sigild 0.0.1

package/dist/src/daemon/rpc.js

@@ -0,0 +1,76 @@
+/**
+ * JSON-RPC 2.0 over newline-delimited JSON (NDJSON).
+ * Pure functions only — no IO. The server in server.ts wires this onto sockets.
+ *
+ * We use the strict JSON-RPC 2.0 envelope: every request has `jsonrpc: "2.0"`,
+ * a method, and either an id (for requests expecting a response) or no id (for
+ * notifications, which sigil currently rejects since every sign decision needs
+ * to round-trip through the audit log).
+ */
+export const RPC_VERSION = '2.0';
+// Standard JSON-RPC 2.0 error codes.
+export const RPC_PARSE_ERROR = -32700;
+export const RPC_INVALID_REQUEST = -32600;
+export const RPC_METHOD_NOT_FOUND = -32601;
+export const RPC_INVALID_PARAMS = -32602;
+export const RPC_INTERNAL_ERROR = -32603;
+// Reserved range for sigil-specific errors: -32000 .. -32099.
+export const RPC_PORTAL_NOT_FOUND = -32000;
+export const RPC_POLICY_DENIED = -32001;
+export const RPC_INVALID_PAYLOAD = -32002;
+/**
+ * Parse a single NDJSON line into a JSON-RPC request.
+ * Returns either a valid request, a parse_error (if the line is not JSON), or
+ * an invalid envelope along with the id that should be echoed in the error
+ * response (which is null if the id couldn't be extracted).
+ */
+export function parseRequest(line) {
+    let parsed;
+    try {
+        parsed = JSON.parse(line);
+    }
+    catch {
+        return { kind: 'parse_error' };
+    }
+    if (typeof parsed !== 'object' || parsed === null || Array.isArray(parsed)) {
+        return { kind: 'invalid', id: null, reason: 'request must be a JSON object' };
+    }
+    const obj = parsed;
+    // Try to extract an id even if the rest is malformed, so the error
+    // response can be correlated.
+    const rawId = obj['id'];
+    const id = typeof rawId === 'string' || typeof rawId === 'number' || rawId === null ? rawId : null;
+    if (obj['jsonrpc'] !== RPC_VERSION) {
+        return { kind: 'invalid', id, reason: 'jsonrpc must be "2.0"' };
+    }
+    if (typeof obj['method'] !== 'string' || obj['method'].length === 0) {
+        return { kind: 'invalid', id, reason: 'method must be a non-empty string' };
+    }
+    // Notifications (no id) are not supported — every call must be acknowledged
+    // because every sign call needs an audit-log roundtrip.
+    if (!('id' in obj)) {
+        return { kind: 'invalid', id: null, reason: 'notifications are not supported' };
+    }
+    if (typeof rawId !== 'string' && typeof rawId !== 'number' && rawId !== null) {
+        return { kind: 'invalid', id: null, reason: 'id must be string, number, or null' };
+    }
+    return {
+        kind: 'request',
+        request: {
+            jsonrpc: '2.0',
+            id,
+            method: obj['method'],
+            params: obj['params'],
+        },
+    };
+}
+export function encodeResponse(id, result) {
+    const r = { jsonrpc: RPC_VERSION, id, result };
+    return JSON.stringify(r);
+}
+export function encodeError(id, code, message, data) {
+    const error = data === undefined ? { code, message } : { code, message, data };
+    const r = { jsonrpc: RPC_VERSION, id, error };
+    return JSON.stringify(r);
+}
+//# sourceMappingURL=rpc.js.map

package/dist/src/daemon/rpc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rpc.js","sourceRoot":"","sources":["../../../src/daemon/rpc.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,CAAC;AA+BjC,qCAAqC;AACrC,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,KAAK,CAAC;AACtC,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,KAAK,CAAC;AAC1C,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,KAAK,CAAC;AAC3C,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,KAAK,CAAC;AACzC,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,KAAK,CAAC;AAEzC,8DAA8D;AAC9D,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,KAAK,CAAC;AAC3C,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,KAAK,CAAC;AACxC,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,KAAK,CAAC;AAO1C;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;IACjC,CAAC;IACD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3E,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;IAChF,CAAC;IACD,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,mEAAmE;IACnE,8BAA8B;IAC9B,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;IACxB,MAAM,EAAE,GACN,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;IAC1F,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,WAAW,EAAE,CAAC;QACnC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;IAClE,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,QAAQ,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC;IAC9E,CAAC;IACD,4EAA4E;IAC5E,wDAAwD;IACxD,IAAI,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACnB,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,iCAAiC,EAAE,CAAC;IAClF,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC7E,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;IACrF,CAAC;IACD,OAAO;QACL,IAAI,EAAE,SAAS;QACf,OAAO,EAAE;YACP,OAAO,EAAE,KAAK;YACd,EAAE;YACF,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC;YACrB,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC;SACtB;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,EAAS,EAAE,MAAe;IACvD,MAAM,CAAC,GAAe,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;IAC3D,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,EAAS,EAAE,IAAY,EAAE,OAAe,EAAE,IAAc;IAClF,MAAM,KAAK,GAAmB,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC/F,MAAM,CAAC,GAAa,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IACxD,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC"}

