npm - midsummer-sol - Versions diffs - 0.1.4 → 0.2.0 - Mend

midsummer-sol 0.1.4 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/index.js CHANGED Viewed

@@ -11,7 +11,10 @@ function hashNode(node) {
     canon = node.encoding ? `blob\x00${node.encoding}\x00${node.content}` : `blob\x00${node.content}`;
   } else if (node.kind === "sealed")
     canon = `sealed\x00${node.box}`;
-  else
+  else if (node.kind === "prov") {
+    const f = (k, v) => v === undefined ? "" : `\x00${k}\x00${v}`;
+    canon = "prov" + f("agentId", node.agentId) + f("sessionId", node.sessionId) + f("model", node.model) + f("intent", node.intent) + f("tool", node.tool) + f("rationale", node.rationale) + f("parent", node.parent);
+  } else
     canon = "tree\x00" + Object.keys(node.entries).sort().map((k) => {
       const e = node.entries[k];
       return e.mode === undefined ? `${k}\x00${e.kind}\x00${e.hash}` : `${k}\x00${e.kind}\x00${e.hash}\x00${e.mode}`;
@@ -44,13 +47,161 @@ class Store {
     return this.objects.size;
   }
 }
+// src/struct.ts
+import { randomBytes } from "node:crypto";
+// src/async-store.ts
+async function getTree(store, hash) {
+  const node = await store.get(hash);
+  if (!node || node.kind !== "tree")
+    throw new Error(`not a tree: ${hash}`);
+  return node;
+}
+class MemoryAsyncStore {
+  nodes = new Map;
+  async put(node) {
+    const h = hashNode(node);
+    if (!this.nodes.has(h))
+      this.nodes.set(h, node);
+    return h;
+  }
+  async get(hash) {
+    return this.nodes.get(hash);
+  }
+  async has(hash) {
+    return this.nodes.has(hash);
+  }
+  get size() {
+    return this.nodes.size;
+  }
+}
+// src/struct.ts
+var SLOT_PREFIX = "\x00slot\x00";
+var HIDDEN_KEY = "\x00hidden";
+function isReservedKey(key) {
+  return key.startsWith("\x00");
+}
+function slotKey(slotId) {
+  return SLOT_PREFIX + slotId;
+}
+function slotIdFromKey(key) {
+  return key.startsWith(SLOT_PREFIX) ? key.slice(SLOT_PREFIX.length) : undefined;
+}
+function mintSlotId() {
+  return randomBytes(16).toString("base64url");
+}
+var STRUCT_HEADER = "__solStruct";
+function parseStruct(plaintext) {
+  if (!plaintext.startsWith("{"))
+    return;
+  let v;
+  try {
+    v = JSON.parse(plaintext);
+  } catch {
+    return;
+  }
+  if (!v || typeof v !== "object")
+    return;
+  const tag = v[STRUCT_HEADER];
+  if (tag === "subtree" || tag === "name" || tag === "entries")
+    return v;
+  return;
+}
+function nextBucket(n) {
+  let b = 256;
+  while (b < n)
+    b *= 2;
+  return b;
+}
+function padPlaintext(p) {
+  const bare = JSON.stringify(p);
+  const target = nextBucket(bare.length);
+  if (bare.length >= target)
+    return bare;
+  const overhead = `,"${"__pad"}":""`.length;
+  const fill = Math.max(0, target - bare.length - overhead);
+  return JSON.stringify({ ...p, __pad: " ".repeat(fill) });
+}
+async function collectAsync(store, hash, into) {
+  if (into[hash])
+    return;
+  const node = await store.get(hash);
+  if (!node)
+    throw new Error(`sealSubtree: node missing from store: ${hash}`);
+  into[hash] = node;
+  if (node.kind === "tree")
+    for (const e of Object.values(node.entries))
+      await collectAsync(store, e.hash, into);
+}
+async function serializeSubtreeAsync(store, dirRoot) {
+  const nodes = {};
+  await collectAsync(store, dirRoot, nodes);
+  return padPlaintext({ __solStruct: "subtree", bundle: { root: dirRoot, nodes } });
+}
+async function subtreeRootAt(store, root, dirPath) {
+  const segs = dirPath.split("/").filter(Boolean);
+  let cur = root;
+  for (let i = 0;i < segs.length; i++) {
+    const entry = (await getTree(store, cur)).entries[segs[i]];
+    if (!entry || entry.kind !== "tree")
+      return;
+    cur = entry.hash;
+  }
+  return cur;
+}
+async function entryAt(store, root, path) {
+  const segs = path.split("/").filter(Boolean);
+  let cur = root;
+  for (let i = 0;i < segs.length; i++) {
+    const entry = (await getTree(store, cur)).entries[segs[i]];
+    if (!entry)
+      return;
+    if (i === segs.length - 1)
+      return entry;
+    if (entry.kind !== "tree")
+      return;
+    cur = entry.hash;
+  }
+  return;
+}
+async function serializeNameAsync(store, name, entry) {
+  const nodes = {};
+  await collectAsync(store, entry.hash, nodes);
+  const payload = {
+    __solStruct: "name",
+    name,
+    entryKind: entry.kind,
+    ...entry.mode === undefined ? {} : { entryMode: entry.mode },
+    bundle: { root: entry.hash, nodes }
+  };
+  return padPlaintext(payload);
+}
+async function hiddenEntryAsync(store, entry) {
+  const nodes = {};
+  await collectAsync(store, entry.hash, nodes);
+  return { entryKind: entry.kind, ...entry.mode === undefined ? {} : { entryMode: entry.mode }, bundle: { root: entry.hash, nodes } };
+}
+function serializeHiddenEntries(slots) {
+  return padPlaintext({ __solStruct: "entries", slots });
+}
 // src/tree.ts
 var EMPTY_TREE = { kind: "tree", entries: {} };
 function emptyRoot(store) {
   return store.put(EMPTY_TREE);
 }
 function segments(path) {
-  return path.split("/").filter(Boolean);
+  const segs = path.split("/").filter(Boolean);
+  for (const s of segs) {
+    if (!s.includes("\x00"))
+      continue;
+    const reserved = s.startsWith("\x00slot\x00") ? s.slice("\x00slot\x00".length) : s === "\x00hidden" ? "" : undefined;
+    if (reserved === undefined || reserved.includes("\x00"))
+      throw new Error("illegal NUL byte in path");
+  }
+  return segs;
 }
 function writeFile(store, root, path, content, opts = {}) {
   const blob = opts.encoding ? { kind: "blob", content, encoding: opts.encoding } : { kind: "blob", content };
