@smonn/ids 0.3.1 → 0.3.3

package/dist/id-CcoPE2EX.mjs

@@ -0,0 +1,95 @@
+import { a as writeTimestamp, c as toWireId, i as readTimestampMsFromBase32Suffix, l as validateBrand, n as registerBrand, t as wireMethods } from "./codec-shell-C0arqqX3.mjs";
+//#region src/layouts/timestamp.ts
+const randomByteLength = 10;
+/** Writes a 16-byte timestamp-layout payload into codec-owned scratch. */
+function buildPayload(ms, rng, buffer, randomView) {
+	writeTimestamp(ms, buffer);
+	rng(randomView);
+}
+/** Writes sentinel min/max random bytes into codec-owned scratch. */
+function buildSentinelPayload(ms, fill, buffer, randomView) {
+	writeTimestamp(ms, buffer);
+	randomView.fill(fill);
+}
+/** Decodes the creation timestamp from a trusted wire ID. */
+function extractTimestampFromId(prefix, id) {
+	return new Date(readTimestampMsFromBase32Suffix(id.slice(prefix.length)));
+}
+/** Layout ops binder for the Timestamp variant. `extractTimestampFromId` is module-private; the binder exposes `extractTimestamp` for the codec constructor. */
+function createTimestampLayoutOps(prefix, rng) {
+	const buffer = new Uint8Array(16);
+	const randomView = new Uint8Array(buffer.buffer, 6, randomByteLength);
+	return {
+		generateAt: (ms) => {
+			buildPayload(ms, rng, buffer, randomView);
+			return toWireId(prefix, buffer);
+		},
+		extractTimestamp: (id) => extractTimestampFromId(prefix, id),
+		minIdForTime: (ms) => {
+			buildSentinelPayload(ms, 0, buffer, randomView);
+			return toWireId(prefix, buffer);
+		},
+		maxIdForTime: (ms) => {
+			buildSentinelPayload(ms, 255, buffer, randomView);
+			return toWireId(prefix, buffer);
+		},
+		exampleWireId: (ms) => {
+			buildPayload(ms, rng, buffer, randomView);
+			return toWireId(prefix, buffer);
+		}
+	};
+}
+//#endregion
+//#region src/id.ts
+const hexCharCodeToNibble = new Uint8Array(128);
+for (let i = 0; i < 10; i++) hexCharCodeToNibble[48 + i] = i;
+for (let i = 0; i < 6; i++) hexCharCodeToNibble[97 + i] = 10 + i;
+const defaultOptions = {
+	now: Date.now,
+	rng: (target) => {
+		const s = crypto.randomUUID();
+		target[0] = hexCharCodeToNibble[s.charCodeAt(0)] << 4 | hexCharCodeToNibble[s.charCodeAt(1)];
+		target[1] = hexCharCodeToNibble[s.charCodeAt(2)] << 4 | hexCharCodeToNibble[s.charCodeAt(3)];
+		target[2] = hexCharCodeToNibble[s.charCodeAt(4)] << 4 | hexCharCodeToNibble[s.charCodeAt(5)];
+		target[3] = hexCharCodeToNibble[s.charCodeAt(6)] << 4 | hexCharCodeToNibble[s.charCodeAt(7)];
+		target[4] = hexCharCodeToNibble[s.charCodeAt(9)] << 4 | hexCharCodeToNibble[s.charCodeAt(10)];
+		target[5] = hexCharCodeToNibble[s.charCodeAt(11)] << 4 | hexCharCodeToNibble[s.charCodeAt(12)];
+		target[6] = hexCharCodeToNibble[s.charCodeAt(24)] << 4 | hexCharCodeToNibble[s.charCodeAt(25)];
+		target[7] = hexCharCodeToNibble[s.charCodeAt(26)] << 4 | hexCharCodeToNibble[s.charCodeAt(27)];
+		target[8] = hexCharCodeToNibble[s.charCodeAt(28)] << 4 | hexCharCodeToNibble[s.charCodeAt(29)];
+		target[9] = hexCharCodeToNibble[s.charCodeAt(30)] << 4 | hexCharCodeToNibble[s.charCodeAt(31)];
+	}
+};
+/**
+* Creates a codec for `brand` (three lowercase a–z characters).
+*
+* @param brand - Entity type brand validated once at construction.
+* @param opts - Optional `now`, `rng`, and `allowDuplicateBrand` overrides.
+*/
+function createId(brand, opts = {}) {
+	validateBrand(brand);
+	registerBrand(brand, opts.allowDuplicateBrand);
+	const options = {
+		...defaultOptions,
+		...opts
+	};
+	const prefix = `${brand}_`;
+	const wire = wireMethods(prefix);
+	const layout = createTimestampLayoutOps(prefix, options.rng);
+	return {
+		generate: () => layout.generateAt(options.now()),
+		generateAt: (date) => layout.generateAt(date.getTime()),
+		is: wire.is,
+		parse: wire.parse,
+		safeParse: wire.safeParse,
+		extractTimestamp: layout.extractTimestamp,
+		minIdForTime: (date) => layout.minIdForTime(date.getTime()),
+		maxIdForTime: (date) => layout.maxIdForTime(date.getTime()),
+		toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId(options.now())),
+		"~standard": wire["~standard"]
+	};
+}
+//#endregion
+export { createId as t };
+
+//# sourceMappingURL=id-CcoPE2EX.mjs.map