package/dist/src/daemon/runtime.d.ts

@@ -0,0 +1,40 @@
+import { type DaemonServerHandle, type LogEvent } from './server.js';
+export interface DaemonRuntimeOpts {
+    /** Sigil home directory. Defaults to $SIGIL_HOME or ~/.sigil. */
+    sigilHome: string;
+    /** Returns the unlock passphrase. Called once at startup; the runtime zeroes it after use. */
+    passphrase: () => Promise<Buffer> | Buffer;
+    /** Optional log sink for daemon and server events. */
+    onLog?: (event: LogEvent | RuntimeEvent) => void;
+}
+export type RuntimeEvent = {
+    kind: 'runtime_starting';
+    sigilHome: string;
+} | {
+    kind: 'runtime_ready';
+    portals: number;
+    socketPath: string;
+} | {
+    kind: 'runtime_shutdown_begin';
+} | {
+    kind: 'runtime_shutdown_complete';
+};
+export interface DaemonRuntimeHandle {
+    readonly socketPath: string;
+    readonly auditPath: string;
+    readonly portals: number;
+    readonly server: DaemonServerHandle;
+    shutdown: () => Promise<void>;
+}
+/**
+ * Bring up the daemon: ensure directories exist, prompt for the passphrase,
+ * load every keyfile from <sigilHome>/keys, open the audit log, and start
+ * the Unix-socket server. The returned handle exposes a single `shutdown`
+ * function that closes the server, closes the audit writer, and zeroes
+ * every key in memory.
+ *
+ * The runtime is testable end-to-end by passing a `passphrase` callback that
+ * returns a known buffer and pointing `sigilHome` at a tmpdir.
+ */
+export declare function runDaemon(opts: DaemonRuntimeOpts): Promise<DaemonRuntimeHandle>;
+//# sourceMappingURL=runtime.d.ts.map

package/dist/src/daemon/runtime.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../../../src/daemon/runtime.ts"],"names":[],"mappings":"AAIA,OAAO,EAAqB,KAAK,kBAAkB,EAAE,KAAK,QAAQ,EAAE,MAAM,aAAa,CAAC;AAExF,MAAM,WAAW,iBAAiB;IAChC,iEAAiE;IACjE,SAAS,EAAE,MAAM,CAAC;IAClB,8FAA8F;IAC9F,UAAU,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;IAC3C,sDAAsD;IACtD,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,GAAG,YAAY,KAAK,IAAI,CAAC;CAClD;AAED,MAAM,MAAM,YAAY,GACpB;IAAE,IAAI,EAAE,kBAAkB,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAC/C;IAAE,IAAI,EAAE,eAAe,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,GAC9D;IAAE,IAAI,EAAE,wBAAwB,CAAA;CAAE,GAClC;IAAE,IAAI,EAAE,2BAA2B,CAAA;CAAE,CAAC;AAE1C,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,kBAAkB,CAAC;IACpC,QAAQ,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/B;AAED;;;;;;;;;GASG;AACH,wBAAsB,SAAS,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAiDrF"}

package/dist/src/daemon/runtime.js

@@ -0,0 +1,61 @@
+import { mkdirSync } from 'node:fs';
+import { join } from 'node:path';
+import { AuditWriter } from '../audit/index.js';
+import { HandleTable } from './handles.js';
+import { startDaemonServer } from './server.js';
+/**
+ * Bring up the daemon: ensure directories exist, prompt for the passphrase,
+ * load every keyfile from <sigilHome>/keys, open the audit log, and start
+ * the Unix-socket server. The returned handle exposes a single `shutdown`
+ * function that closes the server, closes the audit writer, and zeroes
+ * every key in memory.
+ *
+ * The runtime is testable end-to-end by passing a `passphrase` callback that
+ * returns a known buffer and pointing `sigilHome` at a tmpdir.
+ */
+export async function runDaemon(opts) {
+    const log = (e) => opts.onLog?.(e);
+    const sigilHome = opts.sigilHome;
+    const keysDir = join(sigilHome, 'keys');
+    const auditPath = join(sigilHome, 'audit.log');
+    const socketPath = join(sigilHome, 'sock');
+    log({ kind: 'runtime_starting', sigilHome });
+    mkdirSync(sigilHome, { recursive: true, mode: 0o700 });
+    mkdirSync(keysDir, { recursive: true, mode: 0o700 });
+    const passphrase = await opts.passphrase();
+    const handles = new HandleTable();
+    try {
+        handles.loadFromDir(keysDir, passphrase);
+    }
+    finally {
+        passphrase.fill(0);
+    }
+    const audit = new AuditWriter(auditPath);
+    const server = await startDaemonServer({
+        socketPath,
+        context: { handles, audit },
+        ...(opts.onLog ? { onLog: (e) => opts.onLog(e) } : {}),
+    });
+    log({ kind: 'runtime_ready', portals: handles.list().length, socketPath });
+    let shutdownPromise = null;
+    const shutdown = () => {
+        if (shutdownPromise)
+            return shutdownPromise;
+        log({ kind: 'runtime_shutdown_begin' });
+        shutdownPromise = (async () => {
+            await server.close();
+            audit.close();
+            handles.dispose();
+            log({ kind: 'runtime_shutdown_complete' });
+        })();
+        return shutdownPromise;
+    };
+    return {
+        socketPath,
+        auditPath,
+        portals: handles.list().length,
+        server,
+        shutdown,
+    };
+}
+//# sourceMappingURL=runtime.js.map

