hbsig 0.2.8 → 0.3.1

package/cjs/structured.js

@@ -77,7 +77,7 @@ function to(tabm) {
   // Build result with empty values first
   var result = {};
 
-  // Add empty values based on their types
+  // Add empty values based on their types (these may be overwritten if data exists)
   for (var _i = 0, _Object$entries = Object.entries(types); _i < _Object$entries.length; _i++) {
     var _Object$entries$_i = _slicedToArray(_Object$entries[_i], 2),
       key = _Object$entries$_i[0],
@@ -111,10 +111,19 @@ function to(tabm) {
         result[rawKey] = value;
       }
     } else if (_typeof(value) === "object" && value !== null && !Array.isArray(value)) {
+      // Check if the child object itself indicates it's a list via .="list" in its ao-types
+      var childAoTypes = value["ao-types"] || "";
+      var childTypes = parseAoTypes(childAoTypes);
+      var isChildList = childTypes["."] === "list";
+
       // Recursively decode child TABM
       var childDecoded = to(value);
-      var _type2 = types[normalizedKey];
-      if (_type2 === "list") {
+
+      // Only convert numbered map to array if the child object itself
+      // declares it's a list via .="list" in its ao-types.
+      // This preserves original keys when the parent declares the type
+      // but the child doesn't have the list marker.
+      if (isChildList) {
         // Convert numbered map back to ordered list
         result[rawKey] = messageToOrderedList(childDecoded);
       } else {
@@ -214,11 +223,22 @@ function decodeValue(type, value) {
       return parseInt(parseStructuredItem(value), 10);
     case "float":
       return parseFloat(value);
+    case "boolean":
+      // SF boolean format: ?1 = true, ?0 = false
+      // Convert to native boolean, will be encoded as "atom" type
+      if (value === "?1") return true;
+      if (value === "?0") return false;
+      // Fallback for other formats
+      return value === "true" || value === "1";
     case "atom":
       var atomItem = parseStructuredItem(value);
-      return atomItem.replace(/^"|"$/g, "");
-    // Remove quotes
-
+      var atomName = atomItem.replace(/^"|"$/g, ""); // Remove quotes
+      // Convert to Symbol to preserve atom type through round-trip
+      // Special cases for common atoms that JS has native types for
+      if (atomName === "true") return true;
+      if (atomName === "false") return false;
+      if (atomName === "null") return null;
+      return Symbol["for"](atomName);
     case "list":
       return parseStructuredList(value).map(function (item) {
         if (typeof item === "string" && item.startsWith("(ao-type-")) {
@@ -245,7 +265,8 @@ function decodeValue(type, value) {
  * @returns {*} - Parsed value
  */
 function parseStructuredItem(value) {
-  // This is a simplified parser - you'd want to use a proper structured fields parser
+  // Handle non-string values (e.g., numbers from HyperBEAM responses)
+  if (typeof value !== "string") return String(value);
   if (value.startsWith('"') && value.endsWith('"')) {
     return value.slice(1, -1); // Remove quotes
   }
@@ -258,10 +279,13 @@ function parseStructuredItem(value) {
  * @returns {Array} - Parsed list
  */
 function parseStructuredList(value) {
-  // This is a simplified parser - you'd want to use a proper structured fields parser
+  if (typeof value !== "string") return [value];
   return value.split(", ").map(function (item) {
     if (item.startsWith('"') && item.endsWith('"')) {
-      return item.slice(1, -1); // Remove quotes
+      // Remove quotes and unescape SF string escapes
+      // In SF strings: \" = " and \\ = \
+      return item.slice(1, -1).replace(/\\"/g, '"') // \" -> "
+      .replace(/\\\\/g, '\\'); // \\ -> \
     }
     return item;
   });
@@ -273,23 +297,50 @@ function parseStructuredList(value) {
  * @returns {object} - TABM
  */
 function from(msg) {
-  // Handle non-map values
-  if (msg instanceof Buffer || _typeof(msg) !== "object" || msg === null || Array.isArray(msg)) {
+  // Handle binary input - passthrough
+  if (msg instanceof Buffer || msg instanceof Uint8Array) {
+    return msg;
+  }
+
+  // Handle non-object values - passthrough
+  if (_typeof(msg) !== "object" || msg === null) {
     return msg;
   }
 
