npm - @svta/cml-c2pa - Versions diffs - 1.0.0 - Mend

@svta/cml-c2pa 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,2043 @@
+import { decode } from "cbor-x/decode";
+import { encode } from "cbor-x/encode";
+import { findIsoBox, readEmsg, readIsoBoxes } from "@svta/cml-iso-bmff";
+//#region src/LiveVideoStatusCode.ts
+/**
+* Standard C2PA failure status codes for live video validation,
+* as defined in the C2PA specification section 19.7.
+*
+* @see {@link https://c2pa.org/specifications/specifications/2.3/specs/C2PA_Specification.html#_live_video_validation_process | C2PA Spec §19.7}
+*
+* @enum
+*
+* @public
+*/
+const LiveVideoStatusCode = {
+	INIT_INVALID: "livevideo.init.invalid",
+	MANIFEST_INVALID: "livevideo.manifest.invalid",
+	SEGMENT_INVALID: "livevideo.segment.invalid",
+	ASSERTION_INVALID: "livevideo.assertion.invalid",
+	CONTINUITY_METHOD_INVALID: "livevideo.continuityMethod.invalid",
+	SESSIONKEY_INVALID: "livevideo.sessionkey.invalid"
+};
+//#endregion
+//#region src/cose/decodeCoseSign1.ts
+const COSE_SIGN1_TAG_SINGLE_BYTE = 210;
+const COSE_SIGN1_TAG_TWO_BYTE_FIRST = 216;
+const COSE_SIGN1_TAG_TWO_BYTE_SECOND = 18;
+const COSE_SIGN1_ARRAY_LENGTH = 4;
+const COSE_KEY_KID = 4;
+const COSE_KEY_ALG = 1;
+function coseGet$1(header, key) {
+	if (header instanceof Map) return header.get(key);
+	return header[key];
+}
+function stripCoseTag(bytes) {
+	if (bytes[0] === COSE_SIGN1_TAG_SINGLE_BYTE) return bytes.subarray(1);
+	if (bytes[0] === COSE_SIGN1_TAG_TWO_BYTE_FIRST && bytes[1] === COSE_SIGN1_TAG_TWO_BYTE_SECOND) return bytes.subarray(2);
+	return bytes;
+}
+function toUint8Array$1(value) {
+	if (value instanceof Uint8Array) return value;
+	if (Array.isArray(value)) return new Uint8Array(value);
+	throw new Error(`Expected Uint8Array or number[], got ${typeof value}`);
+}
+/**
+* Decodes a `COSE_Sign1` structure from raw bytes (RFC 9052).
+*
+* Handles CBOR tag 18 in both single-byte (0xD2) and two-byte (0xD8 0x12) form.
+*
+* @param coseBytes - Raw COSE_Sign1 bytes, optionally prefixed with CBOR tag 18
+* @returns The decoded COSE_Sign1 structure
+* @throws If the bytes do not represent a valid COSE_Sign1 structure
+*
+* @example
+* {@includeCode ../../test/cose/decodeCoseSign1.test.ts#example}
+*
+* @public
+*/
+function decodeCoseSign1(coseBytes) {
+	try {
+		const coseArray = decode(stripCoseTag(coseBytes));
+		if (!Array.isArray(coseArray) || coseArray.length !== COSE_SIGN1_ARRAY_LENGTH) throw new Error("Invalid COSE_Sign1 structure: expected array with 4 elements");
+		const [protectedRaw, unprotectedRaw, payloadRaw, signatureRaw] = coseArray;
+		const protectedBytes = toUint8Array$1(protectedRaw);
+		let protectedHeader = {};
+		if (protectedBytes.length > 0) protectedHeader = decode(protectedBytes);
+		const unprotectedHeader = unprotectedRaw ?? {};
+		const kidRaw = coseGet$1(protectedHeader, COSE_KEY_KID) ?? coseGet$1(unprotectedHeader, COSE_KEY_KID) ?? null;
+		const kid = kidRaw != null ? toUint8Array$1(kidRaw) : null;
+		const alg = coseGet$1(protectedHeader, COSE_KEY_ALG) ?? coseGet$1(unprotectedHeader, COSE_KEY_ALG) ?? null;
+		return {
+			protectedBytes,
+			protectedHeader,
+			unprotectedHeader,
+			payload: payloadRaw == null ? null : toUint8Array$1(payloadRaw),
+			signature: toUint8Array$1(signatureRaw),
+			kid,
+			alg
+		};
+	} catch (error) {
+		throw new Error(`Failed to decode COSE_Sign1: ${error.message}`);
+	}
+}
+//#endregion
+//#region src/jumbf/parseJumbfBoxes.ts
+/**
+* Parses JUMBF boxes (ISO 19566-5) from raw bytes.
+*
+* JUMBF boxes share the same 4-byte size + 4-byte type structure as ISO BMFF boxes,
+* so they can be parsed with the same reader.
+*
+* @param bytes - Raw bytes containing JUMBF box content
+* @returns Array of parsed JUMBF boxes with their payloads
+*
+* @example
+* {@includeCode ../../test/jumbf/parseJumbfBoxes.test.ts#example}
+*
+* @internal
+*/
+function parseJumbfBoxes(bytes) {
+	return readIsoBoxes(bytes).map((box) => ({
+		type: box.type,
+		data: box.view.readData(box.view.bytesRemaining)
+	}));
+}
+//#endregion
+//#region src/jumbf/parseJumbfLabel.ts
+const TEXT_DECODER$2 = new TextDecoder();
+const JUMD_UUID_SIZE = 16;
+const JUMD_TOGGLES_OFFSET = 16;
+const JUMD_LABEL_START = 17;
+const LABEL_FLAG_MASK = 3;
+const LABEL_FLAG_EXPECTED = 3;
+/**
+* Extracts the label from a JUMBF Description Box (`jumd`) data payload.
+*
+* The `jumd` format is: 16-byte UUID + 1-byte toggles + null-terminated label string.
+* A label is only present when bits 0 and 1 of the toggles byte are both set.
+*
+* @param jumdData - Raw bytes of the `jumd` box data (payload after the box header)
+* @returns The label string, or `null` if no label is present
+*
+* @example
+* {@includeCode ../../test/jumbf/parseJumbfLabel.test.ts#example}
+*
+* @internal
+*/
+function parseJumbfLabel(jumdData) {
+	if (jumdData.length < JUMD_UUID_SIZE + 1) return null;
+	if ((jumdData[JUMD_TOGGLES_OFFSET] & LABEL_FLAG_MASK) !== LABEL_FLAG_EXPECTED) return null;
+	let end = JUMD_LABEL_START;
+	while (end < jumdData.length && jumdData[end] !== 0) end++;
+	if (end >= jumdData.length) return null;
+	return TEXT_DECODER$2.decode(jumdData.subarray(JUMD_LABEL_START, end));
+}
+//#endregion
+//#region src/utils.ts
+const MILLISECONDS_PER_SECOND = 1e3;
+const SHA_ALGORITHM_PATTERN = /^sha(\d+)$/i;
+/**
+* Normalizes hash algorithm names to WebCrypto format (e.g. `sha256` → `SHA-256`).
+*
+* Defaults to `'SHA-256'` when no algorithm is provided.
+*
+* @internal
+*/
+function normalizeAlgorithmName(rawAlg) {
+	return (rawAlg ?? "SHA-256").replace(SHA_ALGORITHM_PATTERN, "SHA-$1");
+}
+const HEX_TABLE = Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
+/**
+* Converts a Uint8Array to a lowercase hex string.
+*
+* @internal
+*/
+function bytesToHex(bytes) {
+	let hex = "";
+	for (const byte of bytes) hex += HEX_TABLE[byte];
+	return hex;
+}
+/**
+* Checks whether a session key has expired based on its creation time
+* and validity period.
+*
+* @param createdAt - ISO 8601 date string when the key was created
+* @param validityPeriodSeconds - Validity duration in seconds
+* @param now - Current time (defaults to `new Date()`, injectable for testing)
+* @returns `true` if the key has expired
+*
+* @internal
+*/
+function isKeyExpired(createdAt, validityPeriodSeconds, now = /* @__PURE__ */ new Date()) {
+	const createdAtMs = new Date(createdAt).getTime();
+	if (Number.isNaN(createdAtMs)) return true;
+	return now > new Date(createdAtMs + validityPeriodSeconds * MILLISECONDS_PER_SECOND);
+}
+/**
+* Constant-time comparison of two hash byte arrays.
+*
+* @internal
+*/
+function hashesEqual(a, b) {
+	if (a.length !== b.length) return false;
+	let diff = 0;
+	for (let i = 0; i < a.length; i++) diff |= a[i] ^ b[i];
+	return diff === 0;
+}
+const C2PA_MANIFEST_UUID = [
+	216,
+	254,
+	195,
+	214,
+	26,
+	150,
+	79,
+	50,
+	160,
+	246,
+	243,
+	236,
+	249,
+	108,
+	16,
+	234
+];
+const JUMBF_UUID = [
+	216,
+	254,
+	195,
+	214,
+	27,
+	14,
+	72,
+	60,
+	146,
+	151,
+	88,
+	40,
+	135,
+	126,
+	196,
+	129
+];
+function matchesUuid(usertype, expected) {
+	return usertype.length === expected.length && expected.every((b, i) => b === usertype[i]);
+}
+function isC2paUuid(usertype) {
+	return matchesUuid(usertype, C2PA_MANIFEST_UUID) || matchesUuid(usertype, JUMBF_UUID);
+}
+/**
+* Finds the C2PA UUID box in a list of parsed ISO BMFF boxes.
+*
+* Matches against both the C2PA manifest store UUID and the JUMBF UUID
+* (ISO 19566-5), as different tools use different UUIDs.
+*
+* @internal
+*/
+function findC2paUuidBox(boxes) {
+	return boxes.find((box) => box.type === "uuid" && isC2paUuid(box.usertype ?? []));
+}
+const FULLBOX_HEADER_SIZE = 4;
+const AUX_UUID_OFFSET_SIZE = 8;
+/**
+* Strips the JUMBF UUID box prefix (fullbox header, purpose string, aux offset)
+* to return only the JUMBF manifest data.
+*
+* Structure per ISO 19566-5 / C2PA BMFF storage:
+*   version(1) + flags(3) + purpose(null-terminated) + aux_offset(8) + JUMBF data
+*
+* Returns `null` if the payload does not contain a valid JUMBF UUID prefix.
+*
+* @internal
+*/
+function stripJumbfUuidPrefix(payload) {
+	if (payload.length < FULLBOX_HEADER_SIZE) return null;
+	let offset = FULLBOX_HEADER_SIZE;
+	while (offset < payload.length && payload[offset] !== 0) offset++;
+	if (offset >= payload.length) return null;
+	offset++;
+	offset += AUX_UUID_OFFSET_SIZE;
+	if (offset > payload.length) return null;
+	return payload.subarray(offset);
+}
+//#endregion
+//#region src/x509/asn1.ts
+/**
+* Minimal ASN.1 DER parsing helpers for X.509 certificate navigation.
