@nice-code/action 0.21.0 → 0.23.0

package/build/index.mjs

@@ -1,134 +1,8 @@
+import { $ as EErrId_NiceAction, A as createServerHandshake, B as PeerLinkHandler, C as createAcceptorHandler, D as ESecurityLevel, E as EHandshakeMessageType, F as ActionLocalHandler, G as err_nice_external_client, H as ETransportStatus, I as createLocalHandler, J as ActionSchema, K as isActionPayload_Any_JsonObject, L as ActionRuntime, M as decodeHandshakeMessage, N as encodeHandshakeMessage, O as createClientHandshake, P as runtimeLinkId, Q as isAction_Base_JsonObject, R as ConnectorHandler, S as AcceptorHandler, T as decodeActionFrame, U as EErrId_NiceTransport, V as ETransportShape, W as err_nice_transport, X as actionSchema, Y as EActionResponseMode, Z as isActionPayload_Result_JsonObject, _ as decodeExchangeReply, a as isExchangeAcceptorCarrier, at as EActionProgressType, b as Transport, c as createConnectionStateStore, ct as RuntimeCoordinate, d as acceptChannel, et as err_nice_action, f as acceptChannelConnections, g as ExchangeTransport, h as LinkTransport, i as serveChannel, it as EActionPayloadType, j as createStorageTofuVerifyKeyResolver, k as createInMemoryTofuVerifyKeyResolver, l as createActionFetchHandler, lt as runtimeCoordinateToStringIds, m as defineChannel, n as wsAcceptorCarrier, nt as ActionPayload_Request, o as createHibernatableWsServerAdapter, ot as ActionPayload, p as connectChannel, q as isActionPayload_Request_JsonObject, r as serveHost, rt as ActionPayload_Result, s as ConnectionStateStore, st as ActionBase, t as httpAcceptorCarrier, tt as RunningAction, u as ExchangeAcceptor, v as decodeExchangeRequest, w as createActionFrameCrypto, x as createSecureAcceptorHandler, y as encodeExchange, z as createConnectorHandler } from "./httpAcceptorCarrier-DJVxzDVd.mjs";
 import { n as ERunningActionState, r as ERunningActionUpdateType, t as ERunningActionFinishedType } from "./RunningAction.types-C176rqHG.mjs";
-import { i as ETransportStatus, n as isExchangeAcceptorCarrier, r as ETransportShape, t as wsAcceptorCarrier } from "./wsAcceptorCarrier-CW2qX25W.mjs";
 import { nanoid } from "nanoid";
-import { NiceError, castNiceError, err, err_nice, isNiceErrorObject } from "@nice-code/error";
-import { extractMessageFromStandardSchema } from "@nice-code/common-errors";
-import { runtime } from "std-env";
-import { ClientCryptoKeyLink, createTypedStorage } from "@nice-code/util";
-import * as v from "valibot";
+import { err } from "@nice-code/error";
 import { pack, unpack } from "msgpackr";
-const UNSET_RUNTIME_ENV_ID = "_unset_";
-//#endregion
-//#region src/ActionRuntime/utils/runtimeCoordinateToStringIds.ts
-function runtimeCoordinateToStringIds(coordinate) {
-	return [
-		`envId[${coordinate.envId}]perId[${coordinate.perId ?? "_"}]:insId[${coordinate.insId ?? "_"}]`,
-		`envId[${coordinate.envId}]perId[${coordinate.perId ?? "_"}]:insId[_]`,
-		`envId[${coordinate.envId}]perId[_]:insId[_]`
-	];
-}
-//#endregion
-//#region src/ActionRuntime/RuntimeCoordinate.ts
-var RuntimeCoordinate = class RuntimeCoordinate {
-	envId;
-	perId;
-	insId;
-	static get unknown() {
-		return new RuntimeCoordinate({ envId: UNSET_RUNTIME_ENV_ID });
-	}
-	static env(envId) {
-		return new RuntimeCoordinate({ envId });
-	}
-	withPersistentId(perId) {
-		return this.specify({ perId });
-	}
-	constructor({ envId, perId, insId }) {
-		this.envId = envId;
-		this.perId = perId;
-		this.insId = insId;
-	}
-	specify(specifics) {
-		return new RuntimeCoordinate({
-			envId: this.envId,
-			perId: this.perId,
-			insId: this.insId,
-			...specifics
-		});
-	}
-	specifyIfUnset(specifics) {
-		return new RuntimeCoordinate({
-			envId: this.envId,
-			perId: this.perId ?? specifics.perId,
-			insId: this.insId ?? specifics.insId
-		});
-	}
-	toJsonObject() {
-		return {
-			envId: this.envId,
-			perId: this.perId,
-			insId: this.insId
-		};
-	}
-	isExactlySame(other) {
-		return this.envId === other.envId && this.perId === other.perId && this.insId === other.insId;
-	}
-	isSameFor(other) {
-		return {
-			id: this.envId === other.envId,
-			perId: this.envId === other.envId && this.perId === other.perId,
-			insId: this.envId === other.envId && this.perId === other.perId && this.insId === other.insId
-		};
-	}
-	similarityLevel(other) {
-		const sameFor = this.isSameFor(other);
-		if (sameFor.insId) return 3;
-		if (sameFor.perId) return 2;
-		if (sameFor.id) return 1;
-		return 0;
-	}
-	get stringId() {
-		return `envId[${this.envId}]perId[${this.perId ?? "_"}]:insId[${this.insId ?? "_"}]`;
-	}
-	/**
-	* Takes the "Runtime Coordinate" and generates a list of full coordinate IDs representing the runtime
-	* with decreasing levels of specificity.
-	*
-	* The first full coordinate ID is the most specific (including instance ID), while the last ID is
-	* the least specific (only environment ID).
-	*
-	* Example output for a RuntimeCoordinate with envId "web_app", perId "user123", and insId "instance456":
-	* [
-	*   "envId[web_app]perId[user123]:insId[instance456]",
-	*   "envId[web_app]perId[user123]:insId[_]",
-	*   "envId[web_app]perId[_]:insId[_]"
-	* ]
-	*
-	* @returns a list of "full" runtime coordinate IDs with decreasing accuracy for targeting a runtime.
-	*/
-	toStringIds() {
-		return runtimeCoordinateToStringIds(this);
-	}
-};
-//#endregion
-//#region src/ActionDefinition/Action/ActionBase.ts
-var ActionBase = class {
-	form;
-	_domain;
-	id;
-	domain;
-	allDomains;
-	schema;
-	constructor(form, _domain, id) {
-		this.form = form;
-		this._domain = _domain;
-		this.id = id;
-		this.domain = _domain.domain;
-		this.allDomains = _domain.allDomains;
-		this.schema = _domain.actionSchema[id];
-	}
-	toJsonObject() {
-		return {
-			form: this.form,
-			domain: this.domain,
-			allDomains: this.allDomains,
-			id: this.id
-		};
-	}
-	toJsonString() {
-		return JSON.stringify(this.toJsonObject());
-	}
-};
-//#endregion
 //#region src/ActionDefinition/Action/Context/ActionContext.ts
 var ActionContext = class extends ActionBase {
 	_domain;
@@ -195,178 +69,6 @@ var ActionContext = class extends ActionBase {
 	}
 };
 //#endregion
-//#region src/ActionDefinition/Action/Payload/ActionPayload.ts
-var ActionPayload = class extends ActionBase {
-	form = "data";
-	type;
-	context;
-	time;
-	constructor(context, type, data) {
-		super("data", context._domain, context.id);
-		this.context = context;
-		this.type = type;
-		this.time = data.time;
-	}
-	toBaseJsonObject() {
-		return {
-			...super.toJsonObject(),
-			type: this.type,
-			context: this.context.toContextDataJsonObject(),
-			time: this.time
-		};
-	}
-};
-//#endregion
-//#region src/utils/hashPayloadData.ts
-function stableStringify(value) {
-	if (value === null || value === void 0) return String(value);
-	if (typeof value !== "object") return JSON.stringify(value) ?? "undefined";
-	if (Array.isArray(value)) return `[${value.map(stableStringify).join(",")}]`;
-	return "{" + Object.keys(value).sort().map((k) => `${JSON.stringify(k)}:${stableStringify(value[k])}`).join(",") + "}";
-}
-function fnv1a32(str) {
-	let hash = 2166136261;
-	for (let i = 0; i < str.length; i++) hash = (hash ^ str.charCodeAt(i)) * 16777619 >>> 0;
-	return hash.toString(16).padStart(8, "0");
-}
-/**
-* Produces a deterministic 8-char hex hash of any JSON-serializable value.
-* Useful for grouping/comparing action inputs, outputs, and progress payloads.
-*/
-function hashPayloadData(data) {
-	return fnv1a32(stableStringify(data));
-}
-//#endregion
-//#region src/ActionDefinition/Action/Payload/ActionPayload.types.ts
-let EActionPayloadType = /* @__PURE__ */ function(EActionPayloadType) {
-	EActionPayloadType["request"] = "request";
-	EActionPayloadType["progress"] = "progress";
-	EActionPayloadType["result"] = "result";
-	EActionPayloadType["stream"] = "stream";
-	EActionPayloadType["push"] = "push";
-	return EActionPayloadType;
-}({});
-/**
-*
-*  [ PROGRESS ]
-*
-*/
-let EActionProgressType = /* @__PURE__ */ function(EActionProgressType) {
-	EActionProgressType["none"] = "none";
-	EActionProgressType["percentage"] = "percentage";
-	EActionProgressType["custom"] = "custom";
-	return EActionProgressType;
-}({});
-//#endregion
-//#region src/ActionDefinition/Action/Payload/ActionPayload_Progress.ts
-var ActionPayload_Progress = class extends ActionPayload {
-	progress;
-	constructor(params, progress, data) {
-		super(params.context, "progress", data);
-		this.progress = progress;
-	}
-	toJsonObject() {
-		return {
-			...this.toBaseJsonObject(),
-			progress: this.progress
-		};
-	}
-	toJsonString() {
-		return JSON.stringify(this.toJsonObject());
-	}
-	toHttpResponse() {
-		return new Response(this.toJsonString(), {
-			status: 200,
-			headers: { "Content-Type": "application/json" }
-		});
-	}
-};
-//#endregion
-//#region src/ActionDefinition/Action/Payload/ActionPayload_Result.ts
-var ActionPayload_Result = class extends ActionPayload {
-	result;
-	outputHash;
-	constructor(params, result, data) {
-		super(params.context, "result", data);
-		this.result = result;
-		this.outputHash = result.ok ? hashPayloadData(this.context.schema.serializeOutput(result.output)) : hashPayloadData(result.error.message);
-	}
-	toJsonObject() {
-		const wireResult = this.result.ok ? {
-			ok: true,
-			output: this.context.schema.serializeOutput(this.result.output)
-		} : this.result;
-		return {
-			...this.toBaseJsonObject(),
-			result: wireResult,
-			outputHash: this.outputHash
-		};
-	}
-	toJsonString() {
-		return JSON.stringify(this.toJsonObject());
-	}
-	toHttpResponse({ useErrorStatus = true } = {}) {
-		return new Response(this.toJsonString(), {
-			status: this.result.ok ? 200 : useErrorStatus ? this.result.error.httpStatusCode : 500,
-			headers: { "Content-Type": "application/json" }
-		});
-	}
-};
-//#endregion
-//#region src/ActionDefinition/Action/Payload/ActionPayload_Request.ts
-var ActionPayload_Request = class extends ActionPayload {
-	input;
-	inputHash;
-	_callSite;
-	constructor(params, input, data) {
-		super(params.context, "request", data);
-		this.input = input;
-		this.inputHash = hashPayloadData(this.context.schema.serializeInput(input));
-	}
-	successResult(...args) {
-		const output = args[0];
-		const finalOutput = this.context.schema.validateOutput(output, {
-			domain: this.domain,
-			actionId: this.id
-		});
-		return new ActionPayload_Result(this, {
-			ok: true,
-			output: finalOutput
-		}, { time: Date.now() });
-	}
-	errorResult(err) {
-		return new ActionPayload_Result(this, {
-			ok: false,
-			error: err
-		}, { time: Date.now() });
-	}
-	progress(progress) {
-		return new ActionPayload_Progress(this, progress, { time: Date.now() });
-	}
-	toJsonObject() {
-		return {
-			...super.toBaseJsonObject(),
-			input: this.context.schema.serializeInput(this.input),
-			inputHash: this.inputHash
-		};
-	}
-	toJsonString() {
-		return JSON.stringify(this.toJsonObject());
-	}
-	async runToOutput(options) {
-		const result = await (await this.run(options)).waitForResultPayload();
-		if (result.result.ok) return result.result.output;
-		throw result.result.error;
-	}
-	async runToResultPayload(options) {
-		return (await this.run(options)).waitForResultPayload();
-	}
-	async run(options) {
-		if (this._callSite == null) this._callSite = (/* @__PURE__ */ new Error()).stack;
-		return this._domain.runAction(this, options);
-	}
-};
-//#endregion
 //#region src/ActionDefinition/Action/Core/ActionCore.ts
 var ActionCore = class extends ActionBase {
 	_domain;
@@ -419,3348 +121,355 @@ var ActionCore = class extends ActionBase {
 	}
 };
 //#endregion
-//#region src/ActionDefinition/Action/RunningAction.ts
-var RunningAction = class {
-	_state;
-	context;
-	cuid;
-	id;
-	_domain;
+//#region src/utils/isAction_Context_JsonObject.ts
+const isAction_Context_JsonObject = (obj) => {
+	return isAction_Base_JsonObject(obj) && obj.form === "context";
+};
+//#endregion
+//#region src/utils/isAction_Core_JsonObject.ts
+const isAction_Core_JsonObject = (obj) => {
+	return isAction_Base_JsonObject(obj) && obj.form === "core";
+};
+//#endregion
+//#region src/utils/isAction_Any_JsonObject.ts
+function isAction_Any_JsonObject(obj) {
+	return isActionPayload_Any_JsonObject(obj) || isAction_Context_JsonObject(obj) || isAction_Core_JsonObject(obj);
+}
+//#endregion
+//#region src/utils/assertIsActionJson.ts
+function assertIsActionJson(obj) {
+	if (!isAction_Any_JsonObject(obj)) throw err_nice_action.fromId("wire_not_action_data");
+}
+//#endregion
+//#region src/utils/isAction_Any_Instance.ts
+function isAction_Any_Instance(value) {
+	return value instanceof ActionCore || value instanceof ActionPayload || value instanceof ActionContext;
+}
+//#endregion
+//#region src/ActionDefinition/Domain/ActionDomainBase.ts
+var ActionDomainBase = class {
 	domain;
 	allDomains;
-	parentCuid;
-	callSite;
-	_resultPayloadPromise;
-	_resolveResult;
-	_rejectResult;
-	_isAborted = false;
-	_updates = [];
-	_updateListeners = [];
-	constructor(initialState) {
-		this.context = initialState.context;
-		this.cuid = initialState.context.cuid;
-		this.id = initialState.context.id;
-		this.domain = initialState.context.domain;
-		this.allDomains = initialState.context.allDomains;
-		this._domain = initialState.context._domain;
-		this.parentCuid = initialState.parentCuid;
-		this.callSite = initialState.callSite;
-		this._resultPayloadPromise = new Promise((resolve, reject) => {
-			this._resolveResult = resolve;
-			this._rejectResult = reject;
-		});
-		this._resultPayloadPromise.catch(() => {});
-		this._state = {
-			request: initialState.request,
-			progress: initialState.progress ?? [],
-			result: initialState.result
-		};
-		this._sendUpdate({
-			type: "started",
-			runningAction: this,
-			time: Date.now()
-		});
-	}
-	get state() {
-		return this._state;
-	}
-	abort(reason) {
-		this._abort(reason);
+	actionSchema;
+	_listeners = [];
+	constructor(definition) {
+		this.domain = definition.domain;
+		this.allDomains = definition.allDomains;
+		this.actionSchema = definition.actionSchema;
 	}
-	addUpdateListeners(listeners) {
-		this._updateListeners.push(...listeners);
-		for (const event of this._updates) for (const listener of listeners) listener(event);
+	/**
+	* Add an observer that is called after every action dispatched through this domain.
+	* Returns an unsubscribe function — call it to remove the listener.
+	*/
+	addActionListener(listener) {
+		this._listeners.push(listener);
 		return () => {
-			for (const listener of listeners) {
-				const i = this._updateListeners.indexOf(listener);
-				if (i !== -1) this._updateListeners.splice(i, 1);
-			}
+			this._listeners = this._listeners.filter((l) => l !== listener);
 		};
 	}
-	async *iterateUpdates() {
-		const queue = [];
-		let resolveWaiter = null;
-		const unsubscribe = this.addUpdateListeners([(event) => {
-			queue.push(event);
-			if (resolveWaiter) {
-				resolveWaiter();
-				resolveWaiter = null;
-			}
-		}]);
-		try {
-			while (true) {
-				if (queue.length === 0) await new Promise((resolve) => {
-					resolveWaiter = resolve;
-				});
-				const event = queue.shift();
-				yield event;
-				if (event.type === "finished") break;
-			}
-		} finally {
-			unsubscribe();
-		}
+	/**
+	* @internal
+	* Observers registered directly on this domain via {@link addActionListener}.
+	* Used to wire observers (e.g. devtools) onto RunningActions that aren't created
+	* through the local-dispatch path — notably inbound actions pushed from a backend
+	* or another client over a bidirectional transport.
+	*/
+	_getActionObservers() {
+		return this._listeners;
 	}
-	_sendUpdate(update) {
-		this._updates.push(update);
-		for (const listener of this._updateListeners) listener(update);
+};
+//#endregion
+//#region src/ActionRuntime/ActionRuntimeManager.ts
+var ActionRuntimeManager = class {
+	_runtimes = /* @__PURE__ */ new Map();
+	_preferredRuntimeClientId = null;
+	_context;
+	constructor(context) {
+		this._context = context ?? {};
 	}
-	_completeWithResult(result) {
-		if (this._state.result != null || this._isAborted) return false;
-		this._state = {
-			request: this._state.request,
-			progress: this._state.progress,
-			result
-		};
-		this._resolveResult(result);
-		this._sendUpdate({
-			type: "finished",
-			finishType: "success",
-			runningAction: this,
-			time: Date.now(),
-			response: result
+	registerRuntime(runtime) {
+		const runtimeId = runtime.coordinate.stringId;
+		if (this._runtimes.has(runtimeId)) throw err_nice_action.fromId("client_runtime_already_registered", {
+			context: this._context,
+			client: runtime.coordinate
 		});
-		return true;
+		for (const id of runtime.coordinate.toStringIds()) {
+			if (this._runtimes.has(id)) continue;
+			this._runtimes.set(id, runtime);
+		}
 	}
-	_abort(reason) {
-		if (this._state.result != null || this._isAborted) return false;
-		this._isAborted = true;
-		this._rejectResult(reason);
-		this._sendUpdate({
-			type: "finished",
-			finishType: "aborted",
-			runningAction: this,
-			time: Date.now(),
-			reason
+	getRuntimeAndHandlerForAction(action, options, throwOnIssue) {
+		const localRuntime = options?.targetLocalRuntime;
+		if (localRuntime != null) {
+			const runtime = throwOnIssue ? this.getBestRuntimeOrThrow(options?.targetLocalRuntime?.coordinate) : this.getBestRuntime(options?.targetLocalRuntime?.coordinate);
+			if (runtime == null) return;
+			const handler = runtime._getHandlerForAction(action, options);
+			if (handler != null) return {
+				handler,
+				runtime
+			};
+			if (throwOnIssue) throw err_nice_action.fromId("no_action_execution_handler", {
+				domain: action.domain,
+				actionId: action.id,
+				specifiedClient: localRuntime.coordinate
+			});
+		}
+		for (const runtime of this._runtimes.values()) {
+			const handler = runtime._getHandlerForAction(action);
+			if (handler) return {
+				handler,
+				runtime
+			};
+		}
+		if (throwOnIssue) throw err_nice_action.fromId("no_action_execution_handler", {
+			domain: action.domain,
+			actionId: action.id,
+			specifiedClient: options?.targetLocalRuntime?.coordinate
 		});
-		return true;
 	}
-	_failWithError(error) {
-		if (this._state.result != null || this._isAborted) return false;
-		this._isAborted = true;
-		this._rejectResult(error);
-		this._sendUpdate({
-			type: "finished",
-			finishType: "failed",
-			runningAction: this,
-			time: Date.now(),
-			error
-		});
-		return true;
+	getRuntimeAndHandlerForActionOrThrow(action, options) {
+		return this.getRuntimeAndHandlerForAction(action, options, true);
 	}
-	_updateProgress(progress) {
-		if (this._state.result != null || this._isAborted) return;
-		this._state.progress.push(progress);
-		this._sendUpdate({
-			type: "progress",
-			runningAction: this,
-			time: Date.now(),
-			progress: progress.progress
-		});
+	setPreferredRuntime(runtime) {
+		const runtimeId = runtime.coordinate.stringId;
+		this._preferredRuntimeClientId = runtimeId;
 	}
-	waitForResultPayload() {
-		return this._resultPayloadPromise;
+	getPreferredRuntime() {
+		if (this._preferredRuntimeClientId) {
+			const runtime = this._runtimes.get(this._preferredRuntimeClientId);
+			if (runtime) return runtime;
+		}
+		return this._runtimes.values().next().value;
 	}
-	_resolveFromJson(resultJson) {
-		if (this._state.result != null || this._isAborted) return false;
-		const result = this._domain.hydrateResultPayload(resultJson);
-		return this._completeWithResult(result);
+	getBestRuntimeForSpecifier(clientSpecifier) {
+		const ids = new RuntimeCoordinate(clientSpecifier).toStringIds();
+		for (const id of ids) {
+			const runtime = this._runtimes.get(id);
+			if (runtime) return runtime;
+		}
 	}
-};
-//#endregion
-//#region src/errors/err_nice_action.ts
-let EErrId_NiceAction = /* @__PURE__ */ function(EErrId_NiceAction) {
-	EErrId_NiceAction["not_implemented"] = "not_implemented";
-	EErrId_NiceAction["action_id_not_in_domain"] = "action_id_not_in_domain";
-	EErrId_NiceAction["domain_already_exists_in_hierarchy"] = "domain_already_exists_in_hierarchy";
-	EErrId_NiceAction["domain_no_handler"] = "domain_no_handler";
-	EErrId_NiceAction["hydration_domain_mismatch"] = "hydration_domain_mismatch";
-	EErrId_NiceAction["hydration_action_state_mismatch"] = "hydration_action_state_mismatch";
-	EErrId_NiceAction["hydration_action_id_not_found"] = "hydration_action_id_not_found";
-	EErrId_NiceAction["no_action_execution_handler"] = "no_action_execution_handler";
-	EErrId_NiceAction["wire_action_not_payload"] = "wire_action_not_payload";
-	EErrId_NiceAction["wire_not_action_data"] = "wire_not_action_data";
-	EErrId_NiceAction["client_runtime_already_registered"] = "client_runtime_already_registered";
-	EErrId_NiceAction["client_runtime_not_registered"] = "client_runtime_not_registered";
-	EErrId_NiceAction["runtime_reset"] = "runtime_reset";
-	EErrId_NiceAction["no_client_runtimes_registered"] = "no_client_runtimes_registered";
-	EErrId_NiceAction["action_input_validation_failed"] = "action_input_validation_failed";
-	EErrId_NiceAction["action_input_validation_promise"] = "action_input_validation_promise";
-	EErrId_NiceAction["action_output_validation_failed"] = "action_output_validation_failed";
-	EErrId_NiceAction["action_output_validation_promise"] = "action_output_validation_promise";
-	return EErrId_NiceAction;
-}({});
-const err_nice_action = err_nice.createChildDomain({
-	domain: "err_nice_action",
-	defaultHttpStatusCode: 500,
-	schema: {
-		["not_implemented"]: err({ message: ({ label }) => `The "${label}" functionality is not implemented yet.` }),
-		["action_id_not_in_domain"]: err({ message: ({ actionId, domain }) => `Action with id "${actionId}" does not exist in domain "${domain}".` }),
-		["domain_already_exists_in_hierarchy"]: err({ message: ({ domain, allParentDomains, parentDomain }) => `Domain "${domain}" already exists in the hierarchy under the parent "${parentDomain}". All parent domains ["${allParentDomains.join(", ")}"]` }),
-		["domain_no_handler"]: err({ message: ({ domain }) => `Domain "${domain}" has no action handler registered.` }),
-		["hydration_domain_mismatch"]: err({ message: ({ expected, received }) => `Cannot hydrate action: domain mismatch. Expected "${expected}", got "${received}".` }),
-		["hydration_action_state_mismatch"]: err({ message: ({ expected, received }) => `Cannot hydrate action: action state type mismatch. Expected "${expected}", got "${received}".` }),
-		["hydration_action_id_not_found"]: err({ message: ({ domain, actionId }) => `Cannot hydrate action: id "${actionId}" does not exist in domain "${domain}".` }),
-		["no_action_execution_handler"]: err({ message: ({ domain, actionId, specifiedClient }) => `${specifiedClient ? ` The targeted client runtime [${specifiedClient.stringId}] has no` : "No"} action handler registered for "${actionId}" in domain "${domain}".` }),
-		["wire_action_not_payload"]: err({ message: ({ domain, actionId, actionState }) => `Cannot handle wire for action "${actionId}" in domain "${domain}": expected action form of "data" and type of "request", "progress" or "result", got "${actionState}".` }),
-		["wire_not_action_data"]: err({ message: () => `Cannot handle wire for action: expected an object with a "domain" property of type string, a "form" property of "data" and a "type" property of "request", "progress" or "result".` }),
-		["runtime_reset"]: err({ message: () => `Runtime has been reset.` }),
-		["client_runtime_already_registered"]: err({ message: ({ context, client }) => `Environment is already registered${context?.domain ? ` on domain "${context.domain}"` : ""} for client [${client.stringId}]. Each client specifier (exact match on all properties) may only be registered once.` }),
-		["client_runtime_not_registered"]: err({ message: ({ context, clientStringId }) => `No runtime registered${context?.domain ? ` on domain "${context.domain}"` : ""} for client [${clientStringId}].` }),
-		["no_client_runtimes_registered"]: err({ message: ({ context }) => `No runtimes registered${context?.domain ? ` on domain "${context.domain}"` : ""}. Add handlers to a runtime via runtime.addHandlers([handler]) before executing actions.` }),
-		["action_input_validation_failed"]: err({
-			message: ({ domain, actionId, validationMessage }) => `Input validation failed for action "${actionId}" in domain "${domain}":\n${validationMessage}`,
-			httpStatusCode: 400
-		}),
-		["action_input_validation_promise"]: err({
-			message: ({ domain, actionId }) => `Input validation for action "${actionId}" in domain "${domain}" returned a promise, which is not supported.`,
-			httpStatusCode: 400
-		}),
-		["action_output_validation_failed"]: err({
-			message: ({ domain, actionId, validationMessage }) => `Output validation failed for action "${actionId}" in domain "${domain}":\n${validationMessage}`,
-			httpStatusCode: 500
-		}),
-		["action_output_validation_promise"]: err({
-			message: ({ domain, actionId }) => `Output validation for action "${actionId}" in domain "${domain}" returned a promise, which is not supported.`,
-			httpStatusCode: 500
-		})
+	getBestRuntime(clientSpecifier) {
+		return clientSpecifier != null ? this.getBestRuntimeForSpecifier(clientSpecifier) : this.getPreferredRuntime();
 	}
-});
-//#endregion
-//#region src/utils/isAction_Base_JsonObject.ts
-const isAction_Base_JsonObject = (obj) => {
-	return typeof obj === "object" && obj !== null && typeof obj.domain === "string" && typeof obj.id === "string" && typeof obj.form === "string";
-};
-//#endregion
-//#region src/utils/isActionPayload_Result_JsonObject.ts
-const isActionPayload_Result_JsonObject = (obj) => {
-	return isAction_Base_JsonObject(obj) && obj.result != null && obj.form === "data" && obj.type === "result";
-};
-//#endregion
-//#region src/ActionDefinition/Schema/ActionSchema.ts
-/**
-* What a sender should expect back from an action — declared on its schema so both ends agree without
-* any wire flag (each derives the mode from the shared `domain:id`).
-*
-* - `payload` — a typed output (the action has `.output(...)`); the sender awaits it.
-* - `ack` — an empty success confirming receipt (no output); the sender may await it to know the
-*   receiver handled it (or to surface an error). This is the default for an action with no output.
-* - `none` — fire-and-forget: the receiver sends no reply and the sender doesn't wait. The sender's
-*   running action completes as soon as the frame is on the wire (no pending reply, no timeout).
-*/
-let EActionResponseMode = /* @__PURE__ */ function(EActionResponseMode) {
-	EActionResponseMode["payload"] = "payload";
-	EActionResponseMode["ack"] = "ack";
-	EActionResponseMode["none"] = "none";
-	return EActionResponseMode;
-}({});
-var ActionSchema = class {
-	_errorDeclarations = [];
-	inputOptions;
-	outputOptions;
-	_responseMode;
-	get inputSchema() {
-		return this.inputOptions?.schema;
+	hasRuntime(runtime) {
+		return this._runtimes.has(runtime.coordinate.stringId);
 	}
-	get outputSchema() {
-		return this.outputOptions?.schema;
-	}
-	/**
-	* The response contract for this action. Defaults are inferred — `payload` when an output schema is
-	* declared, otherwise `ack` — and made explicit by {@link ack} / {@link fireAndForget}.
-	*/
-	get responseMode() {
-		if (this._responseMode != null) return this._responseMode;
-		return this.outputOptions != null ? "payload" : "ack";
-	}
-	/**
-	* Mark this action as expecting only an acknowledgment (an empty success). Mostly for clarity — an
-	* output-less action already acks by default — but it documents intent and reads as the deliberate
-	* counterpart to {@link fireAndForget}.
-	*/
-	ack() {
-		this._responseMode = "ack";
-		return this;
-	}
-	/**
-	* Mark this action as fire-and-forget: the receiver sends no reply, and the sender's running action
-	* completes the moment the frame is sent (no awaited reply, no timeout). Ideal for high-frequency
-	* server→client pushes (presence, ticks) where an ack would only add wire chatter.
-	*/
-	fireAndForget() {
-		this._responseMode = "none";
-		return this;
-	}
-	/**
-	* Declare the input schema (JSON-native or with explicit SERDE type param).
-	* For non-JSON-native inputs, prefer the 3-argument form below to avoid
-	* needing explicit type parameters.
-	*/
-	input(options) {
-		this.inputOptions = options;
-		return this;
-	}
-	/**
-	* Declare the output schema (JSON-native or with explicit SERDE type param).
-	* For non-JSON-native outputs, prefer the 3-argument form below to avoid
-	* needing explicit type parameters.
-	*/
-	output(options) {
-		this.outputOptions = options;
-		return this;
-	}
-	throws(domain, ids) {
-		this._errorDeclarations.push({
-			_domain: domain,
-			_ids: ids
-		});
-		return this;
-	}
-	/**
-	* Serialize raw input to a JSON-serializable form.
-	* Uses the schema's serialization.serialize if defined; otherwise the input
-	* is already JSON-native and is returned as-is.
-	*/
-	serializeInput(rawInput) {
-		if (this.inputOptions?.serialization) return this.inputOptions.serialization.serialize(rawInput);
-		return rawInput;
-	}
-	/**
-	* Deserialize a JSON value back into the raw input type.
-	* Uses serialization.deserialize if defined; otherwise the value is cast
-	* directly (it's already in the correct shape).
-	*/
-	deserializeInput(serialized) {
-		if (this.inputOptions?.serialization) return this.inputOptions.serialization.deserialize(serialized);
-		return serialized;
-	}
-	/**
-	* Validate raw input against the schema defined via `.input({ schema })`.
-	* Throws `action_input_validation_failed` if validation fails.
-	* Returns the validated (and possibly coerced) value on success.
-	* If no input schema was declared, the value is passed through as-is.
-	*/
-	validateInput(value, meta) {
-		if (this.inputOptions?.schema == null) return value;
-		const result = this.inputOptions.schema["~standard"].validate(value);
-		if (result instanceof Promise) throw err_nice_action.fromId("action_input_validation_promise", {
-			domain: meta.domain,
-			actionId: meta.actionId
-		});
-		if (result.issues != null) throw err_nice_action.fromId("action_input_validation_failed", {
-			domain: meta.domain,
-			actionId: meta.actionId,
-			validationMessage: extractMessageFromStandardSchema(result)
-		});
-		return result.value;
-	}
-	validateOutput(value, meta) {
-		if (this.outputOptions?.schema == null) return value;
-		const result = this.outputOptions.schema["~standard"].validate(value);
-		if (result instanceof Promise) throw err_nice_action.fromId("action_output_validation_promise", {
-			domain: meta.domain,
-			actionId: meta.actionId
-		});
-		if (result.issues != null) throw err_nice_action.fromId("action_output_validation_failed", {
-			domain: meta.domain,
-			actionId: meta.actionId,
-			validationMessage: extractMessageFromStandardSchema(result)
-		});
-		return result.value;
-	}
-	/**
-	* Serialize raw output to a JSON-serializable form.
-	*/
-	serializeOutput(rawOutput) {
-		if (this.outputOptions?.serialization) return this.outputOptions.serialization.serialize(rawOutput);
-		return rawOutput;
-	}
-	/**
-	* Deserialize a JSON value back into the raw output type.
-	*/
-	deserializeOutput(serialized) {
-		if (this.outputOptions?.serialization) return this.outputOptions.serialization.deserialize(serialized);
-		return serialized;
-	}
-};
-const actionSchema = () => {
-	return new ActionSchema();
-};
-//#endregion
-//#region src/utils/getAssumedRuntimeEnvironment.ts
-const getAssumedRuntimeInfo = () => {
-	return {
-		assumed: true,
-		runtimeName: runtime
-	};
-};
-//#endregion
-//#region src/utils/isActionPayload_Progress_JsonObject.ts
-const isActionPayload_Progress_JsonObject = (obj) => {
-	return isAction_Base_JsonObject(obj) && "progress" in obj && obj.form === "data" && obj.type === "progress";
-};
-//#endregion
-//#region src/utils/isActionPayload_Request_JsonObject.ts
-const isActionPayload_Request_JsonObject = (obj) => {
-	return isAction_Base_JsonObject(obj) && "input" in obj && obj.form === "data" && obj.type === "request";
-};
-//#endregion
-//#region src/utils/isActionPayload_Any_JsonObject.ts
-function isActionPayload_Any_JsonObject(obj) {
-	return isActionPayload_Request_JsonObject(obj) || isActionPayload_Result_JsonObject(obj) || isActionPayload_Progress_JsonObject(obj);
-}
-//#endregion
-//#region src/ActionRuntime/HandlerCallStack.ts
-const _stack = [];
-function pushHandlerCuid(cuid) {
-	_stack.push(cuid);
-}
-function popHandlerCuid() {
-	_stack.pop();
-}
-function peekHandlerCuid() {
-	return _stack[_stack.length - 1];
-}
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Connector/err_nice_external_client.ts
-const err_nice_external_client = err_nice_action.createChildDomain({
-	domain: "err_nice_external_client",
-	schema: {}
-});
-//#endregion
-//#region src/ActionRuntime/Transport/err_nice_transport.ts
-let EErrId_NiceTransport = /* @__PURE__ */ function(EErrId_NiceTransport) {
-	EErrId_NiceTransport["timeout"] = "timeout";
-	EErrId_NiceTransport["not_found"] = "not_found";
-	EErrId_NiceTransport["unsupported"] = "unsupported";
-	EErrId_NiceTransport["initialization_failed"] = "initialization_failed";
-	EErrId_NiceTransport["send_failed"] = "send_failed";
-	EErrId_NiceTransport["invalid_action_response"] = "invalid_action_response";
-	return EErrId_NiceTransport;
-}({});
-const err_nice_transport = err_nice_external_client.createChildDomain({
-	domain: "err_nice_transport",
-	schema: {
-		["timeout"]: err({ message: ({ timeout }) => `ActionConnect transport timed out after ${timeout}ms.` }),
-		["not_found"]: err({ message: ({ actionId }) => `No connected transport found for action "${actionId}".` }),
-		["unsupported"]: err({ message: ({ transportShapes }) => `${transportShapes.length} Transport(s) [${transportShapes.join(", ")}] found but returned "unsupported" status.` }),
-		["initialization_failed"]: err({ message: ({ actionId }) => `Transports found for action "${actionId}", but none are ready.` }),
-		["send_failed"]: err({
-			message: ({ actionId, httpStatusCode, message }) => `Failed to send action "${actionId}" [${httpStatusCode ?? "Unknown status"}]: ${message ?? "Unknown error"}.`,
-			httpStatusCode: ({ httpStatusCode }) => httpStatusCode ?? 500
-		}),
-		["invalid_action_response"]: err({ message: ({ actionId }) => `Invalid action response JSON structure for action "${actionId}"` })
-	}
-});
-//#endregion
-//#region src/ActionRuntime/Transport/ConnectionTransportManager.ts
-var ConnectionTransportManager = class {
-	_cache;
-	_transports = [];
-	constructor(_cache) {
-		this._cache = _cache;
-	}
-	addTransport(transport) {
-		this._transports.push(transport);
-	}
-	/**
-	* The highest-priority transport (first declared). Used to label an action's route *before* the
-	* transport has finished connecting — so a still-connecting action shows its (expected) destination
-	* instead of an "unknown" hop. {@link getReadyTransport} still decides the real winner, and the
-	* caller corrects the hop if a lower-priority transport ends up serving the action.
-	*/
-	getPreferredTransport() {
-		return this._transports[0];
-	}
-	async getReadyTransport(routeActionParams) {
-		const action = routeActionParams.action;
-		const candidates = [];
-		const unavailableTransports = [];
-		for (const transport of this._transports) {
-			if (!transport.isAvailable(routeActionParams)) {
-				unavailableTransports.push(transport);
-				continue;
-			}
-			const cacheKey = transport.getCacheKey(routeActionParams);
-			if (cacheKey != null) {
-				const cached = this._cache.get(cacheKey);
-				if (cached != null) {
-					if (cached instanceof Promise) {
-						candidates.push(cached);
-						continue;
-					}
-					candidates.push(Promise.resolve({
-						...cached,
-						transport
-					}));
-					break;
-				}
-			}
-			const statusInfo = transport.getTransport(routeActionParams);
-			if (statusInfo.status === "ready") {
-				const readyData = statusInfo.readyData;
-				if (cacheKey != null) {
-					const entry = {
-						methods: readyData,
-						transport
-					};
-					this._cache.set(cacheKey, entry);
-					readyData.addOnDisconnectListener?.(() => {
-						if (this._cache.get(cacheKey) === entry) this._cache.delete(cacheKey);
-					});
-				}
-				candidates.push(Promise.resolve({
-					methods: readyData,
-					transport
-				}));
-				break;
-			}
-			if (statusInfo.status === "unsupported") {
-				unavailableTransports.push(transport);
-				continue;
-			}
-			if (statusInfo.status === "initializing") {
-				const promise = statusInfo.initializationPromise.then((info) => {
-					if (info.status === "failed") throw info.error;
-					if (info.status === "unsupported") throw err_nice_transport.fromId("unsupported", { transportShapes: [transport.type] });
-					const readyData = info.readyData;
-					const entry = {
-						methods: readyData,
-						transport
-					};
-					if (cacheKey != null) if (this._cache.get(cacheKey) === promise) {
-						this._cache.set(cacheKey, entry);
-						readyData.addOnDisconnectListener?.(() => {
-							if (this._cache.get(cacheKey) === entry) this._cache.delete(cacheKey);
-						});
-					} else readyData.disconnect?.();
-					return entry;
-				}).catch((e) => {
-					if (cacheKey != null && this._cache.get(cacheKey) === promise) this._cache.delete(cacheKey);
-					throw e;
-				});
-				if (cacheKey != null) this._cache.set(cacheKey, promise);
-				candidates.push(promise);
-			}
-		}
-		if (candidates.length === 0) {
-			if (unavailableTransports.length > 0) throw err_nice_transport.fromId("unsupported", { transportShapes: unavailableTransports.map((t) => t.type) });
-			throw err_nice_transport.fromId("not_found", { actionId: action.id });
-		}
-		let lastError;
-		for (const candidate of candidates) try {
-			return await candidate;
-		} catch (e) {
-			lastError = e;
+	getBestRuntimeOrThrow(specifier) {
+		const runtime = this.getBestRuntime(specifier);
+		if (!runtime) {
+			if (specifier == null) throw err_nice_action.fromId("no_client_runtimes_registered", { context: this._context });
+			throw err_nice_action.fromId("client_runtime_not_registered", {
+				context: this._context,
+				clientStringId: runtimeCoordinateToStringIds(specifier)[0]
+			});
 		}
-		throw err_nice_transport.fromId("initialization_failed", { actionId: action.id }).withOriginError(lastError);
-	}
-};
-//#endregion
-//#region src/ActionRuntime/ActionDomainManager.ts
-var ActionDomainManager = class {
-	_domains = /* @__PURE__ */ new Map();
-	addDomain(domain) {
-		this._domains.set(domain.domain, domain);
-	}
-	getDomains() {
-		return [...this._domains.values()];
-	}
-	verifyIsActionJson(action) {
-		if (typeof action.domain !== "string" || typeof action.id !== "string") throw err_nice_action.fromId("wire_not_action_data");
-	}
-	getActionDomain(action) {
-		this.verifyIsActionJson(action);
-		const domain = this._domains.get(action.domain);
-		if (!domain) return;
-		return domain;
-	}
-	getActionDomainOrThrow(action) {
-		this.verifyIsActionJson(action);
-		const domain = this._domains.get(action.domain);
-		if (!domain) throw err_nice_action.fromId("domain_no_handler", { domain: action.domain });
-		return domain;
-	}
-	hydrateActionPayload(actionJson) {
-		return this.getActionDomainOrThrow(actionJson).hydrateAnyAction(actionJson);
+		return runtime;
 	}
 };
 //#endregion
-//#region src/ActionRuntime/Routing/ActionRouter.ts
-var ActionRouter = class {
-	domainManager = new ActionDomainManager();
-	actionRouteData = /* @__PURE__ */ new Map();
-	_context;
-	constructor(context) {
-		this._context = context;
-	}
-	/** Copy all routes from another router into this one, replacing any overlapping keys. */
-	mergeRouter(actionRouter) {
-		for (const domain of actionRouter.getDomains()) this.domainManager.addDomain(domain);
-		for (const [matchKey, routeDataEntries] of actionRouter.actionRouteData.entries()) this.actionRouteData.set(matchKey, [...routeDataEntries]);
-	}
-	addDomainsFromOther(actionRouter) {
-		for (const domain of actionRouter.getDomains()) this.domainManager.addDomain(domain);
-	}
-	/** All FNs registered for an action, ID-specific entries first then domain wildcard. */
-	getRouteDataEntriesForAction(action) {
-		const idKey = `dom[${action.domain}]id[${action.id}]`;
-		const domKey = `dom[${action.domain}]id[_]`;
-		return [...this.actionRouteData.get(idKey) ?? [], ...this.actionRouteData.get(domKey) ?? []];
-	}
-	/** First FN registered for an action (ID-specific beats domain wildcard). */
-	getRouteDataForAction(action) {
-		return this.getRouteDataEntriesForAction(action)[0];
-	}
-	throwNoHandlerForAction(action, context) {
-		if (this._context.contextType === "handler_route") throw err_nice_action.fromId("no_action_execution_handler", {
-			domain: action.domain,
-			actionId: action.id,
-			specifiedClient: context.targetLocalRuntime?.coordinate
-		});
-		if (this._context.contextType === "runtime_to_handler") throw err_nice_action.fromId("no_action_execution_handler", {
-			domain: action.domain,
-			actionId: action.id,
-			specifiedClient: this._context.runtime.coordinate
-		});
-		throw err_nice_action.fromId("no_action_execution_handler", {
-			domain: action.domain,
-			actionId: action.id
+//#region src/ActionDefinition/Domain/ActionRootDomain.ts
+var ActionRootDomain = class extends ActionDomainBase {
+	domainDefinition;
+	_actionRuntimeManager;
+	constructor(domainDefinition) {
+		const domainId = domainDefinition.domain;
+		super({
+			domain: domainId,
+			allDomains: [domainId],
+			actionSchema: {}
 		});
+		this.domainDefinition = domainDefinition;
+		this._actionRuntimeManager = new ActionRuntimeManager({ domain: domainId });
 	}
-	getRouteDataEntriesForActionOrThrow(action, context) {
-		const entries = this.getRouteDataEntriesForAction(action);
-		if (entries.length === 0) this.throwNoHandlerForAction(action, context);
-		return entries;
-	}
-	getRouteDataForActionOrThrow(action, context) {
-		const routeData = this.getRouteDataForAction(action);
-		if (!routeData) this.throwNoHandlerForAction(action, context);
-		return routeData;
-	}
-	/** All FNs stored under an exact match key. */
-	getForKey(key) {
-		return this.actionRouteData.get(key) ?? [];
-	}
-	/** Every match key that has at least one registered FN. */
-	getRegisteredKeys() {
-		return [...this.actionRouteData.keys()];
-	}
-	getDomains() {
-		return this.domainManager.getDomains();
-	}
-	/** Register a handler for all actions in a domain, replacing any existing one. */
-	forDomain(domain, routeData) {
-		this.domainManager.addDomain(domain);
-		this.actionRouteData.set(`dom[${domain.domain}]id[_]`, [routeData]);
-		return this;
-	}
-	forAction(action, routeData) {
-		return this.forActionId(action._domain, action.id, routeData);
-	}
-	/** Register a handler for a specific action, replacing any existing one. */
-	forActionId(domain, id, routeData) {
-		this.domainManager.addDomain(domain);
-		this.actionRouteData.set(`dom[${domain.domain}]id[${id}]`, [routeData]);
-		return this;
-	}
-	/** Register one handler for several action IDs, replacing any existing ones. */
-	forActionIds(domain, ids, routeData) {
-		this.domainManager.addDomain(domain);
-		for (const id of ids) this.forActionId(domain, id, routeData);
-		return this;
-	}
-	/** Register per-action handlers from a cases map, replacing any existing ones. */
-	forDomainActionCases(domain, cases) {
-		this.domainManager.addDomain(domain);
-		for (const id of Object.keys(cases)) {
-			const routeData = cases[id];
-			if (routeData != null) this.actionRouteData.set(`dom[${domain.domain}]id[${id}]`, [routeData]);
-		}
-		return this;
-	}
-	/** Append a handler for all actions in a domain (accumulates alongside existing). */
-	addForDomain(domain, routeData) {
-		this.domainManager.addDomain(domain);
-		this._push(`dom[${domain.domain}]id[_]`, routeData);
-		return this;
-	}
-	/** Append a handler for a specific action (accumulates alongside existing). */
-	addForAction(domain, id, routeData) {
-		this.domainManager.addDomain(domain);
-		this._push(`dom[${domain.domain}]id[${id}]`, routeData);
-		return this;
-	}
-	/** Append one handler for several action IDs (accumulates alongside existing). */
-	addForActionIds(domain, ids, routeData) {
-		this.domainManager.addDomain(domain);
-		for (const id of ids) this.addForAction(domain, id, routeData);
-		return this;
-	}
-	/** Append per-action handlers from a cases map (accumulates alongside existing). */
-	addForDomainActionCases(domain, cases) {
-		this.domainManager.addDomain(domain);
-		for (const id of Object.keys(cases)) {
-			const routeData = cases[id];
-			if (routeData != null) this._push(`dom[${domain.domain}]id[${id}]`, routeData);
-		}
-		return this;
-	}
-	/** Append a handler directly by its raw match key (used when the key is known ahead of time). */
-	addForKey(key, routeData) {
-		this._push(key, routeData);
-		return this;
-	}
-	_push(key, routeData) {
-		const existing = this.actionRouteData.get(key);
-		if (existing != null) existing.push(routeData);
-		else this.actionRouteData.set(key, [routeData]);
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Handler/ActionHandler.ts
-var ActionHandler = class {
-	cuid;
-	constructor() {
-		this.cuid = nanoid();
-	}
-	getActionRouter() {
-		return this.actionRouter;
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/PeerLinkHandler.ts
-/**
-* Shared base for every handler that routes a domain set to/from *another runtime* (a "peer") — the
-* unified peer-link concept. Both specializations extend this as siblings, differing only in *who
-* establishes the connection*, which is a transport trait, not a routing one:
-*
-* - {@link ConnectorHandler} — **dial-out**: this runtime opens connection(s) to one peer
-*   over a transport stack (with caching + fallback). The classic "client → backend" link.
