@fgv/ts-extras 5.1.0-4 → 5.1.0-40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (368) hide show
  1. package/dist/index.browser.js +4 -2
  2. package/dist/index.browser.js.map +1 -0
  3. package/dist/index.js.map +1 -0
  4. package/dist/packlets/ai-assist/apiClient.js +886 -158
  5. package/dist/packlets/ai-assist/apiClient.js.map +1 -0
  6. package/dist/packlets/ai-assist/chatRequestBuilders.js +282 -0
  7. package/dist/packlets/ai-assist/chatRequestBuilders.js.map +1 -0
  8. package/dist/packlets/ai-assist/converters.js +47 -3
  9. package/dist/packlets/ai-assist/converters.js.map +1 -0
  10. package/dist/packlets/ai-assist/embeddingClient.js +345 -0
  11. package/dist/packlets/ai-assist/embeddingClient.js.map +1 -0
  12. package/dist/packlets/ai-assist/endpoint.js +78 -0
  13. package/dist/packlets/ai-assist/endpoint.js.map +1 -0
  14. package/dist/packlets/ai-assist/http.js +75 -0
  15. package/dist/packlets/ai-assist/http.js.map +1 -0
  16. package/dist/packlets/ai-assist/imageOptionsResolver.js +193 -0
  17. package/dist/packlets/ai-assist/imageOptionsResolver.js.map +1 -0
  18. package/dist/packlets/ai-assist/index.js +10 -4
  19. package/dist/packlets/ai-assist/index.js.map +1 -0
  20. package/dist/packlets/ai-assist/jsonCompletion.js +93 -0
  21. package/dist/packlets/ai-assist/jsonCompletion.js.map +1 -0
  22. package/dist/packlets/ai-assist/jsonResponse.js +149 -0
  23. package/dist/packlets/ai-assist/jsonResponse.js.map +1 -0
  24. package/dist/packlets/ai-assist/model.js +193 -9
  25. package/dist/packlets/ai-assist/model.js.map +1 -0
  26. package/dist/packlets/ai-assist/registry.js +314 -12
  27. package/dist/packlets/ai-assist/registry.js.map +1 -0
  28. package/dist/packlets/ai-assist/sseParser.js +123 -0
  29. package/dist/packlets/ai-assist/sseParser.js.map +1 -0
  30. package/dist/packlets/ai-assist/streamingAdapters/anthropic.js +368 -0
  31. package/dist/packlets/ai-assist/streamingAdapters/anthropic.js.map +1 -0
  32. package/dist/packlets/ai-assist/streamingAdapters/clientToolContinuationBuilder.js +687 -0
  33. package/dist/packlets/ai-assist/streamingAdapters/clientToolContinuationBuilder.js.map +1 -0
  34. package/dist/packlets/ai-assist/streamingAdapters/common.js +187 -0
  35. package/dist/packlets/ai-assist/streamingAdapters/common.js.map +1 -0
  36. package/dist/packlets/ai-assist/streamingAdapters/gemini.js +204 -0
  37. package/dist/packlets/ai-assist/streamingAdapters/gemini.js.map +1 -0
  38. package/dist/packlets/ai-assist/streamingAdapters/openaiChat.js +170 -0
  39. package/dist/packlets/ai-assist/streamingAdapters/openaiChat.js.map +1 -0
  40. package/dist/packlets/ai-assist/streamingAdapters/openaiResponses.js +386 -0
  41. package/dist/packlets/ai-assist/streamingAdapters/openaiResponses.js.map +1 -0
  42. package/dist/packlets/ai-assist/streamingAdapters/proxy.js +173 -0
  43. package/dist/packlets/ai-assist/streamingAdapters/proxy.js.map +1 -0
  44. package/dist/packlets/ai-assist/streamingClient.js +140 -0
  45. package/dist/packlets/ai-assist/streamingClient.js.map +1 -0
  46. package/dist/packlets/ai-assist/thinkingOptionsResolver.js +288 -0
  47. package/dist/packlets/ai-assist/thinkingOptionsResolver.js.map +1 -0
  48. package/dist/packlets/ai-assist/toolFormats.js +106 -10
  49. package/dist/packlets/ai-assist/toolFormats.js.map +1 -0
  50. package/dist/packlets/conversion/converters.js +35 -1
  51. package/dist/packlets/conversion/converters.js.map +1 -0
  52. package/dist/packlets/conversion/index.js.map +1 -0
  53. package/dist/packlets/crypto-utils/constants.js.map +1 -0
  54. package/dist/packlets/crypto-utils/converters.js +42 -4
  55. package/dist/packlets/crypto-utils/converters.js.map +1 -0
  56. package/dist/packlets/crypto-utils/directEncryptionProvider.js.map +1 -0
  57. package/dist/packlets/crypto-utils/encryptedFile.js.map +1 -0
  58. package/dist/packlets/crypto-utils/hpkeProvider.js +333 -0
  59. package/dist/packlets/crypto-utils/hpkeProvider.js.map +1 -0
  60. package/dist/packlets/crypto-utils/index.browser.js +10 -2
  61. package/dist/packlets/crypto-utils/index.browser.js.map +1 -0
  62. package/dist/packlets/crypto-utils/index.js +6 -0
  63. package/dist/packlets/crypto-utils/index.js.map +1 -0
  64. package/dist/packlets/crypto-utils/keyPairAlgorithmParams.js +71 -0
  65. package/dist/packlets/crypto-utils/keyPairAlgorithmParams.js.map +1 -0
  66. package/dist/packlets/crypto-utils/keystore/converters.js +103 -11
  67. package/dist/packlets/crypto-utils/keystore/converters.js.map +1 -0
  68. package/dist/packlets/crypto-utils/keystore/encryptedFilePrivateKeyStorage.js +287 -0
  69. package/dist/packlets/crypto-utils/keystore/encryptedFilePrivateKeyStorage.js.map +1 -0
  70. package/dist/packlets/crypto-utils/keystore/index.browser.js +36 -0
  71. package/dist/packlets/crypto-utils/keystore/index.browser.js.map +1 -0
  72. package/dist/packlets/crypto-utils/keystore/index.js +3 -0
  73. package/dist/packlets/crypto-utils/keystore/index.js.map +1 -0
  74. package/dist/packlets/crypto-utils/keystore/keyStore.js +633 -118
  75. package/dist/packlets/crypto-utils/keystore/keyStore.js.map +1 -0
  76. package/dist/packlets/crypto-utils/keystore/model.js +22 -1
  77. package/dist/packlets/crypto-utils/keystore/model.js.map +1 -0
  78. package/dist/packlets/crypto-utils/keystore/privateKeyStorage.js +21 -0
  79. package/dist/packlets/crypto-utils/keystore/privateKeyStorage.js.map +1 -0
  80. package/dist/packlets/crypto-utils/model.js +32 -0
  81. package/dist/packlets/crypto-utils/model.js.map +1 -0
  82. package/dist/packlets/crypto-utils/nodeCryptoProvider.js +270 -1
  83. package/dist/packlets/crypto-utils/nodeCryptoProvider.js.map +1 -0
  84. package/dist/packlets/crypto-utils/spkiHelpers.js +209 -0
  85. package/dist/packlets/crypto-utils/spkiHelpers.js.map +1 -0
  86. package/dist/packlets/csv/csvFileHelpers.js +0 -14
  87. package/dist/packlets/csv/csvFileHelpers.js.map +1 -0
  88. package/dist/packlets/csv/csvHelpers.js +14 -0
  89. package/dist/packlets/csv/csvHelpers.js.map +1 -0
  90. package/dist/packlets/csv/index.browser.js +1 -3
  91. package/dist/packlets/csv/index.browser.js.map +1 -0
  92. package/dist/packlets/csv/index.js.map +1 -0
  93. package/dist/packlets/experimental/extendedArray.js.map +1 -0
  94. package/dist/packlets/experimental/formatter.js.map +1 -0
  95. package/dist/packlets/experimental/index.js.map +1 -0
  96. package/dist/packlets/experimental/rangeOf.js.map +1 -0
  97. package/dist/packlets/hash/index.browser.js.map +1 -0
  98. package/dist/packlets/hash/index.js.map +1 -0
  99. package/dist/packlets/hash/index.node.js.map +1 -0
  100. package/dist/packlets/hash/md5Normalizer.browser.js.map +1 -0
  101. package/dist/packlets/hash/md5Normalizer.js.map +1 -0
  102. package/dist/packlets/mustache/index.js.map +1 -0
  103. package/dist/packlets/mustache/interfaces.js.map +1 -0
  104. package/dist/packlets/mustache/mustacheTemplate.js +42 -4
  105. package/dist/packlets/mustache/mustacheTemplate.js.map +1 -0
  106. package/dist/packlets/record-jar/index.browser.js +1 -3
  107. package/dist/packlets/record-jar/index.browser.js.map +1 -0
  108. package/dist/packlets/record-jar/index.js.map +1 -0
  109. package/dist/packlets/record-jar/recordJarFileHelpers.js +0 -18
  110. package/dist/packlets/record-jar/recordJarFileHelpers.js.map +1 -0
  111. package/dist/packlets/record-jar/recordJarHelpers.js +18 -0
  112. package/dist/packlets/record-jar/recordJarHelpers.js.map +1 -0
  113. package/dist/packlets/yaml/converters.js.map +1 -0
  114. package/dist/packlets/yaml/index.js +1 -0
  115. package/dist/packlets/yaml/index.js.map +1 -0
  116. package/dist/packlets/yaml/serializers.js +48 -0
  117. package/dist/packlets/yaml/serializers.js.map +1 -0
  118. package/dist/packlets/zip-file-tree/index.js.map +1 -0
  119. package/dist/packlets/zip-file-tree/zipFileTreeAccessors.js +2 -2
  120. package/dist/packlets/zip-file-tree/zipFileTreeAccessors.js.map +1 -0
  121. package/dist/packlets/zip-file-tree/zipFileTreeWriter.js.map +1 -0
  122. package/dist/ts-extras.d.ts +3880 -105
  123. package/dist/tsdoc-metadata.json +1 -1
  124. package/lib/index.browser.d.ts +4 -2
  125. package/lib/index.browser.d.ts.map +1 -0
  126. package/lib/index.browser.js +8 -3
  127. package/lib/index.browser.js.map +1 -0
  128. package/lib/index.d.ts.map +1 -0