+*
+* @internal
+*/
+const ASN1_TAG_INTEGER = 2;
+const ASN1_TAG_OBJECT_IDENTIFIER = 6;
+const ASN1_TAG_SEQUENCE = 48;
+const ASN1_TAG_SET = 49;
+const ASN1_TAG_UTC_TIME = 23;
+const ASN1_TAG_GENERALIZED_TIME = 24;
+const ASN1_TAG_CONTEXT_0 = 160;
+const ASN1_LONG_FORM_FLAG = 128;
+const ASN1_LONG_FORM_MASK = 127;
+function readLength(bytes, offset) {
+	if (offset >= bytes.length) return {
+		length: 0,
+		bytesRead: 0
+	};
+	const first = bytes[offset] ?? 0;
+	if (first < ASN1_LONG_FORM_FLAG) return {
+		length: first,
+		bytesRead: 1
+	};
+	const count = first & ASN1_LONG_FORM_MASK;
+	let length = 0;
+	for (let i = 0; i < count; i++) length = length << 8 | (bytes[offset + 1 + i] ?? 0);
+	return {
+		length,
+		bytesRead: 1 + count
+	};
+}
+function readElement(bytes, offset) {
+	if (offset + 2 > bytes.length) return null;
+	const tag = bytes[offset] ?? 0;
+	const { length, bytesRead } = readLength(bytes, offset + 1);
+	const headerSize = 1 + bytesRead;
+	const valueEnd = offset + headerSize + length;
+	if (valueEnd > bytes.length) return null;
+	return {
+		tag,
+		value: bytes.subarray(offset + headerSize, valueEnd),
+		totalSize: headerSize + length
+	};
+}
+/**
+* Reads an ASN.1 element and returns its full DER encoding (tag + length + value).
+*
+* @internal
+*/
+function readElementRaw(bytes, offset) {
+	const el = readElement(bytes, offset);
+	if (!el) return null;
+	return bytes.subarray(offset, offset + el.totalSize);
+}
+//#endregion
+//#region src/x509/extractCertificateInfo.ts
+const TEXT_DECODER$1 = new TextDecoder();
+const OID_COMMON_NAME = new Uint8Array([
+	85,
+	4,
+	3
+]);
+const OID_ORG_NAME = new Uint8Array([
+	85,
+	4,
+	10
+]);
+function matchesOID(value, oid) {
+	if (value.length < oid.length) return false;
+	for (let i = 0; i < oid.length; i++) if (value[i] !== oid[i]) return false;
+	return true;
+}
+function parseTime(element) {
+	const text = TEXT_DECODER$1.decode(element.value);
+	if (element.tag === ASN1_TAG_UTC_TIME) {
+		const yy = parseInt(text.substring(0, 2), 10);
+		return `${yy >= 50 ? 1900 + yy : 2e3 + yy}-${text.substring(2, 4)}-${text.substring(4, 6)}T${text.substring(6, 8)}:${text.substring(8, 10)}:${text.substring(10, 12)}Z`;
+	}
+	if (element.tag === ASN1_TAG_GENERALIZED_TIME) return `${text.substring(0, 4)}-${text.substring(4, 6)}-${text.substring(6, 8)}T${text.substring(8, 10)}:${text.substring(10, 12)}:${text.substring(12, 14)}Z`;
+	return null;
+}
+function findOidValueInSequence(seqValue, targetOID) {
+	const oidEl = readElement(seqValue, 0);
+	if (!oidEl || oidEl.tag !== ASN1_TAG_OBJECT_IDENTIFIER) return null;
+	if (!matchesOID(oidEl.value, targetOID)) return null;
+	const valEl = readElement(seqValue, oidEl.totalSize);
+	return valEl ? TEXT_DECODER$1.decode(valEl.value) : null;
+}
+function findRDNValue(issuerValue, targetOID) {
+	let offset = 0;
+	while (offset < issuerValue.length) {
+		const setEl = readElement(issuerValue, offset);
+		if (!setEl || setEl.tag !== ASN1_TAG_SET) break;
+		let setOffset = 0;
+		while (setOffset < setEl.value.length) {
+			const seqEl = readElement(setEl.value, setOffset);
+			if (!seqEl || seqEl.tag !== ASN1_TAG_SEQUENCE) break;
+			const found = findOidValueInSequence(seqEl.value, targetOID);
+			if (found) return found;
+			setOffset += seqEl.totalSize;
+		}
+		offset += setEl.totalSize;
+	}
+	return null;
+}
+/**
+* Extracts the issuer name and `notBefore` date from a DER-encoded X.509 certificate.
+*
+* Uses a minimal ASN.1 parser that handles the subset of DER structures found in
+* typical C2PA signing certificates. Extracts the issuer Common Name (OID 2.5.4.3)
+* or Organization Name (OID 2.5.4.10) as a fallback, and the `notBefore` validity date.
+*
+* @param certDER - DER-encoded X.509 certificate bytes
+* @returns Certificate information, or `null` if parsing fails
+*
+* @example
+* {@includeCode ../../test/x509/extractCertificateInfo.test.ts#example}
+*
+* @public
+*/
+function extractCertificateInfo(certDER) {
+	try {
+		const cert = readElement(certDER, 0);
+		if (!cert || cert.tag !== ASN1_TAG_SEQUENCE) return null;
+		const tbs = readElement(cert.value, 0);
+		if (!tbs || tbs.tag !== ASN1_TAG_SEQUENCE) return null;
+		let offset = 0;
+		let el = readElement(tbs.value, offset);
+		if (!el) return null;
+		if (el.tag === ASN1_TAG_CONTEXT_0) {
+			offset += el.totalSize;
+			el = readElement(tbs.value, offset);
+			if (!el) return null;
+		}
+		if (el.tag !== ASN1_TAG_INTEGER) return null;
+		offset += el.totalSize;
+		el = readElement(tbs.value, offset);
+		if (!el || el.tag !== ASN1_TAG_SEQUENCE) return null;
+		offset += el.totalSize;
+		el = readElement(tbs.value, offset);
+		if (!el || el.tag !== ASN1_TAG_SEQUENCE) return null;
+		const issuer = findRDNValue(el.value, OID_COMMON_NAME) ?? findRDNValue(el.value, OID_ORG_NAME) ?? "Unknown Issuer";
+		offset += el.totalSize;
+		el = readElement(tbs.value, offset);
+		let notBefore = null;
+		if (el && el.tag === ASN1_TAG_SEQUENCE) {
+			const timeEl = readElement(el.value, 0);
+			if (timeEl) notBefore = parseTime(timeEl);
+		}
+		return {
+			issuer,
+			notBefore
+		};
+	} catch {
+		return null;
+	}
+}
+//#endregion
+//#region src/readC2paManifest.ts
+const TEXT_DECODER = new TextDecoder();
+const MAX_JUMBF_NESTING_DEPTH = 20;
+const X5CHAIN_HEADER_LABEL = 33;
+function resolveManifestBoxes(jumbfBoxes, depth = 0) {
+	if (depth >= MAX_JUMBF_NESTING_DEPTH) return jumbfBoxes;
+	const contentBoxes = jumbfBoxes.filter((b) => b.type !== "jumd");
+	const firstBox = contentBoxes[0];
+	if (contentBoxes.length === 1 && firstBox?.type === "jumb") return resolveManifestBoxes(parseJumbfBoxes(firstBox.data), depth + 1);
+	return jumbfBoxes;
+}
+function extractManifestLabel(jumbfBoxes) {
+	for (const box of jumbfBoxes) {
+		if (box.type !== "jumb") continue;
+		const inner = parseJumbfBoxes(box.data);
+		for (const child of inner) {
+			if (child.type !== "jumb") continue;
+			const jumd = parseJumbfBoxes(child.data).find((b) => b.type === "jumd");
+			if (jumd) {
+				const label = parseJumbfLabel(jumd.data);
+				if (label) return label;
+			}
+		}
+	}
+	return null;
+}
+function parseAssertionsInternal(assertionStoreBoxes) {
+	const assertions = [];
+	for (const box of assertionStoreBoxes) {
+		if (box.type !== "jumb") continue;
+		const inner = parseJumbfBoxes(box.data);
+		const jumd = inner.find((b) => b.type === "jumd");
+		if (!jumd) continue;
+		const label = parseJumbfLabel(jumd.data);
+		if (!label) continue;
+		const contentBox = inner.find((b) => b.type === "cbor" || b.type === "json" || b.type === "jumc" || b.type === "jp2c" || b.type === "bidb");
+		let data = null;
+		if (contentBox) if (contentBox.type === "cbor") try {
+			data = decode(contentBox.data);
+		} catch {
+			data = contentBox.data;
+		}
+		else if (contentBox.type === "json") try {
+			data = JSON.parse(TEXT_DECODER.decode(contentBox.data));
+		} catch {
+			data = contentBox.data;
+		}
+		else data = contentBox.data;
+		assertions.push({
+			label,
+			data,
+			rawBoxPayload: box.data
+		});
+	}
+	return assertions;
+}
+function parseSignatureInfo(signatureBytes) {
+	if (!signatureBytes) return {
+		issuer: null,
+		certNotBefore: null
+	};
+	try {
+		const cose = decodeCoseSign1(signatureBytes);
+		const x5chain = cose.protectedHeader[X5CHAIN_HEADER_LABEL] ?? cose.unprotectedHeader[X5CHAIN_HEADER_LABEL];
+		if (!x5chain) return {
+			issuer: null,
+			certNotBefore: null
+		};
+		const certDER = Array.isArray(x5chain) ? x5chain[0] : x5chain;
+		if (!(certDER instanceof Uint8Array)) return {
+			issuer: null,
+			certNotBefore: null
+		};
+		const certInfo = extractCertificateInfo(certDER);
+		return {
+			issuer: certInfo?.issuer ?? null,
+			certNotBefore: certInfo?.notBefore ?? null
+		};
+	} catch {
+		return {
+			issuer: null,
+			certNotBefore: null
+		};
+	}
+}
+function extractClaimAssertionRefs(claimData) {
+	const created = claimData["created_assertions"];
+	const gathered = claimData["gathered_assertions"];
+	const v1 = claimData["assertions"];
+	const sources = [
+		...created ?? [],
+		...gathered ?? [],
+		...v1 ?? []
+	];
+	const refs = [];
+	for (const entry of sources) {
+		if (!entry || typeof entry !== "object") continue;
+		const e = entry;
+		const url = e["url"];
+		const hash = e["hash"];
+		if (!url || !hash) continue;
+		refs.push({
+			url,
+			hash: hash instanceof Uint8Array ? hash : new Uint8Array(hash),
+			alg: e["alg"] ?? null
+		});
+	}
+	return refs;
+}
+/**
+* Reads a C2PA manifest from raw BMFF bytes.
+*
+* Locates the C2PA UUID box (`d8fec3d6-1a96-4f32-a0f6-f3ecf96c10ea`), navigates
+* the JUMBF manifest store structure (ISO 19566-5), and returns the parsed active
+* manifest with its claims, assertions, and signature information.
+*
+* This function performs structural parsing only. It does not verify the
+* cryptographic signature of the claim.
