@dwk/webauthn 0.1.0-beta.0

package/dist/cose.js

@@ -0,0 +1,191 @@
+/**
+ * COSE_Key (RFC 9052) → JWK conversion and the Web Crypto parameters for the
+ * COSE signature algorithms a WebAuthn relying party accepts.
+ *
+ * Authenticators hand the relying party a credential public key as a COSE_Key
+ * (an integer-keyed CBOR map) and sign assertions with a COSE algorithm
+ * identifier. This module narrows that to the algorithms we support — the same
+ * asymmetric set as `@dwk/dpop` (ES256/ES384, RS256/PS256) — and produces a JWK
+ * plus the `importKey`/`verify` parameter objects, so verification stays on Web
+ * Crypto with no external dependency.
+ *
+ * Web Crypto's ECDSA `verify` expects a raw `r‖s` signature, but WebAuthn EC
+ * assertions are ASN.1 DER `SEQUENCE { r, s }`; {@link derToRawEcdsaSignature}
+ * bridges that gap.
+ */
+import { bytesToBase64url } from "./encoding";
+/** COSE_Key map labels (RFC 9052 §7, RFC 9053). */
+const COSE_KTY = 1;
+const COSE_ALG = 3;
+const COSE_EC_CRV = -1;
+const COSE_EC_X = -2;
+const COSE_EC_Y = -3;
+const COSE_RSA_N = -1;
+const COSE_RSA_E = -2;
+/** COSE key types we accept. */
+const KTY_EC2 = 2;
+const KTY_RSA = 3;
+/** COSE elliptic curves (RFC 9053 §7.1). */
+const CRV_P256 = 1;
+const CRV_P384 = 2;
+const CRV_P521 = 3;
+/** COSE algorithm identifiers (the asymmetric subset we accept). */
+export const COSE_ALG_ES256 = -7;
+export const COSE_ALG_ES384 = -35;
+export const COSE_ALG_ES512 = -36;
+export const COSE_ALG_RS256 = -257;
+export const COSE_ALG_PS256 = -37;
+/** Default `pubKeyCredParams`, most-preferred first: ES256 then RS256. */
+export const DEFAULT_COSE_ALGORITHMS = [
+    COSE_ALG_ES256,
+    COSE_ALG_RS256,
+];
+/** Thrown when a COSE_Key is malformed or uses an unsupported algorithm. */
+export class CoseError extends Error {
+}
+function intValue(map, label) {
+    const v = map.get(label);
+    return typeof v === "number" ? v : null;
+}
+function bytesValue(map, label) {
+    const v = map.get(label);
+    return v instanceof Uint8Array ? v : null;
+}
+function ecCurveName(crv) {
+    switch (crv) {
+        case CRV_P256:
+            return "P-256";
+        case CRV_P384:
+            return "P-384";
+        case CRV_P521:
+            return "P-521";
+        default:
+            return null;
+    }
+}
+/** Convert a decoded COSE_Key map to a JWK plus its declared algorithm. */
+export function coseToKey(map) {
+    const kty = intValue(map, COSE_KTY);
+    const alg = intValue(map, COSE_ALG);
+    if (kty === null || alg === null) {
+        throw new CoseError("COSE_Key missing kty/alg");
+    }
+    if (kty === KTY_EC2) {
+        const crv = intValue(map, COSE_EC_CRV);
+        const x = bytesValue(map, COSE_EC_X);
+        const y = bytesValue(map, COSE_EC_Y);
+        if (crv === null || x === null || y === null) {
+            throw new CoseError("COSE EC2 key missing crv/x/y");
+        }
+        const curve = ecCurveName(crv);
+        if (curve === null)
+            throw new CoseError(`unsupported COSE curve ${crv}`);
+        return {
+            jwk: {
+                kty: "EC",
+                crv: curve,
+                x: bytesToBase64url(x),
+                y: bytesToBase64url(y),
+            },
+            alg,
+        };
+    }
+    if (kty === KTY_RSA) {
+        const n = bytesValue(map, COSE_RSA_N);
+        const e = bytesValue(map, COSE_RSA_E);
+        if (n === null || e === null) {
+            throw new CoseError("COSE RSA key missing n/e");
