cipher-kit 2.1.3 → 3.0.0

package/dist/chunk-7254PEID.cjs

@@ -0,0 +1,502 @@
+'use strict';
+
+var chunkVCBHSRCS_cjs = require('./chunk-VCBHSRCS.cjs');
+
+// src/web/kit.ts
+var kit_exports = {};
+chunkVCBHSRCS_cjs.__export(kit_exports, {
+  convertBytesToStr: () => convertBytesToStr,
+  convertEncoding: () => convertEncoding,
+  convertStrToBytes: () => convertStrToBytes,
+  createSecretKey: () => createSecretKey,
+  decrypt: () => decrypt,
+  decryptObj: () => decryptObj,
+  encrypt: () => encrypt,
+  encryptObj: () => encryptObj,
+  generateUuid: () => generateUuid,
+  hash: () => hash,
+  hashPassword: () => hashPassword,
+  isWebSecretKey: () => isWebSecretKey,
+  tryConvertBytesToStr: () => tryConvertBytesToStr,
+  tryConvertEncoding: () => tryConvertEncoding,
+  tryConvertStrToBytes: () => tryConvertStrToBytes,
+  tryCreateSecretKey: () => tryCreateSecretKey,
+  tryDecrypt: () => tryDecrypt,
+  tryDecryptObj: () => tryDecryptObj,
+  tryEncrypt: () => tryEncrypt,
+  tryEncryptObj: () => tryEncryptObj,
+  tryGenerateUuid: () => tryGenerateUuid,
+  tryHash: () => tryHash,
+  tryHashPassword: () => tryHashPassword,
+  tryVerifyPassword: () => tryVerifyPassword,
+  verifyPassword: () => verifyPassword
+});
+
+// src/web/web-encode.ts
+function $convertStrToBytes2(data, inputEncoding = "utf8") {
+  const result = chunkVCBHSRCS_cjs.$convertStrToBytes(data, inputEncoding);
+  if (result.error) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: result.error.message.replace("strToBytes:", "web strToBytes:"),
+      description: result.error.description
+    });
+  }
+  return result;
+}
+function $convertBytesToStr2(data, outputEncoding = "utf8") {
+  const result = chunkVCBHSRCS_cjs.$convertBytesToStr(data, outputEncoding);
+  if (result.error) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: result.error.message.replace("bytesToStr:", "web bytesToStr:"),
+      description: result.error.description
+    });
+  }
+  return result;
+}
+function $convertEncoding(data, from, to) {
+  if (!chunkVCBHSRCS_cjs.$isStr(data)) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web convertEncoding: Data must be a non-empty string",
+      description: "Received empty or non-string value"
+    });
+  }
+  if (!chunkVCBHSRCS_cjs.ENCODING.includes(from) || !chunkVCBHSRCS_cjs.ENCODING.includes(to)) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: `web convertEncoding: Unsupported encoding: from ${from} to ${to}`,
+      description: "Use base64, base64url, hex, utf8, or latin1"
+    });
+  }
+  const bytes = $convertStrToBytes2(data, from);
+  if (bytes.error) return chunkVCBHSRCS_cjs.$err(bytes.error);
+  const str = $convertBytesToStr2(bytes.result, to);
+  if (str.error) return chunkVCBHSRCS_cjs.$err(str.error);
+  return chunkVCBHSRCS_cjs.$ok(str.result);
+}
+
+// src/web/web-secret-key.ts
+function $isWebSecretKey(x) {
+  const base = chunkVCBHSRCS_cjs.$validateSecretKeyBase(x, "web");
+  if (!base) return null;
+  if (typeof globalThis.CryptoKey === "undefined" || !(base.obj.key instanceof CryptoKey)) return null;
+  if (!chunkVCBHSRCS_cjs.$isObj(base.obj.key.algorithm) || base.obj.key.algorithm.name !== base.algorithm.web || typeof base.obj.key.algorithm.length === "number" && base.obj.key.algorithm.length !== base.algorithm.keyBytes * 8 || !Array.isArray(base.obj.key.usages) || !(base.obj.key.usages.includes("encrypt") && base.obj.key.usages.includes("decrypt"))) {
+    return null;
+  }
+  return x;
+}
+async function $createSecretKey(secret, options) {
+  const validated = chunkVCBHSRCS_cjs.$validateCreateSecretKeyOptions(secret, options, "web");
+  if (validated.error) return chunkVCBHSRCS_cjs.$err(validated.error);
+  const { algorithm, digest, salt, info, encryptAlgo, digestAlgo } = validated;
+  try {
+    const ikm = await globalThis.crypto.subtle.importKey(
+      "raw",
+      chunkVCBHSRCS_cjs.textEncoder.encode(secret.normalize("NFKC")),
+      "HKDF",
+      false,
+      ["deriveKey"]
+    );
+    const extractable = options.extractable ?? false;
+    const key = await globalThis.crypto.subtle.deriveKey(
+      {
+        name: "HKDF",
+        hash: digestAlgo.web,
+        salt: chunkVCBHSRCS_cjs.textEncoder.encode(salt.normalize("NFKC")),
+        info: chunkVCBHSRCS_cjs.textEncoder.encode(info.normalize("NFKC"))
+      },
+      ikm,
+      { name: encryptAlgo.web, length: encryptAlgo.keyBytes * 8 },
+      extractable,
+      ["encrypt", "decrypt"]
+    );
+    const secretKey = Object.freeze({ platform: "web", digest, algorithm, key, injected: encryptAlgo });
+    return chunkVCBHSRCS_cjs.$ok({ result: secretKey });
+  } catch (error) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web createSecretKey: Failed to derive key",
+      description: chunkVCBHSRCS_cjs.$fmtError(error)
+    });
+  }
+}
+
+// src/web/web-encrypt.ts
+async function $encrypt(data, secretKey, options) {
+  if (!chunkVCBHSRCS_cjs.$isStr(data)) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web encrypt: Data must be a non-empty string",
+      description: "Received empty or non-string value"
+    });
+  }
+  if (!chunkVCBHSRCS_cjs.$isPlainObj(options)) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web encrypt: Options must be a plain object",
+      description: 'Pass an object like { outputEncoding: "base64url" }'
+    });
+  }
+  const outputEncoding = options.outputEncoding ?? "base64url";
+  if (!chunkVCBHSRCS_cjs.CIPHER_ENCODING.includes(outputEncoding)) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: `web encrypt: Unsupported output encoding: ${outputEncoding}`,
+      description: "Use base64, base64url, or hex"
+    });
+  }
+  const injectedKey = $isWebSecretKey(secretKey);
+  if (!injectedKey) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web encrypt: Invalid secret key",
+      description: "Expected a WebSecretKey created by webKit.createSecretKey()"
+    });
+  }
+  const { result, error } = $convertStrToBytes2(data, "utf8");
+  if (error) return chunkVCBHSRCS_cjs.$err(error);
+  try {
+    const iv = globalThis.crypto.getRandomValues(new Uint8Array(chunkVCBHSRCS_cjs.GCM_IV_LENGTH));
+    const cipherWithTag = await globalThis.crypto.subtle.encrypt(
+      { name: injectedKey.injected.web, iv },
+      injectedKey.key,
+      result
+    );
+    const cipherOnly = cipherWithTag.slice(0, cipherWithTag.byteLength - chunkVCBHSRCS_cjs.GCM_TAG_BYTES);
+    const tag = cipherWithTag.slice(cipherWithTag.byteLength - chunkVCBHSRCS_cjs.GCM_TAG_BYTES);
+    const ivStr = $convertBytesToStr2(iv, outputEncoding);
+    const cipherStr = $convertBytesToStr2(cipherOnly, outputEncoding);
+    const tagStr = $convertBytesToStr2(tag, outputEncoding);
+    if (ivStr.error || cipherStr.error || tagStr.error) {
+      return chunkVCBHSRCS_cjs.$err({
+        message: "web encrypt: Failed to encode output",
+        description: `Conversion error: ${chunkVCBHSRCS_cjs.$fmtResultErr(ivStr.error || cipherStr.error || tagStr.error)}`
+      });
+    }
+    return chunkVCBHSRCS_cjs.$ok(`${ivStr.result}.${cipherStr.result}.${tagStr.result}.`);
+  } catch (error2) {
+    return chunkVCBHSRCS_cjs.$err({ message: "web encrypt: Failed to encrypt data", description: chunkVCBHSRCS_cjs.$fmtError(error2) });
+  } finally {
+    result.fill(0);
+  }
+}
+async function $decrypt(encrypted, secretKey, options) {
+  if (!chunkVCBHSRCS_cjs.matchEncryptedPattern(encrypted)) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web decrypt: Invalid encrypted data format",
+      description: 'Encrypted data must be in the format "iv.cipher.tag."'
