@naylence/runtime 0.3.5-test.922 → 0.3.5-test.923

package/dist/node/index.cjs

@@ -3,23 +3,23 @@
 var core = require('@naylence/core');
 var zod = require('zod');
 var factory = require('@naylence/factory');
+var ed25519 = require('@noble/ed25519');
+var sha2_js = require('@noble/hashes/sha2.js');
 var chacha_js = require('@noble/ciphers/chacha.js');
 var ed25519_js = require('@noble/curves/ed25519.js');
 var hkdf_js = require('@noble/hashes/hkdf.js');
-var sha2_js = require('@noble/hashes/sha2.js');
 var utils_js = require('@noble/hashes/utils.js');
 var yaml = require('yaml');
 var fastify = require('fastify');
 var websocketPlugin = require('@fastify/websocket');
-var ed25519 = require('@noble/ed25519');
 
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.3.5-test.922
+// Generated from package.json version: 0.3.5-test.923
 /**
  * The package version, injected at build time.
  * @internal
  */
-const VERSION = '0.3.5-test.922';
+const VERSION = '0.3.5-test.923';
 
 /**
  * Fame protocol specific error classes with WebSocket close codes and proper inheritance.
@@ -25266,6 +25266,146 @@ function encodeUtf8(value) {
     throw new Error('No UTF-8 encoder available in this environment');
 }
 
+if (!ed25519.hashes.sha512) {
+    ed25519.hashes.sha512 = (message) => sha2_js.sha512(message);
+}
+function normalizeSignerOptions(options) {
+    if (!options || typeof options !== 'object') {
+        return {};
+    }
+    const candidate = options;
+    const result = {
+        ...options,
+    };
+    const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
+    if (cryptoProvider !== undefined) {
+        result.cryptoProvider = cryptoProvider ?? null;
+    }
+    const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
+    if (signingConfig !== undefined) {
+        result.signingConfig = signingConfig;
+    }
+    const privateKeyPem = resolveAlias(candidate, [
+        'privateKeyPem',
+        'private_key_pem',
+    ]);
+    if (privateKeyPem !== undefined) {
+        result.privateKeyPem = privateKeyPem;
+    }
+    const keyId = resolveAlias(candidate, [
+        'keyId',
+        'key_id',
+    ]);
+    if (keyId !== undefined) {
+        result.keyId = keyId;
+    }
+    return result;
+}
+class EdDSAEnvelopeSigner {
+    constructor(options = {}) {
+        const normalized = normalizeSignerOptions(options);
+        const provider = normalized.cryptoProvider ?? null;
+        if (!provider) {
+            throw new Error('No crypto provider is configured for signing');
+        }
+        this.crypto = provider;
+        const signingConfigOption = normalized.signingConfig;
+        if (signingConfigOption instanceof SigningConfig) {
+            this.signingConfig = signingConfigOption;
+        }
+        else if (signingConfigOption) {
+            this.signingConfig = new SigningConfig(signingConfigOption);
+        }
+        else {
+            this.signingConfig = new SigningConfig();
+        }
+        this.explicitPrivateKey = normalized.privateKeyPem;
+        this.explicitKeyId = normalized.keyId;
+    }
+    signEnvelope(envelope, { physicalPath }) {
+        if (!envelope.sid) {
+            throw new Error('Envelope missing sid');
+        }
+        const frame = envelope.frame;
+        if (frame.type === 'Data') {
+            const dataFrame = frame;
+            if (!dataFrame.pd) {
+                const payload = dataFrame.payload ?? '';
+                const payloadString = payload === '' ? '' : canonicalJson(payload);
+                dataFrame.pd = secureDigest(payloadString);
+            }
+        }
+        const digest = frameDigest(frame);
+        const immutable = canonicalJson(immutableHeaders(envelope));
+        const sidDigest = secureDigest(physicalPath);
+        const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
+            1 +
+            encodeUtf8(immutable).length +
+            1 +
+            encodeUtf8(digest).length);
+        const sidBytes = encodeUtf8(sidDigest);
+        const immBytes = encodeUtf8(immutable);
+        const digBytes = encodeUtf8(digest);
+        let offset = 0;
+        tbs.set(sidBytes, offset);
+        offset += sidBytes.length;
+        tbs[offset] = 0x1f;
+        offset += 1;
+        tbs.set(immBytes, offset);
+        offset += immBytes.length;
+        tbs[offset] = 0x1f;
+        offset += 1;
+        tbs.set(digBytes, offset);
+        const privateKey = this.loadPrivateKey();
+        const signatureBytes = ed25519.sign(tbs, privateKey);
+        const signature = urlsafeBase64Encode(signatureBytes);
+        const kid = this.determineKeyId();
+        const signatureHeader = {
+            kid,
+            val: signature,
+            alg: 'EdDSA',
+        };
+        const secHeader = envelope.sec ?? {};
+        secHeader.sig = signatureHeader;
+        envelope.sec = secHeader;
+        return envelope;
+    }
+    loadPrivateKey() {
+        const pem = this.explicitPrivateKey ??
+            readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
+        if (!pem) {
+            throw new Error('Crypto provider does not expose a signing private key');
+        }
+        return parseEd25519PrivateKey(pem);
+    }
+    determineKeyId() {
+        if (this.explicitKeyId) {
+            return this.explicitKeyId;
+        }
+        if (this.signingConfig.signingMaterial === core.SigningMaterial.X509_CHAIN) {
+            const certificateProvider = this
+                .crypto;
+            const jwk = certificateProvider.nodeJwk?.();
+            if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
+                const kid = jwk.kid;
+                if (typeof kid === 'string' && kid.length > 0) {
+                    return kid;
+                }
+            }
+        }
+        const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
+        if (!fallback) {
+            throw new Error('Crypto provider does not expose a signature key id');
+        }
+        return fallback;
+    }
+}
+
+var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
+    __proto__: null,
+    EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
+});
+
 const logger$x = getLogger('naylence.fame.security.auth.jwt_token_issuer');
 let joseModulePromise = null;
 async function requireJose() {
@@ -39371,146 +39511,6 @@ var sharedSecretTokenVerifier = /*#__PURE__*/Object.freeze({
     SharedSecretTokenVerifier: SharedSecretTokenVerifier
 });
 
