@naylence/advanced-security 0.3.7 → 0.3.9

package/dist/cjs/advanced-security-isomorphic.js

@@ -0,0 +1,82 @@
+/**
+ * Isomorphic entry point for Naylence Advanced Security.
+ *
+ * Exposes browser-safe security helpers alongside the factory registrar while
+ * installing the shared dynamic importer shim used by Naylence plugins.
+ */
+export { VERSION } from "./version.js";
+export { validateJwkX5cCertificate, publicKeyFromX5c, } from "./naylence/fame/security/cert/util.js";
+export { GRANT_PURPOSE_CA_SIGN } from "./naylence/fame/security/cert/grants.js";
+export { createEd25519Csr, } from "./naylence/fame/security/cert/browser-csr.js";
+export { CAServiceClient, ENV_VAR_FAME_CA_SERVICE_URL, extractCertificateInfo, formatCertificateInfo, } from "./naylence/fame/security/cert/ca-service-client.js";
+export * from "./naylence/fame/security/encryption/index.js";
+export { AdvancedEdDSAEnvelopeSignerFactory, FACTORY_META as ADVANCED_EDDSA_ENVELOPE_SIGNER_FACTORY_META, } from "./naylence/fame/security/signing/eddsa-envelope-signer-factory.js";
+export { AdvancedEdDSAEnvelopeVerifierFactory, FACTORY_META as ADVANCED_EDDSA_ENVELOPE_VERIFIER_FACTORY_META, } from "./naylence/fame/security/signing/eddsa-envelope-verifier-factory.js";
+export { EdDSAEnvelopeVerifier, } from "./naylence/fame/security/signing/eddsa-envelope-verifier.js";
+export * from "./naylence/fame/security/keys/index.js";
+export * from "./naylence/fame/stickiness/index.js";
+export * from "./naylence/fame/welcome/index.js";
+export { registerAdvancedSecurityFactories, } from "./naylence/fame/security/register-advanced-security-factories.js";
+const pluginModulePromise = import("./plugin.js");
+const globalScope = globalThis;
+const FACTORY_MODULE_PREFIX = "@naylence/advanced-security/naylence/fame/";
+const RUNTIME_LOADER_KEY = "__naylenceFactoryDynamicImporter";
+const ADVANCED_SECURITY_LOADER_MARK = Symbol.for("__naylenceAdvancedSecurityLoader__");
+const isAdvancedSecurityPluginSpecifier = (specifier) => specifier === "@naylence/advanced-security" ||
+    specifier === "@naylence/advanced-security/" ||
+    specifier === "@naylence/advanced-security/plugin" ||
+    specifier === "@naylence/advanced-security/plugin.js" ||
+    specifier === "@naylence/advanced-security/dist/esm/plugin.js";
+const resolveFactoryModuleSpecifier = (specifier) => {
+    if (specifier.startsWith("../")) {
+        const relativePath = specifier.slice("../".length);
+        return `${FACTORY_MODULE_PREFIX}${relativePath}`;
+    }
+    if (specifier.startsWith("./")) {
+        const relativePath = specifier.slice("./".length);
+        return `${FACTORY_MODULE_PREFIX}${relativePath}`;
+    }
+    return null;
+};
+const isModuleNotFoundError = (error) => {
+    const message = error instanceof Error ? error.message : String(error);
+    return (message.includes("Cannot find module") ||
+        message.includes("ERR_MODULE_NOT_FOUND") ||
+        message.includes("Unknown file extension") ||
+        message.includes("Failed to fetch dynamically imported module") ||
+        message.includes("Failed to resolve module specifier") ||
+        message.includes("Importing a module script failed"));
+};
+const ensureAdvancedSecurityPluginLoader = () => {
+    const existing = Reflect.get(globalScope, RUNTIME_LOADER_KEY);
+    if (typeof existing === "function" &&
+        Reflect.get(existing, ADVANCED_SECURITY_LOADER_MARK)) {
+        return existing;
+    }
+    const fallbackLoader = typeof existing === "function" ? existing : undefined;
+    const loader = async (specifier) => {
+        if (isAdvancedSecurityPluginSpecifier(specifier)) {
+            return pluginModulePromise;
+        }
+        const remapped = resolveFactoryModuleSpecifier(specifier);
+        if (remapped) {
+            try {
+                return await import(/* @vite-ignore */ remapped);
+            }
+            catch (error) {
+                if (!fallbackLoader || !isModuleNotFoundError(error)) {
+                    throw error;
+                }
+            }
+        }
+        if (fallbackLoader) {
+            return fallbackLoader(specifier);
+        }
+        return import(/* @vite-ignore */ specifier);
+    };
+    Reflect.set(loader, ADVANCED_SECURITY_LOADER_MARK, true);
+    Reflect.set(globalScope, RUNTIME_LOADER_KEY, loader);
+    return loader;
+};
+export const __advancedSecurityPluginLoader = ensureAdvancedSecurityPluginLoader();
+//# sourceMappingURL=advanced-security-isomorphic.js.map

