npm - signet-protocol - Versions diffs - 0.1.0 - Mend

signet-protocol 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (156) hide show

package/LICENSE +21 -0
package/README.md +112 -0
package/dist/anomaly.d.ts +42 -0
package/dist/anomaly.d.ts.map +1 -0
package/dist/anomaly.js +209 -0
package/dist/anomaly.js.map +1 -0
package/dist/badge.d.ts +56 -0
package/dist/badge.d.ts.map +1 -0
package/dist/badge.js +171 -0
package/dist/badge.js.map +1 -0
package/dist/bonds.d.ts +39 -0
package/dist/bonds.d.ts.map +1 -0
package/dist/bonds.js +149 -0
package/dist/bonds.js.map +1 -0
package/dist/challenges.d.ts +18 -0
package/dist/challenges.d.ts.map +1 -0
package/dist/challenges.js +145 -0
package/dist/challenges.js.map +1 -0
package/dist/cold-call.d.ts +74 -0
package/dist/cold-call.d.ts.map +1 -0
package/dist/cold-call.js +176 -0
package/dist/cold-call.js.map +1 -0
package/dist/compliance.d.ts +82 -0
package/dist/compliance.d.ts.map +1 -0
package/dist/compliance.js +478 -0
package/dist/compliance.js.map +1 -0
package/dist/connections.d.ts +63 -0
package/dist/connections.d.ts.map +1 -0
package/dist/connections.js +170 -0
package/dist/connections.js.map +1 -0
package/dist/constants.d.ts +86 -0
package/dist/constants.d.ts.map +1 -0
package/dist/constants.js +124 -0
package/dist/constants.js.map +1 -0
package/dist/credentials.d.ts +190 -0
package/dist/credentials.d.ts.map +1 -0
package/dist/credentials.js +686 -0
package/dist/credentials.js.map +1 -0
package/dist/crypto.d.ts +27 -0
package/dist/crypto.d.ts.map +1 -0
package/dist/crypto.js +75 -0
package/dist/crypto.js.map +1 -0
package/dist/errors.d.ts +17 -0
package/dist/errors.d.ts.map +1 -0
package/dist/errors.js +29 -0
package/dist/errors.js.map +1 -0
package/dist/i18n.d.ts +98 -0
package/dist/i18n.d.ts.map +1 -0
package/dist/i18n.js +1118 -0
package/dist/i18n.js.map +1 -0
package/dist/identity-bridge.d.ts +52 -0
package/dist/identity-bridge.d.ts.map +1 -0
package/dist/identity-bridge.js +228 -0
package/dist/identity-bridge.js.map +1 -0
package/dist/identity-tree.d.ts +47 -0
package/dist/identity-tree.d.ts.map +1 -0
package/dist/identity-tree.js +69 -0
package/dist/identity-tree.js.map +1 -0
package/dist/index.d.ts +55 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +86 -0
package/dist/index.js.map +1 -0
package/dist/key-derivation.d.ts +43 -0
package/dist/key-derivation.d.ts.map +1 -0
package/dist/key-derivation.js +212 -0
package/dist/key-derivation.js.map +1 -0
package/dist/lsag.d.ts +23 -0
package/dist/lsag.d.ts.map +1 -0
package/dist/lsag.js +35 -0
package/dist/lsag.js.map +1 -0
package/dist/merkle.d.ts +19 -0
package/dist/merkle.d.ts.map +1 -0
package/dist/merkle.js +155 -0
package/dist/merkle.js.map +1 -0
package/dist/policies.d.ts +22 -0
package/dist/policies.d.ts.map +1 -0
package/dist/policies.js +123 -0
package/dist/policies.js.map +1 -0
package/dist/range-proof.d.ts +6 -0
package/dist/range-proof.d.ts.map +1 -0
package/dist/range-proof.js +45 -0
package/dist/range-proof.js.map +1 -0
package/dist/relay.d.ts +106 -0
package/dist/relay.d.ts.map +1 -0
package/dist/relay.js +336 -0
package/dist/relay.js.map +1 -0
package/dist/ring-signature.d.ts +35 -0
package/dist/ring-signature.d.ts.map +1 -0
package/dist/ring-signature.js +56 -0
package/dist/ring-signature.js.map +1 -0
package/dist/shamir.d.ts +55 -0
package/dist/shamir.d.ts.map +1 -0
package/dist/shamir.js +253 -0
package/dist/shamir.js.map +1 -0
package/dist/signet-words.d.ts +42 -0
package/dist/signet-words.d.ts.map +1 -0
package/dist/signet-words.js +82 -0
package/dist/signet-words.js.map +1 -0
package/dist/store.d.ts +65 -0
package/dist/store.d.ts.map +1 -0
package/dist/store.js +290 -0
package/dist/store.js.map +1 -0
package/dist/trust-score.d.ts +9 -0
package/dist/trust-score.d.ts.map +1 -0
package/dist/trust-score.js +186 -0
package/dist/trust-score.js.map +1 -0
package/dist/types.d.ts +358 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +15 -0
package/dist/types.js.map +1 -0
package/dist/utils.d.ts +11 -0
package/dist/utils.d.ts.map +1 -0
package/dist/utils.js +21 -0
package/dist/utils.js.map +1 -0
package/dist/validation.d.ts +33 -0
package/dist/validation.d.ts.map +1 -0
package/dist/validation.js +312 -0
package/dist/validation.js.map +1 -0
package/dist/verifiers.d.ts +18 -0
package/dist/verifiers.d.ts.map +1 -0
package/dist/verifiers.js +118 -0
package/dist/verifiers.js.map +1 -0
package/dist/vouches.d.ts +14 -0
package/dist/vouches.d.ts.map +1 -0
package/dist/vouches.js +103 -0
package/dist/vouches.js.map +1 -0
package/package.json +76 -0
