npm - @naylence/runtime - Versions diffs - 0.3.5-test.922 → 0.3.5-test.924 - Mend

@naylence/runtime 0.3.5-test.922 → 0.3.5-test.924

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/dist/node/node.cjs CHANGED Viewed

@@ -12,11 +12,11 @@ var ed25519_js = require('@noble/curves/ed25519.js');
 var hkdf_js = require('@noble/hashes/hkdf.js');
 var sha2_js = require('@noble/hashes/sha2.js');
 var utils_js = require('@noble/hashes/utils.js');
+var ed25519 = require('@noble/ed25519');
 var fastify = require('fastify');
 var websocketPlugin = require('@fastify/websocket');
 var formbody = require('@fastify/formbody');
 var node_crypto = require('node:crypto');
-var ed25519 = require('@noble/ed25519');
 /**
  * Cross-platform logging utilities for Naylence Fame
@@ -3392,7 +3392,7 @@ class WebSocketConnectionGrantImpl {
         this.purpose = 'connection';
     }
 }
-const FACTORY_META$17 = {
+const FACTORY_META$18 = {
     base: CONNECTOR_FACTORY_BASE_TYPE,
     key: 'WebSocketConnector',
 };
@@ -3763,7 +3763,7 @@ class WebSocketConnectorFactory extends ConnectorFactory {
 var websocketConnectorFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$17,
+    FACTORY_META: FACTORY_META$18,
     WebSocketConnectorFactory: WebSocketConnectorFactory,
     default: WebSocketConnectorFactory,
     setWebSocketConnectorSslLoader: setWebSocketConnectorSslLoader
@@ -3896,7 +3896,7 @@ class EnvCredentialProviderFactory extends CredentialProviderFactory {
         return new EnvCredentialProvider(resolved.varName);
     }
 }
-const FACTORY_META$16 = {
+const FACTORY_META$17 = {
     base: CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE,
     key: 'EnvCredentialProvider',
 };
@@ -3904,7 +3904,7 @@ const FACTORY_META$16 = {
 var envCredentialProviderFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     EnvCredentialProviderFactory: EnvCredentialProviderFactory,
-    FACTORY_META: FACTORY_META$16,
+    FACTORY_META: FACTORY_META$17,
     default: EnvCredentialProviderFactory,
     normalizeEnvConfig: normalizeEnvConfig
 });
@@ -4002,14 +4002,14 @@ class PromptCredentialProviderFactory extends CredentialProviderFactory {
         return new PromptCredentialProvider(resolved.credentialName);
     }
 }
-const FACTORY_META$15 = {
+const FACTORY_META$16 = {
     base: CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE,
     key: 'PromptCredentialProvider',
 };
 var promptCredentialProviderFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$15,
+    FACTORY_META: FACTORY_META$16,
     PromptCredentialProviderFactory: PromptCredentialProviderFactory,
     default: PromptCredentialProviderFactory,
     normalizePromptConfig: normalizePromptConfig
@@ -4063,14 +4063,14 @@ class SecretStoreCredentialProviderFactory extends CredentialProviderFactory {
         return new SecretStoreCredentialProvider(resolved.secretName);
     }
 }
-const FACTORY_META$14 = {
+const FACTORY_META$15 = {
     base: CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE,
     key: 'SecretStoreCredentialProvider',
 };
 var secretStoreCredentialProviderFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$14,
+    FACTORY_META: FACTORY_META$15,
     SecretStoreCredentialProviderFactory: SecretStoreCredentialProviderFactory,
     default: SecretStoreCredentialProviderFactory,
     normalizeSecretStoreConfig: normalizeSecretStoreConfig
@@ -4119,14 +4119,14 @@ class StaticCredentialProviderFactory extends CredentialProviderFactory {
         return new StaticCredentialProvider(resolved.credentialValue);
     }
 }
-const FACTORY_META$13 = {
+const FACTORY_META$14 = {
     base: CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE,
     key: 'StaticCredentialProvider',
 };
 var staticCredentialProviderFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$13,
+    FACTORY_META: FACTORY_META$14,
     StaticCredentialProviderFactory: StaticCredentialProviderFactory,
     default: StaticCredentialProviderFactory,
     normalizeStaticConfig: normalizeStaticConfig
@@ -5372,12 +5372,12 @@ for (const [name, config] of Object.entries(SQLITE_PROFILES)) {
 }
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.3.5-test.922
+// Generated from package.json version: 0.3.5-test.924
 /**
  * The package version, injected at build time.
  * @internal
  */
-const VERSION = '0.3.5-test.922';
+const VERSION = '0.3.5-test.924';
 /**
  * Fame errors module - Fame protocol specific error classes
@@ -15118,6 +15118,7 @@ const MODULES = [
     "./security/policy/no-security-policy-factory.js",
     "./security/signing/eddsa-envelope-signer-factory.js",
     "./security/signing/eddsa-envelope-verifier-factory.js",
+    "./security/trust-store/noop-trust-store-provider-factory.js",
     "./sentinel/capability-aware-routing-policy-factory.js",
     "./sentinel/composite-routing-policy-factory.js",
     "./sentinel/hybrid-path-routing-policy-factory.js",
@@ -15192,6 +15193,7 @@ const MODULE_LOADERS = {
     "./security/policy/no-security-policy-factory.js": () => Promise.resolve().then(function () { return noSecurityPolicyFactory; }),
     "./security/signing/eddsa-envelope-signer-factory.js": () => Promise.resolve().then(function () { return eddsaEnvelopeSignerFactory; }),
     "./security/signing/eddsa-envelope-verifier-factory.js": () => Promise.resolve().then(function () { return eddsaEnvelopeVerifierFactory; }),
+    "./security/trust-store/noop-trust-store-provider-factory.js": () => Promise.resolve().then(function () { return noopTrustStoreProviderFactory; }),
     "./sentinel/capability-aware-routing-policy-factory.js": () => Promise.resolve().then(function () { return capabilityAwareRoutingPolicyFactory; }),
     "./sentinel/composite-routing-policy-factory.js": () => Promise.resolve().then(function () { return compositeRoutingPolicyFactory; }),
     "./sentinel/hybrid-path-routing-policy-factory.js": () => Promise.resolve().then(function () { return hybridPathRoutingPolicyFactory; }),
@@ -15496,7 +15498,7 @@ class NodeLikeFactory extends factory.AbstractResourceFactory {
 //   registerFactory(NODE_LIKE_FACTORY_BASE_TYPE, type, factory);
 // }
-const FACTORY_META$12 = {
+const FACTORY_META$13 = {
     base: NODE_LIKE_FACTORY_BASE_TYPE,
     key: 'Node',
 };
@@ -15537,7 +15539,7 @@ class NodeFactory extends NodeLikeFactory {
 var nodeFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$12,
+    FACTORY_META: FACTORY_META$13,
     NodeFactory: NodeFactory,
     default: NodeFactory
 });
@@ -16978,7 +16980,7 @@ class RouteStoreFactory extends factory.AbstractResourceFactory {
         return store ?? null;
     }
 }
-const FACTORY_META$11 = {
+const FACTORY_META$12 = {
     base: ROUTE_STORE_FACTORY_BASE_TYPE,
     key: 'InMemoryRouteStore',
 };
@@ -16996,7 +16998,7 @@ class InMemoryRouteStoreFactory extends RouteStoreFactory {
 var routeStoreFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$11,
+    FACTORY_META: FACTORY_META$12,
     InMemoryRouteStoreFactory: InMemoryRouteStoreFactory,
     ROUTE_STORE_FACTORY_BASE_TYPE: ROUTE_STORE_FACTORY_BASE_TYPE,
     RouteStoreFactory: RouteStoreFactory,
@@ -20812,7 +20814,7 @@ function isPlainRecord(value) {
     return Boolean(value) && typeof value === 'object' && !Array.isArray(value);
 }
-const FACTORY_META$10 = {
+const FACTORY_META$11 = {
     base: NODE_LIKE_FACTORY_BASE_TYPE,
     key: 'Sentinel',
 };
@@ -20996,7 +20998,7 @@ class SentinelFactory extends NodeLikeFactory {
 var sentinelFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$10,
+    FACTORY_META: FACTORY_META$11,
     SentinelFactory: SentinelFactory,
     default: SentinelFactory
 });
@@ -21610,6 +21612,45 @@ class CertificateManagerFactory extends factory.AbstractResourceFactory {
     }
 }
+const DEFAULT_UNCONFIGURED_MESSAGE = "Trust store is not configured. Set FAME_CA_CERTS to a PEM value, a file path, a data URI, or an HTTPS bundle URL.";
+const TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE = "TrustStoreProviderFactory";
+class TrustStoreProviderFactory extends factory.AbstractResourceFactory {
+    createUnconfiguredProvider(reason) {
+        return new NoopTrustStoreProvider(reason ?? DEFAULT_UNCONFIGURED_MESSAGE);
+    }
+    static async createTrustStoreProvider(config, options = {}) {
+        const { dependencies, factoryArgs, ...restOptions } = options;
+        const mergedFactoryArgs = [
+            ...(dependencies ? [dependencies] : []),
+            ...(factoryArgs ?? []),
+        ];
+        const creationOptions = {
+            ...restOptions,
+            factoryArgs: mergedFactoryArgs,
+        };
+        if (config) {
+            const instance = await factory.createResource(TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, config, creationOptions);
+            return instance ?? new NoopTrustStoreProvider();
+        }
+        const instance = await factory.createDefaultResource(TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, null, creationOptions);
+        return instance ?? new NoopTrustStoreProvider();
+    }
+}
+class NoopTrustStoreProvider {
+    constructor(reason = DEFAULT_UNCONFIGURED_MESSAGE) {
+        this.reason = reason;
+    }
+    async getTrustStorePem() {
+        throw new Error(this.reason);
+    }
+    async getRoots() {
+        return [];
+    }
+    async initialize() {
+        // No-op for the placeholder provider.
