@naylence/runtime 0.3.5-test.921 → 0.3.5-test.923

package/dist/node/index.mjs

@@ -2,23 +2,23 @@ import { parseAddressComponents, FlowFlags, FameAddress, DEFAULT_POLLING_TIMEOUT
 export * from '@naylence/core';
 import { z, ZodError } from 'zod';
 import { AbstractResourceFactory, createResource as createResource$1, createDefaultResource, registerFactory, Expressions, ExtensionManager, ExpressionEvaluationPolicy, Registry, configValidator } from '@naylence/factory';
+import { sign, hashes, verify } from '@noble/ed25519';
+import { sha256, sha512 } from '@noble/hashes/sha2.js';
 import { chacha20poly1305 } from '@noble/ciphers/chacha.js';
 import { x25519 } from '@noble/curves/ed25519.js';
 import { hkdf } from '@noble/hashes/hkdf.js';
-import { sha256, sha512 } from '@noble/hashes/sha2.js';
 import { utf8ToBytes, bytesToHex, randomBytes, concatBytes } from '@noble/hashes/utils.js';
 import { parse } from 'yaml';
 import fastify from 'fastify';
 import websocketPlugin from '@fastify/websocket';
-import { sign, hashes, verify } from '@noble/ed25519';
 
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.3.5-test.921
+// Generated from package.json version: 0.3.5-test.923
 /**
  * The package version, injected at build time.
  * @internal
  */
-const VERSION = '0.3.5-test.921';
+const VERSION = '0.3.5-test.923';
 
 /**
  * Fame protocol specific error classes with WebSocket close codes and proper inheritance.
@@ -25160,6 +25160,251 @@ class SigningConfig {
     }
 }
 
+function hasBuffer() {
+    return typeof Buffer !== 'undefined';
+}
+function readStringProperty(source, ...names) {
+    if (!source || typeof source !== 'object') {
+        return undefined;
+    }
+    for (const name of names) {
+        const value = source[name];
+        if (typeof value === 'string' && value.length > 0) {
+            return value;
+        }
+    }
+    return undefined;
+}
+function decodePem(pem) {
+    const base64 = pem
+        .replace(/-----BEGIN[^-]+-----/g, '')
+        .replace(/-----END[^-]+-----/g, '')
+        .replace(/\s+/g, '');
+    if (typeof atob === 'function') {
+        const binary = atob(base64);
+        const bytes = new Uint8Array(binary.length);
+        for (let i = 0; i < binary.length; i += 1) {
+            bytes[i] = binary.charCodeAt(i);
+        }
+        return bytes;
+    }
+    if (hasBuffer()) {
+        return Uint8Array.from(Buffer.from(base64, 'base64'));
+    }
+    throw new Error('Base64 decoding is not available in this environment');
+}
+function readLength(data, offset) {
+    const initial = data[offset];
+    if (initial === undefined) {
+        throw new Error('Unexpected end of ASN.1 data');
+    }
+    if ((initial & 0x80) === 0) {
+        return { length: initial, nextOffset: offset + 1 };
+    }
+    const lengthOfLength = initial & 0x7f;
+    if (lengthOfLength === 0 || lengthOfLength > 4) {
+        throw new Error('Unsupported ASN.1 length encoding');
+    }
+    let length = 0;
+    let position = offset + 1;
+    for (let i = 0; i < lengthOfLength; i += 1) {
+        const byte = data[position];
+        if (byte === undefined) {
+            throw new Error('Unexpected end of ASN.1 data');
+        }
+        length = (length << 8) | byte;
+        position += 1;
+    }
+    return { length, nextOffset: position };
+}
+function readElement(data, offset, tag) {
+    if (data[offset] !== tag) {
+        throw new Error(`Unexpected ASN.1 tag: expected 0x${tag.toString(16)}, got 0x${(data[offset] ?? 0).toString(16)}`);
+    }
+    const { length, nextOffset } = readLength(data, offset + 1);
+    const contentOffset = nextOffset;
+    return {
+        length,
+        contentOffset,
+        nextOffset: contentOffset + length,
+    };
+}
+function parseEd25519PrivateKey(pem) {
+    const raw = decodePem(pem);
+    if (raw.length === 32) {
+        return raw.slice();
+    }
+    // Handle PKCS#8 structure defined in RFC 8410
+    const sequence = readElement(raw, 0, 0x30);
+    const version = readElement(raw, sequence.contentOffset, 0x02);
+    let offset = version.nextOffset;
+    const algorithm = readElement(raw, offset, 0x30);
+    offset = algorithm.nextOffset;
+    const privateKey = readElement(raw, offset, 0x04);
+    const privateContent = raw.subarray(privateKey.contentOffset, privateKey.contentOffset + privateKey.length);
+    if (privateContent.length === 32) {
+        return privateContent.slice();
+    }
