claim169 0.2.0-alpha → 0.3.0

package/dist/index.d.ts

@@ -83,9 +83,9 @@
  *
  * @module claim169
  */
-export type { Algorithm, AlgorithmName, Biometric, CertificateHash, Claim169, Claim169Input, CwtMeta, CwtMetaInput, DecodeResult, DecryptorCallback, EncryptorCallback, IDecoder, IEncoder, SignerCallback, VerificationStatus, VerifierCallback, X509Headers, } from "./types.js";
-export { Claim169Error } from "./types.js";
-import type { Claim169Input, CwtMetaInput, DecodeResult, DecryptorCallback, EncryptorCallback, IDecoder, IEncoder, SignerCallback, VerifierCallback } from "./types.js";
+export type { Algorithm, AlgorithmName, Biometric, CertificateHash, Claim169, Claim169ErrorCode, Claim169Input, CompressionMode, CoseType, CwtMeta, CwtMetaInput, DecodeResult, DetectedCompression, DecryptorCallback, EncodeResult, EncodeWarning, EncryptorCallback, IDecoder, IEncoder, InspectResult, SignerCallback, VerificationStatus, VerifierCallback, X509Headers, } from "./types.js";
+export { BiometricFormat, Claim169Error, Gender, MaritalStatus, PhotoFormat, } from "./types.js";
+import type { Claim169Input, CompressionMode, CwtMetaInput, DecodeResult, DecryptorCallback, EncodeResult, EncryptorCallback, IDecoder, IEncoder, InspectResult, SignerCallback, VerifierCallback } from "./types.js";
 /**
  * Get the library version
  */
@@ -200,7 +200,7 @@ export declare class Decoder implements IDecoder {
      */
     skipBiometrics(): Decoder;
     /**
-     * Enable timestamp validation.
+     * Re-enable timestamp validation (enabled by default).
      * When enabled, expired or not-yet-valid credentials will throw an error.
      * Implemented in the host (JavaScript) to avoid WASM runtime time limitations.
      * @returns The decoder instance for chaining
@@ -277,6 +277,8 @@ export declare class Decoder implements IDecoder {
  * Notes:
  * - If you don't provide a verification key, you must explicitly set `allowUnverified: true` (testing only).
  * - Timestamp validation is enabled by default in JS (host-side). Set `validateTimestamps: false` to disable.
+ * - PEM keys and custom verifier/decryptor callbacks are not supported here.
+ *   Use the `Decoder` builder class directly for those features.
  */
 export interface DecodeOptions {
     verifyWithEd25519?: Uint8Array;
@@ -403,15 +405,46 @@ export declare class Encoder implements IEncoder {
      */
     encryptWith(encryptor: EncryptorCallback, algorithm: "A256GCM" | "A128GCM"): Encoder;
     /**
-     * Encode the credential to a Base45 QR string.
-     * @returns Base45-encoded string suitable for QR code generation
+     * Set compression mode for encoding.
+     * @param mode - Compression mode: "zlib", "none", "adaptive", "brotli:N" (0-11), or "adaptive-brotli:N"
+     * @returns The encoder instance for chaining
+     * @throws {Claim169Error} If the mode is invalid or unsupported by the WASM build
+     */
+    compression(mode: CompressionMode): Encoder;
+    /**
+     * Encode the credential to a QR-ready result object.
+     * @returns Encode result with QR data, compression info, and warnings
      * @throws {Claim169Error} If encoding fails
      */
-    encode(): string;
+    encode(): EncodeResult;
 }
 /**
  * Generate a random 12-byte nonce for AES-GCM encryption.
  * @returns A 12-byte Uint8Array suitable for use as a nonce
  */
 export declare function generateNonce(): Uint8Array;
+/**
+ * Inspect credential metadata without full decoding or verification.
+ *
+ * Extracts metadata (issuer, key ID, algorithm, expiration) from a QR code
+ * without verifying the signature. Useful for multi-issuer key lookup.
+ *
+ * For encrypted credentials (COSE_Encrypt0), only COSE-level headers are
+ * available; CWT-level fields (issuer, subject, expiresAt) will be `undefined`.
