@super_studio/ecforce-ai-agent-server 0.2.0-canary.4 → 1.0.0-canary.7

package/dist/index.mjs

@@ -1,532 +1,4 @@
-import {
-  __objRest,
-  __spreadProps,
-  __spreadValues
-} from "./chunk-FWCSY2DS.mjs";
+import { Api, ContentType, HttpClient } from "./sdk/__generated__/index.mjs";
+import { createClient } from "./sdk/index.mjs";
 
-// src/lib/constants.ts
-var API_ENDPOINT = "http://localhost:4043";
-
-// src/sdk/__generated__/index.ts
-var ContentType = /* @__PURE__ */ ((ContentType2) => {
-  ContentType2["Json"] = "application/json";
-  ContentType2["JsonApi"] = "application/vnd.api+json";
-  ContentType2["FormData"] = "multipart/form-data";
-  ContentType2["UrlEncoded"] = "application/x-www-form-urlencoded";
-  ContentType2["Text"] = "text/plain";
-  return ContentType2;
-})(ContentType || {});
-var HttpClient = class {
-  constructor(apiConfig = {}) {
-    this.baseUrl = "/api";
-    this.securityData = null;
-    this.abortControllers = /* @__PURE__ */ new Map();
-    this.customFetch = (...fetchParams) => fetch(...fetchParams);
-    this.baseApiParams = {
-      credentials: "same-origin",
-      headers: {},
-      redirect: "follow",
-      referrerPolicy: "no-referrer"
-    };
-    this.setSecurityData = (data) => {
-      this.securityData = data;
-    };
-    this.contentFormatters = {
-      ["application/json" /* Json */]: (input) => input !== null && (typeof input === "object" || typeof input === "string") ? JSON.stringify(input) : input,
-      ["application/vnd.api+json" /* JsonApi */]: (input) => input !== null && (typeof input === "object" || typeof input === "string") ? JSON.stringify(input) : input,
-      ["text/plain" /* Text */]: (input) => input !== null && typeof input !== "string" ? JSON.stringify(input) : input,
-      ["multipart/form-data" /* FormData */]: (input) => {
-        if (input instanceof FormData) {
-          return input;
-        }
-        return Object.keys(input || {}).reduce((formData, key) => {
-          const property = input[key];
-          formData.append(
-            key,
-            property instanceof Blob ? property : typeof property === "object" && property !== null ? JSON.stringify(property) : `${property}`
-          );
-          return formData;
-        }, new FormData());
-      },
-      ["application/x-www-form-urlencoded" /* UrlEncoded */]: (input) => this.toQueryString(input)
-    };
-    this.createAbortSignal = (cancelToken) => {
-      if (this.abortControllers.has(cancelToken)) {
-        const abortController2 = this.abortControllers.get(cancelToken);
-        if (abortController2) {
-          return abortController2.signal;
-        }
-        return void 0;
-      }
-      const abortController = new AbortController();
-      this.abortControllers.set(cancelToken, abortController);
-      return abortController.signal;
-    };
-    this.abortRequest = (cancelToken) => {
-      const abortController = this.abortControllers.get(cancelToken);
-      if (abortController) {
-        abortController.abort();
-        this.abortControllers.delete(cancelToken);
-      }
-    };
-    this.request = async (_a) => {
-      var _b = _a, {
-        body,
-        secure,
-        path,
-        type,
-        query,
-        format,
-        baseUrl,
-        cancelToken
-      } = _b, params = __objRest(_b, [
-        "body",
-        "secure",
-        "path",
-        "type",
-        "query",
-        "format",
-        "baseUrl",
-        "cancelToken"
-      ]);
-      const secureParams = (typeof secure === "boolean" ? secure : this.baseApiParams.secure) && this.securityWorker && await this.securityWorker(this.securityData) || {};
-      const requestParams = this.mergeRequestParams(params, secureParams);
-      const queryString = query && this.toQueryString(query);
-      const payloadFormatter = this.contentFormatters[type || "application/json" /* Json */];
-      const responseFormat = format || requestParams.format;