package/dist/cjs/advanced-security-isomorphic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"advanced-security-isomorphic.js","sourceRoot":"","sources":["../../src/advanced-security-isomorphic.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,OAAO,EACL,yBAAyB,EAGzB,gBAAgB,GAEjB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAChF,OAAO,EACL,gBAAgB,GAEjB,MAAM,8CAA8C,CAAC;AAEtD,OAAO,EACL,eAAe,EAGf,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,oDAAoD,CAAC;AAE5D,cAAc,8CAA8C,CAAC;AAE7D,OAAO,EACL,kCAAkC,EAClC,YAAY,IAAI,2CAA2C,GAE5D,MAAM,mEAAmE,CAAC;AAC3E,OAAO,EACL,oCAAoC,EACpC,YAAY,IAAI,6CAA6C,GAE9D,MAAM,qEAAqE,CAAC;AAC7E,OAAO,EACL,qBAAqB,GAGtB,MAAM,6DAA6D,CAAC;AAErE,cAAc,wCAAwC,CAAC;AAEvD,cAAc,qCAAqC,CAAC;AACpD,cAAc,kCAAkC,CAAC;AAEjD,OAAO,EACL,iCAAiC,GAElC,MAAM,kEAAkE,CAAC;AAK1E,MAAM,mBAAmB,GAAG,MAAM,CAAC,aAAa,CAA0B,CAAC;AAE3E,MAAM,WAAW,GAAG,UAAqC,CAAC;AAC1D,MAAM,qBAAqB,GAAG,4CAA4C,CAAC;AAC3E,MAAM,kBAAkB,GAAG,kCAAkC,CAAC;AAC9D,MAAM,6BAA6B,GAAG,MAAM,CAAC,GAAG,CAC9C,oCAAoC,CACrC,CAAC;AAEF,MAAM,iCAAiC,GAAG,CAAC,SAAiB,EAAW,EAAE,CACvE,SAAS,KAAK,6BAA6B;IAC3C,SAAS,KAAK,8BAA8B;IAC5C,SAAS,KAAK,oCAAoC;IAClD,SAAS,KAAK,uCAAuC;IACrD,SAAS,KAAK,gDAAgD,CAAC;AAEjE,MAAM,6BAA6B,GAAG,CAAC,SAAiB,EAAiB,EAAE;IACzE,IAAI,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACnD,OAAO,GAAG,qBAAqB,GAAG,YAAY,EAAE,CAAC;IACnD,CAAC;IAED,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClD,OAAO,GAAG,qBAAqB,GAAG,YAAY,EAAE,CAAC;IACnD,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,KAAc,EAAW,EAAE;IACxD,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,OAAO,CACL,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;QACtC,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC;QACxC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QAC1C,OAAO,CAAC,QAAQ,CAAC,6CAA6C,CAAC;QAC/D,OAAO,CAAC,QAAQ,CAAC,oCAAoC,CAAC;QACtD,OAAO,CAAC,QAAQ,CAAC,kCAAkC,CAAC,CACrD,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,kCAAkC,GAAG,GAAuB,EAAE;IAClE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAC1B,WAAW,EACX,kBAAkB,CACe,CAAC;IAEpC,IACE,OAAO,QAAQ,KAAK,UAAU;QAC9B,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,6BAA6B,CAAC,EACpD,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,cAAc,GAClB,OAAO,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IAExD,MAAM,MAAM,GAAuB,KAAK,EACtC,SAAiB,EACM,EAAE;QACzB,IAAI,iCAAiC,CAAC,SAAS,CAAC,EAAE,CAAC;YACjD,OAAO,mBAAmB,CAAC;QAC7B,CAAC;QAED,MAAM,QAAQ,GAAG,6BAA6B,CAAC,SAAS,CAAC,CAAC;QAC1D,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,OAAO,MAAM,MAAM,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,cAAc,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,EAAE,CAAC;oBACrD,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,cAAc,CAAC,SAAS,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,MAAM,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAC9C,CAAC,CAAC;IAEF,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,6BAA6B,EAAE,IAAI,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,kBAAkB,EAAE,MAAM,CAAC,CAAC;IAErD,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,8BAA8B,GACzC,kCAAkC,EAAE,CAAC"}

package/dist/cjs/browser.js

@@ -1,6 +1,25 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const tslib_1 = require("tslib");
-// Browser-friendly entry point. Limit exports to APIs that are safe for browser usage.
-tslib_1.__exportStar(require("./index.js"), exports);
+/**
+ * Browser-friendly entry point that exposes only modules compatible with
+ * runtimes lacking Node.js built-ins. Node-specific certificate authority
+ * helpers and Fastify bindings are intentionally excluded.
+ */
+// Import and use the loader to ensure bundlers don't tree-shake it away
+import { __advancedSecurityPluginLoader } from "./advanced-security-isomorphic.js";
+// Mark as used so bundlers keep the import
+if (typeof __advancedSecurityPluginLoader === "undefined") {
+    throw new Error("Advanced security plugin loader not initialized");
+}
+// Package version
+export { VERSION } from './version.js';
+export { validateJwkX5cCertificate, publicKeyFromX5c, } from "./naylence/fame/security/cert/util.js";
+export { createEd25519Csr, } from "./naylence/fame/security/cert/browser-csr.js";
+export { GRANT_PURPOSE_CA_SIGN } from "./naylence/fame/security/cert/grants.js";
+export { CAServiceClient, ENV_VAR_FAME_CA_SERVICE_URL, extractCertificateInfo, formatCertificateInfo, } from "./naylence/fame/security/cert/ca-service-client.js";
+export * from "./naylence/fame/security/encryption/index.js";
+export { AdvancedEdDSAEnvelopeSignerFactory, FACTORY_META as ADVANCED_EDDSA_ENVELOPE_SIGNER_FACTORY_META, } from "./naylence/fame/security/signing/eddsa-envelope-signer-factory.js";
+export { AdvancedEdDSAEnvelopeVerifierFactory, FACTORY_META as ADVANCED_EDDSA_ENVELOPE_VERIFIER_FACTORY_META, } from "./naylence/fame/security/signing/eddsa-envelope-verifier-factory.js";
+export { EdDSAEnvelopeVerifier, } from "./naylence/fame/security/signing/eddsa-envelope-verifier.js";
+export * from "./naylence/fame/security/keys/index.js";
+export * from "./naylence/fame/stickiness/index.js";
+export * from "./naylence/fame/welcome/index.js";
 //# sourceMappingURL=browser.js.map

