@kya-os/mcp-i-core 1.1.13-canary.2 → 1.2.1-canary.0

package/dist/services/access-control.service.js

@@ -0,0 +1,458 @@
+"use strict";
+/**
+ * Access Control API Service
+ *
+ * Brand-neutral service for interacting with access-control APIs
+ * (currently AgentShield/bouncer, but designed to be provider-agnostic).
+ *
+ * This service provides:
+ * - Delegation verification
+ * - Configuration fetching
+ * - Proof submission
+ *
+ * @package @kya-os/mcp-i-core
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessControlApiService = void 0;
+const agentshield_api_1 = require("@kya-os/contracts/agentshield-api");
+const agentshield_api_2 = require("@kya-os/contracts/agentshield-api");
+/**
+ * Generate correlation ID for request tracking
+ */
+function generateCorrelationId() {
+    // Use crypto.randomUUID() if available (Node.js 14.17+, Cloudflare Workers)
+    if (typeof crypto !== "undefined" && crypto.randomUUID) {
+        return crypto.randomUUID();
+    }
+    // Fallback for older environments
+    return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+}
+/**
+ * Access Control API Service
+ *
+ * Handles all interactions with the access-control API (AgentShield/bouncer).
+ * Designed to be brand-neutral and work with any access-control provider.
+ */
+class AccessControlApiService {
+    config;
+    metrics;
+    constructor(config) {
+        const retryConfig = config.retryConfig || {};
+        this.config = {
+            retryConfig: {
+                maxRetries: retryConfig.maxRetries ?? 3,
+                initialDelayMs: retryConfig.initialDelayMs ?? 100,
+                maxDelayMs: retryConfig.maxDelayMs ?? 5000,
+            },
+            logger: config.logger || (() => { }),
+            baseUrl: config.baseUrl,
+            apiKey: config.apiKey,
+            fetchProvider: config.fetchProvider,
+            sleepProvider: config.sleepProvider ||
+                ((ms) => new Promise((resolve) => setTimeout(resolve, ms))),
+        };
+        this.metrics = {
+            successCount: 0,
+            errorCount: 0,
+            retryCount: 0,
+        };
+    }
+    /**
+     * Fetch tool protection configuration for an agent
+     *
+     * GET /api/v1/bouncer/config?agent_did={agentDid}
+     */
+    async fetchConfig(options) {
+        return this.retryWithBackoff(async () => {
+            const correlationId = generateCorrelationId();
+            const url = `${this.config.baseUrl}/api/v1/bouncer/config?agent_did=${encodeURIComponent(options.agentDid)}`;
+            this.config.logger(`[AccessControl] Fetching config for agent: ${options.agentDid}`, {
+                correlationId,
+                url,
+            });
+            const response = await this.config.fetchProvider.fetch(url, {
+                method: "GET",
+                headers: {
+                    Authorization: `Bearer ${this.config.apiKey}`,
+                    "Content-Type": "application/json",
+                    "X-Request-ID": correlationId,
+                },
+            });
+            const responseText = await response.text();
+            const responseData = this.parseResponseJSON(response, responseText);
+            // Handle error responses
+            if (!response.ok) {
+                this.handleErrorResponse(response, responseData);
+            }
+            // Validate and parse success response
+            const parsed = agentshield_api_1.toolProtectionConfigAPIResponseSchema.safeParse(responseData);
+            if (!parsed.success) {
+                throw new agentshield_api_2.AgentShieldAPIError("invalid_response", "Response validation failed", { zodErrors: parsed.error.errors });
+            }
+            this.config.logger(`[AccessControl] Config fetched successfully`, {
+                correlationId,
+                agentDid: options.agentDid,
+            });
+            return parsed.data;
+        });
+    }
+    /**
+     * Verify a delegation token
+     *
+     * POST /api/v1/bouncer/delegations/verify
+     */
+    async verifyDelegation(request, context) {
+        return this.retryWithBackoff(async () => {
+            const correlationId = generateCorrelationId();
+            const url = `${this.config.baseUrl}/api/v1/bouncer/delegations/verify`;
+            // Build request body dynamically to handle optional fields
+            const requestBody = {
+                agent_did: request.agent_did,
+            };
+            // Add optional fields only if they exist
+            if (request.scopes !== undefined) {
+                requestBody.scopes = request.scopes;
+            }
+            // Handle credential_jwt: prefer request, fallback to context
+            if (request.credential_jwt !== undefined) {
+                requestBody.credential_jwt = request.credential_jwt;
+            }
+            else if (context?.credentialJwt) {
+                requestBody.credential_jwt = context.credentialJwt;
+            }
+            // Handle delegation_token: prefer request, fallback to context  