-      return this.customFetch(
-        `${baseUrl || this.baseUrl || ""}${path}${queryString ? `?${queryString}` : ""}`,
-        __spreadProps(__spreadValues({}, requestParams), {
-          headers: __spreadValues(__spreadValues({}, requestParams.headers || {}), type && type !== "multipart/form-data" /* FormData */ ? { "Content-Type": type } : {}),
-          signal: (cancelToken ? this.createAbortSignal(cancelToken) : requestParams.signal) || null,
-          body: typeof body === "undefined" || body === null ? null : payloadFormatter(body)
-        })
-      ).then(async (response) => {
-        const r = response;
-        r.data = null;
-        r.error = null;
-        const data = !responseFormat ? r : await response[responseFormat]().then((data2) => {
-          if (r.ok) {
-            r.data = data2;
-          } else {
-            r.error = data2;
-          }
-          return r;
-        }).catch((e) => {
-          r.error = e;
-          return r;
-        });
-        if (cancelToken) {
-          this.abortControllers.delete(cancelToken);
-        }
-        if (!response.ok) throw data;
-        return data.data;
-      });
-    };
-    Object.assign(this, apiConfig);
-  }
-  encodeQueryParam(key, value) {
-    const encodedKey = encodeURIComponent(key);
-    return `${encodedKey}=${encodeURIComponent(typeof value === "number" ? value : `${value}`)}`;
-  }
-  addQueryParam(query, key) {
-    return this.encodeQueryParam(key, query[key]);
-  }
-  addArrayQueryParam(query, key) {
-    const value = query[key];
-    return value.map((v) => this.encodeQueryParam(key, v)).join("&");
-  }
-  toQueryString(rawQuery) {
-    const query = rawQuery || {};
-    const keys = Object.keys(query).filter(
-      (key) => "undefined" !== typeof query[key]
-    );
-    return keys.map(
-      (key) => Array.isArray(query[key]) ? this.addArrayQueryParam(query, key) : this.addQueryParam(query, key)
-    ).join("&");
-  }
-  addQueryParams(rawQuery) {
-    const queryString = this.toQueryString(rawQuery);
-    return queryString ? `?${queryString}` : "";
-  }
-  mergeRequestParams(params1, params2) {
-    return __spreadProps(__spreadValues(__spreadValues(__spreadValues({}, this.baseApiParams), params1), params2 || {}), {
-      headers: __spreadValues(__spreadValues(__spreadValues({}, this.baseApiParams.headers || {}), params1.headers || {}), params2 && params2.headers || {})
-    });
-  }
-};
-var Api = class extends HttpClient {
-  constructor() {
-    super(...arguments);
-    this.version = {
-      /**
-       * @description バージョンを取得する
-       *
-       * @tags meta
-       * @name GetVersion
-       * @summary getVersion
-       * @request GET:/v1/version
-       * @secure
-       */
-      getVersion: (params = {}) => this.request(__spreadValues({
-        path: `/v1/version`,
-        method: "GET",
-        secure: true,
-        format: "json"
-      }, params))
-    };
-    this.internal = {
-      /**
-       * @description ユーザーのセッションを作成してトークンを返す
-       *
-       * @tags internal
-       * @name CreateSession
-       * @summary createSession
-       * @request POST:/v1/internal/create-session
-       * @secure
-       */
-      createSession: (data, params = {}) => this.request(__spreadValues({
-        path: `/v1/internal/create-session`,
-        method: "POST",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params))
-    };
-    this.agent = {
-      /**
-       * @description エージェント一覧を取得する
-       *
-       * @tags agent
-       * @name List
-       * @summary list
-       * @request GET:/v1/agent
-       * @secure
-       */
-      list: (params = {}) => this.request(__spreadValues({
-        path: `/v1/agent`,
-        method: "GET",
-        secure: true,
-        format: "json"
-      }, params)),
-      /**
-       * @description エージェントを作成する
-       *
-       * @tags agent
-       * @name Create
-       * @summary create