package/dist/cjs/browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"browser.js","sourceRoot":"","sources":["../../src/browser.ts"],"names":[],"mappings":";;;AAAA,uFAAuF;AACvF,qDAA2B"}
+{"version":3,"file":"browser.js","sourceRoot":"","sources":["../../src/browser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,wEAAwE;AACxE,OAAO,EAAE,8BAA8B,EAAE,MAAM,mCAAmC,CAAC;AAEnF,2CAA2C;AAC3C,IAAI,OAAO,8BAA8B,KAAK,WAAW,EAAE,CAAC;IAC1D,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC;AAED,kBAAkB;AAClB,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,OAAO,EACN,yBAAyB,EAGzB,gBAAgB,GAEhB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACN,gBAAgB,GAEhB,MAAM,8CAA8C,CAAC;AAEtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAChF,OAAO,EACN,eAAe,EAGf,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,GACrB,MAAM,oDAAoD,CAAC;AAE5D,cAAc,8CAA8C,CAAC;AAE7D,OAAO,EACN,kCAAkC,EAClC,YAAY,IAAI,2CAA2C,GAE3D,MAAM,mEAAmE,CAAC;AAC3E,OAAO,EACN,oCAAoC,EACpC,YAAY,IAAI,6CAA6C,GAE7D,MAAM,qEAAqE,CAAC;AAC7E,OAAO,EACN,qBAAqB,GAGrB,MAAM,6DAA6D,CAAC;AAErE,cAAc,wCAAwC,CAAC;AAEvD,cAAc,qCAAqC,CAAC;AACpD,cAAc,kCAAkC,CAAC"}

package/dist/cjs/index.js

@@ -1,7 +1,2 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const tslib_1 = require("tslib");
-tslib_1.__exportStar(require("./naylence/fame/security/index.js"), exports);
-tslib_1.__exportStar(require("./naylence/fame/stickiness/index.js"), exports);
-tslib_1.__exportStar(require("./naylence/fame/welcome/index.js"), exports);
+export * from './advanced-security-isomorphic.js';
 //# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,4EAAkD;AAClD,8EAAoD;AACpD,2EAAiD"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,mCAAmC,CAAC"}

package/dist/cjs/install-env.js

@@ -0,0 +1,2 @@
+import "@naylence/runtime/install-env";
+//# sourceMappingURL=install-env.js.map

package/dist/cjs/install-env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"install-env.js","sourceRoot":"","sources":["../../src/install-env.ts"],"names":[],"mappings":"AAAA,OAAO,+BAA+B,CAAC"}

package/dist/cjs/naylence/fame/factory-manifest.js

@@ -1,15 +1,14 @@
-"use strict";
 /**
  * AUTO-GENERATED FILE. DO NOT EDIT DIRECTLY.
  * Generated by scripts/generate-factory-manifest.mjs
  *
  * Provides the list of advanced security factory modules for registration.
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.MODULES = void 0;
-exports.MODULES = [
+export const MODULES = [
     "./security/cert/default-ca-service-factory.js",
     "./security/cert/default-certificate-manager-factory.js",
+    "./security/cert/trust-store/browser-trust-store-provider-factory.js",
+    "./security/cert/trust-store/node-trust-store-provider-factory.js",
     "./security/encryption/channel/channel-encryption-manager-factory.js",
     "./security/encryption/composite-encryption-manager-factory.js",
     "./security/encryption/default-secure-channel-manager-factory.js",
@@ -21,4 +20,20 @@ exports.MODULES = [
     "./stickiness/aft-replica-stickiness-manager-factory.js",
     "./welcome/advanced-welcome-service-factory.js"
 ];
+export const MODULE_LOADERS = {
+    "./security/cert/default-ca-service-factory.js": () => import("./security/cert/default-ca-service-factory.js"),
+    "./security/cert/default-certificate-manager-factory.js": () => import("./security/cert/default-certificate-manager-factory.js"),
+    "./security/cert/trust-store/browser-trust-store-provider-factory.js": () => import("./security/cert/trust-store/browser-trust-store-provider-factory.js"),
+    "./security/cert/trust-store/node-trust-store-provider-factory.js": () => import("./security/cert/trust-store/node-trust-store-provider-factory.js"),
+    "./security/encryption/channel/channel-encryption-manager-factory.js": () => import("./security/encryption/channel/channel-encryption-manager-factory.js"),
+    "./security/encryption/composite-encryption-manager-factory.js": () => import("./security/encryption/composite-encryption-manager-factory.js"),
+    "./security/encryption/default-secure-channel-manager-factory.js": () => import("./security/encryption/default-secure-channel-manager-factory.js"),
+    "./security/encryption/sealed/x25519-encryption-manager-factory.js": () => import("./security/encryption/sealed/x25519-encryption-manager-factory.js"),
+    "./security/keys/x5c-key-manager-factory.js": () => import("./security/keys/x5c-key-manager-factory.js"),
+    "./security/signing/eddsa-envelope-signer-factory.js": () => import("./security/signing/eddsa-envelope-signer-factory.js"),
+    "./security/signing/eddsa-envelope-verifier-factory.js": () => import("./security/signing/eddsa-envelope-verifier-factory.js"),
+    "./stickiness/aft-load-balancer-stickiness-manager-factory.js": () => import("./stickiness/aft-load-balancer-stickiness-manager-factory.js"),
+    "./stickiness/aft-replica-stickiness-manager-factory.js": () => import("./stickiness/aft-replica-stickiness-manager-factory.js"),
+    "./welcome/advanced-welcome-service-factory.js": () => import("./welcome/advanced-welcome-service-factory.js"),
+};
 //# sourceMappingURL=factory-manifest.js.map

