npm - @enbox/agent - Versions diffs - 0.0.1 - Mend

@enbox/agent 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (348) hide show

package/dist/browser.js +2215 -0
package/dist/browser.js.map +7 -0
package/dist/browser.mjs +2215 -0
package/dist/browser.mjs.map +7 -0
package/dist/cjs/index.js +8530 -0
package/dist/cjs/index.js.map +7 -0
package/dist/cjs/package.json +1 -0
package/dist/esm/agent-did-resolver-cache.js +87 -0
package/dist/esm/agent-did-resolver-cache.js.map +1 -0
package/dist/esm/bearer-identity.js +41 -0
package/dist/esm/bearer-identity.js.map +1 -0
package/dist/esm/connect.js +191 -0
package/dist/esm/connect.js.map +1 -0
package/dist/esm/crypto-api.js +346 -0
package/dist/esm/crypto-api.js.map +1 -0
package/dist/esm/did-api.js +278 -0
package/dist/esm/did-api.js.map +1 -0
package/dist/esm/dwn-api.js +336 -0
package/dist/esm/dwn-api.js.map +1 -0
package/dist/esm/dwn-registrar.js +120 -0
package/dist/esm/dwn-registrar.js.map +1 -0
package/dist/esm/hd-identity-vault.js +729 -0
package/dist/esm/hd-identity-vault.js.map +1 -0
package/dist/esm/identity-api.js +262 -0
package/dist/esm/identity-api.js.map +1 -0
package/dist/esm/index.js +23 -0
package/dist/esm/index.js.map +1 -0
package/dist/esm/local-key-manager.js +498 -0
package/dist/esm/local-key-manager.js.map +1 -0
package/dist/esm/oidc.js +507 -0
package/dist/esm/oidc.js.map +1 -0
package/dist/esm/permissions-api.js +322 -0
package/dist/esm/permissions-api.js.map +1 -0
package/dist/esm/prototyping/clients/dwn-rpc-types.js +2 -0
package/dist/esm/prototyping/clients/dwn-rpc-types.js.map +1 -0
package/dist/esm/prototyping/clients/dwn-server-info-cache-memory.js +74 -0
package/dist/esm/prototyping/clients/dwn-server-info-cache-memory.js.map +1 -0
package/dist/esm/prototyping/clients/http-dwn-rpc-client.js +105 -0
package/dist/esm/prototyping/clients/http-dwn-rpc-client.js.map +1 -0
package/dist/esm/prototyping/clients/json-rpc-socket.js +150 -0
package/dist/esm/prototyping/clients/json-rpc-socket.js.map +1 -0
package/dist/esm/prototyping/clients/json-rpc.js +58 -0
package/dist/esm/prototyping/clients/json-rpc.js.map +1 -0
package/dist/esm/prototyping/clients/server-info-types.js +2 -0
package/dist/esm/prototyping/clients/server-info-types.js.map +1 -0
package/dist/esm/prototyping/clients/web-socket-clients.js +90 -0
package/dist/esm/prototyping/clients/web-socket-clients.js.map +1 -0
package/dist/esm/prototyping/common/object.js +14 -0
package/dist/esm/prototyping/common/object.js.map +1 -0
package/dist/esm/prototyping/common/type-utils.js +2 -0
package/dist/esm/prototyping/common/type-utils.js.map +1 -0
package/dist/esm/prototyping/crypto/algorithms/aes-gcm.js +147 -0
package/dist/esm/prototyping/crypto/algorithms/aes-gcm.js.map +1 -0
package/dist/esm/prototyping/crypto/algorithms/aes-kw.js +137 -0
package/dist/esm/prototyping/crypto/algorithms/aes-kw.js.map +1 -0
package/dist/esm/prototyping/crypto/algorithms/ecdsa.js +307 -0
package/dist/esm/prototyping/crypto/algorithms/ecdsa.js.map +1 -0
package/dist/esm/prototyping/crypto/algorithms/eddsa.js +264 -0
package/dist/esm/prototyping/crypto/algorithms/eddsa.js.map +1 -0
package/dist/esm/prototyping/crypto/algorithms/hkdf.js +39 -0
package/dist/esm/prototyping/crypto/algorithms/hkdf.js.map +1 -0
package/dist/esm/prototyping/crypto/algorithms/pbkdf2.js +41 -0
package/dist/esm/prototyping/crypto/algorithms/pbkdf2.js.map +1 -0
package/dist/esm/prototyping/crypto/crypto-error.js +41 -0
package/dist/esm/prototyping/crypto/crypto-error.js.map +1 -0
package/dist/esm/prototyping/crypto/dsa.js +236 -0
package/dist/esm/prototyping/crypto/dsa.js.map +1 -0
package/dist/esm/prototyping/crypto/jose/jwe-compact.js +130 -0
package/dist/esm/prototyping/crypto/jose/jwe-compact.js.map +1 -0
package/dist/esm/prototyping/crypto/jose/jwe-flattened.js +294 -0
package/dist/esm/prototyping/crypto/jose/jwe-flattened.js.map +1 -0
package/dist/esm/prototyping/crypto/jose/jwe.js +308 -0
package/dist/esm/prototyping/crypto/jose/jwe.js.map +1 -0
package/dist/esm/prototyping/crypto/primitives/aes-gcm.js +352 -0
package/dist/esm/prototyping/crypto/primitives/aes-gcm.js.map +1 -0
package/dist/esm/prototyping/crypto/primitives/aes-kw.js +247 -0
package/dist/esm/prototyping/crypto/primitives/aes-kw.js.map +1 -0
package/dist/esm/prototyping/crypto/primitives/hkdf.js +80 -0
package/dist/esm/prototyping/crypto/primitives/hkdf.js.map +1 -0
package/dist/esm/prototyping/crypto/primitives/pbkdf2.js +85 -0
package/dist/esm/prototyping/crypto/primitives/pbkdf2.js.map +1 -0
