@stellaris-lab/por-sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,19 @@
1
+ export * from "./audit.js";
2
+ export * from "./backend.js";
3
+ export * from "./codec.js";
4
+ export * from "./constants.js";
5
+ export * from "./domain.js";
6
+ export * from "./encoding.js";
7
+ export * from "./errors.js";
8
+ export * from "./events.js";
9
+ export * from "./manifest.js";
10
+ export * from "./operations.js";
11
+ export * from "./persistence.js";
12
+ export * from "./pipeline.js";
13
+ export * from "./policy.js";
14
+ export * from "./prove.js";
15
+ export * from "./registry.js";
16
+ export * from "./reconciler.js";
17
+ export * from "./signals.js";
18
+ export * from "./stellar.js";
19
+ export * from "./transport.js";
package/dist/index.js ADDED
@@ -0,0 +1,19 @@
1
+ export * from "./audit.js";
2
+ export * from "./backend.js";
3
+ export * from "./codec.js";
4
+ export * from "./constants.js";
5
+ export * from "./domain.js";
6
+ export * from "./encoding.js";
7
+ export * from "./errors.js";
8
+ export * from "./events.js";
9
+ export * from "./manifest.js";
10
+ export * from "./operations.js";
11
+ export * from "./persistence.js";
12
+ export * from "./pipeline.js";
13
+ export * from "./policy.js";
14
+ export * from "./prove.js";
15
+ export * from "./registry.js";
16
+ export * from "./reconciler.js";
17
+ export * from "./signals.js";
18
+ export * from "./stellar.js";
19
+ export * from "./transport.js";
@@ -0,0 +1,22 @@
1
+ /**
2
+ * Artifact and deployment manifest.
3
+ *
4
+ * Frontends, CLIs, backend services, and tests should consume a manifest rather
5
+ * than hardcoding wasm/zkey/contract IDs throughout the app.
6
+ */
7
+ import { ContractDeployment, ProvingArtifacts, VerificationKeyDocument } from "./domain.js";
8
+ export interface StellarisManifest {
9
+ readonly schemaVersion: "stellaris.manifest.v1";
10
+ readonly circuit: {
11
+ readonly name: "proof-of-reserves";
12
+ readonly curve: "bls12381";
13
+ readonly nReserves: number;
14
+ readonly nPublicSignals: number;
15
+ readonly publicSignalOrder: readonly ["solvent", "commitment", "liabilities", "period_id"];
16
+ };
17
+ readonly artifacts: ProvingArtifacts;
18
+ readonly deployment?: ContractDeployment;
19
+ }
20
+ export declare function createManifest(input: Omit<StellarisManifest, "schemaVersion">): StellarisManifest;
21
+ export declare function validateManifest(manifest: StellarisManifest): void;
22
+ export declare function assertVerificationKeyShape(vk: VerificationKeyDocument): void;
@@ -0,0 +1,54 @@
1
+ /**
2
+ * Artifact and deployment manifest.
3
+ *
4
+ * Frontends, CLIs, backend services, and tests should consume a manifest rather
5
+ * than hardcoding wasm/zkey/contract IDs throughout the app.
