qa360 1.0.3 → 1.1.0

package/dist/core/pack/validator.js

@@ -0,0 +1,292 @@
+/**
+ * QA360 Pack v1 Validator
+ * Validates pack.yml files against the official schema
+ */
+import Ajv from 'ajv';
+import addFormats from 'ajv-formats';
+import { readFileSync } from 'fs';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+export class PackValidator {
+    ajv;
+    schema;
+    constructor() {
+        this.ajv = new Ajv({
+            allErrors: true,
+            verbose: true,
+            strict: false
+        });
+        addFormats(this.ajv);
+        // Load schema (ES modules compatible)
+        const __filename = fileURLToPath(import.meta.url);
+        const __dirname = dirname(__filename);
+        const schemaPath = join(__dirname, '../../schemas/pack.schema.json');
+        this.schema = JSON.parse(readFileSync(schemaPath, 'utf8'));
+        this.ajv.addSchema(this.schema, 'pack-v1');
+    }
+    /**
+     * Validate a pack configuration
+     */
+    validate(pack) {
+        const errors = [];
+        const warnings = [];
+        // Schema validation
+        const valid = this.ajv.validate('pack-v1', pack);
+        if (!valid && this.ajv.errors) {
+            for (const error of this.ajv.errors) {
+                errors.push({
+                    code: this.getErrorCode(error),
+                    path: error.instancePath || error.schemaPath || 'root',
+                    message: this.formatErrorMessage(error),
+                    suggestion: this.getSuggestion(error)
+                });
+            }
+        }
+        // Custom business logic validation
+        if (valid) {
+            const businessRules = this.validateBusinessRules(pack);
+            errors.push(...businessRules.errors);
+            warnings.push(...businessRules.warnings);
+        }
+        return {
+            valid: errors.length === 0,
+            errors,
+            warnings
+        };
+    }
+    /**
+     * Validate business rules beyond schema
+     */
+    validateBusinessRules(pack) {
+        const errors = [];
+        const warnings = [];
+        // Check gate-target consistency (only for non-minimal packs)
+        if (pack.gates.includes('api_smoke') && !pack.targets?.api) {
+            // For minimal smoke packs, this is a warning, not an error
+            if (pack.gates.length === 1 && pack.gates[0] === 'api_smoke') {
+                warnings.push({
+                    code: 'QP001',
+                    path: 'targets.api',
+                    message: 'API smoke gate without api target - using default configuration',
+                    suggestion: 'Add targets.api with baseUrl for better control'
+                });
+            }
+            else {
+                errors.push({
+                    code: 'QP001',
+                    path: 'targets.api',
+                    message: 'API smoke gate requires api target configuration',
+                    suggestion: 'Add targets.api with baseUrl'
+                });
+            }
+        }
+        if (pack.gates.includes('ui') && !pack.targets?.web) {
+            errors.push({
+                code: 'QP002',
+                path: 'targets.web',
+                message: 'UI gate requires web target configuration',
+                suggestion: 'Add targets.web with baseUrl'
+            });
+        }
+        // Check budget recommendations
+        if (pack.gates.includes('perf') && !pack.budgets?.perf_p95_ms) {
+            warnings.push({
+                code: 'QP003',
+                path: 'budgets.perf_p95_ms',
+                message: 'Performance gate without budget may not fail appropriately',
+                suggestion: 'Add budgets.perf_p95_ms (recommended: 800-2000ms)'
+            });
+        }
+        if (pack.gates.includes('a11y') && !pack.budgets?.a11y_min) {
+            warnings.push({
+                code: 'QP004',
+                path: 'budgets.a11y_min',
+                message: 'Accessibility gate without budget may not fail appropriately',
+                suggestion: 'Add budgets.a11y_min (recommended: 90-95%)'
+            });
+        }
+        // Check security configuration
+        if ((pack.gates.includes('sast') || pack.gates.includes('dast')) && !pack.security) {
+            warnings.push({
+                code: 'QP005',
+                path: 'security',
+                message: 'Security gates without security configuration',
+                suggestion: 'Add security section with sast_max_high and secrets_leak settings'
+            });
+        }
+        // Check for potential secrets in plain text (ignore secret references)
+        if (pack.environment) {
+            const SECRET_REF = /\$\{\{\s*secrets\.[A-Z0-9_]+\s*\}\}/g;
+            for (const [key, value] of Object.entries(pack.environment)) {
+                if (typeof value === 'string' && !SECRET_REF.test(value) && this.looksLikeSecret(value)) {
+                    errors.push({
+                        code: 'QP006',
+                        path: `environment.${key}`,
+                        message: 'Potential secret detected in plain text',
+                        suggestion: `Use secret reference: \${{ secrets.${key.toUpperCase()} }}`
+                    });
+                }
+            }
+        }
+        // Check for dangerous hook commands
+        if (pack.hooks) {
+            const dangerousCommands = ['rm -rf', 'sudo rm', 'del /f', 'format', 'mkfs', 'dd if='];
+            ['beforeAll', 'beforeEach', 'afterEach', 'afterAll'].forEach(hookType => {
+                const hooks = pack.hooks[hookType];
+                if (hooks) {
+                    hooks.forEach((hook, index) => {
+                        const command = typeof hook === 'string' ? hook :
+                            ('run' in hook ? hook.run :
+                                'compose' in hook ? `compose ${hook.compose}` :
+                                    'wait_on' in hook ? `wait_on ${hook.wait_on}` : '');
+                        if (command && dangerousCommands.some(dangerous => command.toLowerCase().includes(dangerous))) {
+                            warnings.push({
+                                code: 'QP007',
+                                path: `hooks.${hookType}[${index}]`,
+                                message: 'Potentially dangerous command detected',
+                                suggestion: 'Review command for safety'
+                            });
+                        }
+                    });
+                }
+            });
+        }
+        return { errors, warnings };
+    }
+    /**
+     * Check if a value looks like a secret
+     */
+    looksLikeSecret(value) {
+        const secretPatterns = [
+            /^[A-Za-z0-9+/]{20,}={0,2}$/, // Base64-like
+            /^[a-f0-9]{32,}$/i, // Hex tokens
+            /^sk-[a-zA-Z0-9]{32,}$/, // API keys
+            /^ghp_[a-zA-Z0-9]{36}$/, // GitHub tokens
+            /^xoxb-[a-zA-Z0-9-]+$/, // Slack tokens
+        ];
+        return secretPatterns.some(pattern => pattern.test(value));
+    }
+    /**
+     * Check if a value is a secret reference
+     */
+    isSecretReference(value) {
+        return /^\$\{\{\s*secrets\.[A-Z_][A-Z0-9_]*\s*\}\}$/.test(value);
+    }
+    /**
+     * Validate hook commands for security issues
+     */
+    validateHookSecurity(hooks, basePath, warnings) {
+        for (let i = 0; i < hooks.length; i++) {
+            const hook = hooks[i];
+            if (typeof hook.run === 'string') {
+                // Check for dangerous commands
+                const dangerousPatterns = [
+                    /rm\s+-rf\s+\//, // rm -rf /
+                    /sudo\s+/, // sudo commands
+                    /curl.*\|\s*sh/, // curl | sh
+                    /wget.*\|\s*sh/, // wget | sh
+                ];
+                for (const pattern of dangerousPatterns) {
+                    if (pattern.test(hook.run)) {
+                        warnings.push({
+                            code: 'QP007',
+                            path: `${basePath}[${i}].run`,
+                            message: 'Potentially dangerous command detected',
+                            suggestion: 'Review command for security implications'
+                        });
+                        break;
+                    }
+                }
+            }
+        }
+    }
+    /**
+     * Get error code from AJV error
+     */
+    getErrorCode(error) {
+        const codeMap = {
+            'required': 'QP100',
+            'type': 'QP101',
+            'format': 'QP102',
+            'pattern': 'QP103',
+            'enum': 'QP104',
+            'const': 'QP105',
+            'minimum': 'QP106',
+            'maximum': 'QP107',
+            'minLength': 'QP108',
+            'maxLength': 'QP109',
+            'minItems': 'QP110',
+            'uniqueItems': 'QP111',
+            'additionalProperties': 'QP112'
+        };
+        return codeMap[error.keyword] || 'QP999';
+    }
+    /**
+     * Format error message for better UX
+     */
+    formatErrorMessage(error) {
+        const path = error.instancePath || 'root';
+        switch (error.keyword) {
+            case 'required':
+                return `Missing required field: ${error.params.missingProperty}`;
+            case 'type':
+                return `Expected ${error.params.type}, got ${typeof error.data}`;
+            case 'format':
+                return `Invalid ${error.params.format} format`;
+            case 'pattern':
+                return `Value does not match required pattern`;
+            case 'enum':
+                return `Value must be one of: ${error.params.allowedValues.join(', ')}`;
+            case 'const':
+                return `Value must be exactly: ${error.params.allowedValue}`;
+            case 'minimum':
+                return `Value must be >= ${error.params.limit}`;
+            case 'maximum':
+                return `Value must be <= ${error.params.limit}`;
+            case 'minLength':
+                return `Value must be at least ${error.params.limit} characters`;
+            case 'maxLength':
+                return `Value must be at most ${error.params.limit} characters`;
+            case 'minItems':
+                return `Array must have at least ${error.params.limit} items`;
+            case 'uniqueItems':
+                return `Array items must be unique`;
+            case 'additionalProperties':
+                return `Unknown property: ${error.params.additionalProperty}`;
+            default:
+                return error.message || 'Validation error';
+        }
+    }
+    /**
+     * Get suggestion for fixing error
+     */
+    getSuggestion(error) {
+        switch (error.keyword) {
+            case 'required':
+                const field = error.params.missingProperty;
+                const suggestions = {
+                    'version': 'Add: version: 1',
+                    'name': 'Add: name: "my-pack"',
+                    'gates': 'Add: gates: ["api_smoke"]',
+                    'baseUrl': 'Add: baseUrl: "https://api.example.com"'
+                };
+                return suggestions[field];
+            case 'enum':
+                return `Use one of: ${error.params.allowedValues.join(', ')}`;
+            case 'format':
+                if (error.params.format === 'uri') {
+                    return 'Use full URL with protocol: https://example.com';
+                }
+                break;
+            case 'pattern':
+                if (error.instancePath.includes('name')) {
+                    return 'Use only letters, numbers, underscore, and hyphen';
+                }
+                if (error.instancePath.includes('smoke')) {
+                    return 'Format: "GET /path -> 200"';
+                }
+                break;
+        }
+        return undefined;
+    }
+}

