@tenova/swt3-ai 0.5.3 → 0.5.5

package/README.md

@@ -13,6 +13,18 @@ Works with OpenAI, Anthropic, AWS Bedrock, Vercel AI SDK, and any OpenAI-compati
 
 GPAI transparency obligations are enforceable now. EU AI Act high-risk enforcement begins **December 2, 2027**. This SDK gives you the evidence chain.
 
+## What's New in v0.5.5
+
+- **Trust Mesh Hardened** -- 7 security layers: intra-tenant zero-trust, per-agent rate limiting, per-level freshness windows (SOVEREIGN requires 5-min anchors), verifiable boolean claims, deny list propagation with sentinel hooks. All opt-in, frictionless defaults unchanged.
+- **Key Attestation (AI-TRUST.3)** -- Bind signing keys to witness anchors. `generateKeyAttestation()` / `verifyKeyAttestation()`. Keys valid only while bound anchor is fresh. No certificate authority required.
+- **Challenge-Response Liveness** -- Prove live key possession via nonce-based challenges. `generateChallenge()` / `respondToChallenge()` / `verifyLivenessResponse()`. Defeats credential replay at ATTESTED/SOVEREIGN levels.
+- **4 New Adapters** -- Google ADK, CrewAI, A2A (Google Agent-to-Agent), Microsoft Foundry. 12 total integrations.
+- **Verify CLI** -- `swt3 verify --anchor <token>` recomputes fingerprint offline. Zero network calls.
+- **Bidirectional Framework Crosswalks** -- 222 mappings across 16 frameworks in machine-readable JSON.
+- **RFC 3161 Timestamps** -- Merkle rollups include RFC 3161 timestamp authority proof for legal non-repudiation.
+- **Microsoft Foundry Profile** -- Industry profile for Azure AI Foundry + AGT deployments.
+- **15 profiles**, 65 procedures, 41 namespaces, 12 integrations, 1,379 cross-language tests
+
 ## MCP Server -- Official Registry
 
 `@tenova/swt3-mcp` is listed on the official Model Context Protocol Registry as `io.tenova/swt3-witness`. Zero-config compliance governance for Claude Code, Cursor, Windsurf, and any MCP-compatible host.
@@ -79,6 +91,24 @@ trust_mesh:
 
 All verification is local. Zero cloud overhead. No data exchanged until both agents clear the trust gate. Unsigned agents are capped at TRUST_BASIC (level 1). Add signing keys for verified trust. Add hardware attestation for sovereign trust.
 
+## Offline Verification
+
+Verify any witness anchor without network calls. The fingerprint formula is deterministic and identical across all 6 SDK languages -- recompute it anywhere in microseconds.
+
+```typescript
+import { verifyAnchor } from "@tenova/swt3-ai";
+
+const result = verifyAnchor(anchor, {
+  tenantId: "MY_TENANT",
+  procedureId: "AI-INF.1",
+  factorA: 1, factorB: 1, factorC: 0,
+  timestampMs: 1773316622000,
+});
+// result.status: "CERTIFIED TRUTH" | "TAMPERED"
+```
+
+Zero vendor dependency. Zero network calls. Works air-gapped. The same formula runs in Python, TypeScript, Rust, C#, and Ruby with identical output for identical inputs.
+
 ## See It Work (No Account Needed)
 
 ```bash
@@ -487,7 +517,7 @@ Supports single files or chains (`extends: [base.yaml, team.yaml]`). Merge order
 
 ### Built-in Profiles
 
-Seven profiles ship with the SDK:
+14 profiles ship with the SDK -- 7 framework profiles and 7 industry verticals:
 
 | Profile | Use Case |
 |---------|----------|
@@ -498,6 +528,13 @@ Seven profiles ship with the SDK:
 | `mythos-defense` | Exploit chain containment: clearing 3, strict trust, depth 5 |
 | `granite-sovereign` | IBM Granite on-prem: air-gap ready, hardware attestation |
 | `minimal` | Development: clearing 0, no policy enforcement |
+| `fintech-model-risk` | SR 11-7 model risk: drift monitoring, clearing 2, signing required |
+| `healthcare-clinical` | HIPAA clinical AI: consent witnessing, clearing 3, PII protection |
+| `insurance-underwriting` | Underwriting AI: fairness, explainability, DPIA, clearing 2 |
+| `telecom-compliance` | Telecom fraud/network AI: performance monitoring, incident response |
+| `defense-govcon` | CMMC/RMF: clearing 3, strict chain enforcement, SBOM required |
+| `content-platform` | Content moderation: watermark verification, transparency, consent |
+| `autonomous-systems` | Autonomous/robotics: safety, robustness, dual-use, human oversight |
 
 ### Diagnostics
 
@@ -667,7 +704,7 @@ Each inference produces anchors for these checks. Every check maps to a regulati
 
 ### EU AI Act Article Mapping
 
-All 47 SWT3 AI witnessing procedures map to specific EU AI Act obligations:
+All 65 SWT3 AI witnessing procedures map to specific EU AI Act obligations:
 
 | Procedure | EU AI Act Article | Obligation | Demo | Production |
 |-----------|-------------------|------------|------|------------|
@@ -684,7 +721,7 @@ All 47 SWT3 AI witnessing procedures map to specific EU AI Act obligations:
 | AI-EXPL.1 | Art. 13(1) | Transparency & Explainability | -| ✓ |
 | AI-EXPL.2 | Art. 13(3b) | Confidence Calibration | -| ✓ |
 
-The demo demonstrates 5 procedures using simulated data. All 47 are available in production with real inference data. 40 cross-language test vectors ensure fingerprint parity across Python, TypeScript, Rust, C#, and Ruby. [See live conformity →](https://sovereign.tenova.io/audit/axm_audit_demo_eu_ai_act_public)
+The demo demonstrates 5 procedures using simulated data. All 65 are available in production with real inference data. 207 cross-language test vectors ensure fingerprint parity across Python, TypeScript, Rust, C#, and Ruby. [See live conformity →](https://sovereign.tenova.io/audit/axm_audit_demo_eu_ai_act_public)
 
 ## How Verdicts Work
 
@@ -734,6 +771,58 @@ echo -n "WITNESS:DEMO_TENANT:AI-INF.1:1:1:0:1774800000000" | sha256sum | cut -c1
 
 No SDK needed. Works on any machine, any language.
 
+## Self-Hosted Deployment
+
+Run the full stack inside your own infrastructure. No data leaves your network boundary.
+
+### SWT3 Gateway (LLM Proxy)
+
+A zero-latency Go reverse proxy that witnesses every inference transparently. Deploy inside your VPC, point your app at the gateway instead of the LLM provider. One line change:
+
+```bash
+docker run -d \
+  -e SWT3_API_KEY=axm_live_your_key \
+  -e SWT3_TENANT_ID=YOUR_ENCLAVE \
+  -e SWT3_UPSTREAM=https://api.openai.com \
+  -p 8443:8443 \
+  tenova/swt3-gateway:latest
+```
+
+```typescript
+// One line change. Everything else stays the same.
+const client = new OpenAI({ baseURL: "http://gateway:8443/v1" });
+```
+
+Multi-provider routing, model allowlist (advisory or strict), streaming support, HMAC payload signing. Helm chart included for Kubernetes.
+
+[Gateway Documentation](https://github.com/tenova-labs/swt3-ai/tree/main/packages/swt3-gateway)
+
+### Axiom Sovereign Engine (Full Platform)
+
+The complete compliance platform as a container: dashboard, adjudicator, evidence chain, Merkle rollups.
