JSPM

@bedrockcompliance/notary

0.1.1
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 17
  • Score
    100M100P100Q78142F
  • License Apache-2.0

Hash and signature engine for the Bedrock immutable advice ledger — computes and verifies record hashes, chain hashes and ECDSA P-256 signatures.

Package Exports

  • @bedrockcompliance/notary

Readme

@bedrockcompliance/notary

The hash and signature engine behind the Bedrock immutable advice ledger.

@bedrockcompliance/notary contains the canonical JSON serialiser, the record and chain hash functions, and the ECDSA P-256 signature verifier that underpin the Bedrock ledger. The Bedrock platform imports it on both the write path (computing hashes when records are created) and the verify path (checking signatures when certificates are verified), so there is no internal copy of the algorithm — anyone running this package is running the same code that runs in production.

No signing implementations, no private keys, no networking.

License: Apache 2.0

Install

npm install @bedrockcompliance/notary

Quickstart

Compute a record hash (same function the Bedrock writer uses)

import { computeRecordHash, computeChainHash, GENESIS_HASH } from '@bedrockcompliance/notary';

const recordHash = computeRecordHash(payload);
const chainHash = computeChainHash(recordHash, previousHash ?? GENESIS_HASH);

Verify a certificate

import { verifyCertificate } from '@bedrockcompliance/notary';

const response = await fetch(
  `https://api.bedrockcompliance.co.uk/v1/verify/${certificateId}`,
);
const { certificate, record } = await response.json();

const result = verifyCertificate({ certificate, record });
if (!result.valid) {
  throw new Error(`Certificate invalid: ${result.reason}`);
}

Verify a chain

import { verifyChain } from '@bedrockcompliance/notary';

const result = verifyChain(records, firmId);

API

Compute:

  • canonicalise(value) — Bedrock's canonical JSON serialiser.
  • sha256(string) / sha256Buffer(buffer) — SHA-256 helpers.
  • computeRecordHash(payload)sha256(canonicalise(payload)).
  • computeChainHash(recordHash, previousHash) — chain binding.

Verify:

  • verifyChain(records, firmId) — full chain integrity check.
  • verifySignature(record, options?) — ECDSA P-256 verification with optional trustedPublicKey pinning.
  • verifyCertificate(input, options?) — end-to-end certificate check.

Constants:

  • GENESIS_HASH, SIGNING_ALGORITHM, ChainInvalidReason, Signer.

License

Apache 2.0. See SECURITY.md for vulnerability reporting.