6
+ */
7
+ import { StellarisError } from "./errors.js";
8
+ export function createManifest(input) {
9
+ const manifest = {
10
+ schemaVersion: "stellaris.manifest.v1",
11
+ ...input,
12
+ };
13
+ validateManifest(manifest);
14
+ return manifest;
15
+ }
16
+ export function validateManifest(manifest) {
17
+ if (manifest.schemaVersion !== "stellaris.manifest.v1") {
18
+ throw StellarisError.configuration("unsupported manifest schema", { schemaVersion: manifest.schemaVersion });
19
+ }
20
+ if (manifest.circuit.curve !== "bls12381") {
21
+ throw StellarisError.configuration("Stellaris circuit must use BLS12-381", { curve: manifest.circuit.curve });
22
+ }
23
+ if (manifest.circuit.nPublicSignals !== 4) {
24
+ throw StellarisError.configuration("Stellaris circuit must expose exactly 4 public signals");
25
+ }
26
+ const expected = ["solvent", "commitment", "liabilities", "period_id"];
27
+ for (let i = 0; i < expected.length; i++) {
28
+ if (manifest.circuit.publicSignalOrder[i] !== expected[i]) {
29
+ throw StellarisError.configuration("public signal order mismatch", {
30
+ expected,
31
+ actual: manifest.circuit.publicSignalOrder,
32
+ });
33
+ }
34
+ }
35
+ if (!manifest.artifacts.wasmUrl || !manifest.artifacts.zkeyUrl) {
36
+ throw StellarisError.configuration("manifest must include wasmUrl and zkeyUrl");
37
+ }
38
+ }
39
+ export function assertVerificationKeyShape(vk) {
40
+ if (vk.curve && vk.curve !== "bls12381") {
41
+ throw StellarisError.configuration("verification key curve mismatch", { curve: vk.curve });
42
+ }
43
+ if (vk.protocol && vk.protocol !== "groth16") {
44
+ throw StellarisError.configuration("verification key protocol mismatch", { protocol: vk.protocol });
45
+ }
46
+ if (vk.nPublic !== undefined && vk.nPublic !== 4) {
47
+ throw StellarisError.configuration("verification key public signal count mismatch", { nPublic: vk.nPublic });
48
+ }
49
+ if (!Array.isArray(vk.IC) || vk.IC.length !== 5) {
50
+ throw StellarisError.configuration("verification key IC length must be public signals + 1", {
51
+ icLength: Array.isArray(vk.IC) ? vk.IC.length : "missing",
52
+ });
53
+ }
54
+ }
@@ -0,0 +1,109 @@
1
+ /**
2
+ * Contract operation registry.
3
+ *
4
+ * A mature SDK keeps the contract ABI in one typed registry and derives client,
5
+ * transport, audit, and generated-binding adapters from it. This file is the
6
+ * source of truth for supported contract calls on the TypeScript side.
7
+ */
8
+ import { ContractAttestArgs } from "./codec.js";
9
+ import { Attestation, AttestationV2, AttestationV3, PublicKey, VerificationKeyDocument } from "./domain.js";
10
+ export declare const CONTRACT_OPERATIONS: {
11
+ readonly init: {
12
+ readonly mutability: "write";
13
+ readonly auth: "admin";
14
+ };
15
+ readonly attest: {
16
+ readonly mutability: "write";
17
+ readonly auth: "issuer";
18
+ };
19
+ readonly get_attestation: {
20
+ readonly mutability: "read";
21
+ readonly auth: "none";
22
+ };
23
+ readonly list_periods: {
24
+ readonly mutability: "read";
25
+ readonly auth: "none";
26
+ };
27
+ readonly get_vk: {
28
+ readonly mutability: "read";
29
+ readonly auth: "none";
30
+ };
31
+ readonly get_admin: {
32
+ readonly mutability: "read";
33
+ readonly auth: "none";
34
+ };
35
+ readonly init_v2: {
36
+ readonly mutability: "write";
37
+ readonly auth: "admin";
38
+ };
39
+ readonly attest_v2: {
40
+ readonly mutability: "write";
41
+ readonly auth: "issuer";
42
+ };
43
+ readonly get_attestation_v2: {
44
+ readonly mutability: "read";
45
+ readonly auth: "none";
46
+ };
47
+ readonly get_vk_v2: {
48
+ readonly mutability: "read";
49
+ readonly auth: "none";
50
+ };
51
+ readonly init_v3: {
52
+ readonly mutability: "write";
53
+ readonly auth: "admin";
54
+ };
55
+ readonly attest_v3: {
56
+ readonly mutability: "write";
57
+ readonly auth: "issuer";
58
+ };
59
+ readonly get_attestation_v3: {
60
+ readonly mutability: "read";
61
+ readonly auth: "none";
62
+ };
63
+ readonly get_vk_v3: {
64
+ readonly mutability: "read";
65
+ readonly auth: "none";
66
+ };
67
+ readonly set_oracle: {
68
+ readonly mutability: "write";
69
+ readonly auth: "admin";
70
+ };
71
+ readonly publish_oracle_commitment: {
72
+ readonly mutability: "write";
73