+ *
+ * @param qrText - The Base45-encoded QR code content
+ * @returns Metadata extracted from the credential
+ * @throws {Claim169Error} On parse errors
+ *
+ * @example
+ * ```typescript
+ * import { inspect } from 'claim169';
+ *
+ * const meta = inspect(qrText);
+ * console.log(meta.issuer);     // "https://issuer.example.com"
+ * console.log(meta.algorithm);  // "EdDSA"
+ * console.log(meta.coseType);   // "Sign1"
+ * ```
+ */
+export declare function inspect(qrText: string): InspectResult;
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoFG;AAEH,YAAY,EACV,SAAS,EACT,aAAa,EACb,SAAS,EACT,eAAe,EACf,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,cAAc,EACd,gBAAgB,EAEjB,MAAM,YAAY,CAAC;AAMpB;;GAEG;AACH,wBAAgB,OAAO,IAAI,MAAM,CAEhC;AAED;;GAEG;AACH,wBAAgB,QAAQ,IAAI,OAAO,CAElC;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAqBlD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAMpD;AA4PD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,qBAAa,OAAQ,YAAW,QAAQ;IACtC,OAAO,CAAC,WAAW,CAAmB;IACtC,OAAO,CAAC,kBAAkB,CAAQ;IAClC,OAAO,CAAC,yBAAyB,CAAK;IAEtC;;;OAGG;gBACS,MAAM,EAAE,MAAM;IAI1B;;;;;OAKG;IACH,iBAAiB,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO;IAYjD;;;;;OAKG;IACH,mBAAmB,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO;IAYnD;;;;;;OAMG;IACH,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAY1C;;;;;;OAMG;IACH,sBAAsB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAY5C;;;;;OAKG;IACH,eAAe,IAAI,OAAO;IAK1B;;;;;OAKG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;;OAKG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;OAIG;IACH,cAAc,IAAI,OAAO;IAKzB;;;;;OAKG;IACH,uBAAuB,IAAI,OAAO;IAKlC;;;OAGG;IACH,0BAA0B,IAAI,OAAO;IAKrC;;;;;;OAMG;IACH,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAK5C;;;;;OAKG;IACH,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAK5C;;;;;;;;;;;;;;;;OAgBG;IACH,UAAU,CAAC,QAAQ,EAAE,gBAAgB,GAAG,OAAO;IAY/C;;;;;;;;;;;;;;;;OAgBG;IACH,WAAW,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAYlD;;;;;;OAMG;IACH,MAAM,IAAI,YAAY;CAsBvB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;GAMG;AACH,wBAAgB,MAAM,CACpB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,aAAkB,GAC1B,YAAY,CAuCd;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,OAAQ,YAAW,QAAQ;IACtC,OAAO,CAAC,WAAW,CAAmB;IAEtC;;;;OAIG;gBACS,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,YAAY;IAW1D;;;;OAIG;IACH,eAAe,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO;IAYhD;;;;OAIG;IACH,iBAAiB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO;IAYlD;;;;OAIG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;OAIG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;OAIG;IACH,aAAa,IAAI,OAAO;IAKxB;;;OAGG;IACH,cAAc,IAAI,OAAO;IAKzB;;;;;;;;;;;;;;;;;OAiBG;IACH,QAAQ,CACN,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,OAAO,GAAG,OAAO,EAC5B,KAAK,CAAC,EAAE,UAAU,GAAG,IAAI,GACxB,OAAO;IAiBV;;;;;;;;;;;;;;;;;OAiBG;IACH,WAAW,CACT,SAAS,EAAE,iBAAiB,EAC5B,SAAS,EAAE,SAAS,GAAG,SAAS,GAC/B,OAAO;IAYV;;;;OAIG;IACH,MAAM,IAAI,MAAM;CAUjB;AAED;;;GAGG;AACH,wBAAgB,aAAa,IAAI,UAAU,CAE1C"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoFG;AAEH,YAAY,EACV,SAAS,EACT,aAAa,EACb,SAAS,EACT,eAAe,EACf,QAAQ,EACR,iBAAiB,EACjB,aAAa,EACb,eAAe,EACf,QAAQ,EACR,OAAO,EACP,YAAY,EACZ,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,aAAa,EACb,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,eAAe,EACf,aAAa,EACb,MAAM,EACN,aAAa,EACb,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAGV,aAAa,EACb,eAAe,EAEf,YAAY,EACZ,YAAY,EAEZ,iBAAiB,EACjB,YAAY,EACZ,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,aAAa,EACb,cAAc,EACd,gBAAgB,EAEjB,MAAM,YAAY,CAAC;AAqBpB;;GAEG;AACH,wBAAgB,OAAO,IAAI,MAAM,CAEhC;AAED;;GAEG;AACH,wBAAgB,QAAQ,IAAI,OAAO,CAElC;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAqBlD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAMpD;AA0RD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,qBAAa,OAAQ,YAAW,QAAQ;IACtC,OAAO,CAAC,WAAW,CAAmB;IACtC,OAAO,CAAC,kBAAkB,CAAQ;IAClC,OAAO,CAAC,yBAAyB,CAAK;IAEtC;;;OAGG;gBACS,MAAM,EAAE,MAAM;IAI1B;;;;;OAKG;IACH,iBAAiB,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO;IAOjD;;;;;OAKG;IACH,mBAAmB,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO;IAOnD;;;;;;OAMG;IACH,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAO1C;;;;;;OAMG;IACH,sBAAsB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAO5C;;;;;OAKG;IACH,eAAe,IAAI,OAAO;IAK1B;;;;;OAKG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAO3C;;;;;OAKG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAO3C;;;;OAIG;IACH,cAAc,IAAI,OAAO;IAKzB;;;;;OAKG;IACH,uBAAuB,IAAI,OAAO;IAKlC;;;OAGG;IACH,0BAA0B,IAAI,OAAO;IAKrC;;;;;;OAMG;IACH,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAK5C;;;;;OAKG;IACH,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAK5C;;;;;;;;;;;;;;;;OAgBG;IACH,UAAU,CAAC,QAAQ,EAAE,gBAAgB,GAAG,OAAO;IAO/C;;;;;;;;;;;;;;;;OAgBG;IACH,WAAW,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAOlD;;;;;;OAMG;IACH,MAAM,IAAI,YAAY;CAiBvB;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,aAAa;IAC5B,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;GAMG;AACH,wBAAgB,MAAM,CACpB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,aAAkB,GAC1B,YAAY,CAuCd;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,OAAQ,YAAW,QAAQ;IACtC,OAAO,CAAC,WAAW,CAAmB;IAEtC;;;;OAIG;gBACS,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,YAAY;IAM1D;;;;OAIG;IACH,eAAe,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO;IAOhD;;;;OAIG;IACH,iBAAiB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO;IAOlD;;;;OAIG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAO3C;;;;OAIG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAO3C;;;;OAIG;IACH,aAAa,IAAI,OAAO;IAKxB;;;OAGG;IACH,cAAc,IAAI,OAAO;IAKzB;;;;;;;;;;;;;;;;;OAiBG;IACH,QAAQ,CACN,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,OAAO,GAAG,OAAO,EAC5B,KAAK,CAAC,EAAE,UAAU,GAAG,IAAI,GACxB,OAAO;IAYV;;;;;;;;;;;;;;;;;OAiBG;IACH,WAAW,CACT,SAAS,EAAE,iBAAiB,EAC5B,SAAS,EAAE,SAAS,GAAG,SAAS,GAC/B,OAAO;IAOV;;;;;OAKG;IACH,WAAW,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO;IAO3C;;;;OAIG;IACH,MAAM,IAAI,YAAY;CAcvB;AAED;;;GAGG;AACH,wBAAgB,aAAa,IAAI,UAAU,CAE1C;AA6BD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAKrD"}

package/dist/index.js

@@ -83,10 +83,25 @@
  *
  * @module claim169
  */
-export { Claim169Error } from "./types.js";
+export { BiometricFormat, Claim169Error, Gender, MaritalStatus, PhotoFormat, } from "./types.js";
 import { Claim169Error } from "./types.js";
 // Import WASM module (auto-initialized with bundler target)
 import * as wasm from "../wasm/claim169_wasm.js";
+/**
+ * Wrap a WASM call so that any thrown error becomes a Claim169Error.
+ */
+function wrapWasmCall(fn) {
+    try {
+        return fn();
+    }
+    catch (error) {
+        throw error instanceof Claim169Error
+            ? error
+            : error instanceof Error
+                ? new Claim169Error(error.message)
+                : new Claim169Error(String(error));
+    }
+}
 /**
  * Get the library version
  */
@@ -198,21 +213,39 @@ function transformX509Headers(raw) {
     return headers;
 }
 /**
- * Transform raw WASM result to typed DecodeResult
+ * Transform raw WASM result to typed DecodeResult.
+ * Performs runtime validation to catch malformed WASM output.
