@sempdev/semp 0.5.2 → 0.5.5

package/dist/extensions/validation_failure.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Canonical URL path prefix at which an extension's definition
+ * document is published per EXTENSIONS.md §3.5 and RFC 8615. The
+ * full URL is
+ *   "https://<host>" + DefinitionPathPrefix + "<name>.json"
+ * where <name> is the namespace-prefixed identifier such as
+ * "semp.dev/foo" or "vendor.example.com/feature1".
+ */
+export declare const DefinitionPathPrefix = "/.well-known/semp-extensions/";
+/**
+ * Extension validation failure reporting per EXTENSIONS.md §3.9.3.
+ *
+ * Runtime validation failures across one or more extensions in an
+ * envelope are reported with the `extension_unsupported` reason
+ * code and an `errors` array carrying per-extension diagnostics.
+ * Implementations MAY stop at the first failure and report a
+ * single-entry array or continue and report all failures.
+ *
+ * @module
+ */
+/** Defined validation_failure diagnostics per §3.9.3 table. */
+export type ValidationFailureCode = "definition_unfetchable" | "definition_signature_invalid" | "data_schema_mismatch" | "placement_violation" | "authority_violation" | "dependency_unsatisfied" | "conflict_present";
+/** Single entry in the §3.9.3 `errors` array. */
+export interface ValidationFailureItem {
+    extension: string;
+    validation_failure: ValidationFailureCode;
+}
+/**
+ * Envelope-rejection wire shape carrying one or more extension
+ * validation failures. The reason_code is always
+ * `extension_unsupported`; per-rule diagnostics live in
+ * `errors[i].validation_failure`.
+ */
+export interface ValidationFailureRejection {
+    type: "SEMP_ENVELOPE";
+    step: "rejected";
+    version: string;
+    reason_code: "extension_unsupported";
+    reason: string;
+    errors: ValidationFailureItem[];
+}
+/**
+ * Wrap one or more validation failures in the §3.9.3 envelope
+ * rejection. The reason defaults to "Extension validation failed"
+ * when omitted.
+ */
+export declare function newValidationFailureRejection(items: ValidationFailureItem[], reason?: string): ValidationFailureRejection;
+//# sourceMappingURL=validation_failure.d.ts.map

package/dist/extensions/validation_failure.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation_failure.d.ts","sourceRoot":"","sources":["../../src/extensions/validation_failure.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,kCAAkC,CAAC;AAEpE;;;;;;;;;;GAUG;AAEH,+DAA+D;AAC/D,MAAM,MAAM,qBAAqB,GAC7B,wBAAwB,GACxB,8BAA8B,GAC9B,sBAAsB,GACtB,qBAAqB,GACrB,qBAAqB,GACrB,wBAAwB,GACxB,kBAAkB,CAAC;AAEvB,iDAAiD;AACjD,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,qBAAqB,CAAC;CAC3C;AAED;;;;;GAKG;AACH,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,eAAe,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,uBAAuB,CAAC;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,qBAAqB,EAAE,CAAC;CACjC;AAED;;;;GAIG;AACH,wBAAgB,6BAA6B,CAC3C,KAAK,EAAE,qBAAqB,EAAE,EAC9B,MAAM,SAAgC,GACrC,0BAA0B,CAS5B"}

package/dist/extensions/validation_failure.js

@@ -0,0 +1,25 @@
+/**
+ * Canonical URL path prefix at which an extension's definition
+ * document is published per EXTENSIONS.md §3.5 and RFC 8615. The
+ * full URL is
+ *   "https://<host>" + DefinitionPathPrefix + "<name>.json"
+ * where <name> is the namespace-prefixed identifier such as
+ * "semp.dev/foo" or "vendor.example.com/feature1".
+ */
+export const DefinitionPathPrefix = "/.well-known/semp-extensions/";
+/**
+ * Wrap one or more validation failures in the §3.9.3 envelope
+ * rejection. The reason defaults to "Extension validation failed"
+ * when omitted.
+ */
+export function newValidationFailureRejection(items, reason = "Extension validation failed") {
+    return {
+        type: "SEMP_ENVELOPE",
+        step: "rejected",
+        version: "1.0.0",
+        reason_code: "extension_unsupported",
+        reason,
+        errors: items,
+    };
+}
+//# sourceMappingURL=validation_failure.js.map