package/dist/id-CcoPE2EX.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"id-CcoPE2EX.mjs","names":[],"sources":["../src/layouts/timestamp.ts","../src/id.ts"],"sourcesContent":["import type { Id, Prefix } from \"../types.js\";\nimport { toWireId } from \"../wire/envelope.js\";\nimport { payloadByteLength } from \"../wire/invariants.js\";\nimport {\n  readTimestampMsFromBase32Suffix,\n  timestampByteLength,\n  writeTimestamp,\n} from \"../wire/timestamp-bytes.js\";\n\nconst randomByteLength: number = payloadByteLength - timestampByteLength;\n\n/** Writes a 16-byte timestamp-layout payload into codec-owned scratch. */\nfunction buildPayload(\n  ms: number,\n  rng: (target: Uint8Array) => void,\n  buffer: Uint8Array,\n  randomView: Uint8Array,\n): void {\n  writeTimestamp(ms, buffer);\n  rng(randomView);\n}\n\n/** Writes sentinel min/max random bytes into codec-owned scratch. */\nfunction buildSentinelPayload(\n  ms: number,\n  fill: number,\n  buffer: Uint8Array,\n  randomView: Uint8Array,\n): void {\n  writeTimestamp(ms, buffer);\n  randomView.fill(fill);\n}\n\n/** Decodes the creation timestamp from a trusted wire ID. */\nfunction extractTimestampFromId<Brand extends string>(prefix: Prefix<Brand>, id: Id<Brand>): Date {\n  return new Date(readTimestampMsFromBase32Suffix(id.slice(prefix.length)));\n}\n\n/** Layout ops binder for the Timestamp variant. `extractTimestampFromId` is module-private; the binder exposes `extractTimestamp` for the codec constructor. */\nexport function createTimestampLayoutOps<Brand extends string>(\n  prefix: Prefix<Brand>,\n  rng: (target: Uint8Array) => void,\n) {\n  // Per-codec scratch buffer. Shared across generateAt(), minIdForTime(),\n  // maxIdForTime(), and exampleWireId() — all are synchronous and overwrite both\n  // the timestamp and random slices before encoding, so successive callers see\n  // their own freshly-written bytes. toWireId reads the buffer and returns an\n  // independent string, so the caller never sees the buffer itself.\n  const buffer = new Uint8Array(payloadByteLength);\n  const randomView = new Uint8Array(buffer.buffer, timestampByteLength, randomByteLength);\n\n  return {\n    generateAt: (ms: number): Id<Brand> => {\n      buildPayload(ms, rng, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    extractTimestamp: (id: Id<Brand>): Date => extractTimestampFromId(prefix, id),\n    minIdForTime: (ms: number): Id<Brand> => {\n      buildSentinelPayload(ms, 0x00, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    maxIdForTime: (ms: number): Id<Brand> => {\n      buildSentinelPayload(ms, 0xff, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n    exampleWireId: (ms: number): Id<Brand> => {\n      buildPayload(ms, rng, buffer, randomView);\n      return toWireId(prefix, buffer);\n    },\n  };\n}\n","import { validateBrand } from \"./brand.js\";\nimport { createTimestampLayoutOps } from \"./layouts/timestamp.js\";\nimport { registerBrand } from \"./registry.js\";\nimport type { Id, JsonSchema, ParseResult, Prefix, StandardSchemaProps } from \"./types.js\";\nimport { wireMethods } from \"./wire/codec-shell.js\";\n\n/**\n * Configuration options for a codec instance.\n */\nexport type Options = {\n  /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */\n  now: () => number;\n  /** Writes random bytes into `target` for ID generation. Defaults to a `crypto.randomUUID` fast path. */\n  rng: (target: Uint8Array) => void;\n  /** If true, silences the duplicate-brand warning in non-production environments. */\n  allowDuplicateBrand?: boolean;\n};\n\n/**\n * A brand-scoped codec for generating and validating public-facing IDs.\n *\n * Wire format: `{brand}_` plus 26 lowercase Crockford base32 characters encoding a\n * 16-byte payload (6-byte ms timestamp + 10 random bytes). IDs sort by creation\n * time in ascending order.\n *\n * For encrypted IDs, use `createOpaqueId` from `@smonn/ids/opaque`.\n */\nexport type Codec<Brand extends string> = {\n  /** Produces a new canonical ID using the codec's `now` and `rng`. */\n  generate(): Id<Brand>;\n  /** Produces a new canonical ID with timestamp bytes from `date` and a fresh random tail. Throws on invalid dates. */\n  generateAt(date: Date): Id<Brand>;\n  /**\n   * Strict type guard: `true` only for already-canonical strings for this brand.\n   * For untrusted input, use `safeParse()` or `parse()` instead. See ADR-0003.\n   */\n  is(value: unknown): value is Id<Brand>;\n  /**\n   * Lenient parse: normalises case and Crockford aliases, returns canonical `Id<Brand>`, or throws.\n   */\n  parse(value: unknown): Id<Brand>;\n  /**\n   * Lenient parse without throwing: normalises to canonical form, or returns `{ ok: false, error }`.\n   */\n  safeParse(value: unknown): ParseResult<Brand>;\n  /**\n   * Decodes the creation `Date` from an `Id<Brand>`. Trusts the type — use `safeParse()` at boundaries first. See ADR-0002.\n   */\n  extractTimestamp(id: Id<Brand>): Date;\n  /** Tight lower bound for any ID generated at `date` (random portion `0x00`). Throws on invalid dates. */\n  minIdForTime(date: Date): Id<Brand>;\n  /** Tight upper bound for any ID generated at `date` (random portion `0xff`). Throws on invalid dates. */\n  maxIdForTime(date: Date): Id<Brand>;\n  /** JSON Schema for the canonical wire form (`pattern` is canonical-only). */\n  toJsonSchema(): JsonSchema;\n  /** Standard Schema validate entry point. */\n  readonly \"~standard\": StandardSchemaProps<Brand>;\n};\n\n// hex charCode → 0–15 nibble, for decoding UUIDv4 strings into bytes.\n// Covers ['0'-'9' = 48–57] and ['a'-'f' = 97–102]; UUIDs are lowercase per spec.\nconst hexCharCodeToNibble = new Uint8Array(128);\nfor (let i = 0; i < 10; i++) hexCharCodeToNibble[48 + i] = i;\nfor (let i = 0; i < 6; i++) hexCharCodeToNibble[97 + i] = 10 + i;\n\nconst defaultOptions: Options = {\n  now: Date.now,\n  // crypto.randomUUID is ~7× faster than crypto.getRandomValues in Node 24\n  // (~84 ns vs ~610 ns for a 16-byte fill — likely because the UUID path has\n  // a tight fixed-format fast path). We use the 122 random bits of a UUIDv4\n  // string as our entropy source, harvesting 10 fully-random bytes from\n  // positions where no version (hex 12) or variant (hex 16) bits sit.\n  // String layout: \"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx\" — bytes 0–5 are\n  // string[0..7]+string[9..12], bytes 6–9 are string[24..31].\n  rng: (target) => {\n    const s = crypto.randomUUID();\n    target[0] =\n      (hexCharCodeToNibble[s.charCodeAt(0)]! << 4) | hexCharCodeToNibble[s.charCodeAt(1)]!;\n    target[1] =\n      (hexCharCodeToNibble[s.charCodeAt(2)]! << 4) | hexCharCodeToNibble[s.charCodeAt(3)]!;\n    target[2] =\n      (hexCharCodeToNibble[s.charCodeAt(4)]! << 4) | hexCharCodeToNibble[s.charCodeAt(5)]!;\n    target[3] =\n      (hexCharCodeToNibble[s.charCodeAt(6)]! << 4) | hexCharCodeToNibble[s.charCodeAt(7)]!;\n    target[4] =\n      (hexCharCodeToNibble[s.charCodeAt(9)]! << 4) | hexCharCodeToNibble[s.charCodeAt(10)]!;\n    target[5] =\n      (hexCharCodeToNibble[s.charCodeAt(11)]! << 4) | hexCharCodeToNibble[s.charCodeAt(12)]!;\n    target[6] =\n      (hexCharCodeToNibble[s.charCodeAt(24)]! << 4) | hexCharCodeToNibble[s.charCodeAt(25)]!;\n    target[7] =\n      (hexCharCodeToNibble[s.charCodeAt(26)]! << 4) | hexCharCodeToNibble[s.charCodeAt(27)]!;\n    target[8] =\n      (hexCharCodeToNibble[s.charCodeAt(28)]! << 4) | hexCharCodeToNibble[s.charCodeAt(29)]!;\n    target[9] =\n      (hexCharCodeToNibble[s.charCodeAt(30)]! << 4) | hexCharCodeToNibble[s.charCodeAt(31)]!;\n  },\n};\n\n/**\n * Creates a codec for `brand` (three lowercase a–z characters).\n *\n * @param brand - Entity type brand validated once at construction.\n * @param opts - Optional `now`, `rng`, and `allowDuplicateBrand` overrides.\n */\nexport function createId<Brand extends string>(\n  brand: Brand,\n  opts: Partial<Options> = {},\n): Codec<Brand> {\n  validateBrand(brand);\n  registerBrand(brand, opts.allowDuplicateBrand);\n\n  const options = {\n    ...defaultOptions,\n    ...opts,\n  } satisfies Options;\n\n  const prefix: Prefix<Brand> = `${brand}_`;\n  const wire = wireMethods(prefix);\n  const layout = createTimestampLayoutOps(prefix, options.rng);\n\n  return {\n    generate: () => layout.generateAt(options.now()),\n    generateAt: (date: Date) => layout.generateAt(date.getTime()),\n    is: wire.is,\n    parse: wire.parse,\n    safeParse: wire.safeParse,\n    extractTimestamp: layout.extractTimestamp,\n    minIdForTime: (date: Date) => layout.minIdForTime(date.getTime()),\n    maxIdForTime: (date: Date) => layout.maxIdForTime(date.getTime()),\n    toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId(options.now())),\n    \"~standard\": wire[\"~standard\"],\n  };\n}\n"],"mappings":";;AASA,MAAM,mBAAA;;AAGN,SAAS,aACP,IACA,KACA,QACA,YACM;CACN,eAAe,IAAI,MAAM;CACzB,IAAI,UAAU;AAChB;;AAGA,SAAS,qBACP,IACA,MACA,QACA,YACM;CACN,eAAe,IAAI,MAAM;CACzB,WAAW,KAAK,IAAI;AACtB;;AAGA,SAAS,uBAA6C,QAAuB,IAAqB;CAChG,OAAO,IAAI,KAAK,gCAAgC,GAAG,MAAM,OAAO,MAAM,CAAC,CAAC;AAC1E;;AAGA,SAAgB,yBACd,QACA,KACA;CAMA,MAAM,SAAS,IAAI,WAAA,EAA4B;CAC/C,MAAM,aAAa,IAAI,WAAW,OAAO,QAAA,GAA6B,gBAAgB;CAEtF,OAAO;EACL,aAAa,OAA0B;GACrC,aAAa,IAAI,KAAK,QAAQ,UAAU;GACxC,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,mBAAmB,OAAwB,uBAAuB,QAAQ,EAAE;EAC5E,eAAe,OAA0B;GACvC,qBAAqB,IAAI,GAAM,QAAQ,UAAU;GACjD,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,eAAe,OAA0B;GACvC,qBAAqB,IAAI,KAAM,QAAQ,UAAU;GACjD,OAAO,SAAS,QAAQ,MAAM;EAChC;EACA,gBAAgB,OAA0B;GACxC,aAAa,IAAI,KAAK,QAAQ,UAAU;GACxC,OAAO,SAAS,QAAQ,MAAM;EAChC;CACF;AACF;;;ACTA,MAAM,sBAAsB,IAAI,WAAW,GAAG;AAC9C,KAAK,IAAI,IAAI,GAAG,IAAI,IAAI,KAAK,oBAAoB,KAAK,KAAK;AAC3D,KAAK,IAAI,IAAI,GAAG,IAAI,GAAG,KAAK,oBAAoB,KAAK,KAAK,KAAK;AAE/D,MAAM,iBAA0B;CAC9B,KAAK,KAAK;CAQV,MAAM,WAAW;EACf,MAAM,IAAI,OAAO,WAAW;EAC5B,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,CAAC;EACnF,OAAO,KACJ,oBAAoB,EAAE,WAAW,CAAC,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACpF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;EACrF,OAAO,KACJ,oBAAoB,EAAE,WAAW,EAAE,MAAO,IAAK,oBAAoB,EAAE,WAAW,EAAE;CACvF;AACF;;;;;;;AAQA,SAAgB,SACd,OACA,OAAyB,CAAC,GACZ;CACd,cAAc,KAAK;CACnB,cAAc,OAAO,KAAK,mBAAmB;CAE7C,MAAM,UAAU;EACd,GAAG;EACH,GAAG;CACL;CAEA,MAAM,SAAwB,GAAG,MAAM;CACvC,MAAM,OAAO,YAAY,MAAM;CAC/B,MAAM,SAAS,yBAAyB,QAAQ,QAAQ,GAAG;CAE3D,OAAO;EACL,gBAAgB,OAAO,WAAW,QAAQ,IAAI,CAAC;EAC/C,aAAa,SAAe,OAAO,WAAW,KAAK,QAAQ,CAAC;EAC5D,IAAI,KAAK;EACT,OAAO,KAAK;EACZ,WAAW,KAAK;EAChB,kBAAkB,OAAO;EACzB,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,eAAe,SAAe,OAAO,aAAa,KAAK,QAAQ,CAAC;EAChE,oBAAoB,KAAK,aAAa,OAAO,OAAO,cAAc,QAAQ,IAAI,CAAC,CAAC;EAChF,aAAa,KAAK;CACpB;AACF"}

package/dist/index.d.mts

@@ -1,23 +1,54 @@
-import { a as StandardSchemaProps, i as ParseResult, n as JsonSchema, r as ParseError, t as Id } from "./types-Dg2j_zlO.mjs";
+import { a as StandardSchemaProps, i as ParseResult, n as JsonSchema, r as ParseError, t as Id } from "./types-Bv-63YK4.mjs";
 
 //#region src/id.d.ts
+/**
+* Configuration options for a codec instance.
+*/
 type Options = {
-  now: () => number;
-  rng: (target: Uint8Array) => void;
+  /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */now: () => number; /** Writes random bytes into `target` for ID generation. Defaults to a `crypto.randomUUID` fast path. */
+  rng: (target: Uint8Array) => void; /** If true, silences the duplicate-brand warning in non-production environments. */
   allowDuplicateBrand?: boolean;
 };
+/**
+* A brand-scoped codec for generating and validating public-facing IDs.
+*
+* Wire format: `{brand}_` plus 26 lowercase Crockford base32 characters encoding a
+* 16-byte payload (6-byte ms timestamp + 10 random bytes). IDs sort by creation
+* time in ascending order.
+*
+* For encrypted IDs, use `createOpaqueId` from `@smonn/ids/opaque`.
+*/
 type Codec<Brand extends string> = {
-  generate(): Id<Brand>;
+  /** Produces a new canonical ID using the codec's `now` and `rng`. */generate(): Id<Brand>; /** Produces a new canonical ID with timestamp bytes from `date` and a fresh random tail. Throws on invalid dates. */
   generateAt(date: Date): Id<Brand>;
+  /**
+  * Strict type guard: `true` only for already-canonical strings for this brand.
+  * For untrusted input, use `safeParse()` or `parse()` instead. See ADR-0003.
+  */
   is(value: unknown): value is Id<Brand>;
+  /**
+  * Lenient parse: normalises case and Crockford aliases, returns canonical `Id<Brand>`, or throws.
+  */
   parse(value: unknown): Id<Brand>;
+  /**
+  * Lenient parse without throwing: normalises to canonical form, or returns `{ ok: false, error }`.
+  */
   safeParse(value: unknown): ParseResult<Brand>;
-  extractTimestamp(id: Id<Brand>): Date;
-  minIdForTime(date: Date): Id<Brand>;
-  maxIdForTime(date: Date): Id<Brand>;
-  toJsonSchema(): JsonSchema;
+  /**
+  * Decodes the creation `Date` from an `Id<Brand>`. Trusts the type — use `safeParse()` at boundaries first. See ADR-0002.
+  */
+  extractTimestamp(id: Id<Brand>): Date; /** Tight lower bound for any ID generated at `date` (random portion `0x00`). Throws on invalid dates. */
+  minIdForTime(date: Date): Id<Brand>; /** Tight upper bound for any ID generated at `date` (random portion `0xff`). Throws on invalid dates. */
+  maxIdForTime(date: Date): Id<Brand>; /** JSON Schema for the canonical wire form (`pattern` is canonical-only). */
+  toJsonSchema(): JsonSchema; /** Standard Schema validate entry point. */
   readonly "~standard": StandardSchemaProps<Brand>;
 };
+/**
+* Creates a codec for `brand` (three lowercase a–z characters).
+*
+* @param brand - Entity type brand validated once at construction.
+* @param opts - Optional `now`, `rng`, and `allowDuplicateBrand` overrides.
+*/
 declare function createId<Brand extends string>(brand: Brand, opts?: Partial<Options>): Codec<Brand>;
 //#endregion
 export { type Codec, type Id, type JsonSchema, type Options, type ParseError, type ParseResult, createId };

package/dist/index.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.mts","names":[],"sources":["../src/id.ts"],"mappings":";;;KAgBY,OAAA;EACV,GAAA;EACA,GAAA,GAAM,MAAA,EAAQ,UAAA;EACd,mBAAA;AAAA;AAAA,KAGU,KAAA;EACV,QAAA,IAAY,EAAA,CAAG,KAAA;EACf,UAAA,CAAW,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;EAC3B,EAAA,CAAG,KAAA,YAAiB,KAAA,IAAS,EAAA,CAAG,KAAA;EAChC,KAAA,CAAM,KAAA,YAAiB,EAAA,CAAG,KAAA;EAC1B,SAAA,CAAU,KAAA,YAAiB,WAAA,CAAY,KAAA;EACvC,gBAAA,CAAiB,EAAA,EAAI,EAAA,CAAG,KAAA,IAAS,IAAA;EACjC,YAAA,CAAa,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;EAC7B,YAAA,CAAa,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;EAC7B,YAAA,IAAgB,UAAA;EAAA,SACP,WAAA,EAAa,mBAAA,CAAoB,KAAA;AAAA;AAAA,iBA8C5B,QAAA,uBACd,KAAA,EAAO,KAAA,EACP,IAAA,GAAM,OAAA,CAAQ,OAAA,IACb,KAAA,CAAM,KAAA"}
+{"version":3,"file":"index.d.mts","names":[],"sources":["../src/id.ts"],"mappings":";;;;;AASA;KAAY,OAAA;+EAEV,GAAA;EAEA,GAAA,GAAM,MAAA,EAAQ,UAAA;EAEd,mBAAA;AAAA;;AAAA;AAYF;;;;;;;KAAY,KAAA;uEAEV,QAAA,IAAY,EAAA,CAAG,KAAA;EAEf,UAAA,CAAW,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;;;;;EAK3B,EAAA,CAAG,KAAA,YAAiB,KAAA,IAAS,EAAA,CAAG,KAAA;;;;EAIhC,KAAA,CAAM,KAAA,YAAiB,EAAA,CAAG,KAAA;;;;EAI1B,SAAA,CAAU,KAAA,YAAiB,WAAA,CAAY,KAAA;;;;EAIvC,gBAAA,CAAiB,EAAA,EAAI,EAAA,CAAG,KAAA,IAAS,IAAA;EAEjC,YAAA,CAAa,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;EAE7B,YAAA,CAAa,IAAA,EAAM,IAAA,GAAO,EAAA,CAAG,KAAA;EAE7B,YAAA,IAAgB,UAAA;WAEP,WAAA,EAAa,mBAAA,CAAoB,KAAA;AAAA;;;;;;;iBAiD5B,QAAA,uBACd,KAAA,EAAO,KAAA,EACP,IAAA,GAAM,OAAA,CAAQ,OAAA,IACb,KAAA,CAAM,KAAA"}

package/dist/index.mjs

@@ -1,2 +1,2 @@
-import { t as createId } from "./id-B4GiFKYV.mjs";
+import { t as createId } from "./id-CcoPE2EX.mjs";
 export { createId };