package/dist/cjs/naylence/fame/factory-manifest.js.map

@@ -1 +1 @@
-{"version":3,"file":"factory-manifest.js","sourceRoot":"","sources":["../../../../src/naylence/fame/factory-manifest.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEU,QAAA,OAAO,GAAG;IACrB,+CAA+C;IAC/C,wDAAwD;IACxD,qEAAqE;IACrE,+DAA+D;IAC/D,iEAAiE;IACjE,mEAAmE;IACnE,4CAA4C;IAC5C,qDAAqD;IACrD,uDAAuD;IACvD,8DAA8D;IAC9D,wDAAwD;IACxD,+CAA+C;CACvC,CAAC"}
+{"version":3,"file":"factory-manifest.js","sourceRoot":"","sources":["../../../../src/naylence/fame/factory-manifest.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,CAAC,MAAM,OAAO,GAAG;IACrB,+CAA+C;IAC/C,wDAAwD;IACxD,qEAAqE;IACrE,kEAAkE;IAClE,qEAAqE;IACrE,+DAA+D;IAC/D,iEAAiE;IACjE,mEAAmE;IACnE,4CAA4C;IAC5C,qDAAqD;IACrD,uDAAuD;IACvD,8DAA8D;IAC9D,wDAAwD;IACxD,+CAA+C;CACvC,CAAC;AAKX,MAAM,CAAC,MAAM,cAAc,GAAmD;IAC5E,+CAA+C,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,+CAA+C,CAAC;IAC9G,wDAAwD,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,wDAAwD,CAAC;IAChI,qEAAqE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,qEAAqE,CAAC;IAC1J,kEAAkE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,kEAAkE,CAAC;IACpJ,qEAAqE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,qEAAqE,CAAC;IAC1J,+DAA+D,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,+DAA+D,CAAC;IAC9I,iEAAiE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,iEAAiE,CAAC;IAClJ,mEAAmE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,mEAAmE,CAAC;IACtJ,4CAA4C,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,4CAA4C,CAAC;IACxG,qDAAqD,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,qDAAqD,CAAC;IAC1H,uDAAuD,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,uDAAuD,CAAC;IAC9H,8DAA8D,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,8DAA8D,CAAC;IAC5I,wDAAwD,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,wDAAwD,CAAC;IAChI,+CAA+C,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,+CAA+C,CAAC;CAC/G,CAAC"}

