signet-protocol 0.1.0

package/dist/compliance.d.ts

@@ -0,0 +1,82 @@
+import type { NostrEvent } from './types.js';
+export type ComplianceSeverity = 'error' | 'warning' | 'info';
+export interface ComplianceIssue {
+    code: string;
+    severity: ComplianceSeverity;
+    jurisdiction: string;
+    message: string;
+    regulation: string;
+    remediation?: string;
+}
+export interface ComplianceResult {
+    compliant: boolean;
+    issues: ComplianceIssue[];
+    jurisdiction: string;
+    checkedAt: number;
+}
+export interface CrossBorderResult {
+    allowed: boolean;
+    mechanism?: string;
+    issues: ComplianceIssue[];
+    fromJurisdiction: string;
+    toJurisdiction: string;
+}
+export interface ChildComplianceResult {
+    compliant: boolean;
+    issues: ComplianceIssue[];
+    jurisdiction: string;
+    minConsentAge: number;
+    ageOfMajority: number;
+    requiresParentalConsent: boolean;
+}
+export interface ConsentRequirement {
+    jurisdiction: string;
+    requiresExplicitConsent: boolean;
+    consentAge: number;
+    parentalConsentRequired: boolean;
+    dataCategories: string[];
+    specialCategories: string[];
+    notes?: string;
+}
+/**
+ * Check if a credential complies with a jurisdiction's regulations.
+ */
+export declare function checkCredentialCompliance(credential: NostrEvent, jurisdictionCode: string): ComplianceResult;
+/**
+ * Check if a credential can be used across borders.
+ */
+export declare function checkCrossBorderCompliance(fromJurisdiction: string, toJurisdiction: string): CrossBorderResult;
+/**
+ * Check child data protection compliance for a jurisdiction.
+ */
+export declare function checkChildCompliance(childAge: number, jurisdictionCode: string): ChildComplianceResult;
+/**
+ * Get consent requirements for a jurisdiction.
+ */
+export declare function getConsentRequirements(jurisdictionCode: string): ConsentRequirement;
+/**
+ * Get data retention guidance for a jurisdiction.
+ */
+export declare function getRetentionGuidance(jurisdictionCode: string): {
+    maxDays: number;
+    guidance: string;
+    regulation: string;
+};
+/**
+ * Check compliance across multiple jurisdictions simultaneously.
+ * Useful for credentials that may be used internationally.
+ */
+export declare function checkMultiJurisdictionCompliance(credential: NostrEvent, jurisdictions: string[]): Map<string, ComplianceResult>;
+/**
+ * Find the most restrictive requirements across jurisdictions.
+ * Useful for setting defaults that satisfy all target jurisdictions.
+ */
+export declare function getMostRestrictiveRequirements(jurisdictions: string[]): {
+    highestConsentAge: number;
+    highestAgeOfMajority: number;
+    requiresExplicitConsent: boolean;
+    shortestBreachNotification: number;
+    allRequireErasure: boolean;
+    jurisdictions: string[];
+};
+//# sourceMappingURL=compliance.d.ts.map

package/dist/compliance.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance.d.ts","sourceRoot":"","sources":["../src/compliance.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAI7C,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;AAE9D,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,uBAAuB,EAAE,OAAO,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,uBAAuB,EAAE,OAAO,CAAC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,uBAAuB,EAAE,OAAO,CAAC;IACjC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,UAAU,EAAE,UAAU,EACtB,gBAAgB,EAAE,MAAM,GACvB,gBAAgB,CAoGlB;AAID;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,gBAAgB,EAAE,MAAM,EACxB,cAAc,EAAE,MAAM,GACrB,iBAAiB,CA0EnB;AAID;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,MAAM,EAChB,gBAAgB,EAAE,MAAM,GACvB,qBAAqB,CA4FvB;AAID;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,gBAAgB,EAAE,MAAM,GAAG,kBAAkB,CAyCnF;AAID;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,gBAAgB,EAAE,MAAM,GAAG;IAC9D,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB,CAgCA;AAID;;;GAGG;AACH,wBAAgB,gCAAgC,CAC9C,UAAU,EAAE,UAAU,EACtB,aAAa,EAAE,MAAM,EAAE,GACtB,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAM/B;AAED;;;GAGG;AACH,wBAAgB,8BAA8B,CAAC,aAAa,EAAE,MAAM,EAAE,GAAG;IACvE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,uBAAuB,EAAE,OAAO,CAAC;IACjC,0BAA0B,EAAE,MAAM,CAAC;IACnC,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB,CA4BA"}

package/dist/compliance.js

@@ -0,0 +1,478 @@
+// Signet Compliance Module
+// Jurisdiction-aware compliance checking for credentials, data transfers,
+// child protection, and professional regulation.
+import { getJurisdiction, canTransferData, isProfessionRegulated, } from 'jurisdiction-kit';
+import { getTagValue } from './validation.js';
+import { SignetValidationError } from './errors.js';
+const GDPR_JURISDICTIONS = ['GB', 'FR', 'DE', 'ES', 'IT', 'NL', 'IE'];
+// --- Credential Compliance ---
+/**
+ * Check if a credential complies with a jurisdiction's regulations.
