@smonn/ids 0.8.0 → 0.9.1

package/dist/signed-BnRSC03a.mjs

@@ -0,0 +1,207 @@
+import { t as IdsError } from "./error-Cp5qYZcv.mjs";
+import { a as toWireId, i as payloadBytesFromId, n as registerBrand, r as payloadBase32Length, s as validateBrand, t as wireMethods } from "./codec-shell-CW2sD6BU.mjs";
+import { n as readTimestampMsFromBase32Suffix, r as writeTimestamp } from "./timestamp-bytes-DoFjLjDp.mjs";
+import { i as encodeKeyMaterial, n as assertValidKeyring, r as decodeKeyMaterial, t as assertValidKeyMaterialByteLength } from "./key-material-gOnqTNoV.mjs";
+import { t as defaultRng } from "./rng-CPJOx_nE.mjs";
+const tagByteLength = 5;
+const randomOffset = 6;
+const tagOffset = 11;
+const signedContentByteLength = 11;
+async function computeTag(hmacKey, brandBytes, signedContent) {
+	const message = new Uint8Array(brandBytes.length + signedContent.length);
+	message.set(brandBytes, 0);
+	message.set(signedContent, brandBytes.length);
+	return new Uint8Array(await crypto.subtle.sign("HMAC", hmacKey, message)).subarray(0, tagByteLength);
+}
+function tagsEqual(a, b) {
+	/* v8 ignore next -- defensive guard; both call sites always pass tagByteLength-byte arrays */
+	if (a.length !== b.length) return false;
+	let diff = 0;
+	for (let i = 0; i < a.length; i++) diff |= a[i] ^ b[i];
+	return diff === 0;
+}
+function createSignedTimestampLayoutOps(prefix, brand, rng, hmacKeys) {
+	const signKey = hmacKeys[0];
+	const brandBytes = new TextEncoder().encode(brand);
+	const syncBuffer = /* @__PURE__ */ new Uint8Array(16);
+	return {
+		generateAt: async (ms) => {
+			const buffer = /* @__PURE__ */ new Uint8Array(16);
+			writeTimestamp(ms, buffer);
+			rng(buffer.subarray(randomOffset, tagOffset));
+			const tag = await computeTag(signKey, brandBytes, buffer.subarray(0, signedContentByteLength));
+			buffer.set(tag, tagOffset);
+			return toWireId(prefix, buffer);
+		},
+		tryVerify: async (id) => {
+			const payload = payloadBytesFromId(prefix, id);
+			const storedTag = payload.subarray(tagOffset, 16);
+			const signedContent = payload.subarray(0, signedContentByteLength);
+			for (const hmacKey of hmacKeys) if (tagsEqual(storedTag, await computeTag(hmacKey, brandBytes, signedContent))) return true;
+			return false;
+		},
+		extractTimestamp: (id) => new Date(readTimestampMsFromBase32Suffix(id.slice(prefix.length))),
+		minIdForTime: (ms) => {
+			writeTimestamp(ms, syncBuffer);
+			syncBuffer.fill(0, randomOffset, 16);
+			return toWireId(prefix, syncBuffer);
+		},
+		maxIdForTime: (ms) => {
+			writeTimestamp(ms, syncBuffer);
+			syncBuffer.fill(255, randomOffset, 16);
+			return toWireId(prefix, syncBuffer);
+		},
+		exampleWireId: () => prefix + "0".repeat(payloadBase32Length)
+	};
+}
+//#endregion
+//#region src/signing-key.ts
+const hmacInfo = new TextEncoder().encode("ids/signed-timestamp/hmac");
+const SHA256_DIGEST_BYTES = 32;
+const internals = /* @__PURE__ */ new WeakMap();
+/**
+* Import raw operator key material into a {@link SigningKey} handle.
+*
+* Derives a single HMAC-SHA-256 key via HKDF under the domain-separation label
+* `ids/signed-timestamp/hmac`. Accepts 16, 24, or 32 bytes. To store or
+* transport key material, use {@link encodeSigningKey} / {@link decodeSigningKey}
+* (`"hex"` or `"base64url"` — not Crockford base32).
+*
+* @param bytes - 16, 24, or 32 raw key bytes.
+* @throws {IdsError} `invalid_key_length` if `bytes.length` is not 16, 24, or 32.
+*/
+async function importSigningKey(bytes) {
+	assertValidKeyMaterialByteLength(bytes.length, "signing");
+	const [hmacKey, digestBuffer] = await Promise.all([deriveHmacKey(bytes), crypto.subtle.digest("SHA-256", bytes)]);
+	const key = Object.freeze({});
+	internals.set(key, {
+		keyDigest: new Uint8Array(digestBuffer),
+		hmacKey
+	});
+	return key;
+}
+/**
+* Encode raw signing operator key material for storage in env vars or secret managers.
+*
+* Supports `"hex"` (lowercase) and `"base64url"`. Output round-trips through
+* {@link decodeSigningKey} back to the original bytes.
+*
+* @throws {IdsError} `invalid_key_format` if `format` is not `"hex"` or `"base64url"`.
+* @throws {IdsError} `invalid_key_length` if `bytes.length` is not 16, 24, or 32.
+*/
+function encodeSigningKey(bytes, format) {
+	return encodeKeyMaterial(bytes, format, "signing", "signing");
+}
+/**
+* Decode key material emitted by {@link encodeSigningKey} back to raw bytes.
+*
+* The result can be passed directly to {@link importSigningKey}.
+*
+* @throws {IdsError} `invalid_key_format` if `format` is not `"hex"` or `"base64url"`.
+* @throws {IdsError} `invalid_key_encoding` if the string is malformed for its format.
+* @throws {IdsError} `invalid_key_length` if the decoded bytes are not 16, 24, or 32 bytes.
+*/
+function decodeSigningKey(encoded, format) {
+	return decodeKeyMaterial(encoded, format, "signing", "signing");
+}
+/**
+* Returns true when two handles were imported from the same raw key material.
+*
+* Uses a constant-time comparison so duplicate detection over key material does
+* not leak the position of the first differing byte through a timing side channel.
+*/
+function signingKeysEqual(a, b) {
+	const aDigest = getSigningKeyInternals(a).keyDigest;
+	const bDigest = getSigningKeyInternals(b).keyDigest;
+	let diff = 0;
+	for (let i = 0; i < SHA256_DIGEST_BYTES; i++) diff |= aDigest[i] ^ bDigest[i];
+	return diff === 0;
+}
+/**
+* Returns the derived HMAC CryptoKey held inside the handle.
+*
+* Intentional module-internal escape hatch for codec implementations (e.g. `createSignedTimestampId`).
+* Not re-exported from `@smonn/ids/signed`; external callers cannot reach this.
+*/
+function getSigningKeyHmacKey(key) {
+	return getSigningKeyInternals(key).hmacKey;
+}
+function getSigningKeyInternals(key) {
+	const keyInternals = internals.get(key);
+	if (keyInternals === void 0) throw new Error("invalid signing key");
+	return keyInternals;
+}
+async function deriveHmacKey(bytes) {
+	const base = await crypto.subtle.importKey("raw", bytes, "HKDF", false, ["deriveKey"]);
+	return crypto.subtle.deriveKey({
+		name: "HKDF",
+		hash: "SHA-256",
+		salt: /* @__PURE__ */ new Uint8Array(),
+		info: hmacInfo
+	}, base, {
+		name: "HMAC",
+		hash: "SHA-256",
+		length: 256
+	}, false, ["sign", "verify"]);
+}
+//#endregion
+//#region src/signed.ts
+/**
+* Construct a {@link SignedTimestampCodec} for `brand`.
+*
+* `opts.keys` is a non-empty ordered signing keyring — the first entry is current
+* (used by `generate` / `generateAt`); all entries are tried on `verify` /
+* `safeVerify`; duplicate operator secrets are rejected at construction.
+*
+* @example
+* ```ts
+* const key = await importSigningKey(new Uint8Array(32));
+* const usr = createSignedTimestampId("usr", { keys: [key] });
+*
+* const id = await usr.generate();        // Id<"usr">
+* await usr.verify(id);                   // passes
+* usr.extractTimestamp(id);               // Date — sync, timestamp is plaintext
+* ```
+*/
+function createSignedTimestampId(brand, opts) {
+	validateBrand(brand);
+	registerBrand(brand, opts.allowDuplicateBrand);
+	assertValidKeyring(opts.keys, signingKeysEqual, "signing");
+	const hmacKeys = opts.keys.map(getSigningKeyHmacKey);
+	const now = opts.now ?? Date.now;
+	const rng = opts.rng ?? defaultRng;
+	const prefix = `${brand}_`;
+	const wire = wireMethods(prefix);
+	const layout = createSignedTimestampLayoutOps(prefix, brand, rng, hmacKeys);
+	return {
+		generate: () => layout.generateAt(now()),
+		generateAt: (date) => layout.generateAt(date.getTime()),
+		verify: async (id) => {
+			if (!await layout.tryVerify(id)) throw new IdsError("verification_failed", "verification failed");
+		},
+		safeVerify: async (input) => {
+			const parsed = wire.safeParse(input);
+			if (!parsed.ok) return parsed;
+			if (!await layout.tryVerify(parsed.id)) return {
+				ok: false,
+				error: "verification_failed"
+			};
+			return {
+				ok: true,
+				id: parsed.id
+			};
+		},
+		extractTimestamp: layout.extractTimestamp,
+		minIdForTime: (date) => layout.minIdForTime(date.getTime()),
+		maxIdForTime: (date) => layout.maxIdForTime(date.getTime()),
+		is: wire.is,
+		parse: wire.parse,
+		safeParse: wire.safeParse,
+		toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId()),
+		"~standard": wire["~standard"]
+	};
+}
+//#endregion
+export { importSigningKey as i, decodeSigningKey as n, encodeSigningKey as r, createSignedTimestampId as t };
+
+//# sourceMappingURL=signed-BnRSC03a.mjs.map