-if (!ed25519.hashes.sha512) {
-    ed25519.hashes.sha512 = (message) => sha2_js.sha512(message);
-}
-function normalizeSignerOptions(options) {
-    if (!options || typeof options !== 'object') {
-        return {};
-    }
-    const candidate = options;
-    const result = {
-        ...options,
-    };
-    const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
-    if (cryptoProvider !== undefined) {
-        result.cryptoProvider = cryptoProvider ?? null;
-    }
-    const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
-    if (signingConfig !== undefined) {
-        result.signingConfig = signingConfig;
-    }
-    const privateKeyPem = resolveAlias(candidate, [
-        'privateKeyPem',
-        'private_key_pem',
-    ]);
-    if (privateKeyPem !== undefined) {
-        result.privateKeyPem = privateKeyPem;
-    }
-    const keyId = resolveAlias(candidate, [
-        'keyId',
-        'key_id',
-    ]);
-    if (keyId !== undefined) {
-        result.keyId = keyId;
-    }
-    return result;
-}
-class EdDSAEnvelopeSigner {
-    constructor(options = {}) {
-        const normalized = normalizeSignerOptions(options);
-        const provider = normalized.cryptoProvider ?? null;
-        if (!provider) {
-            throw new Error('No crypto provider is configured for signing');
-        }
-        this.crypto = provider;
-        const signingConfigOption = normalized.signingConfig;
-        if (signingConfigOption instanceof SigningConfig) {
-            this.signingConfig = signingConfigOption;
-        }
-        else if (signingConfigOption) {
-            this.signingConfig = new SigningConfig(signingConfigOption);
-        }
-        else {
-            this.signingConfig = new SigningConfig();
-        }
-        this.explicitPrivateKey = normalized.privateKeyPem;
-        this.explicitKeyId = normalized.keyId;
-    }
-    signEnvelope(envelope, { physicalPath }) {
-        if (!envelope.sid) {
-            throw new Error('Envelope missing sid');
-        }
-        const frame = envelope.frame;
-        if (frame.type === 'Data') {
-            const dataFrame = frame;
-            if (!dataFrame.pd) {
-                const payload = dataFrame.payload ?? '';
-                const payloadString = payload === '' ? '' : canonicalJson(payload);
-                dataFrame.pd = secureDigest(payloadString);
-            }
-        }
-        const digest = frameDigest(frame);
-        const immutable = canonicalJson(immutableHeaders(envelope));
-        const sidDigest = secureDigest(physicalPath);
-        const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
-            1 +
-            encodeUtf8(immutable).length +
-            1 +
-            encodeUtf8(digest).length);
-        const sidBytes = encodeUtf8(sidDigest);
-        const immBytes = encodeUtf8(immutable);
-        const digBytes = encodeUtf8(digest);
-        let offset = 0;
-        tbs.set(sidBytes, offset);
-        offset += sidBytes.length;
-        tbs[offset] = 0x1f;
-        offset += 1;
-        tbs.set(immBytes, offset);
-        offset += immBytes.length;
-        tbs[offset] = 0x1f;
-        offset += 1;
-        tbs.set(digBytes, offset);
-        const privateKey = this.loadPrivateKey();
-        const signatureBytes = ed25519.sign(tbs, privateKey);
-        const signature = urlsafeBase64Encode(signatureBytes);
-        const kid = this.determineKeyId();
-        const signatureHeader = {
-            kid,
-            val: signature,
-            alg: 'EdDSA',
-        };
-        const secHeader = envelope.sec ?? {};
-        secHeader.sig = signatureHeader;
-        envelope.sec = secHeader;
-        return envelope;
-    }
-    loadPrivateKey() {
-        const pem = this.explicitPrivateKey ??
-            readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
-        if (!pem) {
-            throw new Error('Crypto provider does not expose a signing private key');
-        }
-        return parseEd25519PrivateKey(pem);
-    }
-    determineKeyId() {
-        if (this.explicitKeyId) {
-            return this.explicitKeyId;
-        }
-        if (this.signingConfig.signingMaterial === core.SigningMaterial.X509_CHAIN) {
-            const certificateProvider = this
-                .crypto;
-            const jwk = certificateProvider.nodeJwk?.();
-            if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
-                const kid = jwk.kid;
-                if (typeof kid === 'string' && kid.length > 0) {
-                    return kid;
-                }
-            }
-        }
-        const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
-        if (!fallback) {
-            throw new Error('Crypto provider does not expose a signature key id');
-        }
-        return fallback;
-    }
-}
-
-var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
-});
-
 async function loadPublicKey(jwk, signingConfig) {
     if (jwk.x5c) {
         if (signingConfig.signingMaterial !== core.SigningMaterial.X509_CHAIN) {
@@ -39791,6 +39791,7 @@ exports.ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE;
 exports.ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER = ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER;
 exports.ENV_VAR_JWT_TRUSTED_ISSUER = ENV_VAR_JWT_TRUSTED_ISSUER;
 exports.ENV_VAR_SHOW_ENVELOPES = ENV_VAR_SHOW_ENVELOPES$1;
+exports.EdDSAEnvelopeSigner = EdDSAEnvelopeSigner;
 exports.EncryptedKeyValueStore = EncryptedKeyValueStore;
 exports.EncryptedStorageProviderBase = EncryptedStorageProviderBase;
 exports.EncryptedValue = EncryptedValue;