+            if (request.delegation_token !== undefined) {
+                requestBody.delegation_token = request.delegation_token;
+            }
+            else if (context?.delegationToken) {
+                requestBody.delegation_token = context.delegationToken;
+            }
+            if (request.timestamp !== undefined) {
+                requestBody.timestamp = request.timestamp;
+            }
+            if (request.client_info) {
+                requestBody.client_info = request.client_info;
+            }
+            // Remove undefined values to ensure Zod validation passes (optional fields should be omitted, not undefined)
+            const cleanedRequestBody = Object.fromEntries(Object.entries(requestBody).filter(([_, value]) => value !== undefined));
+            // Validate the cleaned request body
+            // Note: Workaround for Zod schema issue where .optional() doesn't properly handle omitted fields
+            // See AGENTSHIELD_MCPI_COMPLIANCE_REVIEW.md for details
+            const validationResult = agentshield_api_1.verifyDelegationRequestSchema.safeParse(cleanedRequestBody);
+            if (!validationResult.success) {
+                // Check if the error is specifically about scopes being required when it's omitted
+                const scopesError = validationResult.error.errors.find((e) => e.path.includes('scopes') && e.message === 'Required');
+                if (scopesError && !('scopes' in cleanedRequestBody)) {
+                    // This is a known Zod schema issue in AgentShield - scopes is optional but Zod treats it as required
+                    // Skip validation for this case since the field is correctly omitted
+                    // TODO: Remove this workaround once AgentShield fixes their schema
+                }
+                else {
+                    this.config.logger(`[AccessControl] Validation failed:`, {
+                        errors: validationResult.error.errors,
+                        requestBody: requestBody,
+                    });
+                    throw new agentshield_api_2.AgentShieldAPIError("validation_error", "Request validation failed", { zodErrors: validationResult.error.errors });
+                }
+            }
+            this.config.logger(`[AccessControl] Verifying delegation for agent: ${request.agent_did}`, {
+                correlationId,
+                url,
+                hasScopes: (request.scopes?.length || 0) > 0,
+            });
+            const response = await this.config.fetchProvider.fetch(url, {
+                method: "POST",
+                headers: {
+                    Authorization: `Bearer ${this.config.apiKey}`,
+                    "Content-Type": "application/json",
+                    "X-Request-ID": correlationId,
+                },
+                // Use cleanedRequestBody directly instead of validated data
+                // because Zod seems to strip optional fields in some cases
+                body: JSON.stringify(cleanedRequestBody),
+            });
+            const responseText = await response.text();
+            const responseData = this.parseResponseJSON(response, responseText);
+            // Handle error responses
+            if (!response.ok) {
+                this.handleErrorResponse(response, responseData);
+            }
+            // Validate and parse success response
+            const parsed = agentshield_api_1.verifyDelegationAPIResponseSchema.safeParse(responseData);
+            if (!parsed.success) {
+                throw new agentshield_api_2.AgentShieldAPIError("invalid_response", "Response validation failed", { zodErrors: parsed.error.errors });
+            }
+            this.config.logger(`[AccessControl] Delegation verified`, {
+                correlationId,
+                agentDid: request.agent_did,
+                valid: parsed.data.data.valid,
+            });
+            return parsed.data;
+        });
+    }
+    /**
+     * Submit proofs for audit and verification
+     *
+     * POST /api/v1/bouncer/proofs
+     */
+    async submitProofs(request) {
+        return this.retryWithBackoff(async () => {
+            // Validate request directly - Zod's .nullish() should handle null/undefined correctly
+            const validationResult = agentshield_api_1.proofSubmissionRequestSchema.safeParse(request);
+            if (!validationResult.success) {
+                // Log validation errors for debugging
+                const errorDetails = JSON.stringify(validationResult.error.errors, null, 2);
+                this.config.logger(`[AccessControl] Proof submission validation failed:`, {
+                    errors: validationResult.error.errors,
+                    request: JSON.stringify(request, null, 2),
+                });
+                throw new agentshield_api_2.AgentShieldAPIError("validation_error", `Request validation failed: ${errorDetails}`, { zodErrors: validationResult.error.errors });
+            }