package/dist/opaque-B-ttBfHO.mjs

@@ -0,0 +1,186 @@
+import { a as writeTimestamp, c as toWireId, l as validateBrand, n as registerBrand, o as payloadBase32Length, r as readTimestampMs, s as payloadBytesFromId, t as wireMethods } from "./codec-shell-C0arqqX3.mjs";
+//#region src/layouts/opaque.ts
+const zeroIv = new Uint8Array(16);
+const pkcsPad = 16;
+function buildPlaintext(ms, rng) {
+	const plaintext = new Uint8Array(16);
+	writeTimestamp(ms, plaintext);
+	rng(plaintext.subarray(6, 16));
+	return plaintext;
+}
+async function encryptPayload(key, plaintext) {
+	return new Uint8Array(await crypto.subtle.encrypt({
+		name: "AES-CBC",
+		iv: zeroIv
+	}, key, plaintext)).subarray(0, 16);
+}
+async function decryptPayload(key, c1) {
+	const c2Input = new Uint8Array(16);
+	for (let i = 0; i < 16; i++) c2Input[i] = pkcsPad ^ c1[i];
+	const c2Encrypted = new Uint8Array(await crypto.subtle.encrypt({
+		name: "AES-CBC",
+		iv: zeroIv
+	}, key, c2Input));
+	const ciphertext = new Uint8Array(32);
+	ciphertext.set(c1, 0);
+	ciphertext.set(c2Encrypted.subarray(0, 16), 16);
+	return new Uint8Array(await crypto.subtle.decrypt({
+		name: "AES-CBC",
+		iv: zeroIv
+	}, key, ciphertext));
+}
+async function extractTimestampFromId(prefix, key, id) {
+	const plaintext = await decryptPayload(key, payloadBytesFromId(prefix, id));
+	return new Date(readTimestampMs(plaintext));
+}
+/** Produces a canonical encrypted wire ID. Per-call plaintext/ciphertext buffers —
+* subtle dominates this path; reuse would be safe but not worth pinning to spec detail. */
+async function generateWireId(prefix, key, rng, ms) {
+	return toWireId(prefix, await encryptPayload(key, buildPlaintext(ms, rng)));
+}
+/** Structural placeholder for JSON Schema (encrypt is async). */
+function schemaExample(prefix) {
+	return prefix + "0".repeat(payloadBase32Length);
+}
+/** Layout ops binder for the Opaque variant. `extractTimestampFromId` is module-private; the binder exposes `extractTimestamp` for the codec constructor. */
+function createOpaqueLayoutOps(prefix, key, rng) {
+	return {
+		generateAt: (ms) => generateWireId(prefix, key, rng, ms),
+		extractTimestamp: (id) => extractTimestampFromId(prefix, key, id),
+		exampleWireId: () => schemaExample(prefix)
+	};
+}
+//#endregion
+//#region src/bytes.ts
+const hexDigits = "0123456789abcdef";
+const invalidNibble = 255;
+const hexCharCodeToNibble = new Uint8Array(128).fill(invalidNibble);
+for (let i = 0; i < 10; i++) hexCharCodeToNibble[48 + i] = i;
+for (let i = 0; i < 6; i++) {
+	hexCharCodeToNibble[97 + i] = 10 + i;
+	hexCharCodeToNibble[65 + i] = 10 + i;
+}
+/** Lowercase hex encoding of raw bytes. */
+function encodeHex(bytes) {
+	const codes = new Array(bytes.length * 2);
+	for (let i = 0; i < bytes.length; i++) {
+		const b = bytes[i];
+		codes[i * 2] = hexDigits.charCodeAt(b >>> 4);
+		codes[i * 2 + 1] = hexDigits.charCodeAt(b & 15);
+	}
+	return String.fromCharCode(...codes);
+}
+/** Decodes a hex string to raw bytes. Throws on non-hex input. */
+function decodeHex(encoded) {
+	if (encoded.length % 2 !== 0) throw new Error("invalid hex");
+	const out = new Uint8Array(encoded.length / 2);
+	for (let i = 0; i < out.length; i++) {
+		const hiCode = encoded.charCodeAt(i * 2);
+		const loCode = encoded.charCodeAt(i * 2 + 1);
+		if (hiCode >= hexCharCodeToNibble.length || loCode >= hexCharCodeToNibble.length) throw new Error("invalid hex");
+		const hi = hexCharCodeToNibble[hiCode];
+		const lo = hexCharCodeToNibble[loCode];
+		if (hi === invalidNibble || lo === invalidNibble) throw new Error("invalid hex");
+		out[i] = hi << 4 | lo;
+	}
+	return out;
+}
+/** Base64url encoding without padding. */
+function encodeBase64Url(bytes) {
+	let binary = "";
+	for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+	return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+/** Decodes a base64url string to raw bytes. Throws on invalid input. */
+function decodeBase64Url(encoded) {
+	const base64 = encoded.replace(/-/g, "+").replace(/_/g, "/");
+	const pad = (4 - base64.length % 4) % 4;
+	const binary = atob(base64 + "=".repeat(pad));
+	const out = new Uint8Array(binary.length);
+	for (let i = 0; i < binary.length; i++) out[i] = binary.charCodeAt(i);
+	return out;
+}
+//#endregion
+//#region src/opaque-key.ts
+const validAesKeyByteLengths = new Set([
+	16,
+	24,
+	32
+]);
+/**
+* Encodes raw AES key bytes for storage in env vars or secret managers.
+*
+* @param bytes - 16, 24, or 32 raw key bytes (AES-128/192/256).
+* @param format - `hex` (lowercase) or `base64url`.
+*/
+function encodeOpaqueKey(bytes, format) {
+	assertValidAesKeyByteLength(bytes.length);
+	if (format === "hex") return encodeHex(bytes);
+	return encodeBase64Url(bytes);
+}
+/**
+* Decodes key material emitted by `encodeOpaqueKey` (or `ids keygen`) back to raw bytes.
+*
+* @param encoded - Hex or base64url string.
+* @param format - Must match how the string was encoded.
+*/
+function decodeOpaqueKey(encoded, format) {
+	let bytes;
+	if (format === "hex") {
+		if (encoded.length === 0 || encoded.length % 2 !== 0) throw new Error("invalid hex key: length must be a positive even number of characters");
+		if (!/^[0-9a-fA-F]+$/.test(encoded)) throw new Error("invalid hex key: expected [0-9a-fA-F] only");
+		bytes = decodeHex(encoded);
+	} else try {
+		bytes = decodeBase64Url(encoded);
+	} catch {
+		throw new Error("invalid base64url key");
+	}
+	assertValidAesKeyByteLength(bytes.length);
+	return bytes;
+}
+function assertValidAesKeyByteLength(byteLength) {
+	if (!validAesKeyByteLengths.has(byteLength)) throw new Error(`invalid AES key length: expected 16, 24, or 32 bytes, got ${byteLength}`);
+}
+//#endregion
+//#region src/opaque.ts
+function defaultRng(target) {
+	crypto.getRandomValues(target);
+}
+/**
+* Imports a raw AES key for use with the Opaque codec.
+*
+* @param bytes - Raw key bytes (16, 24, or 32 bytes for AES-128/192/256).
+*/
+function importOpaqueKey(bytes) {
+	return crypto.subtle.importKey("raw", bytes, "AES-CBC", false, ["encrypt", "decrypt"]);
+}
+/**
+* Creates an Opaque codec for `brand` (three lowercase a–z characters).
+*
+* @param brand - Entity type brand validated once at construction.
+* @param opts - Required `key` plus optional `now`, `rng`, and `allowDuplicateBrand` overrides.
+*/
+function createOpaqueId(brand, opts) {
+	validateBrand(brand);
+	registerBrand(brand, opts.allowDuplicateBrand);
+	const key = opts.key;
+	const now = opts.now ?? Date.now;
+	const rng = opts.rng ?? defaultRng;
+	const prefix = `${brand}_`;
+	const wire = wireMethods(prefix);
+	const layout = createOpaqueLayoutOps(prefix, key, rng);
+	return {
+		generate: () => layout.generateAt(now()),
+		generateAt: (date) => layout.generateAt(date.getTime()),
+		is: wire.is,
+		parse: wire.parse,
+		safeParse: wire.safeParse,
+		extractTimestamp: layout.extractTimestamp,
+		toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId()),
+		"~standard": wire["~standard"]
+	};
+}
+//#endregion
+export { encodeOpaqueKey as i, importOpaqueKey as n, decodeOpaqueKey as r, createOpaqueId as t };
+
+//# sourceMappingURL=opaque-B-ttBfHO.mjs.map

package/dist/opaque-B-ttBfHO.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"opaque-B-ttBfHO.mjs","names":[],"sources":["../src/layouts/opaque.ts","../src/bytes.ts","../src/opaque-key.ts","../src/opaque.ts"],"sourcesContent":["import type { Id, Prefix } from \"../types.js\";\nimport { payloadBytesFromId, toWireId } from \"../wire/envelope.js\";\nimport { payloadBase32Length, payloadByteLength } from \"../wire/invariants.js\";\nimport { readTimestampMs, timestampByteLength, writeTimestamp } from \"../wire/timestamp-bytes.js\";\n\nconst zeroIv = new Uint8Array(payloadByteLength);\nconst pkcsPad = 0x10;\n\nfunction buildPlaintext(ms: number, rng: (target: Uint8Array) => void): Uint8Array {\n  const plaintext = new Uint8Array(payloadByteLength);\n  writeTimestamp(ms, plaintext);\n  rng(plaintext.subarray(timestampByteLength, payloadByteLength));\n  return plaintext;\n}\n\nasync function encryptPayload(key: CryptoKey, plaintext: Uint8Array): Promise<Uint8Array> {\n  const encrypted = new Uint8Array(\n    await crypto.subtle.encrypt(\n      { name: \"AES-CBC\", iv: zeroIv },\n      key,\n      plaintext as Uint8Array<ArrayBuffer>,\n    ),\n  );\n  return encrypted.subarray(0, payloadByteLength);\n}\n\n// AES-CBC strip-and-reconstruct decrypt (ADR-0004). The wire carries only C1\n// (16 bytes); C2 = AES_K(P2 XOR C1) where P2 is the PKCS#7 pad block (0x10×16).\n// Recompute C2 via CBC encrypt of (P2 XOR C1) with IV=0, then decrypt C1‖C2.\nasync function decryptPayload(key: CryptoKey, c1: Uint8Array): Promise<Uint8Array> {\n  const c2Input = new Uint8Array(payloadByteLength);\n  for (let i = 0; i < payloadByteLength; i++) c2Input[i] = pkcsPad ^ c1[i]!;\n  const c2Encrypted = new Uint8Array(\n    await crypto.subtle.encrypt(\n      { name: \"AES-CBC\", iv: zeroIv },\n      key,\n      c2Input as Uint8Array<ArrayBuffer>,\n    ),\n  );\n  const ciphertext = new Uint8Array(payloadByteLength * 2);\n  ciphertext.set(c1, 0);\n  ciphertext.set(c2Encrypted.subarray(0, payloadByteLength), payloadByteLength);\n  return new Uint8Array(\n    await crypto.subtle.decrypt(\n      { name: \"AES-CBC\", iv: zeroIv },\n      key,\n      ciphertext as Uint8Array<ArrayBuffer>,\n    ),\n  );\n}\n\nasync function extractTimestampFromId<Brand extends string>(\n  prefix: Prefix<Brand>,\n  key: CryptoKey,\n  id: Id<Brand>,\n): Promise<Date> {\n  const plaintext = await decryptPayload(key, payloadBytesFromId(prefix, id));\n  return new Date(readTimestampMs(plaintext));\n}\n\n/** Produces a canonical encrypted wire ID. Per-call plaintext/ciphertext buffers —\n * subtle dominates this path; reuse would be safe but not worth pinning to spec detail. */\nasync function generateWireId<Brand extends string>(\n  prefix: Prefix<Brand>,\n  key: CryptoKey,\n  rng: (target: Uint8Array) => void,\n  ms: number,\n): Promise<Id<Brand>> {\n  const plaintext = buildPlaintext(ms, rng);\n  const encrypted = await encryptPayload(key, plaintext);\n  return toWireId(prefix, encrypted);\n}\n\n/** Structural placeholder for JSON Schema (encrypt is async). */\nfunction schemaExample<Brand extends string>(prefix: Prefix<Brand>): string {\n  return prefix + \"0\".repeat(payloadBase32Length);\n}\n\n/** Layout ops binder for the Opaque variant. `extractTimestampFromId` is module-private; the binder exposes `extractTimestamp` for the codec constructor. */\nexport function createOpaqueLayoutOps<Brand extends string>(\n  prefix: Prefix<Brand>,\n  key: CryptoKey,\n  rng: (target: Uint8Array) => void,\n) {\n  return {\n    generateAt: (ms: number): Promise<Id<Brand>> => generateWireId(prefix, key, rng, ms),\n    extractTimestamp: (id: Id<Brand>): Promise<Date> => extractTimestampFromId(prefix, key, id),\n    exampleWireId: (): Id<Brand> => schemaExample(prefix) as Id<Brand>,\n  };\n}\n","const hexDigits = \"0123456789abcdef\";\n\nconst invalidNibble = 0xff;\nconst hexCharCodeToNibble = new Uint8Array(128).fill(invalidNibble);\nfor (let i = 0; i < 10; i++) hexCharCodeToNibble[48 + i] = i;\nfor (let i = 0; i < 6; i++) {\n  hexCharCodeToNibble[97 + i] = 10 + i;\n  hexCharCodeToNibble[65 + i] = 10 + i;\n}\n\n/** Lowercase hex encoding of raw bytes. */\nexport function encodeHex(bytes: Uint8Array): string {\n  // oxlint-disable-next-line no-new-array\n  const codes = new Array<number>(bytes.length * 2);\n  for (let i = 0; i < bytes.length; i++) {\n    const b = bytes[i]!;\n    codes[i * 2] = hexDigits.charCodeAt(b >>> 4);\n    codes[i * 2 + 1] = hexDigits.charCodeAt(b & 0x0f);\n  }\n  return String.fromCharCode(...codes);\n}\n\n/** Decodes a hex string to raw bytes. Throws on non-hex input. */\nexport function decodeHex(encoded: string): Uint8Array {\n  if (encoded.length % 2 !== 0) throw new Error(\"invalid hex\");\n  const out = new Uint8Array(encoded.length / 2);\n  for (let i = 0; i < out.length; i++) {\n    const hiCode = encoded.charCodeAt(i * 2);\n    const loCode = encoded.charCodeAt(i * 2 + 1);\n    if (hiCode >= hexCharCodeToNibble.length || loCode >= hexCharCodeToNibble.length) {\n      throw new Error(\"invalid hex\");\n    }\n    const hi = hexCharCodeToNibble[hiCode]!;\n    const lo = hexCharCodeToNibble[loCode]!;\n    if (hi === invalidNibble || lo === invalidNibble) {\n      throw new Error(\"invalid hex\");\n    }\n    out[i] = (hi << 4) | lo;\n  }\n  return out;\n}\n\n/** Base64url encoding without padding. */\nexport function encodeBase64Url(bytes: Uint8Array): string {\n  let binary = \"\";\n  for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]!);\n  return btoa(binary).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\n\n/** Decodes a base64url string to raw bytes. Throws on invalid input. */\nexport function decodeBase64Url(encoded: string): Uint8Array {\n  const base64 = encoded.replace(/-/g, \"+\").replace(/_/g, \"/\");\n  const pad = (4 - (base64.length % 4)) % 4;\n  const binary = atob(base64 + \"=\".repeat(pad));\n  const out = new Uint8Array(binary.length);\n  for (let i = 0; i < binary.length; i++) out[i] = binary.charCodeAt(i);\n  return out;\n}\n","import { decodeBase64Url, decodeHex, encodeBase64Url, encodeHex } from \"./bytes.js\";\n\n/** Wire encoding for opaque AES key material (not Crockford base32). */\nexport type OpaqueKeyFormat = \"hex\" | \"base64url\";\n\nconst validAesKeyByteLengths = new Set([16, 24, 32]);\n\n/**\n * Encodes raw AES key bytes for storage in env vars or secret managers.\n *\n * @param bytes - 16, 24, or 32 raw key bytes (AES-128/192/256).\n * @param format - `hex` (lowercase) or `base64url`.\n */\nexport function encodeOpaqueKey(bytes: Uint8Array, format: OpaqueKeyFormat): string {\n  assertValidAesKeyByteLength(bytes.length);\n  if (format === \"hex\") return encodeHex(bytes);\n  return encodeBase64Url(bytes);\n}\n\n/**\n * Decodes key material emitted by `encodeOpaqueKey` (or `ids keygen`) back to raw bytes.\n *\n * @param encoded - Hex or base64url string.\n * @param format - Must match how the string was encoded.\n */\nexport function decodeOpaqueKey(encoded: string, format: OpaqueKeyFormat): Uint8Array {\n  let bytes: Uint8Array;\n  if (format === \"hex\") {\n    if (encoded.length === 0 || encoded.length % 2 !== 0) {\n      throw new Error(\"invalid hex key: length must be a positive even number of characters\");\n    }\n    if (!/^[0-9a-fA-F]+$/.test(encoded)) {\n      throw new Error(\"invalid hex key: expected [0-9a-fA-F] only\");\n    }\n    bytes = decodeHex(encoded);\n  } else {\n    try {\n      bytes = decodeBase64Url(encoded);\n    } catch {\n      throw new Error(\"invalid base64url key\");\n    }\n  }\n  assertValidAesKeyByteLength(bytes.length);\n  return bytes;\n}\n\nfunction assertValidAesKeyByteLength(byteLength: number): void {\n  if (!validAesKeyByteLengths.has(byteLength)) {\n    throw new Error(`invalid AES key length: expected 16, 24, or 32 bytes, got ${byteLength}`);\n  }\n}\n","import { validateBrand } from \"./brand.js\";\nimport { createOpaqueLayoutOps } from \"./layouts/opaque.js\";\nimport { registerBrand } from \"./registry.js\";\nimport type { Id, JsonSchema, ParseResult, Prefix, StandardSchemaProps } from \"./types.js\";\nimport { wireMethods } from \"./wire/codec-shell.js\";\n\nexport { decodeOpaqueKey, encodeOpaqueKey, type OpaqueKeyFormat } from \"./opaque-key.js\";\n\n/**\n * Configuration options for an Opaque codec instance.