package/dist/core/proof/bundle.d.ts

@@ -0,0 +1,138 @@
+/**
+ * Proof Bundle Creation
+ *
+ * Creates cryptographically signed proof bundles from test run data.
+ *
+ * @see docs/rfc/proof-bundle-v1.md#3-data-model
+ */
+import { type KeyPair } from './signer.js';
+/**
+ * Proof Bundle structure (matches RFC spec)
+ */
+export interface ProofBundle {
+    spec: 'qa360.proof.v1';
+    run: RunMetadata;
+    artifacts: Artifact[];
+    results: TestResults;
+    signing: SigningMetadata;
+    signature: string;
+}
+/**
+ * Run metadata
+ */
+export interface RunMetadata {
+    id: string;
+    startedAt: string;
+    finishedAt: string;
+    environment: Environment;
+    packHash: string;
+    ciContext: CIContext;
+}
+/**
+ * Environment information
+ */
+export interface Environment {
+    os: 'windows' | 'linux' | 'darwin';
+    node: string;
+    arch: 'x64' | 'arm64';
+    ci: boolean;
+}
+/**
+ * CI context
+ */
+export interface CIContext {
+    provider: string | null;
+}
+/**
+ * Artifact metadata
+ */
+export interface Artifact {
+    name: string;
+    sha256: string;
+    size: number;
+    path?: string;
+}
+/**
+ * Test results
+ */
+export interface TestResults {
+    trustScore: number;
+    gates: Gate[];
+}
+/**
+ * Gate result
+ */
+export interface Gate {
+    name: string;
+    status: 'pass' | 'fail' | 'skip';
+    metrics?: Record<string, any>;
+}
+/**
+ * Signing metadata
+ */
+export interface SigningMetadata {
+    algo: 'ed25519';
+    signerId: string;
+    timestamp: TimestampInfo;
+    identity: IdentityInfo;
+}
+/**
+ * Timestamp information (Phase 1: none, Phase 2: rfc3161)
+ */
+export interface TimestampInfo {
+    type: 'none' | 'rfc3161';
+    token: string | null;
+}
+/**
+ * Identity information (Phase 1: none, Phase 2: did/sigstore)
+ */
+export interface IdentityInfo {
+    type: 'none' | 'did' | 'sigstore';
+    evidence: string | object | null;
+}
+/**
+ * Parameters for creating a proof bundle
+ */
+export interface ProofBundleParams {
+    runId?: string;
+    startedAt: Date;
+    finishedAt: Date;
+    packHash: string;
+    artifacts: Artifact[];
+    trustScore: number;
+    gates: Gate[];
+    signerId?: string;
+    keyPair?: KeyPair;
+}
+/**
+ * Compute SHA-256 hash of string
+ */
+export declare function computeSHA256(data: string): string;
+/**
+ * Create and sign a proof bundle
+ *
+ * @param params - Bundle parameters
+ * @returns Signed proof bundle
+ *
+ * @example
+ * ```ts
+ * const bundle = await createProofBundle({
+ *   startedAt: new Date('2025-01-01T00:00:00Z'),
+ *   finishedAt: new Date('2025-01-01T00:01:00Z'),
+ *   packHash: 'sha256-abc123...',
+ *   artifacts: [],
+ *   trustScore: 87,
+ *   gates: [{ name: 'api_smoke', status: 'pass' }],
+ * });
+ * ```
+ */
+export declare function createProofBundle(params: ProofBundleParams): Promise<ProofBundle>;
+/**
+ * Create proof bundle from pack file content
+ *
+ * @param packContent - Pack YAML/JSON content
+ * @param params - Other bundle parameters
+ * @returns Signed proof bundle
+ */
+export declare function createProofBundleFromPack(packContent: string, params: Omit<ProofBundleParams, 'packHash'>): Promise<ProofBundle>;
+//# sourceMappingURL=bundle.d.ts.map

package/dist/core/proof/bundle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bundle.d.ts","sourceRoot":"","sources":["../../../src/core/proof/bundle.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,EAAwB,KAAK,OAAO,EAAE,MAAM,aAAa,CAAC;AAGjE;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,gBAAgB,CAAC;IACvB,GAAG,EAAE,WAAW,CAAC;IACjB,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,OAAO,EAAE,WAAW,CAAC;IACrB,OAAO,EAAE,eAAe,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,WAAW,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,SAAS,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,SAAS,GAAG,OAAO,GAAG,QAAQ,CAAC;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,KAAK,GAAG,OAAO,CAAC;IACtB,EAAE,EAAE,OAAO,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,IAAI,EAAE,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,IAAI;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,SAAS,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,aAAa,CAAC;IACzB,QAAQ,EAAE,YAAY,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;IACzB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,GAAG,KAAK,GAAG,UAAU,CAAC;IAClC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAEhC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,IAAI,CAAC;IAChB,UAAU,EAAE,IAAI,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IAGjB,SAAS,EAAE,QAAQ,EAAE,CAAC;IAGtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,IAAI,EAAE,CAAC;IAGd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAoDD;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAGlD;AA2CD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,WAAW,CAAC,CA0BvF;AAED;;;;;;GAMG;AACH,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,GAC1C,OAAO,CAAC,WAAW,CAAC,CAGtB"}

package/dist/core/proof/bundle.js

@@ -0,0 +1,160 @@
+/**
+ * Proof Bundle Creation
+ *
+ * Creates cryptographically signed proof bundles from test run data.
+ *
+ * @see docs/rfc/proof-bundle-v1.md#3-data-model
+ */
+import { randomUUID } from 'crypto';
+import { platform, arch } from 'os';
+import { createHash } from 'crypto';
+import { canonicalizeForSigning } from './canonicalize.js';
+import { sign, initializeKeys } from './signer.js';
+import { validateProofBundle } from './schema.js';
+/**
+ * Get current OS in RFC format
+ */
+function getCurrentOS() {
+    const p = platform();
+    if (p === 'win32')
+        return 'windows';
+    if (p === 'darwin')
+        return 'darwin';
+    return 'linux';
+}
+/**
+ * Get current architecture in RFC format
+ */
+function getCurrentArch() {
+    const a = arch();
+    if (a === 'arm64')
+        return 'arm64';
+    return 'x64';
+}
+/**
+ * Get Node.js version (semver format)
+ */
+function getNodeVersion() {
+    return process.version.replace(/^v/, '');
+}
+/**
+ * Detect if running in CI
+ */
+function isCI() {
+    return !!(process.env.CI ||
+        process.env.GITHUB_ACTIONS ||
+        process.env.GITLAB_CI ||
+        process.env.CIRCLECI ||
+        process.env.JENKINS_URL);
+}
+/**
+ * Detect CI provider
+ */
+function getCIProvider() {
+    if (process.env.GITHUB_ACTIONS)
+        return 'github-actions';
+    if (process.env.GITLAB_CI)
+        return 'gitlab-ci';
+    if (process.env.CIRCLECI)
+        return 'circleci';
+    if (process.env.JENKINS_URL)
+        return 'jenkins';
+    return null;
+}
+/**
+ * Compute SHA-256 hash of string
+ */
+export function computeSHA256(data) {
+    const hash = createHash('sha256').update(data, 'utf-8').digest('hex');
+    return `sha256-${hash}`;
+}
+/**
+ * Create unsigned proof bundle (without signature)
+ */
+function createUnsignedBundle(params) {
+    return {
+        spec: 'qa360.proof.v1',
+        run: {
+            id: params.runId || randomUUID(),
+            startedAt: params.startedAt.toISOString(),
+            finishedAt: params.finishedAt.toISOString(),
+            environment: {
+                os: getCurrentOS(),
+                node: getNodeVersion(),
+                arch: getCurrentArch(),
+                ci: isCI(),
+            },
+            packHash: params.packHash,
+            ciContext: {
+                provider: getCIProvider(),
+            },
+        },
+        artifacts: params.artifacts,
+        results: {
+            trustScore: params.trustScore,
+            gates: params.gates,
+        },
+        signing: {
+            algo: 'ed25519',
+            signerId: params.signerId || 'local@qa360',
+            timestamp: {
+                type: 'none',
+                token: null,
+            },
+            identity: {
+                type: 'none',
+                evidence: null,
+            },
+        },
+    };
+}
+/**
+ * Create and sign a proof bundle
+ *
+ * @param params - Bundle parameters
+ * @returns Signed proof bundle
+ *
+ * @example
+ * ```ts
+ * const bundle = await createProofBundle({
+ *   startedAt: new Date('2025-01-01T00:00:00Z'),
+ *   finishedAt: new Date('2025-01-01T00:01:00Z'),
+ *   packHash: 'sha256-abc123...',
+ *   artifacts: [],
+ *   trustScore: 87,
+ *   gates: [{ name: 'api_smoke', status: 'pass' }],
+ * });
+ * ```
+ */
+export async function createProofBundle(params) {
+    // Load or initialize keys
+    const keyPair = params.keyPair || await initializeKeys();
+    // Create unsigned bundle
+    const unsigned = createUnsignedBundle(params);
+    // Canonicalize for signing (removes signature field, adds newline)
+    const canonical = canonicalizeForSigning(unsigned);
+    // Sign the canonical form
+    const signature = sign(canonical, keyPair.secretKey);
+    // Create final bundle
+    const bundle = {
+        ...unsigned,
+        signature,
+    };
+    // Validate against schema
+    const validation = validateProofBundle(bundle);
+    if (!validation.valid) {
+        throw new Error(`Invalid proof bundle: ${validation.errors?.join(', ')}`);
+    }
+    return bundle;
+}
+/**
+ * Create proof bundle from pack file content
+ *
+ * @param packContent - Pack YAML/JSON content
+ * @param params - Other bundle parameters
+ * @returns Signed proof bundle
+ */
+export async function createProofBundleFromPack(packContent, params) {
+    const packHash = computeSHA256(packContent);
+    return createProofBundle({ ...params, packHash });
+}

package/dist/core/proof/canonicalize.d.ts

@@ -0,0 +1,48 @@
+/**
+ * JSON Canonicalization for deterministic hashing
+ *
+ * Implements RFC 8785-like canonicalization:
+ * - Alphabetically sorted keys (recursive)
+ * - UTF-8 NFC normalization
+ * - No whitespace (compact)
+ * - Deterministic across platforms
+ *
+ * @see docs/rfc/proof-bundle-v1.md#4-canonicalization
+ */
+/**
+ * Canonicalize a JavaScript object into deterministic JSON string
+ *
+ * @param obj - Object to canonicalize
+ * @returns Canonical JSON string (compact, sorted keys, UTF-8 NFC)
+ *
+ * @example
+ * ```ts
+ * const obj = { b: 2, a: 1 };
+ * const canonical = canonicalize(obj);
+ * // Returns: '{"a":1,"b":2}\n'
+ * ```
+ */
+export declare function canonicalize(obj: any): string;
+/**
+ * Canonicalize and append newline (standard format)
+ *
+ * @param obj - Object to canonicalize
+ * @returns Canonical JSON string with trailing newline
+ */
+export declare function canonicalizeWithNewline(obj: any): string;
+/**
+ * Remove signature field and canonicalize
+ * Used for signature verification
+ *
+ * @param bundle - Proof bundle (may contain signature field)
+ * @returns Canonical JSON without signature field
+ */
+export declare function canonicalizeForSigning(bundle: any): string;
+/**
+ * Verify canonicalization is deterministic
+ *
+ * @param obj - Object to test
+ * @returns true if canonicalization is stable
+ */
+export declare function isCanonicalStable(obj: any): boolean;
+//# sourceMappingURL=canonicalize.d.ts.map

package/dist/core/proof/canonicalize.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonicalize.d.ts","sourceRoot":"","sources":["../../../src/core/proof/canonicalize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;;;;;;;;;;;GAYG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,CA+C7C;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,CAExD;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,MAAM,CAQ1D;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAQnD"}