+*
+* @param bytes - Raw BMFF bytes (e.g. an MP4 init segment or media segment)
+* @param preParsedBoxes - Optional pre-parsed ISO boxes to avoid redundant parsing
+* @returns The parsed manifest data including claim, assertions, and signature bytes
+* @throws If no C2PA UUID box is found, or the JUMBF structure is invalid
+*
+* @example
+* {@includeCode ../test/readC2paManifest.test.ts#example}
+*
+* @internal
+*/
+function readC2paManifest(bytes, preParsedBoxes) {
+	const uuidBox = findC2paUuidBox(preParsedBoxes ?? readIsoBoxes(bytes));
+	if (!uuidBox) throw new Error("No C2PA UUID box found in the provided bytes");
+	const jumbfPayload = stripJumbfUuidPrefix(uuidBox.view.readData(uuidBox.view.bytesRemaining));
+	if (!jumbfPayload) throw new Error("Invalid JUMBF UUID prefix in C2PA box");
+	const jumbfBoxes = parseJumbfBoxes(jumbfPayload);
+	if (jumbfBoxes.length === 0) throw new Error("No JUMBF boxes found in C2PA UUID box");
+	const manifestLabel = extractManifestLabel(jumbfBoxes);
+	const manifestBoxes = resolveManifestBoxes(jumbfBoxes);
+	let claimData = null;
+	let claimCborBytes = null;
+	let internalAssertions = [];
+	let signatureBytes = null;
+	for (const box of manifestBoxes) {
+		if (box.type !== "jumb") continue;
+		const inner = parseJumbfBoxes(box.data);
+		const jumd = inner.find((b) => b.type === "jumd");
+		if (!jumd) continue;
+		const label = parseJumbfLabel(jumd.data);
+		if (!label) continue;
+		if (label === "c2pa.claim" || label === "c2pa.claim.v2") {
+			const contentBox = inner.find((b) => b.type === "cbor");
+			if (contentBox) {
+				claimCborBytes = contentBox.data;
+				try {
+					claimData = decode(contentBox.data);
+				} catch {}
+			}
+		} else if (label === "c2pa.assertions") internalAssertions = parseAssertionsInternal(inner);
+		else if (label === "c2pa.signature") {
+			const contentBox = inner.find((b) => b.type === "cbor" || b.type === "jumc");
+			if (contentBox) signatureBytes = contentBox.data;
+		}
+	}
+	const { issuer, certNotBefore } = parseSignatureInfo(signatureBytes);
+	const instanceId = claimData?.["instanceID"] ?? claimData?.["instance_id"] ?? null;
+	const claimGenerator = claimData?.["claim_generator"] ?? claimData?.["claimGenerator"] ?? null;
+	const resolvedLabel = manifestLabel ?? claimData?.["dc:title"] ?? claimData?.["title"] ?? instanceId ?? "unknown";
+	const claimAssertionRefs = claimData ? extractClaimAssertionRefs(claimData) : [];
+	const assertions = internalAssertions.map((a) => ({
+		label: a.label,
+		data: a.data
+	}));
+	return {
+		manifest: {
+			label: resolvedLabel,
+			instanceId,
+			claimGenerator,
+			signatureInfo: {
+				issuer,
+				certNotBefore
+			},
+			assertions
+		},
+		claimAssertionRefs,
+		claimCborBytes,
+		signatureBytes,
+		assertions: internalAssertions
+	};
+}
+//#endregion
+//#region src/extractManifestCertificate.ts
+const X5CHAIN_COSE_HEADER = 33;
+/**
+* Extracts the end-entity certificate from raw COSE_Sign1 signature bytes.
+*
+* @internal
+*/
+function extractCertificateFromSignatureBytes(signatureBytes) {
+	try {
+		const cose = decodeCoseSign1(signatureBytes);
+		const x5chain = cose.protectedHeader[X5CHAIN_COSE_HEADER] ?? cose.unprotectedHeader[X5CHAIN_COSE_HEADER];
+		if (!x5chain) return null;
+		const certDER = Array.isArray(x5chain) ? x5chain[0] : x5chain;
+		return certDER instanceof Uint8Array ? certDER : null;
+	} catch {
+		return null;
+	}
+}
+//#endregion
+//#region src/bmff/shouldExcludeBox.ts
+function bytesMatchAt(boxData, offset, expected) {
+	const bytes = expected instanceof Uint8Array ? expected : new Uint8Array(expected);
+	if (offset + bytes.length > boxData.length) return false;
+	for (let i = 0; i < bytes.length; i++) if (boxData[offset + i] !== bytes[i]) return false;
+	return true;
+}
+function constraintMatches(boxData, constraint) {
+	return bytesMatchAt(boxData, constraint.offset, constraint.value);
+}
+/**
+* Returns `true` if the given BMFF box should be excluded from the
+* C2PA content hash, based on the provided exclusion list.
+*
+* Exclusions use C2PA xpath notation (e.g. `/emsg`, `/moof/traf`).
+* Optional `data` constraints narrow the match to specific box content by byte offset.
+*
+* @param boxType - Four-character box type code (e.g. `'emsg'`, `'moof'`)
+* @param boxData - Full box bytes including the 8-byte size+type header
+* @param exclusions - Exclusion list from the C2PA `c2pa.hash.bmff.v3` assertion
+* @returns `true` if the box should be excluded from the hash input
+*
+* @example
+* {@includeCode ../../test/bmff/shouldExcludeBox.test.ts#example}
+*
+* @public
+*/
+function shouldExcludeBox(boxType, boxData, exclusions) {
+	for (const exclusion of exclusions) {
+		if (!exclusion.xpath) continue;
+		if (!(exclusion.xpath === `/${boxType}` || exclusion.xpath.startsWith(`/${boxType}/`))) continue;
+		const { data } = exclusion;
+		if (!data || data.length === 0) return true;
+		if (data.every((constraint) => constraintMatches(boxData, constraint))) return true;
+	}
+	return false;
+}
+//#endregion
+//#region src/bmff/computeBmffHash.ts
+const MINIMUM_BOX_SIZE = 8;
+const BOX_TYPE_OFFSET = 4;
+const DEFAULT_HASH_ALG = "SHA-256";
+function readBoxType(bytes, offset) {
+	return String.fromCharCode(bytes[offset], bytes[offset + 1], bytes[offset + 2], bytes[offset + 3]);
+}
+function writeUint64BigEndian(bytes, value) {
+	new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength).setBigUint64(0, BigInt(value), false);
+}
+function buildHashInput(bytes, exclusions, offsetPrefixSize) {
+	if (offsetPrefixSize !== 0 && offsetPrefixSize !== 8) throw new Error(`offsetPrefixSize must be 0 or 8, got ${offsetPrefixSize}`);
+	const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+	let totalLength = 0;
+	let offset = 0;
+	while (offset + MINIMUM_BOX_SIZE <= bytes.length) {
+		const boxSize = view.getUint32(offset, false);
+		if (boxSize < MINIMUM_BOX_SIZE || offset + boxSize > bytes.length) break;
+		if (!shouldExcludeBox(readBoxType(bytes, offset + BOX_TYPE_OFFSET), bytes.subarray(offset, offset + boxSize), exclusions)) totalLength += offsetPrefixSize + boxSize;
+		offset += boxSize;
+	}
+	const hashInput = new Uint8Array(totalLength);
+	let writeOffset = 0;
+	offset = 0;
+	while (offset + MINIMUM_BOX_SIZE <= bytes.length) {
+		const boxSize = view.getUint32(offset, false);
+		if (boxSize < MINIMUM_BOX_SIZE || offset + boxSize > bytes.length) break;
+		const boxType = readBoxType(bytes, offset + BOX_TYPE_OFFSET);
+		const boxData = bytes.subarray(offset, offset + boxSize);
+		if (!shouldExcludeBox(boxType, boxData, exclusions)) {
+			if (offsetPrefixSize > 0) {
+				writeUint64BigEndian(hashInput.subarray(writeOffset, writeOffset + offsetPrefixSize), offset);
+				writeOffset += offsetPrefixSize;
+			}
+			hashInput.set(boxData, writeOffset);
+			writeOffset += boxSize;
+		}
+		offset += boxSize;
+	}
+	return hashInput;
+}
+/**
+* Computes the C2PA BMFF content hash (`c2pa.hash.bmff.v3`) for a DASH segment.
+*
+* Iterates through top-level BMFF boxes, excludes those matching the exclusion list,
+* concatenates the remaining box bytes (optionally prefixed with each box's file offset),
+* and returns the WebCrypto digest.
+*
+* @param segmentBytes - Raw segment bytes to hash
+* @param options - Hash options (exclusions, algorithm, offset prefix size)
+* @returns The computed hash bytes
+*
+* @example
+* {@includeCode ../../test/bmff/computeBmffHash.test.ts#example}
+*
+* @public
+*/
+async function computeBmffHash(segmentBytes, options) {
+	const exclusions = options?.exclusions ?? [];
+	const alg = options?.alg ?? DEFAULT_HASH_ALG;
+	const hashInput = buildHashInput(segmentBytes, exclusions, options?.offsetPrefixSize ?? 0);
+	const hashBuffer = await crypto.subtle.digest(alg, hashInput);
+	return new Uint8Array(hashBuffer);
+}
+//#endregion
+//#region src/bmff/validateBmffHash.ts
+const OFFSET_PREFIX_SIZES_TO_TRY = [8, 0];
+/**
+* Validates the C2PA BMFF content hash (`c2pa.hash.bmff.v3`) for a DASH segment.
+*
+* Tries both offset-prefix modes — 8-byte file offset prefix and no prefix — to handle
+* inter-signer interoperability until a standard signaling mechanism is defined in the spec.
+*
+* Use {@link computeBmffHash} directly when the offset prefix size is known.
+*
+* @param segmentBytes - Raw segment bytes to validate
+* @param expectedHash - Expected hash bytes from the VSI CBOR map
+* @param options - Validation options (exclusions, algorithm)
+* @returns `true` if the computed hash matches the expected hash in either offset mode
+*
+* @example
+* {@includeCode ../../test/bmff/validateBmffHash.test.ts#example}
+*
+* @public
+*/
+async function validateBmffHash(segmentBytes, expectedHash, options) {
+	for (const offsetPrefixSize of OFFSET_PREFIX_SIZES_TO_TRY) if (hashesEqual(await computeBmffHash(segmentBytes, {
+		...options,
+		offsetPrefixSize
+	}), expectedHash)) return true;
+	return false;
+}
+//#endregion
+//#region src/C2paStatusCode.ts
+/**
+* Standard C2PA validation status codes for manifest integrity checks,
+* as defined in the C2PA specification chapters 15 and 18.
+*
+* @see {@link https://c2pa.org/specifications/specifications/2.3/specs/C2PA_Specification.html#_claim_validation | C2PA Spec §15.10.3}
+*
+* @enum
+*
+* @public
+*/
+const C2paStatusCode = {
+	ASSERTION_HASHEDURI_MISMATCH: "assertion.hashedURI.mismatch",
+	ASSERTION_MISSING: "assertion.missing",
+	ASSERTION_ACTION_INGREDIENT_MISMATCH: "assertion.action.ingredientMismatch",
+	CLAIM_SIGNATURE_MISMATCH: "claim.signature.mismatch"
+};
+//#endregion
+//#region src/claim/validateActionIngredients.ts
+const ACTIONS_LABELS = new Set(["c2pa.actions", "c2pa.actions.v2"]);
+const ACTIONS_REQUIRING_INGREDIENTS = new Set([
+	"c2pa.opened",
+	"c2pa.placed",
+	"c2pa.removed"
+]);
+/**
+* Validates action ingredient references per C2PA §18.15.4.7.