@@ -84,6 +235,21 @@ function fileAt(store, root, path) {
   }
   return;
 }
+function sealedBoxAt(store, root, path) {
+  const segs = segments(path);
+  let cur = root;
+  for (let i = 0;i < segs.length; i++) {
+    const entry = store.getTree(cur).entries[segs[i]];
+    if (!entry)
+      return;
+    if (i === segs.length - 1)
+      return entry.kind === "sealed" ? store.get(entry.hash).box : undefined;
+    if (entry.kind !== "tree")
+      return;
+    cur = entry.hash;
+  }
+  return;
+}
 function modeAt(store, root, path) {
   const segs = segments(path);
   let cur = root;
@@ -135,6 +301,10 @@ function listAll(store, root, prefix = "") {
   const tree = store.getTree(root);
   const out = [];
   for (const [name, entry] of Object.entries(tree.entries)) {
+    if (isReservedKey(name)) {
+      out.push(prefix ? `${prefix}/${name}` : name);
+      continue;
+    }
     const p = prefix ? `${prefix}/${name}` : name;
     if (entry.kind === "tree")
       out.push(...listAll(store, entry.hash, p));
@@ -198,7 +368,7 @@ function covers(prefix, path) {
   return path === prefix || path.startsWith(prefix + "/");
 }
 // src/crypto.ts
-import { createCipheriv, createDecipheriv, createPublicKey, diffieHellman, generateKeyPairSync, hkdfSync, randomBytes, timingSafeEqual } from "node:crypto";
+import { createCipheriv, createDecipheriv, createHash as createHash2, createPrivateKey, createPublicKey, diffieHellman, generateKeyPairSync, hkdfSync, randomBytes as randomBytes2, scryptSync, sign as edSign, timingSafeEqual, verify as edVerify } from "node:crypto";
 var UNREADABLE = "<<unreadable>>";
 class KeyRing {
@@ -206,7 +376,7 @@ class KeyRing {
   ensure(actor) {
     let k = this.keys.get(actor);
     if (!k) {
-      k = randomBytes(32);
+      k = randomBytes2(32);
       this.keys.set(actor, k);
     }
     return k;
@@ -226,7 +396,7 @@ class KeyRing {
   }
 }
 function aeadSeal(key, plain) {
-  const iv = randomBytes(12);
+  const iv = randomBytes2(12);
   const c = createCipheriv("aes-256-gcm", key, iv);
   const ct = Buffer.concat([c.update(plain), c.final()]);
   return { iv: iv.toString("base64"), ct: ct.toString("base64"), tag: c.getAuthTag().toString("base64") };
@@ -237,14 +407,25 @@ function aeadOpen(key, box) {
   return Buffer.concat([d.update(Buffer.from(box.ct, "base64")), d.final()]);
 }
 function sealContent(ring, content, recipients, epoch = 1) {
-  const cek = randomBytes(32);
+  const cek = randomBytes2(32);
   const body = aeadSeal(cek, Buffer.from(content, "utf8"));
   const lockboxes = {};
   for (const r of recipients)
     lockboxes[r] = aeadSeal(ring.ensure(r), cek);
   return { body, lockboxes, epoch };
 }
-function openContent(ring, box, actor) {
+function openContent(ring, box, actor, self) {
+  if (self) {
+    const alb = box.asym?.[self.accountId];
+    if (alb) {
+      try {
+        const cek = unwrapCekWith(self.privateKey, alb);
+        return aeadOpen(cek, box.body).toString("utf8");
+      } catch {
+        return UNREADABLE;
+      }
+    }
+  }
   const lb = box.lockboxes[actor];
   const key = ring.key(actor);
   if (!lb || !key)
@@ -257,7 +438,7 @@ function openContent(ring, box, actor) {
   }
 }
 function isRecipient(box, actor) {
-  return actor in box.lockboxes;
+  return actor in box.lockboxes || !!box.asym?.[actor];
 }
 function ciphertextOf(box) {
   return box.body.ct;
@@ -295,7 +476,7 @@ function unwrapCekWith(privateKey, lb) {
   return aeadOpen(deriveWrapKey(shared, lb.epk, recipientPubB64), lb.box);
 }
 function sealWithRecovery(ring, content, recipients, recoveryPubKeys = {}, epoch = 1) {
-  const cek = randomBytes(32);
+  const cek = randomBytes2(32);
   const body = aeadSeal(cek, Buffer.from(content, "utf8"));
   const lockboxes = {};
   for (const r of recipients)
@@ -316,6 +497,68 @@ function openWithRecovery(privateKey, box, recoveryId) {
     return UNREADABLE;
   }
 }
+function sealToAccounts(content, recipientPubKeys, opts = {}) {
+  const cek = randomBytes2(32);
+  const body = aeadSeal(cek, Buffer.from(content, "utf8"));
+  const asym = {};
+  for (const [acct, pub] of Object.entries(recipientPubKeys))
+    asym[acct] = wrapCekTo(pub, cek);
+  const lockboxes = {};
+  if (opts.ring && opts.localRecipients)
+    for (const r of opts.localRecipients)
+      lockboxes[r] = aeadSeal(opts.ring.ensure(r), cek);
+  const recovery = {};
+  for (const [id, pub] of Object.entries(opts.recoveryPubKeys ?? {}))
+    recovery[id] = wrapCekTo(pub, cek);
+  const box = { body, lockboxes, asym, epoch: opts.epoch ?? 1 };
+  if (Object.keys(recovery).length)
+    box.recovery = recovery;
+  return box;
+}
+var X25519_PKCS8_PREFIX = Buffer.from("302e020100300506032b656e04220420", "hex");
+var ED25519_PKCS8_PREFIX = Buffer.from("302e020100300506032b657004220420", "hex");
+var KDF_PARAMS = { N: 1 << 15, r: 8, p: 1, maxmem: 64 * 1024 * 1024 };
+function x25519FromSeed(seed) {
+  const privateKey = createPrivateKey({ key: Buffer.concat([X25519_PKCS8_PREFIX, seed]), format: "der", type: "pkcs8" });
+  return { publicKey: createPublicKey(privateKey).export({ type: "spki", format: "der" }).toString("base64"), privateKey };
+}
+function ed25519FromSeed(seed) {
+  const privateKey = createPrivateKey({ key: Buffer.concat([ED25519_PKCS8_PREFIX, seed]), format: "der", type: "pkcs8" });
+  return { publicKey: createPublicKey(privateKey).export({ type: "spki", format: "der" }).toString("base64"), privateKey };
+}