package/dist/cjs/naylence/fame/security/cert/browser-csr.js

@@ -0,0 +1,103 @@
+import { AsnConvert, OctetString } from "@peculiar/asn1-schema";
+import { Attributes, CertificationRequest, CertificationRequestInfo, } from "@peculiar/asn1-csr";
+import { AlgorithmIdentifier, Attribute, AttributeTypeAndValue, AttributeValue, Extension, Extensions, GeneralName, Name, RelativeDistinguishedName, SubjectAlternativeName, SubjectPublicKeyInfo, id_ce_subjectAltName, } from "@peculiar/asn1-x509";
+const ED25519_OID = "1.3.101.112";
+const OID_COMMON_NAME = "2.5.4.3";
+const LOGICAL_URI_PREFIX = "naylence://";
+function ensureSubtleCrypto() {
+    const instance = globalThis.crypto?.subtle;
+    if (!instance) {
+        throw new Error("WebCrypto subtle API is required to create a CSR");
+    }
+    return instance;
+}
+function buildSubject(commonName) {
+    if (!commonName || typeof commonName !== "string") {
+        throw new Error("commonName must be a non-empty string");
+    }
+    return new Name([
+        new RelativeDistinguishedName([
+            new AttributeTypeAndValue({
+                type: OID_COMMON_NAME,
+                value: new AttributeValue({ utf8String: commonName }),
+            }),
+        ]),
+    ]);
+}
+function arrayBufferToBase64(buffer) {
+    const bytes = new Uint8Array(buffer);
+    if (typeof globalThis.Buffer?.from === "function") {
+        return globalThis.Buffer.from(bytes).toString("base64");
+    }
+    let binary = "";
+    const chunkSize = 0x8000;
+    for (let offset = 0; offset < bytes.length; offset += chunkSize) {
+        const slice = bytes.subarray(offset, offset + chunkSize);
+        binary += String.fromCharCode(...slice);
+    }
+    if (typeof globalThis.btoa !== "function") {
+        throw new Error("Base64 encoding not available in this environment");
+    }
+    return globalThis.btoa(binary);
+}
+function derToPem(der, label) {
+    const base64 = arrayBufferToBase64(der);
+    const lines = [];
+    for (let index = 0; index < base64.length; index += 64) {
+        lines.push(base64.slice(index, index + 64));
+    }
+    return `-----BEGIN ${label}-----\n${lines.join("\n")}\n-----END ${label}-----\n`;
+}
+export async function createEd25519Csr(options) {
+    const subtle = ensureSubtleCrypto();
+    const { privateKey, publicKey, commonName } = options;
+    if (!(privateKey instanceof CryptoKey) || privateKey.type !== "private") {
+        throw new Error("privateKey must be a CryptoKey of type 'private'");
+    }
+    if (!(publicKey instanceof CryptoKey) || publicKey.type !== "public") {
+        throw new Error("publicKey must be a CryptoKey of type 'public'");
+    }
+    const subject = buildSubject(commonName);
+    const spkiDer = await subtle.exportKey("spki", publicKey);
+    const subjectPublicKeyInfo = AsnConvert.parse(spkiDer, SubjectPublicKeyInfo);
+    const attributes = new Attributes();
+    const sanitizedLogicals = Array.isArray(options.logicals)
+        ? options.logicals
+            .map((logical) => logical.trim())
+            .filter((logical) => logical.length > 0)
+        : [];
+    if (sanitizedLogicals.length > 0) {
+        const san = new SubjectAlternativeName(sanitizedLogicals.map((logical) => new GeneralName({
+            uniformResourceIdentifier: `${LOGICAL_URI_PREFIX}${logical}`,
+        })));
+        const extensions = new Extensions([
+            new Extension({
+                extnID: id_ce_subjectAltName,
+                critical: false,
+                extnValue: new OctetString(AsnConvert.serialize(san)),
+            }),
+        ]);
+        attributes.push(new Attribute({
+            type: "1.2.840.113549.1.9.14",
+            values: [AsnConvert.serialize(extensions)],
+        }));
+    }
+    const requestInfo = new CertificationRequestInfo({
+        subject,
+        subjectPKInfo: subjectPublicKeyInfo,
+        attributes,
+    });
+    const requestInfoDer = AsnConvert.serialize(requestInfo);
+    const signature = await subtle.sign("Ed25519", privateKey, requestInfoDer);
+    const certificationRequest = new CertificationRequest({
+        certificationRequestInfo: requestInfo,
+        signatureAlgorithm: new AlgorithmIdentifier({
+            algorithm: ED25519_OID,
+        }),
+        signature,
+    });
+    const csrDer = AsnConvert.serialize(certificationRequest);
+    const csrPem = derToPem(csrDer, "CERTIFICATE REQUEST");
+    return { csrPem, csrDer };
+}
+//# sourceMappingURL=browser-csr.js.map

package/dist/cjs/naylence/fame/security/cert/browser-csr.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser-csr.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/browser-csr.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EACN,UAAU,EACV,oBAAoB,EACpB,wBAAwB,GACxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACN,mBAAmB,EACnB,SAAS,EACT,qBAAqB,EACrB,cAAc,EACd,SAAS,EACT,UAAU,EACV,WAAW,EACX,IAAI,EACJ,yBAAyB,EACzB,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,GACpB,MAAM,qBAAqB,CAAC;AAI7B,MAAM,WAAW,GAAG,aAAa,CAAC;AAClC,MAAM,eAAe,GAAG,SAAS,CAAC;AAClC,MAAM,kBAAkB,GAAG,aAAa,CAAC;AASzC,SAAS,kBAAkB;IAC1B,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC;IAC3C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,UAAkB;IACvC,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,IAAI,IAAI,CAAC;QACf,IAAI,yBAAyB,CAAC;YAC7B,IAAI,qBAAqB,CAAC;gBACzB,IAAI,EAAE,eAAe;gBACrB,KAAK,EAAE,IAAI,cAAc,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;aACrD,CAAC;SACF,CAAC;KACF,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAmB;IAC/C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IAErC,IAAI,OAAO,UAAU,CAAC,MAAM,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;QACnD,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,SAAS,GAAG,MAAM,CAAC;IACzB,KAAK,IAAI,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,EAAE,CAAC;QACjE,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;QACzD,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,UAAU,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,QAAQ,CAAC,GAAgB,EAAE,KAAa;IAChD,MAAM,MAAM,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,IAAI,EAAE,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,cAAc,KAAK,UAAU,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,KAAK,SAAS,CAAC;AAClF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACrC,OAAgC;IAEhC,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;IACpC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAEtD,IAAI,CAAC,CAAC,UAAU,YAAY,SAAS,CAAC,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACzE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACrE,CAAC;IAED,IAAI,CAAC,CAAC,SAAS,YAAY,SAAS,CAAC,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1D,MAAM,oBAAoB,GAAG,UAAU,CAAC,KAAK,CAC5C,OAAO,EACP,oBAAoB,CACpB,CAAC;IAEF,MAAM,UAAU,GAAG,IAAI,UAAU,EAAE,CAAC;IACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QACxD,CAAC,CAAC,OAAO,CAAC,QAAQ;aACf,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;aAChC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QAC1C,CAAC,CAAC,EAAE,CAAC;IAEN,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,IAAI,sBAAsB,CACrC,iBAAiB,CAAC,GAAG,CACpB,CAAC,OAAO,EAAE,EAAE,CACX,IAAI,WAAW,CAAC;YACf,yBAAyB,EAAE,GAAG,kBAAkB,GAAG,OAAO,EAAE;SAC5D,CAAC,CACH,CACD,CAAC;QAEF,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC;YACjC,IAAI,SAAS,CAAC;gBACb,MAAM,EAAE,oBAAoB;gBAC5B,QAAQ,EAAE,KAAK;gBACf,SAAS,EAAE,IAAI,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;aACrD,CAAC;SACF,CAAC,CAAC;QAEH,UAAU,CAAC,IAAI,CACd,IAAI,SAAS,CAAC;YACb,IAAI,EAAE,uBAAuB;YAC7B,MAAM,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;SAC1C,CAAC,CACF,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,wBAAwB,CAAC;QAChD,OAAO;QACP,aAAa,EAAE,oBAAoB;QACnC,UAAU;KACV,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,UAAU,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IAE3E,MAAM,oBAAoB,GAAG,IAAI,oBAAoB,CAAC;QACrD,wBAAwB,EAAE,WAAW;QACrC,kBAAkB,EAAE,IAAI,mBAAmB,CAAC;YAC3C,SAAS,EAAE,WAAW;SACtB,CAAC;QACF,SAAS;KACT,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;IAC1D,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;IAEvD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC3B,CAAC"}

