@lindorm/aegis 0.8.0 → 0.9.0

package/README.md

@@ -20,8 +20,8 @@ npm install @lindorm/amphora @lindorm/logger
 
 Aegis exposes two layers:
 
-- **`Aegis`** — async façade that resolves keys from an `IAmphora` key store and delegates to the kit classes. Use this when you want JWT/JWS/JWE operations driven by a managed key store with `kid`-based lookup.
-- **Kit classes** (`JwtKit`, `JwsKit`, `JweKit`, `SignatureKit`) — synchronous, single-key primitives. You supply an `IKryptos` key directly. Use these when you already have the key in hand and don't need the Amphora layer.
+- **`Aegis`** — async façade that resolves keys from an `IAmphora` key store and delegates to the kit classes. Use this when you want JWT/JWS/JWE or COSE/CWT operations driven by a managed key store with `kid`-based lookup.
+- **Kit classes** (`JwtKit`, `JwsKit`, `JweKit`, `SignatureKit`, plus the `CoseKit` COSE facade) — synchronous, single-key primitives. You supply an `IKryptos` key directly. Use these when you already have the key in hand and don't need the Amphora layer.
 
 The `Aegis` instance methods are async because they perform key lookups. All kit instance methods are synchronous.
 
@@ -80,7 +80,7 @@ const plain = await aegis.aes.decrypt(encoded);
 
 ### Universal verification
 
-`aegis.verify` auto-detects JWT, JWS, and JWE compact serialisations. JWE inputs are decrypted first, then the inner payload is re-verified.
+`aegis.verify` auto-detects JWT, JWS, and JWE compact serialisations. JWE inputs are decrypted first, then the inner payload is re-verified. A COSE token (base64url CBOR, no JOSE dot structure) is also auto-detected and its integrity verified — see [COSE / CWT](#cose--cwt).
 
 ```typescript
 const result = await aegis.verify(anyToken, {
@@ -200,6 +200,59 @@ kit.assert(data, signature); // throws on mismatch
 const formatted = kit.format(signature); // string
 ```
 
+## COSE / CWT
+
+Every token profile can be issued as a CBOR Web Token (CWT, RFC 8392) instead of a JWT by passing `format: "cose"` — the same profile, the same domain claims, the same validation floor, only the wire encoding differs. The token is returned as a base64url string.
+
+```typescript
+const { token } = await aegis.mint(
+  "access_token",
+  { subject: "user-123", audience: ["https://api.example.com"], clientId: "app-1" },
+  { format: "cose" },
+);
+
+const verified = await aegis.verify("access_token", token, {
+  format: "cose",
+  audience: "https://api.example.com",
+});
+
+// …or let aegis auto-detect it (no profile, no format flag — integrity only):
+const smart = await aegis.verify(token);
+```
+
+### Token structure
+
+The COSE structure follows the key and the profile:
+
+- **Signed** — an asymmetric key produces a `COSE_Sign1` (the default).
+- **MAC'd** — a symmetric `oct` key produces a `COSE_Mac0` (HMAC is a MAC algorithm, never a `COSE_Sign1` signature). The same `algClass` policy applies as for JWTs.
+- **Encrypted** — an encryptable profile minted with `encrypt` (or carrying `sensitive_identity`) is sign-then-encrypted into a `COSE_Encrypt0`. Direct AES-GCM and AES-CCM (all eight RFC 9053 variants) are supported.
+
+### `typ` and proprietary encoding
+
+The COSE `typ` header carries the CWT media type — `application/at+cwt`, `application/secevent+cwt`, etc. (the JWT path's `application/at+jwt` family with the `+jwt` suffix swapped for `+cwt`; bare `JWT` → `application/cwt`, the one IANA-registered CWT type).
+
+By default the claims use lindorm-proprietary compact encodings (integer-keyed `act` / `sub_id`, private-use labels for lindorm-only claims). Pass `proprietary: false` to emit a fully interoperable, string-keyed payload that a stock COSE/CWT verifier reads, at the cost of larger tokens:
+
+```typescript
+await aegis.mint("access_token", content, { format: "cose", proprietary: false });
+```
+
+Either way the signature itself is plain RFC 9052 — verified in interop tests against `@auth0/cose` and `cose-js`.