+var WORDLIST = "abandon ability able about above absorb abstract access accident account accuse achieve acid acoustic acquire across action actor actual adapt add address adjust admit adult advance advice aerobic affair afford afraid again age agent agree ahead aim air airport aisle alarm album alert alien all alley allow almost alone alpha already also alter always amateur amazing among amount amused anchor ancient anger angle angry animal ankle announce annual another answer antenna antique anxiety apart apology appear apple approve april arch arctic area arena argue arm armed armor army around arrange arrest arrive arrow art artist artwork ask aspect assault asset assist assume asthma athlete atom attack attend attitude attract auction audit august aunt author auto autumn average avocado avoid awake aware away awesome awful awkward axis".split(" ");
+function generateRecoveryCode(words = 12) {
+  const out = [];
+  for (let i = 0;i < words; i++)
+    out.push(WORDLIST[randomBytes2(2).readUInt16BE(0) % WORDLIST.length]);
+  return out.join(" ");
+}
+function deriveIdentity(accountId, recoveryCode, keyEpoch = 1) {
+  const salt = Buffer.from(`sol/identity/v1\x00${accountId}\x00epoch=${keyEpoch}`);
+  const xSeed = scryptSync(recoveryCode.normalize("NFKD"), Buffer.concat([salt, Buffer.from("\x00x25519")]), 32, KDF_PARAMS);
+  const eSeed = scryptSync(recoveryCode.normalize("NFKD"), Buffer.concat([salt, Buffer.from("\x00ed25519")]), 32, KDF_PARAMS);
+  const x = x25519FromSeed(xSeed);
+  const e = ed25519FromSeed(eSeed);
+  return { accountId, x25519Pub: x.publicKey, x25519Priv: x.privateKey, edPub: e.publicKey, edPriv: e.privateKey, keyEpoch };
+}
+function pubkeyBindingBytes(accountId, x25519Pub, keyEpoch) {
+  return Buffer.from(`sol/keydir/v1\x00${accountId}\x00${x25519Pub}\x00epoch=${keyEpoch}`);
+}
+function signPubkey(id) {
+  return edSign(null, pubkeyBindingBytes(id.accountId, id.x25519Pub, id.keyEpoch), id.edPriv).toString("base64");
+}
+function verifyPubkeySig(entry) {
+  try {
+    const edPub = createPublicKey({ key: Buffer.from(entry.edPub, "base64"), type: "spki", format: "der" });
+    return edVerify(null, pubkeyBindingBytes(entry.accountId, entry.x25519Pub, entry.keyEpoch), edPub, Buffer.from(entry.sig, "base64"));
+  } catch {
+    return false;
+  }
+}
+function pubFingerprint(x25519Pub) {
+  const h = createHash2("sha256").update(Buffer.from(x25519Pub, "base64")).digest("hex");
+  return h.slice(0, 32).match(/.{4}/g).join("-");
+}
 // src/log.ts
 function groupIntoUnits(ops) {
   const units = [];
@@ -354,7 +597,7 @@ function filterLog(ops, opts = {}) {
 }
 function formatLog(ops) {
   return ops.map((op) => {
-    const by = op.by ?? "?";
+    const by = op.kind === "agent" ? `agent:${op.by ?? "?"}` : op.by ?? "?";
     const head = `${op.seq} ${by} ${op.type} ${op.path}`;
     return op.message ? `${head}: ${op.message}` : head;
   });
@@ -600,11 +843,11 @@ function resolvePath(base, ours, theirs) {
     const m = merge3(base, ours, theirs);
     if (m.clean)
       return { content: m.text };
-    return { content: m.text, conflict: { path: "", ours, theirs } };
+    return { content: m.text, conflict: { path: "", base, ours, theirs } };
   }
   return {
     content: ours,
-    conflict: { path: "", ours, theirs }
+    conflict: { path: "", base, ours, theirs }
   };
 }
 function merge(repo, baseHead, oursHead, theirsHead) {
@@ -617,6 +860,14 @@ function merge(repo, baseHead, oursHead, theirsHead) {
   const conflicts = [];
   let root = emptyRoot(store);
   for (const path of [...paths].sort()) {
+    if (entryKindAt(store, baseHead, path) === "sealed" || entryKindAt(store, oursHead, path) === "sealed" || entryKindAt(store, theirsHead, path) === "sealed") {
+      const { box, conflict: conflict2 } = resolveSealed(store, baseHead, oursHead, theirsHead, path);
+      if (conflict2)
+        conflicts.push({ ...conflict2, path });
+      if (box !== undefined)
+        root = writeSealedLeaf(store, root, path, box);
+      continue;
+    }
     const base = readFile(store, baseHead, path);
     const ours = readFile(store, oursHead, path);
     const theirs = readFile(store, theirsHead, path);
@@ -629,6 +880,40 @@ function merge(repo, baseHead, oursHead, theirsHead) {
   }
   return { head: root, conflicts };
 }
+function resolveSealed(store, baseHead, oursHead, theirsHead, path) {
+  const base = sealedBoxAt(store, baseHead, path);
+  const ours = sealedBoxAt(store, oursHead, path);
+  const theirs = sealedBoxAt(store, theirsHead, path);
+  const oursChanged = ours !== base;
+  const theirsChanged = theirs !== base;
+  if (!oursChanged && !theirsChanged)
+    return { box: base };
+  if (oursChanged && !theirsChanged)
+    return { box: ours };
+  if (!oursChanged && theirsChanged)
+    return { box: theirs };
+  if (ours === theirs)
+    return { box: ours };
+  return { box: ours, conflict: { path: "", base, ours, theirs, sealed: true } };
+}
+function writeSealedLeaf(store, root, path, box) {
+  const segs = path.split("/").filter(Boolean);
+  const hash = store.put({ kind: "sealed", box });
+  const go = (treeHash, segments2) => {
+    const tree = store.getTree(treeHash);
+    const entries = { ...tree.entries };
+    const [head, ...rest] = segments2;
+    if (rest.length === 0)
+      entries[head] = { kind: "sealed", hash };
+    else {
+      const child = entries[head];
+      const childHash = child?.kind === "tree" ? child.hash : emptyRoot(store);
+      entries[head] = { kind: "tree", hash: go(childHash, rest) };
+    }
+    return store.put({ kind: "tree", entries });
+  };
+  return go(root, segs);
+}
 // src/labels.ts
 class Labels {
   labels = new Map;
@@ -763,32 +1048,6 @@ function cmdFork(view) {
 function short(hash) {
   return hash.slice(0, 12);
 }
