@storacha/encrypt-upload-client 1.1.59 → 1.1.61

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@storacha/encrypt-upload-client",
   "type": "module",
-  "version": "1.1.59",
+  "version": "1.1.61",
   "license": "Apache-2.0 OR MIT",
   "description": "Client for upload and download encrypted files",
   "author": "Storacha",
@@ -80,9 +80,9 @@
     "ethers": "5.7.1",
     "ipfs-unixfs-exporter": "^10.0.0",
     "multiformats": "^13.3.6",
-    "@storacha/client": "^1.8.16",
-    "@storacha/capabilities": "^1.12.0",
-    "@storacha/upload-client": "^1.3.6"
+    "@storacha/client": "^1.8.18",
+    "@storacha/upload-client": "^1.3.6",
+    "@storacha/capabilities": "^1.12.0"
   },
   "devDependencies": {
     "@lit-protocol/types": "^7.0.8",

package/dist/examples/decrypt-test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=decrypt-test.d.ts.map

package/dist/examples/decrypt-test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"decrypt-test.d.ts","sourceRoot":"","sources":["../../examples/decrypt-test.js"],"names":[],"mappings":""}

package/dist/examples/decrypt-test.js

@@ -1,73 +0,0 @@
-import * as fs from 'fs';
-import dotenv from 'dotenv';
-import { CID } from 'multiformats';
-import * as Client from '@storacha/client';
-import * as Signer from '@ucanto/principal/ed25519';
-import { StoreMemory } from '@storacha/client/stores/memory';
-import { create } from '../src/index.js';
-import { Wallet } from 'ethers';
-import { serviceConf, receiptsEndpoint } from '../src/config/service.js';
-import { createNodeLitAdapter } from '../src/crypto/factories.node.js';
-import { LitNodeClient } from '@lit-protocol/lit-node-client';
-import { extract } from '@ucanto/core/delegation';
-dotenv.config();
-async function main() {
-    // set up storacha client with a new agent
-    const cid = CID.parse('bafyreifhwqmspdjsy6rgcmcizgodv7bwskgiehjhdx7wukax3z5r7tz5ji');
-    const delegationCarBuffer = fs.readFileSync('delegation.car');
-    const wallet = new Wallet(process.env.WALLET_PK || '');
-    const principal = Signer.parse(process.env.DELEGATEE_AGENT_PK || '');
-    const store = new StoreMemory();
-    const client = await Client.create({
-        principal,
-        store,
-        serviceConf,
-        receiptsEndpoint,
-    });
-    // Set up Lit client
-    const litClient = new LitNodeClient({
-        litNetwork: 'datil-dev',
-    });
-    await litClient.connect();
-    const encryptedClient = await create({
-        storachaClient: client,
-        cryptoAdapter: createNodeLitAdapter(litClient),
-    });
-    const res = await extract(delegationCarBuffer);
-    if (res.error) {
-        throw new Error(`Failed to extract delegation: ${res.error.message}`);
-    }
-    const decryptDelegation = res.ok;
-    const decryptionCapability = decryptDelegation.capabilities.find((c) => c.can === 'space/content/decrypt');
-    if (!decryptionCapability) {
-        throw new Error('Failed to find decryption capability');
-    }
-    const spaceDID = /** @type {`did:key:${string}`} */ (decryptionCapability.with);
-    const decryptionConfig = {
-        wallet,
-        decryptDelegation,
-        spaceDID,
-    };
-    const decryptedContent = await encryptedClient.retrieveAndDecryptFile(cid, decryptionConfig);
-    const reader = decryptedContent.stream.getReader();
-    const decoder = new TextDecoder();
-    let result = '';
-    let done = false;
-    while (!done) {
-        const { value, done: isDone } = await reader.read();
-        done = isDone;
-        if (value) {
-            result += decoder.decode(value, { stream: true });
-        }
-    }
-    console.log('================ RESULT ===================');
-    console.log(result);
-    console.log('===========================================');
-}
-main()
-    .then(() => process.exit(0))
-    .catch((err) => {
-    console.error(err);
-    process.exit(1);
-});
-//# sourceMappingURL=decrypt-test.js.map

package/dist/examples/encrypt-test.d.ts

@@ -1,4 +0,0 @@
-/** @param {string} data Base64 encoded CAR file */
-export function parseProof(data: string): Promise<Signer.Delegation<Signer.Signer.Capabilities>>;
-import * as Signer from '@ucanto/principal/ed25519';
-//# sourceMappingURL=encrypt-test.d.ts.map

package/dist/examples/encrypt-test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"encrypt-test.d.ts","sourceRoot":"","sources":["../../examples/encrypt-test.js"],"names":[],"mappings":"AAeA,mDAAmD;AACnD,iCADY,MAAM,0DAQjB;wBAlBuB,2BAA2B"}

package/dist/examples/encrypt-test.js

@@ -1,61 +0,0 @@
-import * as fs from 'fs';
-import dotenv from 'dotenv';
-import { CarReader } from '@ipld/car';
-import * as Client from '@storacha/client';
-import { importDAG } from '@ucanto/core/delegation';
-import * as Signer from '@ucanto/principal/ed25519';
-import { StoreMemory } from '@storacha/client/stores/memory';
-import * as EncryptClient from '../src/index.js';
-import { serviceConf, receiptsEndpoint } from '../src/config/service.js';
-import { createNodeLitAdapter } from '../src/crypto/factories.node.js';
-import { LitNodeClient } from '@lit-protocol/lit-node-client';
-dotenv.config();
-/** @param {string} data Base64 encoded CAR file */
-export async function parseProof(data) {
-    const blocks = [];
-    const reader = await CarReader.fromBytes(Buffer.from(data, 'base64'));
-    for await (const block of reader.blocks()) {
-        blocks.push(block);
-    }
-    return importDAG(blocks);
-}
-async function main() {
-    // set up storacha client with a new agent
-    const principal = Signer.parse(process.env.AGENT_PK || '');
-    const store = new StoreMemory();
-    const client = await Client.create({
-        principal,
-        store,
-        serviceConf,
-        receiptsEndpoint,
-    });
-    // now give Agent the delegation from the Space
-    const proof = await parseProof(process.env.PROOF || '');
-    const space = await client.addSpace(proof);
-    await client.setCurrentSpace(space.did());
-    // Set up Lit client
-    const litClient = new LitNodeClient({
-        litNetwork: 'datil-dev',
-    });
-    await litClient.connect();
-    const encryptedClient = await EncryptClient.create({
-        storachaClient: client,
-        cryptoAdapter: createNodeLitAdapter(litClient),
-    });
-    const fileContent = await fs.promises.readFile('./README.md');
-    const blob = new Blob([fileContent]);
-    // Create encryption config
-    const encryptionConfig = {
-        issuer: principal,
-        spaceDID: space.did(),
-    };
-    const link = await encryptedClient.encryptAndUploadFile(blob, encryptionConfig);
-    console.log(link);
-}
-main()
-    .then(() => process.exit(0))
-    .catch((err) => {
-    console.error(err);
-    process.exit(1);
-});
-//# sourceMappingURL=encrypt-test.js.map

package/dist/test/cid-verification.spec.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=cid-verification.spec.d.ts.map

package/dist/test/cid-verification.spec.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"cid-verification.spec.d.ts","sourceRoot":"","sources":["../../test/cid-verification.spec.js"],"names":[],"mappings":""}

