npm - conductor-oss - Versions diffs - 0.4.0 → 0.6.0 - Mend

conductor-oss 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (375) hide show

package/node_modules/jose/dist/webapi/lib/crypto_key.js CHANGED Viewed

@@ -3,6 +3,11 @@ const isAlgorithm = (algorithm, name) => algorithm.name === name;
 function getHashLength(hash) {
     return parseInt(hash.name.slice(4), 10);
 }
+function checkHashLength(algorithm, expected) {
+    const actual = getHashLength(algorithm.hash);
+    if (actual !== expected)
+        throw unusable(`SHA-${expected}`, 'algorithm.hash');
+}
 function getNamedCurve(alg) {
     switch (alg) {
         case 'ES256':
@@ -27,10 +32,7 @@ export function checkSigCryptoKey(key, alg, usage) {
         case 'HS512': {
             if (!isAlgorithm(key.algorithm, 'HMAC'))
                 throw unusable('HMAC');
-            const expected = parseInt(alg.slice(2), 10);
-            const actual = getHashLength(key.algorithm.hash);
-            if (actual !== expected)
-                throw unusable(`SHA-${expected}`, 'algorithm.hash');
+            checkHashLength(key.algorithm, parseInt(alg.slice(2), 10));
             break;
         }
         case 'RS256':
@@ -38,10 +40,7 @@ export function checkSigCryptoKey(key, alg, usage) {
         case 'RS512': {
             if (!isAlgorithm(key.algorithm, 'RSASSA-PKCS1-v1_5'))
                 throw unusable('RSASSA-PKCS1-v1_5');
-            const expected = parseInt(alg.slice(2), 10);
-            const actual = getHashLength(key.algorithm.hash);
-            if (actual !== expected)
-                throw unusable(`SHA-${expected}`, 'algorithm.hash');
+            checkHashLength(key.algorithm, parseInt(alg.slice(2), 10));
             break;
         }
         case 'PS256':
@@ -49,10 +48,7 @@ export function checkSigCryptoKey(key, alg, usage) {
         case 'PS512': {
             if (!isAlgorithm(key.algorithm, 'RSA-PSS'))
                 throw unusable('RSA-PSS');
-            const expected = parseInt(alg.slice(2), 10);
-            const actual = getHashLength(key.algorithm.hash);
-            if (actual !== expected)
-                throw unusable(`SHA-${expected}`, 'algorithm.hash');
+            checkHashLength(key.algorithm, parseInt(alg.slice(2), 10));
             break;
         }
         case 'Ed25519':
@@ -130,10 +126,7 @@ export function checkEncCryptoKey(key, alg, usage) {
         case 'RSA-OAEP-512': {
             if (!isAlgorithm(key.algorithm, 'RSA-OAEP'))
                 throw unusable('RSA-OAEP');
-            const expected = parseInt(alg.slice(9), 10) || 1;
-            const actual = getHashLength(key.algorithm.hash);
-            if (actual !== expected)
-                throw unusable(`SHA-${expected}`, 'algorithm.hash');
+            checkHashLength(key.algorithm, parseInt(alg.slice(9), 10) || 1);
             break;
         }
         default:

package/node_modules/jose/dist/webapi/lib/ecdhes.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { encode, concat, uint32be } from './buffer_utils.js';
 import { checkEncCryptoKey } from './crypto_key.js';
-import { digest } from './digest.js';
+import { digest } from './helpers.js';
 function lengthAndInput(input) {
     return concat(uint32be(input.length), input);
 }

package/node_modules/jose/dist/webapi/lib/helpers.js ADDED Viewed

@@ -0,0 +1,19 @@
+import { decode } from '../util/base64url.js';
+export const unprotected = Symbol();
+export function assertNotSet(value, name) {
+    if (value) {
+        throw new TypeError(`${name} can only be called once`);
+    }
+}
+export function decodeBase64url(value, label, ErrorClass) {
+    try {
+        return decode(value);
+    }
+    catch {
+        throw new ErrorClass(`Failed to base64url decode the ${label}`);
+    }
+}
+export async function digest(algorithm, data) {
+    const subtleDigest = `SHA-${algorithm.slice(-3)}`;
+    return new Uint8Array(await crypto.subtle.digest(subtleDigest, data));
+}

