@bananalink-sdk/protocol 1.2.7

package/dist/crypto-export.cjs

@@ -0,0 +1,790 @@
+'use strict';
+
+var chunkVXLUSU5B_cjs = require('./chunk-VXLUSU5B.cjs');
+var chunkA6FLEJ7R_cjs = require('./chunk-A6FLEJ7R.cjs');
+var chunkWGEGR3DF_cjs = require('./chunk-WGEGR3DF.cjs');
+
+// src/crypto/session-security.ts
+var CRYPTO_CONFIG = {
+  ivLength: 12};
+var _SessionSecurity = class _SessionSecurity {
+  constructor(sessionId, provider, logger) {
+    this.provider = provider || chunkVXLUSU5B_cjs.createCryptoProvider(void 0, logger);
+    this.sessionId = sessionId || this.generateSessionId();
+  }
+  /**
+   * Get the crypto provider used by this session
+   */
+  getCryptoProvider() {
+    return this.provider;
+  }
+  /**
+   * Establish a new session with ephemeral key generation
+   */
+  static async establishSession(sessionId, provider, logger) {
+    const session = new _SessionSecurity(sessionId, provider, logger);
+    await session.generateKeyPair();
+    return session;
+  }
+  /**
+   * Generate ECDH key pair for this session
+   */
+  async generateKeyPair() {
+    this.keyPair = await this.provider.generateKeyPair();
+  }
+  /**
+   * Get the public key for sharing (base64 encoded)
+   */
+  async getPublicKey() {
+    if (!this.keyPair?.publicKey) {
+      throw new Error("Key pair not generated. Call generateKeyPair() first.");
+    }
+    const exported = await this.provider.exportPublicKey(this.keyPair.publicKey);
+    return chunkVXLUSU5B_cjs.arrayBufferToBase64(exported);
+  }
+  /**
+   * Derive shared secret from peer's public key
+   */
+  async deriveSharedSecret(peerPublicKeyBase64) {
+    if (!this.keyPair?.privateKey) {
+      throw new Error("Key pair not generated");
+    }
+    const peerPublicKeyBuffer = chunkVXLUSU5B_cjs.base64ToArrayBuffer(peerPublicKeyBase64);
+    const importedPeerKey = await this.provider.importPublicKey(peerPublicKeyBuffer);
+    this.sharedSecret = await this.provider.deriveSharedSecret(this.keyPair.privateKey, importedPeerKey);
+  }
+  /**
+   * Derives an encryption key from the shared secret using HKDF.
+   * @param salt - A non-secret random value.
+   * @param info - Context-specific information.
+   */
+  async deriveEncryptionKey(salt, info) {
+    if (!this.sharedSecret) {
+      throw new Error("Shared secret not derived yet.");
+    }
+    this.encryptionKey = await this.provider.deriveEncryptionKey(this.sharedSecret, salt, info);
+  }
+  /**
+   * Encrypt a message using the derived session key
+   */
+  async encrypt(message) {
+    if (!this.encryptionKey) {
+      throw new Error("Encryption key not derived");
+    }
+    const iv = this.provider.randomBytes(CRYPTO_CONFIG.ivLength);
+    const plaintext = chunkVXLUSU5B_cjs.stringToArrayBuffer(JSON.stringify(message));
+    const ciphertext = await this.provider.encrypt(this.encryptionKey, plaintext, iv);
+    const dataToSign = new Uint8Array([
+      ...new Uint8Array(iv),
+      ...new Uint8Array(ciphertext)
+    ]);
+    const macBuffer = await this.provider.generateHMAC(this.encryptionKey, dataToSign.buffer);
+    return {
+      iv: chunkVXLUSU5B_cjs.arrayBufferToBase64(iv),
+      ciphertext: chunkVXLUSU5B_cjs.arrayBufferToBase64(ciphertext),
+      mac: chunkVXLUSU5B_cjs.arrayBufferToBase64(macBuffer)
+    };
+  }
+  /**
+   * Decrypt a message using the derived session key
+   */
+  async decrypt(encryptedMessage) {
+    if (!this.encryptionKey) {
+      throw new Error("Encryption key not derived");
+    }
+    const iv = chunkVXLUSU5B_cjs.base64ToArrayBuffer(encryptedMessage.iv);
+    const ciphertext = chunkVXLUSU5B_cjs.base64ToArrayBuffer(encryptedMessage.ciphertext);
+    const receivedMac = chunkVXLUSU5B_cjs.base64ToArrayBuffer(encryptedMessage.mac);
+    const dataToVerify = new Uint8Array([
+      ...new Uint8Array(iv),
+      ...new Uint8Array(ciphertext)
+    ]);
+    const isValidMac = await this.provider.verifyHMAC(this.encryptionKey, dataToVerify.buffer, receivedMac);
+    if (!isValidMac) {
+      throw new Error("Message authentication failed");