package/dist/test/cid-verification.spec.js

@@ -1,314 +0,0 @@
-import assert from 'node:assert';
-import { describe, test } from 'node:test';
-import { getCarFileFromPublicGateway } from '../src/handlers/decrypt-handler.js';
-import { createTestCar } from './helpers/test-file-utils.js';
-await describe('CID Verification', async () => {
-    await describe('getCarFileFromPublicGateway', async () => {
-        await test('should construct correct gateway URL format', async () => {
-            // This is a basic test to verify the function exists and can be called
-            // Integration tests with real network calls would test full functionality
-            const gatewayURL = new URL('https://example.com');
-            const testCID = 'bafkreih5aznjvttude6c3wbvqeebb6rlx5wkbzyppv7z3aldwdht2oqadq';
-            // Mock fetch to avoid network calls in unit tests
-            const originalFetch = globalThis.fetch;
-            let capturedURL = '';
-            // @ts-ignore - Mock fetch for testing
-            globalThis.fetch = async (url) => {
-                capturedURL = url.toString();
-                // Return a mock response that looks like a failed fetch
-                return {
-                    ok: false,
-                    status: 404,
-                    statusText: 'Not Found',
-                    arrayBuffer: async () => {
-                        throw new Error('Mock 404');
-                    },
-                };
-            };
-            try {
-                await getCarFileFromPublicGateway(gatewayURL, testCID);
-            }
-            catch (error) {
-                // We expect this to fail with our mock, that's fine
-            }
-            finally {
-                globalThis.fetch = originalFetch;
-            }
-            // Verify the URL was constructed correctly
-            const expectedURL = `https://example.com/ipfs/${testCID}?format=car`;
-            assert.strictEqual(capturedURL, expectedURL, 'Should construct correct gateway URL');
-        });
-        await test('should be exported and callable', async () => {
-            // Basic smoke test
-            assert.strictEqual(typeof getCarFileFromPublicGateway, 'function', 'Should be a function');
-            // Verify it requires proper parameters
-            try {
-                // @ts-ignore - intentionally testing invalid input
-                await getCarFileFromPublicGateway(null, 'test');
-                assert.fail('Should throw error for null gateway URL');
-            }
-            catch (error) {
-                // Expected to fail - good
-                assert(error instanceof Error, 'Should throw an Error');
-            }
-        });
-        await test('should validate CID format', async () => {
-            const gatewayURL = new URL('https://example.com');
-            // Mock fetch to return valid CAR response
-            const originalFetch = globalThis.fetch;
-            // @ts-ignore - Mock fetch for testing
-            globalThis.fetch = async (url) => ({
-                ok: true,
-                status: 200,
-                statusText: 'OK',
-                arrayBuffer: async () => new ArrayBuffer(100), // Mock CAR data
-            });
-            try {
-                await getCarFileFromPublicGateway(gatewayURL, 'invalid-cid');
-                assert.fail('Should throw error for invalid CID');
-            }
-            catch (error) {
-                // Expected to fail due to invalid CID format
-                assert(error instanceof Error, 'Should throw an Error for invalid CID');
-            }
-            finally {
-                globalThis.fetch = originalFetch;
-            }
-        });
-        await test('should accept valid CAR file with matching root CID', async () => {
-            const gatewayURL = new URL('https://example.com');
-            // Create a valid KMS metadata CAR file
-            const testContent = {
-                encryptedDataCID: 'bafkreih5aznjvttude6c3wbvqeebb6rlx5wkbzyppv7z3aldwdht2oqadq',
-                encryptedSymmetricKey: 'test-encrypted-key',
-                space: 'did:key:z6MkwDK3M4PxU1FqcSt6quBH1xRBSGnPRdQYP9B13h3Wq5X1',
-                kms: {
-                    provider: 'google-kms',
-                    keyId: 'test-key-id',
-                    algorithm: 'RSA-OAEP-2048-SHA256',
-                },
-            };
-            const { car, actualRootCID } = await createTestCar(testContent);
-            // Mock fetch to return the valid CAR
-            const originalFetch = globalThis.fetch;
-            // @ts-ignore - Mock fetch for testing
-            globalThis.fetch = async (url) => ({
-                ok: true,
-                status: 200,
-                statusText: 'OK',
-                arrayBuffer: async () => car.buffer,
-            });
-            try {
-                const result = await getCarFileFromPublicGateway(gatewayURL, actualRootCID.toString());
-                assert(result instanceof Uint8Array, 'Should return Uint8Array');
-                assert.deepStrictEqual(result, car, 'Should return the exact CAR file');
-            }
-            finally {