package/dist/signed-BnRSC03a.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"signed-BnRSC03a.mjs","names":[],"sources":["../src/layouts/signed-timestamp.ts","../src/signing-key.ts","../src/signed.ts"],"sourcesContent":["import type { Id, Prefix } from \"../types.js\";\nimport { payloadBytesFromId, toWireId } from \"../wire/envelope.js\";\nimport { payloadBase32Length, payloadByteLength } from \"../wire/invariants.js\";\nimport {\n  readTimestampMsFromBase32Suffix,\n  timestampByteLength,\n  writeTimestamp,\n} from \"../wire/timestamp-bytes.js\";\n\nconst randomByteLength = 5;\nconst tagByteLength = 5;\nconst randomOffset = timestampByteLength; // 6\nconst tagOffset = randomOffset + randomByteLength; // 11\nconst signedContentByteLength = randomOffset + randomByteLength; // 11 (ts6 ‖ rand5)\n\nasync function computeTag(\n  hmacKey: CryptoKey,\n  brandBytes: Uint8Array,\n  signedContent: Uint8Array,\n): Promise<Uint8Array> {\n  const message = new Uint8Array(brandBytes.length + signedContent.length);\n  message.set(brandBytes, 0);\n  message.set(signedContent, brandBytes.length);\n  const signature = new Uint8Array(\n    await crypto.subtle.sign(\"HMAC\", hmacKey, message as Uint8Array<ArrayBuffer>),\n  );\n  return signature.subarray(0, tagByteLength);\n}\n\nfunction tagsEqual(a: Uint8Array, b: Uint8Array): boolean {\n  /* v8 ignore next -- defensive guard; both call sites always pass tagByteLength-byte arrays */\n  if (a.length !== b.length) return false;\n  let diff = 0;\n  for (let i = 0; i < a.length; i++) diff |= a[i]! ^ b[i]!;\n  return diff === 0;\n}\n\nexport function createSignedTimestampLayoutOps<Brand extends string>(\n  prefix: Prefix<Brand>,\n  brand: Brand,\n  rng: (target: Uint8Array) => void,\n  hmacKeys: readonly CryptoKey[],\n) {\n  const signKey = hmacKeys[0]!;\n  const brandBytes = new TextEncoder().encode(brand);\n  const syncBuffer = new Uint8Array(payloadByteLength);\n\n  return {\n    generateAt: async (ms: number): Promise<Id<Brand>> => {\n      const buffer = new Uint8Array(payloadByteLength);\n      writeTimestamp(ms, buffer);\n      rng(buffer.subarray(randomOffset, tagOffset));\n      const tag = await computeTag(\n        signKey,\n        brandBytes,\n        buffer.subarray(0, signedContentByteLength),\n      );\n      buffer.set(tag, tagOffset);\n      return toWireId(prefix, buffer);\n    },\n    tryVerify: async (id: Id<Brand>): Promise<boolean> => {\n      const payload = payloadBytesFromId(prefix, id);\n      const storedTag = payload.subarray(tagOffset, payloadByteLength);\n      const signedContent = payload.subarray(0, signedContentByteLength);\n      for (const hmacKey of hmacKeys) {\n        const expected = await computeTag(hmacKey, brandBytes, signedContent);\n        if (tagsEqual(storedTag, expected)) return true;\n      }\n      return false;\n    },\n    extractTimestamp: (id: Id<Brand>): Date =>\n      new Date(readTimestampMsFromBase32Suffix(id.slice(prefix.length))),\n    minIdForTime: (ms: number): Id<Brand> => {\n      writeTimestamp(ms, syncBuffer);\n      syncBuffer.fill(0x00, randomOffset, payloadByteLength);\n      return toWireId(prefix, syncBuffer);\n    },\n    maxIdForTime: (ms: number): Id<Brand> => {\n      writeTimestamp(ms, syncBuffer);\n      syncBuffer.fill(0xff, randomOffset, payloadByteLength);\n      return toWireId(prefix, syncBuffer);\n    },\n    exampleWireId: (): Id<Brand> => (prefix + \"0\".repeat(payloadBase32Length)) as Id<Brand>,\n  };\n}\n","import {\n  assertValidKeyMaterialByteLength,\n  assertValidKeyring,\n  decodeKeyMaterial,\n  encodeKeyMaterial,\n} from \"./key-material.js\";\n\nexport { assertValidKeyring };\n\n/** Wire encoding for signing key raw key bytes (not Crockford base32). */\nexport type SigningKeyFormat = \"hex\" | \"base64url\";\n\nconst hmacInfo = new TextEncoder().encode(\"ids/signed-timestamp/hmac\");\n\nconst SHA256_DIGEST_BYTES = 32;\n\ndeclare const signingKeyBrand: unique symbol;\n\n/**\n * Opaque imported handle for one operator signing key.\n *\n * Holds a single HMAC-SHA-256 key derived via HKDF under the domain-separation\n * label `ids/signed-timestamp/hmac`. The underlying `CryptoKey` is held\n * internally and never exposed to callers. Obtain handles via\n * {@link importSigningKey} and pass them to `createSignedTimestampId` as the\n * `keys` signing keyring.\n *\n * Distinct from both the **Opaque key** and the **Wrapping key** — the same\n * raw key material must not silently serve multiple codecs without an explicit import.\n */\nexport type SigningKey = {\n  readonly [signingKeyBrand]: \"SigningKey\";\n};\n\ntype SigningKeyInternals = {\n  keyDigest: Uint8Array;\n  hmacKey: CryptoKey;\n};\n\nconst internals = new WeakMap<SigningKey, SigningKeyInternals>();\n\n/**\n * Import raw operator key material into a {@link SigningKey} handle.\n *\n * Derives a single HMAC-SHA-256 key via HKDF under the domain-separation label\n * `ids/signed-timestamp/hmac`. Accepts 16, 24, or 32 bytes. To store or\n * transport key material, use {@link encodeSigningKey} / {@link decodeSigningKey}\n * (`\"hex\"` or `\"base64url\"` — not Crockford base32).\n *\n * @param bytes - 16, 24, or 32 raw key bytes.\n * @throws {IdsError} `invalid_key_length` if `bytes.length` is not 16, 24, or 32.\n */\nexport async function importSigningKey(bytes: Uint8Array): Promise<SigningKey> {\n  assertValidKeyMaterialByteLength(bytes.length, \"signing\");\n  const [hmacKey, digestBuffer] = await Promise.all([\n    deriveHmacKey(bytes),\n    crypto.subtle.digest(\"SHA-256\", bytes as Uint8Array<ArrayBuffer>),\n  ]);\n  const key = Object.freeze({}) as SigningKey;\n  internals.set(key, { keyDigest: new Uint8Array(digestBuffer), hmacKey });\n  return key;\n}\n\n/**\n * Encode raw signing operator key material for storage in env vars or secret managers.\n *\n * Supports `\"hex\"` (lowercase) and `\"base64url\"`. Output round-trips through\n * {@link decodeSigningKey} back to the original bytes.\n *\n * @throws {IdsError} `invalid_key_format` if `format` is not `\"hex\"` or `\"base64url\"`.\n * @throws {IdsError} `invalid_key_length` if `bytes.length` is not 16, 24, or 32.\n */\nexport function encodeSigningKey(bytes: Uint8Array, format: SigningKeyFormat): string {\n  return encodeKeyMaterial(bytes, format, \"signing\", \"signing\");\n}\n\n/**\n * Decode key material emitted by {@link encodeSigningKey} back to raw bytes.\n *\n * The result can be passed directly to {@link importSigningKey}.\n *\n * @throws {IdsError} `invalid_key_format` if `format` is not `\"hex\"` or `\"base64url\"`.\n * @throws {IdsError} `invalid_key_encoding` if the string is malformed for its format.\n * @throws {IdsError} `invalid_key_length` if the decoded bytes are not 16, 24, or 32 bytes.\n */\nexport function decodeSigningKey(encoded: string, format: SigningKeyFormat): Uint8Array {\n  return decodeKeyMaterial(encoded, format, \"signing\", \"signing\");\n}\n\n/**\n * Returns true when two handles were imported from the same raw key material.\n *\n * Uses a constant-time comparison so duplicate detection over key material does\n * not leak the position of the first differing byte through a timing side channel.\n */\nexport function signingKeysEqual(a: SigningKey, b: SigningKey): boolean {\n  const aDigest = getSigningKeyInternals(a).keyDigest;\n  const bDigest = getSigningKeyInternals(b).keyDigest;\n  let diff = 0;\n  for (let i = 0; i < SHA256_DIGEST_BYTES; i++) {\n    diff |= aDigest[i]! ^ bDigest[i]!;\n  }\n  return diff === 0;\n}\n\n/**\n * Returns the derived HMAC CryptoKey held inside the handle.\n *\n * Intentional module-internal escape hatch for codec implementations (e.g. `createSignedTimestampId`).\n * Not re-exported from `@smonn/ids/signed`; external callers cannot reach this.\n */\nexport function getSigningKeyHmacKey(key: SigningKey): CryptoKey {\n  return getSigningKeyInternals(key).hmacKey;\n}\n\nfunction getSigningKeyInternals(key: SigningKey): SigningKeyInternals {\n  const keyInternals = internals.get(key);\n  if (keyInternals === undefined) {\n    throw new Error(\"invalid signing key\");\n  }\n  return keyInternals;\n}\n\nasync function deriveHmacKey(bytes: Uint8Array): Promise<CryptoKey> {\n  const base = await crypto.subtle.importKey(\n    \"raw\",\n    bytes as Uint8Array<ArrayBuffer>,\n    \"HKDF\",\n    false,\n    [\"deriveKey\"],\n  );\n  return crypto.subtle.deriveKey(\n    { name: \"HKDF\", hash: \"SHA-256\", salt: new Uint8Array(), info: hmacInfo },\n    base,\n    { name: \"HMAC\", hash: \"SHA-256\", length: 256 },\n    false,\n    [\"sign\", \"verify\"],\n  );\n}\n","import { validateBrand } from \"./brand.js\";\nimport { IdsError, isIdsError, type IdsErrorCode } from \"./error.js\";\nimport { createSignedTimestampLayoutOps } from \"./layouts/signed-timestamp.js\";\nimport { registerBrand } from \"./registry.js\";\nimport { defaultRng } from \"./rng.js\";\nimport type {\n  Id,\n  JsonSchema,\n  ParseError,\n  ParseResult,\n  Prefix,\n  StandardSchemaProps,\n} from \"./types.js\";\nimport { wireMethods } from \"./wire/codec-shell.js\";\nimport {\n  assertValidKeyring,\n  decodeSigningKey,\n  encodeSigningKey,\n  getSigningKeyHmacKey,\n  importSigningKey,\n  signingKeysEqual,\n  type SigningKey,\n  type SigningKeyFormat,\n} from \"./signing-key.js\";\n\n/** {@link IdsError} class, {@link isIdsError} type guard, and {@link IdsErrorCode} union — re-exported for convenience. */\nexport { IdsError, isIdsError, type IdsErrorCode };\nexport {\n  decodeSigningKey,\n  encodeSigningKey,\n  importSigningKey,\n  type SigningKey,\n  type SigningKeyFormat,\n};\n\n/**\n * Configuration options for a Signed Timestamp codec instance.