+
+```bash
+# Three-service deployment (dashboard + adjudicator + postgres)
+docker compose up -d
+
+# Air-gap export for disconnected environments
+docker save axiom-sovereign-engine:latest | gzip > axiom-sovereign.tar.gz
+```
+
+- UBI 9 Minimal base (Iron Bank compatible, DoD IL2-IL5)
+- Non-root runtime, FIPS-validated OpenSSL 3.x
+- Works air-gapped: `docker load` on the target, no internet required
+- Helm chart for Kubernetes orchestration
+
+### Deployment Options
+
+| Mode | What You Run | Data Residency |
+|------|-------------|----------------|
+| **SDK only** | `npm install @tenova/swt3-ai` | Hashes leave, data stays |
+| **Gateway** | Docker container in your VPC | Raw traffic never leaves your network |
+| **Self-hosted platform** | Docker Compose or Helm | Everything on your infrastructure |
+| **Air-gapped** | `docker load` from tarball | Zero internet connectivity required |
+
 ## Sovereign Cloud Support
 
 The SDK works with any OpenAI-compatible endpoint. Run models on your own infrastructure and witness every inference identically:
@@ -843,7 +932,8 @@ const witness = new Witness({
 | `maxRetries` | 3 | Retries before dead-letter |
 | `guardrailNames` | [] | Active guardrail names |
 | `agentId` | - | Agent identity (survives all clearing levels) |
-| `signingKey` | - | HMAC-SHA256 key for payload signing (register server-side for validation) |
+| `signingKey` | - | Signing key for payload non-repudiation (HMAC-SHA256 secret or ML-DSA-65 hex seed) |
+| `signingAlgorithm` | - | `"hmac-sha256"` (default) or `"ml-dsa-65"` (FIPS 204 post-quantum) |
 | `cycleId` | - | Multi-agent chain link (survives all clearing levels) |
 | `policyVersion` | - | Policy config identifier (hashed in payloads) |
 | `strict` | false | Gatekeeper mode: block inference if guardrails insufficient |
@@ -955,10 +1045,12 @@ Your prompts and responses **never leave your infrastructure**. The SDK computes
 - [Design Rationale](https://sovereign.tenova.io/guides/swt3-design-rationale.html) -- why every protocol decision was made
 - [UCT Registry](https://sovereign.tenova.io/registry) -- full procedure catalog with factor definitions
 - [Anchor Verifier](https://sovereign.tenova.io/verify) -- verify any anchor, zero server calls
-- [EU AI Act Regulatory Architecture](https://sovereign.tenova.io/guides/futurium-submission.html) -- VI+CJT+ALF+LAVR framework mapping for conformity assessment bodies
-- [Five Eyes Agentic AI Overlay](https://sovereign.tenova.io/guides/five-eyes-overlay.html) -- CISA/NSA guidance mapped to SWT3 procedures
-- [CMMC Compliance Overlay](https://sovereign.tenova.io/guides/cmmc-overlay.html) -- clearing levels mapped to CMMC and NIST 800-171
-- [SR 11-7 Model Risk Overlay](https://sovereign.tenova.io/guides/sr-11-7-overlay.html) -- clearing levels mapped to SR 11-7 requirements
+- [Before & After](https://sovereign.tenova.io/guides/developer-before-after.html) -- manual audit evidence vs. cryptographic witness anchors
+- [Integration Patterns](https://sovereign.tenova.io/guides/developer-integration-patterns.html) -- 8 instrumentation patterns mapped to regulatory requirements
+- [What Your Auditor Sees](https://sovereign.tenova.io/guides/developer-auditor-bridge.html) -- both sides of a witness anchor, developer to auditor
+- [CI/CD Integration](https://sovereign.tenova.io/guides/developer-cicd-guide.html) -- validate compliance configuration in your pipeline
+- [Assessment Mapping](https://sovereign.tenova.io/registry/assessment.html) -- which procedures satisfy which regulatory requirements
+- [All 65 Guides](https://sovereign.tenova.io/guides/) -- regulatory crosswalks, assessor walkthroughs, integration guides
 
 ---
 

package/dist/adapters/cerebras.d.ts

@@ -0,0 +1,25 @@
+/**
+ * SWT3 AI Witness SDK -- Cerebras WSE-3 Adapter.
+ *
+ * Host-side compliance witnessing for Cerebras wafer-scale inference.
+ * Wraps any object with launch()/memcpyD2H() methods, minting anchors
+ * on device-to-host transfers without modifying CSL kernels.
+ *
+ * Usage:
+ *   import { wrapCerebrasRuntime } from "@tenova/swt3-ai/adapters/cerebras";
+ *   const witnessed = wrapCerebrasRuntime(runtime, witness);
+ *   witnessed.launch("kernel_name");
+ *   const result = witnessed.memcpyD2H(symbol, shape);
+ *
+ * Copyright (c) 2026 Tenable Nova LLC. Apache 2.0. Patent pending.
+ */
+import type { Witness } from "../witness.js";
+export interface CerebrasRuntime {
+    launch(kernelName: string, ...args: unknown[]): unknown;
+    memcpyD2H?(...args: unknown[]): unknown;
+    memcpyH2D?(...args: unknown[]): unknown;
+}
+export declare function wrapCerebrasRuntime(runtime: CerebrasRuntime, witness: Witness, modelId?: string): CerebrasRuntime & {
+    readonly launchCount: number;
+};
+//# sourceMappingURL=cerebras.d.ts.map

package/dist/adapters/cerebras.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cerebras.d.ts","sourceRoot":"","sources":["../../src/adapters/cerebras.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAK7C,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACxD,SAAS,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACxC,SAAS,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;CACzC;AAsBD,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,eAAe,EACxB,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,MAAM,GACf,eAAe,GAAG;IAAE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAsDpD"}

package/dist/adapters/cerebras.js

@@ -0,0 +1,79 @@
+/**
+ * SWT3 AI Witness SDK -- Cerebras WSE-3 Adapter.
+ *
+ * Host-side compliance witnessing for Cerebras wafer-scale inference.
+ * Wraps any object with launch()/memcpyD2H() methods, minting anchors
+ * on device-to-host transfers without modifying CSL kernels.
+ *
+ * Usage:
+ *   import { wrapCerebrasRuntime } from "@tenova/swt3-ai/adapters/cerebras";
+ *   const witnessed = wrapCerebrasRuntime(runtime, witness);
+ *   witnessed.launch("kernel_name");
+ *   const result = witnessed.memcpyD2H(symbol, shape);
+ *
+ * Copyright (c) 2026 Tenable Nova LLC. Apache 2.0. Patent pending.
