@zshannon/streamstore 0.22.3 → 0.22.6

package/dist/esm/auth/biscuit.d.ts

@@ -1,3 +1,7 @@
+/**
+ * Native TypeScript Biscuit token creation using @bufbuild/protobuf + @noble/curves.
+ * No WASM dependency.
+ */
 export type BiscuitTokenOptions = {
     /** P256 private key as base58-encoded 32 bytes */
     privateKey: string;
@@ -7,8 +11,8 @@ export type BiscuitTokenOptions = {
     expiresIn?: number;
     /** Operation groups to grant (default: all read+write) */
     opGroups?: Array<{
-        level: string;
         access: string;
+        level: string;
     }>;
     /** Basin scope (default: prefix "" = all basins) */
     basinScope?: {
@@ -27,12 +31,10 @@ export type BiscuitTokenOptions = {
     };
 };
 /**
- * Creates an admin Biscuit token from a root private key.
- * This enables bootstrap mode where the admin can operate without a pre-existing token.
- *
+ * Creates a Biscuit authority token signed with P-256.
  * @returns Base64-encoded Biscuit token
  */
-export declare function createBiscuitToken(options: BiscuitTokenOptions): Promise<string>;
+export declare function createBiscuitToken(options: BiscuitTokenOptions): string;
 /**
  * Derives the public key from a private key.
  * @param privateKey Base58-encoded P256 private key (32 bytes)

package/dist/esm/auth/biscuit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"biscuit.d.ts","sourceRoot":"","sources":["../../../src/auth/biscuit.ts"],"names":[],"mappings":"AAkBA,MAAM,MAAM,mBAAmB,GAAG;IACjC,kDAAkD;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,0FAA0F;IAC1F,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACpD,oDAAoD;IACpD,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAClE,sDAAsD;IACtD,WAAW,CAAC,EAAE;QAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IACnE,2DAA2D;IAC3D,gBAAgB,CAAC,EAAE;QAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CACxE,CAAC;AAEF;;;;;GAKG;AACH,wBAAsB,kBAAkB,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC,CAyDtF;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE1D"}
+{"version":3,"file":"biscuit.d.ts","sourceRoot":"","sources":["../../../src/auth/biscuit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAgGH,MAAM,MAAM,mBAAmB,GAAG;IACjC,kDAAkD;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,0FAA0F;IAC1F,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACpD,oDAAoD;IACpD,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAClE,sDAAsD;IACtD,WAAW,CAAC,EAAE;QAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IACnE,2DAA2D;IAC3D,gBAAgB,CAAC,EAAE;QAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CACxE,CAAC;AAEF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,mBAAmB,GAAG,MAAM,CA+FvE;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE1D"}