  129. package/lib/index.js.map +1 -0
  130. package/lib/packlets/ai-assist/apiClient.d.ts +115 -32
  131. package/lib/packlets/ai-assist/apiClient.d.ts.map +1 -0
  132. package/lib/packlets/ai-assist/apiClient.js +888 -156
  133. package/lib/packlets/ai-assist/apiClient.js.map +1 -0
  134. package/lib/packlets/ai-assist/chatRequestBuilders.d.ts +149 -0
  135. package/lib/packlets/ai-assist/chatRequestBuilders.d.ts.map +1 -0
  136. package/lib/packlets/ai-assist/chatRequestBuilders.js +293 -0
  137. package/lib/packlets/ai-assist/chatRequestBuilders.js.map +1 -0
  138. package/lib/packlets/ai-assist/converters.d.ts +15 -1
  139. package/lib/packlets/ai-assist/converters.d.ts.map +1 -0
  140. package/lib/packlets/ai-assist/converters.js +47 -3
  141. package/lib/packlets/ai-assist/converters.js.map +1 -0
  142. package/lib/packlets/ai-assist/embeddingClient.d.ts +69 -0
  143. package/lib/packlets/ai-assist/embeddingClient.d.ts.map +1 -0
  144. package/lib/packlets/ai-assist/embeddingClient.js +349 -0
  145. package/lib/packlets/ai-assist/embeddingClient.js.map +1 -0
  146. package/lib/packlets/ai-assist/endpoint.d.ts +28 -0
  147. package/lib/packlets/ai-assist/endpoint.d.ts.map +1 -0
  148. package/lib/packlets/ai-assist/endpoint.js +82 -0
  149. package/lib/packlets/ai-assist/endpoint.js.map +1 -0
  150. package/lib/packlets/ai-assist/http.d.ts +24 -0
  151. package/lib/packlets/ai-assist/http.d.ts.map +1 -0
  152. package/lib/packlets/ai-assist/http.js +78 -0
  153. package/lib/packlets/ai-assist/http.js.map +1 -0
  154. package/lib/packlets/ai-assist/imageOptionsResolver.d.ts +66 -0
  155. package/lib/packlets/ai-assist/imageOptionsResolver.d.ts.map +1 -0
  156. package/lib/packlets/ai-assist/imageOptionsResolver.js +197 -0
  157. package/lib/packlets/ai-assist/imageOptionsResolver.js.map +1 -0
  158. package/lib/packlets/ai-assist/index.d.ts +10 -4
  159. package/lib/packlets/ai-assist/index.d.ts.map +1 -0
  160. package/lib/packlets/ai-assist/index.js +36 -1
  161. package/lib/packlets/ai-assist/index.js.map +1 -0
  162. package/lib/packlets/ai-assist/jsonCompletion.d.ts +93 -0
  163. package/lib/packlets/ai-assist/jsonCompletion.d.ts.map +1 -0
  164. package/lib/packlets/ai-assist/jsonCompletion.js +97 -0
  165. package/lib/packlets/ai-assist/jsonCompletion.js.map +1 -0
  166. package/lib/packlets/ai-assist/jsonResponse.d.ts +91 -0
  167. package/lib/packlets/ai-assist/jsonResponse.d.ts.map +1 -0
  168. package/lib/packlets/ai-assist/jsonResponse.js +154 -0
  169. package/lib/packlets/ai-assist/jsonResponse.js.map +1 -0
  170. package/lib/packlets/ai-assist/model.d.ts +1202 -12
  171. package/lib/packlets/ai-assist/model.d.ts.map +1 -0
  172. package/lib/packlets/ai-assist/model.js +198 -10
  173. package/lib/packlets/ai-assist/model.js.map +1 -0
  174. package/lib/packlets/ai-assist/registry.d.ts +56 -1
  175. package/lib/packlets/ai-assist/registry.d.ts.map +1 -0
  176. package/lib/packlets/ai-assist/registry.js +319 -13
  177. package/lib/packlets/ai-assist/registry.js.map +1 -0
  178. package/lib/packlets/ai-assist/sseParser.d.ts +45 -0
  179. package/lib/packlets/ai-assist/sseParser.d.ts.map +1 -0
  180. package/lib/packlets/ai-assist/sseParser.js +128 -0
  181. package/lib/packlets/ai-assist/sseParser.js.map +1 -0
  182. package/lib/packlets/ai-assist/streamingAdapters/anthropic.d.ts +72 -0
  183. package/lib/packlets/ai-assist/streamingAdapters/anthropic.d.ts.map +1 -0
  184. package/lib/packlets/ai-assist/streamingAdapters/anthropic.js +371 -0
  185. package/lib/packlets/ai-assist/streamingAdapters/anthropic.js.map +1 -0
  186. package/lib/packlets/ai-assist/streamingAdapters/clientToolContinuationBuilder.d.ts +260 -0
  187. package/lib/packlets/ai-assist/streamingAdapters/clientToolContinuationBuilder.d.ts.map +1 -0
  188. package/lib/packlets/ai-assist/streamingAdapters/clientToolContinuationBuilder.js +694 -0
  189. package/lib/packlets/ai-assist/streamingAdapters/clientToolContinuationBuilder.js.map +1 -0
  190. package/lib/packlets/ai-assist/streamingAdapters/common.d.ts +154 -0
  191. package/lib/packlets/ai-assist/streamingAdapters/common.d.ts.map +1 -0
  192. package/lib/packlets/ai-assist/streamingAdapters/common.js +193 -0
  193. package/lib/packlets/ai-assist/streamingAdapters/common.js.map +1 -0
  194. package/lib/packlets/ai-assist/streamingAdapters/gemini.d.ts +43 -0
  195. package/lib/packlets/ai-assist/streamingAdapters/gemini.d.ts.map +1 -0
  196. package/lib/packlets/ai-assist/streamingAdapters/gemini.js +207 -0
  197. package/lib/packlets/ai-assist/streamingAdapters/gemini.js.map +1 -0
  198. package/lib/packlets/ai-assist/streamingAdapters/openaiChat.d.ts +19 -0
  199. package/lib/packlets/ai-assist/streamingAdapters/openaiChat.d.ts.map +1 -0
  200. package/lib/packlets/ai-assist/streamingAdapters/openaiChat.js +173 -0
  201. package/lib/packlets/ai-assist/streamingAdapters/openaiChat.js.map +1 -0
  202. package/lib/packlets/ai-assist/streamingAdapters/openaiResponses.d.ts +33 -0
  203. package/lib/packlets/ai-assist/streamingAdapters/openaiResponses.d.ts.map +1 -0
  204. package/lib/packlets/ai-assist/streamingAdapters/openaiResponses.js +389 -0
  205. package/lib/packlets/ai-assist/streamingAdapters/openaiResponses.js.map +1 -0
  206. package/lib/packlets/ai-assist/streamingAdapters/proxy.d.ts +34 -0
  207. package/lib/packlets/ai-assist/streamingAdapters/proxy.d.ts.map +1 -0
  208. package/lib/packlets/ai-assist/streamingAdapters/proxy.js +176 -0
  209. package/lib/packlets/ai-assist/streamingAdapters/proxy.js.map +1 -0
  210. package/lib/packlets/ai-assist/streamingClient.d.ts +50 -0
  211. package/lib/packlets/ai-assist/streamingClient.d.ts.map +1 -0
  212. package/lib/packlets/ai-assist/streamingClient.js +146 -0
  213. package/lib/packlets/ai-assist/streamingClient.js.map +1 -0
  214. package/lib/packlets/ai-assist/thinkingOptionsResolver.d.ts +87 -0
  215. package/lib/packlets/ai-assist/thinkingOptionsResolver.d.ts.map +1 -0
  216. package/lib/packlets/ai-assist/thinkingOptionsResolver.js +294 -0
  217. package/lib/packlets/ai-assist/thinkingOptionsResolver.js.map +1 -0
  218. package/lib/packlets/ai-assist/toolFormats.d.ts +40 -9
  219. package/lib/packlets/ai-assist/toolFormats.d.ts.map +1 -0
  220. package/lib/packlets/ai-assist/toolFormats.js +107 -10
  221. package/lib/packlets/ai-assist/toolFormats.js.map +1 -0
  222. package/lib/packlets/conversion/converters.d.ts +8 -1
  223. package/lib/packlets/conversion/converters.d.ts.map +1 -0
  224. package/lib/packlets/conversion/converters.js +36 -2
  225. package/lib/packlets/conversion/converters.js.map +1 -0
  226. package/lib/packlets/conversion/index.d.ts.map +1 -0
  227. package/lib/packlets/conversion/index.js.map +1 -0
  228. package/lib/packlets/crypto-utils/constants.d.ts.map +1 -0
  229. package/lib/packlets/crypto-utils/constants.js.map +1 -0
  230. package/lib/packlets/crypto-utils/converters.d.ts +20 -1
  231. package/lib/packlets/crypto-utils/converters.d.ts.map +1 -0
  232. package/lib/packlets/crypto-utils/converters.js +43 -5
  233. package/lib/packlets/crypto-utils/converters.js.map +1 -0
  234. package/lib/packlets/crypto-utils/directEncryptionProvider.d.ts.map +1 -0
  235. package/lib/packlets/crypto-utils/directEncryptionProvider.js.map +1 -0
  236. package/lib/packlets/crypto-utils/encryptedFile.d.ts.map +1 -0
  237. package/lib/packlets/crypto-utils/encryptedFile.js.map +1 -0
  238. package/lib/packlets/crypto-utils/hpkeProvider.d.ts +142 -0
  239. package/lib/packlets/crypto-utils/hpkeProvider.d.ts.map +1 -0
  240. package/lib/packlets/crypto-utils/hpkeProvider.js +337 -0
  241. package/lib/packlets/crypto-utils/hpkeProvider.js.map +1 -0
  242. package/lib/packlets/crypto-utils/index.browser.d.ts +4 -1
  243. package/lib/packlets/crypto-utils/index.browser.d.ts.map +1 -0
  244. package/lib/packlets/crypto-utils/index.browser.js +21 -3
  245. package/lib/packlets/crypto-utils/index.browser.js.map +1 -0
  246. package/lib/packlets/crypto-utils/index.d.ts +3 -0
  247. package/lib/packlets/crypto-utils/index.d.ts.map +1 -0
  248. package/lib/packlets/crypto-utils/index.js +17 -1
  249. package/lib/packlets/crypto-utils/index.js.map +1 -0
  250. package/lib/packlets/crypto-utils/keyPairAlgorithmParams.d.ts +54 -0
  251. package/lib/packlets/crypto-utils/keyPairAlgorithmParams.d.ts.map +1 -0