+*
+* For any `c2pa.actions` or `c2pa.actions.v2` assertion, actions with type
+* `c2pa.opened`, `c2pa.placed`, or `c2pa.removed` must include a
+* `parameters.ingredients` field. Reports `assertion.action.ingredientMismatch`
+* if any such action is missing the required field.
+*
+* @param assertions - Parsed assertions (label + decoded data)
+* @returns Array of C2PA status codes for any failures found
+*
+* @internal
+*/
+function validateActionIngredients(assertions) {
+	const codes = [];
+	for (const assertion of assertions) {
+		if (!ACTIONS_LABELS.has(assertion.label)) continue;
+		const data = assertion.data;
+		if (!data) continue;
+		const actions = data["actions"];
+		if (!Array.isArray(actions)) continue;
+		for (const action of actions) {
+			if (!action || typeof action !== "object") continue;
+			const record = action;
+			const actionType = record["action"];
+			if (!actionType || !ACTIONS_REQUIRING_INGREDIENTS.has(actionType)) continue;
+			const ingredients = record["parameters"]?.["ingredients"];
+			if (!Array.isArray(ingredients) || ingredients.length === 0) codes.push(C2paStatusCode.ASSERTION_ACTION_INGREDIENT_MISMATCH);
+		}
+	}
+	return codes;
+}
+//#endregion
+//#region src/claim/validateAssertionHashes.ts
+/**
+* Extracts the assertion label from a JUMBF URI.
+*
+* Handles both absolute (`self#jumbf=/c2pa/<manifest>/c2pa.assertions/<label>`)
+* and relative URI forms by returning the last path segment.
+*/
+function extractLabelFromUrl(url) {
+	const fragmentIndex = url.indexOf("#jumbf=");
+	const path = fragmentIndex >= 0 ? url.substring(fragmentIndex + 7) : url;
+	const lastSlash = path.lastIndexOf("/");
+	return lastSlash >= 0 ? path.substring(lastSlash + 1) : path;
+}
+/**
+* Validates assertion hashes and presence per C2PA §15.10.3.1.
+*
+* For each assertion referenced in the claim's hashed URI list:
+* - Checks that the assertion exists in the assertion store (`assertion.missing`)
+* - Recomputes the hash of the raw JUMBF box payload and compares it to the
+*   expected hash from the claim (`assertion.hashedURI.mismatch`)
+*
+* @param claimRefs - Hashed URI references from the claim
+* @param assertions - Parsed assertions with preserved raw box payloads
+* @returns Array of C2PA status codes for any failures found
+*
+* @internal
+*/
+async function validateAssertionHashes(claimRefs, assertions) {
+	if (claimRefs.length === 0) return [];
+	const assertionsByLabel = /* @__PURE__ */ new Map();
+	for (const assertion of assertions) assertionsByLabel.set(assertion.label, assertion);
+	const codes = [];
+	const hashChecks = claimRefs.map(async (ref) => {
+		const label = extractLabelFromUrl(ref.url);
+		const assertion = assertionsByLabel.get(label);
+		if (!assertion) return C2paStatusCode.ASSERTION_MISSING;
+		const alg = ref.alg ? normalizeAlgorithmName(ref.alg) : "SHA-256";
+		if (!hashesEqual(new Uint8Array(await crypto.subtle.digest(alg, assertion.rawBoxPayload)), ref.hash)) return C2paStatusCode.ASSERTION_HASHEDURI_MISMATCH;
+		return null;
+	});
+	const results = await Promise.all(hashChecks);
+	for (const result of results) if (result) codes.push(result);
+	return codes;
+}
+//#endregion
+//#region src/cose/constants.ts
+const ECDSA_ALGORITHM = "ECDSA";
+const ED25519_ALGORITHM = "Ed25519";
+const RSA_PSS_ALGORITHM = "RSA-PSS";
+const CURVE_P256 = "P-256";
+const CURVE_P384 = "P-384";
+const CURVE_P521 = "P-521";
+const HASH_SHA256 = "SHA-256";
+const HASH_SHA384 = "SHA-384";
+const HASH_SHA512 = "SHA-512";
+//#endregion
+//#region src/cose/resolveAlgorithmFromCoseAlg.ts
+const COSE_ALGORITHM_MAP = new Map([
+	[-7, {
+		name: ECDSA_ALGORITHM,
+		namedCurve: CURVE_P256
+	}],
+	[-35, {
+		name: ECDSA_ALGORITHM,
+		namedCurve: CURVE_P384
+	}],
+	[-36, {
+		name: ECDSA_ALGORITHM,
+		namedCurve: CURVE_P521
+	}],
+	[-8, { name: ED25519_ALGORITHM }],
+	[-37, {
+		name: RSA_PSS_ALGORITHM,
+		hash: { name: HASH_SHA256 }
+	}],
+	[-38, {
+		name: RSA_PSS_ALGORITHM,
+		hash: { name: HASH_SHA384 }
+	}],
+	[-39, {
+		name: RSA_PSS_ALGORITHM,
+		hash: { name: HASH_SHA512 }
+	}]
+]);
+/**
+* Maps a COSE algorithm number (from a COSE_Sign1 protected header) to the
+* WebCrypto algorithm identifier needed for `crypto.subtle.importKey('spki', ...)`.
+*
+* @param coseAlg - COSE algorithm identifier (e.g. -7 for ES256)
+* @returns WebCrypto algorithm identifier
+* @throws If the COSE algorithm is not supported
+*
+* @internal
+*/
+function resolveAlgorithmFromCoseAlg(coseAlg) {
+	const algorithm = COSE_ALGORITHM_MAP.get(coseAlg);
+	if (!algorithm) throw new Error(`Unsupported COSE algorithm: ${coseAlg}`);
+	return algorithm;
+}
+//#endregion
+//#region src/cose/buildSigStructure.ts
+const CBOR_ARRAY_FOUR_ITEMS = 132;
+const CBOR_TEXT_MAJOR_TYPE_BASE = 96;
+const CBOR_BYTES_MAJOR_TYPE_BASE = 64;
+const CBOR_UINT8_LENGTH_INDICATOR = 88;
+const CBOR_UINT16_LENGTH_INDICATOR = 89;
+const CBOR_UINT32_LENGTH_INDICATOR = 90;
+const CBOR_INLINE_MAX = 23;
+const CBOR_UINT8_MAX = 255;
+const CBOR_UINT16_MAX = 65535;
+const COSE_SIG1_CONTEXT_BYTES = new TextEncoder().encode("Signature1");
+function byteStringHeaderSize(length) {
+	if (length <= CBOR_INLINE_MAX) return 1;
+	if (length <= CBOR_UINT8_MAX) return 2;
+	if (length <= CBOR_UINT16_MAX) return 3;
+	return 5;
+}
+function writeByteStringHeader(output, offset, length) {
+	if (length <= CBOR_INLINE_MAX) output[offset++] = CBOR_BYTES_MAJOR_TYPE_BASE + length;
+	else if (length <= CBOR_UINT8_MAX) {
+		output[offset++] = CBOR_UINT8_LENGTH_INDICATOR;
+		output[offset++] = length;
+	} else if (length <= CBOR_UINT16_MAX) {
+		output[offset++] = CBOR_UINT16_LENGTH_INDICATOR;
+		output[offset++] = length >> 8 & 255;
+		output[offset++] = length & 255;
+	} else {
+		output[offset++] = CBOR_UINT32_LENGTH_INDICATOR;
+		output[offset++] = length >>> 24 & 255;
+		output[offset++] = length >>> 16 & 255;
+		output[offset++] = length >>> 8 & 255;
+		output[offset++] = length & 255;
+	}
+	return offset;
+}
+/**
+* Builds the COSE `Sig_Structure` (ToBeSigned) bytes for a `COSE_Sign1` structure (RFC 9052 §4.4).
+*
+* The resulting bytes are the direct input to signature creation or verification via WebCrypto.
+*
+* @param protectedBytes - Serialized protected header (CBOR-encoded byte string)
+* @param payload - Payload bytes
+* @param externalAad - External additional authenticated data (default: empty)
+* @returns CBOR-encoded `Sig_Structure` array ready for signing or verification
+*
+* @example
+* {@includeCode ../../test/cose/buildSigStructure.test.ts#example}
+*
+* @public
+*/
+function buildSigStructure(protectedBytes, payload, externalAad = new Uint8Array(0)) {
+	const totalLength = 2 + COSE_SIG1_CONTEXT_BYTES.length + byteStringHeaderSize(protectedBytes.length) + protectedBytes.length + byteStringHeaderSize(externalAad.length) + externalAad.length + byteStringHeaderSize(payload.length) + payload.length;
+	const result = new Uint8Array(totalLength);
+	let offset = 0;
+	result[offset++] = CBOR_ARRAY_FOUR_ITEMS;
+	result[offset++] = CBOR_TEXT_MAJOR_TYPE_BASE + COSE_SIG1_CONTEXT_BYTES.length;
+	result.set(COSE_SIG1_CONTEXT_BYTES, offset);
+	offset += COSE_SIG1_CONTEXT_BYTES.length;
+	offset = writeByteStringHeader(result, offset, protectedBytes.length);
+	result.set(protectedBytes, offset);
+	offset += protectedBytes.length;
+	offset = writeByteStringHeader(result, offset, externalAad.length);
+	result.set(externalAad, offset);
+	offset += externalAad.length;
+	offset = writeByteStringHeader(result, offset, payload.length);
+	result.set(payload, offset);
+	return result;
+}
+//#endregion
+//#region src/cose/verifyCoseSign1.ts
+const DER_SEQUENCE_TAG = 48;
+const DER_INTEGER_TAG = 2;
+const CURVE_COMPONENT_BYTES = {
+	[CURVE_P256]: 32,
+	[CURVE_P384]: 48,
+	[CURVE_P521]: 66
+};
+const RSA_PSS_SALT_LENGTH = {
+	[HASH_SHA256]: 32,
+	[HASH_SHA384]: 48,
+	[HASH_SHA512]: 64
+};
+function getComponentSize(publicKey) {
+	const curve = publicKey.algorithm.namedCurve;
+	const size = CURVE_COMPONENT_BYTES[curve];
+	if (!size) throw new Error(`Unsupported EC curve: ${curve}`);
+	return size;
+}
+function isDerEncoded(signature, expectedRawLength) {
+	return signature.length !== expectedRawLength && signature.length > 2 && signature[0] === DER_SEQUENCE_TAG;
+}
+function parseDerLength(der, offset) {
+	if (offset >= der.length) throw new Error("DER signature: truncated length");
+	const firstByte = der[offset];
+	if ((firstByte & 128) === 0) return {
+		length: firstByte,
+		nextOffset: offset + 1
+	};
+	const numBytes = firstByte & 127;
+	if (numBytes === 0 || offset + numBytes >= der.length) throw new Error("DER signature: invalid long-form length");
+	let length = 0;
+	for (let i = 1; i <= numBytes; i++) length = length << 8 | der[offset + i];
+	return {
+		length,
+		nextOffset: offset + 1 + numBytes
+	};
+}
+function extractDerInteger(der, offset) {
+	if (der[offset] !== DER_INTEGER_TAG) throw new Error("DER signature: expected INTEGER tag");
+	const { length, nextOffset: valueStart } = parseDerLength(der, offset + 1);
+	let start = valueStart;
+	let remaining = length;
+	if (remaining > 0 && der[start] === 0) {
+		start++;
+		remaining--;
+	}
+	return {
+		value: der.slice(start, start + remaining),
+		nextOffset: valueStart + length
+	};
+}
+function derToRawEcdsaSignature(der, componentSize) {
+	if (der[0] !== DER_SEQUENCE_TAG) throw new Error("DER signature: expected SEQUENCE tag");
+	const { nextOffset: contentStart } = parseDerLength(der, 1);
+	const rResult = extractDerInteger(der, contentStart);
+	const sResult = extractDerInteger(der, rResult.nextOffset);
+	const rawLength = componentSize * 2;
+	const raw = new Uint8Array(rawLength);
+	raw.set(rResult.value, componentSize - rResult.value.length);
+	raw.set(sResult.value, rawLength - sResult.value.length);
+	return raw;
+}
+function resolveVerifyAlgorithm(publicKey) {
+	const { name } = publicKey.algorithm;
+	if (name === ED25519_ALGORITHM) return { name: ED25519_ALGORITHM };
+	if (name === ECDSA_ALGORITHM) {
+		const curve = publicKey.algorithm.namedCurve;
+		return {
+			name: ECDSA_ALGORITHM,
+			hash: { name: curve === CURVE_P384 ? HASH_SHA384 : curve === CURVE_P521 ? HASH_SHA512 : HASH_SHA256 }
+		};
+	}
+	if (name === RSA_PSS_ALGORITHM) return {
+		name: RSA_PSS_ALGORITHM,
+		saltLength: RSA_PSS_SALT_LENGTH[publicKey.algorithm.hash.name] ?? 32
+	};
+	throw new Error(`Unsupported public key algorithm: ${name}`);
+}
+function normalizeSignature(signature, publicKey) {
+	if (publicKey.algorithm.name !== ECDSA_ALGORITHM) return signature;
+	const componentSize = getComponentSize(publicKey);
+	if (isDerEncoded(signature, componentSize * 2)) return derToRawEcdsaSignature(signature, componentSize);
+	return signature;
+}
+/**
+* Verifies a `COSE_Sign1` signature using a provided `CryptoKey` (RFC 9052 §4.4).