-  // Normalize keys first
-  var normalizedMap = {};
+  // Handle arrays - convert to numbered map with .="list" in ao-types
+  // Mirrors Erlang: from(List, Req, Opts) when is_list(List)
+  if (Array.isArray(msg)) {
+    // Convert to numbered map (1-based indexing like Erlang)
+    var numberedMap = {};
+    msg.forEach(function (item, idx) {
+      numberedMap[(idx + 1).toString()] = item;
+    });
+
+    // Recursively process the numbered map
+    var _result = from(numberedMap);
+
+    // Add .="list" to ao-types to indicate this message is a list
+    var existingAoTypes = _result["ao-types"] || "";
+    if (existingAoTypes) {
+      _result["ao-types"] = '.="list", ' + existingAoTypes;
+    } else {
+      _result["ao-types"] = '.="list"';
+    }
+    return _result;
+  }
+
+  // Process keys - preserve original case to match Erlang behavior
+  // HTTP headers are case-insensitive but JSON/map keys preserve case
+  var keysMap = {};
   for (var _i3 = 0, _Object$entries3 = Object.entries(msg); _i3 < _Object$entries3.length; _i3++) {
     var _Object$entries3$_i = _slicedToArray(_Object$entries3[_i3], 2),
       key = _Object$entries3$_i[0],
       value = _Object$entries3$_i[1];
-    var normKey = key.toLowerCase();
-    normalizedMap[normKey] = value;
+    keysMap[key] = value;
   }
 
-  // Get sorted keys (normalized)
-  var sortedKeys = Object.keys(normalizedMap).sort();
+  // Get sorted keys (preserving case)
+  var sortedKeys = Object.keys(keysMap).sort();
   var types = [];
   var values = [];
 
@@ -297,77 +348,63 @@ function from(msg) {
   var _iterator2 = _createForOfIteratorHelper(sortedKeys),
     _step2;
   try {
-    var _loop = function _loop() {
-        var normKey = _step2.value;
-        var value = normalizedMap[normKey];
-
-        // Handle empty values
-        if (value === "" || value instanceof Buffer && value.length === 0) {
-          types.push([normKey, "empty-binary"]);
-          return 0; // continue
-        }
-        if (Array.isArray(value) && value.length === 0) {
-          types.push([normKey, "empty-list"]);
-          return 0; // continue
-        }
-        if (_typeof(value) === "object" && value !== null && !Array.isArray(value) && !(value instanceof Buffer) && Object.keys(value).length === 0) {
-          types.push([normKey, "empty-message"]);
-          return 0; // continue
-        }
+    for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
+      var _key = _step2.value;
+      var _value = keysMap[_key];
+
+      // Handle empty binaries/strings - just include as-is, no type annotation
+      // (Erlang doesn't add empty-binary type, it just keeps the empty binary)
+      if (_value === "" || _value instanceof Buffer && _value.length === 0) {
+        values.push([_key, _value]);
+        continue;
+      }
 
-        // Handle binary/string values
-        if (value instanceof Buffer || value instanceof Uint8Array) {
-          values.push([normKey, value]);
-          return 0; // continue
-        }
-        if (typeof value === "string") {
-          values.push([normKey, value]);
-          return 0; // continue
-        }
+      // Empty arrays - convert to numbered map with .="list" in ao-types
+      // (Erlang doesn't add empty-list type, just the list marker)
+      if (Array.isArray(_value) && _value.length === 0) {
+        values.push([_key, from(_value)]);
+        continue;
+      }
 
-        // Handle nested maps
-        if (_typeof(value) === "object" && !Array.isArray(value) && value !== null) {
-          values.push([normKey, from(value)]);
-          return 0; // continue
-        }
+      // Empty objects - just include as-is, no type annotation
+      // (Erlang doesn't add empty-message type, it just keeps the empty map)
+      if (_typeof(_value) === "object" && _value !== null && !Array.isArray(_value) && !(_value instanceof Buffer) && Object.keys(_value).length === 0) {
+        values.push([_key, _value]);
+        continue;
+      }
 
-        // Handle arrays
-        if (Array.isArray(value) && value.length > 0) {
-          if (shouldConvertToNumberedMap(value)) {
-            // Convert to numbered map (1-based indexing)
-            var numberedMap = {};
-            value.forEach(function (item, idx) {
-              numberedMap[(idx + 1).toString()] = item;
-            });
-            types.push([normKey, "list"]);
-            values.push([normKey, from(numberedMap)]);
-          } else {
-            // Encode as list string
-            var _encodeValue = encodeValue(value),
-              _encodeValue2 = _slicedToArray(_encodeValue, 2),
-              type = _encodeValue2[0],
-              encoded = _encodeValue2[1];
-            types.push([normKey, type]);
-            values.push([normKey, encoded]);
-          }
-          return 0; // continue
-        }
+      // Handle binary/string values
+      if (_value instanceof Buffer || _value instanceof Uint8Array) {
+        values.push([_key, _value]);
+        continue;
+      }
+      if (typeof _value === "string") {
+        values.push([_key, _value]);
+        continue;
+      }
 