  252. package/lib/packlets/crypto-utils/keyPairAlgorithmParams.js +74 -0
  253. package/lib/packlets/crypto-utils/keyPairAlgorithmParams.js.map +1 -0
  254. package/lib/packlets/crypto-utils/keystore/converters.d.ts +68 -6
  255. package/lib/packlets/crypto-utils/keystore/converters.d.ts.map +1 -0
  256. package/lib/packlets/crypto-utils/keystore/converters.js +101 -9
  257. package/lib/packlets/crypto-utils/keystore/converters.js.map +1 -0
  258. package/lib/packlets/crypto-utils/keystore/encryptedFilePrivateKeyStorage.d.ts +148 -0
  259. package/lib/packlets/crypto-utils/keystore/encryptedFilePrivateKeyStorage.d.ts.map +1 -0
  260. package/lib/packlets/crypto-utils/keystore/encryptedFilePrivateKeyStorage.js +324 -0
  261. package/lib/packlets/crypto-utils/keystore/encryptedFilePrivateKeyStorage.js.map +1 -0
  262. package/lib/packlets/crypto-utils/keystore/index.browser.d.ts +10 -0
  263. package/lib/packlets/crypto-utils/keystore/index.browser.d.ts.map +1 -0
  264. package/lib/packlets/crypto-utils/keystore/index.browser.js +76 -0
  265. package/lib/packlets/crypto-utils/keystore/index.browser.js.map +1 -0
  266. package/lib/packlets/crypto-utils/keystore/index.d.ts +2 -0
  267. package/lib/packlets/crypto-utils/keystore/index.d.ts.map +1 -0
  268. package/lib/packlets/crypto-utils/keystore/index.js +5 -1
  269. package/lib/packlets/crypto-utils/keystore/index.js.map +1 -0
  270. package/lib/packlets/crypto-utils/keystore/keyStore.d.ts +205 -13
  271. package/lib/packlets/crypto-utils/keystore/keyStore.d.ts.map +1 -0
  272. package/lib/packlets/crypto-utils/keystore/keyStore.js +639 -124
  273. package/lib/packlets/crypto-utils/keystore/keyStore.js.map +1 -0
  274. package/lib/packlets/crypto-utils/keystore/model.d.ts +275 -19
  275. package/lib/packlets/crypto-utils/keystore/model.d.ts.map +1 -0
  276. package/lib/packlets/crypto-utils/keystore/model.js +24 -2
  277. package/lib/packlets/crypto-utils/keystore/model.js.map +1 -0
  278. package/lib/packlets/crypto-utils/keystore/privateKeyStorage.d.ts +53 -0
  279. package/lib/packlets/crypto-utils/keystore/privateKeyStorage.d.ts.map +1 -0
  280. package/lib/packlets/crypto-utils/keystore/privateKeyStorage.js +22 -0
  281. package/lib/packlets/crypto-utils/keystore/privateKeyStorage.js.map +1 -0
  282. package/lib/packlets/crypto-utils/model.d.ts +348 -10
  283. package/lib/packlets/crypto-utils/model.d.ts.map +1 -0
  284. package/lib/packlets/crypto-utils/model.js +33 -1
  285. package/lib/packlets/crypto-utils/model.js.map +1 -0
  286. package/lib/packlets/crypto-utils/nodeCryptoProvider.d.ts +110 -2
  287. package/lib/packlets/crypto-utils/nodeCryptoProvider.d.ts.map +1 -0
  288. package/lib/packlets/crypto-utils/nodeCryptoProvider.js +269 -0
  289. package/lib/packlets/crypto-utils/nodeCryptoProvider.js.map +1 -0
  290. package/lib/packlets/crypto-utils/spkiHelpers.d.ts +110 -0
  291. package/lib/packlets/crypto-utils/spkiHelpers.d.ts.map +1 -0
  292. package/lib/packlets/crypto-utils/spkiHelpers.js +219 -0
  293. package/lib/packlets/crypto-utils/spkiHelpers.js.map +1 -0
  294. package/lib/packlets/csv/csvFileHelpers.d.ts +0 -10
  295. package/lib/packlets/csv/csvFileHelpers.d.ts.map +1 -0
  296. package/lib/packlets/csv/csvFileHelpers.js +0 -15
  297. package/lib/packlets/csv/csvFileHelpers.js.map +1 -0
  298. package/lib/packlets/csv/csvHelpers.d.ts +10 -0
  299. package/lib/packlets/csv/csvHelpers.d.ts.map +1 -0
  300. package/lib/packlets/csv/csvHelpers.js +15 -0
  301. package/lib/packlets/csv/csvHelpers.js.map +1 -0
  302. package/lib/packlets/csv/index.browser.d.ts +0 -1
  303. package/lib/packlets/csv/index.browser.d.ts.map +1 -0
  304. package/lib/packlets/csv/index.browser.js +1 -5
  305. package/lib/packlets/csv/index.browser.js.map +1 -0
  306. package/lib/packlets/csv/index.d.ts.map +1 -0
  307. package/lib/packlets/csv/index.js.map +1 -0
  308. package/lib/packlets/experimental/extendedArray.d.ts.map +1 -0
  309. package/lib/packlets/experimental/extendedArray.js.map +1 -0
  310. package/lib/packlets/experimental/formatter.d.ts.map +1 -0
  311. package/lib/packlets/experimental/formatter.js.map +1 -0
  312. package/lib/packlets/experimental/index.d.ts.map +1 -0
  313. package/lib/packlets/experimental/index.js.map +1 -0
  314. package/lib/packlets/experimental/rangeOf.d.ts.map +1 -0
  315. package/lib/packlets/experimental/rangeOf.js.map +1 -0
  316. package/lib/packlets/hash/index.browser.d.ts.map +1 -0
  317. package/lib/packlets/hash/index.browser.js.map +1 -0
  318. package/lib/packlets/hash/index.d.ts.map +1 -0
  319. package/lib/packlets/hash/index.js.map +1 -0
  320. package/lib/packlets/hash/index.node.d.ts.map +1 -0
  321. package/lib/packlets/hash/index.node.js.map +1 -0
  322. package/lib/packlets/hash/md5Normalizer.browser.d.ts.map +1 -0
  323. package/lib/packlets/hash/md5Normalizer.browser.js.map +1 -0
  324. package/lib/packlets/hash/md5Normalizer.d.ts.map +1 -0
  325. package/lib/packlets/hash/md5Normalizer.js.map +1 -0
  326. package/lib/packlets/mustache/index.d.ts +1 -1
  327. package/lib/packlets/mustache/index.d.ts.map +1 -0
  328. package/lib/packlets/mustache/index.js.map +1 -0
  329. package/lib/packlets/mustache/interfaces.d.ts +34 -0
  330. package/lib/packlets/mustache/interfaces.d.ts.map +1 -0
  331. package/lib/packlets/mustache/interfaces.js.map +1 -0
  332. package/lib/packlets/mustache/mustacheTemplate.d.ts +2 -0
  333. package/lib/packlets/mustache/mustacheTemplate.d.ts.map +1 -0
  334. package/lib/packlets/mustache/mustacheTemplate.js +42 -4
  335. package/lib/packlets/mustache/mustacheTemplate.js.map +1 -0
  336. package/lib/packlets/record-jar/index.browser.d.ts +0 -1
  337. package/lib/packlets/record-jar/index.browser.d.ts.map +1 -0
  338. package/lib/packlets/record-jar/index.browser.js +1 -5
  339. package/lib/packlets/record-jar/index.browser.js.map +1 -0
  340. package/lib/packlets/record-jar/index.d.ts.map +1 -0
  341. package/lib/packlets/record-jar/index.js.map +1 -0
  342. package/lib/packlets/record-jar/recordJarFileHelpers.d.ts +0 -11
  343. package/lib/packlets/record-jar/recordJarFileHelpers.d.ts.map +1 -0
  344. package/lib/packlets/record-jar/recordJarFileHelpers.js +0 -19
  345. package/lib/packlets/record-jar/recordJarFileHelpers.js.map +1 -0
  346. package/lib/packlets/record-jar/recordJarHelpers.d.ts +11 -0
  347. package/lib/packlets/record-jar/recordJarHelpers.d.ts.map +1 -0
  348. package/lib/packlets/record-jar/recordJarHelpers.js +19 -0
  349. package/lib/packlets/record-jar/recordJarHelpers.js.map +1 -0
  350. package/lib/packlets/yaml/converters.d.ts.map +1 -0
  351. package/lib/packlets/yaml/converters.js.map +1 -0
  352. package/lib/packlets/yaml/index.d.ts +1 -0
  353. package/lib/packlets/yaml/index.d.ts.map +1 -0
  354. package/lib/packlets/yaml/index.js +1 -0
  355. package/lib/packlets/yaml/index.js.map +1 -0
  356. package/lib/packlets/yaml/serializers.d.ts +45 -0
  357. package/lib/packlets/yaml/serializers.d.ts.map +1 -0
  358. package/lib/packlets/yaml/serializers.js +84 -0
  359. package/lib/packlets/yaml/serializers.js.map +1 -0
  360. package/lib/packlets/zip-file-tree/index.d.ts.map +1 -0
  361. package/lib/packlets/zip-file-tree/index.js.map +1 -0
  362. package/lib/packlets/zip-file-tree/zipFileTreeAccessors.d.ts +2 -2
  363. package/lib/packlets/zip-file-tree/zipFileTreeAccessors.d.ts.map +1 -0
  364. package/lib/packlets/zip-file-tree/zipFileTreeAccessors.js +2 -2
  365. package/lib/packlets/zip-file-tree/zipFileTreeAccessors.js.map +1 -0
  366. package/lib/packlets/zip-file-tree/zipFileTreeWriter.d.ts.map +1 -0
  367. package/lib/packlets/zip-file-tree/zipFileTreeWriter.js.map +1 -0
  368. package/package.json +20 -15
@@ -0,0 +1,74 @@
1
+ "use strict";
2
+ // Copyright (c) 2026 Erik Fortune
3
+ //
4
+ // Permission is hereby granted, free of charge, to any person obtaining a copy
5
+ // of this software and associated documentation files (the "Software"), to deal
6
+ // in the Software without restriction, including without limitation the rights
7
+ // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8
+ // copies of the Software, and to permit persons to whom the Software is
9
+ // furnished to do so, subject to the following conditions:
10
+ //
11
+ // The above copyright notice and this permission notice shall be included in all
12
+ // copies or substantial portions of the Software.