+    }
+}
 const ENCRYPTION_MANAGER_FACTORY_BASE_TYPE = 'EncryptionManagerFactory';
 class EncryptionManagerFactory extends factory.AbstractResourceFactory {
     getPriority() {
@@ -26427,6 +26468,146 @@ function encodeUtf8(value) {
     throw new Error('No UTF-8 encoder available in this environment');
 }
+if (!ed25519.hashes.sha512) {
+    ed25519.hashes.sha512 = (message) => sha2_js.sha512(message);
+}
+function normalizeSignerOptions(options) {
+    if (!options || typeof options !== 'object') {
+        return {};
+    }
+    const candidate = options;
+    const result = {
+        ...options,
+    };
+    const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
+    if (cryptoProvider !== undefined) {
+        result.cryptoProvider = cryptoProvider ?? null;
+    }
+    const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
+    if (signingConfig !== undefined) {
+        result.signingConfig = signingConfig;
+    }
+    const privateKeyPem = resolveAlias(candidate, [
+        'privateKeyPem',
+        'private_key_pem',
+    ]);
+    if (privateKeyPem !== undefined) {
+        result.privateKeyPem = privateKeyPem;
+    }
+    const keyId = resolveAlias(candidate, [
+        'keyId',
+        'key_id',
+    ]);
+    if (keyId !== undefined) {
+        result.keyId = keyId;
+    }
+    return result;
+}
+class EdDSAEnvelopeSigner {
+    constructor(options = {}) {
+        const normalized = normalizeSignerOptions(options);
+        const provider = normalized.cryptoProvider ?? null;
+        if (!provider) {
+            throw new Error('No crypto provider is configured for signing');
+        }
+        this.crypto = provider;
+        const signingConfigOption = normalized.signingConfig;
+        if (signingConfigOption instanceof SigningConfig) {
+            this.signingConfig = signingConfigOption;
+        }
+        else if (signingConfigOption) {
+            this.signingConfig = new SigningConfig(signingConfigOption);
+        }
+        else {
+            this.signingConfig = new SigningConfig();
+        }
+        this.explicitPrivateKey = normalized.privateKeyPem;
+        this.explicitKeyId = normalized.keyId;
+    }
+    signEnvelope(envelope, { physicalPath }) {
+        if (!envelope.sid) {
+            throw new Error('Envelope missing sid');
+        }
+        const frame = envelope.frame;
+        if (frame.type === 'Data') {
+            const dataFrame = frame;
+            if (!dataFrame.pd) {
+                const payload = dataFrame.payload ?? '';
+                const payloadString = payload === '' ? '' : canonicalJson(payload);
+                dataFrame.pd = secureDigest(payloadString);
+            }
+        }
+        const digest = frameDigest(frame);
+        const immutable = canonicalJson(immutableHeaders(envelope));
+        const sidDigest = secureDigest(physicalPath);
+        const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
+            1 +
+            encodeUtf8(immutable).length +
+            1 +
+            encodeUtf8(digest).length);
+        const sidBytes = encodeUtf8(sidDigest);
+        const immBytes = encodeUtf8(immutable);
+        const digBytes = encodeUtf8(digest);
+        let offset = 0;
+        tbs.set(sidBytes, offset);
+        offset += sidBytes.length;
+        tbs[offset] = 0x1f;
+        offset += 1;
+        tbs.set(immBytes, offset);
+        offset += immBytes.length;
+        tbs[offset] = 0x1f;
+        offset += 1;
+        tbs.set(digBytes, offset);
+        const privateKey = this.loadPrivateKey();
+        const signatureBytes = ed25519.sign(tbs, privateKey);
+        const signature = urlsafeBase64Encode(signatureBytes);
+        const kid = this.determineKeyId();
+        const signatureHeader = {
+            kid,
+            val: signature,
+            alg: 'EdDSA',
+        };
+        const secHeader = envelope.sec ?? {};
+        secHeader.sig = signatureHeader;
+        envelope.sec = secHeader;
+        return envelope;
+    }
+    loadPrivateKey() {
+        const pem = this.explicitPrivateKey ??
+            readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
+        if (!pem) {
+            throw new Error('Crypto provider does not expose a signing private key');
+        }
+        return parseEd25519PrivateKey(pem);
+    }
+    determineKeyId() {
+        if (this.explicitKeyId) {
+            return this.explicitKeyId;
+        }
+        if (this.signingConfig.signingMaterial === core.SigningMaterial.X509_CHAIN) {
+            const certificateProvider = this
+                .crypto;
+            const jwk = certificateProvider.nodeJwk?.();
+            if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
+                const kid = jwk.kid;
+                if (typeof kid === 'string' && kid.length > 0) {
+                    return kid;
+                }
+            }
+        }
+        const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
+        if (!fallback) {
+            throw new Error('Crypto provider does not expose a signature key id');
+        }
+        return fallback;
+    }
+}
+var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
+    __proto__: null,
+    EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
+});
 // Legacy global crypto provider accessors are intentionally disabled to force
 // explicit dependency wiring. If a component still needs a global provider,
 // refactor it to accept one via configuration instead of re-enabling this code.