+    }
+    const plaintextBuffer = await this.provider.decrypt(this.encryptionKey, ciphertext, iv);
+    const plaintextString = chunkVXLUSU5B_cjs.arrayBufferToString(plaintextBuffer);
+    return JSON.parse(plaintextString);
+  }
+  /**
+   * Get session information
+   */
+  async getSessionKeys() {
+    if (!this.keyPair || !this.sharedSecret) {
+      throw new Error("Session not properly initialized");
+    }
+    return {
+      sessionId: this.sessionId,
+      publicKey: await this.getPublicKey(),
+      sharedSecret: this.sharedSecret
+      // We know it exists due to the check above
+    };
+  }
+  /**
+   * Generate a random session ID
+   */
+  generateSessionId() {
+    const sessionBytes = this.provider.randomBytes(16);
+    return chunkVXLUSU5B_cjs.arrayBufferToBase64(sessionBytes);
+  }
+  /**
+   * Get provider information
+   */
+  getProviderInfo() {
+    return {
+      name: this.provider.name,
+      isAvailable: this.provider.isAvailable
+    };
+  }
+  /**
+   * Check if session is ready for encryption/decryption
+   */
+  get isReady() {
+    return !!(this.keyPair && this.sharedSecret && this.encryptionKey);
+  }
+};
+chunkWGEGR3DF_cjs.__name(_SessionSecurity, "SessionSecurity");
+var SessionSecurity = _SessionSecurity;
+
+// src/crypto/payload-handler.ts
+function parsePublicKey(publicKey) {
+  if (publicKey.byteLength !== 65 || new Uint8Array(publicKey)[0] !== 4) {
+    throw new Error("Invalid P-256 public key format");
+  }
+  const x = publicKey.slice(1, 33);
+  const y = publicKey.slice(33, 65);
+  return { x, y };
+}
+chunkWGEGR3DF_cjs.__name(parsePublicKey, "parsePublicKey");
+var _CryptoPayloadHandler = class _CryptoPayloadHandler {
+  static createPayload(options) {
+    if (options.encAlgo === "plaintext") {
+      return {
+        version: "1.0",
+        encryption: {
+          algorithm: "plaintext"
+        },
+        parameters: {
+          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+          sessionId: options.sessionId
+        }
+      };
+    }
+    if (options.encAlgo === "AES-GCM") {
+      const iv = chunkVXLUSU5B_cjs.randomBytes(12);
+      const salt = chunkVXLUSU5B_cjs.randomBytes(32);
+      const publicKeyRaw = chunkVXLUSU5B_cjs.base64ToArrayBuffer(options.publicKeyB64);
+      const { x, y } = parsePublicKey(publicKeyRaw);
+      return {
+        version: "1.0",
+        keyExchange: {
+          algorithm: "ECDH",
+          namedCurve: "P-256"
+        },
+        encryption: {
+          algorithm: "AES-GCM",
+          keyLength: 256,
+          tagLength: 128
+        },
+        publicKey: {
+          kty: "EC",
+          crv: "P-256",
+          x: chunkVXLUSU5B_cjs.arrayBufferToBase64(x),
+          y: chunkVXLUSU5B_cjs.arrayBufferToBase64(y),
+          use: "enc",
+          key_ops: ["deriveKey"]
+        },
+        parameters: {
+          iv: chunkVXLUSU5B_cjs.arrayBufferToBase64(iv.buffer),
+          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+          sessionId: options.sessionId
+        },
+        derivation: {
+          algorithm: "HKDF",
+          hash: "SHA-256",
+          info: "message-exchange-v1",
+          salt: chunkVXLUSU5B_cjs.arrayBufferToBase64(salt.buffer)
+        }
+      };
+    }
+    throw new Error("Invalid encryption algorithm specified.");
+  }
+  /**
+   * Validate crypto payload format
+   */
+  static validatePayload(payload) {
+    try {
+      if (payload.version !== "1.0") {
+        return false;
+      }
+      if (!payload.parameters?.sessionId || !payload.parameters?.timestamp) {
+        return false;
+      }
+      if (payload.encryption?.algorithm === "AES-GCM") {
+        return !!(payload.keyExchange && payload.publicKey && payload.derivation);
+      }
+      if (payload.encryption?.algorithm === "plaintext") {
+        return true;
+      }
+      return false;
+    } catch {
+      return false;
+    }
+  }
+};
+chunkWGEGR3DF_cjs.__name(_CryptoPayloadHandler, "CryptoPayloadHandler");