package/node_modules/jose/dist/webapi/lib/jwk_to_key.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { JOSENotSupported } from '../util/errors.js';
+const unsupportedAlg = 'Invalid or unsupported JWK "alg" (Algorithm) Parameter value';
 function subtleMapping(jwk) {
     let algorithm;
     let keyUsages;
@@ -12,7 +13,7 @@ function subtleMapping(jwk) {
                     keyUsages = jwk.priv ? ['sign'] : ['verify'];
                     break;
                 default:
-                    throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+                    throw new JOSENotSupported(unsupportedAlg);
             }
             break;
         }
@@ -41,22 +42,19 @@ function subtleMapping(jwk) {
                     keyUsages = jwk.d ? ['decrypt', 'unwrapKey'] : ['encrypt', 'wrapKey'];
                     break;
                 default:
-                    throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+                    throw new JOSENotSupported(unsupportedAlg);
             }
             break;
         }
         case 'EC': {
             switch (jwk.alg) {
                 case 'ES256':
-                    algorithm = { name: 'ECDSA', namedCurve: 'P-256' };
-                    keyUsages = jwk.d ? ['sign'] : ['verify'];
-                    break;
                 case 'ES384':
-                    algorithm = { name: 'ECDSA', namedCurve: 'P-384' };
-                    keyUsages = jwk.d ? ['sign'] : ['verify'];
-                    break;
                 case 'ES512':
-                    algorithm = { name: 'ECDSA', namedCurve: 'P-521' };
+                    algorithm = {
+                        name: 'ECDSA',
+                        namedCurve: { ES256: 'P-256', ES384: 'P-384', ES512: 'P-521' }[jwk.alg],
+                    };
                     keyUsages = jwk.d ? ['sign'] : ['verify'];
                     break;
                 case 'ECDH-ES':
@@ -67,7 +65,7 @@ function subtleMapping(jwk) {
                     keyUsages = jwk.d ? ['deriveBits'] : [];
                     break;
                 default:
-                    throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+                    throw new JOSENotSupported(unsupportedAlg);
             }
             break;
         }
@@ -86,7 +84,7 @@ function subtleMapping(jwk) {
                     keyUsages = jwk.d ? ['deriveBits'] : [];
                     break;
                 default:
-                    throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+                    throw new JOSENotSupported(unsupportedAlg);
             }
             break;
         }

package/node_modules/jose/dist/webapi/lib/jwt_claims_set.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { JWTClaimValidationFailed, JWTExpired, JWTInvalid } from '../util/errors.js';
 import { encoder, decoder } from './buffer_utils.js';
-import { isObject } from './is_object.js';
+import { isObject } from './type_checks.js';
 const epoch = (date) => Math.floor(date.getTime() / 1000);
 const minute = 60;
 const hour = minute * 60;

package/node_modules/jose/dist/webapi/lib/key_management.js ADDED Viewed

@@ -0,0 +1,186 @@
+import * as aeskw from './aeskw.js';
+import * as ecdhes from './ecdhes.js';
+import * as pbes2kw from './pbes2kw.js';
+import * as rsaes from './rsaes.js';
+import { encode as b64u } from '../util/base64url.js';
+import { normalizeKey } from './normalize_key.js';
+import { JOSENotSupported, JWEInvalid } from '../util/errors.js';
+import { decodeBase64url } from './helpers.js';
+import { generateCek, cekLength } from './content_encryption.js';
+import { importJWK } from '../key/import.js';
+import { exportJWK } from '../key/export.js';
+import { isObject } from './type_checks.js';
+import { wrap as aesGcmKwWrap, unwrap as aesGcmKwUnwrap } from './aesgcmkw.js';
+import { assertCryptoKey } from './is_key_like.js';
+const unsupportedAlgHeader = 'Invalid or unsupported "alg" (JWE Algorithm) header value';
+function assertEncryptedKey(encryptedKey) {
+    if (encryptedKey === undefined)
+        throw new JWEInvalid('JWE Encrypted Key missing');
+}
+export async function decryptKeyManagement(alg, key, encryptedKey, joseHeader, options) {
+    switch (alg) {
+        case 'dir': {
+            if (encryptedKey !== undefined)
+                throw new JWEInvalid('Encountered unexpected JWE Encrypted Key');
+            return key;
+        }
+        case 'ECDH-ES':
+            if (encryptedKey !== undefined)
+                throw new JWEInvalid('Encountered unexpected JWE Encrypted Key');
+        case 'ECDH-ES+A128KW':
+        case 'ECDH-ES+A192KW':
+        case 'ECDH-ES+A256KW': {
+            if (!isObject(joseHeader.epk))
+                throw new JWEInvalid(`JOSE Header "epk" (Ephemeral Public Key) missing or invalid`);
+            assertCryptoKey(key);
+            if (!ecdhes.allowed(key))
+                throw new JOSENotSupported('ECDH with the provided key is not allowed or not supported by your javascript runtime');
+            const epk = await importJWK(joseHeader.epk, alg);
+            assertCryptoKey(epk);
+            let partyUInfo;
+            let partyVInfo;
+            if (joseHeader.apu !== undefined) {
+                if (typeof joseHeader.apu !== 'string')
+                    throw new JWEInvalid(`JOSE Header "apu" (Agreement PartyUInfo) invalid`);
+                partyUInfo = decodeBase64url(joseHeader.apu, 'apu', JWEInvalid);
+            }
+            if (joseHeader.apv !== undefined) {
+                if (typeof joseHeader.apv !== 'string')
+                    throw new JWEInvalid(`JOSE Header "apv" (Agreement PartyVInfo) invalid`);
+                partyVInfo = decodeBase64url(joseHeader.apv, 'apv', JWEInvalid);
+            }
+            const sharedSecret = await ecdhes.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? cekLength(joseHeader.enc) : parseInt(alg.slice(-5, -2), 10), partyUInfo, partyVInfo);
+            if (alg === 'ECDH-ES')
+                return sharedSecret;
+            assertEncryptedKey(encryptedKey);
+            return aeskw.unwrap(alg.slice(-6), sharedSecret, encryptedKey);
+        }
+        case 'RSA-OAEP':
+        case 'RSA-OAEP-256':
+        case 'RSA-OAEP-384':
+        case 'RSA-OAEP-512': {
+            assertEncryptedKey(encryptedKey);
+            assertCryptoKey(key);
+            return rsaes.decrypt(alg, key, encryptedKey);
+        }
+        case 'PBES2-HS256+A128KW':
+        case 'PBES2-HS384+A192KW':
+        case 'PBES2-HS512+A256KW': {
+            assertEncryptedKey(encryptedKey);
+            if (typeof joseHeader.p2c !== 'number')
+                throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) missing or invalid`);
+            const p2cLimit = options?.maxPBES2Count || 10_000;
+            if (joseHeader.p2c > p2cLimit)
+                throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) out is of acceptable bounds`);
+            if (typeof joseHeader.p2s !== 'string')
+                throw new JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`);
+            let p2s;
+            p2s = decodeBase64url(joseHeader.p2s, 'p2s', JWEInvalid);
+            return pbes2kw.unwrap(alg, key, encryptedKey, joseHeader.p2c, p2s);
+        }
+        case 'A128KW':
+        case 'A192KW':
+        case 'A256KW': {
+            assertEncryptedKey(encryptedKey);
+            return aeskw.unwrap(alg, key, encryptedKey);
+        }
+        case 'A128GCMKW':
+        case 'A192GCMKW':
+        case 'A256GCMKW': {
+            assertEncryptedKey(encryptedKey);
+            if (typeof joseHeader.iv !== 'string')
+                throw new JWEInvalid(`JOSE Header "iv" (Initialization Vector) missing or invalid`);
+            if (typeof joseHeader.tag !== 'string')
+                throw new JWEInvalid(`JOSE Header "tag" (Authentication Tag) missing or invalid`);
+            let iv;
+            iv = decodeBase64url(joseHeader.iv, 'iv', JWEInvalid);
+            let tag;
+            tag = decodeBase64url(joseHeader.tag, 'tag', JWEInvalid);
+            return aesGcmKwUnwrap(alg, key, encryptedKey, iv, tag);
+        }
+        default: {
+            throw new JOSENotSupported(unsupportedAlgHeader);
+        }
+    }
+}
+export async function encryptKeyManagement(alg, enc, key, providedCek, providedParameters = {}) {
+    let encryptedKey;
+    let parameters;
+    let cek;
+    switch (alg) {
+        case 'dir': {
+            cek = key;
+            break;
+        }
+        case 'ECDH-ES':
+        case 'ECDH-ES+A128KW':
+        case 'ECDH-ES+A192KW':
+        case 'ECDH-ES+A256KW': {
+            assertCryptoKey(key);
+            if (!ecdhes.allowed(key)) {
+                throw new JOSENotSupported('ECDH with the provided key is not allowed or not supported by your javascript runtime');
+            }
+            const { apu, apv } = providedParameters;
+            let ephemeralKey;
+            if (providedParameters.epk) {
+                ephemeralKey = (await normalizeKey(providedParameters.epk, alg));
+            }
+            else {
+                ephemeralKey = (await crypto.subtle.generateKey(key.algorithm, true, ['deriveBits'])).privateKey;
+            }
+            const { x, y, crv, kty } = await exportJWK(ephemeralKey);
+            const sharedSecret = await ecdhes.deriveKey(key, ephemeralKey, alg === 'ECDH-ES' ? enc : alg, alg === 'ECDH-ES' ? cekLength(enc) : parseInt(alg.slice(-5, -2), 10), apu, apv);
+            parameters = { epk: { x, crv, kty } };
+            if (kty === 'EC')
+                parameters.epk.y = y;
+            if (apu)
+                parameters.apu = b64u(apu);
+            if (apv)
+                parameters.apv = b64u(apv);
+            if (alg === 'ECDH-ES') {
+                cek = sharedSecret;
+                break;
+            }
+            cek = providedCek || generateCek(enc);
+            const kwAlg = alg.slice(-6);
+            encryptedKey = await aeskw.wrap(kwAlg, sharedSecret, cek);
+            break;
+        }
+        case 'RSA-OAEP':
+        case 'RSA-OAEP-256':
+        case 'RSA-OAEP-384':
+        case 'RSA-OAEP-512': {
+            cek = providedCek || generateCek(enc);
+            assertCryptoKey(key);
+            encryptedKey = await rsaes.encrypt(alg, key, cek);
+            break;
+        }
+        case 'PBES2-HS256+A128KW':
+        case 'PBES2-HS384+A192KW':
+        case 'PBES2-HS512+A256KW': {
+            cek = providedCek || generateCek(enc);
+            const { p2c, p2s } = providedParameters;
+            ({ encryptedKey, ...parameters } = await pbes2kw.wrap(alg, key, cek, p2c, p2s));
+            break;
+        }
+        case 'A128KW':
+        case 'A192KW':
+        case 'A256KW': {
+            cek = providedCek || generateCek(enc);
+            encryptedKey = await aeskw.wrap(alg, key, cek);
+            break;
+        }
+        case 'A128GCMKW':
+        case 'A192GCMKW':
+        case 'A256GCMKW': {
+            cek = providedCek || generateCek(enc);
+            const { iv } = providedParameters;
+            ({ encryptedKey, ...parameters } = await aesGcmKwWrap(alg, key, cek, iv));
+            break;
+        }
+        default: {
+            throw new JOSENotSupported(unsupportedAlgHeader);
+        }
+    }
+    return { cek, encryptedKey, parameters };
+}