@@ -28046,7 +28227,7 @@ const PROFILE_MAP$4 = {
     [PROFILE_NAME_GATED_CALLBACK]: GATED_CALLBACK_PROFILE,
     [PROFILE_NAME_OPEN$1]: OPEN_PROFILE$1,
 };
-const FACTORY_META$$ = {
+const FACTORY_META$10 = {
     base: SECURITY_MANAGER_FACTORY_BASE_TYPE,
     key: 'SecurityProfile',
 };
@@ -28172,7 +28353,7 @@ var nodeSecurityProfileFactory = /*#__PURE__*/Object.freeze({
     ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE: ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE,
     ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER: ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER,
     ENV_VAR_JWT_TRUSTED_ISSUER: ENV_VAR_JWT_TRUSTED_ISSUER,
-    FACTORY_META: FACTORY_META$$,
+    FACTORY_META: FACTORY_META$10,
     NodeSecurityProfileFactory: NodeSecurityProfileFactory,
     PROFILE_NAME_GATED: PROFILE_NAME_GATED,
     PROFILE_NAME_GATED_CALLBACK: PROFILE_NAME_GATED_CALLBACK,
@@ -28301,7 +28482,7 @@ class SimpleLoadBalancerStickinessManager extends BaseNodeEventListener {
     }
 }
-const FACTORY_META$_ = {
+const FACTORY_META$$ = {
     base: LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE,
     key: 'SimpleLoadBalancerStickinessManager',
 };
@@ -28325,7 +28506,7 @@ class SimpleLoadBalancerStickinessManagerFactory extends LoadBalancerStickinessM
 var simpleLoadBalancerStickinessManagerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$_,
+    FACTORY_META: FACTORY_META$$,
     SimpleLoadBalancerStickinessManagerFactory: SimpleLoadBalancerStickinessManagerFactory,
     default: SimpleLoadBalancerStickinessManagerFactory
 });
@@ -28751,7 +28932,7 @@ class WelcomeServiceFactory extends factory.AbstractResourceFactory {
     }
 }
-const FACTORY_META$Z = {
+const FACTORY_META$_ = {
     base: WELCOME_SERVICE_FACTORY_BASE_TYPE,
     key: 'DefaultWelcomeService',
 };
@@ -28832,7 +29013,7 @@ function resolveConfigEntry(source, keys) {
 var defaultWelcomeServiceFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     DefaultWelcomeServiceFactory: DefaultWelcomeServiceFactory,
-    FACTORY_META: FACTORY_META$Z,
+    FACTORY_META: FACTORY_META$_,
     default: DefaultWelcomeServiceFactory
 });
@@ -29036,7 +29217,7 @@ function normalizeConfig$r(config) {
         authorizer: authorizerValue,
     };
 }
-const FACTORY_META$Y = {
+const FACTORY_META$Z = {
     base: TRANSPORT_LISTENER_FACTORY_BASE_TYPE,
     key: 'HttpListener',
 };
@@ -29083,7 +29264,7 @@ class HttpListenerFactory extends TransportListenerFactory {
 var httpListenerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$Y,
+    FACTORY_META: FACTORY_META$Z,
     HttpListenerFactory: HttpListenerFactory,
     default: HttpListenerFactory
 });
@@ -29152,7 +29333,7 @@ function normalizeConfig$q(config) {
         authorizer: authorizerValue,
     };
 }
-const FACTORY_META$X = {
+const FACTORY_META$Y = {
     base: TRANSPORT_LISTENER_FACTORY_BASE_TYPE,
     key: 'WebSocketListener',
 };
@@ -29196,7 +29377,7 @@ class WebSocketListenerFactory extends TransportListenerFactory {
 var websocketListenerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$X,
+    FACTORY_META: FACTORY_META$Y,
     WebSocketListenerFactory: WebSocketListenerFactory,
     default: WebSocketListenerFactory
 });
@@ -29233,7 +29414,7 @@ function normalizeConfig$p(config) {
         inboxCapacity,
     };
 }
-const FACTORY_META$W = {
+const FACTORY_META$X = {
     base: TRANSPORT_LISTENER_FACTORY_BASE_TYPE,
     key: 'InPageListener',
 };
@@ -29259,7 +29440,7 @@ class InPageListenerFactory extends TransportListenerFactory {
 var inpageListenerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$W,
+    FACTORY_META: FACTORY_META$X,
     InPageListenerFactory: InPageListenerFactory,
     default: InPageListenerFactory
 });
@@ -29296,7 +29477,7 @@ function normalizeConfig$o(config) {
         inboxCapacity,
     };
 }
-const FACTORY_META$V = {
+const FACTORY_META$W = {
     base: TRANSPORT_LISTENER_FACTORY_BASE_TYPE,
     key: 'BroadcastChannelListener',
 };
@@ -29323,7 +29504,7 @@ class BroadcastChannelListenerFactory extends TransportListenerFactory {
 var broadcastChannelListenerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     BroadcastChannelListenerFactory: BroadcastChannelListenerFactory,
-    FACTORY_META: FACTORY_META$V,
+    FACTORY_META: FACTORY_META$W,
     default: BroadcastChannelListenerFactory
 });
@@ -29447,7 +29628,7 @@ class HttpConnectionGrantImpl {
         this.purpose = 'connection';
     }
 }
-const FACTORY_META$U = {
+const FACTORY_META$V = {
     base: CONNECTOR_FACTORY_BASE_TYPE,
     key: HTTP_STATELESS_CONNECTOR_TYPE,
 };
@@ -29616,7 +29797,7 @@ class HttpStatelessConnectorFactory extends ConnectorFactory {
 var httpStatelessConnectorFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$U,
+    FACTORY_META: FACTORY_META$V,
     HttpStatelessConnectorFactory: HttpStatelessConnectorFactory,
     default: HttpStatelessConnectorFactory
 });
@@ -29629,7 +29810,7 @@ class InPageConnectionGrantImpl {
         this.purpose = 'connection';
     }
 }
-const FACTORY_META$T = {
+const FACTORY_META$U = {
     base: CONNECTOR_FACTORY_BASE_TYPE,
     key: INPAGE_CONNECTOR_TYPE,
 };
@@ -29778,7 +29959,7 @@ class InPageConnectorFactory extends ConnectorFactory {
 var inpageConnectorFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$T,
+    FACTORY_META: FACTORY_META$U,
     InPageConnectorFactory: InPageConnectorFactory,
     default: InPageConnectorFactory
 });
@@ -29791,7 +29972,7 @@ class BroadcastChannelConnectionGrantImpl {
         this.purpose = 'connection';
     }
 }
-const FACTORY_META$S = {
+const FACTORY_META$T = {
     base: CONNECTOR_FACTORY_BASE_TYPE,
     key: BROADCAST_CHANNEL_CONNECTOR_TYPE$1,
 };
@@ -29939,7 +30120,7 @@ class BroadcastChannelConnectorFactory extends ConnectorFactory {
 var broadcastChannelConnectorFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     BroadcastChannelConnectorFactory: BroadcastChannelConnectorFactory,
-    FACTORY_META: FACTORY_META$S,
+    FACTORY_META: FACTORY_META$T,
     default: BroadcastChannelConnectorFactory
 });
@@ -32447,7 +32628,7 @@ function normalizeServiceName(value) {
 // import { registerRuntimeFactories } from "../util/register-runtime-factories.js";
 const FAME_FABRIC_FACTORY_BASE_TYPE = 'FameFabricFactory';
-const FACTORY_META$R = {
+const FACTORY_META$S = {
     base: FAME_FABRIC_FACTORY_BASE_TYPE,
     key: 'InProcessFameFabric',
 };
@@ -32467,7 +32648,7 @@ class InProcessFameFabricFactory extends core.FameFabricFactory {
 var inProcessFameFabricFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$R,
+    FACTORY_META: FACTORY_META$S,
     FAME_FABRIC_FACTORY_BASE_TYPE: FAME_FABRIC_FACTORY_BASE_TYPE,
     InProcessFameFabricFactory: InProcessFameFabricFactory,
     default: InProcessFameFabricFactory
@@ -34264,7 +34445,7 @@ class NoopTraceEmitter extends BaseTraceEmitter {
     }
 }
-const FACTORY_META$Q = {
+const FACTORY_META$R = {
     base: TRACE_EMITTER_FACTORY_BASE_TYPE,
     key: 'NoopTraceEmitter',
 };
@@ -34282,7 +34463,7 @@ class NoopTraceEmitterFactory extends TraceEmitterFactory {
 var noopTraceEmitterFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$Q,
+    FACTORY_META: FACTORY_META$R,
     NoopTraceEmitterFactory: NoopTraceEmitterFactory,
     default: NoopTraceEmitterFactory
 });
@@ -34537,7 +34718,7 @@ function getOtelApiModule() {
     }