+    if (privateContent.length >= 34 && privateContent[0] === 0x04) {
+        const innerLength = privateContent[1];
+        if (innerLength !== 32 || privateContent.length < innerLength + 2) {
+            throw new Error('Unexpected Ed25519 private key length');
+        }
+        return privateContent.subarray(2, 34);
+    }
+    throw new Error('Unsupported Ed25519 private key structure');
+}
+const textEncoder = typeof TextEncoder !== 'undefined' ? new TextEncoder() : undefined;
+function encodeUtf8(value) {
+    if (textEncoder) {
+        return textEncoder.encode(value);
+    }
+    if (hasBuffer()) {
+        return Uint8Array.from(Buffer.from(value, 'utf8'));
+    }
+    throw new Error('No UTF-8 encoder available in this environment');
+}
+
+if (!hashes.sha512) {
+    hashes.sha512 = (message) => sha512(message);
+}
+function normalizeSignerOptions(options) {
+    if (!options || typeof options !== 'object') {
+        return {};
+    }
+    const candidate = options;
+    const result = {
+        ...options,
+    };
+    const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
+    if (cryptoProvider !== undefined) {
+        result.cryptoProvider = cryptoProvider ?? null;
+    }
+    const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
+    if (signingConfig !== undefined) {
+        result.signingConfig = signingConfig;
+    }
+    const privateKeyPem = resolveAlias(candidate, [
+        'privateKeyPem',
+        'private_key_pem',
+    ]);
+    if (privateKeyPem !== undefined) {
+        result.privateKeyPem = privateKeyPem;
+    }
+    const keyId = resolveAlias(candidate, [
+        'keyId',
+        'key_id',
+    ]);
+    if (keyId !== undefined) {
+        result.keyId = keyId;
+    }
+    return result;
+}
+class EdDSAEnvelopeSigner {
+    constructor(options = {}) {
+        const normalized = normalizeSignerOptions(options);
+        const provider = normalized.cryptoProvider ?? null;
+        if (!provider) {
+            throw new Error('No crypto provider is configured for signing');
+        }
+        this.crypto = provider;
+        const signingConfigOption = normalized.signingConfig;
+        if (signingConfigOption instanceof SigningConfig) {
+            this.signingConfig = signingConfigOption;
+        }
+        else if (signingConfigOption) {
+            this.signingConfig = new SigningConfig(signingConfigOption);
+        }
+        else {
+            this.signingConfig = new SigningConfig();
+        }
+        this.explicitPrivateKey = normalized.privateKeyPem;
+        this.explicitKeyId = normalized.keyId;
+    }
+    signEnvelope(envelope, { physicalPath }) {
+        if (!envelope.sid) {
+            throw new Error('Envelope missing sid');
+        }
+        const frame = envelope.frame;
+        if (frame.type === 'Data') {
+            const dataFrame = frame;
+            if (!dataFrame.pd) {
+                const payload = dataFrame.payload ?? '';
+                const payloadString = payload === '' ? '' : canonicalJson(payload);
+                dataFrame.pd = secureDigest(payloadString);
+            }
+        }
+        const digest = frameDigest(frame);
+        const immutable = canonicalJson(immutableHeaders(envelope));
+        const sidDigest = secureDigest(physicalPath);
+        const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
+            1 +
+            encodeUtf8(immutable).length +
+            1 +
+            encodeUtf8(digest).length);
+        const sidBytes = encodeUtf8(sidDigest);
+        const immBytes = encodeUtf8(immutable);
+        const digBytes = encodeUtf8(digest);
+        let offset = 0;
+        tbs.set(sidBytes, offset);
+        offset += sidBytes.length;
+        tbs[offset] = 0x1f;
+        offset += 1;
+        tbs.set(immBytes, offset);
+        offset += immBytes.length;
+        tbs[offset] = 0x1f;
+        offset += 1;
+        tbs.set(digBytes, offset);
+        const privateKey = this.loadPrivateKey();
+        const signatureBytes = sign(tbs, privateKey);
+        const signature = urlsafeBase64Encode(signatureBytes);
+        const kid = this.determineKeyId();
+        const signatureHeader = {
+            kid,
+            val: signature,
+            alg: 'EdDSA',
+        };
+        const secHeader = envelope.sec ?? {};
+        secHeader.sig = signatureHeader;
+        envelope.sec = secHeader;
+        return envelope;
+    }
+    loadPrivateKey() {
+        const pem = this.explicitPrivateKey ??
