SR-4 WI-3: anchorEncryptedTranscript() helper

[linear]

What

Support terms.transcriptDisclosurePolicy (DACS-3 §8.7) — specifically encrypted-anchored-required and encrypted-anchored-recommended.

Policy values (§8.7)

• none (default) — transcript stays in the channel; nothing anchored.
• encrypted-anchored-recommended — SHOULD anchor; consent must be explicit.
• encrypted-anchored-required — MUST anchor; absence of the anchor fails the phase.

API

export async function anchorEncryptedTranscript(
    transcript: ChannelTranscript,
    members: ClaimReference[],
    demos: Demos,
): Promise<AttestationRef>  // { anchor, contentHash }

Implementation steps:

1. Encrypt the ChannelTranscript to the member set so only members can decrypt (CH-2). Use the existing L2PS RSA-key membership for transport-level encryption; the public chain only sees the ciphertext + content hash.
2. Anchor the ciphertext via SR-2 (Storage Program). Public chain stores { anchor, contentHash } — content hash gives tamper-evidence without leaking content.
3. Sign with the producing party's Demos key over the domain-separated payload:

signed_bytes := "dacs-transcript:v1:" || sha256(canonical_JCS(transcript_without_signatures))

4. Return { anchor: storageProgramRef, contentHash: hex } — the negotiate-rfq output carries this as an optional channelTranscriptRef.

Acceptance

• required policy: produces a member-decryptable, publicly-hash-verifiable anchor; phase fails if missing.
• recommended policy: anchors only on explicit consent flag from caller; default is no anchor.
• Non-member cannot decrypt the ciphertext.
• Anyone (including non-member) can verify the content hash against the on-chain anchor (tamper-evidence).
• Tampering with the anchored ciphertext flips the content-hash check.

Dependencies

• Blocked by WI-2 (ChannelTranscript shape).
• Consumes existing L2PS RSA-key encryption + @kynesyslabs/demosdk/storage for SR-2.

Source

Brief §2 WI-3 + DACS-3 §8.7.