-// src/async-store.ts
-async function getTree(store, hash) {
-  const node = await store.get(hash);
-  if (!node || node.kind !== "tree")
-    throw new Error(`not a tree: ${hash}`);
-  return node;
-}
-class MemoryAsyncStore {
-  nodes = new Map;
-  async put(node) {
-    const h = hashNode(node);
-    if (!this.nodes.has(h))
-      this.nodes.set(h, node);
-    return h;
-  }
-  async get(hash) {
-    return this.nodes.get(hash);
-  }
-  async has(hash) {
-    return this.nodes.has(hash);
-  }
-  get size() {
-    return this.nodes.size;
-  }
-}
 // src/attest.ts
 import { createHmac, timingSafeEqual as timingSafeEqual2 } from "node:crypto";
 function canonicalOp(op) {
@@ -798,7 +1057,9 @@ function canonicalOp(op) {
     path: op.path,
     rootAfter: op.rootAfter,
     by: op.by ?? null,
-    message: op.message ?? null
+    message: op.message ?? null,
+    ...op.kind !== undefined ? { kind: op.kind } : {},
+    ...op.prov !== undefined ? { prov: op.prov } : {}
   });
 }
 function signOp(key, op) {
@@ -816,6 +1077,31 @@ function verifyOp(key, op, sig) {
     return false;
   return timingSafeEqual2(expected, claimed);
 }
+function canonicalAtt(op) {
+  return JSON.stringify({
+    entryHash: op.entryHash ?? null,
+    prov: op.prov ?? null,
+    pushedBy: op.pushedBy ?? null,
+    at: op.at ?? null
+  });
+}
+function attestOp(key, op) {
+  return createHmac("sha256", key).update(canonicalAtt(op)).digest("base64");
+}
+function verifyAtt(key, op, sig = op.att) {
+  if (!sig)
+    return false;
+  const expected = Buffer.from(attestOp(key, op), "base64");
+  let claimed;
+  try {
+    claimed = Buffer.from(sig, "base64");
+  } catch {
+    return false;
+  }
+  if (expected.length !== claimed.length)
+    return false;
+  return timingSafeEqual2(expected, claimed);
+}
 // src/errors.ts
 class CorruptRepoError extends Error {
@@ -835,7 +1121,15 @@ function chainOp(prevHash, op) {
 // src/async-tree.ts
 function segments2(path) {
-  return path.split("/").filter(Boolean);
+  const segs = path.split("/").filter(Boolean);
+  for (const s of segs) {
+    if (!s.includes("\x00"))
+      continue;
+    const reserved = s.startsWith("\x00slot\x00") ? s.slice("\x00slot\x00".length) : s === "\x00hidden" ? "" : undefined;
+    if (reserved === undefined || reserved.includes("\x00"))
+      throw new Error("illegal NUL byte in path");
+  }
+  return segs;
 }
 async function emptyRoot2(store) {
   return store.put({ kind: "tree", entries: {} });
@@ -849,6 +1143,70 @@ async function writeSealed(store, root, path, box) {
   const hash = await store.put({ kind: "sealed", box });
   return writeInto2(store, root, segments2(path), hash, "sealed");
 }
+async function hideName(store, root, path, box, slotId) {
+  const hash = await store.put({ kind: "sealed", box });
+  return hideInto(store, root, segments2(path), hash, slotKey(slotId));
+}
+async function reHideName(store, root, dirSegs, key, box) {
+  const hash = await store.put({ kind: "sealed", box });
+  if (dirSegs.length === 0) {
+    const tree2 = await getTree(store, root);
+    return store.put({ kind: "tree", entries: { ...tree2.entries, [key]: { kind: "sealed", hash } } });
+  }
+  const tree = await getTree(store, root);
+  const entries = { ...tree.entries };
+  const [head, ...rest] = dirSegs;
+  const child = entries[head];
+  if (!child || child.kind !== "tree")
+    return root;
+  entries[head] = { kind: "tree", hash: await reHideName(store, child.hash, rest, key, box) };
+  return store.put({ kind: "tree", entries });
+}
+async function hideInto(store, treeHash, segs, sealedHash, key) {
+  const tree = await getTree(store, treeHash);
+  const entries = { ...tree.entries };
+  const [head, ...rest] = segs;
+  if (rest.length === 0) {
+    delete entries[head];
+    entries[key] = { kind: "sealed", hash: sealedHash };
+  } else {
+    const child = entries[head];
+    if (!child || child.kind !== "tree")
+      return treeHash;
+    entries[head] = { kind: "tree", hash: await hideInto(store, child.hash, rest, sealedHash, key) };
+  }
+  return store.put({ kind: "tree", entries });
+}
+async function hideExistence(store, root, path, hiddenBox) {
+  const hash = await store.put({ kind: "sealed", box: hiddenBox });
+  return hideExistenceInto(store, root, segments2(path), hash);
+}
+async function hideExistenceInto(store, treeHash, segs, sidecarHash) {
+  const tree = await getTree(store, treeHash);
+  const entries = { ...tree.entries };
+  const [head, ...rest] = segs;
+  if (rest.length === 0) {
+    delete entries[head];
+    entries[HIDDEN_KEY] = { kind: "sealed", hash: sidecarHash };
+  } else {
+    const child = entries[head];
+    if (!child || child.kind !== "tree")
+      return treeHash;
+    entries[head] = { kind: "tree", hash: await hideExistenceInto(store, child.hash, rest, sidecarHash) };
+  }
+  return store.put({ kind: "tree", entries });
+}
+async function dirEntriesAt(store, root, dirPath) {
+  const segs = segments2(dirPath);
+  let cur = root;
+  for (const seg of segs) {
+    const entry = (await getTree(store, cur)).entries[seg];
+    if (!entry || entry.kind !== "tree")
+      return;
+    cur = entry.hash;
+  }
+  return (await getTree(store, cur)).entries;
+}
 async function writeInto2(store, treeHash, segs, hash, leafKind, mode) {
   const tree = await getTree(store, treeHash);
   const entries = { ...tree.entries };
@@ -976,6 +1334,10 @@ async function listAll2(store, root, prefix = "") {
   const tree = await getTree(store, root);
   const out = [];
   for (const [name, entry] of Object.entries(tree.entries)) {
+    if (isReservedKey(name)) {