\n */\nexport type SignedTimestampOptions = {\n  /**\n   * Non-empty ordered signing keyring. The first entry is current — the only one\n   * `generate` / `generateAt` sign with. `verify` / `safeVerify` trial every entry\n   * until the tag matches. Duplicate raw secrets are rejected at construction.\n   */\n  keys: [SigningKey, ...SigningKey[]];\n  /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */\n  now?: () => number;\n  /** Writes 5 random bytes into `target` for the random tail. Defaults to `crypto.getRandomValues`. */\n  rng?: (target: Uint8Array) => void;\n  /** If true, silences the duplicate-brand warning in non-production environments. */\n  allowDuplicateBrand?: boolean;\n};\n\n/**\n * Result returned by {@link SignedTimestampCodec.safeVerify}.\n *\n * On success, `id` is the canonical {@link Id}.\n * On failure, `error` is a {@link ParseError} for structural problems or\n * `\"verification_failed\"` when the HMAC tag does not match any entry in the\n * signing keyring.\n */\nexport type SafeVerifyResult<Brand extends string> =\n  | { ok: true; id: Id<Brand> }\n  | { ok: false; error: ParseError | \"verification_failed\" };\n\n/**\n * Codec returned by {@link createSignedTimestampId}.\n *\n * Keeps the 6-byte millisecond timestamp **readable and sortable** like the\n * Timestamp codec, but replaces half of the 10-byte random tail with a truncated\n * HMAC tag, making IDs **tamper-evident and verifiable without a database lookup**.\n *\n * Byte layout: `ts6 ‖ rand5 ‖ tag5` where the 40-bit tag =\n * `trunc(HMAC-SHA256(hmacKey, brand ‖ ts6 ‖ rand5), 40)`.\n *\n * - Async (HMAC): `generate`, `generateAt`, `verify`, `safeVerify`.\n * - Sync (no key / plaintext timestamp): all other methods.\n */\nexport type SignedTimestampCodec<Brand extends string> = {\n  /** Produces a canonical ID signed with the current (first) key. */\n  generate(): Promise<Id<Brand>>;\n  /**\n   * Produces a canonical ID with timestamp from `date`, signed with the current key.\n   * Throws on invalid dates.\n   */\n  generateAt(date: Date): Promise<Id<Brand>>;\n  /**\n   * Recomputes the HMAC tag across every keyring entry.\n   *\n   * Throws `IdsError` with `code: \"verification_failed\"` if no entry matches.\n   * Tamper of the brand, timestamp bytes, or random bytes all fail here.\n   */\n  verify(id: Id<Brand>): Promise<void>;\n  /**\n   * Non-throwing path for untrusted input.\n   *\n   * Structurally parses `input` first (same rules as {@link safeParse}), then\n   * verifies the HMAC tag. Returns `{ ok: false, error }` on any failure —\n   * {@link ParseError} for structural problems or `\"verification_failed\"` for tag\n   * mismatch — without throwing.\n   */\n  safeVerify(input: unknown): Promise<SafeVerifyResult<Brand>>;\n  /**\n   * Decodes the creation `Date` from an `Id<Brand>`.\n   * Sync — the 6-byte timestamp is plaintext. Trusts the type; use `safeParse()` at boundaries first.\n   */\n  extractTimestamp(id: Id<Brand>): Date;\n  /**\n   * Tight lower bound sentinel for range scans (`ts(t) ‖ 0x00×10`).\n   * **Not verifiable** — carries no valid tag.\n   */\n  minIdForTime(date: Date): Id<Brand>;\n  /**\n   * Tight upper bound sentinel for range scans (`ts(t) ‖ 0xff×10`).\n   * **Not verifiable** — carries no valid tag.\n   */\n  maxIdForTime(date: Date): Id<Brand>;\n  /**\n   * Strict type guard: `true` only for already-canonical `Id<Brand>` strings.\n   * For untrusted input, use `safeParse()` or `safeVerify()` instead.\n   */\n  is(value: unknown): value is Id<Brand>;\n  /** Normalise to canonical form, or throw on parse failure. */\n  parse(value: unknown): Id<Brand>;\n  /** Normalise to canonical form, or return `{ ok: false, error }`. */\n  safeParse(value: unknown): ParseResult<Brand>;\n  /** JSON Schema for the canonical wire form (`pattern` is canonical-only). */\n  toJsonSchema(): JsonSchema;\n  /** Standard Schema validate entry point. */\n  readonly \"~standard\": StandardSchemaProps<Brand>;\n};\n\n/**\n * Construct a {@link SignedTimestampCodec} for `brand`.\n *\n * `opts.keys` is a non-empty ordered signing keyring — the first entry is current\n * (used by `generate` / `generateAt`); all entries are tried on `verify` /\n * `safeVerify`; duplicate operator secrets are rejected at construction.\n *\n * @example\n * ```ts\n * const key = await importSigningKey(new Uint8Array(32));\n * const usr = createSignedTimestampId(\"usr\", { keys: [key] });\n *\n * const id = await usr.generate();        // Id<\"usr\">\n * await usr.verify(id);                   // passes\n * usr.extractTimestamp(id);               // Date — sync, timestamp is plaintext\n * ```\n */\nexport function createSignedTimestampId<Brand extends string>(\n  brand: Brand,\n  opts: SignedTimestampOptions,\n): SignedTimestampCodec<Brand> {\n  validateBrand(brand);\n  registerBrand(brand, opts.allowDuplicateBrand);\n  assertValidKeyring(opts.keys, signingKeysEqual, \"signing\");\n\n  const hmacKeys = opts.keys.map(getSigningKeyHmacKey);\n  const now = opts.now ?? Date.now;\n  const rng = opts.rng ?? defaultRng;\n  const prefix: Prefix<Brand> = `${brand}_`;\n  const wire = wireMethods(prefix);\n  const layout = createSignedTimestampLayoutOps(prefix, brand, rng, hmacKeys);\n\n  return {\n    generate: () => layout.generateAt(now()),\n    generateAt: (date: Date) => layout.generateAt(date.getTime()),\n    verify: async (id) => {\n      const ok = await layout.tryVerify(id);\n      if (!ok) throw new IdsError(\"verification_failed\", \"verification failed\");\n    },\n    safeVerify: async (input) => {\n      const parsed = wire.safeParse(input);\n      if (!parsed.ok) return parsed;\n      const ok = await layout.tryVerify(parsed.id);\n      if (!ok) return { ok: false, error: \"verification_failed\" };\n      return { ok: true, id: parsed.id };\n    },\n    extractTimestamp: layout.extractTimestamp,\n    minIdForTime: (date: Date) => layout.minIdForTime(date.getTime()),\n    maxIdForTime: (date: Date) => layout.maxIdForTime(date.getTime()),\n    is: wire.is,\n    parse: wire.parse,\n    safeParse: wire.safeParse,\n    toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId()),\n    \"~standard\": wire[\"~standard\"],\n  };\n}\n"],"mappings":";;;;;AAUA,MAAM,gBAAgB;AACtB,MAAM,eAAA;AACN,MAAM,YAAY;AAClB,MAAM,0BAA0B;AAEhC,eAAe,WACb,SACA,YACA,eACqB;CACrB,MAAM,UAAU,IAAI,WAAW,WAAW,SAAS,cAAc,MAAM;CACvE,QAAQ,IAAI,YAAY,CAAC;CACzB,QAAQ,IAAI,eAAe,WAAW,MAAM;CAI5C,OAAO,IAHe,WACpB,MAAM,OAAO,OAAO,KAAK,QAAQ,SAAS,OAAkC,CAE/D,CAAC,CAAC,SAAS,GAAG,aAAa;AAC5C;AAEA,SAAS,UAAU,GAAe,GAAwB;;CAExD,IAAI,EAAE,WAAW,EAAE,QAAQ,OAAO;CAClC,IAAI,OAAO;CACX,KAAK,IAAI,IAAI,GAAG,IAAI,EAAE,QAAQ,KAAK,QAAQ,EAAE,KAAM,EAAE;CACrD,OAAO,SAAS;AAClB;AAEA,SAAgB,+BACd,QACA,OACA,KACA,UACA;CACA,MAAM,UAAU,SAAS;CACzB,MAAM,aAAa,IAAI,YAAY,CAAC,CAAC,OAAO,KAAK;CACjD,MAAM,6BAAa,IAAI,WAAA,EAA4B;CAEnD,OAAO;EACL,YAAY,OAAO,OAAmC;GACpD,MAAM,yBAAS,IAAI,WAAA,EAA4B;GAC/C,eAAe,IAAI,MAAM;GACzB,IAAI,OAAO,SAAS,cAAc,SAAS,CAAC;GAC5C,MAAM,MAAM,MAAM,WAChB,SACA,YACA,OAAO,SAAS,GAAG,uBAAuB,CAC5C;GACA,OAAO,IAAI,KAAK,SAAS;GACzB,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,WAAW,OAAO,OAAoC;GACpD,MAAM,UAAU,mBAAmB,QAAQ,EAAE;GAC7C,MAAM,YAAY,QAAQ,SAAS,WAAA,EAA4B;GAC/D,MAAM,gBAAgB,QAAQ,SAAS,GAAG,uBAAuB;GACjE,KAAK,MAAM,WAAW,UAEpB,IAAI,UAAU,WAAW,MADF,WAAW,SAAS,YAAY,aAAa,CACnC,GAAG,OAAO;GAE7C,OAAO;EACT;EACA,mBAAmB,OACjB,IAAI,KAAK,gCAAgC,GAAG,MAAM,OAAO,MAAM,CAAC,CAAC;EACnE,eAAe,OAA0B;GACvC,eAAe,IAAI,UAAU;GAC7B,WAAW,KAAK,GAAM,cAAA,EAA+B;GACrD,OAAO,SAAS,QAAQ,UAAU;EACpC;EACA,eAAe,OAA0B;GACvC,eAAe,IAAI,UAAU;GAC7B,WAAW,KAAK,KAAM,cAAA,EAA+B;GACrD,OAAO,SAAS,QAAQ,UAAU;EACpC;EACA,qBAAiC,SAAS,IAAI,OAAO,mBAAmB;CAC1E;AACF;;;ACxEA,MAAM,WAAW,IAAI,YAAY,CAAC,CAAC,OAAO,2BAA2B;AAErE,MAAM,sBAAsB;AAyB5B,MAAM,4BAAY,IAAI,QAAyC;;;;;;;;;;;;AAa/D,eAAsB,iBAAiB,OAAwC;CAC7E,iCAAiC,MAAM,QAAQ,SAAS;CACxD,MAAM,CAAC,SAAS,gBAAgB,MAAM,QAAQ,IAAI,CAChD,cAAc,KAAK,GACnB,OAAO,OAAO,OAAO,WAAW,KAAgC,CAClE,CAAC;CACD,MAAM,MAAM,OAAO,OAAO,CAAC,CAAC;CAC5B,UAAU,IAAI,KAAK;EAAE,WAAW,IAAI,WAAW,YAAY;EAAG;CAAQ,CAAC;CACvE,OAAO;AACT;;;;;;;;;;AAWA,SAAgB,iBAAiB,OAAmB,QAAkC;CACpF,OAAO,kBAAkB,OAAO,QAAQ,WAAW,SAAS;AAC9D;;;;;;;;;;AAWA,SAAgB,iBAAiB,SAAiB,QAAsC;CACtF,OAAO,kBAAkB,SAAS,QAAQ,WAAW,SAAS;AAChE;;;;;;;AAQA,SAAgB,iBAAiB,GAAe,GAAwB;CACtE,MAAM,UAAU,uBAAuB,CAAC,CAAC,CAAC;CAC1C,MAAM,UAAU,uBAAuB,CAAC,CAAC,CAAC;CAC1C,IAAI,OAAO;CACX,KAAK,IAAI,IAAI,GAAG,IAAI,qBAAqB,KACvC,QAAQ,QAAQ,KAAM,QAAQ;CAEhC,OAAO,SAAS;AAClB;;;;;;;AAQA,SAAgB,qBAAqB,KAA4B;CAC/D,OAAO,uBAAuB,GAAG,CAAC,CAAC;AACrC;AAEA,SAAS,uBAAuB,KAAsC;CACpE,MAAM,eAAe,UAAU,IAAI,GAAG;CACtC,IAAI,iBAAiB,KAAA,GACnB,MAAM,IAAI,MAAM,qBAAqB;CAEvC,OAAO;AACT;AAEA,eAAe,cAAc,OAAuC;CAClE,MAAM,OAAO,MAAM,OAAO,OAAO,UAC/B,OACA,OACA,QACA,OACA,CAAC,WAAW,CACd;CACA,OAAO,OAAO,OAAO,UACnB;EAAE,MAAM;EAAQ,MAAM;EAAW,sBAAM,IAAI,WAAW;EAAG,MAAM;CAAS,GACxE,MACA;EAAE,MAAM;EAAQ,MAAM;EAAW,QAAQ;CAAI,GAC7C,OACA,CAAC,QAAQ,QAAQ,CACnB;AACF;;;;;;;;;;;;;;;;;;;;ACWA,SAAgB,wBACd,OACA,MAC6B;CAC7B,cAAc,KAAK;CACnB,cAAc,OAAO,KAAK,mBAAmB;CAC7C,mBAAmB,KAAK,MAAM,kBAAkB,SAAS;CAEzD,MAAM,WAAW,KAAK,KAAK,IAAI,oBAAoB;CACnD,MAAM,MAAM,KAAK,OAAO,KAAK;CAC7B,MAAM,MAAM,KAAK,OAAO;CACxB,MAAM,SAAwB,GAAG,MAAM;CACvC,MAAM,OAAO,YAAY,MAAM;CAC/B,MAAM,SAAS,+BAA+B,QAAQ,OAAO,KAAK,QAAQ;CAE1E,OAAO;EACL,gBAAgB,OAAO,WAAW,IAAI,CAAC;EACvC,aAAa,SAAe,OAAO,WAAW,KAAK,QAAQ,CAAC;EAC5D,QAAQ,OAAO,OAAO;GAEpB,IAAI,CAAC,MADY,OAAO,UAAU,EAAE,GAC3B,MAAM,IAAI,SAAS,uBAAuB,qBAAqB;EAC1E;EACA,YAAY,OAAO,UAAU;GAC3B,MAAM,SAAS,KAAK,UAAU,KAAK;GACnC,IAAI,CAAC,OAAO,IAAI,OAAO;GAEvB,IAAI,CAAC,MADY,OAAO,UAAU,OAAO,EAAE,GAClC,OAAO;IAAE,IAAI;IAAO,OAAO;GAAsB;GAC1D,OAAO;IAAE,IAAI;IAAM,IAAI,OAAO;GAAG;EACnC;EACA,kBAAkB,OAAO;EACzB,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,IAAI,KAAK;EACT,OAAO,KAAK;EACZ,WAAW,KAAK;EAChB,oBAAoB,KAAK,aAAa,OAAO,OAAO,cAAc,CAAC;EACnE,aAAa,KAAK;CACpB;AACF"}