+ readonly auth: "oracle";
74
+ };
75
+ readonly get_oracle: {
76
+ readonly mutability: "read";
77
+ readonly auth: "none";
78
+ };
79
+ readonly get_oracle_commitment: {
80
+ readonly mutability: "read";
81
+ readonly auth: "none";
82
+ };
83
+ readonly set_custodian: {
84
+ readonly mutability: "write";
85
+ readonly auth: "admin";
86
+ };
87
+ readonly attest_v3_signed: {
88
+ readonly mutability: "write";
89
+ readonly auth: "issuer";
90
+ };
91
+ readonly get_custodian: {
92
+ readonly mutability: "read";
93
+ readonly auth: "none";
94
+ };
95
+ };
96
+ export type ContractOperation = keyof typeof CONTRACT_OPERATIONS;
97
+ export type OperationMutability = typeof CONTRACT_OPERATIONS[ContractOperation]["mutability"];
98
+ export type OperationAuth = typeof CONTRACT_OPERATIONS[ContractOperation]["auth"];
99
+ export interface OperationSpec<Name extends ContractOperation = ContractOperation> {
100
+ readonly name: Name;
101
+ readonly mutability: OperationMutability;
102
+ readonly auth: OperationAuth;
103
+ }
104
+ export type OperationArgs<Name extends ContractOperation> = Name extends "init" ? readonly [admin: PublicKey, verificationKey: VerificationKeyDocument] : Name extends "attest" ? readonly [issuer: PublicKey, proof: ContractAttestArgs["proof"], publicSignals: readonly string[]] : Name extends "get_attestation" ? readonly [issuer: PublicKey, periodId: string] : Name extends "list_periods" ? readonly [issuer: PublicKey] : Name extends "get_vk" ? readonly [] : Name extends "get_admin" ? readonly [] : Name extends "init_v2" ? readonly [verificationKey: VerificationKeyDocument] : Name extends "attest_v2" ? readonly [issuer: PublicKey, proof: ContractAttestArgs["proof"], publicSignals: readonly string[]] : Name extends "get_attestation_v2" ? readonly [issuer: PublicKey, periodId: string] : Name extends "get_vk_v2" ? readonly [] : Name extends "init_v3" ? readonly [verificationKey: VerificationKeyDocument] : Name extends "attest_v3" ? readonly [issuer: PublicKey, proof: ContractAttestArgs["proof"], publicSignals: readonly string[]] : Name extends "get_attestation_v3" ? readonly [issuer: PublicKey, periodId: string] : Name extends "get_vk_v3" ? readonly [] : Name extends "set_oracle" ? readonly [oracle: PublicKey] : Name extends "publish_oracle_commitment" ? readonly [periodId: string, commitment: string] : Name extends "get_oracle" ? readonly [] : Name extends "get_oracle_commitment" ? readonly [periodId: string] : Name extends "set_custodian" ? readonly [custodianPk: unknown] : Name extends "attest_v3_signed" ? readonly [issuer: PublicKey, proof: ContractAttestArgs["proof"], publicSignals: readonly string[], custodianSig: unknown] : Name extends "get_custodian" ? readonly [] : never;
105
+ export type OperationResult<Name extends ContractOperation> = Name extends "init" ? void : Name extends "attest" ? Attestation : Name extends "get_attestation" ? Attestation | null : Name extends "list_periods" ? readonly bigint[] : Name extends "get_vk" ? VerificationKeyDocument | null : Name extends "get_admin" ? PublicKey | null : Name extends "init_v2" ? void : Name extends "attest_v2" ? AttestationV2 : Name extends "get_attestation_v2" ? AttestationV2 | null : Name extends "get_vk_v2" ? VerificationKeyDocument | null : Name extends "init_v3" ? void : Name extends "attest_v3" ? AttestationV3 : Name extends "get_attestation_v3" ? AttestationV3 | null : Name extends "get_vk_v3" ? VerificationKeyDocument | null : Name extends "set_oracle" ? void : Name extends "publish_oracle_commitment" ? void : Name extends "get_oracle" ? PublicKey | null : Name extends "get_oracle_commitment" ? string | null : Name extends "set_custodian" ? void : Name extends "attest_v3_signed" ? AttestationV3 : Name extends "get_custodian" ? string | null : never;
106
+ export declare function getOperationSpec<Name extends ContractOperation>(name: Name): OperationSpec<Name>;
107
+ export declare function isReadOperation(name: ContractOperation): boolean;
108
+ export declare function assertOperationArgs(name: ContractOperation, args: readonly unknown[]): void;
109
+ export declare function expectedArgCount(name: ContractOperation): number;
@@ -0,0 +1,164 @@
1
+ /**
2
+ * Contract operation registry.
