ * carries an `evidence_hash` over the bytes returned by
+ * `evidence_uri`. A consumer MUST verify the fetched bytes against
+ * the hash before treating the evidence as authoritative; a
+ * mismatch is equivalent to a signature failure.
+ *
+ * @module
+ */
+import { type Observation } from "./types.js";
+/** Sentinel error class returned on any evidence-hash divergence. */
+export declare class EvidenceHashMismatchError extends Error {
+    constructor(message: string);
+}
+/** Sentinel error class returned on observation size violations. */
+export declare class ObservationOversizedError extends Error {
+    constructor(message: string);
+}
+/**
+ * Enforce the §4.2 rules linking `evidence_available`,
+ * `evidence_uri`, and `evidence_hash`:
+ *
+ *  - true  -> both `evidence_uri` and `evidence_hash` MUST be present.
+ *  - false -> both `evidence_uri` and `evidence_hash` MUST be absent.
+ *
+ * Throws with a descriptive message on any violation.
+ */
+export declare function validateEvidenceFields(observation: Observation): void;
+/**
+ * Verify that `evidence` hashes to the observation's
+ * `evidence_hash.value` under `evidence_hash.algorithm`. Throws
+ * {@link EvidenceHashMismatchError} on any divergence (algorithm
+ * unsupported, base64 decode failure, digest mismatch).
+ *
+ * Currently the only defined algorithm is "sha-256".
+ */
+export declare function verifyEvidenceBytes(observation: Observation, evidence: Uint8Array): void;
+/**
+ * Throw {@link ObservationOversizedError} when the canonical UTF-8
+ * JSON form of an observation exceeds {@link MaxObservationBytes}.
+ * Servers MUST run this before propagating a received observation
+ * per §4.6.1.
+ */
+export declare function checkObservationSize(canonicalBytes: Uint8Array): void;
+//# sourceMappingURL=evidence.d.ts.map

package/dist/reputation/evidence.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evidence.d.ts","sourceRoot":"","sources":["../../src/reputation/evidence.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,EAAE,KAAK,WAAW,EAAuB,MAAM,YAAY,CAAC;AAEnE,qEAAqE;AACrE,qBAAa,yBAA0B,SAAQ,KAAK;gBACtC,OAAO,EAAE,MAAM;CAI5B;AAED,oEAAoE;AACpE,qBAAa,yBAA0B,SAAQ,KAAK;gBACtC,OAAO,EAAE,MAAM;CAI5B;AAED;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,WAAW,GAAG,IAAI,CAmCrE;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,WAAW,EAAE,WAAW,EACxB,QAAQ,EAAE,UAAU,GACnB,IAAI,CAoCN;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,cAAc,EAAE,UAAU,GAAG,IAAI,CAMrE"}