package/dist/extensions/validation_failure.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation_failure.js","sourceRoot":"","sources":["../../src/extensions/validation_failure.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,+BAA+B,CAAC;AA6CpE;;;;GAIG;AACH,MAAM,UAAU,6BAA6B,CAC3C,KAA8B,EAC9B,MAAM,GAAG,6BAA6B;IAEtC,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE,uBAAuB;QACpC,MAAM;QACN,MAAM,EAAE,KAAK;KACd,CAAC;AACJ,CAAC"}

package/dist/handshake/abort.d.ts

@@ -30,7 +30,7 @@ export declare function isChallengeInvalid(err: unknown): err is ChallengeInvali
 /**
  * Build an unsigned client-initiator abort message per §2.2a.6.
  *
- * The wire shape is `party: "client"` with no `server_signature` —
+ * The wire shape is `party: "client"` with no `server_signature` -
  * the initiator has not authenticated to the server at this point
  * and MUST NOT do so as part of an abort.
  *

package/dist/handshake/abort.js

@@ -38,7 +38,7 @@ export function isChallengeInvalid(err) {
 /**
  * Build an unsigned client-initiator abort message per §2.2a.6.
  *
- * The wire shape is `party: "client"` with no `server_signature` —
+ * The wire shape is `party: "client"` with no `server_signature` -
  * the initiator has not authenticated to the server at this point
  * and MUST NOT do so as part of an abort.
  *

package/dist/handshake/client_state.d.ts

@@ -3,7 +3,7 @@
  *
  * Mirror of `semp-go/handshake.Client`: a state machine the caller
  * drives over a transport. The class never performs network I/O
- * directly — the caller moves bytes between this object and the
+ * directly - the caller moves bytes between this object and the
  * underlying transport.
  *
  * Lifecycle:
@@ -90,7 +90,7 @@ export interface HandshakeClientSession {
 export { HandshakeRejectedError };
 /**
  * Stateful handshake client. One instance handles exactly one
- * handshake — discard after success or error. Re-using an instance
+ * handshake - discard after success or error. Re-using an instance
  * is a programming error (the state machine is single-shot).
  */
 export declare class HandshakeClient {
@@ -109,7 +109,7 @@ export declare class HandshakeClient {
     private serverIdProofSignature;
     private resumptionSecret;
     private resumeNonce;
-    /** Final session — populated by {@link onAccepted}. */
+    /** Final session - populated by {@link onAccepted}. */
     private finalSession;
     constructor(cfg: HandshakeClientConfig);
     /**
@@ -124,12 +124,12 @@ export declare class HandshakeClient {
      *
      * Throws {@link ChallengeInvalidError} when the difficulty
      * exceeds the protocol cap or the challenge has already
-     * expired — the caller follows up with a §2.2a.6 client abort.
+     * expired - the caller follows up with a §2.2a.6 client abort.
      */
     onChallenge(data: Uint8Array): Promise<Uint8Array>;
     /**
      * Process the server's RESPONSE, derive session keys, and produce
-     * CONFIRM bytes per §2.3 — §2.5. The ephemeral private key is
+     * CONFIRM bytes per §2.3 - §2.5. The ephemeral private key is
      * zeroed before return.
      */
     onResponse(data: Uint8Array): Uint8Array;

package/dist/handshake/client_state.js

@@ -3,7 +3,7 @@
  *
  * Mirror of `semp-go/handshake.Client`: a state machine the caller
  * drives over a transport. The class never performs network I/O
- * directly — the caller moves bytes between this object and the
+ * directly - the caller moves bytes between this object and the
  * underlying transport.
  *
  * Lifecycle:
@@ -55,7 +55,7 @@ const POW_HARDCAP = MaxPoWDifficulty;
 export { HandshakeRejectedError };
 /**
  * Stateful handshake client. One instance handles exactly one
- * handshake — discard after success or error. Re-using an instance
+ * handshake - discard after success or error. Re-using an instance
  * is a programming error (the state machine is single-shot).
  */
 export class HandshakeClient {
@@ -78,7 +78,7 @@ export class HandshakeClient {
     // Resume state (HANDSHAKE.md §2.8).
     resumptionSecret = null;
     resumeNonce = null;
-    /** Final session — populated by {@link onAccepted}. */
+    /** Final session - populated by {@link onAccepted}. */
     finalSession = null;
     constructor(cfg) {
         if (cfg.suite !== "x25519-chacha20-poly1305" &&
@@ -151,7 +151,7 @@ export class HandshakeClient {
      *
      * Throws {@link ChallengeInvalidError} when the difficulty
      * exceeds the protocol cap or the challenge has already
-     * expired — the caller follows up with a §2.2a.6 client abort.
+     * expired - the caller follows up with a §2.2a.6 client abort.
      */
     async onChallenge(data) {
         if (this.initCanonical === null) {
@@ -206,7 +206,7 @@ export class HandshakeClient {
     }
     /**
      * Process the server's RESPONSE, derive session keys, and produce
-     * CONFIRM bytes per §2.3 — §2.5. The ephemeral private key is
+     * CONFIRM bytes per §2.3 - §2.5. The ephemeral private key is
      * zeroed before return.
      */
     onResponse(data) {

package/dist/handshake/confirm.d.ts

@@ -11,8 +11,8 @@
 /**
  * Compute SHA-256 over the concatenation of canonical(message_1)
  * and canonical(message_2). The caller MUST pass the canonical
- * bytes — sorted keys, no insignificant whitespace, as defined in
- * ENVELOPE.md §4.3 — not the wire-format bytes.
+ * bytes - sorted keys, no insignificant whitespace, as defined in
+ * ENVELOPE.md §4.3 - not the wire-format bytes.
  *
  * The output is the 32-byte digest the client signs as part of its
  * identity proof.

package/dist/handshake/confirm.js

@@ -12,8 +12,8 @@ import { sha256 } from "@noble/hashes/sha2.js";
 /**
  * Compute SHA-256 over the concatenation of canonical(message_1)
  * and canonical(message_2). The caller MUST pass the canonical
- * bytes — sorted keys, no insignificant whitespace, as defined in
- * ENVELOPE.md §4.3 — not the wire-format bytes.
+ * bytes - sorted keys, no insignificant whitespace, as defined in
+ * ENVELOPE.md §4.3 - not the wire-format bytes.
  *
  * The output is the 32-byte digest the client signs as part of its
  * identity proof.

package/dist/handshake/driver.d.ts

@@ -76,7 +76,7 @@ export interface ClientConfig {
      * AEAD-Seal under K_enc_c2s with AAD = session_id.
      *
      * When omitted (the default), the driver leaves identity_proof
-     * empty — the higher-level client wraps runClient with its
+     * empty - the higher-level client wraps runClient with its
      * own auth supply.
      */
     identity?: {
@@ -131,7 +131,7 @@ export declare class HandshakeRejectedError extends Error {
  *
  * On error the transport is closed so the peer's pending `receive`
  * unblocks. Successful completion leaves the transport owned by
- * the returned Session — closing the Session closes the transport.
+ * the returned Session - closing the Session closes the transport.
  */
 export declare function runClient(transport: Transport, config: ClientConfig): Promise<Session>;
 //# sourceMappingURL=driver.d.ts.map

package/dist/handshake/driver.js

@@ -59,7 +59,7 @@ export class HandshakeRejectedError extends Error {
  *
  * On error the transport is closed so the peer's pending `receive`
  * unblocks. Successful completion leaves the transport owned by
- * the returned Session — closing the Session closes the transport.
+ * the returned Session - closing the Session closes the transport.
  */
 export async function runClient(transport, config) {
     if (config.suite !== "x25519-chacha20-poly1305" &&

package/dist/handshake/federation.d.ts

@@ -2,7 +2,7 @@
  * Federation handshake (server ↔ server) per HANDSHAKE.md §5.
  *
  * Two servers establish a federation session by exchanging four
- * messages — symmetric in shape to the client handshake but with
+ * messages - symmetric in shape to the client handshake but with
  * domain identity in plaintext on both sides plus a domain-proof
  * verification step:
  *
@@ -181,7 +181,7 @@ export interface FederationResume {
 /**
  * Domain-ownership verifier invoked by the responder during the
  * handshake. `verify` resolves on success; rejects (or throws) on
- * failure — the rejection reason is surfaced in
+ * failure - the rejection reason is surfaced in
  * {@link DomainVerificationResult.detail}.
  */
 export interface DomainVerifier {
@@ -189,7 +189,7 @@ export interface DomainVerifier {
 }
 /**
  * Permissive verifier that accepts every proof. Tests / single-
- * process deployments only — production MUST NOT use it.
+ * process deployments only - production MUST NOT use it.
  */
 export declare class TrustingDomainVerifier implements DomainVerifier {
     verify(): Promise<void>;
@@ -197,7 +197,7 @@ export declare class TrustingDomainVerifier implements DomainVerifier {
 /**
  * Decide which of two simultaneously-initiated federation handshakes
  * proceeds per SESSION.md §2.5.2. Both peers agree on the winner
- * without external coordination — lexicographic compare provides
+ * without external coordination - lexicographic compare provides
  * exactly this property.
  *
  * Returns the winning `session_id` (the one that proceeds).
@@ -246,7 +246,7 @@ export interface FederationInitiatorSession {
 }
 /**
  * Stateful federation initiator. Mirror of `semp-go/handshake.Initiator`.
- * Single-shot — discard after success or error.
+ * Single-shot - discard after success or error.
  */
 export declare class FederationInitiator {
     private readonly cfg;
@@ -325,7 +325,7 @@ export interface FederationResponderSession {
 }
 /**
  * Stateful federation responder. Mirror of `semp-go/handshake.Responder`.
- * Single-shot — discard after success or error.
+ * Single-shot - discard after success or error.
  */
 export declare class FederationResponder {
     private readonly cfg;

package/dist/handshake/federation.js

@@ -2,7 +2,7 @@
  * Federation handshake (server ↔ server) per HANDSHAKE.md §5.
  *
  * Two servers establish a federation session by exchanging four
- * messages — symmetric in shape to the client handshake but with
+ * messages - symmetric in shape to the client handshake but with
  * domain identity in plaintext on both sides plus a domain-proof
  * verification step:
  *
@@ -32,7 +32,7 @@ import { HandshakePrefix, HandshakeVersion, } from "./messages.js";
 export const FederationMessageType = "SEMP_HANDSHAKE";
 /**
  * Permissive verifier that accepts every proof. Tests / single-
- * process deployments only — production MUST NOT use it.
+ * process deployments only - production MUST NOT use it.
  */
 export class TrustingDomainVerifier {
     async verify() {
@@ -42,7 +42,7 @@ export class TrustingDomainVerifier {
 /**
  * Decide which of two simultaneously-initiated federation handshakes
  * proceeds per SESSION.md §2.5.2. Both peers agree on the winner
- * without external coordination — lexicographic compare provides
+ * without external coordination - lexicographic compare provides
  * exactly this property.
  *
  * Returns the winning `session_id` (the one that proceeds).
@@ -54,7 +54,7 @@ export function resolveCollision(idA, idB) {
 export const acceptAllPolicies = () => null;
 /**
  * Stateful federation initiator. Mirror of `semp-go/handshake.Initiator`.
- * Single-shot — discard after success or error.
+ * Single-shot - discard after success or error.
  */
 export class FederationInitiator {
     cfg;
@@ -374,7 +374,7 @@ export class FederationInitiator {
 }
 /**
  * Stateful federation responder. Mirror of `semp-go/handshake.Responder`.
- * Single-shot — discard after success or error.
+ * Single-shot - discard after success or error.
  */
 export class FederationResponder {
     cfg;

package/dist/handshake/first_contact.d.ts

@@ -48,7 +48,7 @@ export declare function computeFirstContactPrefix(senderDomain: string, recipien
  * trailing 32 bytes of the prefix are SHA-256 of the canonical
  * binding input.
  *
- * Does NOT verify the PoW solution itself — pair with
+ * Does NOT verify the PoW solution itself - pair with
  * `verifyChallengeSolution` from {@link "./pow"} for a full check.
  */
 export declare function verifyFirstContactBinding(prefix: Uint8Array, senderDomain: string, recipientAddress: string, postmarkId: string): boolean;

package/dist/handshake/first_contact.js

@@ -62,7 +62,7 @@ export function computeFirstContactPrefix(senderDomain, recipientAddress, postma
  * trailing 32 bytes of the prefix are SHA-256 of the canonical
  * binding input.
  *
- * Does NOT verify the PoW solution itself — pair with
+ * Does NOT verify the PoW solution itself - pair with
  * `verifyChallengeSolution` from {@link "./pow"} for a full check.
  */
 export function verifyFirstContactBinding(prefix, senderDomain, recipientAddress, postmarkId) {

package/dist/handshake/identity.d.ts

@@ -2,7 +2,7 @@
  * Identity-proof composition per HANDSHAKE.md §2.5.
  *
  * The client's CONFIRM message carries an encrypted identity-proof
- * block — a self-contained JSON object proving control of the
+ * block - a self-contained JSON object proving control of the
  * client's long-term identity key, encrypted under the freshly
  * derived `K_enc_c2s` so a passive observer sees only opaque
  * ciphertext.

package/dist/handshake/identity.js

@@ -2,7 +2,7 @@
  * Identity-proof composition per HANDSHAKE.md §2.5.
  *
  * The client's CONFIRM message carries an encrypted identity-proof
- * block — a self-contained JSON object proving control of the
+ * block - a self-contained JSON object proving control of the
  * client's long-term identity key, encrypted under the freshly
  * derived `K_enc_c2s` so a passive observer sees only opaque
  * ciphertext.

package/dist/handshake/pow.js

@@ -45,7 +45,7 @@ export function verifyChallengeSolution(prefix, challengeId, nonceB64, claimedHa
     if (nonceB64 === "") {
         return new Error("handshake: empty PoW nonce");
     }
-    // Nonce must be valid base64 — but we accept its bytes as-is in
+    // Nonce must be valid base64 - but we accept its bytes as-is in
     // the preimage (the spec hashes the base64 string, not the
     // decoded bytes).
     try {

package/dist/handshake/server_state.d.ts

@@ -3,7 +3,7 @@
  *
  * Mirror of `semp-go/handshake.Server`: a state machine the caller
  * drives over a transport. The class never performs network I/O
- * directly — the caller moves bytes between this object and the
+ * directly - the caller moves bytes between this object and the
  * underlying transport.
  *
  * Lifecycle:
@@ -77,7 +77,7 @@ export declare class HandshakeServerRejectionError extends Error {
 }
 /**
  * Stateful handshake server. One instance handles exactly one
- * handshake — discard after success or error. Re-using an instance
+ * handshake - discard after success or error. Re-using an instance
  * is a programming error (the state machine is single-shot).
  */
 export declare class HandshakeServer {
@@ -96,7 +96,7 @@ export declare class HandshakeServer {
     /**
      * Process the client's INIT and produce signed RESPONSE bytes per
      * §2.2 / §2.3. Throws {@link HandshakeServerRejectionError} on
-     * suite mismatch — the rejection bytes are accessible on the
+     * suite mismatch - the rejection bytes are accessible on the
      * thrown error for the caller to transmit before closing the
      * transport.
      */

package/dist/handshake/server_state.js

@@ -3,7 +3,7 @@
  *
  * Mirror of `semp-go/handshake.Server`: a state machine the caller
  * drives over a transport. The class never performs network I/O
- * directly — the caller moves bytes between this object and the
+ * directly - the caller moves bytes between this object and the
  * underlying transport.
  *
  * Lifecycle:
@@ -55,7 +55,7 @@ export class HandshakeServerRejectionError extends Error {
 }
 /**
  * Stateful handshake server. One instance handles exactly one
- * handshake — discard after success or error. Re-using an instance
+ * handshake - discard after success or error. Re-using an instance
  * is a programming error (the state machine is single-shot).
  */
 export class HandshakeServer {
@@ -88,7 +88,7 @@ export class HandshakeServer {
     /**
      * Process the client's INIT and produce signed RESPONSE bytes per
      * §2.2 / §2.3. Throws {@link HandshakeServerRejectionError} on
-     * suite mismatch — the rejection bytes are accessible on the
+     * suite mismatch - the rejection bytes are accessible on the
      * thrown error for the caller to transmit before closing the
      * transport.
      */

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 /**
- * SEMP: Sealed Envelope Messaging Protocol — TypeScript implementation.
+ * SEMP: Sealed Envelope Messaging Protocol - TypeScript implementation.
  *
  * @see {@link https://github.com/semp-dev/semp-spec}
  *

package/dist/index.js

@@ -1,5 +1,5 @@
 /**
- * SEMP: Sealed Envelope Messaging Protocol — TypeScript implementation.
+ * SEMP: Sealed Envelope Messaging Protocol - TypeScript implementation.
  *
  * @see {@link https://github.com/semp-dev/semp-spec}
  *

package/dist/keys/compromise.d.ts

@@ -3,7 +3,7 @@
  *
  * Revoking a device with reason `key_compromise` MUST be done in
  * the same transaction as rotating to a new identity key plus a new
- * encryption key — the compromised device held the shared identity
+ * encryption key - the compromised device held the shared identity
  * private key, so the adversary holds it too. A partial cascade
  * (device revoked but identity key not rotated) leaves the account
  * vulnerable and is a specification violation.
@@ -61,7 +61,7 @@ export interface CompromiseRotationInput {
     userId: string;
     /** Device being revoked. */
     compromisedDeviceId: string;
-    /** Device producing the cascade — recorded as `revoked_by_device_id`. */
+    /** Device producing the cascade - recorded as `revoked_by_device_id`. */
     revokingDeviceId: string;
     /** 32-byte Ed25519 seed for the prior identity key. */
     priorIdentitySeed: Uint8Array;

package/dist/keys/compromise.js

@@ -3,7 +3,7 @@
  *
  * Revoking a device with reason `key_compromise` MUST be done in
  * the same transaction as rotating to a new identity key plus a new
- * encryption key — the compromised device held the shared identity
+ * encryption key - the compromised device held the shared identity
  * private key, so the adversary holds it too. A partial cascade
  * (device revoked but identity key not rotated) leaves the account
  * vulnerable and is a specification violation.

package/dist/keys/device_certificate.d.ts

@@ -115,7 +115,7 @@ export interface SignDeviceCertificateResult {
  * Compute the issuer's signature over the canonical certificate
  * bytes, then return a copy with `signature.{algorithm,key_id,value}`
  * populated. Pre-populates the algorithm + key_id BEFORE
- * canonicalization so the canonical bytes cover both — an attacker
+ * canonicalization so the canonical bytes cover both - an attacker
  * cannot downgrade the signing algorithm or forge a different
  * issuer fingerprint.
  */
@@ -124,7 +124,7 @@ export declare function signDeviceCertificate(input: SignDeviceCertificateInput)
  * Ed25519-verify a certificate's signature under `issuerPub`. Returns
  * true when the signature verifies. Does NOT cross-check that the
  * issuer is currently a registered, non-revoked full-access device
- * for the account — that requires a key directory store and is the
+ * for the account - that requires a key directory store and is the
  * caller's responsibility.
  */
 export declare function verifyDeviceCertificate(certificate: DeviceCertificate, issuerPub: Uint8Array): boolean;
@@ -153,7 +153,7 @@ export interface AddressIdentity {
 }
 /**
  * Report whether `matcher` permits sending to `recipient` per
- * §10.3.3.1. Does NOT evaluate rate limits — the caller applies
+ * §10.3.3.1. Does NOT evaluate rate limits - the caller applies
  * rate-limit tiers separately per §10.3.4.
  */
 export declare function scopeAllowsRecipient(matcher: ScopeMatcher, recipient: AddressIdentity): boolean;

package/dist/keys/device_certificate.js

@@ -39,7 +39,7 @@ export const MaxDeviceCertificateLifetimeMs = 365 * 24 * 3600 * 1000;
  * Compute the issuer's signature over the canonical certificate
  * bytes, then return a copy with `signature.{algorithm,key_id,value}`
  * populated. Pre-populates the algorithm + key_id BEFORE
- * canonicalization so the canonical bytes cover both — an attacker
+ * canonicalization so the canonical bytes cover both - an attacker
  * cannot downgrade the signing algorithm or forge a different
  * issuer fingerprint.
  */
@@ -71,7 +71,7 @@ export function signDeviceCertificate(input) {
  * Ed25519-verify a certificate's signature under `issuerPub`. Returns
  * true when the signature verifies. Does NOT cross-check that the
  * issuer is currently a registered, non-revoked full-access device
- * for the account — that requires a key directory store and is the
+ * for the account - that requires a key directory store and is the
  * caller's responsibility.
  */
 export function verifyDeviceCertificate(certificate, issuerPub) {
@@ -259,7 +259,7 @@ function validateRateLimits(tiers, path) {
 }
 /**
  * Report whether `matcher` permits sending to `recipient` per
- * §10.3.3.1. Does NOT evaluate rate limits — the caller applies
+ * §10.3.3.1. Does NOT evaluate rate limits - the caller applies
  * rate-limit tiers separately per §10.3.4.
  */
 export function scopeAllowsRecipient(matcher, recipient) {
@@ -273,7 +273,7 @@ export function scopeAllowsRecipient(matcher, recipient) {
         case "denylist":
             return !matchAny(matcher.deny ?? [], recipient);
         default:
-            // Unknown mode — fail closed.
+            // Unknown mode - fail closed.
             return false;
     }
 }

package/dist/keys/key_revocation.d.ts

@@ -1,7 +1,7 @@
 /**
  * Per-key revocation primitives per KEY.md §8.
  *
- * The published wire shape is `SEMP_KEY_REVOCATION` — a list of
+ * The published wire shape is `SEMP_KEY_REVOCATION` - a list of
  * revoked keys signed by the publishing party (a domain or a user).
  * The signature uses the `SEMP-REVOCATION:` domain-separation
  * prefix per ENVELOPE.md §4.3.
@@ -23,7 +23,7 @@ export interface PublicationSignature {
     value: string;
 }
 /**
- * Per-key revocation record per §8.4 — embedded in a key response
+ * Per-key revocation record per §8.4 - embedded in a key response
  * or in a {@link RevocationPublication}.
  */
 export interface Revocation {

package/dist/keys/key_revocation.js

@@ -1,7 +1,7 @@
 /**
  * Per-key revocation primitives per KEY.md §8.
  *
- * The published wire shape is `SEMP_KEY_REVOCATION` — a list of
+ * The published wire shape is `SEMP_KEY_REVOCATION` - a list of
  * revoked keys signed by the publishing party (a domain or a user).
  * The signature uses the `SEMP-REVOCATION:` domain-separation
  * prefix per ENVELOPE.md §4.3.

package/dist/keys/request.d.ts

@@ -15,8 +15,22 @@ export declare const KeysRequestType = "SEMP_KEYS";
 export declare const KeysRequestVersion = "1.0.0";
 /** Step discriminator for SEMP_KEYS messages. */
 export type KeysRequestStep = "request" | "response";
-/** Per-address lookup status per CLIENT.md §5.4.5. */
-export type KeysResultStatus = "found" | "not_found" | "error";
+/**
+ * Per-address lookup status per draft-gokce-semp-client §6.4. The
+ * set mirrors the submission-time status vocabulary so the client
+ * can share dispatch logic between key fetch and submission.
+ *
+ *  - "found": the home server returned a current key set.
+ *  - "not_found": the address is registered with the home server
+ *    but has no current published key.
+ *  - "legacy_required": the address belongs to a domain that does
+ *    not run SEMP; client SHOULD fall back to legacy interop.
+ *  - "recipient_not_found": no record of the address at the home
+ *    server.
+ *  - "error": the lookup failed for a transient or unspecified
+ *    reason. `error_reason` carries the diagnostic.
+ */
+export type KeysResultStatus = "found" | "not_found" | "legacy_required" | "recipient_not_found" | "error";
 /** A single key record per KEY.md §3 / §10.6. */
 export interface KeyRecord {
     algorithm: string;
@@ -53,7 +67,7 @@ export interface KeysRequest {
     type: typeof KeysRequestType;
     step: "request";
     version: string;
-    /** ULID for the request — used to correlate the response. */
+    /** ULID for the request - used to correlate the response. */
     id: string;
     /** ISO 8601 UTC. */
     timestamp: string;

package/dist/keys/request.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../src/keys/request.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,qCAAqC;AACrC,eAAO,MAAM,eAAe,cAAc,CAAC;AAE3C,+CAA+C;AAC/C,eAAO,MAAM,kBAAkB,UAAU,CAAC;AAE1C,iDAAiD;AACjD,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,UAAU,CAAC;AAErD,sDAAsD;AACtD,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,WAAW,GAAG,OAAO,CAAC;AAE/D,iDAAiD;AACjD,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yDAAyD;IACzD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8DAA8D;IAC9D,UAAU,CAAC,EAAE;QACX,MAAM,EAAE,MAAM,CAAC;QACf,oBAAoB;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,0CAA0C;QAC1C,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;CACH;AAED,gCAAgC;AAChC,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED,2CAA2C;AAC3C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,OAAO,eAAe,CAAC;IAC7B,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,6DAA6D;IAC7D,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,yEAAyE;IACzE,mBAAmB,EAAE,OAAO,CAAC;CAC9B;AAED,4CAA4C;AAC5C,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,OAAO,eAAe,CAAC;IAC7B,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,kBAAkB,EAAE,CAAC;CAC/B;AAED,sDAAsD;AACtD,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,gBAAgB,CAAC;IACzB,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uEAAuE;IACvE,UAAU,CAAC,EAAE,SAAS,CAAC;IACvB,0EAA0E;IAC1E,cAAc,CAAC,EAAE,SAAS,CAAC;IAC3B,iFAAiF;IACjF,SAAS,EAAE,SAAS,EAAE,CAAC;IACvB,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,kBAAkB,CAAC;IACtC,yEAAyE;IACzE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAC5B,EAAE,EAAE,MAAM,EACV,SAAS,EAAE,MAAM,EAAE,EACnB,KAAK,GAAE,MAAM,IAAuB,GACnC,WAAW,CAgBb;AAED,0DAA0D;AAC1D,wBAAgB,eAAe,CAC7B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,kBAAkB,EAAE,EAC7B,KAAK,GAAE,MAAM,IAAuB,GACnC,YAAY,CAYd;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,WAAW,GAAG,IAAI,CA8B1D;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;CACvC;AAED;;;;;;;;GAQG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,WAAW,GACf,OAAO,CAAC,YAAY,CAAC,CAuCvB"}
+{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../src/keys/request.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,qCAAqC;AACrC,eAAO,MAAM,eAAe,cAAc,CAAC;AAE3C,+CAA+C;AAC/C,eAAO,MAAM,kBAAkB,UAAU,CAAC;AAE1C,iDAAiD;AACjD,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,UAAU,CAAC;AAErD;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,gBAAgB,GACxB,OAAO,GACP,WAAW,GACX,iBAAiB,GACjB,qBAAqB,GACrB,OAAO,CAAC;AAEZ,iDAAiD;AACjD,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yDAAyD;IACzD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8DAA8D;IAC9D,UAAU,CAAC,EAAE;QACX,MAAM,EAAE,MAAM,CAAC;QACf,oBAAoB;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,0CAA0C;QAC1C,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;CACH;AAED,gCAAgC;AAChC,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED,2CAA2C;AAC3C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,OAAO,eAAe,CAAC;IAC7B,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,6DAA6D;IAC7D,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,yEAAyE;IACzE,mBAAmB,EAAE,OAAO,CAAC;CAC9B;AAED,4CAA4C;AAC5C,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,OAAO,eAAe,CAAC;IAC7B,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,kBAAkB,EAAE,CAAC;CAC/B;AAED,sDAAsD;AACtD,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,gBAAgB,CAAC;IACzB,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uEAAuE;IACvE,UAAU,CAAC,EAAE,SAAS,CAAC;IACvB,0EAA0E;IAC1E,cAAc,CAAC,EAAE,SAAS,CAAC;IAC3B,iFAAiF;IACjF,SAAS,EAAE,SAAS,EAAE,CAAC;IACvB,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,kBAAkB,CAAC;IACtC,yEAAyE;IACzE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAC5B,EAAE,EAAE,MAAM,EACV,SAAS,EAAE,MAAM,EAAE,EACnB,KAAK,GAAE,MAAM,IAAuB,GACnC,WAAW,CAgBb;AAED,0DAA0D;AAC1D,wBAAgB,eAAe,CAC7B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,kBAAkB,EAAE,EAC7B,KAAK,GAAE,MAAM,IAAuB,GACnC,YAAY,CAYd;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,WAAW,GAAG,IAAI,CA8B1D;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;CACvC;AAED;;;;;;;;GAQG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,WAAW,GACf,OAAO,CAAC,YAAY,CAAC,CAuCvB"}