+*
+* Builds the `Sig_Structure` from the protected header and payload, normalizes
+* DER-encoded ECDSA signatures to raw format if needed, and delegates
+* verification to the WebCrypto API.
+*
+* Supports `ECDSA` (P-256, P-384, P-521), `Ed25519`, and `RSA-PSS` (PS256, PS384, PS512) keys.
+*
+* @param coseSign1 - Decoded COSE_Sign1 structure (from {@link decodeCoseSign1})
+* @param payload - Payload bytes to verify. May differ from `coseSign1.payload` for detached payloads.
+* @param publicKey - Imported public key for verification
+* @returns `true` if the signature is valid
+* @throws If the key algorithm is not supported
+*
+* @example
+* {@includeCode ../../test/cose/verifyCoseSign1.test.ts#example}
+*
+* @public
+*/
+async function verifyCoseSign1(coseSign1, payload, publicKey) {
+	const sigStructure = buildSigStructure(coseSign1.protectedBytes, payload);
+	const algorithm = resolveVerifyAlgorithm(publicKey);
+	const signature = normalizeSignature(coseSign1.signature, publicKey);
+	return crypto.subtle.verify(algorithm, publicKey, signature, sigStructure);
+}
+//#endregion
+//#region src/x509/extractCertificateSpki.ts
+/**
+* Extracts the SubjectPublicKeyInfo (SPKI) DER bytes from an X.509 DER certificate.
+*
+* Navigates the TBSCertificate structure to reach the 7th field
+* (SubjectPublicKeyInfo), skipping version, serialNumber, signatureAlgorithm,
+* issuer, validity, and subject.
+*
+* The returned bytes can be imported directly via
+* `crypto.subtle.importKey('spki', ...)`.
+*
+* @param certDER - DER-encoded X.509 certificate bytes
+* @returns Full DER encoding of the SubjectPublicKeyInfo, or `null` on parse failure
+*
+* @internal
+*/
+function extractCertificateSpki(certDER) {
+	try {
+		const cert = readElement(certDER, 0);
+		if (!cert || cert.tag !== ASN1_TAG_SEQUENCE) return null;
+		const tbs = readElement(cert.value, 0);
+		if (!tbs || tbs.tag !== ASN1_TAG_SEQUENCE) return null;
+		let offset = 0;
+		let el = readElement(tbs.value, offset);
+		if (!el) return null;
+		if (el.tag === ASN1_TAG_CONTEXT_0) {
+			offset += el.totalSize;
+			el = readElement(tbs.value, offset);
+			if (!el) return null;
+		}
+		if (el.tag !== ASN1_TAG_INTEGER) return null;
+		offset += el.totalSize;
+		el = readElement(tbs.value, offset);
+		if (!el || el.tag !== ASN1_TAG_SEQUENCE) return null;
+		offset += el.totalSize;
+		el = readElement(tbs.value, offset);
+		if (!el || el.tag !== ASN1_TAG_SEQUENCE) return null;
+		offset += el.totalSize;
+		el = readElement(tbs.value, offset);
+		if (!el || el.tag !== ASN1_TAG_SEQUENCE) return null;
+		offset += el.totalSize;
+		el = readElement(tbs.value, offset);
+		if (!el || el.tag !== ASN1_TAG_SEQUENCE) return null;
+		offset += el.totalSize;
+		return readElementRaw(tbs.value, offset);
+	} catch {
+		return null;
+	}
+}
+//#endregion
+//#region src/x509/normalizeRsaPssSpki.ts
+const OID_RSASSA_PSS = new Uint8Array([
+	6,
+	9,
+	42,
+	134,
+	72,
+	134,
+	247,
+	13,
+	1,
+	1,
+	10
+]);
+const RSA_ENCRYPTION_ALGORITHM_ID = new Uint8Array([
+	48,
+	13,
+	6,
+	9,
+	42,
+	134,
+	72,
+	134,
+	247,
+	13,
+	1,
+	1,
+	1,
+	5,
+	0
+]);
+function containsRsaPssOid(bytes) {
+	if (bytes.length < OID_RSASSA_PSS.length) return false;
+	outer: for (let i = 0; i <= bytes.length - OID_RSASSA_PSS.length; i++) {
+		for (let j = 0; j < OID_RSASSA_PSS.length; j++) if (bytes[i + j] !== OID_RSASSA_PSS[j]) continue outer;
+		return true;
+	}
+	return false;
+}
+/**
+* Normalizes an SPKI that uses the `rsassaPss` OID (1.2.840.113549.1.1.10) to
+* use the generic `rsaEncryption` OID (1.2.840.113549.1.1.1) instead.
+*
+* WebCrypto's `importKey('spki', ...)` with `{ name: 'RSA-PSS' }` expects the
+* SPKI to use the generic `rsaEncryption` OID. Certificates signed with
+* RSASSA-PSS often embed the PSS-specific OID and parameters, which causes
+* `DataError` on import.
+*
+* If the SPKI does not use `rsassaPss`, it is returned unchanged.
+*
+* @internal
+*/
+function normalizeRsaPssSpki(spkiBytes) {
+	if (!containsRsaPssOid(spkiBytes)) return spkiBytes;
+	const outer = readElement(spkiBytes, 0);
+	if (!outer || outer.tag !== ASN1_TAG_SEQUENCE) return spkiBytes;
+	const algId = readElement(outer.value, 0);
+	if (!algId || algId.tag !== ASN1_TAG_SEQUENCE) return spkiBytes;
+	const publicKeyBitString = outer.value.subarray(algId.totalSize);
+	const innerLength = RSA_ENCRYPTION_ALGORITHM_ID.length + publicKeyBitString.length;
+	const headerBytes = encodeDerLength(innerLength);
+	const result = new Uint8Array(1 + headerBytes.length + innerLength);
+	let offset = 0;
+	result[offset++] = ASN1_TAG_SEQUENCE;
+	result.set(headerBytes, offset);
+	offset += headerBytes.length;
+	result.set(RSA_ENCRYPTION_ALGORITHM_ID, offset);
+	offset += RSA_ENCRYPTION_ALGORITHM_ID.length;
+	result.set(publicKeyBitString, offset);
+	return result;
+}
+function encodeDerLength(length) {
+	if (length < 128) return new Uint8Array([length]);
+	if (length <= 255) return new Uint8Array([129, length]);
+	if (length <= 65535) return new Uint8Array([
+		130,
+		length >> 8 & 255,
+		length & 255
+	]);
+	return new Uint8Array([
+		131,
+		length >> 16 & 255,
+		length >> 8 & 255,
+		length & 255
+	]);
+}
+//#endregion
+//#region src/claim/verifyClaimSignature.ts
+/**
+* Verifies the claim signature of a C2PA manifest per §15.7.
+*
+* The `c2pa.signature` JUMBF box contains a `COSE_Sign1` structure whose payload
+* is the claim CBOR bytes. This function verifies the signature against the
+* public key extracted from the end-entity certificate in the `x5chain` header.
+*
+* @param signatureBytes - Raw COSE_Sign1 bytes from the `c2pa.signature` box
+* @param claimCborBytes - Raw CBOR bytes of the claim content box
+* @param certificateDER - DER-encoded end-entity X.509 certificate
+* @returns `true` if the signature is valid
+*
+* @internal
+*/
+async function verifyClaimSignature(signatureBytes, claimCborBytes, certificateDER) {
+	try {
+		const coseSign1 = decodeCoseSign1(signatureBytes);
+		const rawSpki = extractCertificateSpki(certificateDER);
+		if (!rawSpki) return false;
+		const spkiBytes = normalizeRsaPssSpki(rawSpki);
+		if (coseSign1.alg == null) return false;
+		const importAlgorithm = resolveAlgorithmFromCoseAlg(coseSign1.alg);
+		return verifyCoseSign1(coseSign1, claimCborBytes, await crypto.subtle.importKey("spki", new Uint8Array(spkiBytes), importAlgorithm, true, ["verify"]));
+	} catch {
+		return false;
+	}
+}
+//#endregion
+//#region src/claim/validateManifestIntegrity.ts
+/**
+* Validates the integrity of a C2PA manifest per Chapter 15 and Chapter 18.