package/src/anomaly.ts +307 -0
package/src/badge.ts +208 -0
package/src/bonds.ts +203 -0
package/src/challenges.ts +187 -0
package/src/cold-call.ts +238 -0
package/src/compliance.ts +612 -0
package/src/connections.ts +216 -0
package/src/constants.ts +146 -0
package/src/credentials.ts +908 -0
package/src/crypto.ts +85 -0
package/src/errors.ts +31 -0
package/src/i18n.ts +1347 -0
package/src/identity-bridge.ts +262 -0
package/src/identity-tree.ts +90 -0
package/src/index.ts +452 -0
package/src/lsag.ts +53 -0
package/src/merkle.ts +176 -0
package/src/policies.ts +154 -0
package/src/range-proof.ts +66 -0
package/src/relay.ts +433 -0
package/src/ring-signature.ts +76 -0
package/src/signet-words.ts +122 -0
package/src/store.ts +336 -0
package/src/trust-score.ts +208 -0
package/src/types.ts +482 -0
package/src/utils.ts +20 -0
package/src/validation.ts +391 -0
package/src/verifiers.ts +156 -0
package/src/vouches.ts +141 -0

package/dist/relay.js ADDED Viewed

@@ -0,0 +1,336 @@
+// Nostr Relay Client
+// WebSocket-based publish/subscribe with NIP-42 AUTH support
+import { signEvent, getPublicKey, verifyEvent } from './crypto.js';
+import { SignetValidationError } from './errors.js';
+import { validateFieldSizeBounds } from './validation.js';
+/** NIP-42 client authentication event kind */
+const NIP42_AUTH_KIND = 22242;
+/** Maximum WebSocket message size (1 MB) — prevents DoS via oversized relay messages */
+const MAX_MESSAGE_SIZE = 1_048_576;
+/**
+ * Nostr relay client with NIP-42 AUTH support.
+ * Handles publishing events, subscribing to filters, and authentication.
+ */
+export class RelayClient {
+    url;
+    options;
+    ws = null;
+    state = 'disconnected';
+    subscriptions = new Map();
+    pendingPublishes = new Map();
+    subCounter = 0;
+    reconnectAttempts = 0;
+    reconnectTimer = null;
+    disconnectRequested = false;
+    onStateChange;
+    constructor(url, options = {}) {
+        this.url = url;
+        this.options = options;
+        if (!/^wss?:\/\//i.test(this.url)) {
+            throw new SignetValidationError('Relay URL must use ws:// or wss:// scheme');
+        }
+        // Enforce TLS for non-localhost connections — identity data must not travel in cleartext
+        if (/^ws:\/\//i.test(this.url) && !/^ws:\/\/(localhost|127\.0\.0\.1)([:\/]|$)/i.test(this.url)) {
+            throw new SignetValidationError('Relay URL must use wss:// for non-localhost connections');
+        }
+        this.options = {
+            connectTimeout: 5000,
+            autoReconnect: true,
+            reconnectDelay: 3000,
+            maxReconnectAttempts: 5,
+            verifyEvents: true,
+            ...options,
+        };
+    }
+    /** Get current connection state */
+    getState() {
+        return this.state;
+    }
+    /** Set a state change listener */
+    onStateChanged(callback) {
+        this.onStateChange = callback;
+    }
+    setState(state) {
+        this.state = state;
+        this.onStateChange?.(state);
+    }
+    /** Connect to the relay */
+    connect() {
+        return new Promise((resolve, reject) => {
+            if (this.state === 'connected') {
+                resolve();
+                return;
+            }
+            this.setState('connecting');
+            const timeout = setTimeout(() => {
+                this.ws?.close();
+                reject(new SignetValidationError(`Connection timeout after ${this.options.connectTimeout}ms`));
+            }, this.options.connectTimeout);
+            this.ws = new WebSocket(this.url);
+            this.ws.onopen = () => {
+                clearTimeout(timeout);
+                this.setState('connected');
+                this.reconnectAttempts = 0;
+                // Re-subscribe existing subscriptions
+                for (const [id, sub] of this.subscriptions) {
+                    this.sendSubscription(id, sub.filters);
+                }
+                resolve();
+            };
+            this.ws.onclose = () => {
+                clearTimeout(timeout);
+                this.setState('disconnected');
+                this.handleReconnect();
+            };
+            this.ws.onerror = () => {
+                clearTimeout(timeout);
+                this.setState('error');
+                reject(new SignetValidationError('WebSocket connection failed'));
+            };
+            this.ws.onmessage = (msg) => {
+                if (typeof msg.data !== 'string')
+                    return; // ignore binary frames
+                this.handleMessage(msg.data);
+            };
