npm - @private.me/xbind - Versions diffs - 3.0.1 → 3.0.2 - Mend

@private.me/xbind 3.0.1 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/README.md +55 -14
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1920 -1
package/dist-standalone/_deps/shared/cjs/errors.js +729 -1
package/dist-standalone/_deps/shared/cjs/index.js +463 -1
package/dist-standalone/_deps/shared/cjs/types.js +315 -1
package/dist-standalone/_deps/shared/errors.js +244 -1
package/dist-standalone/_deps/shared/index.js +72 -1
package/dist-standalone/_deps/shared/types.js +86 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +659 -1
package/dist-standalone/agent-sdk.js +328 -1
package/dist-standalone/agent.js +1800 -1
package/dist-standalone/approval.js +193 -1
package/dist-standalone/async-iterators.js +382 -1
package/dist-standalone/auth.js +219 -1
package/dist-standalone/auto-accept.js +229 -1
package/dist-standalone/backup-config.js +201 -1
package/dist-standalone/backup.js +326 -1
package/dist-standalone/batch-operations.js +388 -1
package/dist-standalone/cancellation.js +477 -1
package/dist-standalone/checkpoint.js +186 -1
package/dist-standalone/circuit-breaker.js +468 -1
package/dist-standalone/cjs/agent-call.js +701 -1
package/dist-standalone/cjs/agent-sdk.js +332 -1
package/dist-standalone/cjs/agent.js +1837 -1
package/dist-standalone/cjs/approval.js +199 -1
package/dist-standalone/cjs/async-iterators.js +392 -1
package/dist-standalone/cjs/auth.js +225 -1
package/dist-standalone/cjs/auto-accept.js +233 -1
package/dist-standalone/cjs/backup-config.js +207 -1
package/dist-standalone/cjs/backup.js +330 -1
package/dist-standalone/cjs/batch-operations.js +397 -1
package/dist-standalone/cjs/cancellation.js +490 -1
package/dist-standalone/cjs/checkpoint.js +193 -1
package/dist-standalone/cjs/circuit-breaker.js +476 -1
package/dist-standalone/cjs/cli/init.js +492 -1
package/dist-standalone/cjs/config-validation.js +522 -1
package/dist-standalone/cjs/connect.js +312 -1
package/dist-standalone/cjs/connection-pool.js +506 -1
package/dist-standalone/cjs/correlation-id.js +339 -1
package/dist-standalone/cjs/crypto-utils.js +176 -1
package/dist-standalone/cjs/debug-mode.js +534 -1
package/dist-standalone/cjs/did-document.js +101 -1
package/dist-standalone/cjs/did-privateme.js +130 -1
package/dist-standalone/cjs/did-web.js +201 -1
package/dist-standalone/cjs/discovery.js +462 -1
package/dist-standalone/cjs/dual-mode.js +251 -1
package/dist-standalone/cjs/email-templates.js +313 -1
package/dist-standalone/cjs/email-transport.js +239 -1
package/dist-standalone/cjs/envelope.js +538 -1
package/dist-standalone/cjs/errors.js +913 -1
package/dist-standalone/cjs/event-emitter.js +461 -1
package/dist-standalone/cjs/gateway-state.js +55 -1
package/dist-standalone/cjs/gateway-transport.js +120 -1
package/dist-standalone/cjs/graceful-degradation.js +403 -1
package/dist-standalone/cjs/guardrails.js +223 -1
package/dist-standalone/cjs/health-check.js +336 -1
package/dist-standalone/cjs/http-compat.js +272 -1
package/dist-standalone/cjs/http-status-map.js +571 -1
package/dist-standalone/cjs/identity.js +645 -1
package/dist-standalone/cjs/index.js +406 -1
package/dist-standalone/cjs/invitation.js +421 -1
package/dist-standalone/cjs/invite.js +328 -1
package/dist-standalone/cjs/key-agreement.js +335 -1
package/dist-standalone/cjs/lazy-init.js +300 -1