     return otelApiModulePromise;
 }
-const FACTORY_META$P = {
+const FACTORY_META$Q = {
     base: TRACE_EMITTER_FACTORY_BASE_TYPE,
     key: 'OpenTelemetryTraceEmitter',
 };
@@ -34707,7 +34888,7 @@ function extractHeaders(value) {
 var openTelemetryTraceEmitterFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$P,
+    FACTORY_META: FACTORY_META$Q,
     OpenTelemetryTraceEmitterFactory: OpenTelemetryTraceEmitterFactory,
     default: OpenTelemetryTraceEmitterFactory
 });
@@ -34728,7 +34909,7 @@ const PROFILE_MAP$3 = {
     [PROFILE_NAME_NOOP$1]: NOOP_PROFILE$1,
     [PROFILE_NAME_OPEN_TELEMETRY]: OPEN_TELEMETRY_PROFILE,
 };
-const FACTORY_META$O = {
+const FACTORY_META$P = {
     base: TRACE_EMITTER_FACTORY_BASE_TYPE,
     key: 'TraceEmitterProfile',
 };
@@ -34808,7 +34989,7 @@ function deepClone$2(value) {
 var traceEmitterProfileFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$O,
+    FACTORY_META: FACTORY_META$P,
     PROFILE_NAME_NOOP: PROFILE_NAME_NOOP$1,
     PROFILE_NAME_OPEN_TELEMETRY: PROFILE_NAME_OPEN_TELEMETRY,
     TraceEmitterProfileFactory: TraceEmitterProfileFactory,
@@ -34978,7 +35159,7 @@ function withOption(source, keys) {
         [camelKey]: value,
     };
 }
-const FACTORY_META$N = {
+const FACTORY_META$O = {
     base: DELIVERY_POLICY_FACTORY_BASE_TYPE,
     key: 'AtLeastOnceDeliveryPolicy',
 };
@@ -34986,7 +35167,7 @@ const FACTORY_META$N = {
 var atLeastOnceDeliveryPolicyFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     AtLeastOnceDeliveryPolicyFactory: AtLeastOnceDeliveryPolicyFactory,
-    FACTORY_META: FACTORY_META$N,
+    FACTORY_META: FACTORY_META$O,
     default: AtLeastOnceDeliveryPolicyFactory
 });
@@ -35013,7 +35194,7 @@ class AtMostOnceDeliveryPolicyFactory extends DeliveryPolicyFactory {
 }
 registerDeliveryPolicyFactory('AtMostOnceDeliveryPolicy', AtMostOnceDeliveryPolicyFactory);
 registerDeliveryPolicyFactory('AtMostOnceMessageDeliveryPolicy', AtMostOnceDeliveryPolicyFactory);
-const FACTORY_META$M = {
+const FACTORY_META$N = {
     base: DELIVERY_POLICY_FACTORY_BASE_TYPE,
     key: 'AtMostOnceDeliveryPolicy',
 };
@@ -35021,7 +35202,7 @@ const FACTORY_META$M = {
 var atMostOnceDeliveryPolicyFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     AtMostOnceDeliveryPolicyFactory: AtMostOnceDeliveryPolicyFactory,
-    FACTORY_META: FACTORY_META$M,
+    FACTORY_META: FACTORY_META$N,
     default: AtMostOnceDeliveryPolicyFactory
 });
@@ -35114,7 +35295,7 @@ function resolveProfileConfig$1(profileName) {
 function deepClone$1(value) {
     return JSON.parse(JSON.stringify(value));
 }
-const FACTORY_META$L = {
+const FACTORY_META$M = {
     base: DELIVERY_POLICY_FACTORY_BASE_TYPE,
     key: 'DeliveryProfile',
 };
@@ -35122,7 +35303,7 @@ const FACTORY_META$L = {
 var deliveryProfileFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     DeliveryProfileFactory: DeliveryProfileFactory,
-    FACTORY_META: FACTORY_META$L,
+    FACTORY_META: FACTORY_META$M,
     PROFILE_NAME_AT_LEAST_ONCE: PROFILE_NAME_AT_LEAST_ONCE,
     PROFILE_NAME_AT_MOST_ONCE: PROFILE_NAME_AT_MOST_ONCE,
     default: DeliveryProfileFactory
@@ -35351,7 +35532,7 @@ const PROFILE_MAP$1 = {
     [PROFILE_NAME_NOOP]: NOOP_PROFILE,
     [PROFILE_NAME_NONE]: NOOP_PROFILE,
 };
-const FACTORY_META$K = {
+const FACTORY_META$L = {
     base: ADMISSION_CLIENT_FACTORY_BASE_TYPE,
     key: 'AdmissionProfile',
 };
@@ -35398,7 +35579,7 @@ function deepClone(value) {
 var admissionProfileFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     AdmissionProfileFactory: AdmissionProfileFactory,
-    FACTORY_META: FACTORY_META$K,
+    FACTORY_META: FACTORY_META$L,
     default: AdmissionProfileFactory
 });
@@ -35480,7 +35661,7 @@ function cloneGrant(grant) {
     return JSON.parse(JSON.stringify(grant));
 }
-const FACTORY_META$J = {
+const FACTORY_META$K = {
     base: ADMISSION_CLIENT_FACTORY_BASE_TYPE,
     key: 'DirectAdmissionClient',
 };
@@ -35532,11 +35713,11 @@ function normalizeConfig$l(config) {
 var directAdmissionClientFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     DirectAdmissionClientFactory: DirectAdmissionClientFactory,
-    FACTORY_META: FACTORY_META$J,
+    FACTORY_META: FACTORY_META$K,
     default: DirectAdmissionClientFactory
 });
-const FACTORY_META$I = {
+const FACTORY_META$J = {
     base: ADMISSION_CLIENT_FACTORY_BASE_TYPE,
     key: 'NoopAdmissionClient',
 };
@@ -35585,7 +35766,7 @@ function normalizeConfig$k(config, factoryArgs) {
 var noopAdmissionClientFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$I,
+    FACTORY_META: FACTORY_META$J,
     NoopAdmissionClientFactory: NoopAdmissionClientFactory,
     default: NoopAdmissionClientFactory
 });
@@ -35600,7 +35781,7 @@ class NoAuthInjectionStrategy {
     }
 }
-const FACTORY_META$H = {
+const FACTORY_META$I = {
     base: AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE,
     key: 'NoAuth',
 };
@@ -35629,7 +35810,7 @@ function normalizeConfig$j(config) {
 var noAuthInjectionStrategyFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$H,
+    FACTORY_META: FACTORY_META$I,
     NoAuthInjectionStrategyFactory: NoAuthInjectionStrategyFactory,
     default: NoAuthInjectionStrategyFactory
 });
@@ -35778,7 +35959,7 @@ function convertKeysToCamelCase(value) {
     return result;
 }
-const FACTORY_META$G = {
+const FACTORY_META$H = {
     base: ADMISSION_CLIENT_FACTORY_BASE_TYPE,
     key: 'WelcomeServiceClient',
 };
@@ -35848,7 +36029,7 @@ async function createAuthStrategy(config) {
 var welcomeServiceClientFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$G,
+    FACTORY_META: FACTORY_META$H,
     WelcomeServiceClientFactory: WelcomeServiceClientFactory,
     default: WelcomeServiceClientFactory
 });
@@ -35966,7 +36147,7 @@ class StaticNodePlacementStrategyFactory extends NodePlacementStrategyFactory {
         });
     }
 }
-const FACTORY_META$F = {
+const FACTORY_META$G = {
     base: NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE,
     key: 'StaticNodePlacementStrategy',
 };
@@ -35976,7 +36157,7 @@ registerNodePlacementStrategyFactory('StaticNodePlacementStrategy', StaticNodePl
 var staticNodePlacementStrategyFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$F,
+    FACTORY_META: FACTORY_META$G,
     StaticNodePlacementStrategyFactory: StaticNodePlacementStrategyFactory,
     default: StaticNodePlacementStrategyFactory
 });
@@ -36135,7 +36316,7 @@ function connectorTypeName(connector) {
     return typeof connector;
 }
-const FACTORY_META$E = {
+const FACTORY_META$F = {
     base: AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE,
     key: 'BearerTokenHeaderAuth',
 };
@@ -36176,7 +36357,7 @@ function normalizeConfig$g(config) {
 var bearerTokenHeaderAuthInjectionStrategyFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     BearerTokenHeaderAuthInjectionStrategyFactory: BearerTokenHeaderAuthInjectionStrategyFactory,
-    FACTORY_META: FACTORY_META$E,
+    FACTORY_META: FACTORY_META$F,
     default: BearerTokenHeaderAuthInjectionStrategyFactory
 });
@@ -36203,7 +36384,7 @@ function normalizeConfig$f(config) {
 function isTokenVerifier(candidate) {
     return Boolean(candidate && typeof candidate.verify === 'function');
 }
-const FACTORY_META$D = {
+const FACTORY_META$E = {
     base: AUTHORIZER_FACTORY_BASE_TYPE,
     key: 'DefaultAuthorizer',
 };
@@ -36233,7 +36414,7 @@ class DefaultAuthorizerFactory extends AuthorizerFactory {