+        });
+    }
+    /** Disconnect from the relay */
+    disconnect() {
+        if (this.reconnectTimer) {
+            clearTimeout(this.reconnectTimer);
+            this.reconnectTimer = null;
+        }
+        this.disconnectRequested = true;
+        this.ws?.close();
+        this.ws = null;
+        this.setState('disconnected');
+        // Clean up pending publishes
+        for (const [, pending] of this.pendingPublishes) {
+            clearTimeout(pending.timeout);
+            pending.resolve({ ok: false, message: 'Disconnected' });
+        }
+        this.pendingPublishes.clear();
+    }
+    /** Publish an event to the relay */
+    async publish(event) {
+        if (this.state !== 'connected' || !this.ws) {
+            throw new SignetValidationError('Not connected to relay');
+        }
+        if (!/^[0-9a-f]{64}$/.test(event.id)) {
+            throw new SignetValidationError('Invalid event ID: must be a 64-character lowercase hex string');
+        }
+        return new Promise((resolve) => {
+            const timeout = setTimeout(() => {
+                this.pendingPublishes.delete(event.id);
+                resolve({ ok: false, message: 'Publish timeout' });
+            }, 10000);
+            this.pendingPublishes.set(event.id, { resolve, timeout });
+            this.ws.send(JSON.stringify(['EVENT', event]));
+        });
+    }
+    /**
+     * Subscribe to events matching the given filters.
+     * @returns Subscription ID (use to close the subscription)
+     */
+    subscribe(filters, onEvent, onEose) {
+        const subId = `signet-sub-${++this.subCounter}`;
+        this.subscriptions.set(subId, {
+            filters,
+            callback: onEvent,
+            eoseCallback: onEose,
+        });
+        if (this.state === 'connected') {
+            this.sendSubscription(subId, filters);
+        }
+        return subId;
+    }
+    /** Close a subscription */
+    closeSubscription(subId) {
+        this.subscriptions.delete(subId);
+        if (this.state === 'connected' && this.ws) {
+            this.ws.send(JSON.stringify(['CLOSE', subId]));
+        }
+    }
+    /**
+     * Fetch events matching filters (returns after EOSE).
+     * Convenience method that subscribes, collects events, and closes.
+     */
+    fetch(filters, timeoutMs = 30000) {
+        return new Promise((resolve) => {
+            const events = [];
+            let resolved = false;
+            const done = () => {
+                if (resolved)
+                    return;
+                resolved = true;
+                clearTimeout(timer);
+                this.closeSubscription(subId);
+                resolve(events);
+            };
+            const maxEvents = 10_000;
+            const subId = this.subscribe(filters, (event) => { events.push(event); if (events.length >= maxEvents)
+                done(); }, () => done());
+            // Timeout guard: resolve with events collected so far if EOSE never arrives
+            const timer = setTimeout(() => done(), timeoutMs);
+        });
+    }
+    sendSubscription(subId, filters) {
+        if (this.ws) {
+            this.ws.send(JSON.stringify(['REQ', subId, ...filters]));
+        }
+    }
+    handleMessage(data) {
+        if (data.length > MAX_MESSAGE_SIZE)
+            return;
+        try {
+            const msg = JSON.parse(data);
+            if (!Array.isArray(msg) || msg.length < 2 || typeof msg[0] !== 'string')
+                return;
+            switch (msg[0]) {
+                case 'EVENT': {
+                    if (msg.length < 3 || typeof msg[1] !== 'string' || typeof msg[2] !== 'object' || msg[2] === null)
+                        break;
+                    const raw = msg[2];
+                    // Validate required NostrEvent fields before casting
+                    if (typeof raw.id !== 'string' || typeof raw.pubkey !== 'string' ||
+                        typeof raw.kind !== 'number' || typeof raw.created_at !== 'number' ||
+                        !Array.isArray(raw.tags) || typeof raw.content !== 'string' ||
+                        typeof raw.sig !== 'string')
+                        break;
+                    const subId = msg[1];
+                    const event = raw;
+                    const boundsErrors = [];
+                    validateFieldSizeBounds(event, boundsErrors);
+                    if (boundsErrors.length > 0) {
+                        break; // reject oversized events
+                    }
+                    const sub = this.subscriptions.get(subId);
