@nice-code/action 0.23.0 → 0.25.0

package/build/{httpAcceptorCarrier-DJVxzDVd.mjs → createHibernatableWsServerAdapter-BkjESd01.mjs}

@@ -1403,11 +1403,13 @@ var ActionRuntime = class {
 	* Used to locate the return-path channel for dispatching results back to the action origin.
 	* Returns `undefined` if no handler matches (score > 0 required, i.e. at least id must match).
 	*
-	* A handler that currently holds the origin's *live* connection always wins over a mere coordinate
-	* match — so with several duplex acceptors (e.g. WS + WebRTC) a result/push routes back over the carrier
-	* the client actually connected on, never a same-coordinate sibling that lacks the socket. Only when no
-	* handler owns a live connection do we fall back to the plain best-coordinate-score pick (the
-	* single-acceptor and connector-only cases, unchanged).
+	* A handler that currently holds the origin's *live* connection always wins, regardless of its
+	* coordinate score — owning the live socket bound to the origin's exact coordinate (set from the
+	* handshake) is a strictly more precise match than any env-level `peerClient` score. This lets one
+	* server accept clients of *several* envs over a single acceptor (a multi-role Durable Object): the
+	* result/push routes back over the carrier the client actually connected on even when the handler's
+	* `clientEnv` is unset or names a different env. Only when no handler owns a live connection do we fall
+	* back to the plain best-coordinate-score pick (the offline-return and connector-only cases).
 	*/
 	getReturnHandlerForOrigin(originClient) {
 		if (originClient.envId === "_unset_") return void 0;
@@ -1422,12 +1424,12 @@ var ActionRuntime = class {
 				bestScore = score;
 				bestHandler = handler;
 			}
-			if (score > bestOwnedScore && handler.ownsLiveConnectionFor(originClient)) {
+			if (handler.ownsLiveConnectionFor(originClient) && score > bestOwnedScore) {
 				bestOwnedScore = score;
 				bestOwnedHandler = handler;
 			}
 		}
-		if (bestOwnedHandler != null && bestOwnedScore > 0) return bestOwnedHandler;
+		if (bestOwnedHandler != null) return bestOwnedHandler;
 		return bestScore > 0 ? bestHandler : void 0;
 	}
 	resetRuntime() {
@@ -2170,7 +2172,7 @@ var AcceptorHandler = class extends PeerLinkHandler {
 	_codecByConn = /* @__PURE__ */ new Map();
 	_sessionByConn = /* @__PURE__ */ new Map();
 	constructor(options) {
-		super(options.clientEnv);
+		super(options.clientEnv ?? RuntimeCoordinate.unknown);
 		this._formatMessage = options.formatMessage;
 		this._createFormatMessage = options.createFormatMessage;
 		this._send = options.send;
@@ -2498,7 +2500,7 @@ const createAcceptorHandler = (options) => {
 //#endregion
 //#region src/ActionRuntime/Handler/PeerLink/Acceptor/createSecureActionServer.ts
 /** Default accepted set: negotiate per connection to whatever the client picks. */
-const DEFAULT_SERVER_SECURITY_LEVELS$1 = [
+const DEFAULT_SERVER_SECURITY_LEVELS = [
 	"none",
 	"authenticated",
 	"encrypted"
@@ -2506,14 +2508,14 @@ const DEFAULT_SERVER_SECURITY_LEVELS$1 = [
 /**
 * Build an {@link AcceptorHandler} for the secure binary channel with the boilerplate folded in:
 * it creates the {@link ClientCryptoKeyLink} and the storage-backed TOFU resolver from a single
-* `storageAdapter`, installs the channel's per-connection codec, and assembles the `security` block
+* `storage`, installs the channel's per-connection codec, and assembles the `security` block
 * from the runtime coordinate + channel version (accepting all three levels by default).
 *
 * For a hibernatable transport (e.g. a Durable Object), pair it with
 * {@link createHibernatableWsServerAdapter} to wire persistence + replay.
 */
 function createSecureAcceptorHandler(options) {
-	const link = options.link ?? new ClientCryptoKeyLink({ storageAdapter: options.storageAdapter });
+	const link = options.link ?? new ClientCryptoKeyLink({ storageAdapter: options.storage });
 	return new AcceptorHandler({
 		clientEnv: options.clientEnv,
 		createFormatMessage: options.channel.createCodec,
@@ -2521,30 +2523,247 @@ function createSecureAcceptorHandler(options) {
 		runtime: options.runtime,
 		defaultTimeout: options.defaultTimeout,
 		security: {
-			securityLevel: options.securityLevel ?? DEFAULT_SERVER_SECURITY_LEVELS$1,
+			securityLevel: options.securityLevel ?? DEFAULT_SERVER_SECURITY_LEVELS,
 			link,
 			localCoordinate: options.runtime.coordinate.toJsonObject(),
 			dictionaryVersion: options.channel.dictionaryVersion,
-			verifyKeyResolver: options.verifyKeyResolver ?? createStorageTofuVerifyKeyResolver(options.storageAdapter)
+			verifyKeyResolver: options.verifyKeyResolver ?? createStorageTofuVerifyKeyResolver(options.storage)
 		}
 	});
 }
 //#endregion
-//#region src/ActionRuntime/Transport/Carrier/Carrier.types.ts
+//#region src/ActionRuntime/Transport/codec/actionWireCodec.ts
+/**
+* Tiny integer codes for the payload type, so the verbose `"request"`/`"result"`/`"progress"`
+* strings never hit the wire. The index in {@link ReversePayloadType} must line up with the value.