 var defaultAuthorizerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     DefaultAuthorizerFactory: DefaultAuthorizerFactory,
-    FACTORY_META: FACTORY_META$D,
+    FACTORY_META: FACTORY_META$E,
     default: DefaultAuthorizerFactory
 });
@@ -36244,7 +36425,7 @@ function getJwksJwtTokenVerifierModule() {
     }
     return jwksJwtTokenVerifierModulePromise;
 }
-const FACTORY_META$C = {
+const FACTORY_META$D = {
     base: TOKEN_VERIFIER_FACTORY_BASE_TYPE,
     key: 'JWKSJWTTokenVerifier',
 };
@@ -36306,12 +36487,12 @@ function normalizeConfig$e(config) {
 var jwksJwtTokenVerifierFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$C,
+    FACTORY_META: FACTORY_META$D,
     JWKSTokenVerifierFactory: JWKSTokenVerifierFactory,
     default: JWKSTokenVerifierFactory
 });
-const FACTORY_META$B = {
+const FACTORY_META$C = {
     base: TOKEN_ISSUER_FACTORY_BASE_TYPE,
     key: 'JWTTokenIssuer',
 };
@@ -36508,12 +36689,12 @@ function getProviderKeyId(provider) {
 var jwtTokenIssuerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$B,
+    FACTORY_META: FACTORY_META$C,
     JWTTokenIssuerFactory: JWTTokenIssuerFactory,
     default: JWTTokenIssuerFactory
 });
-const FACTORY_META$A = {
+const FACTORY_META$B = {
     base: TOKEN_VERIFIER_FACTORY_BASE_TYPE,
     key: 'JWTTokenVerifier',
 };
@@ -36681,7 +36862,7 @@ function getProviderVerificationKey(provider) {
 var jwtTokenVerifierFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$A,
+    FACTORY_META: FACTORY_META$B,
     JWTTokenVerifierFactory: JWTTokenVerifierFactory,
     default: JWTTokenVerifierFactory
 });
@@ -36697,7 +36878,7 @@ class NoneTokenProvider {
     }
 }
-const FACTORY_META$z = {
+const FACTORY_META$A = {
     base: TOKEN_PROVIDER_FACTORY_BASE_TYPE,
     key: 'NoneTokenProvider',
 };
@@ -36714,7 +36895,7 @@ class NoneTokenProviderFactory extends TokenProviderFactory {
 var noneTokenProviderFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$z,
+    FACTORY_META: FACTORY_META$A,
     NoneTokenProviderFactory: NoneTokenProviderFactory,
     default: NoneTokenProviderFactory
 });
@@ -36766,7 +36947,7 @@ class NoopAuthorizer {
     }
 }
-const FACTORY_META$y = {
+const FACTORY_META$z = {
     base: AUTHORIZER_FACTORY_BASE_TYPE,
     key: 'NoopAuthorizer',
 };
@@ -36782,7 +36963,7 @@ class NoopAuthorizerFactory extends AuthorizerFactory {
 var noopAuthorizerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$y,
+    FACTORY_META: FACTORY_META$z,
     NoopAuthorizerFactory: NoopAuthorizerFactory,
     default: NoopAuthorizerFactory
 });
@@ -36796,7 +36977,7 @@ class NoopTokenIssuer {
     }
 }
-const FACTORY_META$x = {
+const FACTORY_META$y = {
     base: TOKEN_ISSUER_FACTORY_BASE_TYPE,
     key: 'NoopTokenIssuer',
 };
@@ -36812,7 +36993,7 @@ class NoopTokenIssuerFactory extends TokenIssuerFactory {
 var noopTokenIssuerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$x,
+    FACTORY_META: FACTORY_META$y,
     NoopTokenIssuerFactory: NoopTokenIssuerFactory,
     default: NoopTokenIssuerFactory
 });
@@ -36834,7 +37015,7 @@ class NoopTokenVerifier {
     }
 }
-const FACTORY_META$w = {
+const FACTORY_META$x = {
     base: TOKEN_VERIFIER_FACTORY_BASE_TYPE,
     key: 'NoopTokenVerifier',
 };
@@ -36850,7 +37031,7 @@ class NoopTokenVerifierFactory extends TokenVerifierFactory {
 var noopTokenVerifierFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$w,
+    FACTORY_META: FACTORY_META$x,
     NoopTokenVerifierFactory: NoopTokenVerifierFactory,
     default: NoopTokenVerifierFactory
 });
@@ -36863,7 +37044,7 @@ function getOAuth2AuthorizerModule() {
     }
     return oauth2AuthorizerModulePromise;
 }
-const FACTORY_META$v = {
+const FACTORY_META$w = {
     base: AUTHORIZER_FACTORY_BASE_TYPE,
     key: 'OAuth2Authorizer',
 };
@@ -37008,7 +37189,7 @@ function normalizeTokenVerifierConfig({ config, issuer, jwksUrl, algorithm, }) {
 var oauth2AuthorizerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$v,
+    FACTORY_META: FACTORY_META$w,
     OAuth2AuthorizerFactory: OAuth2AuthorizerFactory,
     default: OAuth2AuthorizerFactory
 });
@@ -37048,7 +37229,7 @@ function normalizeConfig$a(config) {
     }
     return normalized;
 }
-const FACTORY_META$u = {
+const FACTORY_META$v = {
     base: TOKEN_PROVIDER_FACTORY_BASE_TYPE,
     key: 'OAuth2ClientCredentialsTokenProvider',
 };
@@ -37079,7 +37260,7 @@ class OAuth2ClientCredentialsTokenProviderFactory extends TokenProviderFactory {
 var oauth2ClientCredentialsTokenProviderFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$u,
+    FACTORY_META: FACTORY_META$v,
     OAuth2ClientCredentialsTokenProviderFactory: OAuth2ClientCredentialsTokenProviderFactory,
     default: OAuth2ClientCredentialsTokenProviderFactory
 });
@@ -37161,7 +37342,7 @@ function normalizeConfig$9(config) {
     }
     return normalized;
 }
-const FACTORY_META$t = {
+const FACTORY_META$u = {
     base: TOKEN_PROVIDER_FACTORY_BASE_TYPE,
     key: 'OAuth2PkceTokenProvider',
 };
@@ -37216,7 +37397,7 @@ class OAuth2PkceTokenProviderFactory extends TokenProviderFactory {
 var oauth2PkceTokenProviderFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$t,
+    FACTORY_META: FACTORY_META$u,
     OAuth2PkceTokenProviderFactory: OAuth2PkceTokenProviderFactory,
     default: OAuth2PkceTokenProviderFactory
 });
@@ -37266,7 +37447,7 @@ class QueryParamAuthInjectionStrategy {
     }
 }
-const FACTORY_META$s = {
+const FACTORY_META$t = {
     base: AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE,
     key: 'QueryParamAuth',
 };
@@ -37306,7 +37487,7 @@ function normalizeConfig$8(config) {
 var queryParamAuthInjectionStrategyFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$s,
+    FACTORY_META: FACTORY_META$t,
     QueryParamAuthInjectionStrategyFactory: QueryParamAuthInjectionStrategyFactory,
     default: QueryParamAuthInjectionStrategyFactory
 });
@@ -37342,7 +37523,7 @@ function normalizeConfig$7(config) {
         secretConfig: normalizeSecretSource(secretSource),
     };
 }
-const FACTORY_META$r = {
+const FACTORY_META$s = {
     base: AUTHORIZER_FACTORY_BASE_TYPE,
     key: 'SharedSecretAuthorizer',
 };
@@ -37361,7 +37542,7 @@ class SharedSecretAuthorizerFactory extends AuthorizerFactory {
 var sharedSecretAuthorizerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$r,
+    FACTORY_META: FACTORY_META$s,
     SharedSecretAuthorizerFactory: SharedSecretAuthorizerFactory,
     default: SharedSecretAuthorizerFactory
 });
@@ -37397,7 +37578,7 @@ function normalizeConfig$6(config) {
         secretConfig: normalizeSecretSource(secretSource),
     };
 }
-const FACTORY_META$q = {
+const FACTORY_META$r = {
     base: TOKEN_PROVIDER_FACTORY_BASE_TYPE,
     key: 'SharedSecretTokenProvider',
 };
@@ -37416,7 +37597,7 @@ class SharedSecretTokenProviderFactory extends TokenProviderFactory {
 var sharedSecretTokenProviderFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$q,
+    FACTORY_META: FACTORY_META$r,
     SharedSecretTokenProviderFactory: SharedSecretTokenProviderFactory,
     default: SharedSecretTokenProviderFactory
 });
@@ -37460,7 +37641,7 @@ function normalizeConfig$5(config) {
     }
     return normalized;
 }
-const FACTORY_META$p = {
+const FACTORY_META$q = {
     base: TOKEN_VERIFIER_FACTORY_BASE_TYPE,
     key: 'SharedSecretTokenVerifier',
 };
@@ -37485,7 +37666,7 @@ class SharedSecretTokenVerifierFactory extends TokenVerifierFactory {
 var sharedSecretTokenVerifierFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$p,
+    FACTORY_META: FACTORY_META$q,
     SharedSecretTokenVerifierFactory: SharedSecretTokenVerifierFactory,
     default: SharedSecretTokenVerifierFactory
 });
@@ -37600,7 +37781,7 @@ function normalizeConfig$4(config) {
     }
     return options;
 }
-const FACTORY_META$o = {
+const FACTORY_META$p = {
     base: TOKEN_PROVIDER_FACTORY_BASE_TYPE,
     key: 'StaticTokenProvider',
 };
@@ -37617,7 +37798,7 @@ class StaticTokenProviderFactory extends TokenProviderFactory {
 var staticTokenProviderFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$o,
+    FACTORY_META: FACTORY_META$p,
     StaticTokenProviderFactory: StaticTokenProviderFactory,
     default: StaticTokenProviderFactory
 });
@@ -37668,7 +37849,7 @@ class WebSocketSubprotocolAuthInjectionStrategy {
     }
 }
-const FACTORY_META$n = {
+const FACTORY_META$o = {
     base: AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE,
     key: 'WebSocketSubprotocolAuth',
 };
@@ -37710,7 +37891,7 @@ function normalizeConfig$3(config) {
 var websocketSubprotocolAuthInjectionStrategyFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$n,
+    FACTORY_META: FACTORY_META$o,
     WebSocketSubprotocolAuthInjectionStrategyFactory: WebSocketSubprotocolAuthInjectionStrategyFactory,
     default: WebSocketSubprotocolAuthInjectionStrategyFactory
 });
@@ -37758,7 +37939,7 @@ class DevFixedKeyCredentialProviderFactory extends CredentialProviderFactory {
         throw new Error('DevFixedKeyCredentialProvider requires keyHex or keyBase64');
     }
 }
-const FACTORY_META$m = {
+const FACTORY_META$n = {
     base: CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE,
     key: 'DevFixedKeyCredentialProvider',
 };
@@ -37766,7 +37947,7 @@ const FACTORY_META$m = {
 var devFixedKeyCredentialProviderFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     DevFixedKeyCredentialProviderFactory: DevFixedKeyCredentialProviderFactory,
-    FACTORY_META: FACTORY_META$m,
+    FACTORY_META: FACTORY_META$n,
     default: DevFixedKeyCredentialProviderFactory,
     normalizeDevFixedConfig: normalizeDevFixedConfig
 });
@@ -37782,14 +37963,14 @@ class NoneCredentialProviderFactory extends CredentialProviderFactory {
         return new NoneCredentialProvider();
     }
 }
-const FACTORY_META$l = {
+const FACTORY_META$m = {
     base: CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE,
     key: 'NoneCredentialProvider',
 };
 var noneCredentialProviderFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$l,
+    FACTORY_META: FACTORY_META$m,
     NoneCredentialProviderFactory: NoneCredentialProviderFactory,
     default: NoneCredentialProviderFactory
 });
@@ -37827,14 +38008,14 @@ class SessionKeyCredentialProviderFactory extends CredentialProviderFactory {
         return new SessionKeyCredentialProvider(resolved.length);
     }
 }
-const FACTORY_META$k = {
+const FACTORY_META$l = {
     base: CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE,
     key: 'SessionKeyCredentialProvider',
 };
 var sessionKeyCredentialProviderFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$k,
+    FACTORY_META: FACTORY_META$l,
     SessionKeyCredentialProviderFactory: SessionKeyCredentialProviderFactory,
     default: SessionKeyCredentialProviderFactory,
     normalizeSessionKeyConfig: normalizeSessionKeyConfig
@@ -37872,9 +38053,10 @@ function normalizeDefaultSecurityManagerConfig(config) {
     ensureAlias('keyValidator', 'key_validator');
     ensureAlias('eventListeners', 'event_listeners');
     ensureAlias('cryptoProvider', 'crypto_provider');
+    ensureAlias('trustStoreProvider', 'trust_store_provider');
     return normalized;
 }
-const FACTORY_META$j = {
+const FACTORY_META$k = {
     base: SECURITY_MANAGER_FACTORY_BASE_TYPE,
     key: 'DefaultSecurityManager',
 };
@@ -37920,6 +38102,7 @@ class DefaultSecurityManagerFactory extends SecurityManagerFactory {
         const certificateManager = DefaultSecurityManagerFactory.extractInstance(config, 'certificateManager', 'certificate_manager');
         const secureChannelManager = DefaultSecurityManagerFactory.extractInstance(config, 'secureChannelManager', 'secure_channel_manager');
         const cryptoProvider = DefaultSecurityManagerFactory.extractInstance(config, 'cryptoProvider', 'crypto_provider');
+        const trustStoreProvider = DefaultSecurityManagerFactory.extractInstance(config, 'trustStoreProvider', 'trust_store_provider');
         const listenersSource = overrides?.eventListeners ??
             config.eventListeners ??
             config.event_listeners;
@@ -37939,10 +38122,11 @@ class DefaultSecurityManagerFactory extends SecurityManagerFactory {
             secureChannelManager,
             eventListeners,
             cryptoProvider: cryptoProvider ?? null,
+            trustStoreProvider: trustStoreProvider ?? null,
         };
     }
     static async buildSecurityManager(options) {
-        let { config, createOptions, policy, envelopeSigner, envelopeVerifier, encryptionManager, keyStore, keyManager, keyValidator, authorizer, certificateManager, secureChannelManager, eventListeners, cryptoProvider, } = options;
+        let { config, createOptions, policy, envelopeSigner, envelopeVerifier, encryptionManager, keyStore, keyManager, keyValidator, authorizer, certificateManager, secureChannelManager, eventListeners, cryptoProvider, trustStoreProvider, } = options;
         if (!keyStore) {
             keyStore = await DefaultSecurityManagerFactory.getOrCreateKeyStore(config, createOptions ?? null);
         }
@@ -37955,6 +38139,10 @@ class DefaultSecurityManagerFactory extends SecurityManagerFactory {
         if (!policy) {
             throw new Error('DefaultSecurityManagerFactory could not resolve a SecurityPolicy');
         }
+        if (!trustStoreProvider) {
+            trustStoreProvider =
+                await TrustStoreProviderFactory.createTrustStoreProvider();
+        }
         if (!keyManager) {
             keyManager =
                 await DefaultSecurityManagerFactory.createKeyManagerFromConfig(config, policy, keyStore, createOptions ?? null);
@@ -37965,7 +38153,7 @@ class DefaultSecurityManagerFactory extends SecurityManagerFactory {
         }
         if (!envelopeVerifier) {
             envelopeVerifier =
-                await DefaultSecurityManagerFactory.createEnvelopeVerifierFromConfig(config, policy, keyManager);
+                await DefaultSecurityManagerFactory.createEnvelopeVerifierFromConfig(config, policy, keyManager, trustStoreProvider);
         }
         if (!encryptionManager || !secureChannelManager) {
             const encryptionResult = await DefaultSecurityManagerFactory.createEncryptionManagerFromConfig(config, policy, keyManager, secureChannelManager, cryptoProvider ?? null);
@@ -38065,7 +38253,7 @@ class DefaultSecurityManagerFactory extends SecurityManagerFactory {
             throw error instanceof Error ? error : new Error(String(error));
         }
     }
-    static async createEnvelopeVerifierFromConfig(config, policy, keyManager) {
+    static async createEnvelopeVerifierFromConfig(config, policy, keyManager, trustStoreProvider) {
         const verifierConfig = config.envelope_verifier ?? config.envelopeVerifier ?? null;
         if (verifierConfig &&
             DefaultSecurityManagerFactory.isConfigLike(verifierConfig)) {
@@ -38089,7 +38277,7 @@ class DefaultSecurityManagerFactory extends SecurityManagerFactory {
             }
             const signing = policy.signing ?? null;
             return await EnvelopeVerifierFactory.createEnvelopeVerifier(null, {
-                factoryArgs: [keyManager, signing ?? null],
+                factoryArgs: [keyManager, signing ?? null, { trustStoreProvider }],
             });
         }
         catch (error) {
@@ -38330,11 +38518,11 @@ class DefaultSecurityManagerFactory extends SecurityManagerFactory {
 var defaultSecurityManagerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     DefaultSecurityManagerFactory: DefaultSecurityManagerFactory,
-    FACTORY_META: FACTORY_META$j,
+    FACTORY_META: FACTORY_META$k,
     default: DefaultSecurityManagerFactory
 });
-const FACTORY_META$i = {
+const FACTORY_META$j = {
     base: ENCRYPTION_MANAGER_FACTORY_BASE_TYPE,
     key: 'NoopEncryptionManager',
 };
@@ -38391,7 +38579,7 @@ class NoopEncryptionManagerFactory extends EncryptionManagerFactory {
 var noopEncryptionManagerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$i,
+    FACTORY_META: FACTORY_META$j,
     NoopEncryptionManagerFactory: NoopEncryptionManagerFactory,
     default: NoopEncryptionManagerFactory
 });
@@ -38463,7 +38651,7 @@ class NoopSecureChannelManager {
     }
 }
-const FACTORY_META$h = {
+const FACTORY_META$i = {
     base: SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE,
     key: 'NoopSecureChannelManager',
 };
@@ -38480,12 +38668,12 @@ class NoopSecureChannelManagerFactory extends SecureChannelManagerFactory {
 var noopSecureChannelManagerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$h,
+    FACTORY_META: FACTORY_META$i,
     NoopSecureChannelManagerFactory: NoopSecureChannelManagerFactory,
     default: NoopSecureChannelManagerFactory
 });
-const FACTORY_META$g = {
+const FACTORY_META$h = {
     base: KEY_MANAGER_FACTORY_BASE_TYPE,
     key: 'DefaultKeyManager',
 };
@@ -38514,7 +38702,7 @@ class DefaultKeyManagerFactory extends KeyManagerFactory {
 var defaultKeyManagerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     DefaultKeyManagerFactory: DefaultKeyManagerFactory,
-    FACTORY_META: FACTORY_META$g,
+    FACTORY_META: FACTORY_META$h,
     default: DefaultKeyManagerFactory
 });
@@ -38699,7 +38887,7 @@ class InMemoryKeyStore extends KeyStore {
 }
 registerDefaultKeyStoreFactory(() => new InMemoryKeyStore());
-const FACTORY_META$f = {
+const FACTORY_META$g = {
     base: KEY_STORE_FACTORY_BASE_TYPE,
     key: 'InMemoryKeyStore',
 };
@@ -38734,12 +38922,12 @@ class InMemoryKeyStoreFactory extends KeyStoreFactory {
 var inMemoryKeyStoreFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$f,
+    FACTORY_META: FACTORY_META$g,
     InMemoryKeyStoreFactory: InMemoryKeyStoreFactory,
     default: InMemoryKeyStoreFactory
 });
-const FACTORY_META$e = {
+const FACTORY_META$f = {
     base: ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE,
     key: 'NoopKeyValidator',
 };
@@ -38757,12 +38945,12 @@ class NoopKeyValidatorFactory extends AttachmentKeyValidatorFactory {
 var noopKeyValidatorFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$e,
+    FACTORY_META: FACTORY_META$f,
     NoopKeyValidatorFactory: NoopKeyValidatorFactory,
     default: NoopKeyValidatorFactory
 });
-const FACTORY_META$d = {
+const FACTORY_META$e = {
     base: SECURITY_POLICY_FACTORY_BASE_TYPE,
     key: 'DefaultSecurityPolicy',
 };
@@ -38823,11 +39011,11 @@ function normalizeConfig$2(config) {
 var defaultSecurityPolicyFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     DefaultSecurityPolicyFactory: DefaultSecurityPolicyFactory,
-    FACTORY_META: FACTORY_META$d,
+    FACTORY_META: FACTORY_META$e,
     default: DefaultSecurityPolicyFactory
 });
-const FACTORY_META$c = {
+const FACTORY_META$d = {
     base: SECURITY_POLICY_FACTORY_BASE_TYPE,
     key: 'NoSecurityPolicy',
 };
@@ -38855,7 +39043,7 @@ function normalizeConfig$1(config) {
 var noSecurityPolicyFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
-    FACTORY_META: FACTORY_META$c,
+    FACTORY_META: FACTORY_META$d,
     NoSecurityPolicyFactory: NoSecurityPolicyFactory,
     default: NoSecurityPolicyFactory
 });
@@ -38870,7 +39058,7 @@ async function getEdDSAEnvelopeSignerModule() {
     }
     return eddsaEnvelopeSignerModulePromise;
 }
-const FACTORY_META$b = {
+const FACTORY_META$c = {
     base: ENVELOPE_SIGNER_FACTORY_BASE_TYPE,
     key: 'EdDSAEnvelopeSigner',
 };
@@ -38899,7 +39087,7 @@ class EdDSAEnvelopeSignerFactory extends EnvelopeSignerFactory {
 var eddsaEnvelopeSignerFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     EdDSAEnvelopeSignerFactory: EdDSAEnvelopeSignerFactory,
-    FACTORY_META: FACTORY_META$b,
+    FACTORY_META: FACTORY_META$c,
     default: EdDSAEnvelopeSignerFactory
 });
@@ -38913,7 +39101,7 @@ async function getEdDSAEnvelopeVerifierModule() {
     }
     return eddsaEnvelopeVerifierModulePromise;
 }
-const FACTORY_META$a = {
+const FACTORY_META$b = {
     base: ENVELOPE_VERIFIER_FACTORY_BASE_TYPE,
     key: 'EdDSAEnvelopeVerifier',
 };
@@ -38939,10 +39127,35 @@ class EdDSAEnvelopeVerifierFactory extends EnvelopeVerifierFactory {
 var eddsaEnvelopeVerifierFactory = /*#__PURE__*/Object.freeze({
     __proto__: null,
     EdDSAEnvelopeVerifierFactory: EdDSAEnvelopeVerifierFactory,
-    FACTORY_META: FACTORY_META$a,
+    FACTORY_META: FACTORY_META$b,
     default: EdDSAEnvelopeVerifierFactory
 });
+const FACTORY_META$a = {
+    base: TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE,
+    key: "NoopTrustStoreProvider",
+    isDefault: true,
+    priority: 10,
+};
+class NoopTrustStoreProviderFactory extends TrustStoreProviderFactory {
+    constructor() {
+        super(...arguments);
+        this.type = "NoopTrustStoreProvider";
+        this.isDefault = true;
+        this.priority = 10;
+    }
+    async create(_config, ..._factoryArgs) {
+        return new NoopTrustStoreProvider();
+    }
+}
+var noopTrustStoreProviderFactory = /*#__PURE__*/Object.freeze({
+    __proto__: null,
+    FACTORY_META: FACTORY_META$a,
+    NoopTrustStoreProviderFactory: NoopTrustStoreProviderFactory,
+    default: NoopTrustStoreProviderFactory
+});
 const FACTORY_META$9 = {
     base: ROUTING_POLICY_FACTORY_BASE,
     key: 'CapabilityAwareRoutingPolicy',
@@ -41589,146 +41802,6 @@ var sharedSecretTokenVerifier = /*#__PURE__*/Object.freeze({
     SharedSecretTokenVerifier: SharedSecretTokenVerifier
 });
-if (!ed25519.hashes.sha512) {
-    ed25519.hashes.sha512 = (message) => sha2_js.sha512(message);
-}
-function normalizeSignerOptions(options) {
-    if (!options || typeof options !== 'object') {
-        return {};
-    }
-    const candidate = options;
-    const result = {
-        ...options,
-    };
-    const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
-    if (cryptoProvider !== undefined) {
-        result.cryptoProvider = cryptoProvider ?? null;
-    }
-    const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
-    if (signingConfig !== undefined) {
-        result.signingConfig = signingConfig;
-    }
-    const privateKeyPem = resolveAlias(candidate, [
-        'privateKeyPem',
-        'private_key_pem',
-    ]);
-    if (privateKeyPem !== undefined) {