+                    if (sub) {
+                        if (this.options.verifyEvents !== false) {
+                            verifyEvent(event).then((valid) => {
+                                if (valid) {
+                                    sub.callback(event);
+                                }
+                                else {
+                                    this.options.onEventRejected?.(event, 'invalid signature or event ID');
+                                }
+                            });
+                        }
+                        else {
+                            sub.callback(event);
+                        }
+                    }
+                    break;
+                }
+                case 'OK': {
+                    if (msg.length < 4 || typeof msg[1] !== 'string' || typeof msg[2] !== 'boolean' || typeof msg[3] !== 'string')
+                        break;
+                    const eventId = msg[1];
+                    const pending = this.pendingPublishes.get(eventId);
+                    if (pending) {
+                        clearTimeout(pending.timeout);
+                        this.pendingPublishes.delete(eventId);
+                        pending.resolve({ ok: msg[2], message: msg[3] });
+                    }
+                    break;
+                }
+                case 'EOSE': {
+                    if (typeof msg[1] !== 'string')
+                        break;
+                    const sub = this.subscriptions.get(msg[1]);
+                    sub?.eoseCallback?.();
+                    break;
+                }
+                case 'AUTH': {
+                    if (typeof msg[1] !== 'string')
+                        break;
+                    // Cap challenge length to prevent oversized AUTH events from malicious relays
+                    if (msg[1].length > 256)
+                        break;
+                    this.handleAuth(msg[1]);
+                    break;
+                }
+                case 'NOTICE': {
+                    // Relay notices are informational — log but don't act
+                    break;
+                }
+            }
+        }
+        catch {
+            // Malformed message — ignore
+        }
+    }
+    /** Handle NIP-42 AUTH challenge */
+    async handleAuth(challenge) {
+        if (!this.options.authPrivateKey)
+            return;
+        const pubkey = getPublicKey(this.options.authPrivateKey);
+        const authEvent = {
+            kind: NIP42_AUTH_KIND,
+            pubkey,
+            created_at: Math.floor(Date.now() / 1000),
+            tags: [
+                ['relay', this.url],
+                ['challenge', challenge],
+            ],
+            content: '',
+        };
+        const signed = await signEvent(authEvent, this.options.authPrivateKey);
+        this.ws?.send(JSON.stringify(['AUTH', signed]));
+    }
+    handleReconnect() {
+        if (this.disconnectRequested || !this.options.autoReconnect)
+            return;
+        if (this.reconnectAttempts >= (this.options.maxReconnectAttempts ?? 5))
+            return;
+        this.reconnectAttempts++;
+        this.reconnectTimer = setTimeout(() => {
+            this.connect().catch(() => {
+                // Will retry via onclose handler
+            });
+        }, this.options.reconnectDelay);
+    }
+}
+/**
+ * Publish a Signet event to multiple relays.
+ *
+ * WARNING: Relay URLs are accepted as-is. Callers are responsible for
+ * validating that URLs come from trusted sources and do not encode credentials.
+ * The RelayClient constructor enforces wss:// for non-localhost connections.
+ */
+export async function publishToRelays(event, relayUrls) {
+    const results = new Map();
+    const promises = relayUrls.map(async (url) => {
+        const relay = new RelayClient(url);
+        try {
+            await relay.connect();
+            const result = await relay.publish(event);
+            results.set(url, result);
+        }
+        catch (err) {
+            results.set(url, { ok: false, message: err instanceof Error ? err.message : 'Connection failed' });
+        }
+        finally {
+            relay.disconnect();
+        }
+    });
+    await Promise.allSettled(promises);
+    return results;
+}
+/**
+ * Fetch Signet events from a relay by kind and optional filters.
+ *
+ * WARNING: Relay URL is accepted as-is. Callers are responsible for
+ * validating that URLs come from trusted sources and do not encode credentials.