13
+ //
14
+ // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16
+ // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17
+ // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18
+ // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19
+ // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20
+ // SOFTWARE.
21
+ Object.defineProperty(exports, "__esModule", { value: true });
22
+ exports.keyPairAlgorithmParams = void 0;
23
+ /**
24
+ * Lookup table from {@link CryptoUtils.KeyPairAlgorithm} to the WebCrypto
25
+ * parameters needed to drive `crypto.subtle`. Shared between every
26
+ * {@link CryptoUtils.ICryptoProvider} implementation since both Node and
27
+ * browser providers speak the same WebCrypto API. Exposed for downstream
28
+ * provider implementations (e.g. browser-side providers in `@fgv/ts-web-extras`).
29
+ * @public
30
+ */
31
+ exports.keyPairAlgorithmParams = {
32
+ 'ecdsa-p256': {
33
+ generateKey: { name: 'ECDSA', namedCurve: 'P-256' },
34
+ importPublicKey: { name: 'ECDSA', namedCurve: 'P-256' },
35
+ keyPairUsages: ['sign', 'verify'],
36
+ publicKeyUsages: ['verify']
37
+ },
38
+ 'rsa-oaep-2048': {
39
+ generateKey: {
40
+ name: 'RSA-OAEP',
41
+ modulusLength: 2048,
42
+ publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
43
+ hash: 'SHA-256'
44
+ },
45
+ importPublicKey: { name: 'RSA-OAEP', hash: 'SHA-256' },
46
+ keyPairUsages: ['encrypt', 'decrypt'],
47
+ publicKeyUsages: ['encrypt']
48
+ },
49
+ 'ecdh-p256': {
50
+ generateKey: { name: 'ECDH', namedCurve: 'P-256' },
51
+ importPublicKey: { name: 'ECDH', namedCurve: 'P-256' },
52
+ // WebCrypto filters per-role: the private key takes both derive usages,
53
+ // and the public key gets [] since an ECDH public key alone cannot derive.
54
+ keyPairUsages: ['deriveKey', 'deriveBits'],
55
+ // Importing only the recipient's public key — empty usages because a
56
+ // standalone ECDH public key has no derivation capability.
57
+ publicKeyUsages: []
58
+ },
59
+ ed25519: {
60
+ generateKey: { name: 'Ed25519' },
61
+ importPublicKey: { name: 'Ed25519' },
62
+ keyPairUsages: ['sign', 'verify'],
63
+ publicKeyUsages: ['verify']
64
+ },
65
+ x25519: {
66
+ generateKey: { name: 'X25519' },
67
+ importPublicKey: { name: 'X25519' },
68
+ // WebCrypto filters per-role: the private key takes both derive usages,
69
+ // the public key gets [] since a standalone X25519 public key cannot derive.
70
+ keyPairUsages: ['deriveKey', 'deriveBits'],
71
+ publicKeyUsages: []
72
+ }
73
+ };
74
+ //# sourceMappingURL=keyPairAlgorithmParams.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"keyPairAlgorithmParams.js","sourceRoot":"","sources":["../../../src/packlets/crypto-utils/keyPairAlgorithmParams.ts"],"names":[],"mappings":";AAAA,kCAAkC;AAClC,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,+EAA+E;AAC/E,4EAA4E;AAC5E,wEAAwE;AACxE,2DAA2D;AAC3D,EAAE;AACF,iFAAiF;AACjF,kDAAkD;AAClD,EAAE;AACF,6EAA6E;AAC7E,2EAA2E;AAC3E,8EAA8E;AAC9E,yEAAyE;AACzE,gFAAgF;AAChF,gFAAgF;AAChF,YAAY;;;AAmDZ;;;;;;;GAOG;AACU,QAAA,sBAAsB,GAAgE;IACjG,YAAY,EAAE;QACZ,WAAW,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE;QACnD,eAAe,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE;QACvD,aAAa,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC;QACjC,eAAe,EAAE,CAAC,QAAQ,CAAC;KAC5B;IACD,eAAe,EAAE;QACf,WAAW,EAAE;YACX,IAAI,EAAE,UAAU;YAChB,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,IAAI,EAAE,SAAS;SAChB;QACD,eAAe,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE;QACtD,aAAa,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QACrC,eAAe,EAAE,CAAC,SAAS,CAAC;KAC7B;IACD,WAAW,EAAE;QACX,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE;QAClD,eAAe,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE;QACtD,wEAAwE;QACxE,2EAA2E;QAC3E,aAAa,EAAE,CAAC,WAAW,EAAE,YAAY,CAAC;QAC1C,qEAAqE;QACrE,2DAA2D;QAC3D,eAAe,EAAE,EAAE;KACpB;IACD,OAAO,EAAE;QACP,WAAW,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;QAChC,eAAe,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;QACpC,aAAa,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC;QACjC,eAAe,EAAE,CAAC,QAAQ,CAAC;KAC5B;IACD,MAAM,EAAE;QACN,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;QAC/B,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;QACnC,wEAAwE;QACxE,6EAA6E;QAC7E,aAAa,EAAE,CAAC,WAAW,EAAE,YAAY,CAAC;QAC1C,eAAe,EAAE,EAAE;KACpB;CACF,CAAC","sourcesContent":["// Copyright (c) 2026 Erik Fortune\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal\n// in the Software without restriction, including without limitation the rights\n// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n// copies of the Software, and to permit persons to whom the Software is\n// furnished to do so, subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all\n// copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n// SOFTWARE.\n\nimport { KeyPairAlgorithm } from './model';\n\n/**\n * WebCrypto parameters for a single {@link CryptoUtils.KeyPairAlgorithm}.\n * Implementations of {@link CryptoUtils.ICryptoProvider} use this table to\n * translate the small public algorithm enum into the WebCrypto algorithm\n * objects and key-usage arrays expected by `crypto.subtle`.\n * @public\n */\nexport interface IKeyPairAlgorithmParams {\n /**\n * Algorithm parameters for `crypto.subtle.generateKey`. Always an asymmetric\n * variant — these algorithms produce a `CryptoKeyPair`, not a single key.\n * The literal `{ name: 'Ed25519' }` member covers WebCrypto's Secure-Curves\n * Ed25519 algorithm; `{ name: 'X25519' }` covers the X25519 key-agreement\n * algorithm. Both take only a `name`; using literals rather than the base\n * `Algorithm` keeps the union closed to the algorithms this table supports.\n */\n readonly generateKey:\n | RsaHashedKeyGenParams\n | EcKeyGenParams\n | { readonly name: 'Ed25519' }\n | { readonly name: 'X25519' };\n\n /**\n * Algorithm parameters for `crypto.subtle.importKey('jwk', ...)` when\n * importing the public half of a keypair. The literal `{ name: 'Ed25519' }`\n * member covers Ed25519 imports; `{ name: 'X25519' }` covers X25519 imports.\n * Both take only a `name`; using literals rather than the base `Algorithm`\n * keeps the union closed to the algorithms this table supports.\n */\n readonly importPublicKey:\n | RsaHashedImportParams\n | EcKeyImportParams\n | { readonly name: 'Ed25519' }\n | { readonly name: 'X25519' };\n\n /**\n * Default key usages for the generated `CryptoKeyPair`. Both halves receive\n * the usages WebCrypto considers valid for their role; the platform filters.\n */\n readonly keyPairUsages: ReadonlyArray<KeyUsage>;\n\n /**\n * Key usages applied when re-importing only the public key.\n */\n readonly publicKeyUsages: ReadonlyArray<KeyUsage>;\n}\n\n/**\n * Lookup table from {@link CryptoUtils.KeyPairAlgorithm} to the WebCrypto\n * parameters needed to drive `crypto.subtle`. Shared between every\n * {@link CryptoUtils.ICryptoProvider} implementation since both Node and\n * browser providers speak the same WebCrypto API. Exposed for downstream\n * provider implementations (e.g. browser-side providers in `@fgv/ts-web-extras`).\n * @public\n */\nexport const keyPairAlgorithmParams: Readonly<Record<KeyPairAlgorithm, IKeyPairAlgorithmParams>> = {\n 'ecdsa-p256': {\n generateKey: { name: 'ECDSA', namedCurve: 'P-256' },\n importPublicKey: { name: 'ECDSA', namedCurve: 'P-256' },\n keyPairUsages: ['sign', 'verify'],\n publicKeyUsages: ['verify']\n },\n 'rsa-oaep-2048': {\n generateKey: {\n name: 'RSA-OAEP',\n modulusLength: 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n hash: 'SHA-256'\n },\n importPublicKey: { name: 'RSA-OAEP', hash: 'SHA-256' },\n keyPairUsages: ['encrypt', 'decrypt'],\n publicKeyUsages: ['encrypt']\n },\n 'ecdh-p256': {\n generateKey: { name: 'ECDH', namedCurve: 'P-256' },\n importPublicKey: { name: 'ECDH', namedCurve: 'P-256' },\n // WebCrypto filters per-role: the private key takes both derive usages,\n // and the public key gets [] since an ECDH public key alone cannot derive.\n keyPairUsages: ['deriveKey', 'deriveBits'],\n // Importing only the recipient's public key — empty usages because a\n // standalone ECDH public key has no derivation capability.\n publicKeyUsages: []\n },\n ed25519: {\n generateKey: { name: 'Ed25519' },\n importPublicKey: { name: 'Ed25519' },\n keyPairUsages: ['sign', 'verify'],\n publicKeyUsages: ['verify']\n },\n x25519: {\n generateKey: { name: 'X25519' },\n importPublicKey: { name: 'X25519' },\n // WebCrypto filters per-role: the private key takes both derive usages,\n // the public key gets [] since a standalone X25519 public key cannot derive.\n keyPairUsages: ['deriveKey', 'deriveBits'],\n publicKeyUsages: []\n }\n};\n"]}
@@ -1,21 +1,83 @@
1
- import { Converter } from '@fgv/ts-utils';
2
- import { IKeyStoreFile, IKeyStoreSecretEntryJson, IKeyStoreVaultContents, KeyStoreFormat, KeyStoreSecretType } from './model';
1
+ import { Converter, Validator } from '@fgv/ts-utils';
2
+ import { IKeyStoreAsymmetricEntryJson, IKeyStoreEntryJson, IKeyStoreFile, IKeyStoreSymmetricEntryJson, IKeyStoreVaultContents, KeyPairAlgorithm, KeyStoreAsymmetricSecretType, KeyStoreFormat, KeyStoreSecretType, KeyStoreSymmetricSecretType } from './model';
3
3
  /**
4
4
  * Converter for {@link CryptoUtils.KeyStore.KeyStoreFormat | key store format} version.
