@zeke-02/tinfoil 0.0.11 → 0.11.7

package/README.md

@@ -1,183 +0,0 @@
-# Tinfoil Node Client
-
-[![Build Status](https://github.com/tinfoilsh/tinfoil-node/actions/workflows/test.yml/badge.svg)](https://github.com/tinfoilsh/tinfoil-node/actions)
-[![NPM version](https://img.shields.io/npm/v/tinfoil.svg)](https://npmjs.org/package/tinfoil)
-[![Documentation](https://img.shields.io/badge/docs-tinfoil.sh-blue)](https://docs.tinfoil.sh/sdk/node-sdk)
-
-This client library provides secure and convenient access to the Tinfoil Private Inference endpoints from TypeScript or JavaScript.
-
-It is a wrapper around the OpenAI client that verifies enclave attestation and routes traffic to the Tinfoil Private Inference endpoints through an [EHBP](https://github.com/tinfoilsh/encrypted-http-body-protocol)-secured transport. EHBP encrypts all payloads directly to an attested enclave using [HPKE (RFC 9180)](https://www.rfc-editor.org/rfc/rfc9180.html).
-
-## Installation
-
-```bash
-npm install tinfoil
-```
-
-## Requirements
-
-Node 20+.
-
-## Quick Start
-
-```typescript
-import { TinfoilAI } from "tinfoil";
-
-const client = new TinfoilAI({
-  apiKey: "<YOUR_API_KEY>", // or use TINFOIL_API_KEY env var
-});
-
-// Uses identical method calls as the OpenAI client
-const completion = await client.chat.completions.create({
-  messages: [{ role: "user", content: "Hello!" }],
-  model: "llama3-3-70b",
-});
-```
-
-## Browser Support
-
-The SDK supports browser environments. This allows you to use the secure enclave-backed OpenAI API directly from web applications.
-
-### ⚠️ Security Warning
-
-Using API keys directly in the browser exposes them to anyone who can view your page source.
-For production applications, always use a backend server to handle API keys.
-
-### Browser Usage
-
-```javascript
-import { TinfoilAI } from 'tinfoil';
-
-const client = new TinfoilAI({
-  apiKey: 'your-api-key',
-  dangerouslyAllowBrowser: true // Required for browser usage
-});
-
-// Optional: pre-initialize; you can also call APIs directly
-await client.ready();
-
-const completion = await client.chat.completions.create({
-  model: 'llama3-3-70b',
-  messages: [{ role: 'user', content: 'Hello!' }]
-});
-```
-
-### Browser Requirements
-
-- Modern browsers with ES2020 support
-- WebAssembly support for enclave verification
-
-
-## Verification helpers
-
-This package exposes verification helpers that load the Go-based WebAssembly verifier and provide end-to-end attestation with structured, stepwise results you can use in applications (e.g., to show progress, log transitions, or gate features).
-
-The verification functionality is contained in `verifier.ts`.
-
-
-### Core Verifier API
-
-```typescript
-import { Verifier } from "tinfoil";
-
-const verifier = new Verifier({ serverURL: "https://enclave.host.com" });
-
-// Perform full end-to-end verification
-const attestation = await verifier.verify();
-// Returns: AttestationResponse with measurement and cryptographic keys
-// This performs all verification steps atomically:
-// 1. Fetches the latest release digest from GitHub
-// 2. Verifies code provenance using Sigstore
-// 3. Performs runtime attestation against the enclave
-// 4. Verifies hardware measurements (for TDX platforms)
-// 5. Compares code and runtime measurements
-
-// Access detailed verification results
-const doc = verifier.getVerificationDocument();
-// Returns: VerificationDocument with step-by-step status including
-// measurements, fingerprints, and cryptographic keys
-```
-
-### Verification Document
-
-The `Verifier` provides access to a comprehensive verification document that tracks all verification steps, including failures:
-
-```typescript
-import { Verifier } from "tinfoil";
-
-const verifier = new Verifier({ serverURL: "https://enclave.host.com" });
-
-try {
-  const attestation = await verifier.verify();
-  const doc = verifier.getVerificationDocument();
-  console.log('Security verified:', doc.securityVerified);
-  console.log('TLS fingerprint:', attestation.tlsPublicKeyFingerprint);
-  console.log('HPKE public key:', attestation.hpkePublicKey);
-} catch (error) {
-  // Even on error, you can access the verification document
-  const doc = verifier.getVerificationDocument();
-
-  // The document contains detailed step information:
-  // - fetchDigest: GitHub release digest retrieval
-  // - verifyCode: Code measurement verification
-  // - verifyEnclave: Runtime attestation verification
-  // - compareMeasurements: Code vs runtime measurement comparison
-  // - otherError: Catch-all for unexpected errors (optional)
-
-  // Check individual steps
-  if (doc.steps.verifyEnclave.status === 'failed') {
-    console.log('Enclave verification failed:', doc.steps.verifyEnclave.error);
-  }
-
-  // Error messages are prefixed with the failing step:
-  // - "fetchDigest:" - Failed to fetch GitHub release digest
-  // - "verifyCode:" - Failed to verify code provenance
-  // - "verifyEnclave:" - Failed runtime attestation
-  // - "verifyHardware:" - Failed TDX hardware verification
-  // - "validateTLS:" - TLS public key validation failed
-  // - "measurements:" - Measurement comparison failed
-}
-```
-
-## Testing
-
-The project includes both unit tests and integration tests:
-
-### Running Unit Tests
-
-```bash
-npm test
-```
-
-### Running Integration Tests
-
-```bash
-RUN_TINFOIL_INTEGRATION=true npm test
-```
-
-This runs the full test suite including integration tests that:
-- Make actual network requests to Tinfoil services
-- Perform real enclave attestation verification
-- Test end-to-end functionality with live services
-
-Integration tests are skipped by default to keep the test suite fast and avoid network dependencies during development.
-
-## Running examples
-
-See [examples/README.md](https://github.com/tinfoilsh/tinfoil-node/blob/main/examples/README.md).
-
-## API Documentation
-
-For complete documentation on using the Tinfoil Node SDK, including advanced examples and API reference, visit the [official documentation](https://docs.tinfoil.sh/sdk/node-sdk).
-
-This library mirrors the official OpenAI Node.js client for common endpoints (e.g., chat, images, embeddings) and types, and is designed to feel familiar. Some less commonly used surfaces may not be fully covered. See the [OpenAI client](https://github.com/openai/openai-node) for complete API usage and documentation.
-
-## Reporting Vulnerabilities
-
-Please report security vulnerabilities by either:
-
-- Emailing [security@tinfoil.sh](mailto:security@tinfoil.sh)
-
-- Opening an issue on GitHub on this repository
-
-We aim to respond to security reports within 24 hours and will keep you updated on our progress.

