bsv-bap 0.1.17 → 0.1.18

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bsv-bap",
-  "version": "0.1.17",
+  "version": "0.1.18",
   "description": "BAP npm module",
   "repository": {
     "type": "git",

package/dist/index.cjs

@@ -1,8 +0,0 @@
-// @bun @bun-cjs
-(function(exports, require, module, __filename, __dirname) {var{defineProperty:v,getOwnPropertyNames:r,getOwnPropertyDescriptor:a}=Object,e=Object.prototype.hasOwnProperty;var K=new WeakMap,t=(j)=>{var J=K.get(j),$;if(J)return J;if(J=v({},"__esModule",{value:!0}),j&&typeof j==="object"||typeof j==="function")r(j).map((q)=>!e.call(J,q)&&v(J,q,{get:()=>j[q],enumerable:!($=a(j,q))||$.enumerable}));return K.set(j,J),J};var jj=(j,J)=>{for(var $ in J)v(j,$,{get:J[$],enumerable:!0,configurable:!0,set:(q)=>J[$]=()=>q})};var Fj={};jj(Fj,{MemberID:()=>x,MasterID:()=>V,BAP:()=>i});module.exports=t(Fj);var L=require("@bsv/sdk"),s=require("@bsv/sdk");var Jj=async(j,J,$,q)=>{let z=`${$}${j}`;return(await fetch(z,{method:"post",headers:{"Content-type":"application/json; charset=utf-8",token:q,format:"json"},body:JSON.stringify(J)})).json()},N=(j,J)=>async($,q)=>{return Jj($,q,j,J)};var m=require("@bsv/sdk"),{toHex:c,toArray:b}=m.Utils,k="1BAPSuaPnfGnSBM3GLV9yhxUdYe4vGbdMT",p=c(b(k)),E="15PciHG22SNLQJXMoSUaWVi7WSqc7hCfva",Uj=c(b(E)),S="https://api.sigmaidentity.com/v1",M=2147483647,R="m/424150'/0'/0'",F=`m/424150'/${M}'/${M}'`;var H="1-bap-identity",h=2,P="friend";var w=require("@bsv/sdk");var U={getRandomBytes(j=32){if(typeof globalThis<"u"&&globalThis.crypto&&globalThis.crypto.getRandomValues){let J=new Uint8Array(j);return globalThis.crypto.getRandomValues(J),J}throw Error("Secure random number generation not available. crypto.getRandomValues() is required for cryptographic operations. This environment may not be suitable for secure key generation.")},getRandomString(j=32){let J=this.getRandomBytes(j);return Array.from(J,($)=>$.toString(16).padStart(2,"0")).join("")},getSigningPathFromHex(j,J=!0){let $="m",q=j.match(/.{1,8}/g);if(!q)throw Error("Invalid hex string");let z=2147483647;for(let Q of q){let W=Number(`0x${Q}`);if(W>z)W-=z;$+=`/${W}${J?"'":""}`}return $},getNextIdentityPath(j){let J=j.split("/"),$=J[J.length-2],q=!1;if($.match("'"))q=!0;let z=(Number($.replace(/[^0-9]/g,""))+1).toString();return J[J.length-2]=z+(q?"'":""),J[J.length-1]=`0${q?"'":""}`,J.join("/")},getNextPath(j){let J=j.split("/"),$=J[J.length-1],q=!1;if($.match("'"))q=!0;let z=(Number($.replace(/[^0-9]/g,""))+1).toString();return J[J.length-1]=z+(q?"'":""),J.join("/")}};var f=require("@bsv/sdk");var Y=require("@bsv/sdk");var{toArray:O,toUTF8:$j,toBase64:qj}=Y.Utils,{magicHash:zj}=Y.BSM,{electrumDecrypt:Qj,electrumEncrypt:Zj}=Y.ECIES;class T{identityAttributes={};signWithBSM(j,J){let $=J.toPublicKey().toAddress(),q=Y.BSM.sign(j,J,"raw"),z=new Y.BigNumber(zj(j)),Q=q.CalculateRecoveryFactor(J.toPublicKey(),z),W=Y.BSM.sign(j,J,"raw").toCompact(Q,!0,"base64");return{address:$,signature:W}}encrypt(j,J){let{privKey:$,pubKey:q}=this.getEncryptionKey(),z=J?Y.PublicKey.fromString(J):q;return qj(Zj(O(j),z,$))}decrypt(j,J){let{privKey:$}=this.getEncryptionKey(),q;if(J)q=Y.PublicKey.fromString(J);return $j(Qj(O(j,"base64"),$,q))}signOpReturnWithAIP(j,J){let $=this.getAIPMessageBuffer(j),{address:q,signature:z}=this.signMessage($.flat(),J);return this.formatAIPOutput($,q,z)}getAttributes(){return this.identityAttributes}getAttribute(j){if(this.identityAttributes[j])return this.identityAttributes[j];return null}setAttribute(j,J){if(!J)return;if(this.identityAttributes[j])this.updateExistingAttribute(j,J);else this.createNewAttribute(j,J)}unsetAttribute(j){delete this.identityAttributes[j]}addAttribute(j,J,$=""){let q=$;if(!$)q=U.getRandomString();this.identityAttributes[j]={value:J,nonce:q}}getAttributeUrns(){let j="";for(let J in this.identityAttributes){let $=this.getAttributeUrn(J);if($)j+=`${$}
-`}return j}getAttributeUrn(j){let J=this.identityAttributes[j];if(J)return`urn:bap:id:${j}:${J.value}:${J.nonce}`;return null}parseStringUrns(j){let J={},$=j.replace(/^\s+/g,"").replace(/\r/gm,"").split(`