+        }
+        return {
+            jwk: { kty: "RSA", n: bytesToBase64url(n), e: bytesToBase64url(e) },
+            alg,
+        };
+    }
+    throw new CoseError(`unsupported COSE kty ${kty}`);
+}
+/**
+ * Resolve the `importKey`/`verify` parameters for a COSE algorithm, or `null`
+ * when it is outside the accepted set. The set mirrors `@dwk/dpop`: ES256/ES384
+ * (ECDSA), RS256 (RSASSA-PKCS1-v1_5), PS256 (RSA-PSS).
+ */
+export function cryptoParamsForCoseAlg(alg) {
+    switch (alg) {
+        case COSE_ALG_ES256:
+            return {
+                importParams: { name: "ECDSA", namedCurve: "P-256" },
+                verifyParams: { name: "ECDSA", hash: "SHA-256" },
+                ec: true,
+                ecSignatureBytes: 64,
+            };
+        case COSE_ALG_ES384:
+            return {
+                importParams: { name: "ECDSA", namedCurve: "P-384" },
+                verifyParams: { name: "ECDSA", hash: "SHA-384" },
+                ec: true,
+                ecSignatureBytes: 96,
+            };
+        case COSE_ALG_RS256:
+            return {
+                importParams: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+                verifyParams: { name: "RSASSA-PKCS1-v1_5" },
+                ec: false,
+                ecSignatureBytes: 0,
+            };
+        case COSE_ALG_PS256:
+            return {
+                importParams: { name: "RSA-PSS", hash: "SHA-256" },
+                verifyParams: { name: "RSA-PSS", saltLength: 32 },
+                ec: false,
+                ecSignatureBytes: 0,
+            };
+        default:
+            return null;
+    }
+}
+/**
+ * Convert an ASN.1 DER `SEQUENCE { INTEGER r, INTEGER s }` ECDSA signature to
+ * the fixed-length raw `r‖s` form Web Crypto's ECDSA `verify` expects. DER
+ * integers are big-endian, minimally encoded, and may carry a leading `0x00`
+ * sign byte; each is left-padded (or its sign byte trimmed) to `size/2` bytes.
+ *
+ * @param der - the DER-encoded signature
+ * @param size - the raw signature length (64 for P-256, 96 for P-384)
+ * @throws CoseError if the DER structure is malformed
+ */
+export function derToRawEcdsaSignature(der, size) {
+    let offset = 0;
+    const next = () => {
+        if (offset >= der.length)
+            throw new CoseError("malformed DER signature");
+        return der[offset++];
+    };
+    if (next() !== 0x30)
+        throw new CoseError("DER signature not a SEQUENCE");
+    // SEQUENCE length (short form is sufficient for ECDSA signatures).
+    next();
+    const readInteger = () => {
+        if (next() !== 0x02)
+            throw new CoseError("DER signature missing INTEGER");
+        const len = next();
+        const end = offset + len;
+        if (end > der.length)
+            throw new CoseError("malformed DER signature");
+        let value = der.subarray(offset, end);
+        offset = end;
+        // Drop a leading sign byte and any over-long left padding.
+        while (value.length > 1 && value[0] === 0x00)
+            value = value.subarray(1);
+        return value;
+    };
+    const r = readInteger();
+    const s = readInteger();
+    const half = size / 2;
+    if (r.length > half || s.length > half) {
+        throw new CoseError("DER signature integer too large");
+    }
+    const raw = new Uint8Array(size);
+    raw.set(r, half - r.length);
+    raw.set(s, size - s.length);
+    return raw;
+}
+//# sourceMappingURL=cose.js.map

