npm - @naylence/runtime - Versions diffs - 0.3.5-test.922 → 0.3.5-test.923 - Mend

@naylence/runtime 0.3.5-test.922 → 0.3.5-test.923

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/browser/index.cjs +145 -144
package/dist/browser/index.mjs +145 -145
package/dist/cjs/naylence/fame/security/index.js +3 -1
package/dist/cjs/version.js +2 -2
package/dist/esm/naylence/fame/security/index.js +1 -0
package/dist/esm/version.js +2 -2
package/dist/node/index.cjs +145 -144
package/dist/node/index.mjs +145 -145
package/dist/node/node.cjs +144 -143
package/dist/node/node.mjs +144 -144
package/dist/types/naylence/fame/security/index.d.ts +1 -0
package/dist/types/version.d.ts +1 -1
package/package.json +1 -1

package/dist/node/node.cjs CHANGED Viewed

@@ -12,11 +12,11 @@ var ed25519_js = require('@noble/curves/ed25519.js');
 var hkdf_js = require('@noble/hashes/hkdf.js');
 var sha2_js = require('@noble/hashes/sha2.js');
 var utils_js = require('@noble/hashes/utils.js');
+var ed25519 = require('@noble/ed25519');
 var fastify = require('fastify');
 var websocketPlugin = require('@fastify/websocket');
 var formbody = require('@fastify/formbody');
 var node_crypto = require('node:crypto');
-var ed25519 = require('@noble/ed25519');
 /**
  * Cross-platform logging utilities for Naylence Fame
@@ -5372,12 +5372,12 @@ for (const [name, config] of Object.entries(SQLITE_PROFILES)) {
 }
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.3.5-test.922
+// Generated from package.json version: 0.3.5-test.923
 /**
  * The package version, injected at build time.
  * @internal
  */
-const VERSION = '0.3.5-test.922';
+const VERSION = '0.3.5-test.923';
 /**
  * Fame errors module - Fame protocol specific error classes
@@ -26427,6 +26427,146 @@ function encodeUtf8(value) {
     throw new Error('No UTF-8 encoder available in this environment');
 }
+if (!ed25519.hashes.sha512) {
+    ed25519.hashes.sha512 = (message) => sha2_js.sha512(message);
+}
+function normalizeSignerOptions(options) {
+    if (!options || typeof options !== 'object') {
+        return {};
+    }
+    const candidate = options;
+    const result = {
+        ...options,
+    };
+    const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
+    if (cryptoProvider !== undefined) {
+        result.cryptoProvider = cryptoProvider ?? null;
+    }
+    const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
+    if (signingConfig !== undefined) {
+        result.signingConfig = signingConfig;
+    }
+    const privateKeyPem = resolveAlias(candidate, [
+        'privateKeyPem',
+        'private_key_pem',
+    ]);
+    if (privateKeyPem !== undefined) {
+        result.privateKeyPem = privateKeyPem;
+    }
+    const keyId = resolveAlias(candidate, [
+        'keyId',
+        'key_id',
+    ]);
+    if (keyId !== undefined) {
+        result.keyId = keyId;
+    }
+    return result;
+}
+class EdDSAEnvelopeSigner {
+    constructor(options = {}) {
+        const normalized = normalizeSignerOptions(options);
+        const provider = normalized.cryptoProvider ?? null;
+        if (!provider) {
+            throw new Error('No crypto provider is configured for signing');
+        }
+        this.crypto = provider;
+        const signingConfigOption = normalized.signingConfig;
+        if (signingConfigOption instanceof SigningConfig) {
+            this.signingConfig = signingConfigOption;
+        }
+        else if (signingConfigOption) {
+            this.signingConfig = new SigningConfig(signingConfigOption);
+        }
+        else {
+            this.signingConfig = new SigningConfig();
+        }
+        this.explicitPrivateKey = normalized.privateKeyPem;
+        this.explicitKeyId = normalized.keyId;
+    }
+    signEnvelope(envelope, { physicalPath }) {
+        if (!envelope.sid) {
+            throw new Error('Envelope missing sid');
+        }
+        const frame = envelope.frame;
+        if (frame.type === 'Data') {
+            const dataFrame = frame;
+            if (!dataFrame.pd) {
+                const payload = dataFrame.payload ?? '';
+                const payloadString = payload === '' ? '' : canonicalJson(payload);
+                dataFrame.pd = secureDigest(payloadString);
+            }
+        }
+        const digest = frameDigest(frame);
+        const immutable = canonicalJson(immutableHeaders(envelope));
+        const sidDigest = secureDigest(physicalPath);
+        const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
+            1 +
+            encodeUtf8(immutable).length +
+            1 +
+            encodeUtf8(digest).length);