3
+ *
4
+ * A mature SDK keeps the contract ABI in one typed registry and derives client,
5
+ * transport, audit, and generated-binding adapters from it. This file is the
6
+ * source of truth for supported contract calls on the TypeScript side.
7
+ */
8
+ import { StellarisError } from "./errors.js";
9
+ export const CONTRACT_OPERATIONS = {
10
+ init: {
11
+ mutability: "write",
12
+ auth: "admin",
13
+ },
14
+ attest: {
15
+ mutability: "write",
16
+ auth: "issuer",
17
+ },
18
+ get_attestation: {
19
+ mutability: "read",
20
+ auth: "none",
21
+ },
22
+ list_periods: {
23
+ mutability: "read",
24
+ auth: "none",
25
+ },
26
+ get_vk: {
27
+ mutability: "read",
28
+ auth: "none",
29
+ },
30
+ get_admin: {
31
+ mutability: "read",
32
+ auth: "none",
33
+ },
34
+ // v2: solvency with SNARK-proven liabilities (5-signal statement).
35
+ init_v2: {
36
+ mutability: "write",
37
+ auth: "admin",
38
+ },
39
+ attest_v2: {
40
+ mutability: "write",
41
+ auth: "issuer",
42
+ },
43
+ get_attestation_v2: {
44
+ mutability: "read",
45
+ auth: "none",
46
+ },
47
+ get_vk_v2: {
48
+ mutability: "read",
49
+ auth: "none",
50
+ },
51
+ // v3: multi-asset solvency with oracle-priced aggregate (8-signal statement).
52
+ init_v3: {
53
+ mutability: "write",
54
+ auth: "admin",
55
+ },
56
+ attest_v3: {
57
+ mutability: "write",
58
+ auth: "issuer",
59
+ },
60
+ get_attestation_v3: {
61
+ mutability: "read",
62
+ auth: "none",
63
+ },
64
+ get_vk_v3: {
65
+ mutability: "read",
66
+ auth: "none",
67
+ },
68
+ // C3: designated price-oracle + per-period published commitments.
69
+ set_oracle: {
70
+ mutability: "write",
71
+ auth: "admin",
72
+ },
73
+ publish_oracle_commitment: {
74
+ mutability: "write",
75
+ auth: "oracle",
76
+ },
77
+ get_oracle: {
78
+ mutability: "read",
79
+ auth: "none",
80
+ },
81
+ get_oracle_commitment: {
82
+ mutability: "read",
83
+ auth: "none",
84
+ },
85
+ // C2: designated custodian + BLS-signed reserve attestation.
86
+ set_custodian: {
87
+ mutability: "write",
88
+ auth: "admin",
89
+ },
90
+ attest_v3_signed: {
91
+ mutability: "write",
92
+ auth: "issuer",
93
+ },
94
+ get_custodian: {
95
+ mutability: "read",
96
+ auth: "none",
97
+ },
98
+ };
99
+ export function getOperationSpec(name) {
100
+ const spec = CONTRACT_OPERATIONS[name];
101
+ return {
102
+ name,
103
+ mutability: spec.mutability,
104
+ auth: spec.auth,
105
+ };
106
+ }
107
+ export function isReadOperation(name) {
108
+ return CONTRACT_OPERATIONS[name].mutability === "read";
109
+ }
110
+ export function assertOperationArgs(name, args) {
111
+ const expected = expectedArgCount(name);
112
+ if (args.length !== expected) {
113
+ throw StellarisError.encoding(`operation ${name} expects ${expected} args, received ${args.length}`, {
114
+ operation: name,
115
+ expected,
116
+ actual: args.length,
117
+ });
118
+ }
119
+ }
120
+ export function expectedArgCount(name) {
121
+ switch (name) {
122
+ case "init":
123
+ return 2;
124
+ case "attest":
125
+ return 3;
126
+ case "get_attestation":
127
+ return 2;
128
+ case "list_periods":
129
+ return 1;
130
+ case "get_vk":
131
+ case "get_admin":
132
+ return 0;
133
+ case "init_v2":
134
+ return 1;
135
+ case "attest_v2":
136
+ return 3;
137
+ case "get_attestation_v2":
138
+ return 2;
139
+ case "get_vk_v2":
140
+ return 0;
141
+ case "init_v3":
142
+ return 1;
143
+ case "attest_v3":
144
+ return 3;
145
+ case "get_attestation_v3":
146
+ return 2;
147
+ case "get_vk_v3":
148
+ return 0;
149
+ case "set_oracle":
150
+ return 1;
151
+ case "publish_oracle_commitment":
152
+ return 2;
153
+ case "get_oracle":
154
+ return 0;
155
+ case "get_oracle_commitment":
156
+ return 1;
157
+ case "set_custodian":
158
+ return 1;
159
+ case "attest_v3_signed":
160
+ return 4;
161
+ case "get_custodian":
162
+ return 0;
163
+ }
164
+ }
@@ -0,0 +1,67 @@
1
+ /**
2
+ * Registry persistence and checkpointing.