package/dist/cjs/naylence/fame/security/cert/ca-server-cli.js

@@ -0,0 +1,30 @@
+#!/usr/bin/env node
+import { pathToFileURL } from "node:url";
+import { main } from "./ca-server.js";
+function isDirectExecution() {
+    if (typeof process === "undefined") {
+        return false;
+    }
+    const entry = process.argv?.[1];
+    if (typeof entry !== "string" || entry.length === 0) {
+        return false;
+    }
+    const entryUrl = pathToFileURL(entry).href;
+    return import.meta.url === entryUrl;
+}
+function registerSignalHandlers() {
+    const handleShutdown = (signal) => {
+        console.log("[INFO] ca_server_shutting_down", { signal });
+        process.exit(0);
+    };
+    process.on("SIGTERM", () => handleShutdown("SIGTERM"));
+    process.on("SIGINT", () => handleShutdown("SIGINT"));
+}
+if (isDirectExecution()) {
+    registerSignalHandlers();
+    main().catch((error) => {
+        console.error("Fatal error:", error);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=ca-server-cli.js.map

package/dist/cjs/naylence/fame/security/cert/ca-server-cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ca-server-cli.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/ca-server-cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAEtC,SAAS,iBAAiB;IACxB,IAAI,OAAO,OAAO,KAAK,WAAW,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC;IAC3C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC;AACtC,CAAC;AAED,SAAS,sBAAsB;IAC7B,MAAM,cAAc,GAAG,CAAC,MAAsB,EAAE,EAAE;QAChD,OAAO,CAAC,GAAG,CAAC,gCAAgC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC;IACvD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,IAAI,iBAAiB,EAAE,EAAE,CAAC;IACxB,sBAAsB,EAAE,CAAC;IAEzB,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/cjs/naylence/fame/security/cert/ca-server.js