+            readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
+        if (!pem) {
+            throw new Error('Crypto provider does not expose a signing private key');
+        }
+        return parseEd25519PrivateKey(pem);
+    }
+    determineKeyId() {
+        if (this.explicitKeyId) {
+            return this.explicitKeyId;
+        }
+        if (this.signingConfig.signingMaterial === SigningMaterial.X509_CHAIN) {
+            const certificateProvider = this
+                .crypto;
+            const jwk = certificateProvider.nodeJwk?.();
+            if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
+                const kid = jwk.kid;
+                if (typeof kid === 'string' && kid.length > 0) {
+                    return kid;
+                }
+            }
+        }
+        const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
+        if (!fallback) {
+            throw new Error('Crypto provider does not expose a signature key id');
+        }
+        return fallback;
+    }
+}
+
+var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
+    __proto__: null,
+    EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
+});
+
 const logger$x = getLogger('naylence.fame.security.auth.jwt_token_issuer');
 let joseModulePromise = null;
 async function requireJose() {
@@ -39265,251 +39510,6 @@ var sharedSecretTokenVerifier = /*#__PURE__*/Object.freeze({
     SharedSecretTokenVerifier: SharedSecretTokenVerifier
 });
 
-function hasBuffer() {
-    return typeof Buffer !== 'undefined';
-}
-function readStringProperty(source, ...names) {
-    if (!source || typeof source !== 'object') {
-        return undefined;
-    }
-    for (const name of names) {
-        const value = source[name];
-        if (typeof value === 'string' && value.length > 0) {
-            return value;
-        }
-    }
-    return undefined;
-}
-function decodePem(pem) {
-    const base64 = pem
-        .replace(/-----BEGIN[^-]+-----/g, '')
-        .replace(/-----END[^-]+-----/g, '')
-        .replace(/\s+/g, '');
-    if (typeof atob === 'function') {
-        const binary = atob(base64);
-        const bytes = new Uint8Array(binary.length);
-        for (let i = 0; i < binary.length; i += 1) {
-            bytes[i] = binary.charCodeAt(i);
-        }
-        return bytes;
-    }
-    if (hasBuffer()) {
-        return Uint8Array.from(Buffer.from(base64, 'base64'));
-    }
-    throw new Error('Base64 decoding is not available in this environment');
-}
-function readLength(data, offset) {
-    const initial = data[offset];
-    if (initial === undefined) {
-        throw new Error('Unexpected end of ASN.1 data');
-    }
-    if ((initial & 0x80) === 0) {
-        return { length: initial, nextOffset: offset + 1 };
-    }
-    const lengthOfLength = initial & 0x7f;
-    if (lengthOfLength === 0 || lengthOfLength > 4) {
-        throw new Error('Unsupported ASN.1 length encoding');
-    }
-    let length = 0;
-    let position = offset + 1;
-    for (let i = 0; i < lengthOfLength; i += 1) {
-        const byte = data[position];
-        if (byte === undefined) {
-            throw new Error('Unexpected end of ASN.1 data');
-        }
-        length = (length << 8) | byte;
-        position += 1;
-    }
-    return { length, nextOffset: position };
-}
-function readElement(data, offset, tag) {
-    if (data[offset] !== tag) {
-        throw new Error(`Unexpected ASN.1 tag: expected 0x${tag.toString(16)}, got 0x${(data[offset] ?? 0).toString(16)}`);
-    }
-    const { length, nextOffset } = readLength(data, offset + 1);
-    const contentOffset = nextOffset;
-    return {
-        length,
-        contentOffset,
-        nextOffset: contentOffset + length,
-    };
-}
-function parseEd25519PrivateKey(pem) {
-    const raw = decodePem(pem);
-    if (raw.length === 32) {
-        return raw.slice();
-    }
-    // Handle PKCS#8 structure defined in RFC 8410
-    const sequence = readElement(raw, 0, 0x30);
-    const version = readElement(raw, sequence.contentOffset, 0x02);
-    let offset = version.nextOffset;
-    const algorithm = readElement(raw, offset, 0x30);
-    offset = algorithm.nextOffset;
-    const privateKey = readElement(raw, offset, 0x04);
-    const privateContent = raw.subarray(privateKey.contentOffset, privateKey.contentOffset + privateKey.length);
