@zshannon/streamstore 0.22.3

package/dist/esm/auth/pki-auth.d.ts

@@ -0,0 +1,60 @@
+import { SigningKey } from "./signing-key.js";
+import type { SignHeadersOptions } from "./sign.js";
+/**
+ * Configuration for PKI authentication.
+ *
+ * Two modes are supported:
+ *
+ * 1. **Token + SigningKey mode** (for regular operations): Provide `token` and `signingKey`.
+ *    Use this for basins, streams, and other regular operations.
+ *
+ * 2. **Root key mode** (for all operations): Provide only `rootKey`.
+ *    The SDK generates tokens locally (signed by root key, bound to a generated client key).
+ */
+export type PkiAuthConfig = {
+    /** Biscuit token issued with the signing key's public key */
+    token?: string;
+    /** P256 signing key that matches the token's bound public key */
+    signingKey?: SigningKey;
+    /** P256 private key as base58-encoded 32 bytes (root key) */
+    rootKey?: string;
+    /** Token expiry in seconds (default: 3600 = 1 hour) */
+    tokenExpiresIn?: number;
+    /** Signature expiry in seconds (default: 300 = 5 minutes) */
+    signatureExpiresIn?: number;
+};
+/**
+ * Auth mode indicates what operations are allowed.
+ */
+export type PkiAuthMode = "root" | "token";
+export type PkiAuthContext = {
+    /** The auth mode */
+    mode: PkiAuthMode;
+    /** The signing key's public key (base58) */
+    publicKey: string;
+    /** Get current token */
+    getToken: () => Promise<string>;
+    /** Sign a request with RFC 9421 HTTP message signatures */
+    signRequest: (request: Request) => Promise<Request>;
+    /** Sign headers with RFC 9421 HTTP message signatures */
+    signHeaders: (options: Omit<SignHeadersOptions, "signingKey" | "expiresIn">) => Promise<void>;
+    /** The signing key (for token mode, can be used to issue sub-tokens) */
+    signingKey: SigningKey;
+};
+/**
+ * Creates a PKI auth context.
+ *
+ * @example Token + SigningKey mode (for regular operations)
+ * ```typescript
+ * const auth = createPkiAuth({ token: accessToken, signingKey });
+ * const s2 = new S2({ authContext: auth, endpoints: { ... } });
+ * ```
+ *
+ * @example Root key mode (for all operations)
+ * ```typescript
+ * const auth = createPkiAuth({ rootKey: "..." });
+ * const s2 = new S2({ authContext: auth, endpoints: { ... } });
+ * ```
+ */
+export declare function createPkiAuth(config: PkiAuthConfig): PkiAuthContext;
+//# sourceMappingURL=pki-auth.d.ts.map

package/dist/esm/auth/pki-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pki-auth.d.ts","sourceRoot":"","sources":["../../../src/auth/pki-auth.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAEpD;;;;;;;;;;GAUG;AACH,MAAM,MAAM,aAAa,GAAG;IAC3B,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iEAAiE;IACjE,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,6DAA6D;IAC7D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,6DAA6D;IAC7D,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,OAAO,CAAC;AAE3C,MAAM,MAAM,cAAc,GAAG;IAC5B,oBAAoB;IACpB,IAAI,EAAE,WAAW,CAAC;IAClB,4CAA4C;IAC5C,SAAS,EAAE,MAAM,CAAC;IAClB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,2DAA2D;IAC3D,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACpD,yDAAyD;IACzD,WAAW,EAAE,CAAC,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE,YAAY,GAAG,WAAW,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9F,wEAAwE;IACxE,UAAU,EAAE,UAAU,CAAC;CACvB,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,GAAG,cAAc,CAcnE"}