+
+### CoseKit
+
+`CoseKit` is the synchronous facade behind the COSE path (the COSE analogue of the JOSE kits). It also exposes the **COSE Key Thumbprint** (`ckt`, RFC 9679):
+
+```typescript
+import { CoseKit } from "@lindorm/aegis";
+
+const ckt = CoseKit.thumbprint(kryptos); // raw SHA-256 digest bytes
+const uri = CoseKit.thumbprintUri(kryptos); // urn:ietf:params:oauth:ckt:sha-256:…
+```
+
+> The `ckt` is **not** the same value as `kryptos.thumbprint` (the RFC 7638 `jkt`): the `ckt` hashes the deterministic-CBOR COSE_Key, the `jkt` hashes the canonical JSON JWK, so the same key has two different fingerprints. They are not interchangeable in a key-binding check.
+
 ## Sign content shape
 
 `SignJwtContent` accepts the standard, OIDC, OAuth, PoP, delegation, and Lindorm claim families plus:
@@ -217,6 +270,7 @@ const formatted = kit.format(signature); // string
   roles?: string[];
   groups?: string[];
   entitlements?: string[];
+  authorizationDetails?: AuthorizationDetail[]; // RFC 9396 (RAR) — see below
   clientId?: string;
   grantType?: string;
   tenantId?: string;
@@ -228,7 +282,6 @@ const formatted = kit.format(signature); // string
   authFactor?: string[];
   authMethods?: string[];
   authorizedParty?: string;
-  adjustedAccessLevel?: number;
   levelOfAssurance?: number;
   sessionHint?: string;
   subjectHint?: string;
@@ -236,6 +289,32 @@ const formatted = kit.format(signature); // string
 }
 ```
 
+### Rich Authorization Requests (RFC 9396)
+
+`authorizationDetails` carries the RFC 9396 `authorization_details` claim. The
+domain name (`authorizationDetails`) is translated to the registered wire name
+(`authorization_details`) on sign and back on parse. The array **contents travel
+verbatim** — type-specific inner fields (e.g. `instructedAmount`,
+`creditorAccount`) are never key-converted, so camelCase fields defined by a
+detail's own spec are preserved exactly. The claim also surfaces from
+`parseIntrospection` (RFC 9396 §9).
+
+```typescript
+kit.sign({
+  expires: "1h",
+  subject: "user-123",
+  tokenType: "access_token",
+  authorizationDetails: [
+    {
+      type: "payment_initiation",
+      actions: ["initiate"],
+      locations: ["https://api.bank.example.com/payments"],
+      instructedAmount: { currency: "EUR", amount: "123.50" }, // verbatim
+    },
+  ],
+});
+```
+
 ## Verify options
 
 `VerifyJwtOptions` extends the claim matcher set. Each field accepts either a literal value or a `PredicateOperator` for flexible matching:
@@ -284,7 +363,7 @@ import {
 
 ## Security notes
 
-- Signature/decryption keys are always sourced from the supplied `IAmphora`. The `jku`, `jwk`, `x5u`, `x5c`, `x5t`, and `x5t#S256` JOSE header parameters are never trusted as key sources during verification — only `kid` is used as a lookup key into Amphora.
+- Signature/decryption keys are always sourced from the supplied `IAmphora`. The `jku`, `jwk`, `x5u`, `x5c`, `x5t`, and `x5t#S256` JOSE header parameters are never trusted as key sources during verification — only `kid` is used as a lookup key into Amphora. The COSE verify path is the same: the signing/encryption key is resolved only by the COSE `kid` (unprotected header, label 4), never from anything embedded in the token.
 - JWE payload compression (`zip` header) is rejected outright.
 - Critical header parameters are enforced per RFC 7515 §4.1.11; unknown `crit` entries cause verification to fail.
 - DPoP-bound tokens (`cnf.jkt`) require either a matching DPoP proof or `trustBoundThumbprint: true` on verify.