+      out.push(prefix ? `${prefix}/${name}` : name);
+      continue;
+    }
     const p = prefix ? `${prefix}/${name}` : name;
     if (entry.kind === "tree")
       out.push(...await listAll2(store, entry.hash, p));
@@ -985,6 +1347,224 @@ async function listAll2(store, root, prefix = "") {
   return out.sort();
 }
+// src/sign.ts
+import { createHash as createHash3, generateKeyPairSync as generateKeyPairSync2, createPrivateKey as createPrivateKey2, createPublicKey as createPublicKey2, sign as edSign2, verify as edVerify2 } from "node:crypto";
+function canonicalAuthor(op) {
+  return JSON.stringify({
+    type: op.type,
+    path: op.path,
+    rootAfter: op.rootAfter,
+    by: op.by ?? null,
+    message: op.message ?? null,
+    ...op.kind !== undefined ? { kind: op.kind } : {},
+    ...op.prov !== undefined ? { prov: op.prov } : {}
+  });
+}
+function fingerprintOf(pub) {
+  const der = Buffer.from(pub, "base64");
+  return "sol1:" + createHash3("sha256").update(der).digest("hex").slice(0, 16);
+}
+var FINGERPRINT_RE = /^sol1:[0-9a-f]{16}$/;
+function normalizeFingerprint(fp) {
+  const t = fp.trim();
+  const body = (t.toLowerCase().startsWith("sol1:") ? t.slice(5) : t).replace(/[-:\s]/g, "").toLowerCase();
+  const candidate = "sol1:" + body;
+  return FINGERPRINT_RE.test(candidate) ? candidate : undefined;
+}
+function generateKeypair() {
+  const { publicKey, privateKey } = generateKeyPairSync2("ed25519");
+  const pub = publicKey.export({ type: "spki", format: "der" }).toString("base64");
+  const seed = privateKey.export({ type: "pkcs8", format: "der" }).subarray(16).toString("base64");
+  return { seed, pub, fingerprint: fingerprintOf(pub) };
+}
+var ED25519_PKCS8_PREFIX2 = Buffer.from("302e020100300506032b657004220420", "hex");
+function loadPrivateKey(secret) {
+  const s = secret.trim();
+  if (s.includes("-----BEGIN"))
+    return createPrivateKey2(s);
+  const raw = Buffer.from(s, "base64");
+  if (raw.length === 32)
+    return createPrivateKey2({ key: Buffer.concat([ED25519_PKCS8_PREFIX2, raw]), format: "der", type: "pkcs8" });
+  return createPrivateKey2({ key: raw, format: "der", type: "pkcs8" });
+}
+function publicOf(priv) {
+  return createPublicKey2(priv).export({ type: "spki", format: "der" }).toString("base64");
+}
+function signerFrom(secret) {
+  const priv = loadPrivateKey(secret);
+  const pub = publicOf(priv);
+  return { priv, pub, fingerprint: fingerprintOf(pub) };
+}
+function signAuthor(signer, op) {
+  const sig = edSign2(null, Buffer.from(canonicalAuthor(op)), signer.priv).toString("base64");
+  return { sig, pub: signer.pub };
+}
+function verifyAuthor(op) {
+  if (!op.sig || !op.pub)
+    return { signed: false, valid: false };
+  try {
+    const ok = edVerify2(null, Buffer.from(canonicalAuthor(op)), createPublicKey2({ key: Buffer.from(op.pub, "base64"), format: "der", type: "spki" }), Buffer.from(op.sig, "base64"));
+    return ok ? { signed: true, valid: true, fingerprint: fingerprintOf(op.pub) } : { signed: true, valid: false };
+  } catch {
+    return { signed: true, valid: false };
+  }
+}
+function trustAuthor(op, trust = {}) {
+  const v = verifyAuthor(op);
+  const claimedActor = op.by ?? undefined;
+  if (!v.signed)
+    return { ...v, claimedActor, state: "unsigned" };
+  if (!v.valid)
+    return { ...v, claimedActor, state: "invalid" };
+  const expected = claimedActor ? trust[claimedActor] : undefined;
+  if (!expected)
+    return { ...v, claimedActor, state: "untrusted" };
+  return { ...v, claimedActor, state: expected === v.fingerprint ? "trusted" : "forged" };
+}
+// src/prov.ts
+function provenanceFromEnv(env = process.env) {
+  const kind = env.SOL_KIND === "agent" ? "agent" : "human";
+  const node = buildProvNode({
+    agentId: env.SOL_AGENT_ID || (kind === "agent" ? env.SOL_ACTOR : undefined),
+    sessionId: env.SOL_SESSION,
+    model: env.SOL_MODEL,
+    intent: env.SOL_INTENT,
+    tool: env.SOL_TOOL
+  });
+  return node ? { kind, node } : { kind };
+}
+function buildProvNode(fields) {
+  const clean = { kind: "prov" };
+  let any = false;
+  for (const k of ["agentId", "sessionId", "model", "intent", "tool", "rationale", "parent"]) {
+    const v = fields[k];
+    if (v) {
+      clean[k] = v;
+      any = true;
+    }
+  }
+  return any ? clean : undefined;
+}
+function provOf(op, reader) {
+  if (!op.prov)
+    return;
+  const n = reader.get(op.prov);
+  return n && n.kind === "prov" ? n : undefined;
+}
+function authorLabel(op, reader) {
+  const name = op.by ?? "?";
+  const p = reader ? provOf(op, reader) : undefined;
+  if (op.kind !== "agent" && !p)
+    return name;
+  const who = op.kind === "agent" ? `agent ${p?.agentId ?? p?.model ?? name}` : name;
+  const bits = [];
+  if (p?.sessionId)
+    bits.push(`session ${p.sessionId}`);
+  const tail = p?.intent ? ` — intent: ${p.intent}` : "";
+  return `${who}${bits.length ? ` (${bits.join(", ")})` : ""}${tail}`;
+}
+function provJson(op, reader, key, trust) {
+  const p = reader ? provOf(op, reader) : undefined;
+  if (op.kind === undefined && !p && op.att === undefined && op.pushedBy === undefined && op.sig === undefined)
+    return;
+  const out = { kind: op.kind ?? "human" };
+  if (p) {
+    for (const k of ["agentId", "sessionId", "model", "intent", "tool", "rationale", "parent"])
+      if (p[k])
+        out[k] = p[k];
+  }
+  if (op.sig !== undefined) {
+    const t = trustAuthor(op, trust);
+    out.signed = true;
+    out.verified = t.valid;
+    if (t.fingerprint)
+      out.fingerprint = t.fingerprint;
+    if (t.claimedActor !== undefined)
+      out.claimedActor = t.claimedActor;