-       * @request POST:/v1/agent
-       * @secure
-       */
-      create: (data, params = {}) => this.request(__spreadValues({
-        path: `/v1/agent`,
-        method: "POST",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params)),
-      /**
-       * @description エージェント詳細を取得する
-       *
-       * @tags agent
-       * @name Get
-       * @summary get
-       * @request GET:/v1/agent/{id}
-       * @secure
-       */
-      get: (id, params = {}) => this.request(__spreadValues({
-        path: `/v1/agent/${id}`,
-        method: "GET",
-        secure: true,
-        format: "json"
-      }, params)),
-      /**
-       * @description エージェントを更新する
-       *
-       * @tags agent
-       * @name Update
-       * @summary update
-       * @request PUT:/v1/agent/{id}
-       * @secure
-       */
-      update: (id, data, params = {}) => this.request(__spreadValues({
-        path: `/v1/agent/${id}`,
-        method: "PUT",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params)),
-      /**
-       * @description エージェントを削除する
-       *
-       * @tags agent
-       * @name Delete
-       * @summary delete
-       * @request DELETE:/v1/agent/{id}
-       * @secure
-       */
-      delete: (id, data, params = {}) => this.request(__spreadValues({
-        path: `/v1/agent/${id}`,
-        method: "DELETE",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params)),
-      /**
-       * @description エージェントのUI機能設定を取得する（公開）
-       *
-       * @tags agent
-       * @name GetInterfaceFeatures
-       * @summary getInterfaceFeatures
-       * @request GET:/v1/agent/{id}/interface-features
-       * @secure
-       */
-      getInterfaceFeatures: (id, params = {}) => this.request(__spreadValues({
-        path: `/v1/agent/${id}/interface-features`,
-        method: "GET",
-        secure: true,
-        format: "json"
-      }, params)),
-      /**
-       * @description エージェントのツール設定を取得する（公開）
-       *
-       * @tags agent
-       * @name GetToolSettings
-       * @summary getToolSettings
-       * @request POST:/v1/agent/tool-settings
-       * @secure
-       */
-      getToolSettings: (data, params = {}) => this.request(__spreadValues({
-        path: `/v1/agent/tool-settings`,
-        method: "POST",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params))
-    };
-    this.account = {
-      /**
-       * @description 所属するアカウント一覧を取得する
-       *
-       * @tags account
-       * @name List
-       * @summary list
-       * @request GET:/v1/account
-       * @secure
-       */
-      list: (params = {}) => this.request(__spreadValues({
-        path: `/v1/account`,
-        method: "GET",
-        secure: true,
-        format: "json"
-      }, params)),
-      /**
-       * @description アカウント詳細を取得する
-       *
-       * @tags account
-       * @name Get
-       * @summary get
-       * @request GET:/v1/account/{projectId}
-       * @secure
-       */
-      get: (projectId, params = {}) => this.request(__spreadValues({
-        path: `/v1/account/${projectId}`,
-        method: "GET",
-        secure: true,
-        format: "json"
-      }, params))
-    };
-    this.apiKeys = {
-      /**
-       * @description APIキー一覧を取得する
-       *
-       * @tags apiKey
-       * @name List
-       * @summary list
-       * @request GET:/v1/api-keys/{type}
-       * @secure
-       */
-      list: (type, params = {}) => this.request(__spreadValues({
-        path: `/v1/api-keys/${type}`,
-        method: "GET",
-        secure: true,
-        format: "json"
-      }, params)),
-      /**
-       * @description APIキーを作成する
-       *
-       * @tags apiKey
-       * @name Create
-       * @summary create
-       * @request POST:/v1/api-keys
-       * @secure
-       */
-      create: (data, params = {}) => this.request(__spreadValues({
-        path: `/v1/api-keys`,
-        method: "POST",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params)),
-      /**
-       * @description APIキーを更新する
-       *
-       * @tags apiKey
-       * @name Update
-       * @summary update
-       * @request PATCH:/v1/api-keys/{id}
-       * @secure
-       */
-      update: (id, data, params = {}) => this.request(__spreadValues({
-        path: `/v1/api-keys/${id}`,
-        method: "PATCH",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params)),
-      /**
-       * @description APIキーを削除する
-       *
-       * @tags apiKey
-       * @name Delete
-       * @summary delete
-       * @request DELETE:/v1/api-keys/{id}
-       * @secure
-       */
-      delete: (id, data, params = {}) => this.request(__spreadValues({
-        path: `/v1/api-keys/${id}`,
-        method: "DELETE",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params))
-    };
-    this.chat = {
-      /**
-       * @description ユーザーのチャットメッセージ一覧を返す
-       *
-       * @tags chat
-       * @name ListMessages
-       * @summary listMessages
-       * @request POST:/v1/chat/list-messages
-       * @secure
-       */
-      listMessages: (data, params = {}) => this.request(__spreadValues({
-        path: `/v1/chat/list-messages`,
-        method: "POST",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params)),
-      /**
-       * @description ユーザーのチャット一覧を返す
-       *
-       * @tags chat
-       * @name MyList
-       * @summary myList
-       * @request POST:/v1/chat/my-list
-       * @secure
-       */
-      myList: (data, params = {}) => this.request(__spreadValues({
-        path: `/v1/chat/my-list`,
-        method: "POST",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params)),
-      /**
-       * @description ユーザーのチャットのタイトルを返す
-       *
-       * @tags chat
-       * @name GetTitle
-       * @summary getTitle
-       * @request POST:/v1/chat/get-title
-       * @secure
-       */
-      getTitle: (data, params = {}) => this.request(__spreadValues({
-        path: `/v1/chat/get-title`,
-        method: "POST",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params)),
-      /**
-       * @description メッセージに対する評価を送信する
-       *
-       * @tags chat
-       * @name SubmitFeedback
-       * @summary submitFeedback
-       * @request POST:/v1/chat/submit-feedback
-       * @secure
-       */
-      submitFeedback: (data, params = {}) => this.request(__spreadValues({
-        path: `/v1/chat/submit-feedback`,
-        method: "POST",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params)),
-      /**
-       * @description メッセージの評価を削除する
-       *
-       * @tags chat
-       * @name DeleteFeedback
-       * @summary deleteFeedback
-       * @request POST:/v1/chat/delete-feedback
-       * @secure
-       */
-      deleteFeedback: (data, params = {}) => this.request(__spreadValues({
-        path: `/v1/chat/delete-feedback`,
-        method: "POST",
-        body: data,
-        secure: true,
-        type: "application/json" /* Json */,
-        format: "json"
-      }, params))
-    };
-  }
-};
-
-// src/sdk/index.ts
-function createClient(params) {
-  var _a, _b, _c;
-  const baseUrl = `${(_b = (_a = params == null ? void 0 : params.baseUrl) != null ? _a : process.env.AI_AGENT_API_ENDPOINT) != null ? _b : API_ENDPOINT}/api`;
-  const apiKey = (_c = params == null ? void 0 : params.apiKey) != null ? _c : process.env.AI_AGENT_API_KEY;
-  if (!apiKey) {
-    throw new Error("API\u30AD\u30FC\u304C\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002");
-  }
-  if (!baseUrl) {
-    throw new Error("API\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8\u304C\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002");
-  }
-  return new Api({
-    baseUrl,
-    baseApiParams: {
-      secure: true
-    },
-    async securityWorker() {
-      return {
-        headers: {
-          Authorization: `Bearer ${apiKey}`
-        }
-      };
-    }
-  });
-}
-export {
-  Api,
-  ContentType,
-  HttpClient,
-  createClient
-};
+export { Api, ContentType, HttpClient, createClient };

package/dist/lib/constants.cjs

@@ -0,0 +1,6 @@
+
+//#region src/lib/constants.ts
+const API_ENDPOINT = "http://localhost:4043";
+
+//#endregion
+exports.API_ENDPOINT = API_ENDPOINT;

package/dist/lib/constants.mjs

@@ -0,0 +1,6 @@
+//#region src/lib/constants.ts
+const API_ENDPOINT = "http://localhost:4043";
+
+//#endregion
+export { API_ENDPOINT };
+//# sourceMappingURL=constants.mjs.map

package/dist/lib/constants.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.mjs","names":[],"sources":["../../src/lib/constants.ts"],"sourcesContent":["export const API_ENDPOINT = \"http://localhost:4043\";\n"],"mappings":";AAAA,MAAa,eAAe"}

package/dist/lib/jwt.cjs

@@ -0,0 +1,64 @@
+let _panva_hkdf = require("@panva/hkdf");
+let jose = require("jose");
+
+//#region src/lib/jwt.ts
+/**
+* このロジックは最新(@auth/core@0.37.2)のAuth.jsのjwt.tsからコピーされました。
+*/
+const DEFAULT_MAX_AGE = 720 * 60 * 60;
+const now = () => Date.now() / 1e3 | 0;
+const alg = "dir";
+const enc = "A256CBC-HS512";
+/** Issues a JWT. By default, the JWT is encrypted using "A256CBC-HS512". */
+async function encode(params) {
+	const { token = {}, secret, maxAge = DEFAULT_MAX_AGE, salt } = params;
+	const encryptionSecret = await getDerivedEncryptionKey(enc, (Array.isArray(secret) ? secret : [secret])[0], salt);
+	const thumbprint = await (0, jose.calculateJwkThumbprint)({
+		kty: "oct",
+		k: jose.base64url.encode(encryptionSecret)
+	}, `sha${encryptionSecret.byteLength << 3}`);
+	return await new jose.EncryptJWT(token).setProtectedHeader({
+		alg,
+		enc,
+		kid: thumbprint
+	}).setIssuedAt().setExpirationTime(now() + maxAge).setJti(crypto.randomUUID()).encrypt(encryptionSecret);
+}
+/** Decodes an Auth.js issued JWT. */
+async function decode(params) {
+	const { token, secret, salt } = params;
+	const secrets = Array.isArray(secret) ? secret : [secret];
+	if (!token) return null;
+	const { payload } = await (0, jose.jwtDecrypt)(token, async ({ kid, enc: enc$1 }) => {
+		for (const secret$1 of secrets) {
+			const encryptionSecret = await getDerivedEncryptionKey(enc$1, secret$1, salt);
+			if (kid === void 0) return encryptionSecret;
+			if (kid === await (0, jose.calculateJwkThumbprint)({
+				kty: "oct",
+				k: jose.base64url.encode(encryptionSecret)
+			}, `sha${encryptionSecret.byteLength << 3}`)) return encryptionSecret;
+		}
+		throw new Error("no matching decryption secret");
+	}, {
+		clockTolerance: 15,
+		keyManagementAlgorithms: [alg],
+		contentEncryptionAlgorithms: [enc, "A256GCM"]
+	});
+	return payload;
+}
+async function getDerivedEncryptionKey(enc$1, keyMaterial, salt) {
+	let length;
+	switch (enc$1) {
+		case "A256CBC-HS512":
+			length = 64;
+			break;
+		case "A256GCM":
+			length = 32;
+			break;
+		default: throw new Error("Unsupported JWT Content Encryption Algorithm");
+	}
+	return await (0, _panva_hkdf.hkdf)("sha256", keyMaterial, salt, `Auth.js Generated Encryption Key (${salt})`, length);
+}
+
+//#endregion
+exports.decode = decode;
+exports.encode = encode;

package/dist/lib/jwt.mjs

@@ -0,0 +1,64 @@
+import { hkdf } from "@panva/hkdf";
+import { EncryptJWT, base64url, calculateJwkThumbprint, jwtDecrypt } from "jose";
+
+//#region src/lib/jwt.ts
+/**
+* このロジックは最新(@auth/core@0.37.2)のAuth.jsのjwt.tsからコピーされました。
+*/
+const DEFAULT_MAX_AGE = 720 * 60 * 60;
+const now = () => Date.now() / 1e3 | 0;
+const alg = "dir";
+const enc = "A256CBC-HS512";
+/** Issues a JWT. By default, the JWT is encrypted using "A256CBC-HS512". */
+async function encode(params) {
+	const { token = {}, secret, maxAge = DEFAULT_MAX_AGE, salt } = params;
+	const encryptionSecret = await getDerivedEncryptionKey(enc, (Array.isArray(secret) ? secret : [secret])[0], salt);
+	const thumbprint = await calculateJwkThumbprint({
+		kty: "oct",
+		k: base64url.encode(encryptionSecret)
+	}, `sha${encryptionSecret.byteLength << 3}`);
+	return await new EncryptJWT(token).setProtectedHeader({
+		alg,
+		enc,
+		kid: thumbprint
+	}).setIssuedAt().setExpirationTime(now() + maxAge).setJti(crypto.randomUUID()).encrypt(encryptionSecret);
+}
+/** Decodes an Auth.js issued JWT. */
+async function decode(params) {
+	const { token, secret, salt } = params;
+	const secrets = Array.isArray(secret) ? secret : [secret];
+	if (!token) return null;
+	const { payload } = await jwtDecrypt(token, async ({ kid, enc: enc$1 }) => {
+		for (const secret$1 of secrets) {
+			const encryptionSecret = await getDerivedEncryptionKey(enc$1, secret$1, salt);
+			if (kid === void 0) return encryptionSecret;
+			if (kid === await calculateJwkThumbprint({
+				kty: "oct",
+				k: base64url.encode(encryptionSecret)
+			}, `sha${encryptionSecret.byteLength << 3}`)) return encryptionSecret;
+		}
+		throw new Error("no matching decryption secret");
+	}, {
+		clockTolerance: 15,
+		keyManagementAlgorithms: [alg],
+		contentEncryptionAlgorithms: [enc, "A256GCM"]
+	});
+	return payload;
+}
+async function getDerivedEncryptionKey(enc$1, keyMaterial, salt) {
+	let length;
+	switch (enc$1) {
+		case "A256CBC-HS512":
+			length = 64;
+			break;
+		case "A256GCM":
+			length = 32;
+			break;
+		default: throw new Error("Unsupported JWT Content Encryption Algorithm");
+	}
+	return await hkdf("sha256", keyMaterial, salt, `Auth.js Generated Encryption Key (${salt})`, length);
+}
+
+//#endregion
+export { decode, encode };
+//# sourceMappingURL=jwt.mjs.map

package/dist/lib/jwt.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.mjs","names":["secret","enc","length: number"],"sources":["../../src/lib/jwt.ts"],"sourcesContent":["/**\n * このロジックは最新(@auth/core@0.37.2)のAuth.jsのjwt.tsからコピーされました。\n */\n\nimport { hkdf } from \"@panva/hkdf\";\nimport {\n  base64url,\n  calculateJwkThumbprint,\n  EncryptJWT,\n  jwtDecrypt,\n} from \"jose\";\n\nconst DEFAULT_MAX_AGE = 30 * 24 * 60 * 60; // 30 days\n\nconst now = () => (Date.now() / 1000) | 0;\n\nconst alg = \"dir\";\nconst enc = \"A256CBC-HS512\";\ntype Digest = Parameters<typeof calculateJwkThumbprint>[1];\n\n/** Issues a JWT. By default, the JWT is encrypted using \"A256CBC-HS512\". */\nexport async function encode<Payload = object>(\n  params: JWTEncodeParams<Payload>,\n) {\n  const { token = {}, secret, maxAge = DEFAULT_MAX_AGE, salt } = params;\n  const secrets = Array.isArray(secret) ? secret : [secret];\n  const encryptionSecret = await getDerivedEncryptionKey(\n    enc,\n    secrets[0]!,\n    salt,\n  );\n\n  const thumbprint = await calculateJwkThumbprint(\n    { kty: \"oct\", k: base64url.encode(encryptionSecret) },\n    `sha${encryptionSecret.byteLength << 3}` as Digest,\n  );\n  // @ts-expect-error `jose` allows any object as payload.\n  return await new EncryptJWT(token)\n    .setProtectedHeader({ alg, enc, kid: thumbprint })\n    .setIssuedAt()\n    .setExpirationTime(now() + maxAge)\n    .setJti(crypto.randomUUID())\n    .encrypt(encryptionSecret);\n}\n\n/** Decodes an Auth.js issued JWT. */\nexport async function decode<Payload = object>(\n  params: JWTDecodeParams,\n): Promise<Payload | null> {\n  const { token, secret, salt } = params;\n  const secrets = Array.isArray(secret) ? secret : [secret];\n  if (!token) {\n    return null;\n  }\n  const { payload } = await jwtDecrypt(\n    token,\n    async ({ kid, enc }) => {\n      for (const secret of secrets) {\n        const encryptionSecret = await getDerivedEncryptionKey(\n          enc,\n          secret,\n          salt,\n        );\n        if (kid === undefined) {\n          return encryptionSecret;\n        }\n\n        const thumbprint = await calculateJwkThumbprint(\n          { kty: \"oct\", k: base64url.encode(encryptionSecret) },\n          `sha${encryptionSecret.byteLength << 3}` as Digest,\n        );\n        if (kid === thumbprint) {\n          return encryptionSecret;\n        }\n      }\n\n      throw new Error(\"no matching decryption secret\");\n    },\n    {\n      clockTolerance: 15,\n      keyManagementAlgorithms: [alg],\n      contentEncryptionAlgorithms: [enc, \"A256GCM\"],\n    },\n  );\n  return payload as Payload;\n}\n\nasync function getDerivedEncryptionKey(\n  enc: string,\n  keyMaterial: Parameters<typeof hkdf>[1],\n  salt: Parameters<typeof hkdf>[2],\n) {\n  