package/dist/classes/Aegis.d.ts

@@ -1,6 +1,6 @@
 import type { Dict } from "@lindorm/types";
 import type { IAegis, IAegisAes, IAegisJwe, IAegisJws, IAegisJwt } from "../interfaces/index.js";
-import type { AegisIntrospection, AegisOptions, AegisUserinfo, DecodedJwe, DecodedJws, DecodedJwt, ParsedJws, ParsedJwt, TokenHeaderClaims, ValidateJwtOptions, VerifyJwtOptions } from "../types/index.js";
+import type { AegisIntrospection, AegisOptions, AegisUserinfo, DecodedJwe, DecodedJws, DecodedJwt, ParsedJws, ParsedJwt, ProfileContent, ProfileSignOptions, ProfileVerifyOptions, RawSignInput, SignContent, SignedJws, SignedJwt, TokenHeaderClaims, TokenProfile, ValidateJwtOptions, VerifyJwtOptions } from "../types/index.js";
 import { type IntrospectClaimsInput } from "../internal/utils/parse-introspection.js";
 import { type UserinfoClaimsInput } from "../internal/utils/parse-userinfo.js";
 export declare class Aegis implements IAegis {
@@ -8,9 +8,11 @@ export declare class Aegis implements IAegis {
     private readonly amphora;
     private readonly certBindingMode;
     private readonly clockTolerance;
+    private readonly coseKit;
     private readonly dpopMaxSkew;
     private readonly encAlgorithm;
     private readonly encryption;
+    private readonly joseKit;
     private readonly logger;
     private readonly sigAlgorithm;
     constructor(options: AegisOptions);
@@ -18,7 +20,15 @@ export declare class Aegis implements IAegis {
     get jwe(): IAegisJwe;
     get jws(): IAegisJws;
     get jwt(): IAegisJwt;
-    verify<T extends ParsedJwt | ParsedJws<any>>(token: string, options?: VerifyJwtOptions): Promise<T>;
+    registerProfile(profile: TokenProfile): void;
+    sign(input: RawSignInput): Promise<SignedJws>;
+    mint<P extends keyof ProfileContent>(profile: P, content: ProfileContent[P], options?: ProfileSignOptions): Promise<SignedJwt>;
+    mint(profile: string & {}, content: SignContent, options?: ProfileSignOptions): Promise<SignedJwt>;
+    verify(token: string): Promise<ParsedJwt | ParsedJws<any>>;
+    verify<T extends ParsedJws<any>>(token: string): Promise<T>;
+    verify<T extends ParsedJwt>(token: string, options?: VerifyJwtOptions): Promise<T>;
+    verify<T extends ParsedJwt>(profile: string, token: string, options: ProfileVerifyOptions): Promise<T>;
+    private verifySmart;
     static header(token: string): TokenHeaderClaims;
     static isJwe(jwe: string): boolean;
     static isJws(jws: string): boolean;
@@ -31,14 +41,19 @@ export declare class Aegis implements IAegis {
     private aesKit;
     private aesEncrypt;
     private aesDecrypt;
-    private jweKit;
     private jweEncrypt;
     private jweDecrypt;
-    private jwsKit;
     private jwsSign;
     private jwsVerify;
-    private jwtKit;
     private jwtSign;
+    private signRaw;
+    private mintProfile;
+    private mintCose;
+    private verifyCose;
+    private coseVerifyCore;
+    private warnAlgAdvisory;
+    private resolveEncKey;
+    private verifyProfile;
     private jwtVerify;
     private kryptosEnc;
     private kryptosSig;

package/dist/classes/Aegis.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Aegis.d.ts","sourceRoot":"","sources":["../../src/classes/Aegis.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAE3C,OAAO,KAAK,EACV,MAAM,EACN,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACV,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,EACV,kBAAkB,EAClB,YAAY,EAEZ,aAAa,EAEb,UAAU,EACV,UAAU,EACV,UAAU,EAKV,SAAS,EACT,SAAS,EAMT,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,mBAAmB,CAAC;AAI3B,OAAO,EACL,KAAK,qBAAqB,EAE3B,MAAM,0CAA0C,CAAC;AAClD,OAAO,EAEL,KAAK,mBAAmB,EACzB,MAAM,qCAAqC,CAAC;AAqB7C,qBAAa,KAAM,YAAW,MAAM;IAClC,SAAgB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAEtC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;IAC/D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;gBAE5C,OAAO,EAAE,YAAY;IAaxC,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAEY,MAAM,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,EACtD,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,CAAC,CAAC;WAgBC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,iBAAiB;WAKxC,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,MAAM,CAAC,CAAC,SAAS,UAAU,GAAG,UAAU,GAAG,UAAU,EAAE,KAAK,EAAE,MAAM,GAAG,CAAC;WAaxE,KAAK,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,MAAM,GAAG,CAAC;WAU7D,aAAa,CAAC,IAAI,EAAE,mBAAmB,GAAG,aAAa;WAIvD,kBAAkB,CAAC,IAAI,EAAE,qBAAqB,GAAG,kBAAkB;WAYnE,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,kBAAkB,GAAG,IAAI;YAOhE,MAAM;YAMN,UAAU;YASV,UAAU;YAeV,MAAM;YAWN,UAAU;YASV,UAAU;YAaV,MAAM;YAUN,OAAO;YASP,SAAS;YAaT,MAAM;YAaN,OAAO;YASP,SAAS;YAgBT,UAAU;YA+BV,UAAU;CAgCzB"}
