@bananalink-sdk/protocol 1.2.7

package/dist/chunk-VXLUSU5B.cjs

@@ -0,0 +1,856 @@
+'use strict';
+
+var chunkA6FLEJ7R_cjs = require('./chunk-A6FLEJ7R.cjs');
+var chunkWGEGR3DF_cjs = require('./chunk-WGEGR3DF.cjs');
+
+// src/crypto/errors.ts
+var _CryptoError = class _CryptoError extends Error {
+  constructor(message, code, context) {
+    super(message);
+    this.code = code;
+    this.context = context;
+    this.name = "CryptoError";
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, this.constructor);
+    }
+  }
+};
+chunkWGEGR3DF_cjs.__name(_CryptoError, "CryptoError");
+var CryptoError = _CryptoError;
+var _CryptoProviderUnavailableError = class _CryptoProviderUnavailableError extends CryptoError {
+  constructor(message, context) {
+    super(message, "PROVIDER_UNAVAILABLE", context);
+    this.name = "CryptoProviderUnavailableError";
+  }
+  /**
+   * Format a developer-friendly error message with context
+   * Includes available alternatives and actionable recommendations
+   */
+  toDevMessage() {
+    if (!this.context) {
+      return this.message;
+    }
+    const ctx = this.context;
+    const lines = [
+      this.message,
+      "",
+      "Available providers:",
+      ...ctx.availableProviders.map((p) => `  - ${p}`)
+    ];
+    if (ctx.recommendations.length > 0) {
+      lines.push("", "Recommendations:");
+      lines.push(...ctx.recommendations.map((r) => `  - ${r}`));
+    }
+    if (ctx.platform) {
+      const platformType = ctx.platform.isNode ? "Node.js" : ctx.platform.isBrowser ? "Browser" : ctx.platform.isReactNative ? "React Native" : "Unknown";
+      lines.push("", `Platform: ${platformType}`);
+      if (ctx.platform.platform) {
+        lines.push(`OS: ${ctx.platform.platform}`);
+      }
+      if (ctx.platform.userAgent) {
+        const ua = ctx.platform.userAgent;
+        const truncated = ua.length > 100 ? `${ua.substring(0, 100)}...` : ua;
+        lines.push(`User Agent: ${truncated}`);
+      }
+    }
+    return lines.join("\n");
+  }
+};
+chunkWGEGR3DF_cjs.__name(_CryptoProviderUnavailableError, "CryptoProviderUnavailableError");
+var CryptoProviderUnavailableError = _CryptoProviderUnavailableError;
+var _CryptoCapabilityMissingError = class _CryptoCapabilityMissingError extends CryptoError {
+  constructor(operation, provider, reason) {
+    super(
+      `Crypto operation '${operation}' is not available in provider '${provider}': ${reason}`,
+      "CAPABILITY_MISSING",
+      { operation, provider, reason }
+    );
+    this.name = "CryptoCapabilityMissingError";
+  }
+};
+chunkWGEGR3DF_cjs.__name(_CryptoCapabilityMissingError, "CryptoCapabilityMissingError");
+var CryptoCapabilityMissingError = _CryptoCapabilityMissingError;
+
+// src/crypto/providers/compliance-provider.ts
+var _DefaultComplianceAuditor = class _DefaultComplianceAuditor {
+  constructor(logger) {
+    this.auditLog = [];
+    this.logger = logger?.child({ component: "ComplianceAuditor" });
+  }
+  logEvent(event) {
+    this.auditLog.push(event);
+    this.logger?.info("Compliance audit event", {
+      eventType: event.eventType,
+      success: event.success,
+      sessionId: event.sessionId,
+      timestamp: event.timestamp
+    });
+  }
+  getAuditLog() {
+    return [...this.auditLog];
+  }
+  clearAuditLog() {
+    this.auditLog = [];
+    this.logger?.debug("Compliance audit log cleared");
+  }
+};
+chunkWGEGR3DF_cjs.__name(_DefaultComplianceAuditor, "DefaultComplianceAuditor");
+var DefaultComplianceAuditor = _DefaultComplianceAuditor;
+var _ComplianceCryptoProvider = class _ComplianceCryptoProvider {
+  constructor(underlyingProvider, config = {}, logger) {
+    this.underlyingProvider = underlyingProvider;
+    this.config = config;
+    this.auditor = config.auditor || new DefaultComplianceAuditor(logger);
+    this.logger = logger?.child({
+      component: "ComplianceCryptoProvider",
+      underlyingProvider: underlyingProvider.name
+    });
+    this.name = `Compliance(${underlyingProvider.name})`;