package/dist/__tests__/test-utils.d.ts

@@ -1 +0,0 @@
-export declare function withMockedModules(mocks: Record<string, unknown>, modulesToReload: string[], run: () => Promise<void>): Promise<void>;

package/dist/__tests__/test-utils.js

@@ -1,44 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.withMockedModules = withMockedModules;
-const module_1 = __importDefault(require("module"));
-const testRequire = module_1.default.createRequire(__filename);
-async function withMockedModules(mocks, modulesToReload, run) {
-    const moduleAny = module_1.default;
-    const originalLoad = moduleAny._load;
-    moduleAny._load = function (request, parent, isMain) {
-        if (Object.prototype.hasOwnProperty.call(mocks, request)) {
-            return mocks[request];
-        }
-        // eslint-disable-next-line prefer-rest-params
-        return originalLoad.apply(this, arguments);
-    };
-    const restoredCache = [];
-    for (const specifier of modulesToReload) {
-        try {
-            const resolved = testRequire.resolve(specifier);
-            restoredCache.push({ path: resolved, cached: require.cache[resolved] });
-            delete require.cache[resolved];
-        }
-        catch {
-            // Module not yet cached; nothing to remove.
-        }
-    }
-    try {
-        await run();
-    }
-    finally {
-        moduleAny._load = originalLoad;
-        for (const entry of restoredCache) {
-            if (entry.cached) {
-                require.cache[entry.path] = entry.cached;
-            }
-            else {
-                delete require.cache[entry.path];
-            }
-        }
-    }
-}