+var CryptoPayloadHandler = _CryptoPayloadHandler;
+
+// src/crypto/diagnostics.ts
+async function testProvider(providerType, logger) {
+  const startTime = performance.now();
+  const operations = [];
+  let provider;
+  try {
+    switch (providerType) {
+      case "webcrypto":
+        provider = new (await import('./crypto/providers/webcrypto-provider.cjs')).WebCryptoProvider();
+        break;
+      case "noble":
+        provider = new (await import('./crypto/providers/noble-provider.cjs')).NobleCryptoProvider(logger);
+        break;
+      case "node":
+        provider = new (await import('./crypto/providers/node-provider.cjs')).NodeCryptoProvider(logger);
+        break;
+      case "quickcrypto":
+        provider = new (await import('./crypto/providers/quickcrypto-provider.cjs')).QuickCryptoProvider(logger);
+        break;
+      default:
+        throw new Error(`Unknown provider type: ${String(providerType)}`);
+    }
+    if (!provider.isAvailable) {
+      return {
+        provider: providerType,
+        available: false,
+        success: false,
+        operations: [],
+        totalDurationMs: performance.now() - startTime,
+        unavailableReason: `Provider ${providerType} not available in this environment`
+      };
+    }
+  } catch (error) {
+    return {
+      provider: providerType,
+      available: false,
+      success: false,
+      operations: [],
+      totalDurationMs: performance.now() - startTime,
+      unavailableReason: error instanceof Error ? error.message : String(error)
+    };
+  }
+  try {
+    const opStart = performance.now();
+    const bytes = provider.randomBytes(32);
+    const duration = performance.now() - opStart;
+    operations.push({
+      operation: "randomBytes",
+      success: true,
+      durationMs: duration,
+      details: {
+        bytesLength: bytes.byteLength
+      }
+    });
+  } catch (error) {
+    operations.push({
+      operation: "randomBytes",
+      success: false,
+      error: error instanceof Error ? error.message : String(error)
+    });
+  }
+  try {
+    const opStart = performance.now();
+    const keyPair = await provider.generateKeyPair();
+    const duration = performance.now() - opStart;
+    operations.push({
+      operation: "generateKeyPair",
+      success: true,
+      durationMs: duration,
+      details: {
+        publicKeyType: keyPair.publicKey.type,
+        privateKeyType: keyPair.privateKey.type
+      }
+    });
+  } catch (error) {
+    operations.push({
+      operation: "generateKeyPair",
+      success: false,
+      error: error instanceof Error ? error.message : String(error)
+    });
+  }
+  try {
+    const opStart = performance.now();
+    const keyPair = await provider.generateKeyPair();
+    const publicKeyData = await provider.exportPublicKey(keyPair.publicKey);
+    const importedPublicKey = await provider.importPublicKey(publicKeyData);
+    const duration = performance.now() - opStart;
+    operations.push({
+      operation: "exportImportKey",
+      success: true,
+      durationMs: duration,
+      details: {
+        exportedKeySize: publicKeyData.byteLength,
+        importedKeyType: importedPublicKey.type
+      }
+    });
+  } catch (error) {
+    operations.push({
+      operation: "exportImportKey",
+      success: false,
+      error: error instanceof Error ? error.message : String(error)
+    });
+  }
+  try {
+    const opStart = performance.now();
+    const keyPair1 = await provider.generateKeyPair();
+    const keyPair2 = await provider.generateKeyPair();
+    await provider.deriveSharedSecret(keyPair1.privateKey, keyPair2.publicKey);
+    await provider.deriveSharedSecret(keyPair2.privateKey, keyPair1.publicKey);
+    const duration = performance.now() - opStart;
+    operations.push({
+      operation: "deriveSharedSecret",
+      success: true,
+      durationMs: duration,
+      details: {
+        sharedSecretsGenerated: 2
+      }
+    });
+  } catch (error) {
+    operations.push({
+      operation: "deriveSharedSecret",