+    out.trust = t.state;
+  }
+  if (op.pushedBy !== undefined)
+    out.pushedBy = op.pushedBy;
+  if (op.att !== undefined) {
+    out.att = op.att;
+    out.attested = key ? verifyAtt(key, op) : true;
+  } else if (op.pushedBy !== undefined) {
+    out.attested = false;
+  }
+  return out;
+}
+function attTag(op, key) {
+  if (op.att === undefined)
+    return "[unattested/local]";
+  if (key && !verifyAtt(key, op))
+    return "[att INVALID]";
+  return `[attested pushedBy=${op.pushedBy ?? "?"}]`;
+}
+function signTag(op, trust) {
+  const t = trustAuthor(op, trust);
+  switch (t.state) {
+    case "unsigned":
+      return "unsigned";
+    case "invalid":
+      return "INVALID ✗";
+    case "forged":
+      return `FORGED ${t.claimedActor ?? "?"}!=${t.fingerprint} ✗`;
+    case "trusted":
+      return `signed ${t.fingerprint} ✓ (trusted ${t.claimedActor})`;
+    default:
+      return `signed ${t.fingerprint} ✓`;
+  }
+}
+function signTrailerValue(op, trust) {
+  const t = trustAuthor(op, trust);
+  switch (t.state) {
+    case "unsigned":
+      return;
+    case "invalid":
+      return "INVALID";
+    case "forged":
+      return `${t.fingerprint} FORGED (claimed ${t.claimedActor ?? "?"})`;
+    case "trusted":
+      return `${t.fingerprint} verified (trusted ${t.claimedActor})`;
+    default:
+      return `${t.fingerprint} verified`;
+  }
+}
+function provTrailers(op, reader, key, trust) {
+  const p = reader ? provOf(op, reader) : undefined;
+  const lines2 = [];
+  const signed = trustAuthor(op, trust);
+  const isAgent = op.kind === "agent" || signed.signed && signed.valid;
+  if (isAgent)
+    lines2.push("Sol-Kind: agent");
+  const agentId = p?.agentId || (isAgent ? signed.fingerprint || op.by : undefined);
+  if (agentId)
+    lines2.push(`Sol-Agent: ${agentId}`);
+  if (p?.sessionId)
+    lines2.push(`Sol-Session: ${p.sessionId}`);
+  if (p?.model)
+    lines2.push(`Sol-Model: ${p.model}`);
+  const intent = p?.intent || (isAgent ? op.message?.trim() || undefined : undefined);
+  if (intent)
+    lines2.push(`Sol-Intent: ${intent}`);
+  const sign = signTrailerValue(op, trust);
+  if (sign)
+    lines2.push(`Sol-Sign: ${sign}`);
+  if (op.att !== undefined && !(key && !verifyAtt(key, op)))
+    lines2.push(`Sol-Attested: pushedBy=${op.pushedBy ?? "?"}`);
+  return lines2;
+}
+async function captureProv(sink, env = process.env) {
+  const { kind, node } = provenanceFromEnv(env);
+  const out = {};
+  if (kind === "agent")
+    out.kind = "agent";
+  if (node)
+    out.prov = await sink.put(node);
+  return out;
+}
 // src/async-repo.ts
 function pageOps(ops, opts = {}) {
   let out = opts.from !== undefined ? ops.filter((o) => o.seq >= opts.from) : ops.slice();
@@ -1016,15 +1596,27 @@ class MemoryOpLog {
     return pageOps(this.entries, opts);
   }
 }
+var noSign = (op) => op;
 class AsyncRepo {
   store;
   log;
   actor;
-  constructor(store, log, actor = "anon") {
+  sign;
+  constructor(store, log, actor = "anon", sign = noSign) {
     this.store = store;
     this.log = log;
     this.actor = actor;
+    this.sign = sign;
+  }
+  async appendAuthored(entry, by) {
+    await this.log.append(by === this.actor ? this.sign(entry) : entry);
+  }
+  provFor;
+  async provenance(by) {
+    if (by !== this.actor)
+      return {};
+    return this.provFor ??= captureProv(this.store);
   }
   async currentRoot() {
     const head = await this.log.head();
@@ -1041,7 +1633,7 @@ class AsyncRepo {
   }
   async writeFile(path, content, at = Date.now(), by = this.actor) {
     const rootAfter = await writeFile2(this.store, await this.currentRoot(), path, content);
-    await this.log.append({ seq: await this.log.seq() + 1, type: "write", path, rootAfter, at, by });
+    await this.appendAuthored({ seq: await this.log.seq() + 1, type: "write", path, rootAfter, at, by, ...await this.provenance(by) }, by);
     return rootAfter;
   }
   async applyBatch(changes) {
@@ -1060,7 +1652,7 @@ class AsyncRepo {
   }
   async writeBytes(path, data, at = Date.now(), by = this.actor) {
     const rootAfter = await writeFile2(this.store, await this.currentRoot(), path, Buffer.from(data).toString("base64"), { encoding: "base64" });
-    await this.log.append({ seq: await this.log.seq() + 1, type: "write", path, rootAfter, at, by });
+    await this.appendAuthored({ seq: await this.log.seq() + 1, type: "write", path, rootAfter, at, by, ...await this.provenance(by) }, by);
     return rootAfter;
   }
   async readBytes(path) {
@@ -1079,7 +1671,7 @@ class AsyncRepo {
     if (!f)
       return this.currentRoot();
     const rootAfter = await writeFile2(this.store, await this.currentRoot(), path, f.content, { encoding: f.encoding, mode });
-    await this.log.append({ seq: await this.log.seq() + 1, type: "write", path, rootAfter, at, by: this.actor });
+    await this.appendAuthored({ seq: await this.log.seq() + 1, type: "write", path, rootAfter, at, by: this.actor, ...await this.provenance(this.actor) }, this.actor);
     return rootAfter;
   }
   async mode(path) {
@@ -1087,7 +1679,96 @@ class AsyncRepo {
   }
   async writeSealed(path, box, at = Date.now()) {
     const rootAfter = await writeSealed(this.store, await this.currentRoot(), path, box);
-    await this.log.append({ seq: await this.log.seq() + 1, type: "seal", path, rootAfter, at, by: this.actor });
+    await this.appendAuthored({ seq: await this.log.seq() + 1, type: "seal", path, rootAfter, at, by: this.actor, ...await this.provenance(this.actor) }, this.actor);
+    return rootAfter;
+  }
+  async sealSubtree(dirPath, seal, at = Date.now()) {