+{"version":3,"file":"Aegis.d.ts","sourceRoot":"","sources":["../../src/classes/Aegis.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAE3C,OAAO,KAAK,EACV,MAAM,EACN,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACV,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,EACV,kBAAkB,EAClB,YAAY,EAEZ,aAAa,EAEb,UAAU,EACV,UAAU,EACV,UAAU,EAKV,SAAS,EACT,SAAS,EACT,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,YAAY,EACZ,WAAW,EAIX,SAAS,EACT,SAAS,EACT,iBAAiB,EACjB,YAAY,EACZ,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,mBAAmB,CAAC;AAgB3B,OAAO,EACL,KAAK,qBAAqB,EAE3B,MAAM,0CAA0C,CAAC;AAClD,OAAO,EAEL,KAAK,mBAAmB,EACzB,MAAM,qCAAqC,CAAC;AAsB7C,qBAAa,KAAM,YAAW,MAAM;IAClC,SAAgB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAEtC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;IAC/D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;gBAE5C,OAAO,EAAE,YAAY;IAuBxC,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAEM,eAAe,CAAC,OAAO,EAAE,YAAY,GAAG,IAAI;IAI5C,IAAI,CAAC,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;IAI7C,IAAI,CAAC,CAAC,SAAS,MAAM,cAAc,EACxC,OAAO,EAAE,CAAC,EACV,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,EAC1B,OAAO,CAAC,EAAE,kBAAkB,GAC3B,OAAO,CAAC,SAAS,CAAC;IACd,IAAI,CACT,OAAO,EAAE,MAAM,GAAG,EAAE,EACpB,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,kBAAkB,GAC3B,OAAO,CAAC,SAAS,CAAC;IASd,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC1D,MAAM,CAAC,CAAC,SAAS,SAAS,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAC3D,MAAM,CAAC,CAAC,SAAS,SAAS,EAC/B,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,CAAC,CAAC;IACN,MAAM,CAAC,CAAC,SAAS,SAAS,EAC/B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,CAAC,CAAC;YAiBC,WAAW;WAqCX,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,iBAAiB;WAKxC,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,MAAM,CAAC,CAAC,SAAS,UAAU,GAAG,UAAU,GAAG,UAAU,EAAE,KAAK,EAAE,MAAM,GAAG,CAAC;WAmBxE,KAAK,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,MAAM,GAAG,CAAC;WAgB7D,aAAa,CAAC,IAAI,EAAE,mBAAmB,GAAG,aAAa;WAIvD,kBAAkB,CAAC,IAAI,EAAE,qBAAqB,GAAG,kBAAkB;WAYnE,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,kBAAkB,GAAG,IAAI;YAOhE,MAAM;YAMN,UAAU;YASV,UAAU;YAeV,UAAU;YASV,UAAU;YAaV,OAAO;YASP,SAAS;YAaT,OAAO;YAWP,OAAO;YAeP,WAAW;YAmIX,QAAQ;YAsFR,UAAU;YA8BV,cAAc;IAoB5B,OAAO,CAAC,eAAe;YAeT,aAAa;YAkBb,aAAa;YAyCb,SAAS;YAgBT,UAAU;YA+BV,UAAU;CAgCzB"}

package/dist/classes/Aegis.js

@@ -1,5 +1,17 @@
 import { AesKit, } from "@lindorm/aes";
+import { getUnixTime } from "@lindorm/date";
+import { isBuffer, isDate, isString } from "@lindorm/is";
+import { removeUndefined } from "@lindorm/utils";
 import { AegisError } from "../errors/index.js";
+import { CoseKit } from "./CoseKit.js";
+import { assembleCommonClaims } from "../internal/utils/assemble-common-claims.js";
+import { coseTyp } from "../internal/cose/cose-typ.js";
+import { algAdvisory } from "../internal/utils/rules/alg-permitted.js";
+import { buildProfileClaims } from "../internal/utils/build-profile-claims.js";
+import { selectEncoder } from "../internal/utils/select-encoder.js";
+import { validateProfileClaims } from "../internal/utils/validate-profile-claims.js";
+import { enforceVerifyFloor } from "../internal/utils/enforce-verify-floor.js";
+import { registerProfile as registerProfileFn, resolveProfile, } from "../internal/profiles/registry.js";
 import { createJwtValidate } from "../internal/utils/jwt-validate.js";
 import { validate as validateClaims } from "../internal/utils/validate.js";
 import { decodeJoseHeader } from "../internal/utils/jose-header.js";
@@ -8,26 +20,38 @@ import { parseUserinfo, } from "../internal/utils/parse-userinfo.js";
 import { JweKit } from "./JweKit.js";
 import { JwsKit } from "./JwsKit.js";
 import { JwtKit } from "./JwtKit.js";