+*
+* Runs four validation checks in parallel where possible:
+* 1. Assertion hash verification (§15.10.3.1)
+* 2. Missing assertion detection (§15.10.3.1)
+* 3. Action ingredient validation (§18.15.4.7)
+* 4. Claim signature verification (§15.7)
+*
+* @param internal - Enriched manifest data with raw assertion bytes and claim references
+* @param certificateDER - DER-encoded end-entity certificate, or `null` to skip signature check
+* @returns Array of C2PA status codes for any failures found (empty if all pass)
+*
+* @internal
+*/
+async function validateManifestIntegrity(internal, certificateDER) {
+	const { signatureBytes, claimCborBytes } = internal;
+	const [assertionHashCodes, signatureValid] = await Promise.all([validateAssertionHashes(internal.claimAssertionRefs, internal.assertions), signatureBytes && claimCborBytes && certificateDER ? verifyClaimSignature(signatureBytes, claimCborBytes, certificateDER) : Promise.resolve(true)]);
+	const actionCodes = validateActionIngredients(internal.assertions);
+	const codes = [...assertionHashCodes, ...actionCodes];
+	if (!signatureValid) codes.push(C2paStatusCode.CLAIM_SIGNATURE_MISMATCH);
+	return codes;
+}
+//#endregion
+//#region src/cose/convertCoseKeyToJwk.ts
+const OKP_KEY_TYPE = 1;
+const EC2_KEY_TYPE = 2;
+const EC_CURVE_NAMES = {
+	1: "P-256",
+	2: "P-384",
+	3: "P-521"
+};
+const OKP_CURVE_NAMES = {
+	4: "X25519",
+	5: "X448",
+	6: "Ed25519",
+	7: "Ed448"
+};
+function coseGet(key, intKey) {
+	if (key instanceof Map) return key.get(intKey);
+	return key[intKey];
+}
+function toBase64Url(value) {
+	const bytes = value instanceof Uint8Array ? value : new Uint8Array(value);
+	let binary = "";
+	for (const byte of bytes) binary += String.fromCharCode(byte);
+	return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+/**
+* Converts a COSE public key (RFC 9052 / IANA COSE Key registry) to JWK format.
+*
+* Supports EC2 keys (P-256, P-384, P-521) and OKP keys (Ed25519, Ed448, X25519, X448).
+* Input may be a `Map\<number, unknown\>` (from CBOR decoders like cbor-x) or a plain
+* object with integer keys.
+*
+* @param coseKey - COSE key structure as decoded from a C2PA `c2pa.session-keys` assertion
+* @returns JWK representation of the public key
+* @throws If the key type or curve is not supported
+*
+* @example
+* {@includeCode ../../test/cose/convertCoseKeyToJwk.test.ts#example}
+*
+* @public
+*/
+function convertCoseKeyToJwk(coseKey) {
+	const key = coseKey;
+	const kty = coseGet(key, 1);
+	const crv = coseGet(key, -1);
+	const x = coseGet(key, -2);
+	if (kty === EC2_KEY_TYPE) {
+		const curveName = EC_CURVE_NAMES[crv];
+		if (!curveName) throw new Error(`Unsupported EC curve: ${crv}`);
+		const y = coseGet(key, -3);
+		if (!(x instanceof Uint8Array)) throw new Error("EC2 key missing or invalid x coordinate");
+		if (!(y instanceof Uint8Array)) throw new Error("EC2 key missing or invalid y coordinate");
+		return {
+			kty: "EC",
+			crv: curveName,
+			x: toBase64Url(x),
+			y: toBase64Url(y)
+		};
+	}
+	if (kty === OKP_KEY_TYPE) {
+		const curveName = OKP_CURVE_NAMES[crv];
+		if (!curveName) throw new Error(`Unsupported OKP curve: ${crv}`);
+		return {
+			kty: "OKP",
+			crv: curveName,
+			x: toBase64Url(x)
+		};
+	}
+	throw new Error(`Unsupported COSE key type: ${kty}`);
+}
+//#endregion
+//#region src/cose/resolveImportAlgorithm.ts
+const KEY_TYPE_OKP = "OKP";
+function resolveImportAlgorithm(jwk) {
+	return jwk.kty === KEY_TYPE_OKP ? { name: jwk.crv } : {
+		name: ECDSA_ALGORITHM,
+		namedCurve: jwk.crv
+	};
+}
+//#endregion
+//#region src/cose/verifySignerBinding.ts
+/**
+* Verifies a C2PA signer binding — a `COSE_Sign1` structure that proves
+* a session key was authorized by the content signer (C2PA spec §18.25.2).
+*
+* The `Sig_Structure` payload is `CBOR(bstr(signerCertBytes))` per the C2PA spec.
+* DER-encoded ECDSA signatures are automatically normalized to raw format.
+*
+* @param signerBindingBytes - Raw `COSE_Sign1` bytes of the signer binding
+* @param sessionCoseKey - COSE public key from the `c2pa.session-keys` assertion
+* @param signerCertBytes - DER-encoded end-entity certificate (from `x5chain`)
+* @returns `true` if the signer binding signature is valid
+* @throws If the COSE key type is not supported or decoding fails
+*
+* @example
+* {@includeCode ../../test/cose/verifySignerBinding.test.ts#example}
+*
+* @public
+*/
+async function verifySignerBinding(signerBindingBytes, sessionCoseKey, signerCertBytes) {
+	const coseSign1 = decodeCoseSign1(signerBindingBytes);
+	const jwk = convertCoseKeyToJwk(sessionCoseKey);
+	const publicKey = await crypto.subtle.importKey("jwk", jwk, resolveImportAlgorithm(jwk), false, ["verify"]);
+	return verifyCoseSign1(coseSign1, encode(signerCertBytes), publicKey);
+}
+//#endregion
+//#region src/init/validateC2paInitSegment.ts
+const BMFF_HASH_ASSERTION_LABEL$1 = "c2pa.hash.bmff.v3";
+const SESSION_KEYS_ASSERTION_LABEL = "c2pa.session-keys";
+const COSE_KEY_ID_LABEL = 2;
+const CBOR_TAGGED_KEY = "@@TAGGED@@";
+function extractCborTaggedValue(value) {
+	if (typeof value !== "object" || value === null) return null;
+	const obj = value;
+	if (typeof obj["tag"] === "number" && "value" in obj) return obj["value"];
+	const tagged = obj[CBOR_TAGGED_KEY];
+	if (Array.isArray(tagged) && tagged.length === 2) return tagged[1];
+	return null;
+}
+function normalizeToUint8Array(value) {
+	if (value instanceof Uint8Array) return value;
+	if (Array.isArray(value)) return new Uint8Array(value);
+	if (extractCborTaggedValue(value) !== null) return encode(value);
+	throw new Error("Cannot convert value to Uint8Array");
+}
+function ensureDecodedCbor(value) {
+	if (value instanceof Uint8Array) return decode(value);
+	if (Array.isArray(value) && value.length > 0 && typeof value[0] === "number") return decode(new Uint8Array(value));
+	return value;
+}
+function parseCreatedAt(value) {
+	const resolved = extractCborTaggedValue(value) ?? value;
+	if (typeof resolved === "string") return resolved;
+	if (resolved instanceof Date) return resolved.toISOString();
+	return null;
+}
+function extractKidHex(keyData, coseKey) {
+	const kid = keyData["kid"];
+	if (kid instanceof Uint8Array) return bytesToHex(kid);
+	if (typeof kid === "string") return kid;
+	if (Array.isArray(kid) && kid.length > 0) return bytesToHex(new Uint8Array(kid));
+	const coseKeyLike = coseKey;
+	const coseKid = coseKeyLike instanceof Map ? coseKeyLike.get(COSE_KEY_ID_LABEL) : coseKeyLike[COSE_KEY_ID_LABEL];
+	if (coseKid instanceof Uint8Array) return bytesToHex(coseKid);
+	if (Array.isArray(coseKid) && coseKid.length > 0) return bytesToHex(new Uint8Array(coseKid));
+	return null;
+}
+function extractKeyArray(data) {
+	if (Array.isArray(data)) return data;
+	if (typeof data === "object" && data !== null) {
+		const obj = data;
+		const keys = obj["keys"] ?? obj["sessionKeys"];
+		if (Array.isArray(keys)) return keys;
+		if (typeof keys === "object" && keys !== null) {
+			const nested = keys["keys"];
+			if (Array.isArray(nested)) return nested;
+		}
+	}
+	return [];
+}
+async function validateBmffHashAssertion(bytes, assertion) {
+	if (!assertion) return true;
+	const data = assertion.data;
+	const rawHash = data["hash"] ?? data["value"];
+	if (!rawHash) return true;
+	const expectedHash = rawHash instanceof Uint8Array ? rawHash : new Uint8Array(rawHash);
+	const alg = normalizeAlgorithmName(data["alg"]);
+	return validateBmffHash(bytes, expectedHash, {
+		exclusions: data["exclusions"] ?? [],
+		alg
+	});
+}
+function extractSessionKeyFields(entry) {
+	const keyData = entry;
+	const minSequenceNumber = keyData["minSequenceNumber"];
+	const validityPeriod = keyData["validityPeriod"];
+	const createdAt = parseCreatedAt(keyData["createdAt"]);
+	if (minSequenceNumber == null || validityPeriod == null || !createdAt) return null;
+	if (/* @__PURE__ */ new Date() < new Date(createdAt) || isKeyExpired(createdAt, Number(validityPeriod))) return null;
+	const coseKey = ensureDecodedCbor(keyData["key"]);
+	const kid = extractKidHex(keyData, coseKey);
+	if (!kid) return null;
+	const signerBindingRaw = keyData["signerBinding"];
+	if (!signerBindingRaw) return null;
+	try {
+		return {
+			minSequenceNumber: Number(minSequenceNumber),
+			validityPeriod: Number(validityPeriod),
+			createdAt,
+			kid,
+			coseKey,
+			signerBindingBytes: normalizeToUint8Array(signerBindingRaw)
+		};
+	} catch {
+		return null;
+	}
+}
+async function verifyAndConvertKey(fields, certificate) {
+	if (!await verifySignerBinding(fields.signerBindingBytes, fields.coseKey, certificate)) return null;
+	try {
+		const jwk = convertCoseKeyToJwk(fields.coseKey);
+		return {
+			kid: fields.kid,
+			jwk,
+			minSequenceNumber: fields.minSequenceNumber,
+			validityPeriod: fields.validityPeriod,
+			createdAt: fields.createdAt
+		};
+	} catch {
+		return null;
+	}
+}
+async function validateSingleSessionKey(entry, certificate) {
+	const fields = extractSessionKeyFields(entry);
+	if (!fields) return null;
+	return verifyAndConvertKey(fields, certificate);
+}
+async function validateSessionKeys(assertion, certificate) {
+	const keyEntries = extractKeyArray(ensureDecodedCbor(assertion.data));
+	return (await Promise.all(keyEntries.map((entry) => validateSingleSessionKey(entry, certificate)))).filter((key) => key !== null);
+}
+/**
+* Validates a C2PA init segment: parses the manifest, extracts and verifies
+* the certificate, validates the BMFF hard binding hash, verifies all
+* session keys from the `c2pa.session-keys` assertion, and performs
+* manifest integrity checks (assertion hashes, missing assertions,
+* action ingredients, and claim signature verification).
