npm - @nice-code/action - Versions diffs - 0.20.0 → 0.22.0 - Mend

@nice-code/action 0.20.0 → 0.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/README.md +140 -109
package/build/{ActionDevtoolsCore-D_JvgPmz.d.mts → ActionDevtoolsCore-CQ0vrvPD.d.cts} +2 -2
package/build/{ActionDevtoolsCore-dV-IVPcP.d.cts → ActionDevtoolsCore-CiLBYC3K.d.mts} +2 -2
package/build/{ActionPayload.types-CnfWlkA1.d.cts → ActionPayload.types-Dx1JPyfs.d.mts} +292 -222
package/build/{ActionPayload.types-D0DM-g65.d.mts → ActionPayload.types-L9k0LyBd.d.cts} +292 -222
package/build/devtools/browser/index.d.cts +1 -1
package/build/devtools/browser/index.d.mts +1 -1
package/build/devtools/server/index.d.cts +1 -1
package/build/devtools/server/index.d.mts +1 -1
package/build/httpAcceptorCarrier-DL8lf0xB.mjs +3906 -0
package/build/httpAcceptorCarrier-DL8lf0xB.mjs.map +1 -0
package/build/httpAcceptorCarrier-OnJxzsAD.cjs +4291 -0
package/build/httpAcceptorCarrier-OnJxzsAD.cjs.map +1 -0
package/build/index.cjs +395 -4125
package/build/index.cjs.map +1 -1
package/build/index.d.cts +2 -2
package/build/index.d.mts +2 -2
package/build/index.mjs +331 -4058
package/build/index.mjs.map +1 -1
package/build/platform/cloudflare/index.cjs +30 -2
package/build/platform/cloudflare/index.cjs.map +1 -1
package/build/platform/cloudflare/index.d.cts +55 -2
package/build/platform/cloudflare/index.d.mts +55 -2
package/build/platform/cloudflare/index.mjs +28 -2
package/build/platform/cloudflare/index.mjs.map +1 -1
package/build/react-query/index.d.cts +1 -1
package/build/react-query/index.d.mts +1 -1
package/package.json +4 -4
package/build/wsAcceptorCarrier-BDJRIPfu.cjs +0 -103
package/build/wsAcceptorCarrier-BDJRIPfu.cjs.map +0 -1
package/build/wsAcceptorCarrier-CW2qX25W.mjs +0 -80
package/build/wsAcceptorCarrier-CW2qX25W.mjs.map +0 -1

package/build/index.cjs CHANGED Viewed

@@ -1,139 +1,11 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const require_rolldown_runtime = require("./rolldown-runtime-emK7D4bc.cjs");
+const require_httpAcceptorCarrier = require("./httpAcceptorCarrier-OnJxzsAD.cjs");
 const require_RunningAction_types = require("./RunningAction.types-DjCX1xp5.cjs");
-const require_wsAcceptorCarrier = require("./wsAcceptorCarrier-BDJRIPfu.cjs");
 let nanoid = require("nanoid");
 let _nice_code_error = require("@nice-code/error");
-let _nice_code_common_errors = require("@nice-code/common-errors");
-let std_env = require("std-env");
-let _nice_code_util = require("@nice-code/util");
-let valibot = require("valibot");
-valibot = require_rolldown_runtime.__toESM(valibot, 1);
 let msgpackr = require("msgpackr");
-const UNSET_RUNTIME_ENV_ID = "_unset_";
-//#endregion
-//#region src/ActionRuntime/utils/runtimeCoordinateToStringIds.ts
-function runtimeCoordinateToStringIds(coordinate) {
-	return [
-		`envId[${coordinate.envId}]perId[${coordinate.perId ?? "_"}]:insId[${coordinate.insId ?? "_"}]`,
-		`envId[${coordinate.envId}]perId[${coordinate.perId ?? "_"}]:insId[_]`,
-		`envId[${coordinate.envId}]perId[_]:insId[_]`
-	];
-}
-//#endregion
-//#region src/ActionRuntime/RuntimeCoordinate.ts
-var RuntimeCoordinate = class RuntimeCoordinate {
-	envId;
-	perId;
-	insId;
-	static get unknown() {
-		return new RuntimeCoordinate({ envId: UNSET_RUNTIME_ENV_ID });
-	}
-	static env(envId) {
-		return new RuntimeCoordinate({ envId });
-	}
-	withPersistentId(perId) {
-		return this.specify({ perId });
-	}
-	constructor({ envId, perId, insId }) {
-		this.envId = envId;
-		this.perId = perId;
-		this.insId = insId;
-	}
-	specify(specifics) {
-		return new RuntimeCoordinate({
-			envId: this.envId,
-			perId: this.perId,
-			insId: this.insId,
-			...specifics
-		});
-	}
-	specifyIfUnset(specifics) {
-		return new RuntimeCoordinate({
-			envId: this.envId,
-			perId: this.perId ?? specifics.perId,
-			insId: this.insId ?? specifics.insId
-		});
-	}
-	toJsonObject() {
-		return {
-			envId: this.envId,
-			perId: this.perId,
-			insId: this.insId
-		};
-	}
-	isExactlySame(other) {
-		return this.envId === other.envId && this.perId === other.perId && this.insId === other.insId;
-	}
-	isSameFor(other) {
-		return {
-			id: this.envId === other.envId,
-			perId: this.envId === other.envId && this.perId === other.perId,
-			insId: this.envId === other.envId && this.perId === other.perId && this.insId === other.insId
-		};
-	}
-	similarityLevel(other) {
-		const sameFor = this.isSameFor(other);
-		if (sameFor.insId) return 3;
-		if (sameFor.perId) return 2;
-		if (sameFor.id) return 1;
-		return 0;
-	}
-	get stringId() {
-		return `envId[${this.envId}]perId[${this.perId ?? "_"}]:insId[${this.insId ?? "_"}]`;
-	}
-	/**
-	* Takes the "Runtime Coordinate" and generates a list of full coordinate IDs representing the runtime
-	* with decreasing levels of specificity.
-	*
-	* The first full coordinate ID is the most specific (including instance ID), while the last ID is
-	* the least specific (only environment ID).
-	*
-	* Example output for a RuntimeCoordinate with envId "web_app", perId "user123", and insId "instance456":
-	* [
-	*   "envId[web_app]perId[user123]:insId[instance456]",
-	*   "envId[web_app]perId[user123]:insId[_]",
-	*   "envId[web_app]perId[_]:insId[_]"
-	* ]
-	*
-	* @returns a list of "full" runtime coordinate IDs with decreasing accuracy for targeting a runtime.
-	*/
-	toStringIds() {
-		return runtimeCoordinateToStringIds(this);
-	}
-};
-//#endregion
-//#region src/ActionDefinition/Action/ActionBase.ts
-var ActionBase = class {
-	form;
-	_domain;
-	id;
-	domain;
-	allDomains;
-	schema;
-	constructor(form, _domain, id) {
-		this.form = form;
-		this._domain = _domain;
-		this.id = id;
-		this.domain = _domain.domain;
-		this.allDomains = _domain.allDomains;
-		this.schema = _domain.actionSchema[id];
-	}
-	toJsonObject() {
-		return {
-			form: this.form,
-			domain: this.domain,
-			allDomains: this.allDomains,
-			id: this.id
-		};
-	}
-	toJsonString() {
-		return JSON.stringify(this.toJsonObject());
-	}
-};
-//#endregion
 //#region src/ActionDefinition/Action/Context/ActionContext.ts
-var ActionContext = class extends ActionBase {
+var ActionContext = class extends require_httpAcceptorCarrier.ActionBase {
 	_domain;
 	form = "context";
 	_routing;
@@ -198,180 +70,8 @@ var ActionContext = class extends ActionBase {
 	}
 };
 //#endregion
-//#region src/ActionDefinition/Action/Payload/ActionPayload.ts
-var ActionPayload = class extends ActionBase {
-	form = "data";
-	type;
-	context;
-	time;
-	constructor(context, type, data) {
-		super("data", context._domain, context.id);
-		this.context = context;
-		this.type = type;
-		this.time = data.time;
-	}
-	toBaseJsonObject() {
-		return {
-			...super.toJsonObject(),
-			type: this.type,
-			context: this.context.toContextDataJsonObject(),
-			time: this.time
-		};
-	}
-};
-//#endregion
-//#region src/utils/hashPayloadData.ts
-function stableStringify(value) {
-	if (value === null || value === void 0) return String(value);
-	if (typeof value !== "object") return JSON.stringify(value) ?? "undefined";
-	if (Array.isArray(value)) return `[${value.map(stableStringify).join(",")}]`;
-	return "{" + Object.keys(value).sort().map((k) => `${JSON.stringify(k)}:${stableStringify(value[k])}`).join(",") + "}";
-}
-function fnv1a32(str) {
-	let hash = 2166136261;
-	for (let i = 0; i < str.length; i++) hash = (hash ^ str.charCodeAt(i)) * 16777619 >>> 0;
-	return hash.toString(16).padStart(8, "0");
-}
-/**
-* Produces a deterministic 8-char hex hash of any JSON-serializable value.
-* Useful for grouping/comparing action inputs, outputs, and progress payloads.
-*/
-function hashPayloadData(data) {
-	return fnv1a32(stableStringify(data));
-}
-//#endregion
-//#region src/ActionDefinition/Action/Payload/ActionPayload.types.ts
-let EActionPayloadType = /* @__PURE__ */ function(EActionPayloadType) {
-	EActionPayloadType["request"] = "request";
-	EActionPayloadType["progress"] = "progress";
-	EActionPayloadType["result"] = "result";
-	EActionPayloadType["stream"] = "stream";
-	EActionPayloadType["push"] = "push";
-	return EActionPayloadType;
-}({});
-/**
-*
-*  [ PROGRESS ]
-*
-*/
-let EActionProgressType = /* @__PURE__ */ function(EActionProgressType) {
-	EActionProgressType["none"] = "none";
-	EActionProgressType["percentage"] = "percentage";
-	EActionProgressType["custom"] = "custom";
-	return EActionProgressType;
-}({});
-//#endregion
-//#region src/ActionDefinition/Action/Payload/ActionPayload_Progress.ts
-var ActionPayload_Progress = class extends ActionPayload {
-	progress;
-	constructor(params, progress, data) {
-		super(params.context, "progress", data);
-		this.progress = progress;
-	}
-	toJsonObject() {
-		return {
-			...this.toBaseJsonObject(),
-			progress: this.progress
-		};
-	}
-	toJsonString() {
-		return JSON.stringify(this.toJsonObject());
-	}
-	toHttpResponse() {
-		return new Response(this.toJsonString(), {
-			status: 200,
-			headers: { "Content-Type": "application/json" }
-		});
-	}
-};
-//#endregion
-//#region src/ActionDefinition/Action/Payload/ActionPayload_Result.ts
-var ActionPayload_Result = class extends ActionPayload {
-	result;
-	outputHash;
-	constructor(params, result, data) {
-		super(params.context, "result", data);
-		this.result = result;
-		this.outputHash = result.ok ? hashPayloadData(this.context.schema.serializeOutput(result.output)) : hashPayloadData(result.error.message);
-	}
-	toJsonObject() {
-		const wireResult = this.result.ok ? {
-			ok: true,
-			output: this.context.schema.serializeOutput(this.result.output)
-		} : this.result;
-		return {
-			...this.toBaseJsonObject(),
-			result: wireResult,
-			outputHash: this.outputHash
-		};
-	}
-	toJsonString() {
-		return JSON.stringify(this.toJsonObject());
-	}
-	toHttpResponse({ useErrorStatus = true } = {}) {
-		return new Response(this.toJsonString(), {
-			status: this.result.ok ? 200 : useErrorStatus ? this.result.error.httpStatusCode : 500,
-			headers: { "Content-Type": "application/json" }
-		});
-	}
-};
-//#endregion
-//#region src/ActionDefinition/Action/Payload/ActionPayload_Request.ts
-var ActionPayload_Request = class extends ActionPayload {
-	input;
-	inputHash;
-	_callSite;
-	constructor(params, input, data) {
-		super(params.context, "request", data);
-		this.input = input;
-		this.inputHash = hashPayloadData(this.context.schema.serializeInput(input));
-	}
-	successResult(...args) {
-		const output = args[0];
-		const finalOutput = this.context.schema.validateOutput(output, {
-			domain: this.domain,
-			actionId: this.id
-		});
-		return new ActionPayload_Result(this, {
-			ok: true,
-			output: finalOutput
-		}, { time: Date.now() });
-	}
-	errorResult(err) {
-		return new ActionPayload_Result(this, {
-			ok: false,
-			error: err
-		}, { time: Date.now() });
-	}
-	progress(progress) {
-		return new ActionPayload_Progress(this, progress, { time: Date.now() });
-	}
-	toJsonObject() {
-		return {
-			...super.toBaseJsonObject(),
-			input: this.context.schema.serializeInput(this.input),
-			inputHash: this.inputHash
-		};
-	}
-	toJsonString() {
-		return JSON.stringify(this.toJsonObject());
-	}
-	async runToOutput(options) {
-		const result = await (await this.run(options)).waitForResultPayload();
-		if (result.result.ok) return result.result.output;
-		throw result.result.error;
-	}
-	async runToResultPayload(options) {
-		return (await this.run(options)).waitForResultPayload();
-	}
-	async run(options) {
-		if (this._callSite == null) this._callSite = (/* @__PURE__ */ new Error()).stack;
-		return this._domain.runAction(this, options);
-	}
-};
-//#endregion
 //#region src/ActionDefinition/Action/Core/ActionCore.ts
-var ActionCore = class extends ActionBase {
+var ActionCore = class extends require_httpAcceptorCarrier.ActionBase {
 	_domain;
 	form = "core";
 	constructor(_domain, id) {
@@ -379,7 +79,7 @@ var ActionCore = class extends ActionBase {
 		this._domain = _domain;
 	}
 	is(action) {
-		return action instanceof ActionPayload && action.domain === this.domain && action.id === this.id;
+		return action instanceof require_httpAcceptorCarrier.ActionPayload && action.domain === this.domain && action.id === this.id;
 	}
 	toJsonObject() {
 		return {
@@ -395,11 +95,11 @@ var ActionCore = class extends ActionBase {
 			actionId: this.id,
 			domain: this.domain
 		});
-		return new ActionPayload_Request({ context: new ActionContext(this._domain, this.id, {
+		return new require_httpAcceptorCarrier.ActionPayload_Request({ context: new ActionContext(this._domain, this.id, {
 			cuid: (0, nanoid.nanoid)(),
 			timeCreated: Date.now(),
 			routing: [],
-			originClient: RuntimeCoordinate.unknown
+			originClient: require_httpAcceptorCarrier.RuntimeCoordinate.unknown
 		}) }, validatedInput, { time: Date.now() });
 	}
 	deserializeInput(serialized) {
@@ -422,2624 +122,355 @@ var ActionCore = class extends ActionBase {
 	}
 };
 //#endregion
-//#region src/ActionDefinition/Action/RunningAction.ts
-var RunningAction = class {
-	_state;
-	context;
-	cuid;
-	id;
-	_domain;
+//#region src/utils/isAction_Context_JsonObject.ts
+const isAction_Context_JsonObject = (obj) => {
+	return require_httpAcceptorCarrier.isAction_Base_JsonObject(obj) && obj.form === "context";
+};
+//#endregion
+//#region src/utils/isAction_Core_JsonObject.ts
+const isAction_Core_JsonObject = (obj) => {
+	return require_httpAcceptorCarrier.isAction_Base_JsonObject(obj) && obj.form === "core";
+};
+//#endregion
+//#region src/utils/isAction_Any_JsonObject.ts
+function isAction_Any_JsonObject(obj) {
+	return require_httpAcceptorCarrier.isActionPayload_Any_JsonObject(obj) || isAction_Context_JsonObject(obj) || isAction_Core_JsonObject(obj);
+}
+//#endregion
+//#region src/utils/assertIsActionJson.ts
+function assertIsActionJson(obj) {
+	if (!isAction_Any_JsonObject(obj)) throw require_httpAcceptorCarrier.err_nice_action.fromId("wire_not_action_data");
+}
+//#endregion
+//#region src/utils/isAction_Any_Instance.ts
+function isAction_Any_Instance(value) {
+	return value instanceof ActionCore || value instanceof require_httpAcceptorCarrier.ActionPayload || value instanceof ActionContext;
+}
+//#endregion
+//#region src/ActionDefinition/Domain/ActionDomainBase.ts
+var ActionDomainBase = class {
 	domain;
 	allDomains;
-	parentCuid;
-	callSite;
-	_resultPayloadPromise;
-	_resolveResult;
-	_rejectResult;
-	_isAborted = false;
-	_updates = [];
-	_updateListeners = [];
-	constructor(initialState) {
-		this.context = initialState.context;
-		this.cuid = initialState.context.cuid;
-		this.id = initialState.context.id;
-		this.domain = initialState.context.domain;
-		this.allDomains = initialState.context.allDomains;
-		this._domain = initialState.context._domain;
-		this.parentCuid = initialState.parentCuid;
-		this.callSite = initialState.callSite;
-		this._resultPayloadPromise = new Promise((resolve, reject) => {
-			this._resolveResult = resolve;
-			this._rejectResult = reject;
-		});
-		this._resultPayloadPromise.catch(() => {});
-		this._state = {
-			request: initialState.request,
-			progress: initialState.progress ?? [],
-			result: initialState.result
-		};
-		this._sendUpdate({
-			type: "started",
-			runningAction: this,
-			time: Date.now()
-		});
-	}
-	get state() {
-		return this._state;
-	}
-	abort(reason) {
-		this._abort(reason);
+	actionSchema;
+	_listeners = [];
+	constructor(definition) {
+		this.domain = definition.domain;
+		this.allDomains = definition.allDomains;
+		this.actionSchema = definition.actionSchema;
 	}
-	addUpdateListeners(listeners) {
-		this._updateListeners.push(...listeners);
-		for (const event of this._updates) for (const listener of listeners) listener(event);
+	/**
+	* Add an observer that is called after every action dispatched through this domain.
+	* Returns an unsubscribe function — call it to remove the listener.
+	*/
+	addActionListener(listener) {
+		this._listeners.push(listener);
 		return () => {
-			for (const listener of listeners) {
-				const i = this._updateListeners.indexOf(listener);
-				if (i !== -1) this._updateListeners.splice(i, 1);
-			}
+			this._listeners = this._listeners.filter((l) => l !== listener);
 		};
 	}
-	async *iterateUpdates() {
-		const queue = [];
-		let resolveWaiter = null;
-		const unsubscribe = this.addUpdateListeners([(event) => {
-			queue.push(event);
-			if (resolveWaiter) {
-				resolveWaiter();
-				resolveWaiter = null;
-			}
-		}]);
-		try {
-			while (true) {
-				if (queue.length === 0) await new Promise((resolve) => {
-					resolveWaiter = resolve;
-				});
-				const event = queue.shift();
-				yield event;
-				if (event.type === "finished") break;
-			}
-		} finally {
-			unsubscribe();
-		}
+	/**
+	* @internal
+	* Observers registered directly on this domain via {@link addActionListener}.
+	* Used to wire observers (e.g. devtools) onto RunningActions that aren't created
+	* through the local-dispatch path — notably inbound actions pushed from a backend
+	* or another client over a bidirectional transport.
+	*/
+	_getActionObservers() {
+		return this._listeners;
 	}
-	_sendUpdate(update) {
-		this._updates.push(update);
-		for (const listener of this._updateListeners) listener(update);
+};
+//#endregion
+//#region src/ActionRuntime/ActionRuntimeManager.ts
+var ActionRuntimeManager = class {
+	_runtimes = /* @__PURE__ */ new Map();
+	_preferredRuntimeClientId = null;
+	_context;
+	constructor(context) {
+		this._context = context ?? {};
 	}
-	_completeWithResult(result) {
-		if (this._state.result != null || this._isAborted) return false;
-		this._state = {
-			request: this._state.request,
-			progress: this._state.progress,
-			result
-		};
-		this._resolveResult(result);
-		this._sendUpdate({
-			type: "finished",
-			finishType: "success",
-			runningAction: this,
-			time: Date.now(),
-			response: result
+	registerRuntime(runtime) {
+		const runtimeId = runtime.coordinate.stringId;
+		if (this._runtimes.has(runtimeId)) throw require_httpAcceptorCarrier.err_nice_action.fromId("client_runtime_already_registered", {
+			context: this._context,
+			client: runtime.coordinate
 		});
-		return true;
+		for (const id of runtime.coordinate.toStringIds()) {
+			if (this._runtimes.has(id)) continue;
+			this._runtimes.set(id, runtime);
+		}
 	}
-	_abort(reason) {
-		if (this._state.result != null || this._isAborted) return false;
-		this._isAborted = true;
-		this._rejectResult(reason);
-		this._sendUpdate({
-			type: "finished",
-			finishType: "aborted",
-			runningAction: this,
-			time: Date.now(),
-			reason
+	getRuntimeAndHandlerForAction(action, options, throwOnIssue) {
+		const localRuntime = options?.targetLocalRuntime;
+		if (localRuntime != null) {
+			const runtime = throwOnIssue ? this.getBestRuntimeOrThrow(options?.targetLocalRuntime?.coordinate) : this.getBestRuntime(options?.targetLocalRuntime?.coordinate);
+			if (runtime == null) return;
+			const handler = runtime._getHandlerForAction(action, options);
+			if (handler != null) return {
+				handler,
+				runtime
+			};
+			if (throwOnIssue) throw require_httpAcceptorCarrier.err_nice_action.fromId("no_action_execution_handler", {
+				domain: action.domain,
+				actionId: action.id,
+				specifiedClient: localRuntime.coordinate
+			});
+		}
+		for (const runtime of this._runtimes.values()) {
+			const handler = runtime._getHandlerForAction(action);
+			if (handler) return {
+				handler,
+				runtime
+			};
+		}
+		if (throwOnIssue) throw require_httpAcceptorCarrier.err_nice_action.fromId("no_action_execution_handler", {
+			domain: action.domain,
+			actionId: action.id,
+			specifiedClient: options?.targetLocalRuntime?.coordinate
 		});
-		return true;
 	}
-	_failWithError(error) {
-		if (this._state.result != null || this._isAborted) return false;
-		this._isAborted = true;
-		this._rejectResult(error);
-		this._sendUpdate({
-			type: "finished",
-			finishType: "failed",
-			runningAction: this,
-			time: Date.now(),
-			error
-		});
-		return true;
+	getRuntimeAndHandlerForActionOrThrow(action, options) {
+		return this.getRuntimeAndHandlerForAction(action, options, true);
 	}
-	_updateProgress(progress) {
-		if (this._state.result != null || this._isAborted) return;
-		this._state.progress.push(progress);
-		this._sendUpdate({
-			type: "progress",
-			runningAction: this,
-			time: Date.now(),
-			progress: progress.progress
-		});
+	setPreferredRuntime(runtime) {
+		const runtimeId = runtime.coordinate.stringId;
+		this._preferredRuntimeClientId = runtimeId;
 	}
-	waitForResultPayload() {
-		return this._resultPayloadPromise;
+	getPreferredRuntime() {
+		if (this._preferredRuntimeClientId) {
+			const runtime = this._runtimes.get(this._preferredRuntimeClientId);
+			if (runtime) return runtime;
+		}
+		return this._runtimes.values().next().value;
 	}
-	_resolveFromJson(resultJson) {
-		if (this._state.result != null || this._isAborted) return false;
-		const result = this._domain.hydrateResultPayload(resultJson);
-		return this._completeWithResult(result);
+	getBestRuntimeForSpecifier(clientSpecifier) {
+		const ids = new require_httpAcceptorCarrier.RuntimeCoordinate(clientSpecifier).toStringIds();
+		for (const id of ids) {
+			const runtime = this._runtimes.get(id);
+			if (runtime) return runtime;
+		}
 	}
-};
-//#endregion
-//#region src/errors/err_nice_action.ts
-let EErrId_NiceAction = /* @__PURE__ */ function(EErrId_NiceAction) {
-	EErrId_NiceAction["not_implemented"] = "not_implemented";
-	EErrId_NiceAction["action_id_not_in_domain"] = "action_id_not_in_domain";
-	EErrId_NiceAction["domain_already_exists_in_hierarchy"] = "domain_already_exists_in_hierarchy";
-	EErrId_NiceAction["domain_no_handler"] = "domain_no_handler";
-	EErrId_NiceAction["hydration_domain_mismatch"] = "hydration_domain_mismatch";
-	EErrId_NiceAction["hydration_action_state_mismatch"] = "hydration_action_state_mismatch";
-	EErrId_NiceAction["hydration_action_id_not_found"] = "hydration_action_id_not_found";
-	EErrId_NiceAction["no_action_execution_handler"] = "no_action_execution_handler";
-	EErrId_NiceAction["wire_action_not_payload"] = "wire_action_not_payload";
-	EErrId_NiceAction["wire_not_action_data"] = "wire_not_action_data";
-	EErrId_NiceAction["client_runtime_already_registered"] = "client_runtime_already_registered";
-	EErrId_NiceAction["client_runtime_not_registered"] = "client_runtime_not_registered";
-	EErrId_NiceAction["runtime_reset"] = "runtime_reset";
-	EErrId_NiceAction["no_client_runtimes_registered"] = "no_client_runtimes_registered";
-	EErrId_NiceAction["action_input_validation_failed"] = "action_input_validation_failed";
-	EErrId_NiceAction["action_input_validation_promise"] = "action_input_validation_promise";
-	EErrId_NiceAction["action_output_validation_failed"] = "action_output_validation_failed";
-	EErrId_NiceAction["action_output_validation_promise"] = "action_output_validation_promise";
-	return EErrId_NiceAction;
-}({});
-const err_nice_action = _nice_code_error.err_nice.createChildDomain({
-	domain: "err_nice_action",
-	defaultHttpStatusCode: 500,
-	schema: {
-		["not_implemented"]: (0, _nice_code_error.err)({ message: ({ label }) => `The "${label}" functionality is not implemented yet.` }),
-		["action_id_not_in_domain"]: (0, _nice_code_error.err)({ message: ({ actionId, domain }) => `Action with id "${actionId}" does not exist in domain "${domain}".` }),
-		["domain_already_exists_in_hierarchy"]: (0, _nice_code_error.err)({ message: ({ domain, allParentDomains, parentDomain }) => `Domain "${domain}" already exists in the hierarchy under the parent "${parentDomain}". All parent domains ["${allParentDomains.join(", ")}"]` }),
-		["domain_no_handler"]: (0, _nice_code_error.err)({ message: ({ domain }) => `Domain "${domain}" has no action handler registered.` }),
-		["hydration_domain_mismatch"]: (0, _nice_code_error.err)({ message: ({ expected, received }) => `Cannot hydrate action: domain mismatch. Expected "${expected}", got "${received}".` }),
-		["hydration_action_state_mismatch"]: (0, _nice_code_error.err)({ message: ({ expected, received }) => `Cannot hydrate action: action state type mismatch. Expected "${expected}", got "${received}".` }),
-		["hydration_action_id_not_found"]: (0, _nice_code_error.err)({ message: ({ domain, actionId }) => `Cannot hydrate action: id "${actionId}" does not exist in domain "${domain}".` }),
-		["no_action_execution_handler"]: (0, _nice_code_error.err)({ message: ({ domain, actionId, specifiedClient }) => `${specifiedClient ? ` The targeted client runtime [${specifiedClient.stringId}] has no` : "No"} action handler registered for "${actionId}" in domain "${domain}".` }),
-		["wire_action_not_payload"]: (0, _nice_code_error.err)({ message: ({ domain, actionId, actionState }) => `Cannot handle wire for action "${actionId}" in domain "${domain}": expected action form of "data" and type of "request", "progress" or "result", got "${actionState}".` }),
-		["wire_not_action_data"]: (0, _nice_code_error.err)({ message: () => `Cannot handle wire for action: expected an object with a "domain" property of type string, a "form" property of "data" and a "type" property of "request", "progress" or "result".` }),
-		["runtime_reset"]: (0, _nice_code_error.err)({ message: () => `Runtime has been reset.` }),
-		["client_runtime_already_registered"]: (0, _nice_code_error.err)({ message: ({ context, client }) => `Environment is already registered${context?.domain ? ` on domain "${context.domain}"` : ""} for client [${client.stringId}]. Each client specifier (exact match on all properties) may only be registered once.` }),
-		["client_runtime_not_registered"]: (0, _nice_code_error.err)({ message: ({ context, clientStringId }) => `No runtime registered${context?.domain ? ` on domain "${context.domain}"` : ""} for client [${clientStringId}].` }),
-		["no_client_runtimes_registered"]: (0, _nice_code_error.err)({ message: ({ context }) => `No runtimes registered${context?.domain ? ` on domain "${context.domain}"` : ""}. Add handlers to a runtime via runtime.addHandlers([handler]) before executing actions.` }),
-		["action_input_validation_failed"]: (0, _nice_code_error.err)({
-			message: ({ domain, actionId, validationMessage }) => `Input validation failed for action "${actionId}" in domain "${domain}":\n${validationMessage}`,
-			httpStatusCode: 400
-		}),
-		["action_input_validation_promise"]: (0, _nice_code_error.err)({
-			message: ({ domain, actionId }) => `Input validation for action "${actionId}" in domain "${domain}" returned a promise, which is not supported.`,
-			httpStatusCode: 400
-		}),
-		["action_output_validation_failed"]: (0, _nice_code_error.err)({
-			message: ({ domain, actionId, validationMessage }) => `Output validation failed for action "${actionId}" in domain "${domain}":\n${validationMessage}`,
-			httpStatusCode: 500
-		}),
-		["action_output_validation_promise"]: (0, _nice_code_error.err)({
-			message: ({ domain, actionId }) => `Output validation for action "${actionId}" in domain "${domain}" returned a promise, which is not supported.`,
-			httpStatusCode: 500
-		})
+	getBestRuntime(clientSpecifier) {
+		return clientSpecifier != null ? this.getBestRuntimeForSpecifier(clientSpecifier) : this.getPreferredRuntime();
 	}
-});
-//#endregion
-//#region src/utils/isAction_Base_JsonObject.ts
-const isAction_Base_JsonObject = (obj) => {
-	return typeof obj === "object" && obj !== null && typeof obj.domain === "string" && typeof obj.id === "string" && typeof obj.form === "string";
-};
-//#endregion
-//#region src/utils/isActionPayload_Result_JsonObject.ts
-const isActionPayload_Result_JsonObject = (obj) => {
-	return isAction_Base_JsonObject(obj) && obj.result != null && obj.form === "data" && obj.type === "result";
-};
-//#endregion
-//#region src/ActionDefinition/Schema/ActionSchema.ts
-/**
-* What a sender should expect back from an action — declared on its schema so both ends agree without
-* any wire flag (each derives the mode from the shared `domain:id`).