-`);for(let q of $){let Q=q.replace(/^\s+/g,"").replace(/\s+$/g,"").split(":");if(Q[0]==="urn"&&Q[1]==="bap"&&Q[2]==="id"&&Q[3]&&Q[4]&&Q[5])J[Q[3]]={value:Q[4],nonce:Q[5]}}return J}parseAttributes(j){if(typeof j==="string")return this.parseStringUrns(j);for(let J in j)if(!j[J].value||!j[J].nonce)throw Error("Invalid identity attribute");return j||{}}updateExistingAttribute(j,J){if(typeof J==="string"){this.identityAttributes[j].value=J;return}if(this.identityAttributes[j].value=J.value||"",J.nonce)this.identityAttributes[j].nonce=J.nonce}createNewAttribute(j,J){if(typeof J==="string"){this.addAttribute(j,J);return}this.addAttribute(j,J.value||"",J.nonce)}getAIPMessageBuffer(j,J){let $=j.findIndex((z)=>z[0]===Y.OP.OP_RETURN),q=[];if($===-1)q.push([Y.OP.OP_RETURN]),$=0;if(J)for(let z of J)q.push(j[$+z]);else for(let z of j)q.push(z);return q}formatAIPOutput(j,J,$){let q=[O("|"),O(E),O("BITCOIN_ECDSA"),O(J),O($,"base64")];return[...j,...q]}}var{toArray:o,toUTF8:Wj,toBase64:wj,toHex:Lj}=f.Utils,{electrumDecrypt:Yj,electrumEncrypt:Gj}=f.ECIES;class x extends T{key;idName;description;address;identityKey;constructor(j,J={}){super();this.key=j,this.address=this.getIdentitySigningKey().toPublicKey().toAddress(),this.idName="Member ID 1",this.description="",this.identityKey="",this.identityAttributes=this.parseAttributes(J)}getIdentitySigningKey(){return this.key.deriveChild(this.key.toPublicKey(),H)}getMemberKey(){return this.key.toPublicKey().toString()}getLegacyAddress(){return this.key.toPublicKey().toAddress()}signMessage(j,J){let $=this.getIdentitySigningKey();return this.signWithBSM(j,$)}signOpReturnWithAIP(j){let J=this.getAIPMessageBuffer(j),{address:$,signature:q}=this.signMessage(J.flat());return this.formatAIPOutput(J,$,q)}getPublicKey(){return this.getIdentitySigningKey().toPublicKey().toString()}import(j){this.idName=j.name,this.description=j.description,this.key=f.PrivateKey.fromWif(j.derivedPrivateKey),this.address=this.getIdentitySigningKey().toPublicKey().toAddress(),this.identityAttributes=j.identityAttributes||{},this.identityKey=j.identityKey}static fromMemberIdentity(j){let J=new x(f.PrivateKey.fromWif(j.derivedPrivateKey));return J.import(j),J}static fromBackup(j){let J=new x(f.PrivateKey.fromWif(j.wif)),$=JSON.parse(J.decrypt(j.id));return J.import($),J}export(){return{name:this.idName,description:this.description,derivedPrivateKey:this.key.toWif(),address:this.address,identityAttributes:this.getAttributes(),identityKey:this.identityKey}}getEncryptionKey(){return{privKey:this.key.deriveChild(this.key.toPublicKey(),F),pubKey:this.key.deriveChild(this.key.toPublicKey(),F).toPublicKey()}}getEncryptionPublicKey(){let{pubKey:j}=this.getEncryptionKey();return j.toString()}getEncryptionPrivateKeyWithSeed(j){let J=Lj(f.Hash.sha256(j,"utf8")),$=`${h}-${P}-${J}`;return this.key.deriveChild(this.key.toPublicKey(),$)}getEncryptionKeyWithSeed(j){let J=this.getEncryptionPrivateKeyWithSeed(j);return{privKey:J,pubKey:J.toPublicKey()}}getEncryptionPublicKeyWithSeed(j){return this.getEncryptionPrivateKeyWithSeed(j).toPublicKey().toString()}encryptWithSeed(j,J,$){let q=this.getEncryptionPrivateKeyWithSeed(J),z=q.toPublicKey(),Q=this.key.toPublicKey().constructor,W=$?Q.fromString($):z;return wj(Gj(o(j),W,q))}decryptWithSeed(j,J,$){let q=this.getEncryptionPrivateKeyWithSeed(J),z;if($)z=f.PublicKey.fromString($);return Wj(Yj(o(j,"base64"),q,z))}exportForBackup(j){let J=this.export(),$=this.encrypt(JSON.stringify(J));return{wif:this.key.toWif(),id:$,...j&&{label:j},createdAt:new Date().toISOString()}}}var{toArray:X,toHex:_,toBase58:Xj,toUTF8:u,toBase64:I}=w.Utils,{electrumDecrypt:d,electrumEncrypt:g}=w.ECIES;class V extends T{#J;#j;#q;#Q=S;#W="";#$;#Z;#z;#w;idName;description;rootAddress;identityKey;identityAttributes;getApiData;constructor(j,J={},$=""){super();if(j instanceof w.HD)if(this.#q=!1,$){let z=_(w.Hash.sha256($,"utf8")),Q=U.getSigningPathFromHex(z);this.#J=j.derive(Q)}else this.#J=j;else if(this.#q=!0,this.#j=j.rootPk,$){let z=_(w.Hash.sha256($,"utf8"));this.#j=this.#j.deriveChild(this.#j.toPublicKey(),z)}if(this.#w=$,this.idName="ID 1",this.description="",this.#$=`${R}/0/0/0`,this.#Z=`${R}/0/0/0`,this.#z=`${R}/0/0/1`,this.#q){if(!this.#j)throw Error("Master private key not initialized");let z=this.#j.deriveChild(this.#j.toPublicKey(),this.#$);this.rootAddress=z.toPublicKey().toAddress()}else{if(!this.#J)throw Error("HD private key not initialized");let z=this.#J.derive(this.#$);this.rootAddress=z.privKey.toPublicKey().toAddress()}this.identityKey=this.deriveIdentityKey(this.rootAddress);let q={...J};this.identityAttributes=this.parseAttributes(q),this.getApiData=N(this.#Q,this.#W)}set BAP_SERVER(j){this.#Q=j}get BAP_SERVER(){return this.#Q}set BAP_TOKEN(j){this.#W=j}get BAP_TOKEN(){return this.#W}deriveIdentityKey(j){let J=_(w.Hash.sha256(j,"utf8"));return Xj(w.Hash.ripemd160(J,"hex"))}parseAttributes(j){if(typeof j==="string")return this.parseStringUrns(j);for(let J in j)if(!j[J].value||!j[J].nonce)throw Error("Invalid identity attribute");return j||{}}parseStringUrns(j){let J={},$=j.replace(/^\s+/g,"").replace(/\r/gm,"").split(`