package/dist/esm/auth/pki-auth.js

@@ -0,0 +1,99 @@
+import { createBiscuitToken } from "./biscuit.js";
+import { signRequest, signHeaders } from "./sign.js";
+import { SigningKey } from "./signing-key.js";
+/**
+ * Creates a PKI auth context.
+ *
+ * @example Token + SigningKey mode (for regular operations)
+ * ```typescript
+ * const auth = createPkiAuth({ token: accessToken, signingKey });
+ * const s2 = new S2({ authContext: auth, endpoints: { ... } });
+ * ```
+ *
+ * @example Root key mode (for all operations)
+ * ```typescript
+ * const auth = createPkiAuth({ rootKey: "..." });
+ * const s2 = new S2({ authContext: auth, endpoints: { ... } });
+ * ```
+ */
+export function createPkiAuth(config) {
+    const { signatureExpiresIn = 300 } = config;
+    if (config.token && config.signingKey) {
+        return createTokenAuth(config.token, config.signingKey, signatureExpiresIn);
+    }
+    else if (config.rootKey) {
+        return createRootKeyAuth(config.rootKey, config.tokenExpiresIn ?? 3600, signatureExpiresIn);
+    }
+    else if (config.token && !config.signingKey) {
+        throw new Error("PKI auth: token provided without signingKey");
+    }
+    else if (!config.token && config.signingKey) {
+        throw new Error("PKI auth: signingKey provided without token");
+    }
+    else {
+        throw new Error("PKI auth: either (token + signingKey) or rootKey required");
+    }
+}
+function createTokenAuth(token, signingKey, signatureExpiresIn) {
+    const publicKey = signingKey.publicKeyBase58();
+    function isAccessTokenEndpoint(path) {
+        return /^\/v\d+\/access-tokens(\/[^\/]+)?$/.test(path);
+    }
+    function extractPath(urlOrRequest) {
+        const url = typeof urlOrRequest === "string" ? new URL(urlOrRequest) : new URL(urlOrRequest.url);
+        return url.pathname;
+    }
+    return {
+        mode: "token",
+        publicKey,
+        signingKey,
+        async getToken() {
+            return token;
+        },
+        async signRequest(request) {
+            const path = extractPath(request);
+            if (isAccessTokenEndpoint(path)) {
+                throw new Error("Token mode cannot be used for access token endpoints. Use root key mode instead.");
+            }
+            return signRequest({ request, signingKey, expiresIn: signatureExpiresIn });
+        },
+        async signHeaders(options) {
+            const path = extractPath(options.url);
+            if (isAccessTokenEndpoint(path)) {
+                throw new Error("Token mode cannot be used for access token endpoints. Use root key mode instead.");
+            }
+            return signHeaders({ ...options, signingKey, expiresIn: signatureExpiresIn });
+        },
+    };
+}
+function createRootKeyAuth(rootKey, tokenExpiresIn, signatureExpiresIn) {
+    const clientKey = SigningKey.generate();
+    const clientPublicKey = clientKey.publicKeyBase58();
+    let cachedToken = null;
+    let tokenExpiry = 0;
+    async function getToken() {
+        const now = Date.now();
+        if (!cachedToken || now >= tokenExpiry - 60000) {
+            cachedToken = await createBiscuitToken({
+                privateKey: rootKey,
+                publicKey: clientPublicKey,
+                expiresIn: tokenExpiresIn,
+            });
+            tokenExpiry = now + tokenExpiresIn * 1000;
+        }
+        return cachedToken;
+    }
+    return {
+        mode: "root",
+        publicKey: clientPublicKey,
+        signingKey: clientKey,
+        getToken,
+        async signRequest(request) {
+            return signRequest({ request, signingKey: clientKey, expiresIn: signatureExpiresIn });
+        },
+        async signHeaders(options) {
+            return signHeaders({ ...options, signingKey: clientKey, expiresIn: signatureExpiresIn });
+        },
+    };
+}
+//# sourceMappingURL=pki-auth.js.map

package/dist/esm/auth/pki-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pki-auth.js","sourceRoot":"","sources":["../../../src/auth/pki-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AA+C9C;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,aAAa,CAAC,MAAqB;IAClD,MAAM,EAAE,kBAAkB,GAAG,GAAG,EAAE,GAAG,MAAM,CAAC;IAE5C,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACvC,OAAO,eAAe,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;IAC7E,CAAC;SAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO,iBAAiB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,cAAc,IAAI,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAC7F,CAAC;SAAM,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAChE,CAAC;SAAM,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAChE,CAAC;SAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC9E,CAAC;AACF,CAAC;AAED,SAAS,eAAe,CACvB,KAAa,EACb,UAAsB,EACtB,kBAA0B;IAE1B,MAAM,SAAS,GAAG,UAAU,CAAC,eAAe,EAAE,CAAC;IAE/C,SAAS,qBAAqB,CAAC,IAAY;QAC1C,OAAO,oCAAoC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,SAAS,WAAW,CAAC,YAA8B;QAClD,MAAM,GAAG,GAAG,OAAO,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACjG,OAAO,GAAG,CAAC,QAAQ,CAAC;IACrB,CAAC;IAED,OAAO;QACN,IAAI,EAAE,OAAO;QACb,SAAS;QACT,UAAU;QAEV,KAAK,CAAC,QAAQ;YACb,OAAO,KAAK,CAAC;QACd,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAAgB;YACjC,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAC;YACrG,CAAC;YACD,OAAO,WAAW,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAA6D;YAC9E,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACtC,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAC;YACrG,CAAC;YACD,OAAO,WAAW,CAAC,EAAE,GAAG,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC/E,CAAC;KACD,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CACzB,OAAe,EACf,cAAsB,EACtB,kBAA0B;IAE1B,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,CAAC;IACxC,MAAM,eAAe,GAAG,SAAS,CAAC,eAAe,EAAE,CAAC;IAEpD,IAAI,WAAW,GAAkB,IAAI,CAAC;IACtC,IAAI,WAAW,GAAW,CAAC,CAAC;IAE5B,KAAK,UAAU,QAAQ;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,IAAI,GAAG,IAAI,WAAW,GAAG,KAAK,EAAE,CAAC;YAChD,WAAW,GAAG,MAAM,kBAAkB,CAAC;gBACtC,UAAU,EAAE,OAAO;gBACnB,SAAS,EAAE,eAAe;gBAC1B,SAAS,EAAE,cAAc;aACzB,CAAC,CAAC;YACH,WAAW,GAAG,GAAG,GAAG,cAAc,GAAG,IAAI,CAAC;QAC3C,CAAC;QACD,OAAO,WAAW,CAAC;IACpB,CAAC;IAED,OAAO;QACN,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,eAAe;QAC1B,UAAU,EAAE,SAAS;QACrB,QAAQ;QAER,KAAK,CAAC,WAAW,CAAC,OAAgB;YACjC,OAAO,WAAW,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACvF,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAA6D;YAC9E,OAAO,WAAW,CAAC,EAAE,GAAG,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC1F,CAAC;KACD,CAAC;AACH,CAAC"}