package/dist/signed.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"signed.d.mts","names":[],"sources":["../src/signing-key.ts","../src/signed.ts"],"mappings":";;;;;KAIY,gBAAA;AAAA,cAME,eAAA;;AANd;;;;AAAY;AAA2B;;;;AAMzB;AAcd;KAAY,UAAA;EAAA,UACA,eAAA;AAAA;AAAA;AAqBZ;;;;;;;;;;AArBY,iBAqBU,gBAAA,CAAiB,KAAA,EAAO,UAAA,GAAa,OAAA,CAAQ,UAAA;;;AAAA;AAiBnE;;;;;;iBAAgB,gBAAA,CAAiB,KAAA,EAAO,UAAA,EAAY,MAAA,EAAQ,gBAAA;;;AAAA;AAgB5D;;;;;;iBAAgB,gBAAA,CAAiB,OAAA,UAAiB,MAAA,EAAQ,gBAAA,GAAmB,UAAA;;;;;AA3EjE;KCiCA,sBAAA;ED3BE;;;AAAA;AAcd;ECmBE,IAAA,GAAO,UAAA,KAAe,UAAA;EAEtB,GAAA,iBDpBU;ECsBV,GAAA,IAAO,MAAA,EAAQ,UAAA,WDDK;ECGpB,mBAAA;AAAA;;;;;;;;;KAWU,gBAAA;EACN,EAAA;EAAU,EAAA,EAAI,EAAA,CAAG,KAAA;AAAA;EACjB,EAAA;EAAW,KAAA,EAAO,UAAA;AAAA;;;;;ADCoC;AAgB5D;;;;;;;;KCFY,oBAAA;EDEiE,mECA3E,QAAA,IAAY,OAAA,CAAQ,EAAA,CAAG,KAAA;;;AA1CzB;;EA+CE,UAAA,CAAW,IAAA,EAAM,IAAA,GAAO,OAAA,CAAQ,EAAA,CAAG,KAAA;;;;;;;EAOnC,MAAA,CAAO,EAAA,EAAI,EAAA,CAAG,KAAA,IAAS,OAAA;;;;;;;;AA1CvB;EAmDA,UAAA,CAAW,KAAA,YAAiB,OAAA,CAAQ,gBAAA,CAAiB,KAAA;EAxC3C;;;;EA6CV,gBAAA,CAAiB,EAAA,EAAI,EAAA,CAAG,KAAA,IAAS,IAAA;EA3CX;;;;EAgDtB,YAAA,CAAa,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;;;;;EAK7B,YAAA,CAAa,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;EArDP;AAAA;AAexB;;EA2CE,EAAA,CAAG,KAAA,YAAiB,KAAA,IAAS,EAAA,CAAG,KAAA;EAEhC,KAAA,CAAM,KAAA,YAAiB,EAAA,CAAG,KAAA;EAE1B,SAAA,CAAU,KAAA,YAAiB,WAAA,CAAY,KAAA;EAEvC,YAAA,IAAgB,UAAA;WAEP,WAAA,EAAa,mBAAA,CAAoB,KAAA;AAAA;;;;;;;;;;;;;;;;;;iBAwB5B,uBAAA,uBACd,KAAA,EAAO,KAAA,EACP,IAAA,EAAM,sBAAA,GACL,oBAAA,CAAqB,KAAA"}
+{"version":3,"file":"signed.d.mts","names":[],"sources":["../src/signing-key.ts","../src/signed.ts"],"mappings":";;;;;KAUY,gBAAA;AAAA,cAME,eAAA;;;;AANF;AAA2B;;;;AAMzB;AAcd;;;KAAY,UAAA;EAAA,UACA,eAAA;AAAA;;;;;;;;;;;;iBAqBU,gBAAA,CAAiB,KAAA,EAAO,UAAA,GAAa,OAAA,CAAQ,UAAA;AAAA;AAoBnE;;;;;;;;AApBmE,iBAoBnD,gBAAA,CAAiB,KAAA,EAAO,UAAA,EAAY,MAAA,EAAQ,gBAAA;AAAA;AAa5D;;;;;;;;AAb4D,iBAa5C,gBAAA,CAAiB,OAAA,UAAiB,MAAA,EAAQ,gBAAA,GAAmB,UAAA;;;;;AA3EjE;KC4BA,sBAAA;EDtBE;;;AAAA;AAcd;ECcE,IAAA,GAAO,UAAA,KAAe,UAAA;EAEtB,GAAA,iBDfU;ECiBV,GAAA,IAAO,MAAA,EAAQ,UAAA,WDIK;ECFpB,mBAAA;AAAA;;;;;;;;;KAWU,gBAAA;EACN,EAAA;EAAU,EAAA,EAAI,EAAA,CAAG,KAAA;AAAA;EACjB,EAAA;EAAW,KAAA,EAAO,UAAA;AAAA;;;;;ADSoC;AAa5D;;;;;;;;KCPY,oBAAA;EDOiE,mECL3E,QAAA,IAAY,OAAA,CAAQ,EAAA,CAAG,KAAA;;;AA1CzB;;EA+CE,UAAA,CAAW,IAAA,EAAM,IAAA,GAAO,OAAA,CAAQ,EAAA,CAAG,KAAA;;;;;;;EAOnC,MAAA,CAAO,EAAA,EAAI,EAAA,CAAG,KAAA,IAAS,OAAA;;;;;;;;AA1CvB;EAmDA,UAAA,CAAW,KAAA,YAAiB,OAAA,CAAQ,gBAAA,CAAiB,KAAA;EAxC3C;;;;EA6CV,gBAAA,CAAiB,EAAA,EAAI,EAAA,CAAG,KAAA,IAAS,IAAA;EA3CX;;;;EAgDtB,YAAA,CAAa,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;;;;;EAK7B,YAAA,CAAa,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;EArDP;AAAA;AAexB;;EA2CE,EAAA,CAAG,KAAA,YAAiB,KAAA,IAAS,EAAA,CAAG,KAAA;EAEhC,KAAA,CAAM,KAAA,YAAiB,EAAA,CAAG,KAAA;EAE1B,SAAA,CAAU,KAAA,YAAiB,WAAA,CAAY,KAAA;EAEvC,YAAA,IAAgB,UAAA;WAEP,WAAA,EAAa,mBAAA,CAAoB,KAAA;AAAA;;;;;;;;;;;;;;;;;;iBAoB5B,uBAAA,uBACd,KAAA,EAAO,KAAA,EACP,IAAA,EAAM,sBAAA,GACL,oBAAA,CAAqB,KAAA"}