-    if (privateContent.length === 32) {
-        return privateContent.slice();
-    }
-    if (privateContent.length >= 34 && privateContent[0] === 0x04) {
-        const innerLength = privateContent[1];
-        if (innerLength !== 32 || privateContent.length < innerLength + 2) {
-            throw new Error('Unexpected Ed25519 private key length');
-        }
-        return privateContent.subarray(2, 34);
-    }
-    throw new Error('Unsupported Ed25519 private key structure');
-}
-const textEncoder = typeof TextEncoder !== 'undefined' ? new TextEncoder() : undefined;
-function encodeUtf8(value) {
-    if (textEncoder) {
-        return textEncoder.encode(value);
-    }
-    if (hasBuffer()) {
-        return Uint8Array.from(Buffer.from(value, 'utf8'));
-    }
-    throw new Error('No UTF-8 encoder available in this environment');
-}
-
-if (!hashes.sha512) {
-    hashes.sha512 = (message) => sha512(message);
-}
-function normalizeSignerOptions(options) {
-    if (!options || typeof options !== 'object') {
-        return {};
-    }
-    const candidate = options;
-    const result = {
-        ...options,
-    };
-    const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
-    if (cryptoProvider !== undefined) {
-        result.cryptoProvider = cryptoProvider ?? null;
-    }
-    const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
-    if (signingConfig !== undefined) {
-        result.signingConfig = signingConfig;
-    }
-    const privateKeyPem = resolveAlias(candidate, [
-        'privateKeyPem',
-        'private_key_pem',
-    ]);
-    if (privateKeyPem !== undefined) {
-        result.privateKeyPem = privateKeyPem;
-    }
-    const keyId = resolveAlias(candidate, [
-        'keyId',
-        'key_id',
-    ]);
-    if (keyId !== undefined) {
-        result.keyId = keyId;
-    }
-    return result;
-}
-class EdDSAEnvelopeSigner {
-    constructor(options = {}) {
-        const normalized = normalizeSignerOptions(options);
-        const provider = normalized.cryptoProvider ?? null;
-        if (!provider) {
-            throw new Error('No crypto provider is configured for signing');
-        }
-        this.crypto = provider;
-        const signingConfigOption = normalized.signingConfig;
-        if (signingConfigOption instanceof SigningConfig) {
-            this.signingConfig = signingConfigOption;
-        }
-        else if (signingConfigOption) {
-            this.signingConfig = new SigningConfig(signingConfigOption);
-        }
-        else {
-            this.signingConfig = new SigningConfig();
-        }
-        this.explicitPrivateKey = normalized.privateKeyPem;
-        this.explicitKeyId = normalized.keyId;
-    }
-    signEnvelope(envelope, { physicalPath }) {
-        if (!envelope.sid) {
-            throw new Error('Envelope missing sid');
-        }
-        const frame = envelope.frame;
-        if (frame.type === 'Data') {
-            const dataFrame = frame;
-            if (!dataFrame.pd) {
-                const payload = dataFrame.payload ?? '';
-                const payloadString = payload === '' ? '' : canonicalJson(payload);
-                dataFrame.pd = secureDigest(payloadString);
-            }
-        }
-        const digest = frameDigest(frame);
-        const immutable = canonicalJson(immutableHeaders(envelope));
-        const sidDigest = secureDigest(physicalPath);
-        const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
-            1 +
-            encodeUtf8(immutable).length +
-            1 +
-            encodeUtf8(digest).length);
-        const sidBytes = encodeUtf8(sidDigest);
-        const immBytes = encodeUtf8(immutable);
-        const digBytes = encodeUtf8(digest);
-        let offset = 0;
-        tbs.set(sidBytes, offset);
-        offset += sidBytes.length;
-        tbs[offset] = 0x1f;
-        offset += 1;
-        tbs.set(immBytes, offset);
-        offset += immBytes.length;
-        tbs[offset] = 0x1f;
-        offset += 1;
-        tbs.set(digBytes, offset);
-        const privateKey = this.loadPrivateKey();
-        const signatureBytes = sign(tbs, privateKey);
-        const signature = urlsafeBase64Encode(signatureBytes);
-        const kid = this.determineKeyId();
-        const signatureHeader = {