+        const sidBytes = encodeUtf8(sidDigest);
+        const immBytes = encodeUtf8(immutable);
+        const digBytes = encodeUtf8(digest);
+        let offset = 0;
+        tbs.set(sidBytes, offset);
+        offset += sidBytes.length;
+        tbs[offset] = 0x1f;
+        offset += 1;
+        tbs.set(immBytes, offset);
+        offset += immBytes.length;
+        tbs[offset] = 0x1f;
+        offset += 1;
+        tbs.set(digBytes, offset);
+        const privateKey = this.loadPrivateKey();
+        const signatureBytes = ed25519.sign(tbs, privateKey);
+        const signature = urlsafeBase64Encode(signatureBytes);
+        const kid = this.determineKeyId();
+        const signatureHeader = {
+            kid,
+            val: signature,
+            alg: 'EdDSA',
+        };
+        const secHeader = envelope.sec ?? {};
+        secHeader.sig = signatureHeader;
+        envelope.sec = secHeader;
+        return envelope;
+    }
+    loadPrivateKey() {
+        const pem = this.explicitPrivateKey ??
+            readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
+        if (!pem) {
+            throw new Error('Crypto provider does not expose a signing private key');
+        }
+        return parseEd25519PrivateKey(pem);
+    }
+    determineKeyId() {
+        if (this.explicitKeyId) {
+            return this.explicitKeyId;
+        }
+        if (this.signingConfig.signingMaterial === core.SigningMaterial.X509_CHAIN) {
+            const certificateProvider = this
+                .crypto;
+            const jwk = certificateProvider.nodeJwk?.();
+            if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
+                const kid = jwk.kid;
+                if (typeof kid === 'string' && kid.length > 0) {
+                    return kid;
+                }
+            }
+        }
+        const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
+        if (!fallback) {
+            throw new Error('Crypto provider does not expose a signature key id');
+        }
+        return fallback;
+    }
+}
+var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
+    __proto__: null,
+    EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
+});
 // Legacy global crypto provider accessors are intentionally disabled to force
 // explicit dependency wiring. If a component still needs a global provider,
 // refactor it to accept one via configuration instead of re-enabling this code.
@@ -41589,146 +41729,6 @@ var sharedSecretTokenVerifier = /*#__PURE__*/Object.freeze({
     SharedSecretTokenVerifier: SharedSecretTokenVerifier
 });
-if (!ed25519.hashes.sha512) {
-    ed25519.hashes.sha512 = (message) => sha2_js.sha512(message);
-}
-function normalizeSignerOptions(options) {
-    if (!options || typeof options !== 'object') {
-        return {};
-    }
-    const candidate = options;
-    const result = {
-        ...options,
-    };
-    const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
-    if (cryptoProvider !== undefined) {
-        result.cryptoProvider = cryptoProvider ?? null;
-    }
-    const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
-    if (signingConfig !== undefined) {
-        result.signingConfig = signingConfig;
-    }
-    const privateKeyPem = resolveAlias(candidate, [
-        'privateKeyPem',
-        'private_key_pem',
-    ]);
-    if (privateKeyPem !== undefined) {
-        result.privateKeyPem = privateKeyPem;
-    }
-    const keyId = resolveAlias(candidate, [
-        'keyId',
-        'key_id',
-    ]);
-    if (keyId !== undefined) {
-        result.keyId = keyId;
-    }
-    return result;
-}
-class EdDSAEnvelopeSigner {
-    constructor(options = {}) {
-        const normalized = normalizeSignerOptions(options);
-        const provider = normalized.cryptoProvider ?? null;
-        if (!provider) {
-            throw new Error('No crypto provider is configured for signing');
-        }
-        this.crypto = provider;
-        const signingConfigOption = normalized.signingConfig;
-        if (signingConfigOption instanceof SigningConfig) {
-            this.signingConfig = signingConfigOption;
-        }
-        else if (signingConfigOption) {
-            this.signingConfig = new SigningConfig(signingConfigOption);
-        }
-        else {
-            this.signingConfig = new SigningConfig();
-        }
-        this.explicitPrivateKey = normalized.privateKeyPem;
-        this.explicitKeyId = normalized.keyId;
-    }
-    signEnvelope(envelope, { physicalPath }) {
-        if (!envelope.sid) {