package/dist/node/index.mjs

@@ -2,23 +2,23 @@ import { parseAddressComponents, FlowFlags, FameAddress, DEFAULT_POLLING_TIMEOUT
 export * from '@naylence/core';
 import { z, ZodError } from 'zod';
 import { AbstractResourceFactory, createResource as createResource$1, createDefaultResource, registerFactory, Expressions, ExtensionManager, ExpressionEvaluationPolicy, Registry, configValidator } from '@naylence/factory';
+import { sign, hashes, verify } from '@noble/ed25519';
+import { sha256, sha512 } from '@noble/hashes/sha2.js';
 import { chacha20poly1305 } from '@noble/ciphers/chacha.js';
 import { x25519 } from '@noble/curves/ed25519.js';
 import { hkdf } from '@noble/hashes/hkdf.js';
-import { sha256, sha512 } from '@noble/hashes/sha2.js';
 import { utf8ToBytes, bytesToHex, randomBytes, concatBytes } from '@noble/hashes/utils.js';
 import { parse } from 'yaml';
 import fastify from 'fastify';
 import websocketPlugin from '@fastify/websocket';
-import { sign, hashes, verify } from '@noble/ed25519';
 
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.3.5-test.922
+// Generated from package.json version: 0.3.5-test.923
 /**
  * The package version, injected at build time.
  * @internal
  */
-const VERSION = '0.3.5-test.922';
+const VERSION = '0.3.5-test.923';
 
 /**
  * Fame protocol specific error classes with WebSocket close codes and proper inheritance.
@@ -25265,6 +25265,146 @@ function encodeUtf8(value) {
     throw new Error('No UTF-8 encoder available in this environment');
 }
 
+if (!hashes.sha512) {
+    hashes.sha512 = (message) => sha512(message);
+}
+function normalizeSignerOptions(options) {
+    if (!options || typeof options !== 'object') {
+        return {};
+    }
+    const candidate = options;
+    const result = {
+        ...options,
+    };
+    const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
+    if (cryptoProvider !== undefined) {
+        result.cryptoProvider = cryptoProvider ?? null;
+    }
+    const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
+    if (signingConfig !== undefined) {
+        result.signingConfig = signingConfig;
+    }
+    const privateKeyPem = resolveAlias(candidate, [
+        'privateKeyPem',
+        'private_key_pem',
+    ]);
+    if (privateKeyPem !== undefined) {
+        result.privateKeyPem = privateKeyPem;
+    }
+    const keyId = resolveAlias(candidate, [
+        'keyId',
+        'key_id',
+    ]);
+    if (keyId !== undefined) {
+        result.keyId = keyId;
+    }
+    return result;
+}
+class EdDSAEnvelopeSigner {
+    constructor(options = {}) {
+        const normalized = normalizeSignerOptions(options);
+        const provider = normalized.cryptoProvider ?? null;
+        if (!provider) {
+            throw new Error('No crypto provider is configured for signing');
+        }
+        this.crypto = provider;
+        const signingConfigOption = normalized.signingConfig;
+        if (signingConfigOption instanceof SigningConfig) {
+            this.signingConfig = signingConfigOption;
+        }
+        else if (signingConfigOption) {
+            this.signingConfig = new SigningConfig(signingConfigOption);
+        }
+        else {
+            this.signingConfig = new SigningConfig();
+        }
+        this.explicitPrivateKey = normalized.privateKeyPem;
+        this.explicitKeyId = normalized.keyId;
+    }