package/dist/esm/__tests__/test-utils.d.ts

@@ -1 +0,0 @@
-export declare function withMockedModules(mocks: Record<string, unknown>, modulesToReload: string[], run: () => Promise<void>): Promise<void>;

package/dist/esm/__tests__/test-utils.mjs

@@ -1,38 +0,0 @@
-import Module from "module";
-const testRequire = Module.createRequire(__filename);
-export async function withMockedModules(mocks, modulesToReload, run) {
-    const moduleAny = Module;
-    const originalLoad = moduleAny._load;
-    moduleAny._load = function (request, parent, isMain) {
-        if (Object.prototype.hasOwnProperty.call(mocks, request)) {
-            return mocks[request];
-        }
-        // eslint-disable-next-line prefer-rest-params
-        return originalLoad.apply(this, arguments);
-    };
-    const restoredCache = [];
-    for (const specifier of modulesToReload) {
-        try {
-            const resolved = testRequire.resolve(specifier);
-            restoredCache.push({ path: resolved, cached: require.cache[resolved] });
-            delete require.cache[resolved];
-        }
-        catch {
-            // Module not yet cached; nothing to remove.
-        }
-    }
-    try {
-        await run();
-    }
-    finally {
-        moduleAny._load = originalLoad;
-        for (const entry of restoredCache) {
-            if (entry.cached) {
-                require.cache[entry.path] = entry.cached;
-            }
-            else {
-                delete require.cache[entry.path];
-            }
-        }
-    }
-}

package/dist/esm/ai-sdk-provider.d.ts

@@ -1,7 +0,0 @@
-interface CreateTinfoilAIOptions {
-    baseURL?: string;
-    enclaveURL?: string;
-    configRepo?: string;
-}
-export declare function createTinfoilAI(apiKey: string, options?: CreateTinfoilAIOptions, headers?: Record<string, string>): Promise<import("@ai-sdk/openai-compatible").OpenAICompatibleProvider<string, string, string, string>>;
-export {};

package/dist/esm/config.d.ts

@@ -1,13 +0,0 @@
-/**
- * Configuration constants for the Tinfoil Node SDK
- */
-export declare const TINFOIL_CONFIG: {
-    /**
-     * The GitHub repository for code attestation verification
-     */
-    readonly INFERENCE_PROXY_REPO: "tinfoilsh/confidential-model-router";
-    /**
-     * The ATC (Attestation and Trust Center) API URL for fetching available routers
-     */
-    readonly ATC_API_URL: "https://atc.tinfoil.sh/routers";
-};

package/dist/esm/config.mjs

@@ -1,13 +0,0 @@
-/**
- * Configuration constants for the Tinfoil Node SDK
- */
-export const TINFOIL_CONFIG = {
-    /**
-     * The GitHub repository for code attestation verification
-     */
-    INFERENCE_PROXY_REPO: "tinfoilsh/confidential-model-router",
-    /**
-     * The ATC (Attestation and Trust Center) API URL for fetching available routers
-     */
-    ATC_API_URL: "https://atc.tinfoil.sh/routers",
-};

