npm - @nice-code/util - Versions diffs - 0.10.0 → 0.12.0 - Mend

@nice-code/util 0.10.0 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/build/index.cjs +1126 -0
package/build/index.cjs.map +1 -0
package/build/{index.d.ts → index.d.cts} +1 -1
package/build/index.d.mts +765 -0
package/build/{index.js → index.mjs} +1 -1
package/build/index.mjs.map +1 -0
package/package.json +12 -3
package/build/index.js.map +0 -1

package/build/index.cjs ADDED Viewed

@@ -0,0 +1,1126 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+//#region \0rolldown/runtime.js
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+	if (from && typeof from === "object" || typeof from === "function") for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+		key = keys[i];
+		if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, {
+			get: ((k) => from[k]).bind(null, key),
+			enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+		});
+	}
+	return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", {
+	value: mod,
+	enumerable: true
+}) : target, mod));
+//#endregion
+let _scure_base = require("@scure/base");
+let valibot = require("valibot");
+valibot = __toESM(valibot, 1);
+//#region src/data_type/string/nullEmpty.ts
+const notNullEmpty = (str) => {
+	return str != null && str.length > 0;
+};
+//#endregion
+//#region src/crypto/x25519/createSharedBitsFromX25519.ts
+const createSharedBitsFromX25519 = async ({ privateKey, publicKey }) => {
+	return new Uint8Array(await crypto.subtle.deriveBits({
+		name: "X25519",
+		public: publicKey
+	}, privateKey, 256));
+};
+//#endregion
+//#region src/crypto/aes_gcm/createAesGcmKeyFromX25519Keys.ts
+const DEFAULT_INFO_STRING = "METEOR_BRIDGE_DEFAULT_INFO_STRING";
+const createAesGcmKeyFromX25519Keys = async ({ externalX25519PublicKey, internalX25519PrivateKey, infoString, saltString }) => {
+	const sharedBits = await createSharedBitsFromX25519({
+		privateKey: internalX25519PrivateKey,
+		publicKey: externalX25519PublicKey
+	});
+	const ikm = await crypto.subtle.importKey("raw", new Uint8Array(sharedBits), "HKDF", false, ["deriveKey"]);
+	const salt = notNullEmpty(saltString) ? new TextEncoder().encode(saltString) : new Uint8Array();
+	const info = new TextEncoder().encode(notNullEmpty(infoString) ? infoString : DEFAULT_INFO_STRING);
+	return await crypto.subtle.deriveKey({
+		name: "HKDF",
+		hash: "SHA-256",
+		salt,
+		info
+	}, ikm, {
+		name: "AES-GCM",
+		length: 256
+	}, false, ["encrypt", "decrypt"]);
+};
+//#endregion
+//#region src/crypto/aes_gcm/decryptBytesWithAesGcmKey.ts
+/**
+* Decrypts a raw-bytes AES-GCM payload (binary nonce + ciphertext) back to bytes. The counterpart of
+* {@link decryptTextDataWithAesGcmKey}. AES-GCM verifies integrity, so a tampered ciphertext throws.
+*/
+const decryptBytesWithAesGcmKey = async ({ aesGcmKey, dataToDecrypt }) => {
+	const decryptedData = await crypto.subtle.decrypt({
+		name: "AES-GCM",
+		iv: new Uint8Array(dataToDecrypt.nonce)
+	}, aesGcmKey, new Uint8Array(dataToDecrypt.ciphertext));
+	return new Uint8Array(decryptedData);
+};
+//#endregion
+//#region src/crypto/aes_gcm/decryptTextDataWithAesGcmKey.ts
+const decryptTextDataWithAesGcmKey = async ({ aesGcmKey, dataToDecrypt }) => {
+	const decryptedData = await crypto.subtle.decrypt({
+		name: "AES-GCM",
+		iv: new Uint8Array(_scure_base.base64.decode(dataToDecrypt.nonce))
+	}, aesGcmKey, new Uint8Array(_scure_base.base64.decode(dataToDecrypt.ciphertext)));
+	return new TextDecoder().decode(decryptedData);
+};
+//#endregion
+//#region src/crypto/aes_gcm/encryptBytesWithAesGcmKey.ts
+/**
+* Encrypts raw bytes with an AES-GCM key, returning the binary nonce + ciphertext. The bytes
+* counterpart of {@link encryptTextDataWithAesGcmKey} — use it for binary channels (msgpack frames)
+* to avoid base64 inflation. A fresh 12-byte nonce is generated per call (never reuse a nonce).
+*/
+const encryptBytesWithAesGcmKey = async ({ aesGcmKey, dataToEncrypt }) => {
+	const nonce = crypto.getRandomValues(new Uint8Array(12));
+	const encryptedData = await crypto.subtle.encrypt({
+		name: "AES-GCM",
+		iv: nonce
+	}, aesGcmKey, new Uint8Array(dataToEncrypt));
+	return {
+		nonce,
+		ciphertext: new Uint8Array(encryptedData)
+	};
+};
+//#endregion
+//#region src/crypto/aes_gcm/encryptTextDataWithAesGcmKey.ts
+const encryptTextDataWithAesGcmKey = async ({ aesGcmKey, dataToEncrypt }) => {
+	const nonce = crypto.getRandomValues(new Uint8Array(12));
+	const encryptedData = await crypto.subtle.encrypt({
+		name: "AES-GCM",
+		iv: nonce
+	}, aesGcmKey, new TextEncoder().encode(dataToEncrypt));
+	return {
+		nonce: _scure_base.base64.encode(nonce),
+		ciphertext: _scure_base.base64.encode(new Uint8Array(encryptedData))
+	};
+};
+//#endregion
+//#region src/crypto/ed25519/signTextDataWithKeyEd25519.ts
+const signTextDataWithKeyEd25519 = async (data, cryptoKey) => {
+	const dataBuffer = new TextEncoder().encode(data);
+	const signature = await crypto.subtle.sign({ name: "ED25519" }, cryptoKey, dataBuffer);
+	return new Uint8Array(signature);
+};
+//#endregion
+//#region src/crypto/ed25519/signCombinedTextDataWithKeyEd25519.ts
+const DEFAULT_COMBINED_TEXT_DATA_SEPARATOR = "::";
+const signCombinedTextDataWithKeyEd25519 = async (data, cryptoKey, separator = "::") => {
+	return await signTextDataWithKeyEd25519(data.join(separator), cryptoKey);
+};
+//#endregion
+//#region src/crypto/client_key_link/buildVerifyKeyBoundInfoString.ts
+/**
+* The canonical HKDF `info` for a client-to-client shared key that binds both sides' verify
+* public keys into the derivation.
+*
+* When the two keys are relayed through an intermediary, a tampered key produces mismatched AES
+* keys on the two sides — the very first decryption fails, so key substitution is detected without
+* any extra signature ceremony.