+ */
+import { sha256Truncated } from "../fingerprint.js";
+import { createHash } from "crypto";
+function hashBuffer(data) {
+    if (data === null || data === undefined)
+        return "";
+    if (data instanceof Buffer || data instanceof Uint8Array) {
+        return createHash("sha256").update(data).digest("hex").slice(0, 16);
+    }
+    if (typeof data === "string") {
+        return sha256Truncated(data);
+    }
+    if (data instanceof ArrayBuffer) {
+        return createHash("sha256").update(Buffer.from(data)).digest("hex").slice(0, 16);
+    }
+    return sha256Truncated(String(data));
+}
+export function wrapCerebrasRuntime(runtime, witness, modelId) {
+    const mid = modelId ?? process.env.SWT3_MODEL_ID ?? process.env.CEREBRAS_MODEL_NAME ?? "cerebras-wse3";
+    const state = {
+        launchTime: null,
+        kernelName: null,
+        launchCount: 0,
+    };
+    const originalLaunch = runtime.launch.bind(runtime);
+    const originalMemcpy = runtime.memcpyD2H?.bind(runtime);
+    const wrapped = Object.create(runtime);
+    wrapped.launch = (kernelName, ...args) => {
+        state.launchTime = performance.now();
+        state.kernelName = kernelName;
+        state.launchCount++;
+        return originalLaunch(kernelName, ...args);
+    };
+    if (originalMemcpy) {
+        wrapped.memcpyD2H = (...args) => {
+            const result = originalMemcpy(...args);
+            const elapsed = state.launchTime !== null
+                ? Math.round(performance.now() - state.launchTime)
+                : 0;
+            const record = {
+                modelId: mid,
+                modelHash: sha256Truncated(mid),
+                promptHash: state.kernelName ? sha256Truncated(state.kernelName) : "",
+                responseHash: hashBuffer(result),
+                latencyMs: elapsed,
+                inputTokens: 0,
+                outputTokens: 0,
+                guardrailsActive: 0,
+                guardrailsRequired: 0,
+                guardrailPassed: true,
+                hasRefusal: false,
+                provider: "cerebras-wse3",
+                guardrailNames: [],
+            };
+            witness.record(record);
+            return result;
+        };
+    }
+    Object.defineProperty(wrapped, "launchCount", {
+        get: () => state.launchCount,
+        enumerable: true,
+    });
+    return wrapped;
+}
+//# sourceMappingURL=cerebras.js.map

package/dist/adapters/cerebras.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cerebras.js","sourceRoot":"","sources":["../../src/adapters/cerebras.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAcpC,SAAS,UAAU,CAAC,IAAa;IAC/B,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IACnD,IAAI,IAAI,YAAY,MAAM,IAAI,IAAI,YAAY,UAAU,EAAE,CAAC;QACzD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IACD,IAAI,IAAI,YAAY,WAAW,EAAE,CAAC;QAChC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnF,CAAC;IACD,OAAO,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,OAAwB,EACxB,OAAgB,EAChB,OAAgB;IAEhB,MAAM,GAAG,GAAG,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,eAAe,CAAC;IAEvG,MAAM,KAAK,GAAkB;QAC3B,UAAU,EAAE,IAAI;QAChB,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,CAAC;KACf,CAAC;IAEF,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IAExD,MAAM,OAAO,GAAuD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAE3F,OAAO,CAAC,MAAM,GAAG,CAAC,UAAkB,EAAE,GAAG,IAAe,EAAW,EAAE;QACnE,KAAK,CAAC,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QACrC,KAAK,CAAC,UAAU,GAAG,UAAU,CAAC;QAC9B,KAAK,CAAC,WAAW,EAAE,CAAC;QACpB,OAAO,cAAc,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,CAAC,CAAC;IAEF,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,CAAC,SAAS,GAAG,CAAC,GAAG,IAAe,EAAW,EAAE;YAClD,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC;YACvC,MAAM,OAAO,GAAG,KAAK,CAAC,UAAU,KAAK,IAAI;gBACvC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,UAAU,CAAC;gBAClD,CAAC,CAAC,CAAC,CAAC;YAEN,MAAM,MAAM,GAAoB;gBAC9B,OAAO,EAAE,GAAG;gBACZ,SAAS,EAAE,eAAe,CAAC,GAAG,CAAC;gBAC/B,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE;gBACrE,YAAY,EAAE,UAAU,CAAC,MAAM,CAAC;gBAChC,SAAS,EAAE,OAAO;gBAClB,WAAW,EAAE,CAAC;gBACd,YAAY,EAAE,CAAC;gBACf,gBAAgB,EAAE,CAAC;gBACnB,kBAAkB,EAAE,CAAC;gBACrB,eAAe,EAAE,IAAI;gBACrB,UAAU,EAAE,KAAK;gBACjB,QAAQ,EAAE,eAAe;gBACzB,cAAc,EAAE,EAAE;aACnB,CAAC;YACF,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACvB,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,aAAa,EAAE;QAC5C,GAAG,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,WAAW;QAC5B,UAAU,EAAE,IAAI;KACjB,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/clearing.d.ts

@@ -16,7 +16,7 @@ import type { InferenceRecord, WitnessPayload } from "./types.js";
  * Applies clearing level to each payload via object destructuring (Level 2+
  * fields are simply never assigned, guaranteeing they don't exist on the wire).
  */
-export declare function extractPayloads(record: InferenceRecord, tenantId: string, clearingLevel: 0 | 1 | 2 | 3, latencyThresholdMs?: number, guardrailsRequired?: number, procedures?: string[], agentId?: string, signingKey?: string, signingKeyId?: string, signingKeyVersion?: number, cycleId?: string, policyVersionHash?: string, jurisdiction?: string, legalBasis?: string, purposeClass?: string, authorizationId?: string): WitnessPayload[];
+export declare function extractPayloads(record: InferenceRecord, tenantId: string, clearingLevel: 0 | 1 | 2 | 3, latencyThresholdMs?: number, guardrailsRequired?: number, procedures?: string[], agentId?: string, signingKey?: string, signingKeyId?: string, signingKeyVersion?: number, cycleId?: string, policyVersionHash?: string, jurisdiction?: string, legalBasis?: string, purposeClass?: string, authorizationId?: string, signingAlgorithm?: string): WitnessPayload[];
 /**
  * Mint an AI-GRD.3 (Gatekeeper Gate) payload.
  *
@@ -25,7 +25,7 @@ export declare function extractPayloads(record: InferenceRecord, tenantId: strin
  * factor_c = 1 if gate passed, 0 if blocked
  * Verdict: PASS if b >= a AND c == 1
  */
-export declare function extractGatekeeperPayload(tenantId: string, required: number, active: number, gatePassed: boolean, clearingLevel: 0 | 1 | 2 | 3, agentId?: string, signingKey?: string, signingKeyId?: string, signingKeyVersion?: number, cycleId?: string, policyVersionHash?: string, jurisdiction?: string, legalBasis?: string, purposeClass?: string): WitnessPayload;
+export declare function extractGatekeeperPayload(tenantId: string, required: number, active: number, gatePassed: boolean, clearingLevel: 0 | 1 | 2 | 3, agentId?: string, signingKey?: string, signingKeyId?: string, signingKeyVersion?: number, cycleId?: string, policyVersionHash?: string, jurisdiction?: string, legalBasis?: string, purposeClass?: string, signingAlgorithm?: string): WitnessPayload;
 /** Revocation reason code mapping. */
 export declare const REVOCATION_REASONS: Record<string, number>;
 /**
@@ -35,5 +35,17 @@ export declare const REVOCATION_REASONS: Record<string, number>;
  * factor_b = 1 (target declared valid by caller)
  * factor_c = reason code (integer from REVOCATION_REASONS)
  */
-export declare function extractRevocationPayload(tenantId: string, targetFingerprint: string, reason: string, clearingLevel: 0 | 1 | 2 | 3, agentId?: string, signingKey?: string, signingKeyId?: string, signingKeyVersion?: number, cycleId?: string, policyVersionHash?: string, jurisdiction?: string, legalBasis?: string, purposeClass?: string): WitnessPayload;
+export declare function extractRevocationPayload(tenantId: string, targetFingerprint: string, reason: string, clearingLevel: 0 | 1 | 2 | 3, agentId?: string, signingKey?: string, signingKeyId?: string, signingKeyVersion?: number, cycleId?: string, policyVersionHash?: string, jurisdiction?: string, legalBasis?: string, purposeClass?: string, signingAlgorithm?: string): WitnessPayload;
+/**
+ * Mint an AI-CHAIN.2 (Trust Degradation) payload.
+ *
+ * Minted automatically when the effective trust level drops during
+ * a multi-agent chain handoff. Provides auditors with a specific,
+ * searchable anchor for trust boundary crossings.