package/dist/reputation/evidence.js

@@ -0,0 +1,117 @@
+/**
+ * Evidence-hash binding helpers per REPUTATION.md §5.5.1.
+ *
+ * A SEMP_TRUST_OBSERVATION that claims `evidence_available: true`
+ * carries an `evidence_hash` over the bytes returned by
+ * `evidence_uri`. A consumer MUST verify the fetched bytes against
+ * the hash before treating the evidence as authoritative; a
+ * mismatch is equivalent to a signature failure.
+ *
+ * @module
+ */
+import { sha256 } from "@noble/hashes/sha2.js";
+import { MaxObservationBytes } from "./types.js";
+/** Sentinel error class returned on any evidence-hash divergence. */
+export class EvidenceHashMismatchError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "EvidenceHashMismatchError";
+    }
+}
+/** Sentinel error class returned on observation size violations. */
+export class ObservationOversizedError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "ObservationOversizedError";
+    }
+}
+/**
+ * Enforce the §4.2 rules linking `evidence_available`,
+ * `evidence_uri`, and `evidence_hash`:
+ *
+ *  - true  -> both `evidence_uri` and `evidence_hash` MUST be present.
+ *  - false -> both `evidence_uri` and `evidence_hash` MUST be absent.
+ *
+ * Throws with a descriptive message on any violation.
+ */
+export function validateEvidenceFields(observation) {
+    if (observation.evidence_available) {
+        if (observation.evidence_uri === undefined ||
+            observation.evidence_uri === "") {
+            throw new Error("reputation: evidence_available=true requires evidence_uri");
+        }
+        if (observation.evidence_hash === undefined) {
+            throw new Error("reputation: evidence_available=true requires evidence_hash");
+        }
+        if (observation.evidence_hash.algorithm === "" ||
+            observation.evidence_hash.value === "") {
+            throw new Error("reputation: evidence_hash requires algorithm and value");
+        }
+        return;
+    }
+    if (observation.evidence_uri !== undefined) {
+        throw new Error("reputation: evidence_available=false MUST NOT carry evidence_uri");
+    }
+    if (observation.evidence_hash !== undefined) {
+        throw new Error("reputation: evidence_available=false MUST NOT carry evidence_hash");
+    }
+}
+/**
+ * Verify that `evidence` hashes to the observation's
+ * `evidence_hash.value` under `evidence_hash.algorithm`. Throws
+ * {@link EvidenceHashMismatchError} on any divergence (algorithm
+ * unsupported, base64 decode failure, digest mismatch).
+ *
+ * Currently the only defined algorithm is "sha-256".
+ */
+export function verifyEvidenceBytes(observation, evidence) {
+    if (observation.evidence_hash === undefined) {
+        throw new EvidenceHashMismatchError("reputation: observation has no evidence_hash");
+    }
+    let want;
+    try {
+        want = decodeBase64(observation.evidence_hash.value);
+    }
+    catch (err) {
+        throw new EvidenceHashMismatchError(`reputation: evidence_hash.value not base64: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    let got;
+    switch (observation.evidence_hash.algorithm) {
+        case "sha-256":
+            got = sha256(evidence);
+            break;
+        default:
+            throw new EvidenceHashMismatchError(`reputation: unsupported evidence_hash algorithm "${observation.evidence_hash.algorithm}"`);
+    }
+    if (got.length !== want.length) {
+        throw new EvidenceHashMismatchError("reputation: evidence_hash length mismatch");
+    }
+    for (let i = 0; i < got.length; i++) {
+        if (got[i] !== want[i]) {
+            throw new EvidenceHashMismatchError("reputation: evidence_hash digest does not match fetched bytes");
+        }
+    }
+}
+/**
+ * Throw {@link ObservationOversizedError} when the canonical UTF-8
+ * JSON form of an observation exceeds {@link MaxObservationBytes}.
+ * Servers MUST run this before propagating a received observation
+ * per §4.6.1.
+ */
+export function checkObservationSize(canonicalBytes) {
+    if (canonicalBytes.length > MaxObservationBytes) {
+        throw new ObservationOversizedError(`reputation: observation ${canonicalBytes.length} bytes exceeds 16 KiB cap`);
+    }
+}
+function decodeBase64(s) {
+    if (typeof Buffer !== "undefined") {
+        return new Uint8Array(Buffer.from(s, "base64"));
+    }
+    const bin = atob(s);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++) {
+        out[i] = bin.charCodeAt(i);
+    }
+    return out;
+}
+//# sourceMappingURL=evidence.js.map