package/dist/esm/auth/sign.d.ts

@@ -0,0 +1,39 @@
+import { SigningKey } from "./signing-key.js";
+export type SignRequestOptions = {
+    /** Request to sign */
+    request: Request;
+    /** P256 signing key */
+    signingKey: SigningKey;
+    /** Duration until signature expires (default: 300 seconds) */
+    expiresIn?: number;
+};
+/**
+ * Signs a Request using RFC 9421 HTTP Message Signatures with a P256 key.
+ *
+ * Components signed: @method, @path, @authority, authorization, content-digest (if body present)
+ *
+ * @returns A new Request with signature headers added
+ */
+export declare function signRequest(options: SignRequestOptions): Promise<Request>;
+export type SignHeadersOptions = {
+    /** HTTP method */
+    method: string;
+    /** Full URL */
+    url: string;
+    /** Headers to sign (will be mutated to add signature headers) */
+    headers: Record<string, string>;
+    /** P256 signing key */
+    signingKey: SigningKey;
+    /** Request body (optional, for content-digest) */
+    body?: Uint8Array;
+    /** Duration until signature expires (default: 300 seconds) */
+    expiresIn?: number;
+};
+/**
+ * Signs HTTP headers using RFC 9421 HTTP Message Signatures with a P256 key.
+ * Mutates the headers object to add signature headers.
+ *
+ * Components signed: @method, @path, @authority, authorization, content-digest (if body present)
+ */
+export declare function signHeaders(options: SignHeadersOptions): Promise<void>;
+//# sourceMappingURL=sign.d.ts.map

package/dist/esm/auth/sign.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../../../src/auth/sign.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,MAAM,MAAM,kBAAkB,GAAG;IAChC,sBAAsB;IACtB,OAAO,EAAE,OAAO,CAAC;IACjB,uBAAuB;IACvB,UAAU,EAAE,UAAU,CAAC;IACvB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAoDF;;;;;;GAMG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,CA8D/E;AAED,MAAM,MAAM,kBAAkB,GAAG;IAChC,kBAAkB;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,iEAAiE;IACjE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,uBAAuB;IACvB,UAAU,EAAE,UAAU,CAAC;IACvB,kDAAkD;IAClD,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;;;GAKG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CA2B5E"}

