@vorim/verify 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +36 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +147 -5
- package/dist/index.js.map +1 -1
- package/dist/types.d.ts +37 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +3 -2
package/dist/index.d.ts
CHANGED
|
@@ -29,6 +29,34 @@ export declare function canonicalPayloadV0(event: {
|
|
|
29
29
|
output_hash?: string | null;
|
|
30
30
|
result: string;
|
|
31
31
|
}): string;
|
|
32
|
+
/**
|
|
33
|
+
* VAIP v1 canonical bytes for audit-event signing (RFC 8785 JCS).
|
|
34
|
+
*
|
|
35
|
+
* Signs the full event object excluding `signature` (the field being
|
|
36
|
+
* computed) and `canonical_form` (metadata about the recipe). Covers
|
|
37
|
+
* replayable-evidence fields and metadata — anything v0 missed.
|
|
38
|
+
*
|
|
39
|
+
* Must produce byte-identical output to:
|
|
40
|
+
* - @vorim/sdk `canonicalPayloadV1` (TypeScript SDK)
|
|
41
|
+
* - vorim Python SDK `canonical_payload_v1`
|
|
42
|
+
* - @vorim/shared-types `canonicalPayloadV1` (server)
|
|
43
|
+
*
|
|
44
|
+
* Locked by the cross-language parity script in scripts/check-replay-parity.sh.
|
|
45
|
+
*/
|
|
46
|
+
export declare function canonicalPayloadV1(event: BundleEvent): string;
|
|
47
|
+
/**
|
|
48
|
+
* RFC 8785 JSON Canonicalization Scheme, sufficient subset for audit
|
|
49
|
+
* event values. Identical algorithm to the SDK and shared-types
|
|
50
|
+
* implementations; the cross-language parity script enforces it.
|
|
51
|
+
*
|
|
52
|
+
* - Object keys sorted lexicographically (UTF-16 code units).
|
|
53
|
+
* - No whitespace between tokens.
|
|
54
|
+
* - Integer numbers via .toString(); finite non-integer floats per
|
|
55
|
+
* ECMAScript Number.toString shortest-round-trip. Rejects NaN/Infinity.
|
|
56
|
+
* - Strings: JSON-escape per RFC 8259 § 7.
|
|
57
|
+
* - Arrays preserve order. undefined values dropped from objects.
|
|
58
|
+
*/
|
|
59
|
+
export declare function jcsCanonicalise(value: unknown): string;
|
|
32
60
|
/**
|
|
33
61
|
* Verify the SHA-256 manifest over `{ events, agents }`. Returns null if
|
|
34
62
|
* the bundle has no manifest field (older exports). Manifest format is
|
|
@@ -40,9 +68,14 @@ export declare function verifyManifest(bundle: AuditBundle): {
|
|
|
40
68
|
actual: string | null;
|
|
41
69
|
};
|
|
42
70
|
/**
|
|
43
|
-
* Verify a single Ed25519 signature
|
|
44
|
-
*
|
|
45
|
-
*
|
|
71
|
+
* Verify a single Ed25519 signature.
|
|
72
|
+
*
|
|
73
|
+
* Dispatches on the event's `canonical_form` field to pick the right
|
|
74
|
+
* recipe (v0 pipe-joined, or v1 RFC 8785 JCS). Missing/null defaults to
|
|
75
|
+
* v0 for backward-compat with events signed before v1 was registered.
|
|
76
|
+
*
|
|
77
|
+
* `signature` is the `ed25519:<base64>` form the SDK produces; the
|
|
78
|
+
* prefix is stripped before decoding.
