tsp-verify 0.1.0

package/LICENSE

@@ -0,0 +1,177 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+

package/NOTICE

@@ -0,0 +1,7 @@
+TSP Gateway
+Copyright 2026 LexiCo AS (Tønsberg, Norway)
+
+This product includes software developed at LexiCo AS, including the TSP v3
+verifier core vendored from the Trust Standard Protocol reference
+implementation (github.com/Lexi-TSP/Trust-Standard-Protocol, Apache-2.0) —
+see src/core/PROVENANCE.md for the exact vendoring record.

package/README.md

@@ -0,0 +1,65 @@
+# tsp-verify — JavaScript port of the TSP reference verifier core
+
+Verify [Trust Standard Protocol](https://truststandardprotocol.com) evidence
+from JavaScript: canonicalization (RFC 8785 JCS, byte-identical to the reference),
+trust envelope + trust manifest validation, Ed25519 local verification with the
+granular check profile, and offline **license-artifact** verification
+(`tsp.license.v1`, ADR-0010).
+
+**Zero dependencies** — Node ≥ 20 only (uses the built-in Web Crypto API).
+
+```js
+import { verifyLocal } from "tsp-verify";
+
+const result = await verifyLocal(envelope, { knownPublicKey });
+console.log(result.valid);                  // true / false — fail-closed
+console.log(result.checks.ledgerHash);      // granular per-check verdicts
+```
+
+It also verifies **commercial licenses** (TSP License Artifact v1) — a sibling
+artifact validated fully offline through `license → issuer → pinned license-root`,
+reusing the same crypto substrate:
+
+```js
+import { verifyLicense } from "tsp-verify";
+
+const r = await verifyLicense(
+  bundle,                                    // a tsp.license-bundle.v1
+  {
+    origin: "https://customer.example",      // this deployment's manifest origin
+    trustedRootKeys: [pinnedRoot],           // [{ rootKeyId, publicKey }]
+    requiredModules: ["gateway-pro"],        // default-deny per module
+  },
+  new Date(),                                // or an ISO-8601 string
+);
+console.log(r.ok, r.reason);                 // e.g. true "valid" | false "license_expired"
+```
+
+## Conformance is the correctness claim
+
+This port is correct because it reproduces the normative verdicts of the
+[tsp-spec](https://github.com/Lexi-TSP/tsp-spec) fixture suites — the v3.0
+TrustEnvelope vectors (including the ADR-0002 tamper-rejection profile) and the
+ADR-0010 license vectors — not because anyone says so. Two separate
+checksum-pinned tracks, never mixed. Prove it:
+
+```bash
+npm run conformance
+# integrity: 10 v3.0 fixtures match pinned SHA256SUMS
+# integrity: 9 license fixtures match pinned SHA256SUMS
+# ✓ all 23 conformance vectors pass against the JS port
+```
+
+A failure of that runner is a bug in this port, never grounds to adjust the
+fixtures (ADR-0008: the spec owns the truth).
+
+## API
+
+- `canonicalize(value)` — RFC 8785 JCS canonical string.
+- `sha256Hex(string)` — SHA-256 hex of a UTF-8 string.
+- `validateTrustEnvelopeShape(envelope)` / `validateTrustManifest(manifest)` — structural validation.
+- `verifyLocal(envelope, { knownPublicKey })` — local-plane verify (schema + content + ledger + Ed25519 signatures).
+- `validateLicenseBundleShape(bundle)` / `verifyLicense(bundle, config, now)` — offline license-artifact verification.
+
+Verification only: this package holds no private keys and signs nothing. Part of
+the `tsp-verify` family alongside the Python, Rust, and Go ports.

package/package.json

@@ -0,0 +1,21 @@
+{
+  "name": "tsp-verify",
+  "version": "0.1.0",
+  "description": "JavaScript port of the Trust Standard Protocol (TSP) verifier core: RFC 8785 canonicalization, trust envelope + manifest validation, Ed25519 local verification, and offline license-artifact verification (tsp.license.v1). Zero dependencies.",
+  "type": "module",
+  "main": "src/index.js",
+  "exports": { ".": "./src/index.js" },
+  "files": ["src", "LICENSE", "NOTICE", "README.md"],
+  "engines": { "node": ">=20" },
+  "scripts": {
+    "test": "node --test test/*.test.mjs",
+    "conformance": "node conformance/run-conformance.mjs"
+  },
+  "keywords": ["tsp", "trust", "provenance", "verification", "ed25519", "license", "canonicalization"],
+  "license": "Apache-2.0",
+  "repository": { "type": "git", "url": "git+https://github.com/Lexi-TSP/tsp-js.git" },
+  "homepage": "https://truststandardprotocol.com",
+  "author": "LexiCo AS <hello@truststandardprotocol.com>",
+  "dependencies": {},
+  "devDependencies": {}
+}