package/dist/esm/prototyping/crypto/types/cipher.js +2 -0
package/dist/esm/prototyping/crypto/types/cipher.js.map +1 -0
package/dist/esm/prototyping/crypto/types/crypto-api.js +2 -0
package/dist/esm/prototyping/crypto/types/crypto-api.js.map +1 -0
package/dist/esm/prototyping/crypto/types/key-converter.js +2 -0
package/dist/esm/prototyping/crypto/types/key-converter.js.map +1 -0
package/dist/esm/prototyping/crypto/types/key-deriver.js +2 -0
package/dist/esm/prototyping/crypto/types/key-deriver.js.map +1 -0
package/dist/esm/prototyping/crypto/types/key-io.js +2 -0
package/dist/esm/prototyping/crypto/types/key-io.js.map +1 -0
package/dist/esm/prototyping/crypto/types/key-manager.js +2 -0
package/dist/esm/prototyping/crypto/types/key-manager.js.map +1 -0
package/dist/esm/prototyping/crypto/types/key-wrapper.js +2 -0
package/dist/esm/prototyping/crypto/types/key-wrapper.js.map +1 -0
package/dist/esm/prototyping/crypto/types/params-direct.js +2 -0
package/dist/esm/prototyping/crypto/types/params-direct.js.map +1 -0
package/dist/esm/prototyping/crypto/types/params-kms.js +2 -0
package/dist/esm/prototyping/crypto/types/params-kms.js.map +1 -0
package/dist/esm/prototyping/crypto/utils.js +19 -0
package/dist/esm/prototyping/crypto/utils.js.map +1 -0
package/dist/esm/prototyping/dids/resolver-cache-memory.js +77 -0
package/dist/esm/prototyping/dids/resolver-cache-memory.js.map +1 -0
package/dist/esm/prototyping/dids/utils.js +9 -0
package/dist/esm/prototyping/dids/utils.js.map +1 -0
package/dist/esm/rpc-client.js +123 -0
package/dist/esm/rpc-client.js.map +1 -0
package/dist/esm/store-data-protocols.js +38 -0
package/dist/esm/store-data-protocols.js.map +1 -0
package/dist/esm/store-data.js +320 -0
package/dist/esm/store-data.js.map +1 -0
package/dist/esm/store-did.js +136 -0
package/dist/esm/store-did.js.map +1 -0
package/dist/esm/store-identity.js +140 -0
package/dist/esm/store-identity.js.map +1 -0
package/dist/esm/store-key.js +136 -0
package/dist/esm/store-key.js.map +1 -0
package/dist/esm/sync-api.js +61 -0
package/dist/esm/sync-api.js.map +1 -0
package/dist/esm/sync-engine-level.js +618 -0
package/dist/esm/sync-engine-level.js.map +1 -0
package/dist/esm/test-harness.js +239 -0
package/dist/esm/test-harness.js.map +1 -0
package/dist/esm/types/agent.js +2 -0
package/dist/esm/types/agent.js.map +1 -0
package/dist/esm/types/dwn.js +31 -0
package/dist/esm/types/dwn.js.map +1 -0
package/dist/esm/types/identity-vault.js +2 -0
package/dist/esm/types/identity-vault.js.map +1 -0
package/dist/esm/types/identity.js +2 -0
package/dist/esm/types/identity.js.map +1 -0
package/dist/esm/types/key-manager.js +2 -0
package/dist/esm/types/key-manager.js.map +1 -0
package/dist/esm/types/permissions.js +2 -0
package/dist/esm/types/permissions.js.map +1 -0
package/dist/esm/types/sync.js +2 -0
package/dist/esm/types/sync.js.map +1 -0
package/dist/esm/types/vc.js +5 -0
package/dist/esm/types/vc.js.map +1 -0
package/dist/esm/utils-internal.js +147 -0
package/dist/esm/utils-internal.js.map +1 -0
package/dist/esm/utils.js +161 -0
package/dist/esm/utils.js.map +1 -0
package/dist/types/agent-did-resolver-cache.d.ts +30 -0
package/dist/types/agent-did-resolver-cache.d.ts.map +1 -0
package/dist/types/bearer-identity.d.ts +31 -0
package/dist/types/bearer-identity.d.ts.map +1 -0
package/dist/types/connect.d.ts +88 -0
package/dist/types/connect.d.ts.map +1 -0
package/dist/types/crypto-api.d.ts +286 -0
package/dist/types/crypto-api.d.ts.map +1 -0
package/dist/types/did-api.d.ts +119 -0
package/dist/types/did-api.d.ts.map +1 -0
package/dist/types/dwn-api.d.ts +66 -0
package/dist/types/dwn-api.d.ts.map +1 -0
package/dist/types/dwn-registrar.d.ts +29 -0
package/dist/types/dwn-registrar.d.ts.map +1 -0
package/dist/types/hd-identity-vault.d.ts +306 -0
package/dist/types/hd-identity-vault.d.ts.map +1 -0
package/dist/types/identity-api.d.ts +107 -0
package/dist/types/identity-api.d.ts.map +1 -0
package/dist/types/index.d.ts +30 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/local-key-manager.d.ts +311 -0
package/dist/types/local-key-manager.d.ts.map +1 -0
package/dist/types/oidc.d.ts +247 -0
package/dist/types/oidc.d.ts.map +1 -0
package/dist/types/permissions-api.d.ts +35 -0
package/dist/types/permissions-api.d.ts.map +1 -0
package/dist/types/prototyping/clients/dwn-rpc-types.d.ts +45 -0
package/dist/types/prototyping/clients/dwn-rpc-types.d.ts.map +1 -0
package/dist/types/prototyping/clients/dwn-server-info-cache-memory.d.ts +57 -0
package/dist/types/prototyping/clients/dwn-server-info-cache-memory.d.ts.map +1 -0