+    });
+  }
+  if (!chunkVCBHSRCS_cjs.$isPlainObj(options)) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web decrypt: Options must be a plain object",
+      description: 'Pass an object like { inputEncoding: "base64url" }'
+    });
+  }
+  const inputEncoding = options.inputEncoding ?? "base64url";
+  if (!chunkVCBHSRCS_cjs.CIPHER_ENCODING.includes(inputEncoding)) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: `web decrypt: Unsupported input encoding: ${inputEncoding}`,
+      description: "Use base64, base64url, or hex"
+    });
+  }
+  const [iv, cipher, tag] = encrypted.split(".", 4);
+  const injectedKey = $isWebSecretKey(secretKey);
+  if (!injectedKey) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web decrypt: Invalid secret key",
+      description: "Expected a WebSecretKey created by webKit.createSecretKey()"
+    });
+  }
+  const ivBytes = $convertStrToBytes2(iv, inputEncoding);
+  const cipherBytes = $convertStrToBytes2(cipher, inputEncoding);
+  const tagBytes = $convertStrToBytes2(tag, inputEncoding);
+  if (ivBytes.error || cipherBytes.error || tagBytes.error) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web decrypt: Failed to decode input",
+      description: `Conversion error: ${chunkVCBHSRCS_cjs.$fmtResultErr(ivBytes.error || cipherBytes.error || tagBytes.error)}`
+    });
+  }
+  if (ivBytes.result.byteLength !== chunkVCBHSRCS_cjs.GCM_IV_LENGTH) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web decrypt: Invalid IV length",
+      description: `Expected ${chunkVCBHSRCS_cjs.GCM_IV_LENGTH} bytes, got ${ivBytes.result.byteLength}`
+    });
+  }
+  if (tagBytes.result.byteLength !== chunkVCBHSRCS_cjs.GCM_TAG_BYTES) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web decrypt: Invalid auth tag length",
+      description: `Expected ${chunkVCBHSRCS_cjs.GCM_TAG_BYTES} bytes, got ${tagBytes.result.byteLength}`
+    });
+  }
+  const cipherWithTag = new Uint8Array(cipherBytes.result.byteLength + tagBytes.result.byteLength);
+  cipherWithTag.set(new Uint8Array(cipherBytes.result), 0);
+  cipherWithTag.set(new Uint8Array(tagBytes.result), cipherBytes.result.byteLength);
+  let decrypted;
+  try {
+    decrypted = new Uint8Array(
+      await globalThis.crypto.subtle.decrypt(
+        { name: injectedKey.injected.web, iv: ivBytes.result },
+        injectedKey.key,
+        cipherWithTag
+      )
+    );
+    return $convertBytesToStr2(decrypted, "utf8");
+  } catch (error) {
+    return chunkVCBHSRCS_cjs.$err({ message: "web decrypt: Failed to decrypt data", description: chunkVCBHSRCS_cjs.$fmtError(error) });
+  } finally {
+    decrypted?.fill(0);
+  }
+}
+async function $encryptObj(data, secretKey, options) {
+  const { result, error } = chunkVCBHSRCS_cjs.$stringifyObj(data);
+  if (error) return chunkVCBHSRCS_cjs.$err(error);
+  return await $encrypt(result, secretKey, options);
+}
+async function $decryptObj(encrypted, secretKey, options) {
+  const { result, error } = await $decrypt(encrypted, secretKey, options);
+  if (error) return chunkVCBHSRCS_cjs.$err(error);
+  return chunkVCBHSRCS_cjs.$parseToObj(result);
+}
+
+// src/web/web-hash.ts
+async function $hash(data, options = {}) {
+  if (!chunkVCBHSRCS_cjs.$isStr(data)) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web hash: Data must be a non-empty string",
+      description: "Received empty or non-string value"
+    });
+  }
+  if (!chunkVCBHSRCS_cjs.$isPlainObj(options)) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: "web hash: Options must be a plain object",
+      description: 'Pass an object like { digest: "sha256" }'
+    });
+  }
+  const outputEncoding = options.outputEncoding ?? "base64url";
+  if (!chunkVCBHSRCS_cjs.CIPHER_ENCODING.includes(outputEncoding)) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: `web hash: Unsupported output encoding: ${outputEncoding}`,
+      description: "Use base64, base64url, or hex"
+    });
+  }
+  const digest = options.digest ?? "sha256";
+  if (!(digest in chunkVCBHSRCS_cjs.DIGEST_ALGORITHMS)) {
+    return chunkVCBHSRCS_cjs.$err({
+      message: `web hash: Unsupported digest: ${digest}`,
+      description: `Supported digests are: ${Object.keys(chunkVCBHSRCS_cjs.DIGEST_ALGORITHMS).join(", ")}`
+    });
+  }
+  const digestAlgo = chunkVCBHSRCS_cjs.DIGEST_ALGORITHMS[digest];
+  const { result, error } = $convertStrToBytes2(data, "utf8");
+  if (error) return chunkVCBHSRCS_cjs.$err(error);
+  try {
+    const hashed = await globalThis.crypto.subtle.digest(digestAlgo.web, result);
+    return $convertBytesToStr2(hashed, outputEncoding);
+  } catch (error2) {
+    return chunkVCBHSRCS_cjs.$err({ message: "web hash: Failed to hash data", description: chunkVCBHSRCS_cjs.$fmtError(error2) });
+  }
+}
+async function $hashPassword(password, options) {
+  const validated = chunkVCBHSRCS_cjs.$validateHashPasswordOptions(password, options, "web");
+  if (validated.error) return chunkVCBHSRCS_cjs.$err(validated.error);
+  const { digestAlgo, outputEncoding, saltLength, iterations, keyLength } = validated;
+  const salt = globalThis.crypto.getRandomValues(new Uint8Array(saltLength));
+  let bits;
+  try {
+    const baseKey = await globalThis.crypto.subtle.importKey(
+      "raw",
+      chunkVCBHSRCS_cjs.textEncoder.encode(password.normalize("NFKC")),
+      "PBKDF2",
+      false,
+      ["deriveBits"]
+    );
+    bits = await globalThis.crypto.subtle.deriveBits(
+      { name: "PBKDF2", salt, iterations, hash: digestAlgo.web },
+      baseKey,
+      keyLength * 8
+    );
+    const saltStr = $convertBytesToStr2(salt, outputEncoding);
+    if (saltStr.error) return chunkVCBHSRCS_cjs.$err(saltStr.error);
+    const hashedPasswordStr = $convertBytesToStr2(bits, outputEncoding);
+    if (hashedPasswordStr.error) return chunkVCBHSRCS_cjs.$err(hashedPasswordStr.error);
+    return chunkVCBHSRCS_cjs.$ok({ result: hashedPasswordStr.result, salt: saltStr.result });
+  } catch (error) {
+    return chunkVCBHSRCS_cjs.$err({ message: "web hashPassword: Failed to hash password", description: chunkVCBHSRCS_cjs.$fmtError(error) });
+  } finally {
+    salt.fill(0);
+    if (bits) new Uint8Array(bits).fill(0);
+  }
+}
+async function $verifyPassword(password, hashedPassword, salt, options) {
+  const validated = chunkVCBHSRCS_cjs.$validateVerifyPasswordOptions(password, hashedPassword, salt, options, "web");
+  if (validated.error) return chunkVCBHSRCS_cjs.$err(validated.error);
+  const { digestAlgo, inputEncoding, iterations, keyLength } = validated;
+  const saltBytes = $convertStrToBytes2(salt, inputEncoding);
+  if (saltBytes.error) return chunkVCBHSRCS_cjs.$err(saltBytes.error);
+  const hashedPasswordBytes = $convertStrToBytes2(hashedPassword, inputEncoding);
+  if (hashedPasswordBytes.error) return chunkVCBHSRCS_cjs.$err(hashedPasswordBytes.error);
+  if (hashedPasswordBytes.result.byteLength !== keyLength) return chunkVCBHSRCS_cjs.$ok(false);
+  try {
+    const baseKey = await globalThis.crypto.subtle.importKey(
+      "raw",
+      chunkVCBHSRCS_cjs.textEncoder.encode(password.normalize("NFKC")),
+      "PBKDF2",
+      false,
+      ["deriveBits"]
+    );
+    const bits = new Uint8Array(
+      await globalThis.crypto.subtle.deriveBits(
+        { name: "PBKDF2", salt: saltBytes.result, iterations, hash: digestAlgo.web },
+        baseKey,
+        keyLength * 8
+      )
+    );
+    const expected = hashedPasswordBytes.result;
+    const left = new Uint8Array(keyLength);
+    const right = new Uint8Array(keyLength);
+    left.set(bits);
+    right.set(expected);
+    let diff = 0;
+    for (let i = 0; i < keyLength; i++) {
+      diff |= left[i] ^ right[i];
+    }
+    try {
+      return chunkVCBHSRCS_cjs.$ok(diff === 0);
+    } finally {
+      left.fill(0);
+      right.fill(0);
+      bits.fill(0);
+    }
+  } catch (error) {
+    return chunkVCBHSRCS_cjs.$err({ message: "web verifyPassword: Verification failed", description: chunkVCBHSRCS_cjs.$fmtError(error) });
+  } finally {
+    saltBytes.result.fill(0);
+    hashedPasswordBytes.result.fill(0);
+  }
+}
+
+// src/web/kit.ts
+function isWebSecretKey(x) {
+  return $isWebSecretKey(x) !== null;
+}
+function tryGenerateUuid() {
+  try {
+    return chunkVCBHSRCS_cjs.$ok(globalThis.crypto.randomUUID());
+  } catch (error) {
+    return chunkVCBHSRCS_cjs.$err({ message: "web generateUuid: Failed to generate UUID", description: chunkVCBHSRCS_cjs.$fmtError(error) });
+  }
+}
+function generateUuid() {
+  return globalThis.crypto.randomUUID();
+}
+async function tryCreateSecretKey(secret, options = {}) {
+  return await $createSecretKey(secret, options);
+}
+async function createSecretKey(secret, options = {}) {
+  const { result, error } = await $createSecretKey(secret, options);
+  if (error) throw new Error(chunkVCBHSRCS_cjs.$fmtResultErr(error));
+  return result;
+}
+async function tryEncrypt(data, secretKey, options = {}) {
+  return await $encrypt(data, secretKey, options);
+}
+async function encrypt(data, secretKey, options = {}) {
+  const { result, error } = await $encrypt(data, secretKey, options);
+  if (error) throw new Error(chunkVCBHSRCS_cjs.$fmtResultErr(error));
+  return result;
+}
+async function tryDecrypt(encrypted, secretKey, options = {}) {
+  return await $decrypt(encrypted, secretKey, options);
+}
+async function decrypt(encrypted, secretKey, options = {}) {
+  const { result, error } = await $decrypt(encrypted, secretKey, options);