+    const subRoot = await subtreeRootAt(this.store, await this.currentRoot(), dirPath);
+    if (subRoot === undefined)
+      return;
+    const plaintext = await serializeSubtreeAsync(this.store, subRoot);
+    return this.writeSealed(dirPath, seal(plaintext), at);
+  }
+  async hideName(path, seal, opts = {}, at = Date.now()) {
+    const root = await this.currentRoot();
+    const segs = path.split("/").filter(Boolean);
+    const name = segs[segs.length - 1];
+    let entry = await entryAt(this.store, root, path);
+    if (!entry) {
+      if (opts.contentSeal && opts.absentContent !== undefined) {
+        const sealedHash = await this.store.put({ kind: "sealed", box: opts.contentSeal(opts.absentContent) });
+        entry = { kind: "sealed", hash: sealedHash };
+      } else {
+        return;
+      }
+    }
+    if (slotIdFromKey(name) !== undefined)
+      return slotIdFromKey(name);
+    if (opts.contentSeal && entry.kind === "blob") {
+      const blob = await this.store.get(entry.hash);
+      if (blob && blob.kind === "blob") {
+        const sealedHash = await this.store.put({ kind: "sealed", box: opts.contentSeal(blob.content) });
+        entry = entry.mode === undefined ? { kind: "sealed", hash: sealedHash } : { kind: "sealed", hash: sealedHash, mode: entry.mode };
+      }
+    }
+    const slotId = opts.slotId ?? mintSlotId();
+    const plaintext = await serializeNameAsync(this.store, name, entry);
+    const rootAfter = await hideName(this.store, root, path, seal(plaintext), slotId);
+    const slotPath = segs.length > 1 ? `${segs.slice(0, -1).join("/")}/${slotKey(slotId)}` : slotKey(slotId);
+    await this.appendAuthored({ seq: await this.log.seq() + 1, type: "seal", path: slotPath, rootAfter, at, by: this.actor, ...await this.provenance(this.actor) }, this.actor);
+    return slotId;
+  }
+  async reHideName(realDir, name, slotId, newContent, seal, contentSeal, at = Date.now()) {
+    const root = await this.currentRoot();
+    const sealedHash = await this.store.put({ kind: "sealed", box: contentSeal(newContent) });
+    const childEntry = { kind: "sealed", hash: sealedHash };
+    const plaintext = await serializeNameAsync(this.store, name, childEntry);
+    const dirSegs = realDir.split("/").filter(Boolean);
+    const rootAfter = await reHideName(this.store, root, dirSegs, slotKey(slotId), seal(plaintext));
+    const slotPath = dirSegs.length ? `${dirSegs.join("/")}/${slotKey(slotId)}` : slotKey(slotId);
+    await this.appendAuthored({ seq: await this.log.seq() + 1, type: "seal", path: slotPath, rootAfter, at, by: this.actor, ...await this.provenance(this.actor) }, this.actor);
+    return rootAfter;
+  }
+  async hideExistence(path, seal, opts = {}, at = Date.now()) {
+    const root = await this.currentRoot();
+    const segs = path.split("/").filter(Boolean);
+    const name = segs[segs.length - 1];
+    const dirPath = segs.slice(0, -1).join("/");
+    let entry = await entryAt(this.store, root, path);
+    if (name === HIDDEN_KEY)
+      return root;
+    if (!entry) {
+      if (opts.contentSeal && opts.absentContent !== undefined) {
+        const sealedHash = await this.store.put({ kind: "sealed", box: opts.contentSeal(opts.absentContent) });
+        entry = { kind: "sealed", hash: sealedHash };
+      } else {
+        return;
+      }
+    }
+    if (opts.contentSeal && entry.kind === "blob") {
+      const blob = await this.store.get(entry.hash);
+      if (blob && blob.kind === "blob") {
+        const sealedHash = await this.store.put({ kind: "sealed", box: opts.contentSeal(blob.content) });
+        entry = entry.mode === undefined ? { kind: "sealed", hash: sealedHash } : { kind: "sealed", hash: sealedHash, mode: entry.mode };
+      }
+    }
+    const slots = {};
+    const dirEntries = await dirEntriesAt(this.store, root, dirPath);
+    const prior = dirEntries?.[HIDDEN_KEY];
+    if (prior && prior.kind === "sealed" && opts.openPrior) {
+      const priorNode = await this.store.get(prior.hash);
+      if (priorNode && priorNode.kind === "sealed") {
+        const opened = opts.openPrior(priorNode.box);
+        const payload = opened === undefined ? undefined : parseStruct(opened);
+        if (payload?.__solStruct === "entries")
+          Object.assign(slots, payload.slots);
+      }
+    }
+    slots[name] = await hiddenEntryAsync(this.store, entry);
+    const plaintext = serializeHiddenEntries(slots);
+    const rootAfter = await hideExistence(this.store, root, path, seal(plaintext));
+    const hiddenPath = dirPath ? `${dirPath}/${HIDDEN_KEY}` : HIDDEN_KEY;
+    await this.appendAuthored({ seq: await this.log.seq() + 1, type: "seal", path: hiddenPath, rootAfter, at, by: this.actor, ...await this.provenance(this.actor) }, this.actor);
     return rootAfter;
   }
   async read(path) {
@@ -1095,7 +1776,7 @@ class AsyncRepo {
   }
   async deleteFile(path, at = Date.now(), by = this.actor) {
     const rootAfter = await deleteFile2(this.store, await this.currentRoot(), path);
-    await this.log.append({ seq: await this.log.seq() + 1, type: "delete", path, rootAfter, at, by });
+    await this.appendAuthored({ seq: await this.log.seq() + 1, type: "delete", path, rootAfter, at, by, ...await this.provenance(by) }, by);
     return rootAfter;
   }
   async readFile(path) {
@@ -1232,14 +1913,33 @@ class SealedClient {
     const box = sealContent(this.ring, content, recipients);
     return this.repo.writeSealed(path, JSON.stringify(box));
   }
-  async open(path, actor) {
+  async sealToAccounts(path, content, recipientPubKeys, opts = {}) {
+    const box = sealToAccounts(content, recipientPubKeys, { ring: this.ring, localRecipients: opts.localRecipients, recoveryPubKeys: opts.recoveryPubKeys, epoch: opts.epoch });
+    return this.repo.writeSealed(path, JSON.stringify(box));
+  }
+  async sealSubtree(dirPath, recipientPubKeys, opts = {}) {
+    return this.repo.sealSubtree(dirPath, (plaintext) => JSON.stringify(sealToAccounts(plaintext, recipientPubKeys, { ring: this.ring, localRecipients: opts.localRecipients, recoveryPubKeys: opts.recoveryPubKeys, epoch: opts.epoch })));
+  }
+  async hideName(path, recipientPubKeys, opts = {}) {
+    const sealOne = (plaintext) => JSON.stringify(sealToAccounts(plaintext, recipientPubKeys, { ring: this.ring, localRecipients: opts.localRecipients, recoveryPubKeys: opts.recoveryPubKeys, epoch: opts.epoch }));
+    return this.repo.hideName(path, sealOne, { slotId: opts.slotId, ...opts.contentSeal ? { contentSeal: sealOne } : {}, ...opts.absentContent !== undefined ? { absentContent: opts.absentContent } : {} });
+  }
+  async hideExistence(path, recipientPubKeys, opts = {}) {
+    const sealOne = (plaintext) => JSON.stringify(sealToAccounts(plaintext, recipientPubKeys, { ring: this.ring, localRecipients: opts.localRecipients, recoveryPubKeys: opts.recoveryPubKeys, epoch: opts.epoch }));
+    return this.repo.hideExistence(path, sealOne, { openPrior: opts.openPrior, ...opts.contentSeal ? { contentSeal: sealOne } : {}, ...opts.absentContent !== undefined ? { absentContent: opts.absentContent } : {} });
+  }
+  async reHideName(realDir, name, slotId, newContent, recipientPubKeys, opts = {}) {
+    const sealOne = (plaintext) => JSON.stringify(sealToAccounts(plaintext, recipientPubKeys, { ring: this.ring, localRecipients: opts.localRecipients, recoveryPubKeys: opts.recoveryPubKeys, epoch: opts.epoch }));
+    return this.repo.reHideName(realDir, name, slotId, newContent, sealOne, sealOne);
+  }
+  async open(path, actor, self) {
     const leaf = await this.repo.read(path);
     if (!leaf)
       return;
     if (leaf.kind === "blob")
       return leaf.content;
     const box = JSON.parse(leaf.box);
-    return openContent(this.ring, box, actor);
+    return openContent(this.ring, box, actor, self);
   }
 }
 // src/sync.ts
@@ -1542,15 +2242,32 @@ function diffTrees(store, aHead, bHead) {
   const added = [];
   const removed = [];
   const modified = [];
+  const sealedPaths = new Set;
+  const sealedAt = (head, p) => entryKindAt(store, head, p) === "sealed";
   for (const p of bPaths)
-    if (!aPaths.has(p))
+    if (!aPaths.has(p)) {
       added.push(p);
+      if (sealedAt(bHead, p))
+        sealedPaths.add(p);
+    }
   for (const p of aPaths)
-    if (!bPaths.has(p))
+    if (!bPaths.has(p)) {
       removed.push(p);
+      if (sealedAt(aHead, p))
+        sealedPaths.add(p);
+    }
   for (const p of aPaths) {
     if (!bPaths.has(p))
       continue;
+    if (sealedAt(aHead, p) || sealedAt(bHead, p)) {
+      const ah = blobHashAtAny(store, aHead, p);
+      const bh = blobHashAtAny(store, bHead, p);
+      if (ah !== bh) {
+        modified.push({ path: p, hunks: "", sealed: true });
+        sealedPaths.add(p);
+      }
+      continue;
+    }
     const a = fileAt(store, aHead, p);
     const b = fileAt(store, bHead, p);
     if (!a || !b)
@@ -1564,7 +2281,28 @@ function diffTrees(store, aHead, bHead) {
   added.sort();
   removed.sort();
   modified.sort((x, y) => x.path < y.path ? -1 : x.path > y.path ? 1 : 0);
-  return { added, removed, modified };
+  const out = { added, removed, modified };
+  if (sealedPaths.size)
+    out.sealedPaths = [...sealedPaths].sort();
+  return out;
+}
+function blobHashAtAny(store, root, path) {
+  const b = blobHashAt(store, root, path);
+  if (b !== undefined)
+    return b;
+  const segs = path.split("/").filter(Boolean);
+  let cur = root;
+  for (let i = 0;i < segs.length; i++) {
+    const entry = store.getTree(cur).entries[segs[i]];
+    if (!entry)
+      return;
+    if (i === segs.length - 1)
+      return entry.kind === "sealed" ? entry.hash : undefined;
+    if (entry.kind !== "tree")
+      return;
+    cur = entry.hash;
+  }
+  return;
 }
 function diffFile(store, aHead, bHead, path) {
   const a = readFile(store, aHead, path);
@@ -2133,14 +2871,24 @@ function toAttestation(runner, r) {
 export {
   writeFile,
   wrapCekTo,
+  verifyPubkeySig,
   verifyOp,
+  verifyAuthor,
   verifyAttestation,
+  verifyAtt,
   unwrapCekWith,
+  trustAuthor,
   toAttestation,
+  signerFrom,
+  signTag,
+  signPubkey,
   signOp,
+  signAuthor,
   signAttestation,
   semanticMerge,
+  sealedBoxAt,
   sealWithRecovery,
+  sealToAccounts,
   sealContent,
   sameActor,
   safePath,
@@ -2153,14 +2901,22 @@ export {
   pullSubtree,
   pull,
   publishPaths,
+  publicOf,
+  pubFingerprint,
+  provenanceFromEnv,
+  provTrailers,
+  provOf,
+  provJson,
   pageOps,
   openWithRecovery,
   openContent,
   openChange,
+  normalizeFingerprint,
   modeAt,
   merge3,
   merge,
   localTarget,
+  loadPrivateKey,
   listAll,
   lineHunks,
   isRecipient,
@@ -2169,8 +2925,11 @@ export {
   hashNode,
   groupIntoUnits,
   getTree,
+  generateRecoveryCode,
+  generateKeypair,
   garbage,
   formatLog,
+  fingerprintOf,
   filterLog,
   fileAt,
   exportFiles,
@@ -2179,16 +2938,24 @@ export {
   duplicateExportCheck,
   diffTrees,
   diffFile,
+  deriveIdentity,
   deleteFile,
   converge,
   compact,
   clone,
   ciphertextOf,
+  captureProv,
   canonicalOp,
+  canonicalAuthor,
   canonicalAttestation,
+  canonicalAtt,
+  buildProvNode,
   blobHashAt,
   blame,
+  authorLabel,
   attestSigned,
+  attestOp,
+  attTag,
   View,
   UNREADABLE,
   Store,