package/dist/types/prototyping/clients/http-dwn-rpc-client.d.ts +13 -0
package/dist/types/prototyping/clients/http-dwn-rpc-client.d.ts.map +1 -0
package/dist/types/prototyping/clients/json-rpc-socket.d.ts +43 -0
package/dist/types/prototyping/clients/json-rpc-socket.d.ts.map +1 -0
package/dist/types/prototyping/clients/json-rpc.d.ts +49 -0
package/dist/types/prototyping/clients/json-rpc.d.ts.map +1 -0
package/dist/types/prototyping/clients/server-info-types.d.ts +20 -0
package/dist/types/prototyping/clients/server-info-types.d.ts.map +1 -0
package/dist/types/prototyping/clients/web-socket-clients.d.ts +10 -0
package/dist/types/prototyping/clients/web-socket-clients.d.ts.map +1 -0
package/dist/types/prototyping/common/object.d.ts +2 -0
package/dist/types/prototyping/common/object.d.ts.map +1 -0
package/dist/types/prototyping/common/type-utils.d.ts +7 -0
package/dist/types/prototyping/common/type-utils.d.ts.map +1 -0
package/dist/types/prototyping/crypto/algorithms/aes-gcm.d.ts +151 -0
package/dist/types/prototyping/crypto/algorithms/aes-gcm.d.ts.map +1 -0
package/dist/types/prototyping/crypto/algorithms/aes-kw.d.ts +109 -0
package/dist/types/prototyping/crypto/algorithms/aes-kw.d.ts.map +1 -0
package/dist/types/prototyping/crypto/algorithms/ecdsa.d.ts +160 -0
package/dist/types/prototyping/crypto/algorithms/ecdsa.d.ts.map +1 -0
package/dist/types/prototyping/crypto/algorithms/eddsa.d.ts +157 -0
package/dist/types/prototyping/crypto/algorithms/eddsa.d.ts.map +1 -0
package/dist/types/prototyping/crypto/algorithms/hkdf.d.ts +21 -0
package/dist/types/prototyping/crypto/algorithms/hkdf.d.ts.map +1 -0
package/dist/types/prototyping/crypto/algorithms/pbkdf2.d.ts +21 -0
package/dist/types/prototyping/crypto/algorithms/pbkdf2.d.ts.map +1 -0
package/dist/types/prototyping/crypto/crypto-error.d.ts +29 -0
package/dist/types/prototyping/crypto/crypto-error.d.ts.map +1 -0
package/dist/types/prototyping/crypto/dsa.d.ts +169 -0
package/dist/types/prototyping/crypto/dsa.d.ts.map +1 -0
package/dist/types/prototyping/crypto/jose/jwe-compact.d.ts +135 -0
package/dist/types/prototyping/crypto/jose/jwe-compact.d.ts.map +1 -0
package/dist/types/prototyping/crypto/jose/jwe-flattened.d.ts +134 -0
package/dist/types/prototyping/crypto/jose/jwe-flattened.d.ts.map +1 -0
package/dist/types/prototyping/crypto/jose/jwe.d.ts +378 -0
package/dist/types/prototyping/crypto/jose/jwe.d.ts.map +1 -0
package/dist/types/prototyping/crypto/primitives/aes-gcm.d.ts +245 -0
package/dist/types/prototyping/crypto/primitives/aes-gcm.d.ts.map +1 -0
package/dist/types/prototyping/crypto/primitives/aes-kw.d.ts +103 -0
package/dist/types/prototyping/crypto/primitives/aes-kw.d.ts.map +1 -0
package/dist/types/prototyping/crypto/primitives/hkdf.d.ts +90 -0
package/dist/types/prototyping/crypto/primitives/hkdf.d.ts.map +1 -0
package/dist/types/prototyping/crypto/primitives/pbkdf2.d.ts +84 -0
package/dist/types/prototyping/crypto/primitives/pbkdf2.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/cipher.d.ts +14 -0
package/dist/types/prototyping/crypto/types/cipher.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/crypto-api.d.ts +35 -0
package/dist/types/prototyping/crypto/types/crypto-api.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/key-converter.d.ts +49 -0
package/dist/types/prototyping/crypto/types/key-converter.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/key-deriver.d.ts +50 -0
package/dist/types/prototyping/crypto/types/key-deriver.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/key-io.d.ts +49 -0
package/dist/types/prototyping/crypto/types/key-io.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/key-manager.d.ts +69 -0
package/dist/types/prototyping/crypto/types/key-manager.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/key-wrapper.d.ts +14 -0
package/dist/types/prototyping/crypto/types/key-wrapper.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/params-direct.d.ts +75 -0
package/dist/types/prototyping/crypto/types/params-direct.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/params-kms.d.ts +63 -0
package/dist/types/prototyping/crypto/types/params-kms.d.ts.map +1 -0
package/dist/types/prototyping/crypto/utils.d.ts +7 -0
package/dist/types/prototyping/crypto/utils.d.ts.map +1 -0
package/dist/types/prototyping/dids/resolver-cache-memory.d.ts +57 -0
package/dist/types/prototyping/dids/resolver-cache-memory.d.ts.map +1 -0
package/dist/types/prototyping/dids/utils.d.ts +3 -0
package/dist/types/prototyping/dids/utils.d.ts.map +1 -0
package/dist/types/rpc-client.d.ts +51 -0