-        result.privateKeyPem = privateKeyPem;
-    }
-    const keyId = resolveAlias(candidate, [
-        'keyId',
-        'key_id',
-    ]);
-    if (keyId !== undefined) {
-        result.keyId = keyId;
-    }
-    return result;
-}
-class EdDSAEnvelopeSigner {
-    constructor(options = {}) {
-        const normalized = normalizeSignerOptions(options);
-        const provider = normalized.cryptoProvider ?? null;
-        if (!provider) {
-            throw new Error('No crypto provider is configured for signing');
-        }
-        this.crypto = provider;
-        const signingConfigOption = normalized.signingConfig;
-        if (signingConfigOption instanceof SigningConfig) {
-            this.signingConfig = signingConfigOption;
-        }
-        else if (signingConfigOption) {
-            this.signingConfig = new SigningConfig(signingConfigOption);
-        }
-        else {
-            this.signingConfig = new SigningConfig();
-        }
-        this.explicitPrivateKey = normalized.privateKeyPem;
-        this.explicitKeyId = normalized.keyId;
-    }
-    signEnvelope(envelope, { physicalPath }) {
-        if (!envelope.sid) {
-            throw new Error('Envelope missing sid');
-        }
-        const frame = envelope.frame;
-        if (frame.type === 'Data') {
-            const dataFrame = frame;
-            if (!dataFrame.pd) {
-                const payload = dataFrame.payload ?? '';
-                const payloadString = payload === '' ? '' : canonicalJson(payload);
-                dataFrame.pd = secureDigest(payloadString);
-            }
-        }
-        const digest = frameDigest(frame);
-        const immutable = canonicalJson(immutableHeaders(envelope));
-        const sidDigest = secureDigest(physicalPath);
-        const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
-            1 +
-            encodeUtf8(immutable).length +
-            1 +
-            encodeUtf8(digest).length);
-        const sidBytes = encodeUtf8(sidDigest);
-        const immBytes = encodeUtf8(immutable);
-        const digBytes = encodeUtf8(digest);
-        let offset = 0;
-        tbs.set(sidBytes, offset);
-        offset += sidBytes.length;
-        tbs[offset] = 0x1f;
-        offset += 1;
-        tbs.set(immBytes, offset);
-        offset += immBytes.length;
-        tbs[offset] = 0x1f;
-        offset += 1;
-        tbs.set(digBytes, offset);
-        const privateKey = this.loadPrivateKey();
-        const signatureBytes = ed25519.sign(tbs, privateKey);
-        const signature = urlsafeBase64Encode(signatureBytes);
-        const kid = this.determineKeyId();
-        const signatureHeader = {
-            kid,
-            val: signature,
-            alg: 'EdDSA',
-        };
-        const secHeader = envelope.sec ?? {};
-        secHeader.sig = signatureHeader;
-        envelope.sec = secHeader;
-        return envelope;
-    }
-    loadPrivateKey() {
-        const pem = this.explicitPrivateKey ??
-            readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
-        if (!pem) {
-            throw new Error('Crypto provider does not expose a signing private key');
-        }
-        return parseEd25519PrivateKey(pem);
-    }
-    determineKeyId() {
-        if (this.explicitKeyId) {
-            return this.explicitKeyId;
-        }
-        if (this.signingConfig.signingMaterial === core.SigningMaterial.X509_CHAIN) {
-            const certificateProvider = this
-                .crypto;
-            const jwk = certificateProvider.nodeJwk?.();
-            if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
-                const kid = jwk.kid;
-                if (typeof kid === 'string' && kid.length > 0) {
-                    return kid;
-                }
-            }
-        }
-        const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
-        if (!fallback) {
-            throw new Error('Crypto provider does not expose a signature key id');
-        }
-        return fallback;
-    }
-}
-var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
-});
 async function loadPublicKey(jwk, signingConfig) {
     if (jwk.x5c) {
         if (signingConfig.signingMaterial !== core.SigningMaterial.X509_CHAIN) {
@@ -41989,7 +42062,7 @@ exports.CertificateManagerFactory = CertificateManagerFactory;
 exports.ConnectorConfigDefaults = ConnectorConfigDefaults;
 exports.ConnectorFactory = ConnectorFactory;
 exports.ConsoleMetricsEmitter = ConsoleMetricsEmitter;
-exports.DEFAULT_WELCOME_FACTORY_META = FACTORY_META$Z;
+exports.DEFAULT_WELCOME_FACTORY_META = FACTORY_META$_;
 exports.DefaultCryptoProvider = DefaultCryptoProvider;
 exports.DefaultHttpServer = DefaultHttpServer;
 exports.DefaultKeyManager = DefaultKeyManager;
@@ -42010,6 +42083,7 @@ exports.ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE;
 exports.ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER = ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER;
 exports.ENV_VAR_JWT_TRUSTED_ISSUER = ENV_VAR_JWT_TRUSTED_ISSUER;
 exports.ENV_VAR_SHOW_ENVELOPES = ENV_VAR_SHOW_ENVELOPES$1;
+exports.EdDSAEnvelopeSigner = EdDSAEnvelopeSigner;
 exports.EncryptedKeyValueStore = EncryptedKeyValueStore;
 exports.EncryptedStorageProviderBase = EncryptedStorageProviderBase;
 exports.EncryptedValue = EncryptedValue;
@@ -42022,7 +42096,7 @@ exports.EnvelopeListenerManager = EnvelopeListenerManager;
 exports.EnvelopeSecurityHandler = EnvelopeSecurityHandler;
 exports.EnvelopeSignerFactory = EnvelopeSignerFactory;
 exports.EnvelopeVerifierFactory = EnvelopeVerifierFactory;
-exports.FACTORY_META = FACTORY_META$_;
+exports.FACTORY_META = FACTORY_META$$;
 exports.FAME_FABRIC_FACTORY_BASE_TYPE = FAME_FABRIC_FACTORY_BASE_TYPE;
 exports.FIXED_PREFIX_LEN = FIXED_PREFIX_LEN;
 exports.FameAuthorizedDeliveryContextSchema = FameAuthorizedDeliveryContextSchema;
@@ -42076,6 +42150,7 @@ exports.NodePlacementStrategyFactory = NodePlacementStrategyFactory;
 exports.NoneCredentialProvider = NoneCredentialProvider;
 exports.NoopEncryptionManager = NoopEncryptionManager;
 exports.NoopKeyValidator = NoopKeyValidator;
+exports.NoopTrustStoreProvider = NoopTrustStoreProvider;
 exports.NotAuthorized = NotAuthorized;
 exports.PROFILE_NAME_GATED = PROFILE_NAME_GATED;
 exports.PROFILE_NAME_GATED_CALLBACK = PROFILE_NAME_GATED_CALLBACK;
@@ -42122,12 +42197,14 @@ exports.TOKEN_PROVIDER_FACTORY_BASE_TYPE = TOKEN_PROVIDER_FACTORY_BASE_TYPE;
 exports.TOKEN_VERIFIER_FACTORY_BASE_TYPE = TOKEN_VERIFIER_FACTORY_BASE_TYPE;
 exports.TRANSPORT_LISTENER_FACTORY_BASE_TYPE = TRANSPORT_LISTENER_FACTORY_BASE_TYPE;
 exports.TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE = TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE;
+exports.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE = TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE;
 exports.TaskSpawner = TaskSpawner;
 exports.TokenIssuerFactory = TokenIssuerFactory;
 exports.TokenProviderFactory = TokenProviderFactory;
 exports.TokenVerifierFactory = TokenVerifierFactory;
 exports.TransportListener = TransportListener;
 exports.TransportProvisionerFactory = TransportProvisionerFactory;
+exports.TrustStoreProviderFactory = TrustStoreProviderFactory;
 exports.TtlValidationError = TtlValidationError;
 exports.UpstreamSessionManager = UpstreamSessionManager;
 exports.VALID_CURVES_BY_KTY = VALID_CURVES_BY_KTY;