package/dist/esm/encrypted-body-fetch.d.ts

@@ -1,13 +0,0 @@
-import type { Transport as EhbpTransport } from "@zeke-02/ehbp";
-export declare function getHPKEKey(enclaveURL: string): Promise<CryptoKey>;
-export declare function normalizeEncryptedBodyRequestArgs(input: RequestInfo | URL, init?: RequestInit): {
-    url: string;
-    init?: RequestInit;
-};
-export declare function encryptedBodyRequest(input: RequestInfo | URL, hpkePublicKey?: string, init?: RequestInit, enclaveURL?: string, transportInstance?: EhbpTransport): Promise<Response>;
-type FetchWithResponse = typeof fetch & {
-    Response: typeof Response;
-};
-export declare function createEncryptedBodyFetch(baseURL: string, hpkePublicKey?: string, enclaveURL?: string): FetchWithResponse;
-export declare function getTransportForOrigin(origin: string, keyOrigin: string): Promise<EhbpTransport>;
-export {};

package/dist/esm/encrypted-body-fetch.mjs

@@ -1,105 +0,0 @@
-import { Identity, Transport, PROTOCOL } from "@zeke-02/ehbp";
-import { getFetch } from "./fetch-adapter.mjs";
-// Public API
-export async function getHPKEKey(enclaveURL) {
-    const url = new URL(enclaveURL);
-    const keysURL = new URL(PROTOCOL.KEYS_PATH, enclaveURL);
-    if (keysURL.protocol !== "https:") {
-        throw new Error(`HTTPS is required for remote key retrieval. Invalid protocol: ${keysURL.protocol}`);
-    }
-    const fetchFn = getFetch();
-    const response = await fetchFn(keysURL.toString());
-    if (!response.ok) {
-        throw new Error(`Failed to get server public key: ${response.status}`);
-    }
-    const contentType = response.headers.get("content-type");
-    if (contentType !== PROTOCOL.KEYS_MEDIA_TYPE) {
-        throw new Error(`Invalid content type: ${contentType}`);
-    }
-    const keysData = new Uint8Array(await response.arrayBuffer());
-    const serverIdentity = await Identity.unmarshalPublicConfig(keysData);
-    return serverIdentity.getPublicKey();
-}
-export function normalizeEncryptedBodyRequestArgs(input, init) {
-    if (typeof input === "string") {
-        return { url: input, init };
-    }
-    if (input instanceof URL) {
-        return { url: input.toString(), init };
-    }
-    const request = input;
-    const cloned = request.clone();
-    const derivedInit = {
-        method: cloned.method,
-        headers: new Headers(cloned.headers),
-        body: cloned.body ?? undefined,
-        signal: cloned.signal,
-    };
-    return {
-        url: cloned.url,
-        init: { ...derivedInit, ...init },
-    };
-}
-export async function encryptedBodyRequest(input, hpkePublicKey, init, enclaveURL, transportInstance) {
-    const { url: requestUrl, init: requestInit } = normalizeEncryptedBodyRequestArgs(input, init);
-    let actualTransport;
-    if (transportInstance) {
-        // Use provided transport instance
-        actualTransport = transportInstance;
-    }
-    else {
-        // Create a new transport for this request
-        const u = new URL(requestUrl);
-        const { origin } = u;
-        const keyOrigin = enclaveURL ? new URL(enclaveURL).origin : origin;
-        actualTransport = await getTransportForOrigin(origin, keyOrigin);
-    }
-    if (hpkePublicKey) {
-        const transportKeyHash = await actualTransport.getServerPublicKeyHex();
-        if (transportKeyHash !== hpkePublicKey) {
-            throw new Error(`HPKE public key mismatch. Expected: ${hpkePublicKey}, Got: ${transportKeyHash}`);
-        }
-    }
-    return actualTransport.request(requestUrl, requestInit);
-}
-export function createEncryptedBodyFetch(baseURL, hpkePublicKey, enclaveURL) {
-    // Create a dedicated transport instance for this fetch function
-    let transportPromise = null;
-    const getOrCreateTransport = async () => {
-        if (!transportPromise) {
-            const baseUrl = new URL(baseURL);
-            const keyOrigin = enclaveURL
-                ? new URL(enclaveURL).origin
-                : baseUrl.origin;
-            transportPromise = getTransportForOrigin(baseUrl.origin, keyOrigin);
-        }
-        return transportPromise;
-    };
-    const secureFetch = (async (input, init) => {
-        const normalized = normalizeEncryptedBodyRequestArgs(input, init);
-        const targetUrl = new URL(normalized.url, baseURL);
-        // Get the dedicated transport instance for this fetch function
-        const transportInstance = await getOrCreateTransport();
-        return encryptedBodyRequest(targetUrl.toString(), hpkePublicKey, normalized.init, enclaveURL, transportInstance);
-    });
-    // Expose Response constructor for OpenAI SDK's FormData support detection
-    // This prevents the SDK from making a test request to 'data:,' which would fail through EHBP
-    secureFetch.Response = Response;
-    return secureFetch;
-}
-export async function getTransportForOrigin(origin, keyOrigin) {
-    if (typeof globalThis !== "undefined") {
-        const isSecure = globalThis.isSecureContext !== false;
-        const hasSubtle = !!(globalThis.crypto && globalThis.crypto.subtle);
-        if (!isSecure || !hasSubtle) {
-            const reason = !isSecure
-                ? "insecure context (use HTTPS or localhost)"
-                : "missing WebCrypto SubtleCrypto";
-            throw new Error(`EHBP requires a secure browser context: ${reason}`);
-        }
-    }
-    const clientIdentity = await Identity.generate();
-    const serverPublicKey = await getHPKEKey(keyOrigin);
-    const requestHost = new URL(origin).host;
-    return new Transport(clientIdentity, requestHost, serverPublicKey);
-}

package/dist/esm/env.d.ts

@@ -1,5 +0,0 @@
-/**
- * Detects if the code is running in a real browser environment.
- * Returns false for Node.js environments, even with WASM loaded.
- */
-export declare function isRealBrowser(): boolean;

package/dist/esm/env.mjs

@@ -1,17 +0,0 @@
-/**
- * Detects if the code is running in a real browser environment.
- * Returns false for Node.js environments, even with WASM loaded.
- */
-export function isRealBrowser() {
-    if (typeof process !== "undefined" &&
-        process.versions &&
-        process.versions.node) {
-        return false;
-    }
-    if (typeof window !== "undefined" && typeof window.document !== "undefined") {
-        if (typeof navigator !== "undefined" && navigator.userAgent) {
-            return true;
-        }
-    }
-    return false;
-}

package/dist/esm/fetch-adapter.d.ts

@@ -1,21 +0,0 @@
-/**
- * Fetch adapter for Tauri v2
- *
- * This module provides a centralized fetch implementation for Tauri v2.
- * For testing purposes, the fetch function can be overridden by setting
- * the global __TINFOIL_TEST_FETCH__ property.
- */
-import { fetch as tauriFetch } from "@tauri-apps/plugin-http";
-declare global {
-    var __TINFOIL_TEST_FETCH__: typeof fetch | undefined;
-}
-/**
- * Get the fetch implementation to use.
- * In tests, this can be overridden by setting globalThis.__TINFOIL_TEST_FETCH__
- */
-export declare function getFetch(): typeof tauriFetch;
-/**
- * The fetch function to use throughout the application.
- * Uses Tauri's fetch by default, but can be mocked for testing.
- */
-export declare const fetch: typeof tauriFetch;

package/dist/esm/fetch-adapter.mjs

@@ -1,23 +0,0 @@
-/**
- * Fetch adapter for Tauri v2
- *
- * This module provides a centralized fetch implementation for Tauri v2.
- * For testing purposes, the fetch function can be overridden by setting
- * the global __TINFOIL_TEST_FETCH__ property.
- */
-import { fetch as tauriFetch } from "@tauri-apps/plugin-http";
-/**
- * Get the fetch implementation to use.
- * In tests, this can be overridden by setting globalThis.__TINFOIL_TEST_FETCH__
- */
-export function getFetch() {
-    if (typeof globalThis.__TINFOIL_TEST_FETCH__ === "function") {
-        return globalThis.__TINFOIL_TEST_FETCH__;
-    }
-    return tauriFetch;
-}
-/**
- * The fetch function to use throughout the application.
- * Uses Tauri's fetch by default, but can be mocked for testing.
- */
-export const fetch = getFetch();

package/dist/esm/index.browser.d.ts

@@ -1,7 +0,0 @@
-export { TinfoilAI } from "./tinfoilai";
-export { TinfoilAI as default } from "./tinfoilai";
-export * from "./verifier";
-export * from "./ai-sdk-provider";
-export * from "./config";
-export { SecureClient } from "./secure-client";
-export { UnverifiedClient } from "./unverified-client";

package/dist/esm/index.browser.mjs

@@ -1,8 +0,0 @@
-// Browser-safe entry point: avoids Node built-ins
-export { TinfoilAI } from "./tinfoilai.mjs";
-export { TinfoilAI as default } from "./tinfoilai.mjs";
-export * from "./verifier.mjs";
-export * from "./ai-sdk-provider.mjs";
-export * from "./config.mjs";
-export { SecureClient } from "./secure-client.mjs";
-export { UnverifiedClient } from "./unverified-client.mjs";

package/dist/esm/index.d.ts

@@ -1,9 +0,0 @@
-export { TinfoilAI } from "./tinfoilai";
-export { TinfoilAI as default } from "./tinfoilai";
-export * from "./verifier";
-export * from "./ai-sdk-provider";
-export * from "./config";
-export { SecureClient } from "./secure-client";
-export { UnverifiedClient } from "./unverified-client";
-export { fetchRouter } from "./router";
-export { type Uploadable, toFile, APIPromise, PagePromise, OpenAIError, APIError, APIConnectionError, APIConnectionTimeoutError, APIUserAbortError, NotFoundError, ConflictError, RateLimitError, BadRequestError, AuthenticationError, InternalServerError, PermissionDeniedError, UnprocessableEntityError, } from "openai";

package/dist/esm/index.mjs

@@ -1,13 +0,0 @@
-// Re-export the TinfoilAI class
-export { TinfoilAI } from "./tinfoilai.mjs";
-export { TinfoilAI as default } from "./tinfoilai.mjs";
-// Export verifier
-export * from "./verifier.mjs";
-export * from "./ai-sdk-provider.mjs";
-export * from "./config.mjs";
-export { SecureClient } from "./secure-client.mjs";
-export { UnverifiedClient } from "./unverified-client.mjs";
-export { fetchRouter } from "./router.mjs";
-// Re-export OpenAI utility types and classes that users might need
-// Using public exports from the main OpenAI package instead of deep imports
-export { toFile, APIPromise, PagePromise, OpenAIError, APIError, APIConnectionError, APIConnectionTimeoutError, APIUserAbortError, NotFoundError, ConflictError, RateLimitError, BadRequestError, AuthenticationError, InternalServerError, PermissionDeniedError, UnprocessableEntityError, } from "openai";

package/dist/esm/pinned-tls-fetch.d.ts

@@ -1 +0,0 @@
-export declare function createPinnedTlsFetch(baseURL: string, expectedFingerprintHex: string): typeof fetch;

package/dist/esm/pinned-tls-fetch.mjs

@@ -1,110 +0,0 @@
-import https from "https";
-import { checkServerIdentity as tlsCheckServerIdentity } from "tls";
-import { X509Certificate, createHash } from "crypto";
-import { Readable } from "stream";
-export function createPinnedTlsFetch(baseURL, expectedFingerprintHex) {
-    return (async (input, init) => {
-        // Normalize URL with base URL support
-        const makeURL = (value) => {
-            if (typeof value === "string")
-                return new URL(value, baseURL);
-            if (value instanceof URL)
-                return value;
-            return new URL(value.url, baseURL);
-        };
-        const url = makeURL(input);
-        if (url.protocol !== "https:") {
-            throw new Error(`HTTP connections are not allowed. Use HTTPS. URL: ${url.toString()}`);
-        }
-        // Gather method and headers
-        const method = (init?.method || input.method || "GET").toUpperCase();
-        const headers = new Headers(init?.headers || input?.headers || {});
-        const headerObj = {};
-        headers.forEach((v, k) => {
-            headerObj[k] = v;
-        });
-        // Resolve body
-        let body = init?.body;
-        if (!body && input instanceof Request) {
-            // If the original was a Request with a body, read it
-            try {
-                const buf = await input.arrayBuffer();
-                if (buf && buf.byteLength)
-                    body = Buffer.from(buf);
-            }
-            catch { }
-        }
-        // Convert web streams to Node streams if needed
-        if (body && typeof body.getReader === "function") {
-            body = Readable.fromWeb(body);
-        }
-        if (body instanceof ArrayBuffer) {
-            body = Buffer.from(body);
-        }
-        if (ArrayBuffer.isView(body)) {
-            body = Buffer.from(body.buffer, body.byteOffset, body.byteLength);
-        }
-        const requestOptions = {
-            protocol: url.protocol,
-            hostname: url.hostname,
-            port: url.port ? Number(url.port) : 443,
-            path: `${url.pathname}${url.search}`,
-            method,
-            headers: headerObj,
-            checkServerIdentity: (host, cert) => {
-                const raw = cert.raw;
-                if (!raw) {
-                    return new Error("Certificate raw bytes are unavailable for pinning");
-                }
-                const x509 = new X509Certificate(raw);
-                const publicKeyDer = x509.publicKey.export({ type: "spki", format: "der" });
-                const fp = createHash("sha256").update(publicKeyDer).digest("hex");
-                if (fp !== expectedFingerprintHex) {
-                    return new Error(`Certificate public key fingerprint mismatch. Expected: ${expectedFingerprintHex}, Got: ${fp}`);
-                }
-                return tlsCheckServerIdentity(host, cert);
-            },
-        };
-        const { signal } = init || {};
-        const res = await new Promise((resolve, reject) => {
-            const req = https.request(requestOptions, resolve);
-            req.on("error", reject);
-            if (signal) {
-                if (signal.aborted) {
-                    req.destroy(new Error("Request aborted"));
-                    return;
-                }
-                signal.addEventListener("abort", () => req.destroy(new Error("Request aborted")));
-            }
-            if (body === undefined || body === null) {
-                req.end();
-            }
-            else if (typeof body === "string" || Buffer.isBuffer(body) || ArrayBuffer.isView(body)) {
-                req.end(body);
-            }
-            else if (typeof body.pipe === "function") {
-                body.pipe(req);
-            }
-            else {
-                // Fallback: try to serialize objects
-                req.end(String(body));
-            }
-        });
-        const responseHeaders = new Headers();
-        for (const [k, v] of Object.entries(res.headers)) {
-            if (Array.isArray(v)) {
-                v.forEach(item => responseHeaders.append(k, item));
-            }
-            else if (v != null) {
-                responseHeaders.set(k, String(v));
-            }
-        }
-        // Convert Node stream to Web ReadableStream
-        const webStream = Readable.toWeb(res);
-        return new Response(webStream, {
-            status: res.statusCode || 0,
-            statusText: res.statusMessage || "",
-            headers: responseHeaders,
-        });
-    });
-}

package/dist/esm/router.d.ts

@@ -1,11 +0,0 @@
-/**
- * Router utilities for fetching available Tinfoil routers
- */
-/**
- * Fetches the list of available routers from the ATC API
- * and returns a randomly selected address.
- *
- * @returns Promise<string> A randomly selected router address
- * @throws Error if no routers are found or if the request fails
- */
-export declare function fetchRouter(): Promise<string>;