@peac/jwks-cache 0.10.9 → 0.10.10

package/dist/cache.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"cache.js","sourceRoot":"","sources":["../src/cache.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,mBAAmB,GAAG,IAAI,CAAC;AAOjC;;;;;;GAMG;AACH,MAAM,OAAO,aAAa;IACP,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IACtC,UAAU,CAAS;IAEpC,YAAY,OAA8B;QACxC,IAAI,CAAC,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,mBAAmB,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAElC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QACd,CAAC;QAED,oEAAoE;QACpE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,IAAI,GAAG,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,yDAAyD;QACzD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAE3B,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,QAAQ,CAAC,GAAW;QACxB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAiB;QACtC,iEAAiE;QACjE,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,IAAI,CAAC,aAAa,EAAE,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,aAAa;QACnB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC;YACjD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC/B,CAAC;iBAAM,CAAC;gBACN,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,YAAoB,EAAE,GAAW;IAC7D,OAAO,GAAG,YAAY,IAAI,GAAG,EAAE,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,YAAoB;IACpD,OAAO,GAAG,YAAY,WAAW,CAAC;AACpC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,YAA2B;IACjE,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAClD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAChC,CAAC"}

package/dist/errors.js

@@ -1,48 +0,0 @@
-/**
- * JWKS Cache error codes per execution pack specification.
- */
-export const ErrorCodes = {
-    /** Network error fetching JWKS */
-    JWKS_FETCH_FAILED: 'E_JWKS_FETCH_FAILED',
-    /** Fetch timeout */
-    JWKS_TIMEOUT: 'E_JWKS_TIMEOUT',
-    /** Invalid JSON or structure */
-    JWKS_INVALID: 'E_JWKS_INVALID',
-    /** Response > 1MB */
-    JWKS_TOO_LARGE: 'E_JWKS_TOO_LARGE',
-    /** keys.length > 100 */
-    JWKS_TOO_MANY_KEYS: 'E_JWKS_TOO_MANY_KEYS',
-    /** Private IP or metadata URL blocked */
-    SSRF_BLOCKED: 'E_SSRF_BLOCKED',
-    /** Requested kid not in JWKS */
-    KEY_NOT_FOUND: 'E_KEY_NOT_FOUND',
-    /** All discovery paths failed */
-    ALL_PATHS_FAILED: 'E_ALL_PATHS_FAILED',
-};
-/**
- * HTTP status codes for each error.
- */
-export const ErrorHttpStatus = {
-    [ErrorCodes.JWKS_FETCH_FAILED]: 502,
-    [ErrorCodes.JWKS_TIMEOUT]: 504,
-    [ErrorCodes.JWKS_INVALID]: 502,
-    [ErrorCodes.JWKS_TOO_LARGE]: 502,
-    [ErrorCodes.JWKS_TOO_MANY_KEYS]: 502,
-    [ErrorCodes.SSRF_BLOCKED]: 403,
-    [ErrorCodes.KEY_NOT_FOUND]: 401,
-    [ErrorCodes.ALL_PATHS_FAILED]: 502,
-};
-/**
- * JWKS error with code and HTTP status.