  */
 function transformResult(raw) {
+    if (typeof raw !== "object" || raw === null) {
+        throw new Claim169Error("Malformed WASM output: expected object");
+    }
     const result = raw;
+    if (typeof result.claim169 !== "object" || result.claim169 === null) {
+        throw new Claim169Error("Malformed WASM output: missing claim169");
+    }
+    if (typeof result.cwtMeta !== "object" || result.cwtMeta === null) {
+        throw new Claim169Error("Malformed WASM output: missing cwtMeta");
+    }
+    if (typeof result.verificationStatus !== "string") {
+        throw new Claim169Error("Malformed WASM output: missing verificationStatus");
+    }
+    const cwtMeta = result.cwtMeta;
     return {
         claim169: transformClaim169(result.claim169),
         cwtMeta: {
-            issuer: result.cwtMeta.issuer,
-            subject: result.cwtMeta.subject,
-            expiresAt: result.cwtMeta.expiresAt,
-            notBefore: result.cwtMeta.notBefore,
-            issuedAt: result.cwtMeta.issuedAt,
+            issuer: cwtMeta.issuer,
+            subject: cwtMeta.subject,
+            expiresAt: cwtMeta.expiresAt,
+            notBefore: cwtMeta.notBefore,
+            issuedAt: cwtMeta.issuedAt,
         },
         verificationStatus: result.verificationStatus,
         x509Headers: transformX509Headers(result.x509Headers),
+        detectedCompression: (result.detectedCompression ?? "zlib"),
+        warnings: result.warnings ?? [],
+        keyId: safeUint8Array(result.keyId),
+        algorithm: result.algorithm,
     };
 }
 /**
@@ -281,12 +314,18 @@ function transformBiometrics(raw) {
     if (!raw || !Array.isArray(raw)) {
         return undefined;
     }
-    return raw.map((b) => ({
-        data: safeUint8Array(b.data),
-        format: b.format,
-        subFormat: b.subFormat,
-        issuer: b.issuer,
-    }));
+    return raw.map((b) => {
+        const data = safeUint8Array(b.data);
+        if (!data) {
+            throw new Claim169Error("Biometric entry missing data field");
+        }
+        return {
+            data,
+            format: b.format,
+            subFormat: b.subFormat,
+            issuer: b.issuer,
+        };
+    });
 }
 function validateTimestampsHost(cwtMeta, clockSkewToleranceSeconds) {
     const skew = Math.max(0, Math.floor(clockSkewToleranceSeconds));
@@ -378,16 +417,8 @@ export class Decoder {
      * @throws {Claim169Error} If the public key is invalid
      */
     verifyWithEd25519(publicKey) {
-        try {
-            this.wasmDecoder = this.wasmDecoder.verifyWithEd25519(publicKey);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmDecoder = wrapWasmCall(() => this.wasmDecoder.verifyWithEd25519(publicKey));
+        return this;
     }
     /**
      * Verify signature with ECDSA P-256 public key.
@@ -396,16 +427,8 @@ export class Decoder {
      * @throws {Claim169Error} If the public key is invalid
      */
     verifyWithEcdsaP256(publicKey) {
-        try {
-            this.wasmDecoder = this.wasmDecoder.verifyWithEcdsaP256(publicKey);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmDecoder = wrapWasmCall(() => this.wasmDecoder.verifyWithEcdsaP256(publicKey));
+        return this;
     }
     /**
      * Verify signature with Ed25519 public key in PEM format.
@@ -415,16 +438,8 @@ export class Decoder {
      * @throws {Claim169Error} If the PEM is invalid
      */
     verifyWithEd25519Pem(pem) {
-        try {
-            this.wasmDecoder = this.wasmDecoder.verifyWithEd25519Pem(pem);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmDecoder = wrapWasmCall(() => this.wasmDecoder.verifyWithEd25519Pem(pem));
+        return this;
     }
     /**
      * Verify signature with ECDSA P-256 public key in PEM format.
@@ -434,16 +449,8 @@ export class Decoder {
      * @throws {Claim169Error} If the PEM is invalid
      */
     verifyWithEcdsaP256Pem(pem) {
-        try {
-            this.wasmDecoder = this.wasmDecoder.verifyWithEcdsaP256Pem(pem);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmDecoder = wrapWasmCall(() => this.wasmDecoder.verifyWithEcdsaP256Pem(pem));
+        return this;
     }
     /**
      * Allow decoding without signature verification.
@@ -462,16 +469,8 @@ export class Decoder {
      * @throws {Claim169Error} If the key is invalid
      */
     decryptWithAes256(key) {
-        try {
-            this.wasmDecoder = this.wasmDecoder.decryptWithAes256(key);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmDecoder = wrapWasmCall(() => this.wasmDecoder.decryptWithAes256(key));
+        return this;
     }
     /**
      * Decrypt with AES-128-GCM.