+ */
+export async function fetchFromRelay(relayUrl, filters) {
+    const relay = new RelayClient(relayUrl);
+    try {
+        await relay.connect();
+        return await relay.fetch(filters);
+    }
+    finally {
+        relay.disconnect();
+    }
+}
+//# sourceMappingURL=relay.js.map

package/dist/relay.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"relay.js","sourceRoot":"","sources":["../src/relay.ts"],"names":[],"mappings":"AAAA,qBAAqB;AACrB,6DAA6D;AAE7D,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAEnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,8CAA8C;AAC9C,MAAM,eAAe,GAAG,KAAK,CAAC;AAE9B,wFAAwF;AACxF,MAAM,gBAAgB,GAAG,SAAS,CAAC;AA4DnC;;;GAGG;AACH,MAAM,OAAO,WAAW;IAYZ;IACA;IAZF,EAAE,GAAqB,IAAI,CAAC;IAC5B,KAAK,GAAe,cAAc,CAAC;IACnC,aAAa,GAAG,IAAI,GAAG,EAA+B,CAAC;IACvD,gBAAgB,GAAG,IAAI,GAAG,EAA0B,CAAC;IACrD,UAAU,GAAG,CAAC,CAAC;IACf,iBAAiB,GAAG,CAAC,CAAC;IACtB,cAAc,GAAyC,IAAI,CAAC;IAC5D,mBAAmB,GAAG,KAAK,CAAC;IAC5B,aAAa,CAA+B;IAEpD,YACU,GAAW,EACX,UAAwB,EAAE;QAD1B,QAAG,GAAH,GAAG,CAAQ;QACX,YAAO,GAAP,OAAO,CAAmB;QAElC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,qBAAqB,CAAC,2CAA2C,CAAC,CAAC;QAC/E,CAAC;QACD,yFAAyF;QACzF,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,4CAA4C,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/F,MAAM,IAAI,qBAAqB,CAAC,yDAAyD,CAAC,CAAC;QAC7F,CAAC;QACD,IAAI,CAAC,OAAO,GAAG;YACb,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,IAAI;YACpB,oBAAoB,EAAE,CAAC;YACvB,YAAY,EAAE,IAAI;YAClB,GAAG,OAAO;SACX,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,kCAAkC;IAClC,cAAc,CAAC,QAAqC;QAClD,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC;IAChC,CAAC;IAEO,QAAQ,CAAC,KAAiB;QAChC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED,2BAA2B;IAC3B,OAAO;QACL,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,IAAI,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;gBAC/B,OAAO,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YAE5B,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC9B,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC;gBACjB,MAAM,CAAC,IAAI,qBAAqB,CAAC,4BAA4B,IAAI,CAAC,OAAO,CAAC,cAAc,IAAI,CAAC,CAAC,CAAC;YACjG,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;YAEhC,IAAI,CAAC,EAAE,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAElC,IAAI,CAAC,EAAE,CAAC,MAAM,GAAG,GAAG,EAAE;gBACpB,YAAY,CAAC,OAAO,CAAC,CAAC;gBACtB,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAC3B,IAAI,CAAC,iBAAiB,GAAG,CAAC,CAAC;gBAC3B,sCAAsC;gBACtC,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;oBAC3C,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;gBACzC,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC;YAEF,IAAI,CAAC,EAAE,CAAC,OAAO,GAAG,GAAG,EAAE;gBACrB,YAAY,CAAC,OAAO,CAAC,CAAC;gBACtB,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;gBAC9B,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,CAAC,CAAC;YAEF,IAAI,CAAC,EAAE,CAAC,OAAO,GAAG,GAAG,EAAE;gBACrB,YAAY,CAAC,OAAO,CAAC,CAAC;gBACtB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBACvB,MAAM,CAAC,IAAI,qBAAqB,CAAC,6BAA6B,CAAC,CAAC,CAAC;YACnE,CAAC,CAAC;YAEF,IAAI,CAAC,EAAE,CAAC,SAAS,GAAG,CAAC,GAAG,EAAE,EAAE;gBAC1B,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;oBAAE,OAAO,CAAC,uBAAuB;gBACjE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC/B,CAAC,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,gCAAgC;IAChC,UAAU;QACR,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAClC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;QAChC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC;QACjB,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC;QACf,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QAE9B,6BAA6B;QAC7B,KAAK,MAAM,CAAC,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAChD,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC9B,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;IAChC,CAAC;IAED,oCAAoC;IACpC,KAAK,CAAC,OAAO,CAAC,KAAiB;QAC7B,IAAI,IAAI,CAAC,KAAK,KAAK,WAAW,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,IAAI,qBAAqB,CAAC,wBAAwB,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,qBAAqB,CAAC,+DAA+D,CAAC,CAAC;QACnG,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC9B,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBACvC,OAAO,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACrD,CAAC,EAAE,KAAK,CAAC,CAAC;YAEV,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1D,IAAI,CAAC,EAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,SAAS,CACP,OAAsB,EACtB,OAA6B,EAC7B,MAAmB;QAEnB,MAAM,KAAK,GAAG,cAAc,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;QAEhD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE;YAC5B,OAAO;YACP,QAAQ,EAAE,OAAO;YACjB,YAAY,EAAE,MAAM;SACrB,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;YAC/B,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,2BAA2B;IAC3B,iBAAiB,CAAC,KAAa;QAC7B,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjC,IAAI,IAAI,CAAC,KAAK,KAAK,WAAW,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;YAC1C,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAsB,EAAE,YAAoB,KAAK;QACrD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,MAAM,GAAiB,EAAE,CAAC;YAChC,IAAI,QAAQ,GAAG,KAAK,CAAC;YAErB,MAAM,IAAI,GAAG,GAAG,EAAE;gBAChB,IAAI,QAAQ;oBAAE,OAAO;gBACrB,QAAQ,GAAG,IAAI,CAAC;gBAChB,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBAC9B,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC,CAAC;YAEF,MAAM,SAAS,GAAG,MAAM,CAAC;YACzB,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAC1B,OAAO,EACP,CAAC,KAAK,EAAE,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,MAAM,IAAI,SAAS;gBAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAC1E,GAAG,EAAE,CAAC,IAAI,EAAE,CACb,CAAC;YAEF,4EAA4E;YAC5E,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,SAAS,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,gBAAgB,CAAC,KAAa,EAAE,OAAsB;QAC5D,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;YACZ,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,IAAY;QAChC,IAAI,IAAI,CAAC,MAAM,GAAG,gBAAgB;YAAE,OAAO;QAC3C,IAAI,CAAC;YACH,MAAM,GAAG,GAAY,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACtC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ;gBAAE,OAAO;YAEhF,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACf,KAAK,OAAO,CAAC,CAAC,CAAC;oBACb,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI;wBAAE,MAAM;oBACzG,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAA4B,CAAC;oBAC9C,qDAAqD;oBACrD,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ;wBAC5D,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ;wBAClE,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;wBAC3D,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ;wBAAE,MAAM;oBACvC,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAW,CAAC;oBAC/B,MAAM,KAAK,GAAG,GAA4B,CAAC;oBAC3C,MAAM,YAAY,GAAa,EAAE,CAAC;oBAClC,uBAAuB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;oBAC7C,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAC5B,MAAM,CAAC,0BAA0B;oBACnC,CAAC;oBACD,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;oBAC1C,IAAI,GAAG,EAAE,CAAC;wBACR,IAAI,IAAI,CAAC,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;4BACxC,WAAW,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;gCAChC,IAAI,KAAK,EAAE,CAAC;oCACV,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;gCACtB,CAAC;qCAAM,CAAC;oCACN,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC,KAAK,EAAE,+BAA+B,CAAC,CAAC;gCACzE,CAAC;4BACH,CAAC,CAAC,CAAC;wBACL,CAAC;6BAAM,CAAC;4BACN,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;wBACtB,CAAC;oBACH,CAAC;oBACD,MAAM;gBACR,CAAC;gBAED,KAAK,IAAI,CAAC,CAAC,CAAC;oBACV,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ;wBAAE,MAAM;oBACrH,MAAM,OAAO,GAAG,GAAG,CAAC,CAAC,CAAW,CAAC;oBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBACnD,IAAI,OAAO,EAAE,CAAC;wBACZ,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;wBAC9B,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;wBACtC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,CAAY,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAW,EAAE,CAAC,CAAC;oBACxE,CAAC;oBACD,MAAM;gBACR,CAAC;gBAED,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ;wBAAE,MAAM;oBACtC,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC3C,GAAG,EAAE,YAAY,EAAE,EAAE,CAAC;oBACtB,MAAM;gBACR,CAAC;gBAED,KAAK,MAAM,CAAC,CAAC,CAAC;oBACZ,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ;wBAAE,MAAM;oBACtC,8EAA8E;oBAC9E,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,GAAG;wBAAE,MAAM;oBAC/B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;oBACxB,MAAM;gBACR,CAAC;gBAED,KAAK,QAAQ,CAAC,CAAC,CAAC;oBACd,sDAAsD;oBACtD,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6BAA6B;QAC/B,CAAC;IACH,CAAC;IAED,mCAAmC;IAC3B,KAAK,CAAC,UAAU,CAAC,SAAiB;QACxC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc;YAAE,OAAO;QAEzC,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,SAAS,GAAkB;YAC/B,IAAI,EAAE,eAAe;YACrB,MAAM;YACN,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACzC,IAAI,EAAE;gBACJ,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC;gBACnB,CAAC,WAAW,EAAE,SAAS,CAAC;aACzB;YACD,OAAO,EAAE,EAAE;SACZ,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACvE,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;IAEO,eAAe;QACrB,IAAI,IAAI,CAAC,mBAAmB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa;YAAE,OAAO;QACpE,IAAI,IAAI,CAAC,iBAAiB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,oBAAoB,IAAI,CAAC,CAAC;YAAE,OAAO;QAE/E,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,IAAI,CAAC,cAAc,GAAG,UAAU,CAAC,GAAG,EAAE;YACpC,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE;gBACxB,iCAAiC;YACnC,CAAC,CAAC,CAAC;QACL,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAClC,CAAC;CACF;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,KAAiB,EACjB,SAAmB;IAEnB,MAAM,OAAO,GAAG,IAAI,GAAG,EAA4C,CAAC;IAEpE,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC3C,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,EAAE,CAAC,CAAC;QACrG,CAAC;gBAAS,CAAC;YACT,KAAK,CAAC,UAAU,EAAE,CAAC;QACrB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IACnC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,OAAsB;IAEtB,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC;QACtB,OAAO,MAAM,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;YAAS,CAAC;QACT,KAAK,CAAC,UAAU,EAAE,CAAC;IACrB,CAAC;AACH,CAAC"}

package/dist/ring-signature.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { type RingSignature, MAX_RING_SIZE } from '@forgesworn/ring-sig';
+export { MAX_RING_SIZE, type RingSignature };
+/**
+ * Sign a message with a ring signature using Signet's domain separator.
+ *
+ * @param message - The message to sign (will be hashed)
+ * @param ring - Array of x-only public keys (hex) forming the anonymity set
+ * @param signerIndex - Index of the actual signer in the ring
+ * @param privateKey - Signer's private key (hex)
+ * @returns A ring signature
+ */
+export declare function ringSign(message: string, ring: string[], signerIndex: number, privateKey: string): RingSignature;
+/**
+ * Verify a ring signature.
+ *
+ * @param sig - The ring signature to verify
+ * @returns true if the signature is valid
+ */
+export declare function ringVerify(sig: RingSignature): boolean;
+/**
+ * Create a ring signature for a Signet credential.
+ * Wraps ringSign with credential-specific message construction.
+ *
+ * @param credentialEventId - The event ID of the credential being signed
+ * @param subjectPubkey - The pubkey of the person being verified
+ * @param ring - Array of verifier pubkeys forming the anonymity set
+ * @param signerIndex - Index of the actual signing verifier
+ * @param privateKey - Signing verifier's private key
+ */
+export declare function signCredentialRing(credentialEventId: string, subjectPubkey: string, ring: string[], signerIndex: number, privateKey: string): RingSignature;
+/**
+ * Verify a ring signature on a Signet credential.
+ */
+export declare function verifyCredentialRing(sig: RingSignature, credentialEventId: string, subjectPubkey: string): boolean;
+//# sourceMappingURL=ring-signature.d.ts.map

package/dist/ring-signature.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ring-signature.d.ts","sourceRoot":"","sources":["../src/ring-signature.ts"],"names":[],"mappings":"AAIA,OAAO,EAAoD,KAAK,aAAa,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAI3H,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,CAAC;AAE7C;;;;;;;;GAQG;AACH,wBAAgB,QAAQ,CACtB,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,EACd,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,GACjB,aAAa,CAKf;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAEtD;AAED;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAChC,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,MAAM,EACrB,IAAI,EAAE,MAAM,EAAE,EACd,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,GACjB,aAAa,CAKf;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,GAAG,EAAE,aAAa,EAClB,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,MAAM,GACpB,OAAO,CAIT"}

package/dist/ring-signature.js ADDED Viewed

@@ -0,0 +1,56 @@
+// SAG Ring Signatures — thin re-export from @forgesworn/ring-sig with Signet domain separator
+// Proves "one of N public keys signed this message" without revealing which one.
+// Used for Tier 3/4 issuer privacy: "a professional verified this" without revealing which professional.
+import { ringSign as _ringSign, ringVerify as _ringVerify, MAX_RING_SIZE } from '@forgesworn/ring-sig';
+const SIGNET_SAG_DOMAIN = 'signet-sag-v1';
+export { MAX_RING_SIZE };
+/**
+ * Sign a message with a ring signature using Signet's domain separator.
+ *
+ * @param message - The message to sign (will be hashed)
+ * @param ring - Array of x-only public keys (hex) forming the anonymity set
+ * @param signerIndex - Index of the actual signer in the ring
+ * @param privateKey - Signer's private key (hex)
+ * @returns A ring signature
+ */
+export function ringSign(message, ring, signerIndex, privateKey) {
+    const sig = _ringSign(message, ring, signerIndex, privateKey, SIGNET_SAG_DOMAIN);
+    // Ensure the domain is carried in the signature so ringVerify uses the correct domain
+    sig.domain = SIGNET_SAG_DOMAIN;
+    return sig;
+}
+/**
+ * Verify a ring signature.
+ *
+ * @param sig - The ring signature to verify
+ * @returns true if the signature is valid
+ */
+export function ringVerify(sig) {
+    return _ringVerify(sig);
+}
+/**
+ * Create a ring signature for a Signet credential.
+ * Wraps ringSign with credential-specific message construction.
+ *
+ * @param credentialEventId - The event ID of the credential being signed
+ * @param subjectPubkey - The pubkey of the person being verified
+ * @param ring - Array of verifier pubkeys forming the anonymity set
+ * @param signerIndex - Index of the actual signing verifier
+ * @param privateKey - Signing verifier's private key
+ */
+export function signCredentialRing(credentialEventId, subjectPubkey, ring, signerIndex, privateKey) {
+    const message = `signet:credential:${credentialEventId}:${subjectPubkey}`;
+    const sig = _ringSign(message, ring, signerIndex, privateKey, SIGNET_SAG_DOMAIN);
+    sig.domain = SIGNET_SAG_DOMAIN;
+    return sig;
+}
+/**
+ * Verify a ring signature on a Signet credential.