+ */
+export function checkCredentialCompliance(credential, jurisdictionCode) {
+    const issues = [];
+    const j = getJurisdiction(jurisdictionCode);
+    if (!j) {
+        return {
+            compliant: false,
+            issues: [{
+                    code: 'UNKNOWN_JURISDICTION',
+                    severity: 'error',
+                    jurisdiction: jurisdictionCode,
+                    message: `Jurisdiction '${jurisdictionCode}' is not recognised in the Signet registry.`,
+                    regulation: 'Signet Protocol',
+                }],
+            jurisdiction: jurisdictionCode,
+            checkedAt: Math.floor(Date.now() / 1000),
+        };
+    }
+    // Check profession regulation
+    const profession = getTagValue(credential, 'profession');
+    if (profession) {
+        const profType = mapProfessionString(profession);
+        if (profType && !isProfessionRegulated(jurisdictionCode, profType)) {
+            issues.push({
+                code: 'PROFESSION_NOT_REGULATED',
+                severity: 'warning',
+                jurisdiction: jurisdictionCode,
+                message: `Profession '${profession}' is not registered as regulated in ${j.name}.`,
+                regulation: 'Professional Regulation',
+                remediation: 'Verify the profession is regulated in this jurisdiction before issuing credentials.',
+            });
+        }
+    }
+    // Check credential expiry
+    const expiresStr = getTagValue(credential, 'expiration');
+    if (expiresStr) {
+        const expires = parseInt(expiresStr, 10);
+        const now = Math.floor(Date.now() / 1000);
+        if (isNaN(expires) || expires < now) {
+            issues.push({
+                code: 'CREDENTIAL_EXPIRED',
+                severity: 'error',
+                jurisdiction: jurisdictionCode,
+                message: 'Credential has expired.',
+                regulation: 'Credential Validity',
+                remediation: 'Renew the credential before use.',
+            });
+        }
+    }
+    // Check electronic signature recognition
+    if (!j.eSignatureRecognised) {
+        issues.push({
+            code: 'ESIGNATURE_NOT_RECOGNISED',
+            severity: 'warning',
+            jurisdiction: jurisdictionCode,
+            message: `Electronic signatures may not be fully recognised in ${j.name}.`,
+            regulation: 'Electronic Signatures',
+            remediation: 'Additional attestation or wet signature may be required.',
+        });
+    }
+    // Check scope for child-related credentials
+    const scope = getTagValue(credential, 'scope');
+    if (scope === 'adult+child') {
+        const childIssues = checkChildDataRequirements(credential, j);
+        issues.push(...childIssues);
+    }
+    // Check data protection consent requirements
+    if (j.dataProtection.requiresExplicitConsent) {
+        issues.push({
+            code: 'CONSENT_REQUIRED',
+            severity: 'info',
+            jurisdiction: jurisdictionCode,
+            message: `${j.dataProtection.name} requires explicit consent for processing personal data.`,
+            regulation: j.dataProtection.fullName,
+            remediation: 'Ensure explicit consent is obtained and recorded before credential issuance.',
+        });
+    }
+    // Check breach notification requirements
+    if (j.dataProtection.breachNotificationHours > 0) {
+        issues.push({
+            code: 'BREACH_NOTIFICATION',
+            severity: 'info',
+            jurisdiction: jurisdictionCode,
+            message: `Data breaches must be reported to ${j.dataProtection.supervisoryAuthority} within ${j.dataProtection.breachNotificationHours} hours.`,
+            regulation: j.dataProtection.fullName,
+        });
+    }
+    return {
+        compliant: !issues.some((i) => i.severity === 'error'),
+        issues,
+        jurisdiction: jurisdictionCode,
+        checkedAt: Math.floor(Date.now() / 1000),
+    };
+}
+// --- Cross-Border Compliance ---
+/**
+ * Check if a credential can be used across borders.
+ */
+export function checkCrossBorderCompliance(fromJurisdiction, toJurisdiction) {
+    const issues = [];
+    const transfer = canTransferData(fromJurisdiction, toJurisdiction);
+    const fromJ = getJurisdiction(fromJurisdiction);
+    const toJ = getJurisdiction(toJurisdiction);
+    if (!fromJ || !toJ) {
+        return {
+            allowed: false,
+            issues: [{
+                    code: 'UNKNOWN_JURISDICTION',
+                    severity: 'error',
+                    jurisdiction: fromJurisdiction,
+                    message: 'One or both jurisdictions are not recognised.',
+                    regulation: 'Signet Protocol',
+                }],
+            fromJurisdiction,
+            toJurisdiction,
+        };
+    }
+    if (transfer.mechanism === 'safeguards-required') {
+        issues.push({
+            code: 'SAFEGUARDS_REQUIRED',
+            severity: 'warning',
+            jurisdiction: fromJurisdiction,
+            message: `Transfer from ${fromJ.name} to ${toJ.name} requires Standard Contractual Clauses or equivalent safeguards.`,
+            regulation: fromJ.dataProtection.fullName,
+            remediation: 'Implement SCCs, BCRs, or obtain an adequacy determination.',
+        });
+    }
+    // Special cases
+    if (fromJurisdiction === 'CN') {
+        issues.push({
+            code: 'CN_DATA_LOCALIZATION',
+            severity: 'warning',
+            jurisdiction: 'CN',
+            message: 'China\'s PIPL requires data localization. Cross-border transfers require security assessment by CAC.',
+            regulation: 'Personal Information Protection Law (PIPL)',
+            remediation: 'Complete a data export security assessment or obtain PPC certification.',
+        });
+    }
+    if (fromJurisdiction === 'IN') {
+        issues.push({
+            code: 'IN_DATA_LOCALIZATION',
+            severity: 'info',
+            jurisdiction: 'IN',
+            message: 'India\'s DPDPA 2023 may restrict transfers to certain jurisdictions via government notification.',
+            regulation: 'Digital Personal Data Protection Act 2023',
+            remediation: 'Check the list of restricted jurisdictions published by the Indian government.',
+        });
+    }
+    if (fromJurisdiction === 'SA') {
+        issues.push({
+            code: 'SA_CROSS_BORDER',
+            severity: 'warning',
+            jurisdiction: 'SA',
+            message: 'Saudi Arabia requires data to remain within the Kingdom unless specific conditions are met.',
+            regulation: 'Personal Data Protection Law (Royal Decree M/19)',
+            remediation: 'Ensure the transfer meets SDAIA cross-border transfer requirements.',
+        });
+    }
+    return {
+        allowed: transfer.allowed,
+        mechanism: transfer.mechanism,
+        issues,
+        fromJurisdiction,
+        toJurisdiction,
+    };
+}
+// --- Child Protection Compliance ---
+/**
+ * Check child data protection compliance for a jurisdiction.