package/dist/esm/auth/biscuit.js

@@ -1,25 +1,72 @@
+/**
+ * Native TypeScript Biscuit token creation using @bufbuild/protobuf + @noble/curves.
+ * No WASM dependency.
+ */
+import { create, toBinary } from "@bufbuild/protobuf";
+import { p256 } from "@noble/curves/nist.js";
 import { base64 } from "@scure/base";
+import { BiscuitSchema, BlockSchema, CheckSchema, Check_Kind, ExpressionSchema, FactSchema, OpBinary_Kind, OpSchema, PredicateSchema, ProofSchema, PublicKeySchema, PublicKey_Algorithm, RuleSchema, SignedBlockSchema, TermSchema, } from "./proto/schema_pb.js";
 import { SigningKey } from "./signing-key.js";
-// Dynamic import for biscuit-wasm to handle WASM initialization
-let biscuitModule = null;
-let initPromise = null;
-async function getBiscuit() {
-    if (!biscuitModule) {
-        biscuitModule = await import("@biscuit-auth/biscuit-wasm");
-        if (!initPromise) {
-            initPromise = Promise.resolve(biscuitModule.init());
+// ─── Symbol table ───
+const DEFAULT_SYMBOLS = [
+    "read", "write", "resource", "operation", "right", "time", "role", "owner",
+    "tenant", "namespace", "user", "team", "service", "admin", "email", "group",
+    "member", "ip_address", "client", "client_ip", "domain", "path", "version",
+    "cluster", "node", "hostname", "nonce", "query",
+];
+const CUSTOM_SYMBOL_START = 1024;
+class SymbolTable {
+    #symbols = [...DEFAULT_SYMBOLS];
+    #nextCustom = CUSTOM_SYMBOL_START;
+    intern(name) {
+        const defaultIdx = DEFAULT_SYMBOLS.indexOf(name);
+        if (defaultIdx !== -1)
+            return defaultIdx;
+        for (let i = DEFAULT_SYMBOLS.length; i < this.#symbols.length; i++) {
+            if (this.#symbols[i] === name)
+                return CUSTOM_SYMBOL_START + (i - DEFAULT_SYMBOLS.length);
         }
-        await initPromise;
+        this.#symbols.push(name);
+        return this.#nextCustom++;
+    }
+    customSymbols() {
+        return this.#symbols.slice(DEFAULT_SYMBOLS.length);
+    }
+}
+// ─── Signature payload (V1 tagged format) ───
+const encoder = new TextEncoder();
+function tagged(tag, data) {
+    const tagBytes = encoder.encode(`\0${tag}\0`);
+    const result = new Uint8Array(tagBytes.length + data.length);
+    result.set(tagBytes);
+    result.set(data, tagBytes.length);
+    return result;
+}
+function u32le(n) {
+    const buf = new Uint8Array(4);
+    new DataView(buf.buffer).setUint32(0, n, true);
+    return buf;
+}
+function concat(...arrays) {
+    let length = 0;
+    for (const arr of arrays)
+        length += arr.length;
+    const result = new Uint8Array(length);
+    let offset = 0;
+    for (const arr of arrays) {
+        result.set(arr, offset);
+        offset += arr.length;
     }
-    return biscuitModule;
+    return result;
+}
+function signaturePayloadV1(blockData, nextKeyAlgorithm, nextKeyBytes) {
+    return concat(tagged("BLOCK", tagged("VERSION", u32le(1))), tagged("PAYLOAD", blockData), tagged("ALGORITHM", u32le(nextKeyAlgorithm)), tagged("NEXTKEY", nextKeyBytes));
 }
 /**
- * Creates an admin Biscuit token from a root private key.
- * This enables bootstrap mode where the admin can operate without a pre-existing token.
- *
+ * Creates a Biscuit authority token signed with P-256.
  * @returns Base64-encoded Biscuit token
  */
-export async function createBiscuitToken(options) {
+export function createBiscuitToken(options) {
     const { privateKey, publicKey: providedPublicKey, expiresIn = 3600, opGroups = [
         { level: "account", access: "read" },
         { level: "account", access: "write" },
@@ -28,34 +75,71 @@ export async function createBiscuitToken(options) {
         { level: "stream", access: "read" },
         { level: "stream", access: "write" },
     ], basinScope = { type: "prefix", value: "" }, streamScope = { type: "prefix", value: "" }, accessTokenScope = { type: "prefix", value: "" }, } = options;
-    const biscuit = await getBiscuit();
-    // Use SigningKey for validation and key derivation
     const signingKey = SigningKey.fromBase58(privateKey);
-    const privateKeyBytes = signingKey.getPrivateKeyBytes();
+    const rootKeyBytes = signingKey.getPrivateKeyBytes();
     const publicKeyBase58 = providedPublicKey ?? signingKey.publicKeyBase58();
-    // Create Biscuit private key (P256 = secp256r1)
-    const biscuitPrivateKey = biscuit.PrivateKey.fromBytes(privateKeyBytes, biscuit.SignatureAlgorithm.Secp256r1);
-    // Build the token
     const expiresTs = Math.floor(Date.now() / 1000) + expiresIn;
-    const builder = biscuit.biscuit `
-		public_key(${publicKeyBase58});
-		expires(${expiresTs});
-	`;