+    signEnvelope(envelope, { physicalPath }) {
+        if (!envelope.sid) {
+            throw new Error('Envelope missing sid');
+        }
+        const frame = envelope.frame;
+        if (frame.type === 'Data') {
+            const dataFrame = frame;
+            if (!dataFrame.pd) {
+                const payload = dataFrame.payload ?? '';
+                const payloadString = payload === '' ? '' : canonicalJson(payload);
+                dataFrame.pd = secureDigest(payloadString);
+            }
+        }
+        const digest = frameDigest(frame);
+        const immutable = canonicalJson(immutableHeaders(envelope));
+        const sidDigest = secureDigest(physicalPath);
+        const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
+            1 +
+            encodeUtf8(immutable).length +
+            1 +
+            encodeUtf8(digest).length);
+        const sidBytes = encodeUtf8(sidDigest);
+        const immBytes = encodeUtf8(immutable);
+        const digBytes = encodeUtf8(digest);
+        let offset = 0;
+        tbs.set(sidBytes, offset);
+        offset += sidBytes.length;
+        tbs[offset] = 0x1f;
+        offset += 1;
+        tbs.set(immBytes, offset);
+        offset += immBytes.length;
+        tbs[offset] = 0x1f;
+        offset += 1;
+        tbs.set(digBytes, offset);
+        const privateKey = this.loadPrivateKey();
+        const signatureBytes = sign(tbs, privateKey);
+        const signature = urlsafeBase64Encode(signatureBytes);
+        const kid = this.determineKeyId();
+        const signatureHeader = {
+            kid,
+            val: signature,
+            alg: 'EdDSA',
+        };
+        const secHeader = envelope.sec ?? {};
+        secHeader.sig = signatureHeader;
+        envelope.sec = secHeader;
+        return envelope;
+    }
+    loadPrivateKey() {
+        const pem = this.explicitPrivateKey ??
+            readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
+        if (!pem) {
+            throw new Error('Crypto provider does not expose a signing private key');
+        }
+        return parseEd25519PrivateKey(pem);
+    }
+    determineKeyId() {
+        if (this.explicitKeyId) {
+            return this.explicitKeyId;
+        }
+        if (this.signingConfig.signingMaterial === SigningMaterial.X509_CHAIN) {
+            const certificateProvider = this
+                .crypto;
+            const jwk = certificateProvider.nodeJwk?.();
+            if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
+                const kid = jwk.kid;
+                if (typeof kid === 'string' && kid.length > 0) {
+                    return kid;
+                }
+            }
+        }
+        const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
+        if (!fallback) {
+            throw new Error('Crypto provider does not expose a signature key id');
+        }
+        return fallback;
+    }
+}
+
+var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
+    __proto__: null,
+    EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
+});
+
 const logger$x = getLogger('naylence.fame.security.auth.jwt_token_issuer');
 let joseModulePromise = null;
 async function requireJose() {
@@ -39370,146 +39510,6 @@ var sharedSecretTokenVerifier = /*#__PURE__*/Object.freeze({
     SharedSecretTokenVerifier: SharedSecretTokenVerifier
 });
 