+ */
+export function checkChildCompliance(childAge, jurisdictionCode) {
+    if (!Number.isFinite(childAge) || childAge < 0 || childAge > 150) {
+        throw new SignetValidationError(`Invalid childAge: ${childAge} (must be 0-150)`);
+    }
+    const issues = [];
+    const j = getJurisdiction(jurisdictionCode);
+    if (!j) {
+        return {
+            compliant: false,
+            issues: [{
+                    code: 'UNKNOWN_JURISDICTION',
+                    severity: 'error',
+                    jurisdiction: jurisdictionCode,
+                    message: `Jurisdiction '${jurisdictionCode}' is not recognised.`,
+                    regulation: 'Signet Protocol',
+                }],
+            jurisdiction: jurisdictionCode,
+            minConsentAge: 16,
+            ageOfMajority: 18,
+            requiresParentalConsent: true,
+        };
+    }
+    const consentAge = j.childProtection.minAgeDigitalConsent;
+    const majority = j.childProtection.ageOfMajority;
+    const needsParental = childAge < consentAge;
+    if (needsParental) {
+        issues.push({
+            code: 'PARENTAL_CONSENT_REQUIRED',
+            severity: 'error',
+            jurisdiction: jurisdictionCode,
+            message: `Child age ${childAge} is below the digital consent age of ${consentAge} in ${j.name}. Verifiable parental consent is required.`,
+            regulation: j.childProtection.name,
+            remediation: 'Obtain and record verifiable parental consent before processing child data.',
+        });
+    }
+    if (j.childProtection.enhancedProtections) {
+        issues.push({
+            code: 'ENHANCED_CHILD_PROTECTIONS',
+            severity: 'info',
+            jurisdiction: jurisdictionCode,
+            message: `${j.name} requires enhanced protections for children's data under ${j.childProtection.name}.`,
+            regulation: j.childProtection.name,
+            remediation: 'Apply data minimisation, purpose limitation, and enhanced security for child data.',
+        });
+    }
+    if (j.childProtection.profilingRestrictions) {
+        issues.push({
+            code: 'PROFILING_RESTRICTED',
+            severity: 'warning',
+            jurisdiction: jurisdictionCode,
+            message: `Automated profiling of children is restricted in ${j.name}.`,
+            regulation: j.childProtection.name,
+            remediation: 'Do not use child data for automated profiling or targeted services.',
+        });
+    }
+    // Jurisdiction-specific child protection rules
+    if (jurisdictionCode === 'US') {
+        issues.push({
+            code: 'COPPA_COMPLIANCE',
+            severity: 'warning',
+            jurisdiction: 'US',
+            message: 'COPPA requires verifiable parental consent before collecting data from children under 13.',
+            regulation: "Children's Online Privacy Protection Act (COPPA)",
+            remediation: 'Implement COPPA-compliant consent mechanisms (signed form, credit card verification, etc.).',
+        });
+    }
+    if (jurisdictionCode === 'GB') {
+        issues.push({
+            code: 'AADC_COMPLIANCE',
+            severity: 'info',
+            jurisdiction: 'GB',
+            message: 'The Age Appropriate Design Code (Children\'s Code) applies to services likely to be accessed by children.',
+            regulation: 'Age Appropriate Design Code (ICO)',
+            remediation: 'Conduct a Data Protection Impact Assessment (DPIA) for child-facing features.',
+        });
+    }
+    return {
+        compliant: !issues.some((i) => i.severity === 'error'),
+        issues,
+        jurisdiction: jurisdictionCode,
+        minConsentAge: consentAge,
+        ageOfMajority: majority,
+        requiresParentalConsent: needsParental,
+    };
+}
+// --- Consent Requirements ---
+/**
+ * Get consent requirements for a jurisdiction.
+ */
+export function getConsentRequirements(jurisdictionCode) {
+    const j = getJurisdiction(jurisdictionCode);
+    if (!j) {
+        return {
+            jurisdiction: jurisdictionCode,
+            requiresExplicitConsent: true,
+            consentAge: 16,
+            parentalConsentRequired: true,
+            dataCategories: ['identity', 'professional-status'],
+            specialCategories: ['biometric-hash', 'child-age-range'],
+        };
+    }
+    const base = {
+        jurisdiction: jurisdictionCode,
+        requiresExplicitConsent: j.dataProtection.requiresExplicitConsent,
+        consentAge: j.childProtection.minAgeDigitalConsent,
+        parentalConsentRequired: j.childProtection.requiresParentalConsent,
+        dataCategories: ['identity', 'professional-status', 'jurisdiction'],
+        specialCategories: [],
+    };
+    // Add special category data based on credential types
+    if (j.childProtection.enhancedProtections) {
+        base.specialCategories.push('child-age-range');
+    }
+    // GDPR special categories
+    if (GDPR_JURISDICTIONS.includes(jurisdictionCode)) {
+        base.specialCategories.push('biometric-hash');
+        base.notes = 'GDPR Article 9 applies — biometric data used for identification is a special category.';
+    }
+    // Brazil LGPD sensitive data
+    if (jurisdictionCode === 'BR') {
+        base.specialCategories.push('biometric-hash');
+        base.notes = 'LGPD treats biometric data as sensitive personal data requiring specific legal basis.';
+    }
+    return base;
+}
+// --- Data Retention ---
+/**
+ * Get data retention guidance for a jurisdiction.
+ */
+export function getRetentionGuidance(jurisdictionCode) {
+    const j = getJurisdiction(jurisdictionCode);
+    if (!j) {
+        return {
+            maxDays: 365,
+            guidance: 'Unknown jurisdiction — apply a conservative 1-year retention period.',
+            regulation: 'Best Practice',
+        };
+    }
+    if (j.dataProtection.maxRetentionDays > 0) {
+        return {
+            maxDays: j.dataProtection.maxRetentionDays,
+            guidance: `${j.name} mandates a maximum retention of ${j.dataProtection.maxRetentionDays} days.`,
+            regulation: j.dataProtection.fullName,
+        };
+    }
+    // Default guidance based on jurisdiction type
+    if (GDPR_JURISDICTIONS.includes(jurisdictionCode)) {
+        return {
+            maxDays: 0,
+            guidance: 'GDPR requires data to be kept no longer than necessary for the purpose. Apply data minimisation. Signet credentials are inherently time-limited via the expires tag.',
+            regulation: j.dataProtection.fullName,
+        };
+    }
+    return {
+        maxDays: 0,
+        guidance: `${j.dataProtection.name} does not specify a fixed retention period. Data should be retained only as long as necessary for the processing purpose.`,
+        regulation: j.dataProtection.fullName,
+    };
+}
+// --- Multi-Jurisdiction Compliance ---
+/**
+ * Check compliance across multiple jurisdictions simultaneously.
+ * Useful for credentials that may be used internationally.
+ */
+export function checkMultiJurisdictionCompliance(credential, jurisdictions) {
+    const results = new Map();
+    for (const code of jurisdictions) {
+        results.set(code, checkCredentialCompliance(credential, code));
+    }
+    return results;
+}
+/**
+ * Find the most restrictive requirements across jurisdictions.
+ * Useful for setting defaults that satisfy all target jurisdictions.
+ */
+export function getMostRestrictiveRequirements(jurisdictions) {
+    let highestConsentAge = 0;
+    let highestAgeOfMajority = 0;
+    let requiresExplicitConsent = false;
+    let shortestBreachNotification = Infinity;
+    let allRequireErasure = true;
+    for (const code of jurisdictions) {
+        const j = getJurisdiction(code);
+        if (!j)
+            continue;
+        highestConsentAge = Math.max(highestConsentAge, j.childProtection.minAgeDigitalConsent);
+        highestAgeOfMajority = Math.max(highestAgeOfMajority, j.childProtection.ageOfMajority);
+        if (j.dataProtection.requiresExplicitConsent)
+            requiresExplicitConsent = true;
+        if (j.dataProtection.breachNotificationHours > 0) {
+            shortestBreachNotification = Math.min(shortestBreachNotification, j.dataProtection.breachNotificationHours);
+        }
+        if (!j.dataProtection.rightToErasure)
+            allRequireErasure = false;
+    }
+    return {
+        highestConsentAge,
+        highestAgeOfMajority,
+        requiresExplicitConsent,
+        shortestBreachNotification: shortestBreachNotification === Infinity ? 0 : shortestBreachNotification,
+        allRequireErasure,
+        jurisdictions,
+    };
+}
+// --- Internal Helpers ---
+function mapProfessionString(profession) {
+    const map = {
+        solicitor: 'legal', lawyer: 'legal', attorney: 'legal', advocate: 'legal',
+        barrister: 'legal', avocat: 'legal', abogado: 'legal', advogado: 'legal',
+        rechtsanwalt: 'legal', avvocato: 'legal', advocaat: 'legal',
+        doctor: 'medical', physician: 'medical', surgeon: 'medical',
+        médecin: 'medical', arzt: 'medical', medico: 'medical',
+        notary: 'notary', notaire: 'notary', notar: 'notary', notaio: 'notary',
+        accountant: 'accounting', cpa: 'accounting', 'chartered-accountant': 'accounting',
+        'expert-comptable': 'accounting', wirtschaftsprüfer: 'accounting',
+        engineer: 'engineering', ingénieur: 'engineering', ingenieur: 'engineering',
+        ingeniero: 'engineering', engenheiro: 'engineering',
+        teacher: 'teaching', enseignant: 'teaching', lehrer: 'teaching',
+        profesor: 'teaching', professor: 'teaching',
+        veterinarian: 'veterinary', vet: 'veterinary',
+        veterinario: 'veterinary', vétérinaire: 'veterinary', tierarzt: 'veterinary',
+        pharmacist: 'pharmacy', 'pharmacy-technician': 'pharmacy',
+        farmacéutico: 'pharmacy', pharmacien: 'pharmacy', apotheker: 'pharmacy',
+        architect: 'architecture',
+        arquitecto: 'architecture', architecte: 'architecture', architekt: 'architecture',
+        'social-worker': 'social-work', 'social worker': 'social-work',
+        nurse: 'medical', midwife: 'medical',
+        dentist: 'medical', 'dental-hygienist': 'medical',
+        optometrist: 'medical', optician: 'medical',
+        osteopath: 'medical', chiropractor: 'medical',
+        paramedic: 'medical', physiotherapist: 'medical',
+        radiographer: 'medical', dietitian: 'medical',
+        'speech-therapist': 'medical', 'occupational-therapist': 'medical',
+    };
+    return map[profession.toLowerCase()];
+}
+function checkChildDataRequirements(credential, j) {
+    const issues = [];
+    // Check age range tag
+    const ageRange = getTagValue(credential, 'age-range');
+    if (!ageRange) {
+        issues.push({
+            code: 'MISSING_AGE_RANGE',
+            severity: 'error',
+            jurisdiction: j.code,
+            message: 'Child credential is missing the age-range tag.',
+            regulation: j.childProtection.name,
+            remediation: 'Include an age-range tag (e.g., "8-12") in the credential.',
+        });
+        return issues;
+    }
+    // Handle "18+" format (adults, no upper bound)
+    let minAge;
+    let maxAge;
+    if (ageRange.endsWith('+')) {
+        minAge = parseInt(ageRange.slice(0, -1), 10);
+        maxAge = 150;
+    }
+    else {
+        const [minStr, maxStr] = ageRange.split('-');
+        minAge = parseInt(minStr, 10);
+        maxAge = parseInt(maxStr, 10);
+    }
+    if (isNaN(minAge) || isNaN(maxAge)) {
+        issues.push({
+            code: 'INVALID_AGE_RANGE',
+            severity: 'error',
+            jurisdiction: j.code,
+            message: `Malformed age-range tag "${ageRange}" — cannot determine age bounds.`,
+            regulation: j.childProtection.name,
+            remediation: 'Use a valid age-range format: "0-3", "4-7", "8-12", "13-17", or "18+".',
+        });
+        return issues;
+    }
+    // Check if age range includes ages below digital consent age
+    if (minAge < j.childProtection.minAgeDigitalConsent) {
+        issues.push({
+            code: 'BELOW_CONSENT_AGE',
+            severity: 'warning',
+            jurisdiction: j.code,
+            message: `Age range ${ageRange} includes ages below the digital consent age of ${j.childProtection.minAgeDigitalConsent} in ${j.name}. Parental consent is required.`,
+            regulation: j.childProtection.name,
+            remediation: 'Ensure verifiable parental consent has been obtained.',
+        });
+    }
+    // Check that the age range is within expected bounds (skip upper check for open-ended "18+" ranges)
+    if (minAge < 0 || (!ageRange.endsWith('+') && maxAge > j.childProtection.ageOfMajority)) {
+        issues.push({
+            code: 'INVALID_AGE_RANGE',
+            severity: 'warning',
+            jurisdiction: j.code,
+            message: `Age range ${ageRange} extends beyond expected bounds for ${j.name} (0-${j.childProtection.ageOfMajority}).`,
+            regulation: j.childProtection.name,
+        });
+    }
+    return issues;
+}
+//# sourceMappingURL=compliance.js.map

package/dist/compliance.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance.js","sourceRoot":"","sources":["../src/compliance.ts"],"names":[],"mappings":"AAAA,2BAA2B;AAC3B,0EAA0E;AAC1E,iDAAiD;AAEjD,OAAO,EACL,eAAe,EACf,eAAe,EACf,qBAAqB,GAGtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAkDpD,MAAM,kBAAkB,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AAEtE,gCAAgC;AAEhC;;GAEG;AACH,MAAM,UAAU,yBAAyB,CACvC,UAAsB,EACtB,gBAAwB;IAExB,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,MAAM,CAAC,GAAG,eAAe,CAAC,gBAAgB,CAAC,CAAC;IAE5C,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,CAAC;oBACP,IAAI,EAAE,sBAAsB;oBAC5B,QAAQ,EAAE,OAAO;oBACjB,YAAY,EAAE,gBAAgB;oBAC9B,OAAO,EAAE,iBAAiB,gBAAgB,6CAA6C;oBACvF,UAAU,EAAE,iBAAiB;iBAC9B,CAAC;YACF,YAAY,EAAE,gBAAgB;YAC9B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;SACzC,CAAC;IACJ,CAAC;IAED,8BAA8B;IAC9B,MAAM,UAAU,GAAG,WAAW,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IACzD,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,QAAQ,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,QAAQ,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,QAAQ,CAAC,EAAE,CAAC;YACnE,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,0BAA0B;gBAChC,QAAQ,EAAE,SAAS;gBACnB,YAAY,EAAE,gBAAgB;gBAC9B,OAAO,EAAE,eAAe,UAAU,uCAAuC,CAAC,CAAC,IAAI,GAAG;gBAClF,UAAU,EAAE,yBAAyB;gBACrC,WAAW,EAAE,qFAAqF;aACnG,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,UAAU,GAAG,WAAW,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IACzD,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,oBAAoB;gBAC1B,QAAQ,EAAE,OAAO;gBACjB,YAAY,EAAE,gBAAgB;gBAC9B,OAAO,EAAE,yBAAyB;gBAClC,UAAU,EAAE,qBAAqB;gBACjC,WAAW,EAAE,kCAAkC;aAChD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yCAAyC;IACzC,IAAI,CAAC,CAAC,CAAC,oBAAoB,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,2BAA2B;YACjC,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,wDAAwD,CAAC,CAAC,IAAI,GAAG;YAC1E,UAAU,EAAE,uBAAuB;YACnC,WAAW,EAAE,0DAA0D;SACxE,CAAC,CAAC;IACL,CAAC;IAED,4CAA4C;IAC5C,MAAM,KAAK,GAAG,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC/C,IAAI,KAAK,KAAK,aAAa,EAAE,CAAC;QAC5B,MAAM,WAAW,GAAG,0BAA0B,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QAC9D,MAAM,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;IAC9B,CAAC;IAED,6CAA6C;IAC7C,IAAI,CAAC,CAAC,cAAc,CAAC,uBAAuB,EAAE,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,kBAAkB;YACxB,QAAQ,EAAE,MAAM;YAChB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,GAAG,CAAC,CAAC,cAAc,CAAC,IAAI,0DAA0D;YAC3F,UAAU,EAAE,CAAC,CAAC,cAAc,CAAC,QAAQ;YACrC,WAAW,EAAE,8EAA8E;SAC5F,CAAC,CAAC;IACL,CAAC;IAED,yCAAyC;IACzC,IAAI,CAAC,CAAC,cAAc,CAAC,uBAAuB,GAAG,CAAC,EAAE,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,qBAAqB;YAC3B,QAAQ,EAAE,MAAM;YAChB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,qCAAqC,CAAC,CAAC,cAAc,CAAC,oBAAoB,WAAW,CAAC,CAAC,cAAc,CAAC,uBAAuB,SAAS;YAC/I,UAAU,EAAE,CAAC,CAAC,cAAc,CAAC,QAAQ;SACtC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,SAAS,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC;QACtD,MAAM;QACN,YAAY,EAAE,gBAAgB;QAC9B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;KACzC,CAAC;AACJ,CAAC;AAED,kCAAkC;AAElC;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,gBAAwB,EACxB,cAAsB;IAEtB,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG,eAAe,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC;IAEnE,MAAM,KAAK,GAAG,eAAe,CAAC,gBAAgB,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,eAAe,CAAC,cAAc,CAAC,CAAC;IAE5C,IAAI,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC;QACnB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,CAAC;oBACP,IAAI,EAAE,sBAAsB;oBAC5B,QAAQ,EAAE,OAAO;oBACjB,YAAY,EAAE,gBAAgB;oBAC9B,OAAO,EAAE,+CAA+C;oBACxD,UAAU,EAAE,iBAAiB;iBAC9B,CAAC;YACF,gBAAgB;YAChB,cAAc;SACf,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,CAAC,SAAS,KAAK,qBAAqB,EAAE,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,qBAAqB;YAC3B,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,iBAAiB,KAAK,CAAC,IAAI,OAAO,GAAG,CAAC,IAAI,kEAAkE;YACrH,UAAU,EAAE,KAAK,CAAC,cAAc,CAAC,QAAQ;YACzC,WAAW,EAAE,4DAA4D;SAC1E,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB;IAChB,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,IAAI;YAClB,OAAO,EAAE,sGAAsG;YAC/G,UAAU,EAAE,4CAA4C;YACxD,WAAW,EAAE,yEAAyE;SACvF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,MAAM;YAChB,YAAY,EAAE,IAAI;YAClB,OAAO,EAAE,kGAAkG;YAC3G,UAAU,EAAE,2CAA2C;YACvD,WAAW,EAAE,gFAAgF;SAC9F,CAAC,CAAC;IACL,CAAC;IAED,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,iBAAiB;YACvB,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,IAAI;YAClB,OAAO,EAAE,6FAA6F;YACtG,UAAU,EAAE,kDAAkD;YAC9D,WAAW,EAAE,qEAAqE;SACnF,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,MAAM;QACN,gBAAgB;QAChB,cAAc;KACf,CAAC;AACJ,CAAC;AAED,sCAAsC;AAEtC;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,QAAgB,EAChB,gBAAwB;IAExB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,GAAG,CAAC,IAAI,QAAQ,GAAG,GAAG,EAAE,CAAC;QACjE,MAAM,IAAI,qBAAqB,CAAC,qBAAqB,QAAQ,kBAAkB,CAAC,CAAC;IACnF,CAAC;IACD,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,MAAM,CAAC,GAAG,eAAe,CAAC,gBAAgB,CAAC,CAAC;IAE5C,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,CAAC;oBACP,IAAI,EAAE,sBAAsB;oBAC5B,QAAQ,EAAE,OAAO;oBACjB,YAAY,EAAE,gBAAgB;oBAC9B,OAAO,EAAE,iBAAiB,gBAAgB,sBAAsB;oBAChE,UAAU,EAAE,iBAAiB;iBAC9B,CAAC;YACF,YAAY,EAAE,gBAAgB;YAC9B,aAAa,EAAE,EAAE;YACjB,aAAa,EAAE,EAAE;YACjB,uBAAuB,EAAE,IAAI;SAC9B,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,CAAC,eAAe,CAAC,oBAAoB,CAAC;IAC1D,MAAM,QAAQ,GAAG,CAAC,CAAC,eAAe,CAAC,aAAa,CAAC;IACjD,MAAM,aAAa,GAAG,QAAQ,GAAG,UAAU,CAAC;IAE5C,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,2BAA2B;YACjC,QAAQ,EAAE,OAAO;YACjB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,aAAa,QAAQ,wCAAwC,UAAU,OAAO,CAAC,CAAC,IAAI,4CAA4C;YACzI,UAAU,EAAE,CAAC,CAAC,eAAe,CAAC,IAAI;YAClC,WAAW,EAAE,6EAA6E;SAC3F,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,CAAC,eAAe,CAAC,mBAAmB,EAAE,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,4BAA4B;YAClC,QAAQ,EAAE,MAAM;YAChB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,4DAA4D,CAAC,CAAC,eAAe,CAAC,IAAI,GAAG;YACvG,UAAU,EAAE,CAAC,CAAC,eAAe,CAAC,IAAI;YAClC,WAAW,EAAE,oFAAoF;SAClG,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,CAAC,eAAe,CAAC,qBAAqB,EAAE,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,oDAAoD,CAAC,CAAC,IAAI,GAAG;YACtE,UAAU,EAAE,CAAC,CAAC,eAAe,CAAC,IAAI;YAClC,WAAW,EAAE,qEAAqE;SACnF,CAAC,CAAC;IACL,CAAC;IAED,+CAA+C;IAC/C,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,kBAAkB;YACxB,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,IAAI;YAClB,OAAO,EAAE,2FAA2F;YACpG,UAAU,EAAE,kDAAkD;YAC9D,WAAW,EAAE,6FAA6F;SAC3G,CAAC,CAAC;IACL,CAAC;IAED,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,iBAAiB;YACvB,QAAQ,EAAE,MAAM;YAChB,YAAY,EAAE,IAAI;YAClB,OAAO,EAAE,2GAA2G;YACpH,UAAU,EAAE,mCAAmC;YAC/C,WAAW,EAAE,+EAA+E;SAC7F,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,SAAS,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC;QACtD,MAAM;QACN,YAAY,EAAE,gBAAgB;QAC9B,aAAa,EAAE,UAAU;QACzB,aAAa,EAAE,QAAQ;QACvB,uBAAuB,EAAE,aAAa;KACvC,CAAC;AACJ,CAAC;AAED,+BAA+B;AAE/B;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,gBAAwB;IAC7D,MAAM,CAAC,GAAG,eAAe,CAAC,gBAAgB,CAAC,CAAC;IAE5C,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,OAAO;YACL,YAAY,EAAE,gBAAgB;YAC9B,uBAAuB,EAAE,IAAI;YAC7B,UAAU,EAAE,EAAE;YACd,uBAAuB,EAAE,IAAI;YAC7B,cAAc,EAAE,CAAC,UAAU,EAAE,qBAAqB,CAAC;YACnD,iBAAiB,EAAE,CAAC,gBAAgB,EAAE,iBAAiB,CAAC;SACzD,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAuB;QAC/B,YAAY,EAAE,gBAAgB;QAC9B,uBAAuB,EAAE,CAAC,CAAC,cAAc,CAAC,uBAAuB;QACjE,UAAU,EAAE,CAAC,CAAC,eAAe,CAAC,oBAAoB;QAClD,uBAAuB,EAAE,CAAC,CAAC,eAAe,CAAC,uBAAuB;QAClE,cAAc,EAAE,CAAC,UAAU,EAAE,qBAAqB,EAAE,cAAc,CAAC;QACnE,iBAAiB,EAAE,EAAE;KACtB,CAAC;IAEF,sDAAsD;IACtD,IAAI,CAAC,CAAC,eAAe,CAAC,mBAAmB,EAAE,CAAC;QAC1C,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACjD,CAAC;IAED,0BAA0B;IAC1B,IAAI,kBAAkB,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC9C,IAAI,CAAC,KAAK,GAAG,wFAAwF,CAAC;IACxG,CAAC;IAED,6BAA6B;IAC7B,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC9C,IAAI,CAAC,KAAK,GAAG,uFAAuF,CAAC;IACvG,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,yBAAyB;AAEzB;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,gBAAwB;IAK3D,MAAM,CAAC,GAAG,eAAe,CAAC,gBAAgB,CAAC,CAAC;IAC5C,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,OAAO;YACL,OAAO,EAAE,GAAG;YACZ,QAAQ,EAAE,sEAAsE;YAChF,UAAU,EAAE,eAAe;SAC5B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAC,cAAc,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;QAC1C,OAAO;YACL,OAAO,EAAE,CAAC,CAAC,cAAc,CAAC,gBAAgB;YAC1C,QAAQ,EAAE,GAAG,CAAC,CAAC,IAAI,oCAAoC,CAAC,CAAC,cAAc,CAAC,gBAAgB,QAAQ;YAChG,UAAU,EAAE,CAAC,CAAC,cAAc,CAAC,QAAQ;SACtC,CAAC;IACJ,CAAC;IAED,8CAA8C;IAC9C,IAAI,kBAAkB,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClD,OAAO;YACL,OAAO,EAAE,CAAC;YACV,QAAQ,EAAE,sKAAsK;YAChL,UAAU,EAAE,CAAC,CAAC,cAAc,CAAC,QAAQ;SACtC,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,EAAE,CAAC;QACV,QAAQ,EAAE,GAAG,CAAC,CAAC,cAAc,CAAC,IAAI,2HAA2H;QAC7J,UAAU,EAAE,CAAC,CAAC,cAAc,CAAC,QAAQ;KACtC,CAAC;AACJ,CAAC;AAED,wCAAwC;AAExC;;;GAGG;AACH,MAAM,UAAU,gCAAgC,CAC9C,UAAsB,EACtB,aAAuB;IAEvB,MAAM,OAAO,GAAG,IAAI,GAAG,EAA4B,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,yBAAyB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,8BAA8B,CAAC,aAAuB;IAQpE,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAC1B,IAAI,oBAAoB,GAAG,CAAC,CAAC;IAC7B,IAAI,uBAAuB,GAAG,KAAK,CAAC;IACpC,IAAI,0BAA0B,GAAG,QAAQ,CAAC;IAC1C,IAAI,iBAAiB,GAAG,IAAI,CAAC;IAE7B,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,CAAC,CAAC;YAAE,SAAS;QAEjB,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,CAAC,eAAe,CAAC,oBAAoB,CAAC,CAAC;QACxF,oBAAoB,GAAG,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;QACvF,IAAI,CAAC,CAAC,cAAc,CAAC,uBAAuB;YAAE,uBAAuB,GAAG,IAAI,CAAC;QAC7E,IAAI,CAAC,CAAC,cAAc,CAAC,uBAAuB,GAAG,CAAC,EAAE,CAAC;YACjD,0BAA0B,GAAG,IAAI,CAAC,GAAG,CAAC,0BAA0B,EAAE,CAAC,CAAC,cAAc,CAAC,uBAAuB,CAAC,CAAC;QAC9G,CAAC;QACD,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC,cAAc;YAAE,iBAAiB,GAAG,KAAK,CAAC;IAClE,CAAC;IAED,OAAO;QACL,iBAAiB;QACjB,oBAAoB;QACpB,uBAAuB;QACvB,0BAA0B,EAAE,0BAA0B,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;QACpG,iBAAiB;QACjB,aAAa;KACd,CAAC;AACJ,CAAC;AAED,2BAA2B;AAE3B,SAAS,mBAAmB,CAAC,UAAkB;IAC7C,MAAM,GAAG,GAAmC;QAC1C,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO;QACzE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO;QACxE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO;QAC3D,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS;QAC3D,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS;QACtD,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ;QACtE,UAAU,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY,EAAE,sBAAsB,EAAE,YAAY;QACjF,kBAAkB,EAAE,YAAY,EAAE,iBAAiB,EAAE,YAAY;QACjE,QAAQ,EAAE,aAAa,EAAE,SAAS,EAAE,aAAa,EAAE,SAAS,EAAE,aAAa;QAC3E,SAAS,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa;QACnD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU;QAC/D,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU;QAC3C,YAAY,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY;QAC7C,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY;QAC5E,UAAU,EAAE,UAAU,EAAE,qBAAqB,EAAE,UAAU;QACzD,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU;QACvE,SAAS,EAAE,cAAc;QACzB,UAAU,EAAE,cAAc,EAAE,UAAU,EAAE,cAAc,EAAE,SAAS,EAAE,cAAc;QACjF,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,aAAa;QAC9D,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS;QACpC,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS;QACjD,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS;QAC3C,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS;QAC7C,SAAS,EAAE,SAAS,EAAE,eAAe,EAAE,SAAS;QAChD,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;QAC7C,kBAAkB,EAAE,SAAS,EAAE,wBAAwB,EAAE,SAAS;KACnE,CAAC;IACF,OAAO,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,0BAA0B,CACjC,UAAsB,EACtB,CAAe;IAEf,MAAM,MAAM,GAAsB,EAAE,CAAC;IAErC,sBAAsB;IACtB,MAAM,QAAQ,GAAG,WAAW,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACtD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,mBAAmB;YACzB,QAAQ,EAAE,OAAO;YACjB,YAAY,EAAE,CAAC,CAAC,IAAI;YACpB,OAAO,EAAE,gDAAgD;YACzD,UAAU,EAAE,CAAC,CAAC,eAAe,CAAC,IAAI;YAClC,WAAW,EAAE,4DAA4D;SAC1E,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,+CAA+C;IAC/C,IAAI,MAAc,CAAC;IACnB,IAAI,MAAc,CAAC;IACnB,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7C,MAAM,GAAG,GAAG,CAAC;IACf,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7C,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC9B,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAChC,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,mBAAmB;YACzB,QAAQ,EAAE,OAAO;YACjB,YAAY,EAAE,CAAC,CAAC,IAAI;YACpB,OAAO,EAAE,4BAA4B,QAAQ,kCAAkC;YAC/E,UAAU,EAAE,CAAC,CAAC,eAAe,CAAC,IAAI;YAClC,WAAW,EAAE,wEAAwE;SACtF,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,6DAA6D;IAC7D,IAAI,MAAM,GAAG,CAAC,CAAC,eAAe,CAAC,oBAAoB,EAAE,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,mBAAmB;YACzB,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,CAAC,CAAC,IAAI;YACpB,OAAO,EAAE,aAAa,QAAQ,mDAAmD,CAAC,CAAC,eAAe,CAAC,oBAAoB,OAAO,CAAC,CAAC,IAAI,iCAAiC;YACrK,UAAU,EAAE,CAAC,CAAC,eAAe,CAAC,IAAI;YAClC,WAAW,EAAE,uDAAuD;SACrE,CAAC,CAAC;IACL,CAAC;IAED,oGAAoG;IACpG,IAAI,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,GAAG,CAAC,CAAC,eAAe,CAAC,aAAa,CAAC,EAAE,CAAC;QACxF,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,mBAAmB;YACzB,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,CAAC,CAAC,IAAI;YACpB,OAAO,EAAE,aAAa,QAAQ,uCAAuC,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,eAAe,CAAC,aAAa,IAAI;YACrH,UAAU,EAAE,CAAC,CAAC,eAAe,CAAC,IAAI;SACnC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/connections.d.ts