package/dist/cose.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cose.js","sourceRoot":"","sources":["../src/cose.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,mDAAmD;AACnD,MAAM,QAAQ,GAAG,CAAC,CAAC;AACnB,MAAM,QAAQ,GAAG,CAAC,CAAC;AACnB,MAAM,WAAW,GAAG,CAAC,CAAC,CAAC;AACvB,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC;AACrB,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC;AACrB,MAAM,UAAU,GAAG,CAAC,CAAC,CAAC;AACtB,MAAM,UAAU,GAAG,CAAC,CAAC,CAAC;AAEtB,gCAAgC;AAChC,MAAM,OAAO,GAAG,CAAC,CAAC;AAClB,MAAM,OAAO,GAAG,CAAC,CAAC;AAElB,4CAA4C;AAC5C,MAAM,QAAQ,GAAG,CAAC,CAAC;AACnB,MAAM,QAAQ,GAAG,CAAC,CAAC;AACnB,MAAM,QAAQ,GAAG,CAAC,CAAC;AAEnB,oEAAoE;AACpE,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,CAAC;AACjC,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,EAAE,CAAC;AAClC,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,EAAE,CAAC;AAClC,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,GAAG,CAAC;AACnC,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,EAAE,CAAC;AAElC,0EAA0E;AAC1E,MAAM,CAAC,MAAM,uBAAuB,GAAsB;IACxD,cAAc;IACd,cAAc;CACf,CAAC;AAUF,4EAA4E;AAC5E,MAAM,OAAO,SAAU,SAAQ,KAAK;CAAG;AAEvC,SAAS,QAAQ,CAAC,GAA0B,EAAE,KAAa;IACzD,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACzB,OAAO,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1C,CAAC;AAED,SAAS,UAAU,CACjB,GAA0B,EAC1B,KAAa;IAEb,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACzB,OAAO,CAAC,YAAY,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC5C,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,QAAQ;YACX,OAAO,OAAO,CAAC;QACjB,KAAK,QAAQ;YACX,OAAO,OAAO,CAAC;QACjB,KAAK,QAAQ;YACX,OAAO,OAAO,CAAC;QACjB;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,SAAS,CAAC,GAA0B;IAClD,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpC,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,0BAA0B,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACpB,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QACvC,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACrC,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACrC,IAAI,GAAG,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7C,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,KAAK,IAAI;YAAE,MAAM,IAAI,SAAS,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;QACzE,OAAO;YACL,GAAG,EAAE;gBACH,GAAG,EAAE,IAAI;gBACT,GAAG,EAAE,KAAK;gBACV,CAAC,EAAE,gBAAgB,CAAC,CAAC,CAAC;gBACtB,CAAC,EAAE,gBAAgB,CAAC,CAAC,CAAC;aACvB;YACD,GAAG;SACJ,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACpB,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACtC,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7B,MAAM,IAAI,SAAS,CAAC,0BAA0B,CAAC,CAAC;QAClD,CAAC;QACD,OAAO;YACL,GAAG,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAAE;YACnE,GAAG;SACJ,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,SAAS,CAAC,wBAAwB,GAAG,EAAE,CAAC,CAAC;AACrD,CAAC;AAuBD;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAW;IAChD,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,cAAc;YACjB,OAAO;gBACL,YAAY,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE;gBACpD,YAAY,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;gBAChD,EAAE,EAAE,IAAI;gBACR,gBAAgB,EAAE,EAAE;aACrB,CAAC;QACJ,KAAK,cAAc;YACjB,OAAO;gBACL,YAAY,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE;gBACpD,YAAY,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;gBAChD,EAAE,EAAE,IAAI;gBACR,gBAAgB,EAAE,EAAE;aACrB,CAAC;QACJ,KAAK,cAAc;YACjB,OAAO;gBACL,YAAY,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC5D,YAAY,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE;gBAC3C,EAAE,EAAE,KAAK;gBACT,gBAAgB,EAAE,CAAC;aACpB,CAAC;QACJ,KAAK,cAAc;YACjB,OAAO;gBACL,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;gBAClD,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,EAAE;gBACjD,EAAE,EAAE,KAAK;gBACT,gBAAgB,EAAE,CAAC;aACpB,CAAC;QACJ;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,sBAAsB,CACpC,GAAe,EACf,IAAY;IAEZ,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,MAAM,IAAI,GAAG,GAAW,EAAE;QACxB,IAAI,MAAM,IAAI,GAAG,CAAC,MAAM;YAAE,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAC;QACzE,OAAO,GAAG,CAAC,MAAM,EAAE,CAAE,CAAC;IACxB,CAAC,CAAC;IAEF,IAAI,IAAI,EAAE,KAAK,IAAI;QAAE,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAC;IACzE,mEAAmE;IACnE,IAAI,EAAE,CAAC;IAEP,MAAM,WAAW,GAAG,GAAe,EAAE;QACnC,IAAI,IAAI,EAAE,KAAK,IAAI;YAAE,MAAM,IAAI,SAAS,CAAC,+BAA+B,CAAC,CAAC;QAC1E,MAAM,GAAG,GAAG,IAAI,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,MAAM,GAAG,GAAG,CAAC;QACzB,IAAI,GAAG,GAAG,GAAG,CAAC,MAAM;YAAE,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAC;QACrE,IAAI,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,CAAC;QACb,2DAA2D;QAC3D,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI;YAAE,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IAEF,MAAM,CAAC,GAAG,WAAW,EAAE,CAAC;IACxB,MAAM,CAAC,GAAG,WAAW,EAAE,CAAC;IACxB,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC;IACtB,IAAI,CAAC,CAAC,MAAM,GAAG,IAAI,IAAI,CAAC,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CAAC,iCAAiC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;IACjC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAC5B,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAC5B,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/encoding.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Byte / base64url encoding helpers shared across the WebAuthn ceremonies.
+ *
+ * WebAuthn transports binary fields (challenges, credential ids, signatures,
+ * attestation objects) as base64url over JSON, so every ceremony boundary needs
+ * the same encode/decode pair. These are pure and runtime-agnostic — Web APIs
+ * (`atob`/`btoa`/`TextEncoder`) only.
+ */
+/** Decode a base64url (or padded base64) string to raw bytes. */
+export declare function base64urlToBytes(input: string): Uint8Array;
+/** Encode raw bytes as an unpadded base64url string. */
+export declare function bytesToBase64url(bytes: Uint8Array): string;
+/**
+ * Strip any base64 padding and normalize base64 to base64url so two encodings
+ * of the same bytes compare equal. WebAuthn clients emit the challenge in
+ * `clientDataJSON` as unpadded base64url; this lets a comparison tolerate a
+ * padded or `+`/`/`-alphabet copy without a full decode/re-encode round trip.
+ */
+export declare function normalizeBase64url(input: string): string;
+/** Whether two byte arrays are equal (length + contents). Not constant-time. */
+export declare function bytesEqual(a: Uint8Array, b: Uint8Array): boolean;
+/** SHA-256 digest of the input bytes as a fresh `Uint8Array`. */
+export declare function sha256(input: Uint8Array): Promise<Uint8Array>;
+/** UTF-8 encode a string to bytes. */
+export declare function utf8ToBytes(input: string): Uint8Array;
+/** UTF-8 decode bytes to a string. */
+export declare function bytesToUtf8(bytes: Uint8Array): string;
+//# sourceMappingURL=encoding.d.ts.map