package/dist/reputation/evidence.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evidence.js","sourceRoot":"","sources":["../../src/reputation/evidence.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,OAAO,EAAoB,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEnE,qEAAqE;AACrE,MAAM,OAAO,yBAA0B,SAAQ,KAAK;IAClD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAC;IAC1C,CAAC;CACF;AAED,oEAAoE;AACpE,MAAM,OAAO,yBAA0B,SAAQ,KAAK;IAClD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAC;IAC1C,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CAAC,WAAwB;IAC7D,IAAI,WAAW,CAAC,kBAAkB,EAAE,CAAC;QACnC,IACE,WAAW,CAAC,YAAY,KAAK,SAAS;YACtC,WAAW,CAAC,YAAY,KAAK,EAAE,EAC/B,CAAC;YACD,MAAM,IAAI,KAAK,CACb,2DAA2D,CAC5D,CAAC;QACJ,CAAC;QACD,IAAI,WAAW,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CACb,4DAA4D,CAC7D,CAAC;QACJ,CAAC;QACD,IACE,WAAW,CAAC,aAAa,CAAC,SAAS,KAAK,EAAE;YAC1C,WAAW,CAAC,aAAa,CAAC,KAAK,KAAK,EAAE,EACtC,CAAC;YACD,MAAM,IAAI,KAAK,CACb,wDAAwD,CACzD,CAAC;QACJ,CAAC;QACD,OAAO;IACT,CAAC;IACD,IAAI,WAAW,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;IACJ,CAAC;IACD,IAAI,WAAW,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,WAAwB,EACxB,QAAoB;IAEpB,IAAI,WAAW,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,IAAI,yBAAyB,CACjC,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IACD,IAAI,IAAgB,CAAC;IACrB,IAAI,CAAC;QACH,IAAI,GAAG,YAAY,CAAC,WAAW,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,yBAAyB,CACjC,+CAA+C,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAClG,CAAC;IACJ,CAAC;IACD,IAAI,GAAe,CAAC;IACpB,QAAQ,WAAW,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC;QAC5C,KAAK,SAAS;YACZ,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;YACvB,MAAM;QACR;YACE,MAAM,IAAI,yBAAyB,CACjC,oDAAoD,WAAW,CAAC,aAAa,CAAC,SAAS,GAAG,CAC3F,CAAC;IACN,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,IAAI,yBAAyB,CACjC,2CAA2C,CAC5C,CAAC;IACJ,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,yBAAyB,CACjC,+DAA+D,CAChE,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,cAA0B;IAC7D,IAAI,cAAc,CAAC,MAAM,GAAG,mBAAmB,EAAE,CAAC;QAChD,MAAM,IAAI,yBAAyB,CACjC,2BAA2B,cAAc,CAAC,MAAM,2BAA2B,CAC5E,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/reputation/gossip_fetch.d.ts

@@ -31,7 +31,7 @@ export interface FetchTrustObservationsOptions {
     /** Optional cancellation signal. */
     signal?: AbortSignal;
     /**
-     * Per-request timeout in milliseconds. Defaults to 10 seconds —
+     * Per-request timeout in milliseconds. Defaults to 10 seconds -
      * matches `discovery.fetchConfiguration`.
      */
     timeoutMs?: number;
@@ -52,7 +52,7 @@ export interface FetchTrustObservationsOptions {
  * return the parsed envelope.
  *
  * Per-observation signatures inside `result.observations` are NOT
- * verified — callers walk those and call
+ * verified - callers walk those and call
  * {@link "./sign".verifyObservation} on each, because different
  * observations in the same envelope MAY be signed under different
  * key_ids (e.g. after a key rotation).

package/dist/reputation/gossip_fetch.js

@@ -31,7 +31,7 @@ export const TrustGossipMaxBytes = 1 * 1024 * 1024;
  * return the parsed envelope.
  *
  * Per-observation signatures inside `result.observations` are NOT
- * verified — callers walk those and call
+ * verified - callers walk those and call
  * {@link "./sign".verifyObservation} on each, because different
  * observations in the same envelope MAY be signed under different
  * key_ids (e.g. after a key rotation).

package/dist/reputation/index.d.ts

@@ -8,7 +8,10 @@
  *
  * @module
  */
-export { type AbuseCategory, type AbuseReport, type Assessment, type DisclosureAuthorization, type DisclosureScope, type Evidence, type GossipHash, type Metrics, type Observation, type ReputationSignature, type SealedEnvelopeEvidence, type TrustObservations, type Window, AbuseReportType, MaxMetricBucket, ObservationType, ObservationsEnvelopeType, PublicationPath, Version, isKnownAbuseCategory, } from "./types.js";
+export { type AbuseCategory, type AbuseReport, type Assessment, type DisclosureAuthorization, type DisclosureScope, type Evidence, type EvidenceHash, type GossipHash, type Metrics, type Observation, type ReputationSignature, type SealedEnvelopeEvidence, type TrustObservations, type Window, AbuseReportType, MaxEvidenceBytes, MaxMetricBucket, MaxObservationBytes, ObservationType, ObservationsEnvelopeType, PublicationPath, Version, isKnownAbuseCategory, } from "./types.js";
+export { EvidenceHashMismatchError, ObservationOversizedError, checkObservationSize, validateEvidenceFields, verifyEvidenceBytes, } from "./evidence.js";
+export { MinPublishVolumeEnvelopes, allMetricsZero, eligibleForPublication, meetsPublishVolume, } from "./eligibility.js";
+export { type ReferenceEntry, type References, ReferencesPrefix, ReferencesType, ReferencesVersion, signReferences, validateReferences, verifyReferences, } from "./references.js";
 export { applyBucketing, bucketize, dedupeAbuseCategories, } from "./bucketize.js";
 export { SignatureAlgorithmEd25519, authAllowsBrief, authAllowsEnclosure, signDisclosureAuthorization, signObservation, signTrustObservations, validateAbuseReport, verifyDisclosureAuthorization, verifyObservation, verifyTrustObservations, } from "./sign.js";
 export { type Score, ObservationStore, classifyScore, } from "./observation_store.js";