5
5
  * @public
6
6
  */
7
7
  export declare const keystoreFormat: Converter<KeyStoreFormat>;
8
8
  /**
9
- * Converter for {@link CryptoUtils.KeyStore.KeyStoreSecretType | key store secret type} discriminator.
9
+ * Converter for {@link CryptoUtils.KeyStore.KeyStoreSecretType | any key store secret type} discriminator.
10
+ * Accepts both symmetric and asymmetric type values.
10
11
  * @public
11
12
  */
12
13
  export declare const keystoreSecretType: Converter<KeyStoreSecretType>;
13
14
  /**
14
- * Converter for {@link CryptoUtils.KeyStore.IKeyStoreSecretEntryJson | key store secret entry} in JSON format.
15
- * The `type` field is optional for backwards compatibility — missing means `'encryption-key'`.
15
+ * Converter for {@link CryptoUtils.KeyStore.KeyStoreSymmetricSecretType | symmetric secret type} discriminator.
16
+ * Accepts only `'encryption-key'` and `'api-key'`.
16
17
  * @public
17
18
  */
18
- export declare const keystoreSecretEntryJson: Converter<IKeyStoreSecretEntryJson>;
19
+ export declare const keystoreSymmetricSecretType: Converter<KeyStoreSymmetricSecretType>;
20
+ /**
21
+ * Converter for {@link CryptoUtils.KeyStore.KeyStoreAsymmetricSecretType | asymmetric secret type} discriminator.
22
+ * Accepts only `'asymmetric-keypair'`.
23
+ * @public
24
+ */
25
+ export declare const keystoreAsymmetricSecretType: Converter<KeyStoreAsymmetricSecretType>;
26
+ /**
27
+ * Converter for {@link CryptoUtils.KeyStore.KeyPairAlgorithm | key pair algorithm}.
28
+ * @public
29
+ */
30
+ export declare const keyPairAlgorithm: Converter<KeyPairAlgorithm>;
31
+ /**
32
+ * In-place shape check for a JSON Web Key. Asserts only that the input is a
33
+ * non-array object whose `kty` discriminator is a string; every other JWK
34
+ * field passes through untouched. This is intentionally **not** a true JWK
35
+ * validator — per-algorithm correctness (RSA `n`/`e`, EC `crv`/`x`/`y`,
36
+ * key-size constraints, etc.) is delegated to `crypto.subtle.importKey` at
37
+ * first use, which is the authoritative checker. The "shape" suffix in the
38
+ * name is the warning sign for readers expecting full validation.
39
+ * @remarks
40
+ * Built with `Validators.object` (in-place, non-strict) so unknown JWK fields
41
+ * survive the round-trip; the cast to `FieldValidators<JsonWebKey>` is required
42
+ * only because TypeScript's mapped type demands an entry for every key in
43
+ * `JsonWebKey`. At runtime the `ObjectValidator` only inspects keys present in
44
+ * the field-validators map.
45
+ * @public
46
+ */
47
+ export declare const jsonWebKeyShape: Validator<JsonWebKey>;
48
+ /**
49
+ * Converter for {@link CryptoUtils.KeyStore.IKeyStoreSymmetricEntryJson | symmetric secret entry} in JSON form.
50
+ *
51
+ * @remarks
52
+ * Backwards compatibility with vaults written before asymmetric-keypair
53
+ * support: those entries may lack the `type` discriminator on the wire. To
54
+ * keep the model type honest (`type` is required on
55
+ * {@link CryptoUtils.KeyStore.IKeyStoreSymmetricEntryJson}, see its docs),
56
+ * we declare `type` in `optionalFields` so the inner `Converters.object` will
57
+ * accept input without it, then `.map()` injects the default
58
+ * `'encryption-key'` when missing. The output therefore always carries the
59
+ * discriminator and downstream code never sees the legacy missing-type form.
60
+ *
61
+ * @public
62
+ */
63
+ export declare const keystoreSymmetricEntryJson: Converter<IKeyStoreSymmetricEntryJson>;
64
+ /**
65
+ * Converter for {@link CryptoUtils.KeyStore.IKeyStoreAsymmetricEntryJson | asymmetric keypair entry} in JSON form.
66
+ * The `publicKeyJwk` field passes through {@link CryptoUtils.KeyStore.Converters.jsonWebKeyShape | jsonWebKeyShape}
67
+ * (shape check only — see its docs); cryptographic correctness is enforced by
68
+ * `crypto.subtle.importKey` at use.
69
+ * @public
70
+ */
71
+ export declare const keystoreAsymmetricEntryJson: Converter<IKeyStoreAsymmetricEntryJson>;
72
+ /**
73
+ * Discriminated-union converter for any {@link CryptoUtils.KeyStore.IKeyStoreEntryJson | key store entry} in JSON form.
74
+ * Routes by the `type` field: `'asymmetric-keypair'` is parsed by
75
+ * {@link CryptoUtils.KeyStore.Converters.keystoreAsymmetricEntryJson | keystoreAsymmetricEntryJson},
76
+ * anything else (including a missing `type` field for backwards compatibility) by
77
+ * {@link CryptoUtils.KeyStore.Converters.keystoreSymmetricEntryJson | keystoreSymmetricEntryJson}.
78
+ * @public
79
+ */
80
+ export declare const keystoreSecretEntryJson: Converter<IKeyStoreEntryJson>;
19
81
  /**
20
82
  * Converter for {@link CryptoUtils.KeyStore.IKeyStoreVaultContents | key store vault contents} (decrypted state).
21
83
  * @public
@@ -0,0 +1 @@
1
+ {"version":3,"file":"converters.d.ts","sourceRoot":"","sources":["../../../../src/packlets/crypto-utils/keystore/converters.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,SAAS,EAAmC,SAAS,EAAc,MAAM,eAAe,CAAC;AAElG,OAAO,EAIL,4BAA4B,EAC5B,kBAAkB,EAClB,aAAa,EACb,2BAA2B,EAC3B,sBAAsB,EAEtB,gBAAgB,EAChB,4BAA4B,EAC5B,cAAc,EACd,kBAAkB,EAClB,2BAA2B,EAE5B,MAAM,SAAS,CAAC;AAMjB;;;GAGG;AACH,eAAO,MAAM,cAAc,EAAE,SAAS,CAAC,cAAc,CAEnD,CAAC;AAMH;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,EAAE,SAAS,CAAC,kBAAkB,CACW,CAAC;AAEzE;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,EAAE,SAAS,CAAC,2BAA2B,CACW,CAAC;AAE3F;;;;GAIG;AACH,eAAO,MAAM,4BAA4B,EAAE,SAAS,CAAC,4BAA4B,CACW,CAAC;AAM7F;;;GAGG;AACH,eAAO,MAAM,gBAAgB,EAAE,SAAS,CAAC,gBAAgB,CACW,CAAC;AAMrE;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,eAAe,EAAE,SAAS,CAAC,UAAU,CAEE,CAAC;AAMrD;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,0BAA0B,EAAE,SAAS,CAAC,2BAA2B,CAmB3E,CAAC;AAMJ;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,EAAE,SAAS,CAAC,4BAA4B,CAS5E,CAAC;AAML;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,EAAE,SAAS,CAAC,kBAAkB,CAGhE,CAAC;AAMH;;;GAGG;AACH,eAAO,MAAM,qBAAqB,EAAE,SAAS,CAAC,sBAAsB,CAIhE,CAAC;AAML;;;GAGG;AACH,eAAO,MAAM,YAAY,EAAE,SAAS,CAAC,aAAa,CAOhD,CAAC"}
@@ -19,7 +19,7 @@
19
19
  // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20
20
  // SOFTWARE.
21
21
  Object.defineProperty(exports, "__esModule", { value: true });
22
- exports.keystoreFile = exports.keystoreVaultContents = exports.keystoreSecretEntryJson = exports.keystoreSecretType = exports.keystoreFormat = void 0;
22
+ exports.keystoreFile = exports.keystoreVaultContents = exports.keystoreSecretEntryJson = exports.keystoreAsymmetricEntryJson = exports.keystoreSymmetricEntryJson = exports.jsonWebKeyShape = exports.keyPairAlgorithm = exports.keystoreAsymmetricSecretType = exports.keystoreSymmetricSecretType = exports.keystoreSecretType = exports.keystoreFormat = void 0;
23
23
  const ts_utils_1 = require("@fgv/ts-utils");
24
24
  const converters_1 = require("../converters");
25
25
  const model_1 = require("./model");
@@ -34,31 +34,123 @@ exports.keystoreFormat = ts_utils_1.Converters.enumeratedValue([
34
34
  model_1.KEYSTORE_FORMAT
35
35
  ]);
36
36
  // ============================================================================
37
- // Secret Type Converter
37
+ // Secret Type Converters
38
38
  // ============================================================================
39
39
  /**
40
- * Converter for {@link CryptoUtils.KeyStore.KeyStoreSecretType | key store secret type} discriminator.
40
+ * Converter for {@link CryptoUtils.KeyStore.KeyStoreSecretType | any key store secret type} discriminator.
41
+ * Accepts both symmetric and asymmetric type values.
41
42
  * @public
42
43
  */
43
44
  exports.keystoreSecretType = ts_utils_1.Converters.enumeratedValue(model_1.allKeyStoreSecretTypes);
45
+ /**
46
+ * Converter for {@link CryptoUtils.KeyStore.KeyStoreSymmetricSecretType | symmetric secret type} discriminator.
47
+ * Accepts only `'encryption-key'` and `'api-key'`.