+ */
+export function verifyCredentialRing(sig, credentialEventId, subjectPubkey) {
+    const expectedMessage = `signet:credential:${credentialEventId}:${subjectPubkey}`;
+    if (sig.message !== expectedMessage)
+        return false;
+    return _ringVerify(sig);
+}
+//# sourceMappingURL=ring-signature.js.map

package/dist/ring-signature.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ring-signature.js","sourceRoot":"","sources":["../src/ring-signature.ts"],"names":[],"mappings":"AAAA,8FAA8F;AAC9F,iFAAiF;AACjF,yGAAyG;AAEzG,OAAO,EAAE,QAAQ,IAAI,SAAS,EAAE,UAAU,IAAI,WAAW,EAAsB,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE3H,MAAM,iBAAiB,GAAG,eAAe,CAAC;AAE1C,OAAO,EAAE,aAAa,EAAsB,CAAC;AAE7C;;;;;;;;GAQG;AACH,MAAM,UAAU,QAAQ,CACtB,OAAe,EACf,IAAc,EACd,WAAmB,EACnB,UAAkB;IAElB,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE,iBAAiB,CAAC,CAAC;IACjF,sFAAsF;IACtF,GAAG,CAAC,MAAM,GAAG,iBAAiB,CAAC;IAC/B,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,GAAkB;IAC3C,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,kBAAkB,CAChC,iBAAyB,EACzB,aAAqB,EACrB,IAAc,EACd,WAAmB,EACnB,UAAkB;IAElB,MAAM,OAAO,GAAG,qBAAqB,iBAAiB,IAAI,aAAa,EAAE,CAAC;IAC1E,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE,iBAAiB,CAAC,CAAC;IACjF,GAAG,CAAC,MAAM,GAAG,iBAAiB,CAAC;IAC/B,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,GAAkB,EAClB,iBAAyB,EACzB,aAAqB;IAErB,MAAM,eAAe,GAAG,qBAAqB,iBAAiB,IAAI,aAAa,EAAE,CAAC;IAClF,IAAI,GAAG,CAAC,OAAO,KAAK,eAAe;QAAE,OAAO,KAAK,CAAC;IAClD,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC"}

package/dist/shamir.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * Shamir's Secret Sharing over GF(256).
+ *
+ * INTENTIONAL DUPLICATION: Dominion Protocol has its own GF(256) Shamir
+ * implementation. The low-level maths is identical but the protocols serve
+ * different purposes:
+ *
+ *   - Signet: splits identity keys across PEOPLE (guardian recovery).
+ *     Shares are encoded as BIP-39 words for human exchange.
+ *   - Dominion: splits content keys across MACHINES (warden relays).
+ *     Shares are raw bytes for relay distribution.
+ *
+ * Coupling the protocols via a shared dependency is worse than ~100 lines
+ * of duplicated arithmetic. GF(256) is stable and will never change.
+ *
+ * See: trott-business/docs/plans/2026-03-12-fathom-alpha-live-design.md
+ */
+export interface ShamirShare {
+    id: number;
+    data: Uint8Array;
+}
+/** Addition in GF(256) is XOR */
+export declare function gf256Add(a: number, b: number): number;
+/** Multiplication in GF(256) using log/exp tables */
+export declare function gf256Mul(a: number, b: number): number;
+/** Multiplicative inverse in GF(256) */
+export declare function gf256Inv(a: number): number;
+/**
+ * Split a secret into shares using Shamir's Secret Sharing over GF(256).
+ *
+ * @param secret    The secret bytes to split
+ * @param threshold Minimum shares needed to reconstruct (>= 2)
+ * @param shares    Total number of shares to create (>= threshold, <= 255)
+ * @returns Array of ShamirShare objects
+ */
+export declare function splitSecret(secret: Uint8Array, threshold: number, shares: number): ShamirShare[];
+/**
+ * Reconstruct a secret from shares using Lagrange interpolation over GF(256).
+ *
+ * @param shares    Array of shares (at least `threshold` shares)
+ * @param threshold The threshold used during splitting
+ * @returns The reconstructed secret bytes
+ */
+export declare function reconstructSecret(shares: ShamirShare[], threshold: number): Uint8Array;
+/**
+ * Encode a share as BIP-39 words.
+ * Prepends the share ID byte to the data, then converts to 11-bit groups.
+ */
+export declare function shareToWords(share: ShamirShare): string[];
+/**
+ * Decode BIP-39 words back to a share.
+ * Reverses the encoding from shareToWords.
+ */
+export declare function wordsToShare(words: string[]): ShamirShare;
+//# sourceMappingURL=shamir.d.ts.map

package/dist/shamir.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"shamir.d.ts","sourceRoot":"","sources":["../src/shamir.ts"],"names":[],"mappings":"AAQA;;;;;;;;;;;;;;;;GAgBG;AAMH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,UAAU,CAAC;CAClB;AAwCD,iCAAiC;AACjC,wBAAgB,QAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAErD;AAED,qDAAqD;AACrD,wBAAgB,QAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAGrD;AAED,wCAAwC;AACxC,wBAAgB,QAAQ,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAG1C;AAkBD;;;;;;;GAOG;AACH,wBAAgB,WAAW,CACzB,MAAM,EAAE,UAAU,EAClB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GACb,WAAW,EAAE,CAwCf;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,WAAW,EAAE,EACrB,SAAS,EAAE,MAAM,GAChB,UAAU,CAuDZ;AAMD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,EAAE,CA+BzD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,WAAW,CAkDzD"}