package/dist/esm/auth/sign.js

@@ -0,0 +1,125 @@
+import { p256 } from "@noble/curves/nist.js";
+import { sha256 } from "@noble/hashes/sha256";
+import { base64 } from "@scure/base";
+import { SigningKey } from "./signing-key.js";
+/**
+ * Build the signature base string per RFC 9421.
+ * The @signature-params line uses the same parameter order as the Rust httpsig crate:
+ * created, alg, keyid (to ensure compatibility with server verification).
+ */
+function buildSignatureBase(method, path, authority, headers, components, created, keyid) {
+    const lines = [];
+    for (const component of components) {
+        let value;
+        if (component === "@method") {
+            value = method.toUpperCase();
+        }
+        else if (component === "@path") {
+            value = path;
+        }
+        else if (component === "@authority") {
+            value = authority;
+        }
+        else {
+            // Regular header
+            value = headers.get(component) ?? "";
+        }
+        lines.push(`"${component}": ${value}`);
+    }
+    // Build signature-params with Rust httpsig order: created, alg, keyid
+    const componentsList = components.map((c) => `"${c}"`).join(" ");
+    const signatureParams = `(${componentsList});created=${created};alg="ecdsa-p256-sha256";keyid="${keyid}"`;
+    lines.push(`"@signature-params": ${signatureParams}`);
+    return lines.join("\n");
+}
+/**
+ * Extract authority from URL, stripping default ports per RFC 9421.
+ */
+function getAuthority(url) {
+    const port = url.port ? parseInt(url.port, 10) : null;
+    if (port && ![80, 443].includes(port)) {
+        return `${url.hostname}:${port}`;
+    }
+    return url.hostname;
+}
+/**
+ * Signs a Request using RFC 9421 HTTP Message Signatures with a P256 key.
+ *
+ * Components signed: @method, @path, @authority, authorization, content-digest (if body present)
+ *
+ * @returns A new Request with signature headers added
+ */
+export async function signRequest(options) {
+    const { request, signingKey } = options;
+    // Clone request headers
+    const headers = new Headers(request.headers);
+    // Determine components to sign
+    const components = ["@method", "@path", "@authority", "authorization"];
+    // Compute content-digest if body exists
+    const body = await request.clone().arrayBuffer();
+    if (body.byteLength > 0) {
+        const hash = sha256(new Uint8Array(body));
+        const hashBase64 = base64.encode(hash);
+        headers.set("Content-Digest", `sha-256=:${hashBase64}:`);
+        components.push("content-digest");
+    }
+    // Extract URL components
+    // Per RFC 9421: @path is the path without query string
+    const url = new URL(request.url);
+    const path = url.pathname;
+    const authority = getAuthority(url);
+    // Get signing parameters
+    const created = Math.floor(Date.now() / 1000);
+    const keyid = signingKey.publicKeyBase58();
+    const privateKeyBytes = signingKey.getPrivateKeyBytes();
+    // Build signature base (RFC 9421 format, Rust httpsig-compatible param order)
+    const signatureBase = buildSignatureBase(request.method, path, authority, headers, components, created, keyid);
+    // Sign the signature base
+    const signatureBytes = p256.sign(new TextEncoder().encode(signatureBase), privateKeyBytes, { lowS: true });
+    const signatureB64 = base64.encode(signatureBytes);
+    // Build signature-input header (same param order as signature base)
+    const componentsList = components.map((c) => `"${c}"`).join(" ");
+    const signatureInput = `sig1=(${componentsList});created=${created};alg="ecdsa-p256-sha256";keyid="${keyid}"`;
+    // Apply signature headers
+    headers.set("Signature", `sig1=:${signatureB64}:`);
+    headers.set("Signature-Input", signatureInput);
+    // Create new request with signed headers
+    return new Request(request.url, {
+        body: body.byteLength > 0 ? body : undefined,
+        headers,
+        method: request.method,
+    });
+}
+/**
+ * Signs HTTP headers using RFC 9421 HTTP Message Signatures with a P256 key.
+ * Mutates the headers object to add signature headers.
+ *
+ * Components signed: @method, @path, @authority, authorization, content-digest (if body present)
+ */
+export async function signHeaders(options) {
+    const { method, url, headers, signingKey, body, expiresIn = 300 } = options;
+    // Build headers (skip pseudo-headers for HTTP/2)
+    const requestHeaders = new Headers();
+    for (const [key, value] of Object.entries(headers)) {
+        if (!key.startsWith(":")) {
+            requestHeaders.set(key, value);
+        }
+    }
+    const request = new Request(url, {
+        method,
+        headers: requestHeaders,
+        body: body && body.byteLength > 0 ? body.slice().buffer : undefined,
+    });
+    const signedRequest = await signRequest({ request, signingKey, expiresIn });
+    // Extract signature headers and apply to original headers object
+    const signature = signedRequest.headers.get("Signature");
+    const signatureInput = signedRequest.headers.get("Signature-Input");
+    const contentDigest = signedRequest.headers.get("Content-Digest");
+    if (signature)
+        headers["signature"] = signature;
+    if (signatureInput)
+        headers["signature-input"] = signatureInput;
+    if (contentDigest)
+        headers["content-digest"] = contentDigest;
+}
+//# sourceMappingURL=sign.js.map