package/dist/src/daemon/runtime.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../../src/daemon/runtime.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,iBAAiB,EAA0C,MAAM,aAAa,CAAC;AAyBxF;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,IAAuB;IACrD,MAAM,GAAG,GAAG,CAAC,CAA0B,EAAQ,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;IAClE,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;IACjC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACxC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAE3C,GAAG,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,SAAS,EAAE,CAAC,CAAC;IAE7C,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACvD,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAErD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,IAAI,CAAC;QACH,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAC3C,CAAC;YAAS,CAAC;QACT,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACrB,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC;QACrC,UAAU;QACV,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;QAC3B,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAW,EAAE,EAAE,CAAC,IAAI,CAAC,KAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAClE,CAAC,CAAC;IAEH,GAAG,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;IAE3E,IAAI,eAAe,GAAyB,IAAI,CAAC;IACjD,MAAM,QAAQ,GAAG,GAAkB,EAAE;QACnC,IAAI,eAAe;YAAE,OAAO,eAAe,CAAC;QAC5C,GAAG,CAAC,EAAE,IAAI,EAAE,wBAAwB,EAAE,CAAC,CAAC;QACxC,eAAe,GAAG,CAAC,KAAK,IAAI,EAAE;YAC5B,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;YACrB,KAAK,CAAC,KAAK,EAAE,CAAC;YACd,OAAO,CAAC,OAAO,EAAE,CAAC;YAClB,GAAG,CAAC,EAAE,IAAI,EAAE,2BAA2B,EAAE,CAAC,CAAC;QAC7C,CAAC,CAAC,EAAE,CAAC;QACL,OAAO,eAAe,CAAC;IACzB,CAAC,CAAC;IAEF,OAAO;QACL,UAAU;QACV,SAAS;QACT,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM;QAC9B,MAAM;QACN,QAAQ;KACT,CAAC;AACJ,CAAC"}

package/dist/src/daemon/server.d.ts

@@ -0,0 +1,53 @@
+import { type Server, type Socket } from 'node:net';
+import { type MethodContext } from './methods.js';
+import { type RpcId } from './rpc.js';
+export interface DaemonServerOpts {
+    socketPath: string;
+    context: MethodContext;
+    /**
+     * Called for every connection that opens, with the peer socket. Useful for
+     * tests; in production we don't need it.
+     */
+    onConnection?: (socket: Socket) => void;
+    /**
+     * Called when the server logs an event. Receives a structured payload.
+     * Keep this lightweight; production wiring will swap in something real.
+     */
+    onLog?: (event: LogEvent) => void;
+}
+export type LogEvent = {
+    kind: 'listening';
+    path: string;
+} | {
+    kind: 'connection_open';
+} | {
+    kind: 'connection_close';
+} | {
+    kind: 'connection_error';
+    error: string;
+} | {
+    kind: 'request';
+    method: string;
+    id: RpcId;
+} | {
+    kind: 'response';
+    id: RpcId;
+    ok: boolean;
+} | {
+    kind: 'closed';
+};
+export interface DaemonServerHandle {
+    readonly server: Server;
+    close: () => Promise<void>;
+}
+/**
+ * Start a Unix-socket JSON-RPC server. The socket file is created at
+ * `socketPath` with mode 0o600 (owner read/write only). If a stale socket
+ * file exists at that path we remove it first.
+ *
+ * Each connection is line-delimited JSON: one request per line, one response
+ * per line. Pipelining is supported (multiple requests per connection); they
+ * are processed in order.
+ */
+export declare function startDaemonServer(opts: DaemonServerOpts): Promise<DaemonServerHandle>;
+//# sourceMappingURL=server.d.ts.map

package/dist/src/daemon/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/daemon/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgB,KAAK,MAAM,EAAE,KAAK,MAAM,EAAE,MAAM,UAAU,CAAC;AAElE,OAAO,EAA4B,KAAK,aAAa,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAOL,KAAK,KAAK,EACX,MAAM,UAAU,CAAC;AAElB,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,aAAa,CAAC;IACvB;;;OAGG;IACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IACxC;;;OAGG;IACH,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC;CACnC;AAED,MAAM,MAAM,QAAQ,GAChB;IAAE,IAAI,EAAE,WAAW,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GACnC;IAAE,IAAI,EAAE,iBAAiB,CAAA;CAAE,GAC3B;IAAE,IAAI,EAAE,kBAAkB,CAAA;CAAE,GAC5B;IAAE,IAAI,EAAE,kBAAkB,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAC3C;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,KAAK,CAAA;CAAE,GAC9C;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,EAAE,EAAE,KAAK,CAAC;IAAC,EAAE,EAAE,OAAO,CAAA;CAAE,GAC5C;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,CAAC;AAEvB,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5B;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAiErF"}