package/dist/encoding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.d.ts","sourceRoot":"","sources":["../src/encoding.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,iEAAiE;AACjE,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAU1D;AAED,wDAAwD;AACxD,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAS1D;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAExD;AAED,gFAAgF;AAChF,wBAAgB,UAAU,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,CAMhE;AAED,iEAAiE;AACjE,wBAAsB,MAAM,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAGnE;AAED,sCAAsC;AACtC,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAErD;AAED,sCAAsC;AACtC,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAErD"}

package/dist/encoding.js

@@ -0,0 +1,63 @@
+/**
+ * Byte / base64url encoding helpers shared across the WebAuthn ceremonies.
+ *
+ * WebAuthn transports binary fields (challenges, credential ids, signatures,
+ * attestation objects) as base64url over JSON, so every ceremony boundary needs
+ * the same encode/decode pair. These are pure and runtime-agnostic — Web APIs
+ * (`atob`/`btoa`/`TextEncoder`) only.
+ */
+/** Decode a base64url (or padded base64) string to raw bytes. */
+export function base64urlToBytes(input) {
+    const b64 = input.replace(/-/g, "+").replace(/_/g, "/");
+    const padded = b64.length % 4 === 0 ? b64 : b64 + "=".repeat(4 - (b64.length % 4));
+    const binary = atob(padded);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+/** Encode raw bytes as an unpadded base64url string. */
+export function bytesToBase64url(bytes) {
+    let binary = "";
+    for (const byte of bytes) {
+        binary += String.fromCharCode(byte);
+    }
+    return btoa(binary)
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}
+/**
+ * Strip any base64 padding and normalize base64 to base64url so two encodings
+ * of the same bytes compare equal. WebAuthn clients emit the challenge in
+ * `clientDataJSON` as unpadded base64url; this lets a comparison tolerate a
+ * padded or `+`/`/`-alphabet copy without a full decode/re-encode round trip.
+ */
+export function normalizeBase64url(input) {
+    return input.replace(/-/g, "+").replace(/_/g, "/").replace(/=+$/, "");
+}
+/** Whether two byte arrays are equal (length + contents). Not constant-time. */
+export function bytesEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    for (let i = 0; i < a.length; i++) {
+        if (a[i] !== b[i])
+            return false;
+    }
+    return true;
+}
+/** SHA-256 digest of the input bytes as a fresh `Uint8Array`. */
+export async function sha256(input) {
+    const digest = await crypto.subtle.digest("SHA-256", input);
+    return new Uint8Array(digest);
+}
+/** UTF-8 encode a string to bytes. */
+export function utf8ToBytes(input) {
+    return new TextEncoder().encode(input);
+}
+/** UTF-8 decode bytes to a string. */
+export function bytesToUtf8(bytes) {
+    return new TextDecoder().decode(bytes);
+}
+//# sourceMappingURL=encoding.js.map

package/dist/encoding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.js","sourceRoot":"","sources":["../src/encoding.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,iEAAiE;AACjE,MAAM,UAAU,gBAAgB,CAAC,KAAa;IAC5C,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACxD,MAAM,MAAM,GACV,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,gBAAgB,CAAC,KAAiB;IAChD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC;SAChB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,gFAAgF;AAChF,MAAM,UAAU,UAAU,CAAC,CAAa,EAAE,CAAa;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IAClC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iEAAiE;AACjE,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,KAAiB;IAC5C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,KAAqB,CAAC,CAAC;IAC5E,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,sCAAsC;AACtC,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED,sCAAsC;AACtC,MAAM,UAAU,WAAW,CAAC,KAAiB;IAC3C,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC"}