-*
-* - `payload` — a typed output (the action has `.output(...)`); the sender awaits it.
-* - `ack` — an empty success confirming receipt (no output); the sender may await it to know the
-*   receiver handled it (or to surface an error). This is the default for an action with no output.
-* - `none` — fire-and-forget: the receiver sends no reply and the sender doesn't wait. The sender's
-*   running action completes as soon as the frame is on the wire (no pending reply, no timeout).
-*/
-let EActionResponseMode = /* @__PURE__ */ function(EActionResponseMode) {
-	EActionResponseMode["payload"] = "payload";
-	EActionResponseMode["ack"] = "ack";
-	EActionResponseMode["none"] = "none";
-	return EActionResponseMode;
-}({});
-var ActionSchema = class {
-	_errorDeclarations = [];
-	inputOptions;
-	outputOptions;
-	_responseMode;
-	get inputSchema() {
-		return this.inputOptions?.schema;
+	hasRuntime(runtime) {
+		return this._runtimes.has(runtime.coordinate.stringId);
 	}
-	get outputSchema() {
-		return this.outputOptions?.schema;
-	}
-	/**
-	* The response contract for this action. Defaults are inferred — `payload` when an output schema is
-	* declared, otherwise `ack` — and made explicit by {@link ack} / {@link fireAndForget}.
-	*/
-	get responseMode() {
-		if (this._responseMode != null) return this._responseMode;
-		return this.outputOptions != null ? "payload" : "ack";
-	}
-	/**
-	* Mark this action as expecting only an acknowledgment (an empty success). Mostly for clarity — an
-	* output-less action already acks by default — but it documents intent and reads as the deliberate
-	* counterpart to {@link fireAndForget}.
-	*/
-	ack() {
-		this._responseMode = "ack";
-		return this;
-	}
-	/**
-	* Mark this action as fire-and-forget: the receiver sends no reply, and the sender's running action
-	* completes the moment the frame is sent (no awaited reply, no timeout). Ideal for high-frequency
-	* server→client pushes (presence, ticks) where an ack would only add wire chatter.
-	*/
-	fireAndForget() {
-		this._responseMode = "none";
-		return this;
-	}
-	/**
-	* Declare the input schema (JSON-native or with explicit SERDE type param).
-	* For non-JSON-native inputs, prefer the 3-argument form below to avoid
-	* needing explicit type parameters.
-	*/
-	input(options) {
-		this.inputOptions = options;
-		return this;
-	}
-	/**
-	* Declare the output schema (JSON-native or with explicit SERDE type param).
-	* For non-JSON-native outputs, prefer the 3-argument form below to avoid
-	* needing explicit type parameters.
-	*/
-	output(options) {
-		this.outputOptions = options;
-		return this;
-	}
-	throws(domain, ids) {
-		this._errorDeclarations.push({
-			_domain: domain,
-			_ids: ids
-		});
-		return this;
-	}
-	/**
-	* Serialize raw input to a JSON-serializable form.
-	* Uses the schema's serialization.serialize if defined; otherwise the input
-	* is already JSON-native and is returned as-is.
-	*/
-	serializeInput(rawInput) {
-		if (this.inputOptions?.serialization) return this.inputOptions.serialization.serialize(rawInput);
-		return rawInput;
-	}
-	/**
-	* Deserialize a JSON value back into the raw input type.
-	* Uses serialization.deserialize if defined; otherwise the value is cast
-	* directly (it's already in the correct shape).
-	*/
-	deserializeInput(serialized) {
-		if (this.inputOptions?.serialization) return this.inputOptions.serialization.deserialize(serialized);
-		return serialized;
-	}
-	/**
-	* Validate raw input against the schema defined via `.input({ schema })`.
-	* Throws `action_input_validation_failed` if validation fails.
-	* Returns the validated (and possibly coerced) value on success.
-	* If no input schema was declared, the value is passed through as-is.
-	*/
-	validateInput(value, meta) {
-		if (this.inputOptions?.schema == null) return value;
-		const result = this.inputOptions.schema["~standard"].validate(value);
-		if (result instanceof Promise) throw err_nice_action.fromId("action_input_validation_promise", {
-			domain: meta.domain,
-			actionId: meta.actionId
-		});
-		if (result.issues != null) throw err_nice_action.fromId("action_input_validation_failed", {
-			domain: meta.domain,
-			actionId: meta.actionId,
-			validationMessage: (0, _nice_code_common_errors.extractMessageFromStandardSchema)(result)
-		});
-		return result.value;
-	}
-	validateOutput(value, meta) {
-		if (this.outputOptions?.schema == null) return value;
-		const result = this.outputOptions.schema["~standard"].validate(value);
-		if (result instanceof Promise) throw err_nice_action.fromId("action_output_validation_promise", {
-			domain: meta.domain,
-			actionId: meta.actionId
-		});
-		if (result.issues != null) throw err_nice_action.fromId("action_output_validation_failed", {
-			domain: meta.domain,
-			actionId: meta.actionId,
-			validationMessage: (0, _nice_code_common_errors.extractMessageFromStandardSchema)(result)
-		});
-		return result.value;
-	}
-	/**
-	* Serialize raw output to a JSON-serializable form.
-	*/
-	serializeOutput(rawOutput) {
-		if (this.outputOptions?.serialization) return this.outputOptions.serialization.serialize(rawOutput);
-		return rawOutput;
-	}
-	/**
-	* Deserialize a JSON value back into the raw output type.
-	*/
-	deserializeOutput(serialized) {
-		if (this.outputOptions?.serialization) return this.outputOptions.serialization.deserialize(serialized);
-		return serialized;
-	}
-};
-const actionSchema = () => {
-	return new ActionSchema();
-};
-//#endregion
-//#region src/utils/getAssumedRuntimeEnvironment.ts
-const getAssumedRuntimeInfo = () => {
-	return {
-		assumed: true,
-		runtimeName: std_env.runtime
-	};
-};
-//#endregion
-//#region src/utils/isActionPayload_Progress_JsonObject.ts
-const isActionPayload_Progress_JsonObject = (obj) => {
-	return isAction_Base_JsonObject(obj) && "progress" in obj && obj.form === "data" && obj.type === "progress";
-};
-//#endregion
-//#region src/utils/isActionPayload_Request_JsonObject.ts
-const isActionPayload_Request_JsonObject = (obj) => {
-	return isAction_Base_JsonObject(obj) && "input" in obj && obj.form === "data" && obj.type === "request";
-};
-//#endregion
-//#region src/utils/isActionPayload_Any_JsonObject.ts
-function isActionPayload_Any_JsonObject(obj) {
-	return isActionPayload_Request_JsonObject(obj) || isActionPayload_Result_JsonObject(obj) || isActionPayload_Progress_JsonObject(obj);
-}
-//#endregion
-//#region src/ActionRuntime/HandlerCallStack.ts
-const _stack = [];
-function pushHandlerCuid(cuid) {
-	_stack.push(cuid);
-}
-function popHandlerCuid() {
-	_stack.pop();
-}
-function peekHandlerCuid() {
-	return _stack[_stack.length - 1];
-}
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Connector/err_nice_external_client.ts
-const err_nice_external_client = err_nice_action.createChildDomain({
-	domain: "err_nice_external_client",
-	schema: {}
-});
-//#endregion
-//#region src/ActionRuntime/Transport/err_nice_transport.ts
-let EErrId_NiceTransport = /* @__PURE__ */ function(EErrId_NiceTransport) {
-	EErrId_NiceTransport["timeout"] = "timeout";
-	EErrId_NiceTransport["not_found"] = "not_found";
-	EErrId_NiceTransport["unsupported"] = "unsupported";
-	EErrId_NiceTransport["initialization_failed"] = "initialization_failed";
-	EErrId_NiceTransport["send_failed"] = "send_failed";
-	EErrId_NiceTransport["invalid_action_response"] = "invalid_action_response";
-	return EErrId_NiceTransport;
-}({});
-const err_nice_transport = err_nice_external_client.createChildDomain({
-	domain: "err_nice_transport",
-	schema: {
-		["timeout"]: (0, _nice_code_error.err)({ message: ({ timeout }) => `ActionConnect transport timed out after ${timeout}ms.` }),
-		["not_found"]: (0, _nice_code_error.err)({ message: ({ actionId }) => `No connected transport found for action "${actionId}".` }),
-		["unsupported"]: (0, _nice_code_error.err)({ message: ({ transportShapes }) => `${transportShapes.length} Transport(s) [${transportShapes.join(", ")}] found but returned "unsupported" status.` }),
-		["initialization_failed"]: (0, _nice_code_error.err)({ message: ({ actionId }) => `Transports found for action "${actionId}", but none are ready.` }),
-		["send_failed"]: (0, _nice_code_error.err)({
-			message: ({ actionId, httpStatusCode, message }) => `Failed to send action "${actionId}" [${httpStatusCode ?? "Unknown status"}]: ${message ?? "Unknown error"}.`,
-			httpStatusCode: ({ httpStatusCode }) => httpStatusCode ?? 500
-		}),
-		["invalid_action_response"]: (0, _nice_code_error.err)({ message: ({ actionId }) => `Invalid action response JSON structure for action "${actionId}"` })
-	}
-});
-//#endregion
-//#region src/ActionRuntime/Transport/ConnectionTransportManager.ts
-var ConnectionTransportManager = class {
-	_cache;
-	_transports = [];
-	constructor(_cache) {
-		this._cache = _cache;
-	}
-	addTransport(transport) {
-		this._transports.push(transport);
-	}
-	/**
-	* The highest-priority transport (first declared). Used to label an action's route *before* the
-	* transport has finished connecting — so a still-connecting action shows its (expected) destination
-	* instead of an "unknown" hop. {@link getReadyTransport} still decides the real winner, and the
-	* caller corrects the hop if a lower-priority transport ends up serving the action.
-	*/
-	getPreferredTransport() {
-		return this._transports[0];
-	}
-	async getReadyTransport(routeActionParams) {
-		const action = routeActionParams.action;
-		const candidates = [];
-		const unavailableTransports = [];
-		for (const transport of this._transports) {
-			if (!transport.isAvailable(routeActionParams)) {
-				unavailableTransports.push(transport);
-				continue;
-			}
-			const cacheKey = transport.getCacheKey(routeActionParams);
-			if (cacheKey != null) {
-				const cached = this._cache.get(cacheKey);
-				if (cached != null) {
-					if (cached instanceof Promise) {
-						candidates.push(cached);
-						continue;
-					}
-					candidates.push(Promise.resolve({
-						...cached,
-						transport
-					}));
-					break;
-				}
-			}
-			const statusInfo = transport.getTransport(routeActionParams);
-			if (statusInfo.status === "ready") {
-				const readyData = statusInfo.readyData;
-				if (cacheKey != null) {
-					const entry = {
-						methods: readyData,
-						transport
-					};
-					this._cache.set(cacheKey, entry);
-					readyData.addOnDisconnectListener?.(() => {
-						if (this._cache.get(cacheKey) === entry) this._cache.delete(cacheKey);
-					});
-				}
-				candidates.push(Promise.resolve({
-					methods: readyData,
-					transport
-				}));
-				break;
-			}
-			if (statusInfo.status === "unsupported") {
-				unavailableTransports.push(transport);
-				continue;
-			}
-			if (statusInfo.status === "initializing") {
-				const promise = statusInfo.initializationPromise.then((info) => {
-					if (info.status === "failed") throw info.error;
-					if (info.status === "unsupported") throw err_nice_transport.fromId("unsupported", { transportShapes: [transport.type] });
-					const readyData = info.readyData;
-					const entry = {
-						methods: readyData,
-						transport
-					};
-					if (cacheKey != null) if (this._cache.get(cacheKey) === promise) {
-						this._cache.set(cacheKey, entry);
-						readyData.addOnDisconnectListener?.(() => {
-							if (this._cache.get(cacheKey) === entry) this._cache.delete(cacheKey);
-						});
-					} else readyData.disconnect?.();
-					return entry;
-				}).catch((e) => {
-					if (cacheKey != null && this._cache.get(cacheKey) === promise) this._cache.delete(cacheKey);
-					throw e;
-				});
-				if (cacheKey != null) this._cache.set(cacheKey, promise);
-				candidates.push(promise);
-			}
-		}
-		if (candidates.length === 0) {
-			if (unavailableTransports.length > 0) throw err_nice_transport.fromId("unsupported", { transportShapes: unavailableTransports.map((t) => t.type) });
-			throw err_nice_transport.fromId("not_found", { actionId: action.id });
-		}
-		let lastError;
-		for (const candidate of candidates) try {
-			return await candidate;
-		} catch (e) {
-			lastError = e;
-		}
-		throw err_nice_transport.fromId("initialization_failed", { actionId: action.id }).withOriginError(lastError);
+	getBestRuntimeOrThrow(specifier) {
+		const runtime = this.getBestRuntime(specifier);
+		if (!runtime) {
+			if (specifier == null) throw require_httpAcceptorCarrier.err_nice_action.fromId("no_client_runtimes_registered", { context: this._context });
+			throw require_httpAcceptorCarrier.err_nice_action.fromId("client_runtime_not_registered", {
+				context: this._context,
+				clientStringId: require_httpAcceptorCarrier.runtimeCoordinateToStringIds(specifier)[0]
+			});
+		}
+		return runtime;
 	}
 };
 //#endregion
-//#region src/ActionRuntime/ActionDomainManager.ts
-var ActionDomainManager = class {
-	_domains = /* @__PURE__ */ new Map();
-	addDomain(domain) {
-		this._domains.set(domain.domain, domain);
-	}
-	getDomains() {
-		return [...this._domains.values()];
-	}
-	verifyIsActionJson(action) {
-		if (typeof action.domain !== "string" || typeof action.id !== "string") throw err_nice_action.fromId("wire_not_action_data");
-	}
-	getActionDomain(action) {
-		this.verifyIsActionJson(action);
-		const domain = this._domains.get(action.domain);
-		if (!domain) return;
-		return domain;
-	}
-	getActionDomainOrThrow(action) {
-		this.verifyIsActionJson(action);
-		const domain = this._domains.get(action.domain);
-		if (!domain) throw err_nice_action.fromId("domain_no_handler", { domain: action.domain });
-		return domain;
-	}
-	hydrateActionPayload(actionJson) {
-		return this.getActionDomainOrThrow(actionJson).hydrateAnyAction(actionJson);
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Routing/ActionRouter.ts
-var ActionRouter = class {
-	domainManager = new ActionDomainManager();
-	actionRouteData = /* @__PURE__ */ new Map();
-	_context;
-	constructor(context) {
-		this._context = context;
-	}
-	/** Copy all routes from another router into this one, replacing any overlapping keys. */
-	mergeRouter(actionRouter) {
-		for (const domain of actionRouter.getDomains()) this.domainManager.addDomain(domain);
-		for (const [matchKey, routeDataEntries] of actionRouter.actionRouteData.entries()) this.actionRouteData.set(matchKey, [...routeDataEntries]);
-	}
-	addDomainsFromOther(actionRouter) {
-		for (const domain of actionRouter.getDomains()) this.domainManager.addDomain(domain);
-	}
-	/** All FNs registered for an action, ID-specific entries first then domain wildcard. */
-	getRouteDataEntriesForAction(action) {
-		const idKey = `dom[${action.domain}]id[${action.id}]`;
-		const domKey = `dom[${action.domain}]id[_]`;
-		return [...this.actionRouteData.get(idKey) ?? [], ...this.actionRouteData.get(domKey) ?? []];
-	}
-	/** First FN registered for an action (ID-specific beats domain wildcard). */
-	getRouteDataForAction(action) {
-		return this.getRouteDataEntriesForAction(action)[0];
-	}
-	throwNoHandlerForAction(action, context) {
-		if (this._context.contextType === "handler_route") throw err_nice_action.fromId("no_action_execution_handler", {
-			domain: action.domain,
-			actionId: action.id,
-			specifiedClient: context.targetLocalRuntime?.coordinate
-		});
-		if (this._context.contextType === "runtime_to_handler") throw err_nice_action.fromId("no_action_execution_handler", {
-			domain: action.domain,
-			actionId: action.id,
-			specifiedClient: this._context.runtime.coordinate
-		});
-		throw err_nice_action.fromId("no_action_execution_handler", {
-			domain: action.domain,
-			actionId: action.id
+//#region src/ActionDefinition/Domain/ActionRootDomain.ts
+var ActionRootDomain = class extends ActionDomainBase {
+	domainDefinition;
+	_actionRuntimeManager;
+	constructor(domainDefinition) {
+		const domainId = domainDefinition.domain;
+		super({
+			domain: domainId,
+			allDomains: [domainId],
+			actionSchema: {}
 		});
+		this.domainDefinition = domainDefinition;
+		this._actionRuntimeManager = new ActionRuntimeManager({ domain: domainId });
 	}
-	getRouteDataEntriesForActionOrThrow(action, context) {
-		const entries = this.getRouteDataEntriesForAction(action);
-		if (entries.length === 0) this.throwNoHandlerForAction(action, context);
-		return entries;
-	}
-	getRouteDataForActionOrThrow(action, context) {
-		const routeData = this.getRouteDataForAction(action);
-		if (!routeData) this.throwNoHandlerForAction(action, context);
-		return routeData;
-	}
-	/** All FNs stored under an exact match key. */
-	getForKey(key) {
-		return this.actionRouteData.get(key) ?? [];
-	}
-	/** Every match key that has at least one registered FN. */
-	getRegisteredKeys() {
-		return [...this.actionRouteData.keys()];
-	}
-	getDomains() {
-		return this.domainManager.getDomains();
-	}
-	/** Register a handler for all actions in a domain, replacing any existing one. */
-	forDomain(domain, routeData) {
-		this.domainManager.addDomain(domain);
-		this.actionRouteData.set(`dom[${domain.domain}]id[_]`, [routeData]);
-		return this;
-	}
-	forAction(action, routeData) {
-		return this.forActionId(action._domain, action.id, routeData);
-	}
-	/** Register a handler for a specific action, replacing any existing one. */
-	forActionId(domain, id, routeData) {
-		this.domainManager.addDomain(domain);
-		this.actionRouteData.set(`dom[${domain.domain}]id[${id}]`, [routeData]);
-		return this;
-	}
-	/** Register one handler for several action IDs, replacing any existing ones. */
-	forActionIds(domain, ids, routeData) {
-		this.domainManager.addDomain(domain);
-		for (const id of ids) this.forActionId(domain, id, routeData);
-		return this;
-	}
-	/** Register per-action handlers from a cases map, replacing any existing ones. */
-	forDomainActionCases(domain, cases) {
-		this.domainManager.addDomain(domain);
-		for (const id of Object.keys(cases)) {
-			const routeData = cases[id];
-			if (routeData != null) this.actionRouteData.set(`dom[${domain.domain}]id[${id}]`, [routeData]);
-		}
-		return this;
-	}
-	/** Append a handler for all actions in a domain (accumulates alongside existing). */
-	addForDomain(domain, routeData) {
-		this.domainManager.addDomain(domain);
-		this._push(`dom[${domain.domain}]id[_]`, routeData);
-		return this;
-	}
-	/** Append a handler for a specific action (accumulates alongside existing). */
-	addForAction(domain, id, routeData) {
-		this.domainManager.addDomain(domain);
-		this._push(`dom[${domain.domain}]id[${id}]`, routeData);
-		return this;
-	}
-	/** Append one handler for several action IDs (accumulates alongside existing). */
-	addForActionIds(domain, ids, routeData) {
-		this.domainManager.addDomain(domain);
-		for (const id of ids) this.addForAction(domain, id, routeData);
-		return this;
-	}
-	/** Append per-action handlers from a cases map (accumulates alongside existing). */
-	addForDomainActionCases(domain, cases) {
-		this.domainManager.addDomain(domain);
-		for (const id of Object.keys(cases)) {
-			const routeData = cases[id];
-			if (routeData != null) this._push(`dom[${domain.domain}]id[${id}]`, routeData);
-		}
-		return this;
-	}
-	/** Append a handler directly by its raw match key (used when the key is known ahead of time). */
-	addForKey(key, routeData) {
-		this._push(key, routeData);
-		return this;
-	}
-	_push(key, routeData) {
-		const existing = this.actionRouteData.get(key);
-		if (existing != null) existing.push(routeData);
-		else this.actionRouteData.set(key, [routeData]);
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Handler/ActionHandler.ts
-var ActionHandler = class {
-	cuid;
-	constructor() {
-		this.cuid = (0, nanoid.nanoid)();
-	}
-	getActionRouter() {
-		return this.actionRouter;
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/PeerLinkHandler.ts
-/**
-* Shared base for every handler that routes a domain set to/from *another runtime* (a "peer") — the
-* unified peer-link concept. Both specializations extend this as siblings, differing only in *who
-* establishes the connection*, which is a transport trait, not a routing one:
-*
-* - {@link ConnectorHandler} — **dial-out**: this runtime opens connection(s) to one peer
-*   over a transport stack (with caching + fallback). The classic "client → backend" link.