+    this.isAvailable = underlyingProvider.isAvailable;
+  }
+  /**
+   * Create compliance audit event
+   */
+  createAuditEvent(eventType, success, metadata = {}, error) {
+    return {
+      eventType,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      sessionId: this.config.sessionId,
+      success,
+      error,
+      metadata,
+      ...metadata
+    };
+  }
+  /**
+   * Validate key usage restrictions
+   */
+  validateKeyUsage(operation, keyUsages, dataSize) {
+    const restrictions = this.config.keyRestrictions;
+    if (!restrictions) return;
+    if (restrictions.requireSessionId && !this.config.sessionId) {
+      throw new Error("Session ID required for compliance but not provided");
+    }
+    if (restrictions.maxDataSize && dataSize && dataSize > restrictions.maxDataSize) {
+      throw new Error(`Data size ${dataSize} exceeds maximum allowed ${restrictions.maxDataSize} bytes`);
+    }
+    if (keyUsages && restrictions.requiredKeyUsages) {
+      const hasRequiredUsage = restrictions.requiredKeyUsages.some((usage) => keyUsages.includes(usage));
+      if (!hasRequiredUsage) {
+        throw new Error(`Key must have one of required usages: ${restrictions.requiredKeyUsages.join(", ")}`);
+      }
+    }
+    if (keyUsages && restrictions.forbiddenKeyUsages) {
+      const hasForbiddenUsage = restrictions.forbiddenKeyUsages.some((usage) => keyUsages.includes(usage));
+      if (hasForbiddenUsage) {
+        throw new Error(`Key has forbidden usage. Forbidden: ${restrictions.forbiddenKeyUsages.join(", ")}`);
+      }
+    }
+    if (operation === "export" && restrictions.allowKeyExport === false) {
+      throw new Error("Key export is forbidden by compliance policy");
+    }
+    if (operation === "import" && restrictions.allowKeyImport === false) {
+      throw new Error("Key import is forbidden by compliance policy");
+    }
+  }
+  /**
+   * Generate ECDH P-256 key pair with compliance audit
+   */
+  async generateKeyPair() {
+    const startTime = Date.now();
+    try {
+      this.logger?.debug("Generating key pair with compliance audit");
+      const keyPair = await this.underlyingProvider.generateKeyPair();
+      this.validateKeyUsage("generation", keyPair.privateKey.usages);
+      this.auditor.logEvent(this.createAuditEvent("key_generation", true, {
+        algorithm: keyPair.privateKey.algorithm,
+        keyUsage: keyPair.privateKey.usages,
+        duration: Date.now() - startTime
+      }));
+      return keyPair;
+    } catch (error) {
+      this.auditor.logEvent(this.createAuditEvent("key_generation", false, {
+        duration: Date.now() - startTime
+      }, error instanceof Error ? error.message : String(error)));
+      throw error;
+    }
+  }
+  /**
+   * Export public key with compliance audit
+   */
+  async exportPublicKey(publicKey) {
+    const startTime = Date.now();
+    try {
+      this.validateKeyUsage("export", publicKey.usages);
+      const keyData = await this.underlyingProvider.exportPublicKey(publicKey);
+      this.auditor.logEvent(this.createAuditEvent("key_export", true, {
+        keyType: "public",
+        algorithm: publicKey.algorithm,
+        keySize: keyData.byteLength,
+        duration: Date.now() - startTime
+      }));
+      return keyData;
+    } catch (error) {
+      this.auditor.logEvent(this.createAuditEvent("key_export", false, {
+        keyType: "public",
+        algorithm: publicKey.algorithm,
+        duration: Date.now() - startTime
+      }, error instanceof Error ? error.message : String(error)));
+      throw error;
+    }
+  }
+  /**
+   * Export private key with compliance audit
+   */
+  async exportPrivateKey(privateKey) {
+    const startTime = Date.now();
+    try {
+      this.validateKeyUsage("export", privateKey.usages);
+      if (this.config.enableStrictMode) {
+        this.logger?.warn("Private key export in strict compliance mode", {
+          sessionId: this.config.sessionId,