+import { JoseKit } from "./JoseKit.js";
 export class Aegis {
     issuer;
     amphora;
     certBindingMode;
     clockTolerance;
+    coseKit;
     dpopMaxSkew;
     encAlgorithm;
     encryption;
+    joseKit;
     logger;
     sigAlgorithm;
     constructor(options) {
         this.logger = options.logger.child(["AegisKit"]);
         this.amphora = options.amphora;
         this.issuer = options.issuer ?? this.amphora.domain;
+        this.coseKit = new CoseKit({ logger: this.logger });
         this.certBindingMode = options.certBindingMode ?? "strict";
         this.clockTolerance = options.clockTolerance ?? 0;
         this.dpopMaxSkew = options.dpopMaxSkew;
         this.encAlgorithm = options.encAlgorithm;
         this.encryption = options.encryption ?? "A256GCM";
         this.sigAlgorithm = options.sigAlgorithm;
+        this.joseKit = new JoseKit({
+            certBindingMode: this.certBindingMode,
+            clockTolerance: this.clockTolerance,
+            dpopMaxSkew: this.dpopMaxSkew,
+            encryption: this.encryption,
+            issuer: this.issuer ?? undefined,
+            logger: this.logger,
+        });
     }
     get aes() {
         return {
@@ -53,18 +77,45 @@ export class Aegis {
             verify: this.jwtVerify.bind(this),
         };
     }
-    async verify(token, options) {
+    registerProfile(profile) {
+        registerProfileFn(profile);
+    }
+    sign(input) {
+        return this.signRaw(input);
+    }
+    mint(profile, content, options = {}) {
+        return this.mintProfile(profile, content, options);
+    }
+    async verify(tokenOrProfile, optionsOrToken, profileOptions) {
+        if (isString(optionsOrToken)) {
+            return this.verifyProfile(tokenOrProfile, optionsOrToken, profileOptions ?? {});
+        }
+        return this.verifySmart(tokenOrProfile, optionsOrToken);
+    }
+    async verifySmart(token, options) {
         if (Aegis.isJwt(token)) {
             return (await this.jwtVerify(token, options));
         }
         if (Aegis.isJwe(token)) {
             const decrypt = await this.jweDecrypt(token);
-            return await this.verify(decrypt.payload);
+            return await this.verifySmart(decrypt.payload, options);
         }
         if (Aegis.isJws(token)) {
             return (await this.jwsVerify(token));
         }
-        throw new AegisError("Invalid token type", { debug: { token } });
+        if (!token.includes(".")) {
+            const bytes = Buffer.from(token, "base64url");
+            if (this.coseKit.isCose(bytes)) {
+                const { claims, decoded } = await this.coseVerifyCore(bytes);
+                return { claims, header: decoded };
+            }
+        }
+        throw new AegisError("Invalid token type", {
+            code: "unsupported_token_type",
+            debug: { token },
+            title: "Unsupported Token Type",
+            details: "The token is not a recognised JWT, JWE, JWS, or COSE token, so Aegis cannot select a kit to verify it.",
+        });
     }
     static header(token) {
         const [header] = token.split(".");
@@ -89,7 +140,12 @@ export class Aegis {
         if (Aegis.isJwt(token)) {
             return JwtKit.decode(token);
         }
-        throw new AegisError("Invalid token type", { debug: { token } });
+        throw new AegisError("Invalid token type", {
+            code: "unsupported_token_type",
+            debug: { token },
+            title: "Unsupported Token Type",
+            details: "The token is not a recognised JWT, JWE, or JWS, so Aegis cannot select a kit to decode it.",
+        });
     }
     static parse(token) {
         if (Aegis.isJwt(token)) {
@@ -98,7 +154,12 @@ export class Aegis {
         if (Aegis.isJws(token)) {
             return JwsKit.parse(token);
         }
-        throw new AegisError("Invalid token type", { debug: { token } });
+        throw new AegisError("Invalid token type", {
+            code: "unsupported_token_type",
+            debug: { token },
+            title: "Unsupported Token Type",
+            details: "The token is not a recognised JWT or JWS, so Aegis cannot select a kit to parse it.",
+        });
     }