+  if (error) throw new Error(chunkVCBHSRCS_cjs.$fmtResultErr(error));
+  return result;
+}
+async function tryEncryptObj(obj, secretKey, options = {}) {
+  return await $encryptObj(obj, secretKey, options);
+}
+async function encryptObj(obj, secretKey, options = {}) {
+  const { result, error } = await $encryptObj(obj, secretKey, options);
+  if (error) throw new Error(chunkVCBHSRCS_cjs.$fmtResultErr(error));
+  return result;
+}
+async function tryDecryptObj(encrypted, secretKey, options = {}) {
+  return await $decryptObj(encrypted, secretKey, options);
+}
+async function decryptObj(encrypted, secretKey, options = {}) {
+  const { result, error } = await $decryptObj(encrypted, secretKey, options);
+  if (error) throw new Error(chunkVCBHSRCS_cjs.$fmtResultErr(error));
+  return result;
+}
+async function tryHash(data, options = {}) {
+  return await $hash(data, options);
+}
+async function hash(data, options = {}) {
+  const { result, error } = await $hash(data, options);
+  if (error) throw new Error(chunkVCBHSRCS_cjs.$fmtResultErr(error));
+  return result;
+}
+async function tryHashPassword(password, options = {}) {
+  return await $hashPassword(password, options);
+}
+async function hashPassword(password, options = {}) {
+  const { result, salt, error } = await $hashPassword(password, options);
+  if (error) throw new Error(chunkVCBHSRCS_cjs.$fmtResultErr(error));
+  return { result, salt };
+}
+async function tryVerifyPassword(password, hashedPassword, salt, options = {}) {
+  return await $verifyPassword(password, hashedPassword, salt, options);
+}
+async function verifyPassword(password, hashedPassword, salt, options = {}) {
+  const { result, error } = await $verifyPassword(password, hashedPassword, salt, options);
+  if (error) throw new Error(chunkVCBHSRCS_cjs.$fmtResultErr(error));
+  return result;
+}
+function tryConvertStrToBytes(data, inputEncoding = "utf8") {
+  return $convertStrToBytes2(data, inputEncoding);
+}
+function convertStrToBytes(data, inputEncoding = "utf8") {
+  const { result, error } = $convertStrToBytes2(data, inputEncoding);
+  if (error) throw new Error(chunkVCBHSRCS_cjs.$fmtResultErr(error));
+  return result;
+}
+function tryConvertBytesToStr(data, outputEncoding = "utf8") {
+  return $convertBytesToStr2(data, outputEncoding);
+}
+function convertBytesToStr(data, outputEncoding = "utf8") {
+  const { result, error } = $convertBytesToStr2(data, outputEncoding);
+  if (error) throw new Error(chunkVCBHSRCS_cjs.$fmtResultErr(error));
+  return result;
+}
+function tryConvertEncoding(data, from, to) {
+  return $convertEncoding(data, from, to);
+}
+function convertEncoding(data, from, to) {
+  const { result, error } = $convertEncoding(data, from, to);
+  if (error) throw new Error(chunkVCBHSRCS_cjs.$fmtResultErr(error));
+  return result;
+}
+
+exports.convertBytesToStr = convertBytesToStr;
+exports.convertEncoding = convertEncoding;
+exports.convertStrToBytes = convertStrToBytes;
+exports.createSecretKey = createSecretKey;
+exports.decrypt = decrypt;
+exports.decryptObj = decryptObj;
+exports.encrypt = encrypt;
+exports.encryptObj = encryptObj;
+exports.generateUuid = generateUuid;
+exports.hash = hash;
+exports.hashPassword = hashPassword;
+exports.isWebSecretKey = isWebSecretKey;
+exports.kit_exports = kit_exports;
+exports.tryConvertBytesToStr = tryConvertBytesToStr;
+exports.tryConvertEncoding = tryConvertEncoding;
+exports.tryConvertStrToBytes = tryConvertStrToBytes;
+exports.tryCreateSecretKey = tryCreateSecretKey;
+exports.tryDecrypt = tryDecrypt;
+exports.tryDecryptObj = tryDecryptObj;
+exports.tryEncrypt = tryEncrypt;
+exports.tryEncryptObj = tryEncryptObj;
+exports.tryGenerateUuid = tryGenerateUuid;
+exports.tryHash = tryHash;
+exports.tryHashPassword = tryHashPassword;
+exports.tryVerifyPassword = tryVerifyPassword;
+exports.verifyPassword = verifyPassword;
+//# sourceMappingURL=chunk-7254PEID.cjs.map
+//# sourceMappingURL=chunk-7254PEID.cjs.map

package/dist/chunk-7254PEID.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/web/kit.ts","../src/web/web-encode.ts","../src/web/web-secret-key.ts","../src/web/web-encrypt.ts","../src/web/web-hash.ts"],"names":["__export","$convertStrToBytes","$err","$convertBytesToStr","$isStr","ENCODING","$ok","$validateSecretKeyBase","$isObj","$validateCreateSecretKeyOptions","textEncoder","$fmtError","$isPlainObj","CIPHER_ENCODING","GCM_IV_LENGTH","GCM_TAG_BYTES","$fmtResultErr","error","matchEncryptedPattern","$stringifyObj","$parseToObj","DIGEST_ALGORITHMS","$validateHashPasswordOptions","$validateVerifyPasswordOptions"],"mappings":";;;;;AAAA,IAAA,WAAA,GAAA;AAAAA,0BAAA,CAAA,WAAA,EAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,IAAA,EAAA,MAAA,IAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,oBAAA,EAAA,MAAA,oBAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,oBAAA,EAAA,MAAA,oBAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,cAAA,EAAA,MAAA;AAAA,CAAA,CAAA;;;ACaO,SAASC,mBAAAA,CACd,IAAA,EACA,aAAA,GAA0B,MAAA,EACmB;AAC7C,EAAA,MAAM,MAAA,GAASA,oCAAA,CAAkB,IAAA,EAAM,aAAa,CAAA;AACpD,EAAA,IAAI,OAAO,KAAA,EAAO;AAChB,IAAA,OAAOC,sBAAA,CAAK;AAAA,MACV,SAAS,MAAA,CAAO,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,eAAe,iBAAiB,CAAA;AAAA,MACtE,WAAA,EAAa,OAAO,KAAA,CAAM;AAAA,KAC3B,CAAA;AAAA,EACH;AACA,EAAA,OAAO,MAAA;AACT;AAEO,SAASC,mBAAAA,CAAmB,IAAA,EAAgC,cAAA,GAA2B,MAAA,EAAwB;AACpH,EAAA,MAAM,MAAA,GAASA,oCAAA,CAAkB,IAAA,EAAM,cAAc,CAAA;AACrD,EAAA,IAAI,OAAO,KAAA,EAAO;AAChB,IAAA,OAAOD,sBAAA,CAAK;AAAA,MACV,SAAS,MAAA,CAAO,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,eAAe,iBAAiB,CAAA;AAAA,MACtE,WAAA,EAAa,OAAO,KAAA,CAAM;AAAA,KAC3B,CAAA;AAAA,EACH;AACA,EAAA,OAAO,MAAA;AACT;AAEO,SAAS,gBAAA,CAAiB,IAAA,EAAc,IAAA,EAAgB,EAAA,EAA8B;AAC3F,EAAA,IAAI,CAACE,wBAAA,CAAO,IAAI,CAAA,EAAG;AACjB,IAAA,OAAOF,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,sDAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AACA,EAAA,IAAI,CAACG,2BAAS,QAAA,CAAS,IAAI,KAAK,CAACA,0BAAA,CAAS,QAAA,CAAS,EAAE,CAAA,EAAG;AACtD,IAAA,OAAOH,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,CAAA,gDAAA,EAAmD,IAAI,CAAA,IAAA,EAAO,EAAE,CAAA,CAAA;AAAA,MACzE,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,KAAA,GAAQD,mBAAAA,CAAmB,IAAA,EAAM,IAAI,CAAA;AAC3C,EAAA,IAAI,KAAA,CAAM,KAAA,EAAO,OAAOC,sBAAA,CAAK,MAAM,KAAK,CAAA;AAExC,EAAA,MAAM,GAAA,GAAMC,mBAAAA,CAAmB,KAAA,CAAM,MAAA,EAAQ,EAAE,CAAA;AAC/C,EAAA,IAAI,GAAA,CAAI,KAAA,EAAO,OAAOD,sBAAA,CAAK,IAAI,KAAK,CAAA;AAEpC,EAAA,OAAOI,qBAAA,CAAI,IAAI,MAAM,CAAA;AACvB;;;AC3CO,SAAS,gBAAgB,CAAA,EAAiC;AAC/D,EAAA,MAAM,IAAA,GAAOC,wCAAA,CAAuB,CAAA,EAAG,KAAK,CAAA;AAC5C,EAAA,IAAI,CAAC,MAAM,OAAO,IAAA;AAElB,EAAA,IAAI,OAAO,WAAW,SAAA,KAAc,WAAA,IAAe,EAAE,IAAA,CAAK,GAAA,CAAI,GAAA,YAAe,SAAA,CAAA,EAAY,OAAO,IAAA;AAEhG,EAAA,IACE,CAACC,wBAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAA,CAAI,SAAS,CAAA,IAC9B,IAAA,CAAK,GAAA,CAAI,GAAA,CAAI,SAAA,CAAU,IAAA,KAAS,KAAK,SAAA,CAAU,GAAA,IAC9C,OAAO,IAAA,CAAK,GAAA,CAAI,GAAA,CAAI,UAAU,MAAA,KAAW,QAAA,IACxC,IAAA,CAAK,GAAA,CAAI,GAAA,CAAI,SAAA,CAAU,WAAW,IAAA,CAAK,SAAA,CAAU,QAAA,GAAW,CAAA,IAC9D,CAAC,KAAA,CAAM,QAAQ,IAAA,CAAK,GAAA,CAAI,GAAA,CAAI,MAAM,CAAA,IAClC,EAAE,KAAK,GAAA,CAAI,GAAA,CAAI,MAAA,CAAO,QAAA,CAAS,SAAS,CAAA,IAAK,IAAA,CAAK,GAAA,CAAI,GAAA,CAAI,MAAA,CAAO,QAAA,CAAS,SAAS,CAAA,CAAA,EACnF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,CAAA;AACT;AAEA,eAAsB,gBAAA,CACpB,QACA,OAAA,EAC2C;AAC3C,EAAA,MAAM,SAAA,GAAYC,iDAAA,CAAgC,MAAA,EAAQ,OAAA,EAAS,KAAK,CAAA;AACxE,EAAA,IAAI,SAAA,CAAU,KAAA,EAAO,OAAOP,sBAAA,CAAK,UAAU,KAAK,CAAA;AAEhD,EAAA,MAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,MAAM,IAAA,EAAM,WAAA,EAAa,YAAW,GAAI,SAAA;AAEnE,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,MAAM,UAAA,CAAW,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACzC,KAAA;AAAA,MACAQ,6BAAA,CAAY,MAAA,CAAO,MAAA,CAAO,SAAA,CAAU,MAAM,CAAC,CAAA;AAAA,MAC3C,MAAA;AAAA,MACA,KAAA;AAAA,MACA,CAAC,WAAW;AAAA,KACd;AACA,IAAA,MAAM,WAAA,GAAc,QAAQ,WAAA,IAAe,KAAA;AAC3C,IAAA,MAAM,GAAA,GAAM,MAAM,UAAA,CAAW,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACzC;AAAA,QACE,IAAA,EAAM,MAAA;AAAA,QACN,MAAM,UAAA,CAAW,GAAA;AAAA,QACjB,MAAMA,6BAAA,CAAY,MAAA,CAAO,IAAA,CAAK,SAAA,CAAU,MAAM,CAAC,CAAA;AAAA,QAC/C,MAAMA,6BAAA,CAAY,MAAA,CAAO,IAAA,CAAK,SAAA,CAAU,MAAM,CAAC;AAAA,OACjD;AAAA,MACA,GAAA;AAAA,MACA,EAAE,IAAA,EAAM,WAAA,CAAY,KAAK,MAAA,EAAQ,WAAA,CAAY,WAAW,CAAA,EAAE;AAAA,MAC1D,WAAA;AAAA,MACA,CAAC,WAAW,SAAS;AAAA,KACvB;AACA,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,EAAE,QAAA,EAAU,KAAA,EAAO,MAAA,EAAQ,SAAA,EAAW,GAAA,EAAK,QAAA,EAAU,WAAA,EAAa,CAAA;AAElG,IAAA,OAAOJ,qBAAA,CAAI,EAAE,MAAA,EAAQ,SAAA,EAAW,CAAA;AAAA,EAClC,SAAS,KAAA,EAAO;AACd,IAAA,OAAOJ,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,2CAAA;AAAA,MACT,WAAA,EAAaS,4BAAU,KAAK;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;;;ACzDA,eAAsB,QAAA,CACpB,IAAA,EACA,SAAA,EACA,OAAA,EACyB;AACzB,EAAA,IAAI,CAACP,wBAAA,CAAO,IAAI,CAAA,EAAG;AACjB,IAAA,OAAOF,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,8CAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAACU,6BAAA,CAA4B,OAAO,CAAA,EAAG;AACzC,IAAA,OAAOV,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,6CAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,cAAA,GAAiB,QAAQ,cAAA,IAAkB,WAAA;AACjD,EAAA,IAAI,CAACW,iCAAA,CAAgB,QAAA,CAAS,cAAc,CAAA,EAAG;AAC7C,IAAA,OAAOX,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,6CAA6C,cAAc,CAAA,CAAA;AAAA,MACpE,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,WAAA,GAAc,gBAAgB,SAAS,CAAA;AAC7C,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,OAAOA,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,iCAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAM,GAAID,mBAAAA,CAAmB,MAAM,MAAM,CAAA;AACzD,EAAA,IAAI,KAAA,EAAO,OAAOC,sBAAA,CAAK,KAAK,CAAA;AAE5B,EAAA,IAAI;AACF,IAAA,MAAM,KAAK,UAAA,CAAW,MAAA,CAAO,gBAAgB,IAAI,UAAA,CAAWY,+BAAa,CAAC,CAAA;AAC1E,IAAA,MAAM,aAAA,GAAgB,MAAM,UAAA,CAAW,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,MACnD,EAAE,IAAA,EAAM,WAAA,CAAY,QAAA,CAAS,KAAK,EAAA,EAAG;AAAA,MACrC,WAAA,CAAY,GAAA;AAAA,MACZ;AAAA,KACF;AAEA,IAAA,MAAM,aAAa,aAAA,CAAc,KAAA,CAAM,CAAA,EAAG,aAAA,CAAc,aAAaC,+BAAa,CAAA;AAClF,IAAA,MAAM,GAAA,GAAM,aAAA,CAAc,KAAA,CAAM,aAAA,CAAc,aAAaA,+BAAa,CAAA;AAExE,IAAA,MAAM,KAAA,GAAQZ,mBAAAA,CAAmB,EAAA,EAAI,cAAc,CAAA;AACnD,IAAA,MAAM,SAAA,GAAYA,mBAAAA,CAAmB,UAAA,EAAY,cAAc,CAAA;AAC/D,IAAA,MAAM,MAAA,GAASA,mBAAAA,CAAmB,GAAA,EAAK,cAAc,CAAA;AAErD,IAAA,IAAI,KAAA,CAAM,KAAA,IAAS,SAAA,CAAU,KAAA,IAAS,OAAO,KAAA,EAAO;AAClD,MAAA,OAAOD,sBAAA,CAAK;AAAA,QACV,OAAA,EAAS,sCAAA;AAAA,QACT,WAAA,EAAa,qBAAqBc,+BAAA,CAAc,KAAA,CAAM,SAAS,SAAA,CAAU,KAAA,IAAS,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,OAChG,CAAA;AAAA,IACH;AAEA,IAAA,OAAOV,qBAAA,CAAI,CAAA,EAAG,KAAA,CAAM,MAAM,CAAA,CAAA,EAAI,UAAU,MAAM,CAAA,CAAA,EAAI,MAAA,CAAO,MAAM,CAAA,CAAA,CAAG,CAAA;AAAA,EACpE,SAASW,MAAAA,EAAO;AACd,IAAA,OAAOf,sBAAA,CAAK,EAAE,OAAA,EAAS,qCAAA,EAAuC,aAAaS,2BAAA,CAAUM,MAAK,GAAG,CAAA;AAAA,EAC/F,CAAA,SAAE;AACA,IAAA,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,EACf;AACF;AAEA,eAAsB,QAAA,CACpB,SAAA,EACA,SAAA,EACA,OAAA,EACyB;AACzB,EAAA,IAAI,CAACC,uCAAA,CAAsB,SAAS,CAAA,EAAG;AACrC,IAAA,OAAOhB,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,4CAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAACU,6BAAA,CAA4B,OAAO,CAAA,EAAG;AACzC,IAAA,OAAOV,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,6CAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,aAAA,GAAgB,QAAQ,aAAA,IAAiB,WAAA;AAC/C,EAAA,IAAI,CAACW,iCAAA,CAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AAC5C,IAAA,OAAOX,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,4CAA4C,aAAa,CAAA,CAAA;AAAA,MAClE,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,CAAC,IAAI,MAAA,EAAQ,GAAG,IAAI,SAAA,CAAU,KAAA,CAAM,KAAK,CAAC,CAAA;AAEhD,EAAA,MAAM,WAAA,GAAc,gBAAgB,SAAS,CAAA;AAC7C,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,OAAOA,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,iCAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,OAAA,GAAUD,mBAAAA,CAAmB,EAAA,EAAI,aAAa,CAAA;AACpD,EAAA,MAAM,WAAA,GAAcA,mBAAAA,CAAmB,MAAA,EAAQ,aAAa,CAAA;AAC5D,EAAA,MAAM,QAAA,GAAWA,mBAAAA,CAAmB,GAAA,EAAK,aAAa,CAAA;AAEtD,EAAA,IAAI,OAAA,CAAQ,KAAA,IAAS,WAAA,CAAY,KAAA,IAAS,SAAS,KAAA,EAAO;AACxD,IAAA,OAAOC,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,qCAAA;AAAA,MACT,WAAA,EAAa,qBAAqBc,+BAAA,CAAc,OAAA,CAAQ,SAAS,WAAA,CAAY,KAAA,IAAS,QAAA,CAAS,KAAK,CAAC,CAAA;AAAA,KACtG,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,OAAA,CAAQ,MAAA,CAAO,UAAA,KAAeF,+BAAA,EAAe;AAC/C,IAAA,OAAOZ,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,gCAAA;AAAA,MACT,aAAa,CAAA,SAAA,EAAYY,+BAAa,CAAA,YAAA,EAAe,OAAA,CAAQ,OAAO,UAAU,CAAA;AAAA,KAC/E,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,QAAA,CAAS,MAAA,CAAO,UAAA,KAAeC,+BAAA,EAAe;AAChD,IAAA,OAAOb,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,sCAAA;AAAA,MACT,aAAa,CAAA,SAAA,EAAYa,+BAAa,CAAA,YAAA,EAAe,QAAA,CAAS,OAAO,UAAU,CAAA;AAAA,KAChF,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,aAAA,GAAgB,IAAI,UAAA,CAAW,WAAA,CAAY,OAAO,UAAA,GAAa,QAAA,CAAS,OAAO,UAAU,CAAA;AAC/F,EAAA,aAAA,CAAc,IAAI,IAAI,UAAA,CAAW,WAAA,CAAY,MAAM,GAAG,CAAC,CAAA;AACvD,EAAA,aAAA,CAAc,GAAA,CAAI,IAAI,UAAA,CAAW,QAAA,CAAS,MAAM,CAAA,EAAG,WAAA,CAAY,OAAO,UAAU,CAAA;AAEhF,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI;AACF,IAAA,SAAA,GAAY,IAAI,UAAA;AAAA,MACd,MAAM,UAAA,CAAW,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,QAC7B,EAAE,IAAA,EAAM,WAAA,CAAY,SAAS,GAAA,EAAK,EAAA,EAAI,QAAQ,MAAA,EAAO;AAAA,QACrD,WAAA,CAAY,GAAA;AAAA,QACZ;AAAA;AACF,KACF;AAEA,IAAA,OAAOZ,mBAAAA,CAAmB,WAAW,MAAM,CAAA;AAAA,EAC7C,SAAS,KAAA,EAAO;AACd,IAAA,OAAOD,sBAAA,CAAK,EAAE,OAAA,EAAS,qCAAA,EAAuC,aAAaS,2BAAA,CAAU,KAAK,GAAG,CAAA;AAAA,EAC/F,CAAA,SAAE;AACA,IAAA,SAAA,EAAW,KAAK,CAAC,CAAA;AAAA,EACnB;AACF;AAEA,eAAsB,WAAA,CACpB,IAAA,EACA,SAAA,EACA,OAAA,EACyB;AACzB,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAM,GAAIQ,gCAAc,IAAI,CAAA;AAC5C,EAAA,IAAI,KAAA,EAAO,OAAOjB,sBAAA,CAAK,KAAK,CAAA;AAC5B,EAAA,OAAO,MAAM,QAAA,CAAS,MAAA,EAAQ,SAAA,EAAW,OAAO,CAAA;AAClD;AAEA,eAAsB,WAAA,CACpB,SAAA,EACA,SAAA,EACA,OAAA,EACgC;AAChC,EAAA,MAAM,EAAE,QAAQ,KAAA,EAAM,GAAI,MAAM,QAAA,CAAS,SAAA,EAAW,WAAW,OAAO,CAAA;AACtE,EAAA,IAAI,KAAA,EAAO,OAAOA,sBAAA,CAAK,KAAK,CAAA;AAC5B,EAAA,OAAOkB,8BAAe,MAAM,CAAA;AAC9B;;;ACrLA,eAAsB,KAAA,CAAM,IAAA,EAAc,OAAA,GAAuB,EAAC,EAA4B;AAC5F,EAAA,IAAI,CAAChB,wBAAA,CAAO,IAAI,CAAA,EAAG;AACjB,IAAA,OAAOF,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,2CAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAACU,6BAAA,CAAyB,OAAO,CAAA,EAAG;AACtC,IAAA,OAAOV,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,0CAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,cAAA,GAAiB,QAAQ,cAAA,IAAkB,WAAA;AACjD,EAAA,IAAI,CAACW,iCAAA,CAAgB,QAAA,CAAS,cAAc,CAAA,EAAG;AAC7C,IAAA,OAAOX,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,0CAA0C,cAAc,CAAA,CAAA;AAAA,MACjE,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,MAAA,GAAS,QAAQ,MAAA,IAAU,QAAA;AACjC,EAAA,IAAI,EAAE,UAAUmB,mCAAA,CAAA,EAAoB;AAClC,IAAA,OAAOnB,sBAAA,CAAK;AAAA,MACV,OAAA,EAAS,iCAAiC,MAAM,CAAA,CAAA;AAAA,MAChD,WAAA,EAAa,0BAA0B,MAAA,CAAO,IAAA,CAAKmB,mCAAiB,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,KACjF,CAAA;AAAA,EACH;AACA,EAAA,MAAM,UAAA,GAAaA,oCAAkB,MAAM,CAAA;AAE3C,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAM,GAAIpB,mBAAAA,CAAmB,MAAM,MAAM,CAAA;AACzD,EAAA,IAAI,KAAA,EAAO,OAAOC,sBAAA,CAAK,KAAK,CAAA;AAE5B,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAM,UAAA,CAAW,MAAA,CAAO,OAAO,MAAA,CAAO,UAAA,CAAW,KAAK,MAAM,CAAA;AAC3E,IAAA,OAAOC,mBAAAA,CAAmB,QAAQ,cAAc,CAAA;AAAA,EAClD,SAASc,MAAAA,EAAO;AACd,IAAA,OAAOf,sBAAA,CAAK,EAAE,OAAA,EAAS,+BAAA,EAAiC,aAAaS,2BAAA,CAAUM,MAAK,GAAG,CAAA;AAAA,EACzF;AACF;AAEA,eAAsB,aAAA,CACpB,UACA,OAAA,EACmD;AACnD,EAAA,MAAM,SAAA,GAAYK,8CAAA,CAA6B,QAAA,EAAU,OAAA,EAAS,KAAK,CAAA;AACvE,EAAA,IAAI,SAAA,CAAU,KAAA,EAAO,OAAOpB,sBAAA,CAAK,UAAU,KAAK,CAAA;AAEhD,EAAA,MAAM,EAAE,UAAA,EAAY,cAAA,EAAgB,UAAA,EAAY,UAAA,EAAY,WAAU,GAAI,SAAA;AAE1E,EAAA,MAAM,OAAO,UAAA,CAAW,MAAA,CAAO,gBAAgB,IAAI,UAAA,CAAW,UAAU,CAAC,CAAA;AACzE,EAAA,IAAI,IAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,GAAU,MAAM,UAAA,CAAW,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MAC7C,KAAA;AAAA,MACAQ,6BAAA,CAAY,MAAA,CAAO,QAAA,CAAS,SAAA,CAAU,MAAM,CAAC,CAAA;AAAA,MAC7C,QAAA;AAAA,MACA,KAAA;AAAA,MACA,CAAC,YAAY;AAAA,KACf;AACA,IAAA,IAAA,GAAO,MAAM,UAAA,CAAW,MAAA,CAAO,MAAA,CAAO,UAAA;AAAA,MACpC,EAAE,IAAA,EAAM,QAAA,EAAU,MAAM,UAAA,EAAY,IAAA,EAAM,WAAW,GAAA,EAAI;AAAA,MACzD,OAAA;AAAA,MACA,SAAA,GAAY;AAAA,KACd;AAEA,IAAA,MAAM,OAAA,GAAUP,mBAAAA,CAAmB,IAAA,EAAM,cAAc,CAAA;AACvD,IAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,OAAOD,sBAAA,CAAK,QAAQ,KAAK,CAAA;AAE5C,IAAA,MAAM,iBAAA,GAAoBC,mBAAAA,CAAmB,IAAA,EAAM,cAAc,CAAA;AACjE,IAAA,IAAI,iBAAA,CAAkB,KAAA,EAAO,OAAOD,sBAAA,CAAK,kBAAkB,KAAK,CAAA;AAEhE,IAAA,OAAOI,qBAAA,CAAI,EAAE,MAAA,EAAQ,iBAAA,CAAkB,QAAQ,IAAA,EAAM,OAAA,CAAQ,QAAQ,CAAA;AAAA,EACvE,SAAS,KAAA,EAAO;AACd,IAAA,OAAOJ,sBAAA,CAAK,EAAE,OAAA,EAAS,2CAAA,EAA6C,aAAaS,2BAAA,CAAU,KAAK,GAAG,CAAA;AAAA,EACrG,CAAA,SAAE;AACA,IAAA,IAAA,CAAK,KAAK,CAAC,CAAA;AACX,IAAA,IAAI,MAAM,IAAI,UAAA,CAAW,IAAI,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,EACvC;AACF;AAEA,eAAsB,eAAA,CACpB,QAAA,EACA,cAAA,EACA,IAAA,EACA,OAAA,EAC0B;AAC1B,EAAA,MAAM,YAAYY,gDAAA,CAA+B,QAAA,EAAU,cAAA,EAAgB,IAAA,EAAM,SAAS,KAAK,CAAA;AAC/F,EAAA,IAAI,SAAA,CAAU,KAAA,EAAO,OAAOrB,sBAAA,CAAK,UAAU,KAAK,CAAA;AAEhD,EAAA,MAAM,EAAE,UAAA,EAAY,aAAA,EAAe,UAAA,EAAY,WAAU,GAAI,SAAA;AAE7D,EAAA,MAAM,SAAA,GAAYD,mBAAAA,CAAmB,IAAA,EAAM,aAAa,CAAA;AACxD,EAAA,IAAI,SAAA,CAAU,KAAA,EAAO,OAAOC,sBAAA,CAAK,UAAU,KAAK,CAAA;AAEhD,EAAA,MAAM,mBAAA,GAAsBD,mBAAAA,CAAmB,cAAA,EAAgB,aAAa,CAAA;AAC5E,EAAA,IAAI,mBAAA,CAAoB,KAAA,EAAO,OAAOC,sBAAA,CAAK,oBAAoB,KAAK,CAAA;AAEpE,EAAA,IAAI,oBAAoB,MAAA,CAAO,UAAA,KAAe,SAAA,EAAW,OAAOI,sBAAI,KAAK,CAAA;AAEzE,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,GAAU,MAAM,UAAA,CAAW,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MAC7C,KAAA;AAAA,MACAI,6BAAA,CAAY,MAAA,CAAO,QAAA,CAAS,SAAA,CAAU,MAAM,CAAC,CAAA;AAAA,MAC7C,QAAA;AAAA,MACA,KAAA;AAAA,MACA,CAAC,YAAY;AAAA,KACf;AAEA,IAAA,MAAM,OAAO,IAAI,UAAA;AAAA,MACf,MAAM,UAAA,CAAW,MAAA,CAAO,MAAA,CAAO,UAAA;AAAA,QAC7B,EAAE,MAAM,QAAA,EAAU,IAAA,EAAM,UAAU,MAAA,EAAQ,UAAA,EAAY,IAAA,EAAM,UAAA,CAAW,GAAA,EAAI;AAAA,QAC3E,OAAA;AAAA,QACA,SAAA,GAAY;AAAA;AACd,KACF;AAEA,IAAA,MAAM,WAAW,mBAAA,CAAoB,MAAA;AACrC,IAAA,MAAM,IAAA,GAAO,IAAI,UAAA,CAAW,SAAS,CAAA;AACrC,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,SAAS,CAAA;AACtC,IAAA,IAAA,CAAK,IAAI,IAAI,CAAA;AACb,IAAA,KAAA,CAAM,IAAI,QAAQ,CAAA;AAGlB,IAAA,IAAI,IAAA,GAAO,CAAA;AACX,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,SAAA,EAAW,CAAA,EAAA,EAAK;AAClC,MAAA,IAAA,IAAS,IAAA,CAAK,CAAC,CAAA,GAAgB,KAAA,CAAM,CAAC,CAAA;AAAA,IACxC;AACA,IAAA,IAAI;AACF,MAAA,OAAOJ,qBAAA,CAAI,SAAS,CAAC,CAAA;AAAA,IACvB,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,KAAK,CAAC,CAAA;AACX,MAAA,KAAA,CAAM,KAAK,CAAC,CAAA;AACZ,MAAA,IAAA,CAAK,KAAK,CAAC,CAAA;AAAA,IACb;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAOJ,sBAAA,CAAK,EAAE,OAAA,EAAS,yCAAA,EAA2C,aAAaS,2BAAA,CAAU,KAAK,GAAG,CAAA;AAAA,EACnG,CAAA,SAAE;AACA,IAAA,SAAA,CAAU,MAAA,CAAO,KAAK,CAAC,CAAA;AACvB,IAAA,mBAAA,CAAoB,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,EACnC;AACF;;;AJ1HO,