-if (!hashes.sha512) {
-    hashes.sha512 = (message) => sha512(message);
-}
-function normalizeSignerOptions(options) {
-    if (!options || typeof options !== 'object') {
-        return {};
-    }
-    const candidate = options;
-    const result = {
-        ...options,
-    };
-    const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
-    if (cryptoProvider !== undefined) {
-        result.cryptoProvider = cryptoProvider ?? null;
-    }
-    const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
-    if (signingConfig !== undefined) {
-        result.signingConfig = signingConfig;
-    }
-    const privateKeyPem = resolveAlias(candidate, [
-        'privateKeyPem',
-        'private_key_pem',
-    ]);
-    if (privateKeyPem !== undefined) {
-        result.privateKeyPem = privateKeyPem;
-    }
-    const keyId = resolveAlias(candidate, [
-        'keyId',
-        'key_id',
-    ]);
-    if (keyId !== undefined) {
-        result.keyId = keyId;
-    }
-    return result;
-}
-class EdDSAEnvelopeSigner {
-    constructor(options = {}) {
-        const normalized = normalizeSignerOptions(options);
-        const provider = normalized.cryptoProvider ?? null;
-        if (!provider) {
-            throw new Error('No crypto provider is configured for signing');
-        }
-        this.crypto = provider;
-        const signingConfigOption = normalized.signingConfig;
-        if (signingConfigOption instanceof SigningConfig) {
-            this.signingConfig = signingConfigOption;
-        }
-        else if (signingConfigOption) {
-            this.signingConfig = new SigningConfig(signingConfigOption);
-        }
-        else {
-            this.signingConfig = new SigningConfig();
-        }
-        this.explicitPrivateKey = normalized.privateKeyPem;
-        this.explicitKeyId = normalized.keyId;
-    }
-    signEnvelope(envelope, { physicalPath }) {
-        if (!envelope.sid) {
-            throw new Error('Envelope missing sid');
-        }
-        const frame = envelope.frame;
-        if (frame.type === 'Data') {
-            const dataFrame = frame;
-            if (!dataFrame.pd) {
-                const payload = dataFrame.payload ?? '';
-                const payloadString = payload === '' ? '' : canonicalJson(payload);
-                dataFrame.pd = secureDigest(payloadString);
-            }
-        }
-        const digest = frameDigest(frame);
-        const immutable = canonicalJson(immutableHeaders(envelope));
-        const sidDigest = secureDigest(physicalPath);
-        const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
-            1 +
-            encodeUtf8(immutable).length +
-            1 +
-            encodeUtf8(digest).length);
-        const sidBytes = encodeUtf8(sidDigest);
-        const immBytes = encodeUtf8(immutable);
-        const digBytes = encodeUtf8(digest);
-        let offset = 0;
-        tbs.set(sidBytes, offset);
-        offset += sidBytes.length;
-        tbs[offset] = 0x1f;
-        offset += 1;
-        tbs.set(immBytes, offset);
-        offset += immBytes.length;
-        tbs[offset] = 0x1f;
-        offset += 1;
-        tbs.set(digBytes, offset);
-        const privateKey = this.loadPrivateKey();
-        const signatureBytes = sign(tbs, privateKey);
-        const signature = urlsafeBase64Encode(signatureBytes);
-        const kid = this.determineKeyId();
-        const signatureHeader = {
-            kid,
-            val: signature,
-            alg: 'EdDSA',
-        };
-        const secHeader = envelope.sec ?? {};
-        secHeader.sig = signatureHeader;
-        envelope.sec = secHeader;
-        return envelope;
-    }
-    loadPrivateKey() {
-        const pem = this.explicitPrivateKey ??
-            readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
-        if (!pem) {
-            throw new Error('Crypto provider does not expose a signing private key');
-        }
-        return parseEd25519PrivateKey(pem);
-    }
-    determineKeyId() {
-        if (this.explicitKeyId) {
-            return this.explicitKeyId;
-        }
-        if (this.signingConfig.signingMaterial === SigningMaterial.X509_CHAIN) {
-            const certificateProvider = this
-                .crypto;
-            const jwk = certificateProvider.nodeJwk?.();
-            if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
-                const kid = jwk.kid;
-                if (typeof kid === 'string' && kid.length > 0) {
-                    return kid;
-                }
-            }
-        }
-        const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
-        if (!fallback) {
-            throw new Error('Crypto provider does not expose a signature key id');
-        }
-        return fallback;
-    }
-}
-
-var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
-});
-
 async function loadPublicKey(jwk, signingConfig) {
     if (jwk.x5c) {
         if (signingConfig.signingMaterial !== SigningMaterial.X509_CHAIN) {
@@ -39747,4 +39747,4 @@ var websocketTransportProvisioner = /*#__PURE__*/Object.freeze({
     WebSocketTransportProvisionerFactory: WebSocketTransportProvisionerFactory
 });
 