package/dist/src/daemon/server.js

@@ -0,0 +1,103 @@
+import { createServer } from 'node:net';
+import { chmodSync, existsSync, unlinkSync } from 'node:fs';
+import { dispatch, RpcMethodError } from './methods.js';
+import { encodeError, encodeResponse, parseRequest, RPC_INTERNAL_ERROR, RPC_INVALID_REQUEST, RPC_PARSE_ERROR, } from './rpc.js';
+/**
+ * Start a Unix-socket JSON-RPC server. The socket file is created at
+ * `socketPath` with mode 0o600 (owner read/write only). If a stale socket
+ * file exists at that path we remove it first.
+ *
+ * Each connection is line-delimited JSON: one request per line, one response
+ * per line. Pipelining is supported (multiple requests per connection); they
+ * are processed in order.
+ */
+export function startDaemonServer(opts) {
+    const { socketPath, context } = opts;
+    const log = (e) => opts.onLog?.(e);
+    // If a stale file (e.g. from a crashed previous run) sits at the path,
+    // remove it before binding. We don't check whether a process is actually
+    // listening — that would need OS-specific calls. The 0o600 perms make it
+    // impossible for another user to drop a file here.
+    if (existsSync(socketPath)) {
+        try {
+            unlinkSync(socketPath);
+        }
+        catch { /* let listen() report the bind failure */ }
+    }
+    const server = createServer((socket) => {
+        log({ kind: 'connection_open' });
+        opts.onConnection?.(socket);
+        let buf = '';
+        socket.setEncoding('utf8');
+        socket.on('data', (chunk) => {
+            buf += chunk;
+            let nl;
+            while ((nl = buf.indexOf('\n')) !== -1) {
+                const line = buf.slice(0, nl);
+                buf = buf.slice(nl + 1);
+                if (line.length === 0)
+                    continue;
+                const response = handleLine(line, context, log);
+                socket.write(response + '\n');
+            }
+        });
+        socket.on('error', (err) => {
+            log({ kind: 'connection_error', error: err.message });
+        });
+        socket.on('close', () => {
+            log({ kind: 'connection_close' });
+        });
+    });
+    return new Promise((resolve, reject) => {
+        server.once('error', reject);
+        server.listen(socketPath, () => {
+            // Tighten perms — Node's default may be 0o755 depending on umask.
+            try {
+                chmodSync(socketPath, 0o600);
+            }
+            catch (err) {
+                server.close();
+                reject(err);
+                return;
+            }
+            log({ kind: 'listening', path: socketPath });
+            server.removeListener('error', reject);
+            resolve({
+                server,
+                close: () => new Promise((res) => {
+                    server.close(() => {
+                        log({ kind: 'closed' });
+                        res();
+                    });
+                }),
+            });
+        });
+    });
+}
+function handleLine(line, context, log) {
+    const parsed = parseRequest(line);
+    if (parsed.kind === 'parse_error') {
+        log({ kind: 'response', id: null, ok: false });
+        return encodeError(null, RPC_PARSE_ERROR, 'parse error');
+    }
+    if (parsed.kind === 'invalid') {
+        log({ kind: 'response', id: parsed.id, ok: false });
+        return encodeError(parsed.id, RPC_INVALID_REQUEST, parsed.reason);
+    }
+    const { request } = parsed;
+    log({ kind: 'request', method: request.method, id: request.id });
+    try {
+        const result = dispatch(request.method, request.params, context);
+        log({ kind: 'response', id: request.id, ok: true });
+        return encodeResponse(request.id, result);
+    }
+    catch (err) {
+        if (err instanceof RpcMethodError) {
+            log({ kind: 'response', id: request.id, ok: false });
+            return encodeError(request.id, err.code, err.message, err.data);
+        }
+        log({ kind: 'response', id: request.id, ok: false });
+        return encodeError(request.id, RPC_INTERNAL_ERROR, `internal error: ${err.message}`);
+    }
+}
+//# sourceMappingURL=server.js.map

package/dist/src/daemon/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/daemon/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAA4B,MAAM,UAAU,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC5D,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAsB,MAAM,cAAc,CAAC;AAC5E,OAAO,EACL,WAAW,EACX,cAAc,EACd,YAAY,EACZ,kBAAkB,EAClB,mBAAmB,EACnB,eAAe,GAEhB,MAAM,UAAU,CAAC;AA+BlB;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAsB;IACtD,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACrC,MAAM,GAAG,GAAG,CAAC,CAAW,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;IAE7C,uEAAuE;IACvE,yEAAyE;IACzE,yEAAyE;IACzE,mDAAmD;IACnD,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,IAAI,CAAC;YAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,0CAA0C,CAAC,CAAC;IACtF,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,MAAM,EAAE,EAAE;QACrC,GAAG,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,YAAY,EAAE,CAAC,MAAM,CAAC,CAAC;QAE5B,IAAI,GAAG,GAAG,EAAE,CAAC;QAEb,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAE3B,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;YAC1B,GAAG,IAAI,KAAK,CAAC;YACb,IAAI,EAAU,CAAC;YACf,OAAO,CAAC,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;gBACvC,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9B,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBACxB,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;oBAAE,SAAS;gBAChC,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;gBAChD,MAAM,CAAC,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;YAChC,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACzB,GAAG,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACtB,GAAG,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,EAAE;YAC7B,kEAAkE;YAClE,IAAI,CAAC;gBACH,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YAC/B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,GAAG,CAAC,CAAC;gBACZ,OAAO;YACT,CAAC;YACD,GAAG,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;YAC7C,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACvC,OAAO,CAAC;gBACN,MAAM;gBACN,KAAK,EAAE,GAAG,EAAE,CACV,IAAI,OAAO,CAAO,CAAC,GAAG,EAAE,EAAE;oBACxB,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;wBAChB,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;wBACxB,GAAG,EAAE,CAAC;oBACR,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC;aACL,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU,CACjB,IAAY,EACZ,OAAsB,EACtB,GAA0B;IAE1B,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAClC,IAAI,MAAM,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QAClC,GAAG,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/C,OAAO,WAAW,CAAC,IAAI,EAAE,eAAe,EAAE,aAAa,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC9B,GAAG,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,WAAW,CAAC,MAAM,CAAC,EAAE,EAAE,mBAAmB,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;IAC3B,GAAG,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;IACjE,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACjE,GAAG,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QACpD,OAAO,cAAc,CAAC,OAAO,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;YAClC,GAAG,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACrD,OAAO,WAAW,CAAC,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QAClE,CAAC;QACD,GAAG,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QACrD,OAAO,WAAW,CAChB,OAAO,CAAC,EAAE,EACV,kBAAkB,EAClB,mBAAoB,GAAa,CAAC,OAAO,EAAE,CAC5C,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/src/eth/address.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Lowercase 0x-prefixed 20-byte address derived from a private key.
+ */
+export declare function addressFromPrivateKey(privateKey: Buffer | Uint8Array): string;
+/**
+ * Lowercase 0x-prefixed 20-byte address derived from a 65-byte uncompressed public key.
+ */
+export declare function addressFromPublicKey(uncompressedPub: Buffer | Uint8Array): string;
+/**
+ * EIP-55 checksummed address (mixed-case 0x-prefixed).
+ */
+export declare function toChecksumAddress(address: string): string;
+//# sourceMappingURL=address.d.ts.map

package/dist/src/eth/address.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"address.d.ts","sourceRoot":"","sources":["../../../src/eth/address.ts"],"names":[],"mappings":"AAcA;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAK7E;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,eAAe,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CASjF;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAazD"}

package/dist/src/eth/address.js

@@ -0,0 +1,51 @@
+import { keccak256 } from './keccak.js';
+import { getPublicKeyUncompressed } from './secp.js';
+const HEX = '0123456789abcdef';
+function bytesToHex(buf) {
+    let out = '';
+    for (let i = 0; i < buf.length; i++) {
+        const b = buf[i];
+        out += HEX[(b >>> 4) & 0xf] + HEX[b & 0xf];
+    }
+    return out;
+}
+/**
+ * Lowercase 0x-prefixed 20-byte address derived from a private key.
+ */
+export function addressFromPrivateKey(privateKey) {
+    const pub = getPublicKeyUncompressed(privateKey);
+    // strip 0x04 prefix; address = last 20 bytes of keccak256(pub[1..])
+    const hash = keccak256(pub.subarray(1));
+    return '0x' + bytesToHex(hash.subarray(12));
+}
+/**
+ * Lowercase 0x-prefixed 20-byte address derived from a 65-byte uncompressed public key.
+ */
+export function addressFromPublicKey(uncompressedPub) {
+    if (uncompressedPub.length !== 65) {
+        throw new Error(`expected 65-byte uncompressed pubkey, got ${uncompressedPub.length}`);
+    }
+    if (uncompressedPub[0] !== 0x04) {
+        throw new Error(`expected 0x04 prefix on uncompressed pubkey, got ${uncompressedPub[0]?.toString(16)}`);
+    }
+    const hash = keccak256(uncompressedPub.subarray(1));
+    return '0x' + bytesToHex(hash.subarray(12));
+}
+/**
+ * EIP-55 checksummed address (mixed-case 0x-prefixed).
+ */
+export function toChecksumAddress(address) {
+    if (!/^0x[0-9a-fA-F]{40}$/.test(address)) {
+        throw new Error(`not a 20-byte hex address: ${address}`);
+    }
+    const lower = address.slice(2).toLowerCase();
+    const hash = keccak256(Buffer.from(lower, 'ascii'));
+    let out = '0x';
+    for (let i = 0; i < lower.length; i++) {
+        const c = lower[i];
+        const nibble = hash[i >>> 1] >>> (i % 2 === 0 ? 4 : 0) & 0xf;
+        out += nibble >= 8 ? c.toUpperCase() : c;
+    }
+    return out;
+}
+//# sourceMappingURL=address.js.map

package/dist/src/eth/address.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"address.js","sourceRoot":"","sources":["../../../src/eth/address.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,wBAAwB,EAAE,MAAM,WAAW,CAAC;AAErD,MAAM,GAAG,GAAG,kBAAkB,CAAC;AAE/B,SAAS,UAAU,CAAC,GAAwB;IAC1C,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAE,CAAC;QAClB,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,GAAG,CAAE,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAE,CAAC;IAC/C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAA+B;IACnE,MAAM,GAAG,GAAG,wBAAwB,CAAC,UAAU,CAAC,CAAC;IACjD,oEAAoE;IACpE,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,OAAO,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,eAAoC;IACvE,IAAI,eAAe,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,6CAA6C,eAAe,CAAC,MAAM,EAAE,CAAC,CAAC;IACzF,CAAC;IACD,IAAI,eAAe,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,oDAAoD,eAAe,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IAC1G,CAAC;IACD,MAAM,IAAI,GAAG,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,OAAO,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,8BAA8B,OAAO,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7C,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IACpD,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACpB,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,KAAK,CAAC,CAAE,KAAK,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;QAC9D,GAAG,IAAI,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/src/eth/index.d.ts

@@ -0,0 +1,8 @@
+export { keccak256 } from './keccak.js';
+export { type EthSignature, getPublicKeyUncompressed, signDigest, recoverPublicKey, } from './secp.js';
+export { addressFromPrivateKey, addressFromPublicKey, toChecksumAddress, } from './address.js';
+export { type RlpInput, rlpEncode, rlpDecode, encodeInt, } from './rlp.js';
+export { personalSign, personalSignDigest, serializeEthSignature, deserializeEthSignature, } from './sign-message.js';
+export { type Hex, type LegacyTx, type Eip1559Tx, type SignableTx, type AccessListItem, txDigest, signTransaction, } from './sign-tx.js';
+export { type TypedData, type TypedDataDomain, type TypedDataField, type TypedDataTypes, encodeType, typeHash, hashStruct, typedDataDigest, signTypedData, } from './sign-typed.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/eth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/eth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EACL,KAAK,YAAY,EACjB,wBAAwB,EACxB,UAAU,EACV,gBAAgB,GACjB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,iBAAiB,GAClB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,KAAK,QAAQ,EACb,SAAS,EACT,SAAS,EACT,SAAS,GACV,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,KAAK,GAAG,EACR,KAAK,QAAQ,EACb,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,QAAQ,EACR,eAAe,GAChB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,KAAK,SAAS,EACd,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,UAAU,EACV,QAAQ,EACR,UAAU,EACV,eAAe,EACf,aAAa,GACd,MAAM,iBAAiB,CAAC"}

package/dist/src/eth/index.js

@@ -0,0 +1,8 @@
+export { keccak256 } from './keccak.js';
+export { getPublicKeyUncompressed, signDigest, recoverPublicKey, } from './secp.js';
+export { addressFromPrivateKey, addressFromPublicKey, toChecksumAddress, } from './address.js';
+export { rlpEncode, rlpDecode, encodeInt, } from './rlp.js';
+export { personalSign, personalSignDigest, serializeEthSignature, deserializeEthSignature, } from './sign-message.js';
+export { txDigest, signTransaction, } from './sign-tx.js';
+export { encodeType, typeHash, hashStruct, typedDataDigest, signTypedData, } from './sign-typed.js';
+//# sourceMappingURL=index.js.map

package/dist/src/eth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/eth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAEL,wBAAwB,EACxB,UAAU,EACV,gBAAgB,GACjB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,iBAAiB,GAClB,MAAM,cAAc,CAAC;AACtB,OAAO,EAEL,SAAS,EACT,SAAS,EACT,SAAS,GACV,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAML,QAAQ,EACR,eAAe,GAChB,MAAM,cAAc,CAAC;AACtB,OAAO,EAKL,UAAU,EACV,QAAQ,EACR,UAAU,EACV,eAAe,EACf,aAAa,GACd,MAAM,iBAAiB,CAAC"}

package/dist/src/eth/keccak.d.ts

@@ -0,0 +1,2 @@
+export declare function keccak256(data: Buffer | Uint8Array): Buffer;
+//# sourceMappingURL=keccak.d.ts.map

package/dist/src/eth/keccak.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keccak.d.ts","sourceRoot":"","sources":["../../../src/eth/keccak.ts"],"names":[],"mappings":"AAEA,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAE3D"}

package/dist/src/eth/keccak.js

@@ -0,0 +1,5 @@
+import { keccak_256 } from '@noble/hashes/sha3.js';
+export function keccak256(data) {
+    return Buffer.from(keccak_256(data));
+}
+//# sourceMappingURL=keccak.js.map