+*/
+const PayloadTypeToInt = {
+	["request"]: 0,
+	["result"]: 1,
+	["progress"]: 2
+};
+const ReversePayloadType = [
+	"request",
+	"result",
+	"progress"
+];
+/**
+* Build the positional `domain:id` ↔ integer dictionary. Both ends of a channel MUST build it from
+* the same domains in the same order — the mapping is positional, so a mismatch routes to the wrong
+* action. Add new transported domains to the end of the list.
+*/
+function buildActionRouteDictionary(domains) {
+	const routeToInt = /* @__PURE__ */ new Map();
+	const intToRoute = [];
+	for (const dom of domains) for (const actionId of Object.keys(dom.actionSchema)) {
+		const routeKey = `${dom.domain}:${actionId}`;
+		if (routeToInt.has(routeKey)) continue;
+		routeToInt.set(routeKey, intToRoute.length);
+		intToRoute.push({
+			domain: dom.domain,
+			id: actionId,
+			allDomains: dom.allDomains
+		});
+	}
+	return {
+		routeToInt,
+		intToRoute
+	};
+}
+/** Pull the type-specific payload (`input` / `result` / `progress`) out of a wire JSON object. */
+function extractWirePayload(json) {
+	if (json.type === "request") return json.input;
+	if (json.type === "result") return json.result;
+	if (json.type === "progress") return json.progress;
+}
 /**
-* Narrow a carrier source to the exchange shape via its `shape` discriminant — the one branch the
-* transport factories ({@link secureTransport}, {@link plainTransport}) use to pick the duplex vs
-* exchange transport. A duplex source carries no `shape`, so the `else` branch is the duplex one.
+* Reassemble a full wire JSON object from its decoded parts. `inputHash`/`outputHash` are emitted
+* empty — the hydration constructors recompute them — and the result still satisfies
+* `isActionPayload_Any_JsonObject` so it flows through validation like a JSON frame.
 */
-function isExchangeCarrierSource(carrier) {
-	return "shape" in carrier && carrier.shape === "exchange";
+function assembleWireJson(routeMeta, payloadType, time, context, payloadData) {
+	const base = {
+		form: "data",
+		domain: routeMeta.domain,
+		id: routeMeta.id,
+		allDomains: routeMeta.allDomains,
+		time,
+		context
+	};
+	if (payloadType === "request") return {
+		...base,
+		type: "request",
+		input: payloadData,
+		inputHash: ""
+	};
+	if (payloadType === "result") return {
+		...base,
+		type: "result",
+		result: payloadData,
+		outputHash: ""
+	};
+	return {
+		...base,
+		type: "progress",
+		progress: payloadData
+	};
+}
+//#endregion
+//#region src/ActionRuntime/Transport/codec/createBinaryWireSessionFactory.ts
+/**
+* Positional layout of the *session* binary envelope — the leanest frame. Compared to the stateless
+* adapter it replaces the 21-char `cuid` with a small per-connection integer and only carries
+* `originClient` on the very first request of each direction (the peer remembers it afterwards).
+*
+*   [ routeInt, typeInt, corrId, time, originClient?, payloadData ]
+*/
+const ENVELOPE = {
+	route: 0,
+	type: 1,
+	corr: 2,
+	time: 3,
+	originClient: 4,
+	payload: 5
+};
+const ENVELOPE_LENGTH = 6;
+/**
+* How long a pending correlation entry is kept before it's swept. A correlation only matters until its
+* action resolves or times out, so anything older than the longest realistic action timeout can be
+* dropped — this bounds memory when requests time out or a connection dies mid-flight (their replies
+* would never arrive, leaving the entry orphaned). Generous default so live correlations are never
+* pruned (the default transport timeout is 10s).
+*/
+const DEFAULT_CORRELATION_TTL_MS = 5 * 6e4;
+function isKnownIdentity(coordinate) {
+	return coordinate != null && coordinate.envId !== "_unset_";
+}
+/**
+* Drop entries older than `ttlMs`. Maps keep insertion order and entries are inserted in time order,
+* so the oldest are first — stop sweeping at the first live entry.
+*/
+function pruneExpired(map, now, ttlMs) {
+	for (const [key, entry] of map) {
+		if (now - entry.time <= ttlMs) break;
+		map.delete(key);
+	}
+}
+/**
+* Builds a factory of *stateful, per-connection* codecs for {@link LinkTransport} /
+* `AcceptorHandler` — the maximally compact binary wire. Call the returned factory once per live
+* connection (each socket on the client, each accepted connection on the server) so every channel
+* gets its own correlation + identity state.
+*
+* On top of everything {@link createBinaryWireAdapter} drops, a session also drops:
+* - **`cuid`** — replaced by a per-connection integer correlation id. The initiator maps it to its
+*   real cuid; the responder echoes it; each side reconstructs the cuid from its own map. Correlation
+*   only needs to be unique per socket, so a counter suffices.
+* - **`originClient` after the first request** — the first request each side sends carries its
+*   identity; the peer remembers it and injects it into later frames. Replies omit it entirely (a
+*   reply carries the initiator's own origin, which the initiator already knows).
+*
+* Both ends MUST build the factory from the same domains in the same order (positional dictionary).
+* Text frames still return `undefined` from `incoming`, so JSON clients remain interoperable.
+*
+* Hibernation note: after a server connection is evicted its session resets, so a still-connected
+* client (whose session persists) will keep omitting `originClient`. The server must therefore restore
+* the connection→client binding from its own store (see `AcceptorHandler.rehydrateConnection`) and
+* inject `originClient` from there — the session alone can't recover it.
+*/
+function createBinaryWireSessionFactory(domains, options) {
+	const { routeToInt, intToRoute } = buildActionRouteDictionary(domains);
+	const unknownIdentity = RuntimeCoordinate.unknown.toJsonObject();
+	const ttlMs = options?.correlationTtlMs ?? DEFAULT_CORRELATION_TTL_MS;
+	return () => {
+		let outCounter = 0;
+		const corrToCuid = /* @__PURE__ */ new Map();
+		const cuidToCorr = /* @__PURE__ */ new Map();
+		let selfIdentity;
+		let peerIdentity;
+		return {
+			outgoing: (input) => {
+				const json = input.action.toJsonObject();
+				const routeKey = `${json.domain}:${json.id}`;
+				const routeInt = routeToInt.get(routeKey);
+				if (routeInt == null) throw new Error(`[binary-wire] Cannot pack unregistered action route: ${routeKey}`);
+				const now = Date.now();
+				pruneExpired(corrToCuid, now, ttlMs);
+				pruneExpired(cuidToCorr, now, ttlMs);
+				let corr;
+				let wireIdentity;
+				if (json.type === "request") {
+					corr = outCounter++;
+					corrToCuid.set(corr, {
+						value: json.context.cuid,
+						time: now
+					});
+					if (selfIdentity == null && isKnownIdentity(json.context.originClient)) {
+						selfIdentity = json.context.originClient;
+						wireIdentity = json.context.originClient;
+					}
+				} else {
+					corr = cuidToCorr.get(json.context.cuid)?.value ?? -1;
+					if (json.type === "result") cuidToCorr.delete(json.context.cuid);
+				}
+				const envelope = new Array(ENVELOPE_LENGTH);
+				envelope[ENVELOPE.route] = routeInt;
+				envelope[ENVELOPE.type] = PayloadTypeToInt[json.type];
+				envelope[ENVELOPE.corr] = corr;
+				envelope[ENVELOPE.time] = json.time;
+				envelope[ENVELOPE.originClient] = wireIdentity;
+				envelope[ENVELOPE.payload] = extractWirePayload(json);
+				return pack(envelope);
+			},
+			incoming: (frame) => {
+				let buffer;
+				if (frame instanceof ArrayBuffer) buffer = new Uint8Array(frame);
+				else if (frame instanceof Uint8Array) buffer = frame;
+				else return;
+				try {
+					const envelope = unpack(buffer);
+					if (!Array.isArray(envelope) || envelope.length !== ENVELOPE_LENGTH) return void 0;
+					const routeMeta = intToRoute[envelope[ENVELOPE.route]];
+					const payloadType = ReversePayloadType[envelope[ENVELOPE.type]];
+					if (routeMeta == null || payloadType == null) return void 0;
+					const now = Date.now();
+					pruneExpired(corrToCuid, now, ttlMs);
+					pruneExpired(cuidToCorr, now, ttlMs);
+					const corr = envelope[ENVELOPE.corr];
+					const time = envelope[ENVELOPE.time];
+					const wireIdentity = envelope[ENVELOPE.originClient];
+					let cuid;
+					let originClient;
+					if (payloadType === "request") {
+						cuid = nanoid();
+						cuidToCorr.set(cuid, {
+							value: corr,
+							time: now
+						});
+						if (isKnownIdentity(wireIdentity)) peerIdentity = wireIdentity;
+						originClient = peerIdentity ?? unknownIdentity;
+					} else {
+						cuid = corrToCuid.get(corr)?.value ?? nanoid();
+						if (payloadType === "result") corrToCuid.delete(corr);
+						originClient = selfIdentity ?? unknownIdentity;
+					}
+					return assembleWireJson(routeMeta, payloadType, time, {
+						cuid,
+						timeCreated: time,
+						routing: [],
+						originClient
+					}, envelope[ENVELOPE.payload]);
+				} catch (e) {
+					console.error("[binary-wire] Failed to unpack binary action session frame", e);
+					return;
+				}
+			}
+		};
+	};
 }
 //#endregion
 //#region src/ActionRuntime/Transport/Transport.ts
 /**
-* Reusable transport definition. Devs construct these (`secureTransport({ carrier: wsCarrier(() => ({ url })) })`,
-* `plainTransport({ carrier: httpCarrier(...) })`, …) and pass them to a
-* `ConnectorHandler`. A single
+* Reusable transport definition. Built by the internal `transport({ carrier, secure })` factory (which
+* `connectChannel` / `serveChannel` drive) and passed to a `ConnectorHandler`. A single
 * definition can be shared across multiple handlers — each handler builds its own live
 * {@link TransportConnection} via {@link TransportConnection._createConnection}.
 */
@@ -3159,175 +3378,6 @@ var LinkTransport = class LinkTransport extends Transport {
 	}
 };
 //#endregion
-//#region src/ActionRuntime/Transport/plainTransport.ts
-function plainTransport(options) {
-	const carrier = options.carrier;
-	if (isExchangeCarrierSource(carrier)) return ExchangeTransport.create({
-		openCarrier: carrier.open,
-		getTransportCacheKey: carrier.getCacheKey,
-		available: options.available,
-		getRouteInfo: carrier.getRouteInfo,
-		label: options.label ?? carrier.carrierLabel,
-		updateRunConfig: options.updateRunConfig
-	});
-	return LinkTransport.create({
-		openChannel: carrier.open,
-		formatMessage: options.formatMessage,
-		createFormatMessage: options.createFormatMessage,
-		getTransportCacheKey: carrier.getCacheKey,
-		available: options.available,
-		getRouteInfo: carrier.getRouteInfo,
-		label: options.label ?? carrier.carrierLabel,
-		updateRunConfig: options.updateRunConfig
-	});
-}
-//#endregion
-//#region src/ActionRuntime/Transport/secureTransport.ts
-function secureTransport(options) {
-	const link = options.link ?? (options.storageAdapter != null ? new ClientCryptoKeyLink({ storageAdapter: options.storageAdapter }) : void 0);
-	if (link == null) throw new Error("secureTransport: provide `link` or `storageAdapter` for the crypto identity.");
-	const security = {
-		securityLevel: options.securityLevel,
-		link,
-		localCoordinate: options.runtime.coordinate.toJsonObject(),
-		dictionaryVersion: options.channel.dictionaryVersion
-	};
-	const carrier = options.carrier;
-	if (isExchangeCarrierSource(carrier)) return ExchangeTransport.create({
-		openCarrier: carrier.open,
-		getTransportCacheKey: carrier.getCacheKey,
-		available: options.available,
-		getRouteInfo: carrier.getRouteInfo,
-		label: carrier.carrierLabel,
-		security
-	});
-	return LinkTransport.create({
-		openChannel: carrier.open,
-		createFormatMessage: options.channel.createCodec,
-		getTransportCacheKey: carrier.getCacheKey,
-		available: options.available,
-		getRouteInfo: carrier.getRouteInfo,
-		label: carrier.carrierLabel,
-		security
-	});
-}
-//#endregion
-//#region src/ActionRuntime/Channel/ActionChannel.ts
-/**
-* Declare a transport-agnostic channel by role. Use it for HTTP, custom transports, or as the routing
-* half of a richer channel. The order of each list is part of the contract for wire formats that pack
-* positionally (see `defineSecureChannel`) — add new domains to the end of their list. (`domains` is
-* accepted as a legacy alias for `toAcceptor`.)
-*/
-function defineChannel(options) {
-	return {
-		toAcceptorDomains: options.toAcceptor,
-		toConnectorDomains: options.toConnector
-	};
-}
-/**
-* Open a connection to a peer from a single call — the dial-out dual of `serveChannel`. The channel is
-* the single source of truth for *what* is routed (`toAcceptor` domains forwarded to the peer,
-* `toConnector` pushes handled locally from `onPush`); the call binds the shared facts — the channel's
-* codec/dictionary version, the runtime, and one crypto identity (a {@link ClientCryptoKeyLink} over
-* `storage`) — into every transport in `transports`, so none of them restate the channel or runtime.
-* List several transports to make the path transport-agnostic (secure WS preferred, HTTP fallback):
-* ```ts
-* const handler = connectChannel(runtime, lobbyChannel, {
-*   peer: runtime_coordinate_lobby_do,
-*   storage,
-*   transports: [{ carrier: wsCarrier(() => ({ url })) }, { carrier: httpCarrier(...), secure: false }],
-*   onPush: { player_joined: (p) => { … } },
-* });
-* ```
-* Returns the {@link ConnectorHandler} so the caller can later `clearTransportCache()` it.
-*/
-function connectChannel(runtime, channel, options) {
-	const securityLevel = options.securityLevel ?? "authenticated";
-	const anySecure = options.transports.some((transport) => transport.secure ?? true);
-	let link = options.link;
-	if (anySecure && link == null) {
-		if (options.storage == null) throw new Error("connectChannel: a secure transport requires `storage` (or `link`). Pass it, or set `secure: false` on the transport for a plain connection.");
-		link = new ClientCryptoKeyLink({ storageAdapter: options.storage });
-	}
-	const transports = options.transports.map((transport) => {
-		const carrier = transport.carrier;
-		const secure = transport.secure ?? true;
-		if (isExchangeCarrierSource(carrier)) return secure ? secureTransport({
-			channel,
-			runtime,
-			link,
-			securityLevel: transport.securityLevel ?? securityLevel,
-			available: transport.available,
-			carrier
-		}) : plainTransport({
-			carrier,
-			available: transport.available,
-			label: transport.label
-		});
-		return secure ? secureTransport({
-			channel,
-			runtime,
-			link,
-			securityLevel: transport.securityLevel ?? securityLevel,
-			available: transport.available,
-			carrier
-		}) : plainTransport({
-			carrier,
-			createFormatMessage: channel.createCodec,
-			available: transport.available,
-			label: transport.label
-		});
-	});
-	const pushHandlers = options.onPush != null ? channel.toConnectorDomains.map((domain) => domain.wrapAsPartialLocalHandler(options.onPush)) : [];
-	return runtime.connectTo(options.peer, {
-		transports,
-		domains: [...channel.toAcceptorDomains],
-		localHandlers: pushHandlers,
-		defaultTimeout: options.defaultTimeout
-	});
-}
-/**
-* Register an acceptor handler's execution for a channel straight from its definition: the channel's
-* `toAcceptor` domains are served together with one merged, connection-aware case map (each case gets
-* the primed request + the originating connection, as with
-* {@link AcceptorHandler.forConnectionDomainCases}). The domain list is taken from the channel,
-* never restated. Add the returned handler to the runtime alongside the acceptor handler:
-* ```ts
-* runtime.addHandlers([acceptChannelConnections(serverHandler, channel, { … }), serverHandler]);
-* ```
-*
-* The case's second argument is the raw connection (`TConn | undefined`). For the richer state +
-* broadcast + pushBack context, serve the channel through `serveChannel`'s `channelCases` instead.
-*/
-function acceptChannelConnections(serverHandler, channel, cases) {
-	return serverHandler.forConnectionDomainCasesMulti(channel.toAcceptorDomains, cases, (connection) => connection);
-}
-/**
-* Build the secure {@link AcceptorHandler} for a channel — the accept-in counterpart to
-* {@link connectChannel}. It folds in the same boilerplate as {@link createSecureAcceptorHandler} (the
-* `ClientCryptoKeyLink` + storage-backed TOFU resolver from one `storageAdapter`, the channel's codec +
-* dictionary version, the `security` block from the runtime coordinate) but takes the `(runtime, channel,
-* options)` shape of the channel family. Pair it with {@link acceptChannelConnections} for execution:
-* ```ts
-* const acceptor = acceptChannel(runtime, gameChannel, { clientEnv, storageAdapter, send });
-* runtime.addHandlers([acceptChannelConnections(acceptor, gameChannel, { … }), acceptor]);
-* ```
-*/
-function acceptChannel(runtime, channel, options) {
-	return createSecureAcceptorHandler({
-		channel,
-		runtime,
-		clientEnv: options.clientEnv,
-		storageAdapter: options.storageAdapter,
-		link: options.link,
-		send: options.send,
-		securityLevel: options.securityLevel,
-		verifyKeyResolver: options.verifyKeyResolver,
-		defaultTimeout: options.defaultTimeout
-	});
-}
-//#endregion
 //#region src/ActionRuntime/Transport/SecureSession/exchangeAcceptor.ts
 const textEncoder = new TextEncoder();
 const textDecoder = new TextDecoder();
@@ -3665,242 +3715,6 @@ function createHibernatableWsServerAdapter(options) {
 	};
 }
 //#endregion
-//#region src/ActionRuntime/Transport/Carrier/AcceptorCarrier.types.ts
-/**
-* Build the inert lifecycle slot a duplex carrier factory spreads into its handle: `receive`/`drop` throw
-* (or no-op) until `serveChannel` calls `_activate` with the carrier's live router. Shared by every duplex
-* carrier factory (`wsAcceptorCarrier`, a WebRTC carrier, the Cloudflare DO helper, …) so the
-* stateful-handle wiring lives in exactly one place.
-*/
-function createDuplexCarrierLifecycle() {
-	let router;
-	return {
-		receive(connection, frame) {
-			if (router == null) throw new Error("acceptor carrier not served yet — pass it to serveChannel() before feeding frames");
-			router.receive(connection, frame);
-		},
-		drop(connection) {
-			router?.drop(connection);
-		},
-		_activate(liveRouter) {
-			router = liveRouter;
-		}
-	};
-}
-/**
-* Narrow an acceptor carrier to the exchange shape via its `shape` discriminant — the one branch
-* `serveChannel` uses to pick the duplex (push-capable) vs exchange (request/reply) wiring. A duplex
-* carrier carries `shape: ETransportShape.duplex`, so the `else` branch is the duplex one.
-*/
-function isExchangeAcceptorCarrier(carrier) {
-	return carrier.shape === "exchange";
-}
-//#endregion
-//#region src/ActionRuntime/Channel/serveChannel.ts
-/** Default accepted set, shared by every carrier: negotiate per connection to whatever the client picks. */
-const DEFAULT_SERVER_SECURITY_LEVELS = [
-	"none",
-	"authenticated",
-	"encrypted"
-];
-function serveChannel(runtime, channel, options) {
-	const duplexCarriers = options.carriers.filter((carrier) => !isExchangeAcceptorCarrier(carrier));
-	const exchangeCarriers = options.carriers.filter(isExchangeAcceptorCarrier);
-	if (exchangeCarriers.length > 1) throw new Error("serveChannel: at most one exchange carrier is supported");
-	const exchangeCarrier = exchangeCarriers[0];
-	const singleDuplex = duplexCarriers.length === 1;
-	if (options.connectionState != null && !singleDuplex) throw new Error("serveChannel: `connectionState` requires exactly one duplex carrier");
-	if (options.channelCases != null && !singleDuplex) throw new Error("serveChannel: `channelCases` requires exactly one duplex carrier");
-	const exchangeSecure = exchangeCarrier != null && (exchangeCarrier.secure ?? true);
-	const anyDuplexSecure = duplexCarriers.some((carrier) => carrier.secure ?? true);
-	const securityLevel = options.securityLevel ?? DEFAULT_SERVER_SECURITY_LEVELS;
-	let secure;
-	if (anyDuplexSecure || exchangeSecure) {
-		const storage = options.storage;
-		if (storage == null) throw new Error("serveChannel: a secure carrier requires `storage`. Pass it, or set `secure: false` on the carrier for a plain endpoint.");
-		secure = {
-			storage,
-			link: options.link ?? new ClientCryptoKeyLink({ storageAdapter: storage }),
-			verifyKeyResolver: options.verifyKeyResolver ?? createStorageTofuVerifyKeyResolver(storage)
-		};
-	}
-	const plainRouter = (handler) => ({
-		receive: (connection, frame) => handler.receive(connection, frame),
-		drop: (connection) => handler.dropConnection(connection)
-	});
-	const asObject = (value) => typeof value === "object" && value != null ? value : {};
-	const handlers = [];
-	let connections;
-	for (const carrier of duplexCarriers) {
-		const handler = (carrier.secure ?? true) && secure != null ? acceptChannel(runtime, channel, {
-			clientEnv: options.clientEnv,
-			storageAdapter: secure.storage,
-			link: secure.link,
-			verifyKeyResolver: secure.verifyKeyResolver,
-			securityLevel,
-			send: carrier.send,
-			defaultTimeout: options.defaultTimeout
-		}) : createAcceptorHandler({
-			clientEnv: options.clientEnv,
-			createFormatMessage: channel.createCodec,
-			send: carrier.send,
-			runtime,
-			defaultTimeout: options.defaultTimeout
-		});
-		const attach = carrier.attachmentStore;
-		let router;
-		if (attach == null) router = plainRouter(handler);
-		else if (options.connectionState != null) {
-			connections = createConnectionStateStore(handler, {
-				schema: options.connectionState.schema,
-				getConnections: attach.getConnections,
-				read: attach.read,
-				write: attach.write
-			});
-			router = plainRouter(handler);
-		} else router = createHibernatableWsServerAdapter({
-			handler,
-			getConnections: attach.getConnections,
-			getAttachment: (connection) => attach.read(connection)?.binding,
-			setAttachment: (connection, binding) => attach.write(connection, {
-				...asObject(attach.read(connection)),
-				binding
-			})
-		});
-		carrier._activate(router);
-		handlers.push(handler);
-	}
-	runtime.addHandlers([...options.handlers ?? [], ...handlers]);
-	const soleDuplex = singleDuplex ? duplexCarriers[0] : void 0;
-	const receive = (connection, frame) => {
-		if (soleDuplex == null) throw new Error(duplexCarriers.length === 0 ? "serveChannel: no duplex carrier to receive on (this server has no socket transport)" : "serveChannel: several duplex carriers — feed each carrier handle's receive() directly");
-		soleDuplex.receive(connection, frame);
-	};
-	const drop = (connection) => {
-		soleDuplex?.drop(connection);
-	};
-	const pushToClient = (target, request, pushOptions) => {
-		const owner = target instanceof RuntimeCoordinate ? handlers.find((handler) => handler.ownsLiveConnectionFor(target)) : handlers.find((handler) => handler.hasConnection(target));
-		if (owner == null) throw new Error("serveChannel: no duplex carrier holds a connection for the push target");
-		return owner.pushToClient(runtime, target, request, pushOptions);
-	};
-	const broadcast = (makeRequest, broadcastOptions) => {
-		if (!singleDuplex) throw new Error("serveChannel: broadcast requires exactly one duplex carrier — broadcast over a specific handlers[i] instead");
-		handlers[0].broadcast(makeRequest, {
-			runtime,
-			...broadcastOptions
-		});
-	};
-	const makeConnectionContext = (connection, request) => ({
-		connection: connection ?? null,
-		origin: request.context.originClient,
-		get state() {
-			return connection != null && connections != null ? connections.get(connection) : null;
-		},
-		setState(value) {
-			if (connection != null && connections != null) connections.set(connection, value);
-		},
-		clearState() {
-			if (connection != null && connections != null) connections.clearApp(connection);
-		},
-		broadcast(makeRequest, contextOptions) {
-			broadcast(makeRequest, {
-				except: contextOptions?.exceptSelf ? connection ?? null : null,
-				where: contextOptions?.where,
-				timeout: contextOptions?.timeout,
-				onError: contextOptions?.onError
-			});
-		},
-		pushBack(pushRequest, pushOptions) {
-			if (connection == null) throw new Error("serveChannel: connection context has no live socket to push back to (HTTP-exchange path)");
-			return pushToClient(connection, pushRequest, pushOptions);
-		}
-	});
-	if (options.channelCases != null) runtime.addHandlers([handlers[0].forConnectionDomainCasesMulti(channel.toAcceptorDomains, options.channelCases, makeConnectionContext)]);
-	const exchangeSecurity = exchangeSecure && secure != null ? {
-		link: secure.link,
-		verifyKeyResolver: secure.verifyKeyResolver,
-		localCoordinate: runtime.coordinate.toJsonObject(),
-		dictionaryVersion: channel.dictionaryVersion,
-		securityLevel
-	} : void 0;
-	const defaultIsUpgrade = (request) => request.headers.get("Upgrade") === "websocket";
-	const upgraders = [];
-	for (const carrier of duplexCarriers) {
-		if (carrier.upgrade == null) continue;
-		upgraders.push({
-			isUpgrade: carrier.isUpgrade ?? defaultIsUpgrade,
-			upgrade: carrier.upgrade
-		});
-	}
-	return {
-		handlers,
-		fetch: createActionFetchHandler(runtime, {
-			cors: exchangeCarrier?.cors,
-			onWebSocketUpgrade: upgraders.length === 0 ? void 0 : (request, url) => (upgraders.find((u) => u.isUpgrade(request, url)) ?? upgraders[0]).upgrade(request, url),
-			isWebSocketUpgrade: upgraders.length === 0 ? void 0 : (request, url) => upgraders.some((u) => u.isUpgrade(request, url)),
-			isActionPath: exchangeCarrier != null ? exchangeCarrier.isActionPath ?? (() => true) : () => false,
-			security: exchangeSecurity,
-			useErrorStatus: exchangeCarrier?.useErrorStatus
-		}),
-		receive,
-		drop,
-		pushToClient,
-		broadcast,
-		connections
-	};
-}
-//#endregion
-//#region src/ActionRuntime/Channel/serveHost.ts
-function serveHost(runtime, channel, host, options) {
-	const server = serveChannel(runtime, channel, {
-		...options,
-		carriers: host.carriers,
-		storage: host.storage
-	});
-	host.onServed?.(server);
-	return server;
-}
-//#endregion
-//#region src/ActionRuntime/Transport/Carrier/duplex/ws/wsAcceptorCarrier.ts
-/**
-* A WebSocket {@link IDuplexAcceptorCarrier}: the accept-in dual of {@link wsCarrier}. It describes how to
-* write frames back to a live socket, how to upgrade an inbound request into one, and (optionally) how to
-* persist bindings across hibernation. Hand it to `serveChannel`'s `carriers` list — the secure session,
-* codec, and crypto identity are supplied centrally there, so this only carries the WS-specific surface.
-*/
-function wsAcceptorCarrier(options) {
-	return {
-		...createDuplexCarrierLifecycle(),
-		shape: "duplex",
-		carrierLabel: options.carrierLabel ?? "ws",
-		secure: options.secure,
-		send: options.send,
-		upgrade: options.upgrade,
-		isUpgrade: options.isUpgrade ?? ((request) => request.headers.get("Upgrade") === "websocket"),
-		attachmentStore: options.attachmentStore
-	};
-}
-//#endregion
-//#region src/ActionRuntime/Transport/Carrier/exchange/http/httpAcceptorCarrier.ts
-/**
-* An HTTP {@link IExchangeAcceptorCarrier}: the accept-in dual of {@link httpCarrier}. It serves the
-* secure exchange protocol (handshake → token session → encrypted frames) over web-standard
-* `Request`/`Response`. The crypto identity, runtime coordinate, dictionary version, and accepted security
-* levels are all supplied centrally by `serveChannel`, so this only needs to say which requests carry an
-* action envelope and how to answer CORS.
-*/
-function httpAcceptorCarrier(options = {}) {
-	return {
-		shape: "exchange",
-		carrierLabel: options.carrierLabel ?? "http",
-		secure: options.secure,
-		isActionPath: options.isActionPath,
-		cors: options.cors,
-		useErrorStatus: options.useErrorStatus
-	};
-}
-//#endregion
-export { EErrId_NiceAction as $, createServerHandshake as A, PeerLinkHandler as B, createAcceptorHandler as C, ESecurityLevel as D, EHandshakeMessageType as E, ActionLocalHandler as F, err_nice_external_client as G, ETransportStatus as H, createLocalHandler as I, ActionSchema as J, isActionPayload_Any_JsonObject as K, ActionRuntime as L, decodeHandshakeMessage as M, encodeHandshakeMessage as N, createClientHandshake as O, runtimeLinkId as P, isAction_Base_JsonObject as Q, ConnectorHandler as R, AcceptorHandler as S, decodeActionFrame as T, EErrId_NiceTransport as U, ETransportShape as V, err_nice_transport as W, actionSchema as X, EActionResponseMode as Y, isActionPayload_Result_JsonObject as Z, decodeExchangeReply as _, isExchangeAcceptorCarrier as a, EActionProgressType as at, Transport as b, createConnectionStateStore as c, RuntimeCoordinate as ct, acceptChannel as d, err_nice_action as et, acceptChannelConnections as f, ExchangeTransport as g, LinkTransport as h, serveChannel as i, EActionPayloadType as it, createStorageTofuVerifyKeyResolver as j, createInMemoryTofuVerifyKeyResolver as k, createActionFetchHandler as l, runtimeCoordinateToStringIds as lt, defineChannel as m, wsAcceptorCarrier as n, ActionPayload_Request as nt, createHibernatableWsServerAdapter as o, ActionPayload as ot, connectChannel as p, isActionPayload_Request_JsonObject as q, serveHost as r, ActionPayload_Result as rt, ConnectionStateStore as s, ActionBase as st, httpAcceptorCarrier as t, RunningAction as tt, ExchangeAcceptor as u, UNSET_RUNTIME_ENV_ID as ut, decodeExchangeRequest as v, createActionFrameCrypto as w, createSecureAcceptorHandler as x, encodeExchange as y, createConnectorHandler as z };
+export { ActionPayload_Request as $, encodeHandshakeMessage as A, EErrId_NiceTransport as B, EHandshakeMessageType as C, createServerHandshake as D, createInMemoryTofuVerifyKeyResolver as E, ConnectorHandler as F, ActionSchema as G, err_nice_external_client as H, createConnectorHandler as I, isActionPayload_Result_JsonObject as J, EActionResponseMode as K, PeerLinkHandler as L, ActionLocalHandler as M, createLocalHandler as N, createStorageTofuVerifyKeyResolver as O, ActionRuntime as P, RunningAction as Q, ETransportShape as R, decodeActionFrame as S, createClientHandshake as T, isActionPayload_Any_JsonObject as U, err_nice_transport as V, isActionPayload_Request_JsonObject as W, EErrId_NiceAction as X, isAction_Base_JsonObject as Y, err_nice_action as Z, extractWirePayload as _, ExchangeAcceptor as a, RuntimeCoordinate as at, createAcceptorHandler as b, decodeExchangeReply as c, Transport as d, ActionPayload_Result as et, createBinaryWireSessionFactory as f, buildActionRouteDictionary as g, assembleWireJson as h, createActionFetchHandler as i, ActionBase as it, runtimeLinkId as j, decodeHandshakeMessage as k, decodeExchangeRequest as l, ReversePayloadType as m, ConnectionStateStore as n, EActionProgressType as nt, LinkTransport as o, runtimeCoordinateToStringIds as ot, PayloadTypeToInt as p, actionSchema as q, createConnectionStateStore as r, ActionPayload as rt, ExchangeTransport as s, createHibernatableWsServerAdapter as t, EActionPayloadType as tt, encodeExchange as u, createSecureAcceptorHandler as v, ESecurityLevel as w, createActionFrameCrypto as x, AcceptorHandler as y, ETransportStatus as z };
 
-//# sourceMappingURL=httpAcceptorCarrier-DJVxzDVd.mjs.map
+//# sourceMappingURL=createHibernatableWsServerAdapter-BkjESd01.mjs.map