package/dist/esm/auth/sign.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sign.js","sourceRoot":"","sources":["../../../src/auth/sign.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAW9C;;;;GAIG;AACH,SAAS,kBAAkB,CAC1B,MAAc,EACd,IAAY,EACZ,SAAiB,EACjB,OAAgB,EAChB,UAAoB,EACpB,OAAe,EACf,KAAa;IAEb,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACpC,IAAI,KAAa,CAAC;QAClB,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC7B,KAAK,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QAC9B,CAAC;aAAM,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;YAClC,KAAK,GAAG,IAAI,CAAC;QACd,CAAC;aAAM,IAAI,SAAS,KAAK,YAAY,EAAE,CAAC;YACvC,KAAK,GAAG,SAAS,CAAC;QACnB,CAAC;aAAM,CAAC;YACP,iBAAiB;YACjB,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,IAAI,SAAS,MAAM,KAAK,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,sEAAsE;IACtE,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjE,MAAM,eAAe,GAAG,IAAI,cAAc,aAAa,OAAO,mCAAmC,KAAK,GAAG,CAAC;IAC1G,KAAK,CAAC,IAAI,CAAC,wBAAwB,eAAe,EAAE,CAAC,CAAC;IAEtD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,GAAQ;IAC7B,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,IAAI,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,OAAO,GAAG,GAAG,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAC;IAClC,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC;AACrB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAA2B;IAC5D,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAExC,wBAAwB;IACxB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAE7C,+BAA+B;IAC/B,MAAM,UAAU,GAAa,CAAC,SAAS,EAAE,OAAO,EAAE,YAAY,EAAE,eAAe,CAAC,CAAC;IAEjF,wCAAwC;IACxC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC;IACjD,IAAI,IAAI,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,YAAY,UAAU,GAAG,CAAC,CAAC;QACzD,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACnC,CAAC;IAED,yBAAyB;IACzB,uDAAuD;IACvD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC1B,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAEpC,yBAAyB;IACzB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAG,UAAU,CAAC,eAAe,EAAE,CAAC;IAC3C,MAAM,eAAe,GAAG,UAAU,CAAC,kBAAkB,EAAE,CAAC;IAExD,8EAA8E;IAC9E,MAAM,aAAa,GAAG,kBAAkB,CACvC,OAAO,CAAC,MAAM,EACd,IAAI,EACJ,SAAS,EACT,OAAO,EACP,UAAU,EACV,OAAO,EACP,KAAK,CACL,CAAC;IAEF,0BAA0B;IAC1B,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAC/B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,EACvC,eAAe,EACf,EAAE,IAAI,EAAE,IAAI,EAAE,CACd,CAAC;IACF,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IAEnD,oEAAoE;IACpE,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjE,MAAM,cAAc,GAAG,SAAS,cAAc,aAAa,OAAO,mCAAmC,KAAK,GAAG,CAAC;IAE9G,0BAA0B;IAC1B,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,YAAY,GAAG,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAC;IAE/C,yCAAyC;IACzC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE;QAC/B,IAAI,EAAE,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;QAC5C,OAAO;QACP,MAAM,EAAE,OAAO,CAAC,MAAM;KACtB,CAAC,CAAC;AACJ,CAAC;AAiBD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAA2B;IAC5D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC;IAE5E,iDAAiD;IACjD,MAAM,cAAc,GAAG,IAAI,OAAO,EAAE,CAAC;IACrC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE;QAChC,MAAM;QACN,OAAO,EAAE,cAAc;QACvB,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;KACnE,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;IAE5E,iEAAiE;IACjE,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACzD,MAAM,cAAc,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACpE,MAAM,aAAa,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAElE,IAAI,SAAS;QAAE,OAAO,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;IAChD,IAAI,cAAc;QAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,cAAc,CAAC;IAChE,IAAI,aAAa;QAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,aAAa,CAAC;AAC9D,CAAC"}

package/dist/esm/auth/signing-key.d.ts

@@ -0,0 +1,42 @@
+/**
+ * P-256 signing key for RFC 9421 HTTP message signatures.
+ *
+ * When configured, the SDK will sign every HTTP request per RFC 9421,
+ * binding the request to both the bearer token and this cryptographic key.
+ *
+ * @example
+ * ```typescript
+ * // Generate a new key
+ * const key = SigningKey.generate();
+ * console.log("Public key:", key.publicKeyBase58());
+ *
+ * // Import from base58
+ * const key = SigningKey.fromBase58("your-base58-encoded-private-key");
+ * ```
+ */
+export declare class SigningKey {
+    private readonly privateKeyBytes;
+    private constructor();
+    /**
+     * Generate a new random P-256 signing key.
+     */
+    static generate(): SigningKey;
+    /**
+     * Create a signing key from a base58-encoded 32-byte private key.
+     */
+    static fromBase58(encoded: string): SigningKey;
+    /**
+     * Export the private key as a base58-encoded string.
+     */
+    toBase58(): string;
+    /**
+     * Get the public key as a base58-encoded compressed point (33 bytes).
+     */
+    publicKeyBase58(): string;
+    /**
+     * Get the raw private key bytes (for internal use).
+     * @internal
+     */
+    getPrivateKeyBytes(): Uint8Array;
+}
+//# sourceMappingURL=signing-key.d.ts.map

package/dist/esm/auth/signing-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signing-key.d.ts","sourceRoot":"","sources":["../../../src/auth/signing-key.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,UAAU;IACtB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAa;IAE7C,OAAO;IAIP;;OAEG;IACH,MAAM,CAAC,QAAQ,IAAI,UAAU;IAK7B;;OAEG;IACH,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IAU9C;;OAEG;IACH,QAAQ,IAAI,MAAM;IAIlB;;OAEG;IACH,eAAe,IAAI,MAAM;IAKzB;;;OAGG;IACH,kBAAkB,IAAI,UAAU;CAGhC"}

package/dist/esm/auth/signing-key.js

@@ -0,0 +1,62 @@
+import { p256 } from "@noble/curves/nist.js";
+import { base58 } from "@scure/base";
+/**
+ * P-256 signing key for RFC 9421 HTTP message signatures.
+ *
+ * When configured, the SDK will sign every HTTP request per RFC 9421,
+ * binding the request to both the bearer token and this cryptographic key.
+ *
+ * @example
+ * ```typescript
+ * // Generate a new key
+ * const key = SigningKey.generate();
+ * console.log("Public key:", key.publicKeyBase58());
+ *
+ * // Import from base58
+ * const key = SigningKey.fromBase58("your-base58-encoded-private-key");
+ * ```
+ */
+export class SigningKey {
+    privateKeyBytes;
+    constructor(privateKeyBytes) {
+        this.privateKeyBytes = privateKeyBytes;
+    }
+    /**
+     * Generate a new random P-256 signing key.
+     */
+    static generate() {
+        const privateKey = p256.utils.randomSecretKey();
+        return new SigningKey(privateKey);
+    }
+    /**
+     * Create a signing key from a base58-encoded 32-byte private key.
+     */
+    static fromBase58(encoded) {
+        const privateKey = base58.decode(encoded);
+        if (privateKey.length !== 32) {
+            throw new Error(`Invalid signing key: expected 32 bytes, got ${privateKey.length}`);
+        }
+        return new SigningKey(privateKey);
+    }
+    /**
+     * Export the private key as a base58-encoded string.
+     */
+    toBase58() {
+        return base58.encode(this.privateKeyBytes);
+    }
+    /**
+     * Get the public key as a base58-encoded compressed point (33 bytes).
+     */
+    publicKeyBase58() {
+        const publicKey = p256.getPublicKey(this.privateKeyBytes, true);
+        return base58.encode(publicKey);
+    }
+    /**
+     * Get the raw private key bytes (for internal use).
+     * @internal
+     */
+    getPrivateKeyBytes() {
+        return this.privateKeyBytes;
+    }
+}
+//# sourceMappingURL=signing-key.js.map

package/dist/esm/auth/signing-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signing-key.js","sourceRoot":"","sources":["../../../src/auth/signing-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC;;;;;;;;;;;;;;;GAeG;AACH,MAAM,OAAO,UAAU;IACL,eAAe,CAAa;IAE7C,YAAoB,eAA2B;QAC9C,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,QAAQ;QACd,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;QAChD,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,UAAU,CAAC,OAAe;QAChC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CACd,+CAA+C,UAAU,CAAC,MAAM,EAAE,CAClE,CAAC;QACH,CAAC;QACD,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,QAAQ;QACP,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,eAAe;QACd,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;QAChE,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IAED;;;OAGG;IACH,kBAAkB;QACjB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC7B,CAAC;CACD"}

package/dist/esm/basin.d.ts

@@ -0,0 +1,33 @@
+import { type AuthProvider, type RetryConfig } from "./common.js";
+import type { SessionTransports } from "./lib/stream/types.js";
+import { S2Stream } from "./stream.js";
+import { S2Streams } from "./streams.js";
+export declare class S2Basin {
+    private readonly client;
+    private readonly transportConfig;
+    private readonly retryConfig?;
+    readonly name: string;
+    readonly streams: S2Streams;
+    /**
+     * Create a basin-scoped client that talks to `https://{basin}.b.aws.s2.dev/v1`.
+     *
+     * Use this to work with streams inside a single basin.
+     * @param name Basin name
+     * @param options Configuration for the basin-scoped client
+     */
+    constructor(name: string, options: {
+        authProvider: AuthProvider;
+        baseUrl: string;
+        includeBasinHeader: boolean;
+        retryConfig?: RetryConfig;
+    });
+    /**
+     * Create a stream-scoped helper bound to `this` basin.
+     * @param name Stream name
+     */
+    stream(name: string, options?: StreamOptions): S2Stream;
+}
+export interface StreamOptions {
+    forceTransport?: SessionTransports;
+}
+//# sourceMappingURL=basin.d.ts.map

package/dist/esm/basin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"basin.d.ts","sourceRoot":"","sources":["../../src/basin.ts"],"names":[],"mappings":"AAAA,OAAO,EAA6B,KAAK,YAAY,EAAE,KAAK,WAAW,EAAE,MAAM,aAAa,CAAC;AAG7F,OAAO,KAAK,EAAE,iBAAiB,EAAmB,MAAM,uBAAuB,CAAC;AAChF,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,qBAAa,OAAO;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAC3C,SAAgB,IAAI,EAAE,MAAM,CAAC;IAC7B,SAAgB,OAAO,EAAE,SAAS,CAAC;IAEnC;;;;;;OAMG;gBAEF,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE;QACR,YAAY,EAAE,YAAY,CAAC;QAC3B,OAAO,EAAE,MAAM,CAAC;QAChB,kBAAkB,EAAE,OAAO,CAAC;QAC5B,WAAW,CAAC,EAAE,WAAW,CAAC;KAC1B;IAuBF;;;OAGG;IACI,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,aAAa;CAWnD;AAED,MAAM,WAAW,aAAa;IAC7B,cAAc,CAAC,EAAE,iBAAiB,CAAC;CACnC"}

package/dist/esm/basin.js

@@ -0,0 +1,50 @@
+import { createAuthenticatedClient } from "./common.js";
+import { canSetUserAgentHeader, DEFAULT_USER_AGENT } from "./lib/stream/runtime.js";
+import { S2Stream } from "./stream.js";
+import { S2Streams } from "./streams.js";
+export class S2Basin {
+    client;
+    transportConfig;
+    retryConfig;
+    name;
+    streams;
+    /**
+     * Create a basin-scoped client that talks to `https://{basin}.b.aws.s2.dev/v1`.
+     *
+     * Use this to work with streams inside a single basin.
+     * @param name Basin name
+     * @param options Configuration for the basin-scoped client
+     */
+    constructor(name, options) {
+        this.name = name;
+        this.retryConfig = options.retryConfig;
+        this.transportConfig = {
+            baseUrl: options.baseUrl,
+            authProvider: options.authProvider,
+            basinName: options.includeBasinHeader ? name : undefined,
+            connectionTimeoutMillis: options.retryConfig?.connectionTimeoutMillis,
+            requestTimeoutMillis: options.retryConfig?.requestTimeoutMillis,
+            retry: options.retryConfig,
+        };
+        const headers = {};
+        if (options.includeBasinHeader) {
+            headers["s2-basin"] = name;
+        }
+        if (canSetUserAgentHeader()) {
+            headers["user-agent"] = DEFAULT_USER_AGENT;
+        }
+        this.client = createAuthenticatedClient(options.baseUrl, options.authProvider, headers);
+        this.streams = new S2Streams(this.client, this.retryConfig);
+    }
+    /**
+     * Create a stream-scoped helper bound to `this` basin.
+     * @param name Stream name
+     */
+    stream(name, options) {
+        return new S2Stream(name, this.client, {
+            ...this.transportConfig,
+            forceTransport: options?.forceTransport,
+        }, this.retryConfig);
+    }
+}
+//# sourceMappingURL=basin.js.map

package/dist/esm/basin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"basin.js","sourceRoot":"","sources":["../../src/basin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAuC,MAAM,aAAa,CAAC;AAE7F,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAEpF,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,MAAM,OAAO,OAAO;IACF,MAAM,CAAS;IACf,eAAe,CAAkB;IACjC,WAAW,CAAe;IAC3B,IAAI,CAAS;IACb,OAAO,CAAY;IAEnC;;;;;;OAMG;IACH,YACC,IAAY,EACZ,OAKC;QAED,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,eAAe,GAAG;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,SAAS,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;YACxD,uBAAuB,EAAE,OAAO,CAAC,WAAW,EAAE,uBAAuB;YACrE,oBAAoB,EAAE,OAAO,CAAC,WAAW,EAAE,oBAAoB;YAC/D,KAAK,EAAE,OAAO,CAAC,WAAW;SAC1B,CAAC;QACF,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;YAChC,OAAO,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,qBAAqB,EAAE,EAAE,CAAC;YAC7B,OAAO,CAAC,YAAY,CAAC,GAAG,kBAAkB,CAAC;QAC5C,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,yBAAyB,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACxF,IAAI,CAAC,OAAO,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAC7D,CAAC;IAED;;;OAGG;IACI,MAAM,CAAC,IAAY,EAAE,OAAuB;QAClD,OAAO,IAAI,QAAQ,CAClB,IAAI,EACJ,IAAI,CAAC,MAAM,EACX;YACC,GAAG,IAAI,CAAC,eAAe;YACvB,cAAc,EAAE,OAAO,EAAE,cAAc;SACvC,EACD,IAAI,CAAC,WAAW,CAChB,CAAC;IACH,CAAC;CACD"}

package/dist/esm/basins.d.ts

@@ -0,0 +1,62 @@
+import type { RetryConfig, S2RequestOptions } from "./common.js";
+import type { Client } from "./generated/client/types.gen.js";
+import type * as Types from "./types.js";
+/**
+ * Account-scoped helper for listing, creating, deleting, and reconfiguring basins.
+ *
+ * Retrieve this via {@link S2.basins}. Each method retries according to the client-level retry config.
+ */
+export declare class S2Basins {
+    private readonly client;
+    private readonly retryConfig;
+    constructor(client: Client, retryConfig: RetryConfig);
+    /**
+     * List basins.
+     *
+     * @param args.prefix Return basins whose names start with the given prefix
+     * @param args.startAfter Name to start after (for pagination)
+     * @param args.limit Max results (up to 1000)
+     */
+    list(args?: Types.ListBasinsInput, options?: S2RequestOptions): Promise<Types.ListBasinsResponse>;
+    /**
+     * List all basins with automatic pagination.
+     * Returns a lazy async iterable that fetches pages as needed.
+     *
+     * @param args - Optional options: `prefix` to filter by name prefix, `limit` for max results per page, `includeDeleted` to include basins pending deletion
+     *
+     * @example
+     * ```ts
+     * for await (const basin of s2.basins.listAll({ prefix: "my-" })) {
+     *   console.log(basin.name);
+     * }
+     * ```
+     */
+    listAll(args?: Types.ListAllBasinsInput, options?: S2RequestOptions): AsyncIterable<Types.BasinInfo>;
+    /**
+     * Create a basin.
+     *
+     * @param args.basin Globally unique basin name (8-48 chars, lowercase letters, numbers, hyphens; cannot begin or end with a hyphen)
+     * @param args.config Optional basin configuration (e.g. defaultStreamConfig)
+     * @param args.scope Basin scope
+     */
+    create(args: Types.CreateBasinInput, options?: S2RequestOptions): Promise<Types.CreateBasinResponse>;
+    /**
+     * Get basin configuration.
+     *
+     * @param args.basin Basin name
+     */
+    getConfig(args: Types.GetBasinConfigInput, options?: S2RequestOptions): Promise<Types.BasinConfig>;
+    /**
+     * Delete a basin.
+     *
+     * @param args.basin Basin name
+     */
+    delete(args: Types.DeleteBasinInput, options?: S2RequestOptions): Promise<void>;
+    /**
+     * Reconfigure a basin.
+     *
+     * @param args Configuration for the basin to reconfigure (including basin name and fields to change)
+     */
+    reconfigure(args: Types.ReconfigureBasinInput, options?: S2RequestOptions): Promise<Types.ReconfigureBasinResponse>;
+}
+//# sourceMappingURL=basins.d.ts.map

package/dist/esm/basins.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"basins.d.ts","sourceRoot":"","sources":["../../src/basins.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEjE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iCAAiC,CAAC;AAa9D,OAAO,KAAK,KAAK,KAAK,MAAM,YAAY,CAAC;AAsEzC;;;;GAIG;AACH,qBAAa,QAAQ;IACpB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;gBAE9B,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,WAAW;IAKpD;;;;;;OAMG;IACU,IAAI,CAChB,IAAI,CAAC,EAAE,KAAK,CAAC,eAAe,EAC5B,OAAO,CAAC,EAAE,gBAAgB,GACxB,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC;IAapC;;;;;;;;;;;;OAYG;IACI,OAAO,CACb,IAAI,CAAC,EAAE,KAAK,CAAC,kBAAkB,EAC/B,OAAO,CAAC,EAAE,gBAAgB,GACxB,aAAa,CAAC,KAAK,CAAC,SAAS,CAAC;IAejC;;;;;;OAMG;IACU,MAAM,CAClB,IAAI,EAAE,KAAK,CAAC,gBAAgB,EAC5B,OAAO,CAAC,EAAE,gBAAgB,GACxB,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC;IAoBrC;;;;OAIG;IACU,SAAS,CACrB,IAAI,EAAE,KAAK,CAAC,mBAAmB,EAC/B,OAAO,CAAC,EAAE,gBAAgB,GACxB,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;IAc7B;;;;OAIG;IACU,MAAM,CAClB,IAAI,EAAE,KAAK,CAAC,gBAAgB,EAC5B,OAAO,CAAC,EAAE,gBAAgB,GACxB,OAAO,CAAC,IAAI,CAAC;IAYhB;;;;OAIG;IACU,WAAW,CACvB,IAAI,EAAE,KAAK,CAAC,qBAAqB,EACjC,OAAO,CAAC,EAAE,gBAAgB,GACxB,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC;CAmB1C"}