package/dist/handler.d.ts

@@ -0,0 +1,20 @@
+/**
+ * The stateless WebAuthn relying-party front door.
+ *
+ * It routes the four ceremony steps — `/register/options`, `/register/verify`,
+ * `/authenticate/options`, `/authenticate/verify` — to the per-relying-party
+ * Durable Object, which owns all challenge and credential state. The handler is
+ * mountable under any path prefix because it identifies the step by the *tail*
+ * of the request path, and it injects the trusted clock and forwarded config the
+ * DO needs (the DO cannot hold the injected logger/metrics/clock itself). It
+ * emits each ceremony outcome on the wired logger and metrics seams.
+ */
+import { type WebAuthnConfig, type WebAuthnEnv } from "./config";
+/** A `fetch`-compatible Worker handler. */
+export type WebAuthnHandler = (request: Request, env: WebAuthnEnv, ctx: ExecutionContext) => Promise<Response>;
+/**
+ * Create the stateless WebAuthn relying-party handler. All four ceremony steps
+ * are `POST`; anything else is `405`. Unmatched paths are `404`.
+ */
+export declare function createWebAuthn(config: WebAuthnConfig): WebAuthnHandler;
+//# sourceMappingURL=handler.d.ts.map

package/dist/handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../src/handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,EAKL,KAAK,cAAc,EACnB,KAAK,WAAW,EAEjB,MAAM,UAAU,CAAC;AAElB,2CAA2C;AAC3C,MAAM,MAAM,eAAe,GAAG,CAC5B,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,WAAW,EAChB,GAAG,EAAE,gBAAgB,KAClB,OAAO,CAAC,QAAQ,CAAC,CAAC;AA6EvB;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,eAAe,CAwBtE"}

package/dist/handler.js

@@ -0,0 +1,101 @@
+/**
+ * The stateless WebAuthn relying-party front door.
+ *
+ * It routes the four ceremony steps — `/register/options`, `/register/verify`,
+ * `/authenticate/options`, `/authenticate/verify` — to the per-relying-party
+ * Durable Object, which owns all challenge and credential state. The handler is
+ * mountable under any path prefix because it identifies the step by the *tail*
+ * of the request path, and it injects the trusted clock and forwarded config the
+ * DO needs (the DO cannot hold the injected logger/metrics/clock itself). It
+ * emits each ceremony outcome on the wired logger and metrics seams.
+ */
+import {} from "@dwk/log";
+import { INTERNAL_HEADERS, forwardedConfig, resolveConfig, } from "./config";
+/** Map a request path tail to a ceremony operation, or `null` if unmatched. */
+function operationForPath(pathname) {
+    if (pathname.endsWith("/register/options"))
+        return "register/options";
+    if (pathname.endsWith("/register/verify"))
+        return "register/verify";
+    if (pathname.endsWith("/authenticate/options"))
+        return "authenticate/options";
+    if (pathname.endsWith("/authenticate/verify"))
+        return "authenticate/verify";
+    return null;
+}
+/** Fail loudly if a required Cloudflare binding is missing (no silent degradation). */
+function assertBindings(env) {
+    if (!env.WEBAUTHN) {
+        throw new Error("@dwk/webauthn: missing required Durable Object binding `WEBAUTHN`");
+    }
+}
+/** Emit a structured event on both the logger and the metrics seam. */
+function emit(config, level, event, fields) {
+    config.logger[level](event, fields);
+    config.metrics.count(event, fields);
+}
+/**
+ * Translate the Durable Object's outcome headers into a structured event on the
+ * injected seams, then strip those internal headers before the response reaches
+ * the client. A rejection (any non-2xx) logs at `warn` with its stable reason;
+ * a success logs at `info`.
+ */
+function logOutcome(config, response) {
+    const event = response.headers.get(INTERNAL_HEADERS.event);
+    if (event) {
+        const reason = response.headers.get(INTERNAL_HEADERS.reason);
+        if (response.ok) {
+            emit(config, "info", event);
+        }
+        else {
+            emit(config, "warn", event, reason ? { reason } : undefined);
+        }
+    }
+    const headers = new Headers(response.headers);
+    headers.delete(INTERNAL_HEADERS.event);
+    headers.delete(INTERNAL_HEADERS.reason);
+    return new Response(response.body, {
+        status: response.status,
+        statusText: response.statusText,
+        headers,
+    });
+}
+/** Build the internal DO request: forwarded config, trusted clock, op, body. */
+function internalRequest(request, config, op) {
+    const headers = new Headers({
+        "content-type": "application/json",
+        [INTERNAL_HEADERS.op]: op,
+        [INTERNAL_HEADERS.config]: JSON.stringify(forwardedConfig(config)),
+        [INTERNAL_HEADERS.now]: String(config.now()),
+    });
+    return new Request(request.url, {
+        method: "POST",
+        headers,
+        body: request.body,
+    });
+}
+/**
+ * Create the stateless WebAuthn relying-party handler. All four ceremony steps
+ * are `POST`; anything else is `405`. Unmatched paths are `404`.
+ */
+export function createWebAuthn(config) {
+    const resolved = resolveConfig(config);
+    return async (request, env, _ctx) => {
+        assertBindings(env);
+        const op = operationForPath(new URL(request.url).pathname);
+        if (op === null) {
+            return new Response("Not Found", { status: 404 });
+        }
+        if (request.method.toUpperCase() !== "POST") {
+            return new Response("Method Not Allowed", {
+                status: 405,
+                headers: { allow: "POST" },
+            });
+        }
+        // One Durable Object per relying party, keyed by the rpId (no sharding).
+        const id = env.WEBAUTHN.idFromName(resolved.rpId);
+        const response = await env.WEBAUTHN.get(id).fetch(internalRequest(request, resolved, op));
+        return logOutcome(resolved, response);
+    };
+}
+//# sourceMappingURL=handler.js.map