@@ -480,16 +479,8 @@ export class Decoder {
      * @throws {Claim169Error} If the key is invalid
      */
     decryptWithAes128(key) {
-        try {
-            this.wasmDecoder = this.wasmDecoder.decryptWithAes128(key);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmDecoder = wrapWasmCall(() => this.wasmDecoder.decryptWithAes128(key));
+        return this;
     }
     /**
      * Skip biometric data during decoding.
@@ -501,7 +492,7 @@ export class Decoder {
         return this;
     }
     /**
-     * Enable timestamp validation.
+     * Re-enable timestamp validation (enabled by default).
      * When enabled, expired or not-yet-valid credentials will throw an error.
      * Implemented in the host (JavaScript) to avoid WASM runtime time limitations.
      * @returns The decoder instance for chaining
@@ -557,16 +548,8 @@ export class Decoder {
      * ```
      */
     verifyWith(verifier) {
-        try {
-            this.wasmDecoder = this.wasmDecoder.verifyWith(verifier);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmDecoder = wrapWasmCall(() => this.wasmDecoder.verifyWith(verifier));
+        return this;
     }
     /**
      * Decrypt with a custom decryptor callback.
@@ -586,16 +569,8 @@ export class Decoder {
      * ```
      */
     decryptWith(decryptor) {
-        try {
-            this.wasmDecoder = this.wasmDecoder.decryptWith(decryptor);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmDecoder = wrapWasmCall(() => this.wasmDecoder.decryptWith(decryptor));
+        return this;
     }
     /**
      * Decode the QR code with the configured options.
@@ -605,7 +580,7 @@ export class Decoder {
      * @throws {Claim169Error} If decoding fails or no verification method specified
      */
     decode() {
-        try {
+        return wrapWasmCall(() => {
             const result = this.wasmDecoder.decode();
             const transformed = transformResult(result);
             // Validate date format (YYYY-MM-DD)
@@ -614,13 +589,7 @@ export class Decoder {
                 validateTimestampsHost(transformed.cwtMeta, this.clockSkewToleranceSeconds);
             }
             return transformed;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        });
     }
 }
 /**
@@ -695,15 +664,7 @@ export class Encoder {
      * @param cwtMeta - CWT metadata including issuer, expiration, etc.
      */
     constructor(claim169, cwtMeta) {
-        try {
-            this.wasmEncoder = new wasm.WasmEncoder(claim169, cwtMeta);
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmEncoder = wrapWasmCall(() => new wasm.WasmEncoder(claim169, cwtMeta));
     }
     /**
      * Sign with Ed25519 private key.
@@ -711,16 +672,8 @@ export class Encoder {
      * @returns The encoder instance for chaining
      */
     signWithEd25519(privateKey) {
-        try {
-            this.wasmEncoder = this.wasmEncoder.signWithEd25519(privateKey);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmEncoder = wrapWasmCall(() => this.wasmEncoder.signWithEd25519(privateKey));
+        return this;
     }
     /**
      * Sign with ECDSA P-256 private key.
@@ -728,16 +681,8 @@ export class Encoder {
      * @returns The encoder instance for chaining
      */
     signWithEcdsaP256(privateKey) {
-        try {
-            this.wasmEncoder = this.wasmEncoder.signWithEcdsaP256(privateKey);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmEncoder = wrapWasmCall(() => this.wasmEncoder.signWithEcdsaP256(privateKey));
+        return this;
     }
     /**
      * Encrypt with AES-256-GCM.
@@ -745,16 +690,8 @@ export class Encoder {
      * @returns The encoder instance for chaining
      */
     encryptWithAes256(key) {
-        try {
-            this.wasmEncoder = this.wasmEncoder.encryptWithAes256(key);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmEncoder = wrapWasmCall(() => this.wasmEncoder.encryptWithAes256(key));
+        return this;
     }
     /**
      * Encrypt with AES-128-GCM.
@@ -762,16 +699,8 @@ export class Encoder {
      * @returns The encoder instance for chaining
      */
     encryptWithAes128(key) {
-        try {
-            this.wasmEncoder = this.wasmEncoder.encryptWithAes128(key);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmEncoder = wrapWasmCall(() => this.wasmEncoder.encryptWithAes128(key));
+        return this;
     }
     /**
      * Allow encoding without a signature.
@@ -809,19 +738,11 @@ export class Encoder {
      * ```
      */
     signWith(signer, algorithm, keyId) {
-        try {
-            // Wrap the callback so callers can optionally provide a keyId even if the
-            // underlying WASM bindings don't expose key-id configuration yet.
-            const signerWithKeyId = (alg, wasmKeyId, data) => signer(alg, keyId ?? wasmKeyId, data);
-            this.wasmEncoder = this.wasmEncoder.signWith(signerWithKeyId, algorithm);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        // Wrap the callback so callers can optionally provide a keyId even if the
+        // underlying WASM bindings don't expose key-id configuration yet.
+        const signerWithKeyId = (alg, wasmKeyId, data) => signer(alg, keyId ?? wasmKeyId, data);
+        this.wasmEncoder = wrapWasmCall(() => this.wasmEncoder.signWith(signerWithKeyId, algorithm));
+        return this;
     }
     /**
      * Encrypt with a custom encryptor callback.
@@ -842,32 +763,33 @@ export class Encoder {
      * ```
      */
     encryptWith(encryptor, algorithm) {
-        try {
-            this.wasmEncoder = this.wasmEncoder.encryptWith(encryptor, algorithm);
-            return this;
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        this.wasmEncoder = wrapWasmCall(() => this.wasmEncoder.encryptWith(encryptor, algorithm));
+        return this;
+    }
+    /**
+     * Set compression mode for encoding.
+     * @param mode - Compression mode: "zlib", "none", "adaptive", "brotli:N" (0-11), or "adaptive-brotli:N"
+     * @returns The encoder instance for chaining
+     * @throws {Claim169Error} If the mode is invalid or unsupported by the WASM build
+     */
+    compression(mode) {
+        this.wasmEncoder = wrapWasmCall(() => this.wasmEncoder.compression(mode));
+        return this;
     }
     /**
-     * Encode the credential to a Base45 QR string.
-     * @returns Base45-encoded string suitable for QR code generation
+     * Encode the credential to a QR-ready result object.
+     * @returns Encode result with QR data, compression info, and warnings
      * @throws {Claim169Error} If encoding fails
      */
     encode() {
-        try {
-            return this.wasmEncoder.encode();
-        }
-        catch (error) {
-            if (error instanceof Error) {
-                throw new Claim169Error(error.message);
-            }
-            throw new Claim169Error(String(error));
-        }
+        return wrapWasmCall(() => {
+            const raw = this.wasmEncoder.encode();
+            return {
+                qrData: raw.qrData,
+                compressionUsed: raw.compressionUsed,
+                warnings: raw.warnings ?? [],
+            };
+        });
     }
 }
 /**
@@ -877,4 +799,54 @@ export class Encoder {
 export function generateNonce() {
     return new Uint8Array(wasm.generateNonce());
 }
+/**
+ * Transform raw WASM inspect result to typed InspectResult.
+ */
+function transformInspectResult(raw) {
+    if (typeof raw !== "object" || raw === null) {
+        throw new Claim169Error("Malformed WASM output: expected object");
+    }
+    const result = raw;
+    if (typeof result.coseType !== "string") {
+        throw new Claim169Error("Malformed WASM output: missing coseType");
+    }
+    return {
+        issuer: result.issuer,
+        subject: result.subject,
+        keyId: safeUint8Array(result.keyId),
+        algorithm: result.algorithm,
+        x509Headers: transformX509Headers(result.x509Headers),
+        expiresAt: result.expiresAt,
+        coseType: result.coseType,
+    };
+}
+/**
+ * Inspect credential metadata without full decoding or verification.
+ *
+ * Extracts metadata (issuer, key ID, algorithm, expiration) from a QR code
+ * without verifying the signature. Useful for multi-issuer key lookup.
+ *
+ * For encrypted credentials (COSE_Encrypt0), only COSE-level headers are
+ * available; CWT-level fields (issuer, subject, expiresAt) will be `undefined`.
+ *
+ * @param qrText - The Base45-encoded QR code content
+ * @returns Metadata extracted from the credential
+ * @throws {Claim169Error} On parse errors
+ *
+ * @example
+ * ```typescript
+ * import { inspect } from 'claim169';
+ *
+ * const meta = inspect(qrText);
+ * console.log(meta.issuer);     // "https://issuer.example.com"
+ * console.log(meta.algorithm);  // "EdDSA"
+ * console.log(meta.coseType);   // "Sign1"
+ * ```
+ */
+export function inspect(qrText) {
+    return wrapWasmCall(() => {
+        const raw = wasm.inspect(qrText);
+        return transformInspectResult(raw);
+    });
+}
 //# sourceMappingURL=index.js.map