-* - {@link AcceptorHandler} — **accept-in**: connections are accepted from many peers and fed in
-*   via `receive()`; it keeps a per-connection registry and can push to any of them.
-*
-* To the runtime there is no "client" vs "server" — both are peer-link handlers (`handlerType =
-* external`) keyed to a peer coordinate, chosen by the return-path dispatch via {@link sendReturnPayload}.
-*/
-var PeerLinkHandler = class extends ActionHandler {
-	/** The peer runtime this handler links to (an env-only coordinate for an accept-in handler). */
-	peerClient;
-	handlerType = "peer";
-	actionRouter = new ActionRouter({
-		contextType: "handler_route",
-		handler: this
-	});
-	/** Listeners installed by the runtime (`resolveIncomingActionPayload`) for inbound peer frames. */
-	_incomingActionDataListeners = [];
-	constructor(peerCoordinate) {
-		super();
-		this.peerClient = peerCoordinate;
-	}
-	forDomain(domain) {
-		this.actionRouter.forDomain(domain, true);
-		return this;
-	}
-	forAction(action) {
-		this.actionRouter.forAction(action, true);
-		return this;
-	}
-	forActionIds(domain, ids) {
-		this.actionRouter.forActionIds(domain, ids, true);
-		return this;
-	}
-	_setIncomingActionDataListener(listener) {
-		this._incomingActionDataListeners.push(listener);
-	}
-	/** Hand a decoded inbound frame to the runtime (called by each specialization's receive path). */
-	_emitIncoming(json) {
-		for (const listener of this._incomingActionDataListeners) listener(json);
+	createChildDomain(subDomainDef) {
+		if (this.allDomains.includes(subDomainDef.domain)) throw require_httpAcceptorCarrier.err_nice_action.fromId("domain_already_exists_in_hierarchy", {
+			domain: subDomainDef.domain,
+			allParentDomains: this.allDomains,
+			parentDomain: this.domain
+		});
+		return new ActionDomain({
+			allDomains: [...this.allDomains, subDomainDef.domain],
+			domain: subDomainDef.domain,
+			actionSchema: subDomainDef.actions
+		}, { rootDomain: this });
 	}
-	/**
-	* Whether this handler currently holds a *live* connection bound to `origin`. The runtime's return-path
-	* dispatch ({@link ActionRuntime.getReturnHandlerForOrigin}) prefers a handler that owns the origin's
-	* connection over a mere coordinate match, so with several duplex acceptors a result/push routes back
-	* over the carrier the client connected on. Defaults to `false`; an acceptor overrides it from its
-	* connection registry.
-	*/
-	ownsLiveConnectionFor(_origin) {
-		return false;
+	_registerRuntime(runtime) {
+		this._actionRuntimeManager.registerRuntime(runtime);
 	}
-	/** Release any long-lived connections this handler owns (a teardown). No-op by default. */
-	clearTransportCache() {}
-};
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Connector/ConnectorHandler.ts
-/**
-* Dial-out peer link: this runtime opens connection(s) to one peer over a transport stack (cached, with
-* preference-ordered fallback). The classic "client → backend" handler — but to the runtime it's just a
-* {@link PeerLinkHandler} like the accept-in server one.
-*/
-var ConnectorHandler = class extends PeerLinkHandler {
-	/**
-	* Dial-out can receive (and so return) an unsolicited push only over a duplex transport. With every
-	* transport exchange-only (HTTP), the peer can never push to us — so this link can't deliver one back.
-	*/
-	canPush;
-	_defaultTimeout;
-	_transportCache = /* @__PURE__ */ new Map();
-	transportManager = new ConnectionTransportManager(this._transportCache);
-	constructor({ runtimeCoordinate: peerSpecifier, transports, defaultTimeout }) {
-		super(peerSpecifier);
-		this._defaultTimeout = defaultTimeout ?? 1e4;
-		this.canPush = transports.some((transport) => transport.type === "duplex");
-		for (const transport of transports) {
-			const connection = transport._createConnection({ resolvers: { onIncomingActionDataJson: (json) => this._emitIncoming(json) } });
-			connection.definition = transport;
-			this.transportManager.addTransport(connection);
-		}
+	_hasRuntime(runtime) {
+		return this._actionRuntimeManager.hasRuntime(runtime);
 	}
-	async handleActionRequest(action, config) {
-		const localRuntime = config?.targetLocalRuntime ?? ActionRuntime.getDefault();
-		const localClient = localRuntime.coordinate;
-		const incomingTimeout = config?.timeout ?? this._defaultTimeout;
-		const parentCuid = peekHandlerCuid();
-		const callSite = action._callSite ?? (/* @__PURE__ */ new Error()).stack;
-		const routeParams = {
-			action,
-			localClient,
-			externalClient: this.peerClient
-		};
-		const preferredTransport = this.transportManager.getPreferredTransport();
-		const routeItem = preferredTransport != null ? {
-			runtime: localClient,
-			handler: this.toHandlerRouteItem(preferredTransport, routeParams),
-			time: Date.now()
-		} : void 0;
-		if (routeItem != null) action.context.addRouteItem(routeItem);
-		const runningAction = new RunningAction({
-			context: action.context,
-			request: action,
-			parentCuid,
-			callSite
-		});
-		localRuntime.registerRunningAction(runningAction);
-		this._dispatchWhenTransportReady(runningAction, routeParams, routeItem, incomingTimeout);
-		return runningAction;
+	getRuntime(clientSpecifier) {
+		return this._actionRuntimeManager.getBestRuntimeForSpecifier(clientSpecifier);
 	}
-	async _dispatchWhenTransportReady(runningAction, routeParams, routeItem, incomingTimeout) {
-		const action = routeParams.action;
+	async _runAction(actionPayload, options) {
+		const allListeners = [...this._listeners, ...options?.listeners ?? []];
+		let handlerAndRuntime;
 		try {
-			const { methods, transport } = await this.transportManager.getReadyTransport(routeParams);
-			const handlerRouteItem = this.toHandlerRouteItem(transport, routeParams);
-			if (routeItem != null) {
-				routeItem.handler = handlerRouteItem;
-				routeItem.time = Date.now();
-			} else action.context.addRouteItem({
-				runtime: routeParams.localClient,
-				handler: handlerRouteItem,
-				time: Date.now()
-			});
-			const sendInput = {
-				...routeParams,
-				runningAction,
-				timeout: incomingTimeout
-			};
-			if (action.type === "request" && methods.updateRunConfig != null) sendInput.timeout = methods.updateRunConfig(sendInput)?.timeout ?? incomingTimeout;
-			methods.sendActionData(sendInput);
-			if (action.type === "request" && action.schema.responseMode === "none") runningAction._completeWithResult(action.successResult(void 0));
+			handlerAndRuntime = this._actionRuntimeManager.getRuntimeAndHandlerForActionOrThrow(actionPayload, options);
 		} catch (err) {
-			runningAction._abort(err);
-		}
-	}
-	/**
-	* Dispatch a result or progress payload directly back to the external client via the best
-	* available bidirectional transport (WebSocket / Custom). Used for return-path routing when the
-	* local runtime recognises that it has a direct channel to the action's originClient.
-	*
-	* Returns `true` if the payload was sent, `false` if no suitable transport was available.
-	*/
-	async sendReturnPayload(payload, config) {
-		const localClient = config.targetLocalRuntime.coordinate;
-		try {
-			const { methods } = await this.transportManager.getReadyTransport({
-				action: payload,
-				localClient,
-				externalClient: this.peerClient
-			});
-			if (methods.sendReturnData == null) return false;
-			methods.sendReturnData(payload, {
-				localClient,
-				externalClient: this.peerClient
+			const runningAction = new require_httpAcceptorCarrier.RunningAction({
+				context: actionPayload.context,
+				request: actionPayload,
+				callSite: actionPayload._callSite
 			});
-			return true;
-		} catch {
-			return false;
+			runningAction.addUpdateListeners(allListeners);
+			runningAction._failWithError(err);
+			throw err;
 		}
-	}
-	toJsonObject() {
-		return {
-			type: this.handlerType,
-			client: this.peerClient
-		};
-	}
-	toHandlerRouteItem(transport, input) {
-		return {
-			type: this.handlerType,
-			client: this.peerClient,
-			transOrd: transport.transOrd,
-			transShape: transport.type,
-			transInfo: transport.getRouteInfo(input)
-		};
-	}
-	clearTransportCache() {
-		for (const entry of this._transportCache.values()) if (entry instanceof Promise) entry.then((ready) => ready.methods.disconnect?.()).catch(() => {});
-		else entry.methods.disconnect?.();
-		this._transportCache.clear();
+		const { handler, runtime } = handlerAndRuntime;
+		actionPayload.context._setOriginClient(runtime.coordinate);
+		const runningAction = await handler.handleActionRequest(actionPayload, { targetLocalRuntime: runtime });
+		runningAction.addUpdateListeners(allListeners);
+		return runningAction;
 	}
 };
-const createConnectorHandler = (config) => {
-	return new ConnectorHandler(config);
-};
 //#endregion
-//#region src/ActionRuntime/ActionRuntime.ts
-var ActionRuntime = class {
-	_coordinate;
-	timeCreated;
-	runtimeInfo = getAssumedRuntimeInfo();
-	actionRouter;
-	_pendingRunningActions = /* @__PURE__ */ new Map();
-	_registeredPeerHandlers = [];
-	_applied = false;
-	static getDefault() {
-		return getDefaultActionRuntime();
-	}
-	constructor(coordinate) {
-		this._coordinate = coordinate.specifyIfUnset({ insId: (0, nanoid.nanoid)(14) });
-		this.timeCreated = Date.now();
-		this.actionRouter = new ActionRouter({
-			contextType: "runtime_to_handler",
-			runtime: this
-		});
-	}
-	get coordinate() {
-		return this._coordinate;
-	}
-	specifyRuntimeCoordinate(specifics) {
-		if (specifics.envId != null && this._coordinate.envId !== specifics.envId) throw err_nice_action.fromId("not_implemented", { label: `updating RuntimeCoordinate with a different "envId" ("${this._coordinate.envId}" → "${specifics.envId}")` });
-		this._coordinate = this._coordinate.specify(specifics);
-		this.apply();
-	}
-	registerRunningAction(ra) {
-		this._pendingRunningActions.set(ra.cuid, ra);
-		ra.addUpdateListeners([(update) => {
-			if (update.type === "finished") this._pendingRunningActions.delete(ra.cuid);
-		}]);
-	}
-	resolveIncomingActionPayload(json) {
-		if (json.type === "request") {
-			this.handleActionPayloadWire(json).catch((err) => {
-				console.error(`[ActionRuntime] Incoming action [${json.domain}:${json.id}:${json.form}:${json.type}] unhandled:`, err);
-			});
-			return;
-		}
-		this._pendingRunningActions.get(json.context.cuid)?._resolveFromJson(json);
-	}
-	async handleActionPayloadWire(wire) {
-		let action;
-		if (isActionPayload_Any_JsonObject(wire)) action = this.actionRouter.domainManager.getActionDomainOrThrow(wire).hydrateAnyAction(wire);
-		if (action == null) throw err_nice_action.fromId("wire_not_action_data");
-		return this.handleActionPayload(action);
-	}
-	async handleActionPayload(action, options) {
-		if (action.type === "request") {
-			const observers = action.context._domain._collectActionObservers();
-			let handlerForAction;
-			try {
-				handlerForAction = this.getHandlerForActionOrThrow(action, options);
-			} catch (err) {
-				const runningAction = new RunningAction({
-					context: action.context,
-					request: action
-				});
-				runningAction.addUpdateListeners(observers);
-				runningAction._completeWithResult(action.errorResult((0, _nice_code_error.castNiceError)(err)));
-				return runningAction;
-			}
-			const runningAction = await handlerForAction.handleActionRequest(action, {
-				...options,
-				targetLocalRuntime: this
-			});
-			runningAction.addUpdateListeners(observers);
-			this._trySetupReturnDispatch(runningAction);
-			return runningAction;
-		}
-		throw err_nice_action.fromId("not_implemented", { label: `Handling incoming action payloads of type "${action.type}"` });
-	}
-	/**
-	* @internal
-	*
-	* Return the first handler registered for the given action, or `undefined`
-	* if none has been registered (action-ID-specific beats domain-wildcard).
-	*/
-	_getHandlerForAction(action, options) {
-		const handlers = this.actionRouter.getRouteDataEntriesForAction(action);
-		const targetPeer = options?.targetPeer;
-		const possibleHandlers = handlers.filter((handler) => {
-			if (handler.handlerType === "peer") {
-				if (targetPeer && !targetPeer.isSameFor(handler.peerClient).id) return false;
-				return true;
-			}
-			if (targetPeer != null) return false;
-			if (action.type === "request") return true;
-			return false;
-		});
-		if (possibleHandlers.length === 0) return;
-		const scoringPeer = targetPeer ?? RuntimeCoordinate.unknown;
-		let handlerScore = -1;
-		let handler;
-		for (const possibleHandler of possibleHandlers) {
-			if (possibleHandler.handlerType === "local") return possibleHandler;
-			if (possibleHandler.handlerType === "peer") {
-				const score = scoringPeer.similarityLevel(possibleHandler.peerClient);
-				if (score > handlerScore) {
-					handlerScore = score;
-					handler = possibleHandler;
-				}
-			}
-		}
-		return handler;
-	}
-	getHandlerForActionOrThrow(action, options) {
-		const handler = this._getHandlerForAction(action, options);
-		if (handler == null) throw err_nice_action.fromId("no_action_execution_handler", {
-			actionId: action.id,
-			domain: action.domain,
-			specifiedClient: options?.targetPeer
-		});
-		return handler;
-	}
-	/**
-	* Register one or more handlers. Each handler's own `actionRouter` defines
-	* which domains/actions it handles — those routing keys are mirrored into
-	* this runtime's router so the same action can be served by multiple handlers.
-	* Duplicate registrations (same handler cuid for the same key) are skipped.
-	*/
-	addHandlers(handlers) {
-		for (const handler of handlers) {
-			if (handler.handlerType === "peer") {
-				handler._setIncomingActionDataListener((json) => this.resolveIncomingActionPayload(json));
-				this._registeredPeerHandlers.push(handler);
-			}
-			const handlerRouter = handler.getActionRouter();
-			this.actionRouter.addDomainsFromOther(handlerRouter);
-			if (this._applied) this.apply();
-			for (const key of handlerRouter.getRegisteredKeys()) if (!this.actionRouter.getForKey(key).some((h) => h.cuid === handler.cuid)) this.actionRouter.addForKey(key, handler);
-		}
-		return this;
-	}
-	/**
-	* Declare an external "backend client" in one call: build an
-	* {@link ConnectorHandler} for `externalCoordinate` carrying the given
-	* `transports`, route the listed `domains`/`actions` to it, register it (plus any
-	* `localHandlers` — e.g. server→client push handlers that share the same channel)
-	* on this runtime, and `apply()`. Returns the external handler so the caller can
-	* later `clearTransportCache()` it.
-	*
-	* Sugar over `new ConnectorHandler(...).forDomain(...)` + `addHandlers([...])`,
-	* so a single runtime can host one handler per backend target with its transports
-	* declared once and reused across every action routed to that backend.
-	*/
-	connectTo(externalCoordinate, options) {
-		const handler = new ConnectorHandler({
-			runtimeCoordinate: externalCoordinate,
-			transports: options.transports,
-			defaultTimeout: options.defaultTimeout
-		});
-		for (const domain of options.domains ?? []) handler.forDomain(domain);
-		for (const action of options.actions ?? []) handler.forAction(action);
-		this.addHandlers([handler, ...options.localHandlers ?? []]);
-		this.apply();
-		return handler;
-	}
-	applyRuntimeForDomain(domain) {
-		const rootDomain = domain.rootDomain;
-		if (!rootDomain._hasRuntime(this)) rootDomain._registerRuntime(this);
+//#region src/ActionDefinition/Domain/ActionDomain.ts
+var ActionDomain = class ActionDomain extends ActionDomainBase {
+	_rootDomain;
+	_actionMap;
+	constructor(definition, { rootDomain }) {
+		super(definition);
+		this._rootDomain = rootDomain;
+		this._actionMap = this.createActionMap();
 	}
-	/**
-	* Register this runtime with all root domains covered by its currently-added handlers,
-	* making it eligible to execute actions dispatched from those domains.
-	* After apply() is called, any subsequent addHandlers() calls also auto-register.
-	*/
-	apply() {
-		this._applied = true;
-		for (const domain of this.actionRouter.getDomains()) this.applyRuntimeForDomain(domain);
-		return this;
-	}
-	/**
-	* Find the best registered external handler that can reach `originClient` directly.
-	* Used to locate the return-path channel for dispatching results back to the action origin.
-	* Returns `undefined` if no handler matches (score > 0 required, i.e. at least id must match).
-	*
-	* A handler that currently holds the origin's *live* connection always wins over a mere coordinate
-	* match — so with several duplex acceptors (e.g. WS + WebRTC) a result/push routes back over the carrier
-	* the client actually connected on, never a same-coordinate sibling that lacks the socket. Only when no
-	* handler owns a live connection do we fall back to the plain best-coordinate-score pick (the
-	* single-acceptor and connector-only cases, unchanged).
-	*/
-	getReturnHandlerForOrigin(originClient) {
-		if (originClient.envId === "_unset_") return void 0;
-		let bestScore = -1;
-		let bestHandler;
-		let bestOwnedScore = -1;
-		let bestOwnedHandler;
-		for (const handler of this._registeredPeerHandlers) {
-			if (!handler.canPush) continue;
-			const score = originClient.similarityLevel(handler.peerClient);
-			if (score > bestScore) {
-				bestScore = score;
-				bestHandler = handler;
-			}
-			if (score > bestOwnedScore && handler.ownsLiveConnectionFor(originClient)) {
-				bestOwnedScore = score;
-				bestOwnedHandler = handler;
-			}
-		}
-		if (bestOwnedHandler != null && bestOwnedScore > 0) return bestOwnedHandler;
-		return bestScore > 0 ? bestHandler : void 0;
-	}
-	resetRuntime() {
-		for (const ra of this._pendingRunningActions.values()) ra._abort(err_nice_action.fromId("runtime_reset"));
-		for (const handler of this._registeredPeerHandlers) handler.clearTransportCache();
-	}
-	_trySetupReturnDispatch(runningAction) {
-		if (runningAction.context.schema.responseMode === "none") return;
-		const originClient = runningAction.context.originClient;
-		if (originClient.envId === "_unset_" || originClient.isSameFor(this._coordinate).id) return;
-		runningAction.addUpdateListeners([(update) => {
-			if (update.type === "finished" && update.finishType === "success") this.getReturnHandlerForOrigin(originClient)?.sendReturnPayload(update.response, { targetLocalRuntime: this }).catch(() => {});
-		}]);
-	}
-};
-const runtimeState = {
-	defaultLocalRuntime: void 0,
-	assumedRuntimeInfo: void 0
-};
-function getDefaultActionRuntime() {
-	if (runtimeState.assumedRuntimeInfo == null) runtimeState.assumedRuntimeInfo = getAssumedRuntimeInfo();
-	if (runtimeState.defaultLocalRuntime == null) runtimeState.defaultLocalRuntime = new ActionRuntime(RuntimeCoordinate.unknown.specify({ perId: `${runtimeState.assumedRuntimeInfo?.runtimeName ?? "unknown"}-runtime` }));
-	return runtimeState.defaultLocalRuntime;
-}
-//#endregion
-//#region src/ActionRuntime/Handler/Local/ActionLocalHandler.ts
-var ActionLocalHandler = class extends ActionHandler {
-	handlerType = "local";
-	actionRouter = new ActionRouter({
-		contextType: "handler_route",
-		handler: this
-	});
-	constructor() {
-		super();
-	}
-	/**
-	* Register a handler for all actions in a domain.
-	* Receives the full primed action — use `matchAction()` to narrow to a specific action id.
-	* Useful for forwarding all domain actions to a remote endpoint.
-	* Lower priority than `forAction`.
-	*/
-	forDomain(domain, handler) {
-		this.actionRouter.forDomain(domain, handler);
-		return this;
-	}
-	/**
-	* Register a handler for a base action instance. Takes priority over domain-wide handlers.
-	* Receives the full primed action with narrowed input type.
-	* Useful for handling specific actions locally while forwarding the rest of the domain. For example, a local "ping" action that checks connectivity without needing a round trip.
-	*/
-	forAction(action, handler) {
-		this.actionRouter.forAction(action, handler);
-		return this;
-	}
-	/**
-	* Register a handler for multiple action IDs (first-match-wins among cases).
-	* Receives the full primed action narrowed to the union of those IDs.
-	* Use `act.coreAction.id` to branch on which action was dispatched.
-	*/
-	forActionIds(domain, ids, handler) {
-		this.actionRouter.forActionIds(domain, ids, handler);
-		return this;
-	}
-	/**
-	* Register per-action handlers for a domain using a single map, without needing
-	* separate `forAction` calls. Unregistered action IDs are unaffected.
-	*
-	* @example
-	* ```ts
-	* handler.forDomainActionCases(userDomain, {
-	*   getUser:    (primed) => db.getUser(primed.input.userId),
-	*   deleteUser: (primed) => db.deleteUser(primed.input.userId),
-	* });
-	* ```
-	*/
-	forDomainActionCases(domain, cases) {
-		this.actionRouter.forDomainActionCases(domain, cases);
-		return this;
-	}
-	async handleActionRequest(action, config) {
-		const targetLocalRuntime = config?.targetLocalRuntime ?? ActionRuntime.getDefault();
-		const handler = this.actionRouter.getRouteDataForActionOrThrow(action, { targetLocalRuntime });
-		action.context.addRouteItem({
-			runtime: targetLocalRuntime.coordinate,
-			handler: this.toHandlerRouteItem(),
-			time: Date.now()
-		});
-		const runningAction = new RunningAction({
-			context: action.context,
-			request: action,
-			parentCuid: peekHandlerCuid(),
-			callSite: action._callSite ?? (/* @__PURE__ */ new Error()).stack
-		});
-		this._handleRunningAction(handler, runningAction).catch((err) => {
-			if (err instanceof _nice_code_error.NiceError) runningAction._completeWithResult(action.errorResult(err));
-			else if ((0, _nice_code_error.isNiceErrorObject)(err)) runningAction._completeWithResult(action.errorResult((0, _nice_code_error.castNiceError)(err)));
-			else runningAction._abort(err);
-		});
-		return runningAction;
-	}
-	async _handleRunningAction(handler, runningAction) {
-		const state = runningAction.state;
-		if (state.result != null) return;
-		await Promise.resolve();
-		pushHandlerCuid(runningAction.cuid);
-		try {
-			const rawResult = await handler(state.request);
-			let result;
-			if (rawResult instanceof ActionPayload_Result) result = rawResult;
-			else if (rawResult != null && isActionPayload_Result_JsonObject(rawResult)) result = this.actionRouter.domainManager.getActionDomainOrThrow(state.request).hydrateResultPayload(rawResult);
-			else result = state.request.successResult(rawResult);
-			runningAction._completeWithResult(result);
-		} finally {
-			popHandlerCuid();
-		}
-	}
-	async handlePayloadWireOrThrow(wire, config) {
-		const hydratedAction = this.actionRouter.domainManager.hydrateActionPayload(wire);
-		if (!(hydratedAction instanceof ActionPayload_Request)) throw err_nice_action.fromId("wire_action_not_payload", {
-			domain: hydratedAction.domain,
-			actionId: hydratedAction.id,
-			actionState: hydratedAction.type ?? hydratedAction.form
-		});
-		return await this.handleActionRequest(hydratedAction, config);
-	}
-	toJsonObject() {
-		return { type: this.handlerType };
-	}
-	toHandlerRouteItem() {
-		return { type: this.handlerType };
-	}
-};
-const createLocalHandler = () => {
-	return new ActionLocalHandler();
-};
-//#endregion
-//#region src/utils/isAction_Context_JsonObject.ts
-const isAction_Context_JsonObject = (obj) => {
-	return isAction_Base_JsonObject(obj) && obj.form === "context";
-};
-//#endregion
-//#region src/utils/isAction_Core_JsonObject.ts
-const isAction_Core_JsonObject = (obj) => {
-	return isAction_Base_JsonObject(obj) && obj.form === "core";
-};
-//#endregion
-//#region src/utils/isAction_Any_JsonObject.ts
-function isAction_Any_JsonObject(obj) {
-	return isActionPayload_Any_JsonObject(obj) || isAction_Context_JsonObject(obj) || isAction_Core_JsonObject(obj);
-}
-//#endregion
-//#region src/utils/assertIsActionJson.ts
-function assertIsActionJson(obj) {
-	if (!isAction_Any_JsonObject(obj)) throw err_nice_action.fromId("wire_not_action_data");
-}
-//#endregion
-//#region src/utils/isAction_Any_Instance.ts
-function isAction_Any_Instance(value) {
-	return value instanceof ActionCore || value instanceof ActionPayload || value instanceof ActionContext;
-}
-//#endregion
-//#region src/ActionDefinition/Domain/ActionDomainBase.ts
-var ActionDomainBase = class {
-	domain;
-	allDomains;
-	actionSchema;
-	_listeners = [];
-	constructor(definition) {
-		this.domain = definition.domain;
-		this.allDomains = definition.allDomains;
-		this.actionSchema = definition.actionSchema;
-	}
-	/**
-	* Add an observer that is called after every action dispatched through this domain.