package/dist/handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.js","sourceRoot":"","sources":["../src/handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAkB,MAAM,UAAU,CAAC;AAE1C,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,aAAa,GAKd,MAAM,UAAU,CAAC;AASlB,+EAA+E;AAC/E,SAAS,gBAAgB,CAAC,QAAgB;IACxC,IAAI,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC;QAAE,OAAO,kBAAkB,CAAC;IACtE,IAAI,QAAQ,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QAAE,OAAO,iBAAiB,CAAC;IACpE,IAAI,QAAQ,CAAC,QAAQ,CAAC,uBAAuB,CAAC;QAAE,OAAO,sBAAsB,CAAC;IAC9E,IAAI,QAAQ,CAAC,QAAQ,CAAC,sBAAsB,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAC5E,OAAO,IAAI,CAAC;AACd,CAAC;AAED,uFAAuF;AACvF,SAAS,cAAc,CAAC,GAAgB;IACtC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,uEAAuE;AACvE,SAAS,IAAI,CACX,MAAsB,EACtB,KAAsB,EACtB,KAAa,EACb,MAAkB;IAElB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACpC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AACtC,CAAC;AAED;;;;;GAKG;AACH,SAAS,UAAU,CAAC,MAAsB,EAAE,QAAkB;IAC5D,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC3D,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAC7D,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC9B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC9C,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACvC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACxC,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;QACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,gFAAgF;AAChF,SAAS,eAAe,CACtB,OAAgB,EAChB,MAAsB,EACtB,EAAqB;IAErB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC;QAC1B,cAAc,EAAE,kBAAkB;QAClC,CAAC,gBAAgB,CAAC,EAAE,CAAC,EAAE,EAAE;QACzB,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAClE,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;KAC7C,CAAC,CAAC;IACH,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE;QAC9B,MAAM,EAAE,MAAM;QACd,OAAO;QACP,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,MAAsB;IACnD,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAEvC,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAClC,cAAc,CAAC,GAAG,CAAC,CAAC;QAEpB,MAAM,EAAE,GAAG,gBAAgB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC3D,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YAChB,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;YAC5C,OAAO,IAAI,QAAQ,CAAC,oBAAoB,EAAE;gBACxC,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE;aAC3B,CAAC,CAAC;QACL,CAAC;QAED,yEAAyE;QACzE,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,KAAK,CAC/C,eAAe,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAC,CACvC,CAAC;QACF,OAAO,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACxC,CAAC,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,29 @@
+/**
+ * `@dwk/webauthn` — a WebAuthn / passkeys relying party.
+ *
+ * A stateless Worker front door over a per-relying-party Durable Object that is
+ * the consistency authority for short-TTL challenge state and credential
+ * records. It runs the four ceremony steps — registration (attestation) and
+ * authentication (assertion) options + verification — entirely on Web Crypto,
+ * with no external dependency beyond `@dwk/log`.
+ *
+ * The package is **not** protocol-agnostic: it is the WebAuthn endpoint. It is
+ * filed for completeness as an **exploratory, lowest-priority** package — a clean
+ * Workers fit, but a step toward generic authentication rather than the
+ * web-presence standards this cohort centers on.
+ *
+ * Attestation is verified for the `none` and `packed` self-attestation formats
+ * (the relying party requests `attestation: "none"`); full attestation-chain
+ * verification is intentionally out of scope.
+ *
+ * @see spec/packages/webauthn.md
+ * @packageDocumentation
+ */
+export { createWebAuthn, type WebAuthnHandler } from "./handler";
+export { WebAuthnObject } from "./rp";
+export { type WebAuthnConfig, type WebAuthnEnv, type UserVerificationRequirement, } from "./config";
+export { DEFAULT_COSE_ALGORITHMS, COSE_ALG_ES256, COSE_ALG_ES384, COSE_ALG_RS256, COSE_ALG_PS256, } from "./cose";
+export { verifyRegistration, verifyAuthentication, parseClientData, parseAuthenticatorData, type RegistrationVerifyInput, type RegistrationVerifyResult, type AuthenticationVerifyInput, type AuthenticationVerifyResult, type VerifiedCredential, type VerifyFailureReason, } from "./verify";
+export { WebAuthnLogEvent } from "./log";
+export type { Logger, Metrics } from "@dwk/log";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,cAAc,EAAE,KAAK,eAAe,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAEtC,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,2BAA2B,GACjC,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,uBAAuB,EACvB,cAAc,EACd,cAAc,EACd,cAAc,EACd,cAAc,GACf,MAAM,QAAQ,CAAC;AAEhB,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,eAAe,EACf,sBAAsB,EACtB,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,GACzB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,gBAAgB,EAAE,MAAM,OAAO,CAAC;AACzC,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC"}