+ *
+ * factor_a = previous effective trust level
+ * factor_b = new effective trust level
+ * factor_c = delta (negative = degradation)
+ */
+export declare function extractChainTrustDegradationPayload(tenantId: string, previousTrustLevel: number, newTrustLevel: number, clearingLevel: 0 | 1 | 2 | 3, agentId?: string, signingKey?: string, signingKeyId?: string, signingKeyVersion?: number, cycleId?: string, policyVersionHash?: string, signingAlgorithm?: string): WitnessPayload;
 //# sourceMappingURL=clearing.d.ts.map

package/dist/clearing.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"clearing.d.ts","sourceRoot":"","sources":["../src/clearing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAElE;;;;GAIG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,eAAe,EACvB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAC5B,kBAAkB,GAAE,MAAc,EAClC,kBAAkB,GAAE,MAAU,EAC9B,UAAU,CAAC,EAAE,MAAM,EAAE,EACrB,OAAO,CAAC,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,EACrB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,OAAO,CAAC,EAAE,MAAM,EAChB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,YAAY,CAAC,EAAE,MAAM,EACrB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,EACrB,eAAe,CAAC,EAAE,MAAM,GACvB,cAAc,EAAE,CA8MlB;AA0FD;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,OAAO,EACnB,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAC5B,OAAO,CAAC,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,EACrB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,OAAO,CAAC,EAAE,MAAM,EAChB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,YAAY,CAAC,EAAE,MAAM,EACrB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,GACpB,cAAc,CAqBhB;AAED,sCAAsC;AACtC,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAQrD,CAAC;AAEF;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAC5B,OAAO,CAAC,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,EACrB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,OAAO,CAAC,EAAE,MAAM,EAChB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,YAAY,CAAC,EAAE,MAAM,EACrB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,GACpB,cAAc,CAwBhB"}
+{"version":3,"file":"clearing.d.ts","sourceRoot":"","sources":["../src/clearing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAElE;;;;GAIG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,eAAe,EACvB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAC5B,kBAAkB,GAAE,MAAc,EAClC,kBAAkB,GAAE,MAAU,EAC9B,UAAU,CAAC,EAAE,MAAM,EAAE,EACrB,OAAO,CAAC,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,EACrB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,OAAO,CAAC,EAAE,MAAM,EAChB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,YAAY,CAAC,EAAE,MAAM,EACrB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,EACrB,eAAe,CAAC,EAAE,MAAM,EACxB,gBAAgB,CAAC,EAAE,MAAM,GACxB,cAAc,EAAE,CA8MlB;AA6FD;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,OAAO,EACnB,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAC5B,OAAO,CAAC,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,EACrB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,OAAO,CAAC,EAAE,MAAM,EAChB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,YAAY,CAAC,EAAE,MAAM,EACrB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,EACrB,gBAAgB,CAAC,EAAE,MAAM,GACxB,cAAc,CAqBhB;AAED,sCAAsC;AACtC,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAQrD,CAAC;AAEF;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAC5B,OAAO,CAAC,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,EACrB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,OAAO,CAAC,EAAE,MAAM,EAChB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,YAAY,CAAC,EAAE,MAAM,EACrB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,EACrB,gBAAgB,CAAC,EAAE,MAAM,GACxB,cAAc,CAwBhB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mCAAmC,CACjD,QAAQ,EAAE,MAAM,EAChB,kBAAkB,EAAE,MAAM,EAC1B,aAAa,EAAE,MAAM,EACrB,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAC5B,OAAO,CAAC,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,MAAM,EACrB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,OAAO,CAAC,EAAE,MAAM,EAChB,iBAAiB,CAAC,EAAE,MAAM,EAC1B,gBAAgB,CAAC,EAAE,MAAM,GACxB,cAAc,CAqBhB"}

package/dist/clearing.js

@@ -17,7 +17,7 @@ import { signPayload } from "./signing.js";
  * Applies clearing level to each payload via object destructuring (Level 2+
  * fields are simply never assigned, guaranteeing they don't exist on the wire).
  */
-export function extractPayloads(record, tenantId, clearingLevel, latencyThresholdMs = 30000, guardrailsRequired = 0, procedures, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, authorizationId) {
+export function extractPayloads(record, tenantId, clearingLevel, latencyThresholdMs = 30000, guardrailsRequired = 0, procedures, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, authorizationId, signingAlgorithm) {
     const [ts, epoch] = timestampMs();
     const payloads = [];
     // Access control records produce only AI-ACC.1 (skip inference procedures)
@@ -63,7 +63,7 @@ export function extractPayloads(record, tenantId, clearingLevel, latencyThreshol
                     ctx.cycle_id = cycleId;
                 payload.ai_context = ctx;
             }
-            applyOperationalMetadata(payload, fp, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, authorizationId);
+            applyOperationalMetadata(payload, fp, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, authorizationId, signingAlgorithm);
             payloads.push(payload);
         }
         return payloads;
@@ -105,7 +105,7 @@ export function extractPayloads(record, tenantId, clearingLevel, latencyThreshol
                     ctx.cycle_id = cycleId;
                 payload.ai_context = ctx;
             }
-            applyOperationalMetadata(payload, fp, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, authorizationId);
+            applyOperationalMetadata(payload, fp, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, authorizationId, signingAlgorithm);
             payloads.push(payload);
         }
         return payloads;
@@ -190,13 +190,13 @@ export function extractPayloads(record, tenantId, clearingLevel, latencyThreshol
         // absent from JSON.stringify output, not just null.
         applyClearingLevel(payload, record, clearingLevel);
         // Operational metadata survives all clearing levels
-        applyOperationalMetadata(payload, fp, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, authorizationId);
+        applyOperationalMetadata(payload, fp, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, authorizationId, signingAlgorithm);
         payloads.push(payload);
     }
     return payloads;
 }
 /** Apply operational metadata that survives all clearing levels. */
-function applyOperationalMetadata(payload, fingerprint, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, authorizationId) {
+function applyOperationalMetadata(payload, fingerprint, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, authorizationId, signingAlgorithm) {
     if (agentId)
         payload.agent_id = agentId;
     if (cycleId)
@@ -212,7 +212,9 @@ function applyOperationalMetadata(payload, fingerprint, agentId, signingKey, sig
     if (authorizationId)
         payload.authorization_id = authorizationId;
     if (signingKey) {
-        payload.payload_signature = signPayload(signingKey, fingerprint, agentId);
+        const algo = (signingAlgorithm ?? "hmac-sha256");
+        payload.payload_signature = signPayload(signingKey, fingerprint, agentId, algo);
+        payload.signing_algorithm = algo;
         if (signingKeyId)
             payload.signing_key_id = signingKeyId;
         if (signingKeyVersion !== undefined)
@@ -282,7 +284,7 @@ function applyClearingLevel(payload, record, level) {
  * factor_c = 1 if gate passed, 0 if blocked
  * Verdict: PASS if b >= a AND c == 1
  */
-export function extractGatekeeperPayload(tenantId, required, active, gatePassed, clearingLevel, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass) {
+export function extractGatekeeperPayload(tenantId, required, active, gatePassed, clearingLevel, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, signingAlgorithm) {
     const [ts, epoch] = timestampMs();
     const fa = required;
     const fb = active;
@@ -298,7 +300,7 @@ export function extractGatekeeperPayload(tenantId, required, active, gatePassed,
         anchor_epoch: epoch,
         fingerprint_timestamp_ms: ts,
     };
-    applyOperationalMetadata(payload, fp, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass);
+    applyOperationalMetadata(payload, fp, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, undefined, signingAlgorithm);
     return payload;
 }
 /** Revocation reason code mapping. */
@@ -318,7 +320,7 @@ export const REVOCATION_REASONS = {
  * factor_b = 1 (target declared valid by caller)
  * factor_c = reason code (integer from REVOCATION_REASONS)
  */
-export function extractRevocationPayload(tenantId, targetFingerprint, reason, clearingLevel, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass) {
+export function extractRevocationPayload(tenantId, targetFingerprint, reason, clearingLevel, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, signingAlgorithm) {
     const [ts, epoch] = timestampMs();
     const reasonCode = REVOCATION_REASONS[reason] ?? 0;
     const fa = 1;
@@ -337,7 +339,37 @@ export function extractRevocationPayload(tenantId, targetFingerprint, reason, cl
         revocation_target: targetFingerprint,
         revocation_reason: reason,
     };
-    applyOperationalMetadata(payload, fp, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass);
+    applyOperationalMetadata(payload, fp, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, jurisdiction, legalBasis, purposeClass, undefined, signingAlgorithm);
+    return payload;
+}
+/**
+ * Mint an AI-CHAIN.2 (Trust Degradation) payload.
+ *
+ * Minted automatically when the effective trust level drops during
+ * a multi-agent chain handoff. Provides auditors with a specific,
+ * searchable anchor for trust boundary crossings.