-	* Returns an unsubscribe function — call it to remove the listener.
-	*/
-	addActionListener(listener) {
-		this._listeners.push(listener);
-		return () => {
-			this._listeners = this._listeners.filter((l) => l !== listener);
-		};
-	}
-	/**
-	* @internal
-	* Observers registered directly on this domain via {@link addActionListener}.
-	* Used to wire observers (e.g. devtools) onto RunningActions that aren't created
-	* through the local-dispatch path — notably inbound actions pushed from a backend
-	* or another client over a bidirectional transport.
-	*/
-	_getActionObservers() {
-		return this._listeners;
-	}
-};
-//#endregion
-//#region src/ActionRuntime/ActionRuntimeManager.ts
-var ActionRuntimeManager = class {
-	_runtimes = /* @__PURE__ */ new Map();
-	_preferredRuntimeClientId = null;
-	_context;
-	constructor(context) {
-		this._context = context ?? {};
-	}
-	registerRuntime(runtime) {
-		const runtimeId = runtime.coordinate.stringId;
-		if (this._runtimes.has(runtimeId)) throw err_nice_action.fromId("client_runtime_already_registered", {
-			context: this._context,
-			client: runtime.coordinate
-		});
-		for (const id of runtime.coordinate.toStringIds()) {
-			if (this._runtimes.has(id)) continue;
-			this._runtimes.set(id, runtime);
-		}
-	}
-	getRuntimeAndHandlerForAction(action, options, throwOnIssue) {
-		const localRuntime = options?.targetLocalRuntime;
-		if (localRuntime != null) {
-			const runtime = throwOnIssue ? this.getBestRuntimeOrThrow(options?.targetLocalRuntime?.coordinate) : this.getBestRuntime(options?.targetLocalRuntime?.coordinate);
-			if (runtime == null) return;
-			const handler = runtime._getHandlerForAction(action, options);
-			if (handler != null) return {
-				handler,
-				runtime
-			};
-			if (throwOnIssue) throw err_nice_action.fromId("no_action_execution_handler", {
-				domain: action.domain,
-				actionId: action.id,
-				specifiedClient: localRuntime.coordinate
-			});
-		}
-		for (const runtime of this._runtimes.values()) {
-			const handler = runtime._getHandlerForAction(action);
-			if (handler) return {
-				handler,
-				runtime
-			};
-		}
-		if (throwOnIssue) throw err_nice_action.fromId("no_action_execution_handler", {
-			domain: action.domain,
-			actionId: action.id,
-			specifiedClient: options?.targetLocalRuntime?.coordinate
-		});
-	}
-	getRuntimeAndHandlerForActionOrThrow(action, options) {
-		return this.getRuntimeAndHandlerForAction(action, options, true);
-	}
-	setPreferredRuntime(runtime) {
-		const runtimeId = runtime.coordinate.stringId;
-		this._preferredRuntimeClientId = runtimeId;
-	}
-	getPreferredRuntime() {
-		if (this._preferredRuntimeClientId) {
-			const runtime = this._runtimes.get(this._preferredRuntimeClientId);
-			if (runtime) return runtime;
-		}
-		return this._runtimes.values().next().value;
-	}
-	getBestRuntimeForSpecifier(clientSpecifier) {
-		const ids = new RuntimeCoordinate(clientSpecifier).toStringIds();
-		for (const id of ids) {
-			const runtime = this._runtimes.get(id);
-			if (runtime) return runtime;
-		}
-	}
-	getBestRuntime(clientSpecifier) {
-		return clientSpecifier != null ? this.getBestRuntimeForSpecifier(clientSpecifier) : this.getPreferredRuntime();
-	}
-	hasRuntime(runtime) {
-		return this._runtimes.has(runtime.coordinate.stringId);
-	}
-	getBestRuntimeOrThrow(specifier) {
-		const runtime = this.getBestRuntime(specifier);
-		if (!runtime) {
-			if (specifier == null) throw err_nice_action.fromId("no_client_runtimes_registered", { context: this._context });
-			throw err_nice_action.fromId("client_runtime_not_registered", {
-				context: this._context,
-				clientStringId: runtimeCoordinateToStringIds(specifier)[0]
-			});
-		}
-		return runtime;
-	}
-};
-//#endregion
-//#region src/ActionDefinition/Domain/ActionRootDomain.ts
-var ActionRootDomain = class extends ActionDomainBase {
-	domainDefinition;
-	_actionRuntimeManager;
-	constructor(domainDefinition) {
-		const domainId = domainDefinition.domain;
-		super({
-			domain: domainId,
-			allDomains: [domainId],
-			actionSchema: {}
-		});
-		this.domainDefinition = domainDefinition;
-		this._actionRuntimeManager = new ActionRuntimeManager({ domain: domainId });
-	}
-	createChildDomain(subDomainDef) {
-		if (this.allDomains.includes(subDomainDef.domain)) throw err_nice_action.fromId("domain_already_exists_in_hierarchy", {
-			domain: subDomainDef.domain,
-			allParentDomains: this.allDomains,
-			parentDomain: this.domain
-		});
-		return new ActionDomain({
-			allDomains: [...this.allDomains, subDomainDef.domain],
-			domain: subDomainDef.domain,
-			actionSchema: subDomainDef.actions
-		}, { rootDomain: this });
-	}
-	_registerRuntime(runtime) {
-		this._actionRuntimeManager.registerRuntime(runtime);
-	}
-	_hasRuntime(runtime) {
-		return this._actionRuntimeManager.hasRuntime(runtime);
-	}
-	getRuntime(clientSpecifier) {
-		return this._actionRuntimeManager.getBestRuntimeForSpecifier(clientSpecifier);
-	}
-	async _runAction(actionPayload, options) {
-		const allListeners = [...this._listeners, ...options?.listeners ?? []];
-		let handlerAndRuntime;
-		try {
-			handlerAndRuntime = this._actionRuntimeManager.getRuntimeAndHandlerForActionOrThrow(actionPayload, options);
-		} catch (err) {
-			const runningAction = new RunningAction({
-				context: actionPayload.context,
-				request: actionPayload,
-				callSite: actionPayload._callSite
-			});
-			runningAction.addUpdateListeners(allListeners);
-			runningAction._failWithError(err);
-			throw err;
-		}
-		const { handler, runtime } = handlerAndRuntime;
-		actionPayload.context._setOriginClient(runtime.coordinate);
-		const runningAction = await handler.handleActionRequest(actionPayload, { targetLocalRuntime: runtime });
-		runningAction.addUpdateListeners(allListeners);
-		return runningAction;
-	}
-};
-//#endregion
-//#region src/ActionDefinition/Domain/ActionDomain.ts
-var ActionDomain = class ActionDomain extends ActionDomainBase {
-	_rootDomain;
-	_actionMap;
-	constructor(definition, { rootDomain }) {
-		super(definition);
-		this._rootDomain = rootDomain;
-		this._actionMap = this.createActionMap();
-	}
-	get rootDomain() {
-		return this._rootDomain;
-	}
-	/**
-	* @internal
-	* All action observers that should see actions on this domain: the root domain's
-	* observers plus this subdomain's own. Mirrors the listener set the local-dispatch
-	* path assembles in `runAction`/`_runAction`, so inbound actions (pushed from a
-	* backend or another client) can be wired up identically and surface in devtools.
-	*/
-	_collectActionObservers() {
-		return [...this._rootDomain._getActionObservers(), ...this._getActionObservers()];
-	}
-	_registerRuntime(runtime) {
-		this._rootDomain._registerRuntime(runtime);
-	}
-	createChildDomain(subDomainDef) {
-		if (this.allDomains.includes(subDomainDef.domain)) throw err_nice_action.fromId("domain_already_exists_in_hierarchy", {
-			domain: subDomainDef.domain,
-			allParentDomains: this.allDomains,
-			parentDomain: this.domain
-		});
-		return new ActionDomain({
-			allDomains: [...this.allDomains, subDomainDef.domain],
-			domain: subDomainDef.domain,
-			actionSchema: subDomainDef.actions
-		}, { rootDomain: this._rootDomain });
-	}
-	get action() {
-		return this._actionMap;
-	}
-	actionsMap() {
-		return this._actionMap;
-	}
-	actionForId(id) {
-		if (!this.actionSchema[id]) throw err_nice_action.fromId("action_id_not_in_domain", {
-			domain: this.domain,
-			actionId: id
-		});
-		return new ActionCore(this, id);
-	}
-	wrapAsPartialLocalHandler(wrappedActionExecutor) {
-		const _handler = new ActionLocalHandler();
-		const executor = wrappedActionExecutor;
-		for (const actionKey in wrappedActionExecutor) {
-			if (!this.actionSchema[actionKey]) continue;
-			_handler.forAction(this.actionForId(actionKey), (request) => executor[request.id](request.input));
-		}
-		return _handler;
-	}
-	wrapAsLocalHandler(wrappedActionExecutor) {
-		const _handler = new ActionLocalHandler();
-		const executor = wrappedActionExecutor;
-		return _handler.forDomain(this, (request) => executor[request.id](request.input));
-	}
-	hydrateContext(id, contextData) {
-		return new ActionContext(this, id, {
-			timeCreated: contextData.timeCreated,
-			cuid: contextData.cuid,
-			routing: contextData.routing.map((item) => {
-				return {
-					runtime: new RuntimeCoordinate(item.runtime),
-					handler: item.handler,
-					time: item.time
-				};
-			}),
-			originClient: contextData.originClient ? new RuntimeCoordinate(contextData.originClient) : RuntimeCoordinate.unknown
-		});
-	}
-	isDomainAction(action) {
-		return isAction_Any_Instance(action) && action.domain === this.domain;
-	}
-	hydrateRequestPayload(serialized) {
-		if (serialized.type !== "request") throw err_nice_action.fromId("hydration_action_state_mismatch", {
-			expected: "request",
-			received: serialized.type
-		});
-		if (serialized.domain !== this.domain) throw err_nice_action.fromId("hydration_domain_mismatch", {
-			expected: this.domain,
-			received: serialized.domain
-		});
-		const id = serialized.id;
-		if (!this.actionSchema[id]) throw err_nice_action.fromId("hydration_action_id_not_found", {
-			domain: this.domain,
-			actionId: serialized.id
-		});
-		const contextAction = this.hydrateContext(id, serialized.context);
-		return new ActionPayload_Request({ context: contextAction }, contextAction.deserializeInput(serialized.input), { time: serialized.time });
-	}
-	hydrateResultPayload(serialized) {
-		if (serialized.type !== "result") throw err_nice_action.fromId("hydration_action_state_mismatch", {
-			expected: "result",
-			received: serialized.type
-		});
-		if (serialized.domain !== this.domain) throw err_nice_action.fromId("hydration_domain_mismatch", {
-			expected: this.domain,
-			received: serialized.domain
-		});
-		const id = serialized.id;
-		if (!this.actionSchema[id]) throw err_nice_action.fromId("hydration_action_id_not_found", {
-			domain: this.domain,
-			actionId: serialized.id
-		});
-		const contextAction = this.hydrateContext(id, serialized.context);
-		const result = serialized.result.ok ? {
-			ok: true,
-			output: contextAction.schema.deserializeOutput(serialized.result.output)
-		} : serialized.result;
-		return new ActionPayload_Result({ context: contextAction }, result, { time: serialized.time });
-	}
-	hydrateAnyAction(actionJson) {
-		assertIsActionJson(actionJson);
-		if (actionJson.form === "data") {
-			if (actionJson.type === "request") return this.hydrateRequestPayload(actionJson);
-			if (actionJson.type === "result") return this.hydrateResultPayload(actionJson);
-		}
-		return this.actionForId(actionJson.id);
-	}
-	async runAction(request, options) {
-		const allListeners = [...options?.listeners ?? [], ...this._listeners];
-		return this._rootDomain._runAction(request, {
-			...options,
-			listeners: allListeners
-		});
-	}
-	createActionMap() {
-		const map = {};
-		for (const id in this.actionSchema) map[id] = new ActionCore(this, id);
-		return map;
-	}
-};
-//#endregion
-//#region src/ActionDefinition/Domain/helpers/createRootActionDomain.ts
-const createActionRootDomain = (definition) => {
-	return new ActionRootDomain(definition);
-};
-//#endregion
-//#region src/ActionRuntime/Transport/crypto/actionHandshake.ts
-/**
-* Authenticated handshake for the WebSocket channel. Run once per connection, before any action
-* frames flow, it:
-* - exchanges each side's {@link RuntimeCoordinate} + public keys,
-* - checks both ends share the same wire dictionary version (closes the positional-dictionary footgun),
-* - has the client prove control of its verify (Ed25519) key by signing a fresh challenge that binds
-*   both nonces, both identities, the dictionary version, the level, and every exchanged public key,
-* - establishes a `ClientCryptoKeyLink` link on both sides (so the server can verify the signature and,
-*   for the `encrypted` level, both can derive a shared AES-GCM key with the verify keys folded in).
-*
-* This module is transport-agnostic: it produces/consumes message objects. The transport + server
-* handler drive the I/O and the connection phase (Step 4). Keep `none`-level connections from ever
-* reaching here — they skip the handshake entirely.
-*/
-const HANDSHAKE_PROTOCOL = "nice-ws-hs/1";
-/** How much the channel protects after the handshake — chosen by the consumer (perf vs security). */
-let ESecurityLevel = /* @__PURE__ */ function(ESecurityLevel) {
-	/** No handshake; identity is self-asserted (fastest, dev / trusted networks). */
-	ESecurityLevel["none"] = "none";
-	/** Handshake authenticates identity (sign/verify + key pin); frames stay plaintext over TLS. */
-	ESecurityLevel["authenticated"] = "authenticated";
-	/** Authenticated handshake + every frame AES-GCM encrypted with the derived shared key. */
-	ESecurityLevel["encrypted"] = "encrypted";
-	return ESecurityLevel;
-}({});
-let EHandshakeMessageType = /* @__PURE__ */ function(EHandshakeMessageType) {
-	EHandshakeMessageType["hello"] = "hello";
-	EHandshakeMessageType["welcome"] = "welcome";
-	EHandshakeMessageType["prove"] = "prove";
-	EHandshakeMessageType["accept"] = "accept";
-	EHandshakeMessageType["reject"] = "reject";
-	return EHandshakeMessageType;
-}({});
-const vEd25519Raw = valibot.custom((val) => typeof val === "string" && val.startsWith("ed25519::raw_base64::"));
-const vX25519Raw = valibot.custom((val) => typeof val === "string" && val.startsWith("x25519::raw_base64::"));
-const vCoordinate = valibot.object({
-	envId: valibot.string(),
-	perId: valibot.optional(valibot.string()),
-	insId: valibot.optional(valibot.string())
-});
-const vSecurityLevel = valibot.picklist([
-	"none",
-	"authenticated",
-	"encrypted"
-]);
-const vHsHello = valibot.object({
-	t: valibot.literal("hello"),
-	protocol: valibot.string(),
-	securityLevel: vSecurityLevel,
-	dictionaryVersion: valibot.string(),
-	client: vCoordinate,
-	clientNonce: valibot.string(),
-	verifyPublicKey: vEd25519Raw,
-	exchangePublicKey: valibot.optional(vX25519Raw)
-});
-const vHsWelcome = valibot.object({
-	t: valibot.literal("welcome"),
-	securityLevel: vSecurityLevel,
-	dictionaryVersion: valibot.string(),
-	server: vCoordinate,
-	serverNonce: valibot.string(),
-	verifyPublicKey: vEd25519Raw,
-	exchangePublicKey: valibot.optional(vX25519Raw)
-});
-const vHsProve = valibot.object({
-	t: valibot.literal("prove"),
-	signatureBase64: valibot.string()
-});
-const vHsAccept = valibot.object({
-	t: valibot.literal("accept"),
-	signatureBase64: valibot.optional(valibot.string())
-});
-const vHsReject = valibot.object({
-	t: valibot.literal("reject"),
-	reason: valibot.string()
-});
-const vHandshakeMessage = valibot.variant("t", [
-	vHsHello,
-	vHsWelcome,
-	vHsProve,
-	vHsAccept,
-	vHsReject
-]);
-/** Serialize a handshake message for the wire (handshake frames are JSON — they aren't the hot path). */
-function encodeHandshakeMessage(message) {
-	return JSON.stringify(message);
-}
-/** Parse + structurally validate an incoming handshake frame; `undefined` if it isn't one. */
-function decodeHandshakeMessage(raw) {
-	let parsed;
-	try {
-		parsed = JSON.parse(raw);
-	} catch {
-		return;
-	}
-	const result = valibot.safeParse(vHandshakeMessage, parsed);
-	return result.success ? result.output : void 0;
-}
-/** Stable link id for a runtime coordinate — the key both the crypto link and the connection use. */
-function runtimeLinkId(coordinate) {
-	return `runtime::${new RuntimeCoordinate(coordinate).stringId}`;
-}
-function coordId(coordinate) {
-	return new RuntimeCoordinate(coordinate).stringId;
-}
-function sessionSalt(clientNonce, serverNonce) {
-	return `${clientNonce}::${serverNonce}`;
-}
-function handshakeInfo(dictionaryVersion) {
-	return `${HANDSHAKE_PROTOCOL}::${dictionaryVersion}`;
-}
-/**
-* The exact string both sides sign/verify. JSON-encoded ordered array so field boundaries are
-* unambiguous; binds identities, nonces (freshness), version, level, and all exchanged public keys
-* (authenticating the keys via the signature, complementing `bindVerifyKeysIntoDerivation`).
-*/
-function buildHandshakeChallenge(parts) {
-	return JSON.stringify([
-		HANDSHAKE_PROTOCOL,
-		parts.securityLevel,
-		parts.dictionaryVersion,
-		parts.clientCoordId,
-		parts.serverCoordId,
-		parts.clientNonce,
-		parts.serverNonce,
-		parts.clientVerifyKey,
-		parts.serverVerifyKey,
-		parts.clientExchangeKey ?? "_",
-		parts.serverExchangeKey ?? "_"
-	]);
-}
-function reject(reason) {
-	return {
-		t: "reject",
-		reason
-	};
-}
-function tofuPinKey(client) {
-	return `${client.envId}::${client.perId ?? client.insId ?? "_"}`;
-}
-/**
-* In-memory trust-on-first-use resolver: trusts (and pins) the first verify key seen for a client
-* identity, then rejects a different key for that identity. The default; replace with a storage-backed
-* resolver for cross-restart pinning (see Step 5).
-*/
-function createInMemoryTofuVerifyKeyResolver() {
-	const pinned = /* @__PURE__ */ new Map();
-	return { async resolve({ client, verifyPublicKey }) {
-		const key = tofuPinKey(client);
-		const existing = pinned.get(key);
-		if (existing == null) {
-			pinned.set(key, verifyPublicKey);
-			return { trusted: true };
-		}
-		if (existing === verifyPublicKey) return { trusted: true };
-		return {
-			trusted: false,
-			reason: "verify key changed for client identity (pin mismatch)"
-		};
-	} };
-}
-/**
-* Storage-backed trust-on-first-use resolver: pins survive process restarts / Durable Object eviction
-* (e.g. back it with `createDurableObjectStorageAdapter`). Same policy as the in-memory variant — trust
-* + pin the first verify key per client identity, reject a different one thereafter.
-*/
-function createStorageTofuVerifyKeyResolver(storageAdapter) {
-	const storage = (0, _nice_code_util.createTypedStorage)({ storageAdapter });
-	return { async resolve({ client, verifyPublicKey }) {
-		const key = tofuPinKey(client);
-		const existing = (await storage.getJson("pins"))?.[key];
-		if (existing == null) {
-			await storage.updateJsonWithDef("pins", {}, (current) => ({
-				...current,
-				[key]: verifyPublicKey
-			}));
-			return { trusted: true };
-		}
-		if (existing === verifyPublicKey) return { trusted: true };
-		return {
-			trusted: false,
-			reason: "verify key changed for client identity (pin mismatch)"
-		};
-	} };
-}
-function createClientHandshake(config) {
-	const { link, localCoordinate, dictionaryVersion, securityLevel } = config;
-	const wantsEncryption = securityLevel === "encrypted";
-	const clientNonce = (0, nanoid.nanoid)();
-	let pending;
-	return {
-		async createHello() {
-			return {
-				t: "hello",
-				protocol: HANDSHAKE_PROTOCOL,
-				securityLevel,
-				dictionaryVersion,
-				client: localCoordinate,
-				clientNonce,
-				verifyPublicKey: await link.getLocalVerifyPublicKey(),
-				exchangePublicKey: wantsEncryption ? await link.getLocalExchangePublicKey() : void 0
-			};
-		},
-		async onWelcome(welcome) {
-			if (welcome.dictionaryVersion !== dictionaryVersion) throw new Error("[ws-handshake] server dictionary version mismatch");
-			if (welcome.securityLevel !== securityLevel) throw new Error("[ws-handshake] server security level mismatch");
-			if (wantsEncryption && welcome.exchangePublicKey == null) throw new Error("[ws-handshake] server did not provide an exchange key for encryption");
-			const linkedServerId = runtimeLinkId(welcome.server);
-			await link.linkClient({
-				linkedClientId: linkedServerId,
-				verifyPublicKey: welcome.verifyPublicKey,
-				...wantsEncryption ? {
-					exchangePublicKey: welcome.exchangePublicKey,
-					saltString: sessionSalt(clientNonce, welcome.serverNonce),
-					infoString: handshakeInfo(dictionaryVersion),
-					bindVerifyKeysIntoDerivation: true
-				} : {}
-			});
-			const challenge = buildHandshakeChallenge({
-				securityLevel,
-				dictionaryVersion,
-				clientCoordId: coordId(localCoordinate),
-				serverCoordId: coordId(welcome.server),
-				clientNonce,
-				serverNonce: welcome.serverNonce,
-				clientVerifyKey: await link.getLocalVerifyPublicKey(),
-				serverVerifyKey: welcome.verifyPublicKey,
-				clientExchangeKey: wantsEncryption ? await link.getLocalExchangePublicKey() : void 0,
-				serverExchangeKey: welcome.exchangePublicKey
-			});
-			pending = {
-				linkedServerId,
-				server: welcome.server,
-				challenge
-			};
-			return {
-				t: "prove",
-				signatureBase64: (await link.signChallenge([challenge])).signatureBase64
-			};
-		},
-		async onAccept(accept) {
-			if (pending == null) throw new Error("[ws-handshake] accept before welcome");
-			if (accept.signatureBase64 != null) {
-				if (!await link.verifyChallengeFromLinkedClient({
-					linkedClientId: pending.linkedServerId,
-					challenge: pending.challenge,
-					signatureBase64: accept.signatureBase64
-				})) throw new Error("[ws-handshake] server signature invalid");
-			}
-			return {
-				linkedClientId: pending.linkedServerId,
-				remote: pending.server,
-				securityLevel
-			};
-		}
-	};
-}
-function createServerHandshake(config) {
-	const { link, localCoordinate, dictionaryVersion } = config;
-	const allowedLevels = Array.isArray(config.securityLevel) ? config.securityLevel : [config.securityLevel];
-	const verifyKeyResolver = config.verifyKeyResolver ?? createInMemoryTofuVerifyKeyResolver();
-	const serverNonce = (0, nanoid.nanoid)();
-	let pending;
-	let result;
-	return {
-		async onHello(hello) {
-			if (hello.protocol !== HANDSHAKE_PROTOCOL) return reject("unsupported handshake protocol");
-			if (hello.dictionaryVersion !== dictionaryVersion) return reject("dictionary version mismatch");
-			const negotiatedLevel = hello.securityLevel;
-			if (negotiatedLevel === "none" || !allowedLevels.includes(negotiatedLevel)) return reject("security level not allowed");
-			const wantsEncryption = negotiatedLevel === "encrypted";
-			if (wantsEncryption && hello.exchangePublicKey == null) return reject("missing exchange key for encryption");
-			const linkedClientId = runtimeLinkId(hello.client);
-			await link.linkClient({
-				linkedClientId,
-				verifyPublicKey: hello.verifyPublicKey,
-				...wantsEncryption ? {
-					exchangePublicKey: hello.exchangePublicKey,
-					saltString: sessionSalt(hello.clientNonce, serverNonce),
-					infoString: handshakeInfo(dictionaryVersion),
-					bindVerifyKeysIntoDerivation: true
-				} : {}
-			});
-			const serverVerifyKey = await link.getLocalVerifyPublicKey();
-			const serverExchangeKey = wantsEncryption ? await link.getLocalExchangePublicKey() : void 0;
-			const keyMaterial = wantsEncryption && hello.exchangePublicKey != null ? {
-				verifyPublicKey: hello.verifyPublicKey,
-				exchangePublicKey: hello.exchangePublicKey,
-				saltString: sessionSalt(hello.clientNonce, serverNonce),
-				infoString: handshakeInfo(dictionaryVersion),
-				bindVerifyKeysIntoDerivation: true
-			} : void 0;
-			pending = {
-				client: hello.client,
-				linkedClientId,
-				clientVerifyKey: hello.verifyPublicKey,
-				negotiatedLevel,
-				keyMaterial,
-				challenge: buildHandshakeChallenge({
-					securityLevel: negotiatedLevel,
-					dictionaryVersion,
-					clientCoordId: coordId(hello.client),
-					serverCoordId: coordId(localCoordinate),
-					clientNonce: hello.clientNonce,
-					serverNonce,
-					clientVerifyKey: hello.verifyPublicKey,
-					serverVerifyKey,
-					clientExchangeKey: hello.exchangePublicKey,
-					serverExchangeKey
-				})
-			};
-			return {
-				t: "welcome",
-				securityLevel: negotiatedLevel,
-				dictionaryVersion,
-				server: localCoordinate,
-				serverNonce,
-				verifyPublicKey: serverVerifyKey,
-				exchangePublicKey: serverExchangeKey
-			};
-		},
-		async onProve(prove) {
-			if (pending == null) return reject("prove before hello");
-			if (!await link.verifyChallengeFromLinkedClient({
-				linkedClientId: pending.linkedClientId,
-				challenge: pending.challenge,
-				signatureBase64: prove.signatureBase64
-			})) return reject("invalid client signature");
-			const trust = await verifyKeyResolver.resolve({
-				client: pending.client,
-				verifyPublicKey: pending.clientVerifyKey
-			});
-			if (!trust.trusted) return reject(trust.reason ?? "client verify key not trusted");
-			result = {
-				linkedClientId: pending.linkedClientId,
-				remote: pending.client,
-				securityLevel: pending.negotiatedLevel,
-				encryptionKeyMaterial: pending.keyMaterial
-			};
-			return {
-				t: "accept",
-				signatureBase64: (await link.signChallenge([pending.challenge])).signatureBase64
-			};
-		},
-		/** The completed handshake result once `onProve` has accepted, else `undefined`. */
-		getResult() {
-			return result;
-		}
-	};
-}
-//#endregion
-//#region src/utils/decodeActionFrame.ts
-/**
-* Decode a single inbound channel frame (text or binary) into validated action wire JSON, or
-* `undefined` if it isn't a recognisable action payload.