-                globalThis.fetch = originalFetch;
-            }
-        });
-        await test('should reject CAR file with wrong root CID (tampering detection)', async () => {
-            const gatewayURL = new URL('https://example.com');
-            // Create a CAR file with content A
-            const originalContent = {
-                encryptedDataCID: 'bafkreih5aznjvttude6c3wbvqeebb6rlx5wkbzyppv7z3aldwdht2oqadq',
-                encryptedSymmetricKey: 'original-encrypted-key',
-                space: 'did:key:z6MkwDK3M4PxU1FqcSt6quBH1xRBSGnPRdQYP9B13h3Wq5X1',
-                kms: {
-                    provider: 'google-kms',
-                    keyId: 'original-key-id',
-                    algorithm: 'RSA-OAEP-2048-SHA256',
-                },
-            };
-            const { actualRootCID: originalCID } = await createTestCar(originalContent);
-            // Create a different CAR file with content B
-            const tamperedContent = {
-                encryptedDataCID: 'bafkreidb6v6sjfnpnf6lqkh7p4w7zfzqfuzn2lqhp5x6zkojfuzwzlhpny',
-                encryptedSymmetricKey: 'tampered-encrypted-key',
-                space: 'did:key:z6MkMaliciousSpaceDIDThatShouldNotBeAccepted',
-                kms: {
-                    provider: 'google-kms',
-                    keyId: 'tampered-key-id',
-                    algorithm: 'RSA-OAEP-2048-SHA256',
-                },
-            };
-            const { car: tamperedCar } = await createTestCar(tamperedContent);
-            // Mock fetch to return the tampered CAR when requesting the original CID
-            const originalFetch = globalThis.fetch;
-            // @ts-ignore - Mock fetch for testing
-            globalThis.fetch = async (url) => ({
-                ok: true,
-                status: 200,
-                statusText: 'OK',
-                arrayBuffer: async () => tamperedCar.buffer, // Return wrong CAR!
-            });
-            try {
-                await getCarFileFromPublicGateway(gatewayURL, originalCID.toString());
-                assert.fail('Should throw error for CID verification failure');
-            }
-            catch (error) {
-                assert(error instanceof Error, 'Should throw an Error');
-                assert(error.message.includes('CID verification failed'), `Should mention CID verification failure. Got: ${error.message}`);
-            }
-            finally {
-                globalThis.fetch = originalFetch;
-            }
-        });
-        await test('should detect when malicious gateway serves completely different CAR', async () => {
-            const gatewayURL = new URL('https://example.com');
-            // CID we're requesting
-            const requestedCID = 'bafkreih5aznjvttude6c3wbvqeebb6rlx5wkbzyppv7z3aldwdht2oqadq';
-            // Create a completely different CAR file
-            const maliciousContent = {
-                encryptedDataCID: 'bafkreig6h5fimhfvj3wmlsf4fzj2d2ndqxd7qnugcgcmkn6dcqzxcq5zdu',
-                encryptedSymmetricKey: 'malicious-encrypted-key',
-                space: 'did:key:z6MkMaliciousSpaceDIDControlledByAttacker',
-                kms: {
-                    provider: 'google-kms',
-                    keyId: 'attacker-controlled-key',
-                    algorithm: 'RSA-OAEP-2048-SHA256',
-                },
-            };
-            const { car: maliciousCar } = await createTestCar(maliciousContent);
-            // Mock fetch to return the malicious CAR
-            const originalFetch = globalThis.fetch;
-            // @ts-ignore - Mock fetch for testing
-            globalThis.fetch = async (url) => ({
-                ok: true,
-                status: 200,
-                statusText: 'OK',
-                arrayBuffer: async () => maliciousCar.buffer,
-            });
-            try {
-                await getCarFileFromPublicGateway(gatewayURL, requestedCID);
-                assert.fail('Should throw error when gateway serves wrong CAR');
-            }
-            catch (error) {
-                assert(error instanceof Error, 'Should throw an Error');
-                assert(error.message.includes('CID verification failed'), `Should mention CID verification failure. Got: ${error.message}`);
-            }
-            finally {
-                globalThis.fetch = originalFetch;
-            }
-        });
-        await test('should handle network errors gracefully', async () => {
-            const gatewayURL = new URL('https://example.com');
-            const testCID = 'bafkreih5aznjvttude6c3wbvqeebb6rlx5wkbzyppv7z3aldwdht2oqadq';
-            // Mock fetch to return network error
-            const originalFetch = globalThis.fetch;
-            // @ts-ignore - Mock fetch for testing
-            globalThis.fetch = async (url) => ({
-                ok: false,
-                status: 500,
-                statusText: 'Internal Server Error',
-                arrayBuffer: async () => {
-                    throw new Error('Network error');
-                },
-            });
-            try {
-                await getCarFileFromPublicGateway(gatewayURL, testCID);
-                assert.fail('Should throw error for network errors');
-            }
-            catch (error) {
-                assert(error instanceof Error, 'Should throw an Error');
-                assert(error.message.includes('Failed to fetch'), `Should mention fetch failure. Got: ${error.message}`);
-            }
-            finally {
-                globalThis.fetch = originalFetch;
-            }
-        });
-    });
-    await describe('Metadata Tampering Detection', async () => {
-        await test('should prevent modification of space DID in metadata', async () => {
-            const gatewayURL = new URL('https://example.com');
-            // Original metadata with legitimate space DID
-            const originalMetadata = {
-                encryptedDataCID: 'bafkreie2hvzhqzj3ixnmjh7h3nkhdyp6qxhqltkq6qxf3wxq7hqxd6nzde',
-                encryptedSymmetricKey: 'encrypted-key-data',
-                space: 'did:key:z6MkwDK3M4PxU1FqcSt6quBH1xRBSGnPRdQYP9B13h3Wq5X1', // Original space
-                kms: {
-                    provider: 'google-kms',
-                    keyId: 'test-key-id',
-                    algorithm: 'RSA-OAEP-2048-SHA256',
-                },
-            };
-            // Tampered metadata with different space DID
-            const tamperedMetadata = {
-                ...originalMetadata,
-                space: 'did:key:z6MkMaliciousSpaceDIDThatShouldNotBeAccepted', // Malicious space!
-            };
-            // Create CAR files for both
-            const { actualRootCID: originalCID } = await createTestCar(originalMetadata);
-            const { car: tamperedCar } = await createTestCar(tamperedMetadata);
-            // Mock fetch to return tampered CAR when requesting original CID
-            const originalFetch = globalThis.fetch;
-            // @ts-ignore - Mock fetch for testing
-            globalThis.fetch = async (url) => ({
-                ok: true,
-                status: 200,
-                statusText: 'OK',
-                arrayBuffer: async () => tamperedCar.buffer, // Returns tampered metadata!
-            });
-            try {
-                await getCarFileFromPublicGateway(gatewayURL, originalCID.toString());
-                assert.fail('Should detect space DID tampering via CID verification');
-            }
-            catch (error) {
-                assert(error instanceof Error, 'Should throw an Error');
-                assert(error.message.includes('CID verification failed'), `Should catch tampering via CID verification. Got: ${error.message}`);
-            }
-            finally {
-                globalThis.fetch = originalFetch;
-            }
-        });
-        await test('should prevent complete metadata substitution attacks', async () => {
-            const gatewayURL = new URL('https://example.com');
-            // Original legitimate metadata
-            const originalMetadata = {
-                encryptedDataCID: 'bafkreih5aznjvttude6c3wbvqeebb6rlx5wkbzyppv7z3aldwdht2oqadq',
-                encryptedSymmetricKey: 'original-encrypted-key',
-                space: 'did:key:z6MkwDK3M4PxU1FqcSt6quBH1xRBSGnPRdQYP9B13h3Wq5X1',
-                kms: {
-                    provider: 'google-kms',
-                    keyId: 'legitimate-key-id',
-                    algorithm: 'RSA-OAEP-2048-SHA256',
-                },
-            };
-            // Completely different malicious metadata (using same CID but different content)
-            const maliciousMetadata = {
-                encryptedDataCID: 'bafkreih5aznjvttude6c3wbvqeebb6rlx5wkbzyppv7z3aldwdht2oqadq',
-                encryptedSymmetricKey: 'malicious-encrypted-key',
-                space: 'did:key:z6MkMaliciousSpaceDIDControlledByAttacker',
-                kms: {
-                    provider: 'google-kms',
-                    keyId: 'attacker-controlled-key',
-                    algorithm: 'RSA-OAEP-2048-SHA256',
-                },
-            };
-            // Create CAR files for both
-            const { actualRootCID: originalCID } = await createTestCar(originalMetadata);
-            const { car: maliciousCar } = await createTestCar(maliciousMetadata);
-            // Mock fetch to return completely different metadata
-            const originalFetch = globalThis.fetch;
-            // @ts-ignore - Mock fetch for testing
-            globalThis.fetch = async (url) => ({
-                ok: true,
-                status: 200,
-                statusText: 'OK',
-                arrayBuffer: async () => maliciousCar.buffer, // Complete substitution attack!
-            });
-            try {
-                await getCarFileFromPublicGateway(gatewayURL, originalCID.toString());
-                assert.fail('Should detect complete metadata substitution via CID verification');
-            }
-            catch (error) {
-                assert(error instanceof Error, 'Should throw an Error');
-                assert(error.message.includes('CID verification failed'), `Should catch complete substitution via CID verification. Got: ${error.message}`);
-            }
-            finally {
-                globalThis.fetch = originalFetch;
-            }
-        });
-    });
-});
-//# sourceMappingURL=cid-verification.spec.js.map