- */
-export class JwksError extends Error {
-    code;
-    httpStatus;
-    constructor(code, message) {
-        super(message);
-        this.name = 'JwksError';
-        this.code = code;
-        this.httpStatus = ErrorHttpStatus[code];
-    }
-}
-//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,kCAAkC;IAClC,iBAAiB,EAAE,qBAAqB;IACxC,oBAAoB;IACpB,YAAY,EAAE,gBAAgB;IAC9B,gCAAgC;IAChC,YAAY,EAAE,gBAAgB;IAC9B,qBAAqB;IACrB,cAAc,EAAE,kBAAkB;IAClC,wBAAwB;IACxB,kBAAkB,EAAE,sBAAsB;IAC1C,yCAAyC;IACzC,YAAY,EAAE,gBAAgB;IAC9B,gCAAgC;IAChC,aAAa,EAAE,iBAAiB;IAChC,iCAAiC;IACjC,gBAAgB,EAAE,oBAAoB;CAC9B,CAAC;AAIX;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAA8B;IACxD,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,GAAG;IACnC,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,GAAG;IAC9B,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,GAAG;IAC9B,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,GAAG;IAChC,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,GAAG;IACpC,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,GAAG;IAC9B,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,GAAG;IAC/B,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,GAAG;CACnC,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,SAAU,SAAQ,KAAK;IACzB,IAAI,CAAY;IAChB,UAAU,CAAS;IAE5B,YAAY,IAAe,EAAE,OAAe;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;CACF"}

package/dist/resolver.js

@@ -1,309 +0,0 @@
-/**
- * JWKS resolver with multi-path discovery and caching.
- */
-import { ErrorCodes, JwksError } from './errors.js';
-import { validateUrl } from './security.js';
-import { InMemoryCache, buildCacheKey, parseCacheControlMaxAge } from './cache.js';
-const DEFAULT_TTL_SECONDS = 3600; // 1 hour
-const MAX_TTL_SECONDS = 86400; // 24 hours
-const MIN_TTL_SECONDS = 60;
-const DEFAULT_TIMEOUT_MS = 5000;
-const DEFAULT_MAX_RESPONSE_BYTES = 1024 * 1024; // 1MB
-const DEFAULT_MAX_KEYS = 100;
-const DEFAULT_MAX_STALE_AGE_SECONDS = 172800; // 48 hours
-/**
- * Create a JWKS key resolver with singleflight dedup.
- *
- * Concurrent calls for the same issuer+keyid coalesce into a single
- * network request, preventing thundering herd on cache miss.
- *
- * @param options - Resolver options
- * @returns Key resolver function
- */
-export function createResolver(options = {}) {
-    const cache = options.cache ?? new InMemoryCache();
-    const { defaultTtlSeconds = DEFAULT_TTL_SECONDS, maxTtlSeconds = MAX_TTL_SECONDS, minTtlSeconds = MIN_TTL_SECONDS, timeoutMs = DEFAULT_TIMEOUT_MS, maxResponseBytes = DEFAULT_MAX_RESPONSE_BYTES, maxKeys = DEFAULT_MAX_KEYS, isAllowedHost, allowLocalhost = false, allowStale = false, maxStaleAgeSeconds = DEFAULT_MAX_STALE_AGE_SECONDS, } = options;
-    // Singleflight: dedup concurrent resolves for the same issuer+keyid
-    const inflight = new Map();
-    return async (issuer, keyid) => {
-        const flightKey = `${issuer}:${keyid}`;
-        const existing = inflight.get(flightKey);
-        if (existing) {
-            const resolvedKey = await existing;
-            return resolvedKey ? createJwkVerifier(resolvedKey.jwk) : null;
-        }
-        const promise = resolveKey(issuer, keyid, {
-            cache,
-            defaultTtlSeconds,
-            maxTtlSeconds,
-            minTtlSeconds,
-            timeoutMs,
-            maxResponseBytes,
-            maxKeys,
-            isAllowedHost,
-            allowLocalhost,
-            allowStale,
-            maxStaleAgeSeconds,
-        }).finally(() => {
-            inflight.delete(flightKey);
-        });
-        inflight.set(flightKey, promise);
-        const resolvedKey = await promise;
-        if (!resolvedKey) {
-            return null;
-        }
-        return createJwkVerifier(resolvedKey.jwk);
-    };
-}
-/**
- * Resolve a key by issuer and key ID.