package/dist/types/rpc-client.d.ts.map +1 -0
package/dist/types/store-data-protocols.d.ts +4 -0
package/dist/types/store-data-protocols.d.ts.map +1 -0
package/dist/types/store-data.d.ts +95 -0
package/dist/types/store-data.d.ts.map +1 -0
package/dist/types/store-did.d.ts +33 -0
package/dist/types/store-did.d.ts.map +1 -0
package/dist/types/store-identity.d.ts +34 -0
package/dist/types/store-identity.d.ts.map +1 -0
package/dist/types/store-key.d.ts +32 -0
package/dist/types/store-key.d.ts.map +1 -0
package/dist/types/sync-api.d.ts +41 -0
package/dist/types/sync-api.d.ts.map +1 -0
package/dist/types/sync-engine-level.d.ts +85 -0
package/dist/types/sync-engine-level.d.ts.map +1 -0
package/dist/types/test-harness.d.ts +69 -0
package/dist/types/test-harness.d.ts.map +1 -0
package/dist/types/types/agent.d.ts +172 -0
package/dist/types/types/agent.d.ts.map +1 -0
package/dist/types/types/dwn.d.ts +178 -0
package/dist/types/types/dwn.d.ts.map +1 -0
package/dist/types/types/identity-vault.d.ts +129 -0
package/dist/types/types/identity-vault.d.ts.map +1 -0
package/dist/types/types/identity.d.ts +16 -0
package/dist/types/types/identity.d.ts.map +1 -0
package/dist/types/types/key-manager.d.ts +9 -0
package/dist/types/types/key-manager.d.ts.map +1 -0
package/dist/types/types/permissions.d.ts +98 -0
package/dist/types/types/permissions.d.ts.map +1 -0
package/dist/types/types/sync.d.ts +66 -0
package/dist/types/types/sync.d.ts.map +1 -0
package/dist/types/types/vc.d.ts +7 -0
package/dist/types/types/vc.d.ts.map +1 -0
package/dist/types/utils-internal.d.ts +50 -0
package/dist/types/utils-internal.d.ts.map +1 -0
package/dist/types/utils.d.ts +37 -0
package/dist/types/utils.d.ts.map +1 -0
package/package.json +112 -0
package/src/agent-did-resolver-cache.ts +95 -0
package/src/bearer-identity.ts +42 -0
package/src/connect.ts +296 -0
package/src/crypto-api.ts +593 -0
package/src/did-api.ts +429 -0
package/src/dwn-api.ts +462 -0
package/src/dwn-registrar.ts +127 -0
package/src/hd-identity-vault.ts +853 -0
package/src/identity-api.ts +324 -0
package/src/index.ts +30 -0
package/src/local-key-manager.ts +672 -0
package/src/oidc.ts +857 -0
package/src/permissions-api.ts +408 -0
package/src/prototyping/clients/dwn-rpc-types.ts +55 -0
package/src/prototyping/clients/dwn-server-info-cache-memory.ts +79 -0
package/src/prototyping/clients/http-dwn-rpc-client.ts +110 -0
package/src/prototyping/clients/json-rpc-socket.ts +169 -0
package/src/prototyping/clients/json-rpc.ts +113 -0
package/src/prototyping/clients/server-info-types.ts +21 -0
package/src/prototyping/clients/web-socket-clients.ts +100 -0
package/src/prototyping/common/object.ts +15 -0
package/src/prototyping/common/type-utils.ts +6 -0
package/src/prototyping/crypto/algorithms/aes-gcm.ts +211 -0
package/src/prototyping/crypto/algorithms/aes-kw.ts +164 -0
package/src/prototyping/crypto/algorithms/ecdsa.ts +365 -0
package/src/prototyping/crypto/algorithms/eddsa.ts +310 -0
package/src/prototyping/crypto/algorithms/hkdf.ts +40 -0
package/src/prototyping/crypto/algorithms/pbkdf2.ts +44 -0
package/src/prototyping/crypto/crypto-error.ts +45 -0
package/src/prototyping/crypto/dsa.ts +367 -0
package/src/prototyping/crypto/jose/jwe-compact.ts +225 -0
package/src/prototyping/crypto/jose/jwe-flattened.ts +459 -0
package/src/prototyping/crypto/jose/jwe.ts +653 -0
package/src/prototyping/crypto/primitives/aes-gcm.ts +374 -0
package/src/prototyping/crypto/primitives/aes-kw.ts +271 -0
package/src/prototyping/crypto/primitives/hkdf.ts +121 -0
package/src/prototyping/crypto/primitives/pbkdf2.ts +116 -0
package/src/prototyping/crypto/types/cipher.ts +17 -0
package/src/prototyping/crypto/types/crypto-api.ts +78 -0
package/src/prototyping/crypto/types/key-converter.ts +53 -0
package/src/prototyping/crypto/types/key-deriver.ts +56 -0
package/src/prototyping/crypto/types/key-io.ts +51 -0
package/src/prototyping/crypto/types/key-manager.ts +83 -0
package/src/prototyping/crypto/types/key-wrapper.ts +17 -0
package/src/prototyping/crypto/types/params-direct.ts +95 -0
package/src/prototyping/crypto/types/params-kms.ts +76 -0
package/src/prototyping/crypto/utils.ts +41 -0
package/src/prototyping/dids/resolver-cache-memory.ts +83 -0
package/src/prototyping/dids/utils.ts +10 -0
package/src/rpc-client.ts +162 -0
package/src/store-data-protocols.ts +40 -0
package/src/store-data.ts +400 -0
package/src/store-did.ts +105 -0
package/src/store-identity.ts +109 -0
package/src/store-key.ts +104 -0
package/src/sync-api.ts +71 -0
package/src/sync-engine-level.ts +714 -0