+            // Use validated request for the API call
+            const validatedRequest = validationResult.data;
+            const correlationId = generateCorrelationId();
+            const url = `${this.config.baseUrl}/api/v1/bouncer/proofs`;
+            this.config.logger(`[AccessControl] Submitting ${request.proofs.length} proof(s)`, {
+                correlationId,
+                url,
+                sessionId: request.session_id,
+                delegationId: request.delegation_id,
+            });
+            const httpResponse = await this.config.fetchProvider.fetch(url, {
+                method: "POST",
+                headers: {
+                    Authorization: `Bearer ${this.config.apiKey}`,
+                    "Content-Type": "application/json",
+                    "X-Request-ID": correlationId,
+                },
+                body: JSON.stringify(validatedRequest),
+            });
+            const responseText = await httpResponse.text();
+            const responseData = this.parseResponseJSON(httpResponse, responseText);
+            // Handle error responses
+            if (!httpResponse.ok) {
+                const errorData = responseData;
+                if (errorData.error) {
+                    const errorCode = errorData.error.code || "api_error";
+                    // Special handling for all_proofs_rejected - return response instead of throwing
+                    if (errorCode === "all_proofs_rejected" &&
+                        httpResponse.status === 400) {
+                        // Parse the error details to extract accepted/rejected counts
+                        const errorDetails = errorData.error.details;
+                        // Create response matching ProofSubmissionResponse interface
+                        // Validate structure with Zod to ensure type safety
+                        const errorResponseData = {
+                            success: false, // ProofSubmissionResponse has a success field
+                            accepted: 0,
+                            rejected: errorDetails?.rejected || request.proofs.length,
+                            outcomes: {
+                                success: 0,
+                                failed: 0,
+                                blocked: 0,
+                                error: errorDetails?.rejected || request.proofs.length,
+                            },
+                            errors: errorDetails?.errors,
+                        };
+                        // Validate with Zod schema to ensure type safety
+                        const validated = agentshield_api_1.proofSubmissionResponseSchema.safeParse(errorResponseData);
+                        if (validated.success) {
+                            return validated.data;
+                        }
+                        // If validation fails, log and throw error
+                        throw new agentshield_api_2.AgentShieldAPIError("invalid_response", "Error response validation failed", { zodErrors: validated.error.errors });
+                    }
+                    // Ensure error details include status code for retry detection
+                    const errorDetails = {
+                        ...(errorData.error.details || {}),
+                        status: httpResponse.status,
+                    };
+                    throw new agentshield_api_2.AgentShieldAPIError(errorCode, errorData.error.message || `API error: ${httpResponse.status}`, errorDetails);
+                }
+                // Map status codes to error codes
+                let errorCode = "api_error";
+                if (httpResponse.status === 400) {
+                    errorCode = "validation_error";
+                }
+                else if (httpResponse.status === 404) {
+                    errorCode = httpResponse.statusText.includes("delegation")
+                        ? "delegation_not_found"
+                        : "session_not_found";
+                }
+                throw new agentshield_api_2.AgentShieldAPIError(errorCode, `API request failed: ${httpResponse.status} ${httpResponse.statusText}`, { status: httpResponse.status, responseData });
+            }
+            // Try to handle wrapped response format first
+            const wrappedResponse = responseData;
+            if (wrappedResponse.success !== undefined && wrappedResponse.data) {
+                // Response is wrapped in { success, data }
+                const dataParsed = agentshield_api_1.proofSubmissionResponseSchema.safeParse(wrappedResponse.data);
+                if (dataParsed.success) {
+                    // const response = dataP sponse;
+                    this.config.logger(`[AccessControl] Proofs submitted successfully`, {
+                        correlationId,
+                        accepted: dataParsed.data.accepted,
+                        rejected: dataParsed.data.rejected,
+                    });
+                    return dataParsed.data;
+                }
+            }
+            // Try parsing as direct ProofSubmissionResponse
+            const parsed = agentshield_api_1.proofSubmissionResponseSchema.safeParse(responseData);
+            if (!parsed.success) {
+                throw new agentshield_api_2.AgentShieldAPIError("invalid_response", "Response validation failed", { zodErrors: parsed.error.errors, responseData });
+            }
+            this.config.logger(`[AccessControl] Proofs submitted successfully`, {
+                correlationId,
+                accepted: parsed.data.accepted,
+                rejected: parsed.data.rejected,
+            });
+            return parsed.data;
+        });
+    }
+    /**
+     * Get current metrics
+     */
+    getMetrics() {
+        return { ...this.metrics };
+    }
+    /**
+     * Reset metrics
+     */
+    resetMetrics() {
+        this.metrics = {
+            successCount: 0,
+            errorCount: 0,
+            retryCount: 0,
+        };
+    }
+    /**
+     * Retry logic with exponential backoff
+     *
+     * @internal
+     */
+    async retryWithBackoff(operation, retryCount = 0) {
+        try {
+            const result = await operation();
+            this.metrics.successCount++;
+            return result;
+        }
+        catch (error) {
+            // Check if error is retryable (5xx status codes)
+            const isRetryable = this.isRetryableError(error);
+            const { maxRetries, initialDelayMs, maxDelayMs } = this.config.retryConfig;
+            if (isRetryable && retryCount < maxRetries) {
+                const delay = Math.min(initialDelayMs * Math.pow(2, retryCount), maxDelayMs);
+                this.metrics.retryCount++;
+                this.config.logger(`Retrying after ${delay}ms (attempt ${retryCount + 1}/${maxRetries})`);
+                await this.sleep(delay);
+                return this.retryWithBackoff(operation, retryCount + 1);
+            }
+            this.metrics.errorCount++;
+            throw error;
+        }
+    }
+    /**
+     * Check if an error is retryable (5xx status codes)
+     *
+     * @internal
+     */
+    isRetryableError(error) {
+        // Network errors (fetch failures) are retryable
+        if (error instanceof TypeError && error.message.includes("fetch")) {
+            return true;
+        }
+        // AgentShieldAPIError with 5xx status codes are retryable
+        if (error instanceof agentshield_api_2.AgentShieldAPIError) {
+            // Check error code for server errors
+            if (error.code === "server_error") {
+                return true;
+            }
+            // Check if error details contain status code
+            const status = error.details?.status;
+            if (status && status >= 500 && status < 600) {
+                return true;
+            }
+            // Rate limiting (429) is also retryable
+            if (status === 429) {
+                return true;
+            }
+        }
+        // Check for timeout errors
+        if (error instanceof Error) {
+            const message = error.message.toLowerCase();
+            if (message.includes("timeout") || message.includes("timed out")) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Sleep utility for retry delays
+     * Uses platform-agnostic sleep provider
+     *
+     * @internal
+     */
+    sleep(ms) {
+        return this.config.sleepProvider(ms);
+    }
+    /**
+     * Parse response text to JSON with error handling
+     *
+     * @internal
+     */
+    parseResponseJSON(response, responseText) {
+        try {
+            return JSON.parse(responseText);
+        }
+        catch (error) {
+            // Handle non-JSON error responses (e.g., plain text "Internal Server Error")
+            if (!response.ok) {
+                const errorCode = this.mapStatusToErrorCode(response.status);
+                throw new agentshield_api_2.AgentShieldAPIError(errorCode, `API request failed: ${response.status} ${response.statusText}`, { status: response.status, responseText: responseText.substring(0, 500) });
+            }
+            // For success responses that aren't JSON, throw invalid_response error
+            throw new agentshield_api_2.AgentShieldAPIError("invalid_response", `Failed to parse response: ${error instanceof Error ? error.message : String(error)}`, { responseText: responseText.substring(0, 500) });
+        }
+    }
+    /**
+     * Map HTTP status codes to error codes
+     *
+     * @internal
+     */
+    mapStatusToErrorCode(status, statusText = "") {
+        if (status === 400) {
+            return "validation_error";
+        }
+        else if (status === 401 || status === 403) {
+            return "authentication_failed";
+        }
+        else if (status === 404) {
+            return "config_not_found";
+        }
+        else if (status >= 500) {
+            return "server_error";
+        }
+        return "api_error";
+    }
+    /**
+     * Handle error responses and throw appropriate AgentShieldAPIError