-    builder.merge(biscuit.block `
-		check if time($t), $t < ${expiresTs};
-	`);
-    for (const { level, access } of opGroups) {
-        builder.merge(biscuit.block `
-			op_group(${level}, ${access});
-		`);
-    }
-    builder.merge(biscuit.block `
-		basin_scope(${basinScope.type}, ${basinScope.value});
-		stream_scope(${streamScope.type}, ${streamScope.value});
-		access_token_scope(${accessTokenScope.type}, ${accessTokenScope.value});
-	`);
-    const token = builder.build(biscuitPrivateKey);
-    return base64.encode(token.toBytes());
+    // Build authority block
+    const symbols = new SymbolTable();
+    const facts = [
+        makeFact(symbols, "public_key", [{ type: "string", value: publicKeyBase58 }]),
+        makeFact(symbols, "expires", [{ type: "integer", value: expiresTs }]),
+        ...opGroups.map(({ level, access }) => makeFact(symbols, "op_group", [{ type: "string", value: level }, { type: "string", value: access }])),
+        makeFact(symbols, "basin_scope", [{ type: "string", value: basinScope.type }, { type: "string", value: basinScope.value }]),
+        makeFact(symbols, "stream_scope", [{ type: "string", value: streamScope.type }, { type: "string", value: streamScope.value }]),
+        makeFact(symbols, "access_token_scope", [{ type: "string", value: accessTokenScope.type }, { type: "string", value: accessTokenScope.value }]),
+    ];
+    // check if time($t), $t < expiresTs
+    const tVar = symbols.intern("t");
+    const checks = [create(CheckSchema, {
+            kind: Check_Kind.One,
+            queries: [create(RuleSchema, {
+                    body: [create(PredicateSchema, {
+                            name: BigInt(symbols.intern("time")),
+                            terms: [create(TermSchema, { Content: { case: "variable", value: tVar } })],
+                        })],
+                    expressions: [create(ExpressionSchema, {
+                            ops: [
+                                create(OpSchema, { Content: { case: "value", value: create(TermSchema, { Content: { case: "variable", value: tVar } }) } }),
+                                create(OpSchema, { Content: { case: "value", value: create(TermSchema, { Content: { case: "integer", value: BigInt(expiresTs) } }) } }),
+                                create(OpSchema, { Content: { case: "Binary", value: { kind: OpBinary_Kind.LessThan, ffiName: 0n, $typeName: "biscuit.format.schema.OpBinary" } } }),
+                            ],
+                        })],
+                    head: create(PredicateSchema, { name: BigInt(symbols.intern("query")), terms: [] }),
+                    scope: [],
+                })],
+        })];
+    const blockData = toBinary(BlockSchema, create(BlockSchema, {
+        checks,
+        facts,
+        publicKeys: [],
+        rules: [],
+        scope: [],
+        symbols: symbols.customSymbols(),
+        version: 3,
+    }));
+    // Ephemeral next key
+    const nextPrivKey = p256.utils.randomSecretKey();
+    const nextPubKey = p256.getPublicKey(nextPrivKey, true);
+    // Sign
+    const payload = signaturePayloadV1(blockData, PublicKey_Algorithm.SECP256R1, nextPubKey);
+    const signature = p256.sign(payload, rootKeyBytes, { format: "der", lowS: true });
+    // Assemble
+    const signedBlock = create(SignedBlockSchema, {
+        block: blockData,
+        nextKey: create(PublicKeySchema, { algorithm: PublicKey_Algorithm.SECP256R1, key: nextPubKey }),
+        signature,
+        version: 1,
+    });
+    const proof = create(ProofSchema, {
+        Content: { case: "nextSecret", value: nextPrivKey },
+    });
+    const biscuit = create(BiscuitSchema, {
+        authority: signedBlock,
+        blocks: [],
+        proof,
+    });
+    return base64.encode(toBinary(BiscuitSchema, biscuit));
 }
 /**
  * Derives the public key from a private key.
@@ -65,4 +149,17 @@ export async function createBiscuitToken(options) {
 export function derivePublicKey(privateKey) {
     return SigningKey.fromBase58(privateKey).publicKeyBase58();
 }
+function makeFact(symbols, name, terms) {
+    return create(FactSchema, {
+        predicate: create(PredicateSchema, {
+            name: BigInt(symbols.intern(name)),
+            terms: terms.map((t) => {
+                if (t.type === "string") {
+                    return create(TermSchema, { Content: { case: "string", value: BigInt(symbols.intern(t.value)) } });
+                }
+                return create(TermSchema, { Content: { case: "integer", value: BigInt(t.value) } });
+            }),
+        }),
+    });
+}
 //# sourceMappingURL=biscuit.js.map

package/dist/esm/auth/biscuit.js.map

@@ -1 +1 @@
-{"version":3,"file":"biscuit.js","sourceRoot":"","sources":["../../../src/auth/biscuit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,gEAAgE;AAChE,IAAI,aAAa,GAAuD,IAAI,CAAC;AAC7E,IAAI,WAAW,GAAyB,IAAI,CAAC;AAE7C,KAAK,UAAU,UAAU;IACxB,IAAI,CAAC,aAAa,EAAE,CAAC;QACpB,aAAa,GAAG,MAAM,MAAM,CAAC,4BAA4B,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW,EAAE,CAAC;YAClB,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,WAAW,CAAC;IACnB,CAAC;IACD,OAAO,aAAa,CAAC;AACtB,CAAC;AAmBD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,OAA4B;IACpE,MAAM,EACL,UAAU,EACV,SAAS,EAAE,iBAAiB,EAC5B,SAAS,GAAG,IAAI,EAChB,QAAQ,GAAG;QACV,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE;QACpC,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE;QACrC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE;QAClC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE;QACnC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE;QACnC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE;KACpC,EACD,UAAU,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,EAC1C,WAAW,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,EAC3C,gBAAgB,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,GAChD,GAAG,OAAO,CAAC;IAEZ,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;IAEnC,mDAAmD;IACnD,MAAM,UAAU,GAAG,UAAU,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,UAAU,CAAC,kBAAkB,EAAE,CAAC;IACxD,MAAM,eAAe,GAAG,iBAAiB,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC;IAE1E,gDAAgD;IAChD,MAAM,iBAAiB,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CACrD,eAAe,EACf,OAAO,CAAC,kBAAkB,CAAC,SAAS,CACpC,CAAC;IAEF,kBAAkB;IAClB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,SAAS,CAAC;IAE5D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAA;eACjB,eAAe;YAClB,SAAS;EACnB,CAAC;IAEF,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAA;4BACA,SAAS;EACnC,CAAC,CAAC;IAEH,KAAK,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;QAC1C,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAA;cACf,KAAK,KAAK,MAAM;GAC3B,CAAC,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAA;gBACZ,UAAU,CAAC,IAAI,KAAK,UAAU,CAAC,KAAK;iBACnC,WAAW,CAAC,IAAI,KAAK,WAAW,CAAC,KAAK;uBAChC,gBAAgB,CAAC,IAAI,KAAK,gBAAgB,CAAC,KAAK;EACrE,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAC/C,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,UAAkB;IACjD,OAAO,UAAU,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,eAAe,EAAE,CAAC;AAC5D,CAAC"}
+{"version":3,"file":"biscuit.js","sourceRoot":"","sources":["../../../src/auth/biscuit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EACN,aAAa,EACb,WAAW,EACX,WAAW,EACX,UAAU,EACV,gBAAgB,EAChB,UAAU,EACV,aAAa,EACb,QAAQ,EACR,eAAe,EACf,WAAW,EACX,eAAe,EACf,mBAAmB,EACnB,UAAU,EACV,iBAAiB,EACjB,UAAU,GACV,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,uBAAuB;AAEvB,MAAM,eAAe,GAAG;IACvB,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO;IAC1E,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC3E,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS;IAC1E,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO;CAC/C,CAAC;AAEF,MAAM,mBAAmB,GAAG,IAAI,CAAC;AAEjC,MAAM,WAAW;IAChB,QAAQ,GAAG,CAAC,GAAG,eAAe,CAAC,CAAC;IAChC,WAAW,GAAG,mBAAmB,CAAC;IAElC,MAAM,CAAC,IAAY;QAClB,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,UAAU,KAAK,CAAC,CAAC;YAAE,OAAO,UAAU,CAAC;QACzC,KAAK,IAAI,CAAC,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACpE,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,IAAI;gBAAE,OAAO,mBAAmB,GAAG,CAAC,CAAC,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAC1F,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC;IAC3B,CAAC;IAED,aAAa;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;CACD;AAED,+CAA+C;AAE/C,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,SAAS,MAAM,CAAC,GAAW,EAAE,IAAgB;IAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACrB,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,MAAM,CAAC;AACf,CAAC;AAED,SAAS,KAAK,CAAC,CAAS;IACvB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC/C,OAAO,GAAG,CAAC;AACZ,CAAC;AAED,SAAS,MAAM,CAAC,GAAG,MAAoB;IACtC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,MAAM,GAAG,IAAI,MAAM;QAAE,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;QAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAAC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC;IAAC,CAAC;IAC5E,OAAO,MAAM,CAAC;AACf,CAAC;AAED,SAAS,kBAAkB,CAC1B,SAAqB,EACrB,gBAAwB,EACxB,YAAwB;IAExB,OAAO,MAAM,CACZ,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAC5C,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,EAC5B,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC,EAC5C,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAC/B,CAAC;AACH,CAAC;AAqBD;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAA4B;IAC9D,MAAM,EACL,UAAU,EACV,SAAS,EAAE,iBAAiB,EAC5B,SAAS,GAAG,IAAI,EAChB,QAAQ,GAAG;QACV,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE;QACpC,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE;QACrC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE;QAClC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE;QACnC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE;QACnC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE;KACpC,EACD,UAAU,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,EAC1C,WAAW,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,EAC3C,gBAAgB,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,GAChD,GAAG,OAAO,CAAC;IAEZ,MAAM,UAAU,GAAG,UAAU,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,UAAU,CAAC,kBAAkB,EAAE,CAAC;IACrD,MAAM,eAAe,GAAG,iBAAiB,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC;IAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,SAAS,CAAC;IAE5D,wBAAwB;IACxB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAElC,MAAM,KAAK,GAAG;QACb,QAAQ,CAAC,OAAO,EAAE,YAAY,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QAC7E,QAAQ,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QACrE,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CACrC,QAAQ,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CACpG;QACD,QAAQ,CAAC,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;QAC3H,QAAQ,CAAC,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9H,QAAQ,CAAC,OAAO,EAAE,oBAAoB,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,gBAAgB,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,gBAAgB,CAAC,KAAK,EAAE,CAAC,CAAC;KAC9I,CAAC;IAEF,oCAAoC;IACpC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE;YACnC,IAAI,EAAE,UAAU,CAAC,GAAG;YACpB,OAAO,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE;oBAC5B,IAAI,EAAE,CAAC,MAAM,CAAC,eAAe,EAAE;4BAC9B,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;4BACpC,KAAK,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;yBAC3E,CAAC,CAAC;oBACH,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,EAAE;4BACtC,GAAG,EAAE;gCACJ,MAAM,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;gCAC3H,MAAM,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;gCACvI,MAAM,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,gCAAgC,EAAE,EAAE,EAAE,CAAC;6BACpJ;yBACD,CAAC,CAAC;oBACH,IAAI,EAAE,MAAM,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;oBACnF,KAAK,EAAE,EAAE;iBACT,CAAC,CAAC;SACH,CAAC,CAAC,CAAC;IAEJ,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE;QAC3D,MAAM;QACN,KAAK;QACL,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,EAAE;QACT,KAAK,EAAE,EAAE;QACT,OAAO,EAAE,OAAO,CAAC,aAAa,EAAE;QAChC,OAAO,EAAE,CAAC;KACV,CAAC,CAAC,CAAC;IAEJ,qBAAqB;IACrB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IAExD,OAAO;IACP,MAAM,OAAO,GAAG,kBAAkB,CAAC,SAAS,EAAE,mBAAmB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACzF,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAElF,WAAW;IACX,MAAM,WAAW,GAAG,MAAM,CAAC,iBAAiB,EAAE;QAC7C,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,MAAM,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,mBAAmB,CAAC,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;QAC/F,SAAS;QACT,OAAO,EAAE,CAAC;KACV,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,EAAE;QACjC,OAAO,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE;KACnD,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,CAAC,aAAa,EAAE;QACrC,SAAS,EAAE,WAAW;QACtB,MAAM,EAAE,EAAE;QACV,KAAK;KACL,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC;AACxD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,UAAkB;IACjD,OAAO,UAAU,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,eAAe,EAAE,CAAC;AAC5D,CAAC;AAQD,SAAS,QAAQ,CAAC,OAAoB,EAAE,IAAY,EAAE,KAAkB;IACvE,OAAO,MAAM,CAAC,UAAU,EAAE;QACzB,SAAS,EAAE,MAAM,CAAC,eAAe,EAAE;YAClC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACtB,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACzB,OAAO,MAAM,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACpG,CAAC;gBACD,OAAO,MAAM,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACrF,CAAC,CAAC;SACF,CAAC;KACF,CAAC,CAAC;AACJ,CAAC"}