package/src/test-harness.ts +330 -0
package/src/types/agent.ts +195 -0
package/src/types/dwn.ts +278 -0
package/src/types/identity-vault.ts +137 -0
package/src/types/identity.ts +18 -0
package/src/types/key-manager.ts +15 -0
package/src/types/permissions.ts +115 -0
package/src/types/sync.ts +58 -0
package/src/types/vc.ts +7 -0
package/src/utils-internal.ts +157 -0
package/src/utils.ts +181 -0

package/src/prototyping/crypto/jose/jwe-flattened.ts ADDED Viewed

@@ -0,0 +1,459 @@
+import type { Jwk, KeyIdentifier } from '@enbox/crypto';
+import { Convert } from '@enbox/common';
+import { LocalKeyManager, CryptoUtils } from '@enbox/crypto';
+import type { CryptoApi } from '../types/crypto-api.js';
+import type { KeyManager } from '../types/key-manager.js';
+import type { JweDecryptOptions, JweEncryptOptions, JweHeaderParams } from './jwe.js';
+import { isCipher } from '../utils.js';
+import { AgentCryptoApi } from '../../../crypto-api.js';
+import { JweKeyManagement, isValidJweHeader } from './jwe.js';
+import { hasDuplicateProperties } from '../../common/object.js';
+import { CryptoError, CryptoErrorCode } from '../crypto-error.js';
+/**
+ * Parameters required for decrypting a flattened JWE.
+ *
+ * @typeParam TKeyManager - The Key Manager used to manage cryptographic keys.
+ * @typeParam TCrypto - The Crypto API used to perform cryptographic operations.
+ */
+export interface FlattenedJweDecryptParams<TKeyManager, TCrypto> {
+  /** The flattened JWE. */
+  jwe: FlattenedJweParams | FlattenedJwe;
+  /**
+   * The decryption key which can be a Key Identifier such as a KMS key URI, a JSON Web Key (JWK),
+   * or raw key material represented as a byte array.
+   */
+  key: KeyIdentifier | Jwk | Uint8Array;
+  /** Key Manager instanceß responsible for managing cryptographic keys. */
+  keyManager?: TKeyManager;
+  /** Crypto API instance that provides the necessary cryptographic operations. */
+  crypto?: TCrypto;
+  /** {@inheritDoc JweDecryptOptions} */
+  options?: JweDecryptOptions;
+}
+/**
+ * Result of decrypting a flattened JWE, containing the plaintext and related information.
+ */
+export interface FlattenedJweDecryptResult {
+  /** JWE Additional Authenticated Data (AAD). */
+  additionalAuthenticatedData?: Uint8Array;
+  /** Plaintext. */
+  plaintext: Uint8Array;
+  /** JWE Protected Header. */
+  protectedHeader?: Partial<JweHeaderParams>;
+  /** JWE Shared Unprotected Header. */
+  sharedUnprotectedHeader?: Partial<JweHeaderParams>;
+  /** JWE Per-Recipient Unprotected Header. */
+  unprotectedHeader?: Partial<JweHeaderParams>;
+}
+/**
+ * Parameters for encrypting data into a flattened JWE format.
+ *
+ * @typeParam TKeyManager - The Key Manager used to manage cryptographic keys.
+ * @typeParam TCrypto - The Crypto API used to perform cryptographic operations.
+ */
+export interface FlattenedJweEncryptParams<TKeyManager, TCrypto> extends FlattenedJweDecryptResult {
+  /**
+   * The encryption key which can be a Key Identifier such as a KMS key URI, a JSON Web Key (JWK),
+   * or raw key material represented as a byte array.
+   */
+  key: KeyIdentifier | Jwk | Uint8Array;
+  /** Key Manager instanceß responsible for managing cryptographic keys. */
+  keyManager?: TKeyManager;
+  /** Crypto API instance that provides the necessary cryptographic operations. */
+  crypto?: TCrypto;
+  /** {@inheritDoc JweEncryptOptions} */
+  options?: JweEncryptOptions;
+}
+/**
+ * Represents the parameters for a flattened JWE object, typically used in single-recipient
+ * scenarios.
+ */
+export interface FlattenedJweParams {
+  /** Base64URL encoded additional authenticated data. */
+  aad?: string;
+  /** Base64URL encoded ciphertext. */
+  ciphertext: string;
+  /** Base64URL encoded encrypted key. */
+  encrypted_key?: string;
+  /** Per-Recipient Unprotected Header parameters. */
+  header?: Partial<JweHeaderParams>;
+  /** Base64URL encoded initialization vector. */
+  iv?: string;
+  /** Base64URL encoded string of the Protected Header. */
+  protected?: string;
+  /** Base64URL encoded authentication tag. */
+  tag?: string;
+  /** Shared Unprotected Header parameters. */
+  unprotected?: Partial<JweHeaderParams>;
+}
+/**
+ * A helper utility function used internally to decode a JWE header parameter from a Base64 URL
+ * encoded string to a Uint8Array. It's designed to process individual JWE header parameter values,
+ * ensuring they are correctly formatted and decoded.
+ *
+ * @param param - The name of the JWE header parameter being decoded; used for error messaging.
