@smonn/ids 0.4.0 → 0.6.0

package/dist/opaque-goLnFoo7.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"opaque-goLnFoo7.mjs","names":[],"sources":["../src/layouts/opaque.ts","../src/opaque-key.ts","../src/opaque.ts"],"sourcesContent":["import type { Id, Prefix } from \"../types.js\";\nimport { payloadBytesFromId, toWireId } from \"../wire/envelope.js\";\nimport { payloadBase32Length, payloadByteLength } from \"../wire/invariants.js\";\nimport { readTimestampMs, timestampByteLength, writeTimestamp } from \"../wire/timestamp-bytes.js\";\n\nconst zeroIv = new Uint8Array(payloadByteLength);\nconst pkcsPad = 0x10;\n\nfunction buildPlaintext(ms: number, rng: (target: Uint8Array) => void): Uint8Array {\n  const plaintext = new Uint8Array(payloadByteLength);\n  writeTimestamp(ms, plaintext);\n  rng(plaintext.subarray(timestampByteLength, payloadByteLength));\n  return plaintext;\n}\n\nasync function encryptPayload(key: CryptoKey, plaintext: Uint8Array): Promise<Uint8Array> {\n  const encrypted = new Uint8Array(\n    await crypto.subtle.encrypt(\n      { name: \"AES-CBC\", iv: zeroIv },\n      key,\n      plaintext as Uint8Array<ArrayBuffer>,\n    ),\n  );\n  return encrypted.subarray(0, payloadByteLength);\n}\n\n// AES-CBC strip-and-reconstruct decrypt (ADR-0004). The wire carries only C1\n// (16 bytes); C2 = AES_K(P2 XOR C1) where P2 is the PKCS#7 pad block (0x10×16).\n// Recompute C2 via CBC encrypt of (P2 XOR C1) with IV=0, then decrypt C1‖C2.\nasync function decryptPayload(key: CryptoKey, c1: Uint8Array): Promise<Uint8Array> {\n  const c2Input = new Uint8Array(payloadByteLength);\n  for (let i = 0; i < payloadByteLength; i++) c2Input[i] = pkcsPad ^ c1[i]!;\n  const c2Encrypted = new Uint8Array(\n    await crypto.subtle.encrypt(\n      { name: \"AES-CBC\", iv: zeroIv },\n      key,\n      c2Input as Uint8Array<ArrayBuffer>,\n    ),\n  );\n  const ciphertext = new Uint8Array(payloadByteLength * 2);\n  ciphertext.set(c1, 0);\n  ciphertext.set(c2Encrypted.subarray(0, payloadByteLength), payloadByteLength);\n  return new Uint8Array(\n    await crypto.subtle.decrypt(\n      { name: \"AES-CBC\", iv: zeroIv },\n      key,\n      ciphertext as Uint8Array<ArrayBuffer>,\n    ),\n  );\n}\n\nasync function extractTimestampFromId<Brand extends string>(\n  prefix: Prefix<Brand>,\n  key: CryptoKey,\n  id: Id<Brand>,\n): Promise<Date> {\n  const plaintext = await decryptPayload(key, payloadBytesFromId(prefix, id));\n  return new Date(readTimestampMs(plaintext));\n}\n\n/** Produces a canonical encrypted wire ID. Per-call plaintext/ciphertext buffers —\n * subtle dominates this path; reuse would be safe but not worth pinning to spec detail. */\nasync function generateWireId<Brand extends string>(\n  prefix: Prefix<Brand>,\n  key: CryptoKey,\n  rng: (target: Uint8Array) => void,\n  ms: number,\n): Promise<Id<Brand>> {\n  const plaintext = buildPlaintext(ms, rng);\n  const encrypted = await encryptPayload(key, plaintext);\n  return toWireId(prefix, encrypted);\n}\n\n/** Structural placeholder for JSON Schema (encrypt is async). */\nfunction schemaExample<Brand extends string>(prefix: Prefix<Brand>): string {\n  return prefix + \"0\".repeat(payloadBase32Length);\n}\n\n/** Layout ops binder for the Opaque Timestamp variant. `extractTimestampFromId` is module-private; the binder exposes `extractTimestamp` for the codec constructor. */\nexport function createOpaqueLayoutOps<Brand extends string>(\n  prefix: Prefix<Brand>,\n  key: CryptoKey,\n  rng: (target: Uint8Array) => void,\n) {\n  return {\n    generateAt: (ms: number): Promise<Id<Brand>> => generateWireId(prefix, key, rng, ms),\n    extractTimestamp: (id: Id<Brand>): Promise<Date> => extractTimestampFromId(prefix, key, id),\n    exampleWireId: (): Id<Brand> => schemaExample(prefix) as Id<Brand>,\n  };\n}\n","import { decodeBase64Url, decodeHex, encodeBase64Url, encodeHex } from \"./bytes.js\";\n\n/** Wire encoding for opaque AES key material (not Crockford base32). */\nexport type OpaqueKeyFormat = \"hex\" | \"base64url\";\n\nconst validAesKeyByteLengths = new Set([16, 24, 32]);\n\ndeclare const opaqueKeyBrand: unique symbol;\n\n/**\n * Opaque imported handle for one AES key used by the Opaque Timestamp codec.\n *\n * Holds the underlying `CryptoKey` internally; callers never access it directly.\n * Obtain handles via {@link importOpaqueKey} and pass them to\n * `createOpaqueTimestampId` as the `key` option.\n *\n * Distinct from the `WrappingKey` used by `@smonn/ids/wrapped` — one raw\n * secret must not silently serve both codecs without an explicit import.\n */\nexport type OpaqueKey = {\n  readonly [opaqueKeyBrand]: \"OpaqueKey\";\n};\n\nconst opaqueKeyInternals = new WeakMap<OpaqueKey, CryptoKey>();\n\n/**\n * Imports raw AES key bytes into an {@link OpaqueKey} handle for the Opaque\n * Timestamp codec.\n *\n * Accepts 16, 24, or 32 bytes (AES-128 / AES-192 / AES-256 strength).\n * To store or transport key material, use {@link encodeOpaqueKey} /\n * {@link decodeOpaqueKey} (`\"hex\"` or `\"base64url\"` — not Crockford base32).\n *\n * @param bytes - 16, 24, or 32 raw key bytes.\n */\nexport async function importOpaqueKey(bytes: Uint8Array): Promise<OpaqueKey> {\n  assertValidAesKeyByteLength(bytes.length);\n  const cryptoKey = await crypto.subtle.importKey(\n    \"raw\",\n    bytes as Uint8Array<ArrayBuffer>,\n    \"AES-CBC\",\n    false,\n    [\"encrypt\", \"decrypt\"],\n  );\n  const key = Object.freeze({}) as OpaqueKey;\n  opaqueKeyInternals.set(key, cryptoKey);\n  return key;\n}\n\nexport function getOpaqueKeyCryptoKey(key: OpaqueKey): CryptoKey {\n  const cryptoKey = opaqueKeyInternals.get(key);\n  if (cryptoKey === undefined) {\n    throw new Error(\"invalid opaque key\");\n  }\n  return cryptoKey;\n}\n\n/**\n * Encodes raw AES key bytes for storage in env vars or secret managers.\n *\n * @param bytes - 16, 24, or 32 raw key bytes (AES-128/192/256).\n * @param format - `hex` (lowercase) or `base64url`.\n */\nexport function encodeOpaqueKey(bytes: Uint8Array, format: OpaqueKeyFormat): string {\n  assertOpaqueKeyFormat(format);\n  assertValidAesKeyByteLength(bytes.length);\n  if (format === \"hex\") return encodeHex(bytes);\n  return encodeBase64Url(bytes);\n}\n\n/**\n * Decodes key material emitted by `encodeOpaqueKey` (or `ids keygen`) back to raw bytes.\n *\n * @param encoded - Hex or base64url string.\n * @param format - Must match how the string was encoded.\n */\nexport function decodeOpaqueKey(encoded: string, format: OpaqueKeyFormat): Uint8Array {\n  assertOpaqueKeyFormat(format);\n  let bytes: Uint8Array;\n  if (format === \"hex\") {\n    if (encoded.length === 0 || encoded.length % 2 !== 0) {\n      throw new Error(\"invalid hex key: length must be a positive even number of characters\");\n    }\n    if (!/^[0-9a-fA-F]+$/.test(encoded)) {\n      throw new Error(\"invalid hex key: expected [0-9a-fA-F] only\");\n    }\n    bytes = decodeHex(encoded);\n  } else {\n    try {\n      bytes = decodeBase64Url(encoded);\n    } catch {\n      throw new Error(\"invalid base64url key\");\n    }\n  }\n  assertValidAesKeyByteLength(bytes.length);\n  return bytes;\n}\n\nfunction assertValidAesKeyByteLength(byteLength: number): void {\n  if (!validAesKeyByteLengths.has(byteLength)) {\n    throw new Error(`invalid AES key length: expected 16, 24, or 32 bytes, got ${byteLength}`);\n  }\n}\n\nfunction assertOpaqueKeyFormat(format: unknown): asserts format is OpaqueKeyFormat {\n  if (format !== \"hex\" && format !== \"base64url\") {\n    throw new Error(\n      `invalid opaque key format: expected hex or base64url, got '${formatForError(format)}'`,\n    );\n  }\n}\n\nfunction formatForError(value: unknown): string {\n  try {\n    return String(value);\n  } catch {\n    return \"[unprintable]\";\n  }\n}\n","import { validateBrand } from \"./brand.js\";\nimport { createOpaqueLayoutOps } from \"./layouts/opaque.js\";\nimport { getOpaqueKeyCryptoKey, type OpaqueKey } from \"./opaque-key.js\";\nimport { registerBrand } from \"./registry.js\";\nimport type { Id, JsonSchema, ParseResult, Prefix, StandardSchemaProps } from \"./types.js\";\nimport { wireMethods } from \"./wire/codec-shell.js\";\n\nexport {\n  decodeOpaqueKey,\n  encodeOpaqueKey,\n  importOpaqueKey,\n  type OpaqueKey,\n  type OpaqueKeyFormat,\n} from \"./opaque-key.js\";\n\n/**\n * Configuration options for an Opaque Timestamp codec instance.\n */\nexport type OpaqueTimestampOptions = {\n  /**\n   * {@link OpaqueKey} handle for AES-CBC encryption and decryption.\n   * Obtain via {@link importOpaqueKey}.\n   */\n  key: OpaqueKey;\n  /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */\n  now?: () => number;\n  /** Writes random bytes into `target` for ID generation. Defaults to `crypto.getRandomValues`. */\n  rng?: (target: Uint8Array) => void;\n  /** If true, silences the duplicate-brand warning in non-production environments. */\n  allowDuplicateBrand?: boolean;\n};\n\n/**\n * A brand-scoped codec for generating and validating Opaque Timestamp IDs.\n *\n * Same wire shape as the Timestamp codec (`{brand}_` + 26 base32 chars) but the\n * payload is AES-CBC encrypted. `generate`, `generateAt`, and `extractTimestamp`\n * are async; parsing methods are sync. No `minIdForTime` / `maxIdForTime` —\n * encrypted payloads do not sort by creation time.\n */\nexport type OpaqueTimestampCodec<Brand extends string> = {\n  /** Produces a new canonical encrypted ID using the codec's `now` and `rng`. */\n  generate(): Promise<Id<Brand>>;\n  /** Produces a new canonical encrypted ID with timestamp bytes from `date`. Throws on invalid dates. */\n  generateAt(date: Date): Promise<Id<Brand>>;\n  /**\n   * Strict type guard: `true` only for already-canonical strings for this brand.\n   * For untrusted input, use `safeParse()` or `parse()` instead. See ADR-0003.\n   */\n  is(value: unknown): value is Id<Brand>;\n  /**\n   * Lenient parse: normalises case and Crockford aliases, returns canonical `Id<Brand>`, or throws.\n   */\n  parse(value: unknown): Id<Brand>;\n  /**\n   * Lenient parse without throwing: normalises to canonical form, or returns `{ ok: false, error }`.\n   */\n  safeParse(value: unknown): ParseResult<Brand>;\n  /**\n   * Decrypts and decodes the creation `Date` from an `Id<Brand>`. Trusts the type — use `safeParse()` at boundaries first. See ADR-0002.\n   */\n  extractTimestamp(id: Id<Brand>): Promise<Date>;\n  /** JSON Schema for the canonical wire form (`example` is a structural placeholder). */\n  toJsonSchema(): JsonSchema;\n  /** Standard Schema validate entry point. */\n  readonly \"~standard\": StandardSchemaProps<Brand>;\n};\n\nfunction defaultRng(target: Uint8Array): void {\n  crypto.getRandomValues(target as Uint8Array<ArrayBuffer>);\n}\n\n/**\n * Creates an Opaque Timestamp codec for `brand` (three lowercase a–z characters).\n *\n * @param brand - Entity type brand validated once at construction.\n * @param opts - Required `key` (an {@link OpaqueKey} from {@link importOpaqueKey}) plus\n *   optional `now`, `rng`, and `allowDuplicateBrand` overrides.\n */\nexport function createOpaqueTimestampId<Brand extends string>(\n  brand: Brand,\n  opts: OpaqueTimestampOptions,\n): OpaqueTimestampCodec<Brand> {\n  validateBrand(brand);\n  registerBrand(brand, opts.allowDuplicateBrand);\n\n  const cryptoKey = getOpaqueKeyCryptoKey(opts.key);\n  const now = opts.now ?? Date.now;\n  const rng = opts.rng ?? defaultRng;\n  const prefix: Prefix<Brand> = `${brand}_`;\n  const wire = wireMethods(prefix);\n  const layout = createOpaqueLayoutOps(prefix, cryptoKey, rng);\n\n  return {\n    generate: () => layout.generateAt(now()),\n    generateAt: (date: Date) => layout.generateAt(date.getTime()),\n    is: wire.is,\n    parse: wire.parse,\n    safeParse: wire.safeParse,\n    extractTimestamp: layout.extractTimestamp,\n    toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId()),\n    \"~standard\": wire[\"~standard\"],\n  };\n}\n"],"mappings":";;;;AAKA,MAAM,SAAS,IAAI,WAAA,EAA4B;AAC/C,MAAM,UAAU;AAEhB,SAAS,eAAe,IAAY,KAA+C;CACjF,MAAM,YAAY,IAAI,WAAA,EAA4B;CAClD,eAAe,IAAI,SAAS;CAC5B,IAAI,UAAU,SAAA,GAAA,EAA+C,CAAC;CAC9D,OAAO;AACT;AAEA,eAAe,eAAe,KAAgB,WAA4C;CAQxF,OAAO,IAPe,WACpB,MAAM,OAAO,OAAO,QAClB;EAAE,MAAM;EAAW,IAAI;CAAO,GAC9B,KACA,SACF,CAEa,CAAC,CAAC,SAAS,GAAA,EAAoB;AAChD;AAKA,eAAe,eAAe,KAAgB,IAAqC;CACjF,MAAM,UAAU,IAAI,WAAA,EAA4B;CAChD,KAAK,IAAI,IAAI,GAAG,IAAA,IAAuB,KAAK,QAAQ,KAAK,UAAU,GAAG;CACtE,MAAM,cAAc,IAAI,WACtB,MAAM,OAAO,OAAO,QAClB;EAAE,MAAM;EAAW,IAAI;CAAO,GAC9B,KACA,OACF,CACF;CACA,MAAM,aAAa,IAAI,WAAA,EAAgC;CACvD,WAAW,IAAI,IAAI,CAAC;CACpB,WAAW,IAAI,YAAY,SAAS,GAAA,EAAoB,GAAA,EAAoB;CAC5E,OAAO,IAAI,WACT,MAAM,OAAO,OAAO,QAClB;EAAE,MAAM;EAAW,IAAI;CAAO,GAC9B,KACA,UACF,CACF;AACF;AAEA,eAAe,uBACb,QACA,KACA,IACe;CACf,MAAM,YAAY,MAAM,eAAe,KAAK,mBAAmB,QAAQ,EAAE,CAAC;CAC1E,OAAO,IAAI,KAAK,gBAAgB,SAAS,CAAC;AAC5C;;;AAIA,eAAe,eACb,QACA,KACA,KACA,IACoB;CAGpB,OAAO,SAAS,QAAQ,MADA,eAAe,KADrB,eAAe,IAAI,GACe,CAAC,CACpB;AACnC;;AAGA,SAAS,cAAoC,QAA+B;CAC1E,OAAO,SAAS,IAAI,OAAO,mBAAmB;AAChD;;AAGA,SAAgB,sBACd,QACA,KACA,KACA;CACA,OAAO;EACL,aAAa,OAAmC,eAAe,QAAQ,KAAK,KAAK,EAAE;EACnF,mBAAmB,OAAiC,uBAAuB,QAAQ,KAAK,EAAE;EAC1F,qBAAgC,cAAc,MAAM;CACtD;AACF;;;ACpFA,MAAM,yBAAyB,IAAI,IAAI;CAAC;CAAI;CAAI;AAAE,CAAC;AAkBnD,MAAM,qCAAqB,IAAI,QAA8B;;;;;;;;;;;AAY7D,eAAsB,gBAAgB,OAAuC;CAC3E,4BAA4B,MAAM,MAAM;CACxC,MAAM,YAAY,MAAM,OAAO,OAAO,UACpC,OACA,OACA,WACA,OACA,CAAC,WAAW,SAAS,CACvB;CACA,MAAM,MAAM,OAAO,OAAO,CAAC,CAAC;CAC5B,mBAAmB,IAAI,KAAK,SAAS;CACrC,OAAO;AACT;AAEA,SAAgB,sBAAsB,KAA2B;CAC/D,MAAM,YAAY,mBAAmB,IAAI,GAAG;CAC5C,IAAI,cAAc,KAAA,GAChB,MAAM,IAAI,MAAM,oBAAoB;CAEtC,OAAO;AACT;;;;;;;AAQA,SAAgB,gBAAgB,OAAmB,QAAiC;CAClF,sBAAsB,MAAM;CAC5B,4BAA4B,MAAM,MAAM;CACxC,IAAI,WAAW,OAAO,OAAO,UAAU,KAAK;CAC5C,OAAO,gBAAgB,KAAK;AAC9B;;;;;;;AAQA,SAAgB,gBAAgB,SAAiB,QAAqC;CACpF,sBAAsB,MAAM;CAC5B,IAAI;CACJ,IAAI,WAAW,OAAO;EACpB,IAAI,QAAQ,WAAW,KAAK,QAAQ,SAAS,MAAM,GACjD,MAAM,IAAI,MAAM,sEAAsE;EAExF,IAAI,CAAC,iBAAiB,KAAK,OAAO,GAChC,MAAM,IAAI,MAAM,4CAA4C;EAE9D,QAAQ,UAAU,OAAO;CAC3B,OACE,IAAI;EACF,QAAQ,gBAAgB,OAAO;CACjC,QAAQ;EACN,MAAM,IAAI,MAAM,uBAAuB;CACzC;CAEF,4BAA4B,MAAM,MAAM;CACxC,OAAO;AACT;AAEA,SAAS,4BAA4B,YAA0B;CAC7D,IAAI,CAAC,uBAAuB,IAAI,UAAU,GACxC,MAAM,IAAI,MAAM,6DAA6D,YAAY;AAE7F;AAEA,SAAS,sBAAsB,QAAoD;CACjF,IAAI,WAAW,SAAS,WAAW,aACjC,MAAM,IAAI,MACR,8DAA8D,eAAe,MAAM,EAAE,EACvF;AAEJ;AAEA,SAAS,eAAe,OAAwB;CAC9C,IAAI;EACF,OAAO,OAAO,KAAK;CACrB,QAAQ;EACN,OAAO;CACT;AACF;;;AClDA,SAAS,WAAW,QAA0B;CAC5C,OAAO,gBAAgB,MAAiC;AAC1D;;;;;;;;AASA,SAAgB,wBACd,OACA,MAC6B;CAC7B,cAAc,KAAK;CACnB,cAAc,OAAO,KAAK,mBAAmB;CAE7C,MAAM,YAAY,sBAAsB,KAAK,GAAG;CAChD,MAAM,MAAM,KAAK,OAAO,KAAK;CAC7B,MAAM,MAAM,KAAK,OAAO;CACxB,MAAM,SAAwB,GAAG,MAAM;CACvC,MAAM,OAAO,YAAY,MAAM;CAC/B,MAAM,SAAS,sBAAsB,QAAQ,WAAW,GAAG;CAE3D,OAAO;EACL,gBAAgB,OAAO,WAAW,IAAI,CAAC;EACvC,aAAa,SAAe,OAAO,WAAW,KAAK,QAAQ,CAAC;EAC5D,IAAI,KAAK;EACT,OAAO,KAAK;EACZ,WAAW,KAAK;EAChB,kBAAkB,OAAO;EACzB,oBAAoB,KAAK,aAAa,OAAO,OAAO,cAAc,CAAC;EACnE,aAAa,KAAK;CACpB;AACF"}