package/dist/signed.mjs

@@ -1,257 +1,3 @@
 import { n as isIdsError, t as IdsError } from "./error-Cp5qYZcv.mjs";
-import { a as toWireId, i as payloadBytesFromId, n as registerBrand, r as payloadBase32Length, s as validateBrand, t as wireMethods } from "./codec-shell-DH-UO4UR.mjs";
-import { n as readTimestampMsFromBase32Suffix, r as writeTimestamp } from "./timestamp-bytes-BBY7JI33.mjs";
-import { i as encodeHex, n as decodeHex, r as encodeBase64Url, t as decodeBase64Url } from "./bytes-lhzKVaBV.mjs";
-const tagByteLength = 5;
-const randomOffset = 6;
-const tagOffset = 11;
-const signedContentByteLength = 11;
-async function computeTag(hmacKey, brandBytes, signedContent) {
-	const message = new Uint8Array(brandBytes.length + signedContent.length);
-	message.set(brandBytes, 0);
-	message.set(signedContent, brandBytes.length);
-	return new Uint8Array(await crypto.subtle.sign("HMAC", hmacKey, message)).subarray(0, tagByteLength);
-}
-function tagsEqual(a, b) {
-	/* v8 ignore next -- defensive guard; both call sites always pass tagByteLength-byte arrays */
-	if (a.length !== b.length) return false;
-	let diff = 0;
-	for (let i = 0; i < a.length; i++) diff |= a[i] ^ b[i];
-	return diff === 0;
-}
-function createSignedTimestampLayoutOps(prefix, brand, rng, hmacKeys) {
-	const signKey = hmacKeys[0];
-	const brandBytes = new TextEncoder().encode(brand);
-	const syncBuffer = new Uint8Array(16);
-	return {
-		generateAt: async (ms) => {
-			const buffer = new Uint8Array(16);
-			writeTimestamp(ms, buffer);
-			rng(buffer.subarray(randomOffset, tagOffset));
-			const tag = await computeTag(signKey, brandBytes, buffer.subarray(0, signedContentByteLength));
-			buffer.set(tag, tagOffset);
-			return toWireId(prefix, buffer);
-		},
-		tryVerify: async (id) => {
-			const payload = payloadBytesFromId(prefix, id);
-			const storedTag = payload.subarray(tagOffset, 16);
-			const signedContent = payload.subarray(0, signedContentByteLength);
-			for (const hmacKey of hmacKeys) if (tagsEqual(storedTag, await computeTag(hmacKey, brandBytes, signedContent))) return true;
-			return false;
-		},
-		extractTimestamp: (id) => new Date(readTimestampMsFromBase32Suffix(id.slice(prefix.length))),
-		minIdForTime: (ms) => {
-			writeTimestamp(ms, syncBuffer);
-			syncBuffer.fill(0, randomOffset, 16);
-			return toWireId(prefix, syncBuffer);
-		},
-		maxIdForTime: (ms) => {
-			writeTimestamp(ms, syncBuffer);
-			syncBuffer.fill(255, randomOffset, 16);
-			return toWireId(prefix, syncBuffer);
-		},
-		exampleWireId: () => prefix + "0".repeat(payloadBase32Length)
-	};
-}
-//#endregion
-//#region src/signing-key.ts
-const validKeyByteLengths = new Set([
-	16,
-	24,
-	32
-]);
-const hmacInfo = new TextEncoder().encode("ids/signed-timestamp/hmac");
-const internals = /* @__PURE__ */ new WeakMap();
-/**
-* Import raw operator key material into a {@link SigningKey} handle.
-*
-* Derives a single HMAC-SHA-256 key via HKDF under the domain-separation label
-* `ids/signed-timestamp/hmac`. Accepts 16, 24, or 32 bytes. To store or
-* transport key material, use {@link encodeSigningKey} / {@link decodeSigningKey}
-* (`"hex"` or `"base64url"` — not Crockford base32).
-*
-* @param bytes - 16, 24, or 32 raw key bytes.
-* @throws {IdsError} `invalid_key_length` if `bytes.length` is not 16, 24, or 32.
-*/
-async function importSigningKey(bytes) {
-	assertValidKeyByteLength(bytes.length);
-	const hmacKey = await deriveHmacKey(bytes);
-	const key = Object.freeze({});
-	internals.set(key, {
-		rawBytes: bytes.slice(),
-		hmacKey
-	});
-	return key;
-}
-/**
-* Encode raw signing operator key material for storage in env vars or secret managers.
-*
-* Supports `"hex"` (lowercase) and `"base64url"`. Output round-trips through
-* {@link decodeSigningKey} back to the original bytes.
-*
-* @throws {IdsError} `invalid_key_format` if `format` is not `"hex"` or `"base64url"`.
-* @throws {IdsError} `invalid_key_length` if `bytes.length` is not 16, 24, or 32.
-*/
-function encodeSigningKey(bytes, format) {
-	assertSigningKeyFormat(format);
-	assertValidKeyByteLength(bytes.length);
-	if (format === "hex") return encodeHex(bytes);
-	return encodeBase64Url(bytes);
-}
-/**
-* Decode key material emitted by {@link encodeSigningKey} back to raw bytes.
-*
-* The result can be passed directly to {@link importSigningKey}.
-*
-* @throws {IdsError} `invalid_key_format` if `format` is not `"hex"` or `"base64url"`.
-* @throws {IdsError} `invalid_key_encoding` if the string is malformed for its format.
-* @throws {IdsError} `invalid_key_length` if the decoded bytes are not 16, 24, or 32 bytes.
-*/
-function decodeSigningKey(encoded, format) {
-	assertSigningKeyFormat(format);
-	let bytes;
-	if (format === "hex") {
-		if (encoded.length === 0 || encoded.length % 2 !== 0) throw new IdsError("invalid_key_encoding", "invalid hex key: length must be a positive even number of characters");
-		if (!/^[0-9a-fA-F]+$/.test(encoded)) throw new IdsError("invalid_key_encoding", "invalid hex key: expected [0-9a-fA-F] only");
-		bytes = decodeHex(encoded);
-	} else try {
-		bytes = decodeBase64Url(encoded);
-	} catch {
-		throw new IdsError("invalid_key_encoding", "invalid base64url key");
-	}
-	assertValidKeyByteLength(bytes.length);
-	return bytes;
-}
-/**
-* Returns true when two handles were imported from the same raw key material.
-*
-* Uses a constant-time comparison so duplicate detection over key material does
-* not leak the position of the first differing byte through a timing side channel.
-*/
-function signingKeysEqual(a, b) {
-	const aBytes = getSigningKeyInternals(a).rawBytes;
-	const bBytes = getSigningKeyInternals(b).rawBytes;
-	if (aBytes.length !== bBytes.length) return false;
-	let diff = 0;
-	for (let i = 0; i < aBytes.length; i++) diff |= aBytes[i] ^ bBytes[i];
-	return diff === 0;
-}
-/**
-* Returns the derived HMAC CryptoKey held inside the handle.
-*
-* Intentional module-internal escape hatch for codec implementations (e.g. `createSignedTimestampId`).
-* Not re-exported from `@smonn/ids/signed`; external callers cannot reach this.
-*/
-function getSigningKeyHmacKey(key) {
-	return getSigningKeyInternals(key).hmacKey;
-}
-/**
-* Asserts that a signing keyring is non-empty.
-* @throws {IdsError} `empty_keyring` if the array is empty.
-*/
-function assertNonEmptySigningKeyring(keys) {
-	if (keys.length === 0) throw new IdsError("empty_keyring", "signing keyring must contain at least one key");
-}
-/**
-* Asserts that no two entries in the signing keyring share the same raw bytes.
-* @throws {IdsError} `duplicate_keyring_entry` if a duplicate is found.
-*/
-function assertNonDuplicateSigningKeys(keys) {
-	for (let i = 0; i < keys.length; i++) for (let j = i + 1; j < keys.length; j++) if (signingKeysEqual(keys[i], keys[j])) throw new IdsError("duplicate_keyring_entry", "duplicate signing key in keyring");
-}
-function getSigningKeyInternals(key) {
-	const keyInternals = internals.get(key);
-	if (keyInternals === void 0) throw new Error("invalid signing key");
-	return keyInternals;
-}
-async function deriveHmacKey(bytes) {
-	const base = await crypto.subtle.importKey("raw", bytes, "HKDF", false, ["deriveKey"]);
-	return crypto.subtle.deriveKey({
-		name: "HKDF",
-		hash: "SHA-256",
-		salt: new Uint8Array(),
-		info: hmacInfo
-	}, base, {
-		name: "HMAC",
-		hash: "SHA-256",
-		length: 256
-	}, false, ["sign", "verify"]);
-}
-function assertValidKeyByteLength(byteLength) {
-	if (!validKeyByteLengths.has(byteLength)) throw new IdsError("invalid_key_length", `invalid signing key length: expected 16, 24, or 32 bytes, got ${byteLength}`);
-}
-function assertSigningKeyFormat(format) {
-	if (format !== "hex" && format !== "base64url") throw new IdsError("invalid_key_format", `invalid signing key format: expected hex or base64url, got '${formatForError(format)}'`);
-}
-function formatForError(value) {
-	try {
-		return String(value);
-	} catch {
-		return "[unprintable]";
-	}
-}
-//#endregion
-//#region src/signed.ts
-function defaultRng(target) {
-	crypto.getRandomValues(target);
-}
-/**
-* Construct a {@link SignedTimestampCodec} for `brand`.
-*
-* `opts.keys` is a non-empty ordered signing keyring — the first entry is current
-* (used by `generate` / `generateAt`); all entries are tried on `verify` /
-* `safeVerify`; duplicate operator secrets are rejected at construction.
-*
-* @example
-* ```ts
-* const key = await importSigningKey(new Uint8Array(32));
-* const usr = createSignedTimestampId("usr", { keys: [key] });
-*
-* const id = await usr.generate();        // Id<"usr">
-* await usr.verify(id);                   // passes
-* usr.extractTimestamp(id);               // Date — sync, timestamp is plaintext
-* ```
-*/
-function createSignedTimestampId(brand, opts) {
-	validateBrand(brand);
-	registerBrand(brand, opts.allowDuplicateBrand);
-	assertNonEmptySigningKeyring(opts.keys);
-	assertNonDuplicateSigningKeys(opts.keys);
-	const hmacKeys = opts.keys.map(getSigningKeyHmacKey);
-	const now = opts.now ?? Date.now;
-	const rng = opts.rng ?? defaultRng;
-	const prefix = `${brand}_`;
-	const wire = wireMethods(prefix);
-	const layout = createSignedTimestampLayoutOps(prefix, brand, rng, hmacKeys);
-	return {
-		generate: () => layout.generateAt(now()),
-		generateAt: (date) => layout.generateAt(date.getTime()),
-		verify: async (id) => {
-			if (!await layout.tryVerify(id)) throw new IdsError("verification_failed", "verification failed");
-		},
-		safeVerify: async (input) => {
-			const parsed = wire.safeParse(input);
-			if (!parsed.ok) return parsed;
-			if (!await layout.tryVerify(parsed.id)) return {
-				ok: false,
-				error: "verification_failed"
-			};
-			return {
-				ok: true,
-				id: parsed.id
-			};
-		},
-		extractTimestamp: layout.extractTimestamp,
-		minIdForTime: (date) => layout.minIdForTime(date.getTime()),
-		maxIdForTime: (date) => layout.maxIdForTime(date.getTime()),
-		is: wire.is,
-		parse: wire.parse,
-		safeParse: wire.safeParse,
-		toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId()),
-		"~standard": wire["~standard"]
-	};
-}
-//#endregion
+import { i as importSigningKey, n as decodeSigningKey, r as encodeSigningKey, t as createSignedTimestampId } from "./signed-BnRSC03a.mjs";
 export { IdsError, createSignedTimestampId, decodeSigningKey, encodeSigningKey, importSigningKey, isIdsError };
-
-//# sourceMappingURL=signed.mjs.map

package/dist/{timestamp-B5_UCzc6.mjs → timestamp-BbZL8hwg.mjs}

@@ -1,5 +1,5 @@
-import { a as toWireId, n as registerBrand, s as validateBrand, t as wireMethods } from "./codec-shell-DH-UO4UR.mjs";
-import { n as readTimestampMsFromBase32Suffix, r as writeTimestamp } from "./timestamp-bytes-BBY7JI33.mjs";
+import { a as toWireId, n as registerBrand, s as validateBrand, t as wireMethods } from "./codec-shell-CW2sD6BU.mjs";
+import { n as readTimestampMsFromBase32Suffix, r as writeTimestamp } from "./timestamp-bytes-DoFjLjDp.mjs";
 //#region src/layouts/timestamp.ts
 const randomByteLength = 10;
 /** Writes a 16-byte timestamp-layout payload into codec-owned scratch. */
@@ -18,7 +18,7 @@ function extractTimestampFromId(prefix, id) {
 }
 /** Layout ops binder for the Timestamp variant. `extractTimestampFromId` is module-private; the binder exposes `extractTimestamp` for the codec constructor. */
 function createTimestampLayoutOps(prefix, rng) {
-	const buffer = new Uint8Array(16);
+	const buffer = /* @__PURE__ */ new Uint8Array(16);
 	const randomView = new Uint8Array(buffer.buffer, 6, randomByteLength);
 	return {
 		generateAt: (ms) => {
@@ -42,7 +42,7 @@ function createTimestampLayoutOps(prefix, rng) {
 }
 //#endregion
 //#region src/timestamp.ts
-const hexCharCodeToNibble = new Uint8Array(128);
+const hexCharCodeToNibble = /* @__PURE__ */ new Uint8Array(128);
 for (let i = 0; i < 10; i++) hexCharCodeToNibble[48 + i] = i;
 for (let i = 0; i < 6; i++) hexCharCodeToNibble[97 + i] = 10 + i;
 const defaultTimestampOptions = {
@@ -93,4 +93,4 @@ function createTimestampId(brand, opts = {}) {
 //#endregion
 export { createTimestampId as t };
 