     static parseUserinfo(data) {
         return parseUserinfo(data);
@@ -126,69 +187,222 @@ export class Aegis {
         });
         return kit.decrypt(data);
     }
-    async jweKit(options = {}) {
-        const kryptos = await this.kryptosEnc(options);
-        return new JweKit({
-            certBindingMode: this.certBindingMode,
-            encryption: this.encryption,
-            kryptos,
-            logger: this.logger,
-        });
-    }
     async jweEncrypt(data, options = {}) {
-        const kit = await this.jweKit({ encrypt: true });
-        return kit.encrypt(data, options);
+        const kryptos = await this.kryptosEnc({ encrypt: true });
+        return this.joseKit.encryptJwe(kryptos, data, options);
     }
     async jweDecrypt(jwe) {
         const decode = JweKit.decode(jwe);
-        const kit = await this.jweKit({
+        const kryptos = await this.kryptosEnc({
             id: decode.header.kid,
             algorithm: decode.header.alg,
         });
-        return kit.decrypt(jwe);
-    }
-    async jwsKit(options = {}) {
-        const kryptos = await this.kryptosSig(options);
-        return new JwsKit({
-            certBindingMode: this.certBindingMode,
-            kryptos,
-            logger: this.logger,
-        });
+        return this.joseKit.decryptJwe(kryptos, jwe);
     }
     async jwsSign(data, options = {}) {
-        const kit = await this.jwsKit({ sign: true });
-        return kit.sign(data, options);
+        const kryptos = await this.kryptosSig({ sign: true });
+        return this.joseKit.signJws(kryptos, data, options);
     }
     async jwsVerify(jws) {
         const decode = JwsKit.decode(jws);
-        const kit = await this.jwsKit({
+        const kryptos = await this.kryptosSig({
             id: decode.header.kid,
             algorithm: decode.header.alg,
         });
-        return kit.verify(jws);
+        return this.joseKit.verifyJws(kryptos, jws);
     }
-    async jwtKit(options = {}) {
-        const kryptos = await this.kryptosSig(options);
-        return new JwtKit({
-            certBindingMode: this.certBindingMode,
-            clockTolerance: this.clockTolerance,
-            dpopMaxSkew: this.dpopMaxSkew,
-            issuer: this.issuer ?? undefined,
-            kryptos,
-            logger: this.logger,
+    async jwtSign(content, options = {}) {
+        const kryptos = await this.kryptosSig({ sign: true });
+        return this.joseKit.signJwt(kryptos, content, options);
+    }
+    async signRaw(input) {
+        const payload = isString(input.payload) || isBuffer(input.payload)
+            ? input.payload
+            : JSON.stringify(input.payload);
+        return this.jwsSign(payload, {
+            bindCertificate: input.bindCertificate,
+            contentType: input.contentType,
+            header: input.header,
+            objectId: input.objectId,
+            tokenType: input.tokenType,
         });
     }
-    async jwtSign(content, options = {}) {
-        const kit = await this.jwtKit({ sign: true });
-        return kit.sign(content, options);
+    async mintProfile(name, content, options) {
+        if (selectEncoder(options.format).format === "cose") {
+            return this.mintCose(name, content, options);
+        }
+        const profile = resolveProfile(name);
+        if (options.encrypt !== undefined && !profile.encryptable) {
+            throw new AegisError("Encryption is not allowed for this profile", {
+                code: "encryption_not_allowed",
+                data: { profile: profile.name },
+                title: "Encryption Not Allowed",
+                details: "This token profile is not encryptable, so an encrypt option cannot be supplied; remove it or use an encryptable profile.",
+            });
+        }
+        const kryptos = await this.kryptosSig({ sign: true });
+        const hasSensitiveIdentity = content.sensitiveIdentity != null;
+        const explicitEncrypt = options.encrypt !== undefined;
+        const wantsEncryption = profile.encryptable && (explicitEncrypt || hasSensitiveIdentity);
+        const encKryptos = wantsEncryption
+            ? await this.resolveEncKey({
+                id: options.encrypt?.kid,