3
+ *
4
+ * BigInt-heavy protocol state is not JSON-safe by default. This module defines a
5
+ * deterministic wire format and a file-backed checkpoint store for backend/indexer
6
+ * processes while keeping the core registry storage interface pluggable.
7
+ */
8
+ import { Attestation, ContractDeployment, PeriodId, PublicKey } from "./domain.js";
9
+ import { AttestationStore, IndexedAttestation, RegistrySnapshot } from "./registry.js";
10
+ export interface SerializedAttestation {
11
+ readonly commitment: string;
12
+ readonly liabilities: string;
13
+ readonly solvent: boolean;
14
+ readonly ledgerTs: string;
15
+ readonly periodId: string;
16
+ readonly issuer: PublicKey;
17
+ }
18
+ export interface SerializedIndexedAttestation {
19
+ readonly attestation: SerializedAttestation;
20
+ readonly deployment: ContractDeployment;
21
+ readonly indexedAt: string;
22
+ readonly source: IndexedAttestation["source"];
23
+ }
24
+ export interface RegistryCheckpoint {
25
+ readonly schemaVersion: "stellaris.registry.checkpoint.v1";
26
+ readonly deployment: ContractDeployment;
27
+ readonly writtenAt: string;
28
+ readonly records: readonly SerializedIndexedAttestation[];
29
+ }
30
+ export interface CheckpointCodec {
31
+ encode(snapshot: RegistrySnapshot): RegistryCheckpoint;
32
+ decode(checkpoint: RegistryCheckpoint): readonly IndexedAttestation[];
33
+ }
34
+ export declare class JsonCheckpointCodec implements CheckpointCodec {
35
+ encode(snapshot: RegistrySnapshot): RegistryCheckpoint;
36
+ decode(checkpoint: RegistryCheckpoint): readonly IndexedAttestation[];
37
+ }
38
+ export declare class CheckpointBackedAttestationStore implements AttestationStore {
39
+ private readonly inner;
40
+ constructor(records?: readonly IndexedAttestation[]);
41
+ put(record: IndexedAttestation): void;
42
+ get(issuer: PublicKey, periodId: PeriodId): IndexedAttestation | null;
43
+ list(issuer: PublicKey): readonly IndexedAttestation[];
44
+ clear(issuer?: PublicKey): void;
45
+ exportRecords(issuer: PublicKey): readonly IndexedAttestation[];
46
+ }
47
+ export interface FileCheckpointOptions {
48
+ readonly path: string;
49
+ readonly codec?: CheckpointCodec;
50
+ }
51
+ export declare class FileCheckpointRepository {
52
+ private readonly path;
53
+ private readonly codec;
54
+ constructor(options: FileCheckpointOptions);
55
+ load(): Promise<readonly IndexedAttestation[]>;
56
+ save(snapshot: RegistrySnapshot): Promise<void>;
57
+ saveRecords(deployment: ContractDeployment, records: readonly IndexedAttestation[]): Promise<void>;
58
+ createStore(): Promise<CheckpointBackedAttestationStore>;
59
+ private saveCheckpoint;
60
+ }
61
+ export declare function serializeIndexedAttestation(record: IndexedAttestation): SerializedIndexedAttestation;
62
+ export declare function deserializeIndexedAttestation(record: SerializedIndexedAttestation): IndexedAttestation;
63
+ export declare function serializeAttestation(attestation: Attestation): SerializedAttestation;
64
+ export declare function deserializeAttestation(attestation: SerializedAttestation): Attestation;
65
+ export declare function checkpointFromRecords(deployment: ContractDeployment, records: readonly IndexedAttestation[]): RegistryCheckpoint;
66
+ export declare function recordsFromCheckpoint(checkpoint: RegistryCheckpoint): readonly IndexedAttestation[];
67
+ export declare function indexReceiptLikeAttestation(attestation: Attestation, deployment: ContractDeployment): IndexedAttestation;
@@ -0,0 +1,154 @@
1
+ /**
2
+ * Registry persistence and checkpointing.