+          algorithm: privateKey.algorithm
+        });
+      }
+      const keyData = await this.underlyingProvider.exportPrivateKey(privateKey);
+      this.auditor.logEvent(this.createAuditEvent("key_export", true, {
+        keyType: "private",
+        algorithm: privateKey.algorithm,
+        keySize: keyData.byteLength,
+        strictMode: this.config.enableStrictMode,
+        duration: Date.now() - startTime
+      }));
+      return keyData;
+    } catch (error) {
+      this.auditor.logEvent(this.createAuditEvent("key_export", false, {
+        keyType: "private",
+        algorithm: privateKey.algorithm,
+        strictMode: this.config.enableStrictMode,
+        duration: Date.now() - startTime
+      }, error instanceof Error ? error.message : String(error)));
+      throw error;
+    }
+  }
+  /**
+   * Import public key with compliance audit
+   */
+  async importPublicKey(keyData) {
+    const startTime = Date.now();
+    try {
+      this.validateKeyUsage("import");
+      const key = await this.underlyingProvider.importPublicKey(keyData);
+      this.auditor.logEvent(this.createAuditEvent("key_import", true, {
+        keyType: "public",
+        algorithm: key.algorithm,
+        keySize: keyData.byteLength,
+        keyUsage: key.usages,
+        duration: Date.now() - startTime
+      }));
+      return key;
+    } catch (error) {
+      this.auditor.logEvent(this.createAuditEvent("key_import", false, {
+        keyType: "public",
+        keySize: keyData.byteLength,
+        duration: Date.now() - startTime
+      }, error instanceof Error ? error.message : String(error)));
+      throw error;
+    }
+  }
+  /**
+   * Import private key with compliance audit
+   */
+  async importPrivateKey(keyData) {
+    const startTime = Date.now();
+    try {
+      this.validateKeyUsage("import");
+      const key = await this.underlyingProvider.importPrivateKey(keyData);
+      this.auditor.logEvent(this.createAuditEvent("key_import", true, {
+        keyType: "private",
+        algorithm: key.algorithm,
+        keySize: keyData.byteLength,
+        keyUsage: key.usages,
+        duration: Date.now() - startTime
+      }));
+      return key;
+    } catch (error) {
+      this.auditor.logEvent(this.createAuditEvent("key_import", false, {
+        keyType: "private",
+        keySize: keyData.byteLength,
+        duration: Date.now() - startTime
+      }, error instanceof Error ? error.message : String(error)));
+      throw error;
+    }
+  }
+  /**
+   * Derive shared secret with compliance audit
+   */
+  async deriveSharedSecret(privateKey, publicKey) {
+    const startTime = Date.now();
+    try {
+      this.validateKeyUsage("derivation", privateKey.usages);
+      const sharedSecret = await this.underlyingProvider.deriveSharedSecret(privateKey, publicKey);
+      this.auditor.logEvent(this.createAuditEvent("key_derivation", true, {
+        operation: "ECDH",
+        algorithm: privateKey.algorithm,
+        duration: Date.now() - startTime
+      }));
+      return sharedSecret;
+    } catch (error) {
+      this.auditor.logEvent(this.createAuditEvent("key_derivation", false, {
+        operation: "ECDH",
+        algorithm: privateKey.algorithm,
+        duration: Date.now() - startTime
+      }, error instanceof Error ? error.message : String(error)));
+      throw error;
+    }
+  }
+  /**
+   * Derive encryption key with compliance audit
+   */
+  async deriveEncryptionKey(sharedSecret, salt, info) {
+    const startTime = Date.now();
+    try {
+      const encryptionKey = await this.underlyingProvider.deriveEncryptionKey(sharedSecret, salt, info);
+      this.auditor.logEvent(this.createAuditEvent("key_derivation", true, {
+        operation: "HKDF",
+        algorithm: "HKDF-SHA256",
+        saltSize: salt.byteLength,
+        infoSize: info.byteLength,
+        duration: Date.now() - startTime
+      }));
+      return encryptionKey;
+    } catch (error) {
+      this.auditor.logEvent(this.createAuditEvent("key_derivation", false, {
