@gnufoo/canaad

AAD canonicalization in your browser or Worker. Same spec, same bytes.

``bash npm install @gnufoo/canaad`

`canonicalize`

`typescript import { canonicalize, canonicalizeString, validate, hash } from '@gnufoo/canaad';

const bytes = canonicalize('{"v":1,"tenant":"org_abc","resource":"secrets/db","purpose":"encryption"}'); const str = canonicalizeString('{"v":1,"tenant":"org_abc","resource":"secrets/db","purpose":"encryption"}'); const ok = validate(json); const sha = hash(json); // 32-byte SHA-256`

`build`

`typescript import { AadBuilder } from '@gnufoo/canaad';

const aad = new AadBuilder() .tenant("org_abc") .resource("secrets/db") .purpose("encryption") .timestamp(1706400000) .extensionString("x_vault_cluster", "us-east-1") .extensionInt("x_app_priority", 5) .build(); // Uint8Array`

Numbers only — no BigInt. build() and buildString() validate all inputs:

- NaN, Infinity, negative, fractional → rejected --0.0→ allowed (equals 0 in IEEE 754) - integers > 2^53-1 → rejected (JS safe integer limit)

`exports`

This package follows the gnufoo tool package format with four entry points:

| Import | What you get | |--------|-------------| |@gnufoo/canaad| Direct WASM functions (after init) | |@gnufoo/canaad/init | initWasm() + isInitialized()| |@gnufoo/canaad/meta| Zod schemas + metadata (no WASM, SSG-safe) | |@gnufoo/canaad/tool | toolDefinition with execute() |

The /meta import is safe for static site generation — no WASM loaded.

The /tool path validates inputs via Zod (z.number().int().nonnegative() for timestamps and extension integers). Direct WASM imports bypass Zod — the Rust layer validates as defense-in-depth.

`cloudflare workers`

`typescript import wasmModule from '@gnufoo/canaad/canaad_wasm_bg.wasm'; import { toolDefinition } from '@gnufoo/canaad/tool';

await toolDefinition.initWasm(wasmModule);

const result = await toolDefinition.execute({ action: 'build', tenant: 'org_abc', resource: 'secrets/db', purpose: 'encryption', });`

`browser (vite)`

With vite-plugin-wasm and vite-plugin-top-level-await:

`typescript import { toolDefinition } from '@gnufoo/canaad/tool';

await toolDefinition.initWasm();``

license

MIT OR Apache-2.0