- *
- * Discovery order (per TAP spec):
- * 1. /.well-known/jwks
- * 2. /keys?keyID=<kid>
- * 3. /.well-known/jwks.json (fallback)
- */
-export async function resolveKey(issuer, keyid, options) {
-    const { cache, isAllowedHost, allowLocalhost, allowStale, maxStaleAgeSeconds } = options;
-    // Normalize issuer to origin
-    const issuerOrigin = new URL(issuer).origin;
-    const cacheKey = buildCacheKey(issuerOrigin, keyid);
-    // Check cache first
-    const cached = await cache.get(cacheKey);
-    if (cached) {
-        return {
-            jwk: cached.jwk,
-            source: '/.well-known/jwks',
-            cached: true,
-        };
-    }
-    // Discovery paths in order
-    const paths = [
-        {
-            url: `${issuerOrigin}/.well-known/jwks`,
-            source: '/.well-known/jwks',
-            isSingleKey: false,
-        },
-        {
-            url: `${issuerOrigin}/keys?keyID=${encodeURIComponent(keyid)}`,
-            source: '/keys',
-            isSingleKey: true,
-        },
-        {
-            url: `${issuerOrigin}/.well-known/jwks.json`,
-            source: '/.well-known/jwks.json',
-            isSingleKey: false,
-        },
-    ];
-    const errors = [];
-    for (const path of paths) {
-        try {
-            // Validate URL for SSRF
-            validateUrl(path.url, { isAllowedHost, allowLocalhost });
-            const result = await fetchWithTimeout(path.url, options.timeoutMs);
-            // Check response size
-            const contentLength = result.headers.get('content-length');
-            if (contentLength && parseInt(contentLength, 10) > options.maxResponseBytes) {
-                throw new JwksError(ErrorCodes.JWKS_TOO_LARGE, `Response too large: ${contentLength} bytes`);
-            }
-            // Parse response
-            const text = await result.text();
-            if (text.length > options.maxResponseBytes) {
-                throw new JwksError(ErrorCodes.JWKS_TOO_LARGE, `Response too large: ${text.length} bytes`);
-            }
-            let data;
-            try {
-                data = JSON.parse(text);
-            }
-            catch {
-                throw new JwksError(ErrorCodes.JWKS_INVALID, 'Invalid JSON response');
-            }
-            // Extract JWK
-            let jwk = null;
-            if (path.isSingleKey) {
-                // Single key endpoint returns JWK directly
-                jwk = validateJwk(data);
-            }
-            else {
-                // JWKS endpoint returns key set
-                const jwks = validateJwks(data, options.maxKeys);
-                jwk = findKey(jwks, keyid);
-            }
-            if (!jwk) {
-                continue; // Try next path
-            }
-            // Calculate TTL
-            const cacheControlMaxAge = parseCacheControlMaxAge(result.headers.get('cache-control'));
-            const ttl = calculateTtl(cacheControlMaxAge, options.defaultTtlSeconds, options.minTtlSeconds, options.maxTtlSeconds);
-            // Cache the key
-            const now = Math.floor(Date.now() / 1000);
-            await cache.set(cacheKey, {
-                jwk,
-                expiresAt: now + ttl,
-                etag: result.headers.get('etag') ?? undefined,
-            });
-            return {
-                jwk,
-                source: path.source,
-                cached: false,
-            };
-        }
-        catch (error) {
-            errors.push(error);
-            // Continue to next path
-        }
-    }
-    // All paths failed -- try stale fallback if allowed.
-    // Only fall back on transient network errors. Fail closed on security policy
-    // violations (SSRF), semantic errors (invalid JWKS, too many keys, too large),
-    // and parse failures -- these indicate the server is misconfigured or
-    // compromised, not that the network is temporarily unreachable.
-    if (errors.length > 0) {
-        // Fail closed: stale only if every error is a known-transient JwksError.
-        // Non-JwksError (bugs, unexpected throws) must NOT widen stale eligibility.
-        const allTransient = errors.every((e) => e instanceof JwksError &&
-            (e.code === ErrorCodes.JWKS_FETCH_FAILED || e.code === ErrorCodes.JWKS_TIMEOUT));
-        if (allowStale && allTransient && 'getStale' in cache && typeof cache.getStale === 'function') {
-            const staleEntry = await cache.getStale(cacheKey);
-            if (staleEntry) {
-                const now = Math.floor(Date.now() / 1000);
-                const staleAge = now - staleEntry.expiresAt;
-                if (staleAge >= 0 && staleAge <= maxStaleAgeSeconds) {
-                    return {
-                        jwk: staleEntry.jwk,
-                        source: '/.well-known/jwks',
-                        cached: true,
-                        stale: true,
-                        staleAgeSeconds: staleAge,
-                        keyExpiredAt: staleEntry.expiresAt,
-                    };
-                }
-            }
-        }
-        const lastError = errors[errors.length - 1];
-        if (lastError instanceof JwksError) {
-            throw lastError;
-        }
-        throw new JwksError(ErrorCodes.ALL_PATHS_FAILED, `All discovery paths failed for ${issuerOrigin}`);
-    }
-    return null;
-}
-/**
- * Fetch with timeout.
- */
-async function fetchWithTimeout(url, timeoutMs) {
-    const controller = new AbortController();
-    const timeout = setTimeout(() => controller.abort(), timeoutMs);
-    try {
-        const response = await fetch(url, {
-            signal: controller.signal,
-            redirect: 'error', // No redirect following (fail-closed)
-            headers: {
-                Accept: 'application/json',
-            },
-        });
-        if (!response.ok) {
-            throw new JwksError(ErrorCodes.JWKS_FETCH_FAILED, `HTTP ${response.status}: ${response.statusText}`);
-        }
-        return response;
-    }
-    catch (error) {
-        if (error.name === 'AbortError') {
-            throw new JwksError(ErrorCodes.JWKS_TIMEOUT, `Fetch timeout after ${timeoutMs}ms`);
-        }
-        if (error instanceof JwksError) {
-            throw error;
-        }
-        throw new JwksError(ErrorCodes.JWKS_FETCH_FAILED, `Fetch failed: ${error.message}`);
-    }
-    finally {
-        clearTimeout(timeout);
-    }
-}
-/**
- * Validate and extract JWK from response data.
- */
-function validateJwk(data) {
-    if (!data || typeof data !== 'object') {
-        return null;
-    }
-    const jwk = data;
-    if (jwk.kty !== 'OKP' || jwk.crv !== 'Ed25519' || typeof jwk.x !== 'string') {
-        return null;
-    }
-    return {
-        kty: jwk.kty,
-        crv: jwk.crv,
-        x: jwk.x,
-        kid: typeof jwk.kid === 'string' ? jwk.kid : undefined,
-        use: typeof jwk.use === 'string' ? jwk.use : undefined,
-        alg: typeof jwk.alg === 'string' ? jwk.alg : undefined,
-    };
-}
-/**
- * Validate JWKS structure.
- */
-function validateJwks(data, maxKeys) {
-    if (!data || typeof data !== 'object') {
-        throw new JwksError(ErrorCodes.JWKS_INVALID, 'Invalid JWKS structure');
-    }
-    const jwks = data;
-    if (!Array.isArray(jwks.keys)) {
-        throw new JwksError(ErrorCodes.JWKS_INVALID, 'JWKS must have keys array');
-    }
-    if (jwks.keys.length > maxKeys) {
-        throw new JwksError(ErrorCodes.JWKS_TOO_MANY_KEYS, `Too many keys: ${jwks.keys.length} > ${maxKeys}`);
-    }
-    return { keys: jwks.keys };
-}
-/**
- * Find key by ID in JWKS.
- */
-function findKey(jwks, keyid) {
-    for (const key of jwks.keys) {
-        if (key.kid === keyid) {
-            return validateJwk(key);
-        }
-    }
-    return null;
-}
-/**
- * Calculate TTL from Cache-Control and options.