48
+ * @public
49
+ */
50
+ exports.keystoreSymmetricSecretType = ts_utils_1.Converters.enumeratedValue(model_1.allKeyStoreSymmetricSecretTypes);
51
+ /**
52
+ * Converter for {@link CryptoUtils.KeyStore.KeyStoreAsymmetricSecretType | asymmetric secret type} discriminator.
53
+ * Accepts only `'asymmetric-keypair'`.
54
+ * @public
55
+ */
56
+ exports.keystoreAsymmetricSecretType = ts_utils_1.Converters.enumeratedValue(model_1.allKeyStoreAsymmetricSecretTypes);
57
+ // ============================================================================
58
+ // Key Pair Algorithm Converter
59
+ // ============================================================================
60
+ /**
61
+ * Converter for {@link CryptoUtils.KeyStore.KeyPairAlgorithm | key pair algorithm}.
62
+ * @public
63
+ */
64
+ exports.keyPairAlgorithm = ts_utils_1.Converters.enumeratedValue(model_1.allKeyPairAlgorithms);
44
65
  // ============================================================================
45
- // Secret Entry Converters
66
+ // JWK Shape Validator
46
67
  // ============================================================================
47
68
  /**
48
- * Converter for {@link CryptoUtils.KeyStore.IKeyStoreSecretEntryJson | key store secret entry} in JSON format.
49
- * The `type` field is optional for backwards compatibility — missing means `'encryption-key'`.
69
+ * In-place shape check for a JSON Web Key. Asserts only that the input is a
70
+ * non-array object whose `kty` discriminator is a string; every other JWK
71
+ * field passes through untouched. This is intentionally **not** a true JWK
72
+ * validator — per-algorithm correctness (RSA `n`/`e`, EC `crv`/`x`/`y`,
73
+ * key-size constraints, etc.) is delegated to `crypto.subtle.importKey` at
74
+ * first use, which is the authoritative checker. The "shape" suffix in the
75
+ * name is the warning sign for readers expecting full validation.
76
+ * @remarks
77
+ * Built with `Validators.object` (in-place, non-strict) so unknown JWK fields
78
+ * survive the round-trip; the cast to `FieldValidators<JsonWebKey>` is required
79
+ * only because TypeScript's mapped type demands an entry for every key in
80
+ * `JsonWebKey`. At runtime the `ObjectValidator` only inspects keys present in
81
+ * the field-validators map.
50
82
  * @public
51
83
  */
52
- exports.keystoreSecretEntryJson = ts_utils_1.Converters.object({
84
+ exports.jsonWebKeyShape = ts_utils_1.Validators.object({
85
+ kty: ts_utils_1.Validators.string
86
+ });
87
+ // ============================================================================
88
+ // Symmetric Secret Entry Converter
89
+ // ============================================================================
90
+ /**
91
+ * Converter for {@link CryptoUtils.KeyStore.IKeyStoreSymmetricEntryJson | symmetric secret entry} in JSON form.
92
+ *
93
+ * @remarks
94
+ * Backwards compatibility with vaults written before asymmetric-keypair
95
+ * support: those entries may lack the `type` discriminator on the wire. To
96
+ * keep the model type honest (`type` is required on
97
+ * {@link CryptoUtils.KeyStore.IKeyStoreSymmetricEntryJson}, see its docs),
98
+ * we declare `type` in `optionalFields` so the inner `Converters.object` will
99
+ * accept input without it, then `.map()` injects the default
100
+ * `'encryption-key'` when missing. The output therefore always carries the
101
+ * discriminator and downstream code never sees the legacy missing-type form.
102
+ *
103
+ * @public
104
+ */
105
+ exports.keystoreSymmetricEntryJson = ts_utils_1.Converters.object({
53
106
  name: ts_utils_1.Converters.string,
54
- type: exports.keystoreSecretType,
107
+ type: exports.keystoreSymmetricSecretType,
55
108
  key: converters_1.base64String,
56
109
  description: ts_utils_1.Converters.string,
57
110
  createdAt: ts_utils_1.Converters.string
58
111
  }, {
112
+ // `type` is optional at the input layer for legacy-vault compatibility;
113
+ // the .map() below normalizes by injecting the default.
59
114
  optionalFields: ['type', 'description']
115
+ }).map((entry) => {
116
+ var _a;
117
+ return (0, ts_utils_1.succeed)(Object.assign(Object.assign({}, entry), { type: (_a = entry.type) !== null && _a !== void 0 ? _a : 'encryption-key' }));
60
118
  });
61
119
  // ============================================================================
120
+ // Asymmetric Keypair Entry Converter
121
+ // ============================================================================
122
+ /**
123
+ * Converter for {@link CryptoUtils.KeyStore.IKeyStoreAsymmetricEntryJson | asymmetric keypair entry} in JSON form.
124
+ * The `publicKeyJwk` field passes through {@link CryptoUtils.KeyStore.Converters.jsonWebKeyShape | jsonWebKeyShape}
125
+ * (shape check only — see its docs); cryptographic correctness is enforced by
126
+ * `crypto.subtle.importKey` at use.
127
+ * @public
128
+ */
129
+ exports.keystoreAsymmetricEntryJson = ts_utils_1.Converters.object({
130
+ name: ts_utils_1.Converters.string,
131
+ type: exports.keystoreAsymmetricSecretType,
132
+ id: ts_utils_1.Converters.string,
133
+ algorithm: exports.keyPairAlgorithm,
134
+ publicKeyJwk: exports.jsonWebKeyShape,
135
+ description: ts_utils_1.Converters.string.optional(),
136
+ createdAt: ts_utils_1.Converters.string
137
+ });
138
+ // ============================================================================
139
+ // Discriminated-Union Entry Converter
140
+ // ============================================================================
141
+ /**
142
+ * Discriminated-union converter for any {@link CryptoUtils.KeyStore.IKeyStoreEntryJson | key store entry} in JSON form.
143
+ * Routes by the `type` field: `'asymmetric-keypair'` is parsed by
144
+ * {@link CryptoUtils.KeyStore.Converters.keystoreAsymmetricEntryJson | keystoreAsymmetricEntryJson},
145
+ * anything else (including a missing `type` field for backwards compatibility) by
146
+ * {@link CryptoUtils.KeyStore.Converters.keystoreSymmetricEntryJson | keystoreSymmetricEntryJson}.
147
+ * @public
148
+ */
149
+ exports.keystoreSecretEntryJson = ts_utils_1.Converters.oneOf([
150
+ exports.keystoreAsymmetricEntryJson,
151
+ exports.keystoreSymmetricEntryJson
152
+ ]);
153
+ // ============================================================================
62
154
  // Vault Contents Converter
63
155
  // ============================================================================
64
156
  /**
@@ -82,6 +174,6 @@ exports.keystoreFile = ts_utils_1.Converters.object({
82
174
  iv: converters_1.base64String,
83
175
  authTag: converters_1.base64String,
84
176
  encryptedData: converters_1.base64String,
85
- keyDerivation: converters_1.keyDerivationParams
177
+ keyDerivation: converters_1.pbkdf2KeyDerivationParams
86
178
  });
87
179
  //# sourceMappingURL=converters.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"converters.js","sourceRoot":"","sources":["../../../../src/packlets/crypto-utils/keystore/converters.ts"],"names":[],"mappings":";AAAA,kCAAkC;AAClC,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,+EAA+E;AAC/E,4EAA4E;AAC5E,wEAAwE;AACxE,2DAA2D;AAC3D,EAAE;AACF,iFAAiF;AACjF,kDAAkD;AAClD,EAAE;AACF,6EAA6E;AAC7E,2EAA2E;AAC3E,8EAA8E;AAC9E,yEAAyE;AACzE,gFAAgF;AAChF,gFAAgF;AAChF,YAAY;;;AAEZ,4CAAkG;AAClG,8CAA6F;AAC7F,mCAgBiB;AAEjB,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E;;;GAGG;AACU,QAAA,cAAc,GAA8B,qBAAU,CAAC,eAAe,CAAiB;IAClG,uBAAe;CAChB,CAAC,CAAC;AAEH,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;;GAIG;AACU,QAAA,kBAAkB,GAC7B,qBAAU,CAAC,eAAe,CAAqB,8BAAsB,CAAC,CAAC;AAEzE;;;;GAIG;AACU,QAAA,2BAA2B,GACtC,qBAAU,CAAC,eAAe,CAA8B,uCAA+B,CAAC,CAAC;AAE3F;;;;GAIG;AACU,QAAA,4BAA4B,GACvC,qBAAU,CAAC,eAAe,CAA+B,wCAAgC,CAAC,CAAC;AAE7F,+EAA+E;AAC/E,+BAA+B;AAC/B,+EAA+E;AAE/E;;;GAGG;AACU,QAAA,gBAAgB,GAC3B,qBAAU,CAAC,eAAe,CAAmB,4BAAoB,CAAC,CAAC;AAErE,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E;;;;;;;;;;;;;;;GAeG;AACU,QAAA,eAAe,GAA0B,qBAAU,CAAC,MAAM,CAAa;IAClF,GAAG,EAAE,qBAAU,CAAC,MAAM;CAC2B,CAAC,CAAC;AAErD,+EAA+E;AAC/E,mCAAmC;AACnC,+EAA+E;AAE/E;;;;;;;;;;;;;;GAcG;AACU,QAAA,0BAA0B,GACrC,qBAAU,CAAC,MAAM,CACf;IACE,IAAI,EAAE,qBAAU,CAAC,MAAM;IACvB,IAAI,EAAE,mCAA2B;IACjC,GAAG,EAAE,yBAAY;IACjB,WAAW,EAAE,qBAAU,CAAC,MAAM;IAC9B,SAAS,EAAE,qBAAU,CAAC,MAAM;CAC7B,EACD;IACE,wEAAwE;IACxE,wDAAwD;IACxD,cAAc,EAAE,CAAC,MAAM,EAAE,aAAa,CAAC;CACxC,CACF,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;;IACd,OAAA,IAAA,kBAAO,kCACF,KAAK,KACR,IAAI,EAAE,MAAA,KAAK,CAAC,IAAI,mCAAI,gBAAgB,IACpC,CAAA;CAAA,CACH,CAAC;AAEJ,+EAA+E;AAC/E,qCAAqC;AACrC,+EAA+E;AAE/E;;;;;;GAMG;AACU,QAAA,2BAA2B,GACtC,qBAAU,CAAC,MAAM,CAA+B;IAC9C,IAAI,EAAE,qBAAU,CAAC,MAAM;IACvB,IAAI,EAAE,oCAA4B;IAClC,EAAE,EAAE,qBAAU,CAAC,MAAM;IACrB,SAAS,EAAE,wBAAgB;IAC3B,YAAY,EAAE,uBAAe;IAC7B,WAAW,EAAE,qBAAU,CAAC,MAAM,CAAC,QAAQ,EAAE;IACzC,SAAS,EAAE,qBAAU,CAAC,MAAM;CAC7B,CAAC,CAAC;AAEL,+EAA+E;AAC/E,sCAAsC;AACtC,+EAA+E;AAE/E;;;;;;;GAOG;AACU,QAAA,uBAAuB,GAAkC,qBAAU,CAAC,KAAK,CAAqB;IACzG,mCAA2B;IAC3B,kCAA0B;CAC3B,CAAC,CAAC;AAEH,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E;;;GAGG;AACU,QAAA,qBAAqB,GAChC,qBAAU,CAAC,MAAM,CAAyB;IACxC,OAAO,EAAE,sBAAc;IACvB,OAAO,EAAE,qBAAU,CAAC,QAAQ,CAAC,+BAAuB,CAAC;CACtD,CAAC,CAAC;AAEL,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E;;;GAGG;AACU,QAAA,YAAY,GAA6B,qBAAU,CAAC,MAAM,CAAgB;IACrF,MAAM,EAAE,sBAAc;IACtB,SAAS,EAAE,gCAAmB;IAC9B,EAAE,EAAE,yBAAY;IAChB,OAAO,EAAE,yBAAY;IACrB,aAAa,EAAE,yBAAY;IAC3B,aAAa,EAAE,sCAAyB;CACzC,CAAC,CAAC","sourcesContent":["// Copyright (c) 2026 Erik Fortune\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal\n// in the Software without restriction, including without limitation the rights\n// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n// copies of the Software, and to permit persons to whom the Software is\n// furnished to do so, subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all\n// copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n// SOFTWARE.