-            throw new Error('Envelope missing sid');
-        }
-        const frame = envelope.frame;
-        if (frame.type === 'Data') {
-            const dataFrame = frame;
-            if (!dataFrame.pd) {
-                const payload = dataFrame.payload ?? '';
-                const payloadString = payload === '' ? '' : canonicalJson(payload);
-                dataFrame.pd = secureDigest(payloadString);
-            }
-        }
-        const digest = frameDigest(frame);
-        const immutable = canonicalJson(immutableHeaders(envelope));
-        const sidDigest = secureDigest(physicalPath);
-        const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
-            1 +
-            encodeUtf8(immutable).length +
-            1 +
-            encodeUtf8(digest).length);
-        const sidBytes = encodeUtf8(sidDigest);
-        const immBytes = encodeUtf8(immutable);
-        const digBytes = encodeUtf8(digest);
-        let offset = 0;
-        tbs.set(sidBytes, offset);
-        offset += sidBytes.length;
-        tbs[offset] = 0x1f;
-        offset += 1;
-        tbs.set(immBytes, offset);
-        offset += immBytes.length;
-        tbs[offset] = 0x1f;
-        offset += 1;
-        tbs.set(digBytes, offset);
-        const privateKey = this.loadPrivateKey();
-        const signatureBytes = ed25519.sign(tbs, privateKey);
-        const signature = urlsafeBase64Encode(signatureBytes);
-        const kid = this.determineKeyId();
-        const signatureHeader = {
-            kid,
-            val: signature,
-            alg: 'EdDSA',
-        };
-        const secHeader = envelope.sec ?? {};
-        secHeader.sig = signatureHeader;
-        envelope.sec = secHeader;
-        return envelope;
-    }
-    loadPrivateKey() {
-        const pem = this.explicitPrivateKey ??
-            readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
-        if (!pem) {
-            throw new Error('Crypto provider does not expose a signing private key');
-        }
-        return parseEd25519PrivateKey(pem);
-    }
-    determineKeyId() {
-        if (this.explicitKeyId) {
-            return this.explicitKeyId;
-        }
-        if (this.signingConfig.signingMaterial === core.SigningMaterial.X509_CHAIN) {
-            const certificateProvider = this
-                .crypto;
-            const jwk = certificateProvider.nodeJwk?.();
-            if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
-                const kid = jwk.kid;
-                if (typeof kid === 'string' && kid.length > 0) {
-                    return kid;
-                }
-            }
-        }
-        const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
-        if (!fallback) {
-            throw new Error('Crypto provider does not expose a signature key id');
-        }
-        return fallback;
-    }
-}
-var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
-});
 async function loadPublicKey(jwk, signingConfig) {
     if (jwk.x5c) {
         if (signingConfig.signingMaterial !== core.SigningMaterial.X509_CHAIN) {
@@ -42010,6 +42010,7 @@ exports.ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE;
 exports.ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER = ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER;
 exports.ENV_VAR_JWT_TRUSTED_ISSUER = ENV_VAR_JWT_TRUSTED_ISSUER;
 exports.ENV_VAR_SHOW_ENVELOPES = ENV_VAR_SHOW_ENVELOPES$1;
+exports.EdDSAEnvelopeSigner = EdDSAEnvelopeSigner;
 exports.EncryptedKeyValueStore = EncryptedKeyValueStore;
 exports.EncryptedStorageProviderBase = EncryptedStorageProviderBase;
 exports.EncryptedValue = EncryptedValue;

package/dist/node/node.mjs CHANGED Viewed

@@ -11,11 +11,11 @@ import { x25519 } from '@noble/curves/ed25519.js';
 import { hkdf } from '@noble/hashes/hkdf.js';
 import { sha256, sha512 } from '@noble/hashes/sha2.js';
 import { utf8ToBytes, bytesToHex, randomBytes, concatBytes } from '@noble/hashes/utils.js';
+import { hashes, sign, verify } from '@noble/ed25519';
 import fastify from 'fastify';
 import websocketPlugin from '@fastify/websocket';
 import formbody from '@fastify/formbody';
 import { createHash, timingSafeEqual, randomBytes as randomBytes$1 } from 'node:crypto';
-import { hashes, sign, verify } from '@noble/ed25519';
 /**
  * Cross-platform logging utilities for Naylence Fame
@@ -5371,12 +5371,12 @@ for (const [name, config] of Object.entries(SQLITE_PROFILES)) {
 }
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.3.5-test.922
+// Generated from package.json version: 0.3.5-test.923
 /**
  * The package version, injected at build time.