+*
+* Only session keys with a valid signer binding and an unexpired validity period
+* are included in the result.
+*
+* @param bytes - Raw init segment bytes
+* @returns Structured validation result (with `INIT_INVALID` error code if `mdat` box is present)
+* @throws If no C2PA UUID box is found
+*
+* @example
+* {@includeCode ../../test/init/validateC2paInitSegment.test.ts#example}
+*
+* @public
+*/
+async function validateC2paInitSegment(bytes) {
+	const boxes = readIsoBoxes(bytes);
+	if (findIsoBox(boxes, (box) => box.type === "mdat")) return {
+		manifest: null,
+		certificate: null,
+		manifestId: null,
+		sessionKeys: [],
+		isValid: false,
+		errorCodes: [LiveVideoStatusCode.INIT_INVALID]
+	};
+	const internalData = readC2paManifest(bytes, boxes);
+	const { manifest } = internalData;
+	const certificate = internalData.signatureBytes ? extractCertificateFromSignatureBytes(internalData.signatureBytes) : null;
+	const bmffHashValid = await validateBmffHashAssertion(bytes, manifest.assertions.find((a) => a.label === BMFF_HASH_ASSERTION_LABEL$1) ?? null);
+	const sessionKeysAssertion = manifest.assertions.find((a) => a.label === SESSION_KEYS_ASSERTION_LABEL);
+	const sessionKeys = sessionKeysAssertion && certificate ? await validateSessionKeys(sessionKeysAssertion, certificate) : [];
+	const integrityCodes = await validateManifestIntegrity(internalData, certificate);
+	const codes = /* @__PURE__ */ new Set();
+	if (!bmffHashValid) codes.add(LiveVideoStatusCode.INIT_INVALID);
+	if (sessionKeys.length === 0) codes.add(LiveVideoStatusCode.SESSIONKEY_INVALID);
+	for (const code of integrityCodes) codes.add(code);
+	const errorCodes = [...codes];
+	return {
+		manifest,
+		certificate,
+		manifestId: manifest.instanceId,
+		sessionKeys,
+		isValid: errorCodes.length === 0,
+		errorCodes
+	};
+}
+//#endregion
+//#region src/emsg/extractVsiEmsgBox.ts
+const EMSG_BOX_TYPE = "emsg";
+const VSI_SCHEME_URI = "urn:c2pa:verifiable-segment-info";
+const EMSG_READER_CONFIG = { readers: { emsg: readEmsg } };
+/**
+* Finds and parses the first C2PA Verifiable Segment Info (VSI) EMSG box
+* in a DASH segment, identified by scheme URI `urn:c2pa:verifiable-segment-info`.
+*
+* @param segmentBytes - Raw DASH segment bytes
+* @returns The parsed VSI EMSG box, or `null` if not found
+*
+* @example
+* {@includeCode ../../test/emsg/extractVsiEmsgBox.test.ts#example}
+*
+* @internal
+*/
+function extractVsiEmsgBox(segmentBytes) {
+	for (const box of readIsoBoxes(segmentBytes, EMSG_READER_CONFIG)) {
+		if (box.type !== EMSG_BOX_TYPE) continue;
+		const emsg = box;
+		if (emsg.schemeIdUri === VSI_SCHEME_URI) return emsg;
+	}
+	return null;
+}
+//#endregion
+//#region src/vsi/decodeVsiMap.ts
+/**
+* Decodes a C2PA Verifiable Segment Info (VSI) CBOR map from raw bytes.
+*
+* Normalizes hash algorithm names to WebCrypto format (e.g. `sha256` → `SHA-256`).
+*
+* @param vsiCborBytes - Raw CBOR-encoded VSI map bytes from the EMSG `messageData`
+* @returns The decoded VSI map
+* @throws If the bytes are not a valid VSI CBOR map
+*
+* @example
+* {@includeCode ../../test/vsi/decodeVsiMap.test.ts#example}
+*
+* @internal
+*/
+function decodeVsiMap(vsiCborBytes) {
+	const raw = decode(vsiCborBytes);
+	if (typeof raw !== "object" || raw === null) throw new Error("VSI map must be a CBOR map");
+	const sequenceNumber = raw["sequenceNumber"];
+	if (typeof sequenceNumber !== "number") throw new Error("VSI map missing or invalid sequenceNumber");
+	const bmffHashRaw = raw["bmffHash"];
+	if (!bmffHashRaw || typeof bmffHashRaw !== "object") throw new Error("VSI map missing bmffHash");
+	const hash = bmffHashRaw["hash"];
+	if (!(hash instanceof Uint8Array)) throw new Error("VSI map bmffHash.hash must be a Uint8Array");
+	const exclusions = bmffHashRaw["exclusions"];
+	if (exclusions !== void 0 && !Array.isArray(exclusions)) throw new Error("VSI map bmffHash.exclusions must be an array");
+	const manifestId = raw["manifestId"];
+	if (typeof manifestId !== "string") throw new Error("VSI map missing or invalid manifestId");
+	return {
+		sequenceNumber,
+		bmffHash: {
+			hash,
+			alg: normalizeAlgorithmName(bmffHashRaw["alg"]),
+			exclusions: exclusions ?? []
+		},
+		manifestId
+	};
+}
+//#endregion
+//#region src/vsi/createSequenceState.ts
+/**
+* Creates the initial (empty) sequence state for a new stream.
+*
+* @returns A {@link SequenceState} with no history
+*
+* @example
+* {@includeCode ../../test/vsi/validateSequenceNumber.test.ts#example}
+*
+* @internal
+*/
+function createSequenceState() {
+	return {
+		lastSequenceNumber: null,
+		seenSequences: /* @__PURE__ */ new Set()
+	};
+}
+//#endregion
+//#region src/vsi/SequenceState.ts
+/**
+* Reason codes for sequence number validation outcomes.
+*
+* @see {@link SequenceValidationResult}
+*
+* @enum
+*
+* @public
+*/
+const SequenceValidationReason = {
+	VALID: "valid",
+	DUPLICATE: "duplicate",
+	GAP_DETECTED: "gap_detected",
+	OUT_OF_ORDER: "out_of_order",
+	SEQUENCE_NUMBER_BELOW_MINIMUM: "sequence_number_below_minimum"
+};
+//#endregion
+//#region src/vsi/validateSequenceNumber.ts
+const SEEN_SEQUENCES_WINDOW_SIZE = 32;
+function pruneSeenSequences(seen, lastSequenceNumber) {
+	if (seen.size <= SEEN_SEQUENCES_WINDOW_SIZE) return seen;
+	const threshold = lastSequenceNumber - SEEN_SEQUENCES_WINDOW_SIZE;
+	const pruned = /* @__PURE__ */ new Set();
+	for (const seq of seen) if (seq >= threshold) pruned.add(seq);
+	return pruned;
+}
+/**
+* Validates a segment's sequence number against the current stream state
+* per C2PA Live Streaming Specification §18.4.
+*
+* This function is **pure and stateless** — it returns both the validation
+* result and the next state. The caller is responsible for persisting
+* `nextState` between calls.
+*
+* Detects: `duplicate`, `out_of_order`, `gap_detected`, and
+* `sequence_number_below_minimum`.
+*
+* Internally uses a sliding window of the last 32 sequence numbers
+* to bound memory usage during long-running streams.
+*
+* @param state - Current stream state (from {@link createSequenceState} or previous `nextState`)
+* @param sequenceNumber - Sequence number from the segment's VSI map
+* @param minSequenceNumber - Minimum accepted sequence number (from the session key, default 0)
+* @returns Validation result and the updated state to persist
+*
+* @example
+* {@includeCode ../../test/vsi/validateSequenceNumber.test.ts#example}
+*
+* @internal
+*/
+function validateSequenceNumber(state, sequenceNumber, minSequenceNumber) {
+	if (sequenceNumber < minSequenceNumber) return {
+		result: {
+			isValid: false,
+			reason: SequenceValidationReason.SEQUENCE_NUMBER_BELOW_MINIMUM
+		},
+		nextState: state
+	};
+	if (state.seenSequences.has(sequenceNumber)) return {
+		result: {
+			isValid: false,
+			reason: SequenceValidationReason.DUPLICATE
+		},
+		nextState: state
+	};
+	const nextSeenSequences = new Set(state.seenSequences);
+	nextSeenSequences.add(sequenceNumber);
+	if (state.lastSequenceNumber !== null && sequenceNumber < state.lastSequenceNumber) return {
+		result: {
+			isValid: false,
+			reason: SequenceValidationReason.OUT_OF_ORDER
+		},
+		nextState: {
+			lastSequenceNumber: state.lastSequenceNumber,
+			seenSequences: pruneSeenSequences(nextSeenSequences, state.lastSequenceNumber)
+		}
+	};
+	if (state.lastSequenceNumber !== null && sequenceNumber > state.lastSequenceNumber + 1) {
+		const missingFrom = state.lastSequenceNumber + 1;
+		const missingTo = sequenceNumber - 1;
+		return {
+			result: {
+				isValid: false,
+				reason: SequenceValidationReason.GAP_DETECTED,
+				missingFrom,
+				missingTo
+			},
+			nextState: {
+				lastSequenceNumber: sequenceNumber,
+				seenSequences: pruneSeenSequences(nextSeenSequences, sequenceNumber)
+			}
+		};
+	}
+	return {
+		result: {
+			isValid: true,
+			reason: SequenceValidationReason.VALID
+		},
+		nextState: {
+			lastSequenceNumber: sequenceNumber,
+			seenSequences: pruneSeenSequences(nextSeenSequences, sequenceNumber)
+		}
+	};
+}
+//#endregion
+//#region src/segment/validateC2paSegment.ts
+function findSessionKey(sessionKeys, kidHex) {
+	if (!kidHex || sessionKeys.length === 0) return null;
+	return sessionKeys.find((k) => k.kid === kidHex) ?? null;
+}
+/**
+* Validates a C2PA live stream segment using the VSI/EMSG method (§19.7.3).
+*
+* Extracts the EMSG box, decodes the COSE_Sign1 and VSI map, matches the
+* session key by kid, then performs all cryptographic checks: signature
+* verification, BMFF content hash, sequence number floor, and key validity.
+*
+* Returns `null` if the segment does not contain a C2PA EMSG box.