+*
+* The keys are sorted lexicographically so the result is independent of which side is "local" —
+* both ends of a link compute the identical string without coordinating an order. Used internally
+* by ClientCryptoKeyLink (`bindVerifyKeysIntoDerivation`); exported for code that derives the same
+* key outside the link.
+*/
+const buildVerifyKeyBoundInfoString = ({ infoString, verifyPublicKeys }) => {
+	const sortedKeys = [...verifyPublicKeys].sort();
+	return [...infoString != null ? [infoString] : [], ...sortedKeys].join("::");
+};
+//#endregion
+//#region src/storage_adapter/typed_storage/createTypedStorage.ts
+function createTypedStorage({ storageAdapter }) {
+	const getJson = async (key) => {
+		return storageAdapter.getJson(key);
+	};
+	const getJsonOrDef = async (key, defVal) => {
+		return await storageAdapter.getJson(key) ?? defVal;
+	};
+	const setJson = async (key, val) => {
+		return storageAdapter.setJson(key, val);
+	};
+	const removeItem = async (key) => {
+		await storageAdapter.removeItem(key);
+	};
+	const updateJson = async (key, updater) => {
+		await storageAdapter.updateJson(key, updater);
+	};
+	const updateJsonWithDef = async (key, defaultVal, updater) => {
+		await storageAdapter.updateJsonOrDef(key, defaultVal, updater);
+	};
+	return {
+		getJson,
+		getJsonOrDef,
+		setJson,
+		removeItem,
+		updateJson,
+		updateJsonWithDef,
+		clearAll: async () => {
+			await storageAdapter.clearAll();
+		}
+	};
+}
+//#endregion
+//#region src/crypto/ed25519/generateEd25519KeyPair.ts
+const generateEd25519KeyPair = async () => {
+	return await crypto.subtle.generateKey({ name: "Ed25519" }, true, ["sign", "verify"]);
+};
+//#endregion
+//#region src/core/createDataStringConverter_stringToObject.ts
+const createDataStringConverter_stringToObject = ({ transformJsonForFormats = [], transformJson = false } = {}) => (inputDataString) => {
+	const [type, format, dataString] = inputDataString.split("::");
+	let parsedData = dataString;
+	if (transformJson || transformJsonForFormats.includes(format)) try {
+		parsedData = JSON.parse(dataString);
+	} catch (error) {
+		const err = /* @__PURE__ */ new Error(`Failed to parse type and format data string. Given input: "${inputDataString}", expected JSON parsable "data" value in the format "${type}::${format}::data" ${error instanceof Error ? error.message : String(error)}`);
+		err.cause = error;
+		throw err;
+	}
+	return {
+		formattedString: inputDataString,
+		type,
+		format,
+		data: parsedData
+	};
+};
+//#endregion
+//#region src/core/core_valibot_schemas.ts
+const vBase64 = valibot.pipe(valibot.string(), valibot.base64());
+const vCreateSchema_TypeAndFormatPrefixedDataString = ({ type, format, typeKind, formatKind }) => {
+	const _typeKind = typeKind ?? "data_type";
+	const _formatKind = formatKind ?? "data_format";
+	return valibot.pipe(valibot.custom((input) => {
+		if (typeof input !== "string") return false;
+		const [typePart, formatPart, dataPart] = input.split("::");
+		return typePart === type && formatPart === format && typeof dataPart === "string";
+	}, `Invalid format, expected '<${_typeKind}>::<${_formatKind}>::<value>' where "${_typeKind}" is "${type}", "${_formatKind}" is "${format}", and "value" is a string in the specified format`));
+};
+//#endregion
+//#region src/crypto/crypto.schema.ts
+let ECryptoKeyAlgo = /* @__PURE__ */ function(ECryptoKeyAlgo) {
+	ECryptoKeyAlgo["ed25519"] = "ed25519";
+	ECryptoKeyAlgo["x25519"] = "x25519";
+	return ECryptoKeyAlgo;
+}({});
+let ECryptoKeyFormat = /* @__PURE__ */ function(ECryptoKeyFormat) {
+	ECryptoKeyFormat["raw_base64"] = "raw_base64";
+	ECryptoKeyFormat["jwk"] = "jwk";
+	return ECryptoKeyFormat;
+}({});
+const vSerializedCryptoKeyDataEd25519_Raw = vCreateSchema_TypeAndFormatPrefixedDataString({
+	format: "raw_base64",
+	type: "ed25519",
+	typeKind: "algo"
+});
+const vSerializedCryptoKeyDataEd25519_Jwk = vCreateSchema_TypeAndFormatPrefixedDataString({
+	format: "jwk",
+	type: "ed25519",
+	typeKind: "algo",
+	transformJson: true
+});
+const vSerializedCryptoKeyDataX25519_Raw = vCreateSchema_TypeAndFormatPrefixedDataString({
+	format: "raw_base64",
+	type: "x25519",
+	typeKind: "algo"
+});
+const vSerializedCryptoKeyDataX25519_Jwk = vCreateSchema_TypeAndFormatPrefixedDataString({
+	format: "jwk",
+	type: "x25519",
+	typeKind: "algo",
+	transformJson: true
+});
+const vCryptoKeyPairDataX25519 = valibot.object({
+	publicKey: vSerializedCryptoKeyDataX25519_Raw,
+	privateKey: vSerializedCryptoKeyDataX25519_Jwk
+});
+const vCryptoKeyPairDataEd25519 = valibot.object({
+	publicKey: vSerializedCryptoKeyDataEd25519_Raw,
+	privateKey: vSerializedCryptoKeyDataEd25519_Jwk
+});
+const vVerifyChallengeWithSignature_Input = valibot.object({
+	challenge: valibot.string(),
+	signatureBase64: vBase64
+});
+const vVerifyChallengeWithSignature_WithThrow_Input = valibot.intersect([vVerifyChallengeWithSignature_Input, valibot.object({ throwOnInvalid: valibot.optional(valibot.boolean()) })]);
+const vEncryptedAesGcmPayload = valibot.object({
+	nonce: vBase64,
+	ciphertext: vBase64
+});
+//#endregion
+//#region src/crypto/crypto.converters.ts
+/**
+*
+* [CRYPTO ALGO] ED25519
+*
+*/
+const convertEd25519RawDataStringToObject = createDataStringConverter_stringToObject();
+const convertEd25519JwkDataStringToObject = createDataStringConverter_stringToObject({ transformJson: true });
+const convertEd25519FormattedStringToObject = createDataStringConverter_stringToObject({ transformJsonForFormats: ["jwk"] });
+const convertEd25519RawDataStringToSerializedKeyData = (input) => {
+	return {
+		prefixed: input,
+		transformed: convertEd25519RawDataStringToObject(input)
+	};
+};
+const convertEd25519JwkDataStringToSerializedKeyData = (input) => {
+	return {
+		prefixed: input,
+		transformed: convertEd25519JwkDataStringToObject(input)
+	};
+};
+const convertEd25519FormattedStringToSerializedKeyData = (input) => {
+	return convertEd25519FormattedStringToObject(input);
+};
+/**
+*
+* [CRYPTO ALGO] X25519
+*
+*/
+const convertX25519RawDataStringToObject = createDataStringConverter_stringToObject();
+const convertX25519JwkDataStringToObject = createDataStringConverter_stringToObject({ transformJson: true });
+const convertX25519FormattedStringToObject = createDataStringConverter_stringToObject({ transformJsonForFormats: ["jwk"] });
+const convertX25519RawDataStringToSerializedKeyData = (input) => {
+	return {
+		prefixed: input,
+		transformed: convertX25519RawDataStringToObject(input)
+	};
+};
+const convertX25519JwkDataStringToSerializedKeyData = (input) => {
+	return {
+		prefixed: input,
+		transformed: convertX25519JwkDataStringToObject(input)
+	};
+};
