npm - @nice-code/util - Versions diffs - 0.7.0 → 0.9.0 - Mend

@nice-code/util 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/build/index.d.ts ADDED Viewed

@@ -0,0 +1,765 @@
+import * as v from "valibot";
+//#region src/core/core_valibot_schemas.d.ts
+type TTypeAndId<S extends string = string> = `${S}::${string}`;
+//#endregion
+//#region src/crypto/aes_gcm/createAesGcmKeyFromX25519Keys.d.ts
+declare const createAesGcmKeyFromX25519Keys: ({
+  externalX25519PublicKey,
+  internalX25519PrivateKey,
+  infoString,
+  saltString
+}: {
+  internalX25519PrivateKey: CryptoKey;
+  externalX25519PublicKey: CryptoKey;
+  saltString?: string;
+  infoString?: string;
+}) => Promise<CryptoKey>;
+//#endregion
+//#region src/crypto/crypto.schema.d.ts
+declare enum ECryptoKeyAlgo {
+  ed25519 = "ed25519",
+  x25519 = "x25519"
+}
+declare enum ECryptoKeyFormat {
+  raw_base64 = "raw_base64",
+  jwk = "jwk"
+}
+declare const vSerializedCryptoKeyDataEd25519_Raw: v.SchemaWithPipe<readonly [v.CustomSchema<`ed25519::raw_base64::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+declare const vSerializedCryptoKeyDataEd25519_Jwk: v.SchemaWithPipe<readonly [v.CustomSchema<`ed25519::jwk::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+type TSerializedCryptoKeyData_Ed25519_Raw = v.InferInput<typeof vSerializedCryptoKeyDataEd25519_Raw>;
+type TSerializedCryptoKeyData_Ed25519_Raw_Transformed = {
+  formattedString: `${ECryptoKeyAlgo.ed25519}::${ECryptoKeyFormat.raw_base64}::${string}`;
+  type: ECryptoKeyAlgo.ed25519;
+  format: ECryptoKeyFormat.raw_base64;
+  data: string;
+};
+type TSerializedCryptoKeyData_Ed25519_Jwk = v.InferInput<typeof vSerializedCryptoKeyDataEd25519_Jwk>;
+type TSerializedCryptoKeyData_Ed25519_Jwk_Transformed = {
+  formattedString: `${ECryptoKeyAlgo.ed25519}::${ECryptoKeyFormat.jwk}::${string}`;
+  type: ECryptoKeyAlgo.ed25519;
+  format: ECryptoKeyFormat.jwk;
+  data: JsonWebKey;
+};
+declare const vSerializedCryptoKeyDataX25519_Raw: v.SchemaWithPipe<readonly [v.CustomSchema<`x25519::raw_base64::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+declare const vSerializedCryptoKeyDataX25519_Jwk: v.SchemaWithPipe<readonly [v.CustomSchema<`x25519::jwk::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+declare const vCryptoKeyPairDataX25519: v.ObjectSchema<{
+  readonly publicKey: v.SchemaWithPipe<readonly [v.CustomSchema<`x25519::raw_base64::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+  readonly privateKey: v.SchemaWithPipe<readonly [v.CustomSchema<`x25519::jwk::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+}, undefined>;
+type TSerializedCryptoKeyPairDataX25519 = v.InferInput<typeof vCryptoKeyPairDataX25519>;
+declare const vCryptoKeyPairDataEd25519: v.ObjectSchema<{
+  readonly publicKey: v.SchemaWithPipe<readonly [v.CustomSchema<`ed25519::raw_base64::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+  readonly privateKey: v.SchemaWithPipe<readonly [v.CustomSchema<`ed25519::jwk::${string}`, v.ErrorMessage<v.CustomIssue> | undefined>]>;
+}, undefined>;
+type TSerializedCryptoKeyPairDataEd25519 = v.InferInput<typeof vCryptoKeyPairDataEd25519>;
+type TSerializedCryptoKeyData_X25519_Raw = v.InferInput<typeof vSerializedCryptoKeyDataX25519_Raw>;
+type TSerializedCryptoKeyData_X25519_Raw_Transformed = {
+  formattedString: `${ECryptoKeyAlgo.x25519}::${ECryptoKeyFormat.raw_base64}::${string}`;
+  type: ECryptoKeyAlgo.x25519;
+  format: ECryptoKeyFormat.raw_base64;
+  data: string;
+};
+type TSerializedCryptoKeyData_X25519_Jwk = v.InferInput<typeof vSerializedCryptoKeyDataX25519_Jwk>;
+type TSerializedCryptoKeyData_X25519_Jwk_Transformed = {
+  formattedString: `${ECryptoKeyAlgo.x25519}::${ECryptoKeyFormat.jwk}::${string}`;
+  type: ECryptoKeyAlgo.x25519;
+  format: ECryptoKeyFormat.jwk;
+  data: JsonWebKey;
+};
+declare const vVerifyChallengeWithSignature_Input: v.ObjectSchema<{
+  readonly challenge: v.StringSchema<undefined>;
+  readonly signatureBase64: v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.Base64Action<string, undefined>]>;
+}, undefined>;
+declare const vVerifyChallengeWithSignature_WithThrow_Input: v.IntersectSchema<[v.ObjectSchema<{
+  readonly challenge: v.StringSchema<undefined>;
+  readonly signatureBase64: v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.Base64Action<string, undefined>]>;
+}, undefined>, v.ObjectSchema<{
+  readonly throwOnInvalid: v.OptionalSchema<v.BooleanSchema<undefined>, undefined>;
+}, undefined>], undefined>;
+type TVerifyChallengeWithSignature_Input = v.InferInput<typeof vVerifyChallengeWithSignature_Input>;
+type TVerifyChallengeWithSignature_WithThrow_Input = v.InferInput<typeof vVerifyChallengeWithSignature_WithThrow_Input>;
+declare const vEncryptedAesGcmPayload: v.ObjectSchema<{
+  readonly nonce: v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.Base64Action<string, undefined>]>;
+  readonly ciphertext: v.SchemaWithPipe<readonly [v.StringSchema<undefined>, v.Base64Action<string, undefined>]>;
+}, undefined>;
+type TEncryptedAesGcmPayload = v.InferInput<typeof vEncryptedAesGcmPayload>;
+type TEncryptedAesGcmPayload_Transformed = v.InferOutput<typeof vEncryptedAesGcmPayload>;
+/**
+ * Raw-bytes counterpart of {@link TEncryptedAesGcmPayload} — keeps `nonce`/`ciphertext` as binary
+ * instead of base64 strings. For binary channels (e.g. msgpack WebSocket frames) this avoids the
+ * ~33% base64 inflation the text payload incurs.