-//# sourceMappingURL=timestamp-B5_UCzc6.mjs.map
+//# sourceMappingURL=timestamp-BbZL8hwg.mjs.map

package/dist/{timestamp-B5_UCzc6.mjs.map → timestamp-BbZL8hwg.mjs.map}

@@ -1 +1 @@
-{"version":3,"file":"timestamp-B5_UCzc6.mjs","names":[],"sources":["../src/layouts/timestamp.ts","../src/timestamp.ts"],"sourcesContent":["import type { Id, Prefix } from \"../types.js\";\nimport { toWireId } from \"../wire/envelope.js\";\nimport { payloadByteLength } from \"../wire/invariants.js\";\nimport {\n  readTimestampMsFromBase32Suffix,\n  timestampByteLength,\n  writeTimestamp,\n} from \"../wire/timestamp-bytes.js\";\n\nconst randomByteLength: number = payloadByteLength - timestampByteLength;\n\n/** Writes a 16-byte timestamp-layout payload into codec-owned scratch. */\nfunction buildPayload(\n  ms: number,\n  rng: (target: Uint8Array) => void,\n  buffer: Uint8Array,\n  randomView: Uint8Array,\n): void {\n  writeTimestamp(ms, buffer);\n  rng(randomView);\n}\n\n/** Writes sentinel min/max random bytes into codec-owned scratch. */\nfunction buildSentinelPayload(\n  ms: number,\n  fill: number,\n  buffer: Uint8Array,\n  randomView: Uint8Array,\n): void {\n  writeTimestamp(ms, buffer);\n  randomView.fill(fill);\n}\n\n/** Decodes the creation timestamp from a trusted wire ID. */\nfunction extractTimestampFromId<Brand extends string>(prefix: Prefix<Brand>, id: Id<Brand>): Date {\n  return new Date(readTimestampMsFromBase32Suffix(id.slice(prefix.length)));\n}\n\n/** Layout ops binder for the Timestamp variant. `extractTimestampFromId` is module-private; the binder exposes `extractTimestamp` for the codec constructor. */\nexport function createTimestampLayoutOps<Brand extends string>(\n  prefix: Prefix<Brand>,\n  rng: (target: Uint8Array) => void,\n) {\n  // Per-codec scratch buffer. Shared across generateAt(), minIdForTime(),\n  // maxIdForTime(), and exampleWireId() — all are synchronous and overwrite both\n  // the timestamp and random slices before encoding, so successive callers see\n  // their own freshly-written bytes. toWireId reads the buffer and returns an\n  // independent string, so the caller never sees the buffer itself.\n  const buffer = new Uint8Array(payloadByteLength);\n  const randomView = new Uint8Array(buffer.buffer, timestampByteLength, randomByteLength);\n\n  return {\n    generateAt: (ms: number): Id<Brand> => {\n      buildPayload(ms, rng, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    extractTimestamp: (id: Id<Brand>): Date => extractTimestampFromId(prefix, id),\n    minIdForTime: (ms: number): Id<Brand> => {\n      buildSentinelPayload(ms, 0x00, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    maxIdForTime: (ms: number): Id<Brand> => {\n      buildSentinelPayload(ms, 0xff, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    exampleWireId: (ms: number): Id<Brand> => {\n      buildPayload(ms, rng, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n  };\n}\n","import { validateBrand } from \"./brand.js\";\nimport { createTimestampLayoutOps } from \"./layouts/timestamp.js\";\nimport { registerBrand } from \"./registry.js\";\nimport type { Id, JsonSchema, ParseResult, Prefix, StandardSchemaProps } from \"./types.js\";\nimport { wireMethods } from \"./wire/codec-shell.js\";\n\n/**\n * Configuration options for a codec instance.\n */\nexport type TimestampOptions = {\n  /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */\n  now?: () => number;\n  /** Writes random bytes into `target` for ID generation. Defaults to a `crypto.randomUUID` fast path. */\n  rng?: (target: Uint8Array) => void;\n  /** If true, silences the duplicate-brand warning in non-production environments. */\n  allowDuplicateBrand?: boolean;\n};\n\ntype ResolvedTimestampOptions = Required<Pick<TimestampOptions, \"now\" | \"rng\">> &\n  Pick<TimestampOptions, \"allowDuplicateBrand\">;\n\n/**\n * A brand-scoped codec for generating and validating public-facing IDs.\n *\n * Wire format: `{brand}_` plus 26 lowercase Crockford base32 characters encoding a\n * 16-byte payload (6-byte ms timestamp + 10 random bytes). IDs sort by creation\n * time in ascending order.\n *\n * For encrypted IDs, use `createOpaqueTimestampId` from `@smonn/ids/opaque`.\n */\nexport type TimestampCodec<Brand extends string> = {\n  /** Produces a new canonical ID using the codec's `now` and `rng`. */\n  generate(): Id<Brand>;\n  /** Produces a new canonical ID with timestamp bytes from `date` and a fresh random tail. Throws on invalid dates. */\n  generateAt(date: Date): Id<Brand>;\n  /**\n   * Strict type guard: `true` only for already-canonical strings for this brand.\n   * For untrusted input, use `safeParse()` or `parse()` instead. See ADR-0003.\n   */\n  is(value: unknown): value is Id<Brand>;\n  /**\n   * Lenient parse: normalises case and Crockford aliases, returns canonical `Id<Brand>`, or throws.\n   */\n  parse(value: unknown): Id<Brand>;\n  /**\n   * Lenient parse without throwing: normalises to canonical form, or returns `{ ok: false, error }`.\n   */\n  safeParse(value: unknown): ParseResult<Brand>;\n  /**\n   * Decodes the creation `Date` from an `Id<Brand>`. Trusts the type — use `safeParse()` at boundaries first. See ADR-0002.\n   */\n  extractTimestamp(id: Id<Brand>): Date;\n  /** Tight lower bound for any ID generated at `date` (random portion `0x00`). Throws on invalid dates. */\n  minIdForTime(date: Date): Id<Brand>;\n  /** Tight upper bound for any ID generated at `date` (random portion `0xff`). Throws on invalid dates. */\n  maxIdForTime(date: Date): Id<Brand>;\n  /** JSON Schema for the canonical wire form (`pattern` is canonical-only). */\n  toJsonSchema(): JsonSchema;\n  /** Standard Schema validate entry point. */\n  readonly \"~standard\": StandardSchemaProps<Brand>;\n};\n\n// hex charCode → 0–15 nibble, for decoding UUIDv4 strings into bytes.\n// Covers ['0'-'9' = 48–57] and ['a'-'f' = 97–102]; UUIDs are lowercase per spec.\nconst hexCharCodeToNibble = new Uint8Array(128);\nfor (let i = 0; i < 10; i++) hexCharCodeToNibble[48 + i] = i;\nfor (let i = 0; i < 6; i++) hexCharCodeToNibble[97 + i] = 10 + i;\n\nconst defaultTimestampOptions: ResolvedTimestampOptions = {\n  now: Date.now,\n  // crypto.randomUUID is ~7× faster than crypto.getRandomValues in Node 24\n  // (~84 ns vs ~610 ns for a 16-byte fill — likely because the UUID path has\n  // a tight fixed-format fast path). We use the 122 random bits of a UUIDv4\n  // string as our entropy source, harvesting 10 fully-random bytes from\n  // positions where no version (hex 12) or variant (hex 16) bits sit.\n  // String layout: \"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx\" — bytes 0–5 are\n  // string[0..7]+string[9..12], bytes 6–9 are string[24..31].\n  rng: (target) => {\n    const s = crypto.randomUUID();\n    target[0] =\n      (hexCharCodeToNibble[s.charCodeAt(0)]! << 4) | hexCharCodeToNibble[s.charCodeAt(1)]!;\n    target[1] =\n      (hexCharCodeToNibble[s.charCodeAt(2)]! << 4) | hexCharCodeToNibble[s.charCodeAt(3)]!;\n    target[2] =\n      (hexCharCodeToNibble[s.charCodeAt(4)]! << 4) | hexCharCodeToNibble[s.charCodeAt(5)]!;\n    target[3] =\n      (hexCharCodeToNibble[s.charCodeAt(6)]! << 4) | hexCharCodeToNibble[s.charCodeAt(7)]!;\n    target[4] =\n      (hexCharCodeToNibble[s.charCodeAt(9)]! << 4) | hexCharCodeToNibble[s.charCodeAt(10)]!;\n    target[5] =\n      (hexCharCodeToNibble[s.charCodeAt(11)]! << 4) | hexCharCodeToNibble[s.charCodeAt(12)]!;\n    target[6] =\n      (hexCharCodeToNibble[s.charCodeAt(24)]! << 4) | hexCharCodeToNibble[s.charCodeAt(25)]!;\n    target[7] =\n      (hexCharCodeToNibble[s.charCodeAt(26)]! << 4) | hexCharCodeToNibble[s.charCodeAt(27)]!;\n    target[8] =\n      (hexCharCodeToNibble[s.charCodeAt(28)]! << 4) | hexCharCodeToNibble[s.charCodeAt(29)]!;\n    target[9] =\n      (hexCharCodeToNibble[s.charCodeAt(30)]! << 4) | hexCharCodeToNibble[s.charCodeAt(31)]!;\n  },\n};\n\n/**\n * Creates a codec for `brand` (three lowercase a–z characters).\n *\n * @param brand - Entity type brand validated once at construction.\n * @param opts - Optional `now`, `rng`, and `allowDuplicateBrand` overrides.\n */\nexport function createTimestampId<Brand extends string>(\n  brand: Brand,\n  opts: TimestampOptions = {},\n): TimestampCodec<Brand> {\n  validateBrand(brand);\n  registerBrand(brand, opts.allowDuplicateBrand);\n\n  const options = {\n    now: opts.now ?? defaultTimestampOptions.now,\n    rng: opts.rng ?? defaultTimestampOptions.rng,\n  } satisfies ResolvedTimestampOptions;\n\n  const prefix: Prefix<Brand> = `${brand}_`;\n  const wire = wireMethods(prefix);\n  const layout = createTimestampLayoutOps(prefix, options.rng);\n\n  return {\n    generate: () => layout.generateAt(options.now()),\n    generateAt: (date: Date) => layout.generateAt(date.getTime()),\n    is: wire.is,\n    parse: wire.parse,\n    safeParse: wire.safeParse,\n    extractTimestamp: layout.extractTimestamp,\n    minIdForTime: (date: Date) => layout.minIdForTime(date.getTime()),\n    maxIdForTime: (date: Date) => layout.maxIdForTime(date.getTime()),\n    toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId(options.now())),\n    \"~standard\": wire[\"~standard\"],\n  };\n}\n"],"mappings":";;;AASA,MAAM,mBAAA;;AAGN,SAAS,aACP,IACA,KACA,QACA,YACM;CACN,eAAe,IAAI,MAAM;CACzB,IAAI,UAAU;AAChB;;AAGA,SAAS,qBACP,IACA,MACA,QACA,YACM;CACN,eAAe,IAAI,MAAM;CACzB,WAAW,KAAK,IAAI;AACtB;;AAGA,SAAS,uBAA6C,QAAuB,IAAqB;CAChG,OAAO,IAAI,KAAK,gCAAgC,GAAG,MAAM,OAAO,MAAM,CAAC,CAAC;AAC1E;;AAGA,SAAgB,yBACd,QACA,KACA;CAMA,MAAM,SAAS,IAAI,WAAA,EAA4B;CAC/C,MAAM,aAAa,IAAI,WAAW,OAAO,QAAA,GAA6B,gBAAgB;CAEtF,OAAO;EACL,aAAa,OAA0B;GACrC,aAAa,IAAI,KAAK,QAAQ,UAAU;GACxC,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,mBAAmB,OAAwB,uBAAuB,QAAQ,EAAE;EAC5E,eAAe,OAA0B;GACvC,qBAAqB,IAAI,GAAM,QAAQ,UAAU;GACjD,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,eAAe,OAA0B;GACvC,qBAAqB,IAAI,KAAM,QAAQ,UAAU;GACjD,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,gBAAgB,OAA0B;GACxC,aAAa,IAAI,KAAK,QAAQ,UAAU;GACxC,OAAO,SAAS,QAAQ,MAAM;EAChC;CACF;AACF;;;ACNA,MAAM,sBAAsB,IAAI,WAAW,GAAG;AAC9C,KAAK,IAAI,IAAI,GAAG,IAAI,IAAI,KAAK,oBAAoB,KAAK,KAAK;AAC3D,KAAK,IAAI,IAAI,GAAG,IAAI,GAAG,KAAK,oBAAoB,KAAK,KAAK,KAAK;AAE/D,MAAM,0BAAoD;CACxD,KAAK,KAAK;CAQV,MAAM,WAAW;EACf,MAAM,IAAI,OAAO,WAAW;EAC5B,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACpF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;CACvF;AACF;;;;;;;AAQA,SAAgB,kBACd,OACA,OAAyB,CAAC,GACH;CACvB,cAAc,KAAK;CACnB,cAAc,OAAO,KAAK,mBAAmB;CAE7C,MAAM,UAAU;EACd,KAAK,KAAK,OAAO,wBAAwB;EACzC,KAAK,KAAK,OAAO,wBAAwB;CAC3C;CAEA,MAAM,SAAwB,GAAG,MAAM;CACvC,MAAM,OAAO,YAAY,MAAM;CAC/B,MAAM,SAAS,yBAAyB,QAAQ,QAAQ,GAAG;CAE3D,OAAO;EACL,gBAAgB,OAAO,WAAW,QAAQ,IAAI,CAAC;EAC/C,aAAa,SAAe,OAAO,WAAW,KAAK,QAAQ,CAAC;EAC5D,IAAI,KAAK;EACT,OAAO,KAAK;EACZ,WAAW,KAAK;EAChB,kBAAkB,OAAO;EACzB,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,oBAAoB,KAAK,aAAa,OAAO,OAAO,cAAc,QAAQ,IAAI,CAAC,CAAC;EAChF,aAAa,KAAK;CACpB;AACF"}