-* - {@link AcceptorHandler} — **accept-in**: connections are accepted from many peers and fed in
-*   via `receive()`; it keeps a per-connection registry and can push to any of them.
-*
-* To the runtime there is no "client" vs "server" — both are peer-link handlers (`handlerType =
-* external`) keyed to a peer coordinate, chosen by the return-path dispatch via {@link sendReturnPayload}.
-*/
-var PeerLinkHandler = class extends ActionHandler {
-	/** The peer runtime this handler links to (an env-only coordinate for an accept-in handler). */
-	peerClient;
-	handlerType = "peer";
-	actionRouter = new ActionRouter({
-		contextType: "handler_route",
-		handler: this
-	});
-	/** Listeners installed by the runtime (`resolveIncomingActionPayload`) for inbound peer frames. */
-	_incomingActionDataListeners = [];
-	constructor(peerCoordinate) {
-		super();
-		this.peerClient = peerCoordinate;
-	}
-	forDomain(domain) {
-		this.actionRouter.forDomain(domain, true);
-		return this;
-	}
-	forAction(action) {
-		this.actionRouter.forAction(action, true);
-		return this;
-	}
-	forActionIds(domain, ids) {
-		this.actionRouter.forActionIds(domain, ids, true);
-		return this;
-	}
-	_setIncomingActionDataListener(listener) {
-		this._incomingActionDataListeners.push(listener);
-	}
-	/** Hand a decoded inbound frame to the runtime (called by each specialization's receive path). */
-	_emitIncoming(json) {
-		for (const listener of this._incomingActionDataListeners) listener(json);
+	createChildDomain(subDomainDef) {
+		if (this.allDomains.includes(subDomainDef.domain)) throw err_nice_action.fromId("domain_already_exists_in_hierarchy", {
+			domain: subDomainDef.domain,
+			allParentDomains: this.allDomains,
+			parentDomain: this.domain
+		});
+		return new ActionDomain({
+			allDomains: [...this.allDomains, subDomainDef.domain],
+			domain: subDomainDef.domain,
+			actionSchema: subDomainDef.actions
+		}, { rootDomain: this });
 	}
-	/**
-	* Whether this handler currently holds a *live* connection bound to `origin`. The runtime's return-path
-	* dispatch ({@link ActionRuntime.getReturnHandlerForOrigin}) prefers a handler that owns the origin's
-	* connection over a mere coordinate match, so with several duplex acceptors a result/push routes back
-	* over the carrier the client connected on. Defaults to `false`; an acceptor overrides it from its
-	* connection registry.
-	*/
-	ownsLiveConnectionFor(_origin) {
-		return false;
+	_registerRuntime(runtime) {
+		this._actionRuntimeManager.registerRuntime(runtime);
 	}
-	/** Release any long-lived connections this handler owns (a teardown). No-op by default. */
-	clearTransportCache() {}
-};
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Connector/ConnectorHandler.ts
-/**
-* Dial-out peer link: this runtime opens connection(s) to one peer over a transport stack (cached, with
-* preference-ordered fallback). The classic "client → backend" handler — but to the runtime it's just a
-* {@link PeerLinkHandler} like the accept-in server one.
-*/
-var ConnectorHandler = class extends PeerLinkHandler {
-	/**
-	* Dial-out can receive (and so return) an unsolicited push only over a duplex transport. With every
-	* transport exchange-only (HTTP), the peer can never push to us — so this link can't deliver one back.
-	*/
-	canPush;
-	_defaultTimeout;
-	_transportCache = /* @__PURE__ */ new Map();
-	transportManager = new ConnectionTransportManager(this._transportCache);
-	constructor({ runtimeCoordinate: peerSpecifier, transports, defaultTimeout }) {
-		super(peerSpecifier);
-		this._defaultTimeout = defaultTimeout ?? 1e4;
-		this.canPush = transports.some((transport) => transport.type === "duplex");
-		for (const transport of transports) {
-			const connection = transport._createConnection({ resolvers: { onIncomingActionDataJson: (json) => this._emitIncoming(json) } });
-			connection.definition = transport;
-			this.transportManager.addTransport(connection);
-		}
+	_hasRuntime(runtime) {
+		return this._actionRuntimeManager.hasRuntime(runtime);
 	}
-	async handleActionRequest(action, config) {
-		const localRuntime = config?.targetLocalRuntime ?? ActionRuntime.getDefault();
-		const localClient = localRuntime.coordinate;
-		const incomingTimeout = config?.timeout ?? this._defaultTimeout;
-		const parentCuid = peekHandlerCuid();
-		const callSite = action._callSite ?? (/* @__PURE__ */ new Error()).stack;
-		const routeParams = {
-			action,
-			localClient,
-			externalClient: this.peerClient
-		};
-		const preferredTransport = this.transportManager.getPreferredTransport();
-		const routeItem = preferredTransport != null ? {
-			runtime: localClient,
-			handler: this.toHandlerRouteItem(preferredTransport, routeParams),
-			time: Date.now()
-		} : void 0;
-		if (routeItem != null) action.context.addRouteItem(routeItem);
-		const runningAction = new RunningAction({
-			context: action.context,
-			request: action,
-			parentCuid,
-			callSite
-		});
-		localRuntime.registerRunningAction(runningAction);
-		this._dispatchWhenTransportReady(runningAction, routeParams, routeItem, incomingTimeout);
-		return runningAction;
+	getRuntime(clientSpecifier) {
+		return this._actionRuntimeManager.getBestRuntimeForSpecifier(clientSpecifier);
 	}
-	async _dispatchWhenTransportReady(runningAction, routeParams, routeItem, incomingTimeout) {
-		const action = routeParams.action;
+	async _runAction(actionPayload, options) {
+		const allListeners = [...this._listeners, ...options?.listeners ?? []];
+		let handlerAndRuntime;
 		try {
-			const { methods, transport } = await this.transportManager.getReadyTransport(routeParams);
-			const handlerRouteItem = this.toHandlerRouteItem(transport, routeParams);
-			if (routeItem != null) {
-				routeItem.handler = handlerRouteItem;
-				routeItem.time = Date.now();
-			} else action.context.addRouteItem({
-				runtime: routeParams.localClient,
-				handler: handlerRouteItem,
-				time: Date.now()
-			});
-			const sendInput = {
-				...routeParams,
-				runningAction,
-				timeout: incomingTimeout
-			};
-			if (action.type === "request" && methods.updateRunConfig != null) sendInput.timeout = methods.updateRunConfig(sendInput)?.timeout ?? incomingTimeout;
-			methods.sendActionData(sendInput);
-			if (action.type === "request" && action.schema.responseMode === "none") runningAction._completeWithResult(action.successResult(void 0));
+			handlerAndRuntime = this._actionRuntimeManager.getRuntimeAndHandlerForActionOrThrow(actionPayload, options);
 		} catch (err) {
-			runningAction._abort(err);
-		}
-	}
-	/**
-	* Dispatch a result or progress payload directly back to the external client via the best
-	* available bidirectional transport (WebSocket / Custom). Used for return-path routing when the
-	* local runtime recognises that it has a direct channel to the action's originClient.
-	*
-	* Returns `true` if the payload was sent, `false` if no suitable transport was available.
-	*/
-	async sendReturnPayload(payload, config) {
-		const localClient = config.targetLocalRuntime.coordinate;
-		try {
-			const { methods } = await this.transportManager.getReadyTransport({
-				action: payload,
-				localClient,
-				externalClient: this.peerClient
-			});
-			if (methods.sendReturnData == null) return false;
-			methods.sendReturnData(payload, {
-				localClient,
-				externalClient: this.peerClient
+			const runningAction = new RunningAction({
+				context: actionPayload.context,
+				request: actionPayload,
+				callSite: actionPayload._callSite
 			});
-			return true;
-		} catch {
-			return false;
+			runningAction.addUpdateListeners(allListeners);
+			runningAction._failWithError(err);
+			throw err;
 		}
-	}
-	toJsonObject() {
-		return {
-			type: this.handlerType,
-			client: this.peerClient
-		};
-	}
-	toHandlerRouteItem(transport, input) {
-		return {
-			type: this.handlerType,
-			client: this.peerClient,
-			transOrd: transport.transOrd,
-			transShape: transport.type,
-			transInfo: transport.getRouteInfo(input)
-		};
-	}
-	clearTransportCache() {
-		for (const entry of this._transportCache.values()) if (entry instanceof Promise) entry.then((ready) => ready.methods.disconnect?.()).catch(() => {});
-		else entry.methods.disconnect?.();
-		this._transportCache.clear();
+		const { handler, runtime } = handlerAndRuntime;
+		actionPayload.context._setOriginClient(runtime.coordinate);
+		const runningAction = await handler.handleActionRequest(actionPayload, { targetLocalRuntime: runtime });
+		runningAction.addUpdateListeners(allListeners);
+		return runningAction;
 	}
 };
-const createConnectorHandler = (config) => {
-	return new ConnectorHandler(config);
-};
 //#endregion
-//#region src/ActionRuntime/ActionRuntime.ts
-var ActionRuntime = class {
-	_coordinate;
-	timeCreated;
-	runtimeInfo = getAssumedRuntimeInfo();
-	actionRouter;
-	_pendingRunningActions = /* @__PURE__ */ new Map();
-	_registeredPeerHandlers = [];
-	_applied = false;
-	static getDefault() {
-		return getDefaultActionRuntime();
-	}
-	constructor(coordinate) {
-		this._coordinate = coordinate.specifyIfUnset({ insId: nanoid(14) });
-		this.timeCreated = Date.now();
-		this.actionRouter = new ActionRouter({
-			contextType: "runtime_to_handler",
-			runtime: this
-		});
-	}
-	get coordinate() {
-		return this._coordinate;
-	}
-	specifyRuntimeCoordinate(specifics) {
-		if (specifics.envId != null && this._coordinate.envId !== specifics.envId) throw err_nice_action.fromId("not_implemented", { label: `updating RuntimeCoordinate with a different "envId" ("${this._coordinate.envId}" → "${specifics.envId}")` });
-		this._coordinate = this._coordinate.specify(specifics);
-		this.apply();
-	}
-	registerRunningAction(ra) {
-		this._pendingRunningActions.set(ra.cuid, ra);
-		ra.addUpdateListeners([(update) => {
-			if (update.type === "finished") this._pendingRunningActions.delete(ra.cuid);
-		}]);
-	}
-	resolveIncomingActionPayload(json) {
-		if (json.type === "request") {
-			this.handleActionPayloadWire(json).catch((err) => {
-				console.error(`[ActionRuntime] Incoming action [${json.domain}:${json.id}:${json.form}:${json.type}] unhandled:`, err);
-			});
-			return;
-		}
-		this._pendingRunningActions.get(json.context.cuid)?._resolveFromJson(json);
-	}
-	async handleActionPayloadWire(wire) {
-		let action;
-		if (isActionPayload_Any_JsonObject(wire)) action = this.actionRouter.domainManager.getActionDomainOrThrow(wire).hydrateAnyAction(wire);
-		if (action == null) throw err_nice_action.fromId("wire_not_action_data");
-		return this.handleActionPayload(action);
+//#region src/ActionDefinition/Domain/ActionDomain.ts
+var ActionDomain = class ActionDomain extends ActionDomainBase {
+	_rootDomain;
+	_actionMap;
+	constructor(definition, { rootDomain }) {
+		super(definition);
+		this._rootDomain = rootDomain;
+		this._actionMap = this.createActionMap();
 	}
-	async handleActionPayload(action, options) {
-		if (action.type === "request") {
-			const observers = action.context._domain._collectActionObservers();
-			let handlerForAction;
-			try {
-				handlerForAction = this.getHandlerForActionOrThrow(action, options);
-			} catch (err) {
-				const runningAction = new RunningAction({
-					context: action.context,
-					request: action
-				});
-				runningAction.addUpdateListeners(observers);
-				runningAction._completeWithResult(action.errorResult(castNiceError(err)));
-				return runningAction;
-			}
-			const runningAction = await handlerForAction.handleActionRequest(action, {
-				...options,
-				targetLocalRuntime: this
-			});
-			runningAction.addUpdateListeners(observers);
-			this._trySetupReturnDispatch(runningAction);
-			return runningAction;
-		}
-		throw err_nice_action.fromId("not_implemented", { label: `Handling incoming action payloads of type "${action.type}"` });
+	get rootDomain() {
+		return this._rootDomain;
 	}
 	/**
 	* @internal
-	*
-	* Return the first handler registered for the given action, or `undefined`
-	* if none has been registered (action-ID-specific beats domain-wildcard).
+	* All action observers that should see actions on this domain: the root domain's
+	* observers plus this subdomain's own. Mirrors the listener set the local-dispatch
+	* path assembles in `runAction`/`_runAction`, so inbound actions (pushed from a
+	* backend or another client) can be wired up identically and surface in devtools.
 	*/
-	_getHandlerForAction(action, options) {
-		const handlers = this.actionRouter.getRouteDataEntriesForAction(action);
-		const targetPeer = options?.targetPeer;
-		const possibleHandlers = handlers.filter((handler) => {
-			if (handler.handlerType === "peer") {
-				if (targetPeer && !targetPeer.isSameFor(handler.peerClient).id) return false;
-				return true;
-			}
-			if (targetPeer != null) return false;
-			if (action.type === "request") return true;
-			return false;
-		});
-		if (possibleHandlers.length === 0) return;
-		const scoringPeer = targetPeer ?? RuntimeCoordinate.unknown;
-		let handlerScore = -1;
-		let handler;
-		for (const possibleHandler of possibleHandlers) {
-			if (possibleHandler.handlerType === "local") return possibleHandler;
-			if (possibleHandler.handlerType === "peer") {
-				const score = scoringPeer.similarityLevel(possibleHandler.peerClient);
-				if (score > handlerScore) {
-					handlerScore = score;
-					handler = possibleHandler;
-				}
-			}
-		}
-		return handler;
-	}
-	getHandlerForActionOrThrow(action, options) {
-		const handler = this._getHandlerForAction(action, options);
-		if (handler == null) throw err_nice_action.fromId("no_action_execution_handler", {
-			actionId: action.id,
-			domain: action.domain,
-			specifiedClient: options?.targetPeer
-		});
-		return handler;
-	}
-	/**
-	* Register one or more handlers. Each handler's own `actionRouter` defines
-	* which domains/actions it handles — those routing keys are mirrored into
-	* this runtime's router so the same action can be served by multiple handlers.
-	* Duplicate registrations (same handler cuid for the same key) are skipped.
-	*/
-	addHandlers(handlers) {
-		for (const handler of handlers) {
-			if (handler.handlerType === "peer") {
-				handler._setIncomingActionDataListener((json) => this.resolveIncomingActionPayload(json));
-				this._registeredPeerHandlers.push(handler);
-			}
-			const handlerRouter = handler.getActionRouter();
-			this.actionRouter.addDomainsFromOther(handlerRouter);
-			if (this._applied) this.apply();
-			for (const key of handlerRouter.getRegisteredKeys()) if (!this.actionRouter.getForKey(key).some((h) => h.cuid === handler.cuid)) this.actionRouter.addForKey(key, handler);
-		}
-		return this;
-	}
-	/**
-	* @internal Low-level primitive — the public way to open a connection is `connectChannel`, which
-	* derives routing from a channel and binds the crypto identity for you. This stays as the raw building
-	* block it sits on (it restates domain lists by hand) and is not part of the supported surface.
-	*
-	* Declare an external "backend client" in one call: build an
-	* {@link ConnectorHandler} for `externalCoordinate` carrying the given
-	* `transports`, route the listed `domains`/`actions` to it, register it (plus any
-	* `localHandlers` — e.g. server→client push handlers that share the same channel)
-	* on this runtime, and `apply()`. Returns the external handler so the caller can
-	* later `clearTransportCache()` it.
-	*/
-	connectTo(externalCoordinate, options) {
-		const handler = new ConnectorHandler({
-			runtimeCoordinate: externalCoordinate,
-			transports: options.transports,
-			defaultTimeout: options.defaultTimeout
-		});
-		for (const domain of options.domains ?? []) handler.forDomain(domain);
-		for (const action of options.actions ?? []) handler.forAction(action);
-		this.addHandlers([handler, ...options.localHandlers ?? []]);
-		this.apply();
-		return handler;
-	}
-	applyRuntimeForDomain(domain) {
-		const rootDomain = domain.rootDomain;
-		if (!rootDomain._hasRuntime(this)) rootDomain._registerRuntime(this);
-	}
-	/**
-	* Register this runtime with all root domains covered by its currently-added handlers,
-	* making it eligible to execute actions dispatched from those domains.
-	* After apply() is called, any subsequent addHandlers() calls also auto-register.
-	*/
-	apply() {
-		this._applied = true;
-		for (const domain of this.actionRouter.getDomains()) this.applyRuntimeForDomain(domain);
-		return this;
-	}
-	/**
-	* Find the best registered external handler that can reach `originClient` directly.
-	* Used to locate the return-path channel for dispatching results back to the action origin.
-	* Returns `undefined` if no handler matches (score > 0 required, i.e. at least id must match).
-	*
-	* A handler that currently holds the origin's *live* connection always wins over a mere coordinate
-	* match — so with several duplex acceptors (e.g. WS + WebRTC) a result/push routes back over the carrier
-	* the client actually connected on, never a same-coordinate sibling that lacks the socket. Only when no
-	* handler owns a live connection do we fall back to the plain best-coordinate-score pick (the
-	* single-acceptor and connector-only cases, unchanged).
-	*/
-	getReturnHandlerForOrigin(originClient) {
-		if (originClient.envId === "_unset_") return void 0;
-		let bestScore = -1;
-		let bestHandler;
-		let bestOwnedScore = -1;
-		let bestOwnedHandler;
-		for (const handler of this._registeredPeerHandlers) {
-			if (!handler.canPush) continue;
-			const score = originClient.similarityLevel(handler.peerClient);
-			if (score > bestScore) {
-				bestScore = score;
-				bestHandler = handler;
-			}
-			if (score > bestOwnedScore && handler.ownsLiveConnectionFor(originClient)) {
-				bestOwnedScore = score;
-				bestOwnedHandler = handler;
-			}
-		}
-		if (bestOwnedHandler != null && bestOwnedScore > 0) return bestOwnedHandler;
-		return bestScore > 0 ? bestHandler : void 0;
-	}
-	resetRuntime() {
-		for (const ra of this._pendingRunningActions.values()) ra._abort(err_nice_action.fromId("runtime_reset"));
-		for (const handler of this._registeredPeerHandlers) handler.clearTransportCache();
-	}
-	_trySetupReturnDispatch(runningAction) {
-		if (runningAction.context.schema.responseMode === "none") return;
-		const originClient = runningAction.context.originClient;
-		if (originClient.envId === "_unset_" || originClient.isSameFor(this._coordinate).id) return;
-		runningAction.addUpdateListeners([(update) => {
-			if (update.type === "finished" && update.finishType === "success") this.getReturnHandlerForOrigin(originClient)?.sendReturnPayload(update.response, { targetLocalRuntime: this }).catch(() => {});
-		}]);
-	}
-};
-const runtimeState = {
-	defaultLocalRuntime: void 0,
-	assumedRuntimeInfo: void 0
-};
-function getDefaultActionRuntime() {
-	if (runtimeState.assumedRuntimeInfo == null) runtimeState.assumedRuntimeInfo = getAssumedRuntimeInfo();
-	if (runtimeState.defaultLocalRuntime == null) runtimeState.defaultLocalRuntime = new ActionRuntime(RuntimeCoordinate.unknown.specify({ perId: `${runtimeState.assumedRuntimeInfo?.runtimeName ?? "unknown"}-runtime` }));
-	return runtimeState.defaultLocalRuntime;
-}
-//#endregion
-//#region src/ActionRuntime/Handler/Local/ActionLocalHandler.ts
-var ActionLocalHandler = class extends ActionHandler {
-	handlerType = "local";
-	actionRouter = new ActionRouter({
-		contextType: "handler_route",
-		handler: this
-	});
-	constructor() {
-		super();
-	}
-	/**
-	* Register a handler for all actions in a domain.
-	* Receives the full primed action — use `matchAction()` to narrow to a specific action id.
-	* Useful for forwarding all domain actions to a remote endpoint.
-	* Lower priority than `forAction`.
-	*/
-	forDomain(domain, handler) {
-		this.actionRouter.forDomain(domain, handler);
-		return this;
-	}
-	/**
-	* Register a handler for a base action instance. Takes priority over domain-wide handlers.
-	* Receives the full primed action with narrowed input type.
-	* Useful for handling specific actions locally while forwarding the rest of the domain. For example, a local "ping" action that checks connectivity without needing a round trip.
-	*/
-	forAction(action, handler) {
-		this.actionRouter.forAction(action, handler);
-		return this;
-	}
-	/**
-	* Register a handler for multiple action IDs (first-match-wins among cases).
-	* Receives the full primed action narrowed to the union of those IDs.
-	* Use `act.coreAction.id` to branch on which action was dispatched.
-	*/
-	forActionIds(domain, ids, handler) {
-		this.actionRouter.forActionIds(domain, ids, handler);
-		return this;
-	}
-	/**
-	* Register per-action handlers for a domain using a single map, without needing
-	* separate `forAction` calls. Unregistered action IDs are unaffected.
-	*
-	* @example
-	* ```ts
-	* handler.forDomainActionCases(userDomain, {
-	*   getUser:    (primed) => db.getUser(primed.input.userId),
-	*   deleteUser: (primed) => db.deleteUser(primed.input.userId),
-	* });
-	* ```
-	*/
-	forDomainActionCases(domain, cases) {
-		this.actionRouter.forDomainActionCases(domain, cases);
-		return this;
-	}
-	async handleActionRequest(action, config) {
-		const targetLocalRuntime = config?.targetLocalRuntime ?? ActionRuntime.getDefault();
-		const handler = this.actionRouter.getRouteDataForActionOrThrow(action, { targetLocalRuntime });
-		action.context.addRouteItem({
-			runtime: targetLocalRuntime.coordinate,
-			handler: this.toHandlerRouteItem(),
-			time: Date.now()
-		});
-		const runningAction = new RunningAction({
-			context: action.context,
-			request: action,
-			parentCuid: peekHandlerCuid(),
-			callSite: action._callSite ?? (/* @__PURE__ */ new Error()).stack
-		});
-		this._handleRunningAction(handler, runningAction).catch((err) => {
-			if (err instanceof NiceError) runningAction._completeWithResult(action.errorResult(err));
-			else if (isNiceErrorObject(err)) runningAction._completeWithResult(action.errorResult(castNiceError(err)));
-			else runningAction._abort(err);
-		});
-		return runningAction;
-	}
-	async _handleRunningAction(handler, runningAction) {
-		const state = runningAction.state;
-		if (state.result != null) return;
-		await Promise.resolve();
-		pushHandlerCuid(runningAction.cuid);
-		try {
-			const rawResult = await handler(state.request);
-			let result;
-			if (rawResult instanceof ActionPayload_Result) result = rawResult;
-			else if (rawResult != null && isActionPayload_Result_JsonObject(rawResult)) result = this.actionRouter.domainManager.getActionDomainOrThrow(state.request).hydrateResultPayload(rawResult);
-			else result = state.request.successResult(rawResult);
-			runningAction._completeWithResult(result);
-		} finally {
-			popHandlerCuid();
-		}
-	}
-	async handlePayloadWireOrThrow(wire, config) {
-		const hydratedAction = this.actionRouter.domainManager.hydrateActionPayload(wire);
-		if (!(hydratedAction instanceof ActionPayload_Request)) throw err_nice_action.fromId("wire_action_not_payload", {
-			domain: hydratedAction.domain,
-			actionId: hydratedAction.id,
-			actionState: hydratedAction.type ?? hydratedAction.form
-		});
-		return await this.handleActionRequest(hydratedAction, config);
-	}
-	toJsonObject() {
-		return { type: this.handlerType };
-	}
-	toHandlerRouteItem() {
-		return { type: this.handlerType };
-	}
-};
-const createLocalHandler = () => {
-	return new ActionLocalHandler();
-};
-//#endregion
-//#region src/utils/isAction_Context_JsonObject.ts
-const isAction_Context_JsonObject = (obj) => {
-	return isAction_Base_JsonObject(obj) && obj.form === "context";
-};
-//#endregion
-//#region src/utils/isAction_Core_JsonObject.ts
-const isAction_Core_JsonObject = (obj) => {
-	return isAction_Base_JsonObject(obj) && obj.form === "core";
-};
-//#endregion
-//#region src/utils/isAction_Any_JsonObject.ts
-function isAction_Any_JsonObject(obj) {
-	return isActionPayload_Any_JsonObject(obj) || isAction_Context_JsonObject(obj) || isAction_Core_JsonObject(obj);
-}
-//#endregion
-//#region src/utils/assertIsActionJson.ts
-function assertIsActionJson(obj) {
-	if (!isAction_Any_JsonObject(obj)) throw err_nice_action.fromId("wire_not_action_data");
-}
-//#endregion
-//#region src/utils/isAction_Any_Instance.ts
-function isAction_Any_Instance(value) {
-	return value instanceof ActionCore || value instanceof ActionPayload || value instanceof ActionContext;
-}
-//#endregion
-//#region src/ActionDefinition/Domain/ActionDomainBase.ts
-var ActionDomainBase = class {
-	domain;
-	allDomains;
-	actionSchema;
-	_listeners = [];
-	constructor(definition) {
-		this.domain = definition.domain;
-		this.allDomains = definition.allDomains;
-		this.actionSchema = definition.actionSchema;
-	}
-	/**
-	* Add an observer that is called after every action dispatched through this domain.
-	* Returns an unsubscribe function — call it to remove the listener.
-	*/
-	addActionListener(listener) {
-		this._listeners.push(listener);
-		return () => {
-			this._listeners = this._listeners.filter((l) => l !== listener);
-		};
-	}
-	/**
-	* @internal
-	* Observers registered directly on this domain via {@link addActionListener}.
-	* Used to wire observers (e.g. devtools) onto RunningActions that aren't created
-	* through the local-dispatch path — notably inbound actions pushed from a backend
-	* or another client over a bidirectional transport.
-	*/
-	_getActionObservers() {
-		return this._listeners;
-	}
-};
-//#endregion
-//#region src/ActionRuntime/ActionRuntimeManager.ts
-var ActionRuntimeManager = class {
-	_runtimes = /* @__PURE__ */ new Map();
-	_preferredRuntimeClientId = null;
-	_context;
-	constructor(context) {
-		this._context = context ?? {};
-	}
-	registerRuntime(runtime) {
-		const runtimeId = runtime.coordinate.stringId;
-		if (this._runtimes.has(runtimeId)) throw err_nice_action.fromId("client_runtime_already_registered", {
-			context: this._context,
-			client: runtime.coordinate
-		});
-		for (const id of runtime.coordinate.toStringIds()) {
-			if (this._runtimes.has(id)) continue;
-			this._runtimes.set(id, runtime);
-		}
-	}
-	getRuntimeAndHandlerForAction(action, options, throwOnIssue) {
-		const localRuntime = options?.targetLocalRuntime;
-		if (localRuntime != null) {
-			const runtime = throwOnIssue ? this.getBestRuntimeOrThrow(options?.targetLocalRuntime?.coordinate) : this.getBestRuntime(options?.targetLocalRuntime?.coordinate);
-			if (runtime == null) return;
-			const handler = runtime._getHandlerForAction(action, options);
-			if (handler != null) return {
-				handler,
-				runtime
-			};
-			if (throwOnIssue) throw err_nice_action.fromId("no_action_execution_handler", {
-				domain: action.domain,
-				actionId: action.id,
-				specifiedClient: localRuntime.coordinate
-			});
-		}
-		for (const runtime of this._runtimes.values()) {
-			const handler = runtime._getHandlerForAction(action);
-			if (handler) return {
-				handler,
-				runtime
-			};
-		}
-		if (throwOnIssue) throw err_nice_action.fromId("no_action_execution_handler", {
-			domain: action.domain,
-			actionId: action.id,
-			specifiedClient: options?.targetLocalRuntime?.coordinate
-		});
-	}
-	getRuntimeAndHandlerForActionOrThrow(action, options) {
-		return this.getRuntimeAndHandlerForAction(action, options, true);
-	}
-	setPreferredRuntime(runtime) {
-		const runtimeId = runtime.coordinate.stringId;
-		this._preferredRuntimeClientId = runtimeId;
-	}
-	getPreferredRuntime() {
-		if (this._preferredRuntimeClientId) {
-			const runtime = this._runtimes.get(this._preferredRuntimeClientId);
-			if (runtime) return runtime;
-		}
-		return this._runtimes.values().next().value;
-	}
-	getBestRuntimeForSpecifier(clientSpecifier) {
-		const ids = new RuntimeCoordinate(clientSpecifier).toStringIds();
-		for (const id of ids) {
-			const runtime = this._runtimes.get(id);
-			if (runtime) return runtime;
-		}
-	}
-	getBestRuntime(clientSpecifier) {
-		return clientSpecifier != null ? this.getBestRuntimeForSpecifier(clientSpecifier) : this.getPreferredRuntime();
-	}
-	hasRuntime(runtime) {
-		return this._runtimes.has(runtime.coordinate.stringId);
-	}
-	getBestRuntimeOrThrow(specifier) {
-		const runtime = this.getBestRuntime(specifier);
-		if (!runtime) {
-			if (specifier == null) throw err_nice_action.fromId("no_client_runtimes_registered", { context: this._context });
-			throw err_nice_action.fromId("client_runtime_not_registered", {
-				context: this._context,
-				clientStringId: runtimeCoordinateToStringIds(specifier)[0]
-			});
-		}
-		return runtime;
-	}
-};
-//#endregion
-//#region src/ActionDefinition/Domain/ActionRootDomain.ts
-var ActionRootDomain = class extends ActionDomainBase {
-	domainDefinition;
-	_actionRuntimeManager;
-	constructor(domainDefinition) {
-		const domainId = domainDefinition.domain;
-		super({
-			domain: domainId,
-			allDomains: [domainId],
-			actionSchema: {}
-		});
-		this.domainDefinition = domainDefinition;
-		this._actionRuntimeManager = new ActionRuntimeManager({ domain: domainId });
-	}
-	createChildDomain(subDomainDef) {
-		if (this.allDomains.includes(subDomainDef.domain)) throw err_nice_action.fromId("domain_already_exists_in_hierarchy", {
-			domain: subDomainDef.domain,
-			allParentDomains: this.allDomains,
-			parentDomain: this.domain
-		});
-		return new ActionDomain({
-			allDomains: [...this.allDomains, subDomainDef.domain],
-			domain: subDomainDef.domain,
-			actionSchema: subDomainDef.actions
-		}, { rootDomain: this });
-	}
-	_registerRuntime(runtime) {
-		this._actionRuntimeManager.registerRuntime(runtime);
-	}
-	_hasRuntime(runtime) {
-		return this._actionRuntimeManager.hasRuntime(runtime);
-	}
-	getRuntime(clientSpecifier) {
-		return this._actionRuntimeManager.getBestRuntimeForSpecifier(clientSpecifier);
-	}
-	async _runAction(actionPayload, options) {
-		const allListeners = [...this._listeners, ...options?.listeners ?? []];
-		let handlerAndRuntime;
-		try {
-			handlerAndRuntime = this._actionRuntimeManager.getRuntimeAndHandlerForActionOrThrow(actionPayload, options);
-		} catch (err) {
-			const runningAction = new RunningAction({
-				context: actionPayload.context,
-				request: actionPayload,
-				callSite: actionPayload._callSite
-			});
-			runningAction.addUpdateListeners(allListeners);
-			runningAction._failWithError(err);
-			throw err;
-		}
-		const { handler, runtime } = handlerAndRuntime;
-		actionPayload.context._setOriginClient(runtime.coordinate);
-		const runningAction = await handler.handleActionRequest(actionPayload, { targetLocalRuntime: runtime });
-		runningAction.addUpdateListeners(allListeners);
-		return runningAction;
-	}
-};
-//#endregion
-//#region src/ActionDefinition/Domain/ActionDomain.ts
-var ActionDomain = class ActionDomain extends ActionDomainBase {
-	_rootDomain;
-	_actionMap;
-	constructor(definition, { rootDomain }) {
-		super(definition);
-		this._rootDomain = rootDomain;
-		this._actionMap = this.createActionMap();
-	}
-	get rootDomain() {
-		return this._rootDomain;
-	}
-	/**
-	* @internal
-	* All action observers that should see actions on this domain: the root domain's
-	* observers plus this subdomain's own. Mirrors the listener set the local-dispatch
-	* path assembles in `runAction`/`_runAction`, so inbound actions (pushed from a
-	* backend or another client) can be wired up identically and surface in devtools.
-	*/
-	_collectActionObservers() {
-		return [...this._rootDomain._getActionObservers(), ...this._getActionObservers()];
-	}
-	_registerRuntime(runtime) {
-		this._rootDomain._registerRuntime(runtime);
-	}
-	createChildDomain(subDomainDef) {
-		if (this.allDomains.includes(subDomainDef.domain)) throw err_nice_action.fromId("domain_already_exists_in_hierarchy", {
-			domain: subDomainDef.domain,
-			allParentDomains: this.allDomains,
-			parentDomain: this.domain
-		});
-		return new ActionDomain({
-			allDomains: [...this.allDomains, subDomainDef.domain],
-			domain: subDomainDef.domain,
-			actionSchema: subDomainDef.actions
-		}, { rootDomain: this._rootDomain });
-	}
-	get action() {
-		return this._actionMap;
-	}
-	actionsMap() {
-		return this._actionMap;
-	}
-	actionForId(id) {
-		if (!this.actionSchema[id]) throw err_nice_action.fromId("action_id_not_in_domain", {
-			domain: this.domain,
-			actionId: id
-		});
-		return new ActionCore(this, id);
-	}
-	wrapAsPartialLocalHandler(wrappedActionExecutor) {
-		const _handler = new ActionLocalHandler();
-		const executor = wrappedActionExecutor;
-		for (const actionKey in wrappedActionExecutor) {
-			if (!this.actionSchema[actionKey]) continue;
-			_handler.forAction(this.actionForId(actionKey), (request) => executor[request.id](request.input));
-		}
-		return _handler;
-	}
-	wrapAsLocalHandler(wrappedActionExecutor) {
-		const _handler = new ActionLocalHandler();
-		const executor = wrappedActionExecutor;
-		return _handler.forDomain(this, (request) => executor[request.id](request.input));
-	}
-	hydrateContext(id, contextData) {
-		return new ActionContext(this, id, {
-			timeCreated: contextData.timeCreated,
-			cuid: contextData.cuid,
-			routing: contextData.routing.map((item) => {
-				return {
-					runtime: new RuntimeCoordinate(item.runtime),
-					handler: item.handler,
-					time: item.time
-				};
-			}),
-			originClient: contextData.originClient ? new RuntimeCoordinate(contextData.originClient) : RuntimeCoordinate.unknown
-		});
-	}
-	isDomainAction(action) {
-		return isAction_Any_Instance(action) && action.domain === this.domain;
-	}
-	hydrateRequestPayload(serialized) {
-		if (serialized.type !== "request") throw err_nice_action.fromId("hydration_action_state_mismatch", {
-			expected: "request",
-			received: serialized.type
-		});
-		if (serialized.domain !== this.domain) throw err_nice_action.fromId("hydration_domain_mismatch", {
-			expected: this.domain,
-			received: serialized.domain
-		});
-		const id = serialized.id;
-		if (!this.actionSchema[id]) throw err_nice_action.fromId("hydration_action_id_not_found", {
-			domain: this.domain,
-			actionId: serialized.id
-		});
-		const contextAction = this.hydrateContext(id, serialized.context);
-		return new ActionPayload_Request({ context: contextAction }, contextAction.deserializeInput(serialized.input), { time: serialized.time });
-	}
-	hydrateResultPayload(serialized) {
-		if (serialized.type !== "result") throw err_nice_action.fromId("hydration_action_state_mismatch", {
-			expected: "result",
-			received: serialized.type
-		});
-		if (serialized.domain !== this.domain) throw err_nice_action.fromId("hydration_domain_mismatch", {
-			expected: this.domain,
-			received: serialized.domain
-		});
-		const id = serialized.id;
-		if (!this.actionSchema[id]) throw err_nice_action.fromId("hydration_action_id_not_found", {
-			domain: this.domain,
-			actionId: serialized.id
-		});
-		const contextAction = this.hydrateContext(id, serialized.context);
-		const result = serialized.result.ok ? {
-			ok: true,
-			output: contextAction.schema.deserializeOutput(serialized.result.output)
-		} : serialized.result;
-		return new ActionPayload_Result({ context: contextAction }, result, { time: serialized.time });
-	}
-	hydrateAnyAction(actionJson) {
-		assertIsActionJson(actionJson);
-		if (actionJson.form === "data") {
-			if (actionJson.type === "request") return this.hydrateRequestPayload(actionJson);
-			if (actionJson.type === "result") return this.hydrateResultPayload(actionJson);
-		}
-		return this.actionForId(actionJson.id);
-	}
-	async runAction(request, options) {
-		const allListeners = [...options?.listeners ?? [], ...this._listeners];
-		return this._rootDomain._runAction(request, {
-			...options,
-			listeners: allListeners
-		});
-	}
-	createActionMap() {
-		const map = {};
-		for (const id in this.actionSchema) map[id] = new ActionCore(this, id);
-		return map;
-	}
-};
-//#endregion
-//#region src/ActionDefinition/Domain/helpers/createRootActionDomain.ts
-const createActionRootDomain = (definition) => {
-	return new ActionRootDomain(definition);
-};
-//#endregion
-//#region src/ActionRuntime/Transport/crypto/actionHandshake.ts
-/**
-* Authenticated handshake for the WebSocket channel. Run once per connection, before any action
-* frames flow, it:
-* - exchanges each side's {@link RuntimeCoordinate} + public keys,
-* - checks both ends share the same wire dictionary version (closes the positional-dictionary footgun),
-* - has the client prove control of its verify (Ed25519) key by signing a fresh challenge that binds
-*   both nonces, both identities, the dictionary version, the level, and every exchanged public key,
-* - establishes a `ClientCryptoKeyLink` link on both sides (so the server can verify the signature and,
-*   for the `encrypted` level, both can derive a shared AES-GCM key with the verify keys folded in).
-*
-* This module is transport-agnostic: it produces/consumes message objects. The transport + server
-* handler drive the I/O and the connection phase (Step 4). Keep `none`-level connections from ever
-* reaching here — they skip the handshake entirely.
-*/
-const HANDSHAKE_PROTOCOL = "nice-ws-hs/1";
-/** How much the channel protects after the handshake — chosen by the consumer (perf vs security). */
-let ESecurityLevel = /* @__PURE__ */ function(ESecurityLevel) {
-	/** No handshake; identity is self-asserted (fastest, dev / trusted networks). */
-	ESecurityLevel["none"] = "none";
-	/** Handshake authenticates identity (sign/verify + key pin); frames stay plaintext over TLS. */
-	ESecurityLevel["authenticated"] = "authenticated";
-	/** Authenticated handshake + every frame AES-GCM encrypted with the derived shared key. */
-	ESecurityLevel["encrypted"] = "encrypted";
-	return ESecurityLevel;
-}({});
-let EHandshakeMessageType = /* @__PURE__ */ function(EHandshakeMessageType) {
-	EHandshakeMessageType["hello"] = "hello";
-	EHandshakeMessageType["welcome"] = "welcome";
-	EHandshakeMessageType["prove"] = "prove";
-	EHandshakeMessageType["accept"] = "accept";
-	EHandshakeMessageType["reject"] = "reject";
-	return EHandshakeMessageType;
-}({});
-const vEd25519Raw = v.custom((val) => typeof val === "string" && val.startsWith("ed25519::raw_base64::"));
-const vX25519Raw = v.custom((val) => typeof val === "string" && val.startsWith("x25519::raw_base64::"));
-const vCoordinate = v.object({
-	envId: v.string(),
-	perId: v.optional(v.string()),
-	insId: v.optional(v.string())
-});
-const vSecurityLevel = v.picklist([
-	"none",
-	"authenticated",
-	"encrypted"
-]);
-const vHsHello = v.object({
-	t: v.literal("hello"),
-	protocol: v.string(),
-	securityLevel: vSecurityLevel,
-	dictionaryVersion: v.string(),
-	client: vCoordinate,
-	clientNonce: v.string(),
-	verifyPublicKey: vEd25519Raw,
-	exchangePublicKey: v.optional(vX25519Raw)
-});
-const vHsWelcome = v.object({
-	t: v.literal("welcome"),
-	securityLevel: vSecurityLevel,
-	dictionaryVersion: v.string(),
-	server: vCoordinate,
-	serverNonce: v.string(),
-	verifyPublicKey: vEd25519Raw,
-	exchangePublicKey: v.optional(vX25519Raw)
-});
-const vHsProve = v.object({
-	t: v.literal("prove"),
-	signatureBase64: v.string()
-});
-const vHsAccept = v.object({
-	t: v.literal("accept"),
-	signatureBase64: v.optional(v.string())
-});
-const vHsReject = v.object({
-	t: v.literal("reject"),
-	reason: v.string()
-});
-const vHandshakeMessage = v.variant("t", [
-	vHsHello,
-	vHsWelcome,
-	vHsProve,
-	vHsAccept,
-	vHsReject
-]);
-/** Serialize a handshake message for the wire (handshake frames are JSON — they aren't the hot path). */
-function encodeHandshakeMessage(message) {
-	return JSON.stringify(message);
-}
-/** Parse + structurally validate an incoming handshake frame; `undefined` if it isn't one. */
-function decodeHandshakeMessage(raw) {
-	let parsed;
-	try {
-		parsed = JSON.parse(raw);
-	} catch {
-		return;
-	}
-	const result = v.safeParse(vHandshakeMessage, parsed);
-	return result.success ? result.output : void 0;
-}
-/** Stable link id for a runtime coordinate — the key both the crypto link and the connection use. */
-function runtimeLinkId(coordinate) {
-	return `runtime::${new RuntimeCoordinate(coordinate).stringId}`;
-}
-function coordId(coordinate) {
-	return new RuntimeCoordinate(coordinate).stringId;
-}
-function sessionSalt(clientNonce, serverNonce) {
-	return `${clientNonce}::${serverNonce}`;
-}
-function handshakeInfo(dictionaryVersion) {
-	return `${HANDSHAKE_PROTOCOL}::${dictionaryVersion}`;
-}
-/**
-* The exact string both sides sign/verify. JSON-encoded ordered array so field boundaries are
-* unambiguous; binds identities, nonces (freshness), version, level, and all exchanged public keys
-* (authenticating the keys via the signature, complementing `bindVerifyKeysIntoDerivation`).
-*/
-function buildHandshakeChallenge(parts) {
-	return JSON.stringify([
-		HANDSHAKE_PROTOCOL,
-		parts.securityLevel,
-		parts.dictionaryVersion,
-		parts.clientCoordId,
-		parts.serverCoordId,
-		parts.clientNonce,
-		parts.serverNonce,
-		parts.clientVerifyKey,
-		parts.serverVerifyKey,
-		parts.clientExchangeKey ?? "_",
-		parts.serverExchangeKey ?? "_"
-	]);
-}
-function reject(reason) {
-	return {
-		t: "reject",
-		reason
-	};
-}
-function tofuPinKey(client) {
-	return `${client.envId}::${client.perId ?? client.insId ?? "_"}`;
-}
-/**
-* In-memory trust-on-first-use resolver: trusts (and pins) the first verify key seen for a client
-* identity, then rejects a different key for that identity. The default; replace with a storage-backed
-* resolver for cross-restart pinning (see Step 5).
-*/
-function createInMemoryTofuVerifyKeyResolver() {
-	const pinned = /* @__PURE__ */ new Map();
-	return { async resolve({ client, verifyPublicKey }) {
-		const key = tofuPinKey(client);
-		const existing = pinned.get(key);
-		if (existing == null) {
-			pinned.set(key, verifyPublicKey);
-			return { trusted: true };
-		}
-		if (existing === verifyPublicKey) return { trusted: true };
-		return {
-			trusted: false,
-			reason: "verify key changed for client identity (pin mismatch)"
-		};
-	} };
-}
-/**
-* Storage-backed trust-on-first-use resolver: pins survive process restarts / Durable Object eviction
-* (e.g. back it with `createDurableObjectStorageAdapter`). Same policy as the in-memory variant — trust
-* + pin the first verify key per client identity, reject a different one thereafter.
-*/
-function createStorageTofuVerifyKeyResolver(storageAdapter) {
-	const storage = createTypedStorage({ storageAdapter });
-	return { async resolve({ client, verifyPublicKey }) {
-		const key = tofuPinKey(client);
-		const existing = (await storage.getJson("pins"))?.[key];
-		if (existing == null) {
-			await storage.updateJsonWithDef("pins", {}, (current) => ({
-				...current,
-				[key]: verifyPublicKey
-			}));
-			return { trusted: true };
-		}
-		if (existing === verifyPublicKey) return { trusted: true };
-		return {
-			trusted: false,
-			reason: "verify key changed for client identity (pin mismatch)"
-		};
-	} };
-}
-function createClientHandshake(config) {
-	const { link, localCoordinate, dictionaryVersion, securityLevel } = config;
-	const wantsEncryption = securityLevel === "encrypted";
-	const clientNonce = nanoid();
-	let pending;
-	return {
-		async createHello() {
-			return {
-				t: "hello",
-				protocol: HANDSHAKE_PROTOCOL,
-				securityLevel,
-				dictionaryVersion,
-				client: localCoordinate,
-				clientNonce,
-				verifyPublicKey: await link.getLocalVerifyPublicKey(),
-				exchangePublicKey: wantsEncryption ? await link.getLocalExchangePublicKey() : void 0
-			};
-		},
-		async onWelcome(welcome) {
-			if (welcome.dictionaryVersion !== dictionaryVersion) throw new Error("[ws-handshake] server dictionary version mismatch");
-			if (welcome.securityLevel !== securityLevel) throw new Error("[ws-handshake] server security level mismatch");
-			if (wantsEncryption && welcome.exchangePublicKey == null) throw new Error("[ws-handshake] server did not provide an exchange key for encryption");
-			const linkedServerId = runtimeLinkId(welcome.server);
-			await link.linkClient({
-				linkedClientId: linkedServerId,
-				verifyPublicKey: welcome.verifyPublicKey,
-				...wantsEncryption ? {
-					exchangePublicKey: welcome.exchangePublicKey,
-					saltString: sessionSalt(clientNonce, welcome.serverNonce),
-					infoString: handshakeInfo(dictionaryVersion),
-					bindVerifyKeysIntoDerivation: true
-				} : {}
-			});
-			const challenge = buildHandshakeChallenge({
-				securityLevel,
-				dictionaryVersion,
-				clientCoordId: coordId(localCoordinate),
-				serverCoordId: coordId(welcome.server),
-				clientNonce,
-				serverNonce: welcome.serverNonce,
-				clientVerifyKey: await link.getLocalVerifyPublicKey(),
-				serverVerifyKey: welcome.verifyPublicKey,
-				clientExchangeKey: wantsEncryption ? await link.getLocalExchangePublicKey() : void 0,
-				serverExchangeKey: welcome.exchangePublicKey
-			});
-			pending = {
-				linkedServerId,
-				server: welcome.server,
-				challenge
-			};
-			return {
-				t: "prove",
-				signatureBase64: (await link.signChallenge([challenge])).signatureBase64
-			};
-		},
-		async onAccept(accept) {
-			if (pending == null) throw new Error("[ws-handshake] accept before welcome");
-			if (accept.signatureBase64 != null) {
-				if (!await link.verifyChallengeFromLinkedClient({
-					linkedClientId: pending.linkedServerId,
-					challenge: pending.challenge,
-					signatureBase64: accept.signatureBase64
-				})) throw new Error("[ws-handshake] server signature invalid");
-			}
-			return {
-				linkedClientId: pending.linkedServerId,
-				remote: pending.server,
-				securityLevel
-			};
-		}
-	};
-}
-function createServerHandshake(config) {
-	const { link, localCoordinate, dictionaryVersion } = config;
-	const allowedLevels = Array.isArray(config.securityLevel) ? config.securityLevel : [config.securityLevel];
-	const verifyKeyResolver = config.verifyKeyResolver ?? createInMemoryTofuVerifyKeyResolver();
-	const serverNonce = nanoid();
-	let pending;
-	let result;
-	return {
-		async onHello(hello) {
-			if (hello.protocol !== HANDSHAKE_PROTOCOL) return reject("unsupported handshake protocol");
-			if (hello.dictionaryVersion !== dictionaryVersion) return reject("dictionary version mismatch");
-			const negotiatedLevel = hello.securityLevel;
-			if (negotiatedLevel === "none" || !allowedLevels.includes(negotiatedLevel)) return reject("security level not allowed");
-			const wantsEncryption = negotiatedLevel === "encrypted";
-			if (wantsEncryption && hello.exchangePublicKey == null) return reject("missing exchange key for encryption");
-			const linkedClientId = runtimeLinkId(hello.client);
-			await link.linkClient({
-				linkedClientId,
-				verifyPublicKey: hello.verifyPublicKey,
-				...wantsEncryption ? {
-					exchangePublicKey: hello.exchangePublicKey,
-					saltString: sessionSalt(hello.clientNonce, serverNonce),
-					infoString: handshakeInfo(dictionaryVersion),
-					bindVerifyKeysIntoDerivation: true
-				} : {}
-			});
-			const serverVerifyKey = await link.getLocalVerifyPublicKey();
-			const serverExchangeKey = wantsEncryption ? await link.getLocalExchangePublicKey() : void 0;
-			const keyMaterial = wantsEncryption && hello.exchangePublicKey != null ? {
-				verifyPublicKey: hello.verifyPublicKey,
-				exchangePublicKey: hello.exchangePublicKey,
-				saltString: sessionSalt(hello.clientNonce, serverNonce),
-				infoString: handshakeInfo(dictionaryVersion),
-				bindVerifyKeysIntoDerivation: true
-			} : void 0;
-			pending = {
-				client: hello.client,
-				linkedClientId,
-				clientVerifyKey: hello.verifyPublicKey,
-				negotiatedLevel,
-				keyMaterial,
-				challenge: buildHandshakeChallenge({
-					securityLevel: negotiatedLevel,
-					dictionaryVersion,
-					clientCoordId: coordId(hello.client),
-					serverCoordId: coordId(localCoordinate),
-					clientNonce: hello.clientNonce,
-					serverNonce,
-					clientVerifyKey: hello.verifyPublicKey,
-					serverVerifyKey,
-					clientExchangeKey: hello.exchangePublicKey,
-					serverExchangeKey
-				})
-			};
-			return {
-				t: "welcome",
-				securityLevel: negotiatedLevel,
-				dictionaryVersion,
-				server: localCoordinate,
-				serverNonce,
-				verifyPublicKey: serverVerifyKey,
-				exchangePublicKey: serverExchangeKey
-			};
-		},
-		async onProve(prove) {
-			if (pending == null) return reject("prove before hello");
-			if (!await link.verifyChallengeFromLinkedClient({
-				linkedClientId: pending.linkedClientId,
-				challenge: pending.challenge,
-				signatureBase64: prove.signatureBase64
-			})) return reject("invalid client signature");
-			const trust = await verifyKeyResolver.resolve({
-				client: pending.client,
-				verifyPublicKey: pending.clientVerifyKey
-			});
-			if (!trust.trusted) return reject(trust.reason ?? "client verify key not trusted");
-			result = {
-				linkedClientId: pending.linkedClientId,
-				remote: pending.client,
-				securityLevel: pending.negotiatedLevel,
-				encryptionKeyMaterial: pending.keyMaterial
-			};
-			return {
-				t: "accept",
-				signatureBase64: (await link.signChallenge([pending.challenge])).signatureBase64
-			};
-		},
-		/** The completed handshake result once `onProve` has accepted, else `undefined`. */
-		getResult() {
-			return result;
-		}
-	};
-}
-//#endregion
-//#region src/utils/decodeActionFrame.ts
-/**
-* Decode a single inbound channel frame (text or binary) into validated action wire JSON, or
-* `undefined` if it isn't a recognisable action payload.
-*
-* Shared by the WebSocket transport's message listener and the server-side `AcceptorHandler` so
-* both decode identically: a binary `decoder.incoming` (e.g. msgpackr) takes precedence, and plain
-* text frames fall back to JSON — keeping binary and JSON clients interoperable on one channel.
-*/
-function decodeActionFrame(frame, decoder) {
-	const decoded = decoder?.incoming?.(frame) ?? (typeof frame === "string" ? parseJsonActionFrame(frame) : void 0);
-	return decoded != null && isActionPayload_Any_JsonObject(decoded) ? decoded : void 0;
-}
-function parseJsonActionFrame(message) {
-	try {
-		const json = JSON.parse(message);
-		return isActionPayload_Any_JsonObject(json) ? json : void 0;
-	} catch {
-		return;
-	}
-}
-//#endregion
-//#region src/ActionRuntime/Transport/crypto/actionFrameCrypto.ts
-const ENCRYPTED_ENVELOPE_LENGTH = 2;
-/**
-* Build the encrypt/decrypt transform for a connection whose handshake settled on the `encrypted`
-* level. Keyed by the link + `linkedClientId`, so it reuses the cached shared AES-GCM key.
-*/
-function createActionFrameCrypto({ link, linkedClientId }) {
-	return {
-		async encryptFrame(frame) {
-			const { nonce, ciphertext } = await link.encryptBytesForLinkedClient({
-				linkedClientId,
-				dataToEncrypt: frame
-			});
-			return pack([nonce, ciphertext]);
-		},
-		async decryptFrame(frame) {
-			if (typeof frame === "string") throw new Error("[ws-crypto] expected an encrypted binary frame, received text");
-			const envelope = unpack(frame instanceof ArrayBuffer ? new Uint8Array(frame) : frame);
-			if (!Array.isArray(envelope) || envelope.length !== ENCRYPTED_ENVELOPE_LENGTH) throw new Error("[ws-crypto] malformed encrypted frame envelope");
-			const [nonce, ciphertext] = envelope;
-			if (!(nonce instanceof Uint8Array) || !(ciphertext instanceof Uint8Array)) throw new Error("[ws-crypto] malformed encrypted frame fields");
-			return await link.decryptBytesFromLinkedClient({
-				linkedClientId,
-				dataToDecrypt: {
-					nonce,
-					ciphertext
-				}
-			});
-		}
-	};
-}
-//#endregion
-//#region src/ActionRuntime/Transport/crypto/frameBytes.ts
-/** Normalize any frame form to bytes (for the AES-GCM layer, which works on `Uint8Array`). */
-function toFrameBytes(frame) {
-	if (typeof frame === "string") return new TextEncoder().encode(frame);
-	if (frame instanceof ArrayBuffer) return new Uint8Array(frame);
-	return frame;
-}
-//#endregion
-//#region src/ActionRuntime/Transport/SecureSession/frameCryptoPipe.ts
-function createFrameCryptoPipe(config) {
-	const { write, isOpen, crypto, label = "link" } = config;
-	let sendChain = Promise.resolve();
-	const send = (frame) => {
-		if (isOpen != null && !isOpen()) return;
-		if (crypto == null) {
-			write(frame);
-			return;
-		}
-		const bytes = toFrameBytes(frame);
-		sendChain = sendChain.then(() => crypto).then((c) => c.encryptFrame(bytes)).then((encrypted) => {
-			if (isOpen == null || isOpen()) write(encrypted);
-		}).catch((err) => console.error(`[${label}] failed to encrypt/send frame`, err));
-	};
-	const decryptIncoming = async (frame) => {
-		if (crypto == null) return frame;
-		try {
-			return await (await crypto).decryptFrame(frame);
-		} catch (err) {
-			console.error(`[${label}] failed to decrypt incoming frame`, err);
-			return;
-		}
-	};
-	return {
-		send,
-		decryptIncoming
-	};
-}
-//#endregion
-//#region src/ActionRuntime/Transport/SecureSession/acceptorSecureSession.ts
-/**
-* The acceptor (accept-in) counterpart to the connector's `establishLinkSession`: one connection's
-* secure session — the server-side handshake driving, the ordered frame crypto, and the per-connection
-* phase (undecided → plain | authenticated). The crypto itself (ordered encrypt-send / decrypt) lives in
-* the shared {@link createFrameCryptoPipe}, the same primitive the connector uses — so the secure logic
-* lives once for both link roles.
-*
-* The handler owns one of these per accepted connection and feeds it inbound frames via {@link receive};
-* identity binding, persistence, codec, and return routing stay in the handler (driven through the
-* config callbacks). Inbound processing is serialized per connection because the handshake and decryption
-* are async — this keeps handshake ordering and frame order intact.
-*/
-var AcceptorSecureSession = class {
-	config;
-	_handshake;
-	/** The ordered encrypt-send / decrypt pipe — present only for an `encrypted` connection. */
-	_pipe;
-	_authed = false;
-	_plain = false;
-	/** Serializes inbound processing (handshake + decryption are async). */
-	_inboundChain = Promise.resolve();
-	constructor(config) {
-		this.config = config;
-	}
-	/** Feed one inbound frame. Serialized per connection; routes back through the config callbacks. */
-	receive(frame) {
-		this._inboundChain = this._inboundChain.then(() => this._receive(frame)).catch((err) => console.error("[ws-server] failed to process inbound frame", err));
-	}
-	async _receive(frame) {
-		if (this._plain) {
-			this.config.routePlain(frame);
-			return;
-		}
-		if (!this._authed) {
-			const message = typeof frame === "string" ? decodeHandshakeMessage(frame) : void 0;
-			if (message == null) {
-				if (this.config.noneAllowed) {
-					this._plain = true;
-					this.config.routePlain(frame);
-				}
-				return;
-			}
-			await this.config.link.initialize();
-			if (this._handshake == null) this._handshake = createServerHandshake({
-				link: this.config.link,
-				localCoordinate: this.config.localCoordinate,
-				dictionaryVersion: this.config.dictionaryVersion,
-				securityLevel: this.config.securityLevel,
-				verifyKeyResolver: this.config.verifyKeyResolver
-			});
-			if (message.t === "hello") this.config.send(encodeHandshakeMessage(await this._handshake.onHello(message)));
-			else if (message.t === "prove") {
-				const reply = await this._handshake.onProve(message);
-				this.config.send(encodeHandshakeMessage(reply));
-				const result = this._handshake.getResult();
-				if (reply.t === "accept" && result != null) this._complete(result);
-			}
-			return;
-		}
-		const bytes = this._pipe != null ? await this._pipe.decryptIncoming(frame) : frame;
-		if (bytes === void 0) return;
-		this.config.routeAction(bytes);
-	}
-	_complete(result) {
-		this._authed = true;
-		this._handshake = void 0;
-		if (result.securityLevel === "encrypted") this._pipe = this._buildPipe(createActionFrameCrypto({
-			link: this.config.link,
-			linkedClientId: result.linkedClientId
-		}));
-		this.config.onAuthenticated({
-			client: new RuntimeCoordinate(result.remote),
-			securityLevel: result.securityLevel,
-			linkedClientId: result.linkedClientId,
-			keyMaterial: result.encryptionKeyMaterial
-		});
-	}
-	/**
-	* Restore an already-authenticated session after eviction — no handshake. For an `encrypted`
-	* connection the shared key is re-derived asynchronously (the acceptor re-links the client off its own
-	* persisted identity); the pipe's crypto IS that promise, so the connection's first in/out frame
-	* naturally waits for the key before encrypt/decrypt — no separate gate.
-	*/
-	rehydrate(state) {
-		this._authed = true;
-		if (state.securityLevel !== "encrypted" || state.keyMaterial == null) return;
-		const { link } = this.config;
-		const { linkedClientId, keyMaterial } = state;
-		const cryptoReady = link.initialize().then(() => link.linkClient({
-			linkedClientId,
-			verifyPublicKey: keyMaterial.verifyPublicKey,
-			exchangePublicKey: keyMaterial.exchangePublicKey,
-			saltString: keyMaterial.saltString,
-			infoString: keyMaterial.infoString,
-			bindVerifyKeysIntoDerivation: keyMaterial.bindVerifyKeysIntoDerivation
-		})).then(() => createActionFrameCrypto({
-			link,
-			linkedClientId
-		}));
-		cryptoReady.catch((err) => console.error("[ws-server] failed to restore encrypted session", err));
-		this._pipe = this._buildPipe(cryptoReady);
-	}
-	/** Send an outbound frame: through the encrypt pipe when encrypted, otherwise raw. */
-	send(frame) {
-		if (this._pipe != null) {
-			this._pipe.send(frame);
-			return;
-		}
-		this.config.send(frame);
-	}
-	_buildPipe(crypto) {
-		return createFrameCryptoPipe({
-			write: this.config.send,
-			crypto,
-			label: "ws-server"
-		});
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Acceptor/AcceptorHandler.ts
-/**
-* Server-side handler for backends that accept many client connections over a single open channel
-* (WebSockets, Durable Objects, …). It is transport-agnostic: you feed it inbound frames with
-* {@link receive} and tell it how to write outbound frames via the `send` option.
-*
-* Add it alongside your local execution handler:
-* ```ts
-* const serverHandler = createAcceptorHandler({ clientEnv, formatMessage, send: (ws, f) => ws.send(f) });
-* runtime.addHandlers([localHandler, serverHandler]);
-* // per inbound message (e.g. a Durable Object's webSocketMessage):
-* serverHandler.receive(ws, message);
-* ```
-*
-* Inbound requests route to your local handler; the runtime's return dispatch then calls this
-* handler back (it is an external handler keyed to `clientEnv`) to send the result to the originating
-* connection. The handler keeps a per-connection identity registry so each result lands on the right
-* socket, and remembers each connection's encoding so binary and JSON clients can share the channel.
-*
-* It registers an empty action router, so it is never chosen to *execute* an inbound request — only
-* to ferry results/pushes back out.
-*/
-var AcceptorHandler = class extends PeerLinkHandler {
-	/** Accept-in over a live (duplex) connection registry — it pushes results/broadcasts to bound sockets. */
-	canPush = true;
-	_formatMessage;
-	_createFormatMessage;
-	_send;
-	_runtime;
-	_serverTimeout;
-	_onConnectionBound;
-	_security;
-	/** Normalized accepted levels; whether `none` (plain) is allowed; whether any level needs a handshake. */
-	_allowedLevels;
-	_noneAllowed;
-	_handshakeMode;
-	_connByClient = /* @__PURE__ */ new Map();
-	_clientByConn = /* @__PURE__ */ new Map();
-	_connEncoding = /* @__PURE__ */ new Map();
-	_codecByConn = /* @__PURE__ */ new Map();
-	_sessionByConn = /* @__PURE__ */ new Map();
-	constructor(options) {
-		super(options.clientEnv);
-		this._formatMessage = options.formatMessage;
-		this._createFormatMessage = options.createFormatMessage;
-		this._send = options.send;
-		this._runtime = options.runtime;
-		this._serverTimeout = options.defaultTimeout ?? 1e4;
-		this._onConnectionBound = options.onConnectionBound;
-		this._security = options.security;
-		this._allowedLevels = options.security == null ? [] : Array.isArray(options.security.securityLevel) ? options.security.securityLevel : [options.security.securityLevel];
-		this._noneAllowed = this._allowedLevels.includes("none");
-		this._handshakeMode = this._allowedLevels.some((level) => level !== "none");
-	}
-	/**
-	* The codec for a connection: a per-connection session (cached) when a factory was provided, else
-	* the single shared `formatMessage`.
-	*/
-	_codecFor(connection) {
-		if (this._createFormatMessage != null) {
-			let codec = this._codecByConn.get(connection);
-			if (codec == null) {
-				codec = this._createFormatMessage();
-				this._codecByConn.set(connection, codec);
-			}
-			return codec;
-		}
-		if (this._formatMessage != null) return this._formatMessage;
-		throw err_nice_transport.fromId("not_found", { actionId: "server-handler-codec (provide formatMessage or createFormatMessage)" });
-	}
-	/**
-	* Register (or replace) the connection-bound persistence callback after construction. Used by
-	* lifecycle helpers like {@link createHibernatableWsServerAdapter} so persistence and replay are
-	* owned by one place instead of being split across the constructor options.
-	*/
-	setOnConnectionBound(onConnectionBound) {
-		this._onConnectionBound = onConnectionBound;
-	}
-	/**
-	* Feed one inbound frame from a connection into the runtime. Decodes text or binary, binds the
-	* connection to the requesting client's identity, then routes it (requests execute locally;
-	* results/progress resolve pending server-initiated actions).
-	*/
-	receive(connection, frame) {
-		const security = this._security;
-		if (security == null || !this._handshakeMode) {
-			this._receivePlain(connection, frame);
-			return;
-		}
-		this._sessionFor(connection, security).receive(frame);
-	}
-	_receivePlain(connection, frame) {
-		const wire = decodeActionFrame(frame, this._codecFor(connection));
-		if (wire == null) return;
-		const encoding = typeof frame === "string" ? "json" : "binary";
-		this._connEncoding.set(connection, encoding);
-		if (wire.type === "request") this._resolveRequestIdentity(connection, wire, encoding);
-		this._emitIncoming(wire);
-	}
-	/**
-	* The secure session for a connection (built lazily on its first secure-mode frame), with the
-	* handler-owned effects — raw send, identity binding + persistence, and inbound routing — wired in as
-	* callbacks. The session owns all crypto/handshake/chain state; the handler keeps only the registry.
-	*/
-	_sessionFor(connection, security) {
-		let session = this._sessionByConn.get(connection);
-		if (session == null) {
-			session = new AcceptorSecureSession({
-				link: security.link,
-				localCoordinate: security.localCoordinate,
-				dictionaryVersion: security.dictionaryVersion,
-				securityLevel: security.securityLevel,
-				verifyKeyResolver: security.verifyKeyResolver,
-				noneAllowed: this._noneAllowed,
-				send: (frame) => this._send(connection, frame),
-				onAuthenticated: (auth) => this._onConnectionAuthenticated(connection, auth),
-				routePlain: (frame) => this._receivePlain(connection, frame),
-				routeAction: (bytes) => this._routeAuthedActionBytes(connection, bytes)
-			});
-			this._sessionByConn.set(connection, session);
-		}
-		return session;
-	}
-	/** Bind + persist a connection's authenticated identity once its handshake completes. */
-	_onConnectionAuthenticated(connection, auth) {
-		this._bindConnection(connection, auth.client);
-		this._connEncoding.set(connection, "binary");
-		this._onConnectionBound?.(connection, {
-			client: auth.client.toJsonObject(),
-			encoding: "binary",
-			secure: {
-				securityLevel: auth.securityLevel,
-				linkedClientId: auth.linkedClientId,
-				keyMaterial: auth.keyMaterial
-			}
-		});
-	}
-	/** Decode a decrypted authenticated frame, inject the *authenticated* identity, and route it. */
-	_routeAuthedActionBytes(connection, bytes) {
-		const wire = decodeActionFrame(bytes, this._codecFor(connection));
-		if (wire == null) return;
-		if (wire.type === "request") {
-			const bound = this._clientByConn.get(connection);
-			if (bound != null) wire.context.originClient = bound.toJsonObject();
-		}
-		this._emitIncoming(wire);
-	}
-	/**
-	* Ensure an inbound request carries the client's identity and that this connection is bound to it,
-	* so its result can be routed back. A session codec omits `originClient` after the first request, so
-	* when it's missing we restore it from the (possibly rehydrated) binding instead. (Plain mode only;
-	* secure mode binds the authenticated coordinate at handshake time.)
-	*/
-	_resolveRequestIdentity(connection, wire, encoding) {
-		const wireOrigin = wire.context.originClient;
-		if (wireOrigin != null && wireOrigin.envId !== "_unset_") {
-			const clientCoord = new RuntimeCoordinate(wireOrigin);
-			const isNewBinding = this._clientByConn.get(connection)?.stringId !== clientCoord.stringId;
-			this._bindConnection(connection, clientCoord);
-			if (isNewBinding) this._onConnectionBound?.(connection, {
-				client: clientCoord.toJsonObject(),
-				encoding
-			});
-			return;
-		}
-		const bound = this._clientByConn.get(connection);
-		if (bound != null) wire.context.originClient = bound.toJsonObject();
-	}
-	/**
-	* Restore a connection→client binding without an inbound frame — for transports that resume after
-	* eviction. Pair it with the {@link IAcceptorHandlerOptions.onConnectionBound} hook: persist
-	* the binding there, then replay each live connection here when the channel comes back (e.g. a
-	* Durable Object iterating `ctx.getWebSockets()` as it wakes from hibernation).
-	*/
-	rehydrateConnection(connection, binding) {
-		this._bindConnection(connection, new RuntimeCoordinate(binding.client));
-		this._connEncoding.set(connection, binding.encoding);
-		const secure = binding.secure;
-		const security = this._security;
-		if (secure == null || security == null) return;
-		this._sessionFor(connection, security).rehydrate(secure);
-	}
-	toJsonObject() {
-		return {
-			type: this.handlerType,
-			client: this.peerClient
-		};
-	}
-	toHandlerRouteItem() {
-		return {
-			type: this.handlerType,
-			client: this.peerClient,
-			transShape: "duplex",
-			transOrd: 0
-		};
-	}
-	/** Forget a connection (call on socket close) so stale entries don't misroute later results. */
-	dropConnection(connection) {
-		const coord = this._clientByConn.get(connection);
-		if (coord != null && this._connByClient.get(coord.stringId) === connection) this._connByClient.delete(coord.stringId);
-		this._clientByConn.delete(connection);
-		this._connEncoding.delete(connection);
-		this._codecByConn.delete(connection);
-		this._sessionByConn.delete(connection);
-	}
-	/** Live connection for a client coordinate, if currently registered. */
-	getConnectionForClient(client) {
-		return this._connByClient.get(client.stringId);
-	}
-	/** This acceptor owns the origin's return path when it currently holds a live connection bound to it. */
-	ownsLiveConnectionFor(origin) {
-		return this._connByClient.has(origin.stringId);
-	}
-	/** Whether this acceptor currently tracks `connection` — used to pick the owning handler among several. */
-	hasConnection(connection) {
-		return this._clientByConn.has(connection);
-	}
-	/**
-	* Send (and optionally await) a server-initiated action to a specific connected client. Pass the
-	* connection token directly (e.g. the `ws`) or a client `RuntimeCoordinate` to look one up.
-	*/
-	pushToClient(runtime, target, request, options) {
-		const connection = this._resolveConnection(target);
-		return this._dispatch(runtime, connection, request, options?.timeout);
-	}
-	/**
-	* Build a local handler whose cases are connection-aware: each case receives the primed request and
-	* the originating client's live connection (resolved from `originClient`), so handlers don't repeat
-	* the `getConnectionForClient(action.context.originClient)` lookup. Cases may return raw output or
-	* nothing, just like {@link ActionLocalHandler.forDomainActionCases}. Add the returned handler to the
-	* runtime alongside this server handler:
-	* ```ts
-	* runtime.addHandlers([serverHandler.forConnectionDomainCases(domain, { … }), serverHandler]);
-	* ```
-	*/
-	forConnectionDomainCases(domain, cases) {
-		return this.forConnectionDomainCasesMulti([domain], cases);
-	}
-	/**
-	* Like {@link forConnectionDomainCases} but spanning several domains with one merged case map — used
-	* by channel-derived wiring (`acceptChannelConnections`) where the channel's `toAcceptor` domains are
-	* served together. Each domain takes only the cases whose ids it owns, so a single map can cover
-	* several domains and unrelated ids are ignored.
-	*/
-	forConnectionDomainCasesMulti(domains, cases) {
-		const handler = new ActionLocalHandler();
-		for (const domain of domains) {
-			const ownedIds = new Set(Object.keys(domain.actionsMap()));
-			const wrapped = {};
-			for (const id in cases) {
-				if (!ownedIds.has(id)) continue;
-				const caseFn = cases[id];
-				if (caseFn == null) continue;
-				wrapped[id] = (request) => caseFn(request, this.getConnectionForClient(request.context.originClient));
-			}
-			handler.forDomainActionCases(domain, wrapped);
-		}
-		return handler;
-	}
-	/**
-	* Fan a server-initiated request out to every currently-bound connection. A fresh request is built
-	* per connection (each push mutates its own action context) and dispatched fire-and-forget. Pass
-	* `except` to skip the originating socket and `where` to filter by connection (e.g. read its
-	* attachment for a role). Iterating bound connections (rather than every accepted socket) skips
-	* sockets that are still mid-handshake and so can't yet receive a frame.
-	*/
-	broadcast(makeRequest, options) {
-		const runtime = options?.runtime ?? this._runtime;
-		if (runtime == null) throw err_nice_transport.fromId("not_found", { actionId: "server-handler-runtime (construct with `runtime` or pass `options.runtime`)" });
-		for (const connection of this._clientByConn.keys()) {
-			if (options?.except != null && connection === options.except) continue;
-			if (options?.where != null && !options.where(connection)) continue;
-			try {
-				this.pushToClient(runtime, connection, makeRequest(), { timeout: options?.timeout });
-			} catch (error) {
-				if (options?.onError != null) options.onError(error, connection);
-				else console.error("[ws-server] broadcast push failed", error);
-			}
-		}
-	}
-	async sendReturnPayload(payload, config) {
-		const connection = this._connByClient.get(payload.context.originClient.stringId);
-		if (connection == null) return false;
-		this._sendPayload(connection, payload, config.targetLocalRuntime.coordinate);
-		return true;
-	}
-	async handleActionRequest(action, config) {
-		const runtime = config?.targetLocalRuntime ?? ActionRuntime.getDefault();
-		const connection = this._resolveSingleConnection();
-		return this._dispatch(runtime, connection, action, config?.timeout);
-	}
-	_dispatch(runtime, connection, action, timeout) {
-		const timeoutMs = timeout ?? this._serverTimeout;
-		action.context._setOriginClient(runtime.coordinate);
-		action.context.addRouteItem({
-			runtime: runtime.coordinate,
-			handler: this.toHandlerRouteItem(),
-			time: Date.now()
-		});
-		const runningAction = new RunningAction({
-			context: action.context,
-			request: action,
-			parentCuid: peekHandlerCuid(),
-			callSite: action._callSite
-		});
-		runtime.registerRunningAction(runningAction);
-		if (action.schema.responseMode === "none") {
-			try {
-				this._sendPayload(connection, action, runtime.coordinate);
-				runningAction._completeWithResult(action.successResult(void 0));
-			} catch (err) {
-				runningAction._abort(err);
-			}
-			return runningAction;
-		}
-		const timeoutId = setTimeout(() => {
-			runningAction._abort(err_nice_transport.fromId("timeout", { timeout: timeoutMs }));
-		}, timeoutMs);
-		runningAction.addUpdateListeners([(update) => {
-			if (update.type === "finished") clearTimeout(timeoutId);
-		}]);
-		try {
-			this._sendPayload(connection, action, runtime.coordinate);
-		} catch (err) {
-			runningAction._abort(err);
-		}
-		return runningAction;
-	}
-	_sendPayload(connection, payload, localClient) {
-		const frame = (this._connEncoding.get(connection) ?? "binary") === "json" ? JSON.stringify(payload.toJsonObject()) : this._codecFor(connection).outgoing({
-			action: payload,
-			localClient,
-			externalClient: this.peerClient
-		});
-		const session = this._sessionByConn.get(connection);
-		if (session == null) {
-			this._send(connection, frame);
-			return;
-		}
-		session.send(frame);
-	}
-	_bindConnection(connection, client) {
-		this._connByClient.set(client.stringId, connection);
-		this._clientByConn.set(connection, client);
-	}
-	_resolveConnection(target) {
-		if (target instanceof RuntimeCoordinate) {
-			const connection = this._connByClient.get(target.stringId);
-			if (connection == null) throw err_nice_transport.fromId("not_found", { actionId: target.stringId });
-			return connection;
-		}
-		return target;
-	}
-	_resolveSingleConnection() {
-		if (this._clientByConn.size !== 1) throw err_nice_transport.fromId("not_found", { actionId: "server-handler-target (use pushToClient with an explicit connection or client coordinate)" });
-		return this._clientByConn.keys().next().value;
-	}
-};
-const createAcceptorHandler = (options) => {
-	return new AcceptorHandler(options);
-};
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Acceptor/createSecureActionServer.ts
-/** Default accepted set: negotiate per connection to whatever the client picks. */
-const DEFAULT_SERVER_SECURITY_LEVELS$1 = [
-	"none",
-	"authenticated",
-	"encrypted"
-];
-/**
-* Build an {@link AcceptorHandler} for the secure binary channel with the boilerplate folded in:
-* it creates the {@link ClientCryptoKeyLink} and the storage-backed TOFU resolver from a single
-* `storageAdapter`, installs the channel's per-connection codec, and assembles the `security` block
-* from the runtime coordinate + channel version (accepting all three levels by default).
-*
-* For a hibernatable transport (e.g. a Durable Object), pair it with
-* {@link createHibernatableWsServerAdapter} to wire persistence + replay.
-*/
-function createSecureAcceptorHandler(options) {
-	const link = options.link ?? new ClientCryptoKeyLink({ storageAdapter: options.storageAdapter });
-	return new AcceptorHandler({
-		clientEnv: options.clientEnv,
-		createFormatMessage: options.channel.createCodec,
-		send: options.send,
-		runtime: options.runtime,
-		defaultTimeout: options.defaultTimeout,
-		security: {
-			securityLevel: options.securityLevel ?? DEFAULT_SERVER_SECURITY_LEVELS$1,
-			link,
-			localCoordinate: options.runtime.coordinate.toJsonObject(),
-			dictionaryVersion: options.channel.dictionaryVersion,
-			verifyKeyResolver: options.verifyKeyResolver ?? createStorageTofuVerifyKeyResolver(options.storageAdapter)
-		}
-	});
-}
-//#endregion
-//#region src/ActionRuntime/Transport/Carrier/Carrier.types.ts
-/**
-* Narrow a carrier source to the exchange shape via its `shape` discriminant — the one branch the
-* transport factories ({@link secureTransport}, {@link plainTransport}) use to pick the duplex vs
-* exchange transport. A duplex source carries no `shape`, so the `else` branch is the duplex one.
-*/
-function isExchangeCarrierSource(carrier) {
-	return "shape" in carrier && carrier.shape === "exchange";
-}
-//#endregion
-//#region src/ActionRuntime/Transport/Transport.ts
-/**
-* Reusable transport definition. Devs construct these (`secureTransport({ carrier: wsCarrier(url) })`,
-* `plainTransport({ carrier: httpCarrier(...) })`, …) and pass them to a
-* `ConnectorHandler`. A single
-* definition can be shared across multiple handlers — each handler builds its own live
-* {@link TransportConnection} via {@link TransportConnection._createConnection}.
-*/
-var Transport = class {};
-//#endregion
-//#region src/ActionRuntime/Transport/SecureSession/exchangeProtocol.ts
-function encodeExchange(envelope) {
-	return JSON.stringify(envelope);
-}
-function decodeExchangeRequest(raw) {
-	return parse(raw);
-}
-function decodeExchangeReply(raw) {
-	return parse(raw);
-}
-function parse(raw) {
-	try {
-		return JSON.parse(raw);
-	} catch {
-		return;
-	}
-}
-function bytesToBase64(bytes) {
-	let binary = "";
-	for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
-	return btoa(binary);
-}
-function base64ToBytes(base64) {
-	const binary = atob(base64);
-	const bytes = new Uint8Array(binary.length);
-	for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
-	return bytes;
-}
-//#endregion
-//#region src/ActionRuntime/Transport/SecureSession/establishExchangeSession.ts
-const textEncoder$1 = new TextEncoder();
-const textDecoder$1 = new TextDecoder();
-/** Plain path (no handshake/token): every action rides a bare `act` envelope, plaintext both ways. */
-function finalizePlainExchangeMethods(ctx) {
-	return buildExchangeMethods(ctx, {});
-}
-/** Secure path: run the handshake (two exchanges) once at bring-up, then reuse the token + crypto. */
-async function finalizeSecureExchangeMethods(ctx) {
-	return buildExchangeMethods(ctx, await runConnectorExchangeHandshake(ctx.carrier, ctx.secure));
-}
-function buildExchangeMethods(ctx, state) {
-	const sendActionData = (inputs) => {
-		runExchange(ctx.carrier, state, inputs).catch((err) => inputs.runningAction._abort(err));
-	};
-	return {
-		sendActionData,
-		updateRunConfig: ctx.updateRunConfig
-	};
-}
-async function runExchange(carrier, state, inputs) {
-	const { action, runningAction, timeout } = inputs;
-	const ac = new AbortController();
-	let timedOut = false;
-	const timeoutId = setTimeout(() => {
-		timedOut = true;
-		ac.abort();
-	}, timeout);
-	const unsubscribe = runningAction.addUpdateListeners([(update) => {
-		if (update.type === "finished") {
-			clearTimeout(timeoutId);
-			ac.abort();
-		}
-	}]);
-	try {
-		const request = await buildRequestEnvelope(state, action);
-		const replyRaw = await carrier.exchange(encodeExchange(request), { signal: ac.signal });
-		if (action.type !== "request") return;
-		const reply = decodeExchangeReply(asString(replyRaw));
-		if (reply == null) throw err_nice_transport.fromId("invalid_action_response", { actionId: action.id });
-		if (reply.k === "err") throw err_nice_transport.fromId("send_failed", {
-			actionState: action.type,
-			actionId: action.id,
-			message: reply.message
-		});
-		const wire = await extractReplyWire(state, reply);
-		if (wire == null || !isActionPayload_Result_JsonObject(wire)) throw err_nice_transport.fromId("invalid_action_response", { actionId: action.id });
-		runningAction._completeWithResult(action._domain.hydrateResultPayload(wire));
-	} catch (err) {
-		if (timedOut) throw err_nice_transport.fromId("timeout", { timeout });
-		throw err;
-	} finally {
-		clearTimeout(timeoutId);
-		unsubscribe();
-	}
-}
-async function buildRequestEnvelope(state, action) {
-	const wire = action.toJsonObject();
-	if (state.crypto != null) {
-		const ciphertext = await state.crypto.encryptFrame(textEncoder$1.encode(JSON.stringify(wire)));
-		return {
-			k: "act",
-			t: state.token,
-			c: bytesToBase64(ciphertext)
-		};
-	}
-	return {
-		k: "act",
-		t: state.token,
-		w: wire
-	};
-}
-async function extractReplyWire(state, reply) {
-	if (reply.k !== "act") return void 0;
-	if ("c" in reply) {
-		if (state.crypto == null) return void 0;
-		const plain = await state.crypto.decryptFrame(base64ToBytes(reply.c));
-		return JSON.parse(textDecoder$1.decode(plain));
-	}
-	return reply.w;
-}
-async function runConnectorExchangeHandshake(carrier, secure) {
-	await secure.link.initialize();
-	const handshake = createClientHandshake({
-		link: secure.link,
-		localCoordinate: secure.localCoordinate,
-		dictionaryVersion: secure.dictionaryVersion,
-		securityLevel: secure.securityLevel
-	});
-	const hsid = nanoid();
-	const hello = await handshake.createHello();
-	const welcomeReply = decodeExchangeReply(asString(await carrier.exchange(encodeExchange({
-		k: "hs",
-		hsid,
-		m: encodeHandshakeMessage(hello)
-	}))));
-	if (welcomeReply?.k !== "hs") throw new Error("[exchange-handshake] expected a welcome reply");
-	const welcome = decodeHandshakeMessage(welcomeReply.m);
-	if (welcome == null) throw new Error("[exchange-handshake] malformed welcome");
-	if (welcome.t === "reject") throw new Error(`[exchange-handshake] rejected by peer: ${welcome.reason}`);
-	if (welcome.t !== "welcome") throw new Error(`[exchange-handshake] expected welcome, got ${welcome.t}`);
-	const prove = await handshake.onWelcome(welcome);
-	const acceptReply = decodeExchangeReply(asString(await carrier.exchange(encodeExchange({
-		k: "hs",
-		hsid,
-		m: encodeHandshakeMessage(prove)
-	}))));
-	if (acceptReply?.k !== "hs") throw new Error("[exchange-handshake] expected an accept reply");
-	const accept = decodeHandshakeMessage(acceptReply.m);
-	if (accept == null) throw new Error("[exchange-handshake] malformed accept");
-	if (accept.t === "reject") throw new Error(`[exchange-handshake] rejected by peer: ${accept.reason}`);
-	if (accept.t !== "accept") throw new Error(`[exchange-handshake] expected accept, got ${accept.t}`);
-	if (acceptReply.t == null) throw new Error("[exchange-handshake] accept missing session token");
-	const result = await handshake.onAccept(accept);
-	const crypto = result.securityLevel === "encrypted" ? createActionFrameCrypto({
-		link: secure.link,
-		linkedClientId: result.linkedClientId
-	}) : void 0;
-	return {
-		token: acceptReply.t,
-		crypto
-	};
-}
-function asString(frame) {
-	if (typeof frame === "string") return frame;
-	return textDecoder$1.decode(frame instanceof ArrayBuffer ? new Uint8Array(frame) : frame);
-}
-//#endregion
-//#region src/ActionRuntime/Transport/helpers/addTransportStatusMetadata.ts
-function addTransportStatusMetadata(transportStatus) {
-	if (transportStatus.status === "ready") return {
-		status: "ready",
-		readyData: transportStatus.readyData
-	};
-	if (transportStatus.status === "initializing") return {
-		status: "initializing",
-		initializationPromise: transportStatus.initializationPromise,
-		timeStarted: Date.now()
-	};
-	if (transportStatus.status === "failed") return {
-		status: "failed",
-		error: transportStatus.error,
-		timeFailed: Date.now()
-	};
-	if (transportStatus.status === "unsupported") return { status: "unsupported" };
-	return { status: "uninitialized" };
-}
-//#endregion
-//#region src/ActionRuntime/Transport/TransportConnection.ts
-let transportOrd = 0;
-/**
-* Live, per-handler transport runtime built from a reusable {@link Transport} definition. Holds the
-* connection-scoped state (ordinal, initialized config, sockets / abort sets) that must not be shared
-* across handlers. Construct these via `definition._createConnection(...)`, never directly.
-*/
-var TransportConnection = class {
-	def;
-	transOrd = transportOrd++;
-	type;
-	initialized;
-	/** Backref to the public definition that created this connection (used for devtools route info). */
-	definition;
-	constructor(def) {
-		this.def = def;
-		this.type = def.type;
-		this.initialized = def.initialize();
-	}
-	/**
-	* Devtools route info for an action routed through this live connection. Defaults to the stateless
-	* {@link definition}'s info; connections override to enrich it from live state (e.g. the actual
-	* resolved socket URL) when the definition couldn't resolve it on its own.
-	*/
-	getRouteInfo(input) {
-		return this.definition?.getRouteInfo(input);
-	}
-	/**
-	* Whether a `ready`-status transport still needs asynchronous bring-up before its methods exist —
-	* awaiting the carrier to open and/or running a handshake. Default `false`: a stateless transport
-	* (HTTP) is usable the instant `getTransport` reports `ready`, so it stays a terminal *synchronous*
-	* fallback in {@link ConnectionTransportManager}. Stream carriers (Link/WS) override to `true`.
-	*/
-	_needsAsyncBringUp(_readyData) {
-		return false;
-	}
-	/** Await the carrier becoming ready to send (e.g. a socket `open`). Default: nothing to await. */
-	_awaitCarrierReady(_readyData) {
-		return Promise.resolve();
-	}
-	/**
-	* Finalize during async bring-up — may run a handshake, so it can be async. Defaults to the
-	* synchronous {@link _finalizeTransportMethods}; secure stream carriers override to branch plain/secure.
-	*/
-	_finalizeReady(readyData) {
-		return this._finalizeTransportMethods(readyData);
-	}
-	_getCacheKey(input) {
-		const parts = this.initialized.getTransportCacheKey?.(input);
-		if (parts == null) return null;
-		return parts.join("\0");
-	}
-	getCacheKey(input) {
-		const inner = this._getCacheKey(input);
-		if (inner == null) return null;
-		return `${this.transOrd}:${inner}`;
-	}
-	/**
-	* Whether this transport can serve the given action right now. Consulted by the manager before
-	* cache-key resolution and `getTransport`; a `false` result skips this transport (treated as
-	* `unsupported`) and the manager falls through to the next in preference order. Defaults to `true`
-	* when the transport declares no gate.
-	*/
-	isAvailable(input) {
-		return this.initialized.isAvailable?.(input) ?? true;
-	}
-	getTransport(input) {
-		return this._processTransportStatus(input);
-	}
-	_processTransportStatus(input) {
-		const statusInfo = addTransportStatusMetadata(this.initialized.getTransport(input));
-		if (statusInfo.status === "ready") {
-			if (!this._needsAsyncBringUp(statusInfo.readyData)) return {
-				status: "ready",
-				readyData: this._finalizeTransportMethods(statusInfo.readyData)
-			};
-			return {
-				status: "initializing",
-				timeStarted: Date.now(),
-				initializationPromise: this._bringUp(statusInfo.readyData)
-			};
-		}
-		if (statusInfo.status === "initializing") {
-			const initializationPromise = statusInfo.initializationPromise.then((result) => result.status === "ready" ? this._bringUp(result.readyData) : result);
-			return {
-				status: "initializing",
-				timeStarted: statusInfo.timeStarted,
-				initializationPromise
-			};
-		}
-		return statusInfo;
-	}
-	/** Await carrier readiness, then finalize (possibly running a handshake) into the live methods. */
-	async _bringUp(readyData) {
-		await this._awaitCarrierReady(readyData);
-		return {
-			status: "ready",
-			readyData: await this._finalizeReady(readyData)
-		};
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Transport/Exchange/ExchangeConnection.ts
-/**
-* Carrier-agnostic live connection for the exchange (request → single reply) shape — the HTTP
-* counterpart to {@link LinkConnection}. It owns only the bring-up (run the secure handshake on first
-* use); the request/reply lifecycle + crypto live in the shared `establishExchangeSession`.
-*/
-var ExchangeConnection = class extends TransportConnection {
-	constructor(def) {
-		super({
-			...def,
-			type: "exchange"
-		});
-	}
-	_getCacheKey(input) {
-		return this.initialized.getTransportCacheKey?.(input).join("\0") ?? "";
-	}
-	_needsAsyncBringUp(data) {
-		return data.secureChannel != null && data.secureChannel.securityLevel !== "none";
-	}
-	_finalizeReady(data) {
-		const secure = data.secureChannel;
-		if (secure != null && secure.securityLevel !== "none") return finalizeSecureExchangeMethods({
-			...this._sessionContext(data),
-			secure
-		});
-		return this._finalizeTransportMethods(data);
-	}
-	_finalizeTransportMethods(data) {
-		return finalizePlainExchangeMethods(this._sessionContext(data));
-	}
-	_sessionContext(data) {
-		return {
-			carrier: data.carrier,
-			updateRunConfig: data.updateRunConfig,
-			secure: data.secureChannel
-		};
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Transport/Exchange/ExchangeTransport.ts
-/**
-* A carrier-agnostic exchange (request → single reply) transport: it drives nice-action's secure session
-* over any {@link IExchangeCarrier} (HTTP being the one built-in). The duplex counterpart is
-* {@link LinkTransport}; this is the no-push half — its reply rides the response to its own request, so it
-* can't deliver an unsolicited frame (the runtime never picks it for the return path).
-*/
-var ExchangeTransport = class ExchangeTransport extends Transport {
-	options;
-	type = "exchange";
-	constructor(options) {
-		super();
-		this.options = options;
-	}
-	static create(options) {
-		return new ExchangeTransport(options);
-	}
-	_createConnection(_ctx) {
-		const options = this.options;
-		return new ExchangeConnection({ initialize: () => ({
-			getTransportCacheKey: options.getTransportCacheKey,
-			isAvailable: options.available,
-			getTransport: (input) => ({
-				status: "ready",
-				readyData: {
-					carrier: options.openCarrier(input),
-					secureChannel: options.security,
-					updateRunConfig: options.updateRunConfig
-				}
-			})
-		}) });
-	}
-	getRouteInfo(input) {
-		if (this.options.getRouteInfo != null) return this.options.getRouteInfo(input);
-		return {
-			carrierLabel: this.options.label ?? "exchange",
-			summary: this.options.label ?? "exchange"
-		};
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Transport/helpers/createUnsetTransportResolvers.ts
-const createUnsetTransportResolvers = (transportLabel) => ({ onIncomingActionDataJson: (json) => {
-	console.warn(`Received incoming action JSON [${json.domain}:${json.id}] on Transport [${transportLabel}] but no incoming data listener has been set.`);
-} });
-//#endregion
-//#region src/ActionRuntime/Transport/SecureSession/establishLinkSession.ts
-const HANDSHAKE_TIMEOUT_MS = 15e3;
-/** Plain path (no handshake): route every inbound frame to the runtime; send without crypto. */
-function finalizePlainLinkMethods(ctx) {
-	const disconnectListeners = [];
-	const abortSet = /* @__PURE__ */ new Set();
-	const pipe = makePipe(ctx, void 0);
-	ctx.channel.attach({
-		onMessage: (frame) => void handleIncomingActionFrame(ctx, pipe, frame),
-		onClose: () => onChannelClosed(ctx, disconnectListeners, abortSet),
-		onError: () => onChannelClosed(ctx, disconnectListeners, abortSet)
-	});
-	return buildSendMethods(ctx, pipe, disconnectListeners, abortSet);
-}
-/**
-* Secure path: a single message handler feeds the handshake until it completes, then routes action
-* frames (decrypting at the `encrypted` level). Frames that race ahead of activation are buffered and
-* flushed once the handshake lands, so nothing is lost.
-*/
-async function finalizeSecureLinkMethods(ctx) {
-	const disconnectListeners = [];
-	const abortSet = /* @__PURE__ */ new Set();
-	const session = {};
-	let active = false;
-	const handshakeQueue = [];
-	const handshakeWaiters = [];
-	const pendingActionFrames = [];
-	ctx.channel.attach({
-		onMessage: (frame) => {
-			if (active && session.pipe != null) {
-				handleIncomingActionFrame(ctx, session.pipe, frame);
-				return;
-			}
-			if (typeof frame === "string") {
-				const message = decodeHandshakeMessage(frame);
-				if (message != null) {
-					const waiter = handshakeWaiters.shift();
-					if (waiter != null) waiter(message);
-					else handshakeQueue.push(message);
-					return;
-				}
-			}
-			pendingActionFrames.push(frame);
-		},
-		onClose: () => onChannelClosed(ctx, disconnectListeners, abortSet),
-		onError: () => onChannelClosed(ctx, disconnectListeners, abortSet)
-	});
-	const nextHandshakeMessage = () => {
-		const queued = handshakeQueue.shift();
-		if (queued != null) return Promise.resolve(queued);
-		return new Promise((resolve, reject) => {
-			const timeout = setTimeout(() => reject(/* @__PURE__ */ new Error("[link-handshake] timed out waiting for peer reply")), HANDSHAKE_TIMEOUT_MS);
-			handshakeWaiters.push((message) => {
-				clearTimeout(timeout);
-				resolve(message);
-			});
-		});
-	};
-	const pipe = makePipe(ctx, await runClientHandshake(ctx.channel, ctx.secure, nextHandshakeMessage));
-	session.pipe = pipe;
-	active = true;
-	for (const frame of pendingActionFrames) await handleIncomingActionFrame(ctx, pipe, frame);
-	pendingActionFrames.length = 0;
-	return buildSendMethods(ctx, pipe, disconnectListeners, abortSet);
-}
-function makePipe(ctx, crypto) {
-	return createFrameCryptoPipe({
-		write: (frame) => ctx.channel.send(frame),
-		isOpen: () => ctx.channel.isOpen(),
-		crypto
-	});
-}
-async function runClientHandshake(channel, secure, nextHandshakeMessage) {
-	await secure.link.initialize();
-	const handshake = createClientHandshake({
-		link: secure.link,
-		localCoordinate: secure.localCoordinate,
-		dictionaryVersion: secure.dictionaryVersion,
-		securityLevel: secure.securityLevel
-	});
-	channel.send(encodeHandshakeMessage(await handshake.createHello()));
-	const welcome = await nextHandshakeMessage();
-	if (welcome.t === "reject") throw new Error(`[link-handshake] rejected by peer: ${welcome.reason}`);
-	if (welcome.t !== "welcome") throw new Error(`[link-handshake] expected welcome, got ${welcome.t}`);
-	channel.send(encodeHandshakeMessage(await handshake.onWelcome(welcome)));
-	const accept = await nextHandshakeMessage();
-	if (accept.t === "reject") throw new Error(`[link-handshake] rejected by peer: ${accept.reason}`);
-	if (accept.t !== "accept") throw new Error(`[link-handshake] expected accept, got ${accept.t}`);
-	const result = await handshake.onAccept(accept);
-	return result.securityLevel === "encrypted" ? createActionFrameCrypto({
-		link: secure.link,
-		linkedClientId: result.linkedClientId
-	}) : void 0;
-}
-function buildSendMethods(ctx, pipe, disconnectListeners, abortSet) {
-	const channel = ctx.channel;
-	const sendActionData = (inputs) => {
-		const { action, runningAction, timeout } = inputs;
-		if (!channel.isOpen()) {
-			if (action.type === "request") runningAction._abort(ctx.makeDisconnectError(action.id));
-			return;
-		}
-		if (action.type === "request") {
-			abortSet.add(runningAction);
-			const timeoutId = setTimeout(() => {
-				runningAction._abort(err_nice_transport.fromId("timeout", { timeout }));
-			}, timeout);
-			runningAction.addUpdateListeners([(update) => {
-				if (update.type === "finished") {
-					clearTimeout(timeoutId);
-					abortSet.delete(runningAction);
-				}
-			}]);
-		}
-		pipe.send(ctx.formatMessage?.outgoing(inputs) ?? JSON.stringify(inputs.action.toJsonObject()));
-	};
-	return {
-		sendActionData,
-		updateRunConfig: ctx.updateRunConfig,
-		addOnDisconnectListener: (cb) => {
-			disconnectListeners.push(cb);
-		},
-		disconnect: () => {
-			try {
-				channel.close();
-			} catch {}
-		},
-		sendReturnData: (payload, clients) => {
-			const formatted = clients != null ? ctx.formatMessage?.outgoing({
-				action: payload,
-				...clients
-			}) : void 0;
-			pipe.send(formatted ?? JSON.stringify(payload.toJsonObject()));
-		}
-	};
-}
-async function handleIncomingActionFrame(ctx, pipe, frame) {
-	const decoded = await pipe.decryptIncoming(frame);
-	if (decoded === void 0) return;
-	const rawJson = decodeActionFrame(decoded, ctx.formatMessage);
-	if (rawJson != null) ctx.resolvers.onIncomingActionDataJson(rawJson);
-}
-function onChannelClosed(ctx, disconnectListeners, abortSet) {
-	for (const cb of disconnectListeners) cb();
-	const error = ctx.makeDisconnectError("—");
-	for (const ra of [...abortSet]) ra._abort(error);
-}
-//#endregion
-//#region src/ActionRuntime/Transport/Link/LinkConnection.ts
-/** Abort error for a closed link channel (carrier-neutral — the carrier itself isn't named). */
-function linkDisconnectError(actionId) {
-	return err_nice_transport.fromId("send_failed", {
-		actionId,
-		actionState: "request",
-		message: "link channel disconnected"
-	});
-}
-/**
-* Carrier-agnostic live connection. It owns only the *bring-up* (open the carrier, then run the secure
-* session); the session itself — handshake, frame crypto, codec, send/receive — lives in the shared
-* {@link finalizeSecureLinkMethods}/{@link finalizePlainLinkMethods}, so a WebSocket, a WebRTC data
-* channel, a Bluetooth characteristic, and an in-memory pipe all run the identical secure layer.
-*/
-var LinkConnection = class extends TransportConnection {
-	resolvers;
-	constructor(def, resolvers) {
-		super({
-			...def,
-			type: "duplex"
+	_collectActionObservers() {
+		return [...this._rootDomain._getActionObservers(), ...this._getActionObservers()];
+	}
+	_registerRuntime(runtime) {
+		this._rootDomain._registerRuntime(runtime);
+	}
+	createChildDomain(subDomainDef) {
+		if (this.allDomains.includes(subDomainDef.domain)) throw err_nice_action.fromId("domain_already_exists_in_hierarchy", {
+			domain: subDomainDef.domain,
+			allParentDomains: this.allDomains,
+			parentDomain: this.domain
 		});
-		this.resolvers = resolvers ?? createUnsetTransportResolvers("link");
+		return new ActionDomain({
+			allDomains: [...this.allDomains, subDomainDef.domain],
+			domain: subDomainDef.domain,
+			actionSchema: subDomainDef.actions
+		}, { rootDomain: this._rootDomain });
+	}
+	get action() {
+		return this._actionMap;
+	}
+	actionsMap() {
+		return this._actionMap;
 	}
-	_getCacheKey(input) {
-		return this.initialized.getTransportCacheKey?.(input).join("\0") ?? "";
+	actionForId(id) {
+		if (!this.actionSchema[id]) throw err_nice_action.fromId("action_id_not_in_domain", {
+			domain: this.domain,
+			actionId: id
+		});
+		return new ActionCore(this, id);
 	}
-	_needsAsyncBringUp() {
-		return true;
+	wrapAsPartialLocalHandler(wrappedActionExecutor) {
+		const _handler = new ActionLocalHandler();
+		const executor = wrappedActionExecutor;
+		for (const actionKey in wrappedActionExecutor) {
+			if (!this.actionSchema[actionKey]) continue;
+			_handler.forAction(this.actionForId(actionKey), (request) => executor[request.id](request.input));
+		}
+		return _handler;
 	}
-	_awaitCarrierReady(data) {
-		return data.channel.ready;
+	wrapAsLocalHandler(wrappedActionExecutor) {
+		const _handler = new ActionLocalHandler();
+		const executor = wrappedActionExecutor;
+		return _handler.forDomain(this, (request) => executor[request.id](request.input));
 	}
-	_finalizeReady(data) {
-		const secure = data.secureChannel;
-		if (secure != null && secure.securityLevel !== "none") return finalizeSecureLinkMethods({
-			...this._sessionContext(data),
-			secure
+	hydrateContext(id, contextData) {
+		return new ActionContext(this, id, {
+			timeCreated: contextData.timeCreated,
+			cuid: contextData.cuid,
+			routing: contextData.routing.map((item) => {
+				return {
+					runtime: new RuntimeCoordinate(item.runtime),
+					handler: item.handler,
+					time: item.time
+				};
+			}),
+			originClient: contextData.originClient ? new RuntimeCoordinate(contextData.originClient) : RuntimeCoordinate.unknown
 		});
-		return this._finalizeTransportMethods(data);
 	}
-	_sessionContext(data) {
-		return {
-			channel: data.channel,
-			resolvers: this.resolvers,
-			formatMessage: data.formatMessage,
-			updateRunConfig: data.updateRunConfig,
-			makeDisconnectError: linkDisconnectError
-		};
+	isDomainAction(action) {
+		return isAction_Any_Instance(action) && action.domain === this.domain;
 	}
-	_finalizeTransportMethods(data) {
-		return finalizePlainLinkMethods(this._sessionContext(data));
+	hydrateRequestPayload(serialized) {
+		if (serialized.type !== "request") throw err_nice_action.fromId("hydration_action_state_mismatch", {
+			expected: "request",
+			received: serialized.type
+		});
+		if (serialized.domain !== this.domain) throw err_nice_action.fromId("hydration_domain_mismatch", {
+			expected: this.domain,
+			received: serialized.domain
+		});
+		const id = serialized.id;
+		if (!this.actionSchema[id]) throw err_nice_action.fromId("hydration_action_id_not_found", {
+			domain: this.domain,
+			actionId: serialized.id
+		});
+		const contextAction = this.hydrateContext(id, serialized.context);
+		return new ActionPayload_Request({ context: contextAction }, contextAction.deserializeInput(serialized.input), { time: serialized.time });
 	}
-};
-//#endregion
-//#region src/ActionRuntime/Transport/Link/LinkTransport.ts
-/**
-* A carrier-agnostic transport: it drives nice-action's secure session + action routing over any
-* {@link IDuplexCarrier}. The WebSocket transport is the special case that opens a `WebSocket`;
-* this opens whatever `openChannel` returns, so the identical secure layer works over WebRTC, Bluetooth,
-* or an in-memory pipe. Reported with an overridable carrier label in the devtools (defaults to "link").
-*/
-var LinkTransport = class LinkTransport extends Transport {
-	options;
-	type = "duplex";
-	constructor(options) {
-		super();
-		this.options = options;
+	hydrateResultPayload(serialized) {
+		if (serialized.type !== "result") throw err_nice_action.fromId("hydration_action_state_mismatch", {
+			expected: "result",
+			received: serialized.type
+		});
+		if (serialized.domain !== this.domain) throw err_nice_action.fromId("hydration_domain_mismatch", {
+			expected: this.domain,
+			received: serialized.domain
+		});
+		const id = serialized.id;
+		if (!this.actionSchema[id]) throw err_nice_action.fromId("hydration_action_id_not_found", {
+			domain: this.domain,
+			actionId: serialized.id
+		});
+		const contextAction = this.hydrateContext(id, serialized.context);
+		const result = serialized.result.ok ? {
+			ok: true,
+			output: contextAction.schema.deserializeOutput(serialized.result.output)
+		} : serialized.result;
+		return new ActionPayload_Result({ context: contextAction }, result, { time: serialized.time });
 	}
-	static create(options) {
-		return new LinkTransport(options);
+	hydrateAnyAction(actionJson) {
+		assertIsActionJson(actionJson);
+		if (actionJson.form === "data") {
+			if (actionJson.type === "request") return this.hydrateRequestPayload(actionJson);
+			if (actionJson.type === "result") return this.hydrateResultPayload(actionJson);
+		}
+		return this.actionForId(actionJson.id);
 	}
-	_createConnection(ctx) {
-		const options = this.options;
-		return new LinkConnection({ initialize: () => ({
-			getTransportCacheKey: options.getTransportCacheKey,
-			isAvailable: options.available,
-			getTransport: (input) => ({
-				status: "ready",
-				readyData: {
-					channel: options.openChannel(input),
-					formatMessage: options.createFormatMessage?.() ?? options.formatMessage,
-					updateRunConfig: options.updateRunConfig,
-					secureChannel: options.security
-				}
-			})
-		}) }, ctx.resolvers);
+	async runAction(request, options) {
+		const allListeners = [...options?.listeners ?? [], ...this._listeners];
+		return this._rootDomain._runAction(request, {
+			...options,
+			listeners: allListeners
+		});
 	}
-	getRouteInfo(input) {
-		if (this.options.getRouteInfo != null) return this.options.getRouteInfo(input);
-		return {
-			carrierLabel: this.options.label ?? "link",
-			summary: this.options.label ?? "link"
-		};
+	createActionMap() {
+		const map = {};
+		for (const id in this.actionSchema) map[id] = new ActionCore(this, id);
+		return map;
 	}
 };
 //#endregion
-//#region src/ActionRuntime/Transport/plainTransport.ts
-function plainTransport(options) {
-	const carrier = options.carrier;
-	if (isExchangeCarrierSource(carrier)) return ExchangeTransport.create({
-		openCarrier: carrier.open,
-		getTransportCacheKey: carrier.getCacheKey,
-		available: options.available,
-		getRouteInfo: carrier.getRouteInfo,
-		label: options.label ?? carrier.carrierLabel,
-		updateRunConfig: options.updateRunConfig
-	});
-	return LinkTransport.create({
-		openChannel: carrier.open,
-		formatMessage: options.formatMessage,
-		createFormatMessage: options.createFormatMessage,
-		getTransportCacheKey: carrier.getCacheKey,
-		available: options.available,
-		getRouteInfo: carrier.getRouteInfo,
-		label: options.label ?? carrier.carrierLabel,
-		updateRunConfig: options.updateRunConfig
-	});
-}
-//#endregion
-//#region src/ActionRuntime/Transport/secureTransport.ts
-function secureTransport(options) {
-	const link = options.link ?? (options.storageAdapter != null ? new ClientCryptoKeyLink({ storageAdapter: options.storageAdapter }) : void 0);
-	if (link == null) throw new Error("secureTransport: provide `link` or `storageAdapter` for the crypto identity.");
-	const security = {
-		securityLevel: options.securityLevel,
-		link,
-		localCoordinate: options.runtime.coordinate.toJsonObject(),
-		dictionaryVersion: options.channel.dictionaryVersion
-	};
-	const carrier = options.carrier;
-	if (isExchangeCarrierSource(carrier)) return ExchangeTransport.create({
-		openCarrier: carrier.open,
-		getTransportCacheKey: carrier.getCacheKey,
-		available: options.available,
-		getRouteInfo: carrier.getRouteInfo,
-		label: carrier.carrierLabel,
-		security
-	});
-	return LinkTransport.create({
-		openChannel: carrier.open,
-		createFormatMessage: options.channel.createCodec,
-		getTransportCacheKey: carrier.getCacheKey,
-		available: options.available,
-		getRouteInfo: carrier.getRouteInfo,
-		label: carrier.carrierLabel,
-		security
-	});
-}
-//#endregion
-//#region src/ActionRuntime/Channel/ActionChannel.ts
-/**
-* Declare a transport-agnostic channel by role. Use it for HTTP, custom transports, or as the routing
-* half of a richer channel. The order of each list is part of the contract for wire formats that pack
-* positionally (see `defineSecureChannel`) — add new domains to the end of their list. (`domains` is
-* accepted as a legacy alias for `toAcceptor`.)
-*/
-function defineChannel(options) {
-	return {
-		toAcceptorDomains: options.toAcceptor,
-		toConnectorDomains: options.toConnector
-	};
-}
-/**
-* Open a connection to a peer from a single call — the dial-out dual of `serveChannel`. The channel is
-* the single source of truth for *what* is routed (`toAcceptor` domains forwarded to the peer,
-* `toConnector` pushes handled locally from `onPush`); the call binds the shared facts — the channel's
-* codec/dictionary version, the runtime, and one crypto identity (a {@link ClientCryptoKeyLink} over
-* `storage`) — into every transport in `transports`, so none of them restate the channel or runtime.
-* List several transports to make the path transport-agnostic (secure WS preferred, HTTP fallback):
-* ```ts
-* const handler = connectChannel(runtime, lobbyChannel, {
-*   peer: runtime_coordinate_lobby_do,
-*   storage,
-*   transports: [{ carrier: wsCarrier(url) }, { carrier: httpCarrier(...), secure: false }],
-*   onPush: { player_joined: (p) => { … } },
-* });
-* ```
-* Returns the {@link ConnectorHandler} so the caller can later `clearTransportCache()` it.
-*/
-function connectChannel(runtime, channel, options) {
-	const securityLevel = options.securityLevel ?? "authenticated";
-	const anySecure = options.transports.some((transport) => transport.secure ?? true);
-	let link = options.link;
-	if (anySecure && link == null) {
-		if (options.storage == null) throw new Error("connectChannel: a secure transport requires `storage` (or `link`). Pass it, or set `secure: false` on the transport for a plain connection.");
-		link = new ClientCryptoKeyLink({ storageAdapter: options.storage });
-	}
-	const transports = options.transports.map((transport) => {
-		const carrier = transport.carrier;
-		const secure = transport.secure ?? true;
-		if (isExchangeCarrierSource(carrier)) return secure ? secureTransport({
-			channel,
-			runtime,
-			link,
-			securityLevel: transport.securityLevel ?? securityLevel,
-			available: transport.available,
-			carrier
-		}) : plainTransport({
-			carrier,
-			available: transport.available,
-			label: transport.label
-		});
-		return secure ? secureTransport({
-			channel,
-			runtime,
-			link,
-			securityLevel: transport.securityLevel ?? securityLevel,
-			available: transport.available,
-			carrier
-		}) : plainTransport({
-			carrier,
-			createFormatMessage: channel.createCodec,
-			available: transport.available,
-			label: transport.label
-		});
-	});
-	const pushHandlers = options.onPush != null ? channel.toConnectorDomains.map((domain) => domain.wrapAsPartialLocalHandler(options.onPush)) : [];
-	return runtime.connectTo(options.peer, {
-		transports,
-		domains: [...channel.toAcceptorDomains],
-		localHandlers: pushHandlers,
-		defaultTimeout: options.defaultTimeout
-	});
-}
-/**
-* Register an acceptor handler's execution for a channel straight from its definition: the channel's
-* `toAcceptor` domains are served together with one merged, connection-aware case map (each case gets
-* the primed request + the originating connection, as with
-* {@link AcceptorHandler.forConnectionDomainCases}). The domain list is taken from the channel,
-* never restated. Add the returned handler to the runtime alongside the acceptor handler:
-* ```ts
-* runtime.addHandlers([acceptChannelConnections(serverHandler, channel, { … }), serverHandler]);
-* ```
-*/
-function acceptChannelConnections(serverHandler, channel, cases) {
-	return serverHandler.forConnectionDomainCasesMulti(channel.toAcceptorDomains, cases);
-}
-/**
-* Build the secure {@link AcceptorHandler} for a channel — the accept-in counterpart to
-* {@link connectChannel}. It folds in the same boilerplate as {@link createSecureAcceptorHandler} (the
-* `ClientCryptoKeyLink` + storage-backed TOFU resolver from one `storageAdapter`, the channel's codec +
-* dictionary version, the `security` block from the runtime coordinate) but takes the `(runtime, channel,
-* options)` shape of the channel family. Pair it with {@link acceptChannelConnections} for execution:
-* ```ts
-* const acceptor = acceptChannel(runtime, gameChannel, { clientEnv, storageAdapter, send });
-* runtime.addHandlers([acceptChannelConnections(acceptor, gameChannel, { … }), acceptor]);
-* ```
-*/
-function acceptChannel(runtime, channel, options) {
-	return createSecureAcceptorHandler({
-		channel,
-		runtime,
-		clientEnv: options.clientEnv,
-		storageAdapter: options.storageAdapter,
-		link: options.link,
-		send: options.send,
-		securityLevel: options.securityLevel,
-		verifyKeyResolver: options.verifyKeyResolver,
-		defaultTimeout: options.defaultTimeout
-	});
-}
+//#region src/ActionDefinition/Domain/helpers/createRootActionDomain.ts
+const createActionRootDomain = (definition) => {
+	return new ActionRootDomain(definition);
+};
 //#endregion
 //#region src/ActionRuntime/Transport/codec/actionWireCodec.ts
 /**
@@ -4031,466 +740,6 @@ function defineSecureChannel(options) {
 	};
 }
 //#endregion
-//#region src/ActionRuntime/Transport/SecureSession/exchangeAcceptor.ts
-const textEncoder = new TextEncoder();
-const textDecoder = new TextDecoder();
-/**
-* Acceptor (accept-in) side of the secure exchange protocol — the HTTP counterpart to
-* {@link AcceptorSecureSession}. Each POST body is one {@link decodeExchangeRequest} envelope; the
-* acceptor drives the server handshake over the two `hs` POSTs (correlated by `hsid`, since stateless
-* requests can't rely on channel ordering), mints a session **token** on accept, and on every later `act`
-* POST resolves the session by token, decrypts the body (at `encrypted`), routes it through the runtime,
-* and returns the (encrypted) result inline as the reply.
-*
-* Sessions and in-flight handshakes are held in memory — fine for a single-instance server. (Surviving a
-* Durable-Object eviction would persist each token's `keyMaterial` and re-derive the key on a miss, the
-* same primitive `AcceptorSecureSession.rehydrate` uses; left as a follow-up.)
-*/
-var ExchangeAcceptor = class {
-	_security;
-	_runtime;
-	_allowedLevels;
-	_noneAllowed;
-	_pendingHandshakes = /* @__PURE__ */ new Map();
-	_sessions = /* @__PURE__ */ new Map();
-	constructor(config) {
-		this._security = config.security;
-		this._runtime = config.runtime;
-		this._allowedLevels = Array.isArray(config.security.securityLevel) ? config.security.securityLevel : [config.security.securityLevel];
-		this._noneAllowed = this._allowedLevels.includes("none");
-	}
-	/** Process one POST body (an exchange envelope), returning the reply body to send back. */
-	async handlePost(body) {
-		const request = decodeExchangeRequest(body);
-		if (request == null) return this._err("malformed exchange request");
-		if (request.k === "hs") return encodeExchange(await this._handleHandshake(request));
-		return encodeExchange(await this._handleAction(request));
-	}
-	async _handleHandshake(request) {
-		const message = decodeHandshakeMessage(request.m);
-		if (message == null) return {
-			k: "err",
-			message: "malformed handshake message"
-		};
-		const security = this._security;
-		await security.link.initialize();
-		let handshake = this._pendingHandshakes.get(request.hsid);
-		if (handshake == null) {
-			handshake = createServerHandshake({
-				link: security.link,
-				localCoordinate: security.localCoordinate,
-				dictionaryVersion: security.dictionaryVersion,
-				securityLevel: security.securityLevel,
-				verifyKeyResolver: security.verifyKeyResolver
-			});
-			this._pendingHandshakes.set(request.hsid, handshake);
-		}
-		if (message.t === "hello") return {
-			k: "hs",
-			m: encodeHandshakeMessage(await handshake.onHello(message))
-		};
-		if (message.t === "prove") {
-			const reply = await handshake.onProve(message);
-			this._pendingHandshakes.delete(request.hsid);
-			const result = handshake.getResult();
-			if (reply.t === "accept" && result != null) {
-				const token = nanoid();
-				this._sessions.set(token, {
-					client: new RuntimeCoordinate(result.remote),
-					securityLevel: result.securityLevel,
-					crypto: result.securityLevel === "encrypted" ? createActionFrameCrypto({
-						link: security.link,
-						linkedClientId: result.linkedClientId
-					}) : void 0
-				});
-				return {
-					k: "hs",
-					m: encodeHandshakeMessage(reply),
-					t: token
-				};
-			}
-			return {
-				k: "hs",
-				m: encodeHandshakeMessage(reply)
-			};
-		}
-		return {
-			k: "err",
-			message: `unexpected handshake message ${message.t}`
-		};
-	}
-	async _handleAction(request) {
-		let session;
-		let candidate;
-		if (request.t != null) {
-			session = this._sessions.get(request.t);
-			if (session == null) return {
-				k: "err",
-				message: "unknown or expired session token"
-			};
-			if ("c" in request) {
-				if (session.crypto == null) return {
-					k: "err",
-					message: "session is not encrypted"
-				};
-				const plain = await session.crypto.decryptFrame(base64ToBytes(request.c));
-				candidate = JSON.parse(textDecoder.decode(plain));
-			} else candidate = request.w;
-		} else {
-			if (!this._noneAllowed || "c" in request) return {
-				k: "err",
-				message: "missing session token"
-			};
-			candidate = request.w;
-		}
-		if (!isActionPayload_Any_JsonObject(candidate)) return {
-			k: "err",
-			message: "malformed action wire"
-		};
-		const wire = candidate;
-		if (session != null && wire.type === "request") wire.context.originClient = session.client.toJsonObject();
-		const resultWire = (await (await this._runtime.handleActionPayloadWire(wire)).waitForResultPayload()).toJsonObject();
-		if (session?.crypto != null) return {
-			k: "act",
-			c: bytesToBase64(await session.crypto.encryptFrame(textEncoder.encode(JSON.stringify(resultWire))))
-		};
-		return {
-			k: "act",
-			w: resultWire
-		};
-	}
-	_err(message) {
-		return encodeExchange({
-			k: "err",
-			message
-		});
-	}
-};
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Acceptor/createActionFetchHandler.ts
-/** Permissive defaults — fine for a public action endpoint; override (or disable) via `cors`. */
-const DEFAULT_CORS_HEADERS = {
-	"Access-Control-Allow-Origin": "*",
-	"Access-Control-Allow-Methods": "GET, POST, OPTIONS",
-	"Access-Control-Allow-Headers": "Content-Type",
-	"Access-Control-Max-Age": "86400"
-};
-/**
-* Build the `fetch` handler a server/Durable-Object exposes for action traffic, folding in the
-* boilerplate every endpoint repeats: CORS (incl. the `OPTIONS` preflight), routing the `/action`
-* `POST` body through the runtime (`handleActionPayloadWire` → `waitForResultPayload` →
-* `toHttpResponse`), an optional WebSocket-upgrade hook, and a `404` fallback.
-*
-* It only touches web-standard `Request`/`Response`, so it stays transport-agnostic — the one
-* environment-specific bit (the WS upgrade) is injected via {@link IActionFetchHandlerOptions.onWebSocketUpgrade}:
-* ```ts
-* this.fetchHandler = createActionFetchHandler(this.runtime, {
-*   onWebSocketUpgrade: () => {
-*     const pair = new WebSocketPair();
-*     this.ctx.acceptWebSocket(pair[1]);
-*     return new Response(null, { status: 101, webSocket: pair[0] });
-*   },
-* });
-* // async fetch(request) { return this.fetchHandler(request); }
-* ```
-*/
-function createActionFetchHandler(runtime, options = {}) {
-	const corsHeaders = options.cors === false ? {} : options.cors ?? DEFAULT_CORS_HEADERS;
-	const isActionPath = options.isActionPath ?? ((url) => url.pathname.endsWith("/action"));
-	const isWebSocketPath = options.isWebSocketPath ?? ((url) => url.pathname.endsWith("/ws"));
-	const exchangeAcceptor = options.security != null ? new ExchangeAcceptor({
-		runtime,
-		security: options.security
-	}) : void 0;
-	const withCors = (response) => {
-		if (options.cors === false) return response;
-		const headers = new Headers(response.headers);
-		for (const [key, value] of Object.entries(corsHeaders)) headers.set(key, value);
-		return new Response(response.body, {
-			status: response.status,
-			headers
-		});
-	};
-	return async (request) => {
-		if (request.method === "OPTIONS") return withCors(new Response(null, { status: 204 }));
-		const url = new URL(request.url);
-		const isWebSocketUpgrade = options.isWebSocketUpgrade ?? ((req, u) => req.headers.get("Upgrade") === "websocket" && isWebSocketPath(u));
-		if (options.onWebSocketUpgrade != null && isWebSocketUpgrade(request, url)) return options.onWebSocketUpgrade(request, url);
-		if (request.method === "POST" && isActionPath(url)) {
-			if (exchangeAcceptor != null) {
-				const reply = await exchangeAcceptor.handlePost(await request.text());
-				return withCors(new Response(reply, {
-					status: 200,
-					headers: { "Content-Type": "application/json" }
-				}));
-			}
-			return withCors((await (await runtime.handleActionPayloadWire(await request.json())).waitForResultPayload()).toHttpResponse({ useErrorStatus: options.useErrorStatus }));
-		}
-		return withCors(new Response("Not found", { status: 404 }));
-	};
-}
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Acceptor/Hibernation/ConnectionStateStore.ts
-/**
-* A typed per-connection state store that co-owns the app state and the acceptor handler's routing
-* binding in one attachment, so neither the consumer nor the handler has to hand-merge the two. Create
-* it through {@link createConnectionStateStore} (which also wires binding persistence and replays
-* surviving connections after a wake), then `get`/`set`/`clearApp` the app state directly.
-*
-* The mechanism is carrier-neutral — it only needs read/write/enumerate callbacks for the connection's
-* attachment — but it pays off on transports whose connections outlive process eviction (e.g. a
-* Durable Object's hibernatable WebSockets), which is why it lives beside the hibernation adapter.
-*
-* ```ts
-* const players = createConnectionStateStore(serverHandler, {
-*   schema: vs_player,
-*   read: (ws) => ws.deserializeAttachment(),
-*   write: (ws, v) => ws.serializeAttachment(v),
-*   getConnections: () => ctx.getWebSockets(),
-* });
-* players.set(ws, player); // binding is preserved automatically
-* const player = players.get(ws);
-* ```
-*/
-var ConnectionStateStore = class {
-	options;
-	constructor(options) {
-		this.options = options;
-	}
-	/** The validated app state for a connection, or `null` if unset / invalid. */
-	get(connection) {
-		return this._readAttachment(connection).app ?? null;
-	}
-	/** Set the app state, preserving the runtime binding already pinned to the connection. */
-	set(connection, app) {
-		const existing = this._readAttachment(connection);
-		this.options.write(connection, {
-			app,
-			binding: existing.binding
-		});
-	}
-	/** Clear the app state but keep the binding (e.g. a spectator that stopped watching). */
-	clearApp(connection) {
-		const existing = this._readAttachment(connection);
-		this.options.write(connection, { binding: existing.binding });
-	}
-	/** Every live connection paired with its (validated) app state — for rebuilding in-memory state after a wake. */
-	entries() {
-		return this.options.getConnections().map((connection) => [connection, this._readAttachment(connection).app ?? null]);
-	}
-	/** @internal Persist a freshly-bound connection's binding, preserving any app state already stored. */
-	_persistBinding(connection, binding) {
-		const existing = this._readAttachment(connection);
-		this.options.write(connection, {
-			app: existing.app,
-			binding
-		});
-	}
-	/** @internal The persisted binding for a connection, if any (used to replay routing after a wake). */
-	_readBinding(connection) {
-		return this._readAttachment(connection).binding;
-	}
-	_readAttachment(connection) {
-		try {
-			const raw = this.options.read(connection);
-			if (typeof raw !== "object" || raw === null) return {};
-			const attachment = raw;
-			const result = {};
-			if (attachment.binding != null) result.binding = attachment.binding;
-			if (attachment.app !== void 0) {
-				const app = this._validateApp(attachment.app);
-				if (app !== void 0) result.app = app;
-			}
-			return result;
-		} catch {
-			return {};
-		}
-	}
-	_validateApp(value) {
-		const schema = this.options.schema;
-		if (schema == null) return value;
-		const result = schema["~standard"].validate(value);
-		if (result instanceof Promise) return void 0;
-		if (result.issues != null) return void 0;
-		return result.value;
-	}
-};
-/**
-* Build a per-connection {@link ConnectionStateStore} bound to an {@link AcceptorHandler}: it registers
-* itself as the handler's connection-bound persistence callback (so bindings are written without
-* overwriting app state) and immediately replays every live connection's stored binding via
-* {@link AcceptorHandler.rehydrateConnection} — so on a transport that resumes after eviction (e.g. a
-* Durable Object waking from hibernation) both the app identity and the action routing come back from a
-* single attachment, with no storage reads and no hand-rolled merge.
-*
-* Lives outside the handler so the generic {@link AcceptorHandler} stays free of any attachment/
-* hibernation concern — it exposes only the neutral `setOnConnectionBound` + `rehydrateConnection`
-* hooks this builder drives.
-*/
-function createConnectionStateStore(handler, options) {
-	const store = new ConnectionStateStore(options);
-	handler.setOnConnectionBound((connection, binding) => store._persistBinding(connection, binding));
-	for (const connection of options.getConnections()) {
-		const binding = store._readBinding(connection);
-		if (binding != null) handler.rehydrateConnection(connection, binding);
-	}
-	return store;
-}
-//#endregion
-//#region src/ActionRuntime/Handler/PeerLink/Acceptor/Hibernation/createHibernatableWsServerAdapter.ts
-/**
-* Wire the hibernation lifecycle for an acceptor handler on a transport whose connections outlive process
-* eviction (e.g. a Durable Object's hibernatable WebSockets). It owns persistence end to end:
-* registers `setAttachment` as the handler's connection-bound callback and immediately replays every
-* live connection's stored binding via `getAttachment`, so results/pushes still route after a wake.
-*
-* Layered on top of the generic {@link AcceptorHandler} — it touches only the handler's neutral
-* `setOnConnectionBound` / `rehydrateConnection` / `receive` / `dropConnection` surface, so no
-* hibernation concern leaks into the handler itself.
-*
-* Construct it once when the handler is built, then forward connection events:
-* ```ts
-* const duplex = createHibernatableWsServerAdapter({ handler, getConnections, getAttachment, setAttachment });
-* // webSocketMessage(ws, msg) => duplex.receive(ws, msg);
-* // webSocketClose/Error(ws)  => duplex.drop(ws);
-* ```
-*/
-function createHibernatableWsServerAdapter(options) {
-	const { handler, getConnections, getAttachment, setAttachment } = options;
-	handler.setOnConnectionBound(setAttachment);
-	for (const connection of getConnections()) {
-		const binding = getAttachment(connection);
-		if (binding != null) handler.rehydrateConnection(connection, binding);
-	}
-	return {
-		receive: (connection, frame) => handler.receive(connection, frame),
-		drop: (connection) => handler.dropConnection(connection)
-	};
-}
-//#endregion
-//#region src/ActionRuntime/Channel/serveChannel.ts
-/** Default accepted set, shared by every carrier: negotiate per connection to whatever the client picks. */
-const DEFAULT_SERVER_SECURITY_LEVELS = [
-	"none",
-	"authenticated",
-	"encrypted"
-];
-function serveChannel(runtime, channel, options) {
-	const duplexCarriers = options.carriers.filter((carrier) => !isExchangeAcceptorCarrier(carrier));
-	const exchangeCarriers = options.carriers.filter(isExchangeAcceptorCarrier);
-	if (exchangeCarriers.length > 1) throw new Error("serveChannel: at most one exchange carrier is supported");
-	const exchangeCarrier = exchangeCarriers[0];
-	const singleDuplex = duplexCarriers.length === 1;
-	if (options.connectionState != null && !singleDuplex) throw new Error("serveChannel: `connectionState` requires exactly one duplex carrier");
-	if (options.channelCases != null && !singleDuplex) throw new Error("serveChannel: `channelCases` requires exactly one duplex carrier");
-	const exchangeSecure = exchangeCarrier != null && (exchangeCarrier.secure ?? true);
-	const anyDuplexSecure = duplexCarriers.some((carrier) => carrier.secure ?? true);
-	const securityLevel = options.securityLevel ?? DEFAULT_SERVER_SECURITY_LEVELS;
-	let secure;
-	if (anyDuplexSecure || exchangeSecure) {
-		const storage = options.storage;
-		if (storage == null) throw new Error("serveChannel: a secure carrier requires `storage`. Pass it, or set `secure: false` on the carrier for a plain endpoint.");
-		secure = {
-			storage,
-			link: options.link ?? new ClientCryptoKeyLink({ storageAdapter: storage }),
-			verifyKeyResolver: options.verifyKeyResolver ?? createStorageTofuVerifyKeyResolver(storage)
-		};
-	}
-	const plainRouter = (handler) => ({
-		receive: (connection, frame) => handler.receive(connection, frame),
-		drop: (connection) => handler.dropConnection(connection)
-	});
-	const asObject = (value) => typeof value === "object" && value != null ? value : {};
-	const handlers = [];
-	let connections;
-	for (const carrier of duplexCarriers) {
-		const handler = (carrier.secure ?? true) && secure != null ? acceptChannel(runtime, channel, {
-			clientEnv: options.clientEnv,
-			storageAdapter: secure.storage,
-			link: secure.link,
-			verifyKeyResolver: secure.verifyKeyResolver,
-			securityLevel,
-			send: carrier.send,
-			defaultTimeout: options.defaultTimeout
-		}) : createAcceptorHandler({
-			clientEnv: options.clientEnv,
-			createFormatMessage: channel.createCodec,
-			send: carrier.send,
-			runtime,
-			defaultTimeout: options.defaultTimeout
-		});
-		const attach = carrier.attachmentStore;
-		let router;
-		if (attach == null) router = plainRouter(handler);
-		else if (options.connectionState != null) {
-			connections = createConnectionStateStore(handler, {
-				schema: options.connectionState.schema,
-				getConnections: attach.getConnections,
-				read: attach.read,
-				write: attach.write
-			});
-			router = plainRouter(handler);
-		} else router = createHibernatableWsServerAdapter({
-			handler,
-			getConnections: attach.getConnections,
-			getAttachment: (connection) => attach.read(connection)?.binding,
-			setAttachment: (connection, binding) => attach.write(connection, {
-				...asObject(attach.read(connection)),
-				binding
-			})
-		});
-		carrier._activate(router);
-		handlers.push(handler);
-	}
-	runtime.addHandlers([...options.handlers ?? [], ...handlers]);
-	if (options.channelCases != null) runtime.addHandlers([acceptChannelConnections(handlers[0], channel, options.channelCases)]);
-	const exchangeSecurity = exchangeSecure && secure != null ? {
-		link: secure.link,
-		verifyKeyResolver: secure.verifyKeyResolver,
-		localCoordinate: runtime.coordinate.toJsonObject(),
-		dictionaryVersion: channel.dictionaryVersion,
-		securityLevel
-	} : void 0;
-	const defaultIsUpgrade = (request) => request.headers.get("Upgrade") === "websocket";
-	const upgraders = [];
-	for (const carrier of duplexCarriers) {
-		if (carrier.upgrade == null) continue;
-		upgraders.push({
-			isUpgrade: carrier.isUpgrade ?? defaultIsUpgrade,
-			upgrade: carrier.upgrade
-		});
-	}
-	const fetch = createActionFetchHandler(runtime, {
-		cors: exchangeCarrier?.cors,
-		onWebSocketUpgrade: upgraders.length === 0 ? void 0 : (request, url) => (upgraders.find((u) => u.isUpgrade(request, url)) ?? upgraders[0]).upgrade(request, url),
-		isWebSocketUpgrade: upgraders.length === 0 ? void 0 : (request, url) => upgraders.some((u) => u.isUpgrade(request, url)),
-		isActionPath: exchangeCarrier != null ? exchangeCarrier.isActionPath ?? (() => true) : () => false,
-		security: exchangeSecurity,
-		useErrorStatus: exchangeCarrier?.useErrorStatus
-	});
-	const duplex = duplexCarriers.length === 1 ? duplexCarriers[0] : void 0;
-	const pushToClient = (target, request, pushOptions) => {
-		const owner = target instanceof RuntimeCoordinate ? handlers.find((handler) => handler.ownsLiveConnectionFor(target)) : handlers.find((handler) => handler.hasConnection(target));
-		if (owner == null) throw new Error("serveChannel: no duplex carrier holds a connection for the push target");
-		return owner.pushToClient(runtime, target, request, pushOptions);
-	};
-	const broadcast = (makeRequest, broadcastOptions) => {
-		if (!singleDuplex) throw new Error("serveChannel: broadcast requires exactly one duplex carrier — broadcast over a specific handlers[i] instead");
-		handlers[0].broadcast(makeRequest, {
-			runtime,
-			...broadcastOptions
-		});
-	};
-	return {
-		handlers,
-		fetch,
-		duplex,
-		pushToClient,
-		broadcast,
-		connections
-	};
-}
-//#endregion
 //#region src/ActionRuntime/Transport/Carrier/duplex/inMemory/createInMemoryChannel.ts
 /**
 * Two cross-wired in-process byte channels — a loopback carrier with no socket. The client end is a
@@ -4754,20 +1003,26 @@ async function normalizeFrame(data) {
 //#endregion
 //#region src/ActionRuntime/Transport/Carrier/duplex/ws/wsCarrier.ts
 /**
-* A WebSocket {@link IDuplexCarrierSource}: opens an `arraybuffer` socket to `url` (cached per endpoint)
-* and adapts it to a carrier. Hand it to {@link secureTransport} (or `LinkTransport`) — the WebSocket is
-* now "just another carrier" under the shared secure session, with no WS-specific transport class.
+* A WebSocket {@link IDuplexCarrierSource}: opens an `arraybuffer` socket (cached per endpoint) and adapts
+* it to a carrier. Hand it to {@link secureTransport} (or `LinkTransport`) — the WebSocket is now "just
+* another carrier" under the shared secure session, with no WS-specific transport class.
+*
+* `createRequest` derives the socket URL per action (keep it simple with `() => ({ url })`), so dynamic
+* endpoints (e.g. a per-run query param) need no `createWebSocket` escape hatch.
 */
-function wsCarrier(url, options = {}) {
+function wsCarrier(createRequest, options = {}) {
 	return {
 		carrierLabel: "ws",
-		open: (input) => webSocketByteChannel(options.createWebSocket?.(input) ?? defaultWebSocket(url)),
-		getCacheKey: options.getTransportCacheKey ?? (() => [url]),
-		getRouteInfo: options.getRouteInfo ?? (() => ({
-			carrierLabel: "ws",
-			url,
-			summary: `ws ${shortWs(url)}`
-		}))
+		open: (input) => webSocketByteChannel(defaultWebSocket(createRequest(input).url)),
+		getCacheKey: options.getTransportCacheKey ?? ((input) => [createRequest(input).url]),
+		getRouteInfo: options.getRouteInfo ?? ((input) => {
+			const { url } = createRequest(input);
+			return {
+				carrierLabel: "ws",
+				url,
+				summary: `ws ${shortWs(url)}`
+			};
+		})
 	};
 }
 function defaultWebSocket(url) {
@@ -4776,25 +1031,6 @@ function defaultWebSocket(url) {
 	return ws;
 }
 //#endregion
-//#region src/ActionRuntime/Transport/Carrier/exchange/http/httpAcceptorCarrier.ts
-/**
-* An HTTP {@link IExchangeAcceptorCarrier}: the accept-in dual of {@link httpCarrier}. It serves the
-* secure exchange protocol (handshake → token session → encrypted frames) over web-standard
-* `Request`/`Response`. The crypto identity, runtime coordinate, dictionary version, and accepted security
-* levels are all supplied centrally by `serveChannel`, so this only needs to say which requests carry an
-* action envelope and how to answer CORS.
-*/
-function httpAcceptorCarrier(options = {}) {
-	return {
-		shape: "exchange",
-		carrierLabel: options.carrierLabel ?? "http",
-		secure: options.secure,
-		isActionPath: options.isActionPath,
-		cors: options.cors,
-		useErrorStatus: options.useErrorStatus
-	};
-}
-//#endregion
 //#region src/ActionRuntime/Transport/Carrier/exchange/http/httpCarrier.ts
 function shortPath(url) {
 	try {
@@ -4930,6 +1166,6 @@ function createBinaryWireAdapter(domains) {
 	};
 }
 //#endregion
-export { AcceptorHandler, ActionCore, ActionDomain, ActionLocalHandler, ActionRootDomain, ActionRuntime, ActionSchema, ConnectionStateStore, ConnectorHandler, EActionPayloadType, EActionProgressType, EActionResponseMode, EErrId_NiceAction, EErrId_NiceTransport, EErrId_NiceTransport_WebSocket, EHandshakeMessageType, ERunningActionFinishedType, ERunningActionState, ERunningActionUpdateType, ESecurityLevel, ETransportShape, ETransportStatus, ExchangeAcceptor, ExchangeTransport, LinkTransport, PeerLinkHandler, RunningAction, RuntimeCoordinate, Transport, acceptChannel, acceptChannelConnections, actionSchema, connectChannel, createAcceptorHandler, createActionFetchHandler, createActionFrameCrypto, createActionRootDomain, createBinaryWireAdapter, createBinaryWireSessionFactory, createClientHandshake, createConnectionStateStore, createConnectorHandler, createHibernatableWsServerAdapter, createInMemoryChannelPair, createInMemoryTofuVerifyKeyResolver, createLocalHandler, createSecureAcceptorHandler, createServerHandshake, createStorageTofuVerifyKeyResolver, decodeActionFrame, decodeExchangeReply, decodeExchangeRequest, decodeHandshakeMessage, defineChannel, defineSecureChannel, encodeExchange, encodeHandshakeMessage, err_nice_action, err_nice_external_client, err_nice_transport, err_nice_transport_ws, httpAcceptorCarrier, httpCarrier, inMemoryCarrier, isActionPayload_Any_JsonObject, isActionPayload_Request_JsonObject, isActionPayload_Result_JsonObject, isExchangeAcceptorCarrier, rtcCarrier, rtcDataChannelByteChannel, runtimeLinkId, serveChannel, wsAcceptorCarrier, wsCarrier };
+export { AcceptorHandler, ActionCore, ActionDomain, ActionLocalHandler, ActionRootDomain, ActionRuntime, ActionSchema, ConnectionStateStore, ConnectorHandler, EActionPayloadType, EActionProgressType, EActionResponseMode, EErrId_NiceAction, EErrId_NiceTransport, EErrId_NiceTransport_WebSocket, EHandshakeMessageType, ERunningActionFinishedType, ERunningActionState, ERunningActionUpdateType, ESecurityLevel, ETransportShape, ETransportStatus, ExchangeAcceptor, ExchangeTransport, LinkTransport, PeerLinkHandler, RunningAction, RuntimeCoordinate, Transport, acceptChannel, acceptChannelConnections, actionSchema, connectChannel, createAcceptorHandler, createActionFetchHandler, createActionFrameCrypto, createActionRootDomain, createBinaryWireAdapter, createBinaryWireSessionFactory, createClientHandshake, createConnectionStateStore, createConnectorHandler, createHibernatableWsServerAdapter, createInMemoryChannelPair, createInMemoryTofuVerifyKeyResolver, createLocalHandler, createSecureAcceptorHandler, createServerHandshake, createStorageTofuVerifyKeyResolver, decodeActionFrame, decodeExchangeReply, decodeExchangeRequest, decodeHandshakeMessage, defineChannel, defineSecureChannel, encodeExchange, encodeHandshakeMessage, err_nice_action, err_nice_external_client, err_nice_transport, err_nice_transport_ws, httpAcceptorCarrier, httpCarrier, inMemoryCarrier, isActionPayload_Any_JsonObject, isActionPayload_Request_JsonObject, isActionPayload_Result_JsonObject, isExchangeAcceptorCarrier, rtcCarrier, rtcDataChannelByteChannel, runtimeLinkId, serveChannel, serveHost, wsAcceptorCarrier, wsCarrier };
 
 //# sourceMappingURL=index.mjs.map