@@ -0,0 +1,223 @@
+/**
+ * CA Server - Certificate Authority HTTP endpoint
+ *
+ * Provides certificate issuance via HTTP using Fastify.
+ * Mirrors the Python ca_server.py implementation.
+ */
+import { sha256 } from "@noble/hashes/sha256.js";
+import Fastify from "fastify";
+import { realpathSync } from "node:fs";
+import { resolve } from "node:path";
+import { CAServiceFactory } from "./ca-service-factory.js";
+// Simple console logger for CA server
+const logger = {
+    info: (event, meta) => {
+        console.log(`[INFO] ${event}`, meta || "");
+    },
+    warning: (event, meta) => {
+        console.warn(`[WARNING] ${event}`, meta || "");
+    },
+    error: (event, meta) => {
+        console.error(`[ERROR] ${event}`, meta || "");
+    },
+    debug: (event, meta) => {
+        const logLevel = (process.env.FAME_LOG_LEVEL || "info").toLowerCase();
+        if (logLevel === "debug" || logLevel === "trace") {
+            console.log(`[DEBUG] ${event}`, meta || "");
+        }
+    },
+};
+const ENV_VAR_FAME_APP_HOST = "FAME_APP_HOST";
+const ENV_VAR_FAME_APP_PORT = "FAME_APP_PORT";
+/**
+ * Create CA router with certificate signing endpoint.
+ * Mirrors Python's create_ca_router functionality.
+ */
+function createCaRouter(fastify, caService, prefix = "/fame/v1/ca") {
+    // Certificate signing endpoint
+    fastify.post(`${prefix}/sign`, {
+        schema: {
+            body: {
+                type: "object",
+                required: ["csr_pem", "requester_id"],
+                properties: {
+                    csr_pem: { type: "string" },
+                    requester_id: { type: "string" },
+                    physical_path: { type: "string" },
+                    logicals: { type: "array", items: { type: "string" } },
+                },
+            },
+        },
+    }, async (request, reply) => {
+        try {
+            const csrRequest = request.body;
+            if (!csrRequest || !csrRequest.requester_id) {
+                return reply.status(400).send({
+                    error: "invalid_request",
+                    message: "CSR must include requester_id",
+                });
+            }
+            logger.debug("ca_cert_request_received", {
+                requester_id: csrRequest.requester_id,
+                physical_path: csrRequest.physical_path,
+                logicals: csrRequest.logicals,
+            });
+            // Authenticate if authorizer is configured
+            if (caService.authorizer) {
+                // TODO: Implement authentication when authorizer interface is defined
+                logger.warning("authentication_not_yet_implemented", {
+                    authorizer_configured: true,
+                });
+            }
+            // Convert snake_case request to camelCase for TypeScript interface
+            const csrForService = {
+                csrPem: csrRequest.csr_pem,
+                requesterId: csrRequest.requester_id,
+                physicalPath: csrRequest.physical_path,
+                logicals: csrRequest.logicals,
+            };
+            // Issue certificate
+            const result = await caService.issueCertificate(csrForService);
+            const response = {
+                certificate_pem: result.certificatePem,
+                certificate_chain_pem: result.certificateChainPem,
+                expires_at: result.expiresAt,
+            };
+            return reply.send(response);
+        }
+        catch (error) {
+            logger.error("ca_cert_issuance_failed", {
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return reply.status(500).send({
+                error: "issuance_failed",
+                message: error instanceof Error ? error.message : "Unknown error",
+            });
+        }
+    });
+    // Health check
+    fastify.get("/health", async () => {
+        return { status: "healthy", service: "ca-server" };
+    });
+    const trustBundlePath = "/.well-known/naylence/trust-bundle.json";
+    fastify.get(trustBundlePath, async (request, reply) => {
+        const bundle = await caService.getTrustBundle();
+        if (!bundle) {
+            return reply.status(404).send({
+                error: "trust_bundle_unavailable",
+            });
+        }
+        const payload = JSON.stringify(bundle);
+        const etag = `"${computeEtag(payload)}"`;
+        const requestEtag = request.headers["if-none-match"];
+        if (typeof requestEtag === "string" && requestEtag.replace(/W\//u, "") === etag.replace(/W\//u, "")) {
+            return reply
+                .status(304)
+                .header("ETag", etag)
+                .header("Cache-Control", trustBundleCacheControl())
+                .send();
+        }
+        return reply
+            .header("Content-Type", "application/json")
+            .header("Cache-Control", trustBundleCacheControl())
+            .header("ETag", etag)
+            .send(bundle);
+    });
+}
+/**
+ * Create Fastify application with CA service lifespan management.
+ * Mirrors Python's FastAPI lifespan pattern.
+ */
+async function createApp() {
+    // Disable Fastify's built-in logger to avoid configuration conflicts
+    const fastify = Fastify({
+        logger: false,
+    });
+    // Register advanced security factories (including CA service factory)
+    const { registerAdvancedSecurityPluginFactories } = await import("../../../../plugin.js");
+    await registerAdvancedSecurityPluginFactories();
+    // Create CA service (mirrors Python's lifespan startup)
+    const caService = await CAServiceFactory.createCAService();
+    // Register CA router
+    createCaRouter(fastify, caService);
+    return { app: fastify, caService };
+}
+async function main() {
+    try {
+        const { app } = await createApp();
+        const host = process.env[ENV_VAR_FAME_APP_HOST] || "0.0.0.0";
+        const port = parseInt(process.env[ENV_VAR_FAME_APP_PORT] || "8098", 10);
+        await app.listen({ host, port });
+        logger.info("ca_server_started", { host, port });
+        console.log(`\n📍 CA Server listening on http://${host}:${port}`);
+        console.log(`🔐 Certificate endpoint: http://${host}:${port}/fame/v1/ca/sign\n`);
+    }
+    catch (error) {
+        logger.error("ca_server_startup_failed", {
+            error: error instanceof Error ? error.message : String(error),
+        });
+        process.exit(1);
+    }
+}
+export { createApp, main };
+const isTopLevelInvocation = (() => {
+    if (typeof process === "undefined") {
+        return false;
+    }
+    const entry = process.argv[1] ?? null;
+    if (!entry) {
+        if (process.env.FAME_CA_DEBUG === "1") {
+            console.log("[CA DEBUG] missing process argv entry", JSON.stringify({ argv: process.argv }));
+        }
+        return false;
+    }
+    try {
+        const entryPath = resolveToRealPath(entry);
+        if (!entryPath) {
+            if (process.env.FAME_CA_DEBUG === "1") {
+                console.log("[CA DEBUG] failed to resolve entry path", JSON.stringify({ entry }));
+            }
+            return false;
+        }
+        if (process.env.FAME_CA_DEBUG === "1") {
+            console.log("[CA DEBUG] invocation check", JSON.stringify({
+                argv: process.argv,
+                entryPath,
+            }));
+        }
+        return /(?:^|[\\/])ca-server\.js$/u.test(entryPath);
+    }
+    catch (error) {
+        if (process.env.FAME_CA_DEBUG === "1") {
+            console.log("[CA DEBUG] invocation check error", JSON.stringify({ error: error instanceof Error ? error.message : String(error) }));
+        }
+        return false;
+    }
+})();
+if (isTopLevelInvocation) {
+    void main();
+}
+function computeEtag(payload) {
+    const encoder = new TextEncoder();
+    const digest = sha256(encoder.encode(payload));
+    return Array.from(digest)
+        .map((byte) => byte.toString(16).padStart(2, "0"))
+        .join("");
+}
+function trustBundleCacheControl() {
+    return "public, max-age=3600, stale-while-revalidate=86400";
+}
+function resolveToRealPath(pathLike) {
+    try {
+        return realpathSync(pathLike);
+    }
+    catch {
+        try {
+            return realpathSync.native?.(pathLike) ?? resolve(pathLike);
+        }
+        catch {
+            return resolve(pathLike);
+        }
+    }
+}
+//# sourceMappingURL=ca-server.js.map