package/dist/index.js

@@ -0,0 +1,28 @@
+/**
+ * `@dwk/webauthn` — a WebAuthn / passkeys relying party.
+ *
+ * A stateless Worker front door over a per-relying-party Durable Object that is
+ * the consistency authority for short-TTL challenge state and credential
+ * records. It runs the four ceremony steps — registration (attestation) and
+ * authentication (assertion) options + verification — entirely on Web Crypto,
+ * with no external dependency beyond `@dwk/log`.
+ *
+ * The package is **not** protocol-agnostic: it is the WebAuthn endpoint. It is
+ * filed for completeness as an **exploratory, lowest-priority** package — a clean
+ * Workers fit, but a step toward generic authentication rather than the
+ * web-presence standards this cohort centers on.
+ *
+ * Attestation is verified for the `none` and `packed` self-attestation formats
+ * (the relying party requests `attestation: "none"`); full attestation-chain
+ * verification is intentionally out of scope.
+ *
+ * @see spec/packages/webauthn.md
+ * @packageDocumentation
+ */
+export { createWebAuthn } from "./handler";
+export { WebAuthnObject } from "./rp";
+export {} from "./config";
+export { DEFAULT_COSE_ALGORITHMS, COSE_ALG_ES256, COSE_ALG_ES384, COSE_ALG_RS256, COSE_ALG_PS256, } from "./cose";
+export { verifyRegistration, verifyAuthentication, parseClientData, parseAuthenticatorData, } from "./verify";
+export { WebAuthnLogEvent } from "./log";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,cAAc,EAAwB,MAAM,WAAW,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAEtC,OAAO,EAIN,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,uBAAuB,EACvB,cAAc,EACd,cAAc,EACd,cAAc,EACd,cAAc,GACf,MAAM,QAAQ,CAAC;AAEhB,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,eAAe,EACf,sBAAsB,GAOvB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,gBAAgB,EAAE,MAAM,OAAO,CAAC"}

package/dist/log.d.ts

@@ -0,0 +1,25 @@
+/**
+ * The structured-logging vocabulary for `@dwk/webauthn`.
+ *
+ * The Durable Object cannot hold the injected logger/metrics (they do not cross
+ * the isolate boundary), so it names its ceremony outcome in a response header
+ * ({@link INTERNAL_HEADERS.event}) and the front door emits it on the wired
+ * seams. Event names are stable and dotted; callers attach only reason codes and
+ * non-sensitive facts — never challenges, signatures, or public keys.
+ */
+/** Stable, dotted event names emitted on the logger and metrics seams. */
+export declare enum WebAuthnLogEvent {
+    /** Registration options issued (a fresh challenge was minted). */
+    RegisterOptions = "webauthn.register.options",
+    /** A registration ceremony verified and a credential was stored. */
+    RegisterVerified = "webauthn.register.verified",
+    /** A registration ceremony was rejected. */
+    RegisterRejected = "webauthn.register.rejected",
+    /** Authentication options issued. */
+    AuthenticateOptions = "webauthn.authenticate.options",
+    /** An authentication ceremony verified. */
+    AuthenticateVerified = "webauthn.authenticate.verified",
+    /** An authentication ceremony was rejected. */
+    AuthenticateRejected = "webauthn.authenticate.rejected"
+}
+//# sourceMappingURL=log.d.ts.map

