@ricsam/quickjs-crypto 0.0.1 → 0.2.14

package/README.md

@@ -1,45 +1,75 @@
 # @ricsam/quickjs-crypto
 
-## ⚠️ IMPORTANT NOTICE ⚠️
-
-**This package is created solely for the purpose of setting up OIDC (OpenID Connect) trusted publishing with npm.**
-
-This is **NOT** a functional package and contains **NO** code or functionality beyond the OIDC setup configuration.
-
-## Purpose
-
-This package exists to:
-1. Configure OIDC trusted publishing for the package name `@ricsam/quickjs-crypto`
-2. Enable secure, token-less publishing from CI/CD workflows
-3. Establish provenance for packages published under this name
-
-## What is OIDC Trusted Publishing?
-
-OIDC trusted publishing allows package maintainers to publish packages directly from their CI/CD workflows without needing to manage npm access tokens. Instead, it uses OpenID Connect to establish trust between the CI/CD provider (like GitHub Actions) and npm.
-
-## Setup Instructions
-
-To properly configure OIDC trusted publishing for this package:
-
-1. Go to [npmjs.com](https://www.npmjs.com/) and navigate to your package settings
-2. Configure the trusted publisher (e.g., GitHub Actions)
-3. Specify the repository and workflow that should be allowed to publish
-4. Use the configured workflow to publish your actual package
-
-## DO NOT USE THIS PACKAGE
-
-This package is a placeholder for OIDC configuration only. It:
-- Contains no executable code
-- Provides no functionality
-- Should not be installed as a dependency
-- Exists only for administrative purposes
-
-## More Information
-
-For more details about npm's trusted publishing feature, see:
-- [npm Trusted Publishing Documentation](https://docs.npmjs.com/generating-provenance-statements)
-- [GitHub Actions OIDC Documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)
-
----
-
-**Maintained for OIDC setup purposes only**
+Web Crypto API implementation providing cryptographic operations.
+
+```typescript
+import { setupCrypto } from "@ricsam/quickjs-crypto";
+
+const handle = setupCrypto(context);
+```
+
+**Injected Globals:**
+- `crypto.getRandomValues(array)` - Fill a TypedArray with random bytes
+- `crypto.randomUUID()` - Generate a random UUID v4
+- `crypto.subtle` - SubtleCrypto interface for cryptographic operations
+
+**Usage in QuickJS:**
+
+```javascript
+// Generate random bytes
+const bytes = new Uint8Array(16);
+crypto.getRandomValues(bytes);
+
+// Generate UUID
+const uuid = crypto.randomUUID();
+console.log(uuid); // "550e8400-e29b-41d4-a716-446655440000"
+
+// Hash data with SHA-256
+const data = new TextEncoder().encode("Hello, World!");
+const hash = await crypto.subtle.digest("SHA-256", data);
+
+// Generate encryption key
+const key = await crypto.subtle.generateKey(
+  { name: "AES-GCM", length: 256 },
+  true,
+  ["encrypt", "decrypt"]
+);
+
+// Encrypt data
+const iv = crypto.getRandomValues(new Uint8Array(12));
+const encrypted = await crypto.subtle.encrypt(
+  { name: "AES-GCM", iv },
+  key,
+  data
+);
+
+// Decrypt data
+const decrypted = await crypto.subtle.decrypt(
+  { name: "AES-GCM", iv },
+  key,
+  encrypted
+);
+```
+
+#### SubtleCrypto Methods
+
+| Method | Description |
+|--------|-------------|
+| `digest` | Generate hash (SHA-256, SHA-384, SHA-512) |
+| `generateKey` | Generate symmetric or asymmetric keys |
+| `sign` / `verify` | Sign and verify data (HMAC, ECDSA) |
+| `encrypt` / `decrypt` | Encrypt and decrypt data (AES-GCM, AES-CBC) |
+| `importKey` / `exportKey` | Import/export keys (raw, jwk, pkcs8, spki) |
+| `deriveBits` / `deriveKey` | Derive keys (PBKDF2, ECDH) |
+| `wrapKey` / `unwrapKey` | Wrap/unwrap keys for secure transport |
+
+**Supported Algorithms:**
+- **Encryption**: AES-GCM, AES-CBC
+- **Signing**: HMAC, ECDSA
+- **Hashing**: SHA-256, SHA-384, SHA-512
+- **Key Derivation**: PBKDF2, ECDH
+- **Asymmetric**: ECDSA (P-256, P-384, P-521), RSA-OAEP
+
+> **Note**: Cryptographic operations are delegated to the host's native `crypto.subtle` implementation, ensuring secure and performant cryptography.
+
+**See also:** [MDN Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API)

package/dist/cjs/crypto-key.cjs

@@ -0,0 +1,70 @@
+// @bun @bun-cjs
+(function(exports, require, module, __filename, __dirname) {var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __moduleCache = /* @__PURE__ */ new WeakMap;
+var __toCommonJS = (from) => {
+  var entry = __moduleCache.get(from), desc;
+  if (entry)
+    return entry;
+  entry = __defProp({}, "__esModule", { value: true });
+  if (from && typeof from === "object" || typeof from === "function")
+    __getOwnPropNames(from).map((key) => !__hasOwnProp.call(entry, key) && __defProp(entry, key, {
+      get: () => from[key],
+      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+    }));
+  __moduleCache.set(from, entry);
+  return entry;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: (newValue) => all[name] = () => newValue
+    });
+};
+
+// packages/crypto/src/crypto-key.ts
+var exports_crypto_key = {};
+__export(exports_crypto_key, {
+  createCryptoKeyClass: () => createCryptoKeyClass
+});
+module.exports = __toCommonJS(exports_crypto_key);
+var import_quickjs_core = require("@ricsam/quickjs-core");
+function createCryptoKeyClass(context, stateMap) {
+  return import_quickjs_core.defineClass(context, stateMap, {
+    name: "CryptoKey",
+    construct: () => {
+      throw new Error("CryptoKey cannot be constructed directly. Use crypto.subtle methods instead.");
+    },
+    properties: {
+      type: {
+        get() {
+          return this.type;
+        }
+      },
+      extractable: {
+        get() {
+          return this.extractable;
+        }
+      },
+      algorithm: {
+        get() {
+          return { ...this.algorithm };
+        }
+      },
+      usages: {
+        get() {
+          return [...this.usages];
+        }
+      }
+    },
+    methods: {}
+  });
+}
+})
+
+//# debugId=81B8AC89A261F3CD64756E2164756E21

package/dist/cjs/crypto-key.cjs.map

@@ -0,0 +1,10 @@
+{
+  "version": 3,
+  "sources": ["../../src/crypto-key.ts"],
+  "sourcesContent": [
+    "import type { QuickJSContext, QuickJSHandle } from \"quickjs-emscripten\";\nimport type { StateMap, CryptoKeyState } from \"./types.cjs\";\nimport { defineClass } from \"@ricsam/quickjs-core\";\n\n/**\n * Create the CryptoKey class for the QuickJS context\n *\n * CryptoKey is an opaque type - the actual key material stays on the host.\n * The QuickJS instance only holds metadata and an instanceId that maps\n * to the host-side CryptoKey.\n */\nexport function createCryptoKeyClass(\n  context: QuickJSContext,\n  stateMap: StateMap\n): QuickJSHandle {\n  return defineClass<CryptoKeyState>(context, stateMap, {\n    name: \"CryptoKey\",\n    // CryptoKey cannot be constructed directly - only via SubtleCrypto methods\n    construct: () => {\n      throw new Error(\n        \"CryptoKey cannot be constructed directly. Use crypto.subtle methods instead.\"\n      );\n    },\n    properties: {\n      type: {\n        get(this: CryptoKeyState) {\n          return this.type;\n        },\n      },\n      extractable: {\n        get(this: CryptoKeyState) {\n          return this.extractable;\n        },\n      },\n      algorithm: {\n        get(this: CryptoKeyState) {\n          // Return a copy of the algorithm object to prevent mutation\n          return { ...this.algorithm };\n        },\n      },\n      usages: {\n        get(this: CryptoKeyState) {\n          // Return a copy of usages array to prevent mutation\n          return [...this.usages];\n        },\n      },\n    },\n    methods: {},\n  });\n}\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAE4B,IAA5B;AASO,SAAS,oBAAoB,CAClC,SACA,UACe;AAAA,EACf,OAAO,gCAA4B,SAAS,UAAU;AAAA,IACpD,MAAM;AAAA,IAEN,WAAW,MAAM;AAAA,MACf,MAAM,IAAI,MACR,8EACF;AAAA;AAAA,IAEF,YAAY;AAAA,MACV,MAAM;AAAA,QACJ,GAAG,GAAuB;AAAA,UACxB,OAAO,KAAK;AAAA;AAAA,MAEhB;AAAA,MACA,aAAa;AAAA,QACX,GAAG,GAAuB;AAAA,UACxB,OAAO,KAAK;AAAA;AAAA,MAEhB;AAAA,MACA,WAAW;AAAA,QACT,GAAG,GAAuB;AAAA,UAExB,OAAO,KAAK,KAAK,UAAU;AAAA;AAAA,MAE/B;AAAA,MACA,QAAQ;AAAA,QACN,GAAG,GAAuB;AAAA,UAExB,OAAO,CAAC,GAAG,KAAK,MAAM;AAAA;AAAA,MAE1B;AAAA,IACF;AAAA,IACA,SAAS,CAAC;AAAA,EACZ,CAAC;AAAA;",
+  "debugId": "81B8AC89A261F3CD64756E2164756E21",
+  "names": []
+}

package/dist/cjs/index.cjs

@@ -0,0 +1,41 @@
+// @bun @bun-cjs
+(function(exports, require, module, __filename, __dirname) {var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __moduleCache = /* @__PURE__ */ new WeakMap;
+var __toCommonJS = (from) => {
+  var entry = __moduleCache.get(from), desc;
+  if (entry)
+    return entry;
+  entry = __defProp({}, "__esModule", { value: true });
+  if (from && typeof from === "object" || typeof from === "function")
+    __getOwnPropNames(from).map((key) => !__hasOwnProp.call(entry, key) && __defProp(entry, key, {
+      get: () => from[key],
+      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+    }));
+  __moduleCache.set(from, entry);
+  return entry;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: (newValue) => all[name] = () => newValue
+    });
+};
+
+// packages/crypto/src/index.ts
+var exports_src = {};
+__export(exports_src, {
+  setupCrypto: () => import_setup.setupCrypto,
+  createCryptoKeyInstance: () => import_subtle_crypto.createCryptoKeyInstance
+});
+module.exports = __toCommonJS(exports_src);
+var import_setup = require("./setup.cjs");
+var import_subtle_crypto = require("./subtle-crypto.cjs");
+})
+
+//# debugId=DC10B513FF821FAB64756E2164756E21

package/dist/cjs/index.cjs.map

@@ -0,0 +1,10 @@
+{
+  "version": 3,
+  "sources": ["../../src/index.ts"],
+  "sourcesContent": [
+    "export { setupCrypto } from \"./setup.cjs\";\nexport type {\n  SetupCryptoOptions,\n  CryptoHandle,\n  CryptoKeyState,\n  KeyUsage,\n  KeyType,\n} from \"./types.cjs\";\nexport { createCryptoKeyInstance } from \"./subtle-crypto.cjs\";\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAA4B,IAA5B;AAQwC,IAAxC;",
+  "debugId": "DC10B513FF821FAB64756E2164756E21",
+  "names": []
+}

package/dist/cjs/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "@ricsam/quickjs-crypto",
+  "version": "0.2.14",
+  "type": "commonjs"
+}

package/dist/cjs/random.cjs

@@ -0,0 +1,89 @@
+// @bun @bun-cjs
+(function(exports, require, module, __filename, __dirname) {var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __moduleCache = /* @__PURE__ */ new WeakMap;
+var __toCommonJS = (from) => {
+  var entry = __moduleCache.get(from), desc;
+  if (entry)
+    return entry;
+  entry = __defProp({}, "__esModule", { value: true });
+  if (from && typeof from === "object" || typeof from === "function")
+    __getOwnPropNames(from).map((key) => !__hasOwnProp.call(entry, key) && __defProp(entry, key, {
+      get: () => from[key],
+      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+    }));
+  __moduleCache.set(from, entry);
+  return entry;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: (newValue) => all[name] = () => newValue
+    });
+};
+
+// packages/crypto/src/random.ts
+var exports_random = {};
+__export(exports_random, {
+  createRandomUUIDFunction: () => createRandomUUIDFunction,
+  createGetRandomValuesFunction: () => createGetRandomValuesFunction
+});
+module.exports = __toCommonJS(exports_random);
+var import_quickjs_core = require("@ricsam/quickjs-core");
+function createGetRandomValuesFunction(context) {
+  return context.newFunction("getRandomValues", (arrayHandle) => {
+    const byteLengthHandle = context.getProp(arrayHandle, "byteLength");
+    const byteLengthType = context.typeof(byteLengthHandle);
+    if (byteLengthType !== "number") {
+      byteLengthHandle.dispose();
+      throw context.newError("getRandomValues: argument must be an integer-typed TypedArray");
+    }
+    const byteLength = context.getNumber(byteLengthHandle);
+    byteLengthHandle.dispose();
+    if (byteLength > 65536) {
+      throw context.newError("getRandomValues: quota exceeded (max 65536 bytes)");
+    }
+    const randomBytes = new Uint8Array(byteLength);
+    crypto.getRandomValues(randomBytes);
+    const bytesArray = Array.from(randomBytes);
+    const setValuesResult = context.evalCode(`
+      (function(typedArray, bytes) {
+        const view = new Uint8Array(typedArray.buffer, typedArray.byteOffset, typedArray.byteLength);
+        for (let i = 0; i < bytes.length; i++) {
+          view[i] = bytes[i];
+        }
+        return typedArray;
+      })
+    `);
+    if (setValuesResult.error) {
+      const err = context.dump(setValuesResult.error);
+      setValuesResult.error.dispose();
+      throw context.newError(`getRandomValues failed: ${JSON.stringify(err)}`);
+    }
+    const setValuesFn = setValuesResult.value;
+    const bytesHandle = import_quickjs_core.marshal(context, bytesArray);
+    const result = context.callFunction(setValuesFn, context.undefined, arrayHandle, bytesHandle);
+    setValuesFn.dispose();
+    bytesHandle.dispose();
+    if (result.error) {
+      const err = context.dump(result.error);
+      result.error.dispose();
+      throw context.newError(`getRandomValues failed: ${JSON.stringify(err)}`);
+    }
+    return result.value;
+  });
+}
+function createRandomUUIDFunction(context) {
+  return context.newFunction("randomUUID", () => {
+    const uuid = crypto.randomUUID();
+    return context.newString(uuid);
+  });
+}
+})
+
+//# debugId=329C68AB71213A6764756E2164756E21

package/dist/cjs/random.cjs.map

@@ -0,0 +1,10 @@
+{
+  "version": 3,
+  "sources": ["../../src/random.ts"],
+  "sourcesContent": [
+    "import type { QuickJSContext, QuickJSHandle } from \"quickjs-emscripten\";\nimport { marshal } from \"@ricsam/quickjs-core\";\n\n/**\n * Create the getRandomValues function for the crypto global\n *\n * getRandomValues fills a TypedArray with cryptographically random values\n * and returns the same array (modified in-place)\n */\nexport function createGetRandomValuesFunction(\n  context: QuickJSContext\n): QuickJSHandle {\n  return context.newFunction(\"getRandomValues\", (arrayHandle) => {\n    // Get byteLength to determine how many random bytes we need\n    const byteLengthHandle = context.getProp(arrayHandle, \"byteLength\");\n    const byteLengthType = context.typeof(byteLengthHandle);\n\n    if (byteLengthType !== \"number\") {\n      byteLengthHandle.dispose();\n      throw context.newError(\n        \"getRandomValues: argument must be an integer-typed TypedArray\"\n      );\n    }\n\n    const byteLength = context.getNumber(byteLengthHandle);\n    byteLengthHandle.dispose();\n\n    if (byteLength > 65536) {\n      throw context.newError(\n        \"getRandomValues: quota exceeded (max 65536 bytes)\"\n      );\n    }\n\n    // Generate random bytes on the host\n    const randomBytes = new Uint8Array(byteLength);\n    crypto.getRandomValues(randomBytes);\n\n    // Convert to array of numbers for JSON serialization\n    const bytesArray = Array.from(randomBytes);\n\n    // Use evalCode to copy the bytes into the TypedArray\n    // We pass the array handle and use a helper to set the values\n    const setValuesResult = context.evalCode(`\n      (function(typedArray, bytes) {\n        const view = new Uint8Array(typedArray.buffer, typedArray.byteOffset, typedArray.byteLength);\n        for (let i = 0; i < bytes.length; i++) {\n          view[i] = bytes[i];\n        }\n        return typedArray;\n      })\n    `);\n\n    if (setValuesResult.error) {\n      const err = context.dump(setValuesResult.error);\n      setValuesResult.error.dispose();\n      throw context.newError(`getRandomValues failed: ${JSON.stringify(err)}`);\n    }\n\n    const setValuesFn = setValuesResult.value;\n    const bytesHandle = marshal(context, bytesArray);\n\n    const result = context.callFunction(\n      setValuesFn,\n      context.undefined,\n      arrayHandle,\n      bytesHandle\n    );\n\n    setValuesFn.dispose();\n    bytesHandle.dispose();\n\n    if (result.error) {\n      const err = context.dump(result.error);\n      result.error.dispose();\n      throw context.newError(`getRandomValues failed: ${JSON.stringify(err)}`);\n    }\n\n    return result.value;\n  });\n}\n\n/**\n * Create the randomUUID function for the crypto global\n *\n * randomUUID returns a string containing a randomly generated UUID v4\n */\nexport function createRandomUUIDFunction(\n  context: QuickJSContext\n): QuickJSHandle {\n  return context.newFunction(\"randomUUID\", () => {\n    const uuid = crypto.randomUUID();\n    return context.newString(uuid);\n  });\n}\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACwB,IAAxB;AAQO,SAAS,6BAA6B,CAC3C,SACe;AAAA,EACf,OAAO,QAAQ,YAAY,mBAAmB,CAAC,gBAAgB;AAAA,IAE7D,MAAM,mBAAmB,QAAQ,QAAQ,aAAa,YAAY;AAAA,IAClE,MAAM,iBAAiB,QAAQ,OAAO,gBAAgB;AAAA,IAEtD,IAAI,mBAAmB,UAAU;AAAA,MAC/B,iBAAiB,QAAQ;AAAA,MACzB,MAAM,QAAQ,SACZ,+DACF;AAAA,IACF;AAAA,IAEA,MAAM,aAAa,QAAQ,UAAU,gBAAgB;AAAA,IACrD,iBAAiB,QAAQ;AAAA,IAEzB,IAAI,aAAa,OAAO;AAAA,MACtB,MAAM,QAAQ,SACZ,mDACF;AAAA,IACF;AAAA,IAGA,MAAM,cAAc,IAAI,WAAW,UAAU;AAAA,IAC7C,OAAO,gBAAgB,WAAW;AAAA,IAGlC,MAAM,aAAa,MAAM,KAAK,WAAW;AAAA,IAIzC,MAAM,kBAAkB,QAAQ,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KAQxC;AAAA,IAED,IAAI,gBAAgB,OAAO;AAAA,MACzB,MAAM,MAAM,QAAQ,KAAK,gBAAgB,KAAK;AAAA,MAC9C,gBAAgB,MAAM,QAAQ;AAAA,MAC9B,MAAM,QAAQ,SAAS,2BAA2B,KAAK,UAAU,GAAG,GAAG;AAAA,IACzE;AAAA,IAEA,MAAM,cAAc,gBAAgB;AAAA,IACpC,MAAM,cAAc,4BAAQ,SAAS,UAAU;AAAA,IAE/C,MAAM,SAAS,QAAQ,aACrB,aACA,QAAQ,WACR,aACA,WACF;AAAA,IAEA,YAAY,QAAQ;AAAA,IACpB,YAAY,QAAQ;AAAA,IAEpB,IAAI,OAAO,OAAO;AAAA,MAChB,MAAM,MAAM,QAAQ,KAAK,OAAO,KAAK;AAAA,MACrC,OAAO,MAAM,QAAQ;AAAA,MACrB,MAAM,QAAQ,SAAS,2BAA2B,KAAK,UAAU,GAAG,GAAG;AAAA,IACzE;AAAA,IAEA,OAAO,OAAO;AAAA,GACf;AAAA;AAQI,SAAS,wBAAwB,CACtC,SACe;AAAA,EACf,OAAO,QAAQ,YAAY,cAAc,MAAM;AAAA,IAC7C,MAAM,OAAO,OAAO,WAAW;AAAA,IAC/B,OAAO,QAAQ,UAAU,IAAI;AAAA,GAC9B;AAAA;",
+  "debugId": "329C68AB71213A6764756E2164756E21",
+  "names": []
+}

package/dist/cjs/setup.cjs

@@ -0,0 +1,88 @@
+// @bun @bun-cjs
+(function(exports, require, module, __filename, __dirname) {var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __moduleCache = /* @__PURE__ */ new WeakMap;
+var __toCommonJS = (from) => {
+  var entry = __moduleCache.get(from), desc;
+  if (entry)
+    return entry;
+  entry = __defProp({}, "__esModule", { value: true });
+  if (from && typeof from === "object" || typeof from === "function")
+    __getOwnPropNames(from).map((key) => !__hasOwnProp.call(entry, key) && __defProp(entry, key, {
+      get: () => from[key],
+      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+    }));
+  __moduleCache.set(from, entry);
+  return entry;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: (newValue) => all[name] = () => newValue
+    });
+};
+
+// packages/crypto/src/setup.ts
+var exports_setup = {};
+__export(exports_setup, {
+  setupCrypto: () => setupCrypto
+});
+module.exports = __toCommonJS(exports_setup);
+var import_quickjs_core = require("@ricsam/quickjs-core");
+var import_crypto_key = require("./crypto-key.cjs");
+var import_subtle_crypto = require("./subtle-crypto.cjs");
+var import_random = require("./random.cjs");
+function setupCrypto(context, options = {}) {
+  const coreHandle = options.coreHandle ?? import_quickjs_core.setupCore(context, { stateMap: options.stateMap });
+  const stateMap = options.stateMap ?? coreHandle.stateMap;
+  const CryptoKeyClass = import_crypto_key.createCryptoKeyClass(context, stateMap);
+  context.setProp(context.global, "CryptoKey", CryptoKeyClass);
+  CryptoKeyClass.dispose();
+  const subtleCrypto = import_subtle_crypto.createSubtleCryptoObject(context);
+  const cryptoObj = context.newObject();
+  const subtlePropResult = context.evalCode(`
+    (function(crypto, subtle) {
+      Object.defineProperty(crypto, 'subtle', {
+        value: subtle,
+        writable: false,
+        enumerable: true,
+        configurable: false
+      });
+    })
+  `);
+  if (subtlePropResult.error) {
+    const err = context.dump(subtlePropResult.error);
+    subtlePropResult.error.dispose();
+    throw new Error(`Failed to setup crypto.subtle: ${JSON.stringify(err)}`);
+  }
+  const defineSubtleFn = subtlePropResult.value;
+  const defineResult = context.callFunction(defineSubtleFn, context.undefined, cryptoObj, subtleCrypto);
+  defineSubtleFn.dispose();
+  subtleCrypto.dispose();
+  if (defineResult.error) {
+    const err = context.dump(defineResult.error);
+    defineResult.error.dispose();
+    throw new Error(`Failed to setup crypto.subtle: ${JSON.stringify(err)}`);
+  }
+  defineResult.value.dispose();
+  const getRandomValuesFn = import_random.createGetRandomValuesFunction(context);
+  context.setProp(cryptoObj, "getRandomValues", getRandomValuesFn);
+  getRandomValuesFn.dispose();
+  const randomUUIDFn = import_random.createRandomUUIDFunction(context);
+  context.setProp(cryptoObj, "randomUUID", randomUUIDFn);
+  randomUUIDFn.dispose();
+  context.setProp(context.global, "crypto", cryptoObj);
+  cryptoObj.dispose();
+  return {
+    stateMap,
+    dispose() {}
+  };
+}
+})
+
+//# debugId=FF7624FEEF73AF1964756E2164756E21

package/dist/cjs/setup.cjs.map

@@ -0,0 +1,10 @@
+{
+  "version": 3,
+  "sources": ["../../src/setup.ts"],
+  "sourcesContent": [
+    "import type { QuickJSContext } from \"quickjs-emscripten\";\nimport { setupCore, createStateMap } from \"@ricsam/quickjs-core\";\nimport type { SetupCryptoOptions, CryptoHandle } from \"./types.cjs\";\nimport { createCryptoKeyClass } from \"./crypto-key.cjs\";\nimport { createSubtleCryptoObject } from \"./subtle-crypto.cjs\";\nimport {\n  createGetRandomValuesFunction,\n  createRandomUUIDFunction,\n} from \"./random.cjs\";\n\n/**\n * Setup crypto globals in a QuickJS context\n *\n * Provides: crypto.subtle (SubtleCrypto), crypto.getRandomValues, crypto.randomUUID, CryptoKey\n *\n * @example\n * ```typescript\n * const handle = setupCrypto(context);\n *\n * context.evalCode(`\n *   // Generate a random UUID\n *   const uuid = crypto.randomUUID();\n *\n *   // Generate random bytes\n *   const arr = new Uint8Array(16);\n *   crypto.getRandomValues(arr);\n *\n *   // Use SubtleCrypto for encryption\n *   const key = await crypto.subtle.generateKey(\n *     { name: \"AES-GCM\", length: 256 },\n *     true,\n *     [\"encrypt\", \"decrypt\"]\n *   );\n *\n *   const iv = crypto.getRandomValues(new Uint8Array(12));\n *   const data = new TextEncoder().encode(\"secret message\");\n *   const encrypted = await crypto.subtle.encrypt(\n *     { name: \"AES-GCM\", iv },\n *     key,\n *     data\n *   );\n * `);\n *\n * handle.dispose();\n * ```\n *\n * @param context - QuickJS context\n * @param options - Setup options\n * @returns CryptoHandle for cleanup\n */\nexport function setupCrypto(\n  context: QuickJSContext,\n  options: SetupCryptoOptions = {}\n): CryptoHandle {\n  // Setup core if not provided (needed for marshal/unmarshal infrastructure)\n  const coreHandle =\n    options.coreHandle ?? setupCore(context, { stateMap: options.stateMap });\n  const stateMap = options.stateMap ?? coreHandle.stateMap;\n\n  // 1. Create and register CryptoKey class (needed by SubtleCrypto)\n  const CryptoKeyClass = createCryptoKeyClass(context, stateMap);\n  context.setProp(context.global, \"CryptoKey\", CryptoKeyClass);\n  CryptoKeyClass.dispose();\n\n  // 2. Create the SubtleCrypto object\n  const subtleCrypto = createSubtleCryptoObject(context);\n\n  // 3. Create the crypto global object\n  const cryptoObj = context.newObject();\n\n  // Set subtle as a non-writable property\n  const subtlePropResult = context.evalCode(`\n    (function(crypto, subtle) {\n      Object.defineProperty(crypto, 'subtle', {\n        value: subtle,\n        writable: false,\n        enumerable: true,\n        configurable: false\n      });\n    })\n  `);\n\n  if (subtlePropResult.error) {\n    const err = context.dump(subtlePropResult.error);\n    subtlePropResult.error.dispose();\n    throw new Error(`Failed to setup crypto.subtle: ${JSON.stringify(err)}`);\n  }\n\n  const defineSubtleFn = subtlePropResult.value;\n  const defineResult = context.callFunction(\n    defineSubtleFn,\n    context.undefined,\n    cryptoObj,\n    subtleCrypto\n  );\n  defineSubtleFn.dispose();\n  subtleCrypto.dispose();\n\n  if (defineResult.error) {\n    const err = context.dump(defineResult.error);\n    defineResult.error.dispose();\n    throw new Error(`Failed to setup crypto.subtle: ${JSON.stringify(err)}`);\n  }\n  defineResult.value.dispose();\n\n  // 4. Set getRandomValues on crypto object\n  const getRandomValuesFn = createGetRandomValuesFunction(context);\n  context.setProp(cryptoObj, \"getRandomValues\", getRandomValuesFn);\n  getRandomValuesFn.dispose();\n\n  // 5. Set randomUUID on crypto object\n  const randomUUIDFn = createRandomUUIDFunction(context);\n  context.setProp(cryptoObj, \"randomUUID\", randomUUIDFn);\n  randomUUIDFn.dispose();\n\n  // 6. Set crypto on global\n  context.setProp(context.global, \"crypto\", cryptoObj);\n  cryptoObj.dispose();\n\n  return {\n    stateMap,\n    dispose() {\n      // Globals are owned by context.global, cleaned up by context.dispose()\n    },\n  };\n}\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAC0C,IAA1C;AAEqC,IAArC;AACyC,IAAzC;AAIO,IAHP;AA6CO,SAAS,WAAW,CACzB,SACA,UAA8B,CAAC,GACjB;AAAA,EAEd,MAAM,aACJ,QAAQ,cAAc,8BAAU,SAAS,EAAE,UAAU,QAAQ,SAAS,CAAC;AAAA,EACzE,MAAM,WAAW,QAAQ,YAAY,WAAW;AAAA,EAGhD,MAAM,iBAAiB,uCAAqB,SAAS,QAAQ;AAAA,EAC7D,QAAQ,QAAQ,QAAQ,QAAQ,aAAa,cAAc;AAAA,EAC3D,eAAe,QAAQ;AAAA,EAGvB,MAAM,eAAe,8CAAyB,OAAO;AAAA,EAGrD,MAAM,YAAY,QAAQ,UAAU;AAAA,EAGpC,MAAM,mBAAmB,QAAQ,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GASzC;AAAA,EAED,IAAI,iBAAiB,OAAO;AAAA,IAC1B,MAAM,MAAM,QAAQ,KAAK,iBAAiB,KAAK;AAAA,IAC/C,iBAAiB,MAAM,QAAQ;AAAA,IAC/B,MAAM,IAAI,MAAM,kCAAkC,KAAK,UAAU,GAAG,GAAG;AAAA,EACzE;AAAA,EAEA,MAAM,iBAAiB,iBAAiB;AAAA,EACxC,MAAM,eAAe,QAAQ,aAC3B,gBACA,QAAQ,WACR,WACA,YACF;AAAA,EACA,eAAe,QAAQ;AAAA,EACvB,aAAa,QAAQ;AAAA,EAErB,IAAI,aAAa,OAAO;AAAA,IACtB,MAAM,MAAM,QAAQ,KAAK,aAAa,KAAK;AAAA,IAC3C,aAAa,MAAM,QAAQ;AAAA,IAC3B,MAAM,IAAI,MAAM,kCAAkC,KAAK,UAAU,GAAG,GAAG;AAAA,EACzE;AAAA,EACA,aAAa,MAAM,QAAQ;AAAA,EAG3B,MAAM,oBAAoB,4CAA8B,OAAO;AAAA,EAC/D,QAAQ,QAAQ,WAAW,mBAAmB,iBAAiB;AAAA,EAC/D,kBAAkB,QAAQ;AAAA,EAG1B,MAAM,eAAe,uCAAyB,OAAO;AAAA,EACrD,QAAQ,QAAQ,WAAW,cAAc,YAAY;AAAA,EACrD,aAAa,QAAQ;AAAA,EAGrB,QAAQ,QAAQ,QAAQ,QAAQ,UAAU,SAAS;AAAA,EACnD,UAAU,QAAQ;AAAA,EAElB,OAAO;AAAA,IACL;AAAA,IACA,OAAO,GAAG;AAAA,EAGZ;AAAA;",
+  "debugId": "FF7624FEEF73AF1964756E2164756E21",
+  "names": []
+}