package/dist/src/eth/keccak.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keccak.js","sourceRoot":"","sources":["../../../src/eth/keccak.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD,MAAM,UAAU,SAAS,CAAC,IAAyB;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;AACvC,CAAC"}

package/dist/src/eth/rlp.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Minimal RLP encoder/decoder for transaction signing. Supports byte strings
+ * and (nested) lists. No support for other types — we never need them.
+ *
+ * Ref: https://ethereum.org/en/developers/docs/data-structures-and-encoding/rlp/
+ */
+export type RlpInput = Buffer | Uint8Array | RlpInput[];
+export declare function rlpEncode(input: RlpInput): Buffer;
+/**
+ * Encode a non-negative integer as a minimal big-endian byte string,
+ * dropping leading zeros. 0 encodes to empty buffer (RLP convention).
+ */
+export declare function encodeInt(n: number | bigint): Buffer;
+export type Decoded = Buffer | Decoded[];
+export declare function rlpDecode(buf: Buffer): Decoded;
+//# sourceMappingURL=rlp.d.ts.map

package/dist/src/eth/rlp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rlp.d.ts","sourceRoot":"","sources":["../../../src/eth/rlp.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,UAAU,GAAG,QAAQ,EAAE,CAAC;AAuBxD,wBAAgB,SAAS,CAAC,KAAK,EAAE,QAAQ,GAAG,MAAM,CAEjD;AAED;;;GAGG;AACH,wBAAgB,SAAS,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAOpD;AAiDD,MAAM,MAAM,OAAO,GAAG,MAAM,GAAG,OAAO,EAAE,CAAC;AAOzC,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAK9C"}

package/dist/src/eth/rlp.js

@@ -0,0 +1,99 @@
+/**
+ * Minimal RLP encoder/decoder for transaction signing. Supports byte strings
+ * and (nested) lists. No support for other types — we never need them.
+ *
+ * Ref: https://ethereum.org/en/developers/docs/data-structures-and-encoding/rlp/
+ */
+function encodeLength(len, offset) {
+    if (len < 56) {
+        return Buffer.from([offset + len]);
+    }
+    const hex = len.toString(16);
+    const lenBytes = Buffer.from(hex.length % 2 ? '0' + hex : hex, 'hex');
+    return Buffer.concat([Buffer.from([offset + 55 + lenBytes.length]), lenBytes]);
+}
+function encodeItem(item) {
+    if (Array.isArray(item)) {
+        const inner = Buffer.concat(item.map(encodeItem));
+        return Buffer.concat([encodeLength(inner.length, 0xc0), inner]);
+    }
+    const buf = item instanceof Buffer ? item : Buffer.from(item);
+    if (buf.length === 1 && buf[0] < 0x80) {
+        return Buffer.from([buf[0]]);
+    }
+    return Buffer.concat([encodeLength(buf.length, 0x80), buf]);
+}
+export function rlpEncode(input) {
+    return encodeItem(input);
+}
+/**
+ * Encode a non-negative integer as a minimal big-endian byte string,
+ * dropping leading zeros. 0 encodes to empty buffer (RLP convention).
+ */
+export function encodeInt(n) {
+    let v = typeof n === 'bigint' ? n : BigInt(n);
+    if (v < 0n)
+        throw new Error('cannot encode negative integer');
+    if (v === 0n)
+        return Buffer.alloc(0);
+    let hex = v.toString(16);
+    if (hex.length % 2)
+        hex = '0' + hex;
+    return Buffer.from(hex, 'hex');
+}
+function decodeItem(buf, offset) {
+    if (offset >= buf.length)
+        throw new Error('rlp: unexpected end of input');
+    const first = buf[offset];
+    if (first < 0x80) {
+        return { value: Buffer.from([first]), consumed: 1 };
+    }
+    if (first < 0xb8) {
+        const len = first - 0x80;
+        return { value: Buffer.from(buf.subarray(offset + 1, offset + 1 + len)), consumed: 1 + len };
+    }
+    if (first < 0xc0) {
+        const lenOfLen = first - 0xb7;
+        const len = parseInt(buf.subarray(offset + 1, offset + 1 + lenOfLen).toString('hex'), 16);
+        const start = offset + 1 + lenOfLen;
+        return { value: Buffer.from(buf.subarray(start, start + len)), consumed: 1 + lenOfLen + len };
+    }
+    if (first < 0xf8) {
+        const len = first - 0xc0;
+        const items = [];
+        let p = offset + 1;
+        const end = p + len;
+        while (p < end) {
+            const item = decodeItem(buf, p);
+            items.push(item);
+            p += item.consumed;
+        }
+        return { value: items, consumed: 1 + len };
+    }
+    const lenOfLen = first - 0xf7;
+    const len = parseInt(buf.subarray(offset + 1, offset + 1 + lenOfLen).toString('hex'), 16);
+    const start = offset + 1 + lenOfLen;
+    const items = [];
+    let p = start;
+    const end = start + len;
+    while (p < end) {
+        const item = decodeItem(buf, p);
+        items.push(item);
+        p += item.consumed;
+    }
+    return { value: items, consumed: 1 + lenOfLen + len };
+}
+function strip(d) {
+    if (Array.isArray(d.value))
+        return d.value.map(strip);
+    return d.value;
+}
+export function rlpDecode(buf) {
+    const { value, consumed } = decodeItem(buf, 0);
+    if (consumed !== buf.length)
+        throw new Error('rlp: extra bytes after item');
+    if (Array.isArray(value))
+        return value.map(strip);
+    return value;
+}
+//# sourceMappingURL=rlp.js.map

package/dist/src/eth/rlp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rlp.js","sourceRoot":"","sources":["../../../src/eth/rlp.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,SAAS,YAAY,CAAC,GAAW,EAAE,MAAc;IAC/C,IAAI,GAAG,GAAG,EAAE,EAAE,CAAC;QACb,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC7B,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACtE,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;AACjF,CAAC;AAED,SAAS,UAAU,CAAC,IAAc;IAChC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;QAClD,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,YAAY,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9D,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAE,GAAG,IAAI,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAe;IACvC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,CAAkB;IAC1C,IAAI,CAAC,GAAG,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC9C,IAAI,CAAC,GAAG,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IAC9D,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACrC,IAAI,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACzB,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IACpC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AACjC,CAAC;AAOD,SAAS,UAAU,CAAC,GAAW,EAAE,MAAc;IAC7C,IAAI,MAAM,IAAI,GAAG,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAC1E,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,CAAE,CAAC;IAC3B,IAAI,KAAK,GAAG,IAAI,EAAE,CAAC;QACjB,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACtD,CAAC;IACD,IAAI,KAAK,GAAG,IAAI,EAAE,CAAC;QACjB,MAAM,GAAG,GAAG,KAAK,GAAG,IAAI,CAAC;QACzB,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC;IAC/F,CAAC;IACD,IAAI,KAAK,GAAG,IAAI,EAAE,CAAC;QACjB,MAAM,QAAQ,GAAG,KAAK,GAAG,IAAI,CAAC;QAC9B,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1F,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC;QACpC,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,GAAG,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,GAAG,QAAQ,GAAG,GAAG,EAAE,CAAC;IAChG,CAAC;IACD,IAAI,KAAK,GAAG,IAAI,EAAE,CAAC;QACjB,MAAM,GAAG,GAAG,KAAK,GAAG,IAAI,CAAC;QACzB,MAAM,KAAK,GAAmB,EAAE,CAAC;QACjC,IAAI,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC;QACnB,MAAM,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;QACpB,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;YACf,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjB,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC;QACrB,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC;IAC7C,CAAC;IACD,MAAM,QAAQ,GAAG,KAAK,GAAG,IAAI,CAAC;IAC9B,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1F,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC;IACpC,MAAM,KAAK,GAAmB,EAAE,CAAC;IACjC,IAAI,CAAC,GAAG,KAAK,CAAC;IACd,MAAM,GAAG,GAAG,KAAK,GAAG,GAAG,CAAC;IACxB,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC;IACrB,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,GAAG,QAAQ,GAAG,GAAG,EAAE,CAAC;AACxD,CAAC;AAID,SAAS,KAAK,CAAC,CAAe;IAC5B,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACtD,OAAO,CAAC,CAAC,KAAK,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,GAAW;IACnC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAC/C,IAAI,QAAQ,KAAK,GAAG,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IAC5E,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAClD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/src/eth/secp.d.ts

@@ -0,0 +1,17 @@
+export interface EthSignature {
+    r: Buffer;
+    s: Buffer;
+    recovery: 0 | 1;
+}
+export declare function getPublicKeyUncompressed(privateKey: Buffer | Uint8Array): Buffer;
+/**
+ * Signs a 32-byte digest and returns the Ethereum-shaped components.
+ * The noble v3 recovered format is `recovery || r || s` (recovery is byte 0).
+ */
+export declare function signDigest(digest: Buffer | Uint8Array, privateKey: Buffer | Uint8Array): EthSignature;
+/**
+ * Recover the 65-byte uncompressed public key (with 0x04 prefix) from a digest and signature.
+ * Used in tests and address derivation from signature.
+ */
+export declare function recoverPublicKey(digest: Buffer | Uint8Array, sig: EthSignature): Buffer;
+//# sourceMappingURL=secp.d.ts.map

package/dist/src/eth/secp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secp.d.ts","sourceRoot":"","sources":["../../../src/eth/secp.ts"],"names":[],"mappings":"AAcA,MAAM,WAAW,YAAY;IAC3B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,QAAQ,EAAE,CAAC,GAAG,CAAC,CAAC;CACjB;AAED,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAEhF;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,EAAE,UAAU,EAAE,MAAM,GAAG,UAAU,GAAG,YAAY,CAYrG;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,MAAM,GAAG,UAAU,EAC3B,GAAG,EAAE,YAAY,GAChB,MAAM,CAUR"}