3
+ *
4
+ * BigInt-heavy protocol state is not JSON-safe by default. This module defines a
5
+ * deterministic wire format and a file-backed checkpoint store for backend/indexer
6
+ * processes while keeping the core registry storage interface pluggable.
7
+ */
8
+ import { StellarisError } from "./errors.js";
9
+ import { InMemoryAttestationStore, indexAttestation, } from "./registry.js";
10
+ export class JsonCheckpointCodec {
11
+ encode(snapshot) {
12
+ return {
13
+ schemaVersion: "stellaris.registry.checkpoint.v1",
14
+ deployment: snapshot.deployment,
15
+ writtenAt: new Date().toISOString(),
16
+ records: snapshot.attestations.map(serializeIndexedAttestation),
17
+ };
18
+ }
19
+ decode(checkpoint) {
20
+ assertCheckpointShape(checkpoint);
21
+ return checkpoint.records.map(deserializeIndexedAttestation);
22
+ }
23
+ }
24
+ export class CheckpointBackedAttestationStore {
25
+ inner;
26
+ constructor(records = []) {
27
+ this.inner = new InMemoryAttestationStore();
28
+ for (const record of records) {
29
+ this.inner.put(record);
30
+ }
31
+ }
32
+ put(record) {
33
+ this.inner.put(record);
34
+ }
35
+ get(issuer, periodId) {
36
+ return this.inner.get(issuer, periodId);
37
+ }
38
+ list(issuer) {
39
+ return this.inner.list(issuer);
40
+ }
41
+ clear(issuer) {
42
+ this.inner.clear(issuer);
43
+ }
44
+ exportRecords(issuer) {
45
+ return this.inner.list(issuer);
46
+ }
47
+ }
48
+ export class FileCheckpointRepository {
49
+ path;
50
+ codec;
51
+ constructor(options) {
52
+ this.path = options.path;
53
+ this.codec = options.codec ?? new JsonCheckpointCodec();
54
+ }
55
+ async load() {
56
+ const fs = await import("node:fs/promises");
57
+ try {
58
+ const raw = await fs.readFile(this.path, "utf8");
59
+ const parsed = JSON.parse(raw);
60
+ return this.codec.decode(parsed);
61
+ }
62
+ catch (cause) {
63
+ if (isNodeNotFound(cause)) {
64
+ return [];
65
+ }
66
+ throw StellarisError.configuration("failed to load registry checkpoint", {
67
+ cause,
68
+ context: { path: this.path },
69
+ });
70
+ }
71
+ }
72
+ async save(snapshot) {
73
+ await this.saveCheckpoint(this.codec.encode(snapshot));
74
+ }
75
+ async saveRecords(deployment, records) {
76
+ await this.saveCheckpoint(checkpointFromRecords(deployment, records));
77
+ }
78
+ async createStore() {
79
+ return new CheckpointBackedAttestationStore(await this.load());
80
+ }
81
+ async saveCheckpoint(checkpoint) {
82
+ const fs = await import("node:fs/promises");
83
+ const body = `${JSON.stringify(checkpoint, null, 2)}\n`;
84
+ await fs.mkdir(parentDir(this.path), { recursive: true });
85
+ await fs.writeFile(this.path, body, "utf8");
86
+ }
87
+ }
88
+ export function serializeIndexedAttestation(record) {
89
+ return {
90
+ attestation: serializeAttestation(record.attestation),
91
+ deployment: record.deployment,
92
+ indexedAt: record.indexedAt,
93
+ source: record.source,
94
+ };
95
+ }
96
+ export function deserializeIndexedAttestation(record) {
97
+ return {
98
+ attestation: deserializeAttestation(record.attestation),
99
+ deployment: record.deployment,
100
+ indexedAt: record.indexedAt,
101
+ source: record.source,
102
+ };
103
+ }
104
+ export function serializeAttestation(attestation) {
105
+ return {
106
+ commitment: attestation.commitment,
107
+ liabilities: attestation.liabilities.toString(),
108
+ solvent: attestation.solvent,
109
+ ledgerTs: attestation.ledgerTs.toString(),