  * @internal
  */
-const VERSION = '0.3.5-test.922';
+const VERSION = '0.3.5-test.923';
 /**
  * Fame errors module - Fame protocol specific error classes
@@ -26426,6 +26426,146 @@ function encodeUtf8(value) {
     throw new Error('No UTF-8 encoder available in this environment');
 }
+if (!hashes.sha512) {
+    hashes.sha512 = (message) => sha512(message);
+}
+function normalizeSignerOptions(options) {
+    if (!options || typeof options !== 'object') {
+        return {};
+    }
+    const candidate = options;
+    const result = {
+        ...options,
+    };
+    const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
+    if (cryptoProvider !== undefined) {
+        result.cryptoProvider = cryptoProvider ?? null;
+    }
+    const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
+    if (signingConfig !== undefined) {
+        result.signingConfig = signingConfig;
+    }
+    const privateKeyPem = resolveAlias(candidate, [
+        'privateKeyPem',
+        'private_key_pem',
+    ]);
+    if (privateKeyPem !== undefined) {
+        result.privateKeyPem = privateKeyPem;
+    }
+    const keyId = resolveAlias(candidate, [
+        'keyId',
+        'key_id',
+    ]);
+    if (keyId !== undefined) {
+        result.keyId = keyId;
+    }
+    return result;
+}
+class EdDSAEnvelopeSigner {
+    constructor(options = {}) {
+        const normalized = normalizeSignerOptions(options);
+        const provider = normalized.cryptoProvider ?? null;
+        if (!provider) {
+            throw new Error('No crypto provider is configured for signing');
+        }
+        this.crypto = provider;
+        const signingConfigOption = normalized.signingConfig;
+        if (signingConfigOption instanceof SigningConfig) {
+            this.signingConfig = signingConfigOption;
+        }
+        else if (signingConfigOption) {
+            this.signingConfig = new SigningConfig(signingConfigOption);
+        }
+        else {
+            this.signingConfig = new SigningConfig();
+        }
+        this.explicitPrivateKey = normalized.privateKeyPem;
+        this.explicitKeyId = normalized.keyId;
+    }
+    signEnvelope(envelope, { physicalPath }) {
+        if (!envelope.sid) {
+            throw new Error('Envelope missing sid');
+        }
+        const frame = envelope.frame;
+        if (frame.type === 'Data') {
+            const dataFrame = frame;
+            if (!dataFrame.pd) {
+                const payload = dataFrame.payload ?? '';
+                const payloadString = payload === '' ? '' : canonicalJson(payload);
+                dataFrame.pd = secureDigest(payloadString);
+            }
+        }
+        const digest = frameDigest(frame);
+        const immutable = canonicalJson(immutableHeaders(envelope));
+        const sidDigest = secureDigest(physicalPath);
+        const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
+            1 +
+            encodeUtf8(immutable).length +
+            1 +
+            encodeUtf8(digest).length);
+        const sidBytes = encodeUtf8(sidDigest);
+        const immBytes = encodeUtf8(immutable);
+        const digBytes = encodeUtf8(digest);
+        let offset = 0;
+        tbs.set(sidBytes, offset);
+        offset += sidBytes.length;
+        tbs[offset] = 0x1f;
+        offset += 1;
+        tbs.set(immBytes, offset);
+        offset += immBytes.length;
+        tbs[offset] = 0x1f;
+        offset += 1;
+        tbs.set(digBytes, offset);
+        const privateKey = this.loadPrivateKey();
+        const signatureBytes = sign(tbs, privateKey);
+        const signature = urlsafeBase64Encode(signatureBytes);
+        const kid = this.determineKeyId();
+        const signatureHeader = {
+            kid,
+            val: signature,
+            alg: 'EdDSA',
+        };
+        const secHeader = envelope.sec ?? {};
+        secHeader.sig = signatureHeader;
+        envelope.sec = secHeader;
+        return envelope;
+    }
+    loadPrivateKey() {
+        const pem = this.explicitPrivateKey ??