-`);for(let q of $){let Q=q.replace(/^\s+/g,"").replace(/\s+$/g,"").split(":");if(Q[0]==="urn"&&Q[1]==="bap"&&Q[2]==="id"&&Q[3]&&Q[4]&&Q[5])J[Q[3]]={value:Q[4],nonce:Q[5]}}return J}getIdentityKey(){return this.identityKey}set rootPath(j){if(this.#q){if(this.#$=j,!this.#j)throw Error("Master private key not initialized");let J=this.#j.deriveChild(this.#j.toPublicKey(),j);this.rootAddress=J.toPublicKey().toAddress(),this.#Z=j,this.#z=j}else{let J=j;if(j.split("/").length<5)J=`${R}${j}`;if(!this.validatePath(J))throw Error(`invalid signing path given ${J}`);if(this.#$=J,!this.#J)throw Error("HD private key not initialized");let $=this.#J.derive(J);this.rootAddress=$.pubKey.toAddress(),this.#Z=J,this.#z=J}this.identityKey=this.deriveIdentityKey(this.rootAddress)}get rootPath(){return this.#$}getRootPath(){return this.#$}set currentPath(j){if(this.#q)this.#Z=this.#z,this.#z=j;else{let J=j;if(j.split("/").length<5)J=`${R}${j}`;if(!this.validatePath(J))throw Error("invalid signing path given");this.#Z=this.#z,this.#z=J}}get currentPath(){return this.#z}get previousPath(){return this.#Z}get idSeed(){return this.#w}incrementPath(){this.currentPath=U.getNextPath(this.currentPath)}validatePath(j){if(j.match(/\/[0-9]{1,10}'?\/[0-9]{1,10}'?\/[0-9]{1,10}'?\/[0-9]{1,10}'?\/[0-9]{1,10}'?\/[0-9]{1,10}'?/)){let J=j.split("/");if(J.length===7&&Number(J[1].replace("'",""))<=M&&Number(J[2].replace("'",""))<=M&&Number(J[3].replace("'",""))<=M&&Number(J[4].replace("'",""))<=M&&Number(J[5].replace("'",""))<=M&&Number(J[6].replace("'",""))<=M)return!0}return!1}getInitialIdTransaction(){return this.getIdTransaction(this.#$)}getIdTransaction(j=""){if(this.#z===this.#$)throw Error("Current path equals rootPath. ID was probably not initialized properly");let J=[X(k),X("ID"),X(this.identityKey),X(this.getCurrentAddress())];return this.signOpReturnWithAIP(J,j||this.#Z)}getPathDerivedKey(j){if(this.#q){if(!this.#j)throw Error("Master private key not initialized");return this.#j.deriveChild(this.#j.toPublicKey(),j)}if(!this.#J)throw Error("HD private key not initialized");return this.#J.derive(j).privKey}getIdentitySigningKeyForPath(j){let J=this.getPathDerivedKey(j);return J.deriveChild(J.toPublicKey(),H)}getMemberKey(j){let J=j||this.#z;return this.getPathDerivedKey(J).toPublicKey().toString()}getLegacyAddress(j){let J=j||this.#z;return this.getPathDerivedKey(J).toPublicKey().toAddress()}needsRotation(j){let J=j||this.rootAddress,$=this.getLegacyAddress(this.#$);return J===$}getLegacyRotationTransaction(){let j=this.getAddress(this.#$),J=[X(k),X("ID"),X(this.identityKey),X(j)],$=this.getAIPMessageBuffer(J),q=this.getPathDerivedKey(this.#$),{address:z,signature:Q}=this.signWithBSM($.flat(),q);return this.formatAIPOutput(J,z,Q)}getAddress(j){return this.getIdentitySigningKeyForPath(j).toPublicKey().toAddress()}getCurrentAddress(){return this.getAddress(this.#z)}getEncryptionKey(){if(this.#q){if(!this.#j)throw Error("Master private key not initialized");let $=this.#j.deriveChild(this.#j.toPublicKey(),this.#$),q=$.deriveChild($.toPublicKey(),F);return{privKey:q,pubKey:q.toPublicKey()}}if(!this.#J)throw Error("HD private key not initialized");let J=this.#J.derive(this.#$).derive(F).privKey;return{privKey:J,pubKey:J.toPublicKey()}}getEncryptionKeyType42(){if(this.#q)return this.getEncryptionKey();if(!this.#J)throw Error("HD private key not initialized");let j=this.#J.derive(this.#$),J=j.privKey.deriveChild(j.toPublic().pubKey,F);return{privKey:J,pubKey:J.toPublicKey()}}getEncryptionPublicKey(){let{pubKey:j}=this.getEncryptionKey();return j.toString()}getEncryptionPublicKeyWithSeed(j){return this.getEncryptionPrivateKeyWithSeed(j).toPublicKey().toString()}encrypt(j,J){let{privKey:$,pubKey:q}=this.getEncryptionKey(),z=J?w.PublicKey.fromString(J):q;return I(g(X(j),z,$))}decrypt(j,J){let{privKey:$}=this.getEncryptionKey(),q;if(J)q=w.PublicKey.fromString(J);return u(d(X(j,"base64"),$,q))}encryptWithSeed(j,J,$){let q=this.getEncryptionPrivateKeyWithSeed(J),z=q.toPublicKey(),Q=$?w.PublicKey.fromString($):z;return I(g(X(j),Q,q))}decryptWithSeed(j,J,$){let q=this.getEncryptionPrivateKeyWithSeed(J),z;if($)z=w.PublicKey.fromString($);return u(d(X(j,"base64"),q,z))}getEncryptionPrivateKeyWithSeed(j){let J=_(w.Hash.sha256(j,"utf8"));if(this.#q){if(!this.#j)throw Error("Master private key not initialized");let z=this.#j.deriveChild(this.#j.toPublicKey(),this.#$);return z.deriveChild(z.toPublicKey(),J)}if(!this.#J)throw Error("HD private key not initialized");let $=U.getSigningPathFromHex(J);return this.#J.derive(this.#$).derive($).privKey}getAttestation(j){let J=w.Hash.sha256(j,"utf8");return`bap:attest:${_(J)}:${this.getIdentityKey()}`}getAttestationHash(j){let J=this.getAttributeUrn(j);if(!J)return null;let $=this.getAttestation(J),q=w.Hash.sha256($,"utf8");return _(q)}signMessage(j,J){let $=J||this.#z,q=this.getIdentitySigningKeyForPath($);return this.signWithBSM(j,q)}signMessageWithSeed(j,J){let $=_(w.Hash.sha256(J,"utf8")),q;if(this.#q){if(!this.#j)throw Error("Master private key not initialized");let Q=this.#j.deriveChild(this.#j.toPublicKey(),this.#$);q=Q.deriveChild(Q.toPublicKey(),$)}else{if(!this.#J)throw Error("HD private key not initialized");let Q=U.getSigningPathFromHex($);q=this.#J.derive(this.#$).derive(Q).privKey}let z=q.deriveChild(q.toPublicKey(),H);return this.signWithBSM(X(j,"utf8"),z)}signOpReturnWithAIP(j,J=""){let $=this.getAIPMessageBuffer(j),{address:q,signature:z}=this.signMessage($.flat(),J);return this.formatAIPOutput(j,q,z)}async getIdSigningKeys(){let j=await this.getApiData("/signing-keys",{idKey:this.identityKey});return console.log("getIdSigningKeys",j),j}async getAttributeAttestations(j){let J=this.getAttestationHash(j),$=await this.getApiData("/attestation/get",{hash:J});return console.log("getAttestations",j,J,$),$}import(j){this.idName=j.name,this.description=j.description||"",this.identityKey=j.identityKey,this.#$=j.rootPath,this.rootAddress=j.rootAddress,this.#Z=j.previousPath,this.#z=j.currentPath,this.#w=("idSeed"in j?j.idSeed:"")||"",this.identityAttributes=this.parseAttributes(j.identityAttributes)}export(){return{name:this.idName,description:this.description,identityKey:this.identityKey,rootPath:this.#$,rootAddress:this.rootAddress,previousPath:this.#Z,currentPath:this.#z,idSeed:this.#w,identityAttributes:this.getAttributes(),lastIdPath:""}}exportMemberBackup(){let j=this.getPathDerivedKey(this.#z),J=this.getIdentitySigningKeyForPath(this.#z);return{name:this.idName,description:this.description,derivedPrivateKey:j.toWif(),address:J.toPublicKey().toAddress(),identityAttributes:this.getAttributes(),identityKey:this.identityKey}}newId(){this.incrementPath();let j=this.getPathDerivedKey(this.#z);return new x(j)}exportMember(){let j=this.exportMemberBackup(),J=this.getPathDerivedKey(this.#z),$=I(g(X(JSON.stringify(j)),J.toPublicKey()));return{wif:j.derivedPrivateKey,encryptedData:$}}}var{toArray:Z,toUTF8:B,toBase64:A,toHex:D}=s.Utils,{electrumEncrypt:n,electrumDecrypt:y}=L.ECIES;class i{#J;#j;#q;#Q={};#W=S;#$="";#Z="";#z=0;getApiData;constructor(j,J="",$=""){if(!j)throw Error("No key source given");if(typeof j==="string")this.#J=L.HD.fromString(j),this.#q=!1;else this.#j=L.PrivateKey.fromWif(j.rootPk),this.#q=!0;if(J)this.#$=J;if($)this.#W=$;this.getApiData=N(this.#W,this.#$)}get lastIdPath(){return this.#Z}getPublicKey(j=""){if(this.#q){if(!this.#j)throw Error("Master private key not initialized");if(j)return this.#j.deriveChild(this.#j.toPublicKey(),j).toPublicKey().toString();return this.#j.toPublicKey().toString()}if(!this.#J)throw Error("HD private key not initialized");if(j)return this.#J.derive(j).pubKey.toString();return this.#J.pubKey.toString()}getHdPublicKey(j=""){if(this.#q)throw Error("HD public keys are not available in Type 42 mode");if(!this.#J)throw Error("HD private key not initialized");if(j)return this.#J.derive(j).toPublic().toString();return this.#J.toPublic().toString()}set BAP_SERVER(j){this.#W=j;for(let J in this.#Q)this.#Q[J].BAP_SERVER=j}get BAP_SERVER(){return this.#W}set BAP_TOKEN(j){this.#$=j;for(let J in this.#Q)this.#Q[J].BAP_TOKEN=j}get BAP_TOKEN(){return this.#$}checkIdBelongs(j){let J;if(this.#q){if(!this.#j)throw Error("Master private key not initialized");J=this.#j.deriveChild(this.#j.toPublicKey(),j.rootPath).toPublicKey().toAddress()}else{if(!this.#J)throw Error("HD private key not initialized");J=this.#J.derive(j.rootPath).pubKey.toAddress()}if(J!==j.rootAddress)throw Error("ID does not belong to this private key");return!0}listIds(){return Object.keys(this.#Q)}newId(j,J,$={},q=""){let z,Q,W;if(typeof j==="object"||j===void 0||typeof j==="string"&&j.startsWith("/"))Q=typeof j==="string"?j:void 0,W=typeof j==="object"?j:typeof J==="object"?J:{},z="Default Identity";else z=j,Q=typeof J==="string"?J:void 0,W=typeof J==="object"?J:$;let G;if(Q)G=Q;else if(this.#q)G=`bap:${this.#z}`,this.#z++;else G=this.getNextValidPath();let C;if(this.#q){if(!this.#j)throw Error("Type 42 parameters not initialized");C=new V({rootPk:this.#j},W,q)}else{if(!this.#J)throw Error("HD private key not initialized");C=new V(this.#J,W,q)}if(C.BAP_SERVER=this.#W,C.BAP_TOKEN=this.#$,C.idName=z,C.rootPath=G,this.#q)C.currentPath=G;else C.currentPath=U.getNextPath(G);let l=C.getIdentityKey();return this.#Q[l]=C,this.#Z=G,this.#Q[l]}removeId(j){delete this.#Q[j]}getNextValidPath(){if(this.#Z)return U.getNextIdentityPath(this.#Z);return`/0'/${Object.keys(this.#Q).length}'/0'`}newIdWithCounter(j,J=`Identity ${j}`){if(!this.#q)throw Error("newIdWithCounter only works in Type 42 mode");let $=`bap:${j}`;return this.newId(J,$)}getId(j){return this.#Q[j]||null}setId(j){this.checkIdBelongs(j),this.#Q[j.getIdentityKey()]=j}importIds(j,J=!0){if(J&&typeof j==="string"){this.importEncryptedIds(j);return}let $=j;if(!$.lastIdPath)throw Error("ID cannot be imported as it is not complete");if(!$.ids)throw Error(`ID data is not in the correct format: ${j}`);let q=j.lastIdPath;for(let z of $.ids){if(!z.identityKey||!z.identityAttributes||!z.rootAddress)throw Error("ID cannot be imported as it is not complete");let Q;if(this.#q){if(!this.#j)throw Error("Type 42 parameters not initialized");Q=new V({rootPk:this.#j},{},z.idSeed)}else{if(!this.#J)throw Error("HD private key not initialized");Q=new V(this.#J,{},z.idSeed)}if(Q.BAP_SERVER=this.#W,Q.BAP_TOKEN=this.#$,Q.import(z),q==="")q=Q.currentPath;if(this.checkIdBelongs(Q),this.#Q[Q.getIdentityKey()]=Q,this.#q&&Q.rootPath.startsWith("bap:")){let W=Q.rootPath.split(":");if(W.length>=2){let G=Number.parseInt(W[1],10);if(!Number.isNaN(G))this.#z=Math.max(this.#z,G+1)}}}this.#Z=q}importEncryptedIds(j){let J=this.decrypt(j),$=JSON.parse(J);if(Array.isArray($)){console.log(`Importing old format:
-`,$),this.importOldIds($);return}if(typeof $!=="object")throw Error("decrypted, but found unrecognized identities format");this.importIds($,!1)}importOldIds(j){for(let J of j){let $;if(this.#q){if(!this.#j)throw Error("Type 42 parameters not initialized");$=new V({rootPk:this.#j},{},J.idSeed??"")}else{if(!this.#J)throw Error("HD private key not initialized");$=new V(this.#J,{},J.idSeed??"")}$.BAP_SERVER=this.#W,$.BAP_TOKEN=this.#$,$.import(J),this.checkIdBelongs($),this.#Q[$.getIdentityKey()]=$,this.#Z=$.currentPath}}exportIds(j,J=!0){let $={lastIdPath:this.#Z,ids:[]},q=j||Object.keys(this.#Q);for(let z of q){if(!this.#Q[z])throw Error(`Identity ${z} not found`);$.ids.push(this.#Q[z].export())}if(J)return this.encrypt(JSON.stringify($));return $}exportId(j,J=!0){let $={lastIdPath:this.#Z,ids:[]};if($.ids.push(this.#Q[j].export()),J)return this.encrypt(JSON.stringify($));return $}encrypt(j){if(this.#q){if(!this.#j)throw Error("Master private key not initialized");let $=this.#j.deriveChild(this.#j.toPublicKey(),F);return A(n(Z(j),$.toPublicKey(),null))}if(!this.#J)throw Error("HD private key not initialized");let J=this.#J.derive(F);return A(n(Z(j),J.pubKey,null))}decrypt(j){if(this.#q){if(!this.#j)throw Error("Master private key not initialized");let $=this.#j.deriveChild(this.#j.toPublicKey(),F);return B(y(Z(j,"base64"),$))}if(!this.#J)throw Error("HD private key not initialized");let J=this.#J.derive(F);return B(y(Z(j,"base64"),J.privKey))}signAttestationWithAIP(j,J,$=0,q=""){let z=this.getId(J);if(!z)throw Error("Could not find identity to attest with");let Q=this.getAttestationBuffer(j,$,q),{address:W,signature:G}=z.signMessage(Q);return this.createAttestationTransaction(j,$,W,G,q)}verifyAttestationWithAIP(j){if(!j.every((q)=>Array.isArray(q))||j[0][0]!==L.OP.OP_RETURN||D(j[1])!==p)throw Error("Not a valid BAP transaction");let J=D(j[7])==="44415441"?5:0,$={type:B(j[2]),hash:D(j[3]),sequence:B(j[4]),signingProtocol:B(j[7+J]),signingAddress:B(j[8+J]),signature:A(j[9+J])};if(J&&j[3]===j[8])$.data=D(j[9]);console.log({attestation:$});try{let q=[];for(let z=0;z<6+J;z++)q.push(j[z]);$.verified=this.verifySignature(q.flat(),$.signingAddress,$.signature)}catch{$.verified=!1}return $}createAttestationTransaction(j,J,$,q,z=""){let Q=[[L.OP.OP_RETURN],Z(k),Z("ATTEST"),Z(j),Z(`${J}`),Z("|")];if(z)Q.push(Z(k),Z("DATA"),Z(j),Z(z),Z("|"));return Q.push(Z(E),Z("BITCOIN_ECDSA"),Z($),Z(q,"base64")),console.log({elements:Q}),Q}getAttestationBuffer(j,J=0,$=""){let q=[[L.OP.OP_RETURN],Z(k),Z("ATTEST"),Z(j),Z(`${J}`),Z("|")];if($)q.push(Z(k),Z("DATA"),Z(j),Z($),Z("|"));return q.flat()}verifySignature(j,J,$){let q;if(Array.isArray(j))q=j;else if(Buffer.isBuffer(j))q=[...j];else q=Z(j,"utf8");let z=L.Signature.fromCompact($,"base64"),Q;for(let W=0;W<4;W++)try{if(Q=z.RecoverPublicKey(W,new L.BigNumber(L.BSM.magicHash(q))),L.BSM.verify(q,z,Q)&&Q.toAddress()===J)return!0}catch{}return!1}async verifyChallengeSignature(j,J,$,q){if(!this.verifySignature($,J,q))return!1;try{let Q=await this.getApiData("/attestation/valid",{idKey:j,address:J,challenge:$,signature:q});if(Q?.status==="success"&&Q?.result?.valid===!0)return!0;return!1}catch(Q){return console.error("API call failed:",Q),!1}}async isValidAttestationTransaction(j){if(this.verifyAttestationWithAIP(j))return this.getApiData("/attestation/valid",{tx:j});return!1}async getIdentityFromAddress(j){return this.getApiData("/identity/from-address",{address:j})}async getIdentity(j){return this.getApiData("/identity/get",{idKey:j})}async getAttestationsForHash(j){return this.getApiData("/attestations",{hash:j})}exportForBackup(j,J,$){let z={ids:this.exportIds(),...j&&{label:j},createdAt:new Date().toISOString()};if(this.#q){if(!this.#j)throw Error("Type 42 parameters not initialized");return{...z,rootPk:this.#j.toWif()}}if(!this.#J)throw Error("HD private key not initialized");return{...z,xprv:J||this.#J.toString(),mnemonic:$||""}}exportMemberForBackup(j,J){let $=this.#Q[j];if(!$)throw Error(`Identity ${j} not found`);let q=$.exportMember();return{wif:q.wif,id:q.encryptedData,...J&&{label:J},createdAt:new Date().toISOString()}}}})
-
-//# debugId=E05864240FBDCD8664756E2164756E21

package/src/README.md

@@ -1,583 +0,0 @@
-# BAP Library Documentation
-
-> Complete API reference for the bsv-bap JavaScript/TypeScript library
-
-## Installation
-
-```bash
-npm install bsv-bap
-```
-
-```bash
-yarn add bsv-bap
-```
-
-```bash
-bun add bsv-bap
-```
-
-## Core Classes
-
-### BAP
-
-The main class for managing Bitcoin Attestation Protocol identities.
-
-#### Constructor
-
-```typescript
-// BIP32 mode (legacy)
-const bap = new BAP(xprvKey: string);
-
-// Type 42 mode (recommended)
-const bap = new BAP({
-  rootPk: string  // WIF format private key
-});
-```
-
-#### Methods
-
-##### Identity Management
-
-```typescript
-// Create a new identity (new signature - Type 42 optimized)
-newId(idName?: string, customPath?: string, identityAttributes?: IdentityAttributes, idSeed?: string): MasterID
-
-// Create identity with specific counter (useful for discovery)
-newIdWithCounter(counter: number, idName?: string): MasterID
-
-// Get an identity by key
-getId(idKey: string): MasterID | null
-
-// List all identity keys
-listIds(): string[]
-
-// Remove an identity
-removeId(idKey: string): void
-
-// Check if identity belongs to this BAP instance
-checkIdBelongs(id: MasterID): boolean
-```
-
-##### Import/Export
-
-```typescript
-// Export identities (encrypted by default)
-exportIds(idKeys?: string[], encrypted?: boolean): string | Identities
-
-// Export specific identity
-exportId(idKey: string, encrypted?: boolean): string | Identities
-
-// Import identities
-importIds(identities: string | Identities, encrypted?: boolean): void
-
-// Bitcoin-backup compatible export
-exportForBackup(label?: string, xprv?: string, mnemonic?: string): BapMasterBackup
-
-// Export member backup
-exportMemberForBackup(idKey: string, label?: string): BapMemberBackup
-```
-
-##### Cryptographic Operations
-
-```typescript
-// Create attestation transaction
-signAttestationWithAIP(
-  attestationHash: string,
-  identityKey: string,
-  counter?: number,
-  dataString?: string
-): number[][]
-
-// Verify attestation
-verifyAttestationWithAIP(txData: number[][]): AttestationResult
-
-// Verify signature
-verifySignature(
-  message: string | number[],
-  address: string,
-  signature: string
-): boolean
-
-// Verify challenge signature (with API validation)
-async verifyChallengeSignature(
-  idKey: string,
-  address: string,
-  challenge: string,
-  signature: string
-): Promise<boolean>
-```
-
-##### Encryption
-
-```typescript
-// Encrypt data using BAP master key
-encrypt(data: string): string
-
-// Decrypt data using BAP master key
-decrypt(encryptedData: string): string
-```
-
-##### Configuration
-
-```typescript
-// Set/get API server
-BAP_SERVER: string  // Default: https://api.sigmaidentity.com/v1
-
-// Set/get API token
-BAP_TOKEN: string
-```
-
-### MasterID
-
-Represents an individual identity with HD key derivation support.
-
-#### Properties
-
-```typescript
-idName: string              // Identity name
-description: string         // Identity description
-identityKey: string         // Unique identity key
-rootAddress: string         // Root Bitcoin address
-identityAttributes: IdentityAttributes
-```
-
-#### Methods
-
-##### Attribute Management
-
-```typescript
-// Set attribute
-setAttribute(name: string, value: string | IdentityAttribute): void
-
-// Get attribute
-getAttribute(name: string): IdentityAttribute | null
-
-// Get all attributes
-getAttributes(): IdentityAttributes
-
-// Remove attribute
-unsetAttribute(name: string): void
-
-// Get attribute URN
-getAttributeUrn(name: string): string | null
-```
-
-##### Key Management
-
-```typescript
-// Get current signing address
-getCurrentAddress(): string
-
-// Get address for specific path
-getAddress(path: string): string
-
-// Increment to next path
-incrementPath(): void
-
-// Get encryption public key
-getEncryptionPublicKey(): string
-```
-
-##### Signing
-
-```typescript
-// Sign message
-signMessage(
-  message: number[],
-  signingPath?: string
-): { address: string; signature: string }
-
-// Sign message with seed
-signMessageWithSeed(
-  message: string,
-  seed: string
-): { address: string; signature: string }
-
-// Sign OP_RETURN with AIP
-signOpReturnWithAIP(
-  opReturn: number[][],
-  signingPath?: string
-): number[][]
-```
-
-##### Encryption
-
-```typescript
-// Encrypt data
-encrypt(data: string, counterPartyPublicKey?: string): string
-
-// Decrypt data
-decrypt(ciphertext: string, counterPartyPublicKey?: string): string
-
-// Encrypt with seed
-encryptWithSeed(
-  data: string,
-  seed: string,
-  counterPartyPublicKey?: string
-): string
-
-// Decrypt with seed
-decryptWithSeed(
-  ciphertext: string,
-  seed: string,
-  counterPartyPublicKey?: string
-): string
-```
-
-##### Attestations
-
-```typescript
-// Get attestation hash for attribute
-getAttestationHash(attribute: string): string | null
-
-// Get attestation URN
-getAttestation(urn: string): string
-
-// Get all attestations for attribute (API call)
-async getAttributeAttestations(attribute: string): Promise<GetAttestationResponse>
-```
-
-##### Transactions
-
-```typescript
-// Get initial ID transaction
-getInitialIdTransaction(): number[][]
-
-// Get ID transaction for rotation
-getIdTransaction(previousPath?: string): number[][]
-```
-
-### MemberID
-
-Represents a standalone member identity (non-HD).
-
-#### Constructor
-
-```typescript
-const member = new MemberID(privateKey: PrivateKey, attributes?: IdentityAttributes);
-```
-
-#### Methods
-
-##### Core Operations
-
-```typescript
-// Get public key
-getPublicKey(): string
-
-// Sign message
-signMessage(message: number[]): { address: string; signature: string }
-
-// Sign OP_RETURN with AIP
-signOpReturnWithAIP(opReturn: number[][]): number[][]
-```
-
-##### Import/Export
-
-```typescript
-// Export member data
-export(): MemberIdentity
-
-// Import member data
-import(memberData: MemberIdentity): void
-
-// Export for backup
-exportForBackup(label?: string): BapMemberBackup
-
-// Create from backup
-static fromBackup(backup: BapMemberBackup): MemberID
-
-// Create from member identity
-static fromMemberIdentity(identity: MemberIdentity): MemberID
-```
-
-## Type System
-
-### Core Types
-
-```typescript
-interface IdentityAttribute {
-  value: string;
-  nonce: string;
-}
-
-interface IdentityAttributes {
-  [key: string]: IdentityAttribute;
-}
-
-interface Identity {
-  name: string;
-  description: string;
-  identityKey: string;
-  rootPath: string;
-  rootAddress: string;
-  previousPath: string;
-  currentPath: string;
-  idSeed: string;
-  identityAttributes: IdentityAttributes;
-  lastIdPath: string;
-}
-
-interface MemberIdentity {
-  name: string;
-  description: string;
-  derivedPrivateKey: string;
-  address: string;
-  identityAttributes: IdentityAttributes;
-  identityKey: string;
-}
-```
-
-### Backup Types
-
-```typescript
-// Type 42 format
-interface BapMasterBackup {
-  ids: string;       // Encrypted identity data
-  rootPk: string;    // WIF format private key
-  label?: string;    // Optional label
-  createdAt: string; // ISO timestamp
-}
-
-// Legacy BIP32 format
-interface BapMasterBackup {
-  ids: string;       // Encrypted identity data
-  xprv: string;      // Extended private key
-  mnemonic: string;  // BIP39 mnemonic
-  label?: string;    // Optional label
-  createdAt: string; // ISO timestamp
-}
-
-interface BapMemberBackup {
-  wif: string;       // WIF private key
-  id: string;        // Encrypted member data
-  label?: string;    // Optional label
-  createdAt: string; // ISO timestamp
-}
-```
-
-### API Types
-
-```typescript
-interface AttestationResult {
-  type: string;
-  hash: string;
-  sequence: string;
-  signingProtocol: string;
-  signingAddress: string;
-  signature: string;
-  data?: string;
-  verified?: boolean;
-}
-```
-
-## Key Derivation
-
-### BIP32 Mode (Legacy)
-
-Uses hierarchical deterministic key derivation:
-
-```
-m/424150'/0'/0'/[identity]/[key]/[index]
-```
-
-### Type 42 Mode (Recommended)
-
-Uses simple counter-based derivation with meaningful names:
-
-```typescript
-// Invoice numbers: "bap:0", "bap:1", "bap:2", etc.
-const work = bap.newId("Work Identity");     // Uses bap:0
-const personal = bap.newId("Personal");      // Uses bap:1
-
-// Derivation uses counter as invoice number
-derivedKey = masterKey.deriveChild(
-  masterKey.toPublicKey(),
-  "bap:0"  // Simple counter format
-);
-
-// Names are stored separately for UX
-identity.idName = "Work Identity";  // Human-readable name
-identity.rootPath = "bap:0";        // Cryptographic derivation path
-```
-
-**Discovery**: Sequential counters enable systematic identity recovery:
-
-```typescript
-// Find all identities by checking counters
-for (let i = 0; i < 100; i++) {
-  const identity = bap.newIdWithCounter(i);
-  if (await blockchainHasActivity(identity.getIdentityKey())) {
-    console.log(`Found identity: ${identity.idName}`);
-  }
-}
-```
-
-### Encryption Keys
-
-Each identity has a unique encryption key:
-
-```
-BIP32: rootPath → m/424150'/2147483647'/2147483647'
-Type 42: rootKey → deriveChild(rootPk.pubKey, path)
-```
-
-## Usage Examples
-
-### Complete Identity Creation Flow
-
-```typescript
-import { BAP } from 'bsv-bap';
-import { PrivateKey } from '@bsv/sdk';
-
-// Create BAP instance (Type 42)
-const rootKey = PrivateKey.fromRandom();
-const bap = new BAP({
-  rootPk: rootKey.toWif()
-});
-
-// Create identity
-const identity = bap.newId();
-identity.idName = "Professional Identity";
-identity.description = "My verified professional identity";
-
-// Set attributes
-identity.setAttribute('name', 'John Smith');
-identity.setAttribute('title', 'Software Engineer');
-identity.setAttribute('company', 'Bitcoin Corp');
-
-// Get attestation for verification
-const nameHash = identity.getAttestationHash('name');
-console.log('Name attestation hash:', nameHash);
-
-// Create ID transaction
-const idTx = identity.getInitialIdTransaction();
-// Broadcast idTx to Bitcoin network...
-
-// Export for backup
-const backup = bap.exportForBackup('Main Identity');
-// Save backup securely...
-```
-
-### Attestation Workflow
-
-```typescript
-// Company attests to employee identity
-const companyBap = new BAP(companyXprv);
-const companyId = companyBap.getId(companyIdKey);
-
-// Create attestation
-const attestation = companyBap.signAttestationWithAIP(
-  employeeNameHash,
-  companyIdKey,
-  0,  // sequence
-  JSON.stringify({ 
-    verified: true,
-    role: 'Senior Engineer',
-    date: new Date().toISOString()
-  })
-);
-
-// Verify attestation
-const result = await companyBap.verifyAttestationWithAIP(attestation);
-console.log('Attestation valid:', result.verified);
-```
-
-### Encrypted Communication
-
-```typescript
-// Alice encrypts message for Bob
-const alice = bap.getId(aliceIdKey);
-const bobPublicKey = await getBobsPublicKey();
-
-const encrypted = alice.encrypt(
-  'Secret message for Bob',
-  bobPublicKey
-);
-
-// Bob decrypts message
-const bob = bobBap.getId(bobIdKey);
-const alicePublicKey = await getAlicesPublicKey();
-
-const decrypted = bob.decrypt(
-  encrypted,
-  alicePublicKey
-);
-```
-
-### Member Identity
-
-```typescript
-// Create standalone member identity
-const memberKey = PrivateKey.fromRandom();
-const member = new MemberID(memberKey);
-
-member.idName = "Forum Member";
-member.setAttribute('username', 'satoshi2024');
-
-// Sign a message
-const { address, signature } = member.signMessage(
-  Buffer.from('I approve this message')
-);
-
-// Export for sharing
-const memberBackup = member.exportForBackup('Forum Identity');
-```
-
-## Migration Guide
-
-### From BIP32 to Type 42
-
-```typescript
-// Export from BIP32
-const oldBap = new BAP(xprv);
-const backup = oldBap.exportForBackup();
-
-// Extract root key
-const hdKey = HD.fromString(xprv);
-const rootWif = hdKey.privKey.toWif();
-
-// Create Type 42 instance
-const newBap = new BAP({
-  rootPk: rootWif
-});
-
-// Create new identity and link to old
-const newId = newBap.newId();
-// Create ID transaction pointing from last old address to new...
-```
-
-See [Type 42 Migration Guide](../docs/TYPE42_MIGRATION.md) for complete details.
-
-## Best Practices
-
-1. **Key Security**: Never expose private keys. Use encryption for all exports.
-2. **Attribute Nonces**: Always use random nonces for attributes to prevent dictionary attacks.
-3. **Path Management**: Let the library manage paths unless you have specific requirements.
-4. **Backup Regularly**: Export and securely store identity backups.
-5. **Verify Attestations**: Always verify attestations before trusting identity claims.
-
-## Error Handling
-
-```typescript
-try {
-  const identity = bap.getId(idKey);
-  if (!identity) {
-    throw new Error('Identity not found');
-  }
-  
-  const encrypted = identity.encrypt(data);
-} catch (error) {
-  if (error.message.includes('not initialized')) {
-    // Handle key initialization errors
-  } else if (error.message.includes('not found')) {
-    // Handle missing identity
-  }
-}
-```
-
-## API Reference
-
-For protocol-level documentation, see [PROTOCOL.md](../PROTOCOL.md).
-
-For blockchain API endpoints, see the [BAP API Documentation](https://api.sigmaidentity.com/docs).