Add backward-compatibility shims for runtime receipt signing

[GsCommand]

Summary

This PR introduces backward-compatibility adapters (compat.ts) that translate between the runtime's envelope format (receipt with metadata.proof) and the core v1.1.0 signing APIs. These shims enable the runtime/server.mjs to use the standardized Ed25519 signing protocol while maintaining compatibility with existing receipt structures.

Key Changes

• New src/compat.ts module: Provides two main functions for runtime receipt handling:

  • signReceiptEd25519Sha256(): Signs a runtime-style receipt and embeds the proof in metadata.proof
  • verifyReceiptEd25519Sha256(): Verifies a signed receipt, reconstructing the original payload by stripping the proof block

• Type definitions: Exports interfaces for RuntimeReceipt, RuntimeProof, and related options/results types

• Export constant: CANONICAL_ID_SORTED_KEYS_V1 for downstream use

• Comprehensive test suite (test/compat.test.ts): Validates signing, verification, tampering detection, idempotency, and legacy signature_b64 field support

• Package exports: Added ./compat subpath export in package.json for modular imports

• Build automation: Added prepare script to ensure builds run before publishing

Implementation Details

• The signing protocol is always Ed25519 over UTF8-canonicalized bytes (v1.1.0 compliant)
• The proof block is excluded from the signed payload, ensuring signing is idempotent
• SHA256 hash computation is included for legacy compatibility but not required for verification
• Verification supports both signature and signature_b64 fields for backward compatibility
• Comprehensive error handling with detailed reason messages for verification failures

https://claude.ai/code/session_0112Taq5ne2BieC3hfqjjf3r