+            readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
+        if (!pem) {
+            throw new Error('Crypto provider does not expose a signing private key');
+        }
+        return parseEd25519PrivateKey(pem);
+    }
+    determineKeyId() {
+        if (this.explicitKeyId) {
+            return this.explicitKeyId;
+        }
+        if (this.signingConfig.signingMaterial === SigningMaterial.X509_CHAIN) {
+            const certificateProvider = this
+                .crypto;
+            const jwk = certificateProvider.nodeJwk?.();
+            if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
+                const kid = jwk.kid;
+                if (typeof kid === 'string' && kid.length > 0) {
+                    return kid;
+                }
+            }
+        }
+        const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
+        if (!fallback) {
+            throw new Error('Crypto provider does not expose a signature key id');
+        }
+        return fallback;
+    }
+}
+var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
+    __proto__: null,
+    EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
+});
 // Legacy global crypto provider accessors are intentionally disabled to force
 // explicit dependency wiring. If a component still needs a global provider,
 // refactor it to accept one via configuration instead of re-enabling this code.
@@ -41588,146 +41728,6 @@ var sharedSecretTokenVerifier = /*#__PURE__*/Object.freeze({
     SharedSecretTokenVerifier: SharedSecretTokenVerifier
 });
-if (!hashes.sha512) {
-    hashes.sha512 = (message) => sha512(message);
-}
-function normalizeSignerOptions(options) {
-    if (!options || typeof options !== 'object') {
-        return {};
-    }
-    const candidate = options;
-    const result = {
-        ...options,
-    };
-    const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
-    if (cryptoProvider !== undefined) {
-        result.cryptoProvider = cryptoProvider ?? null;
-    }
-    const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
-    if (signingConfig !== undefined) {
-        result.signingConfig = signingConfig;
-    }
-    const privateKeyPem = resolveAlias(candidate, [
-        'privateKeyPem',
-        'private_key_pem',
-    ]);
-    if (privateKeyPem !== undefined) {
-        result.privateKeyPem = privateKeyPem;
-    }
-    const keyId = resolveAlias(candidate, [
-        'keyId',
-        'key_id',
-    ]);
-    if (keyId !== undefined) {
-        result.keyId = keyId;
-    }
-    return result;
-}
-class EdDSAEnvelopeSigner {
-    constructor(options = {}) {
-        const normalized = normalizeSignerOptions(options);
-        const provider = normalized.cryptoProvider ?? null;
-        if (!provider) {
-            throw new Error('No crypto provider is configured for signing');
-        }
-        this.crypto = provider;
-        const signingConfigOption = normalized.signingConfig;
-        if (signingConfigOption instanceof SigningConfig) {
-            this.signingConfig = signingConfigOption;
-        }
-        else if (signingConfigOption) {
-            this.signingConfig = new SigningConfig(signingConfigOption);
-        }
-        else {
-            this.signingConfig = new SigningConfig();
-        }
-        this.explicitPrivateKey = normalized.privateKeyPem;
-        this.explicitKeyId = normalized.keyId;
-    }
-    signEnvelope(envelope, { physicalPath }) {
-        if (!envelope.sid) {
-            throw new Error('Envelope missing sid');
-        }
-        const frame = envelope.frame;
-        if (frame.type === 'Data') {
-            const dataFrame = frame;
-            if (!dataFrame.pd) {
-                const payload = dataFrame.payload ?? '';
-                const payloadString = payload === '' ? '' : canonicalJson(payload);
-                dataFrame.pd = secureDigest(payloadString);
-            }
-        }
-        const digest = frameDigest(frame);
-        const immutable = canonicalJson(immutableHeaders(envelope));
-        const sidDigest = secureDigest(physicalPath);
-        const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
-            1 +
-            encodeUtf8(immutable).length +
-            1 +
-            encodeUtf8(digest).length);
-        const sidBytes = encodeUtf8(sidDigest);
-        const immBytes = encodeUtf8(immutable);
-        const digBytes = encodeUtf8(digest);
-        let offset = 0;
-        tbs.set(sidBytes, offset);
-        offset += sidBytes.length;
-        tbs[offset] = 0x1f;
-        offset += 1;
-        tbs.set(immBytes, offset);
-        offset += immBytes.length;
-        tbs[offset] = 0x1f;
-        offset += 1;
-        tbs.set(digBytes, offset);
-        const privateKey = this.loadPrivateKey();
-        const signatureBytes = sign(tbs, privateKey);
-        const signature = urlsafeBase64Encode(signatureBytes);
-        const kid = this.determineKeyId();
-        const signatureHeader = {
-            kid,
-            val: signature,
-            alg: 'EdDSA',
-        };
-        const secHeader = envelope.sec ?? {};
-        secHeader.sig = signatureHeader;
-        envelope.sec = secHeader;
-        return envelope;
-    }
-    loadPrivateKey() {
-        const pem = this.explicitPrivateKey ??