package/dist-standalone/cjs/logger.js +291 -1
package/dist-standalone/cjs/mdns-discovery.js +202 -1
package/dist-standalone/cjs/nonce-store.js +80 -1
package/dist-standalone/cjs/pairing-manager.js +223 -1
package/dist-standalone/cjs/plugin-system.js +264 -1
package/dist-standalone/cjs/plugins/logging.js +168 -1
package/dist-standalone/cjs/plugins/metrics.js +181 -1
package/dist-standalone/cjs/plugins/validation.js +302 -1
package/dist-standalone/cjs/policy.js +320 -1
package/dist-standalone/cjs/progress-callbacks.js +583 -1
package/dist-standalone/cjs/redis-nonce-store.js +76 -1
package/dist-standalone/cjs/registry-middleware.js +50 -1
package/dist-standalone/cjs/retry-strategies.js +544 -1
package/dist-standalone/cjs/retry-transport.js +102 -1
package/dist-standalone/cjs/runtime/browser.js +533 -1
package/dist-standalone/cjs/runtime/edge.js +526 -1
package/dist-standalone/cjs/runtime/react-native.js +394 -1
package/dist-standalone/cjs/security-policy.js +245 -1
package/dist-standalone/cjs/serialization.js +1040 -1
package/dist-standalone/cjs/split-channel.js +225 -1
package/dist-standalone/cjs/subscription-proof.js +230 -1
package/dist-standalone/cjs/succession.js +148 -1
package/dist-standalone/cjs/timeouts.js +412 -1
package/dist-standalone/cjs/trace-context.js +424 -1
package/dist-standalone/cjs/trace-spans.js +495 -1
package/dist-standalone/cjs/transport.js +63 -1
package/dist-standalone/cjs/trust-registry.js +991 -1
package/dist-standalone/cjs/types/error-response.js +56 -1
package/dist-standalone/cjs/vault-auth.js +178 -1
package/dist-standalone/cjs/vault-store-loader.js +194 -1
package/dist-standalone/cjs/verify.js +25 -1
package/dist-standalone/cjs/version-info.js +543 -1
package/dist-standalone/cjs/xfetch.js +340 -1
package/dist-standalone/cli/init.js +455 -1
package/dist-standalone/cli/setup.js +514 -1
package/dist-standalone/cli/types.js +27 -1
package/dist-standalone/cli/xbind.js +148 -1
package/dist-standalone/config-validation.js +513 -1
package/dist-standalone/connect.js +274 -1
package/dist-standalone/connection-pool.js +500 -1
package/dist-standalone/correlation-id.js +326 -1
package/dist-standalone/crypto-utils.js +157 -1
package/dist-standalone/debug-mode.js +510 -1
package/dist-standalone/did-document.js +96 -1
package/dist-standalone/did-privateme.js +121 -1
package/dist-standalone/did-web.js +196 -1
package/dist-standalone/discovery.js +458 -1
package/dist-standalone/dual-mode.js +247 -1
package/dist-standalone/email-templates.js +309 -1
package/dist-standalone/email-transport.js +232 -1
package/dist-standalone/envelope.js +525 -1
package/dist-standalone/errors.js +896 -1
package/dist-standalone/event-emitter.js +456 -1
package/dist-standalone/gateway-state.js +51 -1
package/dist-standalone/gateway-transport.js +116 -1
package/dist-standalone/graceful-degradation.js +396 -1
package/dist-standalone/guardrails.js +216 -1
package/dist-standalone/health-check.js +332 -1
package/dist-standalone/http-compat.js +267 -1
package/dist-standalone/http-status-map.js +561 -1
package/dist-standalone/identity.js +619 -1
package/dist-standalone/index.js +78 -1
package/dist-standalone/invitation.js +415 -1
package/dist-standalone/invite.js +324 -1
package/dist-standalone/key-agreement.js +325 -1
package/dist-standalone/lazy-init.js +295 -1
package/dist-standalone/logger.js +285 -1