package/dist/cjs/naylence/fame/security/cert/ca-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ca-server.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/ca-server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAG3D,sCAAsC;AACtC,MAAM,MAAM,GAAG;IACb,IAAI,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACtD,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACzD,OAAO,CAAC,IAAI,CAAC,aAAa,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IACD,KAAK,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACvD,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IACD,KAAK,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACvD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QACtE,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,qBAAqB,GAAG,eAAe,CAAC;AAC9C,MAAM,qBAAqB,GAAG,eAAe,CAAC;AAe9C;;;GAGG;AACH,SAAS,cAAc,CACrB,OAAwB,EACxB,SAAoB,EACpB,SAAiB,aAAa;IAE9B,+BAA+B;IAC/B,OAAO,CAAC,IAAI,CACV,GAAG,MAAM,OAAO,EAChB;QACE,MAAM,EAAE;YACN,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,SAAS,EAAE,cAAc,CAAC;gBACrC,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC3B,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAChC,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACjC,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iBACvD;aACF;SACF;KACF,EACD,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;YAEhC,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC5C,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC5B,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,+BAA+B;iBACzC,CAAC,CAAC;YACL,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;gBACvC,YAAY,EAAE,UAAU,CAAC,YAAY;gBACrC,aAAa,EAAE,UAAU,CAAC,aAAa;gBACvC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC,CAAC;YAEH,2CAA2C;YAC3C,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;gBACzB,sEAAsE;gBACtE,MAAM,CAAC,OAAO,CAAC,oCAAoC,EAAE;oBACnD,qBAAqB,EAAE,IAAI;iBAC5B,CAAC,CAAC;YACL,CAAC;YAED,mEAAmE;YACnE,MAAM,aAAa,GAAG;gBACpB,MAAM,EAAE,UAAU,CAAC,OAAO;gBAC1B,WAAW,EAAE,UAAU,CAAC,YAAY;gBACpC,YAAY,EAAE,UAAU,CAAC,aAAa;gBACtC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC;YAEF,oBAAoB;YACpB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;YAE/D,MAAM,QAAQ,GAAgC;gBAC5C,eAAe,EAAE,MAAM,CAAC,cAAc;gBACtC,qBAAqB,EAAE,MAAM,CAAC,mBAAmB;gBACjD,UAAU,EAAE,MAAM,CAAC,SAAS;aAC7B,CAAC;YAEF,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YAEH,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,KAAK,EAAE,iBAAiB;gBACxB,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;aAClE,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CACF,CAAC;IAEF,eAAe;IACf,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;QAChC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,yCAAyC,CAAC;IAElE,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACpD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,cAAc,EAAE,CAAC;QAChD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,KAAK,EAAE,0BAA0B;aAClC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC;QACzC,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAErD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC;YACpG,OAAO,KAAK;iBACT,MAAM,CAAC,GAAG,CAAC;iBACX,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC;iBACpB,MAAM,CAAC,eAAe,EAAE,uBAAuB,EAAE,CAAC;iBAClD,IAAI,EAAE,CAAC;QACZ,CAAC;QAED,OAAO,KAAK;aACT,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC;aAC1C,MAAM,CAAC,eAAe,EAAE,uBAAuB,EAAE,CAAC;aAClD,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC;aACpB,IAAI,CAAC,MAAoC,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,SAAS;IAItB,qEAAqE;IACrE,MAAM,OAAO,GAAG,OAAO,CAAC;QACtB,MAAM,EAAE,KAAK;KACd,CAAC,CAAC;IAEH,sEAAsE;IACtE,MAAM,EAAE,uCAAuC,EAAE,GAAG,MAAM,MAAM,CAC9D,uBAAuB,CACxB,CAAC;IACF,MAAM,uCAAuC,EAAE,CAAC;IAEhD,wDAAwD;IACxD,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,eAAe,EAAE,CAAC;IAE3D,qBAAqB;IACrB,cAAc,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAEnC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QAElC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,SAAS,CAAC;QAC7D,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;QAExE,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAEjC,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,sCAAsC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CACT,mCAAmC,IAAI,IAAI,IAAI,oBAAoB,CACpE,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;YACvC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAE3B,MAAM,oBAAoB,GAAG,CAAC,GAAG,EAAE;IACjC,IAAI,OAAO,OAAO,KAAK,WAAW,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACtC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,GAAG,EAAE,CAAC;YACtC,OAAO,CAAC,GAAG,CACT,uCAAuC,EACvC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CACvC,CAAC;QACJ,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,GAAG,EAAE,CAAC;gBACtC,OAAO,CAAC,GAAG,CACT,yCAAyC,EACzC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC,CAC1B,CAAC;YACJ,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,GAAG,EAAE,CAAC;YACtC,OAAO,CAAC,GAAG,CACT,6BAA6B,EAC7B,IAAI,CAAC,SAAS,CAAC;gBACb,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,SAAS;aACV,CAAC,CACH,CAAC;QACJ,CAAC;QACD,OAAO,4BAA4B,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,GAAG,EAAE,CAAC;YACtC,OAAO,CAAC,GAAG,CACT,mCAAmC,EACnC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAClF,CAAC;QACJ,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC,CAAC,EAAE,CAAC;AAEL,IAAI,oBAAoB,EAAE,CAAC;IACzB,KAAK,IAAI,EAAE,CAAC;AACd,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/C,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;SACtB,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACjD,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO,oDAAoD,CAAC;AAC9D,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,CAAC;YACH,OAAO,YAAY,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;AACH,CAAC"}