+        operation: "HKDF",
+        algorithm: "HKDF-SHA256",
+        saltSize: salt.byteLength,
+        infoSize: info.byteLength,
+        duration: Date.now() - startTime
+      }, error instanceof Error ? error.message : String(error)));
+      throw error;
+    }
+  }
+  /**
+   * Generate random bytes with compliance audit
+   */
+  randomBytes(length) {
+    const startTime = Date.now();
+    try {
+      const randomData = this.underlyingProvider.randomBytes(length);
+      this.auditor.logEvent(this.createAuditEvent("random_generation", true, {
+        length,
+        duration: Date.now() - startTime
+      }));
+      return randomData;
+    } catch (error) {
+      this.auditor.logEvent(this.createAuditEvent("random_generation", false, {
+        length,
+        duration: Date.now() - startTime
+      }, error instanceof Error ? error.message : String(error)));
+      throw error;
+    }
+  }
+  /**
+   * Encrypt data with compliance audit
+   */
+  async encrypt(key, data, iv) {
+    const startTime = Date.now();
+    try {
+      this.validateKeyUsage("encryption", key.usages, data.byteLength);
+      const ciphertext = await this.underlyingProvider.encrypt(key, data, iv);
+      this.auditor.logEvent(this.createAuditEvent("encryption", true, {
+        algorithm: key.algorithm,
+        dataSize: data.byteLength,
+        ivSize: iv.byteLength,
+        ciphertextSize: ciphertext.byteLength,
+        duration: Date.now() - startTime
+      }));
+      return ciphertext;
+    } catch (error) {
+      this.auditor.logEvent(this.createAuditEvent("encryption", false, {
+        algorithm: key.algorithm,
+        dataSize: data.byteLength,
+        ivSize: iv.byteLength,
+        duration: Date.now() - startTime
+      }, error instanceof Error ? error.message : String(error)));
+      throw error;
+    }
+  }
+  /**
+   * Decrypt data with compliance audit
+   */
+  async decrypt(key, data, iv) {
+    const startTime = Date.now();
+    try {
+      this.validateKeyUsage("decryption", key.usages, data.byteLength);
+      const plaintext = await this.underlyingProvider.decrypt(key, data, iv);
+      this.auditor.logEvent(this.createAuditEvent("decryption", true, {
+        algorithm: key.algorithm,
+        dataSize: data.byteLength,
+        ivSize: iv.byteLength,
+        plaintextSize: plaintext.byteLength,
+        duration: Date.now() - startTime
+      }));
+      return plaintext;
+    } catch (error) {
+      this.auditor.logEvent(this.createAuditEvent("decryption", false, {
+        algorithm: key.algorithm,
+        dataSize: data.byteLength,
+        ivSize: iv.byteLength,
+        duration: Date.now() - startTime
+      }, error instanceof Error ? error.message : String(error)));
+      throw error;
+    }
+  }
+  /**
+   * Generate HMAC with compliance audit
+   */
+  async generateHMAC(key, data) {
+    const startTime = Date.now();
+    try {
+      this.validateKeyUsage("hmac", key.usages, data.byteLength);
+      const mac = await this.underlyingProvider.generateHMAC(key, data);
+      this.auditor.logEvent(this.createAuditEvent("hmac_generation", true, {
+        algorithm: "HMAC-SHA256",
+        dataSize: data.byteLength,
+        macSize: mac.byteLength,
+        duration: Date.now() - startTime
+      }));
+      return mac;
+    } catch (error) {
+      this.auditor.logEvent(this.createAuditEvent("hmac_generation", false, {
+        algorithm: "HMAC-SHA256",
+        dataSize: data.byteLength,
+        duration: Date.now() - startTime
+      }, error instanceof Error ? error.message : String(error)));
+      throw error;
+    }
+  }
+  /**
+   * Verify HMAC with compliance audit
+   */
+  async verifyHMAC(key, data, mac) {
+    const startTime = Date.now();
+    try {
+      this.validateKeyUsage("hmac", key.usages, data.byteLength);
+      const isValid = await this.underlyingProvider.verifyHMAC(key, data, mac);