+      success: false,
+      error: error instanceof Error ? error.message : String(error)
+    });
+  }
+  try {
+    const opStart = performance.now();
+    const keyPair = await provider.generateKeyPair();
+    const sharedSecret = await provider.deriveSharedSecret(keyPair.privateKey, keyPair.publicKey);
+    const salt = provider.randomBytes(32);
+    const info = provider.randomBytes(32);
+    const encryptionKey = await provider.deriveEncryptionKey(sharedSecret, salt, info);
+    const plaintext = new TextEncoder().encode("Hello, World!");
+    const iv = provider.randomBytes(12);
+    const ciphertext = await provider.encrypt(encryptionKey, plaintext, iv);
+    const decrypted = await provider.decrypt(encryptionKey, ciphertext, iv);
+    const decryptedText = new TextDecoder().decode(decrypted);
+    const duration = performance.now() - opStart;
+    operations.push({
+      operation: "aesGcmEncryptDecrypt",
+      success: decryptedText === "Hello, World!",
+      durationMs: duration,
+      details: {
+        plaintextSize: plaintext.byteLength,
+        ciphertextSize: ciphertext.byteLength,
+        decryptedCorrectly: decryptedText === "Hello, World!"
+      }
+    });
+  } catch (error) {
+    operations.push({
+      operation: "aesGcmEncryptDecrypt",
+      success: false,
+      error: error instanceof Error ? error.message : String(error)
+    });
+  }
+  const totalDuration = performance.now() - startTime;
+  const allSuccess = operations.every((op) => op.success);
+  return {
+    provider: providerType,
+    available: true,
+    success: allSuccess,
+    operations,
+    totalDurationMs: totalDuration
+  };
+}
+chunkWGEGR3DF_cjs.__name(testProvider, "testProvider");
+async function benchmarkProvider(providerType, iterations = 10, logger) {
+  let provider;
+  try {
+    switch (providerType) {
+      case "webcrypto":
+        provider = new (await import('./crypto/providers/webcrypto-provider.cjs')).WebCryptoProvider();
+        break;
+      case "noble":
+        provider = new (await import('./crypto/providers/noble-provider.cjs')).NobleCryptoProvider(logger);
+        break;
+      case "node":
+        provider = new (await import('./crypto/providers/node-provider.cjs')).NodeCryptoProvider(logger);
+        break;
+      case "quickcrypto":
+        provider = new (await import('./crypto/providers/quickcrypto-provider.cjs')).QuickCryptoProvider(logger);
+        break;
+      default:
+        throw new Error(`Unknown provider type: ${String(providerType)}`);
+    }
+  } catch (error) {
+    throw new Error(
+      `Provider ${providerType} failed to initialize: ${error instanceof Error ? error.message : String(error)}`
+    );
+  }
+  if (!provider.isAvailable) {
+    throw new Error(`Provider ${providerType} not available for benchmarking`);
+  }
+  const ecdhTimes = [];
+  for (let i = 0; i < iterations; i++) {
+    const start = performance.now();
+    await provider.generateKeyPair();
+    ecdhTimes.push(performance.now() - start);
+  }
+  const randomBytesTimes = [];
+  for (let i = 0; i < iterations; i++) {
+    const start = performance.now();
+    provider.randomBytes(32);
+    randomBytesTimes.push(performance.now() - start);
+  }
+  const aesGcmTimes = [];
+  const keyPair = await provider.generateKeyPair();
+  const sharedSecret = await provider.deriveSharedSecret(keyPair.privateKey, keyPair.publicKey);
+  const salt = provider.randomBytes(32);
+  const info = provider.randomBytes(32);
+  const encryptionKey = await provider.deriveEncryptionKey(sharedSecret, salt, info);
+  const plaintext = provider.randomBytes(1024);
+  const iv = provider.randomBytes(12);
+  for (let i = 0; i < iterations; i++) {
+    const start = performance.now();
+    await provider.encrypt(encryptionKey, plaintext, iv);
+    aesGcmTimes.push(performance.now() - start);
+  }
+  return {
+    provider: providerType,
+    ecdh: {
+      avgMs: ecdhTimes.reduce((a, b) => a + b, 0) / iterations,
+      minMs: Math.min(...ecdhTimes),