-        // Handle typed values (need encoding)
-        if (_typeof(value) === "symbol" || typeof value === "number" || Array.isArray(value) || typeof value === "boolean" || value === null) {
-          var _encodeValue3 = encodeValue(value),
-            _encodeValue4 = _slicedToArray(_encodeValue3, 2),
-            _type3 = _encodeValue4[0],
-            _encoded = _encodeValue4[1];
-          types.push([normKey, _type3]);
-          values.push([normKey, _encoded]);
-          return 0; // continue
-        }
-      },
-      _ret;
-    for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
-      _ret = _loop();
-      if (_ret === 0) continue;
+      // Handle nested maps
+      if (_typeof(_value) === "object" && !Array.isArray(_value) && _value !== null) {
+        values.push([_key, from(_value)]);
+        continue;
+      }
+
+      // Handle arrays - from() converts to numbered map with .="list" in ao-types
+      if (Array.isArray(_value) && _value.length > 0) {
+        values.push([_key, from(_value)]);
+        continue;
+      }
+
+      // Handle typed values (need encoding)
+      if (_typeof(_value) === "symbol" || typeof _value === "number" || typeof _value === "boolean" || _value === null) {
+        var _encodeValue = encodeValue(_value),
+          _encodeValue2 = _slicedToArray(_encodeValue, 2),
+          type = _encodeValue2[0],
+          encoded = _encodeValue2[1];
+        types.push([_key, type]);
+        values.push([_key, encoded]);
+        continue;
+      }
     }
 
     // Build result
@@ -398,55 +435,13 @@ function from(msg) {
   return result;
 }
 
-/**
- * Check if an array should be converted to numbered map
- * Rules based on Erlang behavior:
- * 1. Contains any objects/maps → convert
- * 2. Contains empty arrays (but NOT empty buffers) → convert
- * 3. All items are arrays (array of arrays) → convert
- * 4. Otherwise → encode as string
- */
-function shouldConvertToNumberedMap(arr) {
-  var allArrays = true;
-  var hasObjects = false;
-  var hasEmptyArrays = false;
-  var _iterator3 = _createForOfIteratorHelper(arr),
-    _step3;
-  try {
-    for (_iterator3.s(); !(_step3 = _iterator3.n()).done;) {
-      var item = _step3.value;
-      // Check for objects (not arrays or buffers)
-      if (_typeof(item) === "object" && item !== null && !Array.isArray(item) && !Buffer.isBuffer(item)) {
-        hasObjects = true;
-      }
-      // Check for empty arrays only (NOT empty buffers)
-      else if (Array.isArray(item) && item.length === 0) {
-        hasEmptyArrays = true;
-      }
-      // Track if all items are arrays
-      else if (!Array.isArray(item)) {
-        allArrays = false;
-      }
-    }
-
-    // Convert if: has objects, has empty arrays, or all items are non-empty arrays
-  } catch (err) {
-    _iterator3.e(err);
-  } finally {
-    _iterator3.f();
-  }
-  return hasObjects || hasEmptyArrays || allArrays && arr.length > 0 && arr.every(function (item) {
-    return Array.isArray(item);
-  });
-}
-
 /**
  * Encode a value with its type
  */
 function encodeValue(value) {
-  // Null (as atom)
+  // Null (as atom) - use token format (unquoted)
   if (value === null) {
-    return ["atom", '"null"'];
+    return ["atom", "null"];
   }
 
   // Integer
@@ -456,44 +451,43 @@ function encodeValue(value) {
 
   // Float
   if (typeof value === "number") {
-    // Format like Erlang with scientific notation
+    // Format like Erlang's float_to_binary - scientific notation with full precision
+    // Erlang's float_to_binary/1 uses ~20 decimal digits and keeps trailing zeros
     var str = value.toExponential(20);
-    // Remove trailing zeros but keep at least one
-    str = str.replace(/(\.\d*?)0+e/, "$1e").replace(/\.e/, ".0e");
-    // Ensure 2-digit exponent
+    // Ensure 2-digit exponent with sign
     str = str.replace(/e([+-])(\d)$/, "e$10$2");
     return ["float", str];
   }
 