+ */
+type TEncryptedAesGcmBytes = {
+  nonce: Uint8Array;
+  ciphertext: Uint8Array;
+};
+interface ISerializedKeyData<T, P> {
+  transformed: T;
+  prefixed: P;
+}
+interface ISerializedKeyData_Ed25519_Raw extends ISerializedKeyData<TSerializedCryptoKeyData_Ed25519_Raw_Transformed, TSerializedCryptoKeyData_Ed25519_Raw> {}
+interface ISerializedKeyData_Ed25519_Jwk extends ISerializedKeyData<TSerializedCryptoKeyData_Ed25519_Jwk_Transformed, TSerializedCryptoKeyData_Ed25519_Jwk> {}
+interface ISerializedKeyData_X25519_Raw extends ISerializedKeyData<TSerializedCryptoKeyData_X25519_Raw_Transformed, TSerializedCryptoKeyData_X25519_Raw> {}
+interface ISerializedKeyData_X25519_Jwk extends ISerializedKeyData<TSerializedCryptoKeyData_X25519_Jwk_Transformed, TSerializedCryptoKeyData_X25519_Jwk> {}
+type TSerializedKeyData = ISerializedKeyData_Ed25519_Raw | ISerializedKeyData_Ed25519_Jwk | ISerializedKeyData_X25519_Raw | ISerializedKeyData_X25519_Jwk;
+//#endregion
+//#region src/crypto/aes_gcm/decryptBytesWithAesGcmKey.d.ts
+/**
+ * Decrypts a raw-bytes AES-GCM payload (binary nonce + ciphertext) back to bytes. The counterpart of
+ * {@link decryptTextDataWithAesGcmKey}. AES-GCM verifies integrity, so a tampered ciphertext throws.
+ */
+declare const decryptBytesWithAesGcmKey: ({
+  aesGcmKey,
+  dataToDecrypt
+}: {
+  aesGcmKey: CryptoKey;
+  dataToDecrypt: TEncryptedAesGcmBytes;
+}) => Promise<Uint8Array>;
+//#endregion
+//#region src/crypto/aes_gcm/decryptTextDataWithAesGcmKey.d.ts
+declare const decryptTextDataWithAesGcmKey: ({
+  aesGcmKey,
+  dataToDecrypt
+}: {
+  aesGcmKey: CryptoKey;
+  dataToDecrypt: TEncryptedAesGcmPayload;
+}) => Promise<string>;
+//#endregion
+//#region src/crypto/aes_gcm/encryptBytesWithAesGcmKey.d.ts
+/**
+ * Encrypts raw bytes with an AES-GCM key, returning the binary nonce + ciphertext. The bytes
+ * counterpart of {@link encryptTextDataWithAesGcmKey} — use it for binary channels (msgpack frames)
+ * to avoid base64 inflation. A fresh 12-byte nonce is generated per call (never reuse a nonce).
+ */
+declare const encryptBytesWithAesGcmKey: ({
+  aesGcmKey,
+  dataToEncrypt
+}: {
+  aesGcmKey: CryptoKey;
+  dataToEncrypt: Uint8Array;
+}) => Promise<TEncryptedAesGcmBytes>;
+//#endregion
+//#region src/crypto/aes_gcm/encryptTextDataWithAesGcmKey.d.ts
+declare const encryptTextDataWithAesGcmKey: ({
+  aesGcmKey,
+  dataToEncrypt
+}: {
+  aesGcmKey: CryptoKey;
+  dataToEncrypt: string;
+}) => Promise<TEncryptedAesGcmPayload>;
+//#endregion
+//#region src/crypto/client_key_link/buildVerifyKeyBoundInfoString.d.ts
+interface IBuildVerifyKeyBoundInfoString_Input {
+  infoString?: string;
+  verifyPublicKeys: [TSerializedCryptoKeyData_Ed25519_Raw, TSerializedCryptoKeyData_Ed25519_Raw];
+}
+/**
+ * The canonical HKDF `info` for a client-to-client shared key that binds both sides' verify
+ * public keys into the derivation.
+ *
+ * When the two keys are relayed through an intermediary, a tampered key produces mismatched AES
+ * keys on the two sides — the very first decryption fails, so key substitution is detected without
+ * any extra signature ceremony.
+ *
+ * The keys are sorted lexicographically so the result is independent of which side is "local" —
+ * both ends of a link compute the identical string without coordinating an order. Used internally
+ * by ClientCryptoKeyLink (`bindVerifyKeysIntoDerivation`); exported for code that derives the same
+ * key outside the link.