+      maxMs: Math.max(...ecdhTimes),
+      iterations
+    },
+    randomBytes: {
+      avgMs: randomBytesTimes.reduce((a, b) => a + b, 0) / iterations,
+      minMs: Math.min(...randomBytesTimes),
+      maxMs: Math.max(...randomBytesTimes),
+      iterations
+    },
+    aesGcm: {
+      avgMs: aesGcmTimes.reduce((a, b) => a + b, 0) / iterations,
+      minMs: Math.min(...aesGcmTimes),
+      maxMs: Math.max(...aesGcmTimes),
+      iterations
+    }
+  };
+}
+chunkWGEGR3DF_cjs.__name(benchmarkProvider, "benchmarkProvider");
+async function diagnoseEnvironment(logger) {
+  const platform = chunkVXLUSU5B_cjs.detectPlatform();
+  const registeredProviders = chunkA6FLEJ7R_cjs.getRegisteredCryptoProviders();
+  const warnings = [];
+  const recommendations = [];
+  const providerTests = await Promise.all(
+    registeredProviders.map((type) => testProvider(type, logger))
+  );
+  const recommendedProvider = providerTests.find((test) => test.success && test.available)?.provider;
+  const capabilities = {
+    webcrypto: { available: false, tested: false, success: false },
+    node: { available: false, tested: false, success: false },
+    noble: { available: false, tested: false, success: false },
+    quickcrypto: { available: false, tested: false, success: false }
+  };
+  providerTests.forEach((test) => {
+    capabilities[test.provider] = {
+      available: test.available,
+      tested: true,
+      success: test.success
+    };
+  });
+  const detectionRecommendations = [];
+  if (!capabilities.noble.success) {
+    detectionRecommendations.push("Noble provider should always work as a fallback");
+  }
+  if (platform.isNode && !capabilities.node.tested) {
+    detectionRecommendations.push("Consider testing 'node' provider for optimal Node.js performance");
+  }
+  if (platform.isBrowser && !capabilities.webcrypto.tested) {
+    detectionRecommendations.push("Consider testing 'webcrypto' provider for browser environments");
+  }
+  const detection = {
+    webCrypto: capabilities.webcrypto.available && capabilities.webcrypto.success,
+    node: capabilities.node.available && capabilities.node.success,
+    noble: capabilities.noble.available && capabilities.noble.success,
+    quickCrypto: capabilities.quickcrypto.available && capabilities.quickcrypto.success,
+    recommended: recommendedProvider,
+    capabilities,
+    recommendations: detectionRecommendations
+  };
+  providerTests.forEach((test) => {
+    if (!test.success && test.available) {
+      warnings.push(`${test.provider} provider registered but failed operation tests`);
+    }
+  });
+  if (registeredProviders.length === 0) {
+    warnings.push("No crypto providers registered. Import at least one provider.");
+  }
+  if (!recommendedProvider) {
+    warnings.push("No working crypto provider found. All registered providers failed tests.");
+  }
+  if (platform.isNode) {
+    if (!registeredProviders.includes("node")) {
+      recommendations.push("Consider importing 'node' provider for optimal Node.js performance");
+    }
+    if (!recommendedProvider) {
+      recommendations.push("Import '@bananalink-sdk/protocol/crypto/provider/node' for Node.js");
+    }
+  } else if (platform.isBrowser) {
+    if (!registeredProviders.includes("webcrypto")) {
+      recommendations.push("Consider importing 'webcrypto' provider for browsers");
+    }
+    if (!recommendedProvider) {
+      recommendations.push("Import '@bananalink-sdk/protocol/crypto/provider/webcrypto' for browsers");
+    }
+  } else if (platform.isReactNative) {
+    if (!registeredProviders.includes("quickcrypto")) {
+      recommendations.push("Consider importing 'quickcrypto' provider for React Native");
+    }
+    if (!recommendedProvider) {
+      recommendations.push("Import '@bananalink-sdk/protocol/crypto/provider/quickcrypto' for React Native");
+    }
+  }
+  if (!recommendedProvider || registeredProviders.length === 0) {
+    recommendations.push("Import '@bananalink-sdk/protocol/crypto/provider/noble' as a universal fallback");