package/dist/esm/auth/index.d.ts

@@ -1,5 +1,5 @@
-export { createBiscuitToken, derivePublicKey, type BiscuitTokenOptions } from "./biscuit.js";
-export { signRequest, signHeaders, type SignRequestOptions, type SignHeadersOptions } from "./sign.js";
-export { createPkiAuth, type PkiAuthConfig, type PkiAuthContext } from "./pki-auth.js";
+export { type BiscuitTokenOptions, createBiscuitToken, derivePublicKey, } from "./biscuit.js";
+export { createPkiAuth, type PkiAuthConfig, type PkiAuthContext, } from "./pki-auth.js";
+export { type SignHeadersOptions, type SignRequestOptions, signHeaders, signRequest, } from "./sign.js";
 export { SigningKey } from "./signing-key.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/esm/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,KAAK,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAC7F,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,KAAK,kBAAkB,EAAE,KAAK,kBAAkB,EAAE,MAAM,WAAW,CAAC;AACvG,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,KAAK,cAAc,EAAE,MAAM,eAAe,CAAC;AACvF,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,KAAK,mBAAmB,EACxB,kBAAkB,EAClB,eAAe,GACf,MAAM,cAAc,CAAC;AACtB,OAAO,EACN,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,cAAc,GACnB,MAAM,eAAe,CAAC;AACvB,OAAO,EACN,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,WAAW,EACX,WAAW,GACX,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/esm/auth/index.js

@@ -1,5 +1,5 @@
-export { createBiscuitToken, derivePublicKey } from "./biscuit.js";
-export { signRequest, signHeaders } from "./sign.js";
-export { createPkiAuth } from "./pki-auth.js";
+export { createBiscuitToken, derivePublicKey, } from "./biscuit.js";
+export { createPkiAuth, } from "./pki-auth.js";
+export { signHeaders, signRequest, } from "./sign.js";
 export { SigningKey } from "./signing-key.js";
 //# sourceMappingURL=index.js.map

package/dist/esm/auth/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAA4B,MAAM,cAAc,CAAC;AAC7F,OAAO,EAAE,WAAW,EAAE,WAAW,EAAoD,MAAM,WAAW,CAAC;AACvG,OAAO,EAAE,aAAa,EAA2C,MAAM,eAAe,CAAC;AACvF,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAEN,kBAAkB,EAClB,eAAe,GACf,MAAM,cAAc,CAAC;AACtB,OAAO,EACN,aAAa,GAGb,MAAM,eAAe,CAAC;AACvB,OAAO,EAGN,WAAW,EACX,WAAW,GACX,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/esm/auth/pki-auth.d.ts

@@ -1,5 +1,5 @@
-import { SigningKey } from "./signing-key.js";
 import type { SignHeadersOptions } from "./sign.js";
+import { SigningKey } from "./signing-key.js";
 /**
  * Configuration for PKI authentication.
  *

package/dist/esm/auth/pki-auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pki-auth.d.ts","sourceRoot":"","sources":["../../../src/auth/pki-auth.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAEpD;;;;;;;;;;GAUG;AACH,MAAM,MAAM,aAAa,GAAG;IAC3B,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iEAAiE;IACjE,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,6DAA6D;IAC7D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,6DAA6D;IAC7D,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,OAAO,CAAC;AAE3C,MAAM,MAAM,cAAc,GAAG;IAC5B,oBAAoB;IACpB,IAAI,EAAE,WAAW,CAAC;IAClB,4CAA4C;IAC5C,SAAS,EAAE,MAAM,CAAC;IAClB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,2DAA2D;IAC3D,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACpD,yDAAyD;IACzD,WAAW,EAAE,CAAC,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE,YAAY,GAAG,WAAW,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9F,wEAAwE;IACxE,UAAU,EAAE,UAAU,CAAC;CACvB,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,GAAG,cAAc,CAcnE"}
+{"version":3,"file":"pki-auth.d.ts","sourceRoot":"","sources":["../../../src/auth/pki-auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C;;;;;;;;;;GAUG;AACH,MAAM,MAAM,aAAa,GAAG;IAC3B,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iEAAiE;IACjE,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,6DAA6D;IAC7D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,6DAA6D;IAC7D,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,OAAO,CAAC;AAE3C,MAAM,MAAM,cAAc,GAAG;IAC5B,oBAAoB;IACpB,IAAI,EAAE,WAAW,CAAC;IAClB,4CAA4C;IAC5C,SAAS,EAAE,MAAM,CAAC;IAClB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,2DAA2D;IAC3D,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACpD,yDAAyD;IACzD,WAAW,EAAE,CACZ,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE,YAAY,GAAG,WAAW,CAAC,KACzD,OAAO,CAAC,IAAI,CAAC,CAAC;IACnB,wEAAwE;IACxE,UAAU,EAAE,UAAU,CAAC;CACvB,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,GAAG,cAAc,CAoBnE"}

package/dist/esm/auth/pki-auth.js

@@ -1,5 +1,5 @@
 import { createBiscuitToken } from "./biscuit.js";
-import { signRequest, signHeaders } from "./sign.js";
+import { signHeaders, signRequest } from "./sign.js";
 import { SigningKey } from "./signing-key.js";
 /**
  * Creates a PKI auth context.
@@ -40,7 +40,9 @@ function createTokenAuth(token, signingKey, signatureExpiresIn) {
         return /^\/v\d+\/access-tokens(\/[^\/]+)?$/.test(path);
     }
     function extractPath(urlOrRequest) {
-        const url = typeof urlOrRequest === "string" ? new URL(urlOrRequest) : new URL(urlOrRequest.url);
+        const url = typeof urlOrRequest === "string"
+            ? new URL(urlOrRequest)
+            : new URL(urlOrRequest.url);
         return url.pathname;
     }
     return {
@@ -55,14 +57,22 @@ function createTokenAuth(token, signingKey, signatureExpiresIn) {
             if (isAccessTokenEndpoint(path)) {
                 throw new Error("Token mode cannot be used for access token endpoints. Use root key mode instead.");
             }
-            return signRequest({ request, signingKey, expiresIn: signatureExpiresIn });
+            return signRequest({
+                request,
+                signingKey,
+                expiresIn: signatureExpiresIn,
+            });
         },
         async signHeaders(options) {
             const path = extractPath(options.url);
             if (isAccessTokenEndpoint(path)) {
                 throw new Error("Token mode cannot be used for access token endpoints. Use root key mode instead.");
             }
-            return signHeaders({ ...options, signingKey, expiresIn: signatureExpiresIn });
+            return signHeaders({
+                ...options,
+                signingKey,
+                expiresIn: signatureExpiresIn,
+            });
         },
     };
 }
@@ -89,10 +99,18 @@ function createRootKeyAuth(rootKey, tokenExpiresIn, signatureExpiresIn) {
         signingKey: clientKey,
         getToken,
         async signRequest(request) {
-            return signRequest({ request, signingKey: clientKey, expiresIn: signatureExpiresIn });
+            return signRequest({
+                request,
+                signingKey: clientKey,
+                expiresIn: signatureExpiresIn,
+            });
         },
         async signHeaders(options) {
-            return signHeaders({ ...options, signingKey: clientKey, expiresIn: signatureExpiresIn });
+            return signHeaders({
+                ...options,
+                signingKey: clientKey,
+                expiresIn: signatureExpiresIn,
+            });
         },
     };
 }

package/dist/esm/auth/pki-auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"pki-auth.js","sourceRoot":"","sources":["../../../src/auth/pki-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AA+C9C;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,aAAa,CAAC,MAAqB;IAClD,MAAM,EAAE,kBAAkB,GAAG,GAAG,EAAE,GAAG,MAAM,CAAC;IAE5C,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACvC,OAAO,eAAe,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;IAC7E,CAAC;SAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO,iBAAiB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,cAAc,IAAI,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAC7F,CAAC;SAAM,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAChE,CAAC;SAAM,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAChE,CAAC;SAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC9E,CAAC;AACF,CAAC;AAED,SAAS,eAAe,CACvB,KAAa,EACb,UAAsB,EACtB,kBAA0B;IAE1B,MAAM,SAAS,GAAG,UAAU,CAAC,eAAe,EAAE,CAAC;IAE/C,SAAS,qBAAqB,CAAC,IAAY;QAC1C,OAAO,oCAAoC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,SAAS,WAAW,CAAC,YAA8B;QAClD,MAAM,GAAG,GAAG,OAAO,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACjG,OAAO,GAAG,CAAC,QAAQ,CAAC;IACrB,CAAC;IAED,OAAO;QACN,IAAI,EAAE,OAAO;QACb,SAAS;QACT,UAAU;QAEV,KAAK,CAAC,QAAQ;YACb,OAAO,KAAK,CAAC;QACd,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAAgB;YACjC,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAC;YACrG,CAAC;YACD,OAAO,WAAW,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAA6D;YAC9E,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACtC,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAC;YACrG,CAAC;YACD,OAAO,WAAW,CAAC,EAAE,GAAG,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC/E,CAAC;KACD,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CACzB,OAAe,EACf,cAAsB,EACtB,kBAA0B;IAE1B,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,CAAC;IACxC,MAAM,eAAe,GAAG,SAAS,CAAC,eAAe,EAAE,CAAC;IAEpD,IAAI,WAAW,GAAkB,IAAI,CAAC;IACtC,IAAI,WAAW,GAAW,CAAC,CAAC;IAE5B,KAAK,UAAU,QAAQ;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,IAAI,GAAG,IAAI,WAAW,GAAG,KAAK,EAAE,CAAC;YAChD,WAAW,GAAG,MAAM,kBAAkB,CAAC;gBACtC,UAAU,EAAE,OAAO;gBACnB,SAAS,EAAE,eAAe;gBAC1B,SAAS,EAAE,cAAc;aACzB,CAAC,CAAC;YACH,WAAW,GAAG,GAAG,GAAG,cAAc,GAAG,IAAI,CAAC;QAC3C,CAAC;QACD,OAAO,WAAW,CAAC;IACpB,CAAC;IAED,OAAO;QACN,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,eAAe;QAC1B,UAAU,EAAE,SAAS;QACrB,QAAQ;QAER,KAAK,CAAC,WAAW,CAAC,OAAgB;YACjC,OAAO,WAAW,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACvF,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAA6D;YAC9E,OAAO,WAAW,CAAC,EAAE,GAAG,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC1F,CAAC;KACD,CAAC;AACH,CAAC"}
+{"version":3,"file":"pki-auth.js","sourceRoot":"","sources":["../../../src/auth/pki-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAElD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAgD9C;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,aAAa,CAAC,MAAqB;IAClD,MAAM,EAAE,kBAAkB,GAAG,GAAG,EAAE,GAAG,MAAM,CAAC;IAE5C,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACvC,OAAO,eAAe,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;IAC7E,CAAC;SAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO,iBAAiB,CACvB,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,cAAc,IAAI,IAAI,EAC7B,kBAAkB,CAClB,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAChE,CAAC;SAAM,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAChE,CAAC;SAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACd,2DAA2D,CAC3D,CAAC;IACH,CAAC;AACF,CAAC;AAED,SAAS,eAAe,CACvB,KAAa,EACb,UAAsB,EACtB,kBAA0B;IAE1B,MAAM,SAAS,GAAG,UAAU,CAAC,eAAe,EAAE,CAAC;IAE/C,SAAS,qBAAqB,CAAC,IAAY;QAC1C,OAAO,oCAAoC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,SAAS,WAAW,CAAC,YAA8B;QAClD,MAAM,GAAG,GACR,OAAO,YAAY,KAAK,QAAQ;YAC/B,CAAC,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC;YACvB,CAAC,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAC9B,OAAO,GAAG,CAAC,QAAQ,CAAC;IACrB,CAAC;IAED,OAAO;QACN,IAAI,EAAE,OAAO;QACb,SAAS;QACT,UAAU;QAEV,KAAK,CAAC,QAAQ;YACb,OAAO,KAAK,CAAC;QACd,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAAgB;YACjC,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CACd,kFAAkF,CAClF,CAAC;YACH,CAAC;YACD,OAAO,WAAW,CAAC;gBAClB,OAAO;gBACP,UAAU;gBACV,SAAS,EAAE,kBAAkB;aAC7B,CAAC,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,WAAW,CAChB,OAA6D;YAE7D,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACtC,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CACd,kFAAkF,CAClF,CAAC;YACH,CAAC;YACD,OAAO,WAAW,CAAC;gBAClB,GAAG,OAAO;gBACV,UAAU;gBACV,SAAS,EAAE,kBAAkB;aAC7B,CAAC,CAAC;QACJ,CAAC;KACD,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CACzB,OAAe,EACf,cAAsB,EACtB,kBAA0B;IAE1B,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,CAAC;IACxC,MAAM,eAAe,GAAG,SAAS,CAAC,eAAe,EAAE,CAAC;IAEpD,IAAI,WAAW,GAAkB,IAAI,CAAC;IACtC,IAAI,WAAW,GAAW,CAAC,CAAC;IAE5B,KAAK,UAAU,QAAQ;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,IAAI,GAAG,IAAI,WAAW,GAAG,KAAK,EAAE,CAAC;YAChD,WAAW,GAAG,MAAM,kBAAkB,CAAC;gBACtC,UAAU,EAAE,OAAO;gBACnB,SAAS,EAAE,eAAe;gBAC1B,SAAS,EAAE,cAAc;aACzB,CAAC,CAAC;YACH,WAAW,GAAG,GAAG,GAAG,cAAc,GAAG,IAAI,CAAC;QAC3C,CAAC;QACD,OAAO,WAAW,CAAC;IACpB,CAAC;IAED,OAAO;QACN,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,eAAe;QAC1B,UAAU,EAAE,SAAS;QACrB,QAAQ;QAER,KAAK,CAAC,WAAW,CAAC,OAAgB;YACjC,OAAO,WAAW,CAAC;gBAClB,OAAO;gBACP,UAAU,EAAE,SAAS;gBACrB,SAAS,EAAE,kBAAkB;aAC7B,CAAC,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,WAAW,CAChB,OAA6D;YAE7D,OAAO,WAAW,CAAC;gBAClB,GAAG,OAAO;gBACV,UAAU,EAAE,SAAS;gBACrB,SAAS,EAAE,kBAAkB;aAC7B,CAAC,CAAC;QACJ,CAAC;KACD,CAAC;AACH,CAAC"}