+*
+* @param segmentBytes - Raw segment bytes
+* @param sessionKeys - Available session keys from the init segment
+* @param sequenceState - Current sequence state for this stream
+* @returns Validation result and updated sequence state, or `null` if no C2PA EMSG box
+*
+* @example
+* {@includeCode ../../test/segment/validateC2paSegment.test.ts#example}
+*
+* @public
+*/
+async function validateC2paSegment(segmentBytes, sessionKeys, sequenceState = createSequenceState()) {
+	const emsgBox = extractVsiEmsgBox(segmentBytes);
+	if (!emsgBox) return null;
+	const coseSign1 = decodeCoseSign1(emsgBox.messageData);
+	const { payload } = coseSign1;
+	if (!payload) throw new Error("COSE_Sign1 payload is empty — cannot decode VSI map");
+	const vsi = decodeVsiMap(payload);
+	const kidHex = coseSign1.kid ? bytesToHex(coseSign1.kid) : null;
+	const sessionKey = findSessionKey(sessionKeys, kidHex);
+	const bmffHashHex = bytesToHex(vsi.bmffHash.hash);
+	const minSequenceNumber = sessionKey?.minSequenceNumber ?? 0;
+	const { result: sequenceResult, nextState: nextSequenceState } = validateSequenceNumber(sequenceState, vsi.sequenceNumber, minSequenceNumber);
+	const baseFields = {
+		sequenceNumber: vsi.sequenceNumber,
+		manifestId: vsi.manifestId,
+		bmffHashHex,
+		kidHex,
+		sequenceResult
+	};
+	if (!sessionKey) return {
+		result: {
+			...baseFields,
+			isValid: false,
+			errorCodes: [LiveVideoStatusCode.SEGMENT_INVALID]
+		},
+		nextSequenceState
+	};
+	const algorithm = resolveImportAlgorithm(sessionKey.jwk);
+	const publicKey = await crypto.subtle.importKey("jwk", sessionKey.jwk, algorithm, false, ["verify"]);
+	const [signatureValid, hashValid] = await Promise.all([verifyCoseSign1(coseSign1, payload, publicKey), validateBmffHash(segmentBytes, vsi.bmffHash.hash, {
+		exclusions: vsi.bmffHash.exclusions,
+		alg: vsi.bmffHash.alg
+	})]);
+	const sequenceAboveMin = vsi.sequenceNumber >= sessionKey.minSequenceNumber;
+	const keyExpired = isKeyExpired(sessionKey.createdAt, sessionKey.validityPeriod);
+	const codes = /* @__PURE__ */ new Set();
+	if (!signatureValid || !hashValid || !sequenceAboveMin) codes.add(LiveVideoStatusCode.SEGMENT_INVALID);
+	if (!sequenceResult.isValid) codes.add(LiveVideoStatusCode.ASSERTION_INVALID);
+	if (keyExpired) codes.add(LiveVideoStatusCode.SESSIONKEY_INVALID);
+	const errorCodes = [...codes];
+	return {
+		result: {
+			...baseFields,
+			isValid: errorCodes.length === 0,
+			errorCodes
+		},
+		nextSequenceState
+	};
+}
+//#endregion
+//#region src/manifestbox/validateC2paManifestBoxSegment.ts
+const LIVE_VIDEO_ASSERTION_LABEL = "c2pa.livevideo.segment";
+const BMFF_HASH_ASSERTION_LABEL = "c2pa.hash.bmff.v3";
+const MANIFEST_ID_PREFIX_PATTERN = /^(xmp:iid:|urn:uuid:)/i;
+const CONTINUITY_METHOD_MANIFEST_ID = "c2pa.manifestId";
+const SUPPORTED_CONTINUITY_METHODS = new Set([CONTINUITY_METHOD_MANIFEST_ID]);
+function normalizeManifestId(id) {
+	if (!id) return null;
+	return id.replace(MANIFEST_ID_PREFIX_PATTERN, "").toLowerCase();
+}
+function extractAssertionData(data) {
+	if (data !== null && typeof data === "object" && !Array.isArray(data)) return data;
+	return null;
+}
+function toUint8Array(value) {
+	if (value instanceof Uint8Array) return value;
+	if (Array.isArray(value)) return new Uint8Array(value);
+	return null;
+}
+function parseLiveVideoAssertion(assertions) {
+	const assertion = assertions.find((a) => a.label === LIVE_VIDEO_ASSERTION_LABEL);
+	if (!assertion) return null;
+	const data = extractAssertionData(assertion.data);
+	const rawSeq = data?.["sequenceNumber"];
+	const rawPrev = data?.["previousManifestId"];
+	const rawStreamId = data?.["streamId"];
+	const rawContinuity = data?.["continuityMethod"];
+	return {
+		sequenceNumber: typeof rawSeq === "number" ? rawSeq : null,
+		previousManifestId: typeof rawPrev === "string" ? rawPrev : null,
+		streamId: typeof rawStreamId === "string" ? rawStreamId : null,
+		continuityMethod: typeof rawContinuity === "string" ? rawContinuity : null
+	};
+}
+const EMPTY_BMFF_HASH = {
+	hashBytes: null,
+	hashHex: null,
+	exclusions: [],
+	alg: null
+};
+function parseConstraints(rawConstraints) {
+	if (!Array.isArray(rawConstraints)) return [];
+	const constraints = [];
+	for (const c of rawConstraints) {
+		if (!c || typeof c !== "object") continue;
+		const record = c;
+		if (typeof record["offset"] !== "number") continue;
+		const value = toUint8Array(record["value"]);
+		if (value) constraints.push({
+			offset: record["offset"],
+			value
+		});
+	}
+	return constraints;
+}
+function parseExclusions(rawExclusions) {
+	if (!Array.isArray(rawExclusions)) return [];
+	const exclusions = [];
+	for (const exc of rawExclusions) {
+		if (!exc || typeof exc !== "object") continue;
+		const record = exc;
+		if (typeof record["xpath"] !== "string") continue;
+		const constraints = parseConstraints(record["data"]);
+		exclusions.push(constraints.length > 0 ? {
+			xpath: record["xpath"],
+			data: constraints
+		} : { xpath: record["xpath"] });
+	}
+	return exclusions;
+}
+function parseBmffHashAssertion(assertions) {
+	const assertion = assertions.find((a) => a.label === BMFF_HASH_ASSERTION_LABEL);
+	if (!assertion) return EMPTY_BMFF_HASH;
+	const data = extractAssertionData(assertion.data);
+	if (!data) return EMPTY_BMFF_HASH;
+	const hashBytes = toUint8Array(data["hash"] ?? data["value"]);
+	return {
+		hashBytes,
+		hashHex: hashBytes ? bytesToHex(hashBytes) : null,
+		exclusions: parseExclusions(data["exclusions"]),
+		alg: typeof data["alg"] === "string" ? normalizeAlgorithmName(data["alg"]) : null
+	};
+}
+function parseManifest(bytes) {
+	try {
+		const { manifest } = readC2paManifest(bytes);
+		if (!manifest) return {
+			manifest: null,
+			issuer: null,
+			liveVideo: null,
+			bmff: EMPTY_BMFF_HASH
+		};
+		return {
+			manifest,
+			issuer: manifest.signatureInfo?.issuer ?? null,
+			liveVideo: parseLiveVideoAssertion(manifest.assertions),
+			bmff: parseBmffHashAssertion(manifest.assertions)
+		};
+	} catch {
+		return {
+			manifest: null,
+			issuer: null,
+			liveVideo: null,
+			bmff: EMPTY_BMFF_HASH
+		};
+	}
+}
+function collectErrorCodes(hasManifest, hasLiveVideo, streamIdValid, sequenceNumberValid, bmffHashMatches, continuityMethod, previousManifestId, lastManifestId) {
+	const codes = /* @__PURE__ */ new Set();
+	if (!hasManifest) codes.add(LiveVideoStatusCode.MANIFEST_INVALID);
+	if (!hasLiveVideo) codes.add(LiveVideoStatusCode.ASSERTION_INVALID);
+	if (!streamIdValid) codes.add(LiveVideoStatusCode.ASSERTION_INVALID);
+	if (!sequenceNumberValid) codes.add(LiveVideoStatusCode.ASSERTION_INVALID);
+	if (!bmffHashMatches) codes.add(LiveVideoStatusCode.SEGMENT_INVALID);
+	if (!continuityMethod) codes.add(LiveVideoStatusCode.CONTINUITY_METHOD_INVALID);
+	else if (!SUPPORTED_CONTINUITY_METHODS.has(continuityMethod)) codes.add(LiveVideoStatusCode.CONTINUITY_METHOD_INVALID);
+	else if (continuityMethod === CONTINUITY_METHOD_MANIFEST_ID) {
+		if (!previousManifestId) codes.add(LiveVideoStatusCode.CONTINUITY_METHOD_INVALID);
+		else if (lastManifestId && normalizeManifestId(previousManifestId) !== normalizeManifestId(lastManifestId)) codes.add(LiveVideoStatusCode.SEGMENT_INVALID);
+	}
+	return [...codes];
+}
+/**
+* Validates a C2PA manifest-box live stream segment.
+*
+* Parses the C2PA manifest embedded in the segment and validates per §19.7.1 and §19.7.2.
+* Recomputes the `c2pa.hash.bmff.v3` content hash from the raw segment bytes and compares
+* it against the expected hash in the manifest assertion. Checks live-video assertions
+* (sequenceNumber, streamId, continuityMethod) and manifest-ID chain continuity.
+*
+* This function is **pure** — it does not access any external state. The
+* caller is responsible for persisting `nextManifestId` and `nextState`
+* between calls.
+*
+* @param bytes - Raw segment bytes
+* @param lastManifestId - Manifest ID from the previous segment, or null for the first segment
+* @param state - Optional state from the previous segment for streamId/sequenceNumber checks
+* @returns Validation result, the manifest ID, and state to persist for the next call
+*
+* @example
+* {@includeCode ../../test/manifestbox/validateC2paManifestBoxSegment.test.ts#example}
+*
+* @public
+*/
+async function validateC2paManifestBoxSegment(bytes, lastManifestId, state) {
+	const { manifest, issuer, liveVideo, bmff } = parseManifest(bytes);
+	const sequenceNumber = liveVideo?.sequenceNumber ?? null;
+	const previousManifestId = liveVideo?.previousManifestId ?? null;
+	const streamId = liveVideo?.streamId ?? null;
+	const continuityMethod = liveVideo?.continuityMethod ?? null;
+	const streamIdValid = state?.lastStreamId == null || streamId === state.lastStreamId;
+	const sequenceNumberValid = state?.lastSequenceNumber == null || sequenceNumber !== null && sequenceNumber > state.lastSequenceNumber;
+	let bmffHashMatches = true;
+	if (bmff.hashBytes !== null) bmffHashMatches = await validateBmffHash(bytes, bmff.hashBytes, {
+		exclusions: bmff.exclusions,
+		alg: bmff.alg ?? void 0
+	});
+	const errorCodes = [...collectErrorCodes(manifest !== null, liveVideo !== null, streamIdValid, sequenceNumberValid, bmffHashMatches, continuityMethod, previousManifestId, lastManifestId)];
+	const currentManifestId = manifest?.instanceId ?? null;
+	return {
+		result: {
+			manifest: manifest ?? null,
+			issuer,
+			sequenceNumber,
+			previousManifestId,
+			streamId,
+			continuityMethod,
+			bmffHashHex: bmff.hashHex,
+			isValid: errorCodes.length === 0,
+			errorCodes
+		},
+		nextManifestId: currentManifestId ?? lastManifestId,
+		nextState: {
+			lastStreamId: streamId ?? state?.lastStreamId,
+			lastSequenceNumber: sequenceNumber ?? state?.lastSequenceNumber
+		}
+	};
+}
+//#endregion
+export { C2paStatusCode, LiveVideoStatusCode, SequenceValidationReason, validateC2paInitSegment, validateC2paManifestBoxSegment, validateC2paSegment };
+//# sourceMappingURL=index.js.map