package/dist/test/crypto-compatibility.spec.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=crypto-compatibility.spec.d.ts.map

package/dist/test/crypto-compatibility.spec.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"crypto-compatibility.spec.d.ts","sourceRoot":"","sources":["../../test/crypto-compatibility.spec.js"],"names":[],"mappings":""}

package/dist/test/crypto-compatibility.spec.js

@@ -1,124 +0,0 @@
-import './setup.js';
-import { test, describe } from 'node:test';
-import assert from 'node:assert';
-import { GenericAesCtrStreamingCrypto } from '../src/crypto/symmetric/generic-aes-ctr-streaming-crypto.js';
-import { NodeAesCbcCrypto } from '../src/crypto/symmetric/node-aes-cbc-crypto.js';
-import { createTestFile, streamToUint8Array, } from './helpers/test-file-utils.js';
-/**
- * These tests verify cross-environment compatibility and consistency of crypto implementations.
- */
-await describe('Cross-Environment Crypto Compatibility', async () => {
-    await test('should work consistently across multiple instances', async () => {
-        const crypto1 = new GenericAesCtrStreamingCrypto();
-        const crypto2 = new GenericAesCtrStreamingCrypto();
-        const testFile = createTestFile(0.01); // 10KB test (ultra-small for memory safety)
-        console.log('Testing consistency across instances...');
-        // Use SAME key and IV for both instances
-        const sharedKey = globalThis.crypto.getRandomValues(new Uint8Array(32));
-        const sharedIV = globalThis.crypto.getRandomValues(new Uint8Array(16));
-        // Override generateKey to return our shared key
-        crypto1.generateKey = async () => sharedKey;
-        crypto2.generateKey = async () => sharedKey;
-        // Override IV generation to return our shared IV
-        const originalRandomValues = globalThis.crypto.getRandomValues;
-        let ivCallCount = 0;
-        // @ts-ignore - Overriding for test purposes
-        globalThis.crypto.getRandomValues = (array) => {
-            // @ts-ignore - TypeScript is confused about the array type
-            if (array && array.length === 16 && ivCallCount < 2) {
-                ivCallCount++;
-                // @ts-ignore - TypeScript is confused about the array type
-                array.set(sharedIV);
-                return array;
-            }
-            return originalRandomValues.call(globalThis.crypto, array);
-        };
-        try {
-            // Get encryption results from both instances
-            const result1 = await crypto1.encryptStream(testFile);
-            const result2 = await crypto2.encryptStream(testFile);
-            // Verify keys and IVs are identical
-            assert.deepStrictEqual(result1.key, result2.key, 'Keys should be identical');
-            assert.deepStrictEqual(result1.iv, result2.iv, 'IVs should be identical');
-            // Convert streams to bytes for comparison
-            const encrypted1 = await streamToUint8Array(result1.encryptedStream);
-            const encrypted2 = await streamToUint8Array(result2.encryptedStream);
-            // Verify encrypted outputs are byte-for-byte identical
-            assert.strictEqual(encrypted1.length, encrypted2.length, 'Encrypted lengths should match');
-            assert.deepStrictEqual(encrypted1, encrypted2, 'Encrypted data should be identical');
-            console.log('Multiple instances produce identical results');
-        }
-        finally {
-            // Restore original methods
-            globalThis.crypto.getRandomValues = originalRandomValues;
-        }
-    });
-    await test('should support cross-instance decrypt', async () => {
-        const crypto1 = new GenericAesCtrStreamingCrypto();
-        const crypto2 = new GenericAesCtrStreamingCrypto();
-        const testFile = createTestFile(0.01); // 10KB test (ultra-small for memory safety)
-        console.log('Testing cross-instance decryption...');
-        // Encrypt with first instance
-        const { key, iv, encryptedStream } = await crypto1.encryptStream(testFile);
-        const encryptedBytes = await streamToUint8Array(encryptedStream);
-        // Decrypt with second instance
-        const encryptedForDecrypt = new ReadableStream({
-            start(controller) {
-                controller.enqueue(encryptedBytes);
-                controller.close();
-            },
-        });
-        const decryptedStream = await crypto2.decryptStream(encryptedForDecrypt, key, iv);
-        const decryptedBytes = await streamToUint8Array(decryptedStream);
-        // Verify decrypted data matches original
-        const originalBytes = new Uint8Array(await testFile.arrayBuffer());
-        assert.deepStrictEqual(decryptedBytes, originalBytes, 'Cross-instance decryption should work');
-        console.log('Cross-instance decryption verified');
-    });
-    await test('should handle edge cases consistently', async () => {
-        const crypto = new GenericAesCtrStreamingCrypto();
-        console.log('Testing edge case consistency...');
-        // Test empty file
-        const emptyFile = new Blob([]);
-        const emptyResult = await crypto.encryptStream(emptyFile);
-        const emptyEncrypted = await streamToUint8Array(emptyResult.encryptedStream);
-        assert.strictEqual(emptyEncrypted.length, 0, 'Empty file should encrypt to 0 bytes');
-        // Test single byte file
-        const singleByteFile = new Blob([new Uint8Array([42])]);
-        const singleResult = await crypto.encryptStream(singleByteFile);
-        const singleEncrypted = await streamToUint8Array(singleResult.encryptedStream);
-        assert.strictEqual(singleEncrypted.length, 1, 'Single byte file should encrypt to 1 byte');
-        // Test round-trip of single byte
-        const singleDecryptStream = new ReadableStream({
-            start(controller) {
-                controller.enqueue(singleEncrypted);
-                controller.close();
-            },
-        });
-        const singleDecrypted = await crypto.decryptStream(singleDecryptStream, singleResult.key, singleResult.iv);
-        const singleDecryptedBytes = await streamToUint8Array(singleDecrypted);
-        assert.deepStrictEqual(singleDecryptedBytes, new Uint8Array([42]), 'Single byte round-trip should work');
-        console.log('Edge cases handled consistently');
-    });
-    await test('should demonstrate algorithm differences with NodeAesCbcCrypto', async () => {
-        const genericCrypto = new GenericAesCtrStreamingCrypto();
-        const nodeCrypto = new NodeAesCbcCrypto();
-        const testFile = createTestFile(0.01); // 10KB test (ultra-small for memory safety)
-        console.log('Testing algorithm differences...');
-        // Encrypt with both implementations
-        const genericResult = await genericCrypto.encryptStream(testFile);
-        const nodeResult = await nodeCrypto.encryptStream(testFile);
-        // Convert streams to bytes
-        const genericEncrypted = await streamToUint8Array(genericResult.encryptedStream);
-        const nodeEncrypted = await streamToUint8Array(nodeResult.encryptedStream);
-        // Verify they produce different results (different algorithms)
-        assert.notDeepEqual(genericEncrypted, nodeEncrypted, 'AES-CTR and AES-CBC should produce different results');
-        // Verify they have different key/IV formats
-        assert.strictEqual(genericResult.key.length, 32, 'Generic crypto should use 32-byte keys');
-        assert.strictEqual(genericResult.iv.length, 16, 'Generic crypto should use 16-byte IVs');
-        assert.strictEqual(nodeResult.key.length, 32, 'Node crypto should use 32-byte keys');
-        assert.strictEqual(nodeResult.iv.length, 16, 'Node crypto should use 16-byte IVs');
-        console.log('Algorithm differences confirmed - use consistent crypto for encrypt/decrypt');
-    });
-});
-//# sourceMappingURL=crypto-compatibility.spec.js.map

package/dist/test/crypto-counter-security.spec.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=crypto-counter-security.spec.d.ts.map

package/dist/test/crypto-counter-security.spec.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"crypto-counter-security.spec.d.ts","sourceRoot":"","sources":["../../test/crypto-counter-security.spec.js"],"names":[],"mappings":""}