+  }
+  const diagnostics = {
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    platform,
+    detection,
+    registeredProviders,
+    providerTests,
+    recommendedProvider,
+    warnings,
+    recommendations,
+    toMarkdown() {
+      let md = "# Crypto Environment Diagnostics\n\n";
+      md += `**Generated:** ${this.timestamp}
+
+`;
+      md += "## Platform\n\n";
+      const platformType = this.platform.isNode ? "Node.js" : this.platform.isBrowser ? "Browser" : this.platform.isReactNative ? "React Native" : "Unknown";
+      md += `- **Type:** ${platformType}
+`;
+      if (this.platform.platform) {
+        md += `- **OS:** ${this.platform.platform}
+`;
+      }
+      if (this.platform.userAgent) {
+        const ua = this.platform.userAgent.length > 80 ? `${this.platform.userAgent.substring(0, 80)}...` : this.platform.userAgent;
+        md += `- **User Agent:** ${ua}
+`;
+      }
+      md += "\n";
+      md += "## Provider Detection\n\n";
+      md += `- **WebCrypto:** ${this.detection.webCrypto ? "\u2705" : "\u274C"}
+`;
+      md += `- **Node.js Crypto:** ${this.detection.node ? "\u2705" : "\u274C"}
+`;
+      md += `- **Noble (Pure JS):** ${this.detection.noble ? "\u2705" : "\u274C"}
+`;
+      md += `- **QuickCrypto (RN):** ${this.detection.quickCrypto ? "\u2705" : "\u274C"}
+`;
+      if (this.detection.recommended) {
+        md += `- **Recommended:** ${this.detection.recommended}
+`;
+      }
+      md += "\n";
+      md += "## Capabilities\n\n";
+      Object.entries(this.detection.capabilities).forEach(([provider, capability]) => {
+        const status = capability.tested ? capability.success ? "\u2705 Available" : "\u274C Failed" : "\u26AA Not Tested";
+        md += `- **${provider}:** ${status}
+`;
+      });
+      md += "\n";
+      md += "## Registered Providers\n\n";
+      if (this.registeredProviders.length === 0) {
+        md += "No providers registered.\n\n";
+      } else {
+        this.registeredProviders.forEach((provider) => {
+          md += `- ${provider}${provider === this.recommendedProvider ? " (recommended)" : ""}
+`;
+        });
+        md += "\n";
+      }
+      md += "## Provider Tests\n\n";
+      if (this.providerTests.length === 0) {
+        md += "No tests run (no providers registered).\n\n";
+      } else {
+        this.providerTests.forEach((test) => {
+          md += `### ${test.provider}
+
+`;
+          md += `- **Available:** ${test.available ? "\u2705" : "\u274C"}
+`;
+          if (!test.available) {
+            md += `- **Reason:** ${test.unavailableReason}
+`;
+          } else {
+            md += `- **Overall Success:** ${test.success ? "\u2705" : "\u274C"}
+`;
+            md += `- **Total Duration:** ${test.totalDurationMs.toFixed(2)}ms
+
+`;
+            md += "**Operations:**\n\n";
+            test.operations.forEach((op) => {
+              md += `- **${op.operation}:** ${op.success ? "\u2705" : "\u274C"}`;
+              if (op.durationMs) md += ` (${op.durationMs.toFixed(2)}ms)`;
+              if (op.error) md += ` - ${op.error}`;
+              md += "\n";
+            });
+          }
+          md += "\n";
+        });
+      }
+      md += "## Recommendations\n\n";
+      if (this.recommendedProvider) {
+        md += `- Recommended: Use '${this.recommendedProvider}' provider (passed all tests)
+`;
+      }
+      if (this.recommendations.length > 0) {
+        this.recommendations.forEach((rec) => {
+          md += `- ${rec}
+`;
+        });
+      }
+      md += "\n";
+      if (this.warnings.length > 0) {
+        md += "## Warnings\n\n";
+        this.warnings.forEach((warning) => {
+          md += `\u26A0\uFE0F ${warning}
+
+`;
+        });
+      }
+      return md;
+    },
+    toJSON() {
+      return JSON.stringify(
+        {
+          timestamp: this.timestamp,
+          platform: this.platform,
+          detection: this.detection,
+          registeredProviders: this.registeredProviders,
+          providerTests: this.providerTests,