\n\nimport { Converter, Converters, succeed, Validation, Validator, Validators } from '@fgv/ts-utils';\nimport { base64String, encryptionAlgorithm, pbkdf2KeyDerivationParams } from '../converters';\nimport {\n allKeyPairAlgorithms,\n allKeyStoreSecretTypes,\n allKeyStoreSymmetricSecretTypes,\n IKeyStoreAsymmetricEntryJson,\n IKeyStoreEntryJson,\n IKeyStoreFile,\n IKeyStoreSymmetricEntryJson,\n IKeyStoreVaultContents,\n KEYSTORE_FORMAT,\n KeyPairAlgorithm,\n KeyStoreAsymmetricSecretType,\n KeyStoreFormat,\n KeyStoreSecretType,\n KeyStoreSymmetricSecretType,\n allKeyStoreAsymmetricSecretTypes\n} from './model';\n\n// ============================================================================\n// Key Store Format Converter\n// ============================================================================\n\n/**\n * Converter for {@link CryptoUtils.KeyStore.KeyStoreFormat | key store format} version.\n * @public\n */\nexport const keystoreFormat: Converter<KeyStoreFormat> = Converters.enumeratedValue<KeyStoreFormat>([\n KEYSTORE_FORMAT\n]);\n\n// ============================================================================\n// Secret Type Converters\n// ============================================================================\n\n/**\n * Converter for {@link CryptoUtils.KeyStore.KeyStoreSecretType | any key store secret type} discriminator.\n * Accepts both symmetric and asymmetric type values.\n * @public\n */\nexport const keystoreSecretType: Converter<KeyStoreSecretType> =\n Converters.enumeratedValue<KeyStoreSecretType>(allKeyStoreSecretTypes);\n\n/**\n * Converter for {@link CryptoUtils.KeyStore.KeyStoreSymmetricSecretType | symmetric secret type} discriminator.\n * Accepts only `'encryption-key'` and `'api-key'`.\n * @public\n */\nexport const keystoreSymmetricSecretType: Converter<KeyStoreSymmetricSecretType> =\n Converters.enumeratedValue<KeyStoreSymmetricSecretType>(allKeyStoreSymmetricSecretTypes);\n\n/**\n * Converter for {@link CryptoUtils.KeyStore.KeyStoreAsymmetricSecretType | asymmetric secret type} discriminator.\n * Accepts only `'asymmetric-keypair'`.\n * @public\n */\nexport const keystoreAsymmetricSecretType: Converter<KeyStoreAsymmetricSecretType> =\n Converters.enumeratedValue<KeyStoreAsymmetricSecretType>(allKeyStoreAsymmetricSecretTypes);\n\n// ============================================================================\n// Key Pair Algorithm Converter\n// ============================================================================\n\n/**\n * Converter for {@link CryptoUtils.KeyStore.KeyPairAlgorithm | key pair algorithm}.\n * @public\n */\nexport const keyPairAlgorithm: Converter<KeyPairAlgorithm> =\n Converters.enumeratedValue<KeyPairAlgorithm>(allKeyPairAlgorithms);\n\n// ============================================================================\n// JWK Shape Validator\n// ============================================================================\n\n/**\n * In-place shape check for a JSON Web Key. Asserts only that the input is a\n * non-array object whose `kty` discriminator is a string; every other JWK\n * field passes through untouched. This is intentionally **not** a true JWK\n * validator — per-algorithm correctness (RSA `n`/`e`, EC `crv`/`x`/`y`,\n * key-size constraints, etc.) is delegated to `crypto.subtle.importKey` at\n * first use, which is the authoritative checker. The \"shape\" suffix in the\n * name is the warning sign for readers expecting full validation.\n * @remarks\n * Built with `Validators.object` (in-place, non-strict) so unknown JWK fields\n * survive the round-trip; the cast to `FieldValidators<JsonWebKey>` is required\n * only because TypeScript's mapped type demands an entry for every key in\n * `JsonWebKey`. At runtime the `ObjectValidator` only inspects keys present in\n * the field-validators map.\n * @public\n */\nexport const jsonWebKeyShape: Validator<JsonWebKey> = Validators.object<JsonWebKey>({\n kty: Validators.string\n} as Validation.Classes.FieldValidators<JsonWebKey>);\n\n// ============================================================================\n// Symmetric Secret Entry Converter\n// ============================================================================\n\n/**\n * Converter for {@link CryptoUtils.KeyStore.IKeyStoreSymmetricEntryJson | symmetric secret entry} in JSON form.\n *\n * @remarks\n * Backwards compatibility with vaults written before asymmetric-keypair\n * support: those entries may lack the `type` discriminator on the wire. To\n * keep the model type honest (`type` is required on\n * {@link CryptoUtils.KeyStore.IKeyStoreSymmetricEntryJson}, see its docs),\n * we declare `type` in `optionalFields` so the inner `Converters.object` will\n * accept input without it, then `.map()` injects the default\n * `'encryption-key'` when missing. The output therefore always carries the\n * discriminator and downstream code never sees the legacy missing-type form.\n *\n * @public\n */\nexport const keystoreSymmetricEntryJson: Converter<IKeyStoreSymmetricEntryJson> =\n Converters.object<IKeyStoreSymmetricEntryJson>(\n {\n name: Converters.string,\n type: keystoreSymmetricSecretType,\n key: base64String,\n description: Converters.string,\n createdAt: Converters.string\n },\n {\n // `type` is optional at the input layer for legacy-vault compatibility;\n // the .map() below normalizes by injecting the default.\n optionalFields: ['type', 'description']\n }\n ).map((entry) =>\n succeed<IKeyStoreSymmetricEntryJson>({\n ...entry,\n type: entry.type ?? 'encryption-key'\n })\n );\n\n// ============================================================================\n// Asymmetric Keypair Entry Converter\n// ============================================================================\n\n/**\n * Converter for {@link CryptoUtils.KeyStore.IKeyStoreAsymmetricEntryJson | asymmetric keypair entry} in JSON form.\n * The `publicKeyJwk` field passes through {@link CryptoUtils.KeyStore.Converters.jsonWebKeyShape | jsonWebKeyShape}\n * (shape check only — see its docs); cryptographic correctness is enforced by\n * `crypto.subtle.importKey` at use.\n * @public\n */\nexport const keystoreAsymmetricEntryJson: Converter<IKeyStoreAsymmetricEntryJson> =\n Converters.object<IKeyStoreAsymmetricEntryJson>({\n name: Converters.string,\n type: keystoreAsymmetricSecretType,\n id: Converters.string,\n algorithm: keyPairAlgorithm,\n publicKeyJwk: jsonWebKeyShape,\n description: Converters.string.optional(),\n createdAt: Converters.string\n });\n\n// ============================================================================\n// Discriminated-Union Entry Converter\n// ============================================================================\n\n/**\n * Discriminated-union converter for any {@link CryptoUtils.KeyStore.IKeyStoreEntryJson | key store entry} in JSON form.\n * Routes by the `type` field: `'asymmetric-keypair'` is parsed by\n * {@link CryptoUtils.KeyStore.Converters.keystoreAsymmetricEntryJson | keystoreAsymmetricEntryJson},\n * anything else (including a missing `type` field for backwards compatibility) by\n * {@link CryptoUtils.KeyStore.Converters.keystoreSymmetricEntryJson | keystoreSymmetricEntryJson}.\n * @public\n */\nexport const keystoreSecretEntryJson: Converter<IKeyStoreEntryJson> = Converters.oneOf<IKeyStoreEntryJson>([\n keystoreAsymmetricEntryJson,\n keystoreSymmetricEntryJson\n]);\n\n// ============================================================================\n// Vault Contents Converter\n// ============================================================================\n\n/**\n * Converter for {@link CryptoUtils.KeyStore.IKeyStoreVaultContents | key store vault contents} (decrypted state).\n * @public\n */\nexport const keystoreVaultContents: Converter<IKeyStoreVaultContents> =\n Converters.object<IKeyStoreVaultContents>({\n version: keystoreFormat,\n secrets: Converters.recordOf(keystoreSecretEntryJson)\n });\n\n// ============================================================================\n// Key Store File Converter\n// ============================================================================\n\n/**\n * Converter for {@link CryptoUtils.KeyStore.IKeyStoreFile | encrypted key store file}.\n * @public\n */\nexport const keystoreFile: Converter<IKeyStoreFile> = Converters.object<IKeyStoreFile>({\n format: keystoreFormat,\n algorithm: encryptionAlgorithm,\n iv: base64String,\n authTag: base64String,\n encryptedData: base64String,\n keyDerivation: pbkdf2KeyDerivationParams\n});\n"]}
@@ -0,0 +1,148 @@
1
+ import { Result } from '@fgv/ts-utils';
2
+ import { FileTree } from '@fgv/ts-json-base';
3
+ import { ICryptoProvider } from '../model';
4
+ import { IPrivateKeyStorage } from './privateKeyStorage';
5
+ /**
6
+ * Parameters for {@link CryptoUtils.KeyStore.EncryptedFilePrivateKeyStorage.create}.