SAAS,eAAe,CAAA,EAA+B;AAC5D,EAAA,OAAO,eAAA,CAAgB,CAAC,CAAA,KAAM,IAAA;AAChC;AAQO,SAAS,eAAA,GAAkC;AAChD,EAAA,IAAI;AACF,IAAA,OAAOL,qBAAA,CAAI,UAAA,CAAW,MAAA,CAAO,UAAA,EAAY,CAAA;AAAA,EAC3C,SAAS,KAAA,EAAO;AACd,IAAA,OAAOJ,sBAAA,CAAK,EAAE,OAAA,EAAS,2CAAA,EAA6C,aAAaS,2BAAA,CAAU,KAAK,GAAG,CAAA;AAAA,EACrG;AACF;AAeO,SAAS,YAAA,GAAuB;AACrC,EAAA,OAAO,UAAA,CAAW,OAAO,UAAA,EAAW;AACtC;AAQA,eAAsB,kBAAA,CACpB,MAAA,EACA,OAAA,GAAkC,EAAC,EACQ;AAC3C,EAAA,OAAO,MAAM,gBAAA,CAAiB,MAAA,EAAQ,OAAO,CAAA;AAC/C;AAoBA,eAAsB,eAAA,CAAgB,MAAA,EAAgB,OAAA,GAAkC,EAAC,EAA0B;AACjH,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,KAAU,MAAM,gBAAA,CAAiB,QAAQ,OAAO,CAAA;AAChE,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAMK,+BAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQA,eAAsB,UAAA,CACpB,IAAA,EACA,SAAA,EACA,OAAA,GAA0B,EAAC,EACF;AACzB,EAAA,OAAO,MAAM,QAAA,CAAS,IAAA,EAAM,SAAA,EAAW,OAAO,CAAA;AAChD;AAwBA,eAAsB,OAAA,CAAQ,IAAA,EAAc,SAAA,EAAyB,OAAA,GAA0B,EAAC,EAAoB;AAClH,EAAA,MAAM,EAAE,QAAQ,KAAA,EAAM,GAAI,MAAM,QAAA,CAAS,IAAA,EAAM,WAAW,OAAO,CAAA;AACjE,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAMA,+BAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQA,eAAsB,UAAA,CACpB,SAAA,EACA,SAAA,EACA,OAAA,GAA0B,EAAC,EACF;AACzB,EAAA,OAAO,MAAM,QAAA,CAAS,SAAA,EAAW,SAAA,EAAW,OAAO,CAAA;AACrD;AAwBA,eAAsB,OAAA,CACpB,SAAA,EACA,SAAA,EACA,OAAA,GAA0B,EAAC,EACV;AACjB,EAAA,MAAM,EAAE,QAAQ,KAAA,EAAM,GAAI,MAAM,QAAA,CAAS,SAAA,EAAW,WAAW,OAAO,CAAA;AACtE,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAMA,+BAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQA,eAAsB,aAAA,CACpB,GAAA,EACA,SAAA,EACA,OAAA,GAA0B,EAAC,EACF;AACzB,EAAA,OAAO,MAAM,WAAA,CAAY,GAAA,EAAK,SAAA,EAAW,OAAO,CAAA;AAClD;AAuBA,eAAsB,UAAA,CACpB,GAAA,EACA,SAAA,EACA,OAAA,GAA0B,EAAC,EACV;AACjB,EAAA,MAAM,EAAE,QAAQ,KAAA,EAAM,GAAI,MAAM,WAAA,CAAY,GAAA,EAAK,WAAW,OAAO,CAAA;AACnE,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAMA,+BAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQA,eAAsB,aAAA,CACpB,SAAA,EACA,SAAA,EACA,OAAA,GAA0B,EAAC,EACK;AAChC,EAAA,OAAO,MAAM,WAAA,CAAe,SAAA,EAAW,SAAA,EAAW,OAAO,CAAA;AAC3D;AAuBA,eAAsB,UAAA,CACpB,SAAA,EACA,SAAA,EACA,OAAA,GAA0B,EAAC,EACf;AACZ,EAAA,MAAM,EAAE,QAAQ,KAAA,EAAM,GAAI,MAAM,WAAA,CAAe,SAAA,EAAW,WAAW,OAAO,CAAA;AAC5E,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAMA,+BAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQA,eAAsB,OAAA,CAAQ,IAAA,EAAc,OAAA,GAAuB,EAAC,EAA4B;AAC9F,EAAA,OAAO,MAAM,KAAA,CAAM,IAAA,EAAM,OAAO,CAAA;AAClC;AAiBA,eAAsB,IAAA,CAAK,IAAA,EAAc,OAAA,GAAuB,EAAC,EAAoB;AACnF,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,KAAU,MAAM,KAAA,CAAM,MAAM,OAAO,CAAA;AACnD,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAMA,+BAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQA,eAAsB,eAAA,CACpB,QAAA,EACA,OAAA,GAA+B,EAAC,EACmB;AACnD,EAAA,OAAO,MAAM,aAAA,CAAc,QAAA,EAAU,OAAO,CAAA;AAC9C;AAoBA,eAAsB,YAAA,CACpB,QAAA,EACA,OAAA,GAA+B,EAAC,EACW;AAC3C,EAAA,MAAM,EAAE,QAAQ,IAAA,EAAM,KAAA,KAAU,MAAM,aAAA,CAAc,UAAU,OAAO,CAAA;AACrE,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAMA,+BAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,EAAE,QAAQ,IAAA,EAAK;AACxB;AAQA,eAAsB,kBACpB,QAAA,EACA,cAAA,EACA,IAAA,EACA,OAAA,GAAiC,EAAC,EACR;AAC1B,EAAA,OAAO,MAAM,eAAA,CAAgB,QAAA,EAAU,cAAA,EAAgB,MAAM,OAAO,CAAA;AACtE;AA6BA,eAAsB,eACpB,QAAA,EACA,cAAA,EACA,IAAA,EACA,OAAA,GAAiC,EAAC,EAChB;AAClB,EAAA,MAAM,EAAE,QAAQ,KAAA,EAAM,GAAI,MAAM,eAAA,CAAgB,QAAA,EAAU,cAAA,EAAgB,IAAA,EAAM,OAAO,CAAA;AACvF,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAMA,+BAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,oBAAA,CACd,IAAA,EACA,aAAA,GAA0B,MAAA,EACmB;AAC7C,EAAA,OAAOf,mBAAAA,CAAmB,MAAM,aAAa,CAAA;AAC/C;AAiBO,SAAS,iBAAA,CAAkB,IAAA,EAAc,aAAA,GAA0B,MAAA,EAAiC;AACzG,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAM,GAAIA,mBAAAA,CAAmB,MAAM,aAAa,CAAA;AAChE,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAMe,+BAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,oBAAA,CACd,IAAA,EACA,cAAA,GAA2B,MAAA,EACX;AAChB,EAAA,OAAOb,mBAAAA,CAAmB,MAAM,cAAc,CAAA;AAChD;AAkBO,SAAS,iBAAA,CAAkB,IAAA,EAAgC,cAAA,GAA2B,MAAA,EAAgB;AAC3G,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAM,GAAIA,mBAAAA,CAAmB,MAAM,cAAc,CAAA;AACjE,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAMa,+BAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,kBAAA,CAAmB,IAAA,EAAc,IAAA,EAAgB,EAAA,EAA8B;AAC7F,EAAA,OAAO,gBAAA,CAAiB,IAAA,EAAM,IAAA,EAAM,EAAE,CAAA;AACxC;AAkBO,SAAS,eAAA,CAAgB,IAAA,EAAc,IAAA,EAAgB,EAAA,EAAsB;AAClF,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,KAAU,gBAAA,CAAiB,IAAA,EAAM,MAAM,EAAE,CAAA;AACzD,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAMA,+BAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT","file":"chunk-7254PEID.cjs","sourcesContent":["import { $err, $fmtError, $fmtResultErr, $ok, type Result } from \"@internal/helpers\";\nimport type {\n  CreateSecretKeyOptions,\n  DecryptOptions,\n  Encoding,\n  EncryptOptions,\n  HashOptions,\n  HashPasswordOptions,\n  VerifyPasswordOptions,\n} from \"~/helpers/types.js\";\nimport { $convertBytesToStr, $convertEncoding, $convertStrToBytes } from \"./web-encode.js\";\nimport { $decrypt, $decryptObj, $encrypt, $encryptObj } from \"./web-encrypt.js\";\nimport { $hash, $hashPassword, $verifyPassword } from \"./web-hash.js\";\nimport { $createSecretKey, $isWebSecretKey, type WebSecretKey } from \"./web-secret-key.js\";\n\n/**\n * Checks whether a value is a `WebSecretKey` for the Web Crypto platform.\n *\n * @param x - The value to check.\n * @returns `true` if `x` is a `WebSecretKey`.\n *\n * @example\n * ```ts\n * isWebSecretKey(webKey); // true\n * isWebSecretKey({});     // false\n * ```\n */\nexport function isWebSecretKey(x: unknown): x is WebSecretKey {\n  return $isWebSecretKey(x) !== null;\n}\n\n/**\n * Generates a UUID (v4) (non-throwing).\n *\n * @returns `Result<string>` with the UUID or error.\n * @see {@link generateUuid} For full parameter/behavior docs.\n */\nexport function tryGenerateUuid(): Result<string> {\n  try {\n    return $ok(globalThis.crypto.randomUUID());\n  } catch (error) {\n    return $err({ message: \"web generateUuid: Failed to generate UUID\", description: $fmtError(error) });\n  }\n}\n\n/**\n * Generates a cryptographically random UUID (v4).\n *\n * @returns A UUID string.\n * @throws {Error} If UUID generation fails.\n *\n * @example\n * ```ts\n * const uuid = generateUuid();\n * ```\n *\n * @see {@link tryGenerateUuid} Non-throwing variant returning `Result<string>`.\n */\nexport function generateUuid(): string {\n  return globalThis.crypto.randomUUID();\n}\n\n/**\n * Derives a `WebSecretKey` from a high-entropy secret (non-throwing).\n *\n * @returns `Promise<Result<{ result: WebSecretKey }>>` with the derived key or error.\n * @see {@link createSecretKey} For full parameter/behavior docs.\n */\nexport async function tryCreateSecretKey(\n  secret: string,\n  options: CreateSecretKeyOptions = {},\n): Promise<Result<{ result: WebSecretKey }>> {\n  return await $createSecretKey(secret, options);\n}\n\n/**\n * Derives a `WebSecretKey` from a high-entropy secret for encryption/decryption.\n *\n * @remarks\n * Uses HKDF via the Web Crypto API to derive a symmetric key from the input string.\n *\n * @param secret - High-entropy secret (min 8 chars). For human-chosen passwords, use {@link hashPassword} instead.\n * @param options - Key derivation options.\n * @returns The derived `WebSecretKey`.\n * @throws {Error} If key derivation fails.\n *\n * @example\n * ```ts\n * const secretKey = await createSecretKey(\"my-32-char-high-entropy-secret!!\");\n * ```\n *\n * @see {@link tryCreateSecretKey} Non-throwing variant returning `Result`.\n */\nexport async function createSecretKey(secret: string, options: CreateSecretKeyOptions = {}): Promise<WebSecretKey> {\n  const { result, error } = await $createSecretKey(secret, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Encrypts a UTF-8 string (non-throwing).\n *\n * @returns `Promise<Result<string>>` with the ciphertext or error.\n * @see {@link encrypt} For full parameter/behavior docs.\n */\nexport async function tryEncrypt(\n  data: string,\n  secretKey: WebSecretKey,\n  options: EncryptOptions = {},\n): Promise<Result<string>> {\n  return await $encrypt(data, secretKey, options);\n}\n\n/**\n * Encrypts a UTF-8 string using the provided `WebSecretKey`.\n *\n * @remarks\n * Output format: `\"iv.cipher.tag.\"` (three dot-separated base64url segments plus trailing dot).\n * Cross-platform compatible — data encrypted on Web can be decrypted on Node and vice versa.\n * AES-GCM uses random 96-bit IVs. Rotate keys before ~2^32 encryptions with the same key to avoid nonce collision.\n *\n * @param data - UTF-8 string to encrypt. Must be a non-empty string (whitespace-only strings are rejected).\n * @param secretKey - The `WebSecretKey` used for encryption.\n * @param options - Encryption options.\n * @returns The encrypted string.\n * @throws {Error} If the input or key is invalid, or encryption fails.\n *\n * @example\n * ```ts\n * const secretKey = await createSecretKey(\"my-secret\");\n * const encrypted = await encrypt(\"Hello, World!\", secretKey);\n * ```\n *\n * @see {@link tryEncrypt} Non-throwing variant returning `Result<string>`.\n */\nexport async function encrypt(data: string, secretKey: WebSecretKey, options: EncryptOptions = {}): Promise<string> {\n  const { result, error } = await $encrypt(data, secretKey, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Decrypts a ciphertext string (non-throwing).