@@ -0,0 +1,63 @@
+export interface ContactInfo {
+    name?: string;
+    mobile?: string;
+    email?: string;
+    address?: string;
+    childPubkeys?: string[];
+}
+/** SECURITY NOTE: sharedSecret is stored as a plain hex string in memory.
+ *  For production use, secrets should be encrypted at rest (e.g. via OS keychain
+ *  or encrypted storage). JS strings cannot be zeroed from memory. */
+export interface Connection {
+    pubkey: string;
+    sharedSecret: string;
+    theirInfo: ContactInfo;
+    ourInfo: ContactInfo;
+    connectedAt: number;
+    method: 'qr-in-person' | 'online';
+}
+export interface QRPayload {
+    pubkey: string;
+    nonce: string;
+    info?: ContactInfo;
+}
+/** Compute an ECDH shared secret from our private key and their x-only public key.
+ *  The result is the SHA-256 of the x-coordinate of the ECDH point, returned as
+ *  a 32-byte hex string.  The secret is symmetric: A(priv)+B(pub) === B(priv)+A(pub). */
+export declare function computeSharedSecret(myPrivateKey: string, theirPublicKey: string): string;
+/**
+ * Create a QR payload containing our public key and a random nonce.
+ *
+ * **SECURITY WARNING — unencrypted payload:** The returned object is serialised
+ * as cleartext JSON by `serializeQRPayload`.  Any `ContactInfo` embedded in the
+ * payload (name, mobile, email, address, children's public keys) is transmitted
+ * without encryption.  Only display this QR code on trusted screens in
+ * controlled environments.  Do not transmit it over untrusted channels.
+ */
+export declare function createQRPayload(publicKey: string, info?: ContactInfo): QRPayload;
+/** Serialize a QR payload to a JSON string. */
+export declare function serializeQRPayload(payload: QRPayload): string;
+/** Parse and validate a QR payload from a JSON string.
+ *  Throws if the data is not valid JSON or is missing required fields. */
+export declare function parseQRPayload(data: string): QRPayload;
+/** Create a Connection from our private key and a scanned QR payload. */
+export declare function createConnection(myPrivateKey: string, qrPayload: QRPayload, ourInfo: ContactInfo): Connection;
+/** Simple in-memory connection manager keyed by remote public key. */
+export declare class ConnectionStore {
+    private connections;
+    /** Add a connection. If a connection with the same pubkey already exists it is replaced. */
+    add(connection: Connection): void;
+    /** Get a connection by remote public key. */
+    get(pubkey: string): Connection | undefined;
+    /** List all connections. */
+    list(): Connection[];
+    /** Remove a connection by remote public key. Returns true if a connection was removed. */
+    remove(pubkey: string): boolean;
+    /** Check whether a connection for the given public key exists. */
+    has(pubkey: string): boolean;
+    /** Export all connections as an array (for serialization). */
+    export(): Connection[];
+    /** Import connections from an array, replacing any existing connections with the same pubkey. */
+    import(connections: Connection[]): void;
+}
+//# sourceMappingURL=connections.d.ts.map

package/dist/connections.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"connections.d.ts","sourceRoot":"","sources":["../src/connections.ts"],"names":[],"mappings":"AAUA,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;sEAEsE;AACtE,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,WAAW,CAAC;IACvB,OAAO,EAAE,WAAW,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,cAAc,GAAG,QAAQ,CAAC;CACnC;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,WAAW,CAAC;CACpB;AAID;;yFAEyF;AACzF,wBAAgB,mBAAmB,CAAC,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,MAAM,CAWxF;AAID;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,SAAS,CAOhF;AAED,+CAA+C;AAC/C,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,SAAS,GAAG,MAAM,CAE7D;AAgCD;0EAC0E;AAC1E,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,CA2BtD;AAID,yEAAyE;AACzE,wBAAgB,gBAAgB,CAC9B,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,WAAW,GACnB,UAAU,CAUZ;AAID,sEAAsE;AACtE,qBAAa,eAAe;IAC1B,OAAO,CAAC,WAAW,CAAsC;IAEzD,4FAA4F;IAC5F,GAAG,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAIjC,6CAA6C;IAC7C,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS;IAI3C,4BAA4B;IAC5B,IAAI,IAAI,UAAU,EAAE;IAIpB,0FAA0F;IAC1F,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAI/B,kEAAkE;IAClE,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAI5B,8DAA8D;IAC9D,MAAM,IAAI,UAAU,EAAE;IAItB,iGAAiG;IACjG,MAAM,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,IAAI;CAmBxC"}