|
|
46
79
|
*/
|
|
47
80
|
export declare function verifyEventSignature(event: BundleEvent, publicKeyPem: string): {
|
|
48
81
|
ok: boolean;
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EACV,WAAW,EAEX,WAAW,EAEX,YAAY,EACb,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,WAAW,EACX,WAAW,EACX,WAAW,EACX,WAAW,EACX,YAAY,EACZ,YAAY,GACb,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE;IACxC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;CAChB,GAAG,MAAM,CAST;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,WAAW,GAAG;IACnD,EAAE,EAAE,OAAO,GAAG,IAAI,CAAC;IACnB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAKA;AAED
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EACV,WAAW,EAEX,WAAW,EAEX,YAAY,EACb,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,WAAW,EACX,WAAW,EACX,WAAW,EACX,WAAW,EACX,YAAY,EACZ,YAAY,GACb,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE;IACxC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;CAChB,GAAG,MAAM,CAST;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,CAG7D;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CA4BtD;AAYD;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,WAAW,GAAG;IACnD,EAAE,EAAE,OAAO,GAAG,IAAI,CAAC;IACnB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAKA;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,WAAW,EAClB,YAAY,EAAE,MAAM,GACnB;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CA6BlC;AAYD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,WAAW,GAAG,YAAY,CA0K9D"}
|
package/dist/index.js
CHANGED
|
@@ -30,6 +30,72 @@ export function canonicalPayloadV0(event) {
|
|
|
30
30
|
event.result,
|
|
31
31
|
].join('|');
|
|
32
32
|
}
|
|
33
|
+
/**
|
|
34
|
+
* VAIP v1 canonical bytes for audit-event signing (RFC 8785 JCS).
|
|
35
|
+
*
|
|
36
|
+
* Signs the full event object excluding `signature` (the field being
|
|
37
|
+
* computed) and `canonical_form` (metadata about the recipe). Covers
|
|
38
|
+
* replayable-evidence fields and metadata — anything v0 missed.
|
|
39
|
+
*
|
|
40
|
+
* Must produce byte-identical output to:
|
|
41
|
+
* - @vorim/sdk `canonicalPayloadV1` (TypeScript SDK)
|
|
42
|
+
* - vorim Python SDK `canonical_payload_v1`
|
|
43
|
+
* - @vorim/shared-types `canonicalPayloadV1` (server)
|
|
44
|
+
*
|
|
45
|
+
* Locked by the cross-language parity script in scripts/check-replay-parity.sh.
|
|
46
|
+
*/
|
|
47
|
+
export function canonicalPayloadV1(event) {
|
|
48
|
+
const { signature: _sig, canonical_form: _cf, ...rest } = event;
|
|
49
|
+
return jcsCanonicalise(rest);
|
|
50
|
+
}
|
|
51
|
+
/**
|
|
52
|
+
* RFC 8785 JSON Canonicalization Scheme, sufficient subset for audit
|
|
53
|
+
* event values. Identical algorithm to the SDK and shared-types
|
|
54
|
+
* implementations; the cross-language parity script enforces it.
|
|
55
|
+
*
|
|
56
|
+
* - Object keys sorted lexicographically (UTF-16 code units).
|
|
57
|
+
* - No whitespace between tokens.
|
|
58
|
+
* - Integer numbers via .toString(); finite non-integer floats per
|
|
59
|
+
* ECMAScript Number.toString shortest-round-trip. Rejects NaN/Infinity.
|
|
60
|
+
* - Strings: JSON-escape per RFC 8259 § 7.
|
|
61
|
+
* - Arrays preserve order. undefined values dropped from objects.
|
|
62
|
+
*/
|
|
63
|
+
export function jcsCanonicalise(value) {
|
|
64
|
+
if (value === null)
|
|
65
|
+
return 'null';
|
|
66
|
+
if (value === true)
|
|
67
|
+
return 'true';
|
|
68
|
+
if (value === false)
|
|
69
|
+
return 'false';
|
|
70
|
+
if (typeof value === 'number') {
|
|
71
|
+
if (!Number.isFinite(value)) {
|
|
72
|
+
throw new Error('jcsCanonicalise: NaN and Infinity are not JCS-valid');
|
|
73
|
+
}
|
|
74
|
+
return value.toString();
|
|
75
|
+
}
|
|
76
|
+
if (typeof value === 'string') {
|
|
77
|
+
return JSON.stringify(value);
|
|
78
|
+
}
|
|
79
|
+
if (Array.isArray(value)) {
|
|
80
|
+
return '[' + value.map(jcsCanonicalise).join(',') + ']';
|
|
81
|
+
}
|
|
82
|
+
if (typeof value === 'object') {
|
|
83
|
+
const obj = value;
|
|
84
|
+
const keys = Object.keys(obj).filter(k => obj[k] !== undefined).sort();
|
|
85
|
+
const parts = keys.map(k => JSON.stringify(k) + ':' + jcsCanonicalise(obj[k]));
|
|
86
|
+
return '{' + parts.join(',') + '}';
|
|
87
|
+
}
|
|
88
|
+
throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);
|
|
89
|
+
}
|
|
90
|
+
/**
|
|
91
|
+
* Compute the canonical bytes for an event based on its `canonical_form`
|
|
92
|
+
* field. Missing/null defaults to v0 for backward-compat with events
|
|
93
|
+
* signed before v1 was registered.
|
|
94
|
+
*/
|
|
95
|
+
function canonicalBytesForEvent(event) {
|
|
96
|
+
const form = event.canonical_form ?? 'v0';
|
|
97
|
+
return form === 'v1' ? canonicalPayloadV1(event) : canonicalPayloadV0(event);
|
|
98
|
+
}
|
|
33
99
|
/**
|
|
34
100
|
* Verify the SHA-256 manifest over `{ events, agents }`. Returns null if
|
|
35
101
|
* the bundle has no manifest field (older exports). Manifest format is
|
|
@@ -43,9 +109,14 @@ export function verifyManifest(bundle) {
|
|
|
43
109
|
return { ok: actual === bundle.manifest, expected: bundle.manifest, actual };
|
|
44
110
|
}
|
|
45
111
|
/**
|
|
46
|
-
* Verify a single Ed25519 signature
|
|
47
|
-
*
|
|
48
|
-
*
|
|
112
|
+
* Verify a single Ed25519 signature.
|
|
113
|
+
*
|
|
114
|
+
* Dispatches on the event's `canonical_form` field to pick the right
|
|
115
|
+
* recipe (v0 pipe-joined, or v1 RFC 8785 JCS). Missing/null defaults to
|
|
116
|
+
* v0 for backward-compat with events signed before v1 was registered.
|
|
117
|
+
*
|
|
118
|
+
* `signature` is the `ed25519:<base64>` form the SDK produces; the
|
|
119
|
+
* prefix is stripped before decoding.
|
|
49
120
|
*/
|
|
50
121
|
export function verifyEventSignature(event, publicKeyPem) {
|
|
51
122
|
const sig = event.signature;
|
|
@@ -71,7 +142,7 @@ export function verifyEventSignature(event, publicKeyPem) {
|
|
|
71
142
|
reason: `unparseable public key: ${e.message}`,
|
|
72
143
|
};
|
|
73
144
|
}
|
|
74
|
-
const payload = Buffer.from(
|
|
145
|
+
const payload = Buffer.from(canonicalBytesForEvent(event), 'utf-8');
|
|
75
146
|
try {
|
|
76
147
|
return { ok: cryptoVerify(null, payload, pubKey, sigBytes) };
|
|
77
148
|
}
|
|
@@ -177,11 +248,72 @@ export function verifyBundle(bundle) {
|
|
|
177
248
|
};
|
|
178
249
|
for (const r of events)
|
|
179
250
|
counts[r.verdict]++;
|
|
251
|
+
// ── Hash-chained ingest validation ─────────────────────────────────
|
|
252
|
+
//
|
|
253
|
+
// For each agent's chain (events in bundle order), check whether the
|
|
254
|
+
// event's `prev_event_hash` matches SHA-256(canonical bytes of the
|
|
255
|
+
// previous event for the same agent). Empty prev_event_hash on the
|
|
256
|
+
// first event = chain start (intact). Empty after a predecessor =
|
|
257
|
+
// chain_restart (informational). Mismatch = chain_broken (fails ok).
|
|
258
|
+
//
|
|
259
|
+
// anyChained is true if any event in the bundle carries
|
|
260
|
+
// `prev_event_hash` — that's how we know the issuer was using chained
|
|
261
|
+
// ingest. Without any chained events the chain counts are suppressed
|
|
262
|
+
// from the final report.
|
|
263
|
+
const rawEvents = bundle.events ?? [];
|
|
264
|
+
const chainCounts = { intact: 0, restart: 0, broken: 0 };
|
|
265
|
+
const anyChained = rawEvents.some(e => e.prev_event_hash != null);
|
|
266
|
+
const lastBytesHashByAgent = new Map();
|
|
267
|
+
for (let i = 0; i < rawEvents.length; i++) {
|
|
268
|
+
const e = rawEvents[i];
|
|
269
|
+
const agentId = eventAgentId(e);
|
|
270
|
+
if (!agentId)
|
|
271
|
+
continue;
|
|
272
|
+
const prevField = e.prev_event_hash;
|
|
273
|
+
const previousHash = lastBytesHashByAgent.get(agentId);
|
|
274
|
+
if (prevField) {
|
|
275
|
+
if (!previousHash) {
|
|
276
|
+
// Event claims to be chained but we have no predecessor for this
|
|
277
|
+
// agent in the bundle. Likely a partial bundle (sub-range export).
|
|
278
|
+
// Treat as broken: the prev_event_hash references something we
|
|
279
|
+
// can't verify.
|
|
280
|
+
events[i].chain = 'chain_broken';
|
|
281
|
+
events[i].reason = events[i].reason ?? 'prev_event_hash set but no predecessor in bundle';
|
|
282
|
+
chainCounts.broken++;
|
|
283
|
+
}
|
|
284
|
+
else if (prevField === previousHash) {
|
|
285
|
+
events[i].chain = 'chain_intact';
|
|
286
|
+
chainCounts.intact++;
|
|
287
|
+
}
|
|
288
|
+
else {
|
|
289
|
+
events[i].chain = 'chain_broken';
|
|
290
|
+
events[i].reason = events[i].reason ?? `prev_event_hash mismatch (expected ${previousHash}, got ${prevField})`;
|
|
291
|
+
chainCounts.broken++;
|
|
292
|
+
}
|
|
293
|
+
}
|
|
294
|
+
else if (previousHash && anyChained) {
|
|
295
|
+
// Predecessor exists but this event has no prev_event_hash:
|
|
296
|
+
// SDK restart or chainEvents toggled off mid-stream. Only count
|
|
297
|
+
// as a restart when the bundle has chained events at all.
|
|
298
|
+
events[i].chain = 'chain_restart';
|
|
299
|
+
chainCounts.restart++;
|
|
300
|
+
}
|
|
301
|
+
else if (anyChained) {
|
|
302
|
+
// Chain head (no predecessor + no prev_event_hash), within a
|
|
303
|
+
// chained bundle: counted as intact.
|
|
304
|
+
events[i].chain = 'chain_intact';
|
|
305
|
+
chainCounts.intact++;
|
|
306
|
+
}
|
|
307
|
+
// Else: non-chained bundle, no chain verdict on this event.
|
|
308
|
+
// Update the per-agent rolling hash with this event's canonical bytes.
|
|
309
|
+
lastBytesHashByAgent.set(agentId, sha256Hex(canonicalBytesForEvent(e)));
|
|
310
|
+
}
|
|
180
311
|
const manifest = verifyManifest(bundle);
|
|
181
312
|
const ok = counts.bad_signature === 0 &&
|
|
182
313
|
counts.malformed_signature === 0 &&
|
|
314
|
+
chainCounts.broken === 0 &&
|
|
183
315
|
manifest.ok !== false;
|
|
184
|
-
|
|
316
|
+
const base = {
|
|
185
317
|
bundle_version: typeof bundle.bundle_version === 'string' ? bundle.bundle_version : null,
|
|
186
318
|
manifest_ok: manifest.ok,
|
|
187
319
|
manifest_expected: manifest.expected,
|
|
@@ -195,5 +327,15 @@ export function verifyBundle(bundle) {
|
|
|
195
327
|
events,
|
|
196
328
|
ok,
|
|
197
329
|
};
|
|
330
|
+
if (anyChained) {
|
|
331
|
+
base.chain_intact = chainCounts.intact;
|
|
332
|
+
base.chain_restart = chainCounts.restart;
|
|
333
|
+
base.chain_broken = chainCounts.broken;
|
|
334
|
+
}
|
|
335
|
+
return base;
|
|
336
|
+
}
|
|
337
|
+
/** Synchronous SHA-256 hex digest of a UTF-8 string, prefixed `sha256:`. */
|
|
338
|
+
function sha256Hex(s) {
|
|
339
|
+
return 'sha256:' + createHash('sha256').update(s).digest('hex');
|
|
198
340
|
}
|
|
199
341
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,IAAI,YAAY,EAAE,MAAM,aAAa,CAAC;AAkBlF;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAOlC;IACC,OAAO;QACL,KAAK,CAAC,UAAU;QAChB,KAAK,CAAC,MAAM;QACZ,KAAK,CAAC,QAAQ,IAAI,EAAE;QACpB,KAAK,CAAC,UAAU,IAAI,EAAE;QACtB,KAAK,CAAC,WAAW,IAAI,EAAE;QACvB,KAAK,CAAC,MAAM;KACb,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,MAAmB;IAKhD,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACxE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,MAAM,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3E,OAAO,EAAE,EAAE,EAAE,MAAM,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;AAC/E,CAAC;AAED
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,IAAI,YAAY,EAAE,MAAM,aAAa,CAAC;AAkBlF;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAOlC;IACC,OAAO;QACL,KAAK,CAAC,UAAU;QAChB,KAAK,CAAC,MAAM;QACZ,KAAK,CAAC,QAAQ,IAAI,EAAE;QACpB,KAAK,CAAC,UAAU,IAAI,EAAE;QACtB,KAAK,CAAC,WAAW,IAAI,EAAE;QACvB,KAAK,CAAC,MAAM;KACb,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAkB;IACnD,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,KAA8C,CAAC;IACzG,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,eAAe,CAAC,KAAc;IAC5C,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAClC,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAClC,IAAI,KAAK,KAAK,KAAK;QAAE,OAAO,OAAO,CAAC;IAEpC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,KAAK,CAAC,QAAQ,EAAE,CAAC;IAC1B,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC1D,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;QACvE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/E,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACrC,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,4CAA4C,OAAO,KAAK,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED;;;;GAIG;AACH,SAAS,sBAAsB,CAAC,KAAkB;IAChD,MAAM,IAAI,GAAI,KAAa,CAAC,cAAc,IAAI,IAAI,CAAC;IACnD,OAAO,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;AAC/E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,MAAmB;IAKhD,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACxE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,MAAM,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3E,OAAO,EAAE,EAAE,EAAE,MAAM,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;AAC/E,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,oBAAoB,CAClC,KAAkB,EAClB,YAAoB;IAEpB,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;IAEvD,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACjF,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC;IAC7D,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IAE3E,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,2BAA4B,CAAW,CAAC,OAAO,EAAE;SAC1D,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,CAAC;IACpE,IAAI,CAAC;QACH,OAAO,EAAE,EAAE,EAAE,YAAY,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC;IAC/D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAkB,CAAW,CAAC,OAAO,EAAE,EAAE,CAAC;IACxE,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,KAAkB;IACtC,mEAAmE;IACnE,oEAAoE;IACpE,OAAO,CACL,CAAC,OAAO,KAAK,CAAC,YAAY,KAAK,QAAQ,IAAI,KAAK,CAAC,YAAY,CAAC;QAC9D,CAAC,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC;QACtD,IAAI,CACL,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,YAAY,CAAC,MAAmB;IAC9C,MAAM,QAAQ,GAAG,IAAI,GAAG,CACtB,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAChD,CAAC;IAEF,MAAM,MAAM,GAAkB,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QAC1D,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;QAEvE,IAAI,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;YACjB,OAAO;gBACL,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,OAAO,EAAE,UAAU;aACpB,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,OAAO,EAAE,eAAe;gBACxB,MAAM,EAAE,uBAAuB;aAChC,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,OAAO,EAAE,eAAe;gBACxB,MAAM,EAAE,oCAAoC,OAAO,EAAE;aACtD,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,GAAG,oBAAoB,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;QACpD,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC;YACT,OAAO;gBACL,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,OAAO,EAAE,UAAU;aACpB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,wBAAwB,CAAC,EAAE,CAAC;YAC9D,OAAO;gBACL,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,OAAO,EAAE,qBAAqB;gBAC9B,MAAM,EAAE,CAAC,CAAC,MAAM;aACjB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;YACnF,OAAO;gBACL,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,OAAO,EAAE,qBAAqB;gBAC9B,MAAM,EAAE,CAAC,CAAC,MAAM;aACjB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,OAAO,EAAE,eAAe;YACxB,MAAM,EAAE,CAAC,CAAC,MAAM;SACjB,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,CAAC;QACX,aAAa,EAAE,CAAC;QAChB,aAAa,EAAE,CAAC;QAChB,mBAAmB,EAAE,CAAC;KACvB,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,MAAM;QAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAE5C,sEAAsE;IACtE,EAAE;IACF,qEAAqE;IACrE,mEAAmE;IACnE,mEAAmE;IACnE,kEAAkE;IAClE,qEAAqE;IACrE,EAAE;IACF,wDAAwD;IACxD,sEAAsE;IACtE,qEAAqE;IACrE,yBAAyB;IACzB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IACtC,MAAM,WAAW,GAAG,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACzD,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAE,CAAS,CAAC,eAAe,IAAI,IAAI,CAAC,CAAC;IAC3E,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,MAAM,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,MAAM,SAAS,GAAI,CAAS,CAAC,eAA4C,CAAC;QAC1E,MAAM,YAAY,GAAG,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEvD,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,iEAAiE;gBACjE,mEAAmE;gBACnE,+DAA+D;gBAC/D,gBAAgB;gBAChB,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,cAAc,CAAC;gBACjC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,kDAAkD,CAAC;gBAC1F,WAAW,CAAC,MAAM,EAAE,CAAC;YACvB,CAAC;iBAAM,IAAI,SAAS,KAAK,YAAY,EAAE,CAAC;gBACtC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,cAAc,CAAC;gBACjC,WAAW,CAAC,MAAM,EAAE,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,cAAc,CAAC;gBACjC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,sCAAsC,YAAY,SAAS,SAAS,GAAG,CAAC;gBAC/G,WAAW,CAAC,MAAM,EAAE,CAAC;YACvB,CAAC;QACH,CAAC;aAAM,IAAI,YAAY,IAAI,UAAU,EAAE,CAAC;YACtC,4DAA4D;YAC5D,gEAAgE;YAChE,0DAA0D;YAC1D,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,eAAe,CAAC;YAClC,WAAW,CAAC,OAAO,EAAE,CAAC;QACxB,CAAC;aAAM,IAAI,UAAU,EAAE,CAAC;YACtB,6DAA6D;YAC7D,qCAAqC;YACrC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,cAAc,CAAC;YACjC,WAAW,CAAC,MAAM,EAAE,CAAC;QACvB,CAAC;QACD,4DAA4D;QAE5D,uEAAuE;QACvE,oBAAoB,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,EAAE,GACN,MAAM,CAAC,aAAa,KAAK,CAAC;QAC1B,MAAM,CAAC,mBAAmB,KAAK,CAAC;QAChC,WAAW,CAAC,MAAM,KAAK,CAAC;QACxB,QAAQ,CAAC,EAAE,KAAK,KAAK,CAAC;IAExB,MAAM,IAAI,GAAiB;QACzB,cAAc,EACZ,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI;QAC1E,WAAW,EAAE,QAAQ,CAAC,EAAE;QACxB,iBAAiB,EAAE,QAAQ,CAAC,QAAQ;QACpC,eAAe,EAAE,QAAQ,CAAC,MAAM;QAChC,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;QAC/C,MAAM;QACN,EAAE;KACH,CAAC;IACF,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,MAAM,CAAC;QACvC,IAAI,CAAC,aAAa,GAAG,WAAW,CAAC,OAAO,CAAC;QACzC,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,MAAM,CAAC;IACzC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,4EAA4E;AAC5E,SAAS,SAAS,CAAC,CAAS;IAC1B,OAAO,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -31,6 +31,16 @@ export interface BundleEvent {
|
|
|
31
31
|
result: string;
|
|
32
32
|
signature?: string | null;
|
|
33
33
|
timestamp?: string;
|
|
34
|
+
model_version?: string | null;
|
|
35
|
+
tool_catalogue_hash?: string | null;
|
|
36
|
+
system_prompt_hash?: string | null;
|
|
37
|
+
prev_event_hash?: string | null;
|
|
38
|
+
/**
|
|
39
|
+
* Which canonical-form recipe the signature was computed over.
|
|
40
|
+
* Missing/null ↔ 'v0' (the pipe-joined six-field form), preserving
|
|
41
|
+
* compatibility with events signed before v1 was registered.