-  // Boolean (as atom)
+  // Boolean (as atom) - use token format (unquoted)
   if (typeof value === "boolean") {
-    return ["atom", "\"".concat(value, "\"")];
+    return ["atom", value.toString()];
   }
 
-  // Symbol (as atom)
+  // Symbol (as atom) - use token format (unquoted)
   if (_typeof(value) === "symbol") {
     var name = Symbol.keyFor(value) || value.description || "";
-    return ["atom", "\"".concat(name, "\"")];
+    return ["atom", name];
   }
 
   // List
   if (Array.isArray(value)) {
     var parts = [];
-    var _iterator4 = _createForOfIteratorHelper(value),
-      _step4;
+    var _iterator3 = _createForOfIteratorHelper(value),
+      _step3;
     try {
-      for (_iterator4.s(); !(_step4 = _iterator4.n()).done;) {
-        var item = _step4.value;
+      for (_iterator3.s(); !(_step3 = _iterator3.n()).done;) {
+        var item = _step3.value;
         if (item instanceof Buffer) {
           // Empty buffer => empty string
           parts.push(item.length === 0 ? '""' : "\"".concat(item.toString(), "\""));
         } else if (typeof item === "string") {
           parts.push("\"".concat(item, "\""));
         } else {
-          var _encodeValue5 = encodeValue(item),
-            _encodeValue6 = _slicedToArray(_encodeValue5, 2),
-            itemType = _encodeValue6[0],
-            itemEncoded = _encodeValue6[1];
+          var _encodeValue3 = encodeValue(item),
+            _encodeValue4 = _slicedToArray(_encodeValue3, 2),
+            itemType = _encodeValue4[0],
+            itemEncoded = _encodeValue4[1];
           if (itemType === "list") {
             // Escape nested list quotes
             var escaped = itemEncoded.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
@@ -508,9 +502,9 @@ function encodeValue(value) {
         }
       }
     } catch (err) {
-      _iterator4.e(err);
+      _iterator3.e(err);
     } finally {
-      _iterator4.f();
+      _iterator3.f();
     }
     return ["list", parts.join(", ")];
   }

package/cjs/test.js

@@ -3,25 +3,10 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-Object.defineProperty(exports, "acc", {
-  enumerable: true,
-  get: function get() {
-    return _accounts.acc;
-  }
-});
 Object.defineProperty(exports, "toAddr", {
   enumerable: true,
   get: function get() {
     return _utils.toAddr;
   }
 });
-Object.defineProperty(exports, "wait", {
-  enumerable: true,
-  get: function get() {
-    return _utils.wait;
-  }
-});
-var _fs = require("fs");
-var _path = require("path");
-var _accounts = require("./accounts.js");
 var _utils = require("./utils.js");

package/esm/commit.js

@@ -1,7 +1,42 @@
-import { id, base, hashpath, rsaid, hmacid } from "./id.js"
+import { id, base, hashpath, rsaid } from "./id.js"
 import { toAddr } from "./utils.js"
 import { extractPubKey } from "./signer-utils.js"
 import { verify } from "./signer-utils.js"
+import crypto from "crypto"
+
+// Helper to compute SHA-256 content-digest in RFC 9530 format
+const computeContentDigest = (body) => {
+  let bodyBuffer
+  if (Buffer.isBuffer(body)) {
+    bodyBuffer = body
+  } else if (body instanceof Blob) {
+    return null // Can't compute synchronously for Blob
+  } else if (typeof body === "string") {
+    bodyBuffer = Buffer.from(body, "binary")
+  } else {
+    bodyBuffer = Buffer.from(String(body), "binary")
+  }
+  const hash = crypto.createHash("sha256").update(bodyBuffer).digest("base64")
+  return `sha-256=:${hash}:`
+}
+
+// Helper to build ao-types string from an object
+const buildAoTypes = (obj) => {
+  const types = []
+  for (const [key, value] of Object.entries(obj)) {
+    if (typeof value === "number") {
+      types.push(`${key}="${Number.isInteger(value) ? "integer" : "float"}"`)
+    } else if (typeof value === "boolean") {
+      types.push(`${key}="atom"`)
+    } else if (value === null) {
+      types.push(`${key}="atom"`)
+    } else if (typeof value === "symbol") {
+      // Symbols are Erlang atoms
+      types.push(`${key}="atom"`)
+    }
+  }
+  return types.length > 0 ? types.join(", ") : null
+}
 