110
+ periodId: attestation.periodId.toString(),
111
+ issuer: attestation.issuer,
112
+ };
113
+ }
114
+ export function deserializeAttestation(attestation) {
115
+ return {
116
+ commitment: attestation.commitment,
117
+ liabilities: BigInt(attestation.liabilities),
118
+ solvent: attestation.solvent,
119
+ ledgerTs: BigInt(attestation.ledgerTs),
120
+ periodId: BigInt(attestation.periodId),
121
+ issuer: attestation.issuer,
122
+ };
123
+ }
124
+ export function checkpointFromRecords(deployment, records) {
125
+ return {
126
+ schemaVersion: "stellaris.registry.checkpoint.v1",
127
+ deployment,
128
+ writtenAt: new Date().toISOString(),
129
+ records: records.map(serializeIndexedAttestation),
130
+ };
131
+ }
132
+ export function recordsFromCheckpoint(checkpoint) {
133
+ return new JsonCheckpointCodec().decode(checkpoint);
134
+ }
135
+ export function indexReceiptLikeAttestation(attestation, deployment) {
136
+ return indexAttestation(attestation, deployment, "receipt");
137
+ }
138
+ function assertCheckpointShape(checkpoint) {
139
+ if (checkpoint.schemaVersion !== "stellaris.registry.checkpoint.v1") {
140
+ throw StellarisError.configuration("unsupported registry checkpoint schema", {
141
+ schemaVersion: checkpoint.schemaVersion,
142
+ });
143
+ }
144
+ if (!Array.isArray(checkpoint.records)) {
145
+ throw StellarisError.configuration("registry checkpoint records must be an array");
146
+ }
147
+ }
148
+ function isNodeNotFound(cause) {
149
+ return typeof cause === "object" && cause !== null && "code" in cause && cause.code === "ENOENT";
150
+ }
151
+ function parentDir(path) {
152
+ const index = path.lastIndexOf("/");
153
+ return index <= 0 ? "." : path.slice(0, index);
154
+ }
@@ -0,0 +1,37 @@
1
+ /**
2
+ * End-to-end attestation pipeline.
3
+ *
4
+ * This is the orchestration layer an exchange/backend service would use: it
5
+ * normalizes a snapshot, evaluates issuer policy, generates a local proof,
6
+ * optionally verifies it locally, and submits the attestation on-chain.
7
+ */
8
+ import { StellarisClient } from "./stellar.js";
9
+ import { AuditSink, AttestationAuditLog } from "./audit.js";
10
+ import { AttestationReceipt, ProofBundle, ProvingArtifacts, ReserveSnapshot } from "./domain.js";
11
+ import { PolicyReport, SnapshotPolicy } from "./policy.js";
12
+ import { TransactionSigner } from "./transport.js";
13
+ export interface AttestationPipelineOptions {
14
+ readonly client: StellarisClient;
15
+ readonly artifacts: ProvingArtifacts;
16
+ readonly signer: TransactionSigner;
17
+ readonly policy?: SnapshotPolicy;
18
+ readonly auditSink?: AuditSink;
19
+ readonly requireLocalVerification?: boolean;
20
+ }
21
+ export interface AttestationPipelineResult {
22
+ readonly proof: ProofBundle;
23
+ readonly policyReport: PolicyReport;
24
+ readonly receipt: AttestationReceipt;
25
+ readonly auditLog: AttestationAuditLog;
26
+ }
27
+ export declare class AttestationPipeline {
28
+ private readonly client;
29
+ private readonly artifacts;
30
+ private readonly signer;
31
+ private readonly policy?;
32
+ private readonly auditSink;
33
+ private readonly requireLocalVerification;
34
+ constructor(options: AttestationPipelineOptions);
35
+ run(snapshot: ReserveSnapshot): Promise<AttestationPipelineResult>;
36
+ }
37
+ export declare function createAttestationPipeline(options: AttestationPipelineOptions): AttestationPipeline;