package/src/canonical.js

@@ -0,0 +1,67 @@
+const REQUIRES_ESCAPE = /[\x00-\x1f"\\]/g;
+
+const ESCAPE_MAP = {
+  '\b': '\\b',
+  '\t': '\\t',
+  '\n': '\\n',
+  '\f': '\\f',
+  '\r': '\\r',
+  '"': '\\"',
+  '\\': '\\\\',
+};
+
+const escapeChar = (char) => {
+  if (char in ESCAPE_MAP) {
+    return ESCAPE_MAP[char];
+  }
+
+  return `\\u${char.charCodeAt(0).toString(16).padStart(4, '0')}`;
+};
+
+const canonicalString = (value) => `"${value.replace(REQUIRES_ESCAPE, escapeChar)}"`;
+
+const canonicalNumber = (value) => {
+  if (!Number.isFinite(value)) {
+    throw new Error(`canonicalize: non-finite number not allowed: ${value}`);
+  }
+
+  if (Object.is(value, -0)) {
+    return '0';
+  }
+
+  return JSON.stringify(value);
+};
+
+export const canonicalize = (value) => {
+  if (value === null) {
+    return 'null';
+  }
+
+  if (typeof value === 'boolean') {
+    return value ? 'true' : 'false';
+  }
+
+  if (typeof value === 'number') {
+    return canonicalNumber(value);
+  }
+
+  if (typeof value === 'string') {
+    return canonicalString(value);
+  }
+
+  if (Array.isArray(value)) {
+    return `[${value.map(canonicalize).join(',')}]`;
+  }
+
+  if (typeof value === 'object') {
+    const keys = Object.keys(value).sort((a, b) => {
+      if (a < b) return -1;
+      if (a > b) return 1;
+      return 0;
+    });
+
+    return `{${keys.map((key) => `${canonicalString(key)}:${canonicalize(value[key])}`).join(',')}}`;
+  }
+
+  throw new Error(`canonicalize: unsupported value type: ${typeof value}`);
+};

package/src/crypto.js

@@ -0,0 +1,15 @@
+const ED25519_ALGORITHM = { name: 'Ed25519' };
+
+export const importPublicKeyJwk = (jwk) =>
+  crypto.subtle.importKey('jwk', jwk, ED25519_ALGORITHM, true, ['verify']);
+
+export const verifyEd25519 = (publicKey, signature, data) =>
+  crypto.subtle.verify(ED25519_ALGORITHM, publicKey, signature, data);
+
+export const base64ToBytes = (value) => {
+  if (typeof atob === 'function') {
+    return Uint8Array.from(atob(value), (char) => char.charCodeAt(0));
+  }
+
+  return Uint8Array.from(Buffer.from(value, 'base64'));
+};