+const convertX25519FormattedStringToSerializedKeyData = (input) => {
+	return convertX25519FormattedStringToObject(input);
+};
+//#endregion
+//#region src/crypto/ed25519/importEd25519Key.ts
+const fromBase64$1 = async (dataBase64, keyUsage, extractable) => {
+	const keyBuffer = Uint8Array.from(_scure_base.base64.decode(dataBase64));
+	return await crypto.subtle.importKey("raw", keyBuffer, { name: "Ed25519" }, extractable, keyUsage);
+};
+const fromJwk$1 = async (jwk, keyUsage, extractable = true) => {
+	return await crypto.subtle.importKey("jwk", jwk, { name: "Ed25519" }, extractable, keyUsage);
+};
+const fromSerializedObject$1 = async (serialized, keyUsage, extractable = true) => {
+	if (serialized.format === "jwk") return await fromJwk$1(serialized.data, keyUsage, extractable);
+	return await fromBase64$1(serialized.data, keyUsage, extractable);
+};
+const fromFormattedString$1 = async (dataString, keyUsage, extractable = true) => {
+	return await fromSerializedObject$1(convertEd25519FormattedStringToSerializedKeyData(dataString), keyUsage, extractable);
+};
+const extractableOrNonExtractable$1 = (keyUsage, func) => ({
+	extractable: (input) => func(input, keyUsage, true),
+	nonExtractable: (input) => func(input, keyUsage, false)
+});
+const importEd25519Key = {
+	private: {
+		fromFormattedString: extractableOrNonExtractable$1(["sign"], fromFormattedString$1),
+		fromSerializedObject: extractableOrNonExtractable$1(["sign"], fromSerializedObject$1),
+		fromJwk: extractableOrNonExtractable$1(["sign"], fromJwk$1)
+	},
+	public: {
+		fromBase64: extractableOrNonExtractable$1(["verify"], fromBase64$1),
+		fromFormattedString: extractableOrNonExtractable$1(["verify"], fromFormattedString$1),
+		fromSerializedObject: extractableOrNonExtractable$1(["verify"], fromSerializedObject$1),
+		fromJwk: extractableOrNonExtractable$1(["verify"], fromJwk$1)
+	}
+};
+//#endregion
+//#region src/crypto/ed25519/serializeEd25519Key_Jwk.ts
+const serializeEd25519Key_Jwk = async (key) => {
+	const keyJwk = await crypto.subtle.exportKey("jwk", key);
+	const prefixed = `ed25519::jwk::${JSON.stringify(keyJwk)}`;
+	return {
+		transformed: {
+			formattedString: prefixed,
+			type: "ed25519",
+			data: keyJwk,
+			format: "jwk"
+		},
+		prefixed
+	};
+};
+//#endregion
+//#region src/crypto/ed25519/serializeEd25519Key_Raw.ts
+const serializeEd25519Key_Raw = async (publicKey) => {
+	const publicKeyBuffer = await crypto.subtle.exportKey("raw", publicKey);
+	const publicKeyBase64 = _scure_base.base64.encode(new Uint8Array(publicKeyBuffer));
+	const prefixed = `ed25519::raw_base64::${publicKeyBase64}`;
+	return {
+		transformed: {
+			formattedString: prefixed,
+			type: "ed25519",
+			data: publicKeyBase64,
+			format: "raw_base64"
+		},
+		prefixed
+	};
+};
+//#endregion
+//#region src/crypto/ed25519/verifyWithKeyEd25519.ts
+const verifyWithKeyEd25519 = async ({ challenge, signatureBase64, publicKey }) => {
+	const signatureBuffer = Uint8Array.from(_scure_base.base64.decode(signatureBase64));
+	const challengeBuffer = new TextEncoder().encode(challenge);
+	return await crypto.subtle.verify({ name: "ED25519" }, publicKey, signatureBuffer, challengeBuffer);
+};
+//#endregion
+//#region src/crypto/x25519/generateX25519KeyPair.ts
+const generateX25519KeyPair = async () => {
+	return await crypto.subtle.generateKey({ name: "X25519" }, true, ["deriveKey", "deriveBits"]);
+};
+//#endregion
+//#region src/crypto/x25519/importX25519Key.ts
+const fromBase64 = async (dataBase64, keyUsage, extractable) => {
+	const keyBuffer = Uint8Array.from(_scure_base.base64.decode(dataBase64));
+	return await crypto.subtle.importKey("raw", keyBuffer, { name: "X25519" }, extractable, keyUsage);
+};
+const fromJwk = async (jwk, keyUsage, extractable = true) => {
+	return await crypto.subtle.importKey("jwk", jwk, { name: "X25519" }, extractable, keyUsage);
+};
+const fromSerializedObject = async (serialized, keyUsage, extractable = true) => {
+	if (serialized.format === "jwk") return await fromJwk(serialized.data, keyUsage, extractable);
+	return await fromBase64(serialized.data, keyUsage, extractable);
+};
+const fromFormattedString = async (dataString, keyUsage, extractable = true) => {
+	return await fromSerializedObject(convertX25519FormattedStringToSerializedKeyData(dataString), keyUsage, extractable);
+};
+const extractableOrNonExtractable = (keyUsage, func) => ({
+	extractable: (input) => func(input, keyUsage, true),
+	nonExtractable: (input) => func(input, keyUsage, false)
+});
+const importX25519Key = {
+	private: {
+		fromFormattedString: extractableOrNonExtractable(["deriveKey", "deriveBits"], fromFormattedString),
+		fromSerializedObject: extractableOrNonExtractable(["deriveKey", "deriveBits"], fromSerializedObject),
+		fromJwk: extractableOrNonExtractable(["deriveKey", "deriveBits"], fromJwk)
+	},
+	public: {
+		fromBase64: extractableOrNonExtractable([], fromBase64),
+		fromFormattedString: extractableOrNonExtractable([], fromFormattedString),
+		fromSerializedObject: extractableOrNonExtractable([], fromSerializedObject),
+		fromJwk: extractableOrNonExtractable([], fromJwk)
+	}
+};
+//#endregion
+//#region src/crypto/x25519/serializeX25519Key_Jwk.ts
+const serializeX25519Key_Jwk = async (key) => {
+	const publicKeyJwk = await crypto.subtle.exportKey("jwk", key);
+	const prefixed = `x25519::jwk::${JSON.stringify(publicKeyJwk)}`;
+	return {
+		transformed: {
+			formattedString: prefixed,
+			type: "x25519",
+			data: publicKeyJwk,
+			format: "jwk"
+		},
+		prefixed
+	};
+};
+//#endregion
+//#region src/crypto/x25519/serializeX25519Key_Raw.ts
+const serializeX25519Key_Raw = async (key) => {
+	const publicKeyBuffer = await crypto.subtle.exportKey("raw", key);
+	const publicKeyBase64 = _scure_base.base64.encode(new Uint8Array(publicKeyBuffer));
+	const prefixed = `x25519::raw_base64::${publicKeyBase64}`;
+	return {
+		transformed: {
+			formattedString: prefixed,
+			type: "x25519",
+			data: publicKeyBase64,
+			format: "raw_base64"
+		},
+		prefixed
+	};
+};
+//#endregion
+//#region src/crypto/client_key_link/ClientCryptoKeyLink.ts
+var ClientCryptoKeyLink = class {
+	localExchangeKeyPair;
+	localVerifyKeyPair;
+	linkedClientKeys = /* @__PURE__ */ new Map();
+	storage;
+	initialized = false;
+	initializePromise;
+	localExchangeKeyPairPromise;
+	localVerifyKeyPairPromise;
+	constructor({ storageAdapter } = {}) {
+		if (storageAdapter != null) this.storage = createTypedStorage({ storageAdapter });
+	}
+	/**
+	* Loads the local key pairs and any linked client public keys from storage (when a storage
+	* adapter was provided), generating and persisting fresh local key pairs if none exist yet.
