@pod-os/elements 0.1.2-da0e5dd.0 → 0.2.0

package/dist/esm/ion-app_36.entry.js

@@ -2665,26 +2665,26 @@ var require_InruptError = __commonJS({
       }
       static lookupErrorIri(iri, messageParams) {
         if (InruptError.determineIfVocabTerm(iri)) {
-          const message = messageParams === void 0 ? iri.message : iri.messageParams(...messageParams);
-          return message === void 0 ? `Looked up error message IRI [${iri.value}], but found no message value.` : message;
+          const message2 = messageParams === void 0 ? iri.message : iri.messageParams(...messageParams);
+          return message2 === void 0 ? `Looked up error message IRI [${iri.value}], but found no message value.` : message2;
         }
         return `Error message looked up at: [${iri.value}]${messageParams === void 0 ? "" : `, with params [${messageParams.toString()}]`}`;
       }
-      static appendHttpResponseDetails(message, response, append) {
+      static appendHttpResponseDetails(message2, response, append) {
         if (append && typeof response !== "undefined") {
-          return `${message} HTTP details: status code [${response.status}], status text [${response.statusText}].`;
+          return `${message2} HTTP details: status code [${response.status}], status text [${response.statusText}].`;
         }
-        return message;
+        return message2;
       }
-      static appendErrorIri(message, iri, append) {
-        return append ? `${message} Error IRI: [${iri.value}].` : message;
+      static appendErrorIri(message2, iri, append) {
+        return append ? `${message2} Error IRI: [${iri.value}].` : message2;
       }
-      static substituteParams(message, params) {
-        let fullMessage = message;
+      static substituteParams(message2, params) {
+        let fullMessage = message2;
         if (params !== void 0) {
-          const paramsRequired = message.split("{{").length - 1;
+          const paramsRequired = message2.split("{{").length - 1;
           if (paramsRequired !== params.length) {
-            throw new Error(`Setting parameters on message [${message}], but it requires [${paramsRequired}] params and we received [${params.length}].`);
+            throw new Error(`Setting parameters on message [${message2}], but it requires [${paramsRequired}] params and we received [${params.length}].`);
           }
           for (let i = 0; i < params.length; i += 1) {
             const marker = `{{${i}}}`;
@@ -3114,10 +3114,10 @@ var require_browser_ponyfill = __commonJS({
         try {
           new exports2.DOMException();
         } catch (err) {
-          exports2.DOMException = function(message, name) {
-            this.message = message;
+          exports2.DOMException = function(message2, name) {
+            this.message = message2;
             this.name = name;
-            var error2 = Error(message);
+            var error2 = Error(message2);
             this.stack = error2.stack;
           };
           exports2.DOMException.prototype = Object.create(Error.prototype);
@@ -3349,9 +3349,9 @@ var JOSEError, JWTClaimValidationFailed, JWTExpired, JOSEAlgNotAllowed, JOSENotS
 var init_errors = __esm({
   "../node_modules/jose/dist/browser/util/errors.js"() {
     JOSEError = class extends Error {
-      constructor(message) {
+      constructor(message2) {
         var _a;
-        super(message);
+        super(message2);
         this.code = "ERR_JOSE_GENERIC";
         this.name = this.constructor.name;
         (_a = Error.captureStackTrace) === null || _a === void 0 ? void 0 : _a.call(Error, this, this.constructor);
@@ -3361,8 +3361,8 @@ var init_errors = __esm({
       }
     };
     JWTClaimValidationFailed = class extends JOSEError {