+      this.auditor.logEvent(this.createAuditEvent("hmac_verification", true, {
+        algorithm: "HMAC-SHA256",
+        dataSize: data.byteLength,
+        macSize: mac.byteLength,
+        verified: isValid,
+        duration: Date.now() - startTime
+      }));
+      return isValid;
+    } catch (error) {
+      this.auditor.logEvent(this.createAuditEvent("hmac_verification", false, {
+        algorithm: "HMAC-SHA256",
+        dataSize: data.byteLength,
+        macSize: mac.byteLength,
+        duration: Date.now() - startTime
+      }, error instanceof Error ? error.message : String(error)));
+      throw error;
+    }
+  }
+  /**
+   * Get compliance auditor for external access
+   */
+  getAuditor() {
+    return this.auditor;
+  }
+  /**
+   * Update compliance configuration
+   */
+  updateConfig(newConfig) {
+    Object.assign(this.config, newConfig);
+    this.logger?.debug("Compliance configuration updated", newConfig);
+  }
+  /**
+   * Get underlying provider (for debugging/testing)
+   */
+  getUnderlyingProvider() {
+    return this.underlyingProvider;
+  }
+};
+chunkWGEGR3DF_cjs.__name(_ComplianceCryptoProvider, "ComplianceCryptoProvider");
+var ComplianceCryptoProvider = _ComplianceCryptoProvider;
+
+// src/crypto/context.ts
+var _CryptoContextManager = class _CryptoContextManager {
+  constructor() {
+    this.provider = null;
+    this.config = null;
+    this.initialized = false;
+    this.initializing = false;
+  }
+  /**
+   * Initialize the crypto context with specific configuration
+   *
+   * @param config - Provider configuration options
+   * @throws Error if already initialized (call reset() first)
+   * @throws CryptoProviderUnavailableError if strict mode enabled and provider unavailable
+   */
+  initialize(config = {}) {
+    if (this.initialized && this.provider) {
+      throw new Error(
+        "CryptoContext already initialized. Call CryptoContext.reset() first to reconfigure."
+      );
+    }
+    if (config.strict && config.type) {
+      const availableProviders = chunkA6FLEJ7R_cjs.getRegisteredCryptoProviders();
+      if (!availableProviders.includes(config.type)) {
+        const platform = detectPlatform();
+        const recommendations = [
+          `Import the provider: import '@bananalink-sdk/protocol/crypto/provider/${config.type}'`,
+          "Ensure the provider package is installed"
+        ];
+        if (config.type === "quickcrypto" && !platform.isReactNative) {
+          recommendations.push("QuickCrypto requires React Native environment");
+          if (platform.isNode) {
+            recommendations.push("Try 'node' provider for Node.js");
+          } else if (platform.isBrowser) {
+            recommendations.push("Try 'webcrypto' provider for browsers");
+          }
+        }
+        if (availableProviders.includes("noble")) {
+          recommendations.push("'noble' provider works in all environments as a fallback");
+        }
+        throw new CryptoProviderUnavailableError(
+          `Strict mode: Crypto provider '${config.type}' is not registered. Did you forget to import it?`,
+          {
+            requestedProvider: config.type,
+            availableProviders,
+            platform,
+            recommendations
+          }
+        );
+      }
+    }
+    this.config = config;
+    this.provider = this.createProvider(config);
+    this.initialized = true;
+  }
+  /**
+   * Get the active crypto provider
+   * Automatically initializes with default config if not already initialized
+   *
+   * @returns The active crypto provider instance
+   * @throws Error if called concurrently during initialization
+   *
+   * @remarks
+   * This method performs lazy initialization on first call. It is NOT safe to call
+   * concurrently from multiple contexts before initialization completes (e.g., from
+   * Worker threads or Promise.all). For concurrent access scenarios, explicitly call
+   * initialize() first to ensure the provider is ready before concurrent operations begin.