+	*
+	* Must be called (and awaited) before any sign/verify/encrypt/decrypt operation.
+	*/
+	async initialize() {
+		if (this.initialized) return;
+		this.initializePromise ??= this.runInitialize();
+		try {
+			await this.initializePromise;
+		} finally {
+			this.initializePromise = void 0;
+		}
+	}
+	async runInitialize() {
+		await this.loadStoredLocalKeys();
+		await this.loadLinkedClients();
+		this.initialized = true;
+	}
+	/**
+	* Loads the local key pairs from storage if they were previously persisted. Does NOT generate
+	* fresh keys — local identity is created lazily on first use (see {@link ensureLocalExchangeKeyPair}
+	* / {@link ensureLocalVerifyKeyPair}), so a verify-only or otherwise key-less consumer never
+	* generates or stores keys it does not need.
+	*/
+	async loadStoredLocalKeys() {
+		const storedExchange = await this.storage?.getJson("localExchangeKeyPair");
+		if (storedExchange != null) this.localExchangeKeyPair = {
+			privateKey: await importX25519Key.private.fromFormattedString.extractable(storedExchange.privateKey),
+			publicKey: await importX25519Key.public.fromFormattedString.extractable(storedExchange.publicKey)
+		};
+		const storedVerify = await this.storage?.getJson("localVerifyKeyPair");
+		if (storedVerify != null) this.localVerifyKeyPair = {
+			privateKey: await importEd25519Key.private.fromFormattedString.extractable(storedVerify.privateKey),
+			publicKey: await importEd25519Key.public.fromFormattedString.extractable(storedVerify.publicKey)
+		};
+	}
+	/**
+	* Returns the local exchange (X25519) key pair, generating and persisting it on first use.
+	* Concurrent callers share a single generation.
+	*/
+	async ensureLocalExchangeKeyPair() {
+		if (this.localExchangeKeyPair != null) return this.localExchangeKeyPair;
+		this.localExchangeKeyPairPromise ??= (async () => {
+			const keyPair = await generateX25519KeyPair();
+			this.localExchangeKeyPair = keyPair;
+			if (this.storage != null) await this.storage.setJson("localExchangeKeyPair", await this.serializeExchangeKeyPair(keyPair));
+			return keyPair;
+		})();
+		try {
+			return await this.localExchangeKeyPairPromise;
+		} finally {
+			this.localExchangeKeyPairPromise = void 0;
+		}
+	}
+	/**
+	* Returns the local verify (Ed25519) key pair, generating and persisting it on first use.
+	* Concurrent callers share a single generation.
+	*/
+	async ensureLocalVerifyKeyPair() {
+		if (this.localVerifyKeyPair != null) return this.localVerifyKeyPair;
+		this.localVerifyKeyPairPromise ??= (async () => {
+			const keyPair = await generateEd25519KeyPair();
+			this.localVerifyKeyPair = keyPair;
+			if (this.storage != null) await this.storage.setJson("localVerifyKeyPair", await this.serializeVerifyKeyPair(keyPair));
+			return keyPair;
+		})();
+		try {
+			return await this.localVerifyKeyPairPromise;
+		} finally {
+			this.localVerifyKeyPairPromise = void 0;
+		}
+	}
+	async loadLinkedClients() {
+		const storedLinkedClients = await this.storage?.getJson("linkedClientPublicKeys");
+		if (storedLinkedClients == null) return;
+		for (const [linkedClientId, publicKeys] of Object.entries(storedLinkedClients)) await this.linkClient({
+			linkedClientId,
+			verifyPublicKey: publicKeys.verifyPublicKey,
+			exchangePublicKey: publicKeys.exchangePublicKey,
+			saltString: publicKeys.saltString,
+			infoString: publicKeys.infoString,
+			bindVerifyKeysIntoDerivation: publicKeys.bindVerifyKeysIntoDerivation
+		});
+	}
+	async serializeExchangeKeyPair(keyPair) {
+		return {
+			publicKey: (await serializeX25519Key_Raw(keyPair.publicKey)).prefixed,
+			privateKey: (await serializeX25519Key_Jwk(keyPair.privateKey)).prefixed
+		};
+	}
+	async serializeVerifyKeyPair(keyPair) {
+		return {
+			publicKey: (await serializeEd25519Key_Raw(keyPair.publicKey)).prefixed,
+			privateKey: (await serializeEd25519Key_Jwk(keyPair.privateKey)).prefixed
+		};
+	}
+	/**
+	* The local public keys that should be shared with a linked client so that it can verify this
+	* client's signatures and derive a shared encryption key. Generates the local identity on first
+	* use.
+	*/
+	async getLocalPublicKeys() {
+		return {
+			verifyPublicKey: await this.getLocalVerifyPublicKey(),
+			exchangePublicKey: await this.getLocalExchangePublicKey()
+		};
+	}
+	/**
+	* The local exchange (X25519) public key, generating the exchange key pair on first use. Does not
+	* touch the verify key pair — useful for an exchange-only consumer (e.g. a bridge) that never
+	* signs.