\n */\nexport type OpaqueOptions = {\n  /** AES-CBC key used for encryption and decryption. */\n  key: CryptoKey;\n  /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */\n  now: () => number;\n  /** Writes random bytes into `target` for ID generation. Defaults to `crypto.getRandomValues`. */\n  rng: (target: Uint8Array) => void;\n  /** If true, silences the duplicate-brand warning in non-production environments. */\n  allowDuplicateBrand?: boolean;\n};\n\n/**\n * A brand-scoped codec for generating and validating encrypted (opaque) IDs.\n *\n * Same wire shape as the Timestamp codec (`{brand}_` + 26 base32 chars) but the\n * payload is AES-CBC encrypted. `generate`, `generateAt`, and `extractTimestamp`\n * are async; parsing methods are sync. No `minIdForTime` / `maxIdForTime` —\n * encrypted payloads do not sort by creation time.\n */\nexport type OpaqueCodec<Brand extends string> = {\n  /** Produces a new canonical encrypted ID using the codec's `now` and `rng`. */\n  generate(): Promise<Id<Brand>>;\n  /** Produces a new canonical encrypted ID with timestamp bytes from `date`. Throws on invalid dates. */\n  generateAt(date: Date): Promise<Id<Brand>>;\n  /**\n   * Strict type guard: `true` only for already-canonical strings for this brand.\n   * For untrusted input, use `safeParse()` or `parse()` instead. See ADR-0003.\n   */\n  is(value: unknown): value is Id<Brand>;\n  /**\n   * Lenient parse: normalises case and Crockford aliases, returns canonical `Id<Brand>`, or throws.\n   */\n  parse(value: unknown): Id<Brand>;\n  /**\n   * Lenient parse without throwing: normalises to canonical form, or returns `{ ok: false, error }`.\n   */\n  safeParse(value: unknown): ParseResult<Brand>;\n  /**\n   * Decrypts and decodes the creation `Date` from an `Id<Brand>`. Trusts the type — use `safeParse()` at boundaries first. See ADR-0002.\n   */\n  extractTimestamp(id: Id<Brand>): Promise<Date>;\n  /** JSON Schema for the canonical wire form (`example` is a structural placeholder). */\n  toJsonSchema(): JsonSchema;\n  /** Standard Schema validate entry point. */\n  readonly \"~standard\": StandardSchemaProps<Brand>;\n};\n\nfunction defaultRng(target: Uint8Array): void {\n  crypto.getRandomValues(target as Uint8Array<ArrayBuffer>);\n}\n\n/**\n * Imports a raw AES key for use with the Opaque codec.\n *\n * @param bytes - Raw key bytes (16, 24, or 32 bytes for AES-128/192/256).\n */\nexport function importOpaqueKey(bytes: Uint8Array): Promise<CryptoKey> {\n  return crypto.subtle.importKey(\"raw\", bytes as Uint8Array<ArrayBuffer>, \"AES-CBC\", false, [\n    \"encrypt\",\n    \"decrypt\",\n  ]);\n}\n\n/**\n * Creates an Opaque codec for `brand` (three lowercase a–z characters).\n *\n * @param brand - Entity type brand validated once at construction.\n * @param opts - Required `key` plus optional `now`, `rng`, and `allowDuplicateBrand` overrides.\n */\nexport function createOpaqueId<Brand extends string>(\n  brand: Brand,\n  opts: { key: CryptoKey } & Partial<Omit<OpaqueOptions, \"key\">>,\n): OpaqueCodec<Brand> {\n  validateBrand(brand);\n  registerBrand(brand, opts.allowDuplicateBrand);\n\n  const key = opts.key;\n  const now = opts.now ?? Date.now;\n  const rng = opts.rng ?? defaultRng;\n  const prefix: Prefix<Brand> = `${brand}_`;\n  const wire = wireMethods(prefix);\n  const layout = createOpaqueLayoutOps(prefix, key, rng);\n\n  return {\n    generate: () => layout.generateAt(now()),\n    generateAt: (date: Date) => layout.generateAt(date.getTime()),\n    is: wire.is,\n    parse: wire.parse,\n    safeParse: wire.safeParse,\n    extractTimestamp: layout.extractTimestamp,\n    toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId()),\n    \"~standard\": wire[\"~standard\"],\n  };\n}\n"],"mappings":";;AAKA,MAAM,SAAS,IAAI,WAAA,EAA4B;AAC/C,MAAM,UAAU;AAEhB,SAAS,eAAe,IAAY,KAA+C;CACjF,MAAM,YAAY,IAAI,WAAA,EAA4B;CAClD,eAAe,IAAI,SAAS;CAC5B,IAAI,UAAU,SAAA,GAAA,EAA+C,CAAC;CAC9D,OAAO;AACT;AAEA,eAAe,eAAe,KAAgB,WAA4C;CAQxF,OAAO,IAPe,WACpB,MAAM,OAAO,OAAO,QAClB;EAAE,MAAM;EAAW,IAAI;CAAO,GAC9B,KACA,SACF,CAEa,EAAE,SAAS,GAAA,EAAoB;AAChD;AAKA,eAAe,eAAe,KAAgB,IAAqC;CACjF,MAAM,UAAU,IAAI,WAAA,EAA4B;CAChD,KAAK,IAAI,IAAI,GAAG,IAAA,IAAuB,KAAK,QAAQ,KAAK,UAAU,GAAG;CACtE,MAAM,cAAc,IAAI,WACtB,MAAM,OAAO,OAAO,QAClB;EAAE,MAAM;EAAW,IAAI;CAAO,GAC9B,KACA,OACF,CACF;CACA,MAAM,aAAa,IAAI,WAAA,EAAgC;CACvD,WAAW,IAAI,IAAI,CAAC;CACpB,WAAW,IAAI,YAAY,SAAS,GAAA,EAAoB,GAAA,EAAoB;CAC5E,OAAO,IAAI,WACT,MAAM,OAAO,OAAO,QAClB;EAAE,MAAM;EAAW,IAAI;CAAO,GAC9B,KACA,UACF,CACF;AACF;AAEA,eAAe,uBACb,QACA,KACA,IACe;CACf,MAAM,YAAY,MAAM,eAAe,KAAK,mBAAmB,QAAQ,EAAE,CAAC;CAC1E,OAAO,IAAI,KAAK,gBAAgB,SAAS,CAAC;AAC5C;;;AAIA,eAAe,eACb,QACA,KACA,KACA,IACoB;CAGpB,OAAO,SAAS,QAAQ,MADA,eAAe,KADrB,eAAe,IAAI,GACe,CAAC,CACpB;AACnC;;AAGA,SAAS,cAAoC,QAA+B;CAC1E,OAAO,SAAS,IAAI,OAAO,mBAAmB;AAChD;;AAGA,SAAgB,sBACd,QACA,KACA,KACA;CACA,OAAO;EACL,aAAa,OAAmC,eAAe,QAAQ,KAAK,KAAK,EAAE;EACnF,mBAAmB,OAAiC,uBAAuB,QAAQ,KAAK,EAAE;EAC1F,qBAAgC,cAAc,MAAM;CACtD;AACF;;;ACzFA,MAAM,YAAY;AAElB,MAAM,gBAAgB;AACtB,MAAM,sBAAsB,IAAI,WAAW,GAAG,EAAE,KAAK,aAAa;AAClE,KAAK,IAAI,IAAI,GAAG,IAAI,IAAI,KAAK,oBAAoB,KAAK,KAAK;AAC3D,KAAK,IAAI,IAAI,GAAG,IAAI,GAAG,KAAK;CAC1B,oBAAoB,KAAK,KAAK,KAAK;CACnC,oBAAoB,KAAK,KAAK,KAAK;AACrC;;AAGA,SAAgB,UAAU,OAA2B;CAEnD,MAAM,QAAQ,IAAI,MAAc,MAAM,SAAS,CAAC;CAChD,KAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;EACrC,MAAM,IAAI,MAAM;EAChB,MAAM,IAAI,KAAK,UAAU,WAAW,MAAM,CAAC;EAC3C,MAAM,IAAI,IAAI,KAAK,UAAU,WAAW,IAAI,EAAI;CAClD;CACA,OAAO,OAAO,aAAa,GAAG,KAAK;AACrC;;AAGA,SAAgB,UAAU,SAA6B;CACrD,IAAI,QAAQ,SAAS,MAAM,GAAG,MAAM,IAAI,MAAM,aAAa;CAC3D,MAAM,MAAM,IAAI,WAAW,QAAQ,SAAS,CAAC;CAC7C,KAAK,IAAI,IAAI,GAAG,IAAI,IAAI,QAAQ,KAAK;EACnC,MAAM,SAAS,QAAQ,WAAW,IAAI,CAAC;EACvC,MAAM,SAAS,QAAQ,WAAW,IAAI,IAAI,CAAC;EAC3C,IAAI,UAAU,oBAAoB,UAAU,UAAU,oBAAoB,QACxE,MAAM,IAAI,MAAM,aAAa;EAE/B,MAAM,KAAK,oBAAoB;EAC/B,MAAM,KAAK,oBAAoB;EAC/B,IAAI,OAAO,iBAAiB,OAAO,eACjC,MAAM,IAAI,MAAM,aAAa;EAE/B,IAAI,KAAM,MAAM,IAAK;CACvB;CACA,OAAO;AACT;;AAGA,SAAgB,gBAAgB,OAA2B;CACzD,IAAI,SAAS;CACb,KAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,UAAU,OAAO,aAAa,MAAM,EAAG;CAC9E,OAAO,KAAK,MAAM,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAC/E;;AAGA,SAAgB,gBAAgB,SAA6B;CAC3D,MAAM,SAAS,QAAQ,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;CAC3D,MAAM,OAAO,IAAK,OAAO,SAAS,KAAM;CACxC,MAAM,SAAS,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC;CAC5C,MAAM,MAAM,IAAI,WAAW,OAAO,MAAM;CACxC,KAAK,IAAI,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK,IAAI,KAAK,OAAO,WAAW,CAAC;CACpE,OAAO;AACT;;;ACpDA,MAAM,yBAAyB,IAAI,IAAI;CAAC;CAAI;CAAI;AAAE,CAAC;;;;;;;AAQnD,SAAgB,gBAAgB,OAAmB,QAAiC;CAClF,4BAA4B,MAAM,MAAM;CACxC,IAAI,WAAW,OAAO,OAAO,UAAU,KAAK;CAC5C,OAAO,gBAAgB,KAAK;AAC9B;;;;;;;AAQA,SAAgB,gBAAgB,SAAiB,QAAqC;CACpF,IAAI;CACJ,IAAI,WAAW,OAAO;EACpB,IAAI,QAAQ,WAAW,KAAK,QAAQ,SAAS,MAAM,GACjD,MAAM,IAAI,MAAM,sEAAsE;EAExF,IAAI,CAAC,iBAAiB,KAAK,OAAO,GAChC,MAAM,IAAI,MAAM,4CAA4C;EAE9D,QAAQ,UAAU,OAAO;CAC3B,OACE,IAAI;EACF,QAAQ,gBAAgB,OAAO;CACjC,QAAQ;EACN,MAAM,IAAI,MAAM,uBAAuB;CACzC;CAEF,4BAA4B,MAAM,MAAM;CACxC,OAAO;AACT;AAEA,SAAS,4BAA4B,YAA0B;CAC7D,IAAI,CAAC,uBAAuB,IAAI,UAAU,GACxC,MAAM,IAAI,MAAM,6DAA6D,YAAY;AAE7F;;;ACQA,SAAS,WAAW,QAA0B;CAC5C,OAAO,gBAAgB,MAAiC;AAC1D;;;;;;AAOA,SAAgB,gBAAgB,OAAuC;CACrE,OAAO,OAAO,OAAO,UAAU,OAAO,OAAkC,WAAW,OAAO,CACxF,WACA,SACF,CAAC;AACH;;;;;;;AAQA,SAAgB,eACd,OACA,MACoB;CACpB,cAAc,KAAK;CACnB,cAAc,OAAO,KAAK,mBAAmB;CAE7C,MAAM,MAAM,KAAK;CACjB,MAAM,MAAM,KAAK,OAAO,KAAK;CAC7B,MAAM,MAAM,KAAK,OAAO;CACxB,MAAM,SAAwB,GAAG,MAAM;CACvC,MAAM,OAAO,YAAY,MAAM;CAC/B,MAAM,SAAS,sBAAsB,QAAQ,KAAK,GAAG;CAErD,OAAO;EACL,gBAAgB,OAAO,WAAW,IAAI,CAAC;EACvC,aAAa,SAAe,OAAO,WAAW,KAAK,QAAQ,CAAC;EAC5D,IAAI,KAAK;EACT,OAAO,KAAK;EACZ,WAAW,KAAK;EAChB,kBAAkB,OAAO;EACzB,oBAAoB,KAAK,aAAa,OAAO,OAAO,cAAc,CAAC;EACnE,aAAa,KAAK;CACpB;AACF"}

package/dist/opaque.d.mts

@@ -1,26 +1,79 @@
-import { a as StandardSchemaProps, i as ParseResult, n as JsonSchema, t as Id } from "./types-Dg2j_zlO.mjs";
+import { a as StandardSchemaProps, i as ParseResult, n as JsonSchema, t as Id } from "./types-Bv-63YK4.mjs";
 
+//#region src/opaque-key.d.ts
+/** Wire encoding for opaque AES key material (not Crockford base32). */
+type OpaqueKeyFormat = "hex" | "base64url";
+/**
+* Encodes raw AES key bytes for storage in env vars or secret managers.
+*
+* @param bytes - 16, 24, or 32 raw key bytes (AES-128/192/256).
+* @param format - `hex` (lowercase) or `base64url`.
+*/
+declare function encodeOpaqueKey(bytes: Uint8Array, format: OpaqueKeyFormat): string;
+/**
+* Decodes key material emitted by `encodeOpaqueKey` (or `ids keygen`) back to raw bytes.
+*
+* @param encoded - Hex or base64url string.
+* @param format - Must match how the string was encoded.
+*/
+declare function decodeOpaqueKey(encoded: string, format: OpaqueKeyFormat): Uint8Array;
+//#endregion
 //#region src/opaque.d.ts
+/**
+* Configuration options for an Opaque codec instance.
+*/
 type OpaqueOptions = {
-  key: CryptoKey;
-  now: () => number;
-  rng: (target: Uint8Array) => void;
+  /** AES-CBC key used for encryption and decryption. */key: CryptoKey; /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */
+  now: () => number; /** Writes random bytes into `target` for ID generation. Defaults to `crypto.getRandomValues`. */
+  rng: (target: Uint8Array) => void; /** If true, silences the duplicate-brand warning in non-production environments. */
   allowDuplicateBrand?: boolean;
 };
+/**
+* A brand-scoped codec for generating and validating encrypted (opaque) IDs.
+*
+* Same wire shape as the Timestamp codec (`{brand}_` + 26 base32 chars) but the
+* payload is AES-CBC encrypted. `generate`, `generateAt`, and `extractTimestamp`
+* are async; parsing methods are sync. No `minIdForTime` / `maxIdForTime` —
+* encrypted payloads do not sort by creation time.
+*/
 type OpaqueCodec<Brand extends string> = {
-  generate(): Promise<Id<Brand>>;
+  /** Produces a new canonical encrypted ID using the codec's `now` and `rng`. */generate(): Promise<Id<Brand>>; /** Produces a new canonical encrypted ID with timestamp bytes from `date`. Throws on invalid dates. */
   generateAt(date: Date): Promise<Id<Brand>>;
+  /**
+  * Strict type guard: `true` only for already-canonical strings for this brand.
+  * For untrusted input, use `safeParse()` or `parse()` instead. See ADR-0003.
+  */
   is(value: unknown): value is Id<Brand>;
+  /**
+  * Lenient parse: normalises case and Crockford aliases, returns canonical `Id<Brand>`, or throws.
+  */
   parse(value: unknown): Id<Brand>;
+  /**
+  * Lenient parse without throwing: normalises to canonical form, or returns `{ ok: false, error }`.
+  */
   safeParse(value: unknown): ParseResult<Brand>;
-  extractTimestamp(id: Id<Brand>): Promise<Date>;
-  toJsonSchema(): JsonSchema;
+  /**
+  * Decrypts and decodes the creation `Date` from an `Id<Brand>`. Trusts the type — use `safeParse()` at boundaries first. See ADR-0002.
+  */
+  extractTimestamp(id: Id<Brand>): Promise<Date>; /** JSON Schema for the canonical wire form (`example` is a structural placeholder). */
+  toJsonSchema(): JsonSchema; /** Standard Schema validate entry point. */
   readonly "~standard": StandardSchemaProps<Brand>;
 };
+/**
+* Imports a raw AES key for use with the Opaque codec.
+*
+* @param bytes - Raw key bytes (16, 24, or 32 bytes for AES-128/192/256).
+*/
 declare function importOpaqueKey(bytes: Uint8Array): Promise<CryptoKey>;
+/**
+* Creates an Opaque codec for `brand` (three lowercase a–z characters).
+*
+* @param brand - Entity type brand validated once at construction.
+* @param opts - Required `key` plus optional `now`, `rng`, and `allowDuplicateBrand` overrides.
+*/
 declare function createOpaqueId<Brand extends string>(brand: Brand, opts: {
   key: CryptoKey;
 } & Partial<Omit<OpaqueOptions, "key">>): OpaqueCodec<Brand>;
 //#endregion
-export { OpaqueCodec, OpaqueOptions, createOpaqueId, importOpaqueKey };
+export { OpaqueCodec, type OpaqueKeyFormat, OpaqueOptions, createOpaqueId, decodeOpaqueKey, encodeOpaqueKey, importOpaqueKey };
 //# sourceMappingURL=opaque.d.mts.map

package/dist/opaque.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"opaque.d.mts","names":[],"sources":["../src/opaque.ts"],"mappings":";;;KAgBY,aAAA;EACV,GAAA,EAAK,SAAA;EACL,GAAA;EACA,GAAA,GAAM,MAAA,EAAQ,UAAA;EACd,mBAAA;AAAA;AAAA,KAGU,WAAA;EACV,QAAA,IAAY,OAAA,CAAQ,EAAA,CAAG,KAAA;EACvB,UAAA,CAAW,IAAA,EAAM,IAAA,GAAO,OAAA,CAAQ,EAAA,CAAG,KAAA;EACnC,EAAA,CAAG,KAAA,YAAiB,KAAA,IAAS,EAAA,CAAG,KAAA;EAChC,KAAA,CAAM,KAAA,YAAiB,EAAA,CAAG,KAAA;EAC1B,SAAA,CAAU,KAAA,YAAiB,WAAA,CAAY,KAAA;EACvC,gBAAA,CAAiB,EAAA,EAAI,EAAA,CAAG,KAAA,IAAS,OAAA,CAAQ,IAAA;EACzC,YAAA,IAAgB,UAAA;EAAA,SACP,WAAA,EAAa,mBAAA,CAAoB,KAAA;AAAA;AAAA,iBAU5B,eAAA,CAAgB,KAAA,EAAO,UAAA,GAAa,OAAA,CAAQ,SAAA;AAAA,iBAO5C,cAAA,uBACd,KAAA,EAAO,KAAA,EACP,IAAA;EAAQ,GAAA,EAAK,SAAA;AAAA,IAAc,OAAA,CAAQ,IAAA,CAAK,aAAA,YACvC,WAAA,CAAY,KAAA"}
+{"version":3,"file":"opaque.d.mts","names":[],"sources":["../src/opaque-key.ts","../src/opaque.ts"],"mappings":";;;;KAGY,eAAA;;AAAZ;;;;AAAY;iBAUI,eAAA,CAAgB,KAAA,EAAO,UAAA,EAAY,MAAA,EAAQ,eAAA;;;;;;;iBAY3C,eAAA,CAAgB,OAAA,UAAiB,MAAA,EAAQ,eAAA,GAAkB,UAAA;;;;AAtB3E;;KCQY,aAAA;EDRA,sDCUV,GAAA,EAAK,SAAA,EDAP;ECEE,GAAA;EAEA,GAAA,GAAM,MAAA,EAAQ,UAAA;EAEd,mBAAA;AAAA;;;ADNyD;AAY3D;;;;;KCKY,WAAA;iFAEV,QAAA,IAAY,OAAA,CAAQ,EAAA,CAAG,KAAA,IDPkD;ECSzE,UAAA,CAAW,IAAA,EAAM,IAAA,GAAO,OAAA,CAAQ,EAAA,CAAG,KAAA;;;;AAvBrC;EA4BE,EAAA,CAAG,KAAA,YAAiB,KAAA,IAAS,EAAA,CAAG,KAAA;;;;EAIhC,KAAA,CAAM,KAAA,YAAiB,EAAA,CAAG,KAAA;;;;EAI1B,SAAA,CAAU,KAAA,YAAiB,WAAA,CAAY,KAAA;;;AA5BvC;EAgCA,gBAAA,CAAiB,EAAA,EAAI,EAAA,CAAG,KAAA,IAAS,OAAA,CAAQ,IAAA,GArB/B;EAuBV,YAAA,IAAgB,UAAA;WAEP,WAAA,EAAa,mBAAA,CAAoB,KAAA;AAAA;;;;;;iBAY5B,eAAA,CAAgB,KAAA,EAAO,UAAA,GAAa,OAAA,CAAQ,SAAA;;;;;;;iBAa5C,cAAA,uBACd,KAAA,EAAO,KAAA,EACP,IAAA;EAAQ,GAAA,EAAK,SAAA;AAAA,IAAc,OAAA,CAAQ,IAAA,CAAK,aAAA,YACvC,WAAA,CAAY,KAAA"}

package/dist/opaque.mjs

@@ -1,70 +1,2 @@
-import { a as readTimestampMs, c as writeTimestamp, d as decodeBase32, f as encodeBase32, i as payloadBase32Length, l as registerBrand, n as is, o as safeParse, r as parse, s as standardValidate, t as base32CharClass, u as validateBrand } from "./shared-CmbAeUdM.mjs";
-//#region src/opaque.ts
-const zeroIv = new Uint8Array(16);
-const pkcsPad = 16;
-function defaultRng(target) {
-	crypto.getRandomValues(target);
-}
-function importOpaqueKey(bytes) {
-	return crypto.subtle.importKey("raw", bytes, "AES-CBC", false, ["encrypt", "decrypt"]);
-}
-function createOpaqueId(brand, opts) {
-	validateBrand(brand);
-	registerBrand(brand, opts.allowDuplicateBrand);
-	const key = opts.key;
-	const now = opts.now ?? Date.now;
-	const rng = opts.rng ?? defaultRng;
-	const prefix = `${brand}_`;
-	return {
-		generate: () => generate(prefix, key, rng, now()),
-		generateAt: (date) => generate(prefix, key, rng, date.getTime()),
-		is: (value) => is(prefix, value),
-		parse: (value) => parse(prefix, value),
-		safeParse: (value) => safeParse(prefix, value),
-		extractTimestamp: (id) => extractTimestamp(prefix, key, id),
-		toJsonSchema: () => toJsonSchema(brand, prefix),
-		"~standard": {
-			version: 1,
-			vendor: "@smonn/ids",
-			validate: (value) => standardValidate(prefix, value)
-		}
-	};
-}
-async function generate(prefix, key, rng, ms) {
-	const plaintext = new Uint8Array(16);
-	writeTimestamp(ms, plaintext);
-	rng(plaintext.subarray(6, 16));
-	return prefix + encodeBase32(new Uint8Array(await crypto.subtle.encrypt({
-		name: "AES-CBC",
-		iv: zeroIv
-	}, key, plaintext)).subarray(0, 16));
-}
-async function extractTimestamp(prefix, key, id) {
-	const c1 = decodeBase32(id.slice(prefix.length));
-	const c2Input = new Uint8Array(16);
-	for (let i = 0; i < 16; i++) c2Input[i] = pkcsPad ^ c1[i];
-	const c2Encrypted = new Uint8Array(await crypto.subtle.encrypt({
-		name: "AES-CBC",
-		iv: zeroIv
-	}, key, c2Input));
-	const ciphertext = new Uint8Array(32);
-	ciphertext.set(c1, 0);
-	ciphertext.set(c2Encrypted.subarray(0, 16), 16);
-	const plaintext = new Uint8Array(await crypto.subtle.decrypt({
-		name: "AES-CBC",
-		iv: zeroIv
-	}, key, ciphertext));
-	return new Date(readTimestampMs(plaintext));
-}
-function toJsonSchema(brand, prefix) {
-	return {
-		type: "string",
-		pattern: `^${prefix}${base32CharClass}{${payloadBase32Length}}$`,
-		description: `Branded ID for '${brand}'`,
-		example: prefix + "0".repeat(payloadBase32Length)
-	};
-}
-//#endregion
-export { createOpaqueId, importOpaqueKey };
-
-//# sourceMappingURL=opaque.mjs.map
+import { i as encodeOpaqueKey, n as importOpaqueKey, r as decodeOpaqueKey, t as createOpaqueId } from "./opaque-B-ttBfHO.mjs";
+export { createOpaqueId, decodeOpaqueKey, encodeOpaqueKey, importOpaqueKey };

package/dist/{types-Dg2j_zlO.d.mts → types-Bv-63YK4.d.mts}

@@ -1,9 +1,13 @@
 //#region src/types.d.ts
+/** The brand plus trailing separator — e.g. `usr_` for brand `usr`. */
 type Prefix<Brand extends string> = `${Brand}_`;
+/** A canonical branded ID string for `Brand`. Produced by `generate()` and `safeParse()`. */
 type Id<Brand extends string> = `${Prefix<Brand>}${string}` & {
   readonly __brand: Brand;
 };
+/** Parse failure reason returned by `safeParse()`. */
 type ParseError = "not_string" | "invalid_prefix" | "invalid_base32";
+/** Result of `safeParse()`: canonical `Id<Brand>` or a `ParseError`. */
 type ParseResult<Brand extends string> = {
   ok: true;
   id: Id<Brand>;
@@ -11,12 +15,14 @@ type ParseResult<Brand extends string> = {
   ok: false;
   error: ParseError;
 };
+/** JSON Schema for the canonical wire form returned by `toJsonSchema()`. */
 type JsonSchema = {
   readonly type: "string";
   readonly pattern: string;
   readonly description: string;
   readonly example: string;
 };
+/** Standard Schema validate entry point exposed on `Codec["~standard"]`. */
 type StandardSchemaProps<Brand extends string> = {
   readonly version: 1;
   readonly vendor: "@smonn/ids";
@@ -37,4 +43,4 @@ type StandardSchemaProps<Brand extends string> = {
 };
 //#endregion
 export { StandardSchemaProps as a, ParseResult as i, JsonSchema as n, ParseError as r, Id as t };
-//# sourceMappingURL=types-Dg2j_zlO.d.mts.map
+//# sourceMappingURL=types-Bv-63YK4.d.mts.map

package/dist/types-Bv-63YK4.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types-Bv-63YK4.d.mts","names":[],"sources":["../src/types.ts"],"mappings":";;KACY,MAAA,4BAAkC,KAAA;;KAGlC,EAAA,4BAA8B,MAAA,CAAO,KAAA;EAAA,SACtC,OAAA,EAAS,KAAA;AAAA;AADpB;AAAA,KAKY,UAAA;;KAGA,WAAA;EACN,EAAA;EAAU,EAAA,EAAI,EAAA,CAAG,KAAA;AAAA;EACjB,EAAA;EAAW,KAAA,EAAO,UAAA;AAAA;;KAGZ,UAAA;EAAA,SACD,IAAA;EAAA,SACA,OAAA;EAAA,SACA,WAAA;EAAA,SACA,OAAA;AAAA;;KAIC,mBAAA;EAAA,SACD,OAAA;EAAA,SACA,MAAA;EAAA,SACA,QAAA,GACP,KAAA,WACA,OAAA;IAAA,SAAqB,cAAA,GAAiB,MAAA;EAAA;IAAA,SAEzB,KAAA,EAAO,EAAA,CAAG,KAAA;IAAA,SAAiB,MAAA;EAAA;IAAA,SAC3B,MAAA,EAAQ,aAAA;MAAA,SAAyB,OAAA;IAAA;EAAA;EAAA,SACvC,KAAA;IAAA,SAAmB,KAAA;IAAA,SAAyB,MAAA,EAAQ,EAAA,CAAG,KAAA;EAAA;AAAA"}