|
|
42
|
+
*/
|
|
43
|
+
canonical_form?: 'v0' | 'v1' | null;
|
|
34
44
|
[key: string]: unknown;
|
|
35
45
|
}
|
|
36
46
|
export interface BundleAgent {
|
|
@@ -41,12 +51,20 @@ export interface BundleAgent {
|
|
|
41
51
|
name?: string;
|
|
42
52
|
}
|
|
43
53
|
export type EventVerdict = 'verified' | 'unsigned' | 'bad_signature' | 'unknown_agent' | 'malformed_signature';
|
|
54
|
+
/** Per-agent chain validation outcome (independent of signature verdict). */
|
|
55
|
+
export type ChainVerdict = 'chain_intact' | 'chain_restart' | 'chain_broken';
|
|
44
56
|
export interface EventResult {
|
|
45
57
|
event_id?: string;
|
|
46
58
|
agent_id: string | null;
|
|
47
59
|
action: string;
|
|
48
60
|
verdict: EventVerdict;
|
|
49
61
|
reason?: string;
|
|
62
|
+
/**
|
|
63
|
+
* Chain validation outcome for this event. Only populated when the
|
|
64
|
+
* bundle contains at least one event with a `prev_event_hash` field;
|
|
65
|
+
* otherwise undefined (no chain to validate).
|
|
66
|
+
*/
|
|
67
|
+
chain?: ChainVerdict;
|
|
50
68
|
}
|
|
51
69
|
export interface VerifyReport {
|
|
52
70
|
bundle_version: string | null;
|
|
@@ -59,6 +77,25 @@ export interface VerifyReport {
|
|
|
59
77
|
bad_signature: number;
|
|
60
78
|
unknown_agent: number;
|
|
61
79
|
malformed_signature: number;
|
|
80
|
+
/**
|
|
81
|
+
* Number of events whose `prev_event_hash` matched the predecessor's
|
|
82
|
+
* canonical bytes for the same agent. Includes the head of each chain
|
|
83
|
+
* (no predecessor) when no prev_event_hash is set. Only counted when
|
|
84
|
+
* the bundle contains any chained events.
|
|
85
|
+
*/
|
|
86
|
+
chain_intact?: number;
|
|
87
|
+
/**
|
|
88
|
+
* Number of events that have no `prev_event_hash` but a predecessor
|
|
89
|
+
* exists in the bundle for the same agent. Informational, not a
|
|
90
|
+
* failure: chain restarts happen on SDK process restart.
|
|
91
|
+
*/
|
|
92
|
+
chain_restart?: number;
|
|
93
|
+
/**
|
|
94
|
+
* Number of events whose `prev_event_hash` did NOT match the
|
|
95
|
+
* predecessor's canonical-bytes hash. A non-zero count fails the
|
|
96
|
+
* bundle.
|
|
97
|
+
*/
|
|
98
|
+
chain_broken?: number;
|
|
62
99
|
events: EventResult[];
|
|
63
100
|
ok: boolean;
|
|
64
101
|
}
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,WAAW,WAAW;IAC1B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,WAAW,WAAW;IAC1B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC;;;;OAIG;IACH,cAAc,CAAC,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;IACpC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,MAAM,YAAY,GACpB,UAAU,GACV,UAAU,GACV,eAAe,GACf,eAAe,GACf,qBAAqB,CAAC;AAE1B,6EAA6E;AAC7E,MAAM,MAAM,YAAY,GACpB,cAAc,GACd,eAAe,GACf,cAAc,CAAC;AAEnB,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,YAAY,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,KAAK,CAAC,EAAE,YAAY,CAAC;CACtB;AAED,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,WAAW,EAAE,OAAO,GAAG,IAAI,CAAC;IAC5B,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,mBAAmB,EAAE,MAAM,CAAC;IAC5B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,EAAE,EAAE,OAAO,CAAC;CACb"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vorim/verify",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.2.0",
|
|
4
4
|
"description": "Offline verifier for Vorim audit bundles — no network, no Vorim API call, no telemetry.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -22,7 +22,8 @@
|
|
|
22
22
|
"scripts": {
|
|
23
23
|
"build": "tsc",
|
|
24
24
|
"test": "vitest run",
|
|
25
|
-
"typecheck": "tsc --noEmit"
|
|
25
|
+
"typecheck": "tsc --noEmit",
|
|
26
|
+
"prepublishOnly": "npm run typecheck && npm run test && npm run build"
|
|
26
27
|
},
|
|
27
28
|
"dependencies": {},
|
|
28
29
|
"devDependencies": {
|