+	*/
+	async getLocalExchangePublicKey() {
+		return (await serializeX25519Key_Raw((await this.ensureLocalExchangeKeyPair()).publicKey)).prefixed;
+	}
+	/**
+	* The local verify (Ed25519) public key, generating the verify key pair on first use. Does not
+	* touch the exchange key pair.
+	*/
+	async getLocalVerifyPublicKey() {
+		return (await serializeEd25519Key_Raw((await this.ensureLocalVerifyKeyPair()).publicKey)).prefixed;
+	}
+	/**
+	* Registers (or updates) the public keys of a linked client in memory only — nothing is written
+	* to storage. Use this for ephemeral links (e.g. a per-session bridge or end-to-end peer keyed by
+	* a session salt/info), so the derived shared key never outlives the process.
+	*
+	* Re-linking with a new exchange public key, salt, or info invalidates any previously cached
+	* shared key for the link.
+	*/
+	async linkClient({ linkedClientId, verifyPublicKey, exchangePublicKey, saltString, infoString, bindVerifyKeysIntoDerivation }) {
+		const existing = this.linkedClientKeys.get(linkedClientId);
+		const verify = verifyPublicKey != null ? {
+			publicKey: await importEd25519Key.public.fromFormattedString.extractable(verifyPublicKey),
+			publicKeySerialized: verifyPublicKey
+		} : existing?.verify;
+		const verifyKeyChanged = verifyPublicKey != null && verifyPublicKey !== existing?.verify?.publicKeySerialized;
+		let exchange = existing?.exchange;
+		if (exchangePublicKey != null || saltString !== void 0 || infoString !== void 0 || bindVerifyKeysIntoDerivation !== void 0) {
+			const nextPublicKeySerialized = exchangePublicKey ?? existing?.exchange?.publicKeySerialized;
+			if (nextPublicKeySerialized == null) throw new Error(`ClientCryptoKeyLink: Cannot set salt/info for ${linkedClientId} without an exchange public key`);
+			const nextSalt = saltString !== void 0 ? saltString : existing?.exchange?.saltString;
+			const nextInfo = infoString !== void 0 ? infoString : existing?.exchange?.infoString;
+			const nextBind = bindVerifyKeysIntoDerivation !== void 0 ? bindVerifyKeysIntoDerivation : existing?.exchange?.bindVerifyKeysIntoDerivation;
+			exchange = {
+				publicKey: exchangePublicKey != null ? await importX25519Key.public.fromFormattedString.extractable(exchangePublicKey) : existing.exchange.publicKey,
+				publicKeySerialized: nextPublicKeySerialized,
+				saltString: nextSalt,
+				infoString: nextInfo,
+				bindVerifyKeysIntoDerivation: nextBind,
+				sharedEncryptKey: nextPublicKeySerialized === existing?.exchange?.publicKeySerialized && nextSalt === existing?.exchange?.saltString && nextInfo === existing?.exchange?.infoString && nextBind === existing?.exchange?.bindVerifyKeysIntoDerivation && !(nextBind === true && verifyKeyChanged) ? existing?.exchange?.sharedEncryptKey : void 0
+			};
+		} else if (exchange?.bindVerifyKeysIntoDerivation === true && verifyKeyChanged && exchange.sharedEncryptKey != null) exchange = {
+			...exchange,
+			sharedEncryptKey: void 0
+		};
+		this.linkedClientKeys.set(linkedClientId, {
+			verify,
+			exchange
+		});
+	}
+	/**
+	* Like {@link linkClient}, but also persists the linked client's public keys (and salt/info) to
+	* storage so the link survives a reload.
+	*
+	* NOTE: salt/info are written in plaintext. When they are session secrets (e.g. a partner secret
+	* or bridge salt), prefer {@link linkClient} and re-establish the link per session instead.
+	*/
+	async linkClientAndStore(input) {
+		await this.linkClient(input);
+		if (this.storage == null) return;
+		const { linkedClientId, verifyPublicKey, exchangePublicKey, saltString, infoString, bindVerifyKeysIntoDerivation } = input;
+		await this.storage.updateJsonWithDef("linkedClientPublicKeys", {}, (current) => ({
+			...current,
+			[linkedClientId]: {
+				...current[linkedClientId],
+				...verifyPublicKey != null ? { verifyPublicKey } : {},
+				...exchangePublicKey != null ? { exchangePublicKey } : {},
+				...saltString !== void 0 ? { saltString } : {},
+				...infoString !== void 0 ? { infoString } : {},
+				...bindVerifyKeysIntoDerivation !== void 0 ? { bindVerifyKeysIntoDerivation } : {}
+			}
+		}));
+	}
+	/**
+	* Whether a linked client is currently registered (in memory) under this id.
+	*/
+	hasLinkedClient(linkedClientId) {
+		return this.linkedClientKeys.has(linkedClientId);
+	}
+	/**
+	* The serialized public keys registered for a linked client, or undefined when the client is not
+	* linked. Useful when a holder needs to relay a linked client's keys onward (e.g. a backend
+	* relaying a wallet's verify key to a partner).
+	*/
+	getLinkedClientPublicKeys(linkedClientId) {
+		const linkedClient = this.linkedClientKeys.get(linkedClientId);
+		if (linkedClient == null) return;
+		return {
+			verifyPublicKey: linkedClient.verify?.publicKeySerialized,
+			exchangePublicKey: linkedClient.exchange?.publicKeySerialized
+		};
+	}
+	/**
+	* Removes a single linked client from memory and, when storage is available, from persisted
+	* state. Any cached shared key for the link is dropped with it.
+	*/
+	async unlinkClient(linkedClientId) {
+		this.linkedClientKeys.delete(linkedClientId);
+		if (this.storage != null) await this.storage.updateJson("linkedClientPublicKeys", (current) => {
+			if (current == null) return {};
+			const { [linkedClientId]: _removed, ...rest } = current;
+			return rest;
+		});
+	}
+	/**
+	* Removes all linked clients from memory and persisted state, while keeping the local identity
+	* key pairs intact.
+	*/
+	async unlinkAllClients() {
+		this.linkedClientKeys.clear();
+		if (this.storage != null) await this.storage.setJson("linkedClientPublicKeys", {});
+	}
+	/**
+	* Wipes everything this instance owns — local identity key pairs and all linked clients, in
+	* memory and in storage. After a reset, {@link initialize} must be called again before use (it
+	* will generate a fresh local identity).
+	*
+	* Only the keys owned by this util are removed, so a shared storage adapter's other data is left
+	* untouched.
+	*/
+	async reset() {
+		this.linkedClientKeys.clear();
+		this.localExchangeKeyPair = void 0;
+		this.localVerifyKeyPair = void 0;
+		this.initialized = false;
+		if (this.storage != null) {
+			await this.storage.removeItem("linkedClientPublicKeys");
+			await this.storage.removeItem("localExchangeKeyPair");
+			await this.storage.removeItem("localVerifyKeyPair");
+		}
+	}
+	getLinkedClient(linkedClientId) {
+		const linkedClient = this.linkedClientKeys.get(linkedClientId);
+		if (linkedClient == null) throw new Error(`ClientCryptoKeyLink: No linked client for ${linkedClientId}`);
+		return linkedClient;
+	}
+	async getAesGcmKeyForLinkedClient(externalClientSourceId) {
+		const linkedClient = this.getLinkedClient(externalClientSourceId);
+		if (linkedClient.exchange?.sharedEncryptKey != null) return linkedClient.exchange.sharedEncryptKey;
+		if (linkedClient.exchange?.publicKey == null) throw new Error(`ClientCryptoKeyLink: No public exchange key set for ${externalClientSourceId}`);
+		const localExchangeKeyPair = await this.ensureLocalExchangeKeyPair();
+		let infoString = linkedClient.exchange.infoString;
+		if (linkedClient.exchange.bindVerifyKeysIntoDerivation === true) {
+			const linkedVerifyPublicKey = linkedClient.verify?.publicKeySerialized;
+			if (linkedVerifyPublicKey == null) throw new Error(`ClientCryptoKeyLink: Link for ${externalClientSourceId} binds verify keys into the derivation, but no verify public key is set`);
+			infoString = buildVerifyKeyBoundInfoString({
+				infoString: linkedClient.exchange.infoString,
+				verifyPublicKeys: [await this.getLocalVerifyPublicKey(), linkedVerifyPublicKey]
+			});
+		}
+		const sharedEncryptKey = await createAesGcmKeyFromX25519Keys({
+			internalX25519PrivateKey: localExchangeKeyPair.privateKey,
+			externalX25519PublicKey: linkedClient.exchange.publicKey,
+			saltString: linkedClient.exchange.saltString,
+			infoString
+		});
+		this.linkedClientKeys.set(externalClientSourceId, {
+			...linkedClient,
+			exchange: {
+				...linkedClient.exchange,
+				sharedEncryptKey
+			}
+		});
+		return sharedEncryptKey;
+	}
+	async encryptDataForLinkedClient({ dataToEncrypt, linkedClientId }) {
+		return await encryptTextDataWithAesGcmKey({
+			dataToEncrypt,
+			aesGcmKey: await this.getAesGcmKeyForLinkedClient(linkedClientId)
+		});
+	}
+	async decryptDataFromLinkedClient({ dataToDecrypt, linkedClientId }) {
+		return await decryptTextDataWithAesGcmKey({
+			dataToDecrypt,
+			aesGcmKey: await this.getAesGcmKeyForLinkedClient(linkedClientId)
+		});
+	}
+	/**
+	* Bytes counterpart of {@link encryptDataForLinkedClient} — encrypts raw bytes with the shared
+	* AES-GCM key, returning a binary nonce + ciphertext. Use it for binary channels (e.g. msgpack
+	* WebSocket frames) to avoid base64 inflation.
+	*/
+	async encryptBytesForLinkedClient({ dataToEncrypt, linkedClientId }) {
+		return await encryptBytesWithAesGcmKey({
+			dataToEncrypt,
+			aesGcmKey: await this.getAesGcmKeyForLinkedClient(linkedClientId)
+		});
+	}
+	/** Bytes counterpart of {@link decryptDataFromLinkedClient}. */
+	async decryptBytesFromLinkedClient({ dataToDecrypt, linkedClientId }) {
+		return await decryptBytesWithAesGcmKey({
+			dataToDecrypt,
+			aesGcmKey: await this.getAesGcmKeyForLinkedClient(linkedClientId)
+		});
+	}
+	async signAndEncryptDataForLinkedClient({ dataToEncrypt, linkedClientId }) {
+		const { signatureBase64 } = await this.signChallenge([dataToEncrypt]);
+		return {
+			encryptedData: await this.encryptDataForLinkedClient({
+				dataToEncrypt,
+				linkedClientId
+			}),
+			signatureBase64
+		};
+	}
+	/**
+	* Decrypts a payload from a linked client and verifies that the decrypted plaintext was signed
+	* by that client. Counterpart to {@link signAndEncryptDataForLinkedClient}.
+	*
+	* Returns the decrypted `data` alongside `isValid` — the caller decides how to handle an invalid
+	* signature. (A tampered ciphertext fails earlier at AES-GCM decryption.)
+	*/
+	async decryptAndVerifyDataFromLinkedClient({ dataToDecrypt, linkedClientId, signatureBase64 }) {
+		const data = await this.decryptDataFromLinkedClient({
+			dataToDecrypt,
+			linkedClientId
+		});
+		return {
+			data,
+			isValid: await this.verifyChallengeFromLinkedClient({
+				linkedClientId,
+				challenge: data,
+				signatureBase64
+			})
+		};
+	}
+	async signChallenge(challenge) {
+		if (challenge.length === 0) throw new Error("Challenge must contain at least one string");
+		const localVerifyKeyPair = await this.ensureLocalVerifyKeyPair();
+		const signature = challenge.length > 1 ? await signCombinedTextDataWithKeyEd25519(challenge, localVerifyKeyPair.privateKey) : await signTextDataWithKeyEd25519(challenge[0], localVerifyKeyPair.privateKey);
+		return { signatureBase64: _scure_base.base64.encode(signature) };
+	}
+	/**
+	* Verifies a signature over `challenge` against the linked client's verify (Ed25519) public key.