package/dist/log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.d.ts","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,0EAA0E;AAC1E,oBAAY,gBAAgB;IAC1B,kEAAkE;IAClE,eAAe,8BAA8B;IAC7C,oEAAoE;IACpE,gBAAgB,+BAA+B;IAC/C,4CAA4C;IAC5C,gBAAgB,+BAA+B;IAC/C,qCAAqC;IACrC,mBAAmB,kCAAkC;IACrD,2CAA2C;IAC3C,oBAAoB,mCAAmC;IACvD,+CAA+C;IAC/C,oBAAoB,mCAAmC;CACxD"}

package/dist/log.js

@@ -0,0 +1,26 @@
+/**
+ * The structured-logging vocabulary for `@dwk/webauthn`.
+ *
+ * The Durable Object cannot hold the injected logger/metrics (they do not cross
+ * the isolate boundary), so it names its ceremony outcome in a response header
+ * ({@link INTERNAL_HEADERS.event}) and the front door emits it on the wired
+ * seams. Event names are stable and dotted; callers attach only reason codes and
+ * non-sensitive facts — never challenges, signatures, or public keys.
+ */
+/** Stable, dotted event names emitted on the logger and metrics seams. */
+export var WebAuthnLogEvent;
+(function (WebAuthnLogEvent) {
+    /** Registration options issued (a fresh challenge was minted). */
+    WebAuthnLogEvent["RegisterOptions"] = "webauthn.register.options";
+    /** A registration ceremony verified and a credential was stored. */
+    WebAuthnLogEvent["RegisterVerified"] = "webauthn.register.verified";
+    /** A registration ceremony was rejected. */
+    WebAuthnLogEvent["RegisterRejected"] = "webauthn.register.rejected";
+    /** Authentication options issued. */
+    WebAuthnLogEvent["AuthenticateOptions"] = "webauthn.authenticate.options";
+    /** An authentication ceremony verified. */
+    WebAuthnLogEvent["AuthenticateVerified"] = "webauthn.authenticate.verified";
+    /** An authentication ceremony was rejected. */
+    WebAuthnLogEvent["AuthenticateRejected"] = "webauthn.authenticate.rejected";
+})(WebAuthnLogEvent || (WebAuthnLogEvent = {}));
+//# sourceMappingURL=log.js.map

package/dist/log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.js","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,0EAA0E;AAC1E,MAAM,CAAN,IAAY,gBAaX;AAbD,WAAY,gBAAgB;IAC1B,kEAAkE;IAClE,iEAA6C,CAAA;IAC7C,oEAAoE;IACpE,mEAA+C,CAAA;IAC/C,4CAA4C;IAC5C,mEAA+C,CAAA;IAC/C,qCAAqC;IACrC,yEAAqD,CAAA;IACrD,2CAA2C;IAC3C,2EAAuD,CAAA;IACvD,+CAA+C;IAC/C,2EAAuD,CAAA;AACzD,CAAC,EAbW,gBAAgB,KAAhB,gBAAgB,QAa3B"}

package/dist/rp.d.ts

@@ -0,0 +1,21 @@
+/**
+ * The per-relying-party Durable Object: the single-threaded consistency
+ * authority for WebAuthn challenge state and credential records.
+ *
+ * The stateless front door (`handler.ts`) routes a ceremony step to this object
+ * via the {@link INTERNAL_HEADERS.op} header and the request body; everything
+ * that must be strongly consistent — minting and single-use consumption of
+ * short-TTL challenges, and reading/writing credential records (public key,
+ * signature counter, transports) — happens here, where Cloudflare guarantees a
+ * single thread per relying party. Challenge and credential state are kept in DO
+ * SQLite (never KV: a stale challenge or counter is a security bug). Consumers
+ * bind this class as a Durable Object namespace.
+ */
+import { DurableObject } from "cloudflare:workers";
+import { type WebAuthnEnv } from "./config";
+export declare class WebAuthnObject extends DurableObject<WebAuthnEnv> {
+    #private;
+    constructor(state: DurableObjectState, env: WebAuthnEnv);
+    fetch(request: Request): Promise<Response>;
+}
+//# sourceMappingURL=rp.d.ts.map

package/dist/rp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rp.d.ts","sourceRoot":"","sources":["../src/rp.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAGL,KAAK,WAAW,EACjB,MAAM,UAAU,CAAC;AAgClB,qBAAa,cAAe,SAAQ,aAAa,CAAC,WAAW,CAAC;;gBAGhD,KAAK,EAAE,kBAAkB,EAAE,GAAG,EAAE,WAAW;IA0BxC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;CAwU1D"}