+ *
+ * factor_a = previous effective trust level
+ * factor_b = new effective trust level
+ * factor_c = delta (negative = degradation)
+ */
+export function extractChainTrustDegradationPayload(tenantId, previousTrustLevel, newTrustLevel, clearingLevel, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, signingAlgorithm) {
+    const [ts, epoch] = timestampMs();
+    const fa = previousTrustLevel;
+    const fb = newTrustLevel;
+    const fc = newTrustLevel - previousTrustLevel;
+    const fp = mintFingerprint(tenantId, "AI-CHAIN.2", fa, fb, fc, ts);
+    const payload = {
+        procedure_id: "AI-CHAIN.2",
+        factor_a: fa,
+        factor_b: fb,
+        factor_c: fc,
+        clearing_level: clearingLevel,
+        anchor_fingerprint: fp,
+        anchor_epoch: epoch,
+        fingerprint_timestamp_ms: ts,
+    };
+    applyOperationalMetadata(payload, fp, agentId, signingKey, signingKeyId, signingKeyVersion, cycleId, policyVersionHash, undefined, undefined, undefined, undefined, signingAlgorithm);
     return payload;
 }
 //# sourceMappingURL=clearing.js.map

package/dist/clearing.js.map

@@ -1 +1 @@
-{"version":3,"file":"clearing.js","sourceRoot":"","sources":["../src/clearing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG3C;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAuB,EACvB,QAAgB,EAChB,aAA4B,EAC5B,qBAA6B,KAAK,EAClC,qBAA6B,CAAC,EAC9B,UAAqB,EACrB,OAAgB,EAChB,UAAmB,EACnB,YAAqB,EACrB,iBAA0B,EAC1B,OAAgB,EAChB,iBAA0B,EAC1B,YAAqB,EACrB,UAAmB,EACnB,YAAqB,EACrB,eAAwB;IAExB,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,WAAW,EAAE,CAAC;IAClC,MAAM,QAAQ,GAAqB,EAAE,CAAC;IAEtC,2EAA2E;IAC3E,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,IAAI,UAAU,GAAG;YACf;gBACE,WAAW,EAAE,UAAU;gBACvB,OAAO,EAAE,CAAC;gBACV,OAAO,EAAE,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5D,OAAO,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aACtC;SACF,CAAC;QAEF,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;YACpC,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QACpE,CAAC;QAED,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC7F,MAAM,OAAO,GAAmB;gBAC9B,YAAY,EAAE,EAAE,CAAC,WAAW;gBAC5B,QAAQ,EAAE,EAAE,CAAC,OAAO;gBACpB,QAAQ,EAAE,EAAE,CAAC,OAAO;gBACpB,QAAQ,EAAE,EAAE,CAAC,OAAO;gBACpB,cAAc,EAAE,aAAa;gBAC7B,kBAAkB,EAAE,EAAE;gBACtB,YAAY,EAAE,KAAK;gBACnB,wBAAwB,EAAE,EAAE;aAC7B,CAAC;YAEF,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC;YAC3C,CAAC;YACD,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC;gBACrC,MAAM,GAAG,GAAiC;oBACxC,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,MAAM,CAAC,YAAY;oBAClC,cAAc,EAAE,MAAM,CAAC,aAAa;iBACrC,CAAC;gBACF,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;oBACvB,GAAG,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC;gBACxC,CAAC;gBACD,IAAI,OAAO;oBAAE,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC;gBACpC,OAAO,CAAC,UAAU,GAAG,GAAG,CAAC;YAC3B,CAAC;YAED,wBAAwB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,eAAe,CAAC,CAAC;YAEjL,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,uEAAuE;IACvE,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,IAAI,WAAW,GAAG;YAChB,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;SACxG,CAAC;QAEF,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;YACpC,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QACtE,CAAC;QAED,KAAK,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC;YAC7B,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC7F,MAAM,OAAO,GAAmB;gBAC9B,YAAY,EAAE,EAAE,CAAC,WAAW;gBAC5B,QAAQ,EAAE,EAAE,CAAC,OAAO;gBACpB,QAAQ,EAAE,EAAE,CAAC,OAAO;gBACpB,QAAQ,EAAE,EAAE,CAAC,OAAO;gBACpB,cAAc,EAAE,aAAa;gBAC7B,kBAAkB,EAAE,EAAE;gBACtB,YAAY,EAAE,KAAK;gBACnB,wBAAwB,EAAE,EAAE;aAC7B,CAAC;YAEF,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC;YAC3C,CAAC;YACD,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC;gBACrC,MAAM,GAAG,GAAiC;oBACxC,QAAQ,EAAE,MAAM;oBAChB,SAAS,EAAE,MAAM,CAAC,QAAQ;iBAC3B,CAAC;gBACF,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;oBACtB,GAAG,CAAC,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;gBACvC,CAAC;gBACD,IAAI,OAAO;oBAAE,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC;gBACpC,OAAO,CAAC,UAAU,GAAG,GAAG,CAAC;YAC3B,CAAC;YAED,wBAAwB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,eAAe,CAAC,CAAC;YAEjL,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAUD,IAAI,WAAW,GAAiB;QAC9B,iCAAiC;QACjC;YACE,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACzD,OAAO,EAAE,CAAC;SACX;QACD,8BAA8B;QAC9B;YACE,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,kBAAkB;YAC3B,OAAO,EAAE,MAAM,CAAC,SAAS;YACzB,OAAO,EAAE,MAAM,CAAC,SAAS,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SACvD;QACD,mCAAmC;QACnC;YACE,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACjC,OAAO,EAAE,CAAC;SACX;QACD,mCAAmC;QACnC;YACE,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/B,OAAO,EAAE,CAAC;SACX;KACF,CAAC;IAEF,kEAAkE;IAClE,MAAM,WAAW,GAAG,kBAAkB,IAAI,MAAM,CAAC,kBAAkB,CAAC;IACpE,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,WAAW,CAAC,IAAI,CAAC;YACf,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,WAAW;YACpB,OAAO,EAAE,MAAM,CAAC,gBAAgB;YAChC,OAAO,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SACxC,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,WAAW,CAAC,IAAI,CAAC;QACf,WAAW,EAAE,UAAU;QACvB,OAAO,EAAE,CAAC;QACV,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClC,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;KACnC,CAAC,CAAC;IAEH,wEAAwE;IACxE,IAAI,OAAO,EAAE,CAAC;QACZ,WAAW,CAAC,IAAI,CAAC;YACf,WAAW,EAAE,SAAS;YACtB,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,CAAC;SACX,CAAC,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QACpC,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;IACtE,CAAC;IAED,uCAAuC;IACvC,KAAK,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAE7F,6DAA6D;QAC7D,MAAM,OAAO,GAAmB;YAC9B,YAAY,EAAE,EAAE,CAAC,WAAW;YAC5B,QAAQ,EAAE,EAAE,CAAC,OAAO;YACpB,QAAQ,EAAE,EAAE,CAAC,OAAO;YACpB,QAAQ,EAAE,EAAE,CAAC,OAAO;YACpB,cAAc,EAAE,aAAa;YAC7B,kBAAkB,EAAE,EAAE;YACtB,YAAY,EAAE,KAAK;YACnB,wBAAwB,EAAE,EAAE;SAC7B,CAAC;QAEF,iEAAiE;QACjE,kEAAkE;QAClE,oDAAoD;QACpD,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;QAEnD,oDAAoD;QACpD,wBAAwB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,eAAe,CAAC,CAAC;QAEjL,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,oEAAoE;AACpE,SAAS,wBAAwB,CAC/B,OAAuB,EACvB,WAAmB,EACnB,OAAgB,EAChB,UAAmB,EACnB,YAAqB,EACrB,iBAA0B,EAC1B,OAAgB,EAChB,iBAA0B,EAC1B,YAAqB,EACrB,UAAmB,EACnB,YAAqB,EACrB,eAAwB;IAExB,IAAI,OAAO;QAAE,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC;IACxC,IAAI,OAAO;QAAE,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC;IACxC,IAAI,iBAAiB;QAAE,OAAO,CAAC,mBAAmB,GAAG,iBAAiB,CAAC;IACvE,IAAI,YAAY;QAAE,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC;IACtD,IAAI,UAAU;QAAE,OAAO,CAAC,WAAW,GAAG,UAAU,CAAC;IACjD,IAAI,YAAY;QAAE,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;IACvD,IAAI,eAAe;QAAE,OAAO,CAAC,gBAAgB,GAAG,eAAe,CAAC;IAChE,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,CAAC,iBAAiB,GAAG,WAAW,CAAC,UAAU,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;QAC1E,IAAI,YAAY;YAAE,OAAO,CAAC,cAAc,GAAG,YAAY,CAAC;QACxD,IAAI,iBAAiB,KAAK,SAAS;YAAE,OAAO,CAAC,mBAAmB,GAAG,iBAAiB,CAAC;IACvF,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAS,kBAAkB,CACzB,OAAuB,EACvB,MAAuB,EACvB,KAAoB;IAEpB,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QACf,yCAAyC;QACzC,OAAO,CAAC,cAAc,GAAG,MAAM,CAAC,UAAU,CAAC;QAC3C,OAAO,CAAC,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC;QAC/C,OAAO,CAAC,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC;QACzC,OAAO,CAAC,eAAe,GAAG,MAAM,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC;IACjD,CAAC;IAED,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QACf,2DAA2D;QAC3D,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC;QACrC,MAAM,GAAG,GAAiC;YACxC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC;QACF,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrC,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,cAAc,CAAC;QACzC,CAAC;QACD,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAC7B,GAAG,CAAC,kBAAkB,GAAG,MAAM,CAAC,iBAAiB,CAAC;QACpD,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,CAAC;QACD,OAAO,CAAC,UAAU,GAAG,GAAG,CAAC;QACzB,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC5B,OAAO,CAAC,qBAAqB,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAC1D,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QACvB,gDAAgD;QAChD,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC;QACrC,kDAAkD;IACpD,CAAC;SAAM,CAAC;QACN,mDAAmD;QACnD,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,OAAO;YAClC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC;YACjC,CAAC,CAAC,SAAS,CAAC;QACd,0EAA0E;QAC1E,OAAO,OAAO,CAAC,cAAc,CAAC;QAC9B,OAAO,OAAO,CAAC,gBAAgB,CAAC;QAChC,OAAO,OAAO,CAAC,aAAa,CAAC;QAC7B,OAAO,OAAO,CAAC,eAAe,CAAC;QAC/B,OAAO,OAAO,CAAC,gBAAgB,CAAC;QAChC,+BAA+B;IACjC,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,UAAmB,EACnB,aAA4B,EAC5B,OAAgB,EAChB,UAAmB,EACnB,YAAqB,EACrB,iBAA0B,EAC1B,OAAgB,EAChB,iBAA0B,EAC1B,YAAqB,EACrB,UAAmB,EACnB,YAAqB;IAErB,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,WAAW,EAAE,CAAC;IAClC,MAAM,EAAE,GAAG,QAAQ,CAAC;IACpB,MAAM,EAAE,GAAG,MAAM,CAAC;IAClB,MAAM,EAAE,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAEjE,MAAM,OAAO,GAAmB;QAC9B,YAAY,EAAE,UAAU;QACxB,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,cAAc,EAAE,aAAa;QAC7B,kBAAkB,EAAE,EAAE;QACtB,YAAY,EAAE,KAAK;QACnB,wBAAwB,EAAE,EAAE;KAC7B,CAAC;IAEF,wBAAwB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;IAEhK,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,sCAAsC;AACtC,MAAM,CAAC,MAAM,kBAAkB,GAA2B;IACxD,WAAW,EAAE,CAAC;IACd,YAAY,EAAE,CAAC;IACf,gBAAgB,EAAE,CAAC;IACnB,kBAAkB,EAAE,CAAC;IACrB,kBAAkB,EAAE,CAAC;IACrB,gBAAgB,EAAE,CAAC;IACnB,gBAAgB,EAAE,CAAC;CACpB,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CACtC,QAAgB,EAChB,iBAAyB,EACzB,MAAc,EACd,aAA4B,EAC5B,OAAgB,EAChB,UAAmB,EACnB,YAAqB,EACrB,iBAA0B,EAC1B,OAAgB,EAChB,iBAA0B,EAC1B,YAAqB,EACrB,UAAmB,EACnB,YAAqB;IAErB,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,WAAW,EAAE,CAAC;IAClC,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,CAAC,CAAC;IACb,MAAM,EAAE,GAAG,CAAC,CAAC;IACb,MAAM,EAAE,GAAG,UAAU,CAAC;IACtB,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAEjE,MAAM,OAAO,GAAmB;QAC9B,YAAY,EAAE,UAAU;QACxB,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,cAAc,EAAE,aAAa;QAC7B,kBAAkB,EAAE,EAAE;QACtB,YAAY,EAAE,KAAK;QACnB,wBAAwB,EAAE,EAAE;QAC5B,iBAAiB,EAAE,iBAAiB;QACpC,iBAAiB,EAAE,MAAM;KAC1B,CAAC;IAEF,wBAAwB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;IAEhK,OAAO,OAAO,CAAC;AACjB,CAAC"}
+{"version":3,"file":"clearing.js","sourceRoot":"","sources":["../src/clearing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG3C;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAuB,EACvB,QAAgB,EAChB,aAA4B,EAC5B,qBAA6B,KAAK,EAClC,qBAA6B,CAAC,EAC9B,UAAqB,EACrB,OAAgB,EAChB,UAAmB,EACnB,YAAqB,EACrB,iBAA0B,EAC1B,OAAgB,EAChB,iBAA0B,EAC1B,YAAqB,EACrB,UAAmB,EACnB,YAAqB,EACrB,eAAwB,EACxB,gBAAyB;IAEzB,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,WAAW,EAAE,CAAC;IAClC,MAAM,QAAQ,GAAqB,EAAE,CAAC;IAEtC,2EAA2E;IAC3E,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,IAAI,UAAU,GAAG;YACf;gBACE,WAAW,EAAE,UAAU;gBACvB,OAAO,EAAE,CAAC;gBACV,OAAO,EAAE,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5D,OAAO,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aACtC;SACF,CAAC;QAEF,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;YACpC,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QACpE,CAAC;QAED,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC7F,MAAM,OAAO,GAAmB;gBAC9B,YAAY,EAAE,EAAE,CAAC,WAAW;gBAC5B,QAAQ,EAAE,EAAE,CAAC,OAAO;gBACpB,QAAQ,EAAE,EAAE,CAAC,OAAO;gBACpB,QAAQ,EAAE,EAAE,CAAC,OAAO;gBACpB,cAAc,EAAE,aAAa;gBAC7B,kBAAkB,EAAE,EAAE;gBACtB,YAAY,EAAE,KAAK;gBACnB,wBAAwB,EAAE,EAAE;aAC7B,CAAC;YAEF,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC;YAC3C,CAAC;YACD,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC;gBACrC,MAAM,GAAG,GAAiC;oBACxC,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,MAAM,CAAC,YAAY;oBAClC,cAAc,EAAE,MAAM,CAAC,aAAa;iBACrC,CAAC;gBACF,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;oBACvB,GAAG,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC;gBACxC,CAAC;gBACD,IAAI,OAAO;oBAAE,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC;gBACpC,OAAO,CAAC,UAAU,GAAG,GAAG,CAAC;YAC3B,CAAC;YAED,wBAAwB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC;YAEnM,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,uEAAuE;IACvE,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,IAAI,WAAW,GAAG;YAChB,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;SACxG,CAAC;QAEF,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;YACpC,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QACtE,CAAC;QAED,KAAK,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC;YAC7B,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC7F,MAAM,OAAO,GAAmB;gBAC9B,YAAY,EAAE,EAAE,CAAC,WAAW;gBAC5B,QAAQ,EAAE,EAAE,CAAC,OAAO;gBACpB,QAAQ,EAAE,EAAE,CAAC,OAAO;gBACpB,QAAQ,EAAE,EAAE,CAAC,OAAO;gBACpB,cAAc,EAAE,aAAa;gBAC7B,kBAAkB,EAAE,EAAE;gBACtB,YAAY,EAAE,KAAK;gBACnB,wBAAwB,EAAE,EAAE;aAC7B,CAAC;YAEF,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC;YAC3C,CAAC;YACD,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC;gBACrC,MAAM,GAAG,GAAiC;oBACxC,QAAQ,EAAE,MAAM;oBAChB,SAAS,EAAE,MAAM,CAAC,QAAQ;iBAC3B,CAAC;gBACF,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;oBACtB,GAAG,CAAC,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;gBACvC,CAAC;gBACD,IAAI,OAAO;oBAAE,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC;gBACpC,OAAO,CAAC,UAAU,GAAG,GAAG,CAAC;YAC3B,CAAC;YAED,wBAAwB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC;YAEnM,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAUD,IAAI,WAAW,GAAiB;QAC9B,iCAAiC;QACjC;YACE,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACzD,OAAO,EAAE,CAAC;SACX;QACD,8BAA8B;QAC9B;YACE,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,kBAAkB;YAC3B,OAAO,EAAE,MAAM,CAAC,SAAS;YACzB,OAAO,EAAE,MAAM,CAAC,SAAS,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SACvD;QACD,mCAAmC;QACnC;YACE,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACjC,OAAO,EAAE,CAAC;SACX;QACD,mCAAmC;QACnC;YACE,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/B,OAAO,EAAE,CAAC;SACX;KACF,CAAC;IAEF,kEAAkE;IAClE,MAAM,WAAW,GAAG,kBAAkB,IAAI,MAAM,CAAC,kBAAkB,CAAC;IACpE,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,WAAW,CAAC,IAAI,CAAC;YACf,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,WAAW;YACpB,OAAO,EAAE,MAAM,CAAC,gBAAgB;YAChC,OAAO,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SACxC,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,WAAW,CAAC,IAAI,CAAC;QACf,WAAW,EAAE,UAAU;QACvB,OAAO,EAAE,CAAC;QACV,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClC,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;KACnC,CAAC,CAAC;IAEH,wEAAwE;IACxE,IAAI,OAAO,EAAE,CAAC;QACZ,WAAW,CAAC,IAAI,CAAC;YACf,WAAW,EAAE,SAAS;YACtB,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,CAAC;SACX,CAAC,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QACpC,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;IACtE,CAAC;IAED,uCAAuC;IACvC,KAAK,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAE7F,6DAA6D;QAC7D,MAAM,OAAO,GAAmB;YAC9B,YAAY,EAAE,EAAE,CAAC,WAAW;YAC5B,QAAQ,EAAE,EAAE,CAAC,OAAO;YACpB,QAAQ,EAAE,EAAE,CAAC,OAAO;YACpB,QAAQ,EAAE,EAAE,CAAC,OAAO;YACpB,cAAc,EAAE,aAAa;YAC7B,kBAAkB,EAAE,EAAE;YACtB,YAAY,EAAE,KAAK;YACnB,wBAAwB,EAAE,EAAE;SAC7B,CAAC;QAEF,iEAAiE;QACjE,kEAAkE;QAClE,oDAAoD;QACpD,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;QAEnD,oDAAoD;QACpD,wBAAwB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC;QAEnM,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,oEAAoE;AACpE,SAAS,wBAAwB,CAC/B,OAAuB,EACvB,WAAmB,EACnB,OAAgB,EAChB,UAAmB,EACnB,YAAqB,EACrB,iBAA0B,EAC1B,OAAgB,EAChB,iBAA0B,EAC1B,YAAqB,EACrB,UAAmB,EACnB,YAAqB,EACrB,eAAwB,EACxB,gBAAyB;IAEzB,IAAI,OAAO;QAAE,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC;IACxC,IAAI,OAAO;QAAE,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC;IACxC,IAAI,iBAAiB;QAAE,OAAO,CAAC,mBAAmB,GAAG,iBAAiB,CAAC;IACvE,IAAI,YAAY;QAAE,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC;IACtD,IAAI,UAAU;QAAE,OAAO,CAAC,WAAW,GAAG,UAAU,CAAC;IACjD,IAAI,YAAY;QAAE,OAAO,CAAC,aAAa,GAAG,YAAY,CAAC;IACvD,IAAI,eAAe;QAAE,OAAO,CAAC,gBAAgB,GAAG,eAAe,CAAC;IAChE,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,IAAI,GAAG,CAAC,gBAAgB,IAAI,aAAa,CAA4C,CAAC;QAC5F,OAAO,CAAC,iBAAiB,GAAG,WAAW,CAAC,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QAChF,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;QACjC,IAAI,YAAY;YAAE,OAAO,CAAC,cAAc,GAAG,YAAY,CAAC;QACxD,IAAI,iBAAiB,KAAK,SAAS;YAAE,OAAO,CAAC,mBAAmB,GAAG,iBAAiB,CAAC;IACvF,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAS,kBAAkB,CACzB,OAAuB,EACvB,MAAuB,EACvB,KAAoB;IAEpB,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QACf,yCAAyC;QACzC,OAAO,CAAC,cAAc,GAAG,MAAM,CAAC,UAAU,CAAC;QAC3C,OAAO,CAAC,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC;QAC/C,OAAO,CAAC,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC;QACzC,OAAO,CAAC,eAAe,GAAG,MAAM,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC;IACjD,CAAC;IAED,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QACf,2DAA2D;QAC3D,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC;QACrC,MAAM,GAAG,GAAiC;YACxC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC;QACF,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrC,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,cAAc,CAAC;QACzC,CAAC;QACD,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAC7B,GAAG,CAAC,kBAAkB,GAAG,MAAM,CAAC,iBAAiB,CAAC;QACpD,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,CAAC;QACD,OAAO,CAAC,UAAU,GAAG,GAAG,CAAC;QACzB,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC5B,OAAO,CAAC,qBAAqB,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAC1D,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QACvB,gDAAgD;QAChD,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC;QACrC,kDAAkD;IACpD,CAAC;SAAM,CAAC;QACN,mDAAmD;QACnD,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,OAAO;YAClC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC;YACjC,CAAC,CAAC,SAAS,CAAC;QACd,0EAA0E;QAC1E,OAAO,OAAO,CAAC,cAAc,CAAC;QAC9B,OAAO,OAAO,CAAC,gBAAgB,CAAC;QAChC,OAAO,OAAO,CAAC,aAAa,CAAC;QAC7B,OAAO,OAAO,CAAC,eAAe,CAAC;QAC/B,OAAO,OAAO,CAAC,gBAAgB,CAAC;QAChC,+BAA+B;IACjC,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,UAAmB,EACnB,aAA4B,EAC5B,OAAgB,EAChB,UAAmB,EACnB,YAAqB,EACrB,iBAA0B,EAC1B,OAAgB,EAChB,iBAA0B,EAC1B,YAAqB,EACrB,UAAmB,EACnB,YAAqB,EACrB,gBAAyB;IAEzB,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,WAAW,EAAE,CAAC;IAClC,MAAM,EAAE,GAAG,QAAQ,CAAC;IACpB,MAAM,EAAE,GAAG,MAAM,CAAC;IAClB,MAAM,EAAE,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAEjE,MAAM,OAAO,GAAmB;QAC9B,YAAY,EAAE,UAAU;QACxB,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,cAAc,EAAE,aAAa;QAC7B,kBAAkB,EAAE,EAAE;QACtB,YAAY,EAAE,KAAK;QACnB,wBAAwB,EAAE,EAAE;KAC7B,CAAC;IAEF,wBAAwB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;IAE7L,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,sCAAsC;AACtC,MAAM,CAAC,MAAM,kBAAkB,GAA2B;IACxD,WAAW,EAAE,CAAC;IACd,YAAY,EAAE,CAAC;IACf,gBAAgB,EAAE,CAAC;IACnB,kBAAkB,EAAE,CAAC;IACrB,kBAAkB,EAAE,CAAC;IACrB,gBAAgB,EAAE,CAAC;IACnB,gBAAgB,EAAE,CAAC;CACpB,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CACtC,QAAgB,EAChB,iBAAyB,EACzB,MAAc,EACd,aAA4B,EAC5B,OAAgB,EAChB,UAAmB,EACnB,YAAqB,EACrB,iBAA0B,EAC1B,OAAgB,EAChB,iBAA0B,EAC1B,YAAqB,EACrB,UAAmB,EACnB,YAAqB,EACrB,gBAAyB;IAEzB,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,WAAW,EAAE,CAAC;IAClC,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,CAAC,CAAC;IACb,MAAM,EAAE,GAAG,CAAC,CAAC;IACb,MAAM,EAAE,GAAG,UAAU,CAAC;IACtB,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAEjE,MAAM,OAAO,GAAmB;QAC9B,YAAY,EAAE,UAAU;QACxB,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,cAAc,EAAE,aAAa;QAC7B,kBAAkB,EAAE,EAAE;QACtB,YAAY,EAAE,KAAK;QACnB,wBAAwB,EAAE,EAAE;QAC5B,iBAAiB,EAAE,iBAAiB;QACpC,iBAAiB,EAAE,MAAM;KAC1B,CAAC;IAEF,wBAAwB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;IAE7L,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mCAAmC,CACjD,QAAgB,EAChB,kBAA0B,EAC1B,aAAqB,EACrB,aAA4B,EAC5B,OAAgB,EAChB,UAAmB,EACnB,YAAqB,EACrB,iBAA0B,EAC1B,OAAgB,EAChB,iBAA0B,EAC1B,gBAAyB;IAEzB,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,WAAW,EAAE,CAAC;IAClC,MAAM,EAAE,GAAG,kBAAkB,CAAC;IAC9B,MAAM,EAAE,GAAG,aAAa,CAAC;IACzB,MAAM,EAAE,GAAG,aAAa,GAAG,kBAAkB,CAAC;IAC9C,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,YAAY,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAEnE,MAAM,OAAO,GAAmB;QAC9B,YAAY,EAAE,YAAY;QAC1B,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,cAAc,EAAE,aAAa;QAC7B,kBAAkB,EAAE,EAAE;QACtB,YAAY,EAAE,KAAK;QACnB,wBAAwB,EAAE,EAAE;KAC7B,CAAC;IAEF,wBAAwB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;IAEtL,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAOH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,KAAK,EACyF,YAAY,EAChH,MAAM,YAAY,CAAC;AAuMpB,UAAU,MAAM;IACd,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AA6MD,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAiDpF;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEzD;AAID;;;GAGG;AACH,wBAAgB,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,cAAc,CAExD;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,YAAY,CAiG1D"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAOH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,KAAK,EACyF,YAAY,EAChH,MAAM,YAAY,CAAC;AA0MpB,UAAU,MAAM;IACd,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAmQD,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAiDpF;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEzD;AAID;;;GAGG;AACH,wBAAgB,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,cAAc,CAExD;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,YAAY,CAmG1D"}

package/dist/config.js

@@ -36,6 +36,7 @@ const KEY_MAP = {
     signing_key: "signingKey",
     signing_key_id: "signingKeyId",
     signing_key_version: "signingKeyVersion",
+    signing_algorithm: "signingAlgorithm",
     cycle_id: "cycleId",
     policy_version: "policyVersion",
     legal_basis: "legalBasis",
@@ -45,6 +46,7 @@ const KEY_MAP = {
     wal_path: "walPath",
     replay_window: "replayWindow",
     token_budget: "tokenBudget",
+    digest_algorithm: "digestAlgorithm",
 };
 /** Env-suffix fields that resolve from process.env. */
 const ENV_FIELDS = {
@@ -52,7 +54,7 @@ const ENV_FIELDS = {
     signing_key_env: "signingKey",
 };
 /** Top-level sections extracted before key mapping. */
-const SECTION_KEYS = new Set(["policy", "trust_mesh", "hardware", "density_policy", "mcp_policy", "merkle", "profile"]);
+const SECTION_KEYS = new Set(["policy", "trust_mesh", "hardware", "density_policy", "mcp_policy", "merkle", "skill_card", "profile"]);
 // ── Typo Protection Sets ──────────────────────────────────────────────
 const VALID_POLICY_KEYS = new Set([
     "require_signing",
@@ -68,7 +70,7 @@ const VALID_TRUST_MESH_KEYS = new Set([
     "required_procedures", "signing_keys",
 ]);
 const VALID_HARDWARE_KEYS = new Set([
-    "require_attestation", "attestation_freshness", "allowed_methods",
+    "require_attestation", "attestation_freshness", "allowed_methods", "runtime_profile",
 ]);
 const VALID_DENSITY_POLICY_KEYS = new Set([
     "min_anchors_per_1000_tokens", "required_providers",
@@ -84,6 +86,7 @@ const VALID_MERKLE_KEYS = new Set([
     "enabled", "accumulator_interval",
 ]);
 const VALID_PROFILES = new Set([
+    "cost-conscious",
     "eu-ai-act-high-risk",
     "granite-sovereign",
     "mythos-defense",
@@ -239,11 +242,26 @@ function extractHardware(raw) {
     if (typeof section !== "object" || Array.isArray(section)) {
         throw new Error("'hardware' must be a YAML mapping");
     }
+    // Extract runtime_profile before validateKeys (it's a nested object, not a flat key)
+    const rp = section.runtime_profile;
+    delete section.runtime_profile;
     validateKeys(section, VALID_HARDWARE_KEYS, "hardware");
+    let runtimeProfile;
+    if (rp && typeof rp === "object" && !Array.isArray(rp)) {
+        runtimeProfile = {
+            expectedTopology: rp.expected_topology,
+            minGpuCount: rp.min_gpu_count,
+            minMemoryMb: rp.min_memory_mb,
+            expectedAccelerator: rp.expected_accelerator,
+            maxTemperatureCelsius: rp.max_temperature_celsius,
+            maxPowerWatts: rp.max_power_watts,
+        };
+    }
     return {
         requireAttestation: section.require_attestation ?? false,
         attestationFreshness: section.attestation_freshness ?? 3600,
         allowedMethods: section.allowed_methods ?? [],
+        runtimeProfile,
     };
 }
 function extractDensityPolicy(raw) {
@@ -308,6 +326,38 @@ function extractMerkle(raw) {
         accumulatorInterval: section.accumulator_interval ?? 0,
     };
 }
+const VALID_SKILL_CARD_KEYS = new Set(["skills", "expected_manifest_hash"]);
+function extractSkillCard(raw) {
+    const section = raw.skill_card;
+    if (!section)
+        return null;
+    delete raw.skill_card;
+    if (typeof section !== "object" || Array.isArray(section)) {
+        throw new Error("'skill_card' must be a YAML mapping");
+    }
+    validateKeys(section, VALID_SKILL_CARD_KEYS, "skill_card");
+    const rawSkills = section.skills;
+    if (!rawSkills || !Array.isArray(rawSkills) || rawSkills.length === 0) {
+        return null;
+    }
+    const skills = rawSkills.map((s) => {
+        if (typeof s === "string")
+            return s;
+        if (typeof s === "object" && s !== null) {
+            const obj = s;
+            return {
+                name: obj.name,
+                version: obj.version,
+                skillHash: (obj.skill_hash ?? obj.skillHash),
+            };
+        }
+        return String(s);
+    });
+    return {
+        skills,
+        expectedManifestHash: section.expected_manifest_hash,
+    };
+}
 // ── Profile / Template System ─────────────────────────────────────────
 function deepMerge(base, override) {
     const result = { ...base };
@@ -430,6 +480,7 @@ export function loadFullConfig(path) {
     const policy = extractPolicy(raw);
     const trustMesh = extractTrustMesh(raw);
     const hardware = extractHardware(raw);
+    const skillCard = extractSkillCard(raw);
     const densityPolicy = extractDensityPolicy(raw);
     const mcpPolicy = extractMcpPolicy(raw);
     const merkle = extractMerkle(raw);
@@ -472,6 +523,7 @@ export function loadFullConfig(path) {
         witnessOptions: result,
         trustMesh,
         hardware,
+        skillCard,
         densityPolicy,
         mcpPolicy,
         merkle,