+                algorithm: options.encrypt?.algorithm,
+                predicate: options.encrypt?.predicate,
+            }, explicitEncrypt)
+            : undefined;
+        const signContent = hasSensitiveIdentity && !encKryptos
+            ? removeUndefined({ ...content, sensitiveIdentity: undefined })
+            : content;
+        const common = assembleCommonClaims({ algorithm: kryptos.algorithm, issuer: this.issuer }, profile, signContent, options);
+        validateProfileClaims(profile, common, {
+            ...(options.context ?? {}),
+            algorithm: kryptos.algorithm,
+        });
+        this.warnAlgAdvisory(profile, kryptos.algorithm);
+        const claims = buildProfileClaims({ algorithm: kryptos.algorithm, issuer: this.issuer }, profile, {
+            ...signContent,
+            notBefore: common.notBefore,
+            issuer: common.issuer,
+            expires: common.expiresAt,
+        }, {
+            ...options,
+            issuedAt: common.issuedAt,
+            tokenId: common.tokenId,
+        });
+        const signed = this.joseKit.signClaims(kryptos, claims, signContent, {
+            ...options,
+            ...(profile.typ !== null ? { typ: profile.typ } : {}),
+        });
+        if (!encKryptos) {
+            return signed;
+        }
+        const { token } = this.joseKit.encryptJwe(encKryptos, signed.token);
+        return { ...signed, token };
+    }
+    async mintCose(name, content, options) {
+        const profile = resolveProfile(name);
+        if (options.encrypt !== undefined && !profile.encryptable) {
+            throw new AegisError("Encryption is not allowed for this profile", {
+                code: "encryption_not_allowed",
+                data: { profile: profile.name },
+                title: "Encryption Not Allowed",
+                details: "This token profile is not encryptable, so an encrypt option cannot be supplied; remove it or use an encryptable profile.",
+            });
+        }
+        const hasSensitiveIdentity = content.sensitiveIdentity != null;
+        const explicitEncrypt = options.encrypt !== undefined;
+        const wantsEncryption = profile.encryptable && (explicitEncrypt || hasSensitiveIdentity);
+        const encKryptos = wantsEncryption
+            ? await this.resolveEncKey({
+                id: options.encrypt?.kid,
+                algorithm: options.encrypt?.algorithm,
+                predicate: options.encrypt?.predicate,
+            }, explicitEncrypt)
+            : undefined;
+        const signContent = hasSensitiveIdentity && !encKryptos
+            ? removeUndefined({ ...content, sensitiveIdentity: undefined })
+            : content;
+        const kryptos = await this.kryptosSig({ sign: true });
+        const common = assembleCommonClaims({ algorithm: kryptos.algorithm, issuer: this.issuer }, profile, signContent, options);
+        validateProfileClaims(profile, common, {
+            ...(options.context ?? {}),
+            algorithm: kryptos.algorithm,
+        });
+        this.warnAlgAdvisory(profile, kryptos.algorithm);
+        let token = this.coseKit.sign(kryptos, common, {
+            typ: coseTyp(profile.typ),
+            proprietary: options.proprietary,
+        });
+        if (encKryptos) {
+            token = this.coseKit.encrypt(encKryptos, token, {
+                typ: coseTyp(profile.typ),
+                encryption: this.encryption,
+            });
+        }
+        const expiresAt = isDate(common.expiresAt) ? common.expiresAt : undefined;
+        const expiresOn = expiresAt ? getUnixTime(expiresAt) : undefined;
+        return {
+            token: token.toString("base64url"),
+            expiresAt,
+            expiresIn: expiresOn ? expiresOn - getUnixTime(new Date()) : undefined,
+            expiresOn,
+            objectId: undefined,
+            tokenId: isString(common.tokenId) ? common.tokenId : undefined,
+        };
+    }
+    async verifyCose(name, token, options) {
+        const profile = resolveProfile(name);
+        const { claims, decoded, typ } = await this.coseVerifyCore(Buffer.from(token, "base64url"));
+        const expectedIssuer = options.issuer ??