+ * @param value - The Base64 URL encoded string value of the header parameter to decode.
+ * @returns The decoded parameter as a Uint8Array, or undefined if the input value is undefined.
+ * @throws {@link CryptoError} if the value is not a properly encoded Base64 URL string or if it's
+ *         not a string.
+ */
+function decodeHeaderParam(param: string, value?: string): Uint8Array | undefined {
+  // If the parameter value is not present, return undefined.
+  if (value === undefined) return undefined;
+  try {
+    if (typeof value !== 'string') throw new Error();
+    return Convert.base64Url(value).toUint8Array();
+  } catch {
+    throw new CryptoError(CryptoErrorCode.InvalidJwe,
+      `Failed to decode the JWE Header parameter '${param}' from Base64 URL format to ` +
+      'Uint8Array. Ensure the value is properly encoded in Base64 URL format without padding.'
+    );
+  }
+}
+/**
+ * The `FlattenedJwe` class handles the encryption and decryption of JSON Web Encryption (JWE)
+ * objects in the flattened serialization format. This format is a compact, URL-safe means of
+ * representing encrypted content, typically used when dealing with a single recipient or when
+ * bandwidth efficiency is important.
+ *
+ * This class provides methods to encrypt plaintext to a flattened JWE and decrypt a flattened JWE
+ * back to plaintext, utilizing a variety of supported cryptographic algorithms as specified in the
+ * JWE header parameters.
+ *
+ * @example
+ * ```ts
+ *  // Example usage of encrypt method
+ * const plaintext = new TextEncoder().encode("Secret Message");
+ * const key = { kty: "oct", k: "your-secret-key" }; // Example symmetric key
+ * const protectedHeader = { alg: "dir", enc: "A256GCM" };
+ * const encryptedJwe = await FlattenedJwe.encrypt({
+ *   plaintext,
+ *   protectedHeader,
+ *   key,
+ * });
+ * ```
+ *
+ * @example
+ * // Decryption example
+ * const { plaintext, protectedHeader } = await FlattenedJwe.decrypt({
+ *   jwe: yourFlattenedJweObject,
+ *   key: yourDecryptionKey,
+ *   crypto: new YourCryptoApi(),
+ * });
+ */
+export class FlattenedJwe {
+  /** Base64URL encoded additional authenticated data. */
+  public aad?: string;
+  /** Base64URL encoded ciphertext. */
+  public ciphertext: string = '';
+  /** Base64URL encoded encrypted key. */
+  public encrypted_key?: string;
+  /** Per-Recipient Unprotected Header parameters. */
+  public header?: Partial<JweHeaderParams>;
+  /** Base64URL encoded initialization vector. */
+  public iv?: string;
+  /** Base64URL encoded string of the Protected Header. */
+  public protected?: string;
+  /** Base64URL encoded authentication tag. */
+  public tag?: string;
+  /** Shared Unprotected Header parameters. */
+  public unprotected?: Partial<JweHeaderParams>;
+  constructor(params: FlattenedJweParams) {
+    Object.assign(this, params);
+  }
+  public static async decrypt<
+    TKeyManager extends KeyManager | undefined = KeyManager,
+    TCrypto extends CryptoApi | undefined = CryptoApi
+  >({
+    jwe,
+    key,
+    keyManager = new LocalKeyManager(),
+    crypto = new AgentCryptoApi(),
+    options = {}
+  }: FlattenedJweDecryptParams<TKeyManager, TCrypto>): Promise<FlattenedJweDecryptResult> {
+    // Verify that the provided Crypto API supports the decrypt operation before proceeding.
+    if (!isCipher(crypto)) {
+      throw new CryptoError(CryptoErrorCode.OperationNotSupported, 'Crypto API does not support the "encrypt" operation.');
+    }
+    // Verify that the provided Key Manager supports the decrypt operation before proceeding.
+    if (!isCipher(keyManager)) {
+      throw new CryptoError(CryptoErrorCode.OperationNotSupported, 'Key Manager does not support the "decrypt" operation.');
+    }
+    // Verify that at least one of the JOSE header objects is present.
+    if (!jwe.protected && !jwe.header && !jwe.unprotected) {
+      throw new CryptoError(CryptoErrorCode.InvalidJwe,
+        'JWE is missing the required JOSE header parameters. ' +
+        'Please provide at least one of the following: "protected", "header", or "unprotected"'
+      );
+    }
+    // Verify that the JWE Ciphertext is present.
+    if (typeof jwe.ciphertext !== 'string') {
+      throw new CryptoError(CryptoErrorCode.InvalidJwe, 'JWE Ciphertext is missing or not a string.');
+    }
+    // Parse the JWE Protected Header, if present.
+    let parsedProtectedHeader: Partial<JweHeaderParams> | undefined;
+    if (jwe.protected) {
+      try {
+        parsedProtectedHeader = Convert.base64Url(jwe.protected).toObject();
+      } catch {
+        throw new Error('JWE Protected Header is invalid');
+      }
+    }
+    // Per {@link https://www.rfc-editor.org/rfc/rfc7516#section-5.2 | RFC7516 Section 5.2}
+    // the resulting JOSE Header MUST NOT contain duplicate Header Parameter names. In other words,
+    // the same Header Parameter name MUST NOT occur in the `header`, `protected`, and
+    // `unprotected` JSON object values that together comprise the JOSE Header.
+    if (hasDuplicateProperties(parsedProtectedHeader, jwe.header, jwe.unprotected)){
+      throw new Error(
+        'Duplicate properties detected. Please ensure that each parameter is defined only once ' +
+        'across the JWE "header", "protected", and "unprotected" objects.'