-export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$_ as DEFAULT_WELCOME_FACTORY_META, DefaultCryptoProvider, DefaultKeyManager, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$1 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$$ as FACTORY_META, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MemoryMetricsEmitter, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_STRICT_OVERLAY, PromptCredentialProvider, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenVerifierFactory, TransportProvisionerFactory, TtlValidationError, UpstreamSessionManager, VALID_CURVES_BY_KTY, VALID_KEY_USES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, color, compareCryptoLevels, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createLogicalUri, createNodeDeliveryContext, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCurrentEnvelope, getFameRoot, getKeyProvider, getKeyStore, getLogger, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isInPageConnectionGrant, isNodeLike, isPlainObject$3 as isPlainObject, isPoolAddress, isPoolLogical, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, safeColor, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };
+export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$_ as DEFAULT_WELCOME_FACTORY_META, DefaultCryptoProvider, DefaultKeyManager, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$1 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EdDSAEnvelopeSigner, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$$ as FACTORY_META, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MemoryMetricsEmitter, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_STRICT_OVERLAY, PromptCredentialProvider, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenVerifierFactory, TransportProvisionerFactory, TtlValidationError, UpstreamSessionManager, VALID_CURVES_BY_KTY, VALID_KEY_USES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, color, compareCryptoLevels, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createLogicalUri, createNodeDeliveryContext, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCurrentEnvelope, getFameRoot, getKeyProvider, getKeyStore, getLogger, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isInPageConnectionGrant, isNodeLike, isPlainObject$3 as isPlainObject, isPoolAddress, isPoolLogical, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, safeColor, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };