@secure-exec/core 0.1.1-rc.3 → 0.2.0-rc.1

package/dist/isolate-runtime/require-setup.js

@@ -1,6 +1,6 @@
 "use strict";
 (() => {
-  // isolate-runtime/src/inject/require-setup.ts
+  // ../core/isolate-runtime/src/inject/require-setup.ts
   var __requireExposeCustomGlobal = typeof globalThis.__runtimeExposeCustomGlobal === "function" ? globalThis.__runtimeExposeCustomGlobal : function exposeCustomGlobal(name2, value) {
     Object.defineProperty(globalThis, name2, {
       value,
@@ -9,23 +9,48 @@
       enumerable: true
     });
   };
-  if (typeof globalThis.AbortController === "undefined" || typeof globalThis.AbortSignal === "undefined") {
+  if (typeof globalThis.AbortController === "undefined" || typeof globalThis.AbortSignal === "undefined" || typeof globalThis.AbortSignal?.prototype?.addEventListener !== "function" || typeof globalThis.AbortSignal?.prototype?.removeEventListener !== "function") {
+    let getAbortSignalState = function(signal) {
+      const state = abortSignalState.get(signal);
+      if (!state) {
+        throw new Error("Invalid AbortSignal");
+      }
+      return state;
+    };
+    getAbortSignalState2 = getAbortSignalState;
+    const abortSignalState = /* @__PURE__ */ new WeakMap();
     class AbortSignal {
       constructor() {
-        this.aborted = false;
-        this.reason = void 0;
         this.onabort = null;
-        this._listeners = [];
+        abortSignalState.set(this, {
+          aborted: false,
+          reason: void 0,
+          listeners: []
+        });
+      }
+      get aborted() {
+        return getAbortSignalState(this).aborted;
+      }
+      get reason() {
+        return getAbortSignalState(this).reason;
+      }
+      get _listeners() {
+        return getAbortSignalState(this).listeners.slice();
+      }
+      getEventListeners(type) {
+        if (type !== "abort") return [];
+        return getAbortSignalState(this).listeners.slice();
       }
       addEventListener(type, listener) {
         if (type !== "abort" || typeof listener !== "function") return;
-        this._listeners.push(listener);
+        getAbortSignalState(this).listeners.push(listener);
       }
       removeEventListener(type, listener) {
         if (type !== "abort" || typeof listener !== "function") return;
-        const index = this._listeners.indexOf(listener);
+        const listeners = getAbortSignalState(this).listeners;
+        const index = listeners.indexOf(listener);
         if (index !== -1) {
-          this._listeners.splice(index, 1);
+          listeners.splice(index, 1);
         }
       }
       dispatchEvent(event) {
@@ -36,7 +61,7 @@
           } catch {
           }
         }
-        const listeners = this._listeners.slice();
+        const listeners = getAbortSignalState(this).listeners.slice();
         for (const listener of listeners) {
           try {
             listener.call(this, event);
@@ -51,15 +76,24 @@
         this.signal = new AbortSignal();
       }
       abort(reason) {
-        if (this.signal.aborted) return;
-        this.signal.aborted = true;
-        this.signal.reason = reason;
+        const state = getAbortSignalState(this.signal);
+        if (state.aborted) return;
+        state.aborted = true;
+        state.reason = reason;
         this.signal.dispatchEvent({ type: "abort" });
       }
     }
     __requireExposeCustomGlobal("AbortSignal", AbortSignal);
     __requireExposeCustomGlobal("AbortController", AbortController);
   }
+  var getAbortSignalState2;
+  if (typeof globalThis.AbortSignal === "function" && typeof globalThis.AbortController === "function" && typeof globalThis.AbortSignal.abort !== "function") {
+    globalThis.AbortSignal.abort = function abort(reason) {
+      const controller = new globalThis.AbortController();
+      controller.abort(reason);
+      return controller.signal;
+    };
+  }
   if (typeof globalThis.structuredClone !== "function") {
     let structuredClonePolyfill = function(value) {
       if (value === null || typeof value !== "object") {
@@ -80,6 +114,10 @@
     __requireExposeCustomGlobal("structuredClone", structuredClonePolyfill);
   }
   var structuredClonePolyfill2;
+  if (typeof globalThis.SharedArrayBuffer === "undefined") {
+    globalThis.SharedArrayBuffer = ArrayBuffer;
+    __requireExposeCustomGlobal("SharedArrayBuffer", ArrayBuffer);
+  }
   if (typeof globalThis.btoa !== "function") {
     __requireExposeCustomGlobal("btoa", function btoa(input) {
       return Buffer.from(String(input), "binary").toString("base64");
@@ -157,24 +195,39 @@
         if (typeof BufferCtor.constants !== "object" || BufferCtor.constants === null) {
           BufferCtor.constants = result2.constants;
         }
-        var bProto = BufferCtor.prototype;
-        if (bProto) {
-          var encs = ["utf8", "ascii", "latin1", "binary", "hex", "base64", "ucs2", "utf16le"];
-          for (var ei = 0; ei < encs.length; ei++) {
+        var proto = BufferCtor.prototype;
+        if (proto && typeof proto.utf8Slice !== "function") {
+          var encodings = ["utf8", "latin1", "ascii", "hex", "base64", "ucs2", "utf16le"];
+          for (var ei = 0; ei < encodings.length; ei++) {
+            var enc = encodings[ei];
             (function(e) {
-              if (typeof bProto[e + "Slice"] !== "function") {
-                bProto[e + "Slice"] = function(start, end) {
+              if (typeof proto[e + "Slice"] !== "function") {
+                proto[e + "Slice"] = function(start, end) {
                   return this.toString(e, start, end);
                 };
               }
-              if (typeof bProto[e + "Write"] !== "function") {
-                bProto[e + "Write"] = function(str, offset, length) {
-                  return this.write(str, offset, length, e);
+              if (typeof proto[e + "Write"] !== "function") {
+                proto[e + "Write"] = function(string, offset, length) {
+                  return this.write(string, offset, length, e);
                 };
               }
-            })(encs[ei]);
+            })(enc);
           }
         }
+        if (typeof BufferCtor.allocUnsafe === "function" && !BufferCtor.allocUnsafe._secureExecPatched) {
+          var _origAllocUnsafe = BufferCtor.allocUnsafe;
+          BufferCtor.allocUnsafe = function(size) {
+            try {
+              return _origAllocUnsafe.apply(this, arguments);
+            } catch (error) {
+              if (error && error.name === "RangeError" && typeof size === "number" && size > maxLength) {
+                throw new Error("Array buffer allocation failed");
+              }
+              throw error;
+            }
+          };
+          BufferCtor.allocUnsafe._secureExecPatched = true;
+        }
       }
       return result2;
     }
@@ -182,6 +235,146 @@
       result2.formatWithOptions = function formatWithOptions(inspectOptions, ...args) {
         return result2.format.apply(null, args);
       };
+    }
+    if (name2 === "util") {
+      if (typeof result2.inspect === "function" && typeof result2.inspect.custom === "undefined") {
+        result2.inspect.custom = /* @__PURE__ */ Symbol.for("nodejs.util.inspect.custom");
+      }
+      if (typeof result2.inspect === "function" && !result2.inspect._secureExecPatchedCustomInspect) {
+        const customInspectSymbol = result2.inspect.custom || /* @__PURE__ */ Symbol.for("nodejs.util.inspect.custom");
+        const originalInspect = result2.inspect;
+        const formatObjectKey = function(key) {
+          return /^[A-Za-z_$][A-Za-z0-9_$]*$/.test(key) ? key : originalInspect(key);
+        };
+        const containsCustomInspectable = function(value, depth, seen) {
+          if (value === null) {
+            return false;
+          }
+          if (typeof value !== "object" && typeof value !== "function") {
+            return false;
+          }
+          if (typeof value[customInspectSymbol] === "function") {
+            return true;
+          }
+          if (depth < 0 || seen.has(value)) {
+            return false;
+          }
+          seen.add(value);
+          if (Array.isArray(value)) {
+            for (const entry of value) {
+              if (containsCustomInspectable(entry, depth - 1, seen)) {
+                seen.delete(value);
+                return true;
+              }
+            }
+            seen.delete(value);
+            return false;
+          }
+          for (const key of Object.keys(value)) {
+            if (containsCustomInspectable(value[key], depth - 1, seen)) {
+              seen.delete(value);
+              return true;
+            }
+          }
+          seen.delete(value);
+          return false;
+        };
+        const inspectWithCustom = function(value, depth, options, seen) {
+          if (value === null || typeof value !== "object" && typeof value !== "function") {
+            return originalInspect(value, options);
+          }
+          if (seen.has(value)) {
+            return "[Circular]";
+          }
+          if (typeof value[customInspectSymbol] === "function") {
+            return value[customInspectSymbol](depth, options, result2.inspect);
+          }
+          if (depth < 0) {
+            return originalInspect(value, options);
+          }
+          seen.add(value);
+          if (Array.isArray(value)) {
+            const items = value.map((entry) => inspectWithCustom(entry, depth - 1, options, seen));
+            seen.delete(value);
+            return `[ ${items.join(", ")} ]`;
+          }
+          const proto2 = Object.getPrototypeOf(value);
+          if (proto2 === Object.prototype || proto2 === null) {
+            const entries = Object.keys(value).map(
+              (key) => `${formatObjectKey(key)}: ${inspectWithCustom(value[key], depth - 1, options, seen)}`
+            );
+            seen.delete(value);
+            return `{ ${entries.join(", ")} }`;
+          }
+          seen.delete(value);
+          return originalInspect(value, options);
+        };
+        result2.inspect = function inspect(value, options) {
+          const inspectOptions = typeof options === "object" && options !== null ? options : {};
+          const depth = typeof inspectOptions.depth === "number" ? inspectOptions.depth : 2;
+          if (!containsCustomInspectable(value, depth, /* @__PURE__ */ new Set())) {
+            return originalInspect.call(this, value, options);
+          }
+          return inspectWithCustom(value, depth, inspectOptions, /* @__PURE__ */ new Set());
+        };
+        result2.inspect.custom = customInspectSymbol;
+        result2.inspect._secureExecPatchedCustomInspect = true;
+      }
+      return result2;
+    }
+    if (name2 === "events") {
+      if (typeof result2.getEventListeners !== "function") {
+        result2.getEventListeners = function getEventListeners(target, eventName) {
+          if (target && typeof target.listeners === "function") {
+            return target.listeners(eventName);
+          }
+          if (target && typeof target.getEventListeners === "function") {
+            return target.getEventListeners(eventName);
+          }
+          if (target && eventName === "abort" && Array.isArray(target._listeners)) {
+            return target._listeners.slice();
+          }
+          return [];
+        };
+      }
+      return result2;
+    }
+    if (name2 === "stream") {
+      const ReadableCtor = result2.Readable;
+      const readableFrom = typeof ReadableCtor === "function" ? ReadableCtor.from : void 0;
+      const readableFromSource = typeof readableFrom === "function" ? Function.prototype.toString.call(readableFrom) : "";
+      const hasBrowserReadableFromStub = readableFromSource.indexOf(
+        "Readable.from is not available in the browser"
+      ) !== -1 || readableFromSource.indexOf("require_from_browser") !== -1;
+      if (typeof ReadableCtor === "function" && (typeof readableFrom !== "function" || hasBrowserReadableFromStub)) {
+        ReadableCtor.from = function from(iterable, options) {
+          const readable = new ReadableCtor(Object.assign({ read() {
+          } }, options || {}));
+          Promise.resolve().then(async function() {
+            try {
+              if (iterable && typeof iterable[Symbol.asyncIterator] === "function") {
+                for await (const chunk of iterable) {
+                  readable.push(chunk);
+                }
+              } else if (iterable && typeof iterable[Symbol.iterator] === "function") {
+                for (const chunk of iterable) {
+                  readable.push(chunk);
+                }
+              } else {
+                readable.push(iterable);
+              }
+              readable.push(null);
+            } catch (error) {
+              if (typeof readable.destroy === "function") {
+                readable.destroy(error);
+              } else {
+                readable.emit("error", error);
+              }
+            }
+          });
+          return readable;
+        };
+      }
       return result2;
     }
     if (name2 === "url") {
@@ -253,44 +446,161 @@
       return result2;
     }
     if (name2 === "crypto") {
+      let createCryptoRangeError2 = function(name3, message) {
+        var error = new RangeError(message);
+        error.code = "ERR_OUT_OF_RANGE";
+        error.name = "RangeError";
+        return error;
+      }, createCryptoError2 = function(code, message) {
+        var error = new Error(message);
+        error.code = code;
+        return error;
+      }, encodeCryptoResult2 = function(buffer, encoding) {
+        if (!encoding || encoding === "buffer") return buffer;
+        return buffer.toString(encoding);
+      }, isSharedArrayBufferInstance2 = function(value) {
+        return typeof SharedArrayBuffer !== "undefined" && value instanceof SharedArrayBuffer;
+      }, isBinaryLike2 = function(value) {
+        return Buffer.isBuffer(value) || ArrayBuffer.isView(value) || value instanceof ArrayBuffer || isSharedArrayBufferInstance2(value);
+      }, normalizeByteSource2 = function(value, name3, options) {
+        var allowNull = options && options.allowNull;
+        if (allowNull && value === null) {
+          return null;
+        }
+        if (typeof value === "string") {
+          return Buffer.from(value, "utf8");
+        }
+        if (Buffer.isBuffer(value)) {
+          return Buffer.from(value);
+        }
+        if (ArrayBuffer.isView(value)) {
+          return Buffer.from(value.buffer, value.byteOffset, value.byteLength);
+        }
+        if (value instanceof ArrayBuffer || isSharedArrayBufferInstance2(value)) {
+          return Buffer.from(value);
+        }
+        throw createInvalidArgTypeError(
+          name3,
+          "of type string or an instance of ArrayBuffer, Buffer, TypedArray, or DataView",
+          value
+        );
+      }, serializeCipherBridgeOptions2 = function(options) {
+        if (!options) {
+          return "";
+        }
+        var serialized = {};
+        if (options.authTagLength !== void 0) {
+          serialized.authTagLength = options.authTagLength;
+        }
+        if (options.authTag) {
+          serialized.authTag = options.authTag.toString("base64");
+        }
+        if (options.aad) {
+          serialized.aad = options.aad.toString("base64");
+        }
+        if (options.aadOptions !== void 0) {
+          serialized.aadOptions = options.aadOptions;
+        }
+        if (options.autoPadding !== void 0) {
+          serialized.autoPadding = options.autoPadding;
+        }
+        if (options.validateOnly !== void 0) {
+          serialized.validateOnly = options.validateOnly;
+        }
+        return JSON.stringify(serialized);
+      };
+      var createCryptoRangeError = createCryptoRangeError2, createCryptoError = createCryptoError2, encodeCryptoResult = encodeCryptoResult2, isSharedArrayBufferInstance = isSharedArrayBufferInstance2, isBinaryLike = isBinaryLike2, normalizeByteSource = normalizeByteSource2, serializeCipherBridgeOptions = serializeCipherBridgeOptions2;
+      var _runtimeRequire = globalThis.require;
+      var _streamModule = _runtimeRequire && _runtimeRequire("stream");
+      var _utilModule = _runtimeRequire && _runtimeRequire("util");
+      var _Transform = _streamModule && _streamModule.Transform;
+      var _inherits = _utilModule && _utilModule.inherits;
       if (typeof _cryptoHashDigest !== "undefined") {
-        let SandboxHash2 = function(algorithm) {
+        let SandboxHash2 = function(algorithm, options) {
+          if (!(this instanceof SandboxHash2)) {
+            return new SandboxHash2(algorithm, options);
+          }
+          if (!_Transform || !_inherits) {
+            throw new Error("stream.Transform is required for crypto.Hash");
+          }
+          if (typeof algorithm !== "string") {
+            throw createInvalidArgTypeError("algorithm", "of type string", algorithm);
+          }
+          _Transform.call(this, options);
           this._algorithm = algorithm;
           this._chunks = [];
+          this._finalized = false;
+          this._cachedDigest = null;
+          this._allowCachedDigest = false;
         };
         var SandboxHash = SandboxHash2;
+        _inherits(SandboxHash2, _Transform);
         SandboxHash2.prototype.update = function update(data, inputEncoding) {
+          if (this._finalized) {
+            throw createCryptoError2("ERR_CRYPTO_HASH_FINALIZED", "Digest already called");
+          }
           if (typeof data === "string") {
             this._chunks.push(Buffer.from(data, inputEncoding || "utf8"));
-          } else {
+          } else if (isBinaryLike2(data)) {
             this._chunks.push(Buffer.from(data));
+          } else {
+            throw createInvalidArgTypeError(
+              "data",
+              "one of type string, Buffer, TypedArray, or DataView",
+              data
+            );
           }
           return this;
         };
-        SandboxHash2.prototype.digest = function digest(encoding) {
+        SandboxHash2.prototype._finishDigest = function _finishDigest() {
+          if (this._cachedDigest) {
+            return this._cachedDigest;
+          }
           var combined = Buffer.concat(this._chunks);
           var resultBase64 = _cryptoHashDigest.applySync(void 0, [
             this._algorithm,
             combined.toString("base64")
           ]);
-          var resultBuffer = Buffer.from(resultBase64, "base64");
-          if (!encoding || encoding === "buffer") return resultBuffer;
-          return resultBuffer.toString(encoding);
+          this._cachedDigest = Buffer.from(resultBase64, "base64");
+          this._finalized = true;
+          return this._cachedDigest;
+        };
+        SandboxHash2.prototype.digest = function digest(encoding) {
+          if (this._finalized && !this._allowCachedDigest) {
+            throw createCryptoError2("ERR_CRYPTO_HASH_FINALIZED", "Digest already called");
+          }
+          var resultBuffer = this._finishDigest();
+          this._allowCachedDigest = false;
+          return encodeCryptoResult2(resultBuffer, encoding);
         };
         SandboxHash2.prototype.copy = function copy() {
+          if (this._finalized) {
+            throw createCryptoError2("ERR_CRYPTO_HASH_FINALIZED", "Digest already called");
+          }
           var c = new SandboxHash2(this._algorithm);
           c._chunks = this._chunks.slice();
           return c;
         };
-        SandboxHash2.prototype.write = function write(data, encoding) {
-          this.update(data, encoding);
-          return true;
+        SandboxHash2.prototype._transform = function _transform(chunk, encoding, callback) {
+          try {
+            this.update(chunk, encoding === "buffer" ? void 0 : encoding);
+            callback();
+          } catch (error) {
+            callback(normalizeCryptoBridgeError(error));
+          }
         };
-        SandboxHash2.prototype.end = function end(data, encoding) {
-          if (data) this.update(data, encoding);
+        SandboxHash2.prototype._flush = function _flush(callback) {
+          try {
+            var output = this._finishDigest();
+            this._allowCachedDigest = true;
+            this.push(output);
+            callback();
+          } catch (error) {
+            callback(normalizeCryptoBridgeError(error));
+          }
         };
-        result2.createHash = function createHash(algorithm) {
-          return new SandboxHash2(algorithm);
+        result2.createHash = function createHash(algorithm, options) {
+          return new SandboxHash2(algorithm, options);
         };
         result2.Hash = SandboxHash2;
       }
@@ -471,24 +781,89 @@
         };
       }
       if (typeof _cryptoPbkdf2 !== "undefined") {
+        let createPbkdf2ArgTypeError2 = function(name3, value) {
+          var received;
+          if (value == null) {
+            received = " Received " + value;
+          } else if (typeof value === "object") {
+            received = value.constructor && value.constructor.name ? " Received an instance of " + value.constructor.name : " Received [object Object]";
+          } else {
+            var inspected = typeof value === "string" ? "'" + value + "'" : String(value);
+            received = " Received type " + typeof value + " (" + inspected + ")";
+          }
+          var error = new TypeError('The "' + name3 + '" argument must be of type number.' + received);
+          error.code = "ERR_INVALID_ARG_TYPE";
+          return error;
+        }, validatePbkdf2Args2 = function(password, salt, iterations, keylen, digest) {
+          var pwBuf = normalizeByteSource2(password, "password");
+          var saltBuf = normalizeByteSource2(salt, "salt");
+          if (typeof iterations !== "number") {
+            throw createPbkdf2ArgTypeError2("iterations", iterations);
+          }
+          if (!Number.isInteger(iterations)) {
+            throw createCryptoRangeError2(
+              "iterations",
+              'The value of "iterations" is out of range. It must be an integer. Received ' + iterations
+            );
+          }
+          if (iterations < 1 || iterations > 2147483647) {
+            throw createCryptoRangeError2(
+              "iterations",
+              'The value of "iterations" is out of range. It must be >= 1 && <= 2147483647. Received ' + iterations
+            );
+          }
+          if (typeof keylen !== "number") {
+            throw createPbkdf2ArgTypeError2("keylen", keylen);
+          }
+          if (!Number.isInteger(keylen)) {
+            throw createCryptoRangeError2(
+              "keylen",
+              'The value of "keylen" is out of range. It must be an integer. Received ' + keylen
+            );
+          }
+          if (keylen < 0 || keylen > 2147483647) {
+            throw createCryptoRangeError2(
+              "keylen",
+              'The value of "keylen" is out of range. It must be >= 0 && <= 2147483647. Received ' + keylen
+            );
+          }
+          if (typeof digest !== "string") {
+            throw createInvalidArgTypeError("digest", "of type string", digest);
+          }
+          return {
+            password: pwBuf,
+            salt: saltBuf
+          };
+        };
+        var createPbkdf2ArgTypeError = createPbkdf2ArgTypeError2, validatePbkdf2Args = validatePbkdf2Args2;
         result2.pbkdf2Sync = function pbkdf2Sync(password, salt, iterations, keylen, digest) {
-          var pwBuf = typeof password === "string" ? Buffer.from(password, "utf8") : Buffer.from(password);
-          var saltBuf = typeof salt === "string" ? Buffer.from(salt, "utf8") : Buffer.from(salt);
-          var resultBase64 = _cryptoPbkdf2.applySync(void 0, [
-            pwBuf.toString("base64"),
-            saltBuf.toString("base64"),
-            iterations,
-            keylen,
-            digest
-          ]);
-          return Buffer.from(resultBase64, "base64");
+          var normalized = validatePbkdf2Args2(password, salt, iterations, keylen, digest);
+          try {
+            var resultBase64 = _cryptoPbkdf2.applySync(void 0, [
+              normalized.password.toString("base64"),
+              normalized.salt.toString("base64"),
+              iterations,
+              keylen,
+              digest
+            ]);
+            return Buffer.from(resultBase64, "base64");
+          } catch (error) {
+            throw normalizeCryptoBridgeError(error);
+          }
         };
         result2.pbkdf2 = function pbkdf2(password, salt, iterations, keylen, digest, callback) {
+          if (typeof digest === "function" && callback === void 0) {
+            callback = digest;
+            digest = void 0;
+          }
+          if (typeof callback !== "function") {
+            throw createInvalidArgTypeError("callback", "of type function", callback);
+          }
           try {
             var derived = result2.pbkdf2Sync(password, salt, iterations, keylen, digest);
-            callback(null, derived);
+            scheduleCryptoCallback(callback, [null, derived]);
           } catch (e) {
-            callback(e);
+            throw normalizeCryptoBridgeError(e);
           }
         };
       }
@@ -529,232 +904,929 @@
           }
         };
       }
-      var _useStatefulCipher = typeof _cryptoCipherivCreate !== "undefined";
-      if (typeof _cryptoCipheriv !== "undefined" || _useStatefulCipher) {
-        let SandboxCipher2 = function(algorithm, key, iv) {
+      if (typeof _cryptoCipheriv !== "undefined") {
+        let SandboxCipher2 = function(algorithm, key, iv, options) {
+          if (!(this instanceof SandboxCipher2)) {
+            return new SandboxCipher2(algorithm, key, iv, options);
+          }
+          if (typeof algorithm !== "string") {
+            throw createInvalidArgTypeError("cipher", "of type string", algorithm);
+          }
+          _Transform.call(this);
           this._algorithm = algorithm;
-          this._key = typeof key === "string" ? Buffer.from(key, "utf8") : Buffer.from(key);
-          this._iv = typeof iv === "string" ? Buffer.from(iv, "utf8") : Buffer.from(iv);
+          this._key = normalizeByteSource2(key, "key");
+          this._iv = normalizeByteSource2(iv, "iv", { allowNull: true });
+          this._options = options || void 0;
           this._authTag = null;
           this._finalized = false;
-          if (_useStatefulCipher) {
-            this._sessionId = _cryptoCipherivCreate.applySync(void 0, [
-              "cipher",
-              algorithm,
+          this._sessionCreated = false;
+          this._sessionId = void 0;
+          this._aad = null;
+          this._aadOptions = void 0;
+          this._autoPadding = void 0;
+          this._chunks = [];
+          this._bufferedMode = !_useSessionCipher || !!options;
+          if (!this._bufferedMode) {
+            this._ensureSession();
+          } else if (!options) {
+            _cryptoCipheriv.applySync(void 0, [
+              this._algorithm,
               this._key.toString("base64"),
-              this._iv.toString("base64")
+              this._iv === null ? null : this._iv.toString("base64"),
+              "",
+              serializeCipherBridgeOptions2({ validateOnly: true })
             ]);
-          } else {
-            this._sessionId = -1;
-            this._chunks = [];
           }
         };
         var SandboxCipher = SandboxCipher2;
+        var _useSessionCipher = typeof _cryptoCipherivCreate !== "undefined";
+        _inherits(SandboxCipher2, _Transform);
+        SandboxCipher2.prototype._ensureSession = function _ensureSession() {
+          if (this._bufferedMode || this._sessionCreated) {
+            return;
+          }
+          this._sessionCreated = true;
+          this._sessionId = _cryptoCipherivCreate.applySync(void 0, [
+            "cipher",
+            this._algorithm,
+            this._key.toString("base64"),
+            this._iv === null ? null : this._iv.toString("base64"),
+            serializeCipherBridgeOptions2(this._getBridgeOptions())
+          ]);
+        };
+        SandboxCipher2.prototype._getBridgeOptions = function _getBridgeOptions() {
+          var options = {};
+          if (this._options && this._options.authTagLength !== void 0) {
+            options.authTagLength = this._options.authTagLength;
+          }
+          if (this._aad) {
+            options.aad = this._aad;
+          }
+          if (this._aadOptions !== void 0) {
+            options.aadOptions = this._aadOptions;
+          }
+          if (this._autoPadding !== void 0) {
+            options.autoPadding = this._autoPadding;
+          }
+          return Object.keys(options).length === 0 ? null : options;
+        };
         SandboxCipher2.prototype.update = function update(data, inputEncoding, outputEncoding) {
+          if (this._finalized) {
+            throw new Error("Attempting to call update() after final()");
+          }
           var buf;
           if (typeof data === "string") {
             buf = Buffer.from(data, inputEncoding || "utf8");
           } else {
-            buf = Buffer.from(data);
+            buf = normalizeByteSource2(data, "data");
           }
-          if (this._sessionId >= 0) {
+          if (!this._bufferedMode) {
+            this._ensureSession();
             var resultBase64 = _cryptoCipherivUpdate.applySync(void 0, [this._sessionId, buf.toString("base64")]);
             var resultBuffer = Buffer.from(resultBase64, "base64");
-            if (outputEncoding && outputEncoding !== "buffer") return resultBuffer.toString(outputEncoding);
-            return resultBuffer;
+            return encodeCryptoResult2(resultBuffer, outputEncoding);
           }
           this._chunks.push(buf);
-          if (outputEncoding && outputEncoding !== "buffer") return "";
-          return Buffer.alloc(0);
+          return encodeCryptoResult2(Buffer.alloc(0), outputEncoding);
         };
         SandboxCipher2.prototype.final = function final(outputEncoding) {
           if (this._finalized) throw new Error("Attempting to call final() after already finalized");
           this._finalized = true;
-          if (this._sessionId >= 0) {
+          var parsed;
+          if (!this._bufferedMode) {
+            this._ensureSession();
             var resultJson = _cryptoCipherivFinal.applySync(void 0, [this._sessionId]);
-            var parsed = JSON.parse(resultJson);
-            if (parsed.authTag) this._authTag = Buffer.from(parsed.authTag, "base64");
-            var resultBuffer = Buffer.from(parsed.data, "base64");
-            if (outputEncoding && outputEncoding !== "buffer") return resultBuffer.toString(outputEncoding);
-            return resultBuffer;
+            parsed = JSON.parse(resultJson);
+          } else {
+            var combined = Buffer.concat(this._chunks);
+            var resultJson2 = _cryptoCipheriv.applySync(void 0, [
+              this._algorithm,
+              this._key.toString("base64"),
+              this._iv === null ? null : this._iv.toString("base64"),
+              combined.toString("base64"),
+              serializeCipherBridgeOptions2(this._getBridgeOptions())
+            ]);
+            parsed = JSON.parse(resultJson2);
           }
-          var combined = Buffer.concat(this._chunks);
-          var resultJson2 = _cryptoCipheriv.applySync(void 0, [
-            this._algorithm,
-            this._key.toString("base64"),
-            this._iv.toString("base64"),
-            combined.toString("base64")
-          ]);
-          var parsed2 = JSON.parse(resultJson2);
-          if (parsed2.authTag) this._authTag = Buffer.from(parsed2.authTag, "base64");
-          var resultBuffer2 = Buffer.from(parsed2.data, "base64");
-          if (outputEncoding && outputEncoding !== "buffer") return resultBuffer2.toString(outputEncoding);
-          return resultBuffer2;
+          if (parsed.authTag) {
+            this._authTag = Buffer.from(parsed.authTag, "base64");
+          }
+          var resultBuffer = Buffer.from(parsed.data, "base64");
+          return encodeCryptoResult2(resultBuffer, outputEncoding);
         };
         SandboxCipher2.prototype.getAuthTag = function getAuthTag() {
           if (!this._finalized) throw new Error("Cannot call getAuthTag before final()");
-          if (!this._authTag) throw new Error("Auth tag is only available for GCM ciphers");
+          if (!this._authTag) throw new Error("Auth tag is not available");
           return this._authTag;
         };
-        SandboxCipher2.prototype.setAAD = function setAAD(data) {
-          if (this._sessionId >= 0) {
-            var buf = typeof data === "string" ? Buffer.from(data, "utf8") : Buffer.from(data);
-            _cryptoCipherivUpdate.applySync(void 0, [this._sessionId, "", JSON.stringify({ setAAD: buf.toString("base64") })]);
-          }
+        SandboxCipher2.prototype.setAAD = function setAAD(aad, options) {
+          this._bufferedMode = true;
+          this._aad = normalizeByteSource2(aad, "buffer");
+          this._aadOptions = options;
           return this;
         };
         SandboxCipher2.prototype.setAutoPadding = function setAutoPadding(autoPadding) {
-          if (this._sessionId >= 0) {
-            _cryptoCipherivUpdate.applySync(void 0, [this._sessionId, "", JSON.stringify({ setAutoPadding: autoPadding !== false })]);
-          }
+          this._bufferedMode = true;
+          this._autoPadding = autoPadding !== false;
           return this;
         };
-        result2.createCipheriv = function createCipheriv(algorithm, key, iv) {
-          return new SandboxCipher2(algorithm, key, iv);
+        SandboxCipher2.prototype._transform = function _transform(chunk, encoding, callback) {
+          try {
+            var output = this.update(chunk, encoding === "buffer" ? void 0 : encoding);
+            if (output.length) {
+              this.push(output);
+            }
+            callback();
+          } catch (error) {
+            callback(normalizeCryptoBridgeError(error));
+          }
+        };
+        SandboxCipher2.prototype._flush = function _flush(callback) {
+          try {
+            var output = this.final();
+            if (output.length) {
+              this.push(output);
+            }
+            callback();
+          } catch (error) {
+            callback(normalizeCryptoBridgeError(error));
+          }
+        };
+        result2.createCipheriv = function createCipheriv(algorithm, key, iv, options) {
+          return new SandboxCipher2(algorithm, key, iv, options);
         };
         result2.Cipheriv = SandboxCipher2;
       }
-      if (typeof _cryptoDecipheriv !== "undefined" || _useStatefulCipher) {
-        let SandboxDecipher2 = function(algorithm, key, iv) {
+      if (typeof _cryptoDecipheriv !== "undefined") {
+        let SandboxDecipher2 = function(algorithm, key, iv, options) {
+          if (!(this instanceof SandboxDecipher2)) {
+            return new SandboxDecipher2(algorithm, key, iv, options);
+          }
+          if (typeof algorithm !== "string") {
+            throw createInvalidArgTypeError("cipher", "of type string", algorithm);
+          }
+          _Transform.call(this);
           this._algorithm = algorithm;
-          this._key = typeof key === "string" ? Buffer.from(key, "utf8") : Buffer.from(key);
-          this._iv = typeof iv === "string" ? Buffer.from(iv, "utf8") : Buffer.from(iv);
+          this._key = normalizeByteSource2(key, "key");
+          this._iv = normalizeByteSource2(iv, "iv", { allowNull: true });
+          this._options = options || void 0;
           this._authTag = null;
           this._finalized = false;
-          if (_useStatefulCipher) {
+          this._sessionCreated = false;
+          this._aad = null;
+          this._aadOptions = void 0;
+          this._autoPadding = void 0;
+          this._chunks = [];
+          this._bufferedMode = !_useSessionCipher || !!options;
+          if (!this._bufferedMode) {
+            this._ensureSession();
+          } else if (!options) {
+            _cryptoDecipheriv.applySync(void 0, [
+              this._algorithm,
+              this._key.toString("base64"),
+              this._iv === null ? null : this._iv.toString("base64"),
+              "",
+              serializeCipherBridgeOptions2({ validateOnly: true })
+            ]);
+          }
+        };
+        var SandboxDecipher = SandboxDecipher2;
+        _inherits(SandboxDecipher2, _Transform);
+        SandboxDecipher2.prototype._ensureSession = function _ensureSession() {
+          if (!this._bufferedMode && !this._sessionCreated) {
+            this._sessionCreated = true;
             this._sessionId = _cryptoCipherivCreate.applySync(void 0, [
               "decipher",
-              algorithm,
+              this._algorithm,
               this._key.toString("base64"),
-              this._iv.toString("base64")
+              this._iv === null ? null : this._iv.toString("base64"),
+              serializeCipherBridgeOptions2(this._getBridgeOptions())
             ]);
-          } else {
-            this._sessionId = -1;
-            this._chunks = [];
           }
         };
-        var SandboxDecipher = SandboxDecipher2;
+        SandboxDecipher2.prototype._getBridgeOptions = function _getBridgeOptions() {
+          var options = {};
+          if (this._options && this._options.authTagLength !== void 0) {
+            options.authTagLength = this._options.authTagLength;
+          }
+          if (this._authTag) {
+            options.authTag = this._authTag;
+          }
+          if (this._aad) {
+            options.aad = this._aad;
+          }
+          if (this._aadOptions !== void 0) {
+            options.aadOptions = this._aadOptions;
+          }
+          if (this._autoPadding !== void 0) {
+            options.autoPadding = this._autoPadding;
+          }