+ */
+declare const buildVerifyKeyBoundInfoString: ({
+  infoString,
+  verifyPublicKeys
+}: IBuildVerifyKeyBoundInfoString_Input) => string;
+//#endregion
+//#region src/storage_adapter/storage_adapter.types.d.ts
+declare enum EStorageAdapterType {
+  string = "string",
+  json = "json"
+}
+interface IStorageAdapterMethods_String {
+  type: EStorageAdapterType.string;
+  setItem: (key: string, value: string) => Promise<void>;
+  getItem: (key: string) => Promise<string | null | undefined>;
+  removeItem: (key: string) => Promise<void>;
+}
+interface IStorageAdapterMethods_Json {
+  type: EStorageAdapterType.json;
+  setItem: <T>(key: string, value: T) => Promise<void>;
+  getItem: <T>(key: string) => Promise<T | null | undefined>;
+  removeItem: (key: string) => Promise<void>;
+}
+type TStorageAdapterMethods = IStorageAdapterMethods_String | IStorageAdapterMethods_Json;
+interface IStorageKeyGetterAndSetter<T> {
+  get: () => Promise<T | undefined>;
+  set: (value: T) => Promise<void>;
+}
+//#endregion
+//#region src/storage_adapter/StorageAdapter.d.ts
+interface IStorageAdapterConstructor {
+  methods: TStorageAdapterMethods;
+  trackKeysForClearing?: boolean;
+  keyPrefix?: string;
+}
+declare class StorageAdapter {
+  private implementation;
+  readonly keyPrefix: string;
+  private readonly adapterStorage?;
+  constructor({
+    methods,
+    keyPrefix,
+    trackKeysForClearing: trackKeys
+  }: IStorageAdapterConstructor);
+  private getPrefixedKey;
+  private trackUsedKey;
+  private untrackUsedKey;
+  clearAll(): Promise<void>;
+  removeItem(rawKey: string): Promise<void>;
+  setJson(rawKey: string, value: any): Promise<void>;
+  getJson<T>(rawKey: string): Promise<T | undefined>;
+  getJsonOrDef<T>(rawKey: string, defVal: T): Promise<T>;
+  updateJson<T>(rawKey: string, updater: (currentVal: T | undefined) => T): Promise<T>;
+  updateJsonOrDef<T>(rawKey: string, defVal: T, updater: (currentVal: T) => T): Promise<T>;
+  createJsonGetterSetter<T>(rawKey: string): IStorageKeyGetterAndSetter<T>;
+}
+//#endregion
+//#region src/crypto/client_key_link/ClientCryptoKeyLink.d.ts
+interface IClientCryptoKeyLink_Constructor {
+  storageAdapter?: StorageAdapter;
+}
+interface ILinkedClientPublicKeys {
+  verifyPublicKey?: TSerializedCryptoKeyData_Ed25519_Raw;
+  exchangePublicKey?: TSerializedCryptoKeyData_X25519_Raw;
+}
+interface ILocalPublicKeys {
+  verifyPublicKey: TSerializedCryptoKeyData_Ed25519_Raw;
+  exchangePublicKey: TSerializedCryptoKeyData_X25519_Raw;
+}
+interface ILinkClientKeys {
+  linkedClientId: TTypeAndId;
+  verifyPublicKey?: TSerializedCryptoKeyData_Ed25519_Raw;
+  exchangePublicKey?: TSerializedCryptoKeyData_X25519_Raw;
+  saltString?: string;
+  infoString?: string;
+  bindVerifyKeysIntoDerivation?: boolean;
+}
+interface IEncryptDataForLinkedClient {
+  linkedClientId: TTypeAndId;
+  dataToEncrypt: string;
+}
+interface IDecryptDataFromLinkedClient {
+  linkedClientId: TTypeAndId;
+  dataToDecrypt: TEncryptedAesGcmPayload;
+}
+interface IDecryptAndVerifyDataFromLinkedClient extends IDecryptDataFromLinkedClient {
+  signatureBase64: string;
+}
+interface IVerifyChallengeFromLinkedClient {
+  linkedClientId: TTypeAndId;
+  challenge: string;
+  signatureBase64: string;
+}
+declare class ClientCryptoKeyLink {
+  private localExchangeKeyPair;
+  private localVerifyKeyPair;
+  private linkedClientKeys;
+  private storage;
+  private initialized;
+  private initializePromise;
+  private localExchangeKeyPairPromise;
+  private localVerifyKeyPairPromise;
+  constructor({
+    storageAdapter
+  }?: IClientCryptoKeyLink_Constructor);
+  /**
+   * Loads the local key pairs and any linked client public keys from storage (when a storage
+   * adapter was provided), generating and persisting fresh local key pairs if none exist yet.
+   *
+   * Must be called (and awaited) before any sign/verify/encrypt/decrypt operation.
+   */
+  initialize(): Promise<void>;
+  private runInitialize;
+  /**
+   * Loads the local key pairs from storage if they were previously persisted. Does NOT generate
+   * fresh keys — local identity is created lazily on first use (see {@link ensureLocalExchangeKeyPair}
+   * / {@link ensureLocalVerifyKeyPair}), so a verify-only or otherwise key-less consumer never
+   * generates or stores keys it does not need.
+   */
+  private loadStoredLocalKeys;
+  /**
+   * Returns the local exchange (X25519) key pair, generating and persisting it on first use.
+   * Concurrent callers share a single generation.
+   */
+  private ensureLocalExchangeKeyPair;
+  /**
+   * Returns the local verify (Ed25519) key pair, generating and persisting it on first use.
+   * Concurrent callers share a single generation.
+   */
+  private ensureLocalVerifyKeyPair;
+  private loadLinkedClients;
+  private serializeExchangeKeyPair;
+  private serializeVerifyKeyPair;
+  /**
+   * The local public keys that should be shared with a linked client so that it can verify this
+   * client's signatures and derive a shared encryption key. Generates the local identity on first
+   * use.
+   */
+  getLocalPublicKeys(): Promise<ILocalPublicKeys>;
+  /**
+   * The local exchange (X25519) public key, generating the exchange key pair on first use. Does not
+   * touch the verify key pair — useful for an exchange-only consumer (e.g. a bridge) that never
+   * signs.
+   */
+  getLocalExchangePublicKey(): Promise<TSerializedCryptoKeyData_X25519_Raw>;
+  /**
+   * The local verify (Ed25519) public key, generating the verify key pair on first use. Does not
+   * touch the exchange key pair.
+   */
+  getLocalVerifyPublicKey(): Promise<TSerializedCryptoKeyData_Ed25519_Raw>;
+  /**
+   * Registers (or updates) the public keys of a linked client in memory only — nothing is written
+   * to storage. Use this for ephemeral links (e.g. a per-session bridge or end-to-end peer keyed by
+   * a session salt/info), so the derived shared key never outlives the process.
+   *
+   * Re-linking with a new exchange public key, salt, or info invalidates any previously cached
+   * shared key for the link.
+   */
+  linkClient({
+    linkedClientId,
+    verifyPublicKey,
+    exchangePublicKey,
+    saltString,
+    infoString,
+    bindVerifyKeysIntoDerivation
+  }: ILinkClientKeys): Promise<void>;
+  /**
+   * Like {@link linkClient}, but also persists the linked client's public keys (and salt/info) to
+   * storage so the link survives a reload.
+   *
+   * NOTE: salt/info are written in plaintext. When they are session secrets (e.g. a partner secret
+   * or bridge salt), prefer {@link linkClient} and re-establish the link per session instead.
+   */
+  linkClientAndStore(input: ILinkClientKeys): Promise<void>;
+  /**
+   * Whether a linked client is currently registered (in memory) under this id.
+   */
+  hasLinkedClient(linkedClientId: TTypeAndId): boolean;
+  /**
+   * The serialized public keys registered for a linked client, or undefined when the client is not
+   * linked. Useful when a holder needs to relay a linked client's keys onward (e.g. a backend
+   * relaying a wallet's verify key to a partner).
+   */
+  getLinkedClientPublicKeys(linkedClientId: TTypeAndId): ILinkedClientPublicKeys | undefined;
+  /**
+   * Removes a single linked client from memory and, when storage is available, from persisted
+   * state. Any cached shared key for the link is dropped with it.
+   */
+  unlinkClient(linkedClientId: TTypeAndId): Promise<void>;
+  /**
+   * Removes all linked clients from memory and persisted state, while keeping the local identity
+   * key pairs intact.
+   */
+  unlinkAllClients(): Promise<void>;
+  /**
+   * Wipes everything this instance owns — local identity key pairs and all linked clients, in
+   * memory and in storage. After a reset, {@link initialize} must be called again before use (it
+   * will generate a fresh local identity).
+   *
+   * Only the keys owned by this util are removed, so a shared storage adapter's other data is left
+   * untouched.
+   */
+  reset(): Promise<void>;
+  private getLinkedClient;
+  private getAesGcmKeyForLinkedClient;
+  encryptDataForLinkedClient({
+    dataToEncrypt,
+    linkedClientId
+  }: IEncryptDataForLinkedClient): Promise<TEncryptedAesGcmPayload>;
+  decryptDataFromLinkedClient({
+    dataToDecrypt,
+    linkedClientId
+  }: IDecryptDataFromLinkedClient): Promise<string>;
+  /**
+   * Bytes counterpart of {@link encryptDataForLinkedClient} — encrypts raw bytes with the shared
+   * AES-GCM key, returning a binary nonce + ciphertext. Use it for binary channels (e.g. msgpack
+   * WebSocket frames) to avoid base64 inflation.
+   */
+  encryptBytesForLinkedClient({
+    dataToEncrypt,
+    linkedClientId
+  }: {
+    dataToEncrypt: Uint8Array;
+    linkedClientId: TTypeAndId;
+  }): Promise<TEncryptedAesGcmBytes>;
+  /** Bytes counterpart of {@link decryptDataFromLinkedClient}. */
+  decryptBytesFromLinkedClient({
+    dataToDecrypt,
+    linkedClientId
+  }: {
+    dataToDecrypt: TEncryptedAesGcmBytes;
+    linkedClientId: TTypeAndId;
+  }): Promise<Uint8Array>;
+  signAndEncryptDataForLinkedClient({
+    dataToEncrypt,
+    linkedClientId
+  }: IEncryptDataForLinkedClient): Promise<{
+    encryptedData: TEncryptedAesGcmPayload;
+    signatureBase64: string;
+  }>;
+  /**
+   * Decrypts a payload from a linked client and verifies that the decrypted plaintext was signed
+   * by that client. Counterpart to {@link signAndEncryptDataForLinkedClient}.
+   *
+   * Returns the decrypted `data` alongside `isValid` — the caller decides how to handle an invalid
+   * signature. (A tampered ciphertext fails earlier at AES-GCM decryption.)
+   */
+  decryptAndVerifyDataFromLinkedClient({
+    dataToDecrypt,
+    linkedClientId,
+    signatureBase64
+  }: IDecryptAndVerifyDataFromLinkedClient): Promise<{
+    data: string;
+    isValid: boolean;
+  }>;
+  signChallenge(challenge: [string, ...string[]]): Promise<{
+    signatureBase64: string;
+  }>;
+  /**
+   * Verifies a signature over `challenge` against the linked client's verify (Ed25519) public key.
+   */
+  verifyChallengeFromLinkedClient({
+    linkedClientId,
+    challenge,
+    signatureBase64
+  }: IVerifyChallengeFromLinkedClient): Promise<boolean>;
+}
+//#endregion
+//#region src/crypto/crypto.converters.d.ts
+/**
+ *
+ * [CRYPTO ALGO] ED25519
+ *
+ */
+declare const convertEd25519RawDataStringToObject: (inputDataString: `ed25519::raw_base64::${string}`) => {
+  formattedString: `ed25519::raw_base64::${string}`;
+  type: ECryptoKeyAlgo.ed25519;
+  format: ECryptoKeyFormat.raw_base64;
+  data: string;
+};
+declare const convertEd25519JwkDataStringToObject: (inputDataString: `ed25519::jwk::${string}`) => {
+  formattedString: `ed25519::jwk::${string}`;
+  type: ECryptoKeyAlgo.ed25519;
+  format: ECryptoKeyFormat.jwk;
+  data: JsonWebKey;
+};
+declare const convertEd25519FormattedStringToObject: (inputDataString: `ed25519::raw_base64::${string}` | `ed25519::jwk::${string}`) => {
+  formattedString: `ed25519::raw_base64::${string}` | `ed25519::jwk::${string}`;
+  type: ECryptoKeyAlgo.ed25519;
+  format: ECryptoKeyFormat;
+  data: string;
+};
+declare const convertEd25519RawDataStringToSerializedKeyData: (input: TSerializedCryptoKeyData_Ed25519_Raw) => ISerializedKeyData_Ed25519_Raw;
+declare const convertEd25519JwkDataStringToSerializedKeyData: (input: TSerializedCryptoKeyData_Ed25519_Jwk) => ISerializedKeyData_Ed25519_Jwk;
+declare const convertEd25519FormattedStringToSerializedKeyData: <I extends TSerializedCryptoKeyData_Ed25519_Raw | TSerializedCryptoKeyData_Ed25519_Jwk, O extends (I extends TSerializedCryptoKeyData_Ed25519_Raw ? TSerializedCryptoKeyData_Ed25519_Raw_Transformed : TSerializedCryptoKeyData_Ed25519_Jwk_Transformed)>(input: I) => O;
+/**
+ *
+ * [CRYPTO ALGO] X25519
+ *
+ */
+declare const convertX25519RawDataStringToObject: (inputDataString: `x25519::raw_base64::${string}`) => {
+  formattedString: `x25519::raw_base64::${string}`;
+  type: ECryptoKeyAlgo.x25519;
+  format: ECryptoKeyFormat.raw_base64;
+  data: string;
+};
+declare const convertX25519JwkDataStringToObject: (inputDataString: `x25519::jwk::${string}`) => {
+  formattedString: `x25519::jwk::${string}`;
+  type: ECryptoKeyAlgo.x25519;
+  format: ECryptoKeyFormat.jwk;
+  data: JsonWebKey;
+};
+declare const convertX25519FormattedStringToObject: (inputDataString: `x25519::raw_base64::${string}` | `x25519::jwk::${string}`) => {
+  formattedString: `x25519::raw_base64::${string}` | `x25519::jwk::${string}`;
+  type: ECryptoKeyAlgo.x25519;
+  format: ECryptoKeyFormat;
+  data: string;
+};
+declare const convertX25519RawDataStringToSerializedKeyData: (input: TSerializedCryptoKeyData_X25519_Raw) => ISerializedKeyData_X25519_Raw;
+declare const convertX25519JwkDataStringToSerializedKeyData: (input: TSerializedCryptoKeyData_X25519_Jwk) => ISerializedKeyData_X25519_Jwk;
+declare const convertX25519FormattedStringToSerializedKeyData: <I extends TSerializedCryptoKeyData_X25519_Raw | TSerializedCryptoKeyData_X25519_Jwk, O extends (I extends TSerializedCryptoKeyData_X25519_Raw ? TSerializedCryptoKeyData_X25519_Raw_Transformed : TSerializedCryptoKeyData_X25519_Jwk_Transformed)>(input: I) => O;
+//#endregion
+//#region src/crypto/ed25519/generateEd25519KeyPair.d.ts
+declare const generateEd25519KeyPair: () => Promise<CryptoKeyPair>;
+//#endregion
+//#region src/crypto/ed25519/importEd25519Key.d.ts
+declare const importEd25519Key: {
+  private: {
+    fromFormattedString: {
+      readonly extractable: (input: `ed25519::jwk::${string}`) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: `ed25519::jwk::${string}`) => Promise<CryptoKey>;
+    };
+    fromSerializedObject: {
+      readonly extractable: (input: TSerializedCryptoKeyData_Ed25519_Jwk_Transformed) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: TSerializedCryptoKeyData_Ed25519_Jwk_Transformed) => Promise<CryptoKey>;
+    };
+    fromJwk: {
+      readonly extractable: (input: JsonWebKey) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: JsonWebKey) => Promise<CryptoKey>;
+    };
+  };
+  public: {
+    fromBase64: {
+      readonly extractable: (input: string) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: string) => Promise<CryptoKey>;
+    };
+    fromFormattedString: {
+      readonly extractable: (input: `ed25519::raw_base64::${string}` | `ed25519::jwk::${string}`) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: `ed25519::raw_base64::${string}` | `ed25519::jwk::${string}`) => Promise<CryptoKey>;
+    };
+    fromSerializedObject: {
+      readonly extractable: (input: TSerializedCryptoKeyData_Ed25519_Raw_Transformed | TSerializedCryptoKeyData_Ed25519_Jwk_Transformed) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: TSerializedCryptoKeyData_Ed25519_Raw_Transformed | TSerializedCryptoKeyData_Ed25519_Jwk_Transformed) => Promise<CryptoKey>;
+    };
+    fromJwk: {
+      readonly extractable: (input: JsonWebKey) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: JsonWebKey) => Promise<CryptoKey>;
+    };
+  };
+};
+//#endregion
+//#region src/crypto/ed25519/serializeEd25519Key_Jwk.d.ts
+declare const serializeEd25519Key_Jwk: (key: CryptoKey) => Promise<ISerializedKeyData_Ed25519_Jwk>;
+//#endregion
+//#region src/crypto/ed25519/serializeEd25519Key_Raw.d.ts
+declare const serializeEd25519Key_Raw: (publicKey: CryptoKey) => Promise<ISerializedKeyData_Ed25519_Raw>;
+//#endregion
+//#region src/crypto/ed25519/signCombinedTextDataWithKeyEd25519.d.ts
+declare const DEFAULT_COMBINED_TEXT_DATA_SEPARATOR = "::";
+declare const signCombinedTextDataWithKeyEd25519: (data: string[], cryptoKey: CryptoKey, separator?: string) => Promise<Uint8Array>;
+//#endregion
+//#region src/crypto/ed25519/signTextDataWithKeyEd25519.d.ts
+declare const signTextDataWithKeyEd25519: (data: string, cryptoKey: CryptoKey) => Promise<Uint8Array>;
+//#endregion
+//#region src/crypto/ed25519/verifyWithKeyEd25519.d.ts
+declare const verifyWithKeyEd25519: ({
+  challenge,
+  signatureBase64,
+  publicKey
+}: {
+  challenge: string;
+  signatureBase64: string;
+  publicKey: CryptoKey;
+}) => Promise<boolean>;
+//#endregion
+//#region src/crypto/x25519/createSharedBitsFromX25519.d.ts
+declare const createSharedBitsFromX25519: ({
+  privateKey,
+  publicKey
+}: {
+  privateKey: CryptoKey;
+  publicKey: CryptoKey;
+}) => Promise<Uint8Array>;
+//#endregion
+//#region src/crypto/x25519/generateX25519KeyPair.d.ts
+declare const generateX25519KeyPair: () => Promise<CryptoKeyPair>;
+//#endregion
+//#region src/crypto/x25519/importX25519Key.d.ts
+declare const importX25519Key: {
+  private: {
+    fromFormattedString: {
+      readonly extractable: (input: `x25519::jwk::${string}`) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: `x25519::jwk::${string}`) => Promise<CryptoKey>;
+    };
+    fromSerializedObject: {
+      readonly extractable: (input: TSerializedCryptoKeyData_X25519_Jwk_Transformed) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: TSerializedCryptoKeyData_X25519_Jwk_Transformed) => Promise<CryptoKey>;
+    };
+    fromJwk: {
+      readonly extractable: (input: JsonWebKey) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: JsonWebKey) => Promise<CryptoKey>;
+    };
+  };
+  public: {
+    fromBase64: {
+      readonly extractable: (input: string) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: string) => Promise<CryptoKey>;
+    };
+    fromFormattedString: {
+      readonly extractable: (input: `x25519::raw_base64::${string}` | `x25519::jwk::${string}`) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: `x25519::raw_base64::${string}` | `x25519::jwk::${string}`) => Promise<CryptoKey>;
+    };
+    fromSerializedObject: {
+      readonly extractable: (input: TSerializedCryptoKeyData_X25519_Raw_Transformed | TSerializedCryptoKeyData_X25519_Jwk_Transformed) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: TSerializedCryptoKeyData_X25519_Raw_Transformed | TSerializedCryptoKeyData_X25519_Jwk_Transformed) => Promise<CryptoKey>;
+    };
+    fromJwk: {
+      readonly extractable: (input: JsonWebKey) => Promise<CryptoKey>;
+      readonly nonExtractable: (input: JsonWebKey) => Promise<CryptoKey>;
+    };
+  };
+};
+//#endregion
+//#region src/crypto/x25519/serializeX25519Key_Jwk.d.ts
+declare const serializeX25519Key_Jwk: (key: CryptoKey) => Promise<ISerializedKeyData_X25519_Jwk>;
+//#endregion
+//#region src/crypto/x25519/serializeX25519Key_Raw.d.ts
+declare const serializeX25519Key_Raw: (key: CryptoKey) => Promise<ISerializedKeyData_X25519_Raw>;
+//#endregion
+//#region src/typescript/special_typescript_types.d.ts
+type StringKeys<T> = keyof T & string;
+//#endregion
+//#region src/storage_adapter/typed_storage/createTypedStorage.d.ts
+interface ITypedStorage<T extends Record<string, any>> {
+  getJson<K extends StringKeys<T>>(key: K): Promise<T[K] | undefined>;
+  getJsonOrDef<K extends StringKeys<T>>(key: K, defVal: T[K]): Promise<T[K]>;
+  setJson<K extends StringKeys<T>>(key: K, val: T[K]): Promise<void>;
+  removeItem<K extends StringKeys<T>>(key: K): Promise<void>;
+  updateJson<K extends StringKeys<T>>(key: K, updater: (currentVal: T[K] | undefined) => T[K]): Promise<void>;
+  updateJsonWithDef<K extends StringKeys<T>>(key: K, defaultVal: T[K], updater: (currentVal: T[K]) => T[K]): Promise<void>;
+  clearAll(): Promise<void>;
+}
+interface ITypedStorage_Create_Input {
+  storageAdapter: StorageAdapter;
+}
+declare function createTypedStorage<T extends Record<string, any>>({
+  storageAdapter
+}: ITypedStorage_Create_Input): ITypedStorage<T>;
+//#endregion
+//#region src/storage_adapter/specific/browser/browser_storage.d.ts