7
+ * @public
8
+ */
9
+ export interface IEncryptedFilePrivateKeyStorageCreateParams {
10
+ /**
11
+ * Filesystem path to the directory that holds the encrypted private-key
12
+ * files. Used only when {@link CryptoUtils.KeyStore.IEncryptedFilePrivateKeyStorageCreateParams.tree}
13
+ * is omitted (the default `FsTree` backing). The directory must already
14
+ * exist.
15
+ */
16
+ readonly directory: string;
17
+ /**
18
+ * Raw AES-256-GCM key (32 bytes) used to encrypt each file's JWK content.
19
+ * Consumer-supplied and decoupled from the keystore's password lifecycle —
20
+ * derive it however the application sees fit (typically the same
21
+ * password-derived key material the keystore vault uses).
22
+ */
23
+ readonly encryptionKey: Uint8Array;
24
+ /**
25
+ * {@link CryptoUtils.ICryptoProvider | Crypto provider} used for the
26
+ * AES-256-GCM encrypt/decrypt of each file's contents.
27
+ */
28
+ readonly cryptoProvider: ICryptoProvider;
29
+ /**
30
+ * Optional {@link FileTree.IFileTreeDirectoryItem | FileTree directory}
31
+ * override. When supplied it is used as the storage directory directly and
32
+ * {@link CryptoUtils.KeyStore.IEncryptedFilePrivateKeyStorageCreateParams.directory} is ignored —
33
+ * pass an in-memory tree for tests, or another Node-compatible backend. When
34
+ * omitted, a mutable `FsTree` rooted at `directory` is used. (This backend is
35
+ * Node-only — it round-trips keys through `node:crypto` — so a browser file
36
+ * tree is not a supported target.)
37
+ */
38
+ readonly tree?: FileTree.IFileTreeDirectoryItem;
39
+ }
40
+ /**
41
+ * {@link CryptoUtils.KeyStore.IPrivateKeyStorage | IPrivateKeyStorage}
42
+ * implementation that persists each private key as its own AES-256-GCM-encrypted
43
+ * file in a directory. The file content is the key's JWK, encrypted with a
44
+ * consumer-supplied 32-byte key via the supplied
45
+ * {@link CryptoUtils.ICryptoProvider | crypto provider}.
46
+ *
47
+ * `supportsNonExtractable` is `false`: persisting to disk requires exporting the
48
+ * private key to JWK, which only works for `extractable: true` keys. The
49
+ * keystore generates extractable keys when a backend reports `false` here.
50
+ *
51
+ * I/O goes through the {@link FileTree.FileTree | FileTree} abstraction (default
52
+ * `FsTree`), so the same implementation works against an in-memory tree (tests)
53
+ * or any other Node-compatible backend.
54
+ *
55
+ * This backend is **Node-only**: it round-trips private keys through
56
+ * `node:crypto` (`crypto.webcrypto.subtle`), so it is intentionally excluded
57
+ * from the browser entry point. Browser consumers should use
58
+ * `IdbPrivateKeyStorage` from `@fgv/ts-web-extras` instead.
59
+ *
60
+ * Single-process assumption: there is no inter-process locking. Concurrent
61
+ * writers to the same directory may race.
62
+ *
63
+ * @public
64
+ */
65
+ export declare class EncryptedFilePrivateKeyStorage implements IPrivateKeyStorage {
66
+ /**
67
+ * `false` — disk persistence round-trips via JWK, which requires extractable
68
+ * keys.
69
+ */
70
+ readonly supportsNonExtractable: false;
71
+ private readonly _directory;
72
+ private readonly _encryptionKey;
73
+ private readonly _cryptoProvider;
74
+ private constructor();
75
+ /**
76
+ * Creates a new {@link CryptoUtils.KeyStore.EncryptedFilePrivateKeyStorage}.
77
+ * @param params - {@link CryptoUtils.KeyStore.IEncryptedFilePrivateKeyStorageCreateParams}.
78
+ * @returns `Success` with the new instance, or `Failure` if the encryption
79
+ * key is the wrong size or the storage directory cannot be opened.
80
+ */
81
+ static create(params: IEncryptedFilePrivateKeyStorageCreateParams): Result<EncryptedFilePrivateKeyStorage>;
82
+ /**
83
+ * Stores `key` under `id` as an encrypted JWK file.
84
+ * @param id - Storage handle. Must be a safe filename token
85
+ * (`[A-Za-z0-9._-]+`, not `.`/`..`).
86
+ * @param key - The extractable private `CryptoKey` to persist.
87
+ */
88
+ store(id: string, key: CryptoKey): Promise<Result<string>>;
89
+ /**
90
+ * Loads the private key stored under `id`, decrypting and re-importing it from
91
+ * JWK.
92
+ * @param id - Storage handle.
93
+ */
94
+ load(id: string): Promise<Result<CryptoKey>>;
95
+ /**
96
+ * Deletes the entry stored under `id`. Missing ids fail (the read path is
97
+ * keystore-driven and never asks to delete an id it did not store).
98
+ * @param id - Storage handle.
99
+ */
100
+ delete(id: string): Promise<Result<string>>;
101
+ /**
102
+ * Lists every stored id.
103
+ */
104
+ list(): Promise<Result<readonly string[]>>;
105
+ private _fileNameFor;
106
+ /**
107
+ * Validates the synchronous preconditions for a store: the id is filename-safe,
108
+ * the key is actually a private key, and its algorithm is one we support.
109
+ * Returns the resolved filename and algorithm so the async pipeline can run
110
+ * without re-deriving them.
111
+ */
112
+ private _validateKeyToStore;
113
+ /**
114
+ * Exports `key` to JWK, wraps it in the stored envelope, encrypts it with
115
+ * AES-256-GCM, and writes the resulting file as serialized JSON to `fileName`.
116
+ * Returns the stored `id` on success.
117
+ */
118
+ private _encryptAndWrite;
119
+ private _algorithmOf;
120
+ private _findFile;
121
+ private _writeFile;
122
+ /**
123
+ * Reads `file`, decrypts the AES-256-GCM envelope, and validates it into the
124
+ * typed `IStoredPrivateKeyEnvelope`. Read, decrypt, and shape failures
125
+ * all surface as a decrypt failure for `id`.
126
+ */
127
+ private _decryptEnvelope;
128
+ /**
129
+ * Parses and shape-validates the stored JWK, then re-imports it as a private
130
+ * `CryptoKey` for the envelope's algorithm. The WebCrypto JWK-import algorithm
131
+ * descriptor is shared between public and private keys for every supported
132
+ * algorithm, so `IKeyPairAlgorithmParams.importPublicKey` is reused here;
133
+ * the public/private distinction is carried by the requested `usages`.
134
+ */
135
+ private _importPrivateKey;
136
+ /**
137
+ * Computes the key usages to request when re-importing a stored private key.
138
+ * WebCrypto rejects `importKey` if the requested usages include operations
139
+ * absent from the JWK's `key_ops`, so a key originally created with a narrower
140
+ * usage set than the algorithm default (e.g. an ECDH key with only
141
+ * `deriveBits`) would fail to load against the algorithm-wide defaults.
142
+ * Intersect the algorithm's private usages with the JWK's recorded `key_ops`
143
+ * so we request exactly the operations the stored key actually supports;
144
+ * fall back to the algorithm's private usages when `key_ops` is absent.
145
+ */
146
+ private _importUsagesFor;
147
+ }
148
+ //# sourceMappingURL=encryptedFilePrivateKeyStorage.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"encryptedFilePrivateKeyStorage.d.ts","sourceRoot":"","sources":["../../../../src/packlets/crypto-utils/keystore/encryptedFilePrivateKeyStorage.ts"],"names":[],"mappings":"AAqBA,OAAO,EAML,MAAM,EAEP,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,QAAQ,EAAc,MAAM,mBAAmB,CAAC;AAGzD,OAAO,EAAE,eAAe,EAAoB,MAAM,UAAU,CAAC;AAG7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAEzD;;;GAGG;AACH,MAAM,WAAW,2CAA2C;IAC1D;;;;;OAKG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B;;;;;OAKG;IACH,QAAQ,CAAC,aAAa,EAAE,UAAU,CAAC;IAEnC;;;OAGG;IACH,QAAQ,CAAC,cAAc,EAAE,eAAe,CAAC;IAEzC;;;;;;;;OAQG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,sBAAsB,CAAC;CACjD;AA8BD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,8BAA+B,YAAW,kBAAkB;IACvE;;;OAGG;IACH,SAAgB,sBAAsB,EAAE,KAAK,CAAS;IAEtD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAkC;IAC7D,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAa;IAC5C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAElD,OAAO;IAYP;;;;;OAKG;WACW,MAAM,CAClB,MAAM,EAAE,2CAA2C,GAClD,MAAM,CAAC,8BAA8B,CAAC;IAgBzC;;;;;OAKG;IACU,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAMvE;;;;OAIG;IACU,IAAI,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAUzD;;;;OAIG;IACU,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAsBxD;;OAEG;IACU,IAAI,IAAI,OAAO,CAAC,MAAM,CAAC,SAAS,MAAM,EAAE,CAAC,CAAC;IAWvD,OAAO,CAAC,YAAY;IAOpB;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAc3B;;;;OAIG;YACW,gBAAgB;IAuB9B,OAAO,CAAC,YAAY;IA6BpB,OAAO,CAAC,SAAS;IAOjB,OAAO,CAAC,UAAU;IAiBlB;;;;OAIG;YACW,gBAAgB;IAW9B;;;;;;OAMG;YACW,iBAAiB;IAsB/B;;;;;;;;;OASG;IACH,OAAO,CAAC,gBAAgB;CAQzB"}