+          return Object.keys(options).length === 0 ? null : options;
+        };
         SandboxDecipher2.prototype.update = function update(data, inputEncoding, outputEncoding) {
+          if (this._finalized) {
+            throw new Error("Attempting to call update() after final()");
+          }
           var buf;
           if (typeof data === "string") {
             buf = Buffer.from(data, inputEncoding || "utf8");
           } else {
-            buf = Buffer.from(data);
+            buf = normalizeByteSource2(data, "data");
+          }
+          if (!this._bufferedMode) {
+            this._ensureSession();
+            var resultBase64 = _cryptoCipherivUpdate.applySync(void 0, [this._sessionId, buf.toString("base64")]);
+            var resultBuffer = Buffer.from(resultBase64, "base64");
+            return encodeCryptoResult2(resultBuffer, outputEncoding);
+          }
+          this._chunks.push(buf);
+          return encodeCryptoResult2(Buffer.alloc(0), outputEncoding);
+        };
+        SandboxDecipher2.prototype.final = function final(outputEncoding) {
+          if (this._finalized) throw new Error("Attempting to call final() after already finalized");
+          this._finalized = true;
+          var resultBuffer;
+          if (!this._bufferedMode) {
+            this._ensureSession();
+            var resultJson = _cryptoCipherivFinal.applySync(void 0, [this._sessionId]);
+            var parsed = JSON.parse(resultJson);
+            resultBuffer = Buffer.from(parsed.data, "base64");
+          } else {
+            var combined = Buffer.concat(this._chunks);
+            var options = {};
+            var resultBase64 = _cryptoDecipheriv.applySync(void 0, [
+              this._algorithm,
+              this._key.toString("base64"),
+              this._iv === null ? null : this._iv.toString("base64"),
+              combined.toString("base64"),
+              serializeCipherBridgeOptions2(this._getBridgeOptions())
+            ]);
+            resultBuffer = Buffer.from(resultBase64, "base64");
+          }
+          return encodeCryptoResult2(resultBuffer, outputEncoding);
+        };
+        SandboxDecipher2.prototype.setAuthTag = function setAuthTag(tag) {
+          this._bufferedMode = true;
+          this._authTag = typeof tag === "string" ? Buffer.from(tag, "base64") : normalizeByteSource2(tag, "buffer");
+          return this;
+        };
+        SandboxDecipher2.prototype.setAAD = function setAAD(aad, options) {
+          this._bufferedMode = true;
+          this._aad = normalizeByteSource2(aad, "buffer");
+          this._aadOptions = options;
+          return this;
+        };
+        SandboxDecipher2.prototype.setAutoPadding = function setAutoPadding(autoPadding) {
+          this._bufferedMode = true;
+          this._autoPadding = autoPadding !== false;
+          return this;
+        };
+        SandboxDecipher2.prototype._transform = function _transform(chunk, encoding, callback) {
+          try {
+            var output = this.update(chunk, encoding === "buffer" ? void 0 : encoding);
+            if (output.length) {
+              this.push(output);
+            }
+            callback();
+          } catch (error) {
+            callback(normalizeCryptoBridgeError(error));
+          }
+        };
+        SandboxDecipher2.prototype._flush = function _flush(callback) {
+          try {
+            var output = this.final();
+            if (output.length) {
+              this.push(output);
+            }
+            callback();
+          } catch (error) {
+            callback(normalizeCryptoBridgeError(error));
+          }
+        };
+        result2.createDecipheriv = function createDecipheriv(algorithm, key, iv, options) {
+          return new SandboxDecipher2(algorithm, key, iv, options);
+        };
+        result2.Decipheriv = SandboxDecipher2;
+      }
+      if (typeof _cryptoSign !== "undefined") {
+        result2.sign = function sign(algorithm, data, key) {
+          var dataBuf = typeof data === "string" ? Buffer.from(data, "utf8") : Buffer.from(data);
+          var sigBase64;
+          try {
+            sigBase64 = _cryptoSign.applySync(void 0, [
+              algorithm === void 0 ? null : algorithm,
+              dataBuf.toString("base64"),
+              JSON.stringify(serializeBridgeValue(key))
+            ]);
+          } catch (error) {
+            throw normalizeCryptoBridgeError(error);
+          }
+          return Buffer.from(sigBase64, "base64");
+        };
+      }
+      if (typeof _cryptoVerify !== "undefined") {
+        result2.verify = function verify(algorithm, data, key, signature) {
+          var dataBuf = typeof data === "string" ? Buffer.from(data, "utf8") : Buffer.from(data);
+          var sigBuf = typeof signature === "string" ? Buffer.from(signature, "base64") : Buffer.from(signature);
+          try {
+            return _cryptoVerify.applySync(void 0, [
+              algorithm === void 0 ? null : algorithm,
+              dataBuf.toString("base64"),
+              JSON.stringify(serializeBridgeValue(key)),
+              sigBuf.toString("base64")
+            ]);
+          } catch (error) {
+            throw normalizeCryptoBridgeError(error);
+          }
+        };
+      }
+      if (typeof _cryptoAsymmetricOp !== "undefined") {
+        let asymmetricBridgeCall2 = function(operation, key, data) {
+          var dataBuf = toRawBuffer(data);
+          var resultBase64;
+          try {
+            resultBase64 = _cryptoAsymmetricOp.applySync(void 0, [
+              operation,
+              JSON.stringify(serializeBridgeValue(key)),
+              dataBuf.toString("base64")
+            ]);
+          } catch (error) {
+            throw normalizeCryptoBridgeError(error);
+          }
+          return Buffer.from(resultBase64, "base64");
+        };
+        var asymmetricBridgeCall = asymmetricBridgeCall2;
+        result2.publicEncrypt = function publicEncrypt(key, data) {
+          return asymmetricBridgeCall2("publicEncrypt", key, data);
+        };
+        result2.privateDecrypt = function privateDecrypt(key, data) {
+          return asymmetricBridgeCall2("privateDecrypt", key, data);
+        };
+        result2.privateEncrypt = function privateEncrypt(key, data) {
+          return asymmetricBridgeCall2("privateEncrypt", key, data);
+        };
+        result2.publicDecrypt = function publicDecrypt(key, data) {
+          return asymmetricBridgeCall2("publicDecrypt", key, data);
+        };
+      }
+      if (typeof _cryptoDiffieHellmanSessionCreate !== "undefined" && typeof _cryptoDiffieHellmanSessionCall !== "undefined") {
+        let serializeDhKeyObject2 = function(value) {
+          if (value.type === "secret") {
+            return {
+              type: "secret",
+              raw: Buffer.from(value.export()).toString("base64")
+            };
+          }
+          return {
+            type: value.type,
+            pem: value._pem || value.export({
+              type: value.type === "private" ? "pkcs8" : "spki",
+              format: "pem"
+            })
+          };
+        }, serializeDhValue2 = function(value) {
+          if (value === null || typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
+            return value;
+          }
+          if (Buffer.isBuffer(value)) {
+            return {
+              __type: "buffer",
+              value: Buffer.from(value).toString("base64")
+            };
+          }
+          if (value instanceof ArrayBuffer) {
+            return {
+              __type: "buffer",
+              value: Buffer.from(new Uint8Array(value)).toString("base64")
+            };
+          }
+          if (ArrayBuffer.isView(value)) {
+            return {
+              __type: "buffer",
+              value: Buffer.from(value.buffer, value.byteOffset, value.byteLength).toString("base64")
+            };
+          }
+          if (typeof value === "bigint") {
+            return {
+              __type: "bigint",
+              value: value.toString()
+            };
+          }
+          if (value && typeof value === "object" && (value.type === "public" || value.type === "private" || value.type === "secret") && typeof value.export === "function") {
+            return {
+              __type: "keyObject",
+              value: serializeDhKeyObject2(value)
+            };
+          }
+          if (Array.isArray(value)) {
+            return value.map(serializeDhValue2);
+          }
+          if (value && typeof value === "object") {
+            var output = {};
+            var keys = Object.keys(value);
+            for (var i = 0; i < keys.length; i++) {
+              if (value[keys[i]] !== void 0) {
+                output[keys[i]] = serializeDhValue2(value[keys[i]]);
+              }
+            }
+            return output;
+          }
+          return String(value);
+        }, restoreDhValue2 = function(value) {
+          if (!value || typeof value !== "object") {
+            return value;
+          }
+          if (value.__type === "buffer") {
+            return Buffer.from(value.value, "base64");
+          }
+          if (value.__type === "bigint") {
+            return BigInt(value.value);
+          }
+          if (Array.isArray(value)) {
+            return value.map(restoreDhValue2);
+          }
+          var output = {};
+          var keys = Object.keys(value);
+          for (var i = 0; i < keys.length; i++) {
+            output[keys[i]] = restoreDhValue2(value[keys[i]]);
+          }
+          return output;
+        }, createDhSession2 = function(type, name3, argsLike) {
+          var args = [];
+          for (var i = 0; i < argsLike.length; i++) {
+            args.push(serializeDhValue2(argsLike[i]));
+          }
+          return _cryptoDiffieHellmanSessionCreate.applySync(void 0, [
+            JSON.stringify({
+              type,
+              name: name3,
+              args
+            })
+          ]);
+        }, callDhSession2 = function(sessionId, method, argsLike) {
+          var args = [];
+          for (var i = 0; i < argsLike.length; i++) {
+            args.push(serializeDhValue2(argsLike[i]));
+          }
+          var response = JSON.parse(_cryptoDiffieHellmanSessionCall.applySync(void 0, [
+            sessionId,
+            JSON.stringify({
+              method,
+              args
+            })
+          ]));
+          if (response && response.hasResult === false) {
+            return void 0;
+          }
+          return restoreDhValue2(response && response.result);
+        }, SandboxDiffieHellman2 = function(sessionId) {
+          this._sessionId = sessionId;
+        }, SandboxECDH2 = function(sessionId) {
+          SandboxDiffieHellman2.call(this, sessionId);
+        };
+        var serializeDhKeyObject = serializeDhKeyObject2, serializeDhValue = serializeDhValue2, restoreDhValue = restoreDhValue2, createDhSession = createDhSession2, callDhSession = callDhSession2, SandboxDiffieHellman = SandboxDiffieHellman2, SandboxECDH = SandboxECDH2;
+        Object.defineProperty(SandboxDiffieHellman2.prototype, "verifyError", {
+          get: function getVerifyError() {
+            return callDhSession2(this._sessionId, "verifyError", []);
+          }
+        });
+        SandboxDiffieHellman2.prototype.generateKeys = function generateKeys(encoding) {
+          if (arguments.length === 0) return callDhSession2(this._sessionId, "generateKeys", []);
+          return callDhSession2(this._sessionId, "generateKeys", [encoding]);
+        };
+        SandboxDiffieHellman2.prototype.computeSecret = function computeSecret(key, inputEncoding, outputEncoding) {
+          return callDhSession2(this._sessionId, "computeSecret", Array.prototype.slice.call(arguments));
+        };
+        SandboxDiffieHellman2.prototype.getPrime = function getPrime(encoding) {
+          if (arguments.length === 0) return callDhSession2(this._sessionId, "getPrime", []);
+          return callDhSession2(this._sessionId, "getPrime", [encoding]);
+        };
+        SandboxDiffieHellman2.prototype.getGenerator = function getGenerator(encoding) {
+          if (arguments.length === 0) return callDhSession2(this._sessionId, "getGenerator", []);
+          return callDhSession2(this._sessionId, "getGenerator", [encoding]);
+        };
+        SandboxDiffieHellman2.prototype.getPublicKey = function getPublicKey(encoding) {
+          if (arguments.length === 0) return callDhSession2(this._sessionId, "getPublicKey", []);
+          return callDhSession2(this._sessionId, "getPublicKey", [encoding]);
+        };
+        SandboxDiffieHellman2.prototype.getPrivateKey = function getPrivateKey(encoding) {
+          if (arguments.length === 0) return callDhSession2(this._sessionId, "getPrivateKey", []);
+          return callDhSession2(this._sessionId, "getPrivateKey", [encoding]);
+        };
+        SandboxDiffieHellman2.prototype.setPublicKey = function setPublicKey(key, encoding) {
+          return callDhSession2(this._sessionId, "setPublicKey", Array.prototype.slice.call(arguments));
+        };
+        SandboxDiffieHellman2.prototype.setPrivateKey = function setPrivateKey(key, encoding) {
+          return callDhSession2(this._sessionId, "setPrivateKey", Array.prototype.slice.call(arguments));
+        };
+        SandboxECDH2.prototype = Object.create(SandboxDiffieHellman2.prototype);
+        SandboxECDH2.prototype.constructor = SandboxECDH2;
+        SandboxECDH2.prototype.getPublicKey = function getPublicKey(encoding, format) {
+          return callDhSession2(this._sessionId, "getPublicKey", Array.prototype.slice.call(arguments));
+        };
+        result2.createDiffieHellman = function createDiffieHellman() {
+          return new SandboxDiffieHellman2(createDhSession2("dh", void 0, arguments));
+        };
+        result2.getDiffieHellman = function getDiffieHellman(name3) {
+          return new SandboxDiffieHellman2(createDhSession2("group", name3, []));
+        };
+        result2.createDiffieHellmanGroup = result2.getDiffieHellman;
+        result2.createECDH = function createECDH(curve) {
+          return new SandboxECDH2(createDhSession2("ecdh", curve, []));
+        };
+        if (typeof _cryptoDiffieHellman !== "undefined") {
+          result2.diffieHellman = function diffieHellman(options) {
+            var resultJson = _cryptoDiffieHellman.applySync(void 0, [
+              JSON.stringify(serializeDhValue2(options))
+            ]);
+            return restoreDhValue2(JSON.parse(resultJson));
+          };
+        }
+        result2.DiffieHellman = SandboxDiffieHellman2;
+        result2.DiffieHellmanGroup = SandboxDiffieHellman2;
+        result2.ECDH = SandboxECDH2;
+      }
+      if (typeof _cryptoGenerateKeyPairSync !== "undefined") {
+        let restoreBridgeValue2 = function(value) {
+          if (!value || typeof value !== "object") {
+            return value;
+          }
+          if (value.__type === "buffer") {
+            return Buffer.from(value.value, "base64");
+          }
+          if (value.__type === "bigint") {
+            return BigInt(value.value);
+          }
+          if (Array.isArray(value)) {
+            return value.map(restoreBridgeValue2);
+          }
+          var output = {};
+          var keys = Object.keys(value);
+          for (var i = 0; i < keys.length; i++) {
+            output[keys[i]] = restoreBridgeValue2(value[keys[i]]);
+          }
+          return output;
+        }, cloneObject2 = function(value) {
+          if (!value || typeof value !== "object") {
+            return value;
+          }
+          if (Array.isArray(value)) {
+            return value.map(cloneObject2);
+          }
+          var output = {};
+          var keys = Object.keys(value);
+          for (var i = 0; i < keys.length; i++) {
+            output[keys[i]] = cloneObject2(value[keys[i]]);
+          }
+          return output;
+        }, createDomException2 = function(message, name3) {
+          if (typeof DOMException === "function") {
+            return new DOMException(message, name3);
+          }
+          var error = new Error(message);
+          error.name = name3;
+          return error;
+        }, toRawBuffer2 = function(data, encoding) {
+          if (Buffer.isBuffer(data)) {
+            return Buffer.from(data);
+          }
+          if (data instanceof ArrayBuffer) {
+            return Buffer.from(new Uint8Array(data));
+          }
+          if (ArrayBuffer.isView(data)) {
+            return Buffer.from(data.buffer, data.byteOffset, data.byteLength);
+          }
+          if (typeof data === "string") {
+            return Buffer.from(data, encoding || "utf8");
+          }
+          return Buffer.from(data);
+        }, serializeBridgeValue2 = function(value) {
+          if (value === null) {
+            return null;
+          }
+          if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
+            return value;
+          }
+          if (typeof value === "bigint") {
+            return {
+              __type: "bigint",
+              value: value.toString()
+            };
+          }
+          if (Buffer.isBuffer(value)) {
+            return {
+              __type: "buffer",
+              value: Buffer.from(value).toString("base64")
+            };
+          }
+          if (value instanceof ArrayBuffer) {
+            return {
+              __type: "buffer",
+              value: Buffer.from(new Uint8Array(value)).toString("base64")
+            };
+          }
+          if (ArrayBuffer.isView(value)) {
+            return {
+              __type: "buffer",
+              value: Buffer.from(value.buffer, value.byteOffset, value.byteLength).toString("base64")
+            };
+          }
+          if (Array.isArray(value)) {
+            return value.map(serializeBridgeValue2);
+          }
+          if (value && typeof value === "object" && (value.type === "public" || value.type === "private" || value.type === "secret") && typeof value.export === "function") {
+            if (value.type === "secret") {
+              return {
+                __type: "keyObject",
+                value: {
+                  type: "secret",
+                  raw: Buffer.from(value.export()).toString("base64")
+                }
+              };
+            }
+            return {
+              __type: "keyObject",
+              value: {
+                type: value.type,
+                pem: value._pem
+              }
+            };
+          }
+          if (value && typeof value === "object") {
+            var output = {};
+            var keys = Object.keys(value);
+            for (var i = 0; i < keys.length; i++) {
+              var entry = value[keys[i]];
+              if (entry !== void 0) {
+                output[keys[i]] = serializeBridgeValue2(entry);
+              }
+            }
+            return output;
+          }
+          return String(value);
+        }, normalizeCryptoBridgeError2 = function(error) {
+          if (!error || typeof error !== "object") {
+            return error;
+          }
+          if (error.code === void 0 && error.message === "error:07880109:common libcrypto routines::interrupted or cancelled") {
+            error.code = "ERR_OSSL_CRYPTO_INTERRUPTED_OR_CANCELLED";
+          }
+          return error;
+        }, deserializeGeneratedKeyValue2 = function(value) {
+          if (!value || typeof value !== "object") {
+            return value;
+          }
+          if (value.kind === "string") {
+            return value.value;
+          }
+          if (value.kind === "buffer") {
+            return Buffer.from(value.value, "base64");
+          }
+          if (value.kind === "keyObject") {
+            return createGeneratedKeyObject2(value.value);
+          }
+          if (value.kind === "object") {
+            return value.value;
+          }
+          return value;
+        }, serializeBridgeOptions2 = function(options) {
+          return JSON.stringify({
+            hasOptions: options !== void 0,
+            options: options === void 0 ? null : serializeBridgeValue2(options)
+          });
+        }, createInvalidArgTypeError2 = function(name3, expected, value) {
+          var received;
+          if (value == null) {
+            received = " Received " + value;
+          } else if (typeof value === "function") {
+            received = " Received function " + (value.name || "anonymous");
+          } else if (typeof value === "object") {
+            if (value.constructor && value.constructor.name) {
+              received = " Received an instance of " + value.constructor.name;
+            } else {
+              received = " Received [object Object]";
+            }
+          } else {
+            var inspected = typeof value === "string" ? "'" + value + "'" : String(value);
+            if (inspected.length > 28) {
+              inspected = inspected.slice(0, 25) + "...";
+            }
+            received = " Received type " + typeof value + " (" + inspected + ")";
           }
-          if (this._sessionId >= 0) {
-            var resultBase64 = _cryptoCipherivUpdate.applySync(void 0, [this._sessionId, buf.toString("base64")]);
-            var resultBuffer = Buffer.from(resultBase64, "base64");
-            if (outputEncoding && outputEncoding !== "buffer") return resultBuffer.toString(outputEncoding);
-            return resultBuffer;
+          var error = new TypeError('The "' + name3 + '" argument must be ' + expected + "." + received);
+          error.code = "ERR_INVALID_ARG_TYPE";
+          return error;
+        }, scheduleCryptoCallback2 = function(callback, args) {
+          setTimeout(function() {
+            callback.apply(void 0, args);
+          }, 0);
+        }, shouldThrowCryptoValidationError2 = function(error) {
+          if (!error || typeof error !== "object") {
+            return false;
           }
-          this._chunks.push(buf);
-          if (outputEncoding && outputEncoding !== "buffer") return "";
-          return Buffer.alloc(0);
-        };
-        SandboxDecipher2.prototype.final = function final(outputEncoding) {
-          if (this._finalized) throw new Error("Attempting to call final() after already finalized");
-          this._finalized = true;
-          if (this._sessionId >= 0) {
-            if (this._authTag) {
-              _cryptoCipherivUpdate.applySync(void 0, [this._sessionId, "", JSON.stringify({ setAuthTag: this._authTag.toString("base64") })]);
+          if (error.name === "TypeError" || error.name === "RangeError") {
+            return true;
+          }
+          var code = error.code;
+          return code === "ERR_MISSING_OPTION" || code === "ERR_CRYPTO_UNKNOWN_DH_GROUP" || code === "ERR_OUT_OF_RANGE" || typeof code === "string" && code.indexOf("ERR_INVALID_ARG_") === 0;
+        }, ensureCryptoCallback2 = function(callback, syncValidator) {
+          if (typeof callback === "function") {
+            return callback;
+          }
+          if (typeof syncValidator === "function") {
+            syncValidator();
+          }
+          throw createInvalidArgTypeError2("callback", "of type function", callback);
+        }, SandboxKeyObject2 = function(type, handle) {
+          this.type = type;
+          this._pem = handle && handle.pem !== void 0 ? handle.pem : void 0;
+          this._raw = handle && handle.raw !== void 0 ? handle.raw : void 0;
+          this._jwk = handle && handle.jwk !== void 0 ? cloneObject2(handle.jwk) : void 0;
+          this.asymmetricKeyType = handle && handle.asymmetricKeyType !== void 0 ? handle.asymmetricKeyType : void 0;
+          this.asymmetricKeyDetails = handle && handle.asymmetricKeyDetails !== void 0 ? restoreBridgeValue2(handle.asymmetricKeyDetails) : void 0;
+          this.symmetricKeySize = type === "secret" && handle && handle.raw !== void 0 ? Buffer.from(handle.raw, "base64").byteLength : void 0;
+        }, normalizeNamedCurve2 = function(namedCurve) {
+          if (!namedCurve) {
+            return namedCurve;
+          }
+          var upper = String(namedCurve).toUpperCase();
+          if (upper === "PRIME256V1" || upper === "SECP256R1") return "P-256";
+          if (upper === "SECP384R1") return "P-384";
+          if (upper === "SECP521R1") return "P-521";
+          return namedCurve;
+        }, normalizeAlgorithmInput2 = function(algorithm) {
+          if (typeof algorithm === "string") {
+            return { name: algorithm };
+          }
+          return Object.assign({}, algorithm);
+        }, createCompatibleCryptoKey2 = function(keyData) {
+          var key;
+          if (globalThis.CryptoKey && globalThis.CryptoKey.prototype && globalThis.CryptoKey.prototype !== SandboxCryptoKey.prototype) {
+            key = Object.create(globalThis.CryptoKey.prototype);
+            key.type = keyData.type;
+            key.extractable = keyData.extractable;
+            key.algorithm = keyData.algorithm;
+            key.usages = keyData.usages;
+            key._keyData = keyData;
+            key._pem = keyData._pem;
+            key._jwk = keyData._jwk;
+            key._raw = keyData._raw;
+            key._sourceKeyObjectData = keyData._sourceKeyObjectData;
+            return key;
+          }
+          return new SandboxCryptoKey(keyData);
+        }, buildCryptoKeyFromKeyObject2 = function(keyObject, algorithm, extractable, usages) {
+          var algo = normalizeAlgorithmInput2(algorithm);
+          var name3 = algo.name;
+          if (keyObject.type === "secret") {
+            var secretBytes = Buffer.from(keyObject._raw || "", "base64");
+            if (name3 === "PBKDF2") {
+              if (extractable) {
+                throw new SyntaxError("PBKDF2 keys are not extractable");
+              }
+              if (usages.some(function(usage) {
+                return usage !== "deriveBits" && usage !== "deriveKey";
+              })) {
+                throw new SyntaxError("Unsupported key usage for a PBKDF2 key");
+              }
+              return createCompatibleCryptoKey2({
+                type: "secret",
+                extractable,
+                algorithm: { name: name3 },
+                usages: Array.from(usages),
+                _raw: keyObject._raw,
+                _sourceKeyObjectData: {
+                  type: "secret",
+                  raw: keyObject._raw
+                }
+              });
             }
-            var resultJson = _cryptoCipherivFinal.applySync(void 0, [this._sessionId]);
-            var parsed = JSON.parse(resultJson);
-            var resultBuffer = Buffer.from(parsed.data, "base64");
-            if (outputEncoding && outputEncoding !== "buffer") return resultBuffer.toString(outputEncoding);
-            return resultBuffer;
+            if (name3 === "HMAC") {
+              if (!secretBytes.byteLength || algo.length === 0) {
+                throw createDomException2("Zero-length key is not supported", "DataError");
+              }
+              if (!usages.length) {
+                throw new SyntaxError("Usages cannot be empty when importing a secret key.");
+              }
+              return createCompatibleCryptoKey2({
+                type: "secret",
+                extractable,
+                algorithm: {
+                  name: name3,
+                  hash: typeof algo.hash === "string" ? { name: algo.hash } : cloneObject2(algo.hash),
+                  length: secretBytes.byteLength * 8
+                },
+                usages: Array.from(usages),
+                _raw: keyObject._raw,
+                _sourceKeyObjectData: {
+                  type: "secret",
+                  raw: keyObject._raw
+                }
+              });
+            }
+            return createCompatibleCryptoKey2({
+              type: "secret",
+              extractable,
+              algorithm: {
+                name: name3,
+                length: secretBytes.byteLength * 8
+              },
+              usages: Array.from(usages),
+              _raw: keyObject._raw,
+              _sourceKeyObjectData: {
+                type: "secret",
+                raw: keyObject._raw
+              }
+            });
           }
-          var combined = Buffer.concat(this._chunks);
-          var options = {};
-          if (this._authTag) options.authTag = this._authTag.toString("base64");
-          var resultBase64 = _cryptoDecipheriv.applySync(void 0, [
-            this._algorithm,
-            this._key.toString("base64"),
-            this._iv.toString("base64"),
-            combined.toString("base64"),
-            JSON.stringify(options)
-          ]);
-          var resultBuffer2 = Buffer.from(resultBase64, "base64");
-          if (outputEncoding && outputEncoding !== "buffer") return resultBuffer2.toString(outputEncoding);
-          return resultBuffer2;
-        };
-        SandboxDecipher2.prototype.setAuthTag = function setAuthTag(tag) {
-          this._authTag = typeof tag === "string" ? Buffer.from(tag, "base64") : Buffer.from(tag);
-          return this;
-        };
-        SandboxDecipher2.prototype.setAAD = function setAAD(data) {
-          if (this._sessionId >= 0) {
-            var buf = typeof data === "string" ? Buffer.from(data, "utf8") : Buffer.from(data);
-            _cryptoCipherivUpdate.applySync(void 0, [this._sessionId, "", JSON.stringify({ setAAD: buf.toString("base64") })]);
+          var keyType = String(keyObject.asymmetricKeyType || "").toLowerCase();
+          var algorithmName = String(name3 || "");
+          if ((keyType === "ed25519" || keyType === "ed448" || keyType === "x25519" || keyType === "x448") && keyType !== algorithmName.toLowerCase()) {
+            throw createDomException2("Invalid key type", "DataError");
           }
-          return this;
-        };
-        SandboxDecipher2.prototype.setAutoPadding = function setAutoPadding(autoPadding) {
-          if (this._sessionId >= 0) {
-            _cryptoCipherivUpdate.applySync(void 0, [this._sessionId, "", JSON.stringify({ setAutoPadding: autoPadding !== false })]);
+          if (algorithmName === "ECDH") {
+            if (keyObject.type === "private" && !usages.length) {
+              throw new SyntaxError("Usages cannot be empty when importing a private key.");
+            }
+            var actualCurve = normalizeNamedCurve2(
+              keyObject.asymmetricKeyDetails && keyObject.asymmetricKeyDetails.namedCurve
+            );
+            if (algo.namedCurve && actualCurve && normalizeNamedCurve2(algo.namedCurve) !== actualCurve) {
+              throw createDomException2("Named curve mismatch", "DataError");
+            }
           }
-          return this;
-        };
-        result2.createDecipheriv = function createDecipheriv(algorithm, key, iv) {
-          return new SandboxDecipher2(algorithm, key, iv);
-        };
-        result2.Decipheriv = SandboxDecipher2;
-      }
-      if (typeof _cryptoSign !== "undefined") {
-        result2.sign = function sign(algorithm, data, key) {
-          var dataBuf = typeof data === "string" ? Buffer.from(data, "utf8") : Buffer.from(data);
-          var keyPem;
-          if (typeof key === "string") {
-            keyPem = key;
-          } else if (key && typeof key === "object" && key._pem) {
-            keyPem = key._pem;
-          } else if (Buffer.isBuffer(key)) {
-            keyPem = key.toString("utf8");
-          } else {
-            keyPem = String(key);
+          var normalizedAlgo = cloneObject2(algo);
+          if (typeof normalizedAlgo.hash === "string") {
+            normalizedAlgo.hash = { name: normalizedAlgo.hash };
           }
-          var sigBase64 = _cryptoSign.applySync(void 0, [
-            algorithm,
-            dataBuf.toString("base64"),
-            keyPem
-          ]);
-          return Buffer.from(sigBase64, "base64");
-        };
-      }
-      if (typeof _cryptoVerify !== "undefined") {
-        result2.verify = function verify(algorithm, data, key, signature) {
-          var dataBuf = typeof data === "string" ? Buffer.from(data, "utf8") : Buffer.from(data);
-          var keyPem;
+          return createCompatibleCryptoKey2({
+            type: keyObject.type,
+            extractable,
+            algorithm: normalizedAlgo,
+            usages: Array.from(usages),
+            _pem: keyObject._pem,
+            _jwk: cloneObject2(keyObject._jwk),
+            _sourceKeyObjectData: {
+              type: keyObject.type,
+              pem: keyObject._pem,
+              jwk: cloneObject2(keyObject._jwk),
+              asymmetricKeyType: keyObject.asymmetricKeyType,
+              asymmetricKeyDetails: cloneObject2(keyObject.asymmetricKeyDetails)
+            }
+          });
+        }, createAsymmetricKeyObject2 = function(type, key) {
           if (typeof key === "string") {
-            keyPem = key;
-          } else if (key && typeof key === "object" && key._pem) {
-            keyPem = key._pem;
-          } else if (Buffer.isBuffer(key)) {
-            keyPem = key.toString("utf8");
-          } else {
-            keyPem = String(key);
+            if (key.indexOf("-----BEGIN") === -1) {
+              throw new TypeError("error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE");
+            }
+            return new SandboxKeyObject2(type, { pem: key });
           }
-          var sigBuf = typeof signature === "string" ? Buffer.from(signature, "base64") : Buffer.from(signature);
-          return _cryptoVerify.applySync(void 0, [
-            algorithm,
-            dataBuf.toString("base64"),
-            keyPem,
-            sigBuf.toString("base64")
-          ]);
-        };
-      }
-      if (typeof _cryptoGenerateKeyPairSync !== "undefined") {
-        let SandboxKeyObject2 = function(type, pem) {
-          this.type = type;
-          this._pem = pem;
+          if (key && typeof key === "object" && key._pem) {
+            return new SandboxKeyObject2(type, {
+              pem: key._pem,
+              jwk: key._jwk,
+              asymmetricKeyType: key.asymmetricKeyType,
+              asymmetricKeyDetails: key.asymmetricKeyDetails
+            });
+          }
+          if (key && typeof key === "object" && key.key) {
+            var keyData = typeof key.key === "string" ? key.key : key.key.toString("utf8");
+            return new SandboxKeyObject2(type, { pem: keyData });
+          }
+          if (Buffer.isBuffer(key)) {
+            var keyStr = key.toString("utf8");
+            if (keyStr.indexOf("-----BEGIN") === -1) {
+              throw new TypeError("error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE");
+            }
+            return new SandboxKeyObject2(type, { pem: keyStr });
+          }
+          return new SandboxKeyObject2(type, { pem: String(key) });
+        }, createGeneratedKeyObject2 = function(value) {
+          return new SandboxKeyObject2(value.type, {
+            pem: value.pem,
+            raw: value.raw,
+            jwk: value.jwk,
+            asymmetricKeyType: value.asymmetricKeyType,
+            asymmetricKeyDetails: value.asymmetricKeyDetails
+          });
         };
-        var SandboxKeyObject = SandboxKeyObject2;
+        var restoreBridgeValue = restoreBridgeValue2, cloneObject = cloneObject2, createDomException = createDomException2, toRawBuffer = toRawBuffer2, serializeBridgeValue = serializeBridgeValue2, normalizeCryptoBridgeError = normalizeCryptoBridgeError2, deserializeGeneratedKeyValue = deserializeGeneratedKeyValue2, serializeBridgeOptions = serializeBridgeOptions2, createInvalidArgTypeError = createInvalidArgTypeError2, scheduleCryptoCallback = scheduleCryptoCallback2, shouldThrowCryptoValidationError = shouldThrowCryptoValidationError2, ensureCryptoCallback = ensureCryptoCallback2, SandboxKeyObject = SandboxKeyObject2, normalizeNamedCurve = normalizeNamedCurve2, normalizeAlgorithmInput = normalizeAlgorithmInput2, createCompatibleCryptoKey = createCompatibleCryptoKey2, buildCryptoKeyFromKeyObject = buildCryptoKeyFromKeyObject2, createAsymmetricKeyObject = createAsymmetricKeyObject2, createGeneratedKeyObject = createGeneratedKeyObject2;
+        Object.defineProperty(SandboxKeyObject2.prototype, Symbol.toStringTag, {
+          value: "KeyObject",
+          configurable: true
+        });
         SandboxKeyObject2.prototype.export = function exportKey(options) {
-          if (!options || options.format === "pem") {
-            return this._pem;
+          if (this.type === "secret") {
+            return Buffer.from(this._raw || "", "base64");
+          }
+          if (!options || typeof options !== "object") {
+            throw new TypeError('The "options" argument must be of type object.');
+          }
+          if (options.format === "jwk") {
+            return cloneObject2(this._jwk);
           }
           if (options.format === "der") {
-            var lines = this._pem.split("\n").filter(function(l) {
+            var lines = String(this._pem || "").split("\n").filter(function(l) {
               return l && l.indexOf("-----") !== 0;
             });
             return Buffer.from(lines.join(""), "base64");
@@ -762,95 +1834,168 @@
           return this._pem;
         };
         SandboxKeyObject2.prototype.toString = function() {
-          return this._pem;
+          return "[object KeyObject]";
         };
-        result2.generateKeyPairSync = function generateKeyPairSync(type, options) {
-          var opts = {};
-          if (options) {
-            if (options.modulusLength !== void 0) opts.modulusLength = options.modulusLength;
-            if (options.publicExponent !== void 0) opts.publicExponent = options.publicExponent;
-            if (options.namedCurve !== void 0) opts.namedCurve = options.namedCurve;
-            if (options.divisorLength !== void 0) opts.divisorLength = options.divisorLength;
-            if (options.primeLength !== void 0) opts.primeLength = options.primeLength;
+        SandboxKeyObject2.prototype.equals = function equals(other) {
+          if (!(other instanceof SandboxKeyObject2)) {
+            return false;
+          }
+          if (this.type !== other.type) {
+            return false;
           }
+          if (this.type === "secret") {
+            return (this._raw || "") === (other._raw || "");
+          }
+          return (this._pem || "") === (other._pem || "") && this.asymmetricKeyType === other.asymmetricKeyType;
+        };
+        SandboxKeyObject2.prototype.toCryptoKey = function toCryptoKey(algorithm, extractable, usages) {
+          return buildCryptoKeyFromKeyObject2(this, algorithm, extractable, Array.from(usages || []));
+        };
+        result2.generateKeyPairSync = function generateKeyPairSync(type, options) {
           var resultJson = _cryptoGenerateKeyPairSync.applySync(void 0, [
             type,
-            JSON.stringify(opts)
+            serializeBridgeOptions2(options)
           ]);
           var parsed = JSON.parse(resultJson);
-          if (options && options.publicKeyEncoding && options.privateKeyEncoding) {
-            return { publicKey: parsed.publicKey, privateKey: parsed.privateKey };
+          if (parsed.publicKey && parsed.publicKey.kind) {
+            return {
+              publicKey: deserializeGeneratedKeyValue2(parsed.publicKey),
+              privateKey: deserializeGeneratedKeyValue2(parsed.privateKey)
+            };
           }
           return {
-            publicKey: new SandboxKeyObject2("public", parsed.publicKey),
-            privateKey: new SandboxKeyObject2("private", parsed.privateKey)
+            publicKey: createGeneratedKeyObject2(parsed.publicKey),
+            privateKey: createGeneratedKeyObject2(parsed.privateKey)
           };
         };
         result2.generateKeyPair = function generateKeyPair(type, options, callback) {
+          if (typeof options === "function") {
+            callback = options;
+            options = void 0;
+          }
+          callback = ensureCryptoCallback2(callback, function() {
+            result2.generateKeyPairSync(type, options);
+          });
           try {
             var pair = result2.generateKeyPairSync(type, options);
-            callback(null, pair.publicKey, pair.privateKey);
+            scheduleCryptoCallback2(callback, [null, pair.publicKey, pair.privateKey]);
           } catch (e) {
-            callback(e);
+            if (shouldThrowCryptoValidationError2(e)) {
+              throw e;
+            }
+            scheduleCryptoCallback2(callback, [e]);
           }
         };
-        result2.createPublicKey = function createPublicKey(key) {
-          if (typeof key === "string") {
-            if (key.indexOf("-----BEGIN") === -1) {
-              throw new TypeError("error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE");
+        if (typeof _cryptoGenerateKeySync !== "undefined") {
+          result2.generateKeySync = function generateKeySync(type, options) {
+            var resultJson;
+            try {
+              resultJson = _cryptoGenerateKeySync.applySync(void 0, [
+                type,
+                serializeBridgeOptions2(options)
+              ]);
+            } catch (error) {
+              throw normalizeCryptoBridgeError2(error);
             }
-            return new SandboxKeyObject2("public", key);
-          }
-          if (key && typeof key === "object" && key._pem) {
-            return new SandboxKeyObject2("public", key._pem);
-          }
-          if (key && typeof key === "object" && key.type === "private") {
-            return new SandboxKeyObject2("public", key._pem);
-          }
-          if (key && typeof key === "object" && key.key) {
-            var keyData = typeof key.key === "string" ? key.key : key.key.toString("utf8");
-            return new SandboxKeyObject2("public", keyData);
-          }
-          if (Buffer.isBuffer(key)) {
-            var keyStr = key.toString("utf8");
-            if (keyStr.indexOf("-----BEGIN") === -1) {
-              throw new TypeError("error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE");
+            return createGeneratedKeyObject2(JSON.parse(resultJson));
+          };
+          result2.generateKey = function generateKey(type, options, callback) {
+            callback = ensureCryptoCallback2(callback, function() {
+              result2.generateKeySync(type, options);
+            });
+            try {
+              var key = result2.generateKeySync(type, options);
+              scheduleCryptoCallback2(callback, [null, key]);
+            } catch (e) {
+              if (shouldThrowCryptoValidationError2(e)) {
+                throw e;
+              }
+              scheduleCryptoCallback2(callback, [e]);
+            }
+          };
+        }
+        if (typeof _cryptoGeneratePrimeSync !== "undefined") {
+          result2.generatePrimeSync = function generatePrimeSync(size, options) {
+            var resultJson;
+            try {
+              resultJson = _cryptoGeneratePrimeSync.applySync(void 0, [
+                size,
+                serializeBridgeOptions2(options)
+              ]);
+            } catch (error) {
+              throw normalizeCryptoBridgeError2(error);
+            }
+            return restoreBridgeValue2(JSON.parse(resultJson));
+          };
+          result2.generatePrime = function generatePrime(size, options, callback) {
+            if (typeof options === "function") {
+              callback = options;
+              options = void 0;
+            }
+            callback = ensureCryptoCallback2(callback, function() {
+              result2.generatePrimeSync(size, options);
+            });
+            try {
+              var prime = result2.generatePrimeSync(size, options);
+              scheduleCryptoCallback2(callback, [null, prime]);
+            } catch (e) {
+              if (shouldThrowCryptoValidationError2(e)) {
+                throw e;
+              }
+              scheduleCryptoCallback2(callback, [e]);
+            }
+          };
+        }
+        result2.createPublicKey = function createPublicKey(key) {
+          if (typeof _cryptoCreateKeyObject !== "undefined") {
+            var resultJson;
+            try {
+              resultJson = _cryptoCreateKeyObject.applySync(void 0, [
+                "createPublicKey",
+                JSON.stringify(serializeBridgeValue2(key))
+              ]);
+            } catch (error) {
+              throw normalizeCryptoBridgeError2(error);
             }
-            return new SandboxKeyObject2("public", keyStr);
+            return createGeneratedKeyObject2(JSON.parse(resultJson));
           }
-          return new SandboxKeyObject2("public", String(key));
+          return createAsymmetricKeyObject2("public", key);
         };
         result2.createPrivateKey = function createPrivateKey(key) {
-          if (typeof key === "string") {
-            if (key.indexOf("-----BEGIN") === -1) {
-              throw new TypeError("error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE");
-            }
-            return new SandboxKeyObject2("private", key);
-          }
-          if (key && typeof key === "object" && key._pem) {
-            return new SandboxKeyObject2("private", key._pem);
-          }
-          if (key && typeof key === "object" && key.key) {
-            var keyData = typeof key.key === "string" ? key.key : key.key.toString("utf8");
-            return new SandboxKeyObject2("private", keyData);
-          }
-          if (Buffer.isBuffer(key)) {
-            var keyStr = key.toString("utf8");
-            if (keyStr.indexOf("-----BEGIN") === -1) {
-              throw new TypeError("error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE");
+          if (typeof _cryptoCreateKeyObject !== "undefined") {
+            var resultJson;
+            try {
+              resultJson = _cryptoCreateKeyObject.applySync(void 0, [
+                "createPrivateKey",
+                JSON.stringify(serializeBridgeValue2(key))
+              ]);
+            } catch (error) {
+              throw normalizeCryptoBridgeError2(error);
             }
-            return new SandboxKeyObject2("private", keyStr);
+            return createGeneratedKeyObject2(JSON.parse(resultJson));
           }
-          return new SandboxKeyObject2("private", String(key));
+          return createAsymmetricKeyObject2("private", key);
         };
-        result2.createSecretKey = function createSecretKey(key) {
-          if (typeof key === "string") {
-            return new SandboxKeyObject2("secret", key);
+        result2.createSecretKey = function createSecretKey(key, encoding) {
+          return new SandboxKeyObject2("secret", {
+            raw: toRawBuffer2(key, encoding).toString("base64")
+          });
+        };
+        SandboxKeyObject2.from = function from(key) {
+          if (!key || typeof key !== "object" || key[Symbol.toStringTag] !== "CryptoKey") {
+            throw new TypeError('The "key" argument must be an instance of CryptoKey.');
           }
-          if (Buffer.isBuffer(key) || key instanceof Uint8Array) {
-            return new SandboxKeyObject2("secret", Buffer.from(key).toString("utf8"));
+          if (key._sourceKeyObjectData && key._sourceKeyObjectData.type === "secret") {
+            return new SandboxKeyObject2("secret", {
+              raw: key._sourceKeyObjectData.raw
+            });
           }
-          return new SandboxKeyObject2("secret", String(key));
+          return new SandboxKeyObject2(key.type, {
+            pem: key._pem,
+            jwk: key._jwk,
+            asymmetricKeyType: key._sourceKeyObjectData && key._sourceKeyObjectData.asymmetricKeyType,
+            asymmetricKeyDetails: key._sourceKeyObjectData && key._sourceKeyObjectData.asymmetricKeyDetails
+          });
         };
         result2.KeyObject = SandboxKeyObject2;
       }
@@ -861,6 +2006,10 @@
           this.algorithm = keyData.algorithm;
           this.usages = keyData.usages;
           this._keyData = keyData;
+          this._pem = keyData._pem;
+          this._jwk = keyData._jwk;
+          this._raw = keyData._raw;
+          this._sourceKeyObjectData = keyData._sourceKeyObjectData;
         }, toBase642 = function(data) {
           if (typeof data === "string") return Buffer.from(data).toString("base64");
           if (data instanceof ArrayBuffer) return Buffer.from(new Uint8Array(data)).toString("base64");
@@ -873,6 +2022,24 @@
           return algorithm;
         };
         var SandboxCryptoKey = SandboxCryptoKey2, toBase64 = toBase642, subtleCall = subtleCall2, normalizeAlgo = normalizeAlgo2;
+        Object.defineProperty(SandboxCryptoKey2.prototype, Symbol.toStringTag, {
+          value: "CryptoKey",
+          configurable: true
+        });
+        Object.defineProperty(SandboxCryptoKey2, Symbol.hasInstance, {
+          value: function(candidate) {
+            return !!(candidate && typeof candidate === "object" && (candidate._keyData || candidate[Symbol.toStringTag] === "CryptoKey"));
+          },
+          configurable: true
+        });
+        if (globalThis.CryptoKey && globalThis.CryptoKey.prototype && globalThis.CryptoKey.prototype !== SandboxCryptoKey2.prototype) {
+          Object.setPrototypeOf(SandboxCryptoKey2.prototype, globalThis.CryptoKey.prototype);
+        }
+        if (typeof globalThis.CryptoKey === "undefined") {
+          __requireExposeCustomGlobal("CryptoKey", SandboxCryptoKey2);
+        } else if (globalThis.CryptoKey !== SandboxCryptoKey2) {
+          globalThis.CryptoKey = SandboxCryptoKey2;
+        }
         var SandboxSubtle = {};
         SandboxSubtle.digest = function digest(algorithm, data) {
           return Promise.resolve().then(function() {
@@ -977,22 +2144,6 @@
             return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
           });
         };
-        SandboxSubtle.deriveBits = function deriveBits(algorithm, baseKey, length) {
-          return Promise.resolve().then(function() {
-            var algo = normalizeAlgo2(algorithm);
-            var reqAlgo = Object.assign({}, algo);
-            if (reqAlgo.hash) reqAlgo.hash = normalizeAlgo2(reqAlgo.hash);
-            if (reqAlgo.salt) reqAlgo.salt = toBase642(reqAlgo.salt);
-            var result22 = JSON.parse(subtleCall2({
-              op: "deriveBits",
-              algorithm: reqAlgo,
-              key: baseKey._keyData,
-              length
-            }));
-            var buf = Buffer.from(result22.data, "base64");
-            return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
-          });
-        };
         SandboxSubtle.sign = function sign(algorithm, key, data) {
           return Promise.resolve().then(function() {
             var result22 = JSON.parse(subtleCall2({
@@ -1017,8 +2168,45 @@
             return result22.result;
           });
         };
-        result2.subtle = SandboxSubtle;
-        result2.webcrypto = { subtle: SandboxSubtle, getRandomValues: result2.randomFillSync };
+        SandboxSubtle.deriveBits = function deriveBits(algorithm, baseKey, length) {
+          return Promise.resolve().then(function() {
+            var algo = normalizeAlgo2(algorithm);
+            var reqAlgo = Object.assign({}, algo);
+            if (reqAlgo.salt) reqAlgo.salt = toBase642(reqAlgo.salt);
+            if (reqAlgo.info) reqAlgo.info = toBase642(reqAlgo.info);
+            var result22 = JSON.parse(subtleCall2({
+              op: "deriveBits",
+              algorithm: reqAlgo,
+              baseKey: baseKey._keyData,
+              length
+            }));
+            return Buffer.from(result22.data, "base64").buffer;
+          });
+        };
+        SandboxSubtle.deriveKey = function deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages) {
+          return Promise.resolve().then(function() {
+            var algo = normalizeAlgo2(algorithm);
+            var reqAlgo = Object.assign({}, algo);
+            if (reqAlgo.salt) reqAlgo.salt = toBase642(reqAlgo.salt);
+            if (reqAlgo.info) reqAlgo.info = toBase642(reqAlgo.info);
+            var result22 = JSON.parse(subtleCall2({
+              op: "deriveKey",
+              algorithm: reqAlgo,
+              baseKey: baseKey._keyData,
+              derivedKeyAlgorithm: normalizeAlgo2(derivedKeyAlgorithm),
+              extractable,
+              usages: keyUsages
+            }));
+            return new SandboxCryptoKey2(result22.key);
+          });
+        };
+        if (globalThis.crypto && globalThis.crypto.subtle && typeof globalThis.crypto.subtle.importKey === "function") {
+          result2.subtle = globalThis.crypto.subtle;
+          result2.webcrypto = globalThis.crypto;
+        } else {
+          result2.subtle = SandboxSubtle;
+          result2.webcrypto = { subtle: SandboxSubtle, getRandomValues: result2.randomFillSync };
+        }
       }
       if (typeof result2.getCurves !== "function") {
         result2.getCurves = function getCurves() {
@@ -1065,6 +2253,16 @@
           return out === 0;
         };
       }
+      if (typeof result2.getFips !== "function") {
+        result2.getFips = function getFips() {
+          return 0;
+        };
+      }
+      if (typeof result2.setFips !== "function") {
+        result2.setFips = function setFips() {
+          throw new Error("FIPS mode is not supported in sandbox");
+        };
+      }
       return result2;
     }
     if (name2 === "stream") {
@@ -1124,7 +2322,6 @@
     return result2;
   }
   var _deferredCoreModules = /* @__PURE__ */ new Set([
-    "tls",
     "readline",
     "perf_hooks",
     "async_hooks",
@@ -1132,7 +2329,6 @@
     "diagnostics_channel"
   ]);
   var _unsupportedCoreModules = /* @__PURE__ */ new Set([
-    "dgram",
     "cluster",
     "wasi",
     "inspector",
@@ -1168,25 +2364,14 @@
     return _requireFrom(moduleName2, _currentModule.dirname);
   };
   __requireExposeCustomGlobal("require", __require);
-  var _resolveCache = /* @__PURE__ */ Object.create(null);
   function _resolveFrom(moduleName2, fromDir2) {
-    const cacheKey2 = fromDir2 + "\0" + moduleName2;
-    if (cacheKey2 in _resolveCache) {
-      const cached = _resolveCache[cacheKey2];
-      if (cached === null) {
-        const err = new Error("Cannot find module '" + moduleName2 + "'");
-        err.code = "MODULE_NOT_FOUND";
-        throw err;
-      }
-      return cached;
-    }
-    let resolved2;
+    var resolved2;
     if (typeof _resolveModuleSync !== "undefined") {
       resolved2 = _resolveModuleSync.applySync(void 0, [moduleName2, fromDir2]);
-    } else {
-      resolved2 = _resolveModule.applySyncPromise(void 0, [moduleName2, fromDir2]);
     }
-    _resolveCache[cacheKey2] = resolved2;
+    if (resolved2 === null || resolved2 === void 0) {
+      resolved2 = _resolveModule.applySyncPromise(void 0, [moduleName2, fromDir2, "require"]);
+    }
     if (resolved2 === null) {
       const err = new Error("Cannot find module '" + moduleName2 + "'");
       err.code = "MODULE_NOT_FOUND";
@@ -1285,18 +2470,99 @@
       _debugRequire("loaded", name, "stream-promises-special");
       return promisesModule;
     }
+    if (name === "stream/consumers") {
+      if (__internalModuleCache["stream/consumers"]) return __internalModuleCache["stream/consumers"];
+      const consumersModule = {};
+      consumersModule.buffer = async function buffer(stream) {
+        const chunks = [];
+        const pushChunk = function(chunk) {
+          if (typeof chunk === "string") {
+            chunks.push(Buffer.from(chunk));
+          } else if (Buffer.isBuffer(chunk)) {
+            chunks.push(chunk);
+          } else if (ArrayBuffer.isView(chunk)) {
+            chunks.push(Buffer.from(chunk.buffer, chunk.byteOffset, chunk.byteLength));
+          } else if (chunk instanceof ArrayBuffer) {
+            chunks.push(Buffer.from(new Uint8Array(chunk)));
+          } else {
+            chunks.push(Buffer.from(String(chunk)));
+          }
+        };
+        if (stream && typeof stream[Symbol.asyncIterator] === "function") {
+          for await (const chunk of stream) {
+            pushChunk(chunk);
+          }
+          return Buffer.concat(chunks);
+        }
+        return new Promise(function(resolve2, reject) {
+          stream.on("data", pushChunk);
+          stream.on("end", function() {
+            resolve2(Buffer.concat(chunks));
+          });
+          stream.on("error", reject);
+        });
+      };
+      consumersModule.text = async function text(stream) {
+        return (await consumersModule.buffer(stream)).toString("utf8");
+      };
+      consumersModule.json = async function json(stream) {
+        return JSON.parse(await consumersModule.text(stream));
+      };
+      consumersModule.arrayBuffer = async function arrayBuffer(stream) {
+        const buffer = await consumersModule.buffer(stream);
+        return buffer.buffer.slice(
+          buffer.byteOffset,
+          buffer.byteOffset + buffer.byteLength
+        );
+      };
+      __internalModuleCache["stream/consumers"] = consumersModule;
+      _debugRequire("loaded", name, "stream-consumers-special");
+      return consumersModule;
+    }
     if (name === "child_process") {
       if (__internalModuleCache["child_process"]) return __internalModuleCache["child_process"];
       __internalModuleCache["child_process"] = _childProcessModule;
       _debugRequire("loaded", name, "child-process-special");
       return _childProcessModule;
     }
+    if (name === "net") {
+      if (__internalModuleCache["net"]) return __internalModuleCache["net"];
+      __internalModuleCache["net"] = _netModule;
+      _debugRequire("loaded", name, "net-special");
+      return _netModule;
+    }
+    if (name === "tls") {
+      if (__internalModuleCache["tls"]) return __internalModuleCache["tls"];
+      __internalModuleCache["tls"] = _tlsModule;
+      _debugRequire("loaded", name, "tls-special");
+      return _tlsModule;
+    }
     if (name === "http") {
       if (__internalModuleCache["http"]) return __internalModuleCache["http"];
       __internalModuleCache["http"] = _httpModule;
       _debugRequire("loaded", name, "http-special");
       return _httpModule;
     }
+    if (name === "_http_agent") {
+      if (__internalModuleCache["_http_agent"]) return __internalModuleCache["_http_agent"];
+      const httpAgentModule = {
+        Agent: _httpModule.Agent,
+        globalAgent: _httpModule.globalAgent
+      };
+      __internalModuleCache["_http_agent"] = httpAgentModule;
+      _debugRequire("loaded", name, "http-agent-special");
+      return httpAgentModule;
+    }
+    if (name === "_http_common") {
+      if (__internalModuleCache["_http_common"]) return __internalModuleCache["_http_common"];
+      const httpCommonModule = {
+        _checkIsHttpToken: _httpModule._checkIsHttpToken,
+        _checkInvalidHeaderChar: _httpModule._checkInvalidHeaderChar
+      };
+      __internalModuleCache["_http_common"] = httpCommonModule;
+      _debugRequire("loaded", name, "http-common-special");
+      return httpCommonModule;
+    }
     if (name === "https") {
       if (__internalModuleCache["https"]) return __internalModuleCache["https"];
       __internalModuleCache["https"] = _httpsModule;
@@ -1309,23 +2575,34 @@
       _debugRequire("loaded", name, "http2-special");
       return _http2Module;
     }
+    if (name === "internal/http2/util") {
+      if (__internalModuleCache[name]) return __internalModuleCache[name];
+      class NghttpError extends Error {
+        constructor(message) {
+          super(message);
+          this.name = "Error";
+          this.code = "ERR_HTTP2_ERROR";
+        }
+      }
+      const utilModule = {
+        kSocket: /* @__PURE__ */ Symbol.for("secure-exec.http2.kSocket"),
+        NghttpError
+      };
+      __internalModuleCache[name] = utilModule;
+      _debugRequire("loaded", name, "http2-util-special");
+      return utilModule;
+    }
     if (name === "dns") {
       if (__internalModuleCache["dns"]) return __internalModuleCache["dns"];
       __internalModuleCache["dns"] = _dnsModule;
       _debugRequire("loaded", name, "dns-special");
       return _dnsModule;
     }
-    if (name === "net") {
-      if (__internalModuleCache["net"]) return __internalModuleCache["net"];
-      __internalModuleCache["net"] = _netModule;
-      _debugRequire("loaded", name, "net-special");
-      return _netModule;
-    }
-    if (name === "tls") {
-      if (__internalModuleCache["tls"]) return __internalModuleCache["tls"];
-      __internalModuleCache["tls"] = _tlsModule;
-      _debugRequire("loaded", name, "tls-special");
-      return _tlsModule;
+    if (name === "dgram") {
+      if (__internalModuleCache["dgram"]) return __internalModuleCache["dgram"];
+      __internalModuleCache["dgram"] = _dgramModule;
+      _debugRequire("loaded", name, "dgram-special");
+      return _dgramModule;
     }
     if (name === "os") {
       if (__internalModuleCache["os"]) return __internalModuleCache["os"];
@@ -1483,12 +2760,7 @@
     if (_unsupportedCoreModules.has(name)) {
       throw new Error(name + " is not supported in sandbox");
     }
-    if (__internalModuleCache[name]) {
-      _debugRequire("name-cache-hit", name, name);
-      return __internalModuleCache[name];
-    }
-    const isPath = name[0] === "." || name[0] === "/";
-    const polyfillCode = isPath ? null : _loadPolyfill.applySyncPromise(void 0, [name]);
+    const polyfillCode = _loadPolyfill.applySyncPromise(void 0, [name]);
     if (polyfillCode !== null) {
       if (__internalModuleCache[name]) return __internalModuleCache[name];
       const moduleObj = { exports: {} };
@@ -1505,14 +2777,6 @@
       _debugRequire("loaded", name, "polyfill");
       return __internalModuleCache[name];
     }
-    const resolveCacheKey = fromDir + "\0" + name;
-    if (resolveCacheKey in _resolveCache) {
-      const cachedPath = _resolveCache[resolveCacheKey];
-      if (cachedPath !== null && __internalModuleCache[cachedPath]) {
-        _debugRequire("resolve-cache-hit", name, cachedPath);
-        return __internalModuleCache[cachedPath];
-      }
-    }
     resolved = _resolveFrom(name, fromDir);
     cacheKey = resolved;
     if (__internalModuleCache[cacheKey]) {
@@ -1523,11 +2787,12 @@
       _debugRequire("pending-hit", name, cacheKey);
       return _pendingModules[cacheKey].exports;
     }
-    let source;
+    var source;
     if (typeof _loadFileSync !== "undefined") {
       source = _loadFileSync.applySync(void 0, [resolved]);
-    } else {
-      source = _loadFile.applySyncPromise(void 0, [resolved]);
+    }
+    if (source === null || source === void 0) {
+      source = _loadFile.applySyncPromise(void 0, [resolved, "require"]);
     }
     if (source === null) {
       const err = new Error("Cannot find module '" + resolved + "'");
@@ -1594,9 +2859,6 @@
       _currentModule = prevModule;
     }
     __internalModuleCache[cacheKey] = module.exports;
-    if (!isPath && name !== cacheKey) {
-      __internalModuleCache[name] = module.exports;
-    }
     delete _pendingModules[cacheKey];
     _debugRequire("loaded", name, cacheKey);
     return module.exports;