+{"version":3,"file":"timestamp-BbZL8hwg.mjs","names":[],"sources":["../src/layouts/timestamp.ts","../src/timestamp.ts"],"sourcesContent":["import type { Id, Prefix } from \"../types.js\";\nimport { toWireId } from \"../wire/envelope.js\";\nimport { payloadByteLength } from \"../wire/invariants.js\";\nimport {\n  readTimestampMsFromBase32Suffix,\n  timestampByteLength,\n  writeTimestamp,\n} from \"../wire/timestamp-bytes.js\";\n\nconst randomByteLength: number = payloadByteLength - timestampByteLength;\n\n/** Writes a 16-byte timestamp-layout payload into codec-owned scratch. */\nfunction buildPayload(\n  ms: number,\n  rng: (target: Uint8Array) => void,\n  buffer: Uint8Array,\n  randomView: Uint8Array,\n): void {\n  writeTimestamp(ms, buffer);\n  rng(randomView);\n}\n\n/** Writes sentinel min/max random bytes into codec-owned scratch. */\nfunction buildSentinelPayload(\n  ms: number,\n  fill: number,\n  buffer: Uint8Array,\n  randomView: Uint8Array,\n): void {\n  writeTimestamp(ms, buffer);\n  randomView.fill(fill);\n}\n\n/** Decodes the creation timestamp from a trusted wire ID. */\nfunction extractTimestampFromId<Brand extends string>(prefix: Prefix<Brand>, id: Id<Brand>): Date {\n  return new Date(readTimestampMsFromBase32Suffix(id.slice(prefix.length)));\n}\n\n/** Layout ops binder for the Timestamp variant. `extractTimestampFromId` is module-private; the binder exposes `extractTimestamp` for the codec constructor. */\nexport function createTimestampLayoutOps<Brand extends string>(\n  prefix: Prefix<Brand>,\n  rng: (target: Uint8Array) => void,\n) {\n  // Per-codec scratch buffer. Shared across generateAt(), minIdForTime(),\n  // maxIdForTime(), and exampleWireId() — all are synchronous and overwrite both\n  // the timestamp and random slices before encoding, so successive callers see\n  // their own freshly-written bytes. toWireId reads the buffer and returns an\n  // independent string, so the caller never sees the buffer itself.\n  const buffer = new Uint8Array(payloadByteLength);\n  const randomView = new Uint8Array(buffer.buffer, timestampByteLength, randomByteLength);\n\n  return {\n    generateAt: (ms: number): Id<Brand> => {\n      buildPayload(ms, rng, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    extractTimestamp: (id: Id<Brand>): Date => extractTimestampFromId(prefix, id),\n    minIdForTime: (ms: number): Id<Brand> => {\n      buildSentinelPayload(ms, 0x00, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    maxIdForTime: (ms: number): Id<Brand> => {\n      buildSentinelPayload(ms, 0xff, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    exampleWireId: (ms: number): Id<Brand> => {\n      buildPayload(ms, rng, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n  };\n}\n","import { validateBrand } from \"./brand.js\";\nimport { createTimestampLayoutOps } from \"./layouts/timestamp.js\";\nimport { registerBrand } from \"./registry.js\";\nimport type { Id, JsonSchema, ParseResult, Prefix, StandardSchemaProps } from \"./types.js\";\nimport { wireMethods } from \"./wire/codec-shell.js\";\n\n/**\n * Configuration options for a codec instance.\n */\nexport type TimestampOptions = {\n  /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */\n  now?: () => number;\n  /** Writes random bytes into `target` for ID generation. Defaults to a `crypto.randomUUID` fast path. */\n  rng?: (target: Uint8Array) => void;\n  /** If true, silences the duplicate-brand warning in non-production environments. */\n  allowDuplicateBrand?: boolean;\n};\n\ntype ResolvedTimestampOptions = Required<Pick<TimestampOptions, \"now\" | \"rng\">> &\n  Pick<TimestampOptions, \"allowDuplicateBrand\">;\n\n/**\n * A brand-scoped codec for generating and validating public-facing IDs.\n *\n * Wire format: `{brand}_` plus 26 lowercase Crockford base32 characters encoding a\n * 16-byte payload (6-byte ms timestamp + 10 random bytes). IDs sort by creation\n * time in ascending order.\n *\n * For encrypted IDs, use `createOpaqueTimestampId` from `@smonn/ids/opaque`.\n */\nexport type TimestampCodec<Brand extends string> = {\n  /** Produces a new canonical ID using the codec's `now` and `rng`. */\n  generate(): Id<Brand>;\n  /** Produces a new canonical ID with timestamp bytes from `date` and a fresh random tail. Throws on invalid dates. */\n  generateAt(date: Date): Id<Brand>;\n  /**\n   * Strict type guard: `true` only for already-canonical strings for this brand.\n   * For untrusted input, use `safeParse()` or `parse()` instead. See ADR-0003.\n   */\n  is(value: unknown): value is Id<Brand>;\n  /**\n   * Lenient parse: normalises case and Crockford aliases, returns canonical `Id<Brand>`, or throws.\n   */\n  parse(value: unknown): Id<Brand>;\n  /**\n   * Lenient parse without throwing: normalises to canonical form, or returns `{ ok: false, error }`.\n   */\n  safeParse(value: unknown): ParseResult<Brand>;\n  /**\n   * Decodes the creation `Date` from an `Id<Brand>`. Trusts the type — use `safeParse()` at boundaries first. See ADR-0002.\n   */\n  extractTimestamp(id: Id<Brand>): Date;\n  /** Tight lower bound for any ID generated at `date` (random portion `0x00`). Throws on invalid dates. */\n  minIdForTime(date: Date): Id<Brand>;\n  /** Tight upper bound for any ID generated at `date` (random portion `0xff`). Throws on invalid dates. */\n  maxIdForTime(date: Date): Id<Brand>;\n  /** JSON Schema for the canonical wire form (`pattern` is canonical-only). */\n  toJsonSchema(): JsonSchema;\n  /** Standard Schema validate entry point. */\n  readonly \"~standard\": StandardSchemaProps<Brand>;\n};\n\n// hex charCode → 0–15 nibble, for decoding UUIDv4 strings into bytes.\n// Covers ['0'-'9' = 48–57] and ['a'-'f' = 97–102]; UUIDs are lowercase per spec.\nconst hexCharCodeToNibble = new Uint8Array(128);\nfor (let i = 0; i < 10; i++) hexCharCodeToNibble[48 + i] = i;\nfor (let i = 0; i < 6; i++) hexCharCodeToNibble[97 + i] = 10 + i;\n\nconst defaultTimestampOptions: ResolvedTimestampOptions = {\n  now: Date.now,\n  // crypto.randomUUID is ~7× faster than crypto.getRandomValues in Node 24\n  // (~84 ns vs ~610 ns for a 16-byte fill — likely because the UUID path has\n  // a tight fixed-format fast path). We use the 122 random bits of a UUIDv4\n  // string as our entropy source, harvesting 10 fully-random bytes from\n  // positions where no version (hex 12) or variant (hex 16) bits sit.\n  // String layout: \"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx\" — bytes 0–5 are\n  // string[0..7]+string[9..12], bytes 6–9 are string[24..31].\n  rng: (target) => {\n    const s = crypto.randomUUID();\n    target[0] =\n      (hexCharCodeToNibble[s.charCodeAt(0)]! << 4) | hexCharCodeToNibble[s.charCodeAt(1)]!;\n    target[1] =\n      (hexCharCodeToNibble[s.charCodeAt(2)]! << 4) | hexCharCodeToNibble[s.charCodeAt(3)]!;\n    target[2] =\n      (hexCharCodeToNibble[s.charCodeAt(4)]! << 4) | hexCharCodeToNibble[s.charCodeAt(5)]!;\n    target[3] =\n      (hexCharCodeToNibble[s.charCodeAt(6)]! << 4) | hexCharCodeToNibble[s.charCodeAt(7)]!;\n    target[4] =\n      (hexCharCodeToNibble[s.charCodeAt(9)]! << 4) | hexCharCodeToNibble[s.charCodeAt(10)]!;\n    target[5] =\n      (hexCharCodeToNibble[s.charCodeAt(11)]! << 4) | hexCharCodeToNibble[s.charCodeAt(12)]!;\n    target[6] =\n      (hexCharCodeToNibble[s.charCodeAt(24)]! << 4) | hexCharCodeToNibble[s.charCodeAt(25)]!;\n    target[7] =\n      (hexCharCodeToNibble[s.charCodeAt(26)]! << 4) | hexCharCodeToNibble[s.charCodeAt(27)]!;\n    target[8] =\n      (hexCharCodeToNibble[s.charCodeAt(28)]! << 4) | hexCharCodeToNibble[s.charCodeAt(29)]!;\n    target[9] =\n      (hexCharCodeToNibble[s.charCodeAt(30)]! << 4) | hexCharCodeToNibble[s.charCodeAt(31)]!;\n  },\n};\n\n/**\n * Creates a codec for `brand` (three lowercase a–z characters).\n *\n * @param brand - Entity type brand validated once at construction.\n * @param opts - Optional `now`, `rng`, and `allowDuplicateBrand` overrides.\n */\nexport function createTimestampId<Brand extends string>(\n  brand: Brand,\n  opts: TimestampOptions = {},\n): TimestampCodec<Brand> {\n  validateBrand(brand);\n  registerBrand(brand, opts.allowDuplicateBrand);\n\n  const options = {\n    now: opts.now ?? defaultTimestampOptions.now,\n    rng: opts.rng ?? defaultTimestampOptions.rng,\n  } satisfies ResolvedTimestampOptions;\n\n  const prefix: Prefix<Brand> = `${brand}_`;\n  const wire = wireMethods(prefix);\n  const layout = createTimestampLayoutOps(prefix, options.rng);\n\n  return {\n    generate: () => layout.generateAt(options.now()),\n    generateAt: (date: Date) => layout.generateAt(date.getTime()),\n    is: wire.is,\n    parse: wire.parse,\n    safeParse: wire.safeParse,\n    extractTimestamp: layout.extractTimestamp,\n    minIdForTime: (date: Date) => layout.minIdForTime(date.getTime()),\n    maxIdForTime: (date: Date) => layout.maxIdForTime(date.getTime()),\n    toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId(options.now())),\n    \"~standard\": wire[\"~standard\"],\n  };\n}\n"],"mappings":";;;AASA,MAAM,mBAAA;;AAGN,SAAS,aACP,IACA,KACA,QACA,YACM;CACN,eAAe,IAAI,MAAM;CACzB,IAAI,UAAU;AAChB;;AAGA,SAAS,qBACP,IACA,MACA,QACA,YACM;CACN,eAAe,IAAI,MAAM;CACzB,WAAW,KAAK,IAAI;AACtB;;AAGA,SAAS,uBAA6C,QAAuB,IAAqB;CAChG,OAAO,IAAI,KAAK,gCAAgC,GAAG,MAAM,OAAO,MAAM,CAAC,CAAC;AAC1E;;AAGA,SAAgB,yBACd,QACA,KACA;CAMA,MAAM,yBAAS,IAAI,WAAA,EAA4B;CAC/C,MAAM,aAAa,IAAI,WAAW,OAAO,QAAA,GAA6B,gBAAgB;CAEtF,OAAO;EACL,aAAa,OAA0B;GACrC,aAAa,IAAI,KAAK,QAAQ,UAAU;GACxC,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,mBAAmB,OAAwB,uBAAuB,QAAQ,EAAE;EAC5E,eAAe,OAA0B;GACvC,qBAAqB,IAAI,GAAM,QAAQ,UAAU;GACjD,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,eAAe,OAA0B;GACvC,qBAAqB,IAAI,KAAM,QAAQ,UAAU;GACjD,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,gBAAgB,OAA0B;GACxC,aAAa,IAAI,KAAK,QAAQ,UAAU;GACxC,OAAO,SAAS,QAAQ,MAAM;EAChC;CACF;AACF;;;ACNA,MAAM,sCAAsB,IAAI,WAAW,GAAG;AAC9C,KAAK,IAAI,IAAI,GAAG,IAAI,IAAI,KAAK,oBAAoB,KAAK,KAAK;AAC3D,KAAK,IAAI,IAAI,GAAG,IAAI,GAAG,KAAK,oBAAoB,KAAK,KAAK,KAAK;AAE/D,MAAM,0BAAoD;CACxD,KAAK,KAAK;CAQV,MAAM,WAAW;EACf,MAAM,IAAI,OAAO,WAAW;EAC5B,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACpF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;CACvF;AACF;;;;;;;AAQA,SAAgB,kBACd,OACA,OAAyB,CAAC,GACH;CACvB,cAAc,KAAK;CACnB,cAAc,OAAO,KAAK,mBAAmB;CAE7C,MAAM,UAAU;EACd,KAAK,KAAK,OAAO,wBAAwB;EACzC,KAAK,KAAK,OAAO,wBAAwB;CAC3C;CAEA,MAAM,SAAwB,GAAG,MAAM;CACvC,MAAM,OAAO,YAAY,MAAM;CAC/B,MAAM,SAAS,yBAAyB,QAAQ,QAAQ,GAAG;CAE3D,OAAO;EACL,gBAAgB,OAAO,WAAW,QAAQ,IAAI,CAAC;EAC/C,aAAa,SAAe,OAAO,WAAW,KAAK,QAAQ,CAAC;EAC5D,IAAI,KAAK;EACT,OAAO,KAAK;EACZ,WAAW,KAAK;EAChB,kBAAkB,OAAO;EACzB,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,oBAAoB,KAAK,aAAa,OAAO,OAAO,cAAc,QAAQ,IAAI,CAAC,CAAC;EAChF,aAAa,KAAK;CACpB;AACF"}