+          recommendedProvider: this.recommendedProvider,
+          warnings: this.warnings,
+          recommendations: this.recommendations
+        },
+        null,
+        2
+      );
+    }
+  };
+  return diagnostics;
+}
+chunkWGEGR3DF_cjs.__name(diagnoseEnvironment, "diagnoseEnvironment");
+async function compareProviders(providers, iterations = 10, logger) {
+  const results = [];
+  for (const provider of providers) {
+    try {
+      const benchmark = await benchmarkProvider(provider, iterations, logger);
+      results.push(benchmark);
+    } catch (error) {
+      logger?.warn(`Failed to benchmark ${provider}:`, {
+        error: {
+          message: error instanceof Error ? error.message : String(error),
+          stack: error instanceof Error ? error.stack : void 0
+        }
+      });
+    }
+  }
+  return results;
+}
+chunkWGEGR3DF_cjs.__name(compareProviders, "compareProviders");
+
+Object.defineProperty(exports, "ComplianceCryptoProvider", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.ComplianceCryptoProvider; }
+});
+Object.defineProperty(exports, "CryptoCapabilityMissingError", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.CryptoCapabilityMissingError; }
+});
+Object.defineProperty(exports, "CryptoContext", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.CryptoContext; }
+});
+Object.defineProperty(exports, "CryptoError", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.CryptoError; }
+});
+Object.defineProperty(exports, "CryptoProviderUnavailableError", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.CryptoProviderUnavailableError; }
+});
+Object.defineProperty(exports, "DefaultComplianceAuditor", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.DefaultComplianceAuditor; }
+});
+Object.defineProperty(exports, "arrayBufferToBase64", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.arrayBufferToBase64; }
+});
+Object.defineProperty(exports, "arrayBufferToString", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.arrayBufferToString; }
+});
+Object.defineProperty(exports, "base64ToArrayBuffer", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.base64ToArrayBuffer; }
+});
+Object.defineProperty(exports, "createCryptoProvider", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.createCryptoProvider; }
+});
+Object.defineProperty(exports, "generateNonce", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.generateNonce; }
+});
+Object.defineProperty(exports, "generateUUID", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.generateUUID; }
+});
+Object.defineProperty(exports, "randomBytes", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.randomBytes; }
+});
+Object.defineProperty(exports, "stringToArrayBuffer", {
+  enumerable: true,
+  get: function () { return chunkVXLUSU5B_cjs.stringToArrayBuffer; }
+});
+Object.defineProperty(exports, "clearCryptoProviderRegistry", {
+  enumerable: true,
+  get: function () { return chunkA6FLEJ7R_cjs.clearCryptoProviderRegistry; }
+});
+Object.defineProperty(exports, "getCryptoProviderFactory", {
+  enumerable: true,
+  get: function () { return chunkA6FLEJ7R_cjs.getCryptoProviderFactory; }
+});
+Object.defineProperty(exports, "getRegisteredCryptoProviders", {
+  enumerable: true,
+  get: function () { return chunkA6FLEJ7R_cjs.getRegisteredCryptoProviders; }
+});
+Object.defineProperty(exports, "isCryptoProviderRegistered", {
+  enumerable: true,
+  get: function () { return chunkA6FLEJ7R_cjs.isCryptoProviderRegistered; }
+});
+Object.defineProperty(exports, "registerCryptoProvider", {
+  enumerable: true,
+  get: function () { return chunkA6FLEJ7R_cjs.registerCryptoProvider; }
+});
+exports.CryptoPayloadHandler = CryptoPayloadHandler;
+exports.SessionSecurity = SessionSecurity;
+exports.benchmarkProvider = benchmarkProvider;
+exports.compareProviders = compareProviders;
+exports.diagnoseEnvironment = diagnoseEnvironment;
+exports.testProvider = testProvider;
+//# sourceMappingURL=crypto-export.cjs.map
+//# sourceMappingURL=crypto-export.cjs.map