+      );
+    }
+    // The JOSE Header is the union of the members of the JWE Protected Header (`protected`), the
+    // JWE Shared Unprotected Header (`unprotected`), and the corresponding JWE Per-Recipient
+    // Unprotected Header (`header`).
+    const joseHeader = { ...parsedProtectedHeader, ...jwe.header, ...jwe.unprotected };
+    if (!isValidJweHeader(joseHeader)) {
+      throw new Error('JWE Header is missing required "alg" (Algorithm) and/or "enc" (Encryption) Header Parameters');
+    }
+    if (Array.isArray(options.allowedAlgValues)
+        && !options.allowedAlgValues.includes(joseHeader.alg)) {
+      throw new Error(`"alg" (Algorithm) Header Parameter value not allowed: ${joseHeader.alg}`);
+    }
+    if (Array.isArray(options.allowedEncValues)
+        && !options.allowedEncValues.includes(joseHeader.enc)) {
+      throw new Error(`"enc" (Encryption Algorithm) Header Parameter value not allowed: ${joseHeader.enc}`);
+    }
+    let cek: KeyIdentifier | Jwk;
+    try {
+      const encryptedKey = jwe.encrypted_key
+        ? Convert.base64Url(jwe.encrypted_key).toUint8Array()
+        : undefined;
+      cek = await JweKeyManagement.decrypt({ key, encryptedKey, joseHeader, keyManager, crypto });
+    } catch (error: any) {
+      // If the error is a CryptoError with code "InvalidJwe" or "AlgorithmNotSupported", re-throw.
+      if (error instanceof CryptoError
+          && (error.code === CryptoErrorCode.InvalidJwe || error.code === CryptoErrorCode.AlgorithmNotSupported)) {
+        throw error;
+      }
+      // Otherwise, generate a random CEK and proceed to the next step.
+      // As noted in
+      // {@link https://datatracker.ietf.org/doc/html/rfc7516#section-11.5 | RFC 7516 Section 11.5},
+      // to mitigate the attacks described in
+      // {@link https://datatracker.ietf.org/doc/html/rfc3218 | RFC 3218}, the recipient MUST NOT
+      // distinguish between format, padding, and length errors of encrypted keys. It is strongly
+      // recommended, in the event of receiving an improperly formatted key, that the recipient
+      // substitute a randomly generated CEK and proceed to the next step, to mitigate timing
+      // attacks.
+      cek = typeof key === 'string'
+        ? await keyManager.generateKey({ algorithm: joseHeader.enc })
+        : await crypto.generateKey({ algorithm: joseHeader.enc });
+    }
+    // If present, decode the JWE Initialization Vector (IV) and Authentication Tag.
+    const iv = decodeHeaderParam('iv', jwe.iv);
+    const tag = decodeHeaderParam('tag', jwe.tag);
+    // Decode the JWE Ciphertext to a byte array, and if present, append the Authentication Tag.
+    const ciphertext = tag !== undefined
+      ? new Uint8Array([
+        ...Convert.base64Url(jwe.ciphertext).toUint8Array(),
+        ...(tag ?? [])
+      ])
+      : Convert.base64Url(jwe.ciphertext).toUint8Array();
+    // If the JWE Additional Authenticated Data (AAD) is present, the Additional Authenticated Data
+    // input to the Content Encryption Algorithm is
+    // ASCII(Encoded Protected Header || '.' || BASE64URL(JWE AAD)). If the JWE AAD is absent, the
+    // Additional Authenticated Data is ASCII(BASE64URL(UTF8(JWE Protected Header))).
+    const additionalData = jwe.aad !== undefined
+      ? new Uint8Array([
+        ...Convert.string(jwe.protected ?? '').toUint8Array(),
+        ...Convert.string('.').toUint8Array(),
+        ...Convert.string(jwe.aad).toUint8Array()
+      ])
+      : Convert.string(jwe.protected ?? '').toUint8Array();
+    // Decrypt the JWE using the Content Encryption Key (CEK) with:
+    // - Key Manager: If the CEK is a Key Identifier.
+    // - Crypto API: If the CEK is a JWK.
+    const plaintext = typeof cek === 'string'
+      ? await keyManager.decrypt({ keyUri: cek, data: ciphertext, iv, additionalData })
+      : await crypto.decrypt({ key: cek, data: ciphertext, iv, additionalData });
+    return {
+      plaintext,
+      protectedHeader             : parsedProtectedHeader,
+      additionalAuthenticatedData : decodeHeaderParam('aad', jwe.aad),
+      sharedUnprotectedHeader     : jwe.unprotected,
+      unprotectedHeader           : jwe.header
+    };
+  }
+  public static async encrypt<
+    TKeyManager extends KeyManager | undefined = KeyManager,
+    TCrypto extends CryptoApi | undefined = CryptoApi
+  >({
+    key,
+    plaintext,
+    additionalAuthenticatedData,
+    protectedHeader,
+    sharedUnprotectedHeader,
+    unprotectedHeader,
+    keyManager = new LocalKeyManager(),
+    crypto = new AgentCryptoApi(),
+  }: FlattenedJweEncryptParams<TKeyManager, TCrypto>): Promise<FlattenedJwe> {
+    // Verify that the provided Crypto API supports the decrypt operation before proceeding.
+    if (!isCipher(crypto)) {
+      throw new CryptoError(CryptoErrorCode.OperationNotSupported, 'Crypto API does not support the "encrypt" operation.');
+    }
+    // Verify that the provided Key Manager supports the decrypt operation before proceeding.