- */
-function calculateTtl(cacheControlMaxAge, defaultTtl, minTtl, maxTtl) {
-    let ttl = cacheControlMaxAge ?? defaultTtl;
-    ttl = Math.max(minTtl, ttl);
-    ttl = Math.min(maxTtl, ttl);
-    return ttl;
-}
-/**
- * Import a JWK as Ed25519 public key.
- *
- * Returns an opaque key object (runtime-neutral).
- * Use createJwkVerifier() for a complete SignatureVerifier.
- */
-export async function importJwkAsEd25519(jwk) {
-    return globalThis.crypto.subtle.importKey('jwk', {
-        kty: jwk.kty,
-        crv: jwk.crv,
-        x: jwk.x,
-    }, { name: 'Ed25519' }, false, ['verify']);
-}
-/**
- * Create a SignatureVerifier from a JWK.
- *
- * Convenience function for TAP integration.
- *
- * @param jwk - Ed25519 JWK
- * @returns SignatureVerifier function
- */
-export async function createJwkVerifier(jwk) {
-    const key = await importJwkAsEd25519(jwk);
-    return async (data, signature) => {
-        // Create proper ArrayBuffer views to satisfy TypeScript
-        const sigBuffer = new Uint8Array(signature).buffer;
-        const dataBuffer = new Uint8Array(data).buffer;
-        return globalThis.crypto.subtle.verify('Ed25519', key, sigBuffer, dataBuffer);
-    };
-}
-//# sourceMappingURL=resolver.js.map

package/dist/resolver.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"resolver.js","sourceRoot":"","sources":["../src/resolver.ts"],"names":[],"mappings":"AAAA;;GAEG;AAWH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAEnF,MAAM,mBAAmB,GAAG,IAAI,CAAC,CAAC,SAAS;AAC3C,MAAM,eAAe,GAAG,KAAK,CAAC,CAAC,WAAW;AAC1C,MAAM,eAAe,GAAG,EAAE,CAAC;AAC3B,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAChC,MAAM,0BAA0B,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,MAAM;AACtD,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,6BAA6B,GAAG,MAAM,CAAC,CAAC,WAAW;AAEzD;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAAC,UAA2B,EAAE;IAC1D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,IAAI,aAAa,EAAE,CAAC;IACnD,MAAM,EACJ,iBAAiB,GAAG,mBAAmB,EACvC,aAAa,GAAG,eAAe,EAC/B,aAAa,GAAG,eAAe,EAC/B,SAAS,GAAG,kBAAkB,EAC9B,gBAAgB,GAAG,0BAA0B,EAC7C,OAAO,GAAG,gBAAgB,EAC1B,aAAa,EACb,cAAc,GAAG,KAAK,EACtB,UAAU,GAAG,KAAK,EAClB,kBAAkB,GAAG,6BAA6B,GACnD,GAAG,OAAO,CAAC;IAEZ,oEAAoE;IACpE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAuC,CAAC;IAEhE,OAAO,KAAK,EAAE,MAAc,EAAE,KAAa,EAAqC,EAAE;QAChF,MAAM,SAAS,GAAG,GAAG,MAAM,IAAI,KAAK,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACzC,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC;YACnC,OAAO,WAAW,CAAC,CAAC,CAAC,iBAAiB,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjE,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,EAAE,KAAK,EAAE;YACxC,KAAK;YACL,iBAAiB;YACjB,aAAa;YACb,aAAa;YACb,SAAS;YACT,gBAAgB;YAChB,OAAO;YACP,aAAa;YACb,cAAc;YACd,UAAU;YACV,kBAAkB;SACnB,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE;YACd,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAEjC,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC;QAClC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,iBAAiB,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,MAAc,EACd,KAAa,EACb,OAewC;IAExC,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,UAAU,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC;IAEzF,6BAA6B;IAC7B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;IAC5C,MAAM,QAAQ,GAAG,aAAa,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IAEpD,oBAAoB;IACpB,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO;YACL,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,MAAM,EAAE,mBAAmB;YAC3B,MAAM,EAAE,IAAI;SACb,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,MAAM,KAAK,GAIN;QACH;YACE,GAAG,EAAE,GAAG,YAAY,mBAAmB;YACvC,MAAM,EAAE,mBAAmB;YAC3B,WAAW,EAAE,KAAK;SACnB;QACD;YACE,GAAG,EAAE,GAAG,YAAY,eAAe,kBAAkB,CAAC,KAAK,CAAC,EAAE;YAC9D,MAAM,EAAE,OAAO;YACf,WAAW,EAAE,IAAI;SAClB;QACD;YACE,GAAG,EAAE,GAAG,YAAY,wBAAwB;YAC5C,MAAM,EAAE,wBAAwB;YAChC,WAAW,EAAE,KAAK;SACnB;KACF,CAAC;IAEF,MAAM,MAAM,GAAY,EAAE,CAAC;IAE3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,wBAAwB;YACxB,WAAW,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,cAAc,EAAE,CAAC,CAAC;YAEzD,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;YAEnE,sBAAsB;YACtB,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YAC3D,IAAI,aAAa,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;gBAC5E,MAAM,IAAI,SAAS,CACjB,UAAU,CAAC,cAAc,EACzB,uBAAuB,aAAa,QAAQ,CAC7C,CAAC;YACJ,CAAC;YAED,iBAAiB;YACjB,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YACjC,IAAI,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;gBAC3C,MAAM,IAAI,SAAS,CAAC,UAAU,CAAC,cAAc,EAAE,uBAAuB,IAAI,CAAC,MAAM,QAAQ,CAAC,CAAC;YAC7F,CAAC;YAED,IAAI,IAAa,CAAC;YAClB,IAAI,CAAC;gBACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC1B,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,EAAE,uBAAuB,CAAC,CAAC;YACxE,CAAC;YAED,cAAc;YACd,IAAI,GAAG,GAAe,IAAI,CAAC;YAE3B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,2CAA2C;gBAC3C,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;YAC1B,CAAC;iBAAM,CAAC;gBACN,gCAAgC;gBAChC,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;gBACjD,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC7B,CAAC;YAED,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,SAAS,CAAC,gBAAgB;YAC5B,CAAC;YAED,gBAAgB;YAChB,MAAM,kBAAkB,GAAG,uBAAuB,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC;YACxF,MAAM,GAAG,GAAG,YAAY,CACtB,kBAAkB,EAClB,OAAO,CAAC,iBAAiB,EACzB,OAAO,CAAC,aAAa,EACrB,OAAO,CAAC,aAAa,CACtB,CAAC;YAEF,gBAAgB;YAChB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE;gBACxB,GAAG;gBACH,SAAS,EAAE,GAAG,GAAG,GAAG;gBACpB,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS;aAC9C,CAAC,CAAC;YAEH,OAAO;gBACL,GAAG;gBACH,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,MAAM,EAAE,KAAK;aACd,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,KAAc,CAAC,CAAC;YAC5B,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,6EAA6E;IAC7E,+EAA+E;IAC/E,sEAAsE;IACtE,gEAAgE;IAChE,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,yEAAyE;QACzE,4EAA4E;QAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAC/B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,YAAY,SAAS;YACtB,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,iBAAiB,IAAI,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,YAAY,CAAC,CAClF,CAAC;QACF,IAAI,UAAU,IAAI,YAAY,IAAI,UAAU,IAAI,KAAK,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;YAC9F,MAAM,UAAU,GAAG,MACjB,KACD,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACrB,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;gBAC1C,MAAM,QAAQ,GAAG,GAAG,GAAG,UAAU,CAAC,SAAS,CAAC;gBAC5C,IAAI,QAAQ,IAAI,CAAC,IAAI,QAAQ,IAAI,kBAAkB,EAAE,CAAC;oBACpD,OAAO;wBACL,GAAG,EAAE,UAAU,CAAC,GAAG;wBACnB,MAAM,EAAE,mBAAmB;wBAC3B,MAAM,EAAE,IAAI;wBACZ,KAAK,EAAE,IAAI;wBACX,eAAe,EAAE,QAAQ;wBACzB,YAAY,EAAE,UAAU,CAAC,SAAS;qBACnC,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC5C,IAAI,SAAS,YAAY,SAAS,EAAE,CAAC;YACnC,MAAM,SAAS,CAAC;QAClB,CAAC;QACD,MAAM,IAAI,SAAS,CACjB,UAAU,CAAC,gBAAgB,EAC3B,kCAAkC,YAAY,EAAE,CACjD,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAAC,GAAW,EAAE,SAAiB;IAC5D,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;IAEhE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,QAAQ,EAAE,OAAO,EAAE,sCAAsC;YACzD,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;aAC3B;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,SAAS,CACjB,UAAU,CAAC,iBAAiB,EAC5B,QAAQ,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,UAAU,EAAE,CAClD,CAAC;QACJ,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAK,KAAe,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC3C,MAAM,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,EAAE,uBAAuB,SAAS,IAAI,CAAC,CAAC;QACrF,CAAC;QACD,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;YAC/B,MAAM,KAAK,CAAC;QACd,CAAC;QACD,MAAM,IAAI,SAAS,CAAC,UAAU,CAAC,iBAAiB,EAAE,iBAAkB,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;IACjG,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,IAAa;IAChC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAA+B,CAAC;IAE5C,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC5E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,CAAC,EAAE,GAAG,CAAC,CAAC;QACR,GAAG,EAAE,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QACtD,GAAG,EAAE,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QACtD,GAAG,EAAE,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;KACvD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,IAAa,EAAE,OAAe;IAClD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,EAAE,wBAAwB,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,IAAI,GAAG,IAA+B,CAAC;IAE7C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,EAAE,2BAA2B,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,OAAO,EAAE,CAAC;QAC/B,MAAM,IAAI,SAAS,CACjB,UAAU,CAAC,kBAAkB,EAC7B,kBAAkB,IAAI,CAAC,IAAI,CAAC,MAAM,MAAM,OAAO,EAAE,CAClD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAa,EAAE,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAS,OAAO,CAAC,IAAU,EAAE,KAAa;IACxC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACtB,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CACnB,kBAAiC,EACjC,UAAkB,EAClB,MAAc,EACd,MAAc;IAEd,IAAI,GAAG,GAAG,kBAAkB,IAAI,UAAU,CAAC;IAC3C,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC5B,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC5B,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,GAAQ;IAC/C,OAAO,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL;QACE,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,CAAC,EAAE,GAAG,CAAC,CAAC;KACT,EACD,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,GAAQ;IAC9C,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAE1C,OAAO,KAAK,EAAE,IAAgB,EAAE,SAAqB,EAAoB,EAAE;QACzE,wDAAwD;QACxD,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC;QACnD,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QAK/C,OAAO,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,GAAgB,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAC7F,CAAC,CAAC;AACJ,CAAC"}

package/dist/security.js

@@ -1,88 +0,0 @@
-/**
- * SSRF protection for JWKS fetching.
- *
- * Edge runtimes cannot reliably block private IPs via DNS resolution.
- * This module implements what IS possible at the edge.
- */
-import { ErrorCodes, JwksError } from './errors.js';
-/**
- * Validate URL for SSRF protection.