+   *
+   * @example
+   * ```typescript
+   * // Safe: Single-threaded lazy initialization
+   * const provider = CryptoContext.getProvider();
+   *
+   * // Safe: Pre-initialize for concurrent access
+   * CryptoContext.initialize({ type: 'noble' });
+   * await Promise.all([
+   *   operation1(CryptoContext.getProvider()),
+   *   operation2(CryptoContext.getProvider())
+   * ]);
+   *
+   * // Unsafe: Concurrent calls during lazy initialization
+   * await Promise.all([
+   *   operation1(CryptoContext.getProvider()), // May throw if not initialized yet
+   *   operation2(CryptoContext.getProvider())
+   * ]);
+   * ```
+   */
+  getProvider() {
+    if (this.provider) {
+      return this.provider;
+    }
+    if (this.initializing) {
+      throw new Error(
+        "CryptoContext initialization in progress. Avoid concurrent calls to getProvider() during initialization."
+      );
+    }
+    this.initializing = true;
+    try {
+      this.initialize();
+      if (!this.provider) {
+        throw new Error("CryptoContext initialization failed: provider is null");
+      }
+      return this.provider;
+    } finally {
+      this.initializing = false;
+    }
+  }
+  /**
+   * Set a custom provider instance
+   * Useful for testing or advanced use cases
+   *
+   * @param provider - Custom provider instance
+   */
+  setProvider(provider) {
+    this.provider = provider;
+    this.initialized = true;
+  }
+  /**
+   * Check if context has been explicitly initialized
+   */
+  isInitialized() {
+    return this.initialized;
+  }
+  /**
+   * Get current configuration
+   */
+  getConfig() {
+    return this.config;
+  }
+  /**
+   * Reset the context (for testing or reconfiguration)
+   */
+  reset() {
+    this.provider = null;
+    this.config = null;
+    this.initialized = false;
+    this.initializing = false;
+  }
+  /**
+   * Create a provider instance from configuration
+   */
+  createProvider(config) {
+    const baseProvider = createCryptoProvider(config.type, config.logger, config.strict);
+    if (config.compliance?.enabled) {
+      return new ComplianceCryptoProvider(baseProvider, config.compliance);
+    }
+    return baseProvider;
+  }
+};
+chunkWGEGR3DF_cjs.__name(_CryptoContextManager, "CryptoContextManager");
+var CryptoContextManager = _CryptoContextManager;
+var CryptoContext = new CryptoContextManager();
+
+// src/crypto/utils.ts
+function randomBytes(length, provider) {
+  const activeProvider = provider || CryptoContext.getProvider();
+  const buffer = activeProvider.randomBytes(length);
+  return new Uint8Array(buffer);
+}
+chunkWGEGR3DF_cjs.__name(randomBytes, "randomBytes");
+function arrayBufferToBase64(buffer) {
+  const bytes = new Uint8Array(buffer);
+  let binary = "";
+  for (let i = 0; i < bytes.byteLength; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary);
+}
+chunkWGEGR3DF_cjs.__name(arrayBufferToBase64, "arrayBufferToBase64");
+function base64ToArrayBuffer(base64) {
+  const cleanBase64 = base64.replace(/[^A-Za-z0-9+/=]/g, "");
+  let paddedBase64 = cleanBase64;
+  while (paddedBase64.length % 4 !== 0) {
+    paddedBase64 += "=";
+  }
+  try {
+    const binary = atob(paddedBase64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+      bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes.buffer;
+  } catch (error) {
+    throw new Error(`Failed to decode base64 string: ${error instanceof Error ? error.message : "Invalid base64 format"}. Original string: ${base64.substring(0, 50)}...`);
+  }
+}
+chunkWGEGR3DF_cjs.__name(base64ToArrayBuffer, "base64ToArrayBuffer");
+function stringToArrayBuffer(str) {
+  return new TextEncoder().encode(str).buffer;
+}
+chunkWGEGR3DF_cjs.__name(stringToArrayBuffer, "stringToArrayBuffer");
+function arrayBufferToString(buffer) {
+  return new TextDecoder().decode(buffer);
+}
+chunkWGEGR3DF_cjs.__name(arrayBufferToString, "arrayBufferToString");
+function generateNonce(length = 32, provider) {
+  const bytes = randomBytes(length, provider);
+  return Array.from(bytes, (byte) => byte.toString(16).padStart(2, "0")).join("");
+}
+chunkWGEGR3DF_cjs.__name(generateNonce, "generateNonce");
+function generateUUID(provider) {
+  const bytes = randomBytes(16, provider);
+  bytes[6] = bytes[6] & 15 | 64;
+  bytes[8] = bytes[8] & 63 | 128;
+  const hex = Array.from(bytes, (byte) => byte.toString(16).padStart(2, "0")).join("");
+  return [
+    hex.slice(0, 8),
+    hex.slice(8, 12),
+    hex.slice(12, 16),
+    hex.slice(16, 20),
+    hex.slice(20, 32)
+  ].join("-");
+}
+chunkWGEGR3DF_cjs.__name(generateUUID, "generateUUID");
+function detectPlatform() {
+  const isNode = typeof process !== "undefined" && process.versions != null && process.versions.node != null;
+  const isBrowser = typeof window !== "undefined" && typeof document !== "undefined";
+  const isReactNative = typeof navigator !== "undefined" && navigator.product === "ReactNative";
+  let platform;
+  if (isNode && typeof process.platform === "string") {
+    platform = process.platform;
+  }
+  let userAgent;
+  if (typeof navigator !== "undefined" && typeof navigator.userAgent === "string") {
+    userAgent = navigator.userAgent;
+  }
+  return {
+    isNode,
+    isBrowser,
+    isReactNative,
+    platform,
+    userAgent
+  };
+}
+chunkWGEGR3DF_cjs.__name(detectPlatform, "detectPlatform");
+
+// src/crypto/providers/factory.ts
+function generateRecommendations(requestedProvider, platform) {
+  const recommendations = [];
+  if (requestedProvider === "webcrypto") {
+    recommendations.push("WebCrypto requires a browser or Node.js 15+ environment");
+    if (platform.isNode) {
+      recommendations.push("Try 'node' provider for Node.js");
+    }
+  } else if (requestedProvider === "node") {
+    recommendations.push("Node crypto requires Node.js environment");
+    if (platform.isBrowser) {
+      recommendations.push("Try 'webcrypto' provider for browsers");
+    }
+  } else if (requestedProvider === "quickcrypto") {
+    recommendations.push("QuickCrypto requires React Native environment");
+    if (!platform.isReactNative) {
+      if (platform.isNode) {
+        recommendations.push("Try 'node' provider for Node.js");
+      } else if (platform.isBrowser) {
+        recommendations.push("Try 'webcrypto' provider for browsers");
+      }
+    }
+  }
+  recommendations.push("'noble' provider works in all environments as a fallback");
+  recommendations.push(`Import the provider: import '@bananalink-sdk/protocol/crypto/provider/${requestedProvider}'`);
+  return recommendations;
+}
+chunkWGEGR3DF_cjs.__name(generateRecommendations, "generateRecommendations");
+function createCryptoProvider(preferredProvider, logger, strict) {
+  const registeredProviders = chunkA6FLEJ7R_cjs.getRegisteredCryptoProviders();
+  logger?.debug("Creating crypto provider", {
+    preferredProvider,
+    strict,
+    registeredProviders
+  });
+  let providerType = preferredProvider;
+  if (!providerType) {
+    if (registeredProviders.length === 0) {
+      throw new CryptoProviderUnavailableError(
+        "No crypto providers are registered. Did you forget to import a provider?",
+        {
+          availableProviders: [],
+          recommendations: [
+            "Import at least one crypto provider, e.g.: import '@bananalink-sdk/protocol/crypto/provider/noble'",
+            "Noble provider is recommended as a universal fallback"
+          ]
+        }
+      );
+    } else if (registeredProviders.length === 1) {
+      providerType = registeredProviders[0];
+      logger?.debug(`Auto-selected '${providerType}' provider (only one registered)`);
+    } else {
+      throw new CryptoProviderUnavailableError(