\n *\n * @returns `Promise<Result<string>>` with the plaintext or error.\n * @see {@link decrypt} For full parameter/behavior docs.\n */\nexport async function tryDecrypt(\n  encrypted: string,\n  secretKey: WebSecretKey,\n  options: DecryptOptions = {},\n): Promise<Result<string>> {\n  return await $decrypt(encrypted, secretKey, options);\n}\n\n/**\n * Decrypts a ciphertext string using the provided `WebSecretKey`.\n *\n * @remarks\n * Expects input in the format `\"iv.cipher.tag.\"`.\n * Cross-platform compatible — data encrypted on Node can be decrypted on Web and vice versa.\n *\n * @param encrypted - The encrypted string to decrypt.\n * @param secretKey - The `WebSecretKey` used for decryption.\n * @param options - Decryption options.\n * @returns The decrypted UTF-8 string.\n * @throws {Error} If the input or key is invalid, or decryption fails.\n *\n * @example\n * ```ts\n * const secretKey = await createSecretKey(\"my-secret\");\n * const encrypted = await encrypt(\"Hello, World!\", secretKey);\n * const decrypted = await decrypt(encrypted, secretKey); // \"Hello, World!\"\n * ```\n *\n * @see {@link tryDecrypt} Non-throwing variant returning `Result<string>`.\n */\nexport async function decrypt(\n  encrypted: string,\n  secretKey: WebSecretKey,\n  options: DecryptOptions = {},\n): Promise<string> {\n  const { result, error } = await $decrypt(encrypted, secretKey, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Encrypts a plain object (non-throwing).\n *\n * @returns `Promise<Result<string>>` with the ciphertext or error.\n * @see {@link encryptObj} For full parameter/behavior docs.\n */\nexport async function tryEncryptObj<T extends object = Record<string, unknown>>(\n  obj: T,\n  secretKey: WebSecretKey,\n  options: EncryptOptions = {},\n): Promise<Result<string>> {\n  return await $encryptObj(obj, secretKey, options);\n}\n\n/**\n * Encrypts a plain object using the provided `WebSecretKey`.\n *\n * @remarks\n * Only plain objects (POJOs) are accepted; class instances, Maps, Sets, etc. are rejected.\n * Output format: `\"iv.cipher.tag.\"`.\n *\n * @param obj - Plain object to encrypt.\n * @param secretKey - The `WebSecretKey` used for encryption.\n * @param options - Encryption options.\n * @returns The encrypted string.\n * @throws {Error} If the input or key is invalid, or encryption fails.\n *\n * @example\n * ```ts\n * const secretKey = await createSecretKey(\"my-secret\");\n * const encrypted = await encryptObj({ a: 1 }, secretKey);\n * ```\n *\n * @see {@link tryEncryptObj} Non-throwing variant returning `Result<string>`.\n */\nexport async function encryptObj<T extends object = Record<string, unknown>>(\n  obj: T,\n  secretKey: WebSecretKey,\n  options: EncryptOptions = {},\n): Promise<string> {\n  const { result, error } = await $encryptObj(obj, secretKey, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Decrypts an encrypted JSON string into a plain object (non-throwing).\n *\n * @returns `Promise<Result<{ result: T }>>` with the object or error.\n * @see {@link decryptObj} For full parameter/behavior docs.\n */\nexport async function tryDecryptObj<T extends object = Record<string, unknown>>(\n  encrypted: string,\n  secretKey: WebSecretKey,\n  options: DecryptOptions = {},\n): Promise<Result<{ result: T }>> {\n  return await $decryptObj<T>(encrypted, secretKey, options);\n}\n\n/**\n * Decrypts an encrypted JSON string into a plain object.\n *\n * @remarks\n * Expects input in the format `\"iv.cipher.tag.\"`.\n *\n * @param encrypted - The encrypted string.\n * @param secretKey - The `WebSecretKey` used for decryption.\n * @param options - Decryption options.\n * @returns The decrypted object.\n * @throws {Error} If decryption or JSON parsing fails.\n *\n * @example\n * ```ts\n * const secretKey = await createSecretKey(\"my-secret\");\n * const encrypted = await encryptObj({ a: 1 }, secretKey);\n * const obj = await decryptObj<{ a: number }>(encrypted, secretKey); // obj.a === 1\n * ```\n *\n * @see {@link tryDecryptObj} Non-throwing variant returning `Result`.\n */\nexport async function decryptObj<T extends object = Record<string, unknown>>(\n  encrypted: string,\n  secretKey: WebSecretKey,\n  options: DecryptOptions = {},\n): Promise<T> {\n  const { result, error } = await $decryptObj<T>(encrypted, secretKey, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Hashes a UTF-8 string (non-throwing).\n *\n * @returns `Promise<Result<string>>` with the hash or error.\n * @see {@link hash} For full parameter/behavior docs.\n */\nexport async function tryHash(data: string, options: HashOptions = {}): Promise<Result<string>> {\n  return await $hash(data, options);\n}\n\n/**\n * Hashes a UTF-8 string using the specified digest algorithm.\n *\n * @param data - The input string to hash.\n * @param options - Hash options.\n * @returns The hashed string.\n * @throws {Error} If input is invalid or hashing fails.\n *\n * @example\n * ```ts\n * const hashed = await hash(\"my data\");\n * ```\n *\n * @see {@link tryHash} Non-throwing variant returning `Result<string>`.\n */\nexport async function hash(data: string, options: HashOptions = {}): Promise<string> {\n  const { result, error } = await $hash(data, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Hashes a password using PBKDF2 (non-throwing).\n *\n * @returns `Promise<Result<{ result: string; salt: string }>>` with the hash/salt or error.\n * @see {@link hashPassword} For full parameter/behavior docs.\n */\nexport async function tryHashPassword(\n  password: string,\n  options: HashPasswordOptions = {},\n): Promise<Result<{ result: string; salt: string }>> {\n  return await $hashPassword(password, options);\n}\n\n/**\n * Hashes a password using PBKDF2.\n *\n * @remarks\n * Defaults: `sha512`, 320 000 iterations, 64-byte key, 16-byte random salt.\n *\n * @param password - The password to hash.\n * @param options - Password hashing options.\n * @returns `{ result, salt }` for storage.\n * @throws {Error} If inputs are invalid or hashing fails.\n *\n * @example\n * ```ts\n * const { result, salt } = await hashPassword(\"my-password\");\n * ```\n *\n * @see {@link tryHashPassword} Non-throwing variant returning `Result`.\n */\nexport async function hashPassword(\n  password: string,\n  options: HashPasswordOptions = {},\n): Promise<{ result: string; salt: string }> {\n  const { result, salt, error } = await $hashPassword(password, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return { result, salt };\n}\n\n/**\n * Verifies a password against a stored PBKDF2 hash (non-throwing).\n *\n * @returns `Promise<Result<boolean>>` — `true` if the password matches, `false` if not, or an error for invalid inputs/options.\n * @see {@link verifyPassword} For full parameter/behavior docs.\n */\nexport async function tryVerifyPassword(\n  password: string,\n  hashedPassword: string,\n  salt: string,\n  options: VerifyPasswordOptions = {},\n): Promise<Result<boolean>> {\n  return await $verifyPassword(password, hashedPassword, salt, options);\n}\n\n/**\n * Verifies a password against a stored PBKDF2 hash.\n *\n * @remarks\n * Re-derives the key with the same parameters and compares using a full-loop XOR pattern.\n * This is best-effort constant-time; JS JIT optimization may introduce timing variation.\n * The Web Crypto API does not expose a `timingSafeEqual` equivalent.\n * For timing-critical deployments, prefer the Node implementation which uses `crypto.timingSafeEqual`.\n * Throws for invalid inputs/options (bad encoding, wrong parameters, non-decodable salt/hash).\n * Returns `false` for password mismatch or length-mismatched hash.\n *\n * @param password - The plain password to verify.\n * @param hashedPassword - The stored hash (encoded).\n * @param salt - The stored salt (encoded).\n * @param options - Verification options (must match the parameters used to hash).\n * @returns `true` if the password matches, otherwise `false`.\n * @throws {Error} If verification input/options are invalid.\n *\n * @example\n * ```ts\n * const { result, salt } = await hashPassword(\"my-password\");\n * await verifyPassword(\"my-password\", result, salt);    // true\n * await verifyPassword(\"wrong-password\", result, salt); // false\n * ```\n *\n * @see {@link tryVerifyPassword} Non-throwing variant returning `Result<boolean>`.\n */\nexport async function verifyPassword(\n  password: string,\n  hashedPassword: string,\n  salt: string,\n  options: VerifyPasswordOptions = {},\n): Promise<boolean> {\n  const { result, error } = await $verifyPassword(password, hashedPassword, salt, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Converts a string to a `Uint8Array` (non-throwing).\n *\n * @returns `Result<{ result: Uint8Array<ArrayBuffer> }>` with the bytes or error.\n * @see {@link convertStrToBytes} For full parameter/behavior docs.\n */\nexport function tryConvertStrToBytes(\n  data: string,\n  inputEncoding: Encoding = \"utf8\",\n): Result<{ result: Uint8Array<ArrayBuffer> }> {\n  return $convertStrToBytes(data, inputEncoding);\n}\n\n/**\n * Converts a string to a `Uint8Array` using the specified encoding.\n *\n * @param data - The input string to convert.\n * @param inputEncoding - Source encoding (default: `'utf8'`).\n * @returns A `Uint8Array` containing the bytes.\n * @throws {Error} If input is invalid or conversion fails.\n *\n * @example\n * ```ts\n * const bytes = convertStrToBytes(\"Hello\", \"utf8\");\n * ```\n *\n * @see {@link tryConvertStrToBytes} Non-throwing variant returning `Result`.\n */\nexport function convertStrToBytes(data: string, inputEncoding: Encoding = \"utf8\"): Uint8Array<ArrayBuffer> {\n  const { result, error } = $convertStrToBytes(data, inputEncoding);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Converts a `Uint8Array` or `ArrayBuffer` to a string (non-throwing).\n *\n * @returns `Result<string>` with the encoded string or error.\n * @see {@link convertBytesToStr} For full parameter/behavior docs.\n */\nexport function tryConvertBytesToStr(\n  data: Uint8Array | ArrayBuffer,\n  outputEncoding: Encoding = \"utf8\",\n): Result<string> {\n  return $convertBytesToStr(data, outputEncoding);\n}\n\n/**\n * Converts a `Uint8Array` or `ArrayBuffer` to a string using the specified encoding.\n *\n * @param data - The bytes to convert.\n * @param outputEncoding - Target encoding (default: `'utf8'`).\n * @returns The encoded string.\n * @throws {Error} If input is invalid or conversion fails.\n *\n * @example\n * ```ts\n * const bytes = convertStrToBytes(\"Hello\", \"utf8\");\n * const str = convertBytesToStr(bytes, \"utf8\"); // \"Hello\"\n * ```\n *\n * @see {@link tryConvertBytesToStr} Non-throwing variant returning `Result<string>`.\n */\nexport function convertBytesToStr(data: Uint8Array | ArrayBuffer, outputEncoding: Encoding = \"utf8\"): string {\n  const { result, error } = $convertBytesToStr(data, outputEncoding);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Converts text between encodings (non-throwing).\n *\n * @returns `Result<string>` with the re-encoded string or error.\n * @see {@link convertEncoding} For full parameter/behavior docs.\n */\nexport function tryConvertEncoding(data: string, from: Encoding, to: Encoding): Result<string> {\n  return $convertEncoding(data, from, to);\n}\n\n/**\n * Converts text between encodings.\n *\n * @param data - The input string.\n * @param from - Current encoding of `data`.\n * @param to - Target encoding.\n * @returns The re-encoded string.\n * @throws {Error} If encodings are invalid or conversion fails.\n *\n * @example\n * ```ts\n * const encoded = convertEncoding(\"Hello\", \"utf8\", \"base64url\");\n * ```\n *\n * @see {@link tryConvertEncoding} Non-throwing variant returning `Result<string>`.\n */\nexport function convertEncoding(data: string, from: Encoding, to: Encoding): string {\n  const { result, error } = $convertEncoding(data, from, to);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n","import {\n  $err,\n  $isStr,\n  $ok,\n  $convertBytesToStr as $sharedBytesToStr,\n  $convertStrToBytes as $sharedStrToBytes,\n  type Result,\n} from \"@internal/helpers\";\nimport { ENCODING } from \"~/helpers/consts.js\";\nimport type { Encoding } from \"~/helpers/types.js\";\n\nexport { textDecoder, textEncoder } from \"@internal/helpers\";\n\nexport function $convertStrToBytes(\n  data: string,\n  inputEncoding: Encoding = \"utf8\",\n): Result<{ result: Uint8Array<ArrayBuffer> }> {\n  const result = $sharedStrToBytes(data, inputEncoding);\n  if (result.error) {\n    return $err({\n      message: result.error.message.replace(\"strToBytes:\", \"web strToBytes:\"),\n      description: result.error.description,\n    });\n  }\n  return result;\n}\n\nexport function $convertBytesToStr(data: Uint8Array | ArrayBuffer, outputEncoding: Encoding = \"utf8\"): Result<string> {\n  const result = $sharedBytesToStr(data, outputEncoding);\n  if (result.error) {\n    return $err({\n      message: result.error.message.replace(\"bytesToStr:\", \"web bytesToStr:\"),\n      description: result.error.description,\n    });\n  }\n  return result;\n}\n\nexport function $convertEncoding(data: string, from: Encoding, to: Encoding): Result<string> {\n  if (!$isStr(data)) {\n    return $err({\n      message: \"web convertEncoding: Data must be a non-empty string\",\n      description: \"Received empty or non-string value\",\n    });\n  }\n  if (!ENCODING.includes(from) || !ENCODING.includes(to)) {\n    return $err({\n      message: `web convertEncoding: Unsupported encoding: from ${from} to ${to}`,\n      description: \"Use base64, base64url, hex, utf8, or latin1\",\n    });\n  }\n\n  const bytes = $convertStrToBytes(data, from);\n  if (bytes.error) return $err(bytes.error);\n\n  const str = $convertBytesToStr(bytes.result, to);\n  if (str.error) return $err(str.error);\n\n  return $ok(str.result);\n}\n","import { $err, $fmtError, $ok, type Result } from \"@internal/helpers\";\nimport type { DIGEST_ALGORITHMS, ENCRYPTION_ALGORITHMS } from \"~/helpers/consts.js\";\nimport type { CreateSecretKeyOptions } from \"~/helpers/types.js\";\nimport { $isObj, $validateCreateSecretKeyOptions, $validateSecretKeyBase } from \"~/helpers/validate.js\";\nimport { textEncoder } from \"./web-encode.js\";\n\ndeclare const __brand: unique symbol;\n\nexport type WebSecretKey = {\n  readonly platform: \"web\";\n  readonly digest: keyof typeof DIGEST_ALGORITHMS;\n  readonly algorithm: keyof typeof ENCRYPTION_ALGORITHMS;\n  readonly key: CryptoKey;\n  readonly injected: (typeof ENCRYPTION_ALGORITHMS)[keyof typeof ENCRYPTION_ALGORITHMS];\n} & { readonly [__brand]: \"secretKey-web\" };\n\nexport function $isWebSecretKey(x: unknown): WebSecretKey | null {\n  const base = $validateSecretKeyBase(x, \"web\");\n  if (!base) return null;\n\n  if (typeof globalThis.CryptoKey === \"undefined\" || !(base.obj.key instanceof CryptoKey)) return null;\n\n  if (\n    !$isObj(base.obj.key.algorithm) ||\n    base.obj.key.algorithm.name !== base.algorithm.web ||\n    (typeof base.obj.key.algorithm.length === \"number\" &&\n      base.obj.key.algorithm.length !== base.algorithm.keyBytes * 8) ||\n    !Array.isArray(base.obj.key.usages) ||\n    !(base.obj.key.usages.includes(\"encrypt\") && base.obj.key.usages.includes(\"decrypt\"))\n  ) {\n    return null;\n  }\n  return x as WebSecretKey;\n}\n\nexport async function $createSecretKey(\n  secret: string,\n  options: CreateSecretKeyOptions,\n): Promise<Result<{ result: WebSecretKey }>> {\n  const validated = $validateCreateSecretKeyOptions(secret, options, \"web\");\n  if (validated.error) return $err(validated.error);\n\n  const { algorithm, digest, salt, info, encryptAlgo, digestAlgo } = validated;\n\n  try {\n    const ikm = await globalThis.crypto.subtle.importKey(\n      \"raw\",\n      textEncoder.encode(secret.normalize(\"NFKC\")),\n      \"HKDF\",\n      false,\n      [\"deriveKey\"],\n    );\n    const extractable = options.extractable ?? false;\n    const key = await globalThis.crypto.subtle.deriveKey(\n      {\n        name: \"HKDF\",\n        hash: digestAlgo.web,\n        salt: textEncoder.encode(salt.normalize(\"NFKC\")),\n        info: textEncoder.encode(info.normalize(\"NFKC\")),\n      },\n      ikm,\n      { name: encryptAlgo.web, length: encryptAlgo.keyBytes * 8 },\n      extractable,\n      [\"encrypt\", \"decrypt\"],\n    );\n    const secretKey = Object.freeze({ platform: \"web\", digest, algorithm, key, injected: encryptAlgo }) as WebSecretKey;\n\n    return $ok({ result: secretKey });\n  } catch (error) {\n    return $err({\n      message: \"web createSecretKey: Failed to derive key\",\n      description: $fmtError(error),\n    });\n  }\n}\n","import {\n  $err,\n  $fmtError,\n  $fmtResultErr,\n  $isPlainObj,\n  $isStr,\n  $ok,\n  $parseToObj,\n  $stringifyObj,\n  type Result,\n} from \"@internal/helpers\";\nimport { CIPHER_ENCODING, GCM_IV_LENGTH, GCM_TAG_BYTES } from \"~/helpers/consts.js\";\nimport type { DecryptOptions, EncryptOptions } from \"~/helpers/types.js\";\nimport { matchEncryptedPattern } from \"~/helpers/validate.js\";\nimport { $convertBytesToStr, $convertStrToBytes } from \"./web-encode.js\";\nimport { $isWebSecretKey, type WebSecretKey } from \"./web-secret-key.js\";\n\nexport async function $encrypt(\n  data: string,\n  secretKey: WebSecretKey,\n  options: EncryptOptions,\n): Promise<Result<string>> {\n  if (!$isStr(data)) {\n    return $err({\n      message: \"web encrypt: Data must be a non-empty string\",\n      description: \"Received empty or non-string value\",\n    });\n  }\n\n  if (!$isPlainObj<EncryptOptions>(options)) {\n    return $err({\n      message: \"web encrypt: Options must be a plain object\",\n      description: 'Pass an object like { outputEncoding: \"base64url\" }',\n    });\n  }\n\n  const outputEncoding = options.outputEncoding ?? \"base64url\";\n  if (!CIPHER_ENCODING.includes(outputEncoding)) {\n    return $err({\n      message: `web encrypt: Unsupported output encoding: ${outputEncoding}`,\n      description: \"Use base64, base64url, or hex\",\n    });\n  }\n\n  const injectedKey = $isWebSecretKey(secretKey);\n  if (!injectedKey) {\n    return $err({\n      message: \"web encrypt: Invalid secret key\",\n      description: \"Expected a WebSecretKey created by webKit.createSecretKey()\",\n    });\n  }\n\n  const { result, error } = $convertStrToBytes(data, \"utf8\");\n  if (error) return $err(error);\n\n  try {\n    const iv = globalThis.crypto.getRandomValues(new Uint8Array(GCM_IV_LENGTH));\n    const cipherWithTag = await globalThis.crypto.subtle.encrypt(\n      { name: injectedKey.injected.web, iv },\n      injectedKey.key,\n      result,\n    );\n\n    const cipherOnly = cipherWithTag.slice(0, cipherWithTag.byteLength - GCM_TAG_BYTES);\n    const tag = cipherWithTag.slice(cipherWithTag.byteLength - GCM_TAG_BYTES);\n\n    const ivStr = $convertBytesToStr(iv, outputEncoding);\n    const cipherStr = $convertBytesToStr(cipherOnly, outputEncoding);\n    const tagStr = $convertBytesToStr(tag, outputEncoding);\n\n    if (ivStr.error || cipherStr.error || tagStr.error) {\n      return $err({\n        message: \"web encrypt: Failed to encode output\",\n        description: `Conversion error: ${$fmtResultErr(ivStr.error || cipherStr.error || tagStr.error)}`,\n      });\n    }\n\n    return $ok(`${ivStr.result}.