- *
- * @param url - URL to validate
- * @param options - Validation options
- * @throws JwksError if URL is blocked
- */
-export function validateUrl(url, options = {}) {
-    let parsed;
-    try {
-        parsed = new URL(url);
-    }
-    catch {
-        throw new JwksError(ErrorCodes.SSRF_BLOCKED, `Invalid URL: ${url}`);
-    }
-    // HTTPS required (except localhost in dev)
-    if (parsed.protocol !== 'https:') {
-        if (parsed.protocol === 'http:' && options.allowLocalhost && isLocalhostHost(parsed.hostname)) {
-            // Allow http://localhost in dev mode
-        }
-        else {
-            throw new JwksError(ErrorCodes.SSRF_BLOCKED, `HTTPS required, got ${parsed.protocol}`);
-        }
-    }
-    // Block localhost variants (unless explicitly allowed)
-    if (isLocalhostHost(parsed.hostname) && !options.allowLocalhost) {
-        throw new JwksError(ErrorCodes.SSRF_BLOCKED, `Localhost blocked: ${parsed.hostname}`);
-    }
-    // Block literal IP addresses in URL
-    if (isLiteralIp(parsed.hostname)) {
-        throw new JwksError(ErrorCodes.SSRF_BLOCKED, `Literal IP addresses blocked: ${parsed.hostname}`);
-    }
-    // Check enterprise allowlist if provided
-    if (options.isAllowedHost && !options.isAllowedHost(parsed.hostname)) {
-        throw new JwksError(ErrorCodes.SSRF_BLOCKED, `Host not in allowlist: ${parsed.hostname}`);
-    }
-}
-/**
- * Check if hostname is localhost variant.
- */
-function isLocalhostHost(hostname) {
-    const lower = hostname.toLowerCase();
-    return (lower === 'localhost' ||
-        lower === '127.0.0.1' ||
-        lower === '::1' ||
-        lower === '[::1]' ||
-        lower.endsWith('.localhost'));
-}
-/**
- * Check if hostname is a literal IP address.
- */
-function isLiteralIp(hostname) {
-    // IPv4 pattern
-    if (/^(\d{1,3}\.){3}\d{1,3}$/.test(hostname)) {
-        return true;
-    }
-    // IPv6 pattern (with or without brackets)
-    if (hostname.startsWith('[') && hostname.endsWith(']')) {
-        return true;
-    }
-    // Colon indicates IPv6 (no brackets)
-    if (hostname.includes(':')) {
-        return true;
-    }
-    return false;
-}
-/**
- * Check if hostname is a metadata IP.
- */
-export function isMetadataIp(hostname) {
-    // AWS/GCP/Azure metadata service
-    if (hostname === '169.254.169.254') {
-        return true;
-    }
-    // Link-local range (169.254.x.x)
-    if (hostname.startsWith('169.254.')) {
-        return true;
-    }
-    return false;
-}
-//# sourceMappingURL=security.js.map

package/dist/security.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"security.js","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAEpD;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CACzB,GAAW,EACX,UAGI,EAAE;IAEN,IAAI,MAAW,CAAC;IAEhB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,EAAE,gBAAgB,GAAG,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,2CAA2C;IAC3C,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,OAAO,CAAC,cAAc,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9F,qCAAqC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,EAAE,uBAAuB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,uDAAuD;IACvD,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAChE,MAAM,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,EAAE,sBAAsB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxF,CAAC;IAED,oCAAoC;IACpC,IAAI,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CACjB,UAAU,CAAC,YAAY,EACvB,iCAAiC,MAAM,CAAC,QAAQ,EAAE,CACnD,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,IAAI,OAAO,CAAC,aAAa,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,EAAE,0BAA0B,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5F,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,QAAgB;IACvC,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACrC,OAAO,CACL,KAAK,KAAK,WAAW;QACrB,KAAK,KAAK,WAAW;QACrB,KAAK,KAAK,KAAK;QACf,KAAK,KAAK,OAAO;QACjB,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAC7B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,QAAgB;IACnC,eAAe;IACf,IAAI,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0CAA0C;IAC1C,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qCAAqC;IACrC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,iCAAiC;IACjC,IAAI,QAAQ,KAAK,iBAAiB,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iCAAiC;IACjC,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/types.js

@@ -1,5 +0,0 @@
-/**
- * @peac/jwks-cache - Edge-safe JWKS types
- */
-export {};
-//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}