package/dist/reputation/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/reputation/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,UAAU,EACf,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACpB,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,OAAO,EACZ,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,EACtB,KAAK,MAAM,EACX,eAAe,EACf,eAAe,EACf,eAAe,EACf,wBAAwB,EACxB,eAAe,EACf,OAAO,EACP,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,cAAc,EACd,SAAS,EACT,qBAAqB,GACtB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,yBAAyB,EACzB,eAAe,EACf,mBAAmB,EACnB,2BAA2B,EAC3B,eAAe,EACf,qBAAqB,EACrB,mBAAmB,EACnB,6BAA6B,EAC7B,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,KAAK,KAAK,EACV,gBAAgB,EAChB,aAAa,GACd,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,OAAO,EACL,KAAK,YAAY,EACjB,eAAe,EACf,qBAAqB,EACrB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,cAAc,GACf,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,KAAK,KAAK,EACV,cAAc,EACd,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,cAAc,EACd,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,KAAK,6BAA6B,EAClC,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/reputation/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,UAAU,EACf,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACpB,KAAK,QAAQ,EACb,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,OAAO,EACZ,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,EACtB,KAAK,MAAM,EACX,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,mBAAmB,EACnB,eAAe,EACf,wBAAwB,EACxB,eAAe,EACf,OAAO,EACP,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,oBAAoB,EACpB,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,yBAAyB,EACzB,cAAc,EACd,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,cAAc,EACd,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,cAAc,EACd,SAAS,EACT,qBAAqB,GACtB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,yBAAyB,EACzB,eAAe,EACf,mBAAmB,EACnB,2BAA2B,EAC3B,eAAe,EACf,qBAAqB,EACrB,mBAAmB,EACnB,6BAA6B,EAC7B,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,KAAK,KAAK,EACV,gBAAgB,EAChB,aAAa,GACd,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,OAAO,EACL,KAAK,YAAY,EACjB,eAAe,EACf,qBAAqB,EACrB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,cAAc,GACf,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,KAAK,KAAK,EACV,cAAc,EACd,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,cAAc,EACd,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,KAAK,6BAA6B,EAClC,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC"}

package/dist/reputation/index.js

@@ -8,7 +8,10 @@
  *
  * @module
  */
-export { AbuseReportType, MaxMetricBucket, ObservationType, ObservationsEnvelopeType, PublicationPath, Version, isKnownAbuseCategory, } from "./types.js";
+export { AbuseReportType, MaxEvidenceBytes, MaxMetricBucket, MaxObservationBytes, ObservationType, ObservationsEnvelopeType, PublicationPath, Version, isKnownAbuseCategory, } from "./types.js";
+export { EvidenceHashMismatchError, ObservationOversizedError, checkObservationSize, validateEvidenceFields, verifyEvidenceBytes, } from "./evidence.js";
+export { MinPublishVolumeEnvelopes, allMetricsZero, eligibleForPublication, meetsPublishVolume, } from "./eligibility.js";
+export { ReferencesPrefix, ReferencesType, ReferencesVersion, signReferences, validateReferences, verifyReferences, } from "./references.js";
 export { applyBucketing, bucketize, dedupeAbuseCategories, } from "./bucketize.js";
 export { SignatureAlgorithmEd25519, authAllowsBrief, authAllowsEnclosure, signDisclosureAuthorization, signObservation, signTrustObservations, validateAbuseReport, verifyDisclosureAuthorization, verifyObservation, verifyTrustObservations, } from "./sign.js";
 export { ObservationStore, classifyScore, } from "./observation_store.js";

package/dist/reputation/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/reputation/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAcL,eAAe,EACf,eAAe,EACf,eAAe,EACf,wBAAwB,EACxB,eAAe,EACf,OAAO,EACP,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,cAAc,EACd,SAAS,EACT,qBAAqB,GACtB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,yBAAyB,EACzB,eAAe,EACf,mBAAmB,EACnB,2BAA2B,EAC3B,eAAe,EACf,qBAAqB,EACrB,mBAAmB,EACnB,6BAA6B,EAC7B,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,WAAW,CAAC;AAEnB,OAAO,EAEL,gBAAgB,EAChB,aAAa,GACd,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,OAAO,EAEL,eAAe,EACf,qBAAqB,EACrB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,cAAc,GACf,MAAM,UAAU,CAAC;AAElB,OAAO,EAEL,cAAc,EACd,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,OAAO,EAGL,cAAc,EACd,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAEL,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/reputation/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAeL,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,mBAAmB,EACnB,eAAe,EACf,wBAAwB,EACxB,eAAe,EACf,OAAO,EACP,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,oBAAoB,EACpB,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,yBAAyB,EACzB,cAAc,EACd,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAGL,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,cAAc,EACd,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,cAAc,EACd,SAAS,EACT,qBAAqB,GACtB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,yBAAyB,EACzB,eAAe,EACf,mBAAmB,EACnB,2BAA2B,EAC3B,eAAe,EACf,qBAAqB,EACrB,mBAAmB,EACnB,6BAA6B,EAC7B,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,WAAW,CAAC;AAEnB,OAAO,EAEL,gBAAgB,EAChB,aAAa,GACd,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,OAAO,EAEL,eAAe,EACf,qBAAqB,EACrB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,cAAc,GACf,MAAM,UAAU,CAAC;AAElB,OAAO,EAEL,cAAc,EACd,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,OAAO,EAGL,cAAc,EACd,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAEL,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC"}

package/dist/reputation/pow.d.ts

@@ -58,7 +58,7 @@ export declare function difficultyForAssessment(a: Assessment | ""): number;
  * `ttlMs <= 0` is replaced with {@link DefaultChallengeTTLMs}.
  */
 export declare function issueChallenge(difficulty: number, ttlMs?: number, rand?: (n: number) => Uint8Array): PoWChallenge;
-/** Base64-encoded challenge prefix — what the wire carries. */
+/** Base64-encoded challenge prefix - what the wire carries. */
 export declare function challengePrefixBase64(c: PoWChallenge): string;
 /**
  * Tracks issued + redeemed challenges; prevents replay per §8.3.4.

package/dist/reputation/pow.js

@@ -75,7 +75,7 @@ export function issueChallenge(difficulty, ttlMs, rand = defaultRand) {
         expires: new Date(Date.now() + ttl),
     };
 }
-/** Base64-encoded challenge prefix — what the wire carries. */
+/** Base64-encoded challenge prefix - what the wire carries. */
 export function challengePrefixBase64(c) {
     if (typeof Buffer !== "undefined") {
         return Buffer.from(c.prefix).toString("base64");

package/dist/reputation/references.d.ts

@@ -0,0 +1,51 @@
+/**
+ * SEMP_REPUTATION_REFERENCES document per
+ * draft-gokce-semp-delivery §12.2.
+ *
+ * Lists third-party observers a subject domain points peers at
+ * when they want to cross-check the subject's reputation. The
+ * subject domain signs the document with its domain signing key
+ * under the SEMP-REPUTATION-REFERENCES: prefix; consumers verify
+ * against the published domain key.
+ *
+ * @module
+ */
+import type { Assessment, ReputationSignature } from "./types.js";
+/** Wire-level type discriminator. */
+export declare const ReferencesType = "SEMP_REPUTATION_REFERENCES";
+/** Wire-level version. */
+export declare const ReferencesVersion = "1.0.0";
+/** Domain-separation prefix for SEMP_REPUTATION_REFERENCES signatures. */
+export declare const ReferencesPrefix = "SEMP-REPUTATION-REFERENCES:";
+/** Single observer reference. */
+export interface ReferenceEntry {
+    observer: string;
+    uri: string;
+    /** ISO 8601 UTC. */
+    fetched_at: string;
+    /** Optional cached classification hint; informational. */
+    assessment?: Assessment;
+}
+/** SEMP_REPUTATION_REFERENCES record per §12.2. */
+export interface References {
+    type: typeof ReferencesType;
+    version: string;
+    domain: string;
+    references: ReferenceEntry[];
+    /** ISO 8601 UTC. */
+    timestamp: string;
+    signature: ReputationSignature;
+}
+/**
+ * Sign `r.signature` with the subject domain's signing key under
+ * the SEMP-REPUTATION-REFERENCES: prefix. Mutates r in place and
+ * returns the base64 signature value.
+ */
+export declare function signReferences(r: References, domainPriv: Uint8Array, domainKeyId: string): string;
+/** Verify `r.signature` against the subject domain's public key. */
+export declare function verifyReferences(r: References, domainPub: Uint8Array): boolean;
+/** Structural validation per §12.2. */
+export declare function validateReferences(r: References, opts?: {
+    skipSignatureCheck?: boolean;
+}): void;
+//# sourceMappingURL=references.d.ts.map

package/dist/reputation/references.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"references.d.ts","sourceRoot":"","sources":["../../src/reputation/references.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAElE,qCAAqC;AACrC,eAAO,MAAM,cAAc,+BAA+B,CAAC;AAE3D,0BAA0B;AAC1B,eAAO,MAAM,iBAAiB,UAAU,CAAC;AAEzC,0EAA0E;AAC1E,eAAO,MAAM,gBAAgB,gCAAgC,CAAC;AAE9D,iCAAiC;AACjC,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,oBAAoB;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,0DAA0D;IAC1D,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB;AAED,mDAAmD;AACnD,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,OAAO,cAAc,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,cAAc,EAAE,CAAC;IAC7B,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAC5B,CAAC,EAAE,UAAU,EACb,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE,MAAM,GAClB,MAAM,CAsBR;AAED,oEAAoE;AACpE,wBAAgB,gBAAgB,CAC9B,CAAC,EAAE,UAAU,EACb,SAAS,EAAE,UAAU,GACpB,OAAO,CAYT;AAED,uCAAuC;AACvC,wBAAgB,kBAAkB,CAChC,CAAC,EAAE,UAAU,EACb,IAAI,GAAE;IAAE,kBAAkB,CAAC,EAAE,OAAO,CAAA;CAAO,GAC1C,IAAI,CAiCN"}

package/dist/reputation/references.js

@@ -0,0 +1,95 @@
+/**
+ * SEMP_REPUTATION_REFERENCES document per
+ * draft-gokce-semp-delivery §12.2.
+ *
+ * Lists third-party observers a subject domain points peers at
+ * when they want to cross-check the subject's reputation. The
+ * subject domain signs the document with its domain signing key
+ * under the SEMP-REPUTATION-REFERENCES: prefix; consumers verify
+ * against the published domain key.
+ *
+ * @module
+ */
+import { signSignedDoc, verifySignedDoc } from "../keys/index.js";
+/** Wire-level type discriminator. */
+export const ReferencesType = "SEMP_REPUTATION_REFERENCES";
+/** Wire-level version. */
+export const ReferencesVersion = "1.0.0";
+/** Domain-separation prefix for SEMP_REPUTATION_REFERENCES signatures. */
+export const ReferencesPrefix = "SEMP-REPUTATION-REFERENCES:";
+/**
+ * Sign `r.signature` with the subject domain's signing key under
+ * the SEMP-REPUTATION-REFERENCES: prefix. Mutates r in place and
+ * returns the base64 signature value.
+ */
+export function signReferences(r, domainPriv, domainKeyId) {
+    if (domainKeyId === "") {
+        throw new Error("reputation: empty domain key_id");
+    }
+    if (r.type === "") {
+        r.type = ReferencesType;
+    }
+    if (r.version === "") {
+        r.version = ReferencesVersion;
+    }
+    validateReferences(r, { skipSignatureCheck: true });
+    r.signature.algorithm = "ed25519";
+    r.signature.key_id = domainKeyId;
+    r.signature.value = "";
+    const { signedJSON, signatureB64 } = signSignedDoc({
+        preSignJSON: r,
+        seed: domainPriv,
+        signaturePath: "signature.value",
+        prefix: ReferencesPrefix,
+    });
+    r.signature.value = signedJSON.signature.value;
+    return signatureB64;
+}
+/** Verify `r.signature` against the subject domain's public key. */
+export function verifyReferences(r, domainPub) {
+    validateReferences(r);
+    if (r.signature.value === "") {
+        return false;
+    }
+    const { ok } = verifySignedDoc({
+        signedJSON: r,
+        publicKey: domainPub,
+        signaturePath: "signature.value",
+        prefix: ReferencesPrefix,
+    });
+    return ok;
+}
+/** Structural validation per §12.2. */
+export function validateReferences(r, opts = {}) {
+    if (r.type !== ReferencesType) {
+        throw new Error(`reputation: references type ${JSON.stringify(r.type)}, want ${ReferencesType}`);
+    }
+    if (r.version === "") {
+        throw new Error("reputation: references missing version");
+    }
+    if (r.domain === "") {
+        throw new Error("reputation: references missing domain");
+    }
+    if (r.timestamp === "") {
+        throw new Error("reputation: references missing timestamp");
+    }
+    for (let i = 0; i < r.references.length; i++) {
+        const e = r.references[i];
+        if (e === undefined) {
+            continue;
+        }
+        if (e.observer === "") {
+            throw new Error(`reputation: references[${i}] missing observer`);
+        }
+        if (e.uri === "") {
+            throw new Error(`reputation: references[${i}] missing uri`);
+        }
+        if (e.fetched_at === "") {
+            throw new Error(`reputation: references[${i}] missing fetched_at`);
+        }
+    }
+    if (!opts.skipSignatureCheck && r.signature === undefined) {
+        throw new Error("reputation: references missing signature");
+    }
+}
+//# sourceMappingURL=references.js.map

package/dist/reputation/references.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"references.js","sourceRoot":"","sources":["../../src/reputation/references.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAIlE,qCAAqC;AACrC,MAAM,CAAC,MAAM,cAAc,GAAG,4BAA4B,CAAC;AAE3D,0BAA0B;AAC1B,MAAM,CAAC,MAAM,iBAAiB,GAAG,OAAO,CAAC;AAEzC,0EAA0E;AAC1E,MAAM,CAAC,MAAM,gBAAgB,GAAG,6BAA6B,CAAC;AAuB9D;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAC5B,CAAa,EACb,UAAsB,EACtB,WAAmB;IAEnB,IAAI,WAAW,KAAK,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,IAAK,CAAC,CAAC,IAAe,KAAK,EAAE,EAAE,CAAC;QAC9B,CAAC,CAAC,IAAI,GAAG,cAAc,CAAC;IAC1B,CAAC;IACD,IAAI,CAAC,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;QACrB,CAAC,CAAC,OAAO,GAAG,iBAAiB,CAAC;IAChC,CAAC;IACD,kBAAkB,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC,CAAC,SAAS,CAAC,SAAS,GAAG,SAAS,CAAC;IAClC,CAAC,CAAC,SAAS,CAAC,MAAM,GAAG,WAAW,CAAC;IACjC,CAAC,CAAC,SAAS,CAAC,KAAK,GAAG,EAAE,CAAC;IACvB,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;QACjD,WAAW,EAAE,CAAuC;QACpD,IAAI,EAAE,UAAU;QAChB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,gBAAgB;KACzB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CAAC,KAAK,GAAI,UAAU,CAAC,SAA+B,CAAC,KAAK,CAAC;IACtE,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,oEAAoE;AACpE,MAAM,UAAU,gBAAgB,CAC9B,CAAa,EACb,SAAqB;IAErB,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACtB,IAAI,CAAC,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,EAAE,EAAE,EAAE,GAAG,eAAe,CAAC;QAC7B,UAAU,EAAE,CAAuC;QACnD,SAAS,EAAE,SAAS;QACpB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,gBAAgB;KACzB,CAAC,CAAC;IACH,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,uCAAuC;AACvC,MAAM,UAAU,kBAAkB,CAChC,CAAa,EACb,OAAyC,EAAE;IAE3C,IAAI,CAAC,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CACb,+BAA+B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,cAAc,EAAE,CAChF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,CAAC,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7C,MAAM,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC1B,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;YACpB,SAAS;QACX,CAAC;QACD,IAAI,CAAC,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,oBAAoB,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,CAAC,GAAG,KAAK,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,eAAe,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,CAAC,CAAC,UAAU,KAAK,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;AACH,CAAC"}