+     *
+     * @internal
+     */
+    handleErrorResponse(response, responseData) {
+        const errorData = responseData;
+        if (errorData.error) {
+            const errorCode = errorData.error.code || "api_error";
+            // Ensure error details include status code for retry detection
+            const errorDetails = {
+                ...(errorData.error.details || {}),
+                status: response.status,
+            };
+            throw new agentshield_api_2.AgentShieldAPIError(errorCode, errorData.error.message || `API error: ${response.status}`, errorDetails);
+        }
+        // Map status codes to error codes
+        const errorCode = this.mapStatusToErrorCode(response.status, response.statusText);
+        throw new agentshield_api_2.AgentShieldAPIError(errorCode, `API request failed: ${response.status} ${response.statusText}`, { status: response.status, responseData });
+    }
+}
+exports.AccessControlApiService = AccessControlApiService;
+//# sourceMappingURL=access-control.service.js.map

package/dist/services/access-control.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-control.service.js","sourceRoot":"","sources":["../../src/services/access-control.service.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AASH,uEAM2C;AAC3C,uEAAwE;AAyDxE;;GAEG;AACH,SAAS,qBAAqB;IAC5B,4EAA4E;IAC5E,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACvD,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;IAC7B,CAAC;IACD,kCAAkC;IAClC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;AACxE,CAAC;AAED;;;;;GAKG;AACH,MAAa,uBAAuB;IAC1B,MAAM,CAAwC;IAC9C,OAAO,CAAiC;IAEhD,YAAY,MAAqC;QAC/C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC;QAC7C,IAAI,CAAC,MAAM,GAAG;YACZ,WAAW,EAAE;gBACX,UAAU,EAAE,WAAW,CAAC,UAAU,IAAI,CAAC;gBACvC,cAAc,EAAE,WAAW,CAAC,cAAc,IAAI,GAAG;gBACjD,UAAU,EAAE,WAAW,CAAC,UAAU,IAAI,IAAI;aAC3C;YACD,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;YACnC,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,aAAa,EACX,MAAM,CAAC,aAAa;gBACpB,CAAC,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;SACtE,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG;YACb,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;YACb,UAAU,EAAE,CAAC;SACd,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,OAEjB;QACC,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,IAAI,EAAE;YACtC,MAAM,aAAa,GAAG,qBAAqB,EAAE,CAAC;YAC9C,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,oCAAoC,kBAAkB,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAE7G,IAAI,CAAC,MAAM,CAAC,MAAM,CAChB,8CAA8C,OAAO,CAAC,QAAQ,EAAE,EAChE;gBACE,aAAa;gBACb,GAAG;aACJ,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,EAAE;gBAC1D,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC7C,cAAc,EAAE,kBAAkB;oBAClC,cAAc,EAAE,aAAa;iBAC9B;aACF,CAAC,CAAC;YAEH,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YAEpE,yBAAyB;YACzB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YACnD,CAAC;YAED,sCAAsC;YACtC,MAAM,MAAM,GACV,uDAAqC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAChE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,qCAAmB,CAC3B,kBAAkB,EAClB,4BAA4B,EAC5B,EAAE,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CACnC,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,6CAA6C,EAAE;gBAChE,aAAa;gBACb,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC,IAAI,CAAC;QACrB,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CACpB,OAAgC,EAChC,OAGC;QAED,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,IAAI,EAAE;YACtC,MAAM,aAAa,GAAG,qBAAqB,EAAE,CAAC;YAC9C,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,oCAAoC,CAAC;YAEvE,2DAA2D;YAC3D,MAAM,WAAW,GAA6D;gBAC5E,SAAS,EAAE,OAAO,CAAC,SAAS;aAC7B,CAAC;YAEF,yCAAyC;YACzC,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBACjC,WAAW,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YACtC,CAAC;YAED,6DAA6D;YAC7D,IAAI,OAAO,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;gBACzC,WAAW,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;YACtD,CAAC;iBAAM,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;gBAClC,WAAW,CAAC,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC;YACrD,CAAC;YAED,iEAAiE;YACjE,IAAI,OAAO,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBAC3C,WAAW,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;YAC1D,CAAC;iBAAM,IAAI,OAAO,EAAE,eAAe,EAAE,CAAC;gBACpC,WAAW,CAAC,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;YACzD,CAAC;YAED,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACpC,WAAW,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;YAC5C,CAAC;YAED,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACxB,WAAW,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;YAChD,CAAC;YAED,6GAA6G;YAC7G,MAAM,kBAAkB,GAAG,MAAM,CAAC,WAAW,CAC3C,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,KAAK,SAAS,CAAC,CACxE,CAAC;YAEF,oCAAoC;YACpC,iGAAiG;YACjG,wDAAwD;YACxD,MAAM,gBAAgB,GACpB,+CAA6B,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;YAC9D,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC;gBAC9B,mFAAmF;gBACnF,MAAM,WAAW,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CACpD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,KAAK,UAAU,CAC7D,CAAC;gBACF,IAAI,WAAW,IAAI,CAAC,CAAC,QAAQ,IAAI,kBAAkB,CAAC,EAAE,CAAC;oBACrD,qGAAqG;oBACrG,qEAAqE;oBACrE,mEAAmE;gBACrE,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,oCAAoC,EAAE;wBACvD,MAAM,EAAE,gBAAgB,CAAC,KAAK,CAAC,MAAM;wBACrC,WAAW,EAAE,WAAW;qBACzB,CAAC,CAAC;oBACH,MAAM,IAAI,qCAAmB,CAC3B,kBAAkB,EAClB,2BAA2B,EAC3B,EAAE,SAAS,EAAE,gBAAgB,CAAC,KAAK,CAAC,MAAM,EAAE,CAC7C,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAChB,mDAAmD,OAAO,CAAC,SAAS,EAAE,EACtE;gBACE,aAAa;gBACb,GAAG;gBACH,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;aAC7C,CACF,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,EAAE;gBAC1D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC7C,cAAc,EAAE,kBAAkB;oBAClC,cAAc,EAAE,aAAa;iBAC9B;gBACD,4DAA4D;gBAC5D,2DAA2D;gBAC3D,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC;aACzC,CAAC,CAAC;YAEH,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YAEpE,yBAAyB;YACzB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YACnD,CAAC;YAED,sCAAsC;YACtC,MAAM,MAAM,GAAG,mDAAiC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YACzE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,qCAAmB,CAC3B,kBAAkB,EAClB,4BAA4B,EAC5B,EAAE,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CACnC,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,qCAAqC,EAAE;gBACxD,aAAa;gBACb,QAAQ,EAAE,OAAO,CAAC,SAAS;gBAC3B,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;aAC9B,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC,IAAI,CAAC;QACrB,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,YAAY,CAChB,OAA+B;QAE/B,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,IAAI,EAAE;YACtC,sFAAsF;YACtF,MAAM,gBAAgB,GAAG,8CAA4B,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YACzE,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC;gBAC9B,sCAAsC;gBACtC,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;gBAC5E,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,qDAAqD,EAAE;oBACxE,MAAM,EAAE,gBAAgB,CAAC,KAAK,CAAC,MAAM;oBACrC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;iBAC1C,CAAC,CAAC;gBACH,MAAM,IAAI,qCAAmB,CAC3B,kBAAkB,EAClB,8BAA8B,YAAY,EAAE,EAC5C,EAAE,SAAS,EAAE,gBAAgB,CAAC,KAAK,CAAC,MAAM,EAAE,CAC7C,CAAC;YACJ,CAAC;YAED,yCAAyC;YACzC,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,IAAI,CAAC;YAE/C,MAAM,aAAa,GAAG,qBAAqB,EAAE,CAAC;YAC9C,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,wBAAwB,CAAC;YAE3D,IAAI,CAAC,MAAM,CAAC,MAAM,CAChB,8BAA8B,OAAO,CAAC,MAAM,CAAC,MAAM,WAAW,EAC9D;gBACE,aAAa;gBACb,GAAG;gBACH,SAAS,EAAE,OAAO,CAAC,UAAU;gBAC7B,YAAY,EAAE,OAAO,CAAC,aAAa;aACpC,CACF,CAAC;YAEF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,EAAE;gBAC9D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC7C,cAAc,EAAE,kBAAkB;oBAClC,cAAc,EAAE,aAAa;iBAC9B;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC;aACvC,CAAC,CAAC;YAEH,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;YAC/C,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;YAExE,yBAAyB;YACzB,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;gBACrB,MAAM,SAAS,GAAG,YAGjB,CAAC;gBAEF,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;oBACpB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,IAAI,WAAW,CAAC;oBAEtD,iFAAiF;oBACjF,IACE,SAAS,KAAK,qBAAqB;wBACnC,YAAY,CAAC,MAAM,KAAK,GAAG,EAC3B,CAAC;wBACD,8DAA8D;wBAC9D,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,OAExB,CAAC;wBACd,6DAA6D;wBAC7D,oDAAoD;wBACpD,MAAM,iBAAiB,GAAG;4BACxB,OAAO,EAAE,KAAK,EAAE,8CAA8C;4BAC9D,QAAQ,EAAE,CAAC;4BACX,QAAQ,EAAE,YAAY,EAAE,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM;4BACzD,QAAQ,EAAE;gCACR,OAAO,EAAE,CAAC;gCACV,MAAM,EAAE,CAAC;gCACT,OAAO,EAAE,CAAC;gCACV,KAAK,EAAE,YAAY,EAAE,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM;6BACvD;4BACD,MAAM,EAAE,YAAY,EAAE,MAAM;yBAC7B,CAAC;wBAEF,iDAAiD;wBACjD,MAAM,SAAS,GACb,+CAA6B,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;wBAC7D,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;4BACtB,OAAO,SAAS,CAAC,IAAI,CAAC;wBACxB,CAAC;wBAED,2CAA2C;wBAC3C,MAAM,IAAI,qCAAmB,CAC3B,kBAAkB,EAClB,kCAAkC,EAClC,EAAE,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,CACtC,CAAC;oBACJ,CAAC;oBAED,+DAA+D;oBAC/D,MAAM,YAAY,GAAG;wBACnB,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;wBAClC,MAAM,EAAE,YAAY,CAAC,MAAM;qBAC5B,CAAC;oBACF,MAAM,IAAI,qCAAmB,CAC3B,SAAS,EACT,SAAS,CAAC,KAAK,CAAC,OAAO,IAAI,cAAc,YAAY,CAAC,MAAM,EAAE,EAC9D,YAAY,CACb,CAAC;gBACJ,CAAC;gBAED,kCAAkC;gBAClC,IAAI,SAAS,GAAG,WAAW,CAAC;gBAC5B,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBAChC,SAAS,GAAG,kBAAkB,CAAC;gBACjC,CAAC;qBAAM,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBACvC,SAAS,GAAG,YAAY,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC;wBACxD,CAAC,CAAC,sBAAsB;wBACxB,CAAC,CAAC,mBAAmB,CAAC;gBAC1B,CAAC;gBAED,MAAM,IAAI,qCAAmB,CAC3B,SAAS,EACT,uBAAuB,YAAY,CAAC,MAAM,IAAI,YAAY,CAAC,UAAU,EAAE,EACvE,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,YAAY,EAAE,CAC9C,CAAC;YACJ,CAAC;YAED,8CAA8C;YAC9C,MAAM,eAAe,GAAG,YAGvB,CAAC;YACF,IAAI,eAAe,CAAC,OAAO,KAAK,SAAS,IAAI,eAAe,CAAC,IAAI,EAAE,CAAC;gBAClE,2CAA2C;gBAC3C,MAAM,UAAU,GAAG,+CAA6B,CAAC,SAAS,CACxD,eAAe,CAAC,IAAI,CACrB,CAAC;gBACF,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;oBACvB,iCAAiC;oBACjC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,+CAA+C,EAAE;wBAClE,aAAa;wBACb,QAAQ,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ;wBAClC,QAAQ,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ;qBACnC,CAAC,CAAC;oBACH,OAAO,UAAU,CAAC,IAAI,CAAC;gBACzB,CAAC;YACH,CAAC;YAED,gDAAgD;YAChD,MAAM,MAAM,GAAG,+CAA6B,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YACrE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,qCAAmB,CAC3B,kBAAkB,EAClB,4BAA4B,EAC5B,EAAE,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,CACjD,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,+CAA+C,EAAE;gBAClE,aAAa;gBACb,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ;aAC/B,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC,IAAI,CAAC;QACrB,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,YAAY;QACV,IAAI,CAAC,OAAO,GAAG;YACb,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;YACb,UAAU,EAAE,CAAC;SACd,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,gBAAgB,CAC5B,SAA2B,EAC3B,UAAU,GAAG,CAAC;QAEd,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YAC5B,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,iDAAiD;YACjD,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACjD,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,UAAU,EAAE,GAC9C,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;YAE1B,IAAI,WAAW,IAAI,UAAU,GAAG,UAAU,EAAE,CAAC;gBAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CACpB,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,EACxC,UAAU,CACX,CAAC;gBAEF,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;gBAC1B,IAAI,CAAC,MAAM,CAAC,MAAM,CAChB,kBAAkB,KAAK,eAAe,UAAU,GAAG,CAAC,IAAI,UAAU,GAAG,CACtE,CAAC;gBAEF,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBACxB,OAAO,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,UAAU,GAAG,CAAC,CAAC,CAAC;YAC1D,CAAC;YAED,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;YAC1B,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,gBAAgB,CAAC,KAAc;QACrC,gDAAgD;QAChD,IAAI,KAAK,YAAY,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAClE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,0DAA0D;QAC1D,IAAI,KAAK,YAAY,qCAAmB,EAAE,CAAC;YACzC,qCAAqC;YACrC,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;gBAClC,OAAO,IAAI,CAAC;YACd,CAAC;YAED,6CAA6C;YAC7C,MAAM,MAAM,GAAI,KAAK,CAAC,OAA2C,EAAE,MAAM,CAAC;YAC1E,IAAI,MAAM,IAAI,MAAM,IAAI,GAAG,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;gBAC5C,OAAO,IAAI,CAAC;YACd,CAAC;YACD,wCAAwC;YACxC,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnB,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAC5C,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,EAAU;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IACvC,CAAC;IAED;;;;OAIG;IACK,iBAAiB,CACvB,QAAkB,EAClB,YAAoB;QAEpB,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAClC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,6EAA6E;YAC7E,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBAC7D,MAAM,IAAI,qCAAmB,CAC3B,SAAS,EACT,uBAAuB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,EAC/D,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,YAAY,EAAE,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAC1E,CAAC;YACJ,CAAC;YACD,uEAAuE;YACvE,MAAM,IAAI,qCAAmB,CAC3B,kBAAkB,EAClB,6BAA6B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EACrF,EAAE,YAAY,EAAE,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACjD,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,oBAAoB,CAAC,MAAc,EAAE,UAAU,GAAG,EAAE;QAC1D,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACnB,OAAO,kBAAkB,CAAC;QAC5B,CAAC;aAAM,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5C,OAAO,uBAAuB,CAAC;QACjC,CAAC;aAAM,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YAC1B,OAAO,kBAAkB,CAAC;QAC5B,CAAC;aAAM,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YACzB,OAAO,cAAc,CAAC;QACxB,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;;;OAIG;IACK,mBAAmB,CACzB,QAAkB,EAClB,YAAqB;QAErB,MAAM,SAAS,GAAG,YAGjB,CAAC;QAEF,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,IAAI,WAAW,CAAC;YACtD,+DAA+D;YAC/D,MAAM,YAAY,GAAG;gBACnB,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;gBAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;YACF,MAAM,IAAI,qCAAmB,CAC3B,SAAS,EACT,SAAS,CAAC,KAAK,CAAC,OAAO,IAAI,cAAc,QAAQ,CAAC,MAAM,EAAE,EAC1D,YAAY,CACb,CAAC;QACJ,CAAC;QAED,kCAAkC;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;QAClF,MAAM,IAAI,qCAAmB,CAC3B,SAAS,EACT,uBAAuB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,EAC/D,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,YAAY,EAAE,CAC1C,CAAC;IACJ,CAAC;CACF;AAlkBD,0DAkkBC"}

package/dist/services/crypto.service.d.ts

@@ -0,0 +1,69 @@
+/**
+ * CryptoService
+ *
+ * Centralized cryptographic operations service that provides consistent
+ * signature verification across all platforms (Cloudflare, Node.js, etc.).