${cipherStr.result}.${tagStr.result}.`);\n  } catch (error) {\n    return $err({ message: \"web encrypt: Failed to encrypt data\", description: $fmtError(error) });\n  } finally {\n    result.fill(0);\n  }\n}\n\nexport async function $decrypt(\n  encrypted: string,\n  secretKey: WebSecretKey,\n  options: DecryptOptions,\n): Promise<Result<string>> {\n  if (!matchEncryptedPattern(encrypted)) {\n    return $err({\n      message: \"web decrypt: Invalid encrypted data format\",\n      description: 'Encrypted data must be in the format \"iv.cipher.tag.\"',\n    });\n  }\n\n  if (!$isPlainObj<DecryptOptions>(options)) {\n    return $err({\n      message: \"web decrypt: Options must be a plain object\",\n      description: 'Pass an object like { inputEncoding: \"base64url\" }',\n    });\n  }\n\n  const inputEncoding = options.inputEncoding ?? \"base64url\";\n  if (!CIPHER_ENCODING.includes(inputEncoding)) {\n    return $err({\n      message: `web decrypt: Unsupported input encoding: ${inputEncoding}`,\n      description: \"Use base64, base64url, or hex\",\n    });\n  }\n\n  const [iv, cipher, tag] = encrypted.split(\".\", 4) as [string, string, string];\n\n  const injectedKey = $isWebSecretKey(secretKey);\n  if (!injectedKey) {\n    return $err({\n      message: \"web decrypt: Invalid secret key\",\n      description: \"Expected a WebSecretKey created by webKit.createSecretKey()\",\n    });\n  }\n\n  const ivBytes = $convertStrToBytes(iv, inputEncoding);\n  const cipherBytes = $convertStrToBytes(cipher, inputEncoding);\n  const tagBytes = $convertStrToBytes(tag, inputEncoding);\n\n  if (ivBytes.error || cipherBytes.error || tagBytes.error) {\n    return $err({\n      message: \"web decrypt: Failed to decode input\",\n      description: `Conversion error: ${$fmtResultErr(ivBytes.error || cipherBytes.error || tagBytes.error)}`,\n    });\n  }\n\n  if (ivBytes.result.byteLength !== GCM_IV_LENGTH) {\n    return $err({\n      message: \"web decrypt: Invalid IV length\",\n      description: `Expected ${GCM_IV_LENGTH} bytes, got ${ivBytes.result.byteLength}`,\n    });\n  }\n\n  if (tagBytes.result.byteLength !== GCM_TAG_BYTES) {\n    return $err({\n      message: \"web decrypt: Invalid auth tag length\",\n      description: `Expected ${GCM_TAG_BYTES} bytes, got ${tagBytes.result.byteLength}`,\n    });\n  }\n\n  const cipherWithTag = new Uint8Array(cipherBytes.result.byteLength + tagBytes.result.byteLength);\n  cipherWithTag.set(new Uint8Array(cipherBytes.result), 0);\n  cipherWithTag.set(new Uint8Array(tagBytes.result), cipherBytes.result.byteLength);\n\n  let decrypted: Uint8Array | undefined;\n  try {\n    decrypted = new Uint8Array(\n      await globalThis.crypto.subtle.decrypt(\n        { name: injectedKey.injected.web, iv: ivBytes.result },\n        injectedKey.key,\n        cipherWithTag,\n      ),\n    );\n\n    return $convertBytesToStr(decrypted, \"utf8\");\n  } catch (error) {\n    return $err({ message: \"web decrypt: Failed to decrypt data\", description: $fmtError(error) });\n  } finally {\n    decrypted?.fill(0);\n  }\n}\n\nexport async function $encryptObj<T extends object = Record<string, unknown>>(\n  data: T,\n  secretKey: WebSecretKey,\n  options: EncryptOptions,\n): Promise<Result<string>> {\n  const { result, error } = $stringifyObj(data);\n  if (error) return $err(error);\n  return await $encrypt(result, secretKey, options);\n}\n\nexport async function $decryptObj<T extends object = Record<string, unknown>>(\n  encrypted: string,\n  secretKey: WebSecretKey,\n  options: DecryptOptions,\n): Promise<Result<{ result: T }>> {\n  const { result, error } = await $decrypt(encrypted, secretKey, options);\n  if (error) return $err(error);\n  return $parseToObj<T>(result);\n}\n","import { $err, $fmtError, $isPlainObj, $isStr, $ok, type Result } from \"@internal/helpers\";\nimport { CIPHER_ENCODING, DIGEST_ALGORITHMS } from \"~/helpers/consts.js\";\nimport type { HashOptions, HashPasswordOptions, VerifyPasswordOptions } from \"~/helpers/types.js\";\nimport { $validateHashPasswordOptions, $validateVerifyPasswordOptions } from \"~/helpers/validate.js\";\nimport { $convertBytesToStr, $convertStrToBytes, textEncoder } from \"./web-encode.js\";\n\nexport async function $hash(data: string, options: HashOptions = {}): Promise<Result<string>> {\n  if (!$isStr(data)) {\n    return $err({\n      message: \"web hash: Data must be a non-empty string\",\n      description: \"Received empty or non-string value\",\n    });\n  }\n\n  if (!$isPlainObj<HashOptions>(options)) {\n    return $err({\n      message: \"web hash: Options must be a plain object\",\n      description: 'Pass an object like { digest: \"sha256\" }',\n    });\n  }\n\n  const outputEncoding = options.outputEncoding ?? \"base64url\";\n  if (!CIPHER_ENCODING.includes(outputEncoding)) {\n    return $err({\n      message: `web hash: Unsupported output encoding: ${outputEncoding}`,\n      description: \"Use base64, base64url, or hex\",\n    });\n  }\n\n  const digest = options.digest ?? \"sha256\";\n  if (!(digest in DIGEST_ALGORITHMS)) {\n    return $err({\n      message: `web hash: Unsupported digest: ${digest}`,\n      description: `Supported digests are: ${Object.keys(DIGEST_ALGORITHMS).join(\", \")}`,\n    });\n  }\n  const digestAlgo = DIGEST_ALGORITHMS[digest];\n\n  const { result, error } = $convertStrToBytes(data, \"utf8\");\n  if (error) return $err(error);\n\n  try {\n    const hashed = await globalThis.crypto.subtle.digest(digestAlgo.web, result);\n    return $convertBytesToStr(hashed, outputEncoding);\n  } catch (error) {\n    return $err({ message: \"web hash: Failed to hash data\", description: $fmtError(error) });\n  }\n}\n\nexport async function $hashPassword(\n  password: string,\n  options: HashPasswordOptions,\n): Promise<Result<{ result: string; salt: string }>> {\n  const validated = $validateHashPasswordOptions(password, options, \"web\");\n  if (validated.error) return $err(validated.error);\n\n  const { digestAlgo, outputEncoding, saltLength, iterations, keyLength } = validated;\n\n  const salt = globalThis.crypto.getRandomValues(new Uint8Array(saltLength));\n  let bits: ArrayBuffer | undefined;\n  try {\n    const baseKey = await globalThis.crypto.subtle.importKey(\n      \"raw\",\n      textEncoder.encode(password.normalize(\"NFKC\")),\n      \"PBKDF2\",\n      false,\n      [\"deriveBits\"],\n    );\n    bits = await globalThis.crypto.subtle.deriveBits(\n      { name: \"PBKDF2\", salt, iterations, hash: digestAlgo.web },\n      baseKey,\n      keyLength * 8,\n    );\n\n    const saltStr = $convertBytesToStr(salt, outputEncoding);\n    if (saltStr.error) return $err(saltStr.error);\n\n    const hashedPasswordStr = $convertBytesToStr(bits, outputEncoding);\n    if (hashedPasswordStr.error) return $err(hashedPasswordStr.error);\n\n    return $ok({ result: hashedPasswordStr.result, salt: saltStr.result });\n  } catch (error) {\n    return $err({ message: \"web hashPassword: Failed to hash password\", description: $fmtError(error) });\n  } finally {\n    salt.fill(0);\n    if (bits) new Uint8Array(bits).fill(0);\n  }\n}\n\nexport async function $verifyPassword(\n  password: string,\n  hashedPassword: string,\n  salt: string,\n  options: VerifyPasswordOptions,\n): Promise<Result<boolean>> {\n  const validated = $validateVerifyPasswordOptions(password, hashedPassword, salt, options, \"web\");\n  if (validated.error) return $err(validated.error);\n\n  const { digestAlgo, inputEncoding, iterations, keyLength } = validated;\n\n  const saltBytes = $convertStrToBytes(salt, inputEncoding);\n  if (saltBytes.error) return $err(saltBytes.error);\n\n  const hashedPasswordBytes = $convertStrToBytes(hashedPassword, inputEncoding);\n  if (hashedPasswordBytes.error) return $err(hashedPasswordBytes.error);\n\n  if (hashedPasswordBytes.result.byteLength !== keyLength) return $ok(false);\n\n  try {\n    const baseKey = await globalThis.crypto.subtle.importKey(\n      \"raw\",\n      textEncoder.encode(password.normalize(\"NFKC\")),\n      \"PBKDF2\",\n      false,\n      [\"deriveBits\"],\n    );\n\n    const bits = new Uint8Array(\n      await globalThis.crypto.subtle.deriveBits(\n        { name: \"PBKDF2\", salt: saltBytes.result, iterations, hash: digestAlgo.web },\n        baseKey,\n        keyLength * 8,\n      ),\n    );\n\n    const expected = hashedPasswordBytes.result;\n    const left = new Uint8Array(keyLength);\n    const right = new Uint8Array(keyLength);\n    left.set(bits);\n    right.set(expected);\n\n    // Best-effort constant-time comparison; JS JIT may introduce timing variation\n    let diff = 0;\n    for (let i = 0; i < keyLength; i++) {\n      diff |= (left[i] as number) ^ (right[i] as number);\n    }\n    try {\n      return $ok(diff === 0);\n    } finally {\n      left.fill(0);\n      right.fill(0);\n      bits.fill(0);\n    }\n  } catch (error) {\n    return $err({ message: \"web verifyPassword: Verification failed\", description: $fmtError(error) });\n  } finally {\n    saltBytes.result.fill(0);\n    hashedPasswordBytes.result.fill(0);\n  }\n}\n"]}