package/dist/{timestamp-bytes-BBY7JI33.mjs → timestamp-bytes-DoFjLjDp.mjs}

@@ -1,8 +1,9 @@
-import { o as decodeBase32 } from "./codec-shell-DH-UO4UR.mjs";
+import { o as decodeBase32 } from "./codec-shell-CW2sD6BU.mjs";
 const timestampBase32Length = Math.ceil(48 / 5);
 /** Write the timestamp in big-endian; encoded via mod-256 to avoid 32-bit bitwise coercion. */
 function writeTimestamp(ms, buffer) {
 	if (Number.isNaN(ms)) throw new Error("timestamp is not a number");
+	if (!Number.isInteger(ms)) throw new Error("timestamp is not an integer");
 	if (ms < 0) throw new Error("timestamp is negative");
 	if (ms >= 2 ** 48) throw new Error("timestamp exceeds 48-bit range");
 	for (let i = 5; i >= 0; i--) {
@@ -23,4 +24,4 @@ function readTimestampMsFromBase32Suffix(base32Suffix) {
 //#endregion
 export { readTimestampMsFromBase32Suffix as n, writeTimestamp as r, readTimestampMs as t };
 
-//# sourceMappingURL=timestamp-bytes-BBY7JI33.mjs.map
+//# sourceMappingURL=timestamp-bytes-DoFjLjDp.mjs.map

package/dist/timestamp-bytes-DoFjLjDp.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"timestamp-bytes-DoFjLjDp.mjs","names":[],"sources":["../src/wire/timestamp-bytes.ts"],"sourcesContent":["import { decodeBase32 } from \"../base32.js\";\n\n// Timestamp byte layout: first N bytes of the plaintext payload encode a\n// big-endian Unix-ms timestamp. Shared by timestamp-family layouts.\nexport const timestampByteLength: number = 6;\n\nconst timestampBase32Length: number = Math.ceil((timestampByteLength * 8) / 5);\n\n/** Write the timestamp in big-endian; encoded via mod-256 to avoid 32-bit bitwise coercion. */\nexport function writeTimestamp(ms: number, buffer: Uint8Array): void {\n  if (Number.isNaN(ms)) throw new Error(\"timestamp is not a number\");\n  if (!Number.isInteger(ms)) throw new Error(\"timestamp is not an integer\");\n  if (ms < 0) throw new Error(\"timestamp is negative\");\n  if (ms >= 2 ** (timestampByteLength * 8)) {\n    throw new Error(\"timestamp exceeds 48-bit range\");\n  }\n  for (let i = timestampByteLength - 1; i >= 0; i--) {\n    buffer[i] = ms % 256;\n    ms = Math.floor(ms / 256);\n  }\n}\n\n/** Decode the first `timestampByteLength` bytes of a buffer as a big-endian unsigned millisecond timestamp. */\nexport function readTimestampMs(buffer: Uint8Array): number {\n  let ms = 0;\n  for (let i = 0; i < timestampByteLength; i++) ms = ms * 256 + buffer[i]!;\n  return ms;\n}\n\n/** Decodes ms from the first 10 base32 chars of a payload suffix (partial decode). */\nexport function readTimestampMsFromBase32Suffix(base32Suffix: string): number {\n  return readTimestampMs(decodeBase32(base32Suffix.slice(0, timestampBase32Length)));\n}\n"],"mappings":";AAMA,MAAM,wBAAgC,KAAK,KAAA,KAAiC,CAAC;;AAG7E,SAAgB,eAAe,IAAY,QAA0B;CACnE,IAAI,OAAO,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,2BAA2B;CACjE,IAAI,CAAC,OAAO,UAAU,EAAE,GAAG,MAAM,IAAI,MAAM,6BAA6B;CACxE,IAAI,KAAK,GAAG,MAAM,IAAI,MAAM,uBAAuB;CACnD,IAAI,MAAM,KAAA,IACR,MAAM,IAAI,MAAM,gCAAgC;CAElD,KAAK,IAAI,IAAA,GAA6B,KAAK,GAAG,KAAK;EACjD,OAAO,KAAK,KAAK;EACjB,KAAK,KAAK,MAAM,KAAK,GAAG;CAC1B;AACF;;AAGA,SAAgB,gBAAgB,QAA4B;CAC1D,IAAI,KAAK;CACT,KAAK,IAAI,IAAI,GAAG,IAAA,GAAyB,KAAK,KAAK,KAAK,MAAM,OAAO;CACrE,OAAO;AACT;;AAGA,SAAgB,gCAAgC,cAA8B;CAC5E,OAAO,gBAAgB,aAAa,aAAa,MAAM,GAAG,qBAAqB,CAAC,CAAC;AACnF"}