+ *
+ * This service eliminates code duplication and ensures cryptographic operations
+ * behave identically everywhere.
+ */
+import { CryptoProvider } from "../providers/base.js";
+/**
+ * Minimal JWK interface to avoid external dependencies
+ */
+export interface Ed25519JWK {
+    kty: "OKP";
+    crv: "Ed25519";
+    x: string;
+    kid?: string;
+    use?: string;
+}
+/**
+ * JWS parsing result
+ */
+export interface ParsedJWS {
+    header: Record<string, unknown>;
+    payload?: Record<string, unknown>;
+    signatureBytes: Uint8Array;
+    signingInput: string;
+}
+export declare class CryptoService {
+    private cryptoProvider;
+    constructor(cryptoProvider: CryptoProvider);
+    /**
+     * Verify raw Ed25519 signature
+     * @param data - Data that was signed
+     * @param signature - Signature bytes
+     * @param publicKey - Base64 encoded Ed25519 public key (32 bytes)
+     */
+    verifyEd25519(data: Uint8Array, signature: Uint8Array, publicKey: string): Promise<boolean>;
+    /**
+     * Parse JWS into components
+     * @param jws - Full compact JWS string (header.payload.signature)
+     * @returns Parsed JWS components
+     */
+    parseJWS(jws: string): ParsedJWS;
+    /**
+     * Verify JWS signature (full compact format: header.payload.signature)
+     * @param jws - Full compact JWS string (or detached format: header..signature)
+     * @param publicKeyJwk - Ed25519 public key in JWK format
+     * @param options - Verification options
+     * @param options.detachedPayload - Optional detached payload (Uint8Array or string) for detached JWS format
+     * @param options.expectedKid - Optional expected key ID to validate
+     * @param options.alg - Optional expected algorithm (defaults to 'EdDSA')
+     */
+    verifyJWS(jws: string, publicKeyJwk: Ed25519JWK, options?: {
+        detachedPayload?: Uint8Array | string;
+        expectedKid?: string;
+        alg?: "EdDSA";
+    }): Promise<boolean>;
+    /**
+     * Validate Ed25519 JWK format
+     */
+    private isValidEd25519JWK;
+    /**
+     * Convert Ed25519 JWK to base64 encoded public key
+     */
+    private jwkToBase64PublicKey;
+}
+//# sourceMappingURL=crypto.service.d.ts.map

package/dist/services/crypto.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.service.d.ts","sourceRoot":"","sources":["../../src/services/crypto.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAStD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,SAAS,CAAC;IACf,CAAC,EAAE,MAAM,CAAC;IACV,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,cAAc,EAAE,UAAU,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,aAAa;IACZ,OAAO,CAAC,cAAc;gBAAd,cAAc,EAAE,cAAc;IAElD;;;;;OAKG;IACG,aAAa,CACjB,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,UAAU,EACrB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC;IAgBnB;;;;OAIG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS;IA4DhC;;;;;;;;OAQG;IACG,SAAS,CACb,GAAG,EAAE,MAAM,EACX,YAAY,EAAE,UAAU,EACxB,OAAO,CAAC,EAAE;QACR,eAAe,CAAC,EAAE,UAAU,GAAG,MAAM,CAAC;QACtC,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,GAAG,CAAC,EAAE,OAAO,CAAC;KACf,GACA,OAAO,CAAC,OAAO,CAAC;IAoHnB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAczB;;OAEG;IACH,OAAO,CAAC,oBAAoB;CAc7B"}