-            kid,
-            val: signature,
-            alg: 'EdDSA',
-        };
-        const secHeader = envelope.sec ?? {};
-        secHeader.sig = signatureHeader;
-        envelope.sec = secHeader;
-        return envelope;
-    }
-    loadPrivateKey() {
-        const pem = this.explicitPrivateKey ??
-            readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
-        if (!pem) {
-            throw new Error('Crypto provider does not expose a signing private key');
-        }
-        return parseEd25519PrivateKey(pem);
-    }
-    determineKeyId() {
-        if (this.explicitKeyId) {
-            return this.explicitKeyId;
-        }
-        if (this.signingConfig.signingMaterial === SigningMaterial.X509_CHAIN) {
-            const certificateProvider = this
-                .crypto;
-            const jwk = certificateProvider.nodeJwk?.();
-            if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
-                const kid = jwk.kid;
-                if (typeof kid === 'string' && kid.length > 0) {
-                    return kid;
-                }
-            }
-        }
-        const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
-        if (!fallback) {
-            throw new Error('Crypto provider does not expose a signature key id');
-        }
-        return fallback;
-    }
-}
-
-var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
-});
-
 async function loadPublicKey(jwk, signingConfig) {
     if (jwk.x5c) {
         if (signingConfig.signingMaterial !== SigningMaterial.X509_CHAIN) {
@@ -39747,4 +39747,4 @@ var websocketTransportProvisioner = /*#__PURE__*/Object.freeze({
     WebSocketTransportProvisionerFactory: WebSocketTransportProvisionerFactory
 });
 
-export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$_ as DEFAULT_WELCOME_FACTORY_META, DefaultCryptoProvider, DefaultKeyManager, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$1 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$$ as FACTORY_META, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MemoryMetricsEmitter, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_STRICT_OVERLAY, PromptCredentialProvider, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenVerifierFactory, TransportProvisionerFactory, TtlValidationError, UpstreamSessionManager, VALID_CURVES_BY_KTY, VALID_KEY_USES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, capitalizeFirstLetter, color, compareCryptoLevels, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createLogicalUri, createNodeDeliveryContext, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, ensureRuntimeFactoriesRegistered, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, getCurrentEnvelope, getFameRoot, getKeyProvider, getKeyStore, getLogger, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isInPageConnectionGrant, isNodeLike, isPlainObject$3 as isPlainObject, isPoolAddress, isPoolLogical, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, safeColor, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };
+export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$_ as DEFAULT_WELCOME_FACTORY_META, DefaultCryptoProvider, DefaultKeyManager, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$1 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EdDSAEnvelopeSigner, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$$ as FACTORY_META, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MemoryMetricsEmitter, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_STRICT_OVERLAY, PromptCredentialProvider, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenVerifierFactory, TransportProvisionerFactory, TtlValidationError, UpstreamSessionManager, VALID_CURVES_BY_KTY, VALID_KEY_USES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, color, compareCryptoLevels, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createLogicalUri, createNodeDeliveryContext, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCurrentEnvelope, getFameRoot, getKeyProvider, getKeyStore, getLogger, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isInPageConnectionGrant, isNodeLike, isPlainObject$3 as isPlainObject, isPoolAddress, isPoolLogical, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, safeColor, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };