@nice-code/action 0.21.0 → 0.23.0

package/build/httpAcceptorCarrier-hYPuoNuP.cjs

@@ -0,0 +1,4291 @@
+const require_rolldown_runtime = require("./rolldown-runtime-emK7D4bc.cjs");
+require("./RunningAction.types-DjCX1xp5.cjs");
+let nanoid = require("nanoid");
+let _nice_code_error = require("@nice-code/error");
+let _nice_code_common_errors = require("@nice-code/common-errors");
+let std_env = require("std-env");
+let _nice_code_util = require("@nice-code/util");
+let valibot = require("valibot");
+valibot = require_rolldown_runtime.__toESM(valibot, 1);
+let msgpackr = require("msgpackr");
+const UNSET_RUNTIME_ENV_ID = "_unset_";
+//#endregion
+//#region src/ActionRuntime/utils/runtimeCoordinateToStringIds.ts
+function runtimeCoordinateToStringIds(coordinate) {
+	return [
+		`envId[${coordinate.envId}]perId[${coordinate.perId ?? "_"}]:insId[${coordinate.insId ?? "_"}]`,
+		`envId[${coordinate.envId}]perId[${coordinate.perId ?? "_"}]:insId[_]`,
+		`envId[${coordinate.envId}]perId[_]:insId[_]`
+	];
+}
+//#endregion
+//#region src/ActionRuntime/RuntimeCoordinate.ts
+var RuntimeCoordinate = class RuntimeCoordinate {
+	envId;
+	perId;
+	insId;
+	static get unknown() {
+		return new RuntimeCoordinate({ envId: UNSET_RUNTIME_ENV_ID });
+	}
+	static env(envId) {
+		return new RuntimeCoordinate({ envId });
+	}
+	withPersistentId(perId) {
+		return this.specify({ perId });
+	}
+	constructor({ envId, perId, insId }) {
+		this.envId = envId;
+		this.perId = perId;
+		this.insId = insId;
+	}
+	specify(specifics) {
+		return new RuntimeCoordinate({
+			envId: this.envId,
+			perId: this.perId,
+			insId: this.insId,
+			...specifics
+		});
+	}
+	specifyIfUnset(specifics) {
+		return new RuntimeCoordinate({
+			envId: this.envId,
+			perId: this.perId ?? specifics.perId,
+			insId: this.insId ?? specifics.insId
+		});
+	}
+	toJsonObject() {
+		return {
+			envId: this.envId,
+			perId: this.perId,
+			insId: this.insId
+		};
+	}
+	isExactlySame(other) {
+		return this.envId === other.envId && this.perId === other.perId && this.insId === other.insId;
+	}
+	isSameFor(other) {
+		return {
+			id: this.envId === other.envId,
+			perId: this.envId === other.envId && this.perId === other.perId,
+			insId: this.envId === other.envId && this.perId === other.perId && this.insId === other.insId
+		};
+	}
+	similarityLevel(other) {
+		const sameFor = this.isSameFor(other);
+		if (sameFor.insId) return 3;
+		if (sameFor.perId) return 2;
+		if (sameFor.id) return 1;
+		return 0;
+	}
+	get stringId() {
+		return `envId[${this.envId}]perId[${this.perId ?? "_"}]:insId[${this.insId ?? "_"}]`;
+	}
+	/**
+	* Takes the "Runtime Coordinate" and generates a list of full coordinate IDs representing the runtime
+	* with decreasing levels of specificity.
+	*
+	* The first full coordinate ID is the most specific (including instance ID), while the last ID is
+	* the least specific (only environment ID).
+	*
+	* Example output for a RuntimeCoordinate with envId "web_app", perId "user123", and insId "instance456":
+	* [
+	*   "envId[web_app]perId[user123]:insId[instance456]",
+	*   "envId[web_app]perId[user123]:insId[_]",
+	*   "envId[web_app]perId[_]:insId[_]"
+	* ]
+	*
+	* @returns a list of "full" runtime coordinate IDs with decreasing accuracy for targeting a runtime.
+	*/
+	toStringIds() {
+		return runtimeCoordinateToStringIds(this);
+	}
+};
+//#endregion
+//#region src/ActionDefinition/Action/ActionBase.ts
+var ActionBase = class {
+	form;
+	_domain;
+	id;
+	domain;
+	allDomains;
+	schema;
+	constructor(form, _domain, id) {
+		this.form = form;
+		this._domain = _domain;
+		this.id = id;
+		this.domain = _domain.domain;
+		this.allDomains = _domain.allDomains;
+		this.schema = _domain.actionSchema[id];
+	}
+	toJsonObject() {
+		return {
+			form: this.form,
+			domain: this.domain,
+			allDomains: this.allDomains,
+			id: this.id
+		};
+	}
+	toJsonString() {
+		return JSON.stringify(this.toJsonObject());
+	}
+};
+//#endregion
+//#region src/ActionDefinition/Action/Payload/ActionPayload.ts
+var ActionPayload = class extends ActionBase {
+	form = "data";
+	type;
+	context;
+	time;
+	constructor(context, type, data) {
+		super("data", context._domain, context.id);
+		this.context = context;
+		this.type = type;
+		this.time = data.time;
+	}
+	toBaseJsonObject() {
+		return {
+			...super.toJsonObject(),
+			type: this.type,
+			context: this.context.toContextDataJsonObject(),
+			time: this.time
+		};
+	}
+};
+//#endregion
+//#region src/utils/hashPayloadData.ts
+function stableStringify(value) {
+	if (value === null || value === void 0) return String(value);
+	if (typeof value !== "object") return JSON.stringify(value) ?? "undefined";
+	if (Array.isArray(value)) return `[${value.map(stableStringify).join(",")}]`;
+	return "{" + Object.keys(value).sort().map((k) => `${JSON.stringify(k)}:${stableStringify(value[k])}`).join(",") + "}";
+}
+function fnv1a32(str) {
+	let hash = 2166136261;
+	for (let i = 0; i < str.length; i++) hash = (hash ^ str.charCodeAt(i)) * 16777619 >>> 0;
+	return hash.toString(16).padStart(8, "0");
+}
+/**
+* Produces a deterministic 8-char hex hash of any JSON-serializable value.
+* Useful for grouping/comparing action inputs, outputs, and progress payloads.
+*/
+function hashPayloadData(data) {
+	return fnv1a32(stableStringify(data));
+}
+//#endregion
+//#region src/ActionDefinition/Action/Payload/ActionPayload.types.ts
+let EActionPayloadType = /* @__PURE__ */ function(EActionPayloadType) {
+	EActionPayloadType["request"] = "request";
+	EActionPayloadType["progress"] = "progress";
+	EActionPayloadType["result"] = "result";
+	EActionPayloadType["stream"] = "stream";
+	EActionPayloadType["push"] = "push";
+	return EActionPayloadType;
+}({});
+/**
+*
+*  [ PROGRESS ]
+*
+*/
+let EActionProgressType = /* @__PURE__ */ function(EActionProgressType) {
+	EActionProgressType["none"] = "none";
+	EActionProgressType["percentage"] = "percentage";
+	EActionProgressType["custom"] = "custom";
+	return EActionProgressType;
+}({});
+//#endregion
+//#region src/ActionDefinition/Action/Payload/ActionPayload_Progress.ts
+var ActionPayload_Progress = class extends ActionPayload {
+	progress;
+	constructor(params, progress, data) {
+		super(params.context, "progress", data);
+		this.progress = progress;
+	}
+	toJsonObject() {
+		return {
+			...this.toBaseJsonObject(),
+			progress: this.progress
+		};
+	}
+	toJsonString() {
+		return JSON.stringify(this.toJsonObject());
+	}
+	toHttpResponse() {
+		return new Response(this.toJsonString(), {
+			status: 200,
+			headers: { "Content-Type": "application/json" }
+		});
+	}
+};
+//#endregion
+//#region src/ActionDefinition/Action/Payload/ActionPayload_Result.ts
+var ActionPayload_Result = class extends ActionPayload {
+	result;
+	outputHash;
+	constructor(params, result, data) {
+		super(params.context, "result", data);
+		this.result = result;
+		this.outputHash = result.ok ? hashPayloadData(this.context.schema.serializeOutput(result.output)) : hashPayloadData(result.error.message);
+	}
+	toJsonObject() {
+		const wireResult = this.result.ok ? {
+			ok: true,
+			output: this.context.schema.serializeOutput(this.result.output)
+		} : this.result;
+		return {
+			...this.toBaseJsonObject(),
+			result: wireResult,
+			outputHash: this.outputHash
+		};
+	}
+	toJsonString() {
+		return JSON.stringify(this.toJsonObject());
+	}
+	toHttpResponse({ useErrorStatus = true } = {}) {
+		return new Response(this.toJsonString(), {
+			status: this.result.ok ? 200 : useErrorStatus ? this.result.error.httpStatusCode : 500,
+			headers: { "Content-Type": "application/json" }
+		});
+	}
+};
+//#endregion
+//#region src/ActionDefinition/Action/Payload/ActionPayload_Request.ts
+var ActionPayload_Request = class extends ActionPayload {
+	input;
+	inputHash;
+	_callSite;
+	constructor(params, input, data) {
+		super(params.context, "request", data);
+		this.input = input;
+		this.inputHash = hashPayloadData(this.context.schema.serializeInput(input));
+	}
+	successResult(...args) {
+		const output = args[0];
+		const finalOutput = this.context.schema.validateOutput(output, {
+			domain: this.domain,
+			actionId: this.id
+		});
+		return new ActionPayload_Result(this, {
+			ok: true,
+			output: finalOutput
+		}, { time: Date.now() });
+	}
+	errorResult(err) {
+		return new ActionPayload_Result(this, {
+			ok: false,
+			error: err
+		}, { time: Date.now() });
+	}
+	progress(progress) {
+		return new ActionPayload_Progress(this, progress, { time: Date.now() });
+	}
+	toJsonObject() {
+		return {
+			...super.toBaseJsonObject(),
+			input: this.context.schema.serializeInput(this.input),
+			inputHash: this.inputHash
+		};
+	}
+	toJsonString() {
+		return JSON.stringify(this.toJsonObject());
+	}
+	async runToOutput(options) {
+		const result = await (await this.run(options)).waitForResultPayload();
+		if (result.result.ok) return result.result.output;
+		throw result.result.error;
+	}
+	async runToResultPayload(options) {
+		return (await this.run(options)).waitForResultPayload();
+	}
+	async run(options) {
+		if (this._callSite == null) this._callSite = (/* @__PURE__ */ new Error()).stack;
+		return this._domain.runAction(this, options);
+	}
+};
+//#endregion
+//#region src/ActionDefinition/Action/RunningAction.ts
+var RunningAction = class {
+	_state;
+	context;
+	cuid;
+	id;
+	_domain;
+	domain;
+	allDomains;
+	parentCuid;
+	callSite;
+	_resultPayloadPromise;
+	_resolveResult;
+	_rejectResult;
+	_isAborted = false;
+	_updates = [];
+	_updateListeners = [];
+	constructor(initialState) {
+		this.context = initialState.context;
+		this.cuid = initialState.context.cuid;
+		this.id = initialState.context.id;
+		this.domain = initialState.context.domain;
+		this.allDomains = initialState.context.allDomains;
+		this._domain = initialState.context._domain;
+		this.parentCuid = initialState.parentCuid;
+		this.callSite = initialState.callSite;
+		this._resultPayloadPromise = new Promise((resolve, reject) => {
+			this._resolveResult = resolve;
+			this._rejectResult = reject;
+		});
+		this._resultPayloadPromise.catch(() => {});
+		this._state = {
+			request: initialState.request,
+			progress: initialState.progress ?? [],
+			result: initialState.result
+		};
+		this._sendUpdate({
+			type: "started",
+			runningAction: this,
+			time: Date.now()
+		});
+	}
+	get state() {
+		return this._state;
+	}
+	abort(reason) {
+		this._abort(reason);
+	}
+	addUpdateListeners(listeners) {
+		this._updateListeners.push(...listeners);
+		for (const event of this._updates) for (const listener of listeners) listener(event);
+		return () => {
+			for (const listener of listeners) {
+				const i = this._updateListeners.indexOf(listener);
+				if (i !== -1) this._updateListeners.splice(i, 1);
+			}
+		};
+	}
+	async *iterateUpdates() {
+		const queue = [];
+		let resolveWaiter = null;
+		const unsubscribe = this.addUpdateListeners([(event) => {
+			queue.push(event);
+			if (resolveWaiter) {
+				resolveWaiter();
+				resolveWaiter = null;
+			}
+		}]);
+		try {
+			while (true) {
+				if (queue.length === 0) await new Promise((resolve) => {
+					resolveWaiter = resolve;
+				});
+				const event = queue.shift();
+				yield event;
+				if (event.type === "finished") break;
+			}
+		} finally {
+			unsubscribe();
+		}
+	}
+	_sendUpdate(update) {
+		this._updates.push(update);
+		for (const listener of this._updateListeners) listener(update);
+	}
+	_completeWithResult(result) {
+		if (this._state.result != null || this._isAborted) return false;
+		this._state = {
+			request: this._state.request,
+			progress: this._state.progress,
+			result
+		};
+		this._resolveResult(result);
+		this._sendUpdate({
+			type: "finished",
+			finishType: "success",
+			runningAction: this,
+			time: Date.now(),
+			response: result
+		});
+		return true;
+	}
+	_abort(reason) {
+		if (this._state.result != null || this._isAborted) return false;
+		this._isAborted = true;
+		this._rejectResult(reason);
+		this._sendUpdate({
+			type: "finished",
+			finishType: "aborted",
+			runningAction: this,
+			time: Date.now(),
+			reason
+		});
+		return true;
+	}
+	_failWithError(error) {
+		if (this._state.result != null || this._isAborted) return false;
+		this._isAborted = true;
+		this._rejectResult(error);
+		this._sendUpdate({
+			type: "finished",
+			finishType: "failed",
+			runningAction: this,
+			time: Date.now(),
+			error
+		});
+		return true;
+	}
+	_updateProgress(progress) {
+		if (this._state.result != null || this._isAborted) return;
+		this._state.progress.push(progress);
+		this._sendUpdate({
+			type: "progress",
+			runningAction: this,
+			time: Date.now(),
+			progress: progress.progress
+		});
+	}
+	waitForResultPayload() {
+		return this._resultPayloadPromise;
+	}
+	_resolveFromJson(resultJson) {
+		if (this._state.result != null || this._isAborted) return false;
+		const result = this._domain.hydrateResultPayload(resultJson);
+		return this._completeWithResult(result);
+	}
+};
+//#endregion
+//#region src/errors/err_nice_action.ts
+let EErrId_NiceAction = /* @__PURE__ */ function(EErrId_NiceAction) {
+	EErrId_NiceAction["not_implemented"] = "not_implemented";
+	EErrId_NiceAction["action_id_not_in_domain"] = "action_id_not_in_domain";
+	EErrId_NiceAction["domain_already_exists_in_hierarchy"] = "domain_already_exists_in_hierarchy";
+	EErrId_NiceAction["domain_no_handler"] = "domain_no_handler";
+	EErrId_NiceAction["hydration_domain_mismatch"] = "hydration_domain_mismatch";
+	EErrId_NiceAction["hydration_action_state_mismatch"] = "hydration_action_state_mismatch";
+	EErrId_NiceAction["hydration_action_id_not_found"] = "hydration_action_id_not_found";
+	EErrId_NiceAction["no_action_execution_handler"] = "no_action_execution_handler";
+	EErrId_NiceAction["wire_action_not_payload"] = "wire_action_not_payload";
+	EErrId_NiceAction["wire_not_action_data"] = "wire_not_action_data";
+	EErrId_NiceAction["client_runtime_already_registered"] = "client_runtime_already_registered";
+	EErrId_NiceAction["client_runtime_not_registered"] = "client_runtime_not_registered";
+	EErrId_NiceAction["runtime_reset"] = "runtime_reset";
+	EErrId_NiceAction["no_client_runtimes_registered"] = "no_client_runtimes_registered";
+	EErrId_NiceAction["action_input_validation_failed"] = "action_input_validation_failed";
+	EErrId_NiceAction["action_input_validation_promise"] = "action_input_validation_promise";
+	EErrId_NiceAction["action_output_validation_failed"] = "action_output_validation_failed";
+	EErrId_NiceAction["action_output_validation_promise"] = "action_output_validation_promise";
+	return EErrId_NiceAction;
+}({});
+const err_nice_action = _nice_code_error.err_nice.createChildDomain({
+	domain: "err_nice_action",
+	defaultHttpStatusCode: 500,
+	schema: {
+		["not_implemented"]: (0, _nice_code_error.err)({ message: ({ label }) => `The "${label}" functionality is not implemented yet.` }),
+		["action_id_not_in_domain"]: (0, _nice_code_error.err)({ message: ({ actionId, domain }) => `Action with id "${actionId}" does not exist in domain "${domain}".` }),
+		["domain_already_exists_in_hierarchy"]: (0, _nice_code_error.err)({ message: ({ domain, allParentDomains, parentDomain }) => `Domain "${domain}" already exists in the hierarchy under the parent "${parentDomain}". All parent domains ["${allParentDomains.join(", ")}"]` }),
+		["domain_no_handler"]: (0, _nice_code_error.err)({ message: ({ domain }) => `Domain "${domain}" has no action handler registered.` }),
+		["hydration_domain_mismatch"]: (0, _nice_code_error.err)({ message: ({ expected, received }) => `Cannot hydrate action: domain mismatch. Expected "${expected}", got "${received}".` }),
+		["hydration_action_state_mismatch"]: (0, _nice_code_error.err)({ message: ({ expected, received }) => `Cannot hydrate action: action state type mismatch. Expected "${expected}", got "${received}".` }),
+		["hydration_action_id_not_found"]: (0, _nice_code_error.err)({ message: ({ domain, actionId }) => `Cannot hydrate action: id "${actionId}" does not exist in domain "${domain}".` }),
+		["no_action_execution_handler"]: (0, _nice_code_error.err)({ message: ({ domain, actionId, specifiedClient }) => `${specifiedClient ? ` The targeted client runtime [${specifiedClient.stringId}] has no` : "No"} action handler registered for "${actionId}" in domain "${domain}".` }),
+		["wire_action_not_payload"]: (0, _nice_code_error.err)({ message: ({ domain, actionId, actionState }) => `Cannot handle wire for action "${actionId}" in domain "${domain}": expected action form of "data" and type of "request", "progress" or "result", got "${actionState}".` }),
+		["wire_not_action_data"]: (0, _nice_code_error.err)({ message: () => `Cannot handle wire for action: expected an object with a "domain" property of type string, a "form" property of "data" and a "type" property of "request", "progress" or "result".` }),
+		["runtime_reset"]: (0, _nice_code_error.err)({ message: () => `Runtime has been reset.` }),
+		["client_runtime_already_registered"]: (0, _nice_code_error.err)({ message: ({ context, client }) => `Environment is already registered${context?.domain ? ` on domain "${context.domain}"` : ""} for client [${client.stringId}]. Each client specifier (exact match on all properties) may only be registered once.` }),
+		["client_runtime_not_registered"]: (0, _nice_code_error.err)({ message: ({ context, clientStringId }) => `No runtime registered${context?.domain ? ` on domain "${context.domain}"` : ""} for client [${clientStringId}].` }),
+		["no_client_runtimes_registered"]: (0, _nice_code_error.err)({ message: ({ context }) => `No runtimes registered${context?.domain ? ` on domain "${context.domain}"` : ""}. Add handlers to a runtime via runtime.addHandlers([handler]) before executing actions.` }),
+		["action_input_validation_failed"]: (0, _nice_code_error.err)({
+			message: ({ domain, actionId, validationMessage }) => `Input validation failed for action "${actionId}" in domain "${domain}":\n${validationMessage}`,
+			httpStatusCode: 400
+		}),
+		["action_input_validation_promise"]: (0, _nice_code_error.err)({
+			message: ({ domain, actionId }) => `Input validation for action "${actionId}" in domain "${domain}" returned a promise, which is not supported.`,
+			httpStatusCode: 400
+		}),
+		["action_output_validation_failed"]: (0, _nice_code_error.err)({
+			message: ({ domain, actionId, validationMessage }) => `Output validation failed for action "${actionId}" in domain "${domain}":\n${validationMessage}`,
+			httpStatusCode: 500
+		}),
+		["action_output_validation_promise"]: (0, _nice_code_error.err)({
+			message: ({ domain, actionId }) => `Output validation for action "${actionId}" in domain "${domain}" returned a promise, which is not supported.`,
+			httpStatusCode: 500
+		})
+	}
+});
+//#endregion
+//#region src/utils/isAction_Base_JsonObject.ts
+const isAction_Base_JsonObject = (obj) => {
+	return typeof obj === "object" && obj !== null && typeof obj.domain === "string" && typeof obj.id === "string" && typeof obj.form === "string";
+};
+//#endregion
+//#region src/utils/isActionPayload_Result_JsonObject.ts
+const isActionPayload_Result_JsonObject = (obj) => {
+	return isAction_Base_JsonObject(obj) && obj.result != null && obj.form === "data" && obj.type === "result";
+};
+//#endregion
+//#region src/ActionDefinition/Schema/ActionSchema.ts
+/**
+* What a sender should expect back from an action — declared on its schema so both ends agree without
+* any wire flag (each derives the mode from the shared `domain:id`).
+*
+* - `payload` — a typed output (the action has `.output(...)`); the sender awaits it.
+* - `ack` — an empty success confirming receipt (no output); the sender may await it to know the
+*   receiver handled it (or to surface an error). This is the default for an action with no output.
+* - `none` — fire-and-forget: the receiver sends no reply and the sender doesn't wait. The sender's
+*   running action completes as soon as the frame is on the wire (no pending reply, no timeout).
+*/
+let EActionResponseMode = /* @__PURE__ */ function(EActionResponseMode) {
+	EActionResponseMode["payload"] = "payload";
+	EActionResponseMode["ack"] = "ack";
+	EActionResponseMode["none"] = "none";
+	return EActionResponseMode;
+}({});
+var ActionSchema = class {
+	_errorDeclarations = [];
+	inputOptions;
+	outputOptions;
+	_responseMode;
+	get inputSchema() {
+		return this.inputOptions?.schema;
+	}
+	get outputSchema() {
+		return this.outputOptions?.schema;
+	}
+	/**
+	* The response contract for this action. Defaults are inferred — `payload` when an output schema is
+	* declared, otherwise `ack` — and made explicit by {@link ack} / {@link fireAndForget}.
+	*/
+	get responseMode() {
+		if (this._responseMode != null) return this._responseMode;
+		return this.outputOptions != null ? "payload" : "ack";
+	}
+	/**
+	* Mark this action as expecting only an acknowledgment (an empty success). Mostly for clarity — an
+	* output-less action already acks by default — but it documents intent and reads as the deliberate
+	* counterpart to {@link fireAndForget}.
+	*/
+	ack() {
+		this._responseMode = "ack";
+		return this;
+	}
+	/**
+	* Mark this action as fire-and-forget: the receiver sends no reply, and the sender's running action
+	* completes the moment the frame is sent (no awaited reply, no timeout). Ideal for high-frequency
+	* server→client pushes (presence, ticks) where an ack would only add wire chatter.
+	*/
+	fireAndForget() {
+		this._responseMode = "none";
+		return this;
+	}
+	/**
+	* Declare the input schema (JSON-native or with explicit SERDE type param).
+	* For non-JSON-native inputs, prefer the 3-argument form below to avoid
+	* needing explicit type parameters.
+	*/
+	input(options) {
+		this.inputOptions = options;
+		return this;
+	}
+	/**
+	* Declare the output schema (JSON-native or with explicit SERDE type param).
+	* For non-JSON-native outputs, prefer the 3-argument form below to avoid
+	* needing explicit type parameters.
+	*/
+	output(options) {
+		this.outputOptions = options;
+		return this;
+	}
+	throws(domain, ids) {
+		this._errorDeclarations.push({
+			_domain: domain,
+			_ids: ids
+		});
+		return this;
+	}
+	/**
+	* Serialize raw input to a JSON-serializable form.
+	* Uses the schema's serialization.serialize if defined; otherwise the input
+	* is already JSON-native and is returned as-is.
+	*/
+	serializeInput(rawInput) {
+		if (this.inputOptions?.serialization) return this.inputOptions.serialization.serialize(rawInput);
+		return rawInput;
+	}
+	/**
+	* Deserialize a JSON value back into the raw input type.
+	* Uses serialization.deserialize if defined; otherwise the value is cast
+	* directly (it's already in the correct shape).
+	*/
+	deserializeInput(serialized) {
+		if (this.inputOptions?.serialization) return this.inputOptions.serialization.deserialize(serialized);
+		return serialized;
+	}
+	/**
+	* Validate raw input against the schema defined via `.input({ schema })`.
+	* Throws `action_input_validation_failed` if validation fails.
+	* Returns the validated (and possibly coerced) value on success.
+	* If no input schema was declared, the value is passed through as-is.
+	*/
+	validateInput(value, meta) {
+		if (this.inputOptions?.schema == null) return value;
+		const result = this.inputOptions.schema["~standard"].validate(value);
+		if (result instanceof Promise) throw err_nice_action.fromId("action_input_validation_promise", {
+			domain: meta.domain,
+			actionId: meta.actionId
+		});
+		if (result.issues != null) throw err_nice_action.fromId("action_input_validation_failed", {
+			domain: meta.domain,
+			actionId: meta.actionId,
+			validationMessage: (0, _nice_code_common_errors.extractMessageFromStandardSchema)(result)
+		});
+		return result.value;
+	}
+	validateOutput(value, meta) {
+		if (this.outputOptions?.schema == null) return value;
+		const result = this.outputOptions.schema["~standard"].validate(value);
+		if (result instanceof Promise) throw err_nice_action.fromId("action_output_validation_promise", {
+			domain: meta.domain,
+			actionId: meta.actionId
+		});
+		if (result.issues != null) throw err_nice_action.fromId("action_output_validation_failed", {
+			domain: meta.domain,
+			actionId: meta.actionId,
+			validationMessage: (0, _nice_code_common_errors.extractMessageFromStandardSchema)(result)
+		});
+		return result.value;
+	}
+	/**
+	* Serialize raw output to a JSON-serializable form.
+	*/
+	serializeOutput(rawOutput) {
+		if (this.outputOptions?.serialization) return this.outputOptions.serialization.serialize(rawOutput);
+		return rawOutput;
+	}
+	/**
+	* Deserialize a JSON value back into the raw output type.
+	*/
+	deserializeOutput(serialized) {
+		if (this.outputOptions?.serialization) return this.outputOptions.serialization.deserialize(serialized);
+		return serialized;
+	}
+};
+const actionSchema = () => {
+	return new ActionSchema();
+};
+//#endregion
+//#region src/utils/getAssumedRuntimeEnvironment.ts
+const getAssumedRuntimeInfo = () => {
+	return {
+		assumed: true,
+		runtimeName: std_env.runtime
+	};
+};
+//#endregion
+//#region src/utils/isActionPayload_Progress_JsonObject.ts
+const isActionPayload_Progress_JsonObject = (obj) => {
+	return isAction_Base_JsonObject(obj) && "progress" in obj && obj.form === "data" && obj.type === "progress";
+};
+//#endregion
+//#region src/utils/isActionPayload_Request_JsonObject.ts
+const isActionPayload_Request_JsonObject = (obj) => {
+	return isAction_Base_JsonObject(obj) && "input" in obj && obj.form === "data" && obj.type === "request";
+};
+//#endregion
+//#region src/utils/isActionPayload_Any_JsonObject.ts
+function isActionPayload_Any_JsonObject(obj) {
+	return isActionPayload_Request_JsonObject(obj) || isActionPayload_Result_JsonObject(obj) || isActionPayload_Progress_JsonObject(obj);
+}
+//#endregion
+//#region src/ActionRuntime/HandlerCallStack.ts
+const _stack = [];
+function pushHandlerCuid(cuid) {
+	_stack.push(cuid);
+}
+function popHandlerCuid() {
+	_stack.pop();
+}
+function peekHandlerCuid() {
+	return _stack[_stack.length - 1];
+}
+//#endregion
+//#region src/ActionRuntime/Handler/PeerLink/Connector/err_nice_external_client.ts
+const err_nice_external_client = err_nice_action.createChildDomain({
+	domain: "err_nice_external_client",
+	schema: {}
+});
+//#endregion
+//#region src/ActionRuntime/Transport/err_nice_transport.ts
+let EErrId_NiceTransport = /* @__PURE__ */ function(EErrId_NiceTransport) {
+	EErrId_NiceTransport["timeout"] = "timeout";
+	EErrId_NiceTransport["not_found"] = "not_found";
+	EErrId_NiceTransport["unsupported"] = "unsupported";
+	EErrId_NiceTransport["initialization_failed"] = "initialization_failed";
+	EErrId_NiceTransport["send_failed"] = "send_failed";
+	EErrId_NiceTransport["invalid_action_response"] = "invalid_action_response";
+	return EErrId_NiceTransport;
+}({});
+const err_nice_transport = err_nice_external_client.createChildDomain({
+	domain: "err_nice_transport",
+	schema: {
+		["timeout"]: (0, _nice_code_error.err)({ message: ({ timeout }) => `ActionConnect transport timed out after ${timeout}ms.` }),
+		["not_found"]: (0, _nice_code_error.err)({ message: ({ actionId }) => `No connected transport found for action "${actionId}".` }),
+		["unsupported"]: (0, _nice_code_error.err)({ message: ({ transportShapes }) => `${transportShapes.length} Transport(s) [${transportShapes.join(", ")}] found but returned "unsupported" status.` }),
+		["initialization_failed"]: (0, _nice_code_error.err)({ message: ({ actionId }) => `Transports found for action "${actionId}", but none are ready.` }),
+		["send_failed"]: (0, _nice_code_error.err)({
+			message: ({ actionId, httpStatusCode, message }) => `Failed to send action "${actionId}" [${httpStatusCode ?? "Unknown status"}]: ${message ?? "Unknown error"}.`,
+			httpStatusCode: ({ httpStatusCode }) => httpStatusCode ?? 500
+		}),
+		["invalid_action_response"]: (0, _nice_code_error.err)({ message: ({ actionId }) => `Invalid action response JSON structure for action "${actionId}"` })
+	}
+});
+//#endregion
+//#region src/ActionRuntime/Transport/Transport.types.ts
+/**
+* Carrier-shape class identity: the one carrier-invariant trait the selection layer reasons about —
+* whether a carrier can push unsolicited frames (`duplex`: WS/WebRTC/BLE/in-memory) or only answers a
+* request with a single correlated reply (`exchange`: HTTP). The concrete carrier kind ("ws", "webrtc",
+* "http", …) is a free-form {@link ITransportRouteInfo.carrierLabel} for display, not a class tag.
+*/
+let ETransportShape = /* @__PURE__ */ function(ETransportShape) {
+	ETransportShape["duplex"] = "duplex";
+	ETransportShape["exchange"] = "exchange";
+	return ETransportShape;
+}({});
+/**
+*
+*  TRANSPORT READINESS RESPONSE
+*
+*/
+let ETransportStatus = /* @__PURE__ */ function(ETransportStatus) {
+	ETransportStatus["uninitialized"] = "uninitialized";
+	ETransportStatus["unsupported"] = "unsupported";
+	ETransportStatus["initializing"] = "initializing";
+	ETransportStatus["ready"] = "ready";
+	ETransportStatus["failed"] = "failed";
+	return ETransportStatus;
+}({});
+//#endregion
+//#region src/ActionRuntime/Transport/ConnectionTransportManager.ts
+var ConnectionTransportManager = class {
+	_cache;
+	_transports = [];
+	constructor(_cache) {
+		this._cache = _cache;
+	}
+	addTransport(transport) {
+		this._transports.push(transport);
+	}
+	/**
+	* The highest-priority transport (first declared). Used to label an action's route *before* the
+	* transport has finished connecting — so a still-connecting action shows its (expected) destination
+	* instead of an "unknown" hop. {@link getReadyTransport} still decides the real winner, and the
+	* caller corrects the hop if a lower-priority transport ends up serving the action.
+	*/
+	getPreferredTransport() {
+		return this._transports[0];
+	}
+	async getReadyTransport(routeActionParams) {
+		const action = routeActionParams.action;
+		const candidates = [];
+		const unavailableTransports = [];
+		for (const transport of this._transports) {
+			if (!transport.isAvailable(routeActionParams)) {
+				unavailableTransports.push(transport);
+				continue;
+			}
+			const cacheKey = transport.getCacheKey(routeActionParams);
+			if (cacheKey != null) {
+				const cached = this._cache.get(cacheKey);
+				if (cached != null) {
+					if (cached instanceof Promise) {
+						candidates.push(cached);
+						continue;
+					}
+					candidates.push(Promise.resolve({
+						...cached,
+						transport
+					}));
+					break;
+				}
+			}
+			const statusInfo = transport.getTransport(routeActionParams);
+			if (statusInfo.status === "ready") {
+				const readyData = statusInfo.readyData;
+				if (cacheKey != null) {
+					const entry = {
+						methods: readyData,
+						transport
+					};
+					this._cache.set(cacheKey, entry);
+					readyData.addOnDisconnectListener?.(() => {
+						if (this._cache.get(cacheKey) === entry) this._cache.delete(cacheKey);
+					});
+				}
+				candidates.push(Promise.resolve({
+					methods: readyData,
+					transport
+				}));
+				break;
+			}
+			if (statusInfo.status === "unsupported") {
+				unavailableTransports.push(transport);
+				continue;
+			}
+			if (statusInfo.status === "initializing") {
+				const promise = statusInfo.initializationPromise.then((info) => {
+					if (info.status === "failed") throw info.error;
+					if (info.status === "unsupported") throw err_nice_transport.fromId("unsupported", { transportShapes: [transport.type] });
+					const readyData = info.readyData;
+					const entry = {
+						methods: readyData,
+						transport
+					};
+					if (cacheKey != null) if (this._cache.get(cacheKey) === promise) {
+						this._cache.set(cacheKey, entry);
+						readyData.addOnDisconnectListener?.(() => {
+							if (this._cache.get(cacheKey) === entry) this._cache.delete(cacheKey);
+						});
+					} else readyData.disconnect?.();
+					return entry;
+				}).catch((e) => {
+					if (cacheKey != null && this._cache.get(cacheKey) === promise) this._cache.delete(cacheKey);
+					throw e;
+				});
+				if (cacheKey != null) this._cache.set(cacheKey, promise);
+				candidates.push(promise);
+			}
+		}
+		if (candidates.length === 0) {
+			if (unavailableTransports.length > 0) throw err_nice_transport.fromId("unsupported", { transportShapes: unavailableTransports.map((t) => t.type) });
+			throw err_nice_transport.fromId("not_found", { actionId: action.id });
+		}
+		let lastError;
+		for (const candidate of candidates) try {
+			return await candidate;
+		} catch (e) {
+			lastError = e;
+		}
+		throw err_nice_transport.fromId("initialization_failed", { actionId: action.id }).withOriginError(lastError);
+	}
+};
+//#endregion
+//#region src/ActionRuntime/ActionDomainManager.ts
+var ActionDomainManager = class {
+	_domains = /* @__PURE__ */ new Map();
+	addDomain(domain) {
+		this._domains.set(domain.domain, domain);
+	}
+	getDomains() {
+		return [...this._domains.values()];
+	}
+	verifyIsActionJson(action) {
+		if (typeof action.domain !== "string" || typeof action.id !== "string") throw err_nice_action.fromId("wire_not_action_data");
+	}
+	getActionDomain(action) {
+		this.verifyIsActionJson(action);
+		const domain = this._domains.get(action.domain);
+		if (!domain) return;
+		return domain;
+	}
+	getActionDomainOrThrow(action) {
+		this.verifyIsActionJson(action);
+		const domain = this._domains.get(action.domain);
+		if (!domain) throw err_nice_action.fromId("domain_no_handler", { domain: action.domain });
+		return domain;
+	}
+	hydrateActionPayload(actionJson) {
+		return this.getActionDomainOrThrow(actionJson).hydrateAnyAction(actionJson);
+	}
+};
+//#endregion
+//#region src/ActionRuntime/Routing/ActionRouter.ts
+var ActionRouter = class {
+	domainManager = new ActionDomainManager();
+	actionRouteData = /* @__PURE__ */ new Map();
+	_context;
+	constructor(context) {
+		this._context = context;
+	}
+	/** Copy all routes from another router into this one, replacing any overlapping keys. */
+	mergeRouter(actionRouter) {
+		for (const domain of actionRouter.getDomains()) this.domainManager.addDomain(domain);
+		for (const [matchKey, routeDataEntries] of actionRouter.actionRouteData.entries()) this.actionRouteData.set(matchKey, [...routeDataEntries]);
+	}
+	addDomainsFromOther(actionRouter) {
+		for (const domain of actionRouter.getDomains()) this.domainManager.addDomain(domain);
+	}
+	/** All FNs registered for an action, ID-specific entries first then domain wildcard. */
+	getRouteDataEntriesForAction(action) {
+		const idKey = `dom[${action.domain}]id[${action.id}]`;
+		const domKey = `dom[${action.domain}]id[_]`;
+		return [...this.actionRouteData.get(idKey) ?? [], ...this.actionRouteData.get(domKey) ?? []];
+	}
+	/** First FN registered for an action (ID-specific beats domain wildcard). */
+	getRouteDataForAction(action) {
+		return this.getRouteDataEntriesForAction(action)[0];
+	}
+	throwNoHandlerForAction(action, context) {
+		if (this._context.contextType === "handler_route") throw err_nice_action.fromId("no_action_execution_handler", {
+			domain: action.domain,
+			actionId: action.id,
+			specifiedClient: context.targetLocalRuntime?.coordinate
+		});
+		if (this._context.contextType === "runtime_to_handler") throw err_nice_action.fromId("no_action_execution_handler", {
+			domain: action.domain,
+			actionId: action.id,
+			specifiedClient: this._context.runtime.coordinate
+		});
+		throw err_nice_action.fromId("no_action_execution_handler", {
+			domain: action.domain,
+			actionId: action.id
+		});
+	}
+	getRouteDataEntriesForActionOrThrow(action, context) {
+		const entries = this.getRouteDataEntriesForAction(action);
+		if (entries.length === 0) this.throwNoHandlerForAction(action, context);
+		return entries;
+	}
+	getRouteDataForActionOrThrow(action, context) {
+		const routeData = this.getRouteDataForAction(action);
+		if (!routeData) this.throwNoHandlerForAction(action, context);
+		return routeData;
+	}
+	/** All FNs stored under an exact match key. */
+	getForKey(key) {
+		return this.actionRouteData.get(key) ?? [];
+	}
+	/** Every match key that has at least one registered FN. */
+	getRegisteredKeys() {
+		return [...this.actionRouteData.keys()];
+	}
+	getDomains() {
+		return this.domainManager.getDomains();
+	}
+	/** Register a handler for all actions in a domain, replacing any existing one. */
+	forDomain(domain, routeData) {
+		this.domainManager.addDomain(domain);
+		this.actionRouteData.set(`dom[${domain.domain}]id[_]`, [routeData]);
+		return this;
+	}
+	forAction(action, routeData) {
+		return this.forActionId(action._domain, action.id, routeData);
+	}
+	/** Register a handler for a specific action, replacing any existing one. */
+	forActionId(domain, id, routeData) {
+		this.domainManager.addDomain(domain);
+		this.actionRouteData.set(`dom[${domain.domain}]id[${id}]`, [routeData]);
+		return this;
+	}
+	/** Register one handler for several action IDs, replacing any existing ones. */
+	forActionIds(domain, ids, routeData) {
+		this.domainManager.addDomain(domain);
+		for (const id of ids) this.forActionId(domain, id, routeData);
+		return this;
+	}
+	/** Register per-action handlers from a cases map, replacing any existing ones. */
+	forDomainActionCases(domain, cases) {
+		this.domainManager.addDomain(domain);
+		for (const id of Object.keys(cases)) {
+			const routeData = cases[id];
+			if (routeData != null) this.actionRouteData.set(`dom[${domain.domain}]id[${id}]`, [routeData]);
+		}
+		return this;
+	}
+	/** Append a handler for all actions in a domain (accumulates alongside existing). */
+	addForDomain(domain, routeData) {
+		this.domainManager.addDomain(domain);
+		this._push(`dom[${domain.domain}]id[_]`, routeData);
+		return this;
+	}
+	/** Append a handler for a specific action (accumulates alongside existing). */
+	addForAction(domain, id, routeData) {
+		this.domainManager.addDomain(domain);
+		this._push(`dom[${domain.domain}]id[${id}]`, routeData);
+		return this;
+	}
+	/** Append one handler for several action IDs (accumulates alongside existing). */
+	addForActionIds(domain, ids, routeData) {
+		this.domainManager.addDomain(domain);
+		for (const id of ids) this.addForAction(domain, id, routeData);
+		return this;
+	}
+	/** Append per-action handlers from a cases map (accumulates alongside existing). */
+	addForDomainActionCases(domain, cases) {
+		this.domainManager.addDomain(domain);
+		for (const id of Object.keys(cases)) {
+			const routeData = cases[id];
+			if (routeData != null) this._push(`dom[${domain.domain}]id[${id}]`, routeData);
+		}
+		return this;
+	}
+	/** Append a handler directly by its raw match key (used when the key is known ahead of time). */
+	addForKey(key, routeData) {
+		this._push(key, routeData);
+		return this;
+	}
+	_push(key, routeData) {
+		const existing = this.actionRouteData.get(key);
+		if (existing != null) existing.push(routeData);
+		else this.actionRouteData.set(key, [routeData]);
+	}
+};
+//#endregion
+//#region src/ActionRuntime/Handler/ActionHandler.ts
+var ActionHandler = class {
+	cuid;
+	constructor() {
+		this.cuid = (0, nanoid.nanoid)();
+	}
+	getActionRouter() {
+		return this.actionRouter;
+	}
+};
+//#endregion
+//#region src/ActionRuntime/Handler/PeerLink/PeerLinkHandler.ts
+/**
+* Shared base for every handler that routes a domain set to/from *another runtime* (a "peer") — the
+* unified peer-link concept. Both specializations extend this as siblings, differing only in *who
+* establishes the connection*, which is a transport trait, not a routing one:
+*
+* - {@link ConnectorHandler} — **dial-out**: this runtime opens connection(s) to one peer
+*   over a transport stack (with caching + fallback). The classic "client → backend" link.
+* - {@link AcceptorHandler} — **accept-in**: connections are accepted from many peers and fed in
+*   via `receive()`; it keeps a per-connection registry and can push to any of them.
+*
+* To the runtime there is no "client" vs "server" — both are peer-link handlers (`handlerType =
+* external`) keyed to a peer coordinate, chosen by the return-path dispatch via {@link sendReturnPayload}.
+*/
+var PeerLinkHandler = class extends ActionHandler {
+	/** The peer runtime this handler links to (an env-only coordinate for an accept-in handler). */
+	peerClient;
+	handlerType = "peer";
+	actionRouter = new ActionRouter({
+		contextType: "handler_route",
+		handler: this
+	});
+	/** Listeners installed by the runtime (`resolveIncomingActionPayload`) for inbound peer frames. */
+	_incomingActionDataListeners = [];
+	constructor(peerCoordinate) {
+		super();
+		this.peerClient = peerCoordinate;
+	}
+	forDomain(domain) {
+		this.actionRouter.forDomain(domain, true);
+		return this;
+	}
+	forAction(action) {
+		this.actionRouter.forAction(action, true);
+		return this;
+	}
+	forActionIds(domain, ids) {
+		this.actionRouter.forActionIds(domain, ids, true);
+		return this;
+	}
+	_setIncomingActionDataListener(listener) {
+		this._incomingActionDataListeners.push(listener);
+	}
+	/** Hand a decoded inbound frame to the runtime (called by each specialization's receive path). */
+	_emitIncoming(json) {
+		for (const listener of this._incomingActionDataListeners) listener(json);
+	}
+	/**
+	* Whether this handler currently holds a *live* connection bound to `origin`. The runtime's return-path
+	* dispatch ({@link ActionRuntime.getReturnHandlerForOrigin}) prefers a handler that owns the origin's
+	* connection over a mere coordinate match, so with several duplex acceptors a result/push routes back
+	* over the carrier the client connected on. Defaults to `false`; an acceptor overrides it from its
+	* connection registry.
+	*/
+	ownsLiveConnectionFor(_origin) {
+		return false;
+	}
+	/** Release any long-lived connections this handler owns (a teardown). No-op by default. */
+	clearTransportCache() {}
+};
+//#endregion
+//#region src/ActionRuntime/Handler/PeerLink/Connector/ConnectorHandler.ts
+/**
+* Dial-out peer link: this runtime opens connection(s) to one peer over a transport stack (cached, with
+* preference-ordered fallback). The classic "client → backend" handler — but to the runtime it's just a
+* {@link PeerLinkHandler} like the accept-in server one.
+*/
+var ConnectorHandler = class extends PeerLinkHandler {
+	/**
+	* Dial-out can receive (and so return) an unsolicited push only over a duplex transport. With every
+	* transport exchange-only (HTTP), the peer can never push to us — so this link can't deliver one back.
+	*/
+	canPush;
+	_defaultTimeout;
+	_transportCache = /* @__PURE__ */ new Map();
+	transportManager = new ConnectionTransportManager(this._transportCache);
+	constructor({ runtimeCoordinate: peerSpecifier, transports, defaultTimeout }) {
+		super(peerSpecifier);
+		this._defaultTimeout = defaultTimeout ?? 1e4;
+		this.canPush = transports.some((transport) => transport.type === "duplex");
+		for (const transport of transports) {
+			const connection = transport._createConnection({ resolvers: { onIncomingActionDataJson: (json) => this._emitIncoming(json) } });
+			connection.definition = transport;
+			this.transportManager.addTransport(connection);
+		}
+	}
+	async handleActionRequest(action, config) {
+		const localRuntime = config?.targetLocalRuntime ?? ActionRuntime.getDefault();
+		const localClient = localRuntime.coordinate;
+		const incomingTimeout = config?.timeout ?? this._defaultTimeout;
+		const parentCuid = peekHandlerCuid();
+		const callSite = action._callSite ?? (/* @__PURE__ */ new Error()).stack;
+		const routeParams = {
+			action,
+			localClient,
+			externalClient: this.peerClient
+		};
+		const preferredTransport = this.transportManager.getPreferredTransport();
+		const routeItem = preferredTransport != null ? {
+			runtime: localClient,
+			handler: this.toHandlerRouteItem(preferredTransport, routeParams),
+			time: Date.now()
+		} : void 0;
+		if (routeItem != null) action.context.addRouteItem(routeItem);
+		const runningAction = new RunningAction({
+			context: action.context,
+			request: action,
+			parentCuid,
+			callSite
+		});
+		localRuntime.registerRunningAction(runningAction);
+		this._dispatchWhenTransportReady(runningAction, routeParams, routeItem, incomingTimeout);
+		return runningAction;
+	}
+	async _dispatchWhenTransportReady(runningAction, routeParams, routeItem, incomingTimeout) {
+		const action = routeParams.action;
+		try {
+			const { methods, transport } = await this.transportManager.getReadyTransport(routeParams);
+			const handlerRouteItem = this.toHandlerRouteItem(transport, routeParams);
+			if (routeItem != null) {
+				routeItem.handler = handlerRouteItem;
+				routeItem.time = Date.now();
+			} else action.context.addRouteItem({
+				runtime: routeParams.localClient,
+				handler: handlerRouteItem,
+				time: Date.now()
+			});
+			const sendInput = {
+				...routeParams,
+				runningAction,
+				timeout: incomingTimeout
+			};
+			if (action.type === "request" && methods.updateRunConfig != null) sendInput.timeout = methods.updateRunConfig(sendInput)?.timeout ?? incomingTimeout;
+			methods.sendActionData(sendInput);
+			if (action.type === "request" && action.schema.responseMode === "none") runningAction._completeWithResult(action.successResult(void 0));
+		} catch (err) {
+			runningAction._abort(err);
+		}
+	}
+	/**
+	* Dispatch a result or progress payload directly back to the external client via the best
+	* available bidirectional transport (WebSocket / Custom). Used for return-path routing when the
+	* local runtime recognises that it has a direct channel to the action's originClient.
+	*
+	* Returns `true` if the payload was sent, `false` if no suitable transport was available.
+	*/
+	async sendReturnPayload(payload, config) {
+		const localClient = config.targetLocalRuntime.coordinate;
+		try {
+			const { methods } = await this.transportManager.getReadyTransport({
+				action: payload,
+				localClient,
+				externalClient: this.peerClient
+			});
+			if (methods.sendReturnData == null) return false;
+			methods.sendReturnData(payload, {
+				localClient,
+				externalClient: this.peerClient
+			});
+			return true;
+		} catch {
+			return false;
+		}
+	}
+	toJsonObject() {
+		return {
+			type: this.handlerType,
+			client: this.peerClient
+		};
+	}
+	toHandlerRouteItem(transport, input) {
+		return {
+			type: this.handlerType,
+			client: this.peerClient,
+			transOrd: transport.transOrd,
+			transShape: transport.type,
+			transInfo: transport.getRouteInfo(input)
+		};
+	}
+	clearTransportCache() {
+		for (const entry of this._transportCache.values()) if (entry instanceof Promise) entry.then((ready) => ready.methods.disconnect?.()).catch(() => {});
+		else entry.methods.disconnect?.();
+		this._transportCache.clear();
+	}
+};
+const createConnectorHandler = (config) => {
+	return new ConnectorHandler(config);
+};
+//#endregion
+//#region src/ActionRuntime/ActionRuntime.ts
+var ActionRuntime = class {
+	_coordinate;
+	timeCreated;
+	runtimeInfo = getAssumedRuntimeInfo();
+	actionRouter;
+	_pendingRunningActions = /* @__PURE__ */ new Map();
+	_registeredPeerHandlers = [];
+	_applied = false;
+	static getDefault() {
+		return getDefaultActionRuntime();
+	}
+	constructor(coordinate) {
+		this._coordinate = coordinate.specifyIfUnset({ insId: (0, nanoid.nanoid)(14) });
+		this.timeCreated = Date.now();
+		this.actionRouter = new ActionRouter({
+			contextType: "runtime_to_handler",
+			runtime: this
+		});
+	}
+	get coordinate() {
+		return this._coordinate;
+	}
+	specifyRuntimeCoordinate(specifics) {
+		if (specifics.envId != null && this._coordinate.envId !== specifics.envId) throw err_nice_action.fromId("not_implemented", { label: `updating RuntimeCoordinate with a different "envId" ("${this._coordinate.envId}" → "${specifics.envId}")` });
+		this._coordinate = this._coordinate.specify(specifics);
+		this.apply();
+	}
+	registerRunningAction(ra) {
+		this._pendingRunningActions.set(ra.cuid, ra);
+		ra.addUpdateListeners([(update) => {
+			if (update.type === "finished") this._pendingRunningActions.delete(ra.cuid);
+		}]);
+	}
+	resolveIncomingActionPayload(json) {
+		if (json.type === "request") {
+			this.handleActionPayloadWire(json).catch((err) => {
+				console.error(`[ActionRuntime] Incoming action [${json.domain}:${json.id}:${json.form}:${json.type}] unhandled:`, err);
+			});
+			return;
+		}
+		this._pendingRunningActions.get(json.context.cuid)?._resolveFromJson(json);
+	}
+	async handleActionPayloadWire(wire) {
+		let action;
+		if (isActionPayload_Any_JsonObject(wire)) action = this.actionRouter.domainManager.getActionDomainOrThrow(wire).hydrateAnyAction(wire);
+		if (action == null) throw err_nice_action.fromId("wire_not_action_data");
+		return this.handleActionPayload(action);
+	}
+	async handleActionPayload(action, options) {
+		if (action.type === "request") {
+			const observers = action.context._domain._collectActionObservers();
+			let handlerForAction;
+			try {
+				handlerForAction = this.getHandlerForActionOrThrow(action, options);
+			} catch (err) {
+				const runningAction = new RunningAction({
+					context: action.context,
+					request: action
+				});
+				runningAction.addUpdateListeners(observers);
+				runningAction._completeWithResult(action.errorResult((0, _nice_code_error.castNiceError)(err)));
+				return runningAction;
+			}
+			const runningAction = await handlerForAction.handleActionRequest(action, {
+				...options,
+				targetLocalRuntime: this
+			});
+			runningAction.addUpdateListeners(observers);
+			this._trySetupReturnDispatch(runningAction);
+			return runningAction;
+		}
+		throw err_nice_action.fromId("not_implemented", { label: `Handling incoming action payloads of type "${action.type}"` });
+	}
+	/**
+	* @internal
+	*
+	* Return the first handler registered for the given action, or `undefined`
+	* if none has been registered (action-ID-specific beats domain-wildcard).
+	*/
+	_getHandlerForAction(action, options) {
+		const handlers = this.actionRouter.getRouteDataEntriesForAction(action);
+		const targetPeer = options?.targetPeer;
+		const possibleHandlers = handlers.filter((handler) => {
+			if (handler.handlerType === "peer") {
+				if (targetPeer && !targetPeer.isSameFor(handler.peerClient).id) return false;
+				return true;
+			}
+			if (targetPeer != null) return false;
+			if (action.type === "request") return true;
+			return false;
+		});
+		if (possibleHandlers.length === 0) return;
+		const scoringPeer = targetPeer ?? RuntimeCoordinate.unknown;
+		let handlerScore = -1;
+		let handler;
+		for (const possibleHandler of possibleHandlers) {
+			if (possibleHandler.handlerType === "local") return possibleHandler;
+			if (possibleHandler.handlerType === "peer") {
+				const score = scoringPeer.similarityLevel(possibleHandler.peerClient);
+				if (score > handlerScore) {
+					handlerScore = score;
+					handler = possibleHandler;
+				}
+			}
+		}
+		return handler;
+	}
+	getHandlerForActionOrThrow(action, options) {
+		const handler = this._getHandlerForAction(action, options);
+		if (handler == null) throw err_nice_action.fromId("no_action_execution_handler", {
+			actionId: action.id,
+			domain: action.domain,
+			specifiedClient: options?.targetPeer
+		});
+		return handler;
+	}
+	/**
+	* Register one or more handlers. Each handler's own `actionRouter` defines
+	* which domains/actions it handles — those routing keys are mirrored into
+	* this runtime's router so the same action can be served by multiple handlers.
+	* Duplicate registrations (same handler cuid for the same key) are skipped.
+	*/
+	addHandlers(handlers) {
+		for (const handler of handlers) {
+			if (handler.handlerType === "peer") {
+				handler._setIncomingActionDataListener((json) => this.resolveIncomingActionPayload(json));
+				this._registeredPeerHandlers.push(handler);
+			}
+			const handlerRouter = handler.getActionRouter();
+			this.actionRouter.addDomainsFromOther(handlerRouter);
+			if (this._applied) this.apply();
+			for (const key of handlerRouter.getRegisteredKeys()) if (!this.actionRouter.getForKey(key).some((h) => h.cuid === handler.cuid)) this.actionRouter.addForKey(key, handler);
+		}
+		return this;
+	}
+	/**
+	* @internal Low-level primitive — the public way to open a connection is `connectChannel`, which
+	* derives routing from a channel and binds the crypto identity for you. This stays as the raw building
+	* block it sits on (it restates domain lists by hand) and is not part of the supported surface.
+	*
+	* Declare an external "backend client" in one call: build an
+	* {@link ConnectorHandler} for `externalCoordinate` carrying the given
+	* `transports`, route the listed `domains`/`actions` to it, register it (plus any
+	* `localHandlers` — e.g. server→client push handlers that share the same channel)
+	* on this runtime, and `apply()`. Returns the external handler so the caller can
+	* later `clearTransportCache()` it.
+	*/
+	connectTo(externalCoordinate, options) {
+		const handler = new ConnectorHandler({
+			runtimeCoordinate: externalCoordinate,
+			transports: options.transports,
+			defaultTimeout: options.defaultTimeout
+		});
+		for (const domain of options.domains ?? []) handler.forDomain(domain);
+		for (const action of options.actions ?? []) handler.forAction(action);
+		this.addHandlers([handler, ...options.localHandlers ?? []]);
+		this.apply();
+		return handler;
+	}
+	applyRuntimeForDomain(domain) {
+		const rootDomain = domain.rootDomain;
+		if (!rootDomain._hasRuntime(this)) rootDomain._registerRuntime(this);
+	}
+	/**
+	* Register this runtime with all root domains covered by its currently-added handlers,
+	* making it eligible to execute actions dispatched from those domains.
+	* After apply() is called, any subsequent addHandlers() calls also auto-register.
+	*/
+	apply() {
+		this._applied = true;
+		for (const domain of this.actionRouter.getDomains()) this.applyRuntimeForDomain(domain);
+		return this;
+	}
+	/**
+	* Find the best registered external handler that can reach `originClient` directly.
+	* Used to locate the return-path channel for dispatching results back to the action origin.
+	* Returns `undefined` if no handler matches (score > 0 required, i.e. at least id must match).
+	*
+	* A handler that currently holds the origin's *live* connection always wins over a mere coordinate
+	* match — so with several duplex acceptors (e.g. WS + WebRTC) a result/push routes back over the carrier
+	* the client actually connected on, never a same-coordinate sibling that lacks the socket. Only when no
+	* handler owns a live connection do we fall back to the plain best-coordinate-score pick (the
+	* single-acceptor and connector-only cases, unchanged).
+	*/
+	getReturnHandlerForOrigin(originClient) {
+		if (originClient.envId === "_unset_") return void 0;
+		let bestScore = -1;
+		let bestHandler;
+		let bestOwnedScore = -1;
+		let bestOwnedHandler;
+		for (const handler of this._registeredPeerHandlers) {
+			if (!handler.canPush) continue;
+			const score = originClient.similarityLevel(handler.peerClient);
+			if (score > bestScore) {
+				bestScore = score;
+				bestHandler = handler;
+			}
+			if (score > bestOwnedScore && handler.ownsLiveConnectionFor(originClient)) {
+				bestOwnedScore = score;
+				bestOwnedHandler = handler;
+			}
+		}
+		if (bestOwnedHandler != null && bestOwnedScore > 0) return bestOwnedHandler;
+		return bestScore > 0 ? bestHandler : void 0;
+	}
+	resetRuntime() {
+		for (const ra of this._pendingRunningActions.values()) ra._abort(err_nice_action.fromId("runtime_reset"));
+		for (const handler of this._registeredPeerHandlers) handler.clearTransportCache();
+	}
+	_trySetupReturnDispatch(runningAction) {
+		if (runningAction.context.schema.responseMode === "none") return;
+		const originClient = runningAction.context.originClient;
+		if (originClient.envId === "_unset_" || originClient.isSameFor(this._coordinate).id) return;
+		runningAction.addUpdateListeners([(update) => {
+			if (update.type === "finished" && update.finishType === "success") this.getReturnHandlerForOrigin(originClient)?.sendReturnPayload(update.response, { targetLocalRuntime: this }).catch(() => {});
+		}]);
+	}
+};
+const runtimeState = {
+	defaultLocalRuntime: void 0,
+	assumedRuntimeInfo: void 0
+};
+function getDefaultActionRuntime() {
+	if (runtimeState.assumedRuntimeInfo == null) runtimeState.assumedRuntimeInfo = getAssumedRuntimeInfo();
+	if (runtimeState.defaultLocalRuntime == null) runtimeState.defaultLocalRuntime = new ActionRuntime(RuntimeCoordinate.unknown.specify({ perId: `${runtimeState.assumedRuntimeInfo?.runtimeName ?? "unknown"}-runtime` }));
+	return runtimeState.defaultLocalRuntime;
+}
+//#endregion
+//#region src/ActionRuntime/Handler/Local/ActionLocalHandler.ts
+var ActionLocalHandler = class extends ActionHandler {
+	handlerType = "local";
+	actionRouter = new ActionRouter({
+		contextType: "handler_route",
+		handler: this
+	});
+	constructor() {
+		super();
+	}
+	/**
+	* Register a handler for all actions in a domain.
+	* Receives the full primed action — use `matchAction()` to narrow to a specific action id.
+	* Useful for forwarding all domain actions to a remote endpoint.
+	* Lower priority than `forAction`.
+	*/
+	forDomain(domain, handler) {
+		this.actionRouter.forDomain(domain, handler);
+		return this;
+	}
+	/**
+	* Register a handler for a base action instance. Takes priority over domain-wide handlers.
+	* Receives the full primed action with narrowed input type.
+	* Useful for handling specific actions locally while forwarding the rest of the domain. For example, a local "ping" action that checks connectivity without needing a round trip.
+	*/
+	forAction(action, handler) {
+		this.actionRouter.forAction(action, handler);
+		return this;
+	}
+	/**
+	* Register a handler for multiple action IDs (first-match-wins among cases).
+	* Receives the full primed action narrowed to the union of those IDs.
+	* Use `act.coreAction.id` to branch on which action was dispatched.
+	*/
+	forActionIds(domain, ids, handler) {
+		this.actionRouter.forActionIds(domain, ids, handler);
+		return this;
+	}
+	/**
+	* Register per-action handlers for a domain using a single map, without needing
+	* separate `forAction` calls. Unregistered action IDs are unaffected.
+	*
+	* @example
+	* ```ts
+	* handler.forDomainActionCases(userDomain, {
+	*   getUser:    (primed) => db.getUser(primed.input.userId),
+	*   deleteUser: (primed) => db.deleteUser(primed.input.userId),
+	* });
+	* ```
+	*/
+	forDomainActionCases(domain, cases) {
+		this.actionRouter.forDomainActionCases(domain, cases);
+		return this;
+	}
+	async handleActionRequest(action, config) {
+		const targetLocalRuntime = config?.targetLocalRuntime ?? ActionRuntime.getDefault();
+		const handler = this.actionRouter.getRouteDataForActionOrThrow(action, { targetLocalRuntime });
+		action.context.addRouteItem({
+			runtime: targetLocalRuntime.coordinate,
+			handler: this.toHandlerRouteItem(),
+			time: Date.now()
+		});
+		const runningAction = new RunningAction({
+			context: action.context,
+			request: action,
+			parentCuid: peekHandlerCuid(),
+			callSite: action._callSite ?? (/* @__PURE__ */ new Error()).stack
+		});
+		this._handleRunningAction(handler, runningAction).catch((err) => {
+			if (err instanceof _nice_code_error.NiceError) runningAction._completeWithResult(action.errorResult(err));
+			else if ((0, _nice_code_error.isNiceErrorObject)(err)) runningAction._completeWithResult(action.errorResult((0, _nice_code_error.castNiceError)(err)));
+			else runningAction._abort(err);
+		});
+		return runningAction;
+	}
+	async _handleRunningAction(handler, runningAction) {
+		const state = runningAction.state;
+		if (state.result != null) return;
+		await Promise.resolve();
+		pushHandlerCuid(runningAction.cuid);
+		try {
+			const rawResult = await handler(state.request);
+			let result;
+			if (rawResult instanceof ActionPayload_Result) result = rawResult;
+			else if (rawResult != null && isActionPayload_Result_JsonObject(rawResult)) result = this.actionRouter.domainManager.getActionDomainOrThrow(state.request).hydrateResultPayload(rawResult);
+			else result = state.request.successResult(rawResult);
+			runningAction._completeWithResult(result);
+		} finally {
+			popHandlerCuid();
+		}
+	}
+	async handlePayloadWireOrThrow(wire, config) {
+		const hydratedAction = this.actionRouter.domainManager.hydrateActionPayload(wire);
+		if (!(hydratedAction instanceof ActionPayload_Request)) throw err_nice_action.fromId("wire_action_not_payload", {
+			domain: hydratedAction.domain,
+			actionId: hydratedAction.id,
+			actionState: hydratedAction.type ?? hydratedAction.form
+		});
+		return await this.handleActionRequest(hydratedAction, config);
+	}
+	toJsonObject() {
+		return { type: this.handlerType };
+	}
+	toHandlerRouteItem() {
+		return { type: this.handlerType };
+	}
+};
+const createLocalHandler = () => {
+	return new ActionLocalHandler();
+};
+//#endregion
+//#region src/ActionRuntime/Transport/crypto/actionHandshake.ts
+/**
+* Authenticated handshake for the WebSocket channel. Run once per connection, before any action
+* frames flow, it:
+* - exchanges each side's {@link RuntimeCoordinate} + public keys,
+* - checks both ends share the same wire dictionary version (closes the positional-dictionary footgun),
+* - has the client prove control of its verify (Ed25519) key by signing a fresh challenge that binds
+*   both nonces, both identities, the dictionary version, the level, and every exchanged public key,
+* - establishes a `ClientCryptoKeyLink` link on both sides (so the server can verify the signature and,
+*   for the `encrypted` level, both can derive a shared AES-GCM key with the verify keys folded in).
+*
+* This module is transport-agnostic: it produces/consumes message objects. The transport + server
+* handler drive the I/O and the connection phase (Step 4). Keep `none`-level connections from ever
+* reaching here — they skip the handshake entirely.
+*/
+const HANDSHAKE_PROTOCOL = "nice-ws-hs/1";
+/** How much the channel protects after the handshake — chosen by the consumer (perf vs security). */
+let ESecurityLevel = /* @__PURE__ */ function(ESecurityLevel) {
+	/** No handshake; identity is self-asserted (fastest, dev / trusted networks). */
+	ESecurityLevel["none"] = "none";
+	/** Handshake authenticates identity (sign/verify + key pin); frames stay plaintext over TLS. */
+	ESecurityLevel["authenticated"] = "authenticated";
+	/** Authenticated handshake + every frame AES-GCM encrypted with the derived shared key. */
+	ESecurityLevel["encrypted"] = "encrypted";
+	return ESecurityLevel;
+}({});
+let EHandshakeMessageType = /* @__PURE__ */ function(EHandshakeMessageType) {
+	EHandshakeMessageType["hello"] = "hello";
+	EHandshakeMessageType["welcome"] = "welcome";
+	EHandshakeMessageType["prove"] = "prove";
+	EHandshakeMessageType["accept"] = "accept";
+	EHandshakeMessageType["reject"] = "reject";
+	return EHandshakeMessageType;
+}({});
+const vEd25519Raw = valibot.custom((val) => typeof val === "string" && val.startsWith("ed25519::raw_base64::"));
+const vX25519Raw = valibot.custom((val) => typeof val === "string" && val.startsWith("x25519::raw_base64::"));
+const vCoordinate = valibot.object({
+	envId: valibot.string(),
+	perId: valibot.optional(valibot.string()),
+	insId: valibot.optional(valibot.string())
+});
+const vSecurityLevel = valibot.picklist([
+	"none",
+	"authenticated",
+	"encrypted"
+]);
+const vHsHello = valibot.object({
+	t: valibot.literal("hello"),
+	protocol: valibot.string(),
+	securityLevel: vSecurityLevel,
+	dictionaryVersion: valibot.string(),
+	client: vCoordinate,
+	clientNonce: valibot.string(),
+	verifyPublicKey: vEd25519Raw,
+	exchangePublicKey: valibot.optional(vX25519Raw)
+});
+const vHsWelcome = valibot.object({
+	t: valibot.literal("welcome"),
+	securityLevel: vSecurityLevel,
+	dictionaryVersion: valibot.string(),
+	server: vCoordinate,
+	serverNonce: valibot.string(),
+	verifyPublicKey: vEd25519Raw,
+	exchangePublicKey: valibot.optional(vX25519Raw)
+});
+const vHsProve = valibot.object({
+	t: valibot.literal("prove"),
+	signatureBase64: valibot.string()
+});
+const vHsAccept = valibot.object({
+	t: valibot.literal("accept"),
+	signatureBase64: valibot.optional(valibot.string())
+});
+const vHsReject = valibot.object({
+	t: valibot.literal("reject"),
+	reason: valibot.string()
+});
+const vHandshakeMessage = valibot.variant("t", [
+	vHsHello,
+	vHsWelcome,
+	vHsProve,
+	vHsAccept,
+	vHsReject
+]);
+/** Serialize a handshake message for the wire (handshake frames are JSON — they aren't the hot path). */
+function encodeHandshakeMessage(message) {
+	return JSON.stringify(message);
+}
+/** Parse + structurally validate an incoming handshake frame; `undefined` if it isn't one. */
+function decodeHandshakeMessage(raw) {
+	let parsed;
+	try {
+		parsed = JSON.parse(raw);
+	} catch {
+		return;
+	}
+	const result = valibot.safeParse(vHandshakeMessage, parsed);
+	return result.success ? result.output : void 0;
+}
+/** Stable link id for a runtime coordinate — the key both the crypto link and the connection use. */
+function runtimeLinkId(coordinate) {
+	return `runtime::${new RuntimeCoordinate(coordinate).stringId}`;
+}
+function coordId(coordinate) {
+	return new RuntimeCoordinate(coordinate).stringId;
+}
+function sessionSalt(clientNonce, serverNonce) {
+	return `${clientNonce}::${serverNonce}`;
+}
+function handshakeInfo(dictionaryVersion) {
+	return `${HANDSHAKE_PROTOCOL}::${dictionaryVersion}`;
+}
+/**
+* The exact string both sides sign/verify. JSON-encoded ordered array so field boundaries are
+* unambiguous; binds identities, nonces (freshness), version, level, and all exchanged public keys
+* (authenticating the keys via the signature, complementing `bindVerifyKeysIntoDerivation`).
+*/
+function buildHandshakeChallenge(parts) {
+	return JSON.stringify([
+		HANDSHAKE_PROTOCOL,
+		parts.securityLevel,
+		parts.dictionaryVersion,
+		parts.clientCoordId,
+		parts.serverCoordId,
+		parts.clientNonce,
+		parts.serverNonce,
+		parts.clientVerifyKey,
+		parts.serverVerifyKey,
+		parts.clientExchangeKey ?? "_",
+		parts.serverExchangeKey ?? "_"
+	]);
+}
+function reject(reason) {
+	return {
+		t: "reject",
+		reason
+	};
+}
+function tofuPinKey(client) {
+	return `${client.envId}::${client.perId ?? client.insId ?? "_"}`;
+}
+/**
+* In-memory trust-on-first-use resolver: trusts (and pins) the first verify key seen for a client
+* identity, then rejects a different key for that identity. The default; replace with a storage-backed
+* resolver for cross-restart pinning (see Step 5).
+*/
+function createInMemoryTofuVerifyKeyResolver() {
+	const pinned = /* @__PURE__ */ new Map();
+	return { async resolve({ client, verifyPublicKey }) {
+		const key = tofuPinKey(client);
+		const existing = pinned.get(key);
+		if (existing == null) {
+			pinned.set(key, verifyPublicKey);
+			return { trusted: true };
+		}
+		if (existing === verifyPublicKey) return { trusted: true };
+		return {
+			trusted: false,
+			reason: "verify key changed for client identity (pin mismatch)"
+		};
+	} };
+}
+/**
+* Storage-backed trust-on-first-use resolver: pins survive process restarts / Durable Object eviction
+* (e.g. back it with `createDurableObjectStorageAdapter`). Same policy as the in-memory variant — trust
+* + pin the first verify key per client identity, reject a different one thereafter.
+*/
+function createStorageTofuVerifyKeyResolver(storageAdapter) {
+	const storage = (0, _nice_code_util.createTypedStorage)({ storageAdapter });
+	return { async resolve({ client, verifyPublicKey }) {
+		const key = tofuPinKey(client);
+		const existing = (await storage.getJson("pins"))?.[key];
+		if (existing == null) {
+			await storage.updateJsonWithDef("pins", {}, (current) => ({
+				...current,
+				[key]: verifyPublicKey
+			}));
+			return { trusted: true };
+		}
+		if (existing === verifyPublicKey) return { trusted: true };
+		return {
+			trusted: false,
+			reason: "verify key changed for client identity (pin mismatch)"
+		};
+	} };
+}
+function createClientHandshake(config) {
+	const { link, localCoordinate, dictionaryVersion, securityLevel } = config;
+	const wantsEncryption = securityLevel === "encrypted";
+	const clientNonce = (0, nanoid.nanoid)();
+	let pending;
+	return {
+		async createHello() {
+			return {
+				t: "hello",
+				protocol: HANDSHAKE_PROTOCOL,
+				securityLevel,
+				dictionaryVersion,
+				client: localCoordinate,
+				clientNonce,
+				verifyPublicKey: await link.getLocalVerifyPublicKey(),
+				exchangePublicKey: wantsEncryption ? await link.getLocalExchangePublicKey() : void 0
+			};
+		},
+		async onWelcome(welcome) {
+			if (welcome.dictionaryVersion !== dictionaryVersion) throw new Error("[ws-handshake] server dictionary version mismatch");
+			if (welcome.securityLevel !== securityLevel) throw new Error("[ws-handshake] server security level mismatch");
+			if (wantsEncryption && welcome.exchangePublicKey == null) throw new Error("[ws-handshake] server did not provide an exchange key for encryption");
+			const linkedServerId = runtimeLinkId(welcome.server);
+			await link.linkClient({
+				linkedClientId: linkedServerId,
+				verifyPublicKey: welcome.verifyPublicKey,
+				...wantsEncryption ? {
+					exchangePublicKey: welcome.exchangePublicKey,
+					saltString: sessionSalt(clientNonce, welcome.serverNonce),
+					infoString: handshakeInfo(dictionaryVersion),
+					bindVerifyKeysIntoDerivation: true
+				} : {}
+			});
+			const challenge = buildHandshakeChallenge({
+				securityLevel,
+				dictionaryVersion,
+				clientCoordId: coordId(localCoordinate),
+				serverCoordId: coordId(welcome.server),
+				clientNonce,
+				serverNonce: welcome.serverNonce,
+				clientVerifyKey: await link.getLocalVerifyPublicKey(),
+				serverVerifyKey: welcome.verifyPublicKey,
+				clientExchangeKey: wantsEncryption ? await link.getLocalExchangePublicKey() : void 0,
+				serverExchangeKey: welcome.exchangePublicKey
+			});
+			pending = {
+				linkedServerId,
+				server: welcome.server,
+				challenge
+			};
+			return {
+				t: "prove",
+				signatureBase64: (await link.signChallenge([challenge])).signatureBase64
+			};
+		},
+		async onAccept(accept) {
+			if (pending == null) throw new Error("[ws-handshake] accept before welcome");
+			if (accept.signatureBase64 != null) {
+				if (!await link.verifyChallengeFromLinkedClient({
+					linkedClientId: pending.linkedServerId,
+					challenge: pending.challenge,
+					signatureBase64: accept.signatureBase64
+				})) throw new Error("[ws-handshake] server signature invalid");
+			}
+			return {
+				linkedClientId: pending.linkedServerId,
+				remote: pending.server,
+				securityLevel
+			};
+		}
+	};
+}
+function createServerHandshake(config) {
+	const { link, localCoordinate, dictionaryVersion } = config;
+	const allowedLevels = Array.isArray(config.securityLevel) ? config.securityLevel : [config.securityLevel];
+	const verifyKeyResolver = config.verifyKeyResolver ?? createInMemoryTofuVerifyKeyResolver();
+	const serverNonce = (0, nanoid.nanoid)();
+	let pending;
+	let result;
+	return {
+		async onHello(hello) {
+			if (hello.protocol !== HANDSHAKE_PROTOCOL) return reject("unsupported handshake protocol");
+			if (hello.dictionaryVersion !== dictionaryVersion) return reject("dictionary version mismatch");
+			const negotiatedLevel = hello.securityLevel;
+			if (negotiatedLevel === "none" || !allowedLevels.includes(negotiatedLevel)) return reject("security level not allowed");
+			const wantsEncryption = negotiatedLevel === "encrypted";
+			if (wantsEncryption && hello.exchangePublicKey == null) return reject("missing exchange key for encryption");
+			const linkedClientId = runtimeLinkId(hello.client);
+			await link.linkClient({
+				linkedClientId,
+				verifyPublicKey: hello.verifyPublicKey,
+				...wantsEncryption ? {
+					exchangePublicKey: hello.exchangePublicKey,
+					saltString: sessionSalt(hello.clientNonce, serverNonce),
+					infoString: handshakeInfo(dictionaryVersion),
+					bindVerifyKeysIntoDerivation: true
+				} : {}
+			});
+			const serverVerifyKey = await link.getLocalVerifyPublicKey();
+			const serverExchangeKey = wantsEncryption ? await link.getLocalExchangePublicKey() : void 0;
+			const keyMaterial = wantsEncryption && hello.exchangePublicKey != null ? {
+				verifyPublicKey: hello.verifyPublicKey,
+				exchangePublicKey: hello.exchangePublicKey,
+				saltString: sessionSalt(hello.clientNonce, serverNonce),
+				infoString: handshakeInfo(dictionaryVersion),
+				bindVerifyKeysIntoDerivation: true
+			} : void 0;
+			pending = {
+				client: hello.client,
+				linkedClientId,
+				clientVerifyKey: hello.verifyPublicKey,
+				negotiatedLevel,
+				keyMaterial,
+				challenge: buildHandshakeChallenge({
+					securityLevel: negotiatedLevel,
+					dictionaryVersion,
+					clientCoordId: coordId(hello.client),
+					serverCoordId: coordId(localCoordinate),
+					clientNonce: hello.clientNonce,
+					serverNonce,
+					clientVerifyKey: hello.verifyPublicKey,
+					serverVerifyKey,
+					clientExchangeKey: hello.exchangePublicKey,
+					serverExchangeKey
+				})
+			};
+			return {
+				t: "welcome",
+				securityLevel: negotiatedLevel,
+				dictionaryVersion,
+				server: localCoordinate,
+				serverNonce,
+				verifyPublicKey: serverVerifyKey,
+				exchangePublicKey: serverExchangeKey
+			};
+		},
+		async onProve(prove) {
+			if (pending == null) return reject("prove before hello");
+			if (!await link.verifyChallengeFromLinkedClient({
+				linkedClientId: pending.linkedClientId,
+				challenge: pending.challenge,
+				signatureBase64: prove.signatureBase64
+			})) return reject("invalid client signature");
+			const trust = await verifyKeyResolver.resolve({
+				client: pending.client,
+				verifyPublicKey: pending.clientVerifyKey
+			});
+			if (!trust.trusted) return reject(trust.reason ?? "client verify key not trusted");
+			result = {
+				linkedClientId: pending.linkedClientId,
+				remote: pending.client,
+				securityLevel: pending.negotiatedLevel,
+				encryptionKeyMaterial: pending.keyMaterial
+			};
+			return {
+				t: "accept",
+				signatureBase64: (await link.signChallenge([pending.challenge])).signatureBase64
+			};
+		},
+		/** The completed handshake result once `onProve` has accepted, else `undefined`. */
+		getResult() {
+			return result;
+		}
+	};
+}
+//#endregion
+//#region src/utils/decodeActionFrame.ts
+/**
+* Decode a single inbound channel frame (text or binary) into validated action wire JSON, or
+* `undefined` if it isn't a recognisable action payload.
+*
+* Shared by the WebSocket transport's message listener and the server-side `AcceptorHandler` so
+* both decode identically: a binary `decoder.incoming` (e.g. msgpackr) takes precedence, and plain
+* text frames fall back to JSON — keeping binary and JSON clients interoperable on one channel.
+*/
+function decodeActionFrame(frame, decoder) {
+	const decoded = decoder?.incoming?.(frame) ?? (typeof frame === "string" ? parseJsonActionFrame(frame) : void 0);
+	return decoded != null && isActionPayload_Any_JsonObject(decoded) ? decoded : void 0;
+}
+function parseJsonActionFrame(message) {
+	try {
+		const json = JSON.parse(message);
+		return isActionPayload_Any_JsonObject(json) ? json : void 0;
+	} catch {
+		return;
+	}
+}
+//#endregion
+//#region src/ActionRuntime/Transport/crypto/actionFrameCrypto.ts
+const ENCRYPTED_ENVELOPE_LENGTH = 2;
+/**
+* Build the encrypt/decrypt transform for a connection whose handshake settled on the `encrypted`
+* level. Keyed by the link + `linkedClientId`, so it reuses the cached shared AES-GCM key.
+*/
+function createActionFrameCrypto({ link, linkedClientId }) {
+	return {
+		async encryptFrame(frame) {
+			const { nonce, ciphertext } = await link.encryptBytesForLinkedClient({
+				linkedClientId,
+				dataToEncrypt: frame
+			});
+			return (0, msgpackr.pack)([nonce, ciphertext]);
+		},
+		async decryptFrame(frame) {
+			if (typeof frame === "string") throw new Error("[ws-crypto] expected an encrypted binary frame, received text");
+			const envelope = (0, msgpackr.unpack)(frame instanceof ArrayBuffer ? new Uint8Array(frame) : frame);
+			if (!Array.isArray(envelope) || envelope.length !== ENCRYPTED_ENVELOPE_LENGTH) throw new Error("[ws-crypto] malformed encrypted frame envelope");
+			const [nonce, ciphertext] = envelope;
+			if (!(nonce instanceof Uint8Array) || !(ciphertext instanceof Uint8Array)) throw new Error("[ws-crypto] malformed encrypted frame fields");
+			return await link.decryptBytesFromLinkedClient({
+				linkedClientId,
+				dataToDecrypt: {
+					nonce,
+					ciphertext
+				}
+			});
+		}
+	};
+}
+//#endregion
+//#region src/ActionRuntime/Transport/crypto/frameBytes.ts
+/** Normalize any frame form to bytes (for the AES-GCM layer, which works on `Uint8Array`). */
+function toFrameBytes(frame) {
+	if (typeof frame === "string") return new TextEncoder().encode(frame);
+	if (frame instanceof ArrayBuffer) return new Uint8Array(frame);
+	return frame;
+}
+//#endregion
+//#region src/ActionRuntime/Transport/SecureSession/frameCryptoPipe.ts
+function createFrameCryptoPipe(config) {
+	const { write, isOpen, crypto, label = "link" } = config;
+	let sendChain = Promise.resolve();
+	const send = (frame) => {
+		if (isOpen != null && !isOpen()) return;
+		if (crypto == null) {
+			write(frame);
+			return;
+		}
+		const bytes = toFrameBytes(frame);
+		sendChain = sendChain.then(() => crypto).then((c) => c.encryptFrame(bytes)).then((encrypted) => {
+			if (isOpen == null || isOpen()) write(encrypted);
+		}).catch((err) => console.error(`[${label}] failed to encrypt/send frame`, err));
+	};
+	const decryptIncoming = async (frame) => {
+		if (crypto == null) return frame;
+		try {
+			return await (await crypto).decryptFrame(frame);
+		} catch (err) {
+			console.error(`[${label}] failed to decrypt incoming frame`, err);
+			return;
+		}
+	};
+	return {
+		send,
+		decryptIncoming
+	};
+}
+//#endregion
+//#region src/ActionRuntime/Transport/SecureSession/acceptorSecureSession.ts
+/**
+* The acceptor (accept-in) counterpart to the connector's `establishLinkSession`: one connection's
+* secure session — the server-side handshake driving, the ordered frame crypto, and the per-connection
+* phase (undecided → plain | authenticated). The crypto itself (ordered encrypt-send / decrypt) lives in
+* the shared {@link createFrameCryptoPipe}, the same primitive the connector uses — so the secure logic
+* lives once for both link roles.
+*
+* The handler owns one of these per accepted connection and feeds it inbound frames via {@link receive};
+* identity binding, persistence, codec, and return routing stay in the handler (driven through the
+* config callbacks). Inbound processing is serialized per connection because the handshake and decryption
+* are async — this keeps handshake ordering and frame order intact.
+*/
+var AcceptorSecureSession = class {
+	config;
+	_handshake;
+	/** The ordered encrypt-send / decrypt pipe — present only for an `encrypted` connection. */
+	_pipe;
+	_authed = false;
+	_plain = false;
+	/** Serializes inbound processing (handshake + decryption are async). */
+	_inboundChain = Promise.resolve();
+	constructor(config) {
+		this.config = config;
+	}
+	/** Feed one inbound frame. Serialized per connection; routes back through the config callbacks. */
+	receive(frame) {
+		this._inboundChain = this._inboundChain.then(() => this._receive(frame)).catch((err) => console.error("[ws-server] failed to process inbound frame", err));
+	}
+	async _receive(frame) {
+		if (this._plain) {
+			this.config.routePlain(frame);
+			return;
+		}
+		if (!this._authed) {
+			const message = typeof frame === "string" ? decodeHandshakeMessage(frame) : void 0;
+			if (message == null) {
+				if (this.config.noneAllowed) {
+					this._plain = true;
+					this.config.routePlain(frame);
+				}
+				return;
+			}
+			await this.config.link.initialize();
+			if (this._handshake == null) this._handshake = createServerHandshake({
+				link: this.config.link,
+				localCoordinate: this.config.localCoordinate,
+				dictionaryVersion: this.config.dictionaryVersion,
+				securityLevel: this.config.securityLevel,
+				verifyKeyResolver: this.config.verifyKeyResolver
+			});
+			if (message.t === "hello") this.config.send(encodeHandshakeMessage(await this._handshake.onHello(message)));
+			else if (message.t === "prove") {
+				const reply = await this._handshake.onProve(message);
+				this.config.send(encodeHandshakeMessage(reply));
+				const result = this._handshake.getResult();
+				if (reply.t === "accept" && result != null) this._complete(result);
+			}
+			return;
+		}
+		const bytes = this._pipe != null ? await this._pipe.decryptIncoming(frame) : frame;
+		if (bytes === void 0) return;
+		this.config.routeAction(bytes);
+	}
+	_complete(result) {
+		this._authed = true;
+		this._handshake = void 0;
+		if (result.securityLevel === "encrypted") this._pipe = this._buildPipe(createActionFrameCrypto({
+			link: this.config.link,
+			linkedClientId: result.linkedClientId
+		}));
+		this.config.onAuthenticated({
+			client: new RuntimeCoordinate(result.remote),
+			securityLevel: result.securityLevel,
+			linkedClientId: result.linkedClientId,
+			keyMaterial: result.encryptionKeyMaterial
+		});
+	}
+	/**
+	* Restore an already-authenticated session after eviction — no handshake. For an `encrypted`
+	* connection the shared key is re-derived asynchronously (the acceptor re-links the client off its own
+	* persisted identity); the pipe's crypto IS that promise, so the connection's first in/out frame
+	* naturally waits for the key before encrypt/decrypt — no separate gate.
+	*/
+	rehydrate(state) {
+		this._authed = true;
+		if (state.securityLevel !== "encrypted" || state.keyMaterial == null) return;
+		const { link } = this.config;
+		const { linkedClientId, keyMaterial } = state;
+		const cryptoReady = link.initialize().then(() => link.linkClient({
+			linkedClientId,
+			verifyPublicKey: keyMaterial.verifyPublicKey,
+			exchangePublicKey: keyMaterial.exchangePublicKey,
+			saltString: keyMaterial.saltString,
+			infoString: keyMaterial.infoString,
+			bindVerifyKeysIntoDerivation: keyMaterial.bindVerifyKeysIntoDerivation
+		})).then(() => createActionFrameCrypto({
+			link,
+			linkedClientId
+		}));
+		cryptoReady.catch((err) => console.error("[ws-server] failed to restore encrypted session", err));
+		this._pipe = this._buildPipe(cryptoReady);
+	}
+	/** Send an outbound frame: through the encrypt pipe when encrypted, otherwise raw. */
+	send(frame) {
+		if (this._pipe != null) {
+			this._pipe.send(frame);
+			return;
+		}
+		this.config.send(frame);
+	}
+	_buildPipe(crypto) {
+		return createFrameCryptoPipe({
+			write: this.config.send,
+			crypto,
+			label: "ws-server"
+		});
+	}
+};
+//#endregion
+//#region src/ActionRuntime/Handler/PeerLink/Acceptor/AcceptorHandler.ts
+/**
+* Server-side handler for backends that accept many client connections over a single open channel
+* (WebSockets, Durable Objects, …). It is transport-agnostic: you feed it inbound frames with
+* {@link receive} and tell it how to write outbound frames via the `send` option.
+*
+* Add it alongside your local execution handler:
+* ```ts
+* const serverHandler = createAcceptorHandler({ clientEnv, formatMessage, send: (ws, f) => ws.send(f) });
+* runtime.addHandlers([localHandler, serverHandler]);
+* // per inbound message (e.g. a Durable Object's webSocketMessage):
+* serverHandler.receive(ws, message);
+* ```
+*
+* Inbound requests route to your local handler; the runtime's return dispatch then calls this
+* handler back (it is an external handler keyed to `clientEnv`) to send the result to the originating
+* connection. The handler keeps a per-connection identity registry so each result lands on the right
+* socket, and remembers each connection's encoding so binary and JSON clients can share the channel.
+*
+* It registers an empty action router, so it is never chosen to *execute* an inbound request — only
+* to ferry results/pushes back out.
+*/
+var AcceptorHandler = class extends PeerLinkHandler {
+	/** Accept-in over a live (duplex) connection registry — it pushes results/broadcasts to bound sockets. */
+	canPush = true;
+	_formatMessage;
+	_createFormatMessage;
+	_send;
+	_runtime;
+	_serverTimeout;
+	_onConnectionBound;
+	_security;
+	/** Normalized accepted levels; whether `none` (plain) is allowed; whether any level needs a handshake. */
+	_allowedLevels;
+	_noneAllowed;
+	_handshakeMode;
+	_connByClient = /* @__PURE__ */ new Map();
+	_clientByConn = /* @__PURE__ */ new Map();
+	_connEncoding = /* @__PURE__ */ new Map();
+	_codecByConn = /* @__PURE__ */ new Map();
+	_sessionByConn = /* @__PURE__ */ new Map();
+	constructor(options) {
+		super(options.clientEnv);
+		this._formatMessage = options.formatMessage;
+		this._createFormatMessage = options.createFormatMessage;
+		this._send = options.send;
+		this._runtime = options.runtime;
+		this._serverTimeout = options.defaultTimeout ?? 1e4;
+		this._onConnectionBound = options.onConnectionBound;
+		this._security = options.security;
+		this._allowedLevels = options.security == null ? [] : Array.isArray(options.security.securityLevel) ? options.security.securityLevel : [options.security.securityLevel];
+		this._noneAllowed = this._allowedLevels.includes("none");
+		this._handshakeMode = this._allowedLevels.some((level) => level !== "none");
+	}
+	/**
+	* The codec for a connection: a per-connection session (cached) when a factory was provided, else
+	* the single shared `formatMessage`.
+	*/
+	_codecFor(connection) {
+		if (this._createFormatMessage != null) {
+			let codec = this._codecByConn.get(connection);
+			if (codec == null) {
+				codec = this._createFormatMessage();
+				this._codecByConn.set(connection, codec);
+			}
+			return codec;
+		}
+		if (this._formatMessage != null) return this._formatMessage;
+		throw err_nice_transport.fromId("not_found", { actionId: "server-handler-codec (provide formatMessage or createFormatMessage)" });
+	}
+	/**
+	* Register (or replace) the connection-bound persistence callback after construction. Used by
+	* lifecycle helpers like {@link createHibernatableWsServerAdapter} so persistence and replay are
+	* owned by one place instead of being split across the constructor options.
+	*/
+	setOnConnectionBound(onConnectionBound) {
+		this._onConnectionBound = onConnectionBound;
+	}
+	/**
+	* Feed one inbound frame from a connection into the runtime. Decodes text or binary, binds the
+	* connection to the requesting client's identity, then routes it (requests execute locally;
+	* results/progress resolve pending server-initiated actions).
+	*/
+	receive(connection, frame) {
+		const security = this._security;
+		if (security == null || !this._handshakeMode) {
+			this._receivePlain(connection, frame);
+			return;
+		}
+		this._sessionFor(connection, security).receive(frame);
+	}
+	_receivePlain(connection, frame) {
+		const wire = decodeActionFrame(frame, this._codecFor(connection));
+		if (wire == null) return;
+		const encoding = typeof frame === "string" ? "json" : "binary";
+		this._connEncoding.set(connection, encoding);
+		if (wire.type === "request") this._resolveRequestIdentity(connection, wire, encoding);
+		this._emitIncoming(wire);
+	}
+	/**
+	* The secure session for a connection (built lazily on its first secure-mode frame), with the
+	* handler-owned effects — raw send, identity binding + persistence, and inbound routing — wired in as
+	* callbacks. The session owns all crypto/handshake/chain state; the handler keeps only the registry.
+	*/
+	_sessionFor(connection, security) {
+		let session = this._sessionByConn.get(connection);
+		if (session == null) {
+			session = new AcceptorSecureSession({
+				link: security.link,
+				localCoordinate: security.localCoordinate,
+				dictionaryVersion: security.dictionaryVersion,
+				securityLevel: security.securityLevel,
+				verifyKeyResolver: security.verifyKeyResolver,
+				noneAllowed: this._noneAllowed,
+				send: (frame) => this._send(connection, frame),
+				onAuthenticated: (auth) => this._onConnectionAuthenticated(connection, auth),
+				routePlain: (frame) => this._receivePlain(connection, frame),
+				routeAction: (bytes) => this._routeAuthedActionBytes(connection, bytes)
+			});
+			this._sessionByConn.set(connection, session);
+		}
+		return session;
+	}
+	/** Bind + persist a connection's authenticated identity once its handshake completes. */
+	_onConnectionAuthenticated(connection, auth) {
+		this._bindConnection(connection, auth.client);
+		this._connEncoding.set(connection, "binary");
+		this._onConnectionBound?.(connection, {
+			client: auth.client.toJsonObject(),
+			encoding: "binary",
+			secure: {
+				securityLevel: auth.securityLevel,
+				linkedClientId: auth.linkedClientId,
+				keyMaterial: auth.keyMaterial
+			}
+		});
+	}
+	/** Decode a decrypted authenticated frame, inject the *authenticated* identity, and route it. */
+	_routeAuthedActionBytes(connection, bytes) {
+		const wire = decodeActionFrame(bytes, this._codecFor(connection));
+		if (wire == null) return;
+		if (wire.type === "request") {
+			const bound = this._clientByConn.get(connection);
+			if (bound != null) wire.context.originClient = bound.toJsonObject();
+		}
+		this._emitIncoming(wire);
+	}
+	/**
+	* Ensure an inbound request carries the client's identity and that this connection is bound to it,
+	* so its result can be routed back. A session codec omits `originClient` after the first request, so
+	* when it's missing we restore it from the (possibly rehydrated) binding instead. (Plain mode only;
+	* secure mode binds the authenticated coordinate at handshake time.)
+	*/
+	_resolveRequestIdentity(connection, wire, encoding) {
+		const wireOrigin = wire.context.originClient;
+		if (wireOrigin != null && wireOrigin.envId !== "_unset_") {
+			const clientCoord = new RuntimeCoordinate(wireOrigin);
+			const isNewBinding = this._clientByConn.get(connection)?.stringId !== clientCoord.stringId;
+			this._bindConnection(connection, clientCoord);
+			if (isNewBinding) this._onConnectionBound?.(connection, {
+				client: clientCoord.toJsonObject(),
+				encoding
+			});
+			return;
+		}
+		const bound = this._clientByConn.get(connection);
+		if (bound != null) wire.context.originClient = bound.toJsonObject();
+	}
+	/**
+	* Restore a connection→client binding without an inbound frame — for transports that resume after
+	* eviction. Pair it with the {@link IAcceptorHandlerOptions.onConnectionBound} hook: persist
+	* the binding there, then replay each live connection here when the channel comes back (e.g. a
+	* Durable Object iterating `ctx.getWebSockets()` as it wakes from hibernation).
+	*/
+	rehydrateConnection(connection, binding) {
+		this._bindConnection(connection, new RuntimeCoordinate(binding.client));
+		this._connEncoding.set(connection, binding.encoding);
+		const secure = binding.secure;
+		const security = this._security;
+		if (secure == null || security == null) return;
+		this._sessionFor(connection, security).rehydrate(secure);
+	}
+	toJsonObject() {
+		return {
+			type: this.handlerType,
+			client: this.peerClient
+		};
+	}
+	toHandlerRouteItem() {
+		return {
+			type: this.handlerType,
+			client: this.peerClient,
+			transShape: "duplex",
+			transOrd: 0
+		};
+	}
+	/** Forget a connection (call on socket close) so stale entries don't misroute later results. */
+	dropConnection(connection) {
+		const coord = this._clientByConn.get(connection);
+		if (coord != null && this._connByClient.get(coord.stringId) === connection) this._connByClient.delete(coord.stringId);
+		this._clientByConn.delete(connection);
+		this._connEncoding.delete(connection);
+		this._codecByConn.delete(connection);
+		this._sessionByConn.delete(connection);
+	}
+	/** Live connection for a client coordinate, if currently registered. */
+	getConnectionForClient(client) {
+		return this._connByClient.get(client.stringId);
+	}
+	/** This acceptor owns the origin's return path when it currently holds a live connection bound to it. */
+	ownsLiveConnectionFor(origin) {
+		return this._connByClient.has(origin.stringId);
+	}
+	/** Whether this acceptor currently tracks `connection` — used to pick the owning handler among several. */
+	hasConnection(connection) {
+		return this._clientByConn.has(connection);
+	}
+	/**
+	* Send (and optionally await) a server-initiated action to a specific connected client. Pass the
+	* connection token directly (e.g. the `ws`) or a client `RuntimeCoordinate` to look one up.
+	*/
+	pushToClient(runtime, target, request, options) {
+		const connection = this._resolveConnection(target);
+		return this._dispatch(runtime, connection, request, options?.timeout);
+	}
+	/**
+	* Build a local handler whose cases are connection-aware: each case receives the primed request and
+	* the originating client's live connection (resolved from `originClient`), so handlers don't repeat
+	* the `getConnectionForClient(action.context.originClient)` lookup. Cases may return raw output or
+	* nothing, just like {@link ActionLocalHandler.forDomainActionCases}. Add the returned handler to the
+	* runtime alongside this server handler:
+	* ```ts
+	* runtime.addHandlers([serverHandler.forConnectionDomainCases(domain, { … }), serverHandler]);
+	* ```
+	*/
+	forConnectionDomainCases(domain, cases) {
+		return this.forConnectionDomainCasesMulti([domain], cases, (connection) => connection);
+	}
+	/**
+	* Like {@link forConnectionDomainCases} but spanning several domains with one merged case map — used
+	* by channel-derived wiring (`acceptChannelConnections` / `serveChannel`) where the channel's
+	* `toAcceptor` domains are served together. Each domain takes only the cases whose ids it owns, so a
+	* single map can cover several domains and unrelated ids are ignored.
+	*
+	* `mapContext` turns the resolved connection into whatever the case's second argument should be: the
+	* raw connection for the low-level helper, or an enriched `IConnectionContext` for `serveChannel`. It's
+	* called once per inbound action, after the originating connection is resolved.
+	*/
+	forConnectionDomainCasesMulti(domains, cases, mapContext) {
+		const handler = new ActionLocalHandler();
+		for (const domain of domains) {
+			const ownedIds = new Set(Object.keys(domain.actionsMap()));
+			const wrapped = {};
+			for (const id in cases) {
+				if (!ownedIds.has(id)) continue;
+				const caseFn = cases[id];
+				if (caseFn == null) continue;
+				wrapped[id] = (request) => {
+					return caseFn(request, mapContext(this.getConnectionForClient(request.context.originClient), request));
+				};
+			}
+			handler.forDomainActionCases(domain, wrapped);
+		}
+		return handler;
+	}
+	/**
+	* Fan a server-initiated request out to every currently-bound connection. A fresh request is built
+	* per connection (each push mutates its own action context) and dispatched fire-and-forget. Pass
+	* `except` to skip the originating socket and `where` to filter by connection (e.g. read its
+	* attachment for a role). Iterating bound connections (rather than every accepted socket) skips
+	* sockets that are still mid-handshake and so can't yet receive a frame.
+	*/
+	broadcast(makeRequest, options) {
+		const runtime = options?.runtime ?? this._runtime;
+		if (runtime == null) throw err_nice_transport.fromId("not_found", { actionId: "server-handler-runtime (construct with `runtime` or pass `options.runtime`)" });
+		for (const connection of this._clientByConn.keys()) {
+			if (options?.except != null && connection === options.except) continue;
+			if (options?.where != null && !options.where(connection)) continue;
+			try {
+				this.pushToClient(runtime, connection, makeRequest(), { timeout: options?.timeout });
+			} catch (error) {
+				if (options?.onError != null) options.onError(error, connection);
+				else console.error("[ws-server] broadcast push failed", error);
+			}
+		}
+	}
+	async sendReturnPayload(payload, config) {
+		const connection = this._connByClient.get(payload.context.originClient.stringId);
+		if (connection == null) return false;
+		this._sendPayload(connection, payload, config.targetLocalRuntime.coordinate);
+		return true;
+	}
+	async handleActionRequest(action, config) {
+		const runtime = config?.targetLocalRuntime ?? ActionRuntime.getDefault();
+		const connection = this._resolveSingleConnection();
+		return this._dispatch(runtime, connection, action, config?.timeout);
+	}
+	_dispatch(runtime, connection, action, timeout) {
+		const timeoutMs = timeout ?? this._serverTimeout;
+		action.context._setOriginClient(runtime.coordinate);
+		action.context.addRouteItem({
+			runtime: runtime.coordinate,
+			handler: this.toHandlerRouteItem(),
+			time: Date.now()
+		});
+		const runningAction = new RunningAction({
+			context: action.context,
+			request: action,
+			parentCuid: peekHandlerCuid(),
+			callSite: action._callSite
+		});
+		runtime.registerRunningAction(runningAction);
+		if (action.schema.responseMode === "none") {
+			try {
+				this._sendPayload(connection, action, runtime.coordinate);
+				runningAction._completeWithResult(action.successResult(void 0));
+			} catch (err) {
+				runningAction._abort(err);
+			}
+			return runningAction;
+		}
+		const timeoutId = setTimeout(() => {
+			runningAction._abort(err_nice_transport.fromId("timeout", { timeout: timeoutMs }));
+		}, timeoutMs);
+		runningAction.addUpdateListeners([(update) => {
+			if (update.type === "finished") clearTimeout(timeoutId);
+		}]);
+		try {
+			this._sendPayload(connection, action, runtime.coordinate);
+		} catch (err) {
+			runningAction._abort(err);
+		}
+		return runningAction;
+	}
+	_sendPayload(connection, payload, localClient) {
+		const frame = (this._connEncoding.get(connection) ?? "binary") === "json" ? JSON.stringify(payload.toJsonObject()) : this._codecFor(connection).outgoing({
+			action: payload,
+			localClient,
+			externalClient: this.peerClient
+		});
+		const session = this._sessionByConn.get(connection);
+		if (session == null) {
+			this._send(connection, frame);
+			return;
+		}
+		session.send(frame);
+	}
+	_bindConnection(connection, client) {
+		this._connByClient.set(client.stringId, connection);
+		this._clientByConn.set(connection, client);
+	}
+	_resolveConnection(target) {
+		if (target instanceof RuntimeCoordinate) {
+			const connection = this._connByClient.get(target.stringId);
+			if (connection == null) throw err_nice_transport.fromId("not_found", { actionId: target.stringId });
+			return connection;
+		}
+		return target;
+	}
+	_resolveSingleConnection() {
+		if (this._clientByConn.size !== 1) throw err_nice_transport.fromId("not_found", { actionId: "server-handler-target (use pushToClient with an explicit connection or client coordinate)" });
+		return this._clientByConn.keys().next().value;
+	}
+};
+const createAcceptorHandler = (options) => {
+	return new AcceptorHandler(options);
+};
+//#endregion
+//#region src/ActionRuntime/Handler/PeerLink/Acceptor/createSecureActionServer.ts
+/** Default accepted set: negotiate per connection to whatever the client picks. */
+const DEFAULT_SERVER_SECURITY_LEVELS$1 = [
+	"none",
+	"authenticated",
+	"encrypted"
+];
+/**
+* Build an {@link AcceptorHandler} for the secure binary channel with the boilerplate folded in:
+* it creates the {@link ClientCryptoKeyLink} and the storage-backed TOFU resolver from a single
+* `storageAdapter`, installs the channel's per-connection codec, and assembles the `security` block
+* from the runtime coordinate + channel version (accepting all three levels by default).
+*
+* For a hibernatable transport (e.g. a Durable Object), pair it with
+* {@link createHibernatableWsServerAdapter} to wire persistence + replay.
+*/
+function createSecureAcceptorHandler(options) {
+	const link = options.link ?? new _nice_code_util.ClientCryptoKeyLink({ storageAdapter: options.storageAdapter });
+	return new AcceptorHandler({
+		clientEnv: options.clientEnv,
+		createFormatMessage: options.channel.createCodec,
+		send: options.send,
+		runtime: options.runtime,
+		defaultTimeout: options.defaultTimeout,
+		security: {
+			securityLevel: options.securityLevel ?? DEFAULT_SERVER_SECURITY_LEVELS$1,
+			link,
+			localCoordinate: options.runtime.coordinate.toJsonObject(),
+			dictionaryVersion: options.channel.dictionaryVersion,
+			verifyKeyResolver: options.verifyKeyResolver ?? createStorageTofuVerifyKeyResolver(options.storageAdapter)
+		}
+	});
+}
+//#endregion
+//#region src/ActionRuntime/Transport/Carrier/Carrier.types.ts
+/**
+* Narrow a carrier source to the exchange shape via its `shape` discriminant — the one branch the
+* transport factories ({@link secureTransport}, {@link plainTransport}) use to pick the duplex vs
+* exchange transport. A duplex source carries no `shape`, so the `else` branch is the duplex one.
+*/
+function isExchangeCarrierSource(carrier) {
+	return "shape" in carrier && carrier.shape === "exchange";
+}
+//#endregion
+//#region src/ActionRuntime/Transport/Transport.ts
+/**
+* Reusable transport definition. Devs construct these (`secureTransport({ carrier: wsCarrier(() => ({ url })) })`,
+* `plainTransport({ carrier: httpCarrier(...) })`, …) and pass them to a
+* `ConnectorHandler`. A single
+* definition can be shared across multiple handlers — each handler builds its own live
+* {@link TransportConnection} via {@link TransportConnection._createConnection}.
+*/
+var Transport = class {};
+//#endregion
+//#region src/ActionRuntime/Transport/SecureSession/exchangeProtocol.ts
+function encodeExchange(envelope) {
+	return JSON.stringify(envelope);
+}
+function decodeExchangeRequest(raw) {
+	return parse(raw);
+}
+function decodeExchangeReply(raw) {
+	return parse(raw);
+}
+function parse(raw) {
+	try {
+		return JSON.parse(raw);
+	} catch {
+		return;
+	}
+}
+function bytesToBase64(bytes) {
+	let binary = "";
+	for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+	return btoa(binary);
+}
+function base64ToBytes(base64) {
+	const binary = atob(base64);
+	const bytes = new Uint8Array(binary.length);
+	for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+	return bytes;
+}
+//#endregion
+//#region src/ActionRuntime/Transport/SecureSession/establishExchangeSession.ts
+const textEncoder$1 = new TextEncoder();
+const textDecoder$1 = new TextDecoder();
+/** Plain path (no handshake/token): every action rides a bare `act` envelope, plaintext both ways. */
+function finalizePlainExchangeMethods(ctx) {
+	return buildExchangeMethods(ctx, {});
+}
+/** Secure path: run the handshake (two exchanges) once at bring-up, then reuse the token + crypto. */
+async function finalizeSecureExchangeMethods(ctx) {
+	return buildExchangeMethods(ctx, await runConnectorExchangeHandshake(ctx.carrier, ctx.secure));
+}
+function buildExchangeMethods(ctx, state) {
+	const sendActionData = (inputs) => {
+		runExchange(ctx.carrier, state, inputs).catch((err) => inputs.runningAction._abort(err));
+	};
+	return {
+		sendActionData,
+		updateRunConfig: ctx.updateRunConfig
+	};
+}
+async function runExchange(carrier, state, inputs) {
+	const { action, runningAction, timeout } = inputs;
+	const ac = new AbortController();
+	let timedOut = false;
+	const timeoutId = setTimeout(() => {
+		timedOut = true;
+		ac.abort();
+	}, timeout);
+	const unsubscribe = runningAction.addUpdateListeners([(update) => {
+		if (update.type === "finished") {
+			clearTimeout(timeoutId);
+			ac.abort();
+		}
+	}]);
+	try {
+		const request = await buildRequestEnvelope(state, action);
+		const replyRaw = await carrier.exchange(encodeExchange(request), { signal: ac.signal });
+		if (action.type !== "request") return;
+		const reply = decodeExchangeReply(asString(replyRaw));
+		if (reply == null) throw err_nice_transport.fromId("invalid_action_response", { actionId: action.id });
+		if (reply.k === "err") throw err_nice_transport.fromId("send_failed", {
+			actionState: action.type,
+			actionId: action.id,
+			message: reply.message
+		});
+		const wire = await extractReplyWire(state, reply);
+		if (wire == null || !isActionPayload_Result_JsonObject(wire)) throw err_nice_transport.fromId("invalid_action_response", { actionId: action.id });
+		runningAction._completeWithResult(action._domain.hydrateResultPayload(wire));
+	} catch (err) {
+		if (timedOut) throw err_nice_transport.fromId("timeout", { timeout });
+		throw err;
+	} finally {
+		clearTimeout(timeoutId);
+		unsubscribe();
+	}
+}
+async function buildRequestEnvelope(state, action) {
+	const wire = action.toJsonObject();
+	if (state.crypto != null) {
+		const ciphertext = await state.crypto.encryptFrame(textEncoder$1.encode(JSON.stringify(wire)));
+		return {
+			k: "act",
+			t: state.token,
+			c: bytesToBase64(ciphertext)
+		};
+	}
+	return {
+		k: "act",
+		t: state.token,
+		w: wire
+	};
+}
+async function extractReplyWire(state, reply) {
+	if (reply.k !== "act") return void 0;
+	if ("c" in reply) {
+		if (state.crypto == null) return void 0;
+		const plain = await state.crypto.decryptFrame(base64ToBytes(reply.c));
+		return JSON.parse(textDecoder$1.decode(plain));
+	}
+	return reply.w;
+}
+async function runConnectorExchangeHandshake(carrier, secure) {
+	await secure.link.initialize();
+	const handshake = createClientHandshake({
+		link: secure.link,
+		localCoordinate: secure.localCoordinate,
+		dictionaryVersion: secure.dictionaryVersion,
+		securityLevel: secure.securityLevel
+	});
+	const hsid = (0, nanoid.nanoid)();
+	const hello = await handshake.createHello();
+	const welcomeReply = decodeExchangeReply(asString(await carrier.exchange(encodeExchange({
+		k: "hs",
+		hsid,
+		m: encodeHandshakeMessage(hello)
+	}))));
+	if (welcomeReply?.k !== "hs") throw new Error("[exchange-handshake] expected a welcome reply");
+	const welcome = decodeHandshakeMessage(welcomeReply.m);
+	if (welcome == null) throw new Error("[exchange-handshake] malformed welcome");
+	if (welcome.t === "reject") throw new Error(`[exchange-handshake] rejected by peer: ${welcome.reason}`);
+	if (welcome.t !== "welcome") throw new Error(`[exchange-handshake] expected welcome, got ${welcome.t}`);
+	const prove = await handshake.onWelcome(welcome);
+	const acceptReply = decodeExchangeReply(asString(await carrier.exchange(encodeExchange({
+		k: "hs",
+		hsid,
+		m: encodeHandshakeMessage(prove)
+	}))));
+	if (acceptReply?.k !== "hs") throw new Error("[exchange-handshake] expected an accept reply");
+	const accept = decodeHandshakeMessage(acceptReply.m);
+	if (accept == null) throw new Error("[exchange-handshake] malformed accept");
+	if (accept.t === "reject") throw new Error(`[exchange-handshake] rejected by peer: ${accept.reason}`);
+	if (accept.t !== "accept") throw new Error(`[exchange-handshake] expected accept, got ${accept.t}`);
+	if (acceptReply.t == null) throw new Error("[exchange-handshake] accept missing session token");
+	const result = await handshake.onAccept(accept);
+	const crypto = result.securityLevel === "encrypted" ? createActionFrameCrypto({
+		link: secure.link,
+		linkedClientId: result.linkedClientId
+	}) : void 0;
+	return {
+		token: acceptReply.t,
+		crypto
+	};
+}
+function asString(frame) {
+	if (typeof frame === "string") return frame;
+	return textDecoder$1.decode(frame instanceof ArrayBuffer ? new Uint8Array(frame) : frame);
+}
+//#endregion
+//#region src/ActionRuntime/Transport/helpers/addTransportStatusMetadata.ts
+function addTransportStatusMetadata(transportStatus) {
+	if (transportStatus.status === "ready") return {
+		status: "ready",
+		readyData: transportStatus.readyData
+	};
+	if (transportStatus.status === "initializing") return {
+		status: "initializing",
+		initializationPromise: transportStatus.initializationPromise,
+		timeStarted: Date.now()
+	};
+	if (transportStatus.status === "failed") return {
+		status: "failed",
+		error: transportStatus.error,
+		timeFailed: Date.now()
+	};
+	if (transportStatus.status === "unsupported") return { status: "unsupported" };
+	return { status: "uninitialized" };
+}
+//#endregion
+//#region src/ActionRuntime/Transport/TransportConnection.ts
+let transportOrd = 0;
+/**
+* Live, per-handler transport runtime built from a reusable {@link Transport} definition. Holds the
+* connection-scoped state (ordinal, initialized config, sockets / abort sets) that must not be shared
+* across handlers. Construct these via `definition._createConnection(...)`, never directly.
+*/
+var TransportConnection = class {
+	def;
+	transOrd = transportOrd++;
+	type;
+	initialized;
+	/** Backref to the public definition that created this connection (used for devtools route info). */
+	definition;
+	constructor(def) {
+		this.def = def;
+		this.type = def.type;
+		this.initialized = def.initialize();
+	}
+	/**
+	* Devtools route info for an action routed through this live connection. Defaults to the stateless
+	* {@link definition}'s info; connections override to enrich it from live state (e.g. the actual
+	* resolved socket URL) when the definition couldn't resolve it on its own.
+	*/
+	getRouteInfo(input) {
+		return this.definition?.getRouteInfo(input);
+	}
+	/**
+	* Whether a `ready`-status transport still needs asynchronous bring-up before its methods exist —
+	* awaiting the carrier to open and/or running a handshake. Default `false`: a stateless transport
+	* (HTTP) is usable the instant `getTransport` reports `ready`, so it stays a terminal *synchronous*
+	* fallback in {@link ConnectionTransportManager}. Stream carriers (Link/WS) override to `true`.
+	*/
+	_needsAsyncBringUp(_readyData) {
+		return false;
+	}
+	/** Await the carrier becoming ready to send (e.g. a socket `open`). Default: nothing to await. */
+	_awaitCarrierReady(_readyData) {
+		return Promise.resolve();
+	}
+	/**
+	* Finalize during async bring-up — may run a handshake, so it can be async. Defaults to the
+	* synchronous {@link _finalizeTransportMethods}; secure stream carriers override to branch plain/secure.
+	*/
+	_finalizeReady(readyData) {
+		return this._finalizeTransportMethods(readyData);
+	}
+	_getCacheKey(input) {
+		const parts = this.initialized.getTransportCacheKey?.(input);
+		if (parts == null) return null;
+		return parts.join("\0");
+	}
+	getCacheKey(input) {
+		const inner = this._getCacheKey(input);
+		if (inner == null) return null;
+		return `${this.transOrd}:${inner}`;
+	}
+	/**
+	* Whether this transport can serve the given action right now. Consulted by the manager before
+	* cache-key resolution and `getTransport`; a `false` result skips this transport (treated as
+	* `unsupported`) and the manager falls through to the next in preference order. Defaults to `true`
+	* when the transport declares no gate.
+	*/
+	isAvailable(input) {
+		return this.initialized.isAvailable?.(input) ?? true;
+	}
+	getTransport(input) {
+		return this._processTransportStatus(input);
+	}
+	_processTransportStatus(input) {
+		const statusInfo = addTransportStatusMetadata(this.initialized.getTransport(input));
+		if (statusInfo.status === "ready") {
+			if (!this._needsAsyncBringUp(statusInfo.readyData)) return {
+				status: "ready",
+				readyData: this._finalizeTransportMethods(statusInfo.readyData)
+			};
+			return {
+				status: "initializing",
+				timeStarted: Date.now(),
+				initializationPromise: this._bringUp(statusInfo.readyData)
+			};
+		}
+		if (statusInfo.status === "initializing") {
+			const initializationPromise = statusInfo.initializationPromise.then((result) => result.status === "ready" ? this._bringUp(result.readyData) : result);
+			return {
+				status: "initializing",
+				timeStarted: statusInfo.timeStarted,
+				initializationPromise
+			};
+		}
+		return statusInfo;
+	}
+	/** Await carrier readiness, then finalize (possibly running a handshake) into the live methods. */
+	async _bringUp(readyData) {
+		await this._awaitCarrierReady(readyData);
+		return {
+			status: "ready",
+			readyData: await this._finalizeReady(readyData)
+		};
+	}
+};
+//#endregion
+//#region src/ActionRuntime/Transport/Exchange/ExchangeConnection.ts
+/**
+* Carrier-agnostic live connection for the exchange (request → single reply) shape — the HTTP
+* counterpart to {@link LinkConnection}. It owns only the bring-up (run the secure handshake on first
+* use); the request/reply lifecycle + crypto live in the shared `establishExchangeSession`.
+*/
+var ExchangeConnection = class extends TransportConnection {
+	constructor(def) {
+		super({
+			...def,
+			type: "exchange"
+		});
+	}
+	_getCacheKey(input) {
+		return this.initialized.getTransportCacheKey?.(input).join("\0") ?? "";
+	}
+	_needsAsyncBringUp(data) {
+		return data.secureChannel != null && data.secureChannel.securityLevel !== "none";
+	}
+	_finalizeReady(data) {
+		const secure = data.secureChannel;
+		if (secure != null && secure.securityLevel !== "none") return finalizeSecureExchangeMethods({
+			...this._sessionContext(data),
+			secure
+		});
+		return this._finalizeTransportMethods(data);
+	}
+	_finalizeTransportMethods(data) {
+		return finalizePlainExchangeMethods(this._sessionContext(data));
+	}
+	_sessionContext(data) {
+		return {
+			carrier: data.carrier,
+			updateRunConfig: data.updateRunConfig,
+			secure: data.secureChannel
+		};
+	}
+};
+//#endregion
+//#region src/ActionRuntime/Transport/Exchange/ExchangeTransport.ts
+/**
+* A carrier-agnostic exchange (request → single reply) transport: it drives nice-action's secure session
+* over any {@link IExchangeCarrier} (HTTP being the one built-in). The duplex counterpart is
+* {@link LinkTransport}; this is the no-push half — its reply rides the response to its own request, so it
+* can't deliver an unsolicited frame (the runtime never picks it for the return path).
+*/
+var ExchangeTransport = class ExchangeTransport extends Transport {
+	options;
+	type = "exchange";
+	constructor(options) {
+		super();
+		this.options = options;
+	}
+	static create(options) {
+		return new ExchangeTransport(options);
+	}
+	_createConnection(_ctx) {
+		const options = this.options;
+		return new ExchangeConnection({ initialize: () => ({
+			getTransportCacheKey: options.getTransportCacheKey,
+			isAvailable: options.available,
+			getTransport: (input) => ({
+				status: "ready",
+				readyData: {
+					carrier: options.openCarrier(input),
+					secureChannel: options.security,
+					updateRunConfig: options.updateRunConfig
+				}
+			})
+		}) });
+	}
+	getRouteInfo(input) {
+		if (this.options.getRouteInfo != null) return this.options.getRouteInfo(input);
+		return {
+			carrierLabel: this.options.label ?? "exchange",
+			summary: this.options.label ?? "exchange"
+		};
+	}
+};
+//#endregion
+//#region src/ActionRuntime/Transport/helpers/createUnsetTransportResolvers.ts
+const createUnsetTransportResolvers = (transportLabel) => ({ onIncomingActionDataJson: (json) => {
+	console.warn(`Received incoming action JSON [${json.domain}:${json.id}] on Transport [${transportLabel}] but no incoming data listener has been set.`);
+} });
+//#endregion
+//#region src/ActionRuntime/Transport/SecureSession/establishLinkSession.ts
+const HANDSHAKE_TIMEOUT_MS = 15e3;
+/** Plain path (no handshake): route every inbound frame to the runtime; send without crypto. */
+function finalizePlainLinkMethods(ctx) {
+	const disconnectListeners = [];
+	const abortSet = /* @__PURE__ */ new Set();
+	const pipe = makePipe(ctx, void 0);
+	ctx.channel.attach({
+		onMessage: (frame) => void handleIncomingActionFrame(ctx, pipe, frame),
+		onClose: () => onChannelClosed(ctx, disconnectListeners, abortSet),
+		onError: () => onChannelClosed(ctx, disconnectListeners, abortSet)
+	});
+	return buildSendMethods(ctx, pipe, disconnectListeners, abortSet);
+}
+/**
+* Secure path: a single message handler feeds the handshake until it completes, then routes action
+* frames (decrypting at the `encrypted` level). Frames that race ahead of activation are buffered and
+* flushed once the handshake lands, so nothing is lost.
+*/
+async function finalizeSecureLinkMethods(ctx) {
+	const disconnectListeners = [];
+	const abortSet = /* @__PURE__ */ new Set();
+	const session = {};
+	let active = false;
+	const handshakeQueue = [];
+	const handshakeWaiters = [];
+	const pendingActionFrames = [];
+	ctx.channel.attach({
+		onMessage: (frame) => {
+			if (active && session.pipe != null) {
+				handleIncomingActionFrame(ctx, session.pipe, frame);
+				return;
+			}
+			if (typeof frame === "string") {
+				const message = decodeHandshakeMessage(frame);
+				if (message != null) {
+					const waiter = handshakeWaiters.shift();
+					if (waiter != null) waiter(message);
+					else handshakeQueue.push(message);
+					return;
+				}
+			}
+			pendingActionFrames.push(frame);
+		},
+		onClose: () => onChannelClosed(ctx, disconnectListeners, abortSet),
+		onError: () => onChannelClosed(ctx, disconnectListeners, abortSet)
+	});
+	const nextHandshakeMessage = () => {
+		const queued = handshakeQueue.shift();
+		if (queued != null) return Promise.resolve(queued);
+		return new Promise((resolve, reject) => {
+			const timeout = setTimeout(() => reject(/* @__PURE__ */ new Error("[link-handshake] timed out waiting for peer reply")), HANDSHAKE_TIMEOUT_MS);
+			handshakeWaiters.push((message) => {
+				clearTimeout(timeout);
+				resolve(message);
+			});
+		});
+	};
+	const pipe = makePipe(ctx, await runClientHandshake(ctx.channel, ctx.secure, nextHandshakeMessage));
+	session.pipe = pipe;
+	active = true;
+	for (const frame of pendingActionFrames) await handleIncomingActionFrame(ctx, pipe, frame);
+	pendingActionFrames.length = 0;
+	return buildSendMethods(ctx, pipe, disconnectListeners, abortSet);
+}
+function makePipe(ctx, crypto) {
+	return createFrameCryptoPipe({
+		write: (frame) => ctx.channel.send(frame),
+		isOpen: () => ctx.channel.isOpen(),
+		crypto
+	});
+}
+async function runClientHandshake(channel, secure, nextHandshakeMessage) {
+	await secure.link.initialize();
+	const handshake = createClientHandshake({
+		link: secure.link,
+		localCoordinate: secure.localCoordinate,
+		dictionaryVersion: secure.dictionaryVersion,
+		securityLevel: secure.securityLevel
+	});
+	channel.send(encodeHandshakeMessage(await handshake.createHello()));
+	const welcome = await nextHandshakeMessage();
+	if (welcome.t === "reject") throw new Error(`[link-handshake] rejected by peer: ${welcome.reason}`);
+	if (welcome.t !== "welcome") throw new Error(`[link-handshake] expected welcome, got ${welcome.t}`);
+	channel.send(encodeHandshakeMessage(await handshake.onWelcome(welcome)));
+	const accept = await nextHandshakeMessage();
+	if (accept.t === "reject") throw new Error(`[link-handshake] rejected by peer: ${accept.reason}`);
+	if (accept.t !== "accept") throw new Error(`[link-handshake] expected accept, got ${accept.t}`);
+	const result = await handshake.onAccept(accept);
+	return result.securityLevel === "encrypted" ? createActionFrameCrypto({
+		link: secure.link,
+		linkedClientId: result.linkedClientId
+	}) : void 0;
+}
+function buildSendMethods(ctx, pipe, disconnectListeners, abortSet) {
+	const channel = ctx.channel;
+	const sendActionData = (inputs) => {
+		const { action, runningAction, timeout } = inputs;
+		if (!channel.isOpen()) {
+			if (action.type === "request") runningAction._abort(ctx.makeDisconnectError(action.id));
+			return;
+		}
+		if (action.type === "request") {
+			abortSet.add(runningAction);
+			const timeoutId = setTimeout(() => {
+				runningAction._abort(err_nice_transport.fromId("timeout", { timeout }));
+			}, timeout);
+			runningAction.addUpdateListeners([(update) => {
+				if (update.type === "finished") {
+					clearTimeout(timeoutId);
+					abortSet.delete(runningAction);
+				}
+			}]);
+		}
+		pipe.send(ctx.formatMessage?.outgoing(inputs) ?? JSON.stringify(inputs.action.toJsonObject()));
+	};
+	return {
+		sendActionData,
+		updateRunConfig: ctx.updateRunConfig,
+		addOnDisconnectListener: (cb) => {
+			disconnectListeners.push(cb);
+		},
+		disconnect: () => {
+			try {
+				channel.close();
+			} catch {}
+		},
+		sendReturnData: (payload, clients) => {
+			const formatted = clients != null ? ctx.formatMessage?.outgoing({
+				action: payload,
+				...clients
+			}) : void 0;
+			pipe.send(formatted ?? JSON.stringify(payload.toJsonObject()));
+		}
+	};
+}
+async function handleIncomingActionFrame(ctx, pipe, frame) {
+	const decoded = await pipe.decryptIncoming(frame);
+	if (decoded === void 0) return;
+	const rawJson = decodeActionFrame(decoded, ctx.formatMessage);
+	if (rawJson != null) ctx.resolvers.onIncomingActionDataJson(rawJson);
+}
+function onChannelClosed(ctx, disconnectListeners, abortSet) {
+	for (const cb of disconnectListeners) cb();
+	const error = ctx.makeDisconnectError("—");
+	for (const ra of [...abortSet]) ra._abort(error);
+}
+//#endregion
+//#region src/ActionRuntime/Transport/Link/LinkConnection.ts
+/** Abort error for a closed link channel (carrier-neutral — the carrier itself isn't named). */
+function linkDisconnectError(actionId) {
+	return err_nice_transport.fromId("send_failed", {
+		actionId,
+		actionState: "request",
+		message: "link channel disconnected"
+	});
+}
+/**
+* Carrier-agnostic live connection. It owns only the *bring-up* (open the carrier, then run the secure
+* session); the session itself — handshake, frame crypto, codec, send/receive — lives in the shared
+* {@link finalizeSecureLinkMethods}/{@link finalizePlainLinkMethods}, so a WebSocket, a WebRTC data
+* channel, a Bluetooth characteristic, and an in-memory pipe all run the identical secure layer.
+*/
+var LinkConnection = class extends TransportConnection {
+	resolvers;
+	constructor(def, resolvers) {
+		super({
+			...def,
+			type: "duplex"
+		});
+		this.resolvers = resolvers ?? createUnsetTransportResolvers("link");
+	}
+	_getCacheKey(input) {
+		return this.initialized.getTransportCacheKey?.(input).join("\0") ?? "";
+	}
+	_needsAsyncBringUp() {
+		return true;
+	}
+	_awaitCarrierReady(data) {
+		return data.channel.ready;
+	}
+	_finalizeReady(data) {
+		const secure = data.secureChannel;
+		if (secure != null && secure.securityLevel !== "none") return finalizeSecureLinkMethods({
+			...this._sessionContext(data),
+			secure
+		});
+		return this._finalizeTransportMethods(data);
+	}
+	_sessionContext(data) {
+		return {
+			channel: data.channel,
+			resolvers: this.resolvers,
+			formatMessage: data.formatMessage,
+			updateRunConfig: data.updateRunConfig,
+			makeDisconnectError: linkDisconnectError
+		};
+	}
+	_finalizeTransportMethods(data) {
+		return finalizePlainLinkMethods(this._sessionContext(data));
+	}
+};
+//#endregion
+//#region src/ActionRuntime/Transport/Link/LinkTransport.ts
+/**
+* A carrier-agnostic transport: it drives nice-action's secure session + action routing over any
+* {@link IDuplexCarrier}. The WebSocket transport is the special case that opens a `WebSocket`;
+* this opens whatever `openChannel` returns, so the identical secure layer works over WebRTC, Bluetooth,
+* or an in-memory pipe. Reported with an overridable carrier label in the devtools (defaults to "link").
+*/
+var LinkTransport = class LinkTransport extends Transport {
+	options;
+	type = "duplex";
+	constructor(options) {
+		super();
+		this.options = options;
+	}
+	static create(options) {
+		return new LinkTransport(options);
+	}
+	_createConnection(ctx) {
+		const options = this.options;
+		return new LinkConnection({ initialize: () => ({
+			getTransportCacheKey: options.getTransportCacheKey,
+			isAvailable: options.available,
+			getTransport: (input) => ({
+				status: "ready",
+				readyData: {
+					channel: options.openChannel(input),
+					formatMessage: options.createFormatMessage?.() ?? options.formatMessage,
+					updateRunConfig: options.updateRunConfig,
+					secureChannel: options.security
+				}
+			})
+		}) }, ctx.resolvers);
+	}
+	getRouteInfo(input) {
+		if (this.options.getRouteInfo != null) return this.options.getRouteInfo(input);
+		return {
+			carrierLabel: this.options.label ?? "link",
+			summary: this.options.label ?? "link"
+		};
+	}
+};
+//#endregion
+//#region src/ActionRuntime/Transport/plainTransport.ts
+function plainTransport(options) {
+	const carrier = options.carrier;
+	if (isExchangeCarrierSource(carrier)) return ExchangeTransport.create({
+		openCarrier: carrier.open,
+		getTransportCacheKey: carrier.getCacheKey,
+		available: options.available,
+		getRouteInfo: carrier.getRouteInfo,
+		label: options.label ?? carrier.carrierLabel,
+		updateRunConfig: options.updateRunConfig
+	});
+	return LinkTransport.create({
+		openChannel: carrier.open,
+		formatMessage: options.formatMessage,
+		createFormatMessage: options.createFormatMessage,
+		getTransportCacheKey: carrier.getCacheKey,
+		available: options.available,
+		getRouteInfo: carrier.getRouteInfo,
+		label: options.label ?? carrier.carrierLabel,
+		updateRunConfig: options.updateRunConfig
+	});
+}
+//#endregion
+//#region src/ActionRuntime/Transport/secureTransport.ts
+function secureTransport(options) {
+	const link = options.link ?? (options.storageAdapter != null ? new _nice_code_util.ClientCryptoKeyLink({ storageAdapter: options.storageAdapter }) : void 0);
+	if (link == null) throw new Error("secureTransport: provide `link` or `storageAdapter` for the crypto identity.");
+	const security = {
+		securityLevel: options.securityLevel,
+		link,
+		localCoordinate: options.runtime.coordinate.toJsonObject(),
+		dictionaryVersion: options.channel.dictionaryVersion
+	};
+	const carrier = options.carrier;
+	if (isExchangeCarrierSource(carrier)) return ExchangeTransport.create({
+		openCarrier: carrier.open,
+		getTransportCacheKey: carrier.getCacheKey,
+		available: options.available,
+		getRouteInfo: carrier.getRouteInfo,
+		label: carrier.carrierLabel,
+		security
+	});
+	return LinkTransport.create({
+		openChannel: carrier.open,
+		createFormatMessage: options.channel.createCodec,
+		getTransportCacheKey: carrier.getCacheKey,
+		available: options.available,
+		getRouteInfo: carrier.getRouteInfo,
+		label: carrier.carrierLabel,
+		security
+	});
+}
+//#endregion
+//#region src/ActionRuntime/Channel/ActionChannel.ts
+/**
+* Declare a transport-agnostic channel by role. Use it for HTTP, custom transports, or as the routing
+* half of a richer channel. The order of each list is part of the contract for wire formats that pack
+* positionally (see `defineSecureChannel`) — add new domains to the end of their list. (`domains` is
+* accepted as a legacy alias for `toAcceptor`.)
+*/
+function defineChannel(options) {
+	return {
+		toAcceptorDomains: options.toAcceptor,
+		toConnectorDomains: options.toConnector
+	};
+}
+/**
+* Open a connection to a peer from a single call — the dial-out dual of `serveChannel`. The channel is
+* the single source of truth for *what* is routed (`toAcceptor` domains forwarded to the peer,
+* `toConnector` pushes handled locally from `onPush`); the call binds the shared facts — the channel's
+* codec/dictionary version, the runtime, and one crypto identity (a {@link ClientCryptoKeyLink} over
+* `storage`) — into every transport in `transports`, so none of them restate the channel or runtime.
+* List several transports to make the path transport-agnostic (secure WS preferred, HTTP fallback):
+* ```ts
+* const handler = connectChannel(runtime, lobbyChannel, {
+*   peer: runtime_coordinate_lobby_do,
+*   storage,
+*   transports: [{ carrier: wsCarrier(() => ({ url })) }, { carrier: httpCarrier(...), secure: false }],
+*   onPush: { player_joined: (p) => { … } },
+* });
+* ```
+* Returns the {@link ConnectorHandler} so the caller can later `clearTransportCache()` it.
+*/
+function connectChannel(runtime, channel, options) {
+	const securityLevel = options.securityLevel ?? "authenticated";
+	const anySecure = options.transports.some((transport) => transport.secure ?? true);
+	let link = options.link;
+	if (anySecure && link == null) {
+		if (options.storage == null) throw new Error("connectChannel: a secure transport requires `storage` (or `link`). Pass it, or set `secure: false` on the transport for a plain connection.");
+		link = new _nice_code_util.ClientCryptoKeyLink({ storageAdapter: options.storage });
+	}
+	const transports = options.transports.map((transport) => {
+		const carrier = transport.carrier;
+		const secure = transport.secure ?? true;
+		if (isExchangeCarrierSource(carrier)) return secure ? secureTransport({
+			channel,
+			runtime,
+			link,
+			securityLevel: transport.securityLevel ?? securityLevel,
+			available: transport.available,
+			carrier
+		}) : plainTransport({
+			carrier,
+			available: transport.available,
+			label: transport.label
+		});
+		return secure ? secureTransport({
+			channel,
+			runtime,
+			link,
+			securityLevel: transport.securityLevel ?? securityLevel,
+			available: transport.available,
+			carrier
+		}) : plainTransport({
+			carrier,
+			createFormatMessage: channel.createCodec,
+			available: transport.available,
+			label: transport.label
+		});
+	});
+	const pushHandlers = options.onPush != null ? channel.toConnectorDomains.map((domain) => domain.wrapAsPartialLocalHandler(options.onPush)) : [];
+	return runtime.connectTo(options.peer, {
+		transports,
+		domains: [...channel.toAcceptorDomains],
+		localHandlers: pushHandlers,
+		defaultTimeout: options.defaultTimeout
+	});
+}
+/**
+* Register an acceptor handler's execution for a channel straight from its definition: the channel's
+* `toAcceptor` domains are served together with one merged, connection-aware case map (each case gets
+* the primed request + the originating connection, as with
+* {@link AcceptorHandler.forConnectionDomainCases}). The domain list is taken from the channel,
+* never restated. Add the returned handler to the runtime alongside the acceptor handler:
+* ```ts
+* runtime.addHandlers([acceptChannelConnections(serverHandler, channel, { … }), serverHandler]);
+* ```
+*
+* The case's second argument is the raw connection (`TConn | undefined`). For the richer state +
+* broadcast + pushBack context, serve the channel through `serveChannel`'s `channelCases` instead.
+*/
+function acceptChannelConnections(serverHandler, channel, cases) {
+	return serverHandler.forConnectionDomainCasesMulti(channel.toAcceptorDomains, cases, (connection) => connection);
+}
+/**
+* Build the secure {@link AcceptorHandler} for a channel — the accept-in counterpart to
+* {@link connectChannel}. It folds in the same boilerplate as {@link createSecureAcceptorHandler} (the
+* `ClientCryptoKeyLink` + storage-backed TOFU resolver from one `storageAdapter`, the channel's codec +
+* dictionary version, the `security` block from the runtime coordinate) but takes the `(runtime, channel,
+* options)` shape of the channel family. Pair it with {@link acceptChannelConnections} for execution:
+* ```ts
+* const acceptor = acceptChannel(runtime, gameChannel, { clientEnv, storageAdapter, send });
+* runtime.addHandlers([acceptChannelConnections(acceptor, gameChannel, { … }), acceptor]);
+* ```
+*/
+function acceptChannel(runtime, channel, options) {
+	return createSecureAcceptorHandler({
+		channel,
+		runtime,
+		clientEnv: options.clientEnv,
+		storageAdapter: options.storageAdapter,
+		link: options.link,
+		send: options.send,
+		securityLevel: options.securityLevel,
+		verifyKeyResolver: options.verifyKeyResolver,
+		defaultTimeout: options.defaultTimeout
+	});
+}
+//#endregion
+//#region src/ActionRuntime/Transport/SecureSession/exchangeAcceptor.ts
+const textEncoder = new TextEncoder();
+const textDecoder = new TextDecoder();
+/**
+* Acceptor (accept-in) side of the secure exchange protocol — the HTTP counterpart to
+* {@link AcceptorSecureSession}. Each POST body is one {@link decodeExchangeRequest} envelope; the
+* acceptor drives the server handshake over the two `hs` POSTs (correlated by `hsid`, since stateless
+* requests can't rely on channel ordering), mints a session **token** on accept, and on every later `act`
+* POST resolves the session by token, decrypts the body (at `encrypted`), routes it through the runtime,
+* and returns the (encrypted) result inline as the reply.
+*
+* Sessions and in-flight handshakes are held in memory — fine for a single-instance server. (Surviving a
+* Durable-Object eviction would persist each token's `keyMaterial` and re-derive the key on a miss, the
+* same primitive `AcceptorSecureSession.rehydrate` uses; left as a follow-up.)
+*/
+var ExchangeAcceptor = class {
+	_security;
+	_runtime;
+	_allowedLevels;
+	_noneAllowed;
+	_pendingHandshakes = /* @__PURE__ */ new Map();
+	_sessions = /* @__PURE__ */ new Map();
+	constructor(config) {
+		this._security = config.security;
+		this._runtime = config.runtime;
+		this._allowedLevels = Array.isArray(config.security.securityLevel) ? config.security.securityLevel : [config.security.securityLevel];
+		this._noneAllowed = this._allowedLevels.includes("none");
+	}
+	/** Process one POST body (an exchange envelope), returning the reply body to send back. */
+	async handlePost(body) {
+		const request = decodeExchangeRequest(body);
+		if (request == null) return this._err("malformed exchange request");
+		if (request.k === "hs") return encodeExchange(await this._handleHandshake(request));
+		return encodeExchange(await this._handleAction(request));
+	}
+	async _handleHandshake(request) {
+		const message = decodeHandshakeMessage(request.m);
+		if (message == null) return {
+			k: "err",
+			message: "malformed handshake message"
+		};
+		const security = this._security;
+		await security.link.initialize();
+		let handshake = this._pendingHandshakes.get(request.hsid);
+		if (handshake == null) {
+			handshake = createServerHandshake({
+				link: security.link,
+				localCoordinate: security.localCoordinate,
+				dictionaryVersion: security.dictionaryVersion,
+				securityLevel: security.securityLevel,
+				verifyKeyResolver: security.verifyKeyResolver
+			});
+			this._pendingHandshakes.set(request.hsid, handshake);
+		}
+		if (message.t === "hello") return {
+			k: "hs",
+			m: encodeHandshakeMessage(await handshake.onHello(message))
+		};
+		if (message.t === "prove") {
+			const reply = await handshake.onProve(message);
+			this._pendingHandshakes.delete(request.hsid);
+			const result = handshake.getResult();
+			if (reply.t === "accept" && result != null) {
+				const token = (0, nanoid.nanoid)();
+				this._sessions.set(token, {
+					client: new RuntimeCoordinate(result.remote),
+					securityLevel: result.securityLevel,
+					crypto: result.securityLevel === "encrypted" ? createActionFrameCrypto({
+						link: security.link,
+						linkedClientId: result.linkedClientId
+					}) : void 0
+				});
+				return {
+					k: "hs",
+					m: encodeHandshakeMessage(reply),
+					t: token
+				};
+			}
+			return {
+				k: "hs",
+				m: encodeHandshakeMessage(reply)
+			};
+		}
+		return {
+			k: "err",
+			message: `unexpected handshake message ${message.t}`
+		};
+	}
+	async _handleAction(request) {
+		let session;
+		let candidate;
+		if (request.t != null) {
+			session = this._sessions.get(request.t);
+			if (session == null) return {
+				k: "err",
+				message: "unknown or expired session token"
+			};
+			if ("c" in request) {
+				if (session.crypto == null) return {
+					k: "err",
+					message: "session is not encrypted"
+				};
+				const plain = await session.crypto.decryptFrame(base64ToBytes(request.c));
+				candidate = JSON.parse(textDecoder.decode(plain));
+			} else candidate = request.w;
+		} else {
+			if (!this._noneAllowed || "c" in request) return {
+				k: "err",
+				message: "missing session token"
+			};
+			candidate = request.w;
+		}
+		if (!isActionPayload_Any_JsonObject(candidate)) return {
+			k: "err",
+			message: "malformed action wire"
+		};
+		const wire = candidate;
+		if (session != null && wire.type === "request") wire.context.originClient = session.client.toJsonObject();
+		const resultWire = (await (await this._runtime.handleActionPayloadWire(wire)).waitForResultPayload()).toJsonObject();
+		if (session?.crypto != null) return {
+			k: "act",
+			c: bytesToBase64(await session.crypto.encryptFrame(textEncoder.encode(JSON.stringify(resultWire))))
+		};
+		return {
+			k: "act",
+			w: resultWire
+		};
+	}
+	_err(message) {
+		return encodeExchange({
+			k: "err",
+			message
+		});
+	}
+};
+//#endregion
+//#region src/ActionRuntime/Handler/PeerLink/Acceptor/createActionFetchHandler.ts
+/** Permissive defaults — fine for a public action endpoint; override (or disable) via `cors`. */
+const DEFAULT_CORS_HEADERS = {
+	"Access-Control-Allow-Origin": "*",
+	"Access-Control-Allow-Methods": "GET, POST, OPTIONS",
+	"Access-Control-Allow-Headers": "Content-Type",
+	"Access-Control-Max-Age": "86400"
+};
+/**
+* Build the `fetch` handler a server/Durable-Object exposes for action traffic, folding in the
+* boilerplate every endpoint repeats: CORS (incl. the `OPTIONS` preflight), routing the `/action`
+* `POST` body through the runtime (`handleActionPayloadWire` → `waitForResultPayload` →
+* `toHttpResponse`), an optional WebSocket-upgrade hook, and a `404` fallback.
+*
+* It only touches web-standard `Request`/`Response`, so it stays transport-agnostic — the one
+* environment-specific bit (the WS upgrade) is injected via {@link IActionFetchHandlerOptions.onWebSocketUpgrade}:
+* ```ts
+* this.fetchHandler = createActionFetchHandler(this.runtime, {
+*   onWebSocketUpgrade: () => {
+*     const pair = new WebSocketPair();
+*     this.ctx.acceptWebSocket(pair[1]);
+*     return new Response(null, { status: 101, webSocket: pair[0] });
+*   },
+* });
+* // async fetch(request) { return this.fetchHandler(request); }
+* ```
+*/
+function createActionFetchHandler(runtime, options = {}) {
+	const corsHeaders = options.cors === false ? {} : options.cors ?? DEFAULT_CORS_HEADERS;
+	const isActionPath = options.isActionPath ?? ((url) => url.pathname.endsWith("/action"));
+	const isWebSocketPath = options.isWebSocketPath ?? ((url) => url.pathname.endsWith("/ws"));
+	const exchangeAcceptor = options.security != null ? new ExchangeAcceptor({
+		runtime,
+		security: options.security
+	}) : void 0;
+	const withCors = (response) => {
+		if (options.cors === false) return response;
+		const headers = new Headers(response.headers);
+		for (const [key, value] of Object.entries(corsHeaders)) headers.set(key, value);
+		return new Response(response.body, {
+			status: response.status,
+			headers
+		});
+	};
+	return async (request) => {
+		if (request.method === "OPTIONS") return withCors(new Response(null, { status: 204 }));
+		const url = new URL(request.url);
+		const isWebSocketUpgrade = options.isWebSocketUpgrade ?? ((req, u) => req.headers.get("Upgrade") === "websocket" && isWebSocketPath(u));
+		if (options.onWebSocketUpgrade != null && isWebSocketUpgrade(request, url)) return options.onWebSocketUpgrade(request, url);
+		if (request.method === "POST" && isActionPath(url)) {
+			if (exchangeAcceptor != null) {
+				const reply = await exchangeAcceptor.handlePost(await request.text());
+				return withCors(new Response(reply, {
+					status: 200,
+					headers: { "Content-Type": "application/json" }
+				}));
+			}
+			return withCors((await (await runtime.handleActionPayloadWire(await request.json())).waitForResultPayload()).toHttpResponse({ useErrorStatus: options.useErrorStatus }));
+		}
+		return withCors(new Response("Not found", { status: 404 }));
+	};
+}
+//#endregion
+//#region src/ActionRuntime/Handler/PeerLink/Acceptor/Hibernation/ConnectionStateStore.ts
+/**
+* A typed per-connection state store that co-owns the app state and the acceptor handler's routing
+* binding in one attachment, so neither the consumer nor the handler has to hand-merge the two. Create
+* it through {@link createConnectionStateStore} (which also wires binding persistence and replays
+* surviving connections after a wake), then `get`/`set`/`clearApp` the app state directly.
+*
+* The mechanism is carrier-neutral — it only needs read/write/enumerate callbacks for the connection's
+* attachment — but it pays off on transports whose connections outlive process eviction (e.g. a
+* Durable Object's hibernatable WebSockets), which is why it lives beside the hibernation adapter.
+*
+* ```ts
+* const players = createConnectionStateStore(serverHandler, {
+*   schema: vs_player,
+*   read: (ws) => ws.deserializeAttachment(),
+*   write: (ws, v) => ws.serializeAttachment(v),
+*   getConnections: () => ctx.getWebSockets(),
+* });
+* players.set(ws, player); // binding is preserved automatically
+* const player = players.get(ws);
+* ```
+*/
+var ConnectionStateStore = class {
+	options;
+	constructor(options) {
+		this.options = options;
+	}
+	/** The validated app state for a connection, or `null` if unset / invalid. */
+	get(connection) {
+		return this._readAttachment(connection).app ?? null;
+	}
+	/** Set the app state, preserving the runtime binding already pinned to the connection. */
+	set(connection, app) {
+		const existing = this._readAttachment(connection);
+		this.options.write(connection, {
+			app,
+			binding: existing.binding
+		});
+	}
+	/** Clear the app state but keep the binding (e.g. a spectator that stopped watching). */
+	clearApp(connection) {
+		const existing = this._readAttachment(connection);
+		this.options.write(connection, { binding: existing.binding });
+	}
+	/** Every live connection paired with its (validated) app state — for rebuilding in-memory state after a wake. */
+	entries() {
+		return this.options.getConnections().map((connection) => [connection, this._readAttachment(connection).app ?? null]);
+	}
+	/** @internal Persist a freshly-bound connection's binding, preserving any app state already stored. */
+	_persistBinding(connection, binding) {
+		const existing = this._readAttachment(connection);
+		this.options.write(connection, {
+			app: existing.app,
+			binding
+		});
+	}
+	/** @internal The persisted binding for a connection, if any (used to replay routing after a wake). */
+	_readBinding(connection) {
+		return this._readAttachment(connection).binding;
+	}
+	_readAttachment(connection) {
+		try {
+			const raw = this.options.read(connection);
+			if (typeof raw !== "object" || raw === null) return {};
+			const attachment = raw;
+			const result = {};
+			if (attachment.binding != null) result.binding = attachment.binding;
+			if (attachment.app !== void 0) {
+				const app = this._validateApp(attachment.app);
+				if (app !== void 0) result.app = app;
+			}
+			return result;
+		} catch {
+			return {};
+		}
+	}
+	_validateApp(value) {
+		const schema = this.options.schema;
+		if (schema == null) return value;
+		const result = schema["~standard"].validate(value);
+		if (result instanceof Promise) return void 0;
+		if (result.issues != null) return void 0;
+		return result.value;
+	}
+};
+/**
+* Build a per-connection {@link ConnectionStateStore} bound to an {@link AcceptorHandler}: it registers
+* itself as the handler's connection-bound persistence callback (so bindings are written without
+* overwriting app state) and immediately replays every live connection's stored binding via
+* {@link AcceptorHandler.rehydrateConnection} — so on a transport that resumes after eviction (e.g. a
+* Durable Object waking from hibernation) both the app identity and the action routing come back from a
+* single attachment, with no storage reads and no hand-rolled merge.
+*
+* Lives outside the handler so the generic {@link AcceptorHandler} stays free of any attachment/
+* hibernation concern — it exposes only the neutral `setOnConnectionBound` + `rehydrateConnection`
+* hooks this builder drives.
+*/
+function createConnectionStateStore(handler, options) {
+	const store = new ConnectionStateStore(options);
+	handler.setOnConnectionBound((connection, binding) => store._persistBinding(connection, binding));
+	for (const connection of options.getConnections()) {
+		const binding = store._readBinding(connection);
+		if (binding != null) handler.rehydrateConnection(connection, binding);
+	}
+	return store;
+}
+//#endregion
+//#region src/ActionRuntime/Handler/PeerLink/Acceptor/Hibernation/createHibernatableWsServerAdapter.ts
+/**
+* Wire the hibernation lifecycle for an acceptor handler on a transport whose connections outlive process
+* eviction (e.g. a Durable Object's hibernatable WebSockets). It owns persistence end to end:
+* registers `setAttachment` as the handler's connection-bound callback and immediately replays every
+* live connection's stored binding via `getAttachment`, so results/pushes still route after a wake.
+*
+* Layered on top of the generic {@link AcceptorHandler} — it touches only the handler's neutral
+* `setOnConnectionBound` / `rehydrateConnection` / `receive` / `dropConnection` surface, so no
+* hibernation concern leaks into the handler itself.
+*
+* Construct it once when the handler is built, then forward connection events:
+* ```ts
+* const duplex = createHibernatableWsServerAdapter({ handler, getConnections, getAttachment, setAttachment });
+* // webSocketMessage(ws, msg) => duplex.receive(ws, msg);
+* // webSocketClose/Error(ws)  => duplex.drop(ws);
+* ```
+*/
+function createHibernatableWsServerAdapter(options) {
+	const { handler, getConnections, getAttachment, setAttachment } = options;
+	handler.setOnConnectionBound(setAttachment);
+	for (const connection of getConnections()) {
+		const binding = getAttachment(connection);
+		if (binding != null) handler.rehydrateConnection(connection, binding);
+	}
+	return {
+		receive: (connection, frame) => handler.receive(connection, frame),
+		drop: (connection) => handler.dropConnection(connection)
+	};
+}
+//#endregion
+//#region src/ActionRuntime/Transport/Carrier/AcceptorCarrier.types.ts
+/**
+* Build the inert lifecycle slot a duplex carrier factory spreads into its handle: `receive`/`drop` throw
+* (or no-op) until `serveChannel` calls `_activate` with the carrier's live router. Shared by every duplex
+* carrier factory (`wsAcceptorCarrier`, a WebRTC carrier, the Cloudflare DO helper, …) so the
+* stateful-handle wiring lives in exactly one place.
+*/
+function createDuplexCarrierLifecycle() {
+	let router;
+	return {
+		receive(connection, frame) {
+			if (router == null) throw new Error("acceptor carrier not served yet — pass it to serveChannel() before feeding frames");
+			router.receive(connection, frame);
+		},
+		drop(connection) {
+			router?.drop(connection);
+		},
+		_activate(liveRouter) {
+			router = liveRouter;
+		}
+	};
+}
+/**
+* Narrow an acceptor carrier to the exchange shape via its `shape` discriminant — the one branch
+* `serveChannel` uses to pick the duplex (push-capable) vs exchange (request/reply) wiring. A duplex
+* carrier carries `shape: ETransportShape.duplex`, so the `else` branch is the duplex one.
+*/
+function isExchangeAcceptorCarrier(carrier) {
+	return carrier.shape === "exchange";
+}
+//#endregion
+//#region src/ActionRuntime/Channel/serveChannel.ts
+/** Default accepted set, shared by every carrier: negotiate per connection to whatever the client picks. */
+const DEFAULT_SERVER_SECURITY_LEVELS = [
+	"none",
+	"authenticated",
+	"encrypted"
+];
+function serveChannel(runtime, channel, options) {
+	const duplexCarriers = options.carriers.filter((carrier) => !isExchangeAcceptorCarrier(carrier));
+	const exchangeCarriers = options.carriers.filter(isExchangeAcceptorCarrier);
+	if (exchangeCarriers.length > 1) throw new Error("serveChannel: at most one exchange carrier is supported");
+	const exchangeCarrier = exchangeCarriers[0];
+	const singleDuplex = duplexCarriers.length === 1;
+	if (options.connectionState != null && !singleDuplex) throw new Error("serveChannel: `connectionState` requires exactly one duplex carrier");
+	if (options.channelCases != null && !singleDuplex) throw new Error("serveChannel: `channelCases` requires exactly one duplex carrier");
+	const exchangeSecure = exchangeCarrier != null && (exchangeCarrier.secure ?? true);
+	const anyDuplexSecure = duplexCarriers.some((carrier) => carrier.secure ?? true);
+	const securityLevel = options.securityLevel ?? DEFAULT_SERVER_SECURITY_LEVELS;
+	let secure;
+	if (anyDuplexSecure || exchangeSecure) {
+		const storage = options.storage;
+		if (storage == null) throw new Error("serveChannel: a secure carrier requires `storage`. Pass it, or set `secure: false` on the carrier for a plain endpoint.");
+		secure = {
+			storage,
+			link: options.link ?? new _nice_code_util.ClientCryptoKeyLink({ storageAdapter: storage }),
+			verifyKeyResolver: options.verifyKeyResolver ?? createStorageTofuVerifyKeyResolver(storage)
+		};
+	}
+	const plainRouter = (handler) => ({
+		receive: (connection, frame) => handler.receive(connection, frame),
+		drop: (connection) => handler.dropConnection(connection)
+	});
+	const asObject = (value) => typeof value === "object" && value != null ? value : {};
+	const handlers = [];
+	let connections;
+	for (const carrier of duplexCarriers) {
+		const handler = (carrier.secure ?? true) && secure != null ? acceptChannel(runtime, channel, {
+			clientEnv: options.clientEnv,
+			storageAdapter: secure.storage,
+			link: secure.link,
+			verifyKeyResolver: secure.verifyKeyResolver,
+			securityLevel,
+			send: carrier.send,
+			defaultTimeout: options.defaultTimeout
+		}) : createAcceptorHandler({
+			clientEnv: options.clientEnv,
+			createFormatMessage: channel.createCodec,
+			send: carrier.send,
+			runtime,
+			defaultTimeout: options.defaultTimeout
+		});
+		const attach = carrier.attachmentStore;
+		let router;
+		if (attach == null) router = plainRouter(handler);
+		else if (options.connectionState != null) {
+			connections = createConnectionStateStore(handler, {
+				schema: options.connectionState.schema,
+				getConnections: attach.getConnections,
+				read: attach.read,
+				write: attach.write
+			});
+			router = plainRouter(handler);
+		} else router = createHibernatableWsServerAdapter({
+			handler,
+			getConnections: attach.getConnections,
+			getAttachment: (connection) => attach.read(connection)?.binding,
+			setAttachment: (connection, binding) => attach.write(connection, {
+				...asObject(attach.read(connection)),
+				binding
+			})
+		});
+		carrier._activate(router);
+		handlers.push(handler);
+	}
+	runtime.addHandlers([...options.handlers ?? [], ...handlers]);
+	const soleDuplex = singleDuplex ? duplexCarriers[0] : void 0;
+	const receive = (connection, frame) => {
+		if (soleDuplex == null) throw new Error(duplexCarriers.length === 0 ? "serveChannel: no duplex carrier to receive on (this server has no socket transport)" : "serveChannel: several duplex carriers — feed each carrier handle's receive() directly");
+		soleDuplex.receive(connection, frame);
+	};
+	const drop = (connection) => {
+		soleDuplex?.drop(connection);
+	};
+	const pushToClient = (target, request, pushOptions) => {
+		const owner = target instanceof RuntimeCoordinate ? handlers.find((handler) => handler.ownsLiveConnectionFor(target)) : handlers.find((handler) => handler.hasConnection(target));
+		if (owner == null) throw new Error("serveChannel: no duplex carrier holds a connection for the push target");
+		return owner.pushToClient(runtime, target, request, pushOptions);
+	};
+	const broadcast = (makeRequest, broadcastOptions) => {
+		if (!singleDuplex) throw new Error("serveChannel: broadcast requires exactly one duplex carrier — broadcast over a specific handlers[i] instead");
+		handlers[0].broadcast(makeRequest, {
+			runtime,
+			...broadcastOptions
+		});
+	};
+	const makeConnectionContext = (connection, request) => ({
+		connection: connection ?? null,
+		origin: request.context.originClient,
+		get state() {
+			return connection != null && connections != null ? connections.get(connection) : null;
+		},
+		setState(value) {
+			if (connection != null && connections != null) connections.set(connection, value);
+		},
+		clearState() {
+			if (connection != null && connections != null) connections.clearApp(connection);
+		},
+		broadcast(makeRequest, contextOptions) {
+			broadcast(makeRequest, {
+				except: contextOptions?.exceptSelf ? connection ?? null : null,
+				where: contextOptions?.where,
+				timeout: contextOptions?.timeout,
+				onError: contextOptions?.onError
+			});
+		},
+		pushBack(pushRequest, pushOptions) {
+			if (connection == null) throw new Error("serveChannel: connection context has no live socket to push back to (HTTP-exchange path)");
+			return pushToClient(connection, pushRequest, pushOptions);
+		}
+	});
+	if (options.channelCases != null) runtime.addHandlers([handlers[0].forConnectionDomainCasesMulti(channel.toAcceptorDomains, options.channelCases, makeConnectionContext)]);
+	const exchangeSecurity = exchangeSecure && secure != null ? {
+		link: secure.link,
+		verifyKeyResolver: secure.verifyKeyResolver,
+		localCoordinate: runtime.coordinate.toJsonObject(),
+		dictionaryVersion: channel.dictionaryVersion,
+		securityLevel
+	} : void 0;
+	const defaultIsUpgrade = (request) => request.headers.get("Upgrade") === "websocket";
+	const upgraders = [];
+	for (const carrier of duplexCarriers) {
+		if (carrier.upgrade == null) continue;
+		upgraders.push({
+			isUpgrade: carrier.isUpgrade ?? defaultIsUpgrade,
+			upgrade: carrier.upgrade
+		});
+	}
+	return {
+		handlers,
+		fetch: createActionFetchHandler(runtime, {
+			cors: exchangeCarrier?.cors,
+			onWebSocketUpgrade: upgraders.length === 0 ? void 0 : (request, url) => (upgraders.find((u) => u.isUpgrade(request, url)) ?? upgraders[0]).upgrade(request, url),
+			isWebSocketUpgrade: upgraders.length === 0 ? void 0 : (request, url) => upgraders.some((u) => u.isUpgrade(request, url)),
+			isActionPath: exchangeCarrier != null ? exchangeCarrier.isActionPath ?? (() => true) : () => false,
+			security: exchangeSecurity,
+			useErrorStatus: exchangeCarrier?.useErrorStatus
+		}),
+		receive,
+		drop,
+		pushToClient,
+		broadcast,
+		connections
+	};
+}
+//#endregion
+//#region src/ActionRuntime/Channel/serveHost.ts
+function serveHost(runtime, channel, host, options) {
+	const server = serveChannel(runtime, channel, {
+		...options,
+		carriers: host.carriers,
+		storage: host.storage
+	});
+	host.onServed?.(server);
+	return server;
+}
+//#endregion
+//#region src/ActionRuntime/Transport/Carrier/duplex/ws/wsAcceptorCarrier.ts
+/**
+* A WebSocket {@link IDuplexAcceptorCarrier}: the accept-in dual of {@link wsCarrier}. It describes how to
+* write frames back to a live socket, how to upgrade an inbound request into one, and (optionally) how to
+* persist bindings across hibernation. Hand it to `serveChannel`'s `carriers` list — the secure session,
+* codec, and crypto identity are supplied centrally there, so this only carries the WS-specific surface.
+*/
+function wsAcceptorCarrier(options) {
+	return {
+		...createDuplexCarrierLifecycle(),
+		shape: "duplex",
+		carrierLabel: options.carrierLabel ?? "ws",
+		secure: options.secure,
+		send: options.send,
+		upgrade: options.upgrade,
+		isUpgrade: options.isUpgrade ?? ((request) => request.headers.get("Upgrade") === "websocket"),
+		attachmentStore: options.attachmentStore
+	};
+}
+//#endregion
+//#region src/ActionRuntime/Transport/Carrier/exchange/http/httpAcceptorCarrier.ts
+/**
+* An HTTP {@link IExchangeAcceptorCarrier}: the accept-in dual of {@link httpCarrier}. It serves the
+* secure exchange protocol (handshake → token session → encrypted frames) over web-standard
+* `Request`/`Response`. The crypto identity, runtime coordinate, dictionary version, and accepted security
+* levels are all supplied centrally by `serveChannel`, so this only needs to say which requests carry an
+* action envelope and how to answer CORS.
+*/
+function httpAcceptorCarrier(options = {}) {
+	return {
+		shape: "exchange",
+		carrierLabel: options.carrierLabel ?? "http",
+		secure: options.secure,
+		isActionPath: options.isActionPath,
+		cors: options.cors,
+		useErrorStatus: options.useErrorStatus
+	};
+}
+//#endregion
+Object.defineProperty(exports, "AcceptorHandler", {
+	enumerable: true,
+	get: function() {
+		return AcceptorHandler;
+	}
+});
+Object.defineProperty(exports, "ActionBase", {
+	enumerable: true,
+	get: function() {
+		return ActionBase;
+	}
+});
+Object.defineProperty(exports, "ActionLocalHandler", {
+	enumerable: true,
+	get: function() {
+		return ActionLocalHandler;
+	}
+});
+Object.defineProperty(exports, "ActionPayload", {
+	enumerable: true,
+	get: function() {
+		return ActionPayload;
+	}
+});
+Object.defineProperty(exports, "ActionPayload_Request", {
+	enumerable: true,
+	get: function() {
+		return ActionPayload_Request;
+	}
+});
+Object.defineProperty(exports, "ActionPayload_Result", {
+	enumerable: true,
+	get: function() {
+		return ActionPayload_Result;
+	}
+});
+Object.defineProperty(exports, "ActionRuntime", {
+	enumerable: true,
+	get: function() {
+		return ActionRuntime;
+	}
+});
+Object.defineProperty(exports, "ActionSchema", {
+	enumerable: true,
+	get: function() {
+		return ActionSchema;
+	}
+});
+Object.defineProperty(exports, "ConnectionStateStore", {
+	enumerable: true,
+	get: function() {
+		return ConnectionStateStore;
+	}
+});
+Object.defineProperty(exports, "ConnectorHandler", {
+	enumerable: true,
+	get: function() {
+		return ConnectorHandler;
+	}
+});
+Object.defineProperty(exports, "EActionPayloadType", {
+	enumerable: true,
+	get: function() {
+		return EActionPayloadType;
+	}
+});
+Object.defineProperty(exports, "EActionProgressType", {
+	enumerable: true,
+	get: function() {
+		return EActionProgressType;
+	}
+});
+Object.defineProperty(exports, "EActionResponseMode", {
+	enumerable: true,
+	get: function() {
+		return EActionResponseMode;
+	}
+});
+Object.defineProperty(exports, "EErrId_NiceAction", {
+	enumerable: true,
+	get: function() {
+		return EErrId_NiceAction;
+	}
+});
+Object.defineProperty(exports, "EErrId_NiceTransport", {
+	enumerable: true,
+	get: function() {
+		return EErrId_NiceTransport;
+	}
+});
+Object.defineProperty(exports, "EHandshakeMessageType", {
+	enumerable: true,
+	get: function() {
+		return EHandshakeMessageType;
+	}
+});
+Object.defineProperty(exports, "ESecurityLevel", {
+	enumerable: true,
+	get: function() {
+		return ESecurityLevel;
+	}
+});
+Object.defineProperty(exports, "ETransportShape", {
+	enumerable: true,
+	get: function() {
+		return ETransportShape;
+	}
+});
+Object.defineProperty(exports, "ETransportStatus", {
+	enumerable: true,
+	get: function() {
+		return ETransportStatus;
+	}
+});
+Object.defineProperty(exports, "ExchangeAcceptor", {
+	enumerable: true,
+	get: function() {
+		return ExchangeAcceptor;
+	}
+});
+Object.defineProperty(exports, "ExchangeTransport", {
+	enumerable: true,
+	get: function() {
+		return ExchangeTransport;
+	}
+});
+Object.defineProperty(exports, "LinkTransport", {
+	enumerable: true,
+	get: function() {
+		return LinkTransport;
+	}
+});
+Object.defineProperty(exports, "PeerLinkHandler", {
+	enumerable: true,
+	get: function() {
+		return PeerLinkHandler;
+	}
+});
+Object.defineProperty(exports, "RunningAction", {
+	enumerable: true,
+	get: function() {
+		return RunningAction;
+	}
+});
+Object.defineProperty(exports, "RuntimeCoordinate", {
+	enumerable: true,
+	get: function() {
+		return RuntimeCoordinate;
+	}
+});
+Object.defineProperty(exports, "Transport", {
+	enumerable: true,
+	get: function() {
+		return Transport;
+	}
+});
+Object.defineProperty(exports, "UNSET_RUNTIME_ENV_ID", {
+	enumerable: true,
+	get: function() {
+		return UNSET_RUNTIME_ENV_ID;
+	}
+});
+Object.defineProperty(exports, "acceptChannel", {
+	enumerable: true,
+	get: function() {
+		return acceptChannel;
+	}
+});
+Object.defineProperty(exports, "acceptChannelConnections", {
+	enumerable: true,
+	get: function() {
+		return acceptChannelConnections;
+	}
+});
+Object.defineProperty(exports, "actionSchema", {
+	enumerable: true,
+	get: function() {
+		return actionSchema;
+	}
+});
+Object.defineProperty(exports, "connectChannel", {
+	enumerable: true,
+	get: function() {
+		return connectChannel;
+	}
+});
+Object.defineProperty(exports, "createAcceptorHandler", {
+	enumerable: true,
+	get: function() {
+		return createAcceptorHandler;
+	}
+});
+Object.defineProperty(exports, "createActionFetchHandler", {
+	enumerable: true,
+	get: function() {
+		return createActionFetchHandler;
+	}
+});
+Object.defineProperty(exports, "createActionFrameCrypto", {
+	enumerable: true,
+	get: function() {
+		return createActionFrameCrypto;
+	}
+});
+Object.defineProperty(exports, "createClientHandshake", {
+	enumerable: true,
+	get: function() {
+		return createClientHandshake;
+	}
+});
+Object.defineProperty(exports, "createConnectionStateStore", {
+	enumerable: true,
+	get: function() {
+		return createConnectionStateStore;
+	}
+});
+Object.defineProperty(exports, "createConnectorHandler", {
+	enumerable: true,
+	get: function() {
+		return createConnectorHandler;
+	}
+});
+Object.defineProperty(exports, "createHibernatableWsServerAdapter", {
+	enumerable: true,
+	get: function() {
+		return createHibernatableWsServerAdapter;
+	}
+});
+Object.defineProperty(exports, "createInMemoryTofuVerifyKeyResolver", {
+	enumerable: true,
+	get: function() {
+		return createInMemoryTofuVerifyKeyResolver;
+	}
+});
+Object.defineProperty(exports, "createLocalHandler", {
+	enumerable: true,
+	get: function() {
+		return createLocalHandler;
+	}
+});
+Object.defineProperty(exports, "createSecureAcceptorHandler", {
+	enumerable: true,
+	get: function() {
+		return createSecureAcceptorHandler;
+	}
+});
+Object.defineProperty(exports, "createServerHandshake", {
+	enumerable: true,
+	get: function() {
+		return createServerHandshake;
+	}
+});
+Object.defineProperty(exports, "createStorageTofuVerifyKeyResolver", {
+	enumerable: true,
+	get: function() {
+		return createStorageTofuVerifyKeyResolver;
+	}
+});
+Object.defineProperty(exports, "decodeActionFrame", {
+	enumerable: true,
+	get: function() {
+		return decodeActionFrame;
+	}
+});
+Object.defineProperty(exports, "decodeExchangeReply", {
+	enumerable: true,
+	get: function() {
+		return decodeExchangeReply;
+	}
+});
+Object.defineProperty(exports, "decodeExchangeRequest", {
+	enumerable: true,
+	get: function() {
+		return decodeExchangeRequest;
+	}
+});
+Object.defineProperty(exports, "decodeHandshakeMessage", {
+	enumerable: true,
+	get: function() {
+		return decodeHandshakeMessage;
+	}
+});
+Object.defineProperty(exports, "defineChannel", {
+	enumerable: true,
+	get: function() {
+		return defineChannel;
+	}
+});
+Object.defineProperty(exports, "encodeExchange", {
+	enumerable: true,
+	get: function() {
+		return encodeExchange;
+	}
+});
+Object.defineProperty(exports, "encodeHandshakeMessage", {
+	enumerable: true,
+	get: function() {
+		return encodeHandshakeMessage;
+	}
+});
+Object.defineProperty(exports, "err_nice_action", {
+	enumerable: true,
+	get: function() {
+		return err_nice_action;
+	}
+});
+Object.defineProperty(exports, "err_nice_external_client", {
+	enumerable: true,
+	get: function() {
+		return err_nice_external_client;
+	}
+});
+Object.defineProperty(exports, "err_nice_transport", {
+	enumerable: true,
+	get: function() {
+		return err_nice_transport;
+	}
+});
+Object.defineProperty(exports, "httpAcceptorCarrier", {
+	enumerable: true,
+	get: function() {
+		return httpAcceptorCarrier;
+	}
+});
+Object.defineProperty(exports, "isActionPayload_Any_JsonObject", {
+	enumerable: true,
+	get: function() {
+		return isActionPayload_Any_JsonObject;
+	}
+});
+Object.defineProperty(exports, "isActionPayload_Request_JsonObject", {
+	enumerable: true,
+	get: function() {
+		return isActionPayload_Request_JsonObject;
+	}
+});
+Object.defineProperty(exports, "isActionPayload_Result_JsonObject", {
+	enumerable: true,
+	get: function() {
+		return isActionPayload_Result_JsonObject;
+	}
+});
+Object.defineProperty(exports, "isAction_Base_JsonObject", {
+	enumerable: true,
+	get: function() {
+		return isAction_Base_JsonObject;
+	}
+});
+Object.defineProperty(exports, "isExchangeAcceptorCarrier", {
+	enumerable: true,
+	get: function() {
+		return isExchangeAcceptorCarrier;
+	}
+});
+Object.defineProperty(exports, "runtimeCoordinateToStringIds", {
+	enumerable: true,
+	get: function() {
+		return runtimeCoordinateToStringIds;
+	}
+});
+Object.defineProperty(exports, "runtimeLinkId", {
+	enumerable: true,
+	get: function() {
+		return runtimeLinkId;
+	}
+});
+Object.defineProperty(exports, "serveChannel", {
+	enumerable: true,
+	get: function() {
+		return serveChannel;
+	}
+});
+Object.defineProperty(exports, "serveHost", {
+	enumerable: true,
+	get: function() {
+		return serveHost;
+	}
+});
+Object.defineProperty(exports, "wsAcceptorCarrier", {
+	enumerable: true,
+	get: function() {
+		return wsAcceptorCarrier;
+	}
+});
+
+//# sourceMappingURL=httpAcceptorCarrier-hYPuoNuP.cjs.map