package/src/domains.js

@@ -0,0 +1,64 @@
+/**
+ * TSP v3.0 canonical signing/ledger domain construction — SINGLE SOURCE.
+ *
+ * The domain rule is a crypto invariant (ADR-0002: executionProvenance is
+ * bound into both the ledger and signature domains; optional envelope fields
+ * are included if and only if present). It must exist exactly once so the
+ * local and online verifiers cannot diverge. Semantics are pinned by the
+ * tsp-spec v3.0 fixture suite (valid-with-provenance / tampered-provenance);
+ * normative authority is tsp-spec per ADR-0008 — do not edit this module to
+ * make a verifier pass, fix the verifier.
+ */
+
+/**
+ * Ledger domain: everything the ledger hash covers — the envelope minus
+ * ledger.hash itself. Includes signatures; includes executionProvenance
+ * when present (ADR-0002).
+ */
+export const buildLedgerDomain = (envelope) => {
+  const domain = {
+    tsp: envelope.tsp,
+    content: envelope.content,
+    process: envelope.process,
+    signatures: envelope.signatures,
+    ledger: { id: envelope.ledger.id, prevHash: envelope.ledger.prevHash },
+  };
+
+  if (envelope.declaration !== undefined) domain.declaration = envelope.declaration;
+  if (envelope.alignment !== undefined) domain.alignment = envelope.alignment;
+  if (envelope.timestamp !== undefined) domain.timestamp = envelope.timestamp;
+  if (envelope.executionProvenance !== undefined) {
+    domain.executionProvenance = envelope.executionProvenance;
+  }
+
+  return domain;
+};
+
+/**
+ * Signature domain: what each Ed25519 envelope signature covers — excludes
+ * the signatures array and the TSA token (timestamp is reduced to
+ * { claimed, tsaUrl } so a later TSA attestation does not invalidate the
+ * instance signature). Includes executionProvenance when present (ADR-0002).
+ */
+export const buildSignatureDomain = (envelope) => {
+  const domain = {
+    tsp: envelope.tsp,
+    content: envelope.content,
+    process: envelope.process,
+    ledger: { id: envelope.ledger.id, prevHash: envelope.ledger.prevHash },
+  };
+
+  if (envelope.declaration !== undefined) domain.declaration = envelope.declaration;
+  if (envelope.alignment !== undefined) domain.alignment = envelope.alignment;
+  if (envelope.timestamp !== undefined) {
+    domain.timestamp = {
+      claimed: envelope.timestamp.claimed,
+      tsaUrl: envelope.timestamp.tsaUrl,
+    };
+  }
+  if (envelope.executionProvenance !== undefined) {
+    domain.executionProvenance = envelope.executionProvenance;
+  }
+
+  return domain;
+};

package/src/hash.js

@@ -0,0 +1,8 @@
+const encoder = new TextEncoder();
+
+const bytesToHex = (bytes) => [...bytes].map((byte) => byte.toString(16).padStart(2, '0')).join('');
+
+export const sha256Hex = async (input) => {
+  const digest = await crypto.subtle.digest('SHA-256', encoder.encode(input));
+  return bytesToHex(new Uint8Array(digest));
+};

package/src/index.js

@@ -0,0 +1,15 @@
+/**
+ * tsp-verify -- JavaScript port of the TSP reference verifier core.
+ *
+ * Normative authority is Lexi-TSP/tsp-spec (ADR-0008): this port is conformant
+ * because it reproduces the spec's fixture verdicts, not because it is trusted.
+ * Run `npm run conformance` to prove it on your machine. Verification only:
+ * holds no keys, signs nothing. Zero dependencies (Node >= 20 Web Crypto).
+ */
+export { canonicalize } from './canonical.js';
+export { sha256Hex } from './hash.js';
+export { validateTrustEnvelopeShape } from './schema.js';
+export { validateTrustManifest } from './manifest.js';
+export { verifyLocal } from './verify-local.js';
+export { validateLicenseBundleShape } from './license-schema.js';
+export { verifyLicense } from './verify-license.js';

package/src/license-domain.js

@@ -0,0 +1,24 @@
+/**
+ * TSP License Artifact v1 — signing-domain construction (SINGLE SOURCE).
+ *
+ * Mirrors core/domains.js for the envelope: the license and issuer-credential
+ * signing domains are defined exactly once so the offline issuer/ceremony
+ * signer and verify_license() cannot diverge. ADR-0010: a license is a SIBLING
+ * artifact that reuses the TSP cryptographic substrate (canonicalization,
+ * SHA-256, Ed25519, signing-domain discipline) and nothing of the
+ * TrustEnvelope semantics. This module does NOT touch the envelope domains.
+ *
+ * The license body and the issuer-credential body are CLOSED allowlists
+ * (see license-schema.js). The signature therefore covers the ENTIRE
+ * validated body object — there are no excluded fields (unlike the envelope,
+ * whose signatures[] and TSA token are excluded) because each signature lives
+ * OUTSIDE the body, in the bundle. Consequence, load-bearing: schema
+ * validation MUST run before signature verification, so an injected unknown
+ * field is rejected structurally rather than riding along unsigned.
+ */
+
+/** Domain for the license signature (issuer-signed): the whole validated license body. */
+export const buildLicenseSigningDomain = (license) => license;
+
+/** Domain for the issuer-credential signature (root-signed): the whole validated credential body. */
+export const buildIssuerCredentialSigningDomain = (credential) => credential;

package/src/license-schema.js

@@ -0,0 +1,162 @@
+/**
+ * TSP License Artifact v1 — structural / shape validation.
+ *
+ * Closed-allowlist shape validator for the `tsp.license-bundle.v1` container
+ * and its two signed bodies (`tsp.license.v1`, `tsp.license-issuer-credential.v1`).
+ * Mirrors core/schema.js discipline for the envelope: unknown fields are
+ * rejected, so the full body can be safely signed/verified (see license-domain.js).
+ *
+ * ADR-0010 sibling artifact — this validator is independent of
+ * validateTrustEnvelopeShape() and must never be merged into it.
+ *
+ * Normative authority for these shapes is the tsp-spec license-v1 fixture
+ * track + SHA256SUMS (ADR-0008 discipline); this is the reference validator.
+ */
+
+const LICENSE_ARTIFACT = 'tsp.license.v1';
+const ISSUER_CRED_ARTIFACT = 'tsp.license-issuer-credential.v1';
+const BUNDLE_ARTIFACT = 'tsp.license-bundle.v1';
+
+const dateTimePattern = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})$/;
+const editions = new Set(['trial', 'pro', 'enterprise']);
+const PRIVATE_JWK_PARAMETERS = ['d', 'p', 'q', 'dp', 'dq', 'qi', 'oth', 'k'];
+
+const isRecord = (v) => typeof v === 'object' && v !== null && !Array.isArray(v);
+const isString = (v) => typeof v === 'string';
+
+const hasOnly = (value, path, allowed, errors) => {
+  const allowedSet = new Set(allowed);
+  for (const key of Object.keys(value)) {
+    if (!allowedSet.has(key)) errors.push(`${path}.${key} is not allowed`);
+  }
+};
+
+const recordAt = (parent, key, path, errors) => {
+  const v = parent[key];
+  if (!isRecord(v)) { errors.push(`${path}.${key} must be an object`); return undefined; }
+  return v;
+};
+
+const stringAt = (parent, key, path, errors) => {
+  const v = parent[key];
+  if (!isString(v) || v.length === 0) { errors.push(`${path}.${key} must be a non-empty string`); return undefined; }
+  return v;
+};
+
+const dateTimeAt = (parent, key, path, errors) => {
+  const v = stringAt(parent, key, path, errors);
+  if (v !== undefined && (!dateTimePattern.test(v) || Number.isNaN(Date.parse(v)))) {
+    errors.push(`${path}.${key} must be an ISO-8601 date-time string`);
+  }
+};
+
+const optionalDateTimeAt = (parent, key, path, errors) => {
+  if (parent[key] !== undefined) dateTimeAt(parent, key, path, errors);
+};
+
+const stringArrayAt = (parent, key, path, errors, { optional = false } = {}) => {
+  const v = parent[key];
+  if (v === undefined && optional) return;
+  if (!Array.isArray(v)) { errors.push(`${path}.${key} must be an array`); return; }
+  v.forEach((entry, i) => {
+    if (!isString(entry)) errors.push(`${path}.${key}[${i}] must be a string`);
+  });
+};
+
+const ed25519PublicJwkAt = (parent, key, path, errors) => {
+  const jwk = parent[key];
+  if (!isRecord(jwk)) { errors.push(`${path}.${key} must be an object`); return; }
+  const p = `${path}.${key}`;
+  hasOnly(jwk, p, ['kty', 'crv', 'x', 'alg', 'use', 'kid', 'ext', 'key_ops'], errors);
+  const priv = PRIVATE_JWK_PARAMETERS.filter((k) => Object.hasOwn(jwk, k));
+  if (priv.length > 0) errors.push(`${p} must not contain private JWK parameter(s): ${priv.join(', ')}`);
+  if (jwk.kty !== 'OKP') errors.push(`${p}.kty must be OKP for Ed25519 public keys`);
+  if (jwk.crv !== 'Ed25519') errors.push(`${p}.crv must be Ed25519`);
+  if (!isString(jwk.x) || jwk.x.length === 0) errors.push(`${p}.x must be a non-empty public key value`);
+  if (jwk.alg !== undefined && jwk.alg !== 'Ed25519' && jwk.alg !== 'EdDSA') {
+    errors.push(`${p}.alg must be Ed25519 or EdDSA when present`);
+  }
+};
+
+const signatureBlockAt = (parent, key, path, errors) => {
+  const block = recordAt(parent, key, path, errors);
+  if (!block) return;
+  const p = `${path}.${key}`;
+  hasOnly(block, p, ['algorithm', 'signature'], errors);
+  const alg = stringAt(block, 'algorithm', p, errors);
+  if (alg !== undefined && alg !== 'ed25519') errors.push(`${p}.algorithm must be ed25519`);
+  stringAt(block, 'signature', p, errors);
+};
+
+const validateLicenseBody = (license, errors) => {
+  if (!license) return;
+  hasOnly(
+    license,
+    'license',
+    ['artifact_type', 'license_id', 'issuer_id', 'subject', 'edition', 'modules', 'features', 'issuedAt', 'validFrom', 'validUntil', 'graceUntil'],
+    errors,
+  );
+  const at = stringAt(license, 'artifact_type', 'license', errors);
+  if (at !== undefined && at !== LICENSE_ARTIFACT) errors.push(`license.artifact_type must be "${LICENSE_ARTIFACT}"`);
+  stringAt(license, 'license_id', 'license', errors);
+  stringAt(license, 'issuer_id', 'license', errors);
+
+  const subject = recordAt(license, 'subject', 'license', errors);
+  if (subject) {
+    hasOnly(subject, 'license.subject', ['origin', 'allowedOrigins', 'organization'], errors);
+    stringAt(subject, 'origin', 'license.subject', errors);
+    stringAt(subject, 'organization', 'license.subject', errors);
+    stringArrayAt(subject, 'allowedOrigins', 'license.subject', errors, { optional: true });
+  }
+
+  const edition = stringAt(license, 'edition', 'license', errors);
+  if (edition !== undefined && !editions.has(edition)) {
+    errors.push('license.edition must be trial, pro, or enterprise');
+  }
+  stringArrayAt(license, 'modules', 'license', errors);
+  stringArrayAt(license, 'features', 'license', errors, { optional: true });
+  dateTimeAt(license, 'issuedAt', 'license', errors);
+  dateTimeAt(license, 'validFrom', 'license', errors);
+  dateTimeAt(license, 'validUntil', 'license', errors);
+  optionalDateTimeAt(license, 'graceUntil', 'license', errors);
+};
+
+const validateIssuerCredential = (issuerCredential, errors) => {
+  if (!issuerCredential) return;
+  hasOnly(issuerCredential, 'issuerCredential', ['credential', 'rootSignature'], errors);
+
+  const cred = recordAt(issuerCredential, 'credential', 'issuerCredential', errors);
+  if (cred) {
+    hasOnly(cred, 'issuerCredential.credential', ['artifact_type', 'issuer_id', 'issuerPublicKey', 'validFrom', 'validUntil', 'rootKeyId'], errors);
+    const at = stringAt(cred, 'artifact_type', 'issuerCredential.credential', errors);
+    if (at !== undefined && at !== ISSUER_CRED_ARTIFACT) {
+      errors.push(`issuerCredential.credential.artifact_type must be "${ISSUER_CRED_ARTIFACT}"`);
+    }
+    stringAt(cred, 'issuer_id', 'issuerCredential.credential', errors);
+    ed25519PublicJwkAt(cred, 'issuerPublicKey', 'issuerCredential.credential', errors);
+    dateTimeAt(cred, 'validFrom', 'issuerCredential.credential', errors);
+    dateTimeAt(cred, 'validUntil', 'issuerCredential.credential', errors);
+    stringAt(cred, 'rootKeyId', 'issuerCredential.credential', errors);
+  }
+
+  signatureBlockAt(issuerCredential, 'rootSignature', 'issuerCredential', errors);
+};
+
+export const validateLicenseBundleShape = (value) => {
+  const errors = [];
+  if (!isRecord(value)) return ['bundle must be an object'];
+
+  hasOnly(value, 'bundle', ['artifact_type', 'license', 'licenseSignature', 'issuerCredential'], errors);
+  const at = stringAt(value, 'artifact_type', 'bundle', errors);
+  if (at !== undefined && at !== BUNDLE_ARTIFACT) errors.push(`bundle.artifact_type must be "${BUNDLE_ARTIFACT}"`);
+
+  validateLicenseBody(recordAt(value, 'license', 'bundle', errors), errors);
+  signatureBlockAt(value, 'licenseSignature', 'bundle', errors);
+  validateIssuerCredential(recordAt(value, 'issuerCredential', 'bundle', errors), errors);
+
+  return errors;
+};
+
+export const LICENSE_ARTIFACT_TYPE = LICENSE_ARTIFACT;
+export const ISSUER_CREDENTIAL_ARTIFACT_TYPE = ISSUER_CRED_ARTIFACT;
+export const LICENSE_BUNDLE_ARTIFACT_TYPE = BUNDLE_ARTIFACT;