package/dist-standalone/mdns-discovery.js +195 -1
package/dist-standalone/nonce-store.js +76 -1
package/dist-standalone/pairing-manager.js +219 -1
package/dist-standalone/plugin-system.js +257 -1
package/dist-standalone/plugins/logging.js +163 -1
package/dist-standalone/plugins/metrics.js +176 -1
package/dist-standalone/plugins/validation.js +297 -1
package/dist-standalone/policy.js +315 -1
package/dist-standalone/progress-callbacks.js +576 -1
package/dist-standalone/redis-nonce-store.js +72 -1
package/dist-standalone/registry-middleware.js +47 -1
package/dist-standalone/retry-strategies.js +534 -1
package/dist-standalone/retry-transport.js +98 -1
package/dist-standalone/runtime/browser.js +516 -1
package/dist-standalone/runtime/edge.js +511 -1
package/dist-standalone/runtime/react-native.js +383 -1
package/dist-standalone/security-policy.js +239 -1
package/dist-standalone/serialization.js +1031 -1
package/dist-standalone/split-channel.js +219 -1
package/dist-standalone/subscription-proof.js +224 -1
package/dist-standalone/succession.js +142 -1
package/dist-standalone/timeouts.js +398 -1
package/dist-standalone/trace-context.js +414 -1
package/dist-standalone/trace-spans.js +488 -1
package/dist-standalone/transport.js +59 -1
package/dist-standalone/trust-registry.js +950 -1
package/dist-standalone/types/error-response.js +52 -1
package/dist-standalone/vault-auth.js +174 -1
package/dist-standalone/vault-store-loader.js +187 -1
package/dist-standalone/verify.js +16 -1
package/dist-standalone/version-info.js +530 -1
package/dist-standalone/xfetch.js +335 -1
package/package.json +4 -13
package/share1.dat +0 -0
package/dist-standalone/_deps/mldsa-wasm/LICENSE +0 -24
package/dist-standalone/_deps/mldsa-wasm/package.json +0 -46
package/dist-standalone/_deps/shared/cjs/package.json +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/package.json +0 -1
package/dist-standalone/_deps/xchange/cjs/package.json +0 -1
package/dist-standalone/_deps/xregistry/cjs/package.json +0 -1
package/dist-standalone/cjs/package.json +0 -3
package/dist-standalone/package.json +0 -10

package/dist-standalone/cjs/trace-context.js CHANGED Viewed

@@ -1 +1,424 @@
-"use strict";var TraceFlags;Object.defineProperty(exports,"__esModule",{value:!0}),exports.TraceContext=exports.TraceFlags=exports.TRACE_VERSION=exports.TRACESTATE_HEADER=exports.TRACEPARENT_HEADER=void 0,exports.generateTraceId=generateTraceId,exports.generateSpanId=generateSpanId,exports.validateTraceId=validateTraceId,exports.validateSpanId=validateSpanId,exports.parseTraceparent=parseTraceparent,exports.parseTracestate=parseTracestate,exports.TRACEPARENT_HEADER="traceparent",exports.TRACESTATE_HEADER="tracestate",exports.TRACE_VERSION="00",function(t){t[t.NONE=0]="NONE",t[t.SAMPLED=1]="SAMPLED"}(TraceFlags||(exports.TraceFlags=TraceFlags={}));class TraceContext{version;traceId;parentId;traceFlags;traceState;constructor(t,e,r=TraceFlags.SAMPLED,a=[]){if(!validateTraceId(t))throw new Error(`Invalid trace ID: ${t}. Must be 32 hex characters.`);if(!validateSpanId(e))throw new Error(`Invalid parent ID: ${e}. Must be 16 hex characters.`);if(r<0||r>255)throw new Error(`Invalid trace flags: ${r}. Must be 0-255.`);this.version=exports.TRACE_VERSION,this.traceId=t,this.parentId=e,this.traceFlags=r,this.traceState=a}static create(t=!0){const e=generateTraceId(),r=generateSpanId(),a=t?TraceFlags.SAMPLED:TraceFlags.NONE;return new TraceContext(e,r,a)}static extract(t){const e=t instanceof Headers?t.get(exports.TRACEPARENT_HEADER):t[exports.TRACEPARENT_HEADER];if(!e)return null;const r=parseTraceparent(e);if(!r)return null;const a=t instanceof Headers?t.get(exports.TRACESTATE_HEADER):t[exports.TRACESTATE_HEADER],n=a?parseTracestate(a):[];return new TraceContext(r.traceId,r.parentId,r.traceFlags,n)}inject(t){const e=this.toTraceparent();return t instanceof Headers?(t.set(exports.TRACEPARENT_HEADER,e),this.traceState.length>0&&t.set(exports.TRACESTATE_HEADER,this.toTracestate())):(t[exports.TRACEPARENT_HEADER]=e,this.traceState.length>0&&(t[exports.TRACESTATE_HEADER]=this.toTracestate())),t}createChild(t){const e=generateSpanId(),r=void 0!==t?t?TraceFlags.SAMPLED:TraceFlags.NONE:this.traceFlags;return new TraceContext(this.traceId,e,r,this.traceState)}toTraceparent(){const t=this.traceFlags.toString(16).padStart(2,"0");return`${this.version}-${this.traceId}-${this.parentId}-${t}`}toTracestate(){return this.traceState.map(({key:t,value:e})=>`${t}=${e}`).join(",")}isSampled(){return(this.traceFlags&TraceFlags.SAMPLED)===TraceFlags.SAMPLED}withTracestate(t,e){const r=this.traceState.filter(e=>e.key!==t);return r.unshift({key:t,value:e}),new TraceContext(this.traceId,this.parentId,this.traceFlags,r)}getTracestate(t){const e=this.traceState.find(e=>e.key===t);return e?.value}toObject(){return{version:this.version,traceId:this.traceId,parentId:this.parentId,traceFlags:this.traceFlags,traceState:[...this.traceState],sampled:this.isSampled()}}}function generateTraceId(){return generateRandomHex(32)}function generateSpanId(){return generateRandomHex(16)}function validateTraceId(t){return"string"==typeof t&&(32===t.length&&(!!/^[a-f0-9]{32}$/.test(t)&&"00000000000000000000000000000000"!==t))}function validateSpanId(t){return"string"==typeof t&&(16===t.length&&(!!/^[a-f0-9]{16}$/.test(t)&&"0000000000000000"!==t))}function parseTraceparent(t){if("string"!=typeof t)return null;const e=t.split("-");if(4!==e.length)return null;const[r,a,n,s]=e;if("00"!==r)return null;if(!validateTraceId(a??""))return null;if(!validateSpanId(n??""))return null;if(!s||2!==s.length)return null;if(!/^[a-f0-9]{2}$/.test(s))return null;return{version:r??"00",traceId:a??"",parentId:n??"",traceFlags:parseInt(s,16)}}function parseTracestate(t){if(!t)return[];const e=[],r=t.split(",");for(const t of r){const r=t.trim(),a=r.indexOf("=");if(-1===a)continue;const n=r.substring(0,a).trim(),s=r.substring(a+1).trim();n&&s&&e.push({key:n,value:s})}return e}function generateRandomHex(t){const e=Math.ceil(t/2);if("undefined"!=typeof crypto&&crypto.getRandomValues){const r=new Uint8Array(e);return crypto.getRandomValues(r),Array.from(r).map(t=>t.toString(16).padStart(2,"0")).join("").substring(0,t)}try{return require("node:crypto").randomBytes(e).toString("hex").substring(0,t)}catch{throw new Error("Cryptographic random generation unavailable. Install crypto polyfill or use environment with crypto support.")}}exports.TraceContext=TraceContext;
+"use strict";
+/**
+ * @module trace-context
+ * W3C Trace Context implementation for distributed tracing
+ *
+ * Implements the W3C Trace Context specification for distributed tracing across
+ * xBind agent operations, enabling correlation of requests across service boundaries.
+ *
+ * Standard: https://www.w3.org/TR/trace-context/
+ *
+ * Headers:
+ * - `traceparent`: Required header with version, trace-id, parent-id, and trace-flags
+ * - `tracestate`: Optional vendor-specific state
+ *
+ * Format: `{version}-{trace-id}-{parent-id}-{trace-flags}`
+ * Example: `00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01`
+ *
+ * Usage:
+ * ```typescript
+ * import { TraceContext } from '@private.me/xbind';
+ *
+ * // Create a new trace context
+ * const ctx = TraceContext.create();
+ *
+ * // Attach to request headers
+ * const headers = new Headers();
+ * ctx.inject(headers);
+ *
+ * // Extract from incoming headers
+ * const incomingCtx = TraceContext.extract(headers);
+ *
+ * // Create child span
+ * const childCtx = incomingCtx.createChild();
+ * ```
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TraceContext = exports.TraceFlags = exports.TRACE_VERSION = exports.TRACESTATE_HEADER = exports.TRACEPARENT_HEADER = void 0;
+exports.generateTraceId = generateTraceId;
+exports.generateSpanId = generateSpanId;
+exports.validateTraceId = validateTraceId;
+exports.validateSpanId = validateSpanId;
+exports.parseTraceparent = parseTraceparent;
+exports.parseTracestate = parseTracestate;
+/**
+ * W3C Trace Context specification constants
+ */
+exports.TRACEPARENT_HEADER = 'traceparent';
+exports.TRACESTATE_HEADER = 'tracestate';
+/**
+ * Trace context version (currently only 00 is supported)
+ */
+exports.TRACE_VERSION = '00';
+/**
+ * Trace flags
+ */
+var TraceFlags;
+(function (TraceFlags) {
+    /** Not sampled */
+    TraceFlags[TraceFlags["NONE"] = 0] = "NONE";
+    /** Sampled */
+    TraceFlags[TraceFlags["SAMPLED"] = 1] = "SAMPLED";
+})(TraceFlags || (exports.TraceFlags = TraceFlags = {}));
+/**
+ * W3C Trace Context implementation
+ *
+ * Represents a single point in a distributed trace with parent-child relationships.
+ */
+class TraceContext {
+    /** W3C version (always '00' for now) */
+    version;
+    /** Trace ID (32 hex characters, 16 bytes) */
+    traceId;
+    /** Parent span ID (16 hex characters, 8 bytes) */
+    parentId;
+    /** Trace flags (8-bit field) */
+    traceFlags;
+    /** Vendor-specific trace state */
+    traceState;
+    /**
+     * Create a trace context
+     *
+     * @param traceId - 32-character hex trace ID
+     * @param parentId - 16-character hex parent span ID
+     * @param traceFlags - 8-bit trace flags
+     * @param traceState - Optional vendor-specific state
+     */
+    constructor(traceId, parentId, traceFlags = TraceFlags.SAMPLED, traceState = []) {
+        if (!validateTraceId(traceId)) {
+            throw new Error(`Invalid trace ID: ${traceId}. Must be 32 hex characters.`);
+        }
+        if (!validateSpanId(parentId)) {
+            throw new Error(`Invalid parent ID: ${parentId}. Must be 16 hex characters.`);
+        }
+        if (traceFlags < 0 || traceFlags > 255) {
+            throw new Error(`Invalid trace flags: ${traceFlags}. Must be 0-255.`);
+        }
+        this.version = exports.TRACE_VERSION;
+        this.traceId = traceId;
+        this.parentId = parentId;
+        this.traceFlags = traceFlags;
+        this.traceState = traceState;
+    }
+    /**
+     * Create a new root trace context
+     *
+     * Generates a new trace ID and parent ID for a new trace.
+     *
+     * @param sampled - Whether this trace should be sampled
+     * @returns New trace context
+     *
+     * @example
+     * ```typescript
+     * const ctx = TraceContext.create();
+     * console.log(ctx.traceId); // => "4bf92f3577b34da6a3ce929d0e0e4736"
+     * ```
+     */
+    static create(sampled = true) {
+        const traceId = generateTraceId();
+        const parentId = generateSpanId();
+        const flags = sampled ? TraceFlags.SAMPLED : TraceFlags.NONE;
+        return new TraceContext(traceId, parentId, flags);
+    }
+    /**
+     * Extract trace context from headers
+     *
+     * Parses the traceparent and tracestate headers according to W3C spec.
+     *
+     * @param headers - Headers object or plain object
+     * @returns Trace context if found, null otherwise
+     *
+     * @example
+     * ```typescript
+     * const headers = new Headers({
+     *   traceparent: '00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01'
+     * });
+     * const ctx = TraceContext.extract(headers);
+     * ```
+     */
+    static extract(headers) {
+        const traceparent = headers instanceof Headers
+            ? headers.get(exports.TRACEPARENT_HEADER)
+            : headers[exports.TRACEPARENT_HEADER];
+        if (!traceparent)
+            return null;
+        const spec = parseTraceparent(traceparent);
+        if (!spec)
+            return null;
+        // Extract tracestate
+        const tracestateValue = headers instanceof Headers
+            ? headers.get(exports.TRACESTATE_HEADER)
+            : headers[exports.TRACESTATE_HEADER];
+        const traceState = tracestateValue ? parseTracestate(tracestateValue) : [];
+        return new TraceContext(spec.traceId, spec.parentId, spec.traceFlags, traceState);
+    }
+    /**
+     * Inject trace context into headers
+     *
+     * Adds traceparent and tracestate headers to the provided headers object.
+     *
+     * @param headers - Headers to modify
+     * @returns Modified headers
+     *
+     * @example
+     * ```typescript
+     * const ctx = TraceContext.create();
+     * const headers = new Headers();
+     * ctx.inject(headers);
+     * ```
+     */
+    inject(headers) {
+        const traceparent = this.toTraceparent();
+        if (headers instanceof Headers) {
+            headers.set(exports.TRACEPARENT_HEADER, traceparent);
+            if (this.traceState.length > 0) {
+                headers.set(exports.TRACESTATE_HEADER, this.toTracestate());
+            }
+        }
+        else {
+            headers[exports.TRACEPARENT_HEADER] = traceparent;
+            if (this.traceState.length > 0) {
+                headers[exports.TRACESTATE_HEADER] = this.toTracestate();
+            }
+        }
+        return headers;
+    }
+    /**
+     * Create a child trace context
+     *
+     * Generates a new parent ID (span ID) while keeping the same trace ID.
+     * This represents a new span in the same trace.
+     *
+     * @param sampled - Override sampling decision (defaults to parent's decision)
+     * @returns New child trace context
+     *
+     * @example
+     * ```typescript
+     * const parent = TraceContext.create();
+     * const child = parent.createChild();
+     * console.log(parent.traceId === child.traceId); // => true
+     * console.log(parent.parentId === child.parentId); // => false
+     * ```
+     */
+    createChild(sampled) {
+        const newParentId = generateSpanId();
+        const flags = sampled !== undefined
+            ? (sampled ? TraceFlags.SAMPLED : TraceFlags.NONE)
+            : this.traceFlags;
+        return new TraceContext(this.traceId, newParentId, flags, this.traceState);
+    }
+    /**
+     * Format as traceparent header value
+     *
+     * @returns traceparent string
+     */
+    toTraceparent() {
+        const flags = this.traceFlags.toString(16).padStart(2, '0');
+        return `${this.version}-${this.traceId}-${this.parentId}-${flags}`;
+    }
+    /**
+     * Format as tracestate header value
+     *
+     * @returns tracestate string
+     */
+    toTracestate() {
+        return this.traceState
+            .map(({ key, value }) => `${key}=${value}`)
+            .join(',');
+    }
+    /**
+     * Check if this trace is sampled
+     *
+     * @returns True if sampled
+     */
+    isSampled() {
+        return (this.traceFlags & TraceFlags.SAMPLED) === TraceFlags.SAMPLED;
+    }
+    /**
+     * Add or update tracestate entry
+     *
+     * @param key - Vendor key (format: vendor[@system])
+     * @param value - State value
+     * @returns New trace context with updated state
+     *
+     * @example
+     * ```typescript
+     * const ctx = TraceContext.create();
+     * const updated = ctx.withTracestate('private.me', 'did:key:z6Mk...');
+     * ```
+     */
+    withTracestate(key, value) {
+        const newState = this.traceState.filter((e) => e.key !== key);
+        newState.unshift({ key, value });
+        return new TraceContext(this.traceId, this.parentId, this.traceFlags, newState);
+    }
+    /**
+     * Get tracestate value by key
+     *
+     * @param key - Vendor key
+     * @returns State value or undefined
+     */
+    getTracestate(key) {
+        const entry = this.traceState.find((e) => e.key === key);
+        return entry?.value;
+    }
+    /**
+     * Convert to plain object
+     *
+     * @returns Plain object representation
+     */
+    toObject() {
+        return {
+            version: this.version,
+            traceId: this.traceId,
+            parentId: this.parentId,
+            traceFlags: this.traceFlags,
+            traceState: [...this.traceState],
+            sampled: this.isSampled(),
+        };
+    }
+}
+exports.TraceContext = TraceContext;
+/**
+ * Generate a random trace ID (32 hex characters)
+ *
+ * @returns 32-character hex string
+ */
+function generateTraceId() {
+    return generateRandomHex(32);
+}
+/**
+ * Generate a random span ID (16 hex characters)
+ *
+ * @returns 16-character hex string
+ */
+function generateSpanId() {
+    return generateRandomHex(16);
+}
+/**
+ * Validate trace ID format
+ *
+ * @param traceId - Trace ID to validate
+ * @returns True if valid
+ */
+function validateTraceId(traceId) {
+    if (typeof traceId !== 'string')
+        return false;
+    if (traceId.length !== 32)
+        return false;
+    if (!/^[a-f0-9]{32}$/.test(traceId))
+        return false;
+    // Trace ID must not be all zeros
+    if (traceId === '00000000000000000000000000000000')
+        return false;
+    return true;
+}
+/**
+ * Validate span ID format
+ *
+ * @param spanId - Span ID to validate
+ * @returns True if valid
+ */
+function validateSpanId(spanId) {
+    if (typeof spanId !== 'string')
+        return false;
+    if (spanId.length !== 16)
+        return false;
+    if (!/^[a-f0-9]{16}$/.test(spanId))
+        return false;
+    // Span ID must not be all zeros
+    if (spanId === '0000000000000000')
+        return false;
+    return true;
+}
+/**
+ * Parse traceparent header value
+ *
+ * @param traceparent - Header value
+ * @returns Parsed components or null if invalid
+ */
+function parseTraceparent(traceparent) {
+    if (typeof traceparent !== 'string')
+        return null;
+    const parts = traceparent.split('-');
+    if (parts.length !== 4)
+        return null;
+    const [version, traceId, parentId, flagsStr] = parts;
+    // Version validation
+    if (version !== '00')
+        return null;
+    // Trace ID validation
+    if (!validateTraceId(traceId ?? ''))
+        return null;
+    // Parent ID validation
+    if (!validateSpanId(parentId ?? ''))
+        return null;
+    // Flags validation
+    if (!flagsStr || flagsStr.length !== 2)
+        return null;
+    if (!/^[a-f0-9]{2}$/.test(flagsStr))
+        return null;
+    const traceFlags = parseInt(flagsStr, 16);
+    return {
+        version: version ?? '00',
+        traceId: traceId ?? '',
+        parentId: parentId ?? '',
+        traceFlags,
+    };
+}
+/**
+ * Parse tracestate header value
+ *
+ * @param tracestate - Header value
+ * @returns Array of key-value pairs
+ */
+function parseTracestate(tracestate) {
+    if (!tracestate)
+        return [];
+    const entries = [];
+    const parts = tracestate.split(',');
+    for (const part of parts) {
+        const trimmed = part.trim();
+        const eqIndex = trimmed.indexOf('=');
+        if (eqIndex === -1)
+            continue;
+        const key = trimmed.substring(0, eqIndex).trim();
+        const value = trimmed.substring(eqIndex + 1).trim();
+        if (key && value) {
+            entries.push({ key, value });
+        }
+    }
+    return entries;
+}
+/**
+ * Generate random hex string
+ *
+ * Uses Web Crypto API in browser, Node.js crypto in Node.
+ *
+ * @param length - Number of hex characters to generate
+ * @returns Random hex string
+ *
+ * @internal
+ */
+function generateRandomHex(length) {
+    const bytes = Math.ceil(length / 2);
+    // Try Web Crypto API (browser)
+    if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+        const buffer = new Uint8Array(bytes);
+        crypto.getRandomValues(buffer);
+        return Array.from(buffer)
+            .map((b) => b.toString(16).padStart(2, '0'))
+            .join('')
+            .substring(0, length);
+    }
+    // Try Node.js crypto
+    try {
+        const nodeCrypto = require('node:crypto');
+        return nodeCrypto.randomBytes(bytes).toString('hex').substring(0, length);
+    }
+    catch {
+        // SECURITY: Never fall back to Math.random() in production (OWASP violation)
+        throw new Error('Cryptographic random generation unavailable. ' +
+            'Install crypto polyfill or use environment with crypto support.');
+    }
+}