+        `Multiple crypto providers registered: ${registeredProviders.join(", ")}. Either import only one provider OR explicitly set cryptoProvider.type. Example: cryptoProvider: { type: '${registeredProviders[0]}' }`,
+        {
+          availableProviders: registeredProviders,
+          recommendations: [
+            `Import only one crypto provider, or specify which one to use`,
+            `Registered providers: ${registeredProviders.join(", ")}`,
+            `Set cryptoProvider.type to one of the registered providers`
+          ]
+        }
+      );
+    }
+  }
+  try {
+    const factory = chunkA6FLEJ7R_cjs.getCryptoProviderFactory(providerType);
+    const provider = factory(logger);
+    logger?.info(`Using ${provider.name} crypto provider`, {
+      providerType,
+      isAvailable: provider.isAvailable
+    });
+    return provider;
+  } catch (error) {
+    const userRequestedSpecificProvider = preferredProvider !== void 0;
+    if (strict && userRequestedSpecificProvider) {
+      if (error instanceof CryptoProviderUnavailableError) {
+        throw error;
+      }
+      const platform2 = detectPlatform();
+      const availableProviders = chunkA6FLEJ7R_cjs.getRegisteredCryptoProviders();
+      const recommendations2 = generateRecommendations(providerType, platform2);
+      throw new CryptoProviderUnavailableError(
+        `Strict mode: Crypto provider '${providerType}' failed to initialize: ${error instanceof Error ? error.message : String(error)}`,
+        {
+          requestedProvider: providerType,
+          availableProviders,
+          platform: platform2,
+          recommendations: recommendations2
+        }
+      );
+    }
+    logger?.warn(`Failed to create '${providerType}' provider, trying fallback`, {
+      error: error instanceof Error ? { message: error.message } : { message: String(error) }
+    });
+    for (const fallbackType of registeredProviders) {
+      if (fallbackType === providerType) continue;
+      try {
+        const factory = chunkA6FLEJ7R_cjs.getCryptoProviderFactory(fallbackType);
+        const provider = factory(logger);
+        logger?.info(`Using ${provider.name} crypto provider (fallback)`, {
+          originalType: providerType,
+          fallbackType
+        });
+        return provider;
+      } catch (fallbackError) {
+        logger?.debug(`Fallback to '${fallbackType}' failed`, {
+          error: fallbackError instanceof Error ? { message: fallbackError.message } : { message: String(fallbackError) }
+        });
+      }
+    }
+    const platform = detectPlatform();
+    const recommendations = generateRecommendations(providerType, platform);
+    throw new CryptoProviderUnavailableError(
+      `Failed to create any crypto provider. Requested: '${providerType}'`,
+      {
+        requestedProvider: providerType,
+        availableProviders: registeredProviders,
+        platform,
+        recommendations
+      }
+    );
+  }
+}
+chunkWGEGR3DF_cjs.__name(createCryptoProvider, "createCryptoProvider");
+
+exports.ComplianceCryptoProvider = ComplianceCryptoProvider;
+exports.CryptoCapabilityMissingError = CryptoCapabilityMissingError;
+exports.CryptoContext = CryptoContext;
+exports.CryptoError = CryptoError;
+exports.CryptoProviderUnavailableError = CryptoProviderUnavailableError;
+exports.DefaultComplianceAuditor = DefaultComplianceAuditor;
+exports.arrayBufferToBase64 = arrayBufferToBase64;
+exports.arrayBufferToString = arrayBufferToString;
+exports.base64ToArrayBuffer = base64ToArrayBuffer;
+exports.createCryptoProvider = createCryptoProvider;
+exports.detectPlatform = detectPlatform;
+exports.generateNonce = generateNonce;
+exports.generateUUID = generateUUID;
+exports.randomBytes = randomBytes;
+exports.stringToArrayBuffer = stringToArrayBuffer;
+//# sourceMappingURL=chunk-VXLUSU5B.cjs.map
+//# sourceMappingURL=chunk-VXLUSU5B.cjs.map