package/dist/opaque.d.mts

@@ -3,6 +3,31 @@ import { a as StandardSchemaProps, i as ParseResult, n as JsonSchema, t as Id }
 //#region src/opaque-key.d.ts
 /** Wire encoding for opaque AES key material (not Crockford base32). */
 type OpaqueKeyFormat = "hex" | "base64url";
+declare const opaqueKeyBrand: unique symbol;
+/**
+* Opaque imported handle for one AES key used by the Opaque Timestamp codec.
+*
+* Holds the underlying `CryptoKey` internally; callers never access it directly.
+* Obtain handles via {@link importOpaqueKey} and pass them to
+* `createOpaqueTimestampId` as the `key` option.
+*
+* Distinct from the `WrappingKey` used by `@smonn/ids/wrapped` — one raw
+* secret must not silently serve both codecs without an explicit import.
+*/
+type OpaqueKey = {
+  readonly [opaqueKeyBrand]: "OpaqueKey";
+};
+/**
+* Imports raw AES key bytes into an {@link OpaqueKey} handle for the Opaque
+* Timestamp codec.
+*
+* Accepts 16, 24, or 32 bytes (AES-128 / AES-192 / AES-256 strength).
+* To store or transport key material, use {@link encodeOpaqueKey} /
+* {@link decodeOpaqueKey} (`"hex"` or `"base64url"` — not Crockford base32).
+*
+* @param bytes - 16, 24, or 32 raw key bytes.
+*/
+declare function importOpaqueKey(bytes: Uint8Array): Promise<OpaqueKey>;
 /**
 * Encodes raw AES key bytes for storage in env vars or secret managers.
 *
@@ -23,7 +48,11 @@ declare function decodeOpaqueKey(encoded: string, format: OpaqueKeyFormat): Uint
 * Configuration options for an Opaque Timestamp codec instance.
 */
 type OpaqueTimestampOptions = {
-  /** AES-CBC key used for encryption and decryption. */key: CryptoKey; /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */
+  /**
+  * {@link OpaqueKey} handle for AES-CBC encryption and decryption.
+  * Obtain via {@link importOpaqueKey}.
+  */
+  key: OpaqueKey; /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */
   now?: () => number; /** Writes random bytes into `target` for ID generation. Defaults to `crypto.getRandomValues`. */
   rng?: (target: Uint8Array) => void; /** If true, silences the duplicate-brand warning in non-production environments. */
   allowDuplicateBrand?: boolean;
@@ -60,18 +89,13 @@ type OpaqueTimestampCodec<Brand extends string> = {
   readonly "~standard": StandardSchemaProps<Brand>;
 };
 /**
-* Imports a raw AES key for use with the Opaque Timestamp codec.
-*
-* @param bytes - Raw key bytes (16, 24, or 32 bytes for AES-128/192/256).
-*/
-declare function importOpaqueKey(bytes: Uint8Array): Promise<CryptoKey>;
-/**
 * Creates an Opaque Timestamp codec for `brand` (three lowercase a–z characters).
 *
 * @param brand - Entity type brand validated once at construction.
-* @param opts - Required `key` plus optional `now`, `rng`, and `allowDuplicateBrand` overrides.
+* @param opts - Required `key` (an {@link OpaqueKey} from {@link importOpaqueKey}) plus
+*   optional `now`, `rng`, and `allowDuplicateBrand` overrides.
 */
 declare function createOpaqueTimestampId<Brand extends string>(brand: Brand, opts: OpaqueTimestampOptions): OpaqueTimestampCodec<Brand>;
 //#endregion
-export { type OpaqueKeyFormat, OpaqueTimestampCodec, OpaqueTimestampOptions, createOpaqueTimestampId, decodeOpaqueKey, encodeOpaqueKey, importOpaqueKey };
+export { type OpaqueKey, type OpaqueKeyFormat, OpaqueTimestampCodec, OpaqueTimestampOptions, createOpaqueTimestampId, decodeOpaqueKey, encodeOpaqueKey, importOpaqueKey };
 //# sourceMappingURL=opaque.d.mts.map

package/dist/opaque.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"opaque.d.mts","names":[],"sources":["../src/opaque-key.ts","../src/opaque.ts"],"mappings":";;;;KAGY,eAAA;;AAAZ;;;;AAAY;iBAUI,eAAA,CAAgB,KAAA,EAAO,UAAA,EAAY,MAAA,EAAQ,eAAA;;;;;;;iBAa3C,eAAA,CAAgB,OAAA,UAAiB,MAAA,EAAQ,eAAA,GAAkB,UAAA;;;;AAvB3E;;KCQY,sBAAA;EDRA,sDCUV,GAAA,EAAK,SAAA,EDAP;ECEE,GAAA;EAEA,GAAA,IAAO,MAAA,EAAQ,UAAA;EAEf,mBAAA;AAAA;;;ADNyD;AAa3D;;;;;KCIY,oBAAA;iFAEV,QAAA,IAAY,OAAA,CAAQ,EAAA,CAAG,KAAA,IDNkD;ECQzE,UAAA,CAAW,IAAA,EAAM,IAAA,GAAO,OAAA,CAAQ,EAAA,CAAG,KAAA;;;;AAvBrC;EA4BE,EAAA,CAAG,KAAA,YAAiB,KAAA,IAAS,EAAA,CAAG,KAAA;;;;EAIhC,KAAA,CAAM,KAAA,YAAiB,EAAA,CAAG,KAAA;;;;EAI1B,SAAA,CAAU,KAAA,YAAiB,WAAA,CAAY,KAAA;;;AA5BvC;EAgCA,gBAAA,CAAiB,EAAA,EAAI,EAAA,CAAG,KAAA,IAAS,OAAA,CAAQ,IAAA,GArB/B;EAuBV,YAAA,IAAgB,UAAA;WAEP,WAAA,EAAa,mBAAA,CAAoB,KAAA;AAAA;;;;;;iBAY5B,eAAA,CAAgB,KAAA,EAAO,UAAA,GAAa,OAAA,CAAQ,SAAA;;;;;;;iBAa5C,uBAAA,uBACd,KAAA,EAAO,KAAA,EACP,IAAA,EAAM,sBAAA,GACL,oBAAA,CAAqB,KAAA"}
+{"version":3,"file":"opaque.d.mts","names":[],"sources":["../src/opaque-key.ts","../src/opaque.ts"],"mappings":";;;;KAGY,eAAA;AAAA,cAIE,cAAA;AAJd;;;;AAAY;AAA0B;;;;AAIxB;AAJd,KAgBY,SAAA;EAAA,UACA,cAAA;AAAA;;AAAA;AAeZ;;;;;;;;iBAAsB,eAAA,CAAgB,KAAA,EAAO,UAAA,GAAa,OAAA,CAAQ,SAAA;;;;AAAA;AA4BlE;;iBAAgB,eAAA,CAAgB,KAAA,EAAO,UAAA,EAAY,MAAA,EAAQ,eAAA;;;;;;;iBAa3C,eAAA,CAAgB,OAAA,UAAiB,MAAA,EAAQ,eAAA,GAAkB,UAAA;;;AAzE3E;;;AAAA,KCeY,sBAAA;EDfA;AAA0B;;;ECoBpC,GAAA,EAAK,SAAA,EDhBO;ECkBZ,GAAA,iBDNU;ECQV,GAAA,IAAO,MAAA,EAAQ,UAAA,WDPL;ECSV,mBAAA;AAAA;;;;;;;;;KAWU,oBAAA;iFAEV,QAAA,IAAY,OAAA,CAAQ,EAAA,CAAG,KAAA,IDPyC;ECShE,UAAA,CAAW,IAAA,EAAM,IAAA,GAAO,OAAA,CAAQ,EAAA,CAAG,KAAA;EDmBrC;;;;ECdE,EAAA,CAAG,KAAA,YAAiB,KAAA,IAAS,EAAA,CAAG,KAAA;;;;EAIhC,KAAA,CAAM,KAAA,YAAiB,EAAA,CAAG,KAAA;EDU+B;AAa3D;;ECnBE,SAAA,CAAU,KAAA,YAAiB,WAAA,CAAY,KAAA;EDmBkC;;;ECfzE,gBAAA,CAAiB,EAAA,EAAI,EAAA,CAAG,KAAA,IAAS,OAAA,CAAQ,IAAA;EAEzC,YAAA,IAAgB,UAAA,EDayD;EAAA,SCXhE,WAAA,EAAa,mBAAA,CAAoB,KAAA;AAAA;;AA/C5C;;;;;;iBA6DgB,uBAAA,uBACd,KAAA,EAAO,KAAA,EACP,IAAA,EAAM,sBAAA,GACL,oBAAA,CAAqB,KAAA"}

package/dist/opaque.mjs

@@ -1,2 +1,2 @@
-import { i as encodeOpaqueKey, n as importOpaqueKey, r as decodeOpaqueKey, t as createOpaqueTimestampId } from "./opaque-CX-Lc5B9.mjs";
+import { i as importOpaqueKey, n as decodeOpaqueKey, r as encodeOpaqueKey, t as createOpaqueTimestampId } from "./opaque-goLnFoo7.mjs";
 export { createOpaqueTimestampId, decodeOpaqueKey, encodeOpaqueKey, importOpaqueKey };

package/dist/prisma.d.mts

@@ -0,0 +1,84 @@
+import { i as ParseResult, t as Id } from "./types-g7CiQDyE.mjs";
+
+//#region src/prisma.d.ts
+/**
+* Minimum codec interface required by the Prisma adapter.
+*
+* Any codec variant satisfies this type — TimestampCodec, OpaqueTimestampCodec,
+* ReverseTimestampCodec, and WrappedKeyCodec all expose `safeParse`. The adapter
+* never calls key-dependent methods.
+*
+* Intentionally the same structural shape as the Drizzle adapter's IdColumnCodec.
+* Do NOT import IdColumnCodec from `@smonn/ids/drizzle` — that would create
+* cross-adapter coupling.
+*/
+type IdColumnCodec<Brand extends string> = {
+  safeParse(value: unknown): ParseResult<Brand>;
+};
+/**
+* Read/write transform pair for integrating `Id<Brand>` with Prisma extensions.
+*
+* **Prisma casting caveat:** Prisma cannot fully brand a generated model field
+* type at the schema level. The `read` function asserts `Id<Brand>` at the
+* TypeScript level, but Prisma's generated types for the model field will not
+* reflect this branding. Callers consuming the validated value from a Prisma
+* result component may need an explicit `as Id<Brand>` cast at the call site.
+*/
+type IdTransform<Brand extends string> = {
+  /**
+  * Read transform: validates the raw database value via `safeParse` and returns
+  * `Id<Brand>`. Throws if the value is missing, malformed, or belongs to a
+  * different brand.
+  *
+  * Use in a Prisma `$extends` result component's `compute` function.
+  */
+  read(value: unknown): Id<Brand>;
+  /**
+  * Write transform: passes `Id<Brand>` through as its canonical string form.
+  * `Id<Brand>` is already the canonical string, so this is an identity function
+  * at runtime.
+  *
+  * Use in a Prisma `$extends` query component or explicit `data` mapping.
+  */
+  write(value: Id<Brand>): string;
+};
+/**
+* Creates a read/write transform pair for use with Prisma's `$extends` extension model.
+*
+* Works with any codec variant exposing `safeParse` (TimestampCodec,
+* OpaqueTimestampCodec, ReverseTimestampCodec, WrappedKeyCodec).
+*
+* **Prisma casting caveat:** Prisma's `$extends` result component can add
+* typed computed accessors to model instances, but cannot retroactively
+* re-type an existing schema field at the Prisma Client level. The `read`
+* function asserts `Id<Brand>`, but callers will need an explicit
+* `as Id<Brand>` cast at consumption sites where Prisma's generated types
+* are expected.
+*
+* @example
+* ```ts
+* import { idField } from "@smonn/ids/prisma";
+* import { createTimestampId } from "@smonn/ids";
+*
+* const usr = createTimestampId("usr");
+* const userIdField = idField(usr);
+*
+* const xprisma = prisma.$extends({
+*   result: {
+*     user: {
+*       id: {
+*         needs: { id: true },
+*         compute(user) {
+*           // Cast required: Prisma cannot brand the generated type at schema level
+*           return userIdField.read(user.id) as Id<"usr">;
+*         },
+*       },
+*     },
+*   },
+* });
+* ```
+*/
+declare function idField<Brand extends string>(codec: IdColumnCodec<Brand>): IdTransform<Brand>;
+//#endregion
+export { IdColumnCodec, IdTransform, idField };
+//# sourceMappingURL=prisma.d.mts.map

package/dist/prisma.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prisma.d.mts","names":[],"sources":["../src/prisma.ts"],"mappings":";;;;;AAaA;;;;;;;;;KAAY,aAAA;EACV,SAAA,CAAU,KAAA,YAAiB,WAAA,CAAY,KAAA;AAAA;;;;;;;;;;KAY7B,WAAA;;;;;;;;EAQV,IAAA,CAAK,KAAA,YAAiB,EAAA,CAAG,KAAA;EAQT;AAuClB;;;;;;EAvCE,KAAA,CAAM,KAAA,EAAO,EAAA,CAAG,KAAA;AAAA;;;;;;;;;AAuCsE;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAAxE,OAAA,uBAA8B,KAAA,EAAO,aAAA,CAAc,KAAA,IAAS,WAAA,CAAY,KAAA"}

package/dist/prisma.mjs

@@ -0,0 +1,53 @@
+//#region src/prisma.ts
+/**
+* Creates a read/write transform pair for use with Prisma's `$extends` extension model.
+*
+* Works with any codec variant exposing `safeParse` (TimestampCodec,
+* OpaqueTimestampCodec, ReverseTimestampCodec, WrappedKeyCodec).
+*
+* **Prisma casting caveat:** Prisma's `$extends` result component can add
+* typed computed accessors to model instances, but cannot retroactively
+* re-type an existing schema field at the Prisma Client level. The `read`
+* function asserts `Id<Brand>`, but callers will need an explicit
+* `as Id<Brand>` cast at consumption sites where Prisma's generated types
+* are expected.
+*
+* @example
+* ```ts
+* import { idField } from "@smonn/ids/prisma";
+* import { createTimestampId } from "@smonn/ids";
+*
+* const usr = createTimestampId("usr");
+* const userIdField = idField(usr);
+*
+* const xprisma = prisma.$extends({
+*   result: {
+*     user: {
+*       id: {
+*         needs: { id: true },
+*         compute(user) {
+*           // Cast required: Prisma cannot brand the generated type at schema level
+*           return userIdField.read(user.id) as Id<"usr">;
+*         },
+*       },
+*     },
+*   },
+* });
+* ```
+*/
+function idField(codec) {
+	return {
+		read(value) {
+			const result = codec.safeParse(value);
+			if (!result.ok) throw new Error(`[ids] invalid ID from database: ${result.error}`);
+			return result.id;
+		},
+		write(value) {
+			return value;
+		}
+	};
+}
+//#endregion
+export { idField };
+
+//# sourceMappingURL=prisma.mjs.map

package/dist/prisma.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"prisma.mjs","names":[],"sources":["../src/prisma.ts"],"sourcesContent":["import type { Id, ParseResult } from \"./types.js\";\n\n/**\n * Minimum codec interface required by the Prisma adapter.\n *\n * Any codec variant satisfies this type — TimestampCodec, OpaqueTimestampCodec,\n * ReverseTimestampCodec, and WrappedKeyCodec all expose `safeParse`. The adapter\n * never calls key-dependent methods.\n *\n * Intentionally the same structural shape as the Drizzle adapter's IdColumnCodec.\n * Do NOT import IdColumnCodec from `@smonn/ids/drizzle` — that would create\n * cross-adapter coupling.\n */\nexport type IdColumnCodec<Brand extends string> = {\n  safeParse(value: unknown): ParseResult<Brand>;\n};\n\n/**\n * Read/write transform pair for integrating `Id<Brand>` with Prisma extensions.\n *\n * **Prisma casting caveat:** Prisma cannot fully brand a generated model field\n * type at the schema level. The `read` function asserts `Id<Brand>` at the\n * TypeScript level, but Prisma's generated types for the model field will not\n * reflect this branding. Callers consuming the validated value from a Prisma\n * result component may need an explicit `as Id<Brand>` cast at the call site.\n */\nexport type IdTransform<Brand extends string> = {\n  /**\n   * Read transform: validates the raw database value via `safeParse` and returns\n   * `Id<Brand>`. Throws if the value is missing, malformed, or belongs to a\n   * different brand.\n   *\n   * Use in a Prisma `$extends` result component's `compute` function.\n   */\n  read(value: unknown): Id<Brand>;\n  /**\n   * Write transform: passes `Id<Brand>` through as its canonical string form.\n   * `Id<Brand>` is already the canonical string, so this is an identity function\n   * at runtime.\n   *\n   * Use in a Prisma `$extends` query component or explicit `data` mapping.\n   */\n  write(value: Id<Brand>): string;\n};\n\n/**\n * Creates a read/write transform pair for use with Prisma's `$extends` extension model.\n *\n * Works with any codec variant exposing `safeParse` (TimestampCodec,\n * OpaqueTimestampCodec, ReverseTimestampCodec, WrappedKeyCodec).\n *\n * **Prisma casting caveat:** Prisma's `$extends` result component can add\n * typed computed accessors to model instances, but cannot retroactively\n * re-type an existing schema field at the Prisma Client level. The `read`\n * function asserts `Id<Brand>`, but callers will need an explicit\n * `as Id<Brand>` cast at consumption sites where Prisma's generated types\n * are expected.\n *\n * @example\n * ```ts\n * import { idField } from \"@smonn/ids/prisma\";\n * import { createTimestampId } from \"@smonn/ids\";\n *\n * const usr = createTimestampId(\"usr\");\n * const userIdField = idField(usr);\n *\n * const xprisma = prisma.$extends({\n *   result: {\n *     user: {\n *       id: {\n *         needs: { id: true },\n *         compute(user) {\n *           // Cast required: Prisma cannot brand the generated type at schema level\n *           return userIdField.read(user.id) as Id<\"usr\">;\n *         },\n *       },\n *     },\n *   },\n * });\n * ```\n */\nexport function idField<Brand extends string>(codec: IdColumnCodec<Brand>): IdTransform<Brand> {\n  return {\n    read(value: unknown): Id<Brand> {\n      const result = codec.safeParse(value);\n      if (!result.ok) {\n        throw new Error(`[ids] invalid ID from database: ${result.error}`);\n      }\n      return result.id;\n    },\n    write(value: Id<Brand>): string {\n      return value;\n    },\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiFA,SAAgB,QAA8B,OAAiD;CAC7F,OAAO;EACL,KAAK,OAA2B;GAC9B,MAAM,SAAS,MAAM,UAAU,KAAK;GACpC,IAAI,CAAC,OAAO,IACV,MAAM,IAAI,MAAM,mCAAmC,OAAO,OAAO;GAEnE,OAAO,OAAO;EAChB;EACA,MAAM,OAA0B;GAC9B,OAAO;EACT;CACF;AACF"}

package/dist/reverse--n4D2yxu.mjs

@@ -0,0 +1,87 @@
+import { a as toWireId, i as payloadBytesFromId, n as registerBrand, s as validateBrand, t as wireMethods } from "./codec-shell-dWpxoFmy.mjs";
+import { r as writeTimestamp } from "./timestamp-bytes-B57RM7Ho.mjs";
+//#region src/layouts/reverse-timestamp.ts
+const randomByteLength = 10;
+/** Writes inverted timestamp bytes, then fills random portion. */
+function buildReversePayload(ms, rng, buffer, randomView) {
+	writeTimestamp(ms, buffer);
+	for (let i = 0; i < 6; i++) buffer[i] = ~buffer[i] & 255;
+	rng(randomView);
+}
+/** Writes inverted timestamp bytes, then fills random portion with a sentinel. */
+function buildReverseSentinelPayload(ms, fill, buffer, randomView) {
+	writeTimestamp(ms, buffer);
+	for (let i = 0; i < 6; i++) buffer[i] = ~buffer[i] & 255;
+	randomView.fill(fill);
+}
+/** Decodes the original timestamp by inverting the first 6 payload bytes. */
+function extractReverseTimestampFromId(prefix, id) {
+	const bytes = payloadBytesFromId(prefix, id);
+	let ms = 0;
+	for (let i = 0; i < 6; i++) ms = ms * 256 + (~bytes[i] & 255);
+	return new Date(ms);
+}
+/** Layout ops binder for the Reverse Timestamp variant. */
+function createReverseTimestampLayoutOps(prefix, rng) {
+	const buffer = new Uint8Array(16);
+	const randomView = new Uint8Array(buffer.buffer, 6, randomByteLength);
+	return {
+		generateAt: (ms) => {
+			buildReversePayload(ms, rng, buffer, randomView);
+			return toWireId(prefix, buffer);
+		},
+		extractTimestamp: (id) => extractReverseTimestampFromId(prefix, id),
+		minIdForTime: (ms) => {
+			buildReverseSentinelPayload(ms, 0, buffer, randomView);
+			return toWireId(prefix, buffer);
+		},
+		maxIdForTime: (ms) => {
+			buildReverseSentinelPayload(ms, 255, buffer, randomView);
+			return toWireId(prefix, buffer);
+		},
+		exampleWireId: (ms) => {
+			buildReversePayload(ms, rng, buffer, randomView);
+			return toWireId(prefix, buffer);
+		}
+	};
+}
+//#endregion
+//#region src/reverse.ts
+function defaultRng(target) {
+	crypto.getRandomValues(target);
+}
+/**
+* Creates a Reverse Timestamp codec for `brand` (three lowercase a–z characters).
+*
+* IDs sort newest-first: the 48-bit timestamp field is bitwise-inverted before encoding,
+* so lexicographic ID order equals descending creation-time order. `extractTimestamp`
+* inverts back to recover the original millisecond.
+*
+* @param brand - Entity type brand validated once at construction.
+* @param opts - Optional `now`, `rng`, and `allowDuplicateBrand` overrides.
+*/
+function createReverseTimestampId(brand, opts = {}) {
+	validateBrand(brand);
+	registerBrand(brand, opts.allowDuplicateBrand);
+	const now = opts.now ?? Date.now;
+	const rng = opts.rng ?? defaultRng;
+	const prefix = `${brand}_`;
+	const wire = wireMethods(prefix);
+	const layout = createReverseTimestampLayoutOps(prefix, rng);
+	return {
+		generate: () => layout.generateAt(now()),
+		generateAt: (date) => layout.generateAt(date.getTime()),
+		is: wire.is,
+		parse: wire.parse,
+		safeParse: wire.safeParse,
+		extractTimestamp: layout.extractTimestamp,
+		minIdForTime: (date) => layout.minIdForTime(date.getTime()),
+		maxIdForTime: (date) => layout.maxIdForTime(date.getTime()),
+		toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId(now())),
+		"~standard": wire["~standard"]
+	};
+}
+//#endregion
+export { createReverseTimestampId as t };
+
+//# sourceMappingURL=reverse--n4D2yxu.mjs.map

package/dist/reverse--n4D2yxu.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"reverse--n4D2yxu.mjs","names":[],"sources":["../src/layouts/reverse-timestamp.ts","../src/reverse.ts"],"sourcesContent":["import type { Id, Prefix } from \"../types.js\";\nimport { payloadBytesFromId, toWireId } from \"../wire/envelope.js\";\nimport { payloadByteLength } from \"../wire/invariants.js\";\nimport { timestampByteLength, writeTimestamp } from \"../wire/timestamp-bytes.js\";\n\nconst randomByteLength: number = payloadByteLength - timestampByteLength;\n\n/** Writes inverted timestamp bytes, then fills random portion. */\nfunction buildReversePayload(\n  ms: number,\n  rng: (target: Uint8Array) => void,\n  buffer: Uint8Array,\n  randomView: Uint8Array,\n): void {\n  writeTimestamp(ms, buffer);\n  for (let i = 0; i < timestampByteLength; i++) {\n    buffer[i] = ~buffer[i]! & 0xff;\n  }\n  rng(randomView);\n}\n\n/** Writes inverted timestamp bytes, then fills random portion with a sentinel. */\nfunction buildReverseSentinelPayload(\n  ms: number,\n  fill: number,\n  buffer: Uint8Array,\n  randomView: Uint8Array,\n): void {\n  writeTimestamp(ms, buffer);\n  for (let i = 0; i < timestampByteLength; i++) {\n    buffer[i] = ~buffer[i]! & 0xff;\n  }\n  randomView.fill(fill);\n}\n\n/** Decodes the original timestamp by inverting the first 6 payload bytes. */\nfunction extractReverseTimestampFromId<Brand extends string>(\n  prefix: Prefix<Brand>,\n  id: Id<Brand>,\n): Date {\n  const bytes = payloadBytesFromId(prefix, id);\n  let ms = 0;\n  for (let i = 0; i < timestampByteLength; i++) {\n    ms = ms * 256 + (~bytes[i]! & 0xff);\n  }\n  return new Date(ms);\n}\n\n/** Layout ops binder for the Reverse Timestamp variant. */\nexport function createReverseTimestampLayoutOps<Brand extends string>(\n  prefix: Prefix<Brand>,\n  rng: (target: Uint8Array) => void,\n) {\n  const buffer = new Uint8Array(payloadByteLength);\n  const randomView = new Uint8Array(buffer.buffer, timestampByteLength, randomByteLength);\n\n  return {\n    generateAt: (ms: number): Id<Brand> => {\n      buildReversePayload(ms, rng, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    extractTimestamp: (id: Id<Brand>): Date => extractReverseTimestampFromId(prefix, id),\n    minIdForTime: (ms: number): Id<Brand> => {\n      buildReverseSentinelPayload(ms, 0x00, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    maxIdForTime: (ms: number): Id<Brand> => {\n      buildReverseSentinelPayload(ms, 0xff, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    exampleWireId: (ms: number): Id<Brand> => {\n      buildReversePayload(ms, rng, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n  };\n}\n","import { validateBrand } from \"./brand.js\";\nimport { createReverseTimestampLayoutOps } from \"./layouts/reverse-timestamp.js\";\nimport { registerBrand } from \"./registry.js\";\nimport type { Id, JsonSchema, ParseResult, Prefix, StandardSchemaProps } from \"./types.js\";\nimport { wireMethods } from \"./wire/codec-shell.js\";\n\n/**\n * Configuration options for a Reverse Timestamp codec instance.\n */\nexport type ReverseTimestampOptions = {\n  /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */\n  now?: () => number;\n  /** Writes random bytes into `target` for ID generation. Defaults to `crypto.getRandomValues`. */\n  rng?: (target: Uint8Array) => void;\n  /** If true, silences the duplicate-brand warning in non-production environments. */\n  allowDuplicateBrand?: boolean;\n};\n\n/**\n * A brand-scoped codec for generating and validating Reverse Timestamp IDs.\n *\n * Wire format: `{brand}_` plus 26 lowercase Crockford base32 characters encoding a\n * 16-byte payload (6-byte bitwise-inverted ms timestamp + 10 random bytes). IDs sort\n * by creation time in **descending** (newest-first) order.\n *\n * Range queries across a time interval [t_old, t_new] should scan from\n * `minIdForTime(t_new)` to `maxIdForTime(t_old)` — the reversed sort order means\n * newer timestamps produce lexicographically smaller IDs.\n *\n * Constructed via `createReverseTimestampId(brand)` from `@smonn/ids/reverse`.\n */\nexport type ReverseTimestampCodec<Brand extends string> = {\n  /** Produces a new canonical ID using the codec's `now` and `rng`. */\n  generate(): Id<Brand>;\n  /** Produces a new canonical ID with timestamp bytes from `date` and a fresh random tail. Throws on invalid dates. */\n  generateAt(date: Date): Id<Brand>;\n  /**\n   * Strict type guard: `true` only for already-canonical strings for this brand.\n   * For untrusted input, use `safeParse()` or `parse()` instead. See ADR-0003.\n   */\n  is(value: unknown): value is Id<Brand>;\n  /**\n   * Lenient parse: normalises case and Crockford aliases, returns canonical `Id<Brand>`, or throws.\n   */\n  parse(value: unknown): Id<Brand>;\n  /**\n   * Lenient parse without throwing: normalises to canonical form, or returns `{ ok: false, error }`.\n   */\n  safeParse(value: unknown): ParseResult<Brand>;\n  /**\n   * Decodes the creation `Date` from an `Id<Brand>` by inverting the timestamp bytes.\n   * Trusts the type — use `safeParse()` at boundaries first.\n   */\n  extractTimestamp(id: Id<Brand>): Date;\n  /**\n   * Lexicographically smallest ID for any ID generated at `date` (random portion `0x00`).\n   * Because timestamps are inverted, a newer `date` yields a lexicographically smaller result —\n   * use `minIdForTime(t_new)` as the lower bound when scanning [t_old, t_new].\n   * Throws on invalid dates.\n   */\n  minIdForTime(date: Date): Id<Brand>;\n  /**\n   * Lexicographically largest ID for any ID generated at `date` (random portion `0xff`).\n   * Because timestamps are inverted, an older `date` yields a lexicographically larger result —\n   * use `maxIdForTime(t_old)` as the upper bound when scanning [t_old, t_new].\n   * Throws on invalid dates.\n   */\n  maxIdForTime(date: Date): Id<Brand>;\n  /** JSON Schema for the canonical wire form (`pattern` is canonical-only). */\n  toJsonSchema(): JsonSchema;\n  /** Standard Schema validate entry point. */\n  readonly \"~standard\": StandardSchemaProps<Brand>;\n};\n\nfunction defaultRng(target: Uint8Array): void {\n  crypto.getRandomValues(target as Uint8Array<ArrayBuffer>);\n}\n\n/**\n * Creates a Reverse Timestamp codec for `brand` (three lowercase a–z characters).\n *\n * IDs sort newest-first: the 48-bit timestamp field is bitwise-inverted before encoding,\n * so lexicographic ID order equals descending creation-time order. `extractTimestamp`\n * inverts back to recover the original millisecond.\n *\n * @param brand - Entity type brand validated once at construction.\n * @param opts - Optional `now`, `rng`, and `allowDuplicateBrand` overrides.\n */\nexport function createReverseTimestampId<Brand extends string>(\n  brand: Brand,\n  opts: ReverseTimestampOptions = {},\n): ReverseTimestampCodec<Brand> {\n  validateBrand(brand);\n  registerBrand(brand, opts.allowDuplicateBrand);\n\n  const now = opts.now ?? Date.now;\n  const rng = opts.rng ?? defaultRng;\n  const prefix: Prefix<Brand> = `${brand}_`;\n  const wire = wireMethods(prefix);\n  const layout = createReverseTimestampLayoutOps(prefix, rng);\n\n  return {\n    generate: () => layout.generateAt(now()),\n    generateAt: (date: Date) => layout.generateAt(date.getTime()),\n    is: wire.is,\n    parse: wire.parse,\n    safeParse: wire.safeParse,\n    extractTimestamp: layout.extractTimestamp,\n    minIdForTime: (date: Date) => layout.minIdForTime(date.getTime()),\n    maxIdForTime: (date: Date) => layout.maxIdForTime(date.getTime()),\n    toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId(now())),\n    \"~standard\": wire[\"~standard\"],\n  };\n}\n"],"mappings":";;;AAKA,MAAM,mBAAA;;AAGN,SAAS,oBACP,IACA,KACA,QACA,YACM;CACN,eAAe,IAAI,MAAM;CACzB,KAAK,IAAI,IAAI,GAAG,IAAA,GAAyB,KACvC,OAAO,KAAK,CAAC,OAAO,KAAM;CAE5B,IAAI,UAAU;AAChB;;AAGA,SAAS,4BACP,IACA,MACA,QACA,YACM;CACN,eAAe,IAAI,MAAM;CACzB,KAAK,IAAI,IAAI,GAAG,IAAA,GAAyB,KACvC,OAAO,KAAK,CAAC,OAAO,KAAM;CAE5B,WAAW,KAAK,IAAI;AACtB;;AAGA,SAAS,8BACP,QACA,IACM;CACN,MAAM,QAAQ,mBAAmB,QAAQ,EAAE;CAC3C,IAAI,KAAK;CACT,KAAK,IAAI,IAAI,GAAG,IAAA,GAAyB,KACvC,KAAK,KAAK,OAAO,CAAC,MAAM,KAAM;CAEhC,OAAO,IAAI,KAAK,EAAE;AACpB;;AAGA,SAAgB,gCACd,QACA,KACA;CACA,MAAM,SAAS,IAAI,WAAA,EAA4B;CAC/C,MAAM,aAAa,IAAI,WAAW,OAAO,QAAA,GAA6B,gBAAgB;CAEtF,OAAO;EACL,aAAa,OAA0B;GACrC,oBAAoB,IAAI,KAAK,QAAQ,UAAU;GAC/C,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,mBAAmB,OAAwB,8BAA8B,QAAQ,EAAE;EACnF,eAAe,OAA0B;GACvC,4BAA4B,IAAI,GAAM,QAAQ,UAAU;GACxD,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,eAAe,OAA0B;GACvC,4BAA4B,IAAI,KAAM,QAAQ,UAAU;GACxD,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,gBAAgB,OAA0B;GACxC,oBAAoB,IAAI,KAAK,QAAQ,UAAU;GAC/C,OAAO,SAAS,QAAQ,MAAM;EAChC;CACF;AACF;;;ACDA,SAAS,WAAW,QAA0B;CAC5C,OAAO,gBAAgB,MAAiC;AAC1D;;;;;;;;;;;AAYA,SAAgB,yBACd,OACA,OAAgC,CAAC,GACH;CAC9B,cAAc,KAAK;CACnB,cAAc,OAAO,KAAK,mBAAmB;CAE7C,MAAM,MAAM,KAAK,OAAO,KAAK;CAC7B,MAAM,MAAM,KAAK,OAAO;CACxB,MAAM,SAAwB,GAAG,MAAM;CACvC,MAAM,OAAO,YAAY,MAAM;CAC/B,MAAM,SAAS,gCAAgC,QAAQ,GAAG;CAE1D,OAAO;EACL,gBAAgB,OAAO,WAAW,IAAI,CAAC;EACvC,aAAa,SAAe,OAAO,WAAW,KAAK,QAAQ,CAAC;EAC5D,IAAI,KAAK;EACT,OAAO,KAAK;EACZ,WAAW,KAAK;EAChB,kBAAkB,OAAO;EACzB,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,oBAAoB,KAAK,aAAa,OAAO,OAAO,cAAc,IAAI,CAAC,CAAC;EACxE,aAAa,KAAK;CACpB;AACF"}

package/dist/reverse.d.mts

@@ -0,0 +1,76 @@
+import { a as StandardSchemaProps, i as ParseResult, n as JsonSchema, t as Id } from "./types-g7CiQDyE.mjs";
+
+//#region src/reverse.d.ts
+/**
+* Configuration options for a Reverse Timestamp codec instance.
+*/
+type ReverseTimestampOptions = {
+  /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */now?: () => number; /** Writes random bytes into `target` for ID generation. Defaults to `crypto.getRandomValues`. */
+  rng?: (target: Uint8Array) => void; /** If true, silences the duplicate-brand warning in non-production environments. */
+  allowDuplicateBrand?: boolean;
+};
+/**
+* A brand-scoped codec for generating and validating Reverse Timestamp IDs.
+*
+* Wire format: `{brand}_` plus 26 lowercase Crockford base32 characters encoding a
+* 16-byte payload (6-byte bitwise-inverted ms timestamp + 10 random bytes). IDs sort
+* by creation time in **descending** (newest-first) order.
+*
+* Range queries across a time interval [t_old, t_new] should scan from
+* `minIdForTime(t_new)` to `maxIdForTime(t_old)` — the reversed sort order means
+* newer timestamps produce lexicographically smaller IDs.
+*
+* Constructed via `createReverseTimestampId(brand)` from `@smonn/ids/reverse`.
+*/
+type ReverseTimestampCodec<Brand extends string> = {
+  /** Produces a new canonical ID using the codec's `now` and `rng`. */generate(): Id<Brand>; /** Produces a new canonical ID with timestamp bytes from `date` and a fresh random tail. Throws on invalid dates. */
+  generateAt(date: Date): Id<Brand>;
+  /**
+  * Strict type guard: `true` only for already-canonical strings for this brand.
+  * For untrusted input, use `safeParse()` or `parse()` instead. See ADR-0003.
+  */
+  is(value: unknown): value is Id<Brand>;
+  /**
+  * Lenient parse: normalises case and Crockford aliases, returns canonical `Id<Brand>`, or throws.
+  */
+  parse(value: unknown): Id<Brand>;
+  /**
+  * Lenient parse without throwing: normalises to canonical form, or returns `{ ok: false, error }`.
+  */
+  safeParse(value: unknown): ParseResult<Brand>;
+  /**
+  * Decodes the creation `Date` from an `Id<Brand>` by inverting the timestamp bytes.
+  * Trusts the type — use `safeParse()` at boundaries first.
+  */
+  extractTimestamp(id: Id<Brand>): Date;
+  /**
+  * Lexicographically smallest ID for any ID generated at `date` (random portion `0x00`).
+  * Because timestamps are inverted, a newer `date` yields a lexicographically smaller result —
+  * use `minIdForTime(t_new)` as the lower bound when scanning [t_old, t_new].
+  * Throws on invalid dates.
+  */
+  minIdForTime(date: Date): Id<Brand>;
+  /**
+  * Lexicographically largest ID for any ID generated at `date` (random portion `0xff`).
+  * Because timestamps are inverted, an older `date` yields a lexicographically larger result —
+  * use `maxIdForTime(t_old)` as the upper bound when scanning [t_old, t_new].
+  * Throws on invalid dates.
+  */
+  maxIdForTime(date: Date): Id<Brand>; /** JSON Schema for the canonical wire form (`pattern` is canonical-only). */
+  toJsonSchema(): JsonSchema; /** Standard Schema validate entry point. */
+  readonly "~standard": StandardSchemaProps<Brand>;
+};
+/**
+* Creates a Reverse Timestamp codec for `brand` (three lowercase a–z characters).
+*
+* IDs sort newest-first: the 48-bit timestamp field is bitwise-inverted before encoding,
+* so lexicographic ID order equals descending creation-time order. `extractTimestamp`
+* inverts back to recover the original millisecond.
+*
+* @param brand - Entity type brand validated once at construction.
+* @param opts - Optional `now`, `rng`, and `allowDuplicateBrand` overrides.
+*/
+declare function createReverseTimestampId<Brand extends string>(brand: Brand, opts?: ReverseTimestampOptions): ReverseTimestampCodec<Brand>;
+//#endregion
+export { ReverseTimestampCodec, ReverseTimestampOptions, createReverseTimestampId };
+//# sourceMappingURL=reverse.d.mts.map

package/dist/reverse.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reverse.d.mts","names":[],"sources":["../src/reverse.ts"],"mappings":";;;;;AASA;KAAY,uBAAA;+EAEV,GAAA;EAEA,GAAA,IAAO,MAAA,EAAQ,UAAA;EAEf,mBAAA;AAAA;;AAAA;AAgBF;;;;;;;;;;;KAAY,qBAAA;uEAEV,QAAA,IAAY,EAAA,CAAG,KAAA;EAEf,UAAA,CAAW,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;;;;;EAK3B,EAAA,CAAG,KAAA,YAAiB,KAAA,IAAS,EAAA,CAAG,KAAA;;;;EAIhC,KAAA,CAAM,KAAA,YAAiB,EAAA,CAAG,KAAA;;;;EAI1B,SAAA,CAAU,KAAA,YAAiB,WAAA,CAAY,KAAA;;;;;EAKvC,gBAAA,CAAiB,EAAA,EAAI,EAAA,CAAG,KAAA,IAAS,IAAA;;;;;;;EAOjC,YAAA,CAAa,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;;;;;;;EAO7B,YAAA,CAAa,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;EAE7B,YAAA,IAAgB,UAAA;WAEP,WAAA,EAAa,mBAAA,CAAoB,KAAA;AAAA;;;;;;;;;;;iBAiB5B,wBAAA,uBACd,KAAA,EAAO,KAAA,EACP,IAAA,GAAM,uBAAA,GACL,qBAAA,CAAsB,KAAA"}

package/dist/reverse.mjs

@@ -0,0 +1,2 @@
+import { t as createReverseTimestampId } from "./reverse--n4D2yxu.mjs";
+export { createReverseTimestampId };

package/dist/{timestamp-BjdAetut.mjs → timestamp-Bgzxx8bE.mjs}

@@ -1,4 +1,5 @@
-import { a as writeTimestamp, c as toWireId, i as readTimestampMsFromBase32Suffix, l as validateBrand, n as registerBrand, t as wireMethods } from "./codec-shell-C0arqqX3.mjs";
+import { a as toWireId, n as registerBrand, s as validateBrand, t as wireMethods } from "./codec-shell-dWpxoFmy.mjs";
+import { n as readTimestampMsFromBase32Suffix, r as writeTimestamp } from "./timestamp-bytes-B57RM7Ho.mjs";
 //#region src/layouts/timestamp.ts
 const randomByteLength = 10;
 /** Writes a 16-byte timestamp-layout payload into codec-owned scratch. */
@@ -92,4 +93,4 @@ function createTimestampId(brand, opts = {}) {
 //#endregion
 export { createTimestampId as t };
 
-//# sourceMappingURL=timestamp-BjdAetut.mjs.map
+//# sourceMappingURL=timestamp-Bgzxx8bE.mjs.map

package/dist/{timestamp-BjdAetut.mjs.map → timestamp-Bgzxx8bE.mjs.map}

@@ -1 +1 @@
-{"version":3,"file":"timestamp-BjdAetut.mjs","names":[],"sources":["../src/layouts/timestamp.ts","../src/timestamp.ts"],"sourcesContent":["import type { Id, Prefix } from \"../types.js\";\nimport { toWireId } from \"../wire/envelope.js\";\nimport { payloadByteLength } from \"../wire/invariants.js\";\nimport {\n  readTimestampMsFromBase32Suffix,\n  timestampByteLength,\n  writeTimestamp,\n} from \"../wire/timestamp-bytes.js\";\n\nconst randomByteLength: number = payloadByteLength - timestampByteLength;\n\n/** Writes a 16-byte timestamp-layout payload into codec-owned scratch. */\nfunction buildPayload(\n  ms: number,\n  rng: (target: Uint8Array) => void,\n  buffer: Uint8Array,\n  randomView: Uint8Array,\n): void {\n  writeTimestamp(ms, buffer);\n  rng(randomView);\n}\n\n/** Writes sentinel min/max random bytes into codec-owned scratch. */\nfunction buildSentinelPayload(\n  ms: number,\n  fill: number,\n  buffer: Uint8Array,\n  randomView: Uint8Array,\n): void {\n  writeTimestamp(ms, buffer);\n  randomView.fill(fill);\n}\n\n/** Decodes the creation timestamp from a trusted wire ID. */\nfunction extractTimestampFromId<Brand extends string>(prefix: Prefix<Brand>, id: Id<Brand>): Date {\n  return new Date(readTimestampMsFromBase32Suffix(id.slice(prefix.length)));\n}\n\n/** Layout ops binder for the Timestamp variant. `extractTimestampFromId` is module-private; the binder exposes `extractTimestamp` for the codec constructor. */\nexport function createTimestampLayoutOps<Brand extends string>(\n  prefix: Prefix<Brand>,\n  rng: (target: Uint8Array) => void,\n) {\n  // Per-codec scratch buffer. Shared across generateAt(), minIdForTime(),\n  // maxIdForTime(), and exampleWireId() — all are synchronous and overwrite both\n  // the timestamp and random slices before encoding, so successive callers see\n  // their own freshly-written bytes. toWireId reads the buffer and returns an\n  // independent string, so the caller never sees the buffer itself.\n  const buffer = new Uint8Array(payloadByteLength);\n  const randomView = new Uint8Array(buffer.buffer, timestampByteLength, randomByteLength);\n\n  return {\n    generateAt: (ms: number): Id<Brand> => {\n      buildPayload(ms, rng, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    extractTimestamp: (id: Id<Brand>): Date => extractTimestampFromId(prefix, id),\n    minIdForTime: (ms: number): Id<Brand> => {\n      buildSentinelPayload(ms, 0x00, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    maxIdForTime: (ms: number): Id<Brand> => {\n      buildSentinelPayload(ms, 0xff, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    exampleWireId: (ms: number): Id<Brand> => {\n      buildPayload(ms, rng, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n  };\n}\n","import { validateBrand } from \"./brand.js\";\nimport { createTimestampLayoutOps } from \"./layouts/timestamp.js\";\nimport { registerBrand } from \"./registry.js\";\nimport type { Id, JsonSchema, ParseResult, Prefix, StandardSchemaProps } from \"./types.js\";\nimport { wireMethods } from \"./wire/codec-shell.js\";\n\n/**\n * Configuration options for a codec instance.\n */\nexport type TimestampOptions = {\n  /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */\n  now?: () => number;\n  /** Writes random bytes into `target` for ID generation. Defaults to a `crypto.randomUUID` fast path. */\n  rng?: (target: Uint8Array) => void;\n  /** If true, silences the duplicate-brand warning in non-production environments. */\n  allowDuplicateBrand?: boolean;\n};\n\ntype ResolvedTimestampOptions = Required<Pick<TimestampOptions, \"now\" | \"rng\">> &\n  Pick<TimestampOptions, \"allowDuplicateBrand\">;\n\n/**\n * A brand-scoped codec for generating and validating public-facing IDs.\n *\n * Wire format: `{brand}_` plus 26 lowercase Crockford base32 characters encoding a\n * 16-byte payload (6-byte ms timestamp + 10 random bytes). IDs sort by creation\n * time in ascending order.\n *\n * For encrypted IDs, use `createOpaqueTimestampId` from `@smonn/ids/opaque`.\n */\nexport type TimestampCodec<Brand extends string> = {\n  /** Produces a new canonical ID using the codec's `now` and `rng`. */\n  generate(): Id<Brand>;\n  /** Produces a new canonical ID with timestamp bytes from `date` and a fresh random tail. Throws on invalid dates. */\n  generateAt(date: Date): Id<Brand>;\n  /**\n   * Strict type guard: `true` only for already-canonical strings for this brand.\n   * For untrusted input, use `safeParse()` or `parse()` instead. See ADR-0003.\n   */\n  is(value: unknown): value is Id<Brand>;\n  /**\n   * Lenient parse: normalises case and Crockford aliases, returns canonical `Id<Brand>`, or throws.\n   */\n  parse(value: unknown): Id<Brand>;\n  /**\n   * Lenient parse without throwing: normalises to canonical form, or returns `{ ok: false, error }`.\n   */\n  safeParse(value: unknown): ParseResult<Brand>;\n  /**\n   * Decodes the creation `Date` from an `Id<Brand>`. Trusts the type — use `safeParse()` at boundaries first. See ADR-0002.\n   */\n  extractTimestamp(id: Id<Brand>): Date;\n  /** Tight lower bound for any ID generated at `date` (random portion `0x00`). Throws on invalid dates. */\n  minIdForTime(date: Date): Id<Brand>;\n  /** Tight upper bound for any ID generated at `date` (random portion `0xff`). Throws on invalid dates. */\n  maxIdForTime(date: Date): Id<Brand>;\n  /** JSON Schema for the canonical wire form (`pattern` is canonical-only). */\n  toJsonSchema(): JsonSchema;\n  /** Standard Schema validate entry point. */\n  readonly \"~standard\": StandardSchemaProps<Brand>;\n};\n\n// hex charCode → 0–15 nibble, for decoding UUIDv4 strings into bytes.\n// Covers ['0'-'9' = 48–57] and ['a'-'f' = 97–102]; UUIDs are lowercase per spec.\nconst hexCharCodeToNibble = new Uint8Array(128);\nfor (let i = 0; i < 10; i++) hexCharCodeToNibble[48 + i] = i;\nfor (let i = 0; i < 6; i++) hexCharCodeToNibble[97 + i] = 10 + i;\n\nconst defaultTimestampOptions: ResolvedTimestampOptions = {\n  now: Date.now,\n  // crypto.randomUUID is ~7× faster than crypto.getRandomValues in Node 24\n  // (~84 ns vs ~610 ns for a 16-byte fill — likely because the UUID path has\n  // a tight fixed-format fast path). We use the 122 random bits of a UUIDv4\n  // string as our entropy source, harvesting 10 fully-random bytes from\n  // positions where no version (hex 12) or variant (hex 16) bits sit.\n  // String layout: \"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx\" — bytes 0–5 are\n  // string[0..7]+string[9..12], bytes 6–9 are string[24..31].\n  rng: (target) => {\n    const s = crypto.randomUUID();\n    target[0] =\n      (hexCharCodeToNibble[s.charCodeAt(0)]! << 4) | hexCharCodeToNibble[s.charCodeAt(1)]!;\n    target[1] =\n      (hexCharCodeToNibble[s.charCodeAt(2)]! << 4) | hexCharCodeToNibble[s.charCodeAt(3)]!;\n    target[2] =\n      (hexCharCodeToNibble[s.charCodeAt(4)]! << 4) | hexCharCodeToNibble[s.charCodeAt(5)]!;\n    target[3] =\n      (hexCharCodeToNibble[s.charCodeAt(6)]! << 4) | hexCharCodeToNibble[s.charCodeAt(7)]!;\n    target[4] =\n      (hexCharCodeToNibble[s.charCodeAt(9)]! << 4) | hexCharCodeToNibble[s.charCodeAt(10)]!;\n    target[5] =\n      (hexCharCodeToNibble[s.charCodeAt(11)]! << 4) | hexCharCodeToNibble[s.charCodeAt(12)]!;\n    target[6] =\n      (hexCharCodeToNibble[s.charCodeAt(24)]! << 4) | hexCharCodeToNibble[s.charCodeAt(25)]!;\n    target[7] =\n      (hexCharCodeToNibble[s.charCodeAt(26)]! << 4) | hexCharCodeToNibble[s.charCodeAt(27)]!;\n    target[8] =\n      (hexCharCodeToNibble[s.charCodeAt(28)]! << 4) | hexCharCodeToNibble[s.charCodeAt(29)]!;\n    target[9] =\n      (hexCharCodeToNibble[s.charCodeAt(30)]! << 4) | hexCharCodeToNibble[s.charCodeAt(31)]!;\n  },\n};\n\n/**\n * Creates a codec for `brand` (three lowercase a–z characters).\n *\n * @param brand - Entity type brand validated once at construction.\n * @param opts - Optional `now`, `rng`, and `allowDuplicateBrand` overrides.\n */\nexport function createTimestampId<Brand extends string>(\n  brand: Brand,\n  opts: TimestampOptions = {},\n): TimestampCodec<Brand> {\n  validateBrand(brand);\n  registerBrand(brand, opts.allowDuplicateBrand);\n\n  const options = {\n    now: opts.now ?? defaultTimestampOptions.now,\n    rng: opts.rng ?? defaultTimestampOptions.rng,\n  } satisfies ResolvedTimestampOptions;\n\n  const prefix: Prefix<Brand> = `${brand}_`;\n  const wire = wireMethods(prefix);\n  const layout = createTimestampLayoutOps(prefix, options.rng);\n\n  return {\n    generate: () => layout.generateAt(options.now()),\n    generateAt: (date: Date) => layout.generateAt(date.getTime()),\n    is: wire.is,\n    parse: wire.parse,\n    safeParse: wire.safeParse,\n    extractTimestamp: layout.extractTimestamp,\n    minIdForTime: (date: Date) => layout.minIdForTime(date.getTime()),\n    maxIdForTime: (date: Date) => layout.maxIdForTime(date.getTime()),\n    toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId(options.now())),\n    \"~standard\": wire[\"~standard\"],\n  };\n}\n"],"mappings":";;AASA,MAAM,mBAAA;;AAGN,SAAS,aACP,IACA,KACA,QACA,YACM;CACN,eAAe,IAAI,MAAM;CACzB,IAAI,UAAU;AAChB;;AAGA,SAAS,qBACP,IACA,MACA,QACA,YACM;CACN,eAAe,IAAI,MAAM;CACzB,WAAW,KAAK,IAAI;AACtB;;AAGA,SAAS,uBAA6C,QAAuB,IAAqB;CAChG,OAAO,IAAI,KAAK,gCAAgC,GAAG,MAAM,OAAO,MAAM,CAAC,CAAC;AAC1E;;AAGA,SAAgB,yBACd,QACA,KACA;CAMA,MAAM,SAAS,IAAI,WAAA,EAA4B;CAC/C,MAAM,aAAa,IAAI,WAAW,OAAO,QAAA,GAA6B,gBAAgB;CAEtF,OAAO;EACL,aAAa,OAA0B;GACrC,aAAa,IAAI,KAAK,QAAQ,UAAU;GACxC,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,mBAAmB,OAAwB,uBAAuB,QAAQ,EAAE;EAC5E,eAAe,OAA0B;GACvC,qBAAqB,IAAI,GAAM,QAAQ,UAAU;GACjD,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,eAAe,OAA0B;GACvC,qBAAqB,IAAI,KAAM,QAAQ,UAAU;GACjD,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,gBAAgB,OAA0B;GACxC,aAAa,IAAI,KAAK,QAAQ,UAAU;GACxC,OAAO,SAAS,QAAQ,MAAM;EAChC;CACF;AACF;;;ACNA,MAAM,sBAAsB,IAAI,WAAW,GAAG;AAC9C,KAAK,IAAI,IAAI,GAAG,IAAI,IAAI,KAAK,oBAAoB,KAAK,KAAK;AAC3D,KAAK,IAAI,IAAI,GAAG,IAAI,GAAG,KAAK,oBAAoB,KAAK,KAAK,KAAK;AAE/D,MAAM,0BAAoD;CACxD,KAAK,KAAK;CAQV,MAAM,WAAW;EACf,MAAM,IAAI,OAAO,WAAW;EAC5B,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACpF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;CACvF;AACF;;;;;;;AAQA,SAAgB,kBACd,OACA,OAAyB,CAAC,GACH;CACvB,cAAc,KAAK;CACnB,cAAc,OAAO,KAAK,mBAAmB;CAE7C,MAAM,UAAU;EACd,KAAK,KAAK,OAAO,wBAAwB;EACzC,KAAK,KAAK,OAAO,wBAAwB;CAC3C;CAEA,MAAM,SAAwB,GAAG,MAAM;CACvC,MAAM,OAAO,YAAY,MAAM;CAC/B,MAAM,SAAS,yBAAyB,QAAQ,QAAQ,GAAG;CAE3D,OAAO;EACL,gBAAgB,OAAO,WAAW,QAAQ,IAAI,CAAC;EAC/C,aAAa,SAAe,OAAO,WAAW,KAAK,QAAQ,CAAC;EAC5D,IAAI,KAAK;EACT,OAAO,KAAK;EACZ,WAAW,KAAK;EAChB,kBAAkB,OAAO;EACzB,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,oBAAoB,KAAK,aAAa,OAAO,OAAO,cAAc,QAAQ,IAAI,CAAC,CAAC;EAChF,aAAa,KAAK;CACpB;AACF"}
+{"version":3,"file":"timestamp-Bgzxx8bE.mjs","names":[],"sources":["../src/layouts/timestamp.ts","../src/timestamp.ts"],"sourcesContent":["import type { Id, Prefix } from \"../types.js\";\nimport { toWireId } from \"../wire/envelope.js\";\nimport { payloadByteLength } from \"../wire/invariants.js\";\nimport {\n  readTimestampMsFromBase32Suffix,\n  timestampByteLength,\n  writeTimestamp,\n} from \"../wire/timestamp-bytes.js\";\n\nconst randomByteLength: number = payloadByteLength - timestampByteLength;\n\n/** Writes a 16-byte timestamp-layout payload into codec-owned scratch. */\nfunction buildPayload(\n  ms: number,\n  rng: (target: Uint8Array) => void,\n  buffer: Uint8Array,\n  randomView: Uint8Array,\n): void {\n  writeTimestamp(ms, buffer);\n  rng(randomView);\n}\n\n/** Writes sentinel min/max random bytes into codec-owned scratch. */\nfunction buildSentinelPayload(\n  ms: number,\n  fill: number,\n  buffer: Uint8Array,\n  randomView: Uint8Array,\n): void {\n  writeTimestamp(ms, buffer);\n  randomView.fill(fill);\n}\n\n/** Decodes the creation timestamp from a trusted wire ID. */\nfunction extractTimestampFromId<Brand extends string>(prefix: Prefix<Brand>, id: Id<Brand>): Date {\n  return new Date(readTimestampMsFromBase32Suffix(id.slice(prefix.length)));\n}\n\n/** Layout ops binder for the Timestamp variant. `extractTimestampFromId` is module-private; the binder exposes `extractTimestamp` for the codec constructor. */\nexport function createTimestampLayoutOps<Brand extends string>(\n  prefix: Prefix<Brand>,\n  rng: (target: Uint8Array) => void,\n) {\n  // Per-codec scratch buffer. Shared across generateAt(), minIdForTime(),\n  // maxIdForTime(), and exampleWireId() — all are synchronous and overwrite both\n  // the timestamp and random slices before encoding, so successive callers see\n  // their own freshly-written bytes. toWireId reads the buffer and returns an\n  // independent string, so the caller never sees the buffer itself.\n  const buffer = new Uint8Array(payloadByteLength);\n  const randomView = new Uint8Array(buffer.buffer, timestampByteLength, randomByteLength);\n\n  return {\n    generateAt: (ms: number): Id<Brand> => {\n      buildPayload(ms, rng, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    extractTimestamp: (id: Id<Brand>): Date => extractTimestampFromId(prefix, id),\n    minIdForTime: (ms: number): Id<Brand> => {\n      buildSentinelPayload(ms, 0x00, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    maxIdForTime: (ms: number): Id<Brand> => {\n      buildSentinelPayload(ms, 0xff, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    exampleWireId: (ms: number): Id<Brand> => {\n      buildPayload(ms, rng, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n  };\n}\n","import { validateBrand } from \"./brand.js\";\nimport { createTimestampLayoutOps } from \"./layouts/timestamp.js\";\nimport { registerBrand } from \"./registry.js\";\nimport type { Id, JsonSchema, ParseResult, Prefix, StandardSchemaProps } from \"./types.js\";\nimport { wireMethods } from \"./wire/codec-shell.js\";\n\n/**\n * Configuration options for a codec instance.\n */\nexport type TimestampOptions = {\n  /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */\n  now?: () => number;\n  /** Writes random bytes into `target` for ID generation. Defaults to a `crypto.randomUUID` fast path. */\n  rng?: (target: Uint8Array) => void;\n  /** If true, silences the duplicate-brand warning in non-production environments. */\n  allowDuplicateBrand?: boolean;\n};\n\ntype ResolvedTimestampOptions = Required<Pick<TimestampOptions, \"now\" | \"rng\">> &\n  Pick<TimestampOptions, \"allowDuplicateBrand\">;\n\n/**\n * A brand-scoped codec for generating and validating public-facing IDs.\n *\n * Wire format: `{brand}_` plus 26 lowercase Crockford base32 characters encoding a\n * 16-byte payload (6-byte ms timestamp + 10 random bytes). IDs sort by creation\n * time in ascending order.\n *\n * For encrypted IDs, use `createOpaqueTimestampId` from `@smonn/ids/opaque`.\n */\nexport type TimestampCodec<Brand extends string> = {\n  /** Produces a new canonical ID using the codec's `now` and `rng`. */\n  generate(): Id<Brand>;\n  /** Produces a new canonical ID with timestamp bytes from `date` and a fresh random tail. Throws on invalid dates. */\n  generateAt(date: Date): Id<Brand>;\n  /**\n   * Strict type guard: `true` only for already-canonical strings for this brand.\n   * For untrusted input, use `safeParse()` or `parse()` instead. See ADR-0003.\n   */\n  is(value: unknown): value is Id<Brand>;\n  /**\n   * Lenient parse: normalises case and Crockford aliases, returns canonical `Id<Brand>`, or throws.\n   */\n  parse(value: unknown): Id<Brand>;\n  /**\n   * Lenient parse without throwing: normalises to canonical form, or returns `{ ok: false, error }`.\n   */\n  safeParse(value: unknown): ParseResult<Brand>;\n  /**\n   * Decodes the creation `Date` from an `Id<Brand>`. Trusts the type — use `safeParse()` at boundaries first. See ADR-0002.\n   */\n  extractTimestamp(id: Id<Brand>): Date;\n  /** Tight lower bound for any ID generated at `date` (random portion `0x00`). Throws on invalid dates. */\n  minIdForTime(date: Date): Id<Brand>;\n  /** Tight upper bound for any ID generated at `date` (random portion `0xff`). Throws on invalid dates. */\n  maxIdForTime(date: Date): Id<Brand>;\n  /** JSON Schema for the canonical wire form (`pattern` is canonical-only). */\n  toJsonSchema(): JsonSchema;\n  /** Standard Schema validate entry point. */\n  readonly \"~standard\": StandardSchemaProps<Brand>;\n};\n\n// hex charCode → 0–15 nibble, for decoding UUIDv4 strings into bytes.\n// Covers ['0'-'9' = 48–57] and ['a'-'f' = 97–102]; UUIDs are lowercase per spec.\nconst hexCharCodeToNibble = new Uint8Array(128);\nfor (let i = 0; i < 10; i++) hexCharCodeToNibble[48 + i] = i;\nfor (let i = 0; i < 6; i++) hexCharCodeToNibble[97 + i] = 10 + i;\n\nconst defaultTimestampOptions: ResolvedTimestampOptions = {\n  now: Date.now,\n  // crypto.randomUUID is ~7× faster than crypto.getRandomValues in Node 24\n  // (~84 ns vs ~610 ns for a 16-byte fill — likely because the UUID path has\n  // a tight fixed-format fast path). We use the 122 random bits of a UUIDv4\n  // string as our entropy source, harvesting 10 fully-random bytes from\n  // positions where no version (hex 12) or variant (hex 16) bits sit.\n  // String layout: \"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx\" — bytes 0–5 are\n  // string[0..7]+string[9..12], bytes 6–9 are string[24..31].\n  rng: (target) => {\n    const s = crypto.randomUUID();\n    target[0] =\n      (hexCharCodeToNibble[s.charCodeAt(0)]! << 4) | hexCharCodeToNibble[s.charCodeAt(1)]!;\n    target[1] =\n      (hexCharCodeToNibble[s.charCodeAt(2)]! << 4) | hexCharCodeToNibble[s.charCodeAt(3)]!;\n    target[2] =\n      (hexCharCodeToNibble[s.charCodeAt(4)]! << 4) | hexCharCodeToNibble[s.charCodeAt(5)]!;\n    target[3] =\n      (hexCharCodeToNibble[s.charCodeAt(6)]! << 4) | hexCharCodeToNibble[s.charCodeAt(7)]!;\n    target[4] =\n      (hexCharCodeToNibble[s.charCodeAt(9)]! << 4) | hexCharCodeToNibble[s.charCodeAt(10)]!;\n    target[5] =\n      (hexCharCodeToNibble[s.charCodeAt(11)]! << 4) | hexCharCodeToNibble[s.charCodeAt(12)]!;\n    target[6] =\n      (hexCharCodeToNibble[s.charCodeAt(24)]! << 4) | hexCharCodeToNibble[s.charCodeAt(25)]!;\n    target[7] =\n      (hexCharCodeToNibble[s.charCodeAt(26)]! << 4) | hexCharCodeToNibble[s.charCodeAt(27)]!;\n    target[8] =\n      (hexCharCodeToNibble[s.charCodeAt(28)]! << 4) | hexCharCodeToNibble[s.charCodeAt(29)]!;\n    target[9] =\n      (hexCharCodeToNibble[s.charCodeAt(30)]! << 4) | hexCharCodeToNibble[s.charCodeAt(31)]!;\n  },\n};\n\n/**\n * Creates a codec for `brand` (three lowercase a–z characters).\n *\n * @param brand - Entity type brand validated once at construction.\n * @param opts - Optional `now`, `rng`, and `allowDuplicateBrand` overrides.\n */\nexport function createTimestampId<Brand extends string>(\n  brand: Brand,\n  opts: TimestampOptions = {},\n): TimestampCodec<Brand> {\n  validateBrand(brand);\n  registerBrand(brand, opts.allowDuplicateBrand);\n\n  const options = {\n    now: opts.now ?? defaultTimestampOptions.now,\n    rng: opts.rng ?? defaultTimestampOptions.rng,\n  } satisfies ResolvedTimestampOptions;\n\n  const prefix: Prefix<Brand> = `${brand}_`;\n  const wire = wireMethods(prefix);\n  const layout = createTimestampLayoutOps(prefix, options.rng);\n\n  return {\n    generate: () => layout.generateAt(options.now()),\n    generateAt: (date: Date) => layout.generateAt(date.getTime()),\n    is: wire.is,\n    parse: wire.parse,\n    safeParse: wire.safeParse,\n    extractTimestamp: layout.extractTimestamp,\n    minIdForTime: (date: Date) => layout.minIdForTime(date.getTime()),\n    maxIdForTime: (date: Date) => layout.maxIdForTime(date.getTime()),\n    toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId(options.now())),\n    \"~standard\": wire[\"~standard\"],\n  };\n}\n"],"mappings":";;;AASA,MAAM,mBAAA;;AAGN,SAAS,aACP,IACA,KACA,QACA,YACM;CACN,eAAe,IAAI,MAAM;CACzB,IAAI,UAAU;AAChB;;AAGA,SAAS,qBACP,IACA,MACA,QACA,YACM;CACN,eAAe,IAAI,MAAM;CACzB,WAAW,KAAK,IAAI;AACtB;;AAGA,SAAS,uBAA6C,QAAuB,IAAqB;CAChG,OAAO,IAAI,KAAK,gCAAgC,GAAG,MAAM,OAAO,MAAM,CAAC,CAAC;AAC1E;;AAGA,SAAgB,yBACd,QACA,KACA;CAMA,MAAM,SAAS,IAAI,WAAA,EAA4B;CAC/C,MAAM,aAAa,IAAI,WAAW,OAAO,QAAA,GAA6B,gBAAgB;CAEtF,OAAO;EACL,aAAa,OAA0B;GACrC,aAAa,IAAI,KAAK,QAAQ,UAAU;GACxC,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,mBAAmB,OAAwB,uBAAuB,QAAQ,EAAE;EAC5E,eAAe,OAA0B;GACvC,qBAAqB,IAAI,GAAM,QAAQ,UAAU;GACjD,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,eAAe,OAA0B;GACvC,qBAAqB,IAAI,KAAM,QAAQ,UAAU;GACjD,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,gBAAgB,OAA0B;GACxC,aAAa,IAAI,KAAK,QAAQ,UAAU;GACxC,OAAO,SAAS,QAAQ,MAAM;EAChC;CACF;AACF;;;ACNA,MAAM,sBAAsB,IAAI,WAAW,GAAG;AAC9C,KAAK,IAAI,IAAI,GAAG,IAAI,IAAI,KAAK,oBAAoB,KAAK,KAAK;AAC3D,KAAK,IAAI,IAAI,GAAG,IAAI,GAAG,KAAK,oBAAoB,KAAK,KAAK,KAAK;AAE/D,MAAM,0BAAoD;CACxD,KAAK,KAAK;CAQV,MAAM,WAAW;EACf,MAAM,IAAI,OAAO,WAAW;EAC5B,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACpF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;CACvF;AACF;;;;;;;AAQA,SAAgB,kBACd,OACA,OAAyB,CAAC,GACH;CACvB,cAAc,KAAK;CACnB,cAAc,OAAO,KAAK,mBAAmB;CAE7C,MAAM,UAAU;EACd,KAAK,KAAK,OAAO,wBAAwB;EACzC,KAAK,KAAK,OAAO,wBAAwB;CAC3C;CAEA,MAAM,SAAwB,GAAG,MAAM;CACvC,MAAM,OAAO,YAAY,MAAM;CAC/B,MAAM,SAAS,yBAAyB,QAAQ,QAAQ,GAAG;CAE3D,OAAO;EACL,gBAAgB,OAAO,WAAW,QAAQ,IAAI,CAAC;EAC/C,aAAa,SAAe,OAAO,WAAW,KAAK,QAAQ,CAAC;EAC5D,IAAI,KAAK;EACT,OAAO,KAAK;EACZ,WAAW,KAAK;EAChB,kBAAkB,OAAO;EACzB,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,oBAAoB,KAAK,aAAa,OAAO,OAAO,cAAc,QAAQ,IAAI,CAAC,CAAC;EAChF,aAAa,KAAK;CACpB;AACF"}

package/dist/timestamp-bytes-B57RM7Ho.mjs

@@ -0,0 +1,26 @@
+import { o as decodeBase32 } from "./codec-shell-dWpxoFmy.mjs";
+const timestampBase32Length = Math.ceil(48 / 5);
+/** Write the timestamp in big-endian; encoded via mod-256 to avoid 32-bit bitwise coercion. */
+function writeTimestamp(ms, buffer) {
+	if (Number.isNaN(ms)) throw new Error("timestamp is not a number");
+	if (ms < 0) throw new Error("timestamp is negative");
+	if (ms >= 2 ** 48) throw new Error("timestamp exceeds 48-bit range");
+	for (let i = 5; i >= 0; i--) {
+		buffer[i] = ms % 256;
+		ms = Math.floor(ms / 256);
+	}
+}
+/** Decode the first `timestampByteLength` bytes of a buffer as a big-endian unsigned millisecond timestamp. */
+function readTimestampMs(buffer) {
+	let ms = 0;
+	for (let i = 0; i < 6; i++) ms = ms * 256 + buffer[i];
+	return ms;
+}
+/** Decodes ms from the first 10 base32 chars of a payload suffix (partial decode). */
+function readTimestampMsFromBase32Suffix(base32Suffix) {
+	return readTimestampMs(decodeBase32(base32Suffix.slice(0, timestampBase32Length)));
+}
+//#endregion
+export { readTimestampMsFromBase32Suffix as n, writeTimestamp as r, readTimestampMs as t };
+
+//# sourceMappingURL=timestamp-bytes-B57RM7Ho.mjs.map

package/dist/timestamp-bytes-B57RM7Ho.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"timestamp-bytes-B57RM7Ho.mjs","names":[],"sources":["../src/wire/timestamp-bytes.ts"],"sourcesContent":["import { decodeBase32 } from \"../base32.js\";\n\n// Timestamp byte layout: first N bytes of the plaintext payload encode a\n// big-endian Unix-ms timestamp. Shared by timestamp-family layouts.\nexport const timestampByteLength: number = 6;\n\nconst timestampBase32Length: number = Math.ceil((timestampByteLength * 8) / 5);\n\n/** Write the timestamp in big-endian; encoded via mod-256 to avoid 32-bit bitwise coercion. */\nexport function writeTimestamp(ms: number, buffer: Uint8Array): void {\n  if (Number.isNaN(ms)) throw new Error(\"timestamp is not a number\");\n  if (ms < 0) throw new Error(\"timestamp is negative\");\n  if (ms >= 2 ** (timestampByteLength * 8)) {\n    throw new Error(\"timestamp exceeds 48-bit range\");\n  }\n  for (let i = timestampByteLength - 1; i >= 0; i--) {\n    buffer[i] = ms % 256;\n    ms = Math.floor(ms / 256);\n  }\n}\n\n/** Decode the first `timestampByteLength` bytes of a buffer as a big-endian unsigned millisecond timestamp. */\nexport function readTimestampMs(buffer: Uint8Array): number {\n  let ms = 0;\n  for (let i = 0; i < timestampByteLength; i++) ms = ms * 256 + buffer[i]!;\n  return ms;\n}\n\n/** Decodes ms from the first 10 base32 chars of a payload suffix (partial decode). */\nexport function readTimestampMsFromBase32Suffix(base32Suffix: string): number {\n  return readTimestampMs(decodeBase32(base32Suffix.slice(0, timestampBase32Length)));\n}\n"],"mappings":";AAMA,MAAM,wBAAgC,KAAK,KAAA,KAAiC,CAAC;;AAG7E,SAAgB,eAAe,IAAY,QAA0B;CACnE,IAAI,OAAO,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,2BAA2B;CACjE,IAAI,KAAK,GAAG,MAAM,IAAI,MAAM,uBAAuB;CACnD,IAAI,MAAM,KAAA,IACR,MAAM,IAAI,MAAM,gCAAgC;CAElD,KAAK,IAAI,IAAA,GAA6B,KAAK,GAAG,KAAK;EACjD,OAAO,KAAK,KAAK;EACjB,KAAK,KAAK,MAAM,KAAK,GAAG;CAC1B;AACF;;AAGA,SAAgB,gBAAgB,QAA4B;CAC1D,IAAI,KAAK;CACT,KAAK,IAAI,IAAI,GAAG,IAAA,GAAyB,KAAK,KAAK,KAAK,MAAM,OAAO;CACrE,OAAO;AACT;;AAGA,SAAgB,gCAAgC,cAA8B;CAC5E,OAAO,gBAAgB,aAAa,aAAa,MAAM,GAAG,qBAAqB,CAAC,CAAC;AACnF"}