 // todo: handle @
 export const commit = async (obj, opts) => {
@@ -12,19 +47,63 @@ export const commit = async (obj, opts) => {
 
   let body = {}
 
-  // Check for inline-body-key
-  const inlineBodyKey = msg.headers["inline-body-key"]
+  // Check for inline-body-key (indicates a field was moved to HTTP body during encoding)
+  const inlineBodyKey = msg.headers["inline-body-key"] || msg.headers["ao-body-key"]
+
+  // Body field names that HyperBEAM's inline_key() recognizes natively.
+  // For these, normalize_for_encoding() re-derives ao-body-key automatically.
+  // For custom names (e.g., "json"), we must keep ao-body-key in committed list
+  // so HyperBEAM knows which field to inline during verification.
+  const NATIVE_BODY_KEYS = new Set(["body", "data"])
+  const isNativeBodyKey = !inlineBodyKey || NATIVE_BODY_KEYS.has(inlineBodyKey)
+
+  // Build body from committed components.
+  // IMPORTANT: Use original typed values from obj (preserves integers, booleans, etc.)
+  // instead of string values from headers. This is critical because:
+  // 1. HTTP headers are always strings (e.g., quantity: 100 → "100")
+  // 2. We include ao-types to tell HyperBEAM the original types
+  // 3. HyperBEAM applies ao-types BEFORE signature verification
+  // 4. If we send strings, HyperBEAM converts to integers, breaking signature
+  // 5. If we send original integers, HyperBEAM re-encodes them as strings for verification
+  //
+  // Always skip content-digest and inline-body-key (transport artifacts re-derived by HyperBEAM).
+  // Skip ao-body-key only for native body keys (HyperBEAM re-derives it).
+  // Keep ao-body-key for custom body keys (HyperBEAM needs it to find the body field).
+
+  // Create case-insensitive lookup maps
+  const headerLookup = new Map()
+  for (const [k, v] of Object.entries(msg.headers)) {
+    headerLookup.set(k.toLowerCase(), v)
+  }
+  // Case-insensitive lookup for original object values (preserves types)
+  const objLookup = new Map()
+  for (const [k, v] of Object.entries(obj)) {
+    objLookup.set(k.toLowerCase(), v)
+  }
 
-  // Build body from components
   for (const v of components) {
     const key = v === "@path" ? "path" : v
-    body[key] = msg.headers[key]
+    if (key === "content-length") continue
+    if (key === "content-digest") continue
+    if (key === "inline-body-key") continue
+    if (isNativeBodyKey && key === "ao-body-key") continue
+
+    // Prefer original value from input object (preserves integer/boolean/etc. types)
+    // Fall back to header string value if not found in original object
+    const originalValue = objLookup.get(key.toLowerCase())
+    if (originalValue !== undefined) {
+      body[key] = originalValue
+    } else {
+      const headerValue = headerLookup.get(key)
+      if (headerValue !== undefined) {
+        body[key] = headerValue
+      }
+    }
   }
 
-  // Handle body resolution
+  // Handle body resolution - restore the inlined field to its AO-Core name
+  let bodyContent = null
   if (msg.body) {
-    let bodyContent
-
     if (msg.body instanceof Blob) {
       const arrayBuffer = await msg.body.arrayBuffer()
       bodyContent = Buffer.from(arrayBuffer)
@@ -32,31 +111,107 @@ export const commit = async (obj, opts) => {
       bodyContent = msg.body
     }
 
-    // If inline-body-key is "data", put content in data field
-    if (inlineBodyKey === "data") {
-      body.data = bodyContent
+    // Put body content under the original field name (e.g., "data", "json")
+    if (inlineBodyKey) {
+      body[inlineBodyKey] = bodyContent
     } else {
       body.body = bodyContent
     }
   }
 