-*
-* Shared by the WebSocket transport's message listener and the server-side `AcceptorHandler` so
-* both decode identically: a binary `decoder.incoming` (e.g. msgpackr) takes precedence, and plain
-* text frames fall back to JSON — keeping binary and JSON clients interoperable on one channel.
-*/
-function decodeActionFrame(frame, decoder) {
-	const decoded = decoder?.incoming?.(frame) ?? (typeof frame === "string" ? parseJsonActionFrame(frame) : void 0);
-	return decoded != null && isActionPayload_Any_JsonObject(decoded) ? decoded : void 0;
-}
-function parseJsonActionFrame(message) {
-	try {
-		const json = JSON.parse(message);
-		return isActionPayload_Any_JsonObject(json) ? json : void 0;
-	} catch {
-		return;
-	}
-}
-//#endregion
-//#region src/ActionRuntime/Transport/crypto/actionFrameCrypto.ts
-const ENCRYPTED_ENVELOPE_LENGTH = 2;
-/**
-* Build the encrypt/decrypt transform for a connection whose handshake settled on the `encrypted`
-* level. Keyed by the link + `linkedClientId`, so it reuses the cached shared AES-GCM key.
-*/
-function createActionFrameCrypto({ link, linkedClientId }) {
-	return {
-		async encryptFrame(frame) {
-			const { nonce, ciphertext } = await link.encryptBytesForLinkedClient({
-				linkedClientId,
-				dataToEncrypt: frame
-			});
-			return (0, msgpackr.pack)([nonce, ciphertext]);
-		},
-		async decryptFrame(frame) {
-			if (typeof frame === "string") throw new Error("[ws-crypto] expected an encrypted binary frame, received text");
-			const envelope = (0, msgpackr.unpack)(frame instanceof ArrayBuffer ? new Uint8Array(frame) : frame);
-			if (!Array.isArray(envelope) || envelope.length !== ENCRYPTED_ENVELOPE_LENGTH) throw new Error("[ws-crypto] malformed encrypted frame envelope");
-			const [nonce, ciphertext] = envelope;
-			if (!(nonce instanceof Uint8Array) || !(ciphertext instanceof Uint8Array)) throw new Error("[ws-crypto] malformed encrypted frame fields");
-			return await link.decryptBytesFromLinkedClient({
-				linkedClientId,
-				dataToDecrypt: {
-					nonce,
-					ciphertext
-				}
-			});
-		}
-	};
-}
-//#endregion
-//#region src/ActionRuntime/Transport/crypto/frameBytes.ts
-/** Normalize any frame form to bytes (for the AES-GCM layer, which works on `Uint8Array`). */
-function toFrameBytes(frame) {
-	if (typeof frame === "string") return new TextEncoder().encode(frame);
-	if (frame instanceof ArrayBuffer) return new Uint8Array(frame);
-	return frame;
-}
-//#endregion
-//#region src/ActionRuntime/Transport/SecureSession/frameCryptoPipe.ts
-function createFrameCryptoPipe(config) {
-	const { write, isOpen, crypto, label = "link" } = config;
-	let sendChain = Promise.resolve();
-	const send = (frame) => {
-		if (isOpen != null && !isOpen()) return;
-		if (crypto == null) {
-			write(frame);
-			return;
-		}
-		const bytes = toFrameBytes(frame);
-		sendChain = sendChain.then(() => crypto).then((c) => c.encryptFrame(bytes)).then((encrypted) => {
-			if (isOpen == null || isOpen()) write(encrypted);
-		}).catch((err) => console.error(`[${label}] failed to encrypt/send frame`, err));
-	};
-	const decryptIncoming = async (frame) => {
-		if (crypto == null) return frame;
-		try {
-			return await (await crypto).decryptFrame(frame);
-		} catch (err) {
-			console.error(`[${label}] failed to decrypt incoming frame`, err);
-			return;
-		}
-	};
-	return {
-		send,
-		decryptIncoming
-	};
-}
-//#endregion
-//#region src/ActionRuntime/Transport/SecureSession/acceptorSecureSession.ts
-/**
-* The acceptor (accept-in) counterpart to the connector's `establishLinkSession`: one connection's
-* secure session — the server-side handshake driving, the ordered frame crypto, and the per-connection
-* phase (undecided → plain | authenticated). The crypto itself (ordered encrypt-send / decrypt) lives in
-* the shared {@link createFrameCryptoPipe}, the same primitive the connector uses — so the secure logic
-* lives once for both link roles.
-*
-* The handler owns one of these per accepted connection and feeds it inbound frames via {@link receive};
-* identity binding, persistence, codec, and return routing stay in the handler (driven through the
-* config callbacks). Inbound processing is serialized per connection because the handshake and decryption
-* are async — this keeps handshake ordering and frame order intact.
-*/
-var AcceptorSecureSession = class {
-	config;
-	_handshake;
-	/** The ordered encrypt-send / decrypt pipe — present only for an `encrypted` connection. */
-	_pipe;
-	_authed = false;
-	_plain = false;
-	/** Serializes inbound processing (handshake + decryption are async). */
-	_inboundChain = Promise.resolve();
-	constructor(config) {
-		this.config = config;
-	}
-	/** Feed one inbound frame. Serialized per connection; routes back through the config callbacks. */
-	receive(frame) {
-		this._inboundChain = this._inboundChain.then(() => this._receive(frame)).catch((err) => console.error("[ws-server] failed to process inbound frame", err));
-	}
-	async _receive(frame) {
-		if (this._plain) {
-			this.config.routePlain(frame);
-			return;
-		}
-		if (!this._authed) {
-			const message = typeof frame === "string" ? decodeHandshakeMessage(frame) : void 0;
-			if (message == null) {
-				if (this.config.noneAllowed) {
-					this._plain = true;
-					this.config.routePlain(frame);
-				}
-				return;
-			}
-			await this.config.link.initialize();
-			if (this._handshake == null) this._handshake = createServerHandshake({
-				link: this.config.link,
-				localCoordinate: this.config.localCoordinate,
-				dictionaryVersion: this.config.dictionaryVersion,
-				securityLevel: this.config.securityLevel,
-				verifyKeyResolver: this.config.verifyKeyResolver
-			});
-			if (message.t === "hello") this.config.send(encodeHandshakeMessage(await this._handshake.onHello(message)));
-			else if (message.t === "prove") {
-				const reply = await this._handshake.onProve(message);
-				this.config.send(encodeHandshakeMessage(reply));
-				const result = this._handshake.getResult();
-				if (reply.t === "accept" && result != null) this._complete(result);
-			}
-			return;
-		}
-		const bytes = this._pipe != null ? await this._pipe.decryptIncoming(frame) : frame;
-		if (bytes === void 0) return;
-		this.config.routeAction(bytes);
-	}
-	_complete(result) {
-		this._authed = true;
-		this._handshake = void 0;
-		if (result.securityLevel === "encrypted") this._pipe = this._buildPipe(createActionFrameCrypto({
-			link: this.config.link,
-			linkedClientId: result.linkedClientId
-		}));
-		this.config.onAuthenticated({
-			client: new RuntimeCoordinate(result.remote),
-			securityLevel: result.securityLevel,
-			linkedClientId: result.linkedClientId,
-			keyMaterial: result.encryptionKeyMaterial
-		});
-	}
-	/**
-	* Restore an already-authenticated session after eviction — no handshake. For an `encrypted`
-	* connection the shared key is re-derived asynchronously (the acceptor re-links the client off its own
-	* persisted identity); the pipe's crypto IS that promise, so the connection's first in/out frame
-	* naturally waits for the key before encrypt/decrypt — no separate gate.
-	*/
-	rehydrate(state) {
-		this._authed = true;
-		if (state.securityLevel !== "encrypted" || state.keyMaterial == null) return;
-		const { link } = this.config;
-		const { linkedClientId, keyMaterial } = state;
-		const cryptoReady = link.initialize().then(() => link.linkClient({
-			linkedClientId,
-			verifyPublicKey: keyMaterial.verifyPublicKey,
-			exchangePublicKey: keyMaterial.exchangePublicKey,
-			saltString: keyMaterial.saltString,
-			infoString: keyMaterial.infoString,
-			bindVerifyKeysIntoDerivation: keyMaterial.bindVerifyKeysIntoDerivation
-		})).then(() => createActionFrameCrypto({
-			link,
-			linkedClientId
-		}));
-		cryptoReady.catch((err) => console.error("[ws-server] failed to restore encrypted session", err));
-		this._pipe = this._buildPipe(cryptoReady);
-	}
-	/** Send an outbound frame: through the encrypt pipe when encrypted, otherwise raw. */
-	send(frame) {
-		if (this._pipe != null) {
-			this._pipe.send(frame);
-			return;
-		}
-		this.config.send(frame);
-	}
-	_buildPipe(crypto) {
-		return createFrameCryptoPipe({
-			write: this.config.send,
-			crypto,
-			label: "ws-server"
-		});
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Acceptor/AcceptorHandler.ts
-/**
-* Server-side handler for backends that accept many client connections over a single open channel
-* (WebSockets, Durable Objects, …). It is transport-agnostic: you feed it inbound frames with
-* {@link receive} and tell it how to write outbound frames via the `send` option.
-*
-* Add it alongside your local execution handler:
-* ```ts
-* const serverHandler = createAcceptorHandler({ clientEnv, formatMessage, send: (ws, f) => ws.send(f) });
-* runtime.addHandlers([localHandler, serverHandler]);
-* // per inbound message (e.g. a Durable Object's webSocketMessage):
-* serverHandler.receive(ws, message);
-* ```
-*
-* Inbound requests route to your local handler; the runtime's return dispatch then calls this
-* handler back (it is an external handler keyed to `clientEnv`) to send the result to the originating
-* connection. The handler keeps a per-connection identity registry so each result lands on the right
-* socket, and remembers each connection's encoding so binary and JSON clients can share the channel.
-*
-* It registers an empty action router, so it is never chosen to *execute* an inbound request — only
-* to ferry results/pushes back out.
-*/
-var AcceptorHandler = class extends PeerLinkHandler {
-	/** Accept-in over a live (duplex) connection registry — it pushes results/broadcasts to bound sockets. */
-	canPush = true;
-	_formatMessage;
-	_createFormatMessage;
-	_send;
-	_runtime;
-	_serverTimeout;
-	_onConnectionBound;
-	_security;
-	/** Normalized accepted levels; whether `none` (plain) is allowed; whether any level needs a handshake. */
-	_allowedLevels;
-	_noneAllowed;
-	_handshakeMode;
-	_connByClient = /* @__PURE__ */ new Map();
-	_clientByConn = /* @__PURE__ */ new Map();
-	_connEncoding = /* @__PURE__ */ new Map();
-	_codecByConn = /* @__PURE__ */ new Map();
-	_sessionByConn = /* @__PURE__ */ new Map();
-	constructor(options) {
-		super(options.clientEnv);
-		this._formatMessage = options.formatMessage;
-		this._createFormatMessage = options.createFormatMessage;
-		this._send = options.send;
-		this._runtime = options.runtime;
-		this._serverTimeout = options.defaultTimeout ?? 1e4;
-		this._onConnectionBound = options.onConnectionBound;
-		this._security = options.security;
-		this._allowedLevels = options.security == null ? [] : Array.isArray(options.security.securityLevel) ? options.security.securityLevel : [options.security.securityLevel];
-		this._noneAllowed = this._allowedLevels.includes("none");
-		this._handshakeMode = this._allowedLevels.some((level) => level !== "none");
-	}
-	/**
-	* The codec for a connection: a per-connection session (cached) when a factory was provided, else
-	* the single shared `formatMessage`.
-	*/
-	_codecFor(connection) {
-		if (this._createFormatMessage != null) {
-			let codec = this._codecByConn.get(connection);
-			if (codec == null) {
-				codec = this._createFormatMessage();
-				this._codecByConn.set(connection, codec);
-			}
-			return codec;
-		}
-		if (this._formatMessage != null) return this._formatMessage;
-		throw err_nice_transport.fromId("not_found", { actionId: "server-handler-codec (provide formatMessage or createFormatMessage)" });
-	}
-	/**
-	* Register (or replace) the connection-bound persistence callback after construction. Used by
-	* lifecycle helpers like {@link createHibernatableWsServerAdapter} so persistence and replay are
-	* owned by one place instead of being split across the constructor options.
-	*/
-	setOnConnectionBound(onConnectionBound) {
-		this._onConnectionBound = onConnectionBound;
-	}
-	/**
-	* Feed one inbound frame from a connection into the runtime. Decodes text or binary, binds the
-	* connection to the requesting client's identity, then routes it (requests execute locally;
-	* results/progress resolve pending server-initiated actions).
-	*/
-	receive(connection, frame) {
-		const security = this._security;
-		if (security == null || !this._handshakeMode) {
-			this._receivePlain(connection, frame);
-			return;
-		}
-		this._sessionFor(connection, security).receive(frame);
-	}
-	_receivePlain(connection, frame) {
-		const wire = decodeActionFrame(frame, this._codecFor(connection));
-		if (wire == null) return;
-		const encoding = typeof frame === "string" ? "json" : "binary";
-		this._connEncoding.set(connection, encoding);
-		if (wire.type === "request") this._resolveRequestIdentity(connection, wire, encoding);
-		this._emitIncoming(wire);
-	}
-	/**
-	* The secure session for a connection (built lazily on its first secure-mode frame), with the
-	* handler-owned effects — raw send, identity binding + persistence, and inbound routing — wired in as
-	* callbacks. The session owns all crypto/handshake/chain state; the handler keeps only the registry.
-	*/
-	_sessionFor(connection, security) {
-		let session = this._sessionByConn.get(connection);
-		if (session == null) {
-			session = new AcceptorSecureSession({
-				link: security.link,
-				localCoordinate: security.localCoordinate,
-				dictionaryVersion: security.dictionaryVersion,
-				securityLevel: security.securityLevel,
-				verifyKeyResolver: security.verifyKeyResolver,
-				noneAllowed: this._noneAllowed,
-				send: (frame) => this._send(connection, frame),
-				onAuthenticated: (auth) => this._onConnectionAuthenticated(connection, auth),
-				routePlain: (frame) => this._receivePlain(connection, frame),
-				routeAction: (bytes) => this._routeAuthedActionBytes(connection, bytes)
-			});
-			this._sessionByConn.set(connection, session);
-		}
-		return session;
-	}
-	/** Bind + persist a connection's authenticated identity once its handshake completes. */
-	_onConnectionAuthenticated(connection, auth) {
-		this._bindConnection(connection, auth.client);
-		this._connEncoding.set(connection, "binary");
-		this._onConnectionBound?.(connection, {
-			client: auth.client.toJsonObject(),
-			encoding: "binary",
-			secure: {
-				securityLevel: auth.securityLevel,
-				linkedClientId: auth.linkedClientId,
-				keyMaterial: auth.keyMaterial
-			}
-		});
-	}
-	/** Decode a decrypted authenticated frame, inject the *authenticated* identity, and route it. */
-	_routeAuthedActionBytes(connection, bytes) {
-		const wire = decodeActionFrame(bytes, this._codecFor(connection));
-		if (wire == null) return;
-		if (wire.type === "request") {
-			const bound = this._clientByConn.get(connection);
-			if (bound != null) wire.context.originClient = bound.toJsonObject();
-		}
-		this._emitIncoming(wire);
-	}
-	/**
-	* Ensure an inbound request carries the client's identity and that this connection is bound to it,
-	* so its result can be routed back. A session codec omits `originClient` after the first request, so
-	* when it's missing we restore it from the (possibly rehydrated) binding instead. (Plain mode only;
-	* secure mode binds the authenticated coordinate at handshake time.)
-	*/
-	_resolveRequestIdentity(connection, wire, encoding) {
-		const wireOrigin = wire.context.originClient;
-		if (wireOrigin != null && wireOrigin.envId !== "_unset_") {
-			const clientCoord = new RuntimeCoordinate(wireOrigin);
-			const isNewBinding = this._clientByConn.get(connection)?.stringId !== clientCoord.stringId;
-			this._bindConnection(connection, clientCoord);
-			if (isNewBinding) this._onConnectionBound?.(connection, {
-				client: clientCoord.toJsonObject(),
-				encoding
-			});
-			return;
-		}
-		const bound = this._clientByConn.get(connection);
-		if (bound != null) wire.context.originClient = bound.toJsonObject();
+	get rootDomain() {
+		return this._rootDomain;
 	}
 	/**
-	* Restore a connection→client binding without an inbound frame — for transports that resume after
-	* eviction. Pair it with the {@link IAcceptorHandlerOptions.onConnectionBound} hook: persist
-	* the binding there, then replay each live connection here when the channel comes back (e.g. a
-	* Durable Object iterating `ctx.getWebSockets()` as it wakes from hibernation).
+	* @internal
+	* All action observers that should see actions on this domain: the root domain's
+	* observers plus this subdomain's own. Mirrors the listener set the local-dispatch
+	* path assembles in `runAction`/`_runAction`, so inbound actions (pushed from a
+	* backend or another client) can be wired up identically and surface in devtools.
 	*/
-	rehydrateConnection(connection, binding) {
-		this._bindConnection(connection, new RuntimeCoordinate(binding.client));
-		this._connEncoding.set(connection, binding.encoding);
-		const secure = binding.secure;
-		const security = this._security;
-		if (secure == null || security == null) return;
-		this._sessionFor(connection, security).rehydrate(secure);
-	}
-	toJsonObject() {
-		return {
-			type: this.handlerType,
-			client: this.peerClient
-		};
-	}
-	toHandlerRouteItem() {
-		return {
-			type: this.handlerType,
-			client: this.peerClient,
-			transShape: "duplex",
-			transOrd: 0
-		};
-	}
-	/** Forget a connection (call on socket close) so stale entries don't misroute later results. */
-	dropConnection(connection) {
-		const coord = this._clientByConn.get(connection);
-		if (coord != null && this._connByClient.get(coord.stringId) === connection) this._connByClient.delete(coord.stringId);
-		this._clientByConn.delete(connection);
-		this._connEncoding.delete(connection);
-		this._codecByConn.delete(connection);
-		this._sessionByConn.delete(connection);
+	_collectActionObservers() {
+		return [...this._rootDomain._getActionObservers(), ...this._getActionObservers()];
 	}
-	/** Live connection for a client coordinate, if currently registered. */
-	getConnectionForClient(client) {
-		return this._connByClient.get(client.stringId);
+	_registerRuntime(runtime) {
+		this._rootDomain._registerRuntime(runtime);
 	}
-	/** This acceptor owns the origin's return path when it currently holds a live connection bound to it. */
-	ownsLiveConnectionFor(origin) {
-		return this._connByClient.has(origin.stringId);
+	createChildDomain(subDomainDef) {
+		if (this.allDomains.includes(subDomainDef.domain)) throw require_httpAcceptorCarrier.err_nice_action.fromId("domain_already_exists_in_hierarchy", {
+			domain: subDomainDef.domain,
+			allParentDomains: this.allDomains,
+			parentDomain: this.domain
+		});
+		return new ActionDomain({
+			allDomains: [...this.allDomains, subDomainDef.domain],
+			domain: subDomainDef.domain,
+			actionSchema: subDomainDef.actions
+		}, { rootDomain: this._rootDomain });
 	}
-	/** Whether this acceptor currently tracks `connection` — used to pick the owning handler among several. */
-	hasConnection(connection) {
-		return this._clientByConn.has(connection);
+	get action() {
+		return this._actionMap;
 	}
-	/**
-	* Send (and optionally await) a server-initiated action to a specific connected client. Pass the
-	* connection token directly (e.g. the `ws`) or a client `RuntimeCoordinate` to look one up.
-	*/
-	pushToClient(runtime, target, request, options) {
-		const connection = this._resolveConnection(target);
-		return this._dispatch(runtime, connection, request, options?.timeout);
+	actionsMap() {
+		return this._actionMap;
 	}
-	/**
-	* Build a local handler whose cases are connection-aware: each case receives the primed request and
-	* the originating client's live connection (resolved from `originClient`), so handlers don't repeat
-	* the `getConnectionForClient(action.context.originClient)` lookup. Cases may return raw output or
-	* nothing, just like {@link ActionLocalHandler.forDomainActionCases}. Add the returned handler to the
-	* runtime alongside this server handler:
-	* ```ts
-	* runtime.addHandlers([serverHandler.forConnectionDomainCases(domain, { … }), serverHandler]);
-	* ```
-	*/
-	forConnectionDomainCases(domain, cases) {
-		return this.forConnectionDomainCasesMulti([domain], cases);
+	actionForId(id) {
+		if (!this.actionSchema[id]) throw require_httpAcceptorCarrier.err_nice_action.fromId("action_id_not_in_domain", {
+			domain: this.domain,
+			actionId: id
+		});
+		return new ActionCore(this, id);
 	}
-	/**
-	* Like {@link forConnectionDomainCases} but spanning several domains with one merged case map — used
-	* by channel-derived wiring (`acceptChannelConnections`) where the channel's `toAcceptor` domains are
-	* served together. Each domain takes only the cases whose ids it owns, so a single map can cover
-	* several domains and unrelated ids are ignored.
-	*/
-	forConnectionDomainCasesMulti(domains, cases) {
-		const handler = new ActionLocalHandler();
-		for (const domain of domains) {
-			const ownedIds = new Set(Object.keys(domain.actionsMap()));
-			const wrapped = {};
-			for (const id in cases) {
-				if (!ownedIds.has(id)) continue;
-				const caseFn = cases[id];
-				if (caseFn == null) continue;
-				wrapped[id] = (request) => caseFn(request, this.getConnectionForClient(request.context.originClient));
-			}
-			handler.forDomainActionCases(domain, wrapped);
+	wrapAsPartialLocalHandler(wrappedActionExecutor) {
+		const _handler = new require_httpAcceptorCarrier.ActionLocalHandler();
+		const executor = wrappedActionExecutor;
+		for (const actionKey in wrappedActionExecutor) {
+			if (!this.actionSchema[actionKey]) continue;
+			_handler.forAction(this.actionForId(actionKey), (request) => executor[request.id](request.input));
 		}
-		return handler;
+		return _handler;
 	}
-	/**
-	* Fan a server-initiated request out to every currently-bound connection. A fresh request is built
-	* per connection (each push mutates its own action context) and dispatched fire-and-forget. Pass
-	* `except` to skip the originating socket and `where` to filter by connection (e.g. read its
-	* attachment for a role). Iterating bound connections (rather than every accepted socket) skips
-	* sockets that are still mid-handshake and so can't yet receive a frame.
-	*/
-	broadcast(makeRequest, options) {
-		const runtime = options?.runtime ?? this._runtime;
-		if (runtime == null) throw err_nice_transport.fromId("not_found", { actionId: "server-handler-runtime (construct with `runtime` or pass `options.runtime`)" });
-		for (const connection of this._clientByConn.keys()) {
-			if (options?.except != null && connection === options.except) continue;
-			if (options?.where != null && !options.where(connection)) continue;
-			try {
-				this.pushToClient(runtime, connection, makeRequest(), { timeout: options?.timeout });
-			} catch (error) {
-				if (options?.onError != null) options.onError(error, connection);
-				else console.error("[ws-server] broadcast push failed", error);
-			}
-		}
+	wrapAsLocalHandler(wrappedActionExecutor) {
+		const _handler = new require_httpAcceptorCarrier.ActionLocalHandler();
+		const executor = wrappedActionExecutor;
+		return _handler.forDomain(this, (request) => executor[request.id](request.input));
 	}
-	async sendReturnPayload(payload, config) {
-		const connection = this._connByClient.get(payload.context.originClient.stringId);
-		if (connection == null) return false;
-		this._sendPayload(connection, payload, config.targetLocalRuntime.coordinate);
-		return true;
+	hydrateContext(id, contextData) {
+		return new ActionContext(this, id, {
+			timeCreated: contextData.timeCreated,
+			cuid: contextData.cuid,
+			routing: contextData.routing.map((item) => {
+				return {
+					runtime: new require_httpAcceptorCarrier.RuntimeCoordinate(item.runtime),
+					handler: item.handler,
+					time: item.time
+				};
+			}),
+			originClient: contextData.originClient ? new require_httpAcceptorCarrier.RuntimeCoordinate(contextData.originClient) : require_httpAcceptorCarrier.RuntimeCoordinate.unknown
+		});
 	}
-	async handleActionRequest(action, config) {
-		const runtime = config?.targetLocalRuntime ?? ActionRuntime.getDefault();
-		const connection = this._resolveSingleConnection();
-		return this._dispatch(runtime, connection, action, config?.timeout);
+	isDomainAction(action) {
+		return isAction_Any_Instance(action) && action.domain === this.domain;
 	}
-	_dispatch(runtime, connection, action, timeout) {
-		const timeoutMs = timeout ?? this._serverTimeout;
-		action.context._setOriginClient(runtime.coordinate);
-		action.context.addRouteItem({
-			runtime: runtime.coordinate,
-			handler: this.toHandlerRouteItem(),
-			time: Date.now()
+	hydrateRequestPayload(serialized) {
+		if (serialized.type !== "request") throw require_httpAcceptorCarrier.err_nice_action.fromId("hydration_action_state_mismatch", {
+			expected: "request",
+			received: serialized.type
 		});
-		const runningAction = new RunningAction({
-			context: action.context,
-			request: action,
-			parentCuid: peekHandlerCuid(),
-			callSite: action._callSite
+		if (serialized.domain !== this.domain) throw require_httpAcceptorCarrier.err_nice_action.fromId("hydration_domain_mismatch", {
+			expected: this.domain,
+			received: serialized.domain
 		});
-		runtime.registerRunningAction(runningAction);
-		if (action.schema.responseMode === "none") {
-			try {
-				this._sendPayload(connection, action, runtime.coordinate);
-				runningAction._completeWithResult(action.successResult(void 0));
-			} catch (err) {
-				runningAction._abort(err);
-			}
-			return runningAction;
-		}
-		const timeoutId = setTimeout(() => {
-			runningAction._abort(err_nice_transport.fromId("timeout", { timeout: timeoutMs }));
-		}, timeoutMs);
-		runningAction.addUpdateListeners([(update) => {
-			if (update.type === "finished") clearTimeout(timeoutId);
-		}]);
-		try {
-			this._sendPayload(connection, action, runtime.coordinate);
-		} catch (err) {
-			runningAction._abort(err);
-		}
-		return runningAction;
-	}
-	_sendPayload(connection, payload, localClient) {
-		const frame = (this._connEncoding.get(connection) ?? "binary") === "json" ? JSON.stringify(payload.toJsonObject()) : this._codecFor(connection).outgoing({
-			action: payload,
-			localClient,
-			externalClient: this.peerClient
+		const id = serialized.id;
+		if (!this.actionSchema[id]) throw require_httpAcceptorCarrier.err_nice_action.fromId("hydration_action_id_not_found", {
+			domain: this.domain,
+			actionId: serialized.id
 		});
-		const session = this._sessionByConn.get(connection);
-		if (session == null) {
-			this._send(connection, frame);
-			return;
-		}
-		session.send(frame);
+		const contextAction = this.hydrateContext(id, serialized.context);
+		return new require_httpAcceptorCarrier.ActionPayload_Request({ context: contextAction }, contextAction.deserializeInput(serialized.input), { time: serialized.time });
 	}
-	_bindConnection(connection, client) {
-		this._connByClient.set(client.stringId, connection);
-		this._clientByConn.set(connection, client);
+	hydrateResultPayload(serialized) {
+		if (serialized.type !== "result") throw require_httpAcceptorCarrier.err_nice_action.fromId("hydration_action_state_mismatch", {
+			expected: "result",
+			received: serialized.type
+		});
+		if (serialized.domain !== this.domain) throw require_httpAcceptorCarrier.err_nice_action.fromId("hydration_domain_mismatch", {
+			expected: this.domain,
+			received: serialized.domain
+		});
+		const id = serialized.id;
+		if (!this.actionSchema[id]) throw require_httpAcceptorCarrier.err_nice_action.fromId("hydration_action_id_not_found", {
+			domain: this.domain,
+			actionId: serialized.id
+		});
+		const contextAction = this.hydrateContext(id, serialized.context);
+		const result = serialized.result.ok ? {
+			ok: true,
+			output: contextAction.schema.deserializeOutput(serialized.result.output)
+		} : serialized.result;
+		return new require_httpAcceptorCarrier.ActionPayload_Result({ context: contextAction }, result, { time: serialized.time });
 	}
-	_resolveConnection(target) {
-		if (target instanceof RuntimeCoordinate) {
-			const connection = this._connByClient.get(target.stringId);
-			if (connection == null) throw err_nice_transport.fromId("not_found", { actionId: target.stringId });
-			return connection;
+	hydrateAnyAction(actionJson) {
+		assertIsActionJson(actionJson);
+		if (actionJson.form === "data") {
+			if (actionJson.type === "request") return this.hydrateRequestPayload(actionJson);
+			if (actionJson.type === "result") return this.hydrateResultPayload(actionJson);
 		}
-		return target;
+		return this.actionForId(actionJson.id);
 	}
-	_resolveSingleConnection() {
-		if (this._clientByConn.size !== 1) throw err_nice_transport.fromId("not_found", { actionId: "server-handler-target (use pushToClient with an explicit connection or client coordinate)" });
-		return this._clientByConn.keys().next().value;
+	async runAction(request, options) {
+		const allListeners = [...options?.listeners ?? [], ...this._listeners];
+		return this._rootDomain._runAction(request, {
+			...options,
+			listeners: allListeners
+		});
+	}
+	createActionMap() {
+		const map = {};
+		for (const id in this.actionSchema) map[id] = new ActionCore(this, id);
+		return map;
 	}
 };
-const createAcceptorHandler = (options) => {
-	return new AcceptorHandler(options);
-};
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Acceptor/createSecureActionServer.ts
-/** Default accepted set: negotiate per connection to whatever the client picks. */
-const DEFAULT_SERVER_SECURITY_LEVELS$1 = [
-	"none",
-	"authenticated",
-	"encrypted"
-];
-/**
-* Build an {@link AcceptorHandler} for the secure binary channel with the boilerplate folded in:
-* it creates the {@link ClientCryptoKeyLink} and the storage-backed TOFU resolver from a single
-* `storageAdapter`, installs the channel's per-connection codec, and assembles the `security` block
-* from the runtime coordinate + channel version (accepting all three levels by default).
-*
-* For a hibernatable transport (e.g. a Durable Object), pair it with
-* {@link createHibernatableWsServerAdapter} to wire persistence + replay.
-*/
-function createSecureAcceptorHandler(options) {
-	const link = options.link ?? new _nice_code_util.ClientCryptoKeyLink({ storageAdapter: options.storageAdapter });
-	return new AcceptorHandler({
-		clientEnv: options.clientEnv,
-		createFormatMessage: options.channel.createCodec,
-		send: options.send,
-		runtime: options.runtime,
-		defaultTimeout: options.defaultTimeout,
-		security: {
-			securityLevel: options.securityLevel ?? DEFAULT_SERVER_SECURITY_LEVELS$1,
-			link,
-			localCoordinate: options.runtime.coordinate.toJsonObject(),
-			dictionaryVersion: options.channel.dictionaryVersion,
-			verifyKeyResolver: options.verifyKeyResolver ?? createStorageTofuVerifyKeyResolver(options.storageAdapter)
-		}
-	});
-}
 //#endregion
-//#region src/ActionRuntime/Channel/ActionChannel.ts
-/**
-* Declare a transport-agnostic channel by role. Use it for HTTP, custom transports, or as the routing
-* half of a richer channel. The order of each list is part of the contract for wire formats that pack
-* positionally (see `defineSecureChannel`) — add new domains to the end of their list. (`domains` is
-* accepted as a legacy alias for `toAcceptor`.)
-*/
-function defineChannel(options) {
-	return {
-		toAcceptorDomains: options.toAcceptor,
-		toConnectorDomains: options.toConnector
-	};
-}
-/**
-* Wire a connection to the acceptor straight from a channel: route the channel's `toAcceptor` domains to
-* the acceptor over `transports`, and register local handlers for its `toConnector` pushes from
-* `onPush`. The channel is the single source of truth for *what* is routed in each direction — the
-* caller only supplies the transport(s) and the push handlers, never restated domain lists. Pass several
-* transports to make the connector→acceptor path transport-agnostic (e.g. secure WS preferred, HTTP
-* fallback).
-*
-* Sugar over {@link ActionRuntime.connectTo}. Returns the acceptor handler so the caller can later
-* `clearTransportCache()` it.
-*/
-function connectChannel(runtime, acceptorCoordinate, options) {
-	const pushHandlers = options.onPush != null ? options.channel.toConnectorDomains.map((domain) => domain.wrapAsPartialLocalHandler(options.onPush)) : [];
-	return runtime.connectTo(acceptorCoordinate, {
-		transports: options.transports,
-		domains: [...options.channel.toAcceptorDomains],
-		localHandlers: pushHandlers,
-		defaultTimeout: options.defaultTimeout
-	});
-}
-/**
-* Register an acceptor handler's execution for a channel straight from its definition: the channel's
-* `toAcceptor` domains are served together with one merged, connection-aware case map (each case gets
-* the primed request + the originating connection, as with
-* {@link AcceptorHandler.forConnectionDomainCases}). The domain list is taken from the channel,
-* never restated. Add the returned handler to the runtime alongside the acceptor handler:
-* ```ts
-* runtime.addHandlers([acceptChannelConnections(serverHandler, channel, { … }), serverHandler]);
-* ```
-*/
-function acceptChannelConnections(serverHandler, channel, cases) {
-	return serverHandler.forConnectionDomainCasesMulti(channel.toAcceptorDomains, cases);
-}
-/**
-* Build the secure {@link AcceptorHandler} for a channel — the accept-in counterpart to
-* {@link connectChannel}. It folds in the same boilerplate as {@link createSecureAcceptorHandler} (the
-* `ClientCryptoKeyLink` + storage-backed TOFU resolver from one `storageAdapter`, the channel's codec +
-* dictionary version, the `security` block from the runtime coordinate) but takes the `(runtime, channel,
-* options)` shape of the channel family. Pair it with {@link acceptChannelConnections} for execution:
-* ```ts
-* const acceptor = acceptChannel(runtime, gameChannel, { clientEnv, storageAdapter, send });
-* runtime.addHandlers([acceptChannelConnections(acceptor, gameChannel, { … }), acceptor]);
-* ```
-*/
-function acceptChannel(runtime, channel, options) {
-	return createSecureAcceptorHandler({
-		channel,
-		runtime,
-		clientEnv: options.clientEnv,
-		storageAdapter: options.storageAdapter,
-		link: options.link,
-		send: options.send,
-		securityLevel: options.securityLevel,
-		verifyKeyResolver: options.verifyKeyResolver,
-		defaultTimeout: options.defaultTimeout
-	});
-}
+//#region src/ActionDefinition/Domain/helpers/createRootActionDomain.ts
+const createActionRootDomain = (definition) => {
+	return new ActionRootDomain(definition);
+};
 //#endregion
 //#region src/ActionRuntime/Transport/codec/actionWireCodec.ts
 /**
@@ -3180,7 +611,7 @@ function pruneExpired(map, now, ttlMs) {
 */
 function createBinaryWireSessionFactory(domains, options) {
 	const { routeToInt, intToRoute } = buildActionRouteDictionary(domains);
-	const unknownIdentity = RuntimeCoordinate.unknown.toJsonObject();
+	const unknownIdentity = require_httpAcceptorCarrier.RuntimeCoordinate.unknown.toJsonObject();
 	const ttlMs = options?.correlationTtlMs ?? DEFAULT_CORRELATION_TTL_MS;
 	return () => {
 		let outCounter = 0;
@@ -3254,548 +685,59 @@ function createBinaryWireSessionFactory(domains, options) {
 						if (payloadType === "result") corrToCuid.delete(corr);
 						originClient = selfIdentity ?? unknownIdentity;
 					}
-					return assembleWireJson(routeMeta, payloadType, time, {
-						cuid,
-						timeCreated: time,
-						routing: [],
-						originClient
-					}, envelope[ENVELOPE$1.payload]);
-				} catch (e) {
-					console.error("[binary-wire] Failed to unpack binary action session frame", e);
-					return;
-				}
-			}
-		};
-	};
-}
-//#endregion
-//#region src/ActionRuntime/Channel/secureChannel.ts
-/**
-* Derive a stable wire-dictionary version from the ordered route list (FNV-1a over `domain:id,…`), so
-* the version moves automatically whenever the transported domains change — a stale peer is then
-* rejected by the handshake instead of silently misrouting a positionally-packed frame.
-*/
-function deriveDictionaryVersion(domains) {
-	const { intToRoute } = buildActionRouteDictionary(domains);
-	const signature = intToRoute.map((route) => `${route.domain}:${route.id}`).join(",");
-	let hash = 2166136261;
-	for (let i = 0; i < signature.length; i++) {
-		hash ^= signature.charCodeAt(i);
-		hash = Math.imul(hash, 16777619);
-	}
-	return `auto:${(hash >>> 0).toString(16).padStart(8, "0")}`;
-}
-/**
-* Bundle a secure channel's shared identity from its transported domains. Both ends MUST call this
-* with the same domains in the same order (the binary wire dictionary is positional). The
-* `dictionaryVersion` is derived from those domains unless you pin an explicit one.
-*
-* Declare the domains *by role* — `toAcceptor` (connector→acceptor requests) and `toConnector`
-* (acceptor→connector pushes) — so the routing for both ends is derived from the channel (see
-* {@link connectChannel} and `acceptChannelConnections`) instead of being restated at each end. The
-* wire dictionary spans `[...toAcceptor, ...toConnector]` in that order; add new domains to the end of
-* their list to keep older peers compatible. (`domains` is still accepted as a legacy alias for
-* `toAcceptor`.)
-*/
-function defineSecureChannel(options) {
-	const base = defineChannel({
-		toAcceptor: options.toAcceptor,
-		toConnector: options.toConnector
-	});
-	const allDomains = [...base.toAcceptorDomains, ...base.toConnectorDomains];
-	return {
-		...base,
-		dictionaryVersion: options.dictionaryVersion ?? deriveDictionaryVersion(allDomains),
-		createCodec: createBinaryWireSessionFactory(allDomains, options.sessionOptions)
-	};
-}
-//#endregion
-//#region src/ActionRuntime/Transport/SecureSession/exchangeProtocol.ts
-function encodeExchange(envelope) {
-	return JSON.stringify(envelope);
-}
-function decodeExchangeRequest(raw) {
-	return parse(raw);
-}
-function decodeExchangeReply(raw) {
-	return parse(raw);
-}
-function parse(raw) {
-	try {
-		return JSON.parse(raw);
-	} catch {
-		return;
-	}
-}
-function bytesToBase64(bytes) {
-	let binary = "";
-	for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
-	return btoa(binary);
-}
-function base64ToBytes(base64) {
-	const binary = atob(base64);
-	const bytes = new Uint8Array(binary.length);
-	for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
-	return bytes;
-}
-//#endregion
-//#region src/ActionRuntime/Transport/SecureSession/exchangeAcceptor.ts
-const textEncoder$1 = new TextEncoder();
-const textDecoder$1 = new TextDecoder();
-/**
-* Acceptor (accept-in) side of the secure exchange protocol — the HTTP counterpart to
-* {@link AcceptorSecureSession}. Each POST body is one {@link decodeExchangeRequest} envelope; the
-* acceptor drives the server handshake over the two `hs` POSTs (correlated by `hsid`, since stateless
-* requests can't rely on channel ordering), mints a session **token** on accept, and on every later `act`
-* POST resolves the session by token, decrypts the body (at `encrypted`), routes it through the runtime,
-* and returns the (encrypted) result inline as the reply.
-*
-* Sessions and in-flight handshakes are held in memory — fine for a single-instance server. (Surviving a
-* Durable-Object eviction would persist each token's `keyMaterial` and re-derive the key on a miss, the
-* same primitive `AcceptorSecureSession.rehydrate` uses; left as a follow-up.)
-*/
-var ExchangeAcceptor = class {
-	_security;
-	_runtime;
-	_allowedLevels;
-	_noneAllowed;
-	_pendingHandshakes = /* @__PURE__ */ new Map();
-	_sessions = /* @__PURE__ */ new Map();
-	constructor(config) {
-		this._security = config.security;
-		this._runtime = config.runtime;
-		this._allowedLevels = Array.isArray(config.security.securityLevel) ? config.security.securityLevel : [config.security.securityLevel];
-		this._noneAllowed = this._allowedLevels.includes("none");
-	}
-	/** Process one POST body (an exchange envelope), returning the reply body to send back. */
-	async handlePost(body) {
-		const request = decodeExchangeRequest(body);
-		if (request == null) return this._err("malformed exchange request");
-		if (request.k === "hs") return encodeExchange(await this._handleHandshake(request));
-		return encodeExchange(await this._handleAction(request));
-	}
-	async _handleHandshake(request) {
-		const message = decodeHandshakeMessage(request.m);
-		if (message == null) return {
-			k: "err",
-			message: "malformed handshake message"
-		};
-		const security = this._security;
-		await security.link.initialize();
-		let handshake = this._pendingHandshakes.get(request.hsid);
-		if (handshake == null) {
-			handshake = createServerHandshake({
-				link: security.link,
-				localCoordinate: security.localCoordinate,
-				dictionaryVersion: security.dictionaryVersion,
-				securityLevel: security.securityLevel,
-				verifyKeyResolver: security.verifyKeyResolver
-			});
-			this._pendingHandshakes.set(request.hsid, handshake);
-		}
-		if (message.t === "hello") return {
-			k: "hs",
-			m: encodeHandshakeMessage(await handshake.onHello(message))
-		};
-		if (message.t === "prove") {
-			const reply = await handshake.onProve(message);
-			this._pendingHandshakes.delete(request.hsid);
-			const result = handshake.getResult();
-			if (reply.t === "accept" && result != null) {
-				const token = (0, nanoid.nanoid)();
-				this._sessions.set(token, {
-					client: new RuntimeCoordinate(result.remote),
-					securityLevel: result.securityLevel,
-					crypto: result.securityLevel === "encrypted" ? createActionFrameCrypto({
-						link: security.link,
-						linkedClientId: result.linkedClientId
-					}) : void 0
-				});
-				return {
-					k: "hs",
-					m: encodeHandshakeMessage(reply),
-					t: token
-				};
-			}
-			return {
-				k: "hs",
-				m: encodeHandshakeMessage(reply)
-			};
-		}
-		return {
-			k: "err",
-			message: `unexpected handshake message ${message.t}`
-		};
-	}
-	async _handleAction(request) {
-		let session;
-		let candidate;
-		if (request.t != null) {
-			session = this._sessions.get(request.t);
-			if (session == null) return {
-				k: "err",
-				message: "unknown or expired session token"
-			};
-			if ("c" in request) {
-				if (session.crypto == null) return {
-					k: "err",
-					message: "session is not encrypted"
-				};
-				const plain = await session.crypto.decryptFrame(base64ToBytes(request.c));
-				candidate = JSON.parse(textDecoder$1.decode(plain));
-			} else candidate = request.w;
-		} else {
-			if (!this._noneAllowed || "c" in request) return {
-				k: "err",
-				message: "missing session token"
-			};
-			candidate = request.w;
-		}
-		if (!isActionPayload_Any_JsonObject(candidate)) return {
-			k: "err",
-			message: "malformed action wire"
-		};
-		const wire = candidate;
-		if (session != null && wire.type === "request") wire.context.originClient = session.client.toJsonObject();
-		const resultWire = (await (await this._runtime.handleActionPayloadWire(wire)).waitForResultPayload()).toJsonObject();
-		if (session?.crypto != null) return {
-			k: "act",
-			c: bytesToBase64(await session.crypto.encryptFrame(textEncoder$1.encode(JSON.stringify(resultWire))))
-		};
-		return {
-			k: "act",
-			w: resultWire
-		};
-	}
-	_err(message) {
-		return encodeExchange({
-			k: "err",
-			message
-		});
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Acceptor/createActionFetchHandler.ts
-/** Permissive defaults — fine for a public action endpoint; override (or disable) via `cors`. */
-const DEFAULT_CORS_HEADERS = {
-	"Access-Control-Allow-Origin": "*",
-	"Access-Control-Allow-Methods": "GET, POST, OPTIONS",
-	"Access-Control-Allow-Headers": "Content-Type",
-	"Access-Control-Max-Age": "86400"
-};
-/**
-* Build the `fetch` handler a server/Durable-Object exposes for action traffic, folding in the
-* boilerplate every endpoint repeats: CORS (incl. the `OPTIONS` preflight), routing the `/action`
-* `POST` body through the runtime (`handleActionPayloadWire` → `waitForResultPayload` →
-* `toHttpResponse`), an optional WebSocket-upgrade hook, and a `404` fallback.
-*
-* It only touches web-standard `Request`/`Response`, so it stays transport-agnostic — the one
-* environment-specific bit (the WS upgrade) is injected via {@link IActionFetchHandlerOptions.onWebSocketUpgrade}:
-* ```ts
-* this.fetchHandler = createActionFetchHandler(this.runtime, {
-*   onWebSocketUpgrade: () => {
-*     const pair = new WebSocketPair();
-*     this.ctx.acceptWebSocket(pair[1]);
-*     return new Response(null, { status: 101, webSocket: pair[0] });
-*   },
-* });
-* // async fetch(request) { return this.fetchHandler(request); }
-* ```
-*/
-function createActionFetchHandler(runtime, options = {}) {
-	const corsHeaders = options.cors === false ? {} : options.cors ?? DEFAULT_CORS_HEADERS;
-	const isActionPath = options.isActionPath ?? ((url) => url.pathname.endsWith("/action"));
-	const isWebSocketPath = options.isWebSocketPath ?? ((url) => url.pathname.endsWith("/ws"));
-	const exchangeAcceptor = options.security != null ? new ExchangeAcceptor({
-		runtime,
-		security: options.security
-	}) : void 0;
-	const withCors = (response) => {
-		if (options.cors === false) return response;
-		const headers = new Headers(response.headers);
-		for (const [key, value] of Object.entries(corsHeaders)) headers.set(key, value);
-		return new Response(response.body, {
-			status: response.status,
-			headers
-		});
-	};
-	return async (request) => {
-		if (request.method === "OPTIONS") return withCors(new Response(null, { status: 204 }));
-		const url = new URL(request.url);
-		const isWebSocketUpgrade = options.isWebSocketUpgrade ?? ((req, u) => req.headers.get("Upgrade") === "websocket" && isWebSocketPath(u));
-		if (options.onWebSocketUpgrade != null && isWebSocketUpgrade(request, url)) return options.onWebSocketUpgrade(request, url);
-		if (request.method === "POST" && isActionPath(url)) {
-			if (exchangeAcceptor != null) {
-				const reply = await exchangeAcceptor.handlePost(await request.text());
-				return withCors(new Response(reply, {
-					status: 200,
-					headers: { "Content-Type": "application/json" }
-				}));
+					return assembleWireJson(routeMeta, payloadType, time, {
+						cuid,
+						timeCreated: time,
+						routing: [],
+						originClient
+					}, envelope[ENVELOPE$1.payload]);
+				} catch (e) {
+					console.error("[binary-wire] Failed to unpack binary action session frame", e);
+					return;
+				}
 			}
-			return withCors((await (await runtime.handleActionPayloadWire(await request.json())).waitForResultPayload()).toHttpResponse({ useErrorStatus: options.useErrorStatus }));
-		}
-		return withCors(new Response("Not found", { status: 404 }));
+		};
 	};
 }
 //#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Acceptor/Hibernation/ConnectionStateStore.ts
-/**
-* A typed per-connection state store that co-owns the app state and the acceptor handler's routing
-* binding in one attachment, so neither the consumer nor the handler has to hand-merge the two. Create
-* it through {@link createConnectionStateStore} (which also wires binding persistence and replays
-* surviving connections after a wake), then `get`/`set`/`clearApp` the app state directly.
-*
-* The mechanism is carrier-neutral — it only needs read/write/enumerate callbacks for the connection's
-* attachment — but it pays off on transports whose connections outlive process eviction (e.g. a
-* Durable Object's hibernatable WebSockets), which is why it lives beside the hibernation adapter.
-*
-* ```ts
-* const players = createConnectionStateStore(serverHandler, {
-*   schema: vs_player,
-*   read: (ws) => ws.deserializeAttachment(),
-*   write: (ws, v) => ws.serializeAttachment(v),
-*   getConnections: () => ctx.getWebSockets(),
-* });
-* players.set(ws, player); // binding is preserved automatically
-* const player = players.get(ws);
-* ```
-*/
-var ConnectionStateStore = class {
-	options;
-	constructor(options) {
-		this.options = options;
-	}
-	/** The validated app state for a connection, or `null` if unset / invalid. */
-	get(connection) {
-		return this._readAttachment(connection).app ?? null;
-	}
-	/** Set the app state, preserving the runtime binding already pinned to the connection. */
-	set(connection, app) {
-		const existing = this._readAttachment(connection);
-		this.options.write(connection, {
-			app,
-			binding: existing.binding
-		});
-	}
-	/** Clear the app state but keep the binding (e.g. a spectator that stopped watching). */
-	clearApp(connection) {
-		const existing = this._readAttachment(connection);
-		this.options.write(connection, { binding: existing.binding });
-	}
-	/** Every live connection paired with its (validated) app state — for rebuilding in-memory state after a wake. */
-	entries() {
-		return this.options.getConnections().map((connection) => [connection, this._readAttachment(connection).app ?? null]);
-	}
-	/** @internal Persist a freshly-bound connection's binding, preserving any app state already stored. */
-	_persistBinding(connection, binding) {
-		const existing = this._readAttachment(connection);
-		this.options.write(connection, {
-			app: existing.app,
-			binding
-		});
-	}
-	/** @internal The persisted binding for a connection, if any (used to replay routing after a wake). */
-	_readBinding(connection) {
-		return this._readAttachment(connection).binding;
-	}
-	_readAttachment(connection) {
-		try {
-			const raw = this.options.read(connection);
-			if (typeof raw !== "object" || raw === null) return {};
-			const attachment = raw;
-			const result = {};
-			if (attachment.binding != null) result.binding = attachment.binding;
-			if (attachment.app !== void 0) {
-				const app = this._validateApp(attachment.app);
-				if (app !== void 0) result.app = app;
-			}
-			return result;
-		} catch {
-			return {};
-		}
-	}
-	_validateApp(value) {
-		const schema = this.options.schema;
-		if (schema == null) return value;
-		const result = schema["~standard"].validate(value);
-		if (result instanceof Promise) return void 0;
-		if (result.issues != null) return void 0;
-		return result.value;
-	}
-};
+//#region src/ActionRuntime/Channel/secureChannel.ts
 /**
-* Build a per-connection {@link ConnectionStateStore} bound to an {@link AcceptorHandler}: it registers
-* itself as the handler's connection-bound persistence callback (so bindings are written without
-* overwriting app state) and immediately replays every live connection's stored binding via
-* {@link AcceptorHandler.rehydrateConnection} — so on a transport that resumes after eviction (e.g. a
-* Durable Object waking from hibernation) both the app identity and the action routing come back from a
-* single attachment, with no storage reads and no hand-rolled merge.
-*
-* Lives outside the handler so the generic {@link AcceptorHandler} stays free of any attachment/
-* hibernation concern — it exposes only the neutral `setOnConnectionBound` + `rehydrateConnection`
-* hooks this builder drives.
+* Derive a stable wire-dictionary version from the ordered route list (FNV-1a over `domain:id,…`), so
+* the version moves automatically whenever the transported domains change — a stale peer is then
+* rejected by the handshake instead of silently misrouting a positionally-packed frame.
 */
-function createConnectionStateStore(handler, options) {
-	const store = new ConnectionStateStore(options);
-	handler.setOnConnectionBound((connection, binding) => store._persistBinding(connection, binding));
-	for (const connection of options.getConnections()) {
-		const binding = store._readBinding(connection);
-		if (binding != null) handler.rehydrateConnection(connection, binding);
+function deriveDictionaryVersion(domains) {
+	const { intToRoute } = buildActionRouteDictionary(domains);
+	const signature = intToRoute.map((route) => `${route.domain}:${route.id}`).join(",");
+	let hash = 2166136261;
+	for (let i = 0; i < signature.length; i++) {
+		hash ^= signature.charCodeAt(i);
+		hash = Math.imul(hash, 16777619);
 	}
-	return store;
+	return `auto:${(hash >>> 0).toString(16).padStart(8, "0")}`;
 }
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Acceptor/Hibernation/createHibernatableWsServerAdapter.ts
 /**
-* Wire the hibernation lifecycle for an acceptor handler on a transport whose connections outlive process
-* eviction (e.g. a Durable Object's hibernatable WebSockets). It owns persistence end to end:
-* registers `setAttachment` as the handler's connection-bound callback and immediately replays every
-* live connection's stored binding via `getAttachment`, so results/pushes still route after a wake.
-*
-* Layered on top of the generic {@link AcceptorHandler} — it touches only the handler's neutral
-* `setOnConnectionBound` / `rehydrateConnection` / `receive` / `dropConnection` surface, so no
-* hibernation concern leaks into the handler itself.
+* Bundle a secure channel's shared identity from its transported domains. Both ends MUST call this
+* with the same domains in the same order (the binary wire dictionary is positional). The
+* `dictionaryVersion` is derived from those domains unless you pin an explicit one.
 *
-* Construct it once when the handler is built, then forward connection events:
-* ```ts
-* const duplex = createHibernatableWsServerAdapter({ handler, getConnections, getAttachment, setAttachment });
-* // webSocketMessage(ws, msg) => duplex.receive(ws, msg);
-* // webSocketClose/Error(ws)  => duplex.drop(ws);
-* ```
+* Declare the domains *by role* — `toAcceptor` (connector→acceptor requests) and `toConnector`
+* (acceptor→connector pushes) — so the routing for both ends is derived from the channel (see
+* {@link connectChannel} and `acceptChannelConnections`) instead of being restated at each end. The
+* wire dictionary spans `[...toAcceptor, ...toConnector]` in that order; add new domains to the end of
+* their list to keep older peers compatible. (`domains` is still accepted as a legacy alias for
+* `toAcceptor`.)
 */
-function createHibernatableWsServerAdapter(options) {
-	const { handler, getConnections, getAttachment, setAttachment } = options;
-	handler.setOnConnectionBound(setAttachment);
-	for (const connection of getConnections()) {
-		const binding = getAttachment(connection);
-		if (binding != null) handler.rehydrateConnection(connection, binding);
-	}
-	return {
-		receive: (connection, frame) => handler.receive(connection, frame),
-		drop: (connection) => handler.dropConnection(connection)
-	};
-}
-//#endregion
-//#region src/ActionRuntime/Channel/serveChannel.ts
-/** Default accepted set, shared by every carrier: negotiate per connection to whatever the client picks. */
-const DEFAULT_SERVER_SECURITY_LEVELS = [
-	"none",
-	"authenticated",
-	"encrypted"
-];
-function serveChannel(runtime, channel, options) {
-	const duplexCarriers = options.carriers.filter((carrier) => !require_wsAcceptorCarrier.isExchangeAcceptorCarrier(carrier));
-	const exchangeCarriers = options.carriers.filter(require_wsAcceptorCarrier.isExchangeAcceptorCarrier);
-	if (exchangeCarriers.length > 1) throw new Error("serveChannel: at most one exchange carrier is supported");
-	const exchangeCarrier = exchangeCarriers[0];
-	const singleDuplex = duplexCarriers.length === 1;
-	if (options.connectionState != null && !singleDuplex) throw new Error("serveChannel: `connectionState` requires exactly one duplex carrier");
-	if (options.channelCases != null && !singleDuplex) throw new Error("serveChannel: `channelCases` requires exactly one duplex carrier");
-	const exchangeSecure = exchangeCarrier != null && (exchangeCarrier.secure ?? true);
-	const anyDuplexSecure = duplexCarriers.some((carrier) => carrier.secure ?? true);
-	const securityLevel = options.securityLevel ?? DEFAULT_SERVER_SECURITY_LEVELS;
-	let secure;
-	if (anyDuplexSecure || exchangeSecure) {
-		const storage = options.storage;
-		if (storage == null) throw new Error("serveChannel: a secure carrier requires `storage`. Pass it, or set `secure: false` on the carrier for a plain endpoint.");
-		secure = {
-			storage,
-			link: options.link ?? new _nice_code_util.ClientCryptoKeyLink({ storageAdapter: storage }),
-			verifyKeyResolver: options.verifyKeyResolver ?? createStorageTofuVerifyKeyResolver(storage)
-		};
-	}
-	const plainRouter = (handler) => ({
-		receive: (connection, frame) => handler.receive(connection, frame),
-		drop: (connection) => handler.dropConnection(connection)
-	});
-	const asObject = (value) => typeof value === "object" && value != null ? value : {};
-	const handlers = [];
-	let connections;
-	for (const carrier of duplexCarriers) {
-		const handler = (carrier.secure ?? true) && secure != null ? acceptChannel(runtime, channel, {
-			clientEnv: options.clientEnv,
-			storageAdapter: secure.storage,
-			link: secure.link,
-			verifyKeyResolver: secure.verifyKeyResolver,
-			securityLevel,
-			send: carrier.send,
-			defaultTimeout: options.defaultTimeout
-		}) : createAcceptorHandler({
-			clientEnv: options.clientEnv,
-			createFormatMessage: channel.createCodec,
-			send: carrier.send,
-			runtime,
-			defaultTimeout: options.defaultTimeout
-		});
-		const attach = carrier.attachmentStore;
-		let router;
-		if (attach == null) router = plainRouter(handler);
-		else if (options.connectionState != null) {
-			connections = createConnectionStateStore(handler, {
-				schema: options.connectionState.schema,
-				getConnections: attach.getConnections,
-				read: attach.read,
-				write: attach.write
-			});
-			router = plainRouter(handler);
-		} else router = createHibernatableWsServerAdapter({
-			handler,
-			getConnections: attach.getConnections,
-			getAttachment: (connection) => attach.read(connection)?.binding,
-			setAttachment: (connection, binding) => attach.write(connection, {
-				...asObject(attach.read(connection)),
-				binding
-			})
-		});
-		carrier._activate(router);
-		handlers.push(handler);
-	}
-	runtime.addHandlers([...options.handlers ?? [], ...handlers]);
-	if (options.channelCases != null) runtime.addHandlers([acceptChannelConnections(handlers[0], channel, options.channelCases)]);
-	const exchangeSecurity = exchangeSecure && secure != null ? {
-		link: secure.link,
-		verifyKeyResolver: secure.verifyKeyResolver,
-		localCoordinate: runtime.coordinate.toJsonObject(),
-		dictionaryVersion: channel.dictionaryVersion,
-		securityLevel
-	} : void 0;
-	const defaultIsUpgrade = (request) => request.headers.get("Upgrade") === "websocket";
-	const upgraders = [];
-	for (const carrier of duplexCarriers) {
-		if (carrier.upgrade == null) continue;
-		upgraders.push({
-			isUpgrade: carrier.isUpgrade ?? defaultIsUpgrade,
-			upgrade: carrier.upgrade
-		});
-	}
-	const fetch = createActionFetchHandler(runtime, {
-		cors: exchangeCarrier?.cors,
-		onWebSocketUpgrade: upgraders.length === 0 ? void 0 : (request, url) => (upgraders.find((u) => u.isUpgrade(request, url)) ?? upgraders[0]).upgrade(request, url),
-		isWebSocketUpgrade: upgraders.length === 0 ? void 0 : (request, url) => upgraders.some((u) => u.isUpgrade(request, url)),
-		isActionPath: exchangeCarrier != null ? exchangeCarrier.isActionPath ?? (() => true) : () => false,
-		security: exchangeSecurity,
-		useErrorStatus: exchangeCarrier?.useErrorStatus
+function defineSecureChannel(options) {
+	const base = require_httpAcceptorCarrier.defineChannel({
+		toAcceptor: options.toAcceptor,
+		toConnector: options.toConnector
 	});
-	const duplex = duplexCarriers.length === 1 ? duplexCarriers[0] : void 0;
-	const pushToClient = (target, request, pushOptions) => {
-		const owner = target instanceof RuntimeCoordinate ? handlers.find((handler) => handler.ownsLiveConnectionFor(target)) : handlers.find((handler) => handler.hasConnection(target));
-		if (owner == null) throw new Error("serveChannel: no duplex carrier holds a connection for the push target");
-		return owner.pushToClient(runtime, target, request, pushOptions);
-	};
-	const broadcast = (makeRequest, broadcastOptions) => {
-		if (!singleDuplex) throw new Error("serveChannel: broadcast requires exactly one duplex carrier — broadcast over a specific handlers[i] instead");
-		handlers[0].broadcast(makeRequest, {
-			runtime,
-			...broadcastOptions
-		});
-	};
+	const allDomains = [...base.toAcceptorDomains, ...base.toConnectorDomains];
 	return {
-		handlers,
-		fetch,
-		duplex,
-		pushToClient,
-		broadcast,
-		connections
+		...base,
+		dictionaryVersion: options.dictionaryVersion ?? deriveDictionaryVersion(allDomains),
+		createCodec: createBinaryWireSessionFactory(allDomains, options.sessionOptions)
 	};
 }
 //#endregion
@@ -3963,7 +905,7 @@ let EErrId_NiceTransport_WebSocket = /* @__PURE__ */ function(EErrId_NiceTranspo
 	EErrId_NiceTransport_WebSocket["ws_error"] = "ws_error";
 	return EErrId_NiceTransport_WebSocket;
 }({});
-const err_nice_transport_ws = err_nice_transport.createChildDomain({
+const err_nice_transport_ws = require_httpAcceptorCarrier.err_nice_transport.createChildDomain({
 	domain: "ws_transport",
 	schema: {
 		["ws_disconnected"]: (0, _nice_code_error.err)({ message: () => `WebSocket transport disconnected.` }),
@@ -4084,25 +1026,6 @@ function defaultWebSocket(url) {
 	return ws;
 }
 //#endregion
-//#region src/ActionRuntime/Transport/Carrier/exchange/http/httpAcceptorCarrier.ts
-/**
-* An HTTP {@link IExchangeAcceptorCarrier}: the accept-in dual of {@link httpCarrier}. It serves the
-* secure exchange protocol (handshake → token session → encrypted frames) over web-standard
-* `Request`/`Response`. The crypto identity, runtime coordinate, dictionary version, and accepted security
-* levels are all supplied centrally by `serveChannel`, so this only needs to say which requests carry an
-* action envelope and how to answer CORS.
-*/
-function httpAcceptorCarrier(options = {}) {
-	return {
-		shape: "exchange",
-		carrierLabel: options.carrierLabel ?? "http",
-		secure: options.secure,
-		isActionPath: options.isActionPath,
-		cors: options.cors,
-		useErrorStatus: options.useErrorStatus
-	};
-}
-//#endregion
 //#region src/ActionRuntime/Transport/Carrier/exchange/http/httpCarrier.ts
 function shortPath(url) {
 	try {
@@ -4238,733 +1161,80 @@ function createBinaryWireAdapter(domains) {
 	};
 }
 //#endregion
-//#region src/ActionRuntime/Transport/Transport.ts
-/**
-* Reusable transport definition. Devs construct these (`secureTransport({ carrier: wsCarrier(url) })`,
-* `plainTransport({ carrier: httpCarrier(...) })`, …) and pass them to a
-* `ConnectorHandler`. A single
-* definition can be shared across multiple handlers — each handler builds its own live
-* {@link TransportConnection} via {@link TransportConnection._createConnection}.
-*/
-var Transport = class {};
-//#endregion
-//#region src/ActionRuntime/Transport/SecureSession/establishExchangeSession.ts
-const textEncoder = new TextEncoder();
-const textDecoder = new TextDecoder();
-/** Plain path (no handshake/token): every action rides a bare `act` envelope, plaintext both ways. */
-function finalizePlainExchangeMethods(ctx) {
-	return buildExchangeMethods(ctx, {});
-}
-/** Secure path: run the handshake (two exchanges) once at bring-up, then reuse the token + crypto. */
-async function finalizeSecureExchangeMethods(ctx) {
-	return buildExchangeMethods(ctx, await runConnectorExchangeHandshake(ctx.carrier, ctx.secure));
-}
-function buildExchangeMethods(ctx, state) {
-	const sendActionData = (inputs) => {
-		runExchange(ctx.carrier, state, inputs).catch((err) => inputs.runningAction._abort(err));
-	};
-	return {
-		sendActionData,
-		updateRunConfig: ctx.updateRunConfig
-	};
-}
-async function runExchange(carrier, state, inputs) {
-	const { action, runningAction, timeout } = inputs;
-	const ac = new AbortController();
-	let timedOut = false;
-	const timeoutId = setTimeout(() => {
-		timedOut = true;
-		ac.abort();
-	}, timeout);
-	const unsubscribe = runningAction.addUpdateListeners([(update) => {
-		if (update.type === "finished") {
-			clearTimeout(timeoutId);
-			ac.abort();
-		}
-	}]);
-	try {
-		const request = await buildRequestEnvelope(state, action);
-		const replyRaw = await carrier.exchange(encodeExchange(request), { signal: ac.signal });
-		if (action.type !== "request") return;
-		const reply = decodeExchangeReply(asString(replyRaw));
-		if (reply == null) throw err_nice_transport.fromId("invalid_action_response", { actionId: action.id });
-		if (reply.k === "err") throw err_nice_transport.fromId("send_failed", {
-			actionState: action.type,
-			actionId: action.id,
-			message: reply.message
-		});
-		const wire = await extractReplyWire(state, reply);
-		if (wire == null || !isActionPayload_Result_JsonObject(wire)) throw err_nice_transport.fromId("invalid_action_response", { actionId: action.id });
-		runningAction._completeWithResult(action._domain.hydrateResultPayload(wire));
-	} catch (err) {
-		if (timedOut) throw err_nice_transport.fromId("timeout", { timeout });
-		throw err;
-	} finally {
-		clearTimeout(timeoutId);
-		unsubscribe();
-	}
-}
-async function buildRequestEnvelope(state, action) {
-	const wire = action.toJsonObject();
-	if (state.crypto != null) {
-		const ciphertext = await state.crypto.encryptFrame(textEncoder.encode(JSON.stringify(wire)));
-		return {
-			k: "act",
-			t: state.token,
-			c: bytesToBase64(ciphertext)
-		};
-	}
-	return {
-		k: "act",
-		t: state.token,
-		w: wire
-	};
-}
-async function extractReplyWire(state, reply) {
-	if (reply.k !== "act") return void 0;
-	if ("c" in reply) {
-		if (state.crypto == null) return void 0;
-		const plain = await state.crypto.decryptFrame(base64ToBytes(reply.c));
-		return JSON.parse(textDecoder.decode(plain));
-	}
-	return reply.w;
-}
-async function runConnectorExchangeHandshake(carrier, secure) {
-	await secure.link.initialize();
-	const handshake = createClientHandshake({
-		link: secure.link,
-		localCoordinate: secure.localCoordinate,
-		dictionaryVersion: secure.dictionaryVersion,
-		securityLevel: secure.securityLevel
-	});
-	const hsid = (0, nanoid.nanoid)();
-	const hello = await handshake.createHello();
-	const welcomeReply = decodeExchangeReply(asString(await carrier.exchange(encodeExchange({
-		k: "hs",
-		hsid,
-		m: encodeHandshakeMessage(hello)
-	}))));
-	if (welcomeReply?.k !== "hs") throw new Error("[exchange-handshake] expected a welcome reply");
-	const welcome = decodeHandshakeMessage(welcomeReply.m);
-	if (welcome == null) throw new Error("[exchange-handshake] malformed welcome");
-	if (welcome.t === "reject") throw new Error(`[exchange-handshake] rejected by peer: ${welcome.reason}`);
-	if (welcome.t !== "welcome") throw new Error(`[exchange-handshake] expected welcome, got ${welcome.t}`);
-	const prove = await handshake.onWelcome(welcome);
-	const acceptReply = decodeExchangeReply(asString(await carrier.exchange(encodeExchange({
-		k: "hs",
-		hsid,
-		m: encodeHandshakeMessage(prove)
-	}))));
-	if (acceptReply?.k !== "hs") throw new Error("[exchange-handshake] expected an accept reply");
-	const accept = decodeHandshakeMessage(acceptReply.m);
-	if (accept == null) throw new Error("[exchange-handshake] malformed accept");
-	if (accept.t === "reject") throw new Error(`[exchange-handshake] rejected by peer: ${accept.reason}`);
-	if (accept.t !== "accept") throw new Error(`[exchange-handshake] expected accept, got ${accept.t}`);
-	if (acceptReply.t == null) throw new Error("[exchange-handshake] accept missing session token");
-	const result = await handshake.onAccept(accept);
-	const crypto = result.securityLevel === "encrypted" ? createActionFrameCrypto({
-		link: secure.link,
-		linkedClientId: result.linkedClientId
-	}) : void 0;
-	return {
-		token: acceptReply.t,
-		crypto
-	};
-}
-function asString(frame) {
-	if (typeof frame === "string") return frame;
-	return textDecoder.decode(frame instanceof ArrayBuffer ? new Uint8Array(frame) : frame);
-}
-//#endregion
-//#region src/ActionRuntime/Transport/helpers/addTransportStatusMetadata.ts
-function addTransportStatusMetadata(transportStatus) {
-	if (transportStatus.status === "ready") return {
-		status: "ready",
-		readyData: transportStatus.readyData
-	};
-	if (transportStatus.status === "initializing") return {
-		status: "initializing",
-		initializationPromise: transportStatus.initializationPromise,
-		timeStarted: Date.now()
-	};
-	if (transportStatus.status === "failed") return {
-		status: "failed",
-		error: transportStatus.error,
-		timeFailed: Date.now()
-	};
-	if (transportStatus.status === "unsupported") return { status: "unsupported" };
-	return { status: "uninitialized" };
-}
-//#endregion
-//#region src/ActionRuntime/Transport/TransportConnection.ts
-let transportOrd = 0;
-/**
-* Live, per-handler transport runtime built from a reusable {@link Transport} definition. Holds the
-* connection-scoped state (ordinal, initialized config, sockets / abort sets) that must not be shared
-* across handlers. Construct these via `definition._createConnection(...)`, never directly.
-*/
-var TransportConnection = class {
-	def;
-	transOrd = transportOrd++;
-	type;
-	initialized;
-	/** Backref to the public definition that created this connection (used for devtools route info). */
-	definition;
-	constructor(def) {
-		this.def = def;
-		this.type = def.type;
-		this.initialized = def.initialize();
-	}
-	/**
-	* Devtools route info for an action routed through this live connection. Defaults to the stateless
-	* {@link definition}'s info; connections override to enrich it from live state (e.g. the actual
-	* resolved socket URL) when the definition couldn't resolve it on its own.
-	*/
-	getRouteInfo(input) {
-		return this.definition?.getRouteInfo(input);
-	}
-	/**
-	* Whether a `ready`-status transport still needs asynchronous bring-up before its methods exist —
-	* awaiting the carrier to open and/or running a handshake. Default `false`: a stateless transport
-	* (HTTP) is usable the instant `getTransport` reports `ready`, so it stays a terminal *synchronous*
-	* fallback in {@link ConnectionTransportManager}. Stream carriers (Link/WS) override to `true`.
-	*/
-	_needsAsyncBringUp(_readyData) {
-		return false;
-	}
-	/** Await the carrier becoming ready to send (e.g. a socket `open`). Default: nothing to await. */
-	_awaitCarrierReady(_readyData) {
-		return Promise.resolve();
-	}
-	/**
-	* Finalize during async bring-up — may run a handshake, so it can be async. Defaults to the
-	* synchronous {@link _finalizeTransportMethods}; secure stream carriers override to branch plain/secure.
-	*/
-	_finalizeReady(readyData) {
-		return this._finalizeTransportMethods(readyData);
-	}
-	_getCacheKey(input) {
-		const parts = this.initialized.getTransportCacheKey?.(input);
-		if (parts == null) return null;
-		return parts.join("\0");
-	}
-	getCacheKey(input) {
-		const inner = this._getCacheKey(input);
-		if (inner == null) return null;
-		return `${this.transOrd}:${inner}`;
-	}
-	/**
-	* Whether this transport can serve the given action right now. Consulted by the manager before
-	* cache-key resolution and `getTransport`; a `false` result skips this transport (treated as
-	* `unsupported`) and the manager falls through to the next in preference order. Defaults to `true`
-	* when the transport declares no gate.
-	*/
-	isAvailable(input) {
-		return this.initialized.isAvailable?.(input) ?? true;
-	}
-	getTransport(input) {
-		return this._processTransportStatus(input);
-	}
-	_processTransportStatus(input) {
-		const statusInfo = addTransportStatusMetadata(this.initialized.getTransport(input));
-		if (statusInfo.status === "ready") {
-			if (!this._needsAsyncBringUp(statusInfo.readyData)) return {
-				status: "ready",
-				readyData: this._finalizeTransportMethods(statusInfo.readyData)
-			};
-			return {
-				status: "initializing",
-				timeStarted: Date.now(),
-				initializationPromise: this._bringUp(statusInfo.readyData)
-			};
-		}
-		if (statusInfo.status === "initializing") {
-			const initializationPromise = statusInfo.initializationPromise.then((result) => result.status === "ready" ? this._bringUp(result.readyData) : result);
-			return {
-				status: "initializing",
-				timeStarted: statusInfo.timeStarted,
-				initializationPromise
-			};
-		}
-		return statusInfo;
-	}
-	/** Await carrier readiness, then finalize (possibly running a handshake) into the live methods. */
-	async _bringUp(readyData) {
-		await this._awaitCarrierReady(readyData);
-		return {
-			status: "ready",
-			readyData: await this._finalizeReady(readyData)
-		};
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Transport/Exchange/ExchangeConnection.ts
-/**
-* Carrier-agnostic live connection for the exchange (request → single reply) shape — the HTTP
-* counterpart to {@link LinkConnection}. It owns only the bring-up (run the secure handshake on first
-* use); the request/reply lifecycle + crypto live in the shared `establishExchangeSession`.