let length: number;\n  switch (enc) {\n    case \"A256CBC-HS512\":\n      length = 64;\n      break;\n    case \"A256GCM\":\n      length = 32;\n      break;\n    default:\n      throw new Error(\"Unsupported JWT Content Encryption Algorithm\");\n  }\n  return await hkdf(\n    \"sha256\",\n    keyMaterial,\n    salt,\n    `Auth.js Generated Encryption Key (${salt})`,\n    length,\n  );\n}\n\nexport interface JWTEncodeParams<Payload = object> {\n  /**\n   * The maximum age of the Auth.js issued JWT in seconds.\n   *\n   * @default 30 * 24 * 60 * 60 // 30 days\n   */\n  maxAge?: number;\n  /** Used in combination with `secret`, to derive the encryption secret for JWTs. */\n  salt: string;\n  /** Used in combination with `salt`, to derive the encryption secret for JWTs. */\n  secret: string | string[];\n  /** The JWT payload. */\n  token?: Payload;\n}\n\nexport interface JWTDecodeParams {\n  /** Used in combination with `secret`, to derive the encryption secret for JWTs. */\n  salt: string;\n  /**\n   * Used in combination with `salt`, to derive the encryption secret for JWTs.\n   *\n   * @note\n   * You can also pass an array of secrets, in which case the first secret that successfully\n   * decrypts the JWT will be used. This is useful for rotating secrets without invalidating existing sessions.\n   * The newer secret should be added to the start of the array, which will be used for all new sessions.\n   */\n  secret: string | string[];\n  /** The Auth.js issued JWT to be decoded */\n  token?: string;\n}\n"],"mappings":";;;;;;;AAYA,MAAM,kBAAkB,MAAU,KAAK;AAEvC,MAAM,YAAa,KAAK,KAAK,GAAG,MAAQ;AAExC,MAAM,MAAM;AACZ,MAAM,MAAM;;AAIZ,eAAsB,OACpB,QACA;CACA,MAAM,EAAE,QAAQ,EAAE,EAAE,QAAQ,SAAS,iBAAiB,SAAS;CAE/D,MAAM,mBAAmB,MAAM,wBAC7B,MAFc,MAAM,QAAQ,OAAO,GAAG,SAAS,CAAC,OAAO,EAG/C,IACR,KACD;CAED,MAAM,aAAa,MAAM,uBACvB;EAAE,KAAK;EAAO,GAAG,UAAU,OAAO,iBAAiB;EAAE,EACrD,MAAM,iBAAiB,cAAc,IACtC;AAED,QAAO,MAAM,IAAI,WAAW,MAAM,CAC/B,mBAAmB;EAAE;EAAK;EAAK,KAAK;EAAY,CAAC,CACjD,aAAa,CACb,kBAAkB,KAAK,GAAG,OAAO,CACjC,OAAO,OAAO,YAAY,CAAC,CAC3B,QAAQ,iBAAiB;;;AAI9B,eAAsB,OACpB,QACyB;CACzB,MAAM,EAAE,OAAO,QAAQ,SAAS;CAChC,MAAM,UAAU,MAAM,QAAQ,OAAO,GAAG,SAAS,CAAC,OAAO;AACzD,KAAI,CAAC,MACH,QAAO;CAET,MAAM,EAAE,YAAY,MAAM,WACxB,OACA,OAAO,EAAE,KAAK,iBAAU;AACtB,OAAK,MAAMA,YAAU,SAAS;GAC5B,MAAM,mBAAmB,MAAM,wBAC7BC,OACAD,UACA,KACD;AACD,OAAI,QAAQ,OACV,QAAO;AAOT,OAAI,QAJe,MAAM,uBACvB;IAAE,KAAK;IAAO,GAAG,UAAU,OAAO,iBAAiB;IAAE,EACrD,MAAM,iBAAiB,cAAc,IACtC,CAEC,QAAO;;AAIX,QAAM,IAAI,MAAM,gCAAgC;IAElD;EACE,gBAAgB;EAChB,yBAAyB,CAAC,IAAI;EAC9B,6BAA6B,CAAC,KAAK,UAAU;EAC9C,CACF;AACD,QAAO;;AAGT,eAAe,wBACb,OACA,aACA,MACA;CACA,IAAIE;AACJ,SAAQD,OAAR;EACE,KAAK;AACH,YAAS;AACT;EACF,KAAK;AACH,YAAS;AACT;EACF,QACE,OAAM,IAAI,MAAM,+CAA+C;;AAEnE,QAAO,MAAM,KACX,UACA,aACA,MACA,qCAAqC,KAAK,IAC1C,OACD"}