-  // Remove inline-body-key from the final body as it's just metadata
-  delete body["inline-body-key"]
+  // Include non-committed fields from the original object as JSON values.
+  // This covers: (1) body-key fields (arrays/objects encoded as multipart,
+  // which can't be included as raw multipart in JSON), and (2) any other
+  // fields excluded from signing. These fields are unsigned but present
+  // so HyperBEAM can parse them directly as JSON types.
+  // Use case-insensitive matching: signing normalizes keys to lowercase,
+  // but the original object may use mixed case (e.g., "To" vs "to").
+  const committedSetLower = new Set(components.map(v => (v === "@path" ? "path" : v).toLowerCase()))
+  // Also track lowercase keys already in body to prevent duplicates
+  const bodyKeysLower = new Set(Object.keys(body).map(k => k.toLowerCase()))
+  for (const [key, value] of Object.entries(obj)) {
+    // Skip HTTP method (not a data field)
+    if (key === "method") continue
+    // Skip if already in committed set (was signed)
+    if (committedSetLower.has(key.toLowerCase())) continue
+    // Skip if already in body (duplicate prevention)
+    if (bodyKeysLower.has(key.toLowerCase())) continue
+    if (value === undefined) continue
+    body[key] = value
+    bodyKeysLower.add(key.toLowerCase())
+  }
+
+  // Include ao-types so HyperBEAM knows how to convert string values to proper types.
+  // First check if it was set by the signer, otherwise compute it from the original object
+  let aoTypes = msg.headers["ao-types"]
+  if (!aoTypes) {
+    // Compute ao-types from the original typed values in obj
+    aoTypes = buildAoTypes(obj)
+  }
+  if (aoTypes) {
+    body["ao-types"] = aoTypes
+  }
 
-  const hmacId = hmacid(msg.headers)
   const rsaId = rsaid(msg.headers)
   const pub = extractPubKey(msg.headers)
-  const committer = toAddr(pub.toString("base64"))
-  const meta = { alg: "rsa-pss-sha512", "commitment-device": "httpsig@1.0" }
-  const meta2 = { alg: "hmac-sha256", "commitment-device": "httpsig@1.0" }
+  const pubKeyBase64 = pub.toString("base64")
+  const committer = toAddr(pubKeyBase64)
+
+  // Extract keyid from signature-input to ensure it matches what was signed
+  // Format: sig-xxx=("field1"...);alg="...";keyid="..."
+  // The keyid may already have a scheme prefix (e.g., "publickey:base64data")
+  const extractKeyidFromSigInput = (sigInput) => {
+    if (!sigInput) return null
+    const match = sigInput.match(/keyid="([^"]+)"/)
+    if (!match) return null
+    // Return as-is - the keyid already includes the prefix from signing
+    return match[1]
+  }
+  const keyid = extractKeyidFromSigInput(msg.headers["signature-input"]) || `publickey:${pubKeyBase64}`
+
+  // Build the list of committed fields.
+  // Always transform HTTPSig transport keys to AO-Core keys:
+  // - Replace content-digest with the body field name (HyperBEAM re-derives content-digest)
+  // - For native body keys ("body", "data"): also remove ao-body-key (HyperBEAM re-derives it)
+  // - For custom body keys (e.g., "json"): keep ao-body-key (HyperBEAM needs it to find the field)
+  let committedFields = components.map(v => v === "@path" ? "path" : v)
+  if (committedFields.includes("content-digest") && (inlineBodyKey || msg.body)) {
+    const bodyFieldName = inlineBodyKey || "body"
+    committedFields = committedFields.filter(k => k !== "content-digest")
+    if (!committedFields.includes(bodyFieldName)) {
+      committedFields.push(bodyFieldName)
+    }
+  }
+  if (isNativeBodyKey) {
+    // For native body keys, ao-body-key is a transport artifact - remove it
+    committedFields = committedFields.filter(k => k !== "ao-body-key")
+  }
+
+  // Extract just the base64 signature data from the header format "sig-xxx=:base64data:"
+  // HyperBEAM expects raw base64 without colons (uses b64fast:encode/decode)
+  const extractSignature = (sigHeader) => {
+    if (!sigHeader) return sigHeader
+    // Match the base64 data between colons after the label
+    const match = sigHeader.match(/=:([^:]+):/)
+    return match ? match[1] : sigHeader
+  }
+  const rawSignature = extractSignature(msg.headers.signature)
+  const meta = {
+    type: "rsa-pss-sha512",
+    alg: "rsa-pss-sha512",
+    "commitment-device": "httpsig@1.0",
+    keyid: keyid,
+    committed: committedFields
+  }
   const sigs = {
-    signature: msg.headers.signature,
+    signature: rawSignature,
     "signature-input": msg.headers["signature-input"],
   }
+  // Only include the RSA commitment - HMAC commitments are created by HyperBEAM
+  // when needed and require the server's HMAC key which we don't have
   const committed = {
     commitments: {
       [rsaId]: { ...meta, committer, ...sigs },
-      [hmacId]: { ...meta2, ...sigs },
     },
     ...body,
   }