+    if (!isCipher(keyManager)) {
+      throw new CryptoError(CryptoErrorCode.OperationNotSupported, 'Key Manager does not support the "decrypt" operation.');
+    }
+    // Verify that at least one of the JOSE header objects is present.
+    if (!protectedHeader && !sharedUnprotectedHeader && !unprotectedHeader) {
+      throw new CryptoError(CryptoErrorCode.InvalidJwe,
+        'JWE is missing the required JOSE header parameters. ' +
+            'Please provide at least one of the following: "protectedHeader", "sharedUnprotectedHeader", or "unprotectedHeader"'
+      );
+    }
+    // Verify that the Plaintext is present.
+    if (!(plaintext instanceof Uint8Array)) {
+      throw new CryptoError(CryptoErrorCode.InvalidJwe, 'Plaintext is missing or not a byte array.');
+    }
+    // Per {@link https://www.rfc-editor.org/rfc/rfc7516#section-5.2 | RFC7516 Section 5.2}
+    // the resulting JOSE Header MUST NOT contain duplicate Header Parameter names. In other words,
+    // the same Header Parameter name MUST NOT occur in the `header`, `protected`, and
+    // `unprotected` JSON object values that together comprise the JOSE Header.
+    if (hasDuplicateProperties(protectedHeader, sharedUnprotectedHeader, unprotectedHeader)){
+      throw new Error(
+        'Duplicate properties detected. Please ensure that each parameter is defined only once ' +
+        'across the JWE "protectedHeader", "sharedUnprotectedHeader", and "unprotectedHeader" objects.'
+      );
+    }
+    // The JOSE Header is the union of the members of the JWE Protected Header (`protectedHeader`),
+    // the JWE Shared Unprotected Header (`sharedUnprotectedHeader`), and the corresponding JWE
+    // Per-Recipient Unprotected Header (`unprotectedHeader`).
+    const joseHeader = { ...protectedHeader, ...sharedUnprotectedHeader, ...unprotectedHeader };
+    if (!isValidJweHeader(joseHeader)) {
+      throw new Error('JWE Header is missing required "alg" (Algorithm) and/or "enc" (Encryption) Header Parameters');
+    }
+    const { cek, encryptedKey } = await JweKeyManagement.encrypt({ key, joseHeader, keyManager, crypto });
+    // If required for the Content Encryption Algorithm, generate a random JWE Initialization
+    // Vector (IV) of the correct size; otherwise, let the JWE Initialization Vector be the empty
+    // octet sequence.
+    let iv: Uint8Array;
+    switch (joseHeader.enc) {
+      case 'A128GCM':
+      case 'A192GCM':
+      case 'A256GCM':
+        iv = CryptoUtils.randomBytes(12);
+        break;
+      default:
+        iv = new Uint8Array(0);
+    }
+    // Compute the Encoded Protected Header value BASE64URL(UTF8(JWE Protected Header)).  If the JWE
+    // Protected Header is not present, let this value be the empty string.
+    const encodedProtectedHeader = protectedHeader
+      ? Convert.object(protectedHeader).toBase64Url()
+      : '';
+    // If the JWE Additional Authenticated Data (AAD) is present, the Additional Authenticated Data
+    // input to the Content Encryption Algorithm is
+    // ASCII(Encoded Protected Header || '.' || BASE64URL(JWE AAD)). If the JWE AAD is absent, the
+    // Additional Authenticated Data is ASCII(BASE64URL(UTF8(JWE Protected Header))).
+    let additionalData: Uint8Array;
+    let encodedAad: string | undefined;
+    if (additionalAuthenticatedData) {
+      encodedAad = Convert.uint8Array(additionalAuthenticatedData).toBase64Url();
+      additionalData = Convert.string(encodedProtectedHeader + '.' + encodedAad).toUint8Array();
+    } else {
+      additionalData = Convert.string(encodedProtectedHeader).toUint8Array();
+    }
+    // Encrypt the plaintext using the CEK, the JWE Initialization Vector, and the Additional
+    // Authenticated Data value using the specified content encryption algorithm to create the JWE
+    // Ciphertext value and the JWE Authentication Tag.
+    const ciphertextWithTag = typeof cek === 'string'
+      ? await keyManager.encrypt({ keyUri: cek, data: plaintext, iv, additionalData })
+      : await crypto.encrypt({ key: cek, data: plaintext, iv, additionalData });
+    const ciphertext = ciphertextWithTag.slice(0, -16);
+    const authenticationTag = ciphertextWithTag.slice(-16);
+    // Create the Flattened JWE JSON Serialization output, which is based upon the General syntax,
+    // but flattens it, optimizing it for the single-recipient case. It flattens it by removing the
+    // "recipients" member and instead placing those members defined for use in the "recipients"
+    // array (the "header" and "encrypted_key" members) in the top-level JSON object (at the same
+    // level as the "ciphertext" member).
+    const jwe = new FlattenedJwe({
+      ciphertext: Convert.uint8Array(ciphertext).toBase64Url(),
+    });
+    if (encryptedKey) jwe.encrypted_key = Convert.uint8Array(encryptedKey).toBase64Url();
+    if (protectedHeader) jwe.protected = encodedProtectedHeader;
+    if (sharedUnprotectedHeader) jwe.unprotected = sharedUnprotectedHeader;
+    if (unprotectedHeader) jwe.header = unprotectedHeader;
+    if (iv) jwe.iv = Convert.uint8Array(iv).toBase64Url();
+    if (encodedAad) jwe.aad = encodedAad;
+    if (authenticationTag) jwe.tag = Convert.uint8Array(authenticationTag).toBase64Url();
+    return jwe;
+  }
+}