-      constructor(message, claim = "unspecified", reason = "unspecified") {
-        super(message);
+      constructor(message2, claim = "unspecified", reason = "unspecified") {
+        super(message2);
         this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED";
         this.claim = claim;
         this.reason = reason;
@@ -3372,8 +3372,8 @@ var init_errors = __esm({
       }
     };
     JWTExpired = class extends JOSEError {
-      constructor(message, claim = "unspecified", reason = "unspecified") {
-        super(message);
+      constructor(message2, claim = "unspecified", reason = "unspecified") {
+        super(message2);
         this.code = "ERR_JWT_EXPIRED";
         this.claim = claim;
         this.reason = reason;
@@ -3555,8 +3555,9 @@ var init_check_cek_length = __esm({
   "../node_modules/jose/dist/browser/runtime/check_cek_length.js"() {
     init_errors();
     checkCekLength = (cek, expected) => {
-      if (cek.length << 3 !== expected) {
-        throw new JWEInvalid("Invalid Content Encryption Key length");
+      const actual = cek.byteLength << 3;
+      if (actual !== expected) {
+        throw new JWEInvalid(`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`);
       }
     };
     check_cek_length_default = checkCekLength;
@@ -3591,7 +3592,7 @@ var init_timing_safe_equal = __esm({
 
 // ../node_modules/jose/dist/browser/runtime/env.js
 function isCloudflareWorkers() {
-  return typeof WebSocketPair === "function";
+  return typeof WebSocketPair !== "undefined" || typeof navigator !== "undefined" && navigator.userAgent === "Cloudflare-Workers" || typeof EdgeRuntime !== "undefined" && EdgeRuntime === "vercel";
 }
 var init_env = __esm({
   "../node_modules/jose/dist/browser/runtime/env.js"() {
@@ -3674,6 +3675,12 @@ function checkSigCryptoKey(key, alg, ...usages) {
         throw unusable("NODE-ED25519");
       break;
     }
+    case "EdDSA": {
+      if (key.algorithm.name !== "Ed25519" && key.algorithm.name !== "Ed448") {
+        throw unusable("Ed25519 or Ed448");
+      }
+      break;
+    }
     case "ES256":
     case "ES384":
     case "ES512": {
@@ -3714,10 +3721,17 @@ function checkEncCryptoKey(key, alg, ...usages) {
         throw unusable(expected, "algorithm.length");
       break;
     }
-    case "ECDH":
-      if (!isAlgorithm(key.algorithm, "ECDH"))
-        throw unusable("ECDH");
+    case "ECDH": {
+      switch (key.algorithm.name) {
+        case "ECDH":
+        case "X25519":
+        case "X448":
+          break;
+        default:
+          throw unusable("ECDH, X25519, or X448");
+      }
       break;
+    }
     case "PBES2-HS256+A128KW":
     case "PBES2-HS384+A192KW":
     case "PBES2-HS512+A256KW":
@@ -3748,29 +3762,34 @@ var init_crypto_key = __esm({
 });
 
 // ../node_modules/jose/dist/browser/lib/invalid_key_input.js
+function message(msg2, actual, ...types2) {
+  if (types2.length > 2) {
+    const last = types2.pop();
+    msg2 += `one of type ${types2.join(", ")}, or ${last}.`;
+  } else if (types2.length === 2) {
+    msg2 += `one of type ${types2[0]} or ${types2[1]}.`;
+  } else {
+    msg2 += `of type ${types2[0]}.`;
+  }
+  if (actual == null) {
+    msg2 += ` Received ${actual}`;
+  } else if (typeof actual === "function" && actual.name) {
+    msg2 += ` Received function ${actual.name}`;
+  } else if (typeof actual === "object" && actual != null) {
+    if (actual.constructor && actual.constructor.name) {
+      msg2 += ` Received an instance of ${actual.constructor.name}`;
+    }
+  }
+  return msg2;
+}
+function withAlg(alg, actual, ...types2) {
+  return message(`Key for the ${alg} algorithm must be `, actual, ...types2);
+}
 var invalid_key_input_default;
 var init_invalid_key_input = __esm({
   "../node_modules/jose/dist/browser/lib/invalid_key_input.js"() {
     invalid_key_input_default = (actual, ...types2) => {
-      let msg2 = "Key must be ";
-      if (types2.length > 2) {
-        const last = types2.pop();
-        msg2 += `one of type ${types2.join(", ")}, or ${last}.`;
-      } else if (types2.length === 2) {
-        msg2 += `one of type ${types2[0]} or ${types2[1]}.`;
-      } else {
-        msg2 += `of type ${types2[0]}.`;
-      }
-      if (actual == null) {
-        msg2 += ` Received ${actual}`;
-      } else if (typeof actual === "function" && actual.name) {
-        msg2 += ` Received function ${actual.name}`;
-      } else if (typeof actual === "object" && actual != null) {
-        if (actual.constructor && actual.constructor.name) {
-          msg2 += ` Received an instance of ${actual.constructor.name}`;
-        }
-      }
-      return msg2;
+      return message("Key must be ", actual, ...types2);
     };
   }
 });
@@ -4003,10 +4022,18 @@ async function deriveKey(publicKey, privateKey, algorithm, keyLength, apu = new
   }
   checkEncCryptoKey(privateKey, "ECDH", "deriveBits");
   const value = concat(lengthAndInput(encoder.encode(algorithm)), lengthAndInput(apu), lengthAndInput(apv), uint32be(keyLength));
+  let length;
+  if (publicKey.algorithm.name === "X25519") {
+    length = 256;
+  } else if (publicKey.algorithm.name === "X448") {
+    length = 448;
+  } else {
+    length = Math.ceil(parseInt(publicKey.algorithm.namedCurve.substr(-3), 10) / 8) << 3;
+  }
   const sharedSecret = new Uint8Array(await webcrypto_default.subtle.deriveBits({
-    name: "ECDH",
+    name: publicKey.algorithm.name,
     public: publicKey
-  }, privateKey, Math.ceil(parseInt(privateKey.algorithm.namedCurve.slice(-3), 10) / 8) << 3));
+  }, privateKey, length));
   return concatKdf(sharedSecret, keyLength, value);
 }
 async function generateEpk(key) {
@@ -4019,7 +4046,7 @@ function ecdhAllowed(key) {
   if (!isCryptoKey(key)) {
     throw new TypeError(invalid_key_input_default(key, ...types));
   }
-  return ["P-256", "P-384", "P-521"].includes(key.algorithm.namedCurve);
+  return ["P-256", "P-384", "P-521"].includes(key.algorithm.namedCurve) || key.algorithm.name === "X25519" || key.algorithm.name === "X448";
 }
 var init_ecdhes = __esm({
   "../node_modules/jose/dist/browser/runtime/ecdhes.js"() {
@@ -4268,8 +4295,14 @@ var init_asn1 = __esm({
           return "P-384";
         case findOid(keyData, [43, 129, 4, 0, 35]):
           return "P-521";
-        case (isCloudflareWorkers() && findOid(keyData, [43, 101, 112])):
+        case findOid(keyData, [43, 101, 110]):
+          return "X25519";
+        case findOid(keyData, [43, 101, 111]):
+          return "X448";
+        case findOid(keyData, [43, 101, 112]):
           return "Ed25519";
+        case findOid(keyData, [43, 101, 113]):
+          return "Ed448";
         default:
           throw new JOSENotSupported("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
       }
@@ -4318,15 +4351,22 @@ var init_asn1 = __esm({
         case "ECDH-ES":
         case "ECDH-ES+A128KW":
         case "ECDH-ES+A192KW":
-        case "ECDH-ES+A256KW":
-          algorithm = { name: "ECDH", namedCurve: getNamedCurve2(keyData) };
+        case "ECDH-ES+A256KW": {
+          const namedCurve = getNamedCurve2(keyData);
+          algorithm = namedCurve.startsWith("P-") ? { name: "ECDH", namedCurve } : { name: namedCurve };
           keyUsages = isPublic ? [] : ["deriveBits"];
           break;
-        case (isCloudflareWorkers() && "EdDSA"):
+        }
+        case (isCloudflareWorkers() && "EdDSA"): {
           const namedCurve = getNamedCurve2(keyData).toUpperCase();
           algorithm = { name: `NODE-${namedCurve}`, namedCurve: `NODE-${namedCurve}` };
           keyUsages = isPublic ? ["verify"] : ["sign"];
           break;
+        }
+        case "EdDSA":
+          algorithm = { name: getNamedCurve2(keyData) };
+          keyUsages = isPublic ? ["verify"] : ["sign"];
+          break;
         default:
           throw new JOSENotSupported('Invalid or unsupported "alg" (Algorithm) value');
       }
@@ -4449,9 +4489,27 @@ function subtleMapping(jwk) {
           keyUsages = jwk.d ? ["sign"] : ["verify"];
           break;
         default:
-          throw new JOSENotSupported('Invalid or unsupported JWK "crv" (Subtype of Key Pair) Parameter value');
+          throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
+    case "OKP": {
+      switch (jwk.alg) {
+        case "EdDSA":
+          algorithm = { name: jwk.crv };
+          keyUsages = jwk.d ? ["sign"] : ["verify"];
+          break;
+        case "ECDH-ES":
+        case "ECDH-ES+A128KW":
+        case "ECDH-ES+A192KW":
+        case "ECDH-ES+A256KW":
+          algorithm = { name: jwk.crv };
+          keyUsages = jwk.d ? ["deriveBits"] : [];
+          break;
+        default:
+          throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+      }
+      break;
+    }
     default:
       throw new JOSENotSupported('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
   }
@@ -4511,18 +4569,12 @@ function parseElement(bytes) {
   if (bytes[position] < 128) {
     length = bytes[position];
     position++;
-  } else {
-    let numberOfDigits = bytes[position] & 127;
-    position++;
-    length = 0;
-    for (let i = 0; i < numberOfDigits; i++) {
-      length = length * 256 + bytes[position];
-      position++;
-    }
-  }
-  if (length === 128) {
+  } else if (length === 128) {
     length = 0;
     while (bytes[position + length] !== 0 || bytes[position + length + 1] !== 0) {
+      if (length > bytes.byteLength) {
+        throw new TypeError("invalid indefinite form length");
+      }
       length++;
     }
     const byteLength2 = position + length + 2;
@@ -4531,6 +4583,14 @@ function parseElement(bytes) {
       contents: bytes.subarray(position, position + length),
       raw: bytes.subarray(0, byteLength2)
     };
+  } else {
+    let numberOfDigits = bytes[position] & 127;
+    position++;
+    length = 0;
+    for (let i = 0; i < numberOfDigits; i++) {
+      length = length * 256 + bytes[position];
+      position++;
+    }
   }
   const byteLength = position + length;
   return {
@@ -4558,7 +4618,12 @@ async function importX509(x509, alg, options) {
   if (typeof x509 !== "string" || x509.indexOf("-----BEGIN CERTIFICATE-----") !== 0) {
     throw new TypeError('"x509" must be X.509 formatted string');
   }
-  const spki = getSPKI(x509);
+  let spki;
+  try {
+    spki = getSPKI(x509);
+  } catch (cause) {
+    throw new TypeError("failed to parse the X.509 certificate", { cause });
+  }
   return fromSPKI(spki, alg, options);
 }
 async function importPKCS8(pkcs8, alg, options) {
@@ -4614,19 +4679,19 @@ var init_check_key_type = __esm({
   "../node_modules/jose/dist/browser/lib/check_key_type.js"() {
     init_invalid_key_input();
     init_is_key_like();
-    symmetricTypeCheck = (key) => {
+    symmetricTypeCheck = (alg, key) => {
       if (key instanceof Uint8Array)
         return;
       if (!is_key_like_default(key)) {
-        throw new TypeError(invalid_key_input_default(key, ...types, "Uint8Array"));
+        throw new TypeError(withAlg(alg, key, ...types, "Uint8Array"));
       }
       if (key.type !== "secret") {
         throw new TypeError(`${types.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
       }
     };
-    asymmetricTypeCheck = (key, usage) => {
+    asymmetricTypeCheck = (alg, key, usage) => {
       if (!is_key_like_default(key)) {
-        throw new TypeError(invalid_key_input_default(key, ...types));
+        throw new TypeError(withAlg(alg, key, ...types));
       }
       if (key.type === "secret") {
         throw new TypeError(`${types.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
@@ -4647,9 +4712,9 @@ var init_check_key_type = __esm({
     checkKeyType = (alg, key, usage) => {
       const symmetric = alg.startsWith("HS") || alg === "dir" || alg.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(alg);
       if (symmetric) {
-        symmetricTypeCheck(key);
+        symmetricTypeCheck(alg, key);
       } else {
-        asymmetricTypeCheck(key, usage);
+        asymmetricTypeCheck(alg, key, usage);
       }
     };
     check_key_type_default = checkKeyType;
@@ -4751,7 +4816,7 @@ var init_aesgcmkw = __esm({
 });
 
 // ../node_modules/jose/dist/browser/lib/decrypt_key_management.js
-async function decryptKeyManagement(alg, key, encryptedKey, joseHeader) {
+async function decryptKeyManagement(alg, key, encryptedKey, joseHeader, options) {
   check_key_type_default(alg, key, "decrypt");
   switch (alg) {
     case "dir": {
@@ -4805,6 +4870,9 @@ async function decryptKeyManagement(alg, key, encryptedKey, joseHeader) {
         throw new JWEInvalid("JWE Encrypted Key missing");
       if (typeof joseHeader.p2c !== "number")
         throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) missing or invalid`);
+      const p2cLimit = (options === null || options === void 0 ? void 0 : options.maxPBES2Count) || 1e4;
+      if (joseHeader.p2c > p2cLimit)
+        throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) out is of acceptable bounds`);
       if (typeof joseHeader.p2s !== "string")
         throw new JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`);
       return decrypt2(alg, key, encryptedKey, joseHeader.p2c, decode(joseHeader.p2s));
@@ -4991,9 +5059,9 @@ async function flattenedDecrypt(jwe, key, options) {
   }
   let cek;
   try {
-    cek = await decrypt_key_management_default(alg, key, encryptedKey, joseHeader);
+    cek = await decrypt_key_management_default(alg, key, encryptedKey, joseHeader, options);
   } catch (err) {
-    if (err instanceof TypeError) {
+    if (err instanceof TypeError || err instanceof JWEInvalid || err instanceof JOSENotSupported) {
       throw err;
     }
     cek = cek_default(enc);
@@ -5621,6 +5689,8 @@ function subtleDsa(alg, algorithm) {
     case (isCloudflareWorkers() && "EdDSA"):
       const { namedCurve } = algorithm;
       return { name: namedCurve, namedCurve };
+    case "EdDSA":
+      return { name: algorithm.name };
     default:
       throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
   }
@@ -6911,7 +6981,7 @@ function getModulusLengthOption(options) {
   return modulusLength;
 }
 async function generateKeyPair(alg, options) {
-  var _a, _b;
+  var _a, _b, _c;
   let algorithm;
   let keyUsages;
   switch (alg) {
@@ -6972,17 +7042,44 @@ async function generateKeyPair(alg, options) {
           throw new JOSENotSupported("Invalid or unsupported crv option provided");
       }
       break;
+    case "EdDSA":
+      keyUsages = ["sign", "verify"];
+      const crv = (_a = options === null || options === void 0 ? void 0 : options.crv) !== null && _a !== void 0 ? _a : "Ed25519";
+      switch (crv) {
+        case "Ed25519":
+        case "Ed448":
+          algorithm = { name: crv };
+          break;
+        default:
+          throw new JOSENotSupported("Invalid or unsupported crv option provided");
+      }
+      break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
-    case "ECDH-ES+A256KW":
-      algorithm = { name: "ECDH", namedCurve: (_a = options === null || options === void 0 ? void 0 : options.crv) !== null && _a !== void 0 ? _a : "P-256" };
+    case "ECDH-ES+A256KW": {
       keyUsages = ["deriveKey", "deriveBits"];
+      const crv2 = (_b = options === null || options === void 0 ? void 0 : options.crv) !== null && _b !== void 0 ? _b : "P-256";
+      switch (crv2) {
+        case "P-256":
+        case "P-384":
+        case "P-521": {
+          algorithm = { name: "ECDH", namedCurve: crv2 };
+          break;
+        }
+        case "X25519":
+        case "X448":
+          algorithm = { name: crv2 };
+          break;
+        default:
+          throw new JOSENotSupported("Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448");
+      }
       break;
+    }
     default:
       throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
   }
-  return webcrypto_default.subtle.generateKey(algorithm, (_b = options === null || options === void 0 ? void 0 : options.extractable) !== null && _b !== void 0 ? _b : false, keyUsages);
+  return webcrypto_default.subtle.generateKey(algorithm, (_c = options === null || options === void 0 ? void 0 : options.extractable) !== null && _c !== void 0 ? _c : false, keyUsages);
 }
 var init_generate = __esm({
   "../node_modules/jose/dist/browser/runtime/generate.js"() {
@@ -7370,8 +7467,8 @@ var require_ConfigurationError = __commonJS({
   "../node_modules/@inrupt/solid-client-authn-core/dist/errors/ConfigurationError.js"(exports) {
     Object.defineProperty(exports, "__esModule", { value: true });
     var ConfigurationError = class extends Error {
-      constructor(message) {
-        super(message);
+      constructor(message2) {
+        super(message2);
       }
     };
     exports.default = ConfigurationError;
@@ -7412,8 +7509,8 @@ var require_OidcProviderError = __commonJS({
     Object.defineProperty(exports, "__esModule", { value: true });
     exports.OidcProviderError = void 0;
     var OidcProviderError = class extends Error {
-      constructor(message, error2, errorDescription) {
-        super(message);
+      constructor(message2, error2, errorDescription) {
+        super(message2);
         this.error = error2;
         this.errorDescription = errorDescription;
       }
@@ -18142,10 +18239,10 @@ var require_graphTypes = __commonJS({
 var require_JsonLdError = __commonJS({
   "../node_modules/jsonld/lib/JsonLdError.js"(exports, module2) {
     module2.exports = class JsonLdError extends Error {
-      constructor(message = "An unspecified JSON-LD error occurred.", name = "jsonld.Error", details = {}) {
-        super(message);
+      constructor(message2 = "An unspecified JSON-LD error occurred.", name = "jsonld.Error", details = {}) {
+        super(message2);
         this.name = name;
-        this.message = message;
+        this.message = message2;
         this.details = details;
       }
     };
@@ -24912,9 +25009,9 @@ var require_dom = __commonJS({
     ExceptionCode.INVALID_MODIFICATION_ERR = (ExceptionMessage[13] = "Invalid modification", 13);
     ExceptionCode.NAMESPACE_ERR = (ExceptionMessage[14] = "Invalid namespace", 14);
     ExceptionCode.INVALID_ACCESS_ERR = (ExceptionMessage[15] = "Invalid access", 15);
-    function DOMException(code, message) {
-      if (message instanceof Error) {
-        var error2 = message;
+    function DOMException(code, message2) {
+      if (message2 instanceof Error) {
+        var error2 = message2;
       } else {
         error2 = this;
         Error.call(this, ExceptionMessage[code]);
@@ -24923,8 +25020,8 @@ var require_dom = __commonJS({
           Error.captureStackTrace(this, DOMException);
       }
       error2.code = code;
-      if (message)
-        this.message = this.message + ": " + message;
+      if (message2)
+        this.message = this.message + ": " + message2;
       return error2;
     }
     DOMException.prototype = Error.prototype;
@@ -26215,8 +26312,8 @@ var require_sax = __commonJS({
     var S_ATTR_END = 5;
     var S_TAG_SPACE = 6;
     var S_TAG_CLOSE = 7;
-    function ParseError(message, locator) {
-      this.message = message;
+    function ParseError(message2, locator) {
+      this.message = message2;
       this.locator = locator;
       if (Error.captureStackTrace)
         Error.captureStackTrace(this, ParseError);
@@ -27080,19 +27177,59 @@ var BrowserSession = class {
   }
 };
 
+// src/files/BinaryFile.ts
+var BinaryFile = class {
+  constructor(url, data) {
+    this.url = url;
+    this.data = data;
+  }
+  blob() {
+    return this.data;
+  }
+};
+
+// src/files/BrokenFile.ts
+var BrokenFile = class {
+  constructor(url, status) {
+    this.url = url;
+    this.status = status;
+  }
+  toString() {
+    return `${this.status.toString()} - ${this.url}`;
+  }
+  blob() {
+    return null;
+  }
+};
+
+// src/files/HttpStatus.ts
+var HttpStatus = class {
+  constructor(code, text) {
+    this.code = code;
+    this.text = text;
+  }
+  toString() {
+    return this.text ? `${this.code} - ${this.text}` : this.code.toString();
+  }
+};
+
 // src/files/FileFetcher.ts
 var FileFetcher = class {
   constructor(session) {
     this.session = session;
   }
-  fetchBlob(url) {
+  fetchFile(url) {
     return __async(this, null, function* () {
-      return this.session.authenticatedFetch(url).then((response) => {
-        if (!response.ok) {
-          throw new Error(`${response.status} - ${response.statusText}`);
-        }
-        return response.blob();
-      });
+      const response = yield this.session.authenticatedFetch(url);
+      if (response.ok) {
+        const blob = yield response.blob();
+        return new BinaryFile(url, blob);
+      } else {
+        return new BrokenFile(
+          url,
+          new HttpStatus(response.status, response.statusText)
+        );
+      }
     });
   }
 };
@@ -27512,8 +27649,8 @@ var NamedNode = /* @__PURE__ */ function(_Node) {
       throw new Error('NamedNode IRI "' + iri + '" must be absolute.');
     }
     if (_this.value.includes(" ")) {
-      var message = 'Error: NamedNode IRI "' + iri + '" must not contain unencoded spaces.';
-      throw new Error(message);
+      var message2 = 'Error: NamedNode IRI "' + iri + '" must not contain unencoded spaces.';
+      throw new Error(message2);
     }
     return _this;
   }
@@ -30997,8 +31134,8 @@ var N3Parser = class {
   _emit(subject, predicate, object, graph3) {
     this._callback(null, this._quad(subject, predicate, object, graph3 || this.DEFAULTGRAPH));
   }
-  _error(message, token) {
-    const err = new Error(`${message} on line ${token.line}.`);
+  _error(message2, token) {
+    const err = new Error(`${message2} on line ${token.line}.`);
     err.context = {
       token,
       line: token.line,
@@ -38701,13 +38838,13 @@ var Fetcher = /* @__PURE__ */ function() {
           }
         }
       }, function(err) {
-        var message = err.message || err.statusText;
-        message = "Failed to load  <" + uri + "> " + message;
-        console.log(message);
+        var message2 = err.message || err.statusText;
+        message2 = "Failed to load  <" + uri + "> " + message2;
+        console.log(message2);
         if (err.response && err.response.status) {
-          message += " status: " + err.response.status;
+          message2 += " status: " + err.response.status;
         }
-        userCallback(false, message, err.response);
+        userCallback(false, message2, err.response);
       });
     }
   }, {
@@ -39199,16 +39336,16 @@ var Fetcher = /* @__PURE__ */ function() {
           return this.redirectToProxy(proxyUri, options);
         }
       }
-      var message;
+      var message2;
       if (response instanceof Error) {
-        message = "Fetch error: " + response.message;
+        message2 = "Fetch error: " + response.message;
       } else {
-        message = response.statusText;
+        message2 = response.statusText;
         if (response.responseText) {
-          message += " ".concat(response.responseText);
+          message2 += " ".concat(response.responseText);
         }
       }
-      return this.failFetch(options, message, response.status || 998, response);
+      return this.failFetch(options, message2, response.status || 998, response);
     }
   }, {
     key: "addType",
@@ -39663,8 +39800,8 @@ var PodOS = class {
   fetch(uri) {
     return this.store.fetch(uri);
   }
-  fetchBlob(url) {
-    return this.fileFetcher.fetchBlob(url);
+  fetchFile(url) {
+    return this.fileFetcher.fetchFile(url);
   }
   trackSession(callback) {
     return this.session.trackSession(callback);
@@ -39795,7 +39932,28 @@ const PosDescription = class {
   }
 };
 
-const posImageCss = ":host{--width:300px;--height:300px;--border-radius:0}img,ion-skeleton-text{border-radius:var(--border-radius);width:var(--width);height:var(--height)}";
+const BrokenImage = ({ file }) => {
+  const iconName = iconForStatus(file.status);
+  return (h("div", null,
+    h("a", { class: "error", href: file.url },
+      h("div", null,
+        h("ion-icon", { name: iconName })),
+      h("div", { class: "code" }, file.status.code),
+      h("div", { class: "text" }, file.status.text))));
+};
+function iconForStatus(status) {
+  switch (status.code) {
+    case 401:
+    case 403:
+      return 'lock-closed-outline';
+    case 404:
+      return 'help-circle-outline';
+    default:
+      return 'alert-circle-outline';
+  }
+}
+
+const posImageCss = ":host{--width:300px;--height:300px;--border-radius:0}img,ion-skeleton-text,div.error{border-radius:var(--border-radius);width:var(--width);height:var(--height)}.error{display:flex;opacity:0.8;background:repeating-linear-gradient( -45deg, rgba(150, 0, 0, 0.1), rgba(150, 0, 0, 0.1) 10px, #fff 5px, #fff 25px );flex-direction:column;border:1px solid red;color:black;align-items:center;justify-content:center;word-break:break-all;padding:1rem;box-sizing:border-box}.error ion-icon{color:#282828;--ionicon-stroke-width:calc(var(--width) / 5);font-size:calc(var(--width) / 2)}a{text-decoration:none;width:var(--width);height:var(--height)}.code{font-weight:bold;font-size:calc(var(--width) / 8)}.text{font-size:calc(var(--width) / 20)}";
 
 const PosImage = class {
   constructor(hostRef) {
@@ -39813,9 +39971,14 @@ const PosImage = class {
   async fetchBlob() {
     try {
       this.loading = true;
-      const blob = await this.os.fetchBlob(this.src);
-      this.dataUri = URL.createObjectURL(blob);
-      this.error = null;
+      const file = await this.os.fetchFile(this.src);
+      if (file.blob()) {
+        this.dataUri = URL.createObjectURL(file.blob());
+        this.error = null;
+      }
+      else {
+        this.brokenFile = file;
+      }
     }
     catch (err) {
       this.error = err;
@@ -39831,6 +39994,9 @@ const PosImage = class {
     if (this.error) {
       return h("div", { class: "error" }, this.error.message);
     }
+    if (this.brokenFile) {
+      return h(BrokenImage, { file: this.brokenFile });
+    }
     return h("img", { src: this.dataUri });
   }
   static get watchers() { return {