+            (profile.issuer === "platform" ? (this.issuer ?? undefined) : undefined);
+        enforceVerifyFloor({
+            audience: options.audience,
+            decodedTyp: typ,
+            expectedTyp: coseTyp(profile.typ),
+            expectedIssuer,
+            payload: claims,
+            profile,
+        });
+        return { claims, header: decoded };
+    }
+    async coseVerifyCore(input) {
+        let bytes = input;
+        if (this.coseKit.isEncrypted(bytes)) {
+            const encKryptos = await this.kryptosEnc({
+                id: this.coseKit.decodeEncryptedKid(bytes),
+            });
+            bytes = this.coseKit.decrypt(encKryptos, bytes);
+        }
+        const decoded = this.coseKit.decode(bytes);
+        const kryptos = await this.kryptosSig({ id: decoded.kid });
+        const { claims, typ } = this.coseKit.verify(kryptos, bytes);
+        return { claims, decoded, typ };
+    }
+    warnAlgAdvisory(profile, algorithm) {
+        const advisory = profile.algClass
+            ? algAdvisory(algorithm, profile.algClass)
+            : undefined;
+        if (advisory) {
+            this.logger.warn(advisory, { profile: profile.name, algorithm });
+        }
+    }
+    async resolveEncKey(options, required) {
+        try {
+            return await this.kryptosEnc({ encrypt: true, ...options });
+        }
+        catch (error) {
+            if (required) {
+                throw error;
+            }
+            return undefined;
+        }
+    }
+    async verifyProfile(name, token, options) {
+        if (selectEncoder(options.format).format === "cose") {
+            return this.verifyCose(name, token, options);
+        }
+        const profile = resolveProfile(name);
+        const { audience: _audience, issuer: _issuer, clockTolerance: _ct, format: _format, ...rest } = options;
+        const parsed = await this.verifySmart(token, rest);
+        const expectedIssuer = options.issuer ??
+            (profile.issuer === "platform" ? (this.issuer ?? undefined) : undefined);
+        enforceVerifyFloor({
+            audience: options.audience,
+            decodedTyp: parsed.decoded.header.typ,
+            expectedIssuer,
+            payload: parsed.payload,
+            profile,
+        });
+        return parsed;
     }
     async jwtVerify(jwt, verify = {}) {
         const decode = JwtKit.decode(jwt);
-        const kit = await this.jwtKit({
+        const kryptos = await this.kryptosSig({
             id: decode.header.kid,
             algorithm: decode.header.alg,
         });
-        return kit.verify(jwt, verify);
+        return this.joseKit.verifyJwt(kryptos, jwt, verify);
     }
     async kryptosEnc(options = {}) {
         const query = options.encrypt
@@ -198,7 +412,7 @@ export class Aegis {
                     { operations: ["deriveKey"] },
                     { operations: ["wrapKey"] },
                 ],
-                algorithm: this.encAlgorithm,
+                algorithm: options.algorithm ?? this.encAlgorithm,
                 issuer: this.issuer ?? undefined,
                 ...(options.predicate ?? {}),
             }