+/**
+ *
+ * Web Storage [LOCAL STORAGE]
+ *
+ */
+type TCreateWebLocalStorageOptions = Omit<IStorageAdapterConstructor, "methods"> & {
+  localStorage: typeof localStorage;
+};
+declare function createWebLocalStorageMethods(_localStorage: typeof localStorage): IStorageAdapterMethods_String;
+declare const createWebLocalStorageAdapter: ({
+  localStorage: _localStorage,
+  ...options
+}: TCreateWebLocalStorageOptions) => StorageAdapter;
+declare function createTypedWebLocalStorage<T extends Record<string, any>>(options: TCreateWebLocalStorageOptions): ITypedStorage<T>;
+/**
+ *
+ * Web Storage [SESSION STORAGE]
+ *
+ */
+type TCreateWebSessionStorageOptions = Omit<IStorageAdapterConstructor, "methods"> & {
+  sessionStorage: typeof sessionStorage;
+};
+declare function createWebSessionStorageMethods(_sessionStorage: typeof sessionStorage): IStorageAdapterMethods_String;
+declare const createWebSessionStorageAdapter: ({
+  sessionStorage: _sessionStorage,
+  ...options
+}: TCreateWebSessionStorageOptions) => StorageAdapter;
+declare function createTypedWebSessionStorage<T extends Record<string, any>>(options: TCreateWebSessionStorageOptions): ITypedStorage<T>;
+//#endregion
+//#region src/storage_adapter/specific/cloudflare/durable_object/durable_object_storage.types.d.ts
+interface DurableObjectGetOptions {
+  allowConcurrency?: boolean;
+  noCache?: boolean;
+}
+interface DurableObjectPutOptions {
+  allowConcurrency?: boolean;
+  allowUnconfirmed?: boolean;
+  noCache?: boolean;
+}
+interface IDurableObjectStorage {
+  get<T = unknown>(key: string, options?: DurableObjectGetOptions): Promise<T | undefined>;
+  get<T = unknown>(keys: string[], options?: DurableObjectGetOptions): Promise<Map<string, T>>;
+  put<T>(key: string, value: T, options?: DurableObjectPutOptions): Promise<void>;
+  put<T>(entries: Record<string, T>, options?: DurableObjectPutOptions): Promise<void>;
+  delete(key: string, options?: DurableObjectPutOptions): Promise<boolean>;
+  delete(keys: string[], options?: DurableObjectPutOptions): Promise<number>;
+}
+//#endregion
+//#region src/storage_adapter/specific/cloudflare/durable_object/durable_object_storage.d.ts
+declare function createDurableObjectStorageMethods(durableObjectStorage: IDurableObjectStorage): IStorageAdapterMethods_Json;
+type TCreateDurableObjectStorageOptions = Omit<IStorageAdapterConstructor, "methods"> & {
+  durableObjectStorage: IDurableObjectStorage;
+};
+/**
+ * Wraps a Durable Object's storage in the generic StorageAdapter interface, e.g. for handing to a
+ * ClientCryptoKeyLink so it can persist its keys inside the DO's own storage.
+ */
+declare const createDurableObjectStorageAdapter: ({
+  durableObjectStorage,
+  ...options
+}: TCreateDurableObjectStorageOptions) => StorageAdapter;
+declare function createDurableObjectTypedStorage<T extends Record<string, any>>(options: TCreateDurableObjectStorageOptions): ITypedStorage<T>;
+//#endregion
+//#region src/storage_adapter/specific/cloudflare/kv/kv_storage.types.d.ts
+interface IKVNamespaceGetOptions {
+  cacheTtl?: number;
+}
+interface IKVNamespacePutOptions {
+  /** Absolute time (seconds since epoch) at which the key should expire. */
+  expiration?: number;
+  /** Relative TTL (in seconds) from now, after which the key should expire. */
+  expirationTtl?: number;
+  metadata?: unknown;
+}
+/**
+ * Minimal subset of Cloudflare's `KVNamespace` binding that our storage adapter relies on. Values
+ * are always written/read as strings (KV's `put` only accepts string/stream/buffer values), so the
+ * adapter is a {@link EStorageAdapterType.string} adapter and JSON (de)serialization happens in the
+ * generic `StorageAdapter`.
+ */
+interface IKVNamespace {
+  get(key: string, options?: IKVNamespaceGetOptions): Promise<string | null>;
+  put(key: string, value: string, options?: IKVNamespacePutOptions): Promise<void>;
+  delete(key: string): Promise<void>;
+}
+//#endregion
+//#region src/storage_adapter/specific/cloudflare/kv/kv_storage.d.ts
+interface ICreateKVStorageMethodsOptions {
+  /** The `KVNamespace` binding, e.g. accessed off `env.MY_KV` inside a worker. */
+  kvNamespace: IKVNamespace;
+  /** Default options applied to every `put`, e.g. `{ expirationTtl }` for TTL-based eviction. */
+  defaultPutOptions?: IKVNamespacePutOptions;
+}
+declare function createKVStorageMethods({
+  kvNamespace,
+  defaultPutOptions
+}: ICreateKVStorageMethodsOptions): IStorageAdapterMethods_String;
+type TCreateKVStorageOptions = Omit<IStorageAdapterConstructor, "methods"> & ICreateKVStorageMethodsOptions;
+/**
+ * Wraps a Cloudflare KV namespace binding in the generic StorageAdapter interface, e.g. for handing
+ * to a ClientCryptoKeyLink so it can persist its keys inside KV.
+ */
+declare const createKVStorageAdapter: ({
+  kvNamespace,
+  defaultPutOptions,
+  ...options
+}: TCreateKVStorageOptions) => StorageAdapter;
+declare function createKVTypedStorage<T extends Record<string, any>>(options: TCreateKVStorageOptions): ITypedStorage<T>;
+//#endregion
+//#region src/storage_adapter/specific/memory/memory_storage.d.ts
+type TMemoryStorage_string = Map<string, string>;
+type TMemoryStorage_json = Map<string, any>;
+/**
+ *
+ * Memory Storage [STRING]
+ *
+ */
+type TCreateMemoryStorageOptions_string = Omit<IStorageAdapterConstructor, "methods"> & {
+  memoryStorageMap?: TMemoryStorage_string;
+};
+declare function createMemoryStorageMethods_string(memoryStorageMap?: TMemoryStorage_string): IStorageAdapterMethods_String;
+declare const createMemoryStorageAdapter_string: (options?: TCreateMemoryStorageOptions_string) => StorageAdapter;
+declare function createTypedMemoryStorage_string<T extends Record<string, any>>(options?: TCreateMemoryStorageOptions_string): ITypedStorage<T>;
+/**
+ *
+ * Memory Storage [JSON]
+ *
+ */
+type TCreateMemoryStorageOptions_json = Omit<IStorageAdapterConstructor, "methods"> & {
+  memoryStorageMap?: TMemoryStorage_json;
+};
+declare function createMemoryStorageMethods_json(memoryStorageMap?: TMemoryStorage_json): IStorageAdapterMethods_Json;
+declare const createMemoryStorageAdapter_json: (options?: TCreateMemoryStorageOptions_json) => StorageAdapter;
+declare function createTypedMemoryStorage_json<T extends Record<string, any>>(options?: TCreateMemoryStorageOptions_json): ITypedStorage<T>;
+//#endregion
+export { ClientCryptoKeyLink, DEFAULT_COMBINED_TEXT_DATA_SEPARATOR, ECryptoKeyAlgo, ECryptoKeyFormat, EStorageAdapterType, ICreateKVStorageMethodsOptions, ISerializedKeyData_Ed25519_Jwk, ISerializedKeyData_Ed25519_Raw, ISerializedKeyData_X25519_Jwk, ISerializedKeyData_X25519_Raw, IStorageAdapterConstructor, IStorageAdapterMethods_Json, IStorageAdapterMethods_String, IStorageKeyGetterAndSetter, ITypedStorage, StorageAdapter, StringKeys, TCreateDurableObjectStorageOptions, TCreateKVStorageOptions, TEncryptedAesGcmBytes, TEncryptedAesGcmPayload, TEncryptedAesGcmPayload_Transformed, TMemoryStorage_json, TMemoryStorage_string, TSerializedCryptoKeyData_Ed25519_Jwk, TSerializedCryptoKeyData_Ed25519_Jwk_Transformed, TSerializedCryptoKeyData_Ed25519_Raw, TSerializedCryptoKeyData_Ed25519_Raw_Transformed, TSerializedCryptoKeyData_X25519_Jwk, TSerializedCryptoKeyData_X25519_Jwk_Transformed, TSerializedCryptoKeyData_X25519_Raw, TSerializedCryptoKeyData_X25519_Raw_Transformed, TSerializedCryptoKeyPairDataEd25519, TSerializedCryptoKeyPairDataX25519, TSerializedKeyData, TStorageAdapterMethods, type TTypeAndId, TVerifyChallengeWithSignature_Input, TVerifyChallengeWithSignature_WithThrow_Input, buildVerifyKeyBoundInfoString, convertEd25519FormattedStringToObject, convertEd25519FormattedStringToSerializedKeyData, convertEd25519JwkDataStringToObject, convertEd25519JwkDataStringToSerializedKeyData, convertEd25519RawDataStringToObject, convertEd25519RawDataStringToSerializedKeyData, convertX25519FormattedStringToObject, convertX25519FormattedStringToSerializedKeyData, convertX25519JwkDataStringToObject, convertX25519JwkDataStringToSerializedKeyData, convertX25519RawDataStringToObject, convertX25519RawDataStringToSerializedKeyData, createAesGcmKeyFromX25519Keys, createDurableObjectStorageAdapter, createDurableObjectStorageMethods, createDurableObjectTypedStorage, createKVStorageAdapter, createKVStorageMethods, createKVTypedStorage, createMemoryStorageAdapter_json, createMemoryStorageAdapter_string, createMemoryStorageMethods_json, createMemoryStorageMethods_string, createSharedBitsFromX25519, createTypedMemoryStorage_json, createTypedMemoryStorage_string, createTypedStorage, createTypedWebLocalStorage, createTypedWebSessionStorage, createWebLocalStorageAdapter, createWebLocalStorageMethods, createWebSessionStorageAdapter, createWebSessionStorageMethods, decryptBytesWithAesGcmKey, decryptTextDataWithAesGcmKey, encryptBytesWithAesGcmKey, encryptTextDataWithAesGcmKey, generateEd25519KeyPair, generateX25519KeyPair, importEd25519Key, importX25519Key, serializeEd25519Key_Jwk, serializeEd25519Key_Raw, serializeX25519Key_Jwk, serializeX25519Key_Raw, signCombinedTextDataWithKeyEd25519, signTextDataWithKeyEd25519, vCryptoKeyPairDataEd25519, vCryptoKeyPairDataX25519, vEncryptedAesGcmPayload, vSerializedCryptoKeyDataEd25519_Jwk, vSerializedCryptoKeyDataEd25519_Raw, vSerializedCryptoKeyDataX25519_Jwk, vSerializedCryptoKeyDataX25519_Raw, vVerifyChallengeWithSignature_Input, vVerifyChallengeWithSignature_WithThrow_Input, verifyWithKeyEd25519 };
+//# sourceMappingURL=index.d.ts.map