-            readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
-        if (!pem) {
-            throw new Error('Crypto provider does not expose a signing private key');
-        }
-        return parseEd25519PrivateKey(pem);
-    }
-    determineKeyId() {
-        if (this.explicitKeyId) {
-            return this.explicitKeyId;
-        }
-        if (this.signingConfig.signingMaterial === SigningMaterial.X509_CHAIN) {
-            const certificateProvider = this
-                .crypto;
-            const jwk = certificateProvider.nodeJwk?.();
-            if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
-                const kid = jwk.kid;
-                if (typeof kid === 'string' && kid.length > 0) {
-                    return kid;
-                }
-            }
-        }
-        const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
-        if (!fallback) {
-            throw new Error('Crypto provider does not expose a signature key id');
-        }
-        return fallback;
-    }
-}
-var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
-});
 async function loadPublicKey(jwk, signingConfig) {
     if (jwk.x5c) {
         if (signingConfig.signingMaterial !== SigningMaterial.X509_CHAIN) {
@@ -41965,4 +41965,4 @@ var websocketTransportProvisioner = /*#__PURE__*/Object.freeze({
     WebSocketTransportProvisionerFactory: WebSocketTransportProvisionerFactory
 });
-export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$Z as DEFAULT_WELCOME_FACTORY_META, DefaultCryptoProvider, DefaultHttpServer, DefaultKeyManager, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$2 as ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$2 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$_ as FACTORY_META, FAME_FABRIC_FACTORY_BASE_TYPE, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, HttpListener, HttpStatelessConnector, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, InPageListener, InProcessFameFabric, InProcessFameFabricFactory, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MemoryMetricsEmitter, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_STRICT_OVERLAY, PromptCredentialProvider, QueueFullError, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, SQLiteKeyValueStore, SQLiteStorageProvider, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_LISTENER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenVerifierFactory, TransportListener, TransportProvisionerFactory, TtlValidationError, UpstreamSessionManager, VALID_CURVES_BY_KTY, VALID_KEY_USES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketListener, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, color, compareCryptoLevels, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createJwksRouter, createLogicalUri, createNodeDeliveryContext, createApp as createOAuth2ServerApp, createOAuth2TokenRouter, createOpenIDConfigurationRouter, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCurrentEnvelope, getFameRoot, getHttpListenerInstance, getInPageListenerInstance, getKeyProvider, getKeyStore, getLogger, getWebsocketListenerInstance, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isInPageConnectionGrant, isNodeLike, isPlainObject$3 as isPlainObject, isPoolAddress, isPoolLogical, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeExtendedFameConfig, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, main as runOAuth2Server, safeColor, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };
+export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$Z as DEFAULT_WELCOME_FACTORY_META, DefaultCryptoProvider, DefaultHttpServer, DefaultKeyManager, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$2 as ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$2 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EdDSAEnvelopeSigner, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$_ as FACTORY_META, FAME_FABRIC_FACTORY_BASE_TYPE, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, HttpListener, HttpStatelessConnector, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, InPageListener, InProcessFameFabric, InProcessFameFabricFactory, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MemoryMetricsEmitter, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_STRICT_OVERLAY, PromptCredentialProvider, QueueFullError, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, SQLiteKeyValueStore, SQLiteStorageProvider, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_LISTENER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenVerifierFactory, TransportListener, TransportProvisionerFactory, TtlValidationError, UpstreamSessionManager, VALID_CURVES_BY_KTY, VALID_KEY_USES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketListener, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, color, compareCryptoLevels, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createJwksRouter, createLogicalUri, createNodeDeliveryContext, createApp as createOAuth2ServerApp, createOAuth2TokenRouter, createOpenIDConfigurationRouter, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCurrentEnvelope, getFameRoot, getHttpListenerInstance, getInPageListenerInstance, getKeyProvider, getKeyStore, getLogger, getWebsocketListenerInstance, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isInPageConnectionGrant, isNodeLike, isPlainObject$3 as isPlainObject, isPoolAddress, isPoolLogical, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeExtendedFameConfig, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, main as runOAuth2Server, safeColor, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };