canary-kit 0.9.0

package/dist/derive.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"derive.js","sourceRoot":"","sources":["../src/derive.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAA;AAG3D,2DAA2D;AAC3D,MAAM,CAAC,MAAM,aAAa,GAAG,cAAc,CAAA;AAE3C,4EAA4E;AAC5E,MAAM,uBAAuB,GAAG,CAAC,CAAA;AAEjC,SAAS,YAAY,CAAC,SAAoB;IACxC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;AAC9C,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe,EAAE,OAAe;IACrE,OAAO,WAAW,CAAC,OAAO,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;AACrD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,wBAAwB,CACtC,OAAe,EACf,OAAe,EACf,SAAoB;IAEpB,IAAI,SAAS,KAAK,CAAC;QAAE,OAAO,CAAC,sBAAsB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAA;IACtE,OAAO,WAAW,CAAC,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;AACzF,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,gBAAgB,CAC9B,OAAe,EACf,eAAuB,EACvB,OAAe,EACf,eAAuB,uBAAuB,EAC9C,UAAqB;IAErB,OAAO,iBAAiB,CAAC,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,CAAC,CAAA;AACjH,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAe,EACf,eAAuB,EACvB,OAAe,EACf,SAAoB,EACpB,eAAuB,uBAAuB,EAC9C,UAAqB;IAErB,IAAI,SAAS,KAAK,CAAC;QAAE,OAAO,CAAC,gBAAgB,CAAC,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC,CAAA;IAC3G,OAAO,iBAAiB,CAAC,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,OAAO,EAAE,YAAY,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;AAC1I,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAwC;IACxE,OAAO,sBAAsB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;AAC1D,CAAC"}

package/dist/encoding.d.ts

@@ -0,0 +1,56 @@
+/** Encoding options for token output. */
+export type TokenEncoding = {
+    format: 'words';
+    count?: number;
+    wordlist?: readonly string[];
+} | {
+    format: 'pin';
+    digits?: number;
+} | {
+    format: 'hex';
+    length?: number;
+};
+/** Default encoding: single word from en-v1 wordlist. */
+export declare const DEFAULT_ENCODING: TokenEncoding;
+/**
+ * Encode raw bytes as words using 11-bit indices into a wordlist.
+ * Each word uses a consecutive 2-byte slice: readUint16BE(bytes, i*2) % wordlistSize.
+ *
+ * @param bytes - Raw bytes to encode (must have at least `count * 2` bytes).
+ * @param count - Number of words to produce (integer 1–16, default: 1).
+ * @param wordlist - Custom wordlist (must be exactly 2048 entries, default: en-v1).
+ * @returns Array of lowercase word strings.
+ * @throws {RangeError} If count is not an integer 1–16, wordlist is wrong size, or insufficient bytes.
+ */
+export declare function encodeAsWords(bytes: Uint8Array, count?: number, wordlist?: readonly string[]): string[];
+/**
+ * Encode raw bytes as a numeric PIN with leading zeros.
+ * Uses the first ceil(digits * 0.415) bytes, interpreted as a big-endian
+ * integer, reduced modulo 10^digits.
+ *
+ * @param bytes - Raw bytes to encode (must be non-empty).
+ * @param digits - Number of PIN digits to produce (integer 1-10, default: 4).
+ * @returns Zero-padded numeric string of the specified length.
+ * @throws {RangeError} If digits is not an integer 1-10 or bytes is empty.
+ */
+export declare function encodeAsPin(bytes: Uint8Array, digits?: number): string;
+/**
+ * Encode raw bytes as a lowercase hex string.
+ *
+ * @param bytes - Raw bytes to encode.
+ * @param length - Number of hex characters to produce (integer 1-64, default: 8).
+ * @returns Lowercase hex string of the specified length.
+ * @throws {RangeError} If length is not an integer 1-64 or insufficient bytes are provided.
+ */
+export declare function encodeAsHex(bytes: Uint8Array, length?: number): string;
+/**
+ * Encode raw bytes using the specified encoding format.
+ * Returns a single string (words are space-joined).
+ *
+ * @param bytes - Raw bytes to encode.
+ * @param encoding - Encoding format: words, pin, or hex (default: single word).
+ * @returns Encoded token string (space-joined words, zero-padded PIN, or hex).
+ * @throws {RangeError} If encoding parameters are out of range or bytes are insufficient.
+ */
+export declare function encodeToken(bytes: Uint8Array, encoding?: TokenEncoding): string;
+//# sourceMappingURL=encoding.d.ts.map

package/dist/encoding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.d.ts","sourceRoot":"","sources":["../src/encoding.ts"],"names":[],"mappings":"AAGA,yCAAyC;AACzC,MAAM,MAAM,aAAa,GACrB;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;CAAE,GACjE;IAAE,MAAM,EAAE,KAAK,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GAClC;IAAE,MAAM,EAAE,KAAK,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAA;AAEtC,yDAAyD;AACzD,eAAO,MAAM,gBAAgB,EAAE,aAA6C,CAAA;AAE5E;;;;;;;;;GASG;AACH,wBAAgB,aAAa,CAC3B,KAAK,EAAE,UAAU,EACjB,KAAK,GAAE,MAAU,EACjB,QAAQ,GAAE,SAAS,MAAM,EAAa,GACrC,MAAM,EAAE,CAUV;AAED;;;;;;;;;GASG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,GAAE,MAAU,GAAG,MAAM,CAkBzE;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,GAAE,MAAU,GAAG,MAAM,CASzE;AAED;;;;;;;;GAQG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,EAAE,QAAQ,GAAE,aAAgC,GAAG,MAAM,CASjG"}

package/dist/encoding.js

@@ -0,0 +1,98 @@
+import { readUint16BE } from './crypto.js';
+import { WORDLIST } from './wordlist.js';
+/** Default encoding: single word from en-v1 wordlist. */
+export const DEFAULT_ENCODING = { format: 'words', count: 1 };
+/**
+ * Encode raw bytes as words using 11-bit indices into a wordlist.
+ * Each word uses a consecutive 2-byte slice: readUint16BE(bytes, i*2) % wordlistSize.
+ *
+ * @param bytes - Raw bytes to encode (must have at least `count * 2` bytes).
+ * @param count - Number of words to produce (integer 1–16, default: 1).
+ * @param wordlist - Custom wordlist (must be exactly 2048 entries, default: en-v1).
+ * @returns Array of lowercase word strings.
+ * @throws {RangeError} If count is not an integer 1–16, wordlist is wrong size, or insufficient bytes.
+ */
+export function encodeAsWords(bytes, count = 1, wordlist = WORDLIST) {
+    if (wordlist.length !== 2048)
+        throw new RangeError('Wordlist must contain exactly 2048 entries');
+    if (!Number.isInteger(count) || count < 1 || count > 16)
+        throw new RangeError('Word count must be an integer 1–16');
+    if (bytes.length < count * 2)
+        throw new RangeError('Not enough bytes for requested word count');
+    const words = [];
+    for (let i = 0; i < count; i++) {
+        const index = readUint16BE(bytes, i * 2) % wordlist.length;
+        words.push(wordlist[index]);
+    }
+    return words;
+}
+/**
+ * Encode raw bytes as a numeric PIN with leading zeros.
+ * Uses the first ceil(digits * 0.415) bytes, interpreted as a big-endian
+ * integer, reduced modulo 10^digits.
+ *
+ * @param bytes - Raw bytes to encode (must be non-empty).
+ * @param digits - Number of PIN digits to produce (integer 1-10, default: 4).
+ * @returns Zero-padded numeric string of the specified length.
+ * @throws {RangeError} If digits is not an integer 1-10 or bytes is empty.
+ */
+export function encodeAsPin(bytes, digits = 4) {
+    if (!Number.isInteger(digits) || digits < 1 || digits > 10)
+        throw new RangeError('PIN digits must be an integer 1–10');
+    if (bytes.length === 0)
+        throw new RangeError('Cannot encode empty byte array as PIN');
+    const needed = Math.min(Math.ceil(digits * 0.415), bytes.length);
+    const mod = Math.pow(10, digits);
+    // Use BigInt accumulation for 9–10 digits to avoid 32-bit overflow in >>> 0
+    if (digits >= 9) {
+        let bigVal = 0n;
+        for (let i = 0; i < needed; i++)
+            bigVal = bigVal * 256n + BigInt(bytes[i]);
+        return (Number(bigVal % BigInt(mod))).toString().padStart(digits, '0');
+    }
+    let value = 0;
+    for (let i = 0; i < needed; i++) {
+        value = (value * 256 + bytes[i]) >>> 0;
+    }
+    return (value % mod).toString().padStart(digits, '0');
+}
+/**
+ * Encode raw bytes as a lowercase hex string.
+ *
+ * @param bytes - Raw bytes to encode.
+ * @param length - Number of hex characters to produce (integer 1-64, default: 8).
+ * @returns Lowercase hex string of the specified length.
+ * @throws {RangeError} If length is not an integer 1-64 or insufficient bytes are provided.
+ */
+export function encodeAsHex(bytes, length = 8) {
+    if (!Number.isInteger(length) || length < 1 || length > 64)
+        throw new RangeError('Hex length must be an integer 1–64');
+    const needed = Math.ceil(length / 2);
+    if (bytes.length < needed)
+        throw new RangeError(`Not enough bytes: need ${needed}, got ${bytes.length}`);
+    let hex = '';
+    for (let i = 0; i < needed && i < bytes.length; i++) {
+        hex += bytes[i].toString(16).padStart(2, '0');
+    }
+    return hex.slice(0, length);
+}
+/**
+ * Encode raw bytes using the specified encoding format.
+ * Returns a single string (words are space-joined).
+ *
+ * @param bytes - Raw bytes to encode.
+ * @param encoding - Encoding format: words, pin, or hex (default: single word).
+ * @returns Encoded token string (space-joined words, zero-padded PIN, or hex).
+ * @throws {RangeError} If encoding parameters are out of range or bytes are insufficient.
+ */
+export function encodeToken(bytes, encoding = DEFAULT_ENCODING) {
+    switch (encoding.format) {
+        case 'words':
+            return encodeAsWords(bytes, encoding.count ?? 1, encoding.wordlist).join(' ');
+        case 'pin':
+            return encodeAsPin(bytes, encoding.digits ?? 4);
+        case 'hex':
+            return encodeAsHex(bytes, encoding.length ?? 8);
+    }
+}
+//# sourceMappingURL=encoding.js.map

package/dist/encoding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.js","sourceRoot":"","sources":["../src/encoding.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAQxC,yDAAyD;AACzD,MAAM,CAAC,MAAM,gBAAgB,GAAkB,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,CAAA;AAE5E;;;;;;;;;GASG;AACH,MAAM,UAAU,aAAa,CAC3B,KAAiB,EACjB,QAAgB,CAAC,EACjB,WAA8B,QAAQ;IAEtC,IAAI,QAAQ,CAAC,MAAM,KAAK,IAAI;QAAE,MAAM,IAAI,UAAU,CAAC,4CAA4C,CAAC,CAAA;IAChG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,EAAE;QAAE,MAAM,IAAI,UAAU,CAAC,oCAAoC,CAAC,CAAA;IACnH,IAAI,KAAK,CAAC,MAAM,GAAG,KAAK,GAAG,CAAC;QAAE,MAAM,IAAI,UAAU,CAAC,2CAA2C,CAAC,CAAA;IAC/F,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAA;QAC1D,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAA;IAC7B,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,WAAW,CAAC,KAAiB,EAAE,SAAiB,CAAC;IAC/D,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,IAAI,MAAM,GAAG,EAAE;QAAE,MAAM,IAAI,UAAU,CAAC,oCAAoC,CAAC,CAAA;IACtH,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,UAAU,CAAC,uCAAuC,CAAC,CAAA;IACrF,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IAChE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,CAAA;IAEhC,4EAA4E;IAC5E,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE;YAAE,MAAM,GAAG,MAAM,GAAG,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;QAC1E,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IACxE,CAAC;IAED,IAAI,KAAK,GAAG,CAAC,CAAA;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChC,KAAK,GAAG,CAAC,KAAK,GAAG,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;IACxC,CAAC;IACD,OAAO,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AACvD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,WAAW,CAAC,KAAiB,EAAE,SAAiB,CAAC;IAC/D,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,IAAI,MAAM,GAAG,EAAE;QAAE,MAAM,IAAI,UAAU,CAAC,oCAAoC,CAAC,CAAA;IACtH,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IACpC,IAAI,KAAK,CAAC,MAAM,GAAG,MAAM;QAAE,MAAM,IAAI,UAAU,CAAC,0BAA0B,MAAM,SAAS,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;IACxG,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpD,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAC/C,CAAC;IACD,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;AAC7B,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,WAAW,CAAC,KAAiB,EAAE,WAA0B,gBAAgB;IACvF,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;QACxB,KAAK,OAAO;YACV,OAAO,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,CAAC,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC/E,KAAK,KAAK;YACR,OAAO,WAAW,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAC,CAAA;QACjD,KAAK,KAAK;YACR,OAAO,WAAW,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAC,CAAA;IACnD,CAAC;AACH,CAAC"}

package/dist/group.d.ts

@@ -0,0 +1,185 @@
+import { type PresetName } from './presets.js';
+/** Configuration provided when creating a new group. */
+export interface GroupConfig {
+    name: string;
+    members: string[];
+    /** Named threat-profile preset. Explicit fields override preset values. */
+    preset?: PresetName;
+    rotationInterval?: number;
+    wordCount?: 1 | 2 | 3;
+    wordlist?: string;
+    /** Counter tolerance for verification: accept tokens within ±tolerance counter values (default: 1). */
+    tolerance?: number;
+    /**
+     * Beacon broadcast interval in seconds (default: 300 = 5 minutes).
+     *
+     * **Privacy note:** Fixed-interval beacons are correlatable by timing.
+     * A relay observer who knows the group's `h` tag can cluster sequential
+     * events by publishing cadence to identify individual members or detect
+     * when a member goes offline. Applications SHOULD add random jitter to
+     * the publish schedule — e.g. ±20–30% of the interval — to reduce
+     * timing correlation. The library does not add jitter because it
+     * encrypts payloads but does not control publish scheduling.
+     */
+    beaconInterval?: number;
+    /** Geohash precision for normal beacons, 1–11 (default: 6 ≈ 1.2km). */
+    beaconPrecision?: number;
+    /** Pubkey of the group creator. Only the creator is admin at bootstrap. Must be in `members`. */
+    creator?: string;
+}
+/** Persistent state for a canary group. All fields are serialisable. */
+export interface GroupState {
+    name: string;
+    seed: string;
+    members: string[];
+    rotationInterval: number;
+    wordCount: 1 | 2 | 3;
+    wordlist: string;
+    /** Time-based counter at group creation. Advances with rotation interval. */
+    counter: number;
+    /** Burn-after-use offset applied on top of the time-based counter. */
+    usageOffset: number;
+    createdAt: number;
+    /** Counter tolerance for verification: accept tokens within ±tolerance counter values. */
+    tolerance: number;
+    /** Beacon broadcast interval in seconds. */
+    beaconInterval: number;
+    /** Geohash precision for normal beacons (1–11). */
+    beaconPrecision: number;
+    /** Pubkeys with admin privileges (reseed, add/remove others). */
+    admins: string[];
+    /** Monotonic epoch — increments on reseed. Used for replay protection. */
+    epoch: number;
+    /** Consumed operation IDs within the current epoch. Cleared on epoch bump. */
+    consumedOps: string[];
+    /** Timestamp floor: reject messages with timestamps at or below this value (replay protection after consumedOps eviction). */
+    consumedOpsFloor?: number;
+}
+/**
+ * Create a new group with a freshly generated seed and time-based counter.
+ *
+ * @param config - Group configuration including name, members, optional preset and overrides.
+ * @returns A new {@link GroupState} with a cryptographically secure random seed.
+ * @throws {Error} If name is empty, preset is unknown, members contain invalid pubkeys, or config values are out of range.
+ *
+ * @example
+ * ```ts
+ * const group = createGroup({
+ *   name: 'Family',
+ *   members: [alicePubkey, bobPubkey],
+ *   preset: 'family',
+ * })
+ * getCurrentWord(group)  // "falcon"
+ * ```
+ */
+export declare function createGroup(config: GroupConfig): GroupState;
+/**
+ * Return the current verification word (or space-joined phrase) that all
+ * group members should use to authenticate with one another.
+ *
+ * @param state - Current group state.
+ * @returns The current verification word or space-joined phrase.
+ *
+ * @example
+ * ```ts
+ * const group = createGroup({ name: 'Family', members: [alice, bob] })
+ * const word = getCurrentWord(group)  // e.g. "falcon"
+ * ```
+ */
+export declare function getCurrentWord(state: GroupState): string;
+/**
+ * Return the duress word (or phrase) for a specific member at the current
+ * counter. Duress words are member-specific and distinct from the verification
+ * word, allowing silent distress signalling.
+ *
+ * @param state - Current group state.
+ * @param memberPubkey - 64-character hex pubkey of the member requesting their duress word.
+ * @returns The member's duress word or space-joined phrase, distinct from the verification word.
+ */
+export declare function getCurrentDuressWord(state: GroupState, memberPubkey: string): string;
+/**
+ * Advance the usage offset by one, rotating the current word (burn-after-use).
+ * Throws a RangeError if the effective counter would exceed the current
+ * time-based counter plus MAX_COUNTER_OFFSET, per CANARY spec §Counter Acceptance.
+ * Returns new state — does not mutate the input.
+ *
+ * @param state - Current group state.
+ * @returns New group state with usageOffset incremented by one.
+ * @throws {RangeError} If advancing would exceed the time-based counter plus MAX_COUNTER_OFFSET.
+ */
+export declare function advanceCounter(state: GroupState): GroupState;
+/**
+ * Generate a fresh seed and reset the usage offset to zero.
+ * Call this after a security event (e.g. suspected compromise).
+ * Returns new state — does not mutate the input.
+ *
+ * @param state - Current group state.
+ * @returns New group state with a fresh cryptographically secure seed and usageOffset reset to zero.
+ */
+export declare function reseed(state: GroupState): GroupState;
+/**
+ * Add a member to the group. If the pubkey is already present, returns the
+ * existing state unchanged (idempotent).
+ * Returns new state — does not mutate the input.
+ *
+ * @param state - Current group state.
+ * @param pubkey - 64-character lowercase hex pubkey of the member to add.
+ * @returns New group state with the member added, or unchanged state if already present.
+ * @throws {Error} If pubkey is not a valid 64-character hex string or group is at maximum capacity.
+ */
+export declare function addMember(state: GroupState, pubkey: string): GroupState;
+/**
+ * Remove a member from the group's member list.
+ *
+ * **Important:** This does NOT reseed. In a symmetric-key group, the removed
+ * member still possesses the old seed and can derive valid words. Use
+ * `removeMemberAndReseed()` instead unless you have a specific reason not to.
+ *
+ * Returns new state — does not mutate the input.
+ *
+ * @param state - Current group state.
+ * @param pubkey - 64-character lowercase hex pubkey of the member to remove.
+ * @returns New group state with the member removed (no-op if not found).
+ * @throws {Error} If pubkey is not a valid 64-character hex string.
+ */
+export declare function removeMember(state: GroupState, pubkey: string): GroupState;
+/**
+ * Remove a member and immediately reseed, atomically invalidating the old seed.
+ * This is the recommended way to remove members — ensures forward secrecy by
+ * preventing the removed member from deriving future tokens or decrypting
+ * future beacons.
+ *
+ * Returns new state — does not mutate the input.
+ *
+ * @param state - Current group state.
+ * @param pubkey - 64-character lowercase hex pubkey of the member to remove.
+ * @returns New group state with the member removed and a fresh seed.
+ * @throws {Error} If pubkey is not a valid 64-character hex string.
+ */
+export declare function removeMemberAndReseed(state: GroupState, pubkey: string): GroupState;
+/**
+ * Dissolve a group, zeroing the seed and clearing all members.
+ * Per CANARY spec §Seed Storage: seed MUST be wiped on group dissolution.
+ * Preserves name and timestamps for audit trail.
+ *
+ * Note: zeroing the seed string prevents further token derivation. Full
+ * memory erasure of prior string values is not possible in JS — platform-level
+ * secure storage should handle that concern. Callers MUST also delete the
+ * persisted record (IndexedDB, localStorage, backend) after calling this.
+ *
+ * Returns new state — does not mutate the input.
+ *
+ * @param state - Current group state.
+ * @returns New group state with seed zeroed, members and admins cleared, and offsets reset.
+ */
+export declare function dissolveGroup(state: GroupState): GroupState;
+/**
+ * Refresh the counter to the current time window. Call after loading persisted state.
+ * Enforces monotonicity: the counter never regresses, preventing clock rollback attacks.
+ *
+ * @param state - Current group state.
+ * @param nowSec - Current unix timestamp in seconds (default: `Date.now() / 1000`).
+ * @returns New group state with counter updated and usageOffset reset, or unchanged if counter has not advanced.
+ */
+export declare function syncCounter(state: GroupState, nowSec?: number): GroupState;
+//# sourceMappingURL=group.d.ts.map

package/dist/group.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"group.d.ts","sourceRoot":"","sources":["../src/group.ts"],"names":[],"mappings":"AAIA,OAAO,EAAW,KAAK,UAAU,EAAE,MAAM,cAAc,CAAA;AAcvD,wDAAwD;AACxD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,2EAA2E;IAC3E,MAAM,CAAC,EAAE,UAAU,CAAA;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,SAAS,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,uGAAuG;IACvG,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB;;;;;;;;;;OAUG;IACH,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,uEAAuE;IACvE,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,iGAAiG;IACjG,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,wEAAwE;AACxE,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,gBAAgB,EAAE,MAAM,CAAA;IACxB,SAAS,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,6EAA6E;IAC7E,OAAO,EAAE,MAAM,CAAA;IACf,sEAAsE;IACtE,WAAW,EAAE,MAAM,CAAA;IACnB,SAAS,EAAE,MAAM,CAAA;IACjB,0FAA0F;IAC1F,SAAS,EAAE,MAAM,CAAA;IACjB,4CAA4C;IAC5C,cAAc,EAAE,MAAM,CAAA;IACtB,mDAAmD;IACnD,eAAe,EAAE,MAAM,CAAA;IACvB,iEAAiE;IACjE,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,0EAA0E;IAC1E,KAAK,EAAE,MAAM,CAAA;IACb,8EAA8E;IAC9E,WAAW,EAAE,MAAM,EAAE,CAAA;IACrB,8HAA8H;IAC9H,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B;AAUD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,WAAW,GAAG,UAAU,CA4E3D;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAIxD;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CAIpF;AAED;;;;;;;;;GASG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,CAU5D;AAED;;;;;;;GAOG;AACH,wBAAgB,MAAM,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,CAEpD;AAED;;;;;;;;;GASG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,GAAG,UAAU,CAOvE;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,GAAG,UAAU,CAG1E;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,GAAG,UAAU,CAGnF;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,CAS3D;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CACzB,KAAK,EAAE,UAAU,EACjB,MAAM,GAAE,MAAsC,GAC7C,UAAU,CAIZ"}

package/dist/group.js

@@ -0,0 +1,263 @@
+import { randomSeed } from './crypto.js';
+import { getCounter, DEFAULT_ROTATION_INTERVAL, MAX_COUNTER_OFFSET } from './counter.js';
+import { deriveToken, deriveDuressToken, MAX_TOLERANCE } from './token.js';
+import { GROUP_CONTEXT } from './derive.js';
+import { PRESETS } from './presets.js';
+const HEX_64_RE = /^[0-9a-f]{64}$/;
+/** Maximum group members. Large groups degrade collision resistance in the 2048-word space. */
+const MAX_MEMBERS = 100;
+/** Validate that a string is a 64-character lowercase hex pubkey. */
+function validatePubkey(pubkey) {
+    if (!HEX_64_RE.test(pubkey)) {
+        throw new Error(`Invalid member pubkey: expected 64 hex characters, got ${pubkey.length} chars`);
+    }
+}
+/**
+ * Combine the time-based counter with the usage offset to produce the
+ * effective counter used for word derivation.
+ */
+function effectiveCounter(state) {
+    return state.counter + state.usageOffset;
+}
+/**
+ * Create a new group with a freshly generated seed and time-based counter.
+ *
+ * @param config - Group configuration including name, members, optional preset and overrides.
+ * @returns A new {@link GroupState} with a cryptographically secure random seed.
+ * @throws {Error} If name is empty, preset is unknown, members contain invalid pubkeys, or config values are out of range.
+ *
+ * @example
+ * ```ts
+ * const group = createGroup({
+ *   name: 'Family',
+ *   members: [alicePubkey, bobPubkey],
+ *   preset: 'family',
+ * })
+ * getCurrentWord(group)  // "falcon"
+ * ```
+ */
+export function createGroup(config) {
+    if (typeof config.name !== 'string' || config.name.length === 0) {
+        throw new Error('name must be a non-empty string');
+    }
+    if (config.preset !== undefined) {
+        if (typeof config.preset !== 'string' || !Object.hasOwn(PRESETS, config.preset)) {
+            throw new Error(`Unknown preset: "${config.preset}". Valid presets: ${Object.keys(PRESETS).join(', ')}`);
+        }
+    }
+    const now = Math.floor(Date.now() / 1000);
+    const base = config.preset !== undefined ? PRESETS[config.preset] : undefined;
+    const interval = config.rotationInterval ?? base?.rotationInterval ?? DEFAULT_ROTATION_INTERVAL;
+    const wordCount = config.wordCount ?? base?.wordCount ?? 1;
+    const tolerance = config.tolerance ?? 1;
+    // Validate resolved config values
+    if (!Number.isInteger(interval) || interval <= 0) {
+        throw new Error(`rotationInterval must be a positive integer, got ${interval}`);
+    }
+    if (wordCount !== 1 && wordCount !== 2 && wordCount !== 3) {
+        throw new Error(`wordCount must be 1, 2, or 3, got ${wordCount}`);
+    }
+    if (!Number.isInteger(tolerance) || tolerance < 0 || tolerance > MAX_TOLERANCE) {
+        throw new RangeError(`tolerance must be an integer 0–${MAX_TOLERANCE}, got ${tolerance}`);
+    }
+    if (config.beaconInterval !== undefined) {
+        if (!Number.isInteger(config.beaconInterval) || config.beaconInterval <= 0) {
+            throw new Error(`beaconInterval must be a positive integer, got ${config.beaconInterval}`);
+        }
+    }
+    if (config.beaconPrecision !== undefined) {
+        if (!Number.isInteger(config.beaconPrecision) || config.beaconPrecision < 1 || config.beaconPrecision > 11) {
+            throw new Error(`beaconPrecision must be an integer between 1 and 11, got ${config.beaconPrecision}`);
+        }
+    }
+    for (const pubkey of config.members) {
+        validatePubkey(pubkey);
+    }
+    const uniqueMembers = new Set(config.members);
+    if (uniqueMembers.size !== config.members.length) {
+        throw new Error('Duplicate pubkeys in members array');
+    }
+    if (config.creator !== undefined) {
+        validatePubkey(config.creator);
+        if (!config.members.includes(config.creator)) {
+            throw new Error('creator must be in members');
+        }
+    }
+    if (wordCount === 1 && config.members.length >= 10) {
+        console.warn(`[canary-kit] Group has ${config.members.length} members with 1-word encoding. ` +
+            `CANARY spec recommends 2+ words for groups of 10+ members to avoid duress collision (~2.2% at 10 members).`);
+    }
+    return {
+        name: config.name,
+        seed: randomSeed(),
+        members: [...config.members],
+        rotationInterval: interval,
+        wordCount,
+        tolerance,
+        wordlist: config.wordlist ?? 'en-v1',
+        counter: getCounter(now, interval),
+        usageOffset: 0,
+        createdAt: now,
+        beaconInterval: config.beaconInterval ?? 300,
+        beaconPrecision: config.beaconPrecision ?? 6,
+        admins: config.creator ? [config.creator] : [],
+        epoch: 0,
+        consumedOps: [],
+    };
+}
+/**
+ * Return the current verification word (or space-joined phrase) that all
+ * group members should use to authenticate with one another.
+ *
+ * @param state - Current group state.
+ * @returns The current verification word or space-joined phrase.
+ *
+ * @example
+ * ```ts
+ * const group = createGroup({ name: 'Family', members: [alice, bob] })
+ * const word = getCurrentWord(group)  // e.g. "falcon"
+ * ```
+ */
+export function getCurrentWord(state) {
+    const counter = effectiveCounter(state);
+    const encoding = state.wordCount === 1 ? undefined : { format: 'words', count: state.wordCount };
+    return deriveToken(state.seed, GROUP_CONTEXT, counter, encoding);
+}
+/**
+ * Return the duress word (or phrase) for a specific member at the current
+ * counter. Duress words are member-specific and distinct from the verification
+ * word, allowing silent distress signalling.
+ *
+ * @param state - Current group state.
+ * @param memberPubkey - 64-character hex pubkey of the member requesting their duress word.
+ * @returns The member's duress word or space-joined phrase, distinct from the verification word.
+ */
+export function getCurrentDuressWord(state, memberPubkey) {
+    const counter = effectiveCounter(state);
+    const encoding = state.wordCount === 1 ? undefined : { format: 'words', count: state.wordCount };
+    return deriveDuressToken(state.seed, GROUP_CONTEXT, memberPubkey, counter, encoding, state.tolerance, state.members);
+}
+/**
+ * Advance the usage offset by one, rotating the current word (burn-after-use).
+ * Throws a RangeError if the effective counter would exceed the current
+ * time-based counter plus MAX_COUNTER_OFFSET, per CANARY spec §Counter Acceptance.
+ * Returns new state — does not mutate the input.
+ *
+ * @param state - Current group state.
+ * @returns New group state with usageOffset incremented by one.
+ * @throws {RangeError} If advancing would exceed the time-based counter plus MAX_COUNTER_OFFSET.
+ */
+export function advanceCounter(state) {
+    const timeBased = getCounter(Math.floor(Date.now() / 1000), state.rotationInterval);
+    const newEffective = state.counter + state.usageOffset + 1;
+    if (newEffective > timeBased + MAX_COUNTER_OFFSET) {
+        throw new RangeError(`Cannot advance counter: effective counter ${newEffective} would exceed ` +
+            `time-based counter ${timeBased} + MAX_COUNTER_OFFSET (${MAX_COUNTER_OFFSET})`);
+    }
+    return { ...state, usageOffset: state.usageOffset + 1 };
+}
+/**
+ * Generate a fresh seed and reset the usage offset to zero.
+ * Call this after a security event (e.g. suspected compromise).
+ * Returns new state — does not mutate the input.
+ *
+ * @param state - Current group state.
+ * @returns New group state with a fresh cryptographically secure seed and usageOffset reset to zero.
+ */
+export function reseed(state) {
+    return { ...state, seed: randomSeed(), usageOffset: 0 };
+}
+/**
+ * Add a member to the group. If the pubkey is already present, returns the
+ * existing state unchanged (idempotent).
+ * Returns new state — does not mutate the input.
+ *
+ * @param state - Current group state.
+ * @param pubkey - 64-character lowercase hex pubkey of the member to add.
+ * @returns New group state with the member added, or unchanged state if already present.
+ * @throws {Error} If pubkey is not a valid 64-character hex string or group is at maximum capacity.
+ */
+export function addMember(state, pubkey) {
+    validatePubkey(pubkey);
+    if (state.members.includes(pubkey))
+        return state;
+    if (state.members.length >= MAX_MEMBERS) {
+        throw new Error(`Cannot add member: group has reached the maximum of ${MAX_MEMBERS} members`);
+    }
+    return { ...state, members: [...state.members, pubkey] };
+}
+/**
+ * Remove a member from the group's member list.
+ *
+ * **Important:** This does NOT reseed. In a symmetric-key group, the removed
+ * member still possesses the old seed and can derive valid words. Use
+ * `removeMemberAndReseed()` instead unless you have a specific reason not to.
+ *
+ * Returns new state — does not mutate the input.
+ *
+ * @param state - Current group state.
+ * @param pubkey - 64-character lowercase hex pubkey of the member to remove.
+ * @returns New group state with the member removed (no-op if not found).
+ * @throws {Error} If pubkey is not a valid 64-character hex string.
+ */
+export function removeMember(state, pubkey) {
+    validatePubkey(pubkey);
+    return { ...state, members: state.members.filter((m) => m !== pubkey) };
+}
+/**
+ * Remove a member and immediately reseed, atomically invalidating the old seed.
+ * This is the recommended way to remove members — ensures forward secrecy by
+ * preventing the removed member from deriving future tokens or decrypting
+ * future beacons.
+ *
+ * Returns new state — does not mutate the input.
+ *
+ * @param state - Current group state.
+ * @param pubkey - 64-character lowercase hex pubkey of the member to remove.
+ * @returns New group state with the member removed and a fresh seed.
+ * @throws {Error} If pubkey is not a valid 64-character hex string.
+ */
+export function removeMemberAndReseed(state, pubkey) {
+    const removed = removeMember(state, pubkey);
+    return reseed(removed);
+}
+/**
+ * Dissolve a group, zeroing the seed and clearing all members.
+ * Per CANARY spec §Seed Storage: seed MUST be wiped on group dissolution.
+ * Preserves name and timestamps for audit trail.
+ *
+ * Note: zeroing the seed string prevents further token derivation. Full
+ * memory erasure of prior string values is not possible in JS — platform-level
+ * secure storage should handle that concern. Callers MUST also delete the
+ * persisted record (IndexedDB, localStorage, backend) after calling this.
+ *
+ * Returns new state — does not mutate the input.
+ *
+ * @param state - Current group state.
+ * @returns New group state with seed zeroed, members and admins cleared, and offsets reset.
+ */
+export function dissolveGroup(state) {
+    return {
+        ...state,
+        seed: '0'.repeat(64),
+        members: [],
+        admins: [],
+        usageOffset: 0,
+        consumedOps: [],
+    };
+}
+/**
+ * Refresh the counter to the current time window. Call after loading persisted state.
+ * Enforces monotonicity: the counter never regresses, preventing clock rollback attacks.
+ *
+ * @param state - Current group state.
+ * @param nowSec - Current unix timestamp in seconds (default: `Date.now() / 1000`).
+ * @returns New group state with counter updated and usageOffset reset, or unchanged if counter has not advanced.
+ */
+export function syncCounter(state, nowSec = Math.floor(Date.now() / 1000)) {
+    const counter = getCounter(nowSec, state.rotationInterval);
+    if (counter <= state.counter)
+        return state;
+    return { ...state, counter, usageOffset: 0 };
+}
+//# sourceMappingURL=group.js.map

package/dist/group.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"group.js","sourceRoot":"","sources":["../src/group.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,UAAU,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AACxF,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAA;AAC1E,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAC3C,OAAO,EAAE,OAAO,EAAmB,MAAM,cAAc,CAAA;AAEvD,MAAM,SAAS,GAAG,gBAAgB,CAAA;AAElC,+FAA+F;AAC/F,MAAM,WAAW,GAAG,GAAG,CAAA;AAEvB,qEAAqE;AACrE,SAAS,cAAc,CAAC,MAAc;IACpC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,0DAA0D,MAAM,CAAC,MAAM,QAAQ,CAAC,CAAA;IAClG,CAAC;AACH,CAAC;AA4DD;;;GAGG;AACH,SAAS,gBAAgB,CAAC,KAAiB;IACzC,OAAO,KAAK,CAAC,OAAO,GAAG,KAAK,CAAC,WAAW,CAAA;AAC1C,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,WAAW,CAAC,MAAmB;IAC7C,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;IACpD,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAChC,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAChF,MAAM,IAAI,KAAK,CAAC,oBAAoB,MAAM,CAAC,MAAM,qBAAqB,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC1G,CAAC;IACH,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IACzC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAC7E,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,IAAI,IAAI,EAAE,gBAAgB,IAAI,yBAAyB,CAAA;IAC/F,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,EAAE,SAAS,IAAI,CAAC,CAAA;IAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,CAAC,CAAA;IAEvC,kCAAkC;IAClC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,oDAAoD,QAAQ,EAAE,CAAC,CAAA;IACjF,CAAC;IACD,IAAI,SAAS,KAAK,CAAC,IAAI,SAAS,KAAK,CAAC,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,qCAAqC,SAAmB,EAAE,CAAC,CAAA;IAC7E,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,SAAS,GAAG,CAAC,IAAI,SAAS,GAAG,aAAa,EAAE,CAAC;QAC/E,MAAM,IAAI,UAAU,CAAC,kCAAkC,aAAa,SAAS,SAAS,EAAE,CAAC,CAAA;IAC3F,CAAC;IACD,IAAI,MAAM,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,cAAc,IAAI,CAAC,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CAAC,kDAAkD,MAAM,CAAC,cAAc,EAAE,CAAC,CAAA;QAC5F,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,MAAM,CAAC,eAAe,GAAG,CAAC,IAAI,MAAM,CAAC,eAAe,GAAG,EAAE,EAAE,CAAC;YAC3G,MAAM,IAAI,KAAK,CAAC,4DAA4D,MAAM,CAAC,eAAe,EAAE,CAAC,CAAA;QACvG,CAAC;IACH,CAAC;IAED,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACpC,cAAc,CAAC,MAAM,CAAC,CAAA;IACxB,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAC7C,IAAI,aAAa,CAAC,IAAI,KAAK,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;IACvD,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QAC9B,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;QAC/C,CAAC;IACH,CAAC;IAED,IAAI,SAAS,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QACnD,OAAO,CAAC,IAAI,CACV,0BAA0B,MAAM,CAAC,OAAO,CAAC,MAAM,iCAAiC;YAChF,4GAA4G,CAC7G,CAAA;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,IAAI,EAAE,UAAU,EAAE;QAClB,OAAO,EAAE,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;QAC5B,gBAAgB,EAAE,QAAQ;QAC1B,SAAS;QACT,SAAS;QACT,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,OAAO;QACpC,OAAO,EAAE,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC;QAClC,WAAW,EAAE,CAAC;QACd,SAAS,EAAE,GAAG;QACd,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,GAAG;QAC5C,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,CAAC;QAC5C,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;QAC9C,KAAK,EAAE,CAAC;QACR,WAAW,EAAE,EAAE;KAChB,CAAA;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,cAAc,CAAC,KAAiB;IAC9C,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAA;IACvC,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAgB,EAAE,KAAK,EAAE,KAAK,CAAC,SAAS,EAAE,CAAA;IACzG,OAAO,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAA;AAClE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAiB,EAAE,YAAoB;IAC1E,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAA;IACvC,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAgB,EAAE,KAAK,EAAE,KAAK,CAAC,SAAS,EAAE,CAAA;IACzG,OAAO,iBAAiB,CAAC,KAAK,CAAC,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;AACtH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,cAAc,CAAC,KAAiB;IAC9C,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAA;IACnF,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,GAAG,KAAK,CAAC,WAAW,GAAG,CAAC,CAAA;IAC1D,IAAI,YAAY,GAAG,SAAS,GAAG,kBAAkB,EAAE,CAAC;QAClD,MAAM,IAAI,UAAU,CAClB,6CAA6C,YAAY,gBAAgB;YACzE,sBAAsB,SAAS,0BAA0B,kBAAkB,GAAG,CAC/E,CAAA;IACH,CAAC;IACD,OAAO,EAAE,GAAG,KAAK,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,GAAG,CAAC,EAAE,CAAA;AACzD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,MAAM,CAAC,KAAiB;IACtC,OAAO,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,CAAA;AACzD,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,SAAS,CAAC,KAAiB,EAAE,MAAc;IACzD,cAAc,CAAC,MAAM,CAAC,CAAA;IACtB,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAA;IAChD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,IAAI,WAAW,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,uDAAuD,WAAW,UAAU,CAAC,CAAA;IAC/F,CAAC;IACD,OAAO,EAAE,GAAG,KAAK,EAAE,OAAO,EAAE,CAAC,GAAG,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,CAAA;AAC1D,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,YAAY,CAAC,KAAiB,EAAE,MAAc;IAC5D,cAAc,CAAC,MAAM,CAAC,CAAA;IACtB,OAAO,EAAE,GAAG,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,EAAE,CAAA;AACzE,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAiB,EAAE,MAAc;IACrE,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;IAC3C,OAAO,MAAM,CAAC,OAAO,CAAC,CAAA;AACxB,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,aAAa,CAAC,KAAiB;IAC7C,OAAO;QACL,GAAG,KAAK;QACR,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACpB,OAAO,EAAE,EAAE;QACX,MAAM,EAAE,EAAE;QACV,WAAW,EAAE,CAAC;QACd,WAAW,EAAE,EAAE;KAChB,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,WAAW,CACzB,KAAiB,EACjB,SAAiB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IAE9C,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAA;IAC1D,IAAI,OAAO,IAAI,KAAK,CAAC,OAAO;QAAE,OAAO,KAAK,CAAA;IAC1C,OAAO,EAAE,GAAG,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,EAAE,CAAA;AAC9C,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+export { WORDLIST, WORDLIST_SIZE, getWord, indexOf, } from './wordlist.js';
+export { getCounter, counterToBytes, counterFromEventId, DEFAULT_ROTATION_INTERVAL, MAX_COUNTER_OFFSET, } from './counter.js';
+export { GROUP_CONTEXT, deriveVerificationWord, deriveVerificationPhrase, deriveDuressWord, deriveDuressPhrase, deriveCurrentWord, } from './derive.js';
+export { verifyWord, type VerifyResult, type VerifyStatus, } from './verify.js';
+export { createGroup, getCurrentWord, getCurrentDuressWord, advanceCounter, reseed, addMember, removeMember, removeMemberAndReseed, syncCounter, dissolveGroup, type GroupConfig, type GroupState, } from './group.js';
+export { PRESETS, type PresetName, type GroupPreset, } from './presets.js';
+export { deriveBeaconKey, deriveDuressKey, encryptBeacon, decryptBeacon, buildDuressAlert, encryptDuressAlert, decryptDuressAlert, type BeaconPayload, type DuressAlert, type DuressLocation, } from './beacon.js';
+export { MAX_TOLERANCE, deriveTokenBytes, deriveToken, deriveDuressTokenBytes, deriveDuressToken, verifyToken, deriveLivenessToken, type TokenVerifyResult, type VerifyOptions, } from './token.js';
+export { encodeAsWords, encodeAsPin, encodeAsHex, encodeToken, type TokenEncoding, DEFAULT_ENCODING, } from './encoding.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,QAAQ,EACR,aAAa,EACb,OAAO,EACP,OAAO,GACR,MAAM,eAAe,CAAA;AAEtB,OAAO,EACL,UAAU,EACV,cAAc,EACd,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,cAAc,CAAA;AAErB,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,wBAAwB,EACxB,gBAAgB,EAChB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,aAAa,CAAA;AAEpB,OAAO,EACL,UAAU,EACV,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,aAAa,CAAA;AAEpB,OAAO,EACL,WAAW,EACX,cAAc,EACd,oBAAoB,EACpB,cAAc,EACd,MAAM,EACN,SAAS,EACT,YAAY,EACZ,qBAAqB,EACrB,WAAW,EACX,aAAa,EACb,KAAK,WAAW,EAChB,KAAK,UAAU,GAChB,MAAM,YAAY,CAAA;AAEnB,OAAO,EACL,OAAO,EACP,KAAK,UAAU,EACf,KAAK,WAAW,GACjB,MAAM,cAAc,CAAA;AAErB,OAAO,EACL,eAAe,EACf,eAAe,EACf,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,cAAc,GACpB,MAAM,aAAa,CAAA;AAGpB,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,WAAW,EACX,sBAAsB,EACtB,iBAAiB,EACjB,WAAW,EACX,mBAAmB,EACnB,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAA;AAEnB,OAAO,EACL,aAAa,EACb,WAAW,EACX,WAAW,EACX,WAAW,EACX,KAAK,aAAa,EAClB,gBAAgB,GACjB,MAAM,eAAe,CAAA"}