-*/
-var ExchangeConnection = class extends TransportConnection {
-	constructor(def) {
-		super({
-			...def,
-			type: "exchange"
-		});
-	}
-	_getCacheKey(input) {
-		return this.initialized.getTransportCacheKey?.(input).join("\0") ?? "";
-	}
-	_needsAsyncBringUp(data) {
-		return data.secureChannel != null && data.secureChannel.securityLevel !== "none";
-	}
-	_finalizeReady(data) {
-		const secure = data.secureChannel;
-		if (secure != null && secure.securityLevel !== "none") return finalizeSecureExchangeMethods({
-			...this._sessionContext(data),
-			secure
-		});
-		return this._finalizeTransportMethods(data);
-	}
-	_finalizeTransportMethods(data) {
-		return finalizePlainExchangeMethods(this._sessionContext(data));
-	}
-	_sessionContext(data) {
-		return {
-			carrier: data.carrier,
-			updateRunConfig: data.updateRunConfig,
-			secure: data.secureChannel
-		};
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Transport/Exchange/ExchangeTransport.ts
-/**
-* A carrier-agnostic exchange (request → single reply) transport: it drives nice-action's secure session
-* over any {@link IExchangeCarrier} (HTTP being the one built-in). The duplex counterpart is
-* {@link LinkTransport}; this is the no-push half — its reply rides the response to its own request, so it
-* can't deliver an unsolicited frame (the runtime never picks it for the return path).
-*/
-var ExchangeTransport = class ExchangeTransport extends Transport {
-	options;
-	type = "exchange";
-	constructor(options) {
-		super();
-		this.options = options;
-	}
-	static create(options) {
-		return new ExchangeTransport(options);
-	}
-	_createConnection(_ctx) {
-		const options = this.options;
-		return new ExchangeConnection({ initialize: () => ({
-			getTransportCacheKey: options.getTransportCacheKey,
-			isAvailable: options.available,
-			getTransport: (input) => ({
-				status: "ready",
-				readyData: {
-					carrier: options.openCarrier(input),
-					secureChannel: options.security,
-					updateRunConfig: options.updateRunConfig
-				}
-			})
-		}) });
-	}
-	getRouteInfo(input) {
-		if (this.options.getRouteInfo != null) return this.options.getRouteInfo(input);
-		return {
-			carrierLabel: this.options.label ?? "exchange",
-			summary: this.options.label ?? "exchange"
-		};
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Transport/helpers/createUnsetTransportResolvers.ts
-const createUnsetTransportResolvers = (transportLabel) => ({ onIncomingActionDataJson: (json) => {
-	console.warn(`Received incoming action JSON [${json.domain}:${json.id}] on Transport [${transportLabel}] but no incoming data listener has been set.`);
-} });
-//#endregion
-//#region src/ActionRuntime/Transport/SecureSession/establishLinkSession.ts
-const HANDSHAKE_TIMEOUT_MS = 15e3;
-/** Plain path (no handshake): route every inbound frame to the runtime; send without crypto. */
-function finalizePlainLinkMethods(ctx) {
-	const disconnectListeners = [];
-	const abortSet = /* @__PURE__ */ new Set();
-	const pipe = makePipe(ctx, void 0);
-	ctx.channel.attach({
-		onMessage: (frame) => void handleIncomingActionFrame(ctx, pipe, frame),
-		onClose: () => onChannelClosed(ctx, disconnectListeners, abortSet),
-		onError: () => onChannelClosed(ctx, disconnectListeners, abortSet)
-	});
-	return buildSendMethods(ctx, pipe, disconnectListeners, abortSet);
-}
-/**
-* Secure path: a single message handler feeds the handshake until it completes, then routes action
-* frames (decrypting at the `encrypted` level). Frames that race ahead of activation are buffered and
-* flushed once the handshake lands, so nothing is lost.
-*/
-async function finalizeSecureLinkMethods(ctx) {
-	const disconnectListeners = [];
-	const abortSet = /* @__PURE__ */ new Set();
-	const session = {};
-	let active = false;
-	const handshakeQueue = [];
-	const handshakeWaiters = [];
-	const pendingActionFrames = [];
-	ctx.channel.attach({
-		onMessage: (frame) => {
-			if (active && session.pipe != null) {
-				handleIncomingActionFrame(ctx, session.pipe, frame);
-				return;
-			}
-			if (typeof frame === "string") {
-				const message = decodeHandshakeMessage(frame);
-				if (message != null) {
-					const waiter = handshakeWaiters.shift();
-					if (waiter != null) waiter(message);
-					else handshakeQueue.push(message);
-					return;
-				}
-			}
-			pendingActionFrames.push(frame);
-		},
-		onClose: () => onChannelClosed(ctx, disconnectListeners, abortSet),
-		onError: () => onChannelClosed(ctx, disconnectListeners, abortSet)
-	});
-	const nextHandshakeMessage = () => {
-		const queued = handshakeQueue.shift();
-		if (queued != null) return Promise.resolve(queued);
-		return new Promise((resolve, reject) => {
-			const timeout = setTimeout(() => reject(/* @__PURE__ */ new Error("[link-handshake] timed out waiting for peer reply")), HANDSHAKE_TIMEOUT_MS);
-			handshakeWaiters.push((message) => {
-				clearTimeout(timeout);
-				resolve(message);
-			});
-		});
-	};
-	const pipe = makePipe(ctx, await runClientHandshake(ctx.channel, ctx.secure, nextHandshakeMessage));
-	session.pipe = pipe;
-	active = true;
-	for (const frame of pendingActionFrames) await handleIncomingActionFrame(ctx, pipe, frame);
-	pendingActionFrames.length = 0;
-	return buildSendMethods(ctx, pipe, disconnectListeners, abortSet);
-}
-function makePipe(ctx, crypto) {
-	return createFrameCryptoPipe({
-		write: (frame) => ctx.channel.send(frame),
-		isOpen: () => ctx.channel.isOpen(),
-		crypto
-	});
-}
-async function runClientHandshake(channel, secure, nextHandshakeMessage) {
-	await secure.link.initialize();
-	const handshake = createClientHandshake({
-		link: secure.link,
-		localCoordinate: secure.localCoordinate,
-		dictionaryVersion: secure.dictionaryVersion,
-		securityLevel: secure.securityLevel
-	});
-	channel.send(encodeHandshakeMessage(await handshake.createHello()));
-	const welcome = await nextHandshakeMessage();
-	if (welcome.t === "reject") throw new Error(`[link-handshake] rejected by peer: ${welcome.reason}`);
-	if (welcome.t !== "welcome") throw new Error(`[link-handshake] expected welcome, got ${welcome.t}`);
-	channel.send(encodeHandshakeMessage(await handshake.onWelcome(welcome)));
-	const accept = await nextHandshakeMessage();
-	if (accept.t === "reject") throw new Error(`[link-handshake] rejected by peer: ${accept.reason}`);
-	if (accept.t !== "accept") throw new Error(`[link-handshake] expected accept, got ${accept.t}`);
-	const result = await handshake.onAccept(accept);
-	return result.securityLevel === "encrypted" ? createActionFrameCrypto({
-		link: secure.link,
-		linkedClientId: result.linkedClientId
-	}) : void 0;
-}
-function buildSendMethods(ctx, pipe, disconnectListeners, abortSet) {
-	const channel = ctx.channel;
-	const sendActionData = (inputs) => {
-		const { action, runningAction, timeout } = inputs;
-		if (!channel.isOpen()) {
-			if (action.type === "request") runningAction._abort(ctx.makeDisconnectError(action.id));
-			return;
-		}
-		if (action.type === "request") {
-			abortSet.add(runningAction);
-			const timeoutId = setTimeout(() => {
-				runningAction._abort(err_nice_transport.fromId("timeout", { timeout }));
-			}, timeout);
-			runningAction.addUpdateListeners([(update) => {
-				if (update.type === "finished") {
-					clearTimeout(timeoutId);
-					abortSet.delete(runningAction);
-				}
-			}]);
-		}
-		pipe.send(ctx.formatMessage?.outgoing(inputs) ?? JSON.stringify(inputs.action.toJsonObject()));
-	};
-	return {
-		sendActionData,
-		updateRunConfig: ctx.updateRunConfig,
-		addOnDisconnectListener: (cb) => {
-			disconnectListeners.push(cb);
-		},
-		disconnect: () => {
-			try {
-				channel.close();
-			} catch {}
-		},
-		sendReturnData: (payload, clients) => {
-			const formatted = clients != null ? ctx.formatMessage?.outgoing({
-				action: payload,
-				...clients
-			}) : void 0;
-			pipe.send(formatted ?? JSON.stringify(payload.toJsonObject()));
-		}
-	};
-}
-async function handleIncomingActionFrame(ctx, pipe, frame) {
-	const decoded = await pipe.decryptIncoming(frame);
-	if (decoded === void 0) return;
-	const rawJson = decodeActionFrame(decoded, ctx.formatMessage);
-	if (rawJson != null) ctx.resolvers.onIncomingActionDataJson(rawJson);
-}
-function onChannelClosed(ctx, disconnectListeners, abortSet) {
-	for (const cb of disconnectListeners) cb();
-	const error = ctx.makeDisconnectError("—");
-	for (const ra of [...abortSet]) ra._abort(error);
-}
-//#endregion
-//#region src/ActionRuntime/Transport/Link/LinkConnection.ts
-/** Abort error for a closed link channel (carrier-neutral — the carrier itself isn't named). */
-function linkDisconnectError(actionId) {
-	return err_nice_transport.fromId("send_failed", {
-		actionId,
-		actionState: "request",
-		message: "link channel disconnected"
-	});
-}
-/**
-* Carrier-agnostic live connection. It owns only the *bring-up* (open the carrier, then run the secure
-* session); the session itself — handshake, frame crypto, codec, send/receive — lives in the shared
-* {@link finalizeSecureLinkMethods}/{@link finalizePlainLinkMethods}, so a WebSocket, a WebRTC data
-* channel, a Bluetooth characteristic, and an in-memory pipe all run the identical secure layer.
-*/
-var LinkConnection = class extends TransportConnection {
-	resolvers;
-	constructor(def, resolvers) {
-		super({
-			...def,
-			type: "duplex"
-		});
-		this.resolvers = resolvers ?? createUnsetTransportResolvers("link");
-	}
-	_getCacheKey(input) {
-		return this.initialized.getTransportCacheKey?.(input).join("\0") ?? "";
-	}
-	_needsAsyncBringUp() {
-		return true;
-	}
-	_awaitCarrierReady(data) {
-		return data.channel.ready;
-	}
-	_finalizeReady(data) {
-		const secure = data.secureChannel;
-		if (secure != null && secure.securityLevel !== "none") return finalizeSecureLinkMethods({
-			...this._sessionContext(data),
-			secure
-		});
-		return this._finalizeTransportMethods(data);
-	}
-	_sessionContext(data) {
-		return {
-			channel: data.channel,
-			resolvers: this.resolvers,
-			formatMessage: data.formatMessage,
-			updateRunConfig: data.updateRunConfig,
-			makeDisconnectError: linkDisconnectError
-		};
-	}
-	_finalizeTransportMethods(data) {
-		return finalizePlainLinkMethods(this._sessionContext(data));
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Transport/Link/LinkTransport.ts
-/**
-* A carrier-agnostic transport: it drives nice-action's secure session + action routing over any
-* {@link IDuplexCarrier}. The WebSocket transport is the special case that opens a `WebSocket`;
-* this opens whatever `openChannel` returns, so the identical secure layer works over WebRTC, Bluetooth,
-* or an in-memory pipe. Reported with an overridable carrier label in the devtools (defaults to "link").
-*/
-var LinkTransport = class LinkTransport extends Transport {
-	options;
-	type = "duplex";
-	constructor(options) {
-		super();
-		this.options = options;
-	}
-	static create(options) {
-		return new LinkTransport(options);
-	}
-	_createConnection(ctx) {
-		const options = this.options;
-		return new LinkConnection({ initialize: () => ({
-			getTransportCacheKey: options.getTransportCacheKey,
-			isAvailable: options.available,
-			getTransport: (input) => ({
-				status: "ready",
-				readyData: {
-					channel: options.openChannel(input),
-					formatMessage: options.createFormatMessage?.() ?? options.formatMessage,
-					updateRunConfig: options.updateRunConfig,
-					secureChannel: options.security
-				}
-			})
-		}) }, ctx.resolvers);
-	}
-	getRouteInfo(input) {
-		if (this.options.getRouteInfo != null) return this.options.getRouteInfo(input);
-		return {
-			carrierLabel: this.options.label ?? "link",
-			summary: this.options.label ?? "link"
-		};
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Transport/Carrier/Carrier.types.ts
-/**
-* Narrow a carrier source to the exchange shape via its `shape` discriminant — the one branch the
-* transport factories ({@link secureTransport}, {@link plainTransport}) use to pick the duplex vs
-* exchange transport. A duplex source carries no `shape`, so the `else` branch is the duplex one.
-*/
-function isExchangeCarrierSource(carrier) {
-	return "shape" in carrier && carrier.shape === "exchange";
-}
-//#endregion
-//#region src/ActionRuntime/Transport/plainTransport.ts
-function plainTransport(options) {
-	const carrier = options.carrier;
-	if (isExchangeCarrierSource(carrier)) return ExchangeTransport.create({
-		openCarrier: carrier.open,
-		getTransportCacheKey: carrier.getCacheKey,
-		available: options.available,
-		getRouteInfo: carrier.getRouteInfo,
-		label: options.label ?? carrier.carrierLabel,
-		updateRunConfig: options.updateRunConfig
-	});
-	return LinkTransport.create({
-		openChannel: carrier.open,
-		formatMessage: options.formatMessage,
-		createFormatMessage: options.createFormatMessage,
-		getTransportCacheKey: carrier.getCacheKey,
-		available: options.available,
-		getRouteInfo: carrier.getRouteInfo,
-		label: options.label ?? carrier.carrierLabel,
-		updateRunConfig: options.updateRunConfig
-	});
-}
-//#endregion
-//#region src/ActionRuntime/Transport/secureTransport.ts
-function secureTransport(options) {
-	const link = new _nice_code_util.ClientCryptoKeyLink({ storageAdapter: options.storageAdapter });
-	const security = {
-		securityLevel: options.securityLevel,
-		link,
-		localCoordinate: options.runtime.coordinate.toJsonObject(),
-		dictionaryVersion: options.channel.dictionaryVersion
-	};
-	const carrier = options.carrier;
-	if (isExchangeCarrierSource(carrier)) return ExchangeTransport.create({
-		openCarrier: carrier.open,
-		getTransportCacheKey: carrier.getCacheKey,
-		available: options.available,
-		getRouteInfo: carrier.getRouteInfo,
-		label: carrier.carrierLabel,
-		security
-	});
-	return LinkTransport.create({
-		openChannel: carrier.open,
-		createFormatMessage: options.channel.createCodec,
-		getTransportCacheKey: carrier.getCacheKey,
-		available: options.available,
-		getRouteInfo: carrier.getRouteInfo,
-		label: carrier.carrierLabel,
-		security
-	});
-}
-//#endregion
-exports.AcceptorHandler = AcceptorHandler;
+exports.AcceptorHandler = require_httpAcceptorCarrier.AcceptorHandler;
 exports.ActionCore = ActionCore;
 exports.ActionDomain = ActionDomain;
-exports.ActionLocalHandler = ActionLocalHandler;
+exports.ActionLocalHandler = require_httpAcceptorCarrier.ActionLocalHandler;
 exports.ActionRootDomain = ActionRootDomain;
-exports.ActionRuntime = ActionRuntime;
-exports.ActionSchema = ActionSchema;
-exports.ConnectionStateStore = ConnectionStateStore;
-exports.ConnectorHandler = ConnectorHandler;
-exports.EActionPayloadType = EActionPayloadType;
-exports.EActionProgressType = EActionProgressType;
-exports.EActionResponseMode = EActionResponseMode;
-exports.EErrId_NiceAction = EErrId_NiceAction;
-exports.EErrId_NiceTransport = EErrId_NiceTransport;
+exports.ActionRuntime = require_httpAcceptorCarrier.ActionRuntime;
+exports.ActionSchema = require_httpAcceptorCarrier.ActionSchema;
+exports.ConnectionStateStore = require_httpAcceptorCarrier.ConnectionStateStore;
+exports.ConnectorHandler = require_httpAcceptorCarrier.ConnectorHandler;
+exports.EActionPayloadType = require_httpAcceptorCarrier.EActionPayloadType;
+exports.EActionProgressType = require_httpAcceptorCarrier.EActionProgressType;
+exports.EActionResponseMode = require_httpAcceptorCarrier.EActionResponseMode;
+exports.EErrId_NiceAction = require_httpAcceptorCarrier.EErrId_NiceAction;
+exports.EErrId_NiceTransport = require_httpAcceptorCarrier.EErrId_NiceTransport;
 exports.EErrId_NiceTransport_WebSocket = EErrId_NiceTransport_WebSocket;
-exports.EHandshakeMessageType = EHandshakeMessageType;
+exports.EHandshakeMessageType = require_httpAcceptorCarrier.EHandshakeMessageType;
 exports.ERunningActionFinishedType = require_RunningAction_types.ERunningActionFinishedType;
 exports.ERunningActionState = require_RunningAction_types.ERunningActionState;
 exports.ERunningActionUpdateType = require_RunningAction_types.ERunningActionUpdateType;
-exports.ESecurityLevel = ESecurityLevel;
-exports.ETransportShape = require_wsAcceptorCarrier.ETransportShape;
-exports.ETransportStatus = require_wsAcceptorCarrier.ETransportStatus;
-exports.ExchangeAcceptor = ExchangeAcceptor;
-exports.ExchangeTransport = ExchangeTransport;
-exports.LinkTransport = LinkTransport;
-exports.PeerLinkHandler = PeerLinkHandler;
-exports.RunningAction = RunningAction;
-exports.RuntimeCoordinate = RuntimeCoordinate;
-exports.Transport = Transport;
-exports.acceptChannel = acceptChannel;
-exports.acceptChannelConnections = acceptChannelConnections;
-exports.actionSchema = actionSchema;
-exports.connectChannel = connectChannel;
-exports.createAcceptorHandler = createAcceptorHandler;
-exports.createActionFetchHandler = createActionFetchHandler;
-exports.createActionFrameCrypto = createActionFrameCrypto;
+exports.ESecurityLevel = require_httpAcceptorCarrier.ESecurityLevel;
+exports.ETransportShape = require_httpAcceptorCarrier.ETransportShape;
+exports.ETransportStatus = require_httpAcceptorCarrier.ETransportStatus;
+exports.ExchangeAcceptor = require_httpAcceptorCarrier.ExchangeAcceptor;
+exports.ExchangeTransport = require_httpAcceptorCarrier.ExchangeTransport;
+exports.LinkTransport = require_httpAcceptorCarrier.LinkTransport;
+exports.PeerLinkHandler = require_httpAcceptorCarrier.PeerLinkHandler;
+exports.RunningAction = require_httpAcceptorCarrier.RunningAction;
+exports.RuntimeCoordinate = require_httpAcceptorCarrier.RuntimeCoordinate;
+exports.Transport = require_httpAcceptorCarrier.Transport;
+exports.acceptChannel = require_httpAcceptorCarrier.acceptChannel;
+exports.acceptChannelConnections = require_httpAcceptorCarrier.acceptChannelConnections;
+exports.actionSchema = require_httpAcceptorCarrier.actionSchema;
+exports.connectChannel = require_httpAcceptorCarrier.connectChannel;
+exports.createAcceptorHandler = require_httpAcceptorCarrier.createAcceptorHandler;
+exports.createActionFetchHandler = require_httpAcceptorCarrier.createActionFetchHandler;
+exports.createActionFrameCrypto = require_httpAcceptorCarrier.createActionFrameCrypto;
 exports.createActionRootDomain = createActionRootDomain;
 exports.createBinaryWireAdapter = createBinaryWireAdapter;
 exports.createBinaryWireSessionFactory = createBinaryWireSessionFactory;
-exports.createClientHandshake = createClientHandshake;
-exports.createConnectionStateStore = createConnectionStateStore;
-exports.createConnectorHandler = createConnectorHandler;
-exports.createHibernatableWsServerAdapter = createHibernatableWsServerAdapter;
+exports.createClientHandshake = require_httpAcceptorCarrier.createClientHandshake;
+exports.createConnectionStateStore = require_httpAcceptorCarrier.createConnectionStateStore;
+exports.createConnectorHandler = require_httpAcceptorCarrier.createConnectorHandler;
+exports.createHibernatableWsServerAdapter = require_httpAcceptorCarrier.createHibernatableWsServerAdapter;
 exports.createInMemoryChannelPair = createInMemoryChannelPair;
-exports.createInMemoryTofuVerifyKeyResolver = createInMemoryTofuVerifyKeyResolver;
-exports.createLocalHandler = createLocalHandler;
-exports.createSecureAcceptorHandler = createSecureAcceptorHandler;
-exports.createServerHandshake = createServerHandshake;
-exports.createStorageTofuVerifyKeyResolver = createStorageTofuVerifyKeyResolver;
-exports.decodeActionFrame = decodeActionFrame;
-exports.decodeExchangeReply = decodeExchangeReply;
-exports.decodeExchangeRequest = decodeExchangeRequest;
-exports.decodeHandshakeMessage = decodeHandshakeMessage;
-exports.defineChannel = defineChannel;
+exports.createInMemoryTofuVerifyKeyResolver = require_httpAcceptorCarrier.createInMemoryTofuVerifyKeyResolver;
+exports.createLocalHandler = require_httpAcceptorCarrier.createLocalHandler;
+exports.createSecureAcceptorHandler = require_httpAcceptorCarrier.createSecureAcceptorHandler;
+exports.createServerHandshake = require_httpAcceptorCarrier.createServerHandshake;
+exports.createStorageTofuVerifyKeyResolver = require_httpAcceptorCarrier.createStorageTofuVerifyKeyResolver;
+exports.decodeActionFrame = require_httpAcceptorCarrier.decodeActionFrame;
+exports.decodeExchangeReply = require_httpAcceptorCarrier.decodeExchangeReply;
+exports.decodeExchangeRequest = require_httpAcceptorCarrier.decodeExchangeRequest;
+exports.decodeHandshakeMessage = require_httpAcceptorCarrier.decodeHandshakeMessage;
+exports.defineChannel = require_httpAcceptorCarrier.defineChannel;
 exports.defineSecureChannel = defineSecureChannel;
-exports.encodeExchange = encodeExchange;
-exports.encodeHandshakeMessage = encodeHandshakeMessage;
-exports.err_nice_action = err_nice_action;
-exports.err_nice_external_client = err_nice_external_client;
-exports.err_nice_transport = err_nice_transport;
+exports.encodeExchange = require_httpAcceptorCarrier.encodeExchange;
+exports.encodeHandshakeMessage = require_httpAcceptorCarrier.encodeHandshakeMessage;
+exports.err_nice_action = require_httpAcceptorCarrier.err_nice_action;
+exports.err_nice_external_client = require_httpAcceptorCarrier.err_nice_external_client;
+exports.err_nice_transport = require_httpAcceptorCarrier.err_nice_transport;
 exports.err_nice_transport_ws = err_nice_transport_ws;
-exports.httpAcceptorCarrier = httpAcceptorCarrier;
+exports.httpAcceptorCarrier = require_httpAcceptorCarrier.httpAcceptorCarrier;
 exports.httpCarrier = httpCarrier;
 exports.inMemoryCarrier = inMemoryCarrier;
-exports.isActionPayload_Any_JsonObject = isActionPayload_Any_JsonObject;
-exports.isActionPayload_Request_JsonObject = isActionPayload_Request_JsonObject;
-exports.isActionPayload_Result_JsonObject = isActionPayload_Result_JsonObject;
-exports.isExchangeAcceptorCarrier = require_wsAcceptorCarrier.isExchangeAcceptorCarrier;
-exports.plainTransport = plainTransport;
+exports.isActionPayload_Any_JsonObject = require_httpAcceptorCarrier.isActionPayload_Any_JsonObject;
+exports.isActionPayload_Request_JsonObject = require_httpAcceptorCarrier.isActionPayload_Request_JsonObject;
+exports.isActionPayload_Result_JsonObject = require_httpAcceptorCarrier.isActionPayload_Result_JsonObject;
+exports.isExchangeAcceptorCarrier = require_httpAcceptorCarrier.isExchangeAcceptorCarrier;
 exports.rtcCarrier = rtcCarrier;
 exports.rtcDataChannelByteChannel = rtcDataChannelByteChannel;
-exports.runtimeLinkId = runtimeLinkId;
-exports.secureTransport = secureTransport;
-exports.serveChannel = serveChannel;
-exports.wsAcceptorCarrier = require_wsAcceptorCarrier.wsAcceptorCarrier;
+exports.runtimeLinkId = require_httpAcceptorCarrier.runtimeLinkId;
+exports.serveChannel = require_httpAcceptorCarrier.serveChannel;
+exports.serveHost = require_httpAcceptorCarrier.serveHost;
+exports.wsAcceptorCarrier = require_httpAcceptorCarrier.wsAcceptorCarrier;
 exports.wsCarrier = wsCarrier;
 //# sourceMappingURL=index.cjs.map