+	*/
+	async verifyChallengeFromLinkedClient({ linkedClientId, challenge, signatureBase64 }) {
+		const linkedClient = this.getLinkedClient(linkedClientId);
+		if (linkedClient.verify?.publicKey == null) throw new Error(`ClientCryptoKeyLink: No verify public key set for ${linkedClientId}`);
+		return await verifyWithKeyEd25519({
+			challenge,
+			signatureBase64,
+			publicKey: linkedClient.verify.publicKey
+		});
+	}
+};
+//#endregion
+//#region src/storage_adapter/storage_adapter.types.ts
+let EStorageAdapterType = /* @__PURE__ */ function(EStorageAdapterType) {
+	EStorageAdapterType["string"] = "string";
+	EStorageAdapterType["json"] = "json";
+	return EStorageAdapterType;
+}({});
+//#endregion
+//#region src/storage_adapter/StorageAdapter.ts
+var StorageAdapter = class StorageAdapter {
+	implementation;
+	keyPrefix;
+	adapterStorage;
+	constructor({ methods, keyPrefix, trackKeysForClearing: trackKeys }) {
+		this.implementation = methods;
+		this.keyPrefix = keyPrefix ?? "";
+		const _trackKeys = trackKeys ?? true;
+		this.adapterStorage = _trackKeys ? createTypedStorage({ storageAdapter: new StorageAdapter({
+			methods,
+			keyPrefix,
+			trackKeysForClearing: false
+		}) }) : void 0;
+	}
+	getPrefixedKey(rawKey) {
+		return `${this.keyPrefix}${rawKey}`;
+	}
+	async trackUsedKey(rawKey) {
+		if (!this.adapterStorage) return;
+		await this.adapterStorage.updateJsonWithDef("__usedKeys__", [], (currentKeys) => {
+			if (!currentKeys.includes(rawKey)) return [...currentKeys, rawKey];
+			return currentKeys;
+		});
+	}
+	async untrackUsedKey(rawKey) {
+		if (!this.adapterStorage) return;
+		await this.adapterStorage.updateJsonWithDef("__usedKeys__", [], (currentKeys) => {
+			return currentKeys.filter((k) => k !== rawKey);
+		});
+	}
+	async clearAll() {
+		if (!this.adapterStorage) return;
+		const allKeys = await this.adapterStorage.getJsonOrDef("__usedKeys__", []) ?? [];
+		await Promise.all(allKeys.map(async (key) => {
+			await this.removeItem(key);
+		}));
+		await this.adapterStorage.setJson("__usedKeys__", []);
+	}
+	async removeItem(rawKey) {
+		await this.implementation.removeItem(this.getPrefixedKey(rawKey));
+		await this.untrackUsedKey(rawKey);
+	}
+	async setJson(rawKey, value) {
+		const key = this.getPrefixedKey(rawKey);
+		if (this.implementation.type === "string") await this.implementation.setItem(key, JSON.stringify(value));
+		else await this.implementation.setItem(key, value);
+		await this.trackUsedKey(rawKey);
+	}
+	async getJson(rawKey) {
+		const key = this.getPrefixedKey(rawKey);
+		if (this.implementation.type === "string") {
+			const val = await this.implementation.getItem(key);
+			if (val == null || val === "undefined" || val === "null") return;
+			return JSON.parse(val);
+		} else {
+			const val = await this.implementation.getItem(key);
+			if (val == null || val === "undefined" || val === "null") return;
+			return val;
+		}
+	}
+	async getJsonOrDef(rawKey, defVal) {
+		if (this.implementation.type === "string") {
+			const val = await this.implementation.getItem(this.getPrefixedKey(rawKey));
+			if (val == null || val === "undefined" || val === "null") return defVal;
+			return JSON.parse(val);
+		}
+		const val = await this.implementation.getItem(this.getPrefixedKey(rawKey));
+		if (val == null || val === "undefined" || val === "null") return defVal;
+		return val;
+	}
+	async updateJson(rawKey, updater) {
+		const newVal = updater(await this.getJson(rawKey));
+		await this.setJson(rawKey, newVal);
+		return newVal;
+	}
+	async updateJsonOrDef(rawKey, defVal, updater) {
+		const newVal = updater(await this.getJsonOrDef(rawKey, defVal));
+		await this.setJson(rawKey, newVal);
+		return newVal;
+	}
+	createJsonGetterSetter(rawKey) {
+		return {
+			get: () => this.getJson(rawKey),
+			set: (value) => this.setJson(rawKey, value)
+		};
+	}
+};
+//#endregion
+//#region src/storage_adapter/specific/browser/browser_storage.ts
+function createWebLocalStorageMethods(_localStorage) {
+	return {
+		type: "string",
+		getItem: async (key) => _localStorage.getItem(key),
+		setItem: async (key, value) => {
+			_localStorage.setItem(key, value);
+		},
+		removeItem: async (key) => {
+			_localStorage.removeItem(key);
+		}
+	};
+}
+const createWebLocalStorageAdapter = ({ localStorage: _localStorage, ...options }) => {
+	return new StorageAdapter({
+		methods: createWebLocalStorageMethods(_localStorage),
+		...options
+	});
+};
+function createTypedWebLocalStorage(options) {
+	return createTypedStorage({ storageAdapter: createWebLocalStorageAdapter(options) });
+}
+function createWebSessionStorageMethods(_sessionStorage) {
+	return {
+		type: "string",
+		getItem: async (key) => _sessionStorage.getItem(key),
+		setItem: async (key, value) => {
+			_sessionStorage.setItem(key, value);
+		},
+		removeItem: async (key) => {
+			_sessionStorage.removeItem(key);
+		}
+	};
+}
+const createWebSessionStorageAdapter = ({ sessionStorage: _sessionStorage, ...options }) => {
+	return new StorageAdapter({
+		methods: createWebSessionStorageMethods(_sessionStorage),
+		...options
+	});
+};
+function createTypedWebSessionStorage(options) {
+	return createTypedStorage({ storageAdapter: createWebSessionStorageAdapter(options) });
+}
+//#endregion
+//#region src/storage_adapter/specific/cloudflare/durable_object/durable_object_storage.ts
+function createDurableObjectStorageMethods(durableObjectStorage) {
+	return {
+		type: "json",
+		getItem: (key) => durableObjectStorage.get(key),
+		setItem: (key, value) => durableObjectStorage.put(key, value),
+		removeItem: async (key) => {
+			await durableObjectStorage.delete(key);
+		}
+	};
+}
+/**
+* Wraps a Durable Object's storage in the generic StorageAdapter interface, e.g. for handing to a
+* ClientCryptoKeyLink so it can persist its keys inside the DO's own storage.
+*/
+const createDurableObjectStorageAdapter = ({ durableObjectStorage, ...options }) => {
+	return new StorageAdapter({
+		methods: createDurableObjectStorageMethods(durableObjectStorage),
+		...options
+	});
+};
+function createDurableObjectTypedStorage(options) {
+	return createTypedStorage({ storageAdapter: createDurableObjectStorageAdapter(options) });
+}
+//#endregion
+//#region src/storage_adapter/specific/cloudflare/kv/kv_storage.ts
+function createKVStorageMethods({ kvNamespace, defaultPutOptions }) {
+	return {
+		type: "string",
+		getItem: (key) => kvNamespace.get(key),
+		setItem: (key, value) => kvNamespace.put(key, value, defaultPutOptions),
+		removeItem: (key) => kvNamespace.delete(key)
+	};
+}
+/**
+* Wraps a Cloudflare KV namespace binding in the generic StorageAdapter interface, e.g. for handing
+* to a ClientCryptoKeyLink so it can persist its keys inside KV.
+*/
+const createKVStorageAdapter = ({ kvNamespace, defaultPutOptions, ...options }) => {
+	return new StorageAdapter({
+		methods: createKVStorageMethods({
+			kvNamespace,
+			defaultPutOptions
+		}),
+		...options
+	});
+};
+function createKVTypedStorage(options) {
+	return createTypedStorage({ storageAdapter: createKVStorageAdapter(options) });
+}
+//#endregion
+//#region src/storage_adapter/specific/memory/memory_storage.ts
+function createMemoryStorageMethods_string(memoryStorageMap = /* @__PURE__ */ new Map()) {
+	return {
+		type: "string",
+		getItem: async (key) => memoryStorageMap.get(key) ?? null,
+		setItem: async (key, value) => {
+			memoryStorageMap.set(key, value);
+		},
+		removeItem: async (key) => {
+			memoryStorageMap.delete(key);
+		}
+	};
+}
+const createMemoryStorageAdapter_string = (options) => {
+	return new StorageAdapter({
+		methods: createMemoryStorageMethods_string(options?.memoryStorageMap),
+		...options
+	});
+};
+function createTypedMemoryStorage_string(options) {
+	return createTypedStorage({ storageAdapter: createMemoryStorageAdapter_string(options) });
+}
+function createMemoryStorageMethods_json(memoryStorageMap = /* @__PURE__ */ new Map()) {
+	return {
+		type: "json",
+		getItem: async (key) => memoryStorageMap.get(key),
+		setItem: async (key, value) => {
+			memoryStorageMap.set(key, value);
+		},
+		removeItem: async (key) => {
+			memoryStorageMap.delete(key);
+		}
+	};
+}
+const createMemoryStorageAdapter_json = (options) => {
+	return new StorageAdapter({
+		methods: createMemoryStorageMethods_json(options?.memoryStorageMap),
+		...options
+	});
+};
+function createTypedMemoryStorage_json(options) {
+	return createTypedStorage({ storageAdapter: createMemoryStorageAdapter_json(options) });
+}
+//#endregion
+exports.ClientCryptoKeyLink = ClientCryptoKeyLink;
+exports.DEFAULT_COMBINED_TEXT_DATA_SEPARATOR = DEFAULT_COMBINED_TEXT_DATA_SEPARATOR;
+exports.ECryptoKeyAlgo = ECryptoKeyAlgo;
+exports.ECryptoKeyFormat = ECryptoKeyFormat;
+exports.EStorageAdapterType = EStorageAdapterType;
+exports.StorageAdapter = StorageAdapter;
+exports.buildVerifyKeyBoundInfoString = buildVerifyKeyBoundInfoString;
+exports.convertEd25519FormattedStringToObject = convertEd25519FormattedStringToObject;
+exports.convertEd25519FormattedStringToSerializedKeyData = convertEd25519FormattedStringToSerializedKeyData;
+exports.convertEd25519JwkDataStringToObject = convertEd25519JwkDataStringToObject;
+exports.convertEd25519JwkDataStringToSerializedKeyData = convertEd25519JwkDataStringToSerializedKeyData;
+exports.convertEd25519RawDataStringToObject = convertEd25519RawDataStringToObject;
+exports.convertEd25519RawDataStringToSerializedKeyData = convertEd25519RawDataStringToSerializedKeyData;
+exports.convertX25519FormattedStringToObject = convertX25519FormattedStringToObject;
+exports.convertX25519FormattedStringToSerializedKeyData = convertX25519FormattedStringToSerializedKeyData;
+exports.convertX25519JwkDataStringToObject = convertX25519JwkDataStringToObject;
+exports.convertX25519JwkDataStringToSerializedKeyData = convertX25519JwkDataStringToSerializedKeyData;
+exports.convertX25519RawDataStringToObject = convertX25519RawDataStringToObject;
+exports.convertX25519RawDataStringToSerializedKeyData = convertX25519RawDataStringToSerializedKeyData;
+exports.createAesGcmKeyFromX25519Keys = createAesGcmKeyFromX25519Keys;
+exports.createDurableObjectStorageAdapter = createDurableObjectStorageAdapter;
+exports.createDurableObjectStorageMethods = createDurableObjectStorageMethods;
+exports.createDurableObjectTypedStorage = createDurableObjectTypedStorage;
+exports.createKVStorageAdapter = createKVStorageAdapter;
+exports.createKVStorageMethods = createKVStorageMethods;
+exports.createKVTypedStorage = createKVTypedStorage;
+exports.createMemoryStorageAdapter_json = createMemoryStorageAdapter_json;
+exports.createMemoryStorageAdapter_string = createMemoryStorageAdapter_string;
+exports.createMemoryStorageMethods_json = createMemoryStorageMethods_json;
+exports.createMemoryStorageMethods_string = createMemoryStorageMethods_string;
+exports.createSharedBitsFromX25519 = createSharedBitsFromX25519;
+exports.createTypedMemoryStorage_json = createTypedMemoryStorage_json;
+exports.createTypedMemoryStorage_string = createTypedMemoryStorage_string;
+exports.createTypedStorage = createTypedStorage;
+exports.createTypedWebLocalStorage = createTypedWebLocalStorage;
+exports.createTypedWebSessionStorage = createTypedWebSessionStorage;
+exports.createWebLocalStorageAdapter = createWebLocalStorageAdapter;
+exports.createWebLocalStorageMethods = createWebLocalStorageMethods;
+exports.createWebSessionStorageAdapter = createWebSessionStorageAdapter;
+exports.createWebSessionStorageMethods = createWebSessionStorageMethods;
+exports.decryptBytesWithAesGcmKey = decryptBytesWithAesGcmKey;
+exports.decryptTextDataWithAesGcmKey = decryptTextDataWithAesGcmKey;
+exports.encryptBytesWithAesGcmKey = encryptBytesWithAesGcmKey;
+exports.encryptTextDataWithAesGcmKey = encryptTextDataWithAesGcmKey;
+exports.generateEd25519KeyPair = generateEd25519KeyPair;
+exports.generateX25519KeyPair = generateX25519KeyPair;
+exports.importEd25519Key = importEd25519Key;
+exports.importX25519Key = importX25519Key;
+exports.serializeEd25519Key_Jwk = serializeEd25519Key_Jwk;
+exports.serializeEd25519Key_Raw = serializeEd25519Key_Raw;
+exports.serializeX25519Key_Jwk = serializeX25519Key_Jwk;
+exports.serializeX25519Key_Raw = serializeX25519Key_Raw;
+exports.signCombinedTextDataWithKeyEd25519 = signCombinedTextDataWithKeyEd25519;
+exports.signTextDataWithKeyEd25519 = signTextDataWithKeyEd25519;
+exports.vCryptoKeyPairDataEd25519 = vCryptoKeyPairDataEd25519;
+exports.vCryptoKeyPairDataX25519 = vCryptoKeyPairDataX25519;
+exports.vEncryptedAesGcmPayload = vEncryptedAesGcmPayload;
+exports.vSerializedCryptoKeyDataEd25519_Jwk = vSerializedCryptoKeyDataEd25519_Jwk;
+exports.vSerializedCryptoKeyDataEd25519_Raw = vSerializedCryptoKeyDataEd25519_Raw;
+exports.vSerializedCryptoKeyDataX25519_Jwk = vSerializedCryptoKeyDataX25519_Jwk;
+exports.vSerializedCryptoKeyDataX25519_Raw = vSerializedCryptoKeyDataX25519_Raw;
+exports.vVerifyChallengeWithSignature_Input = vVerifyChallengeWithSignature_Input;
+exports.vVerifyChallengeWithSignature_WithThrow_Input = vVerifyChallengeWithSignature_WithThrow_Input;
+exports.verifyWithKeyEd25519 = verifyWithKeyEd25519;
+//# sourceMappingURL=index.cjs.map