package/node_modules/jose/dist/webapi/lib/normalize_key.js CHANGED Viewed

@@ -1,7 +1,8 @@
-import { isJWK } from './is_jwk.js';
+import { isJWK } from './type_checks.js';
 import { decode } from '../util/base64url.js';
 import { jwkToKey } from './jwk_to_key.js';
 import { isCryptoKey, isKeyObject } from './is_key_like.js';
+const unusableForAlg = 'given KeyObject instance cannot be used for this algorithm';
 let cache;
 const handleJWK = async (key, jwk, alg, freeze = false) => {
     cache ||= new WeakMap();
@@ -37,13 +38,13 @@ const handleKeyObject = (keyObject, alg) => {
             case 'ECDH-ES+A256KW':
                 break;
             default:
-                throw new TypeError('given KeyObject instance cannot be used for this algorithm');
+                throw new TypeError(unusableForAlg);
         }
         cryptoKey = keyObject.toCryptoKey(keyObject.asymmetricKeyType, extractable, isPublic ? [] : ['deriveBits']);
     }
     if (keyObject.asymmetricKeyType === 'ed25519') {
         if (alg !== 'EdDSA' && alg !== 'Ed25519') {
-            throw new TypeError('given KeyObject instance cannot be used for this algorithm');
+            throw new TypeError(unusableForAlg);
         }
         cryptoKey = keyObject.toCryptoKey(keyObject.asymmetricKeyType, extractable, [
             isPublic ? 'verify' : 'sign',
@@ -54,7 +55,7 @@ const handleKeyObject = (keyObject, alg) => {
         case 'ml-dsa-65':
         case 'ml-dsa-87': {
             if (alg !== keyObject.asymmetricKeyType.toUpperCase()) {
-                throw new TypeError('given KeyObject instance cannot be used for this algorithm');
+                throw new TypeError(unusableForAlg);
             }
             cryptoKey = keyObject.toCryptoKey(keyObject.asymmetricKeyType, extractable, [
                 isPublic ? 'verify' : 'sign',
@@ -83,7 +84,7 @@ const handleKeyObject = (keyObject, alg) => {
                 hash = 'SHA-512';
                 break;
             default:
-                throw new TypeError('given KeyObject instance cannot be used for this algorithm');
+                throw new TypeError(unusableForAlg);
         }
         if (alg.startsWith('RSA-OAEP')) {
             return keyObject.toCryptoKey({
@@ -104,21 +105,10 @@ const handleKeyObject = (keyObject, alg) => {
         ]);
         const namedCurve = nist.get(keyObject.asymmetricKeyDetails?.namedCurve);
         if (!namedCurve) {
-            throw new TypeError('given KeyObject instance cannot be used for this algorithm');
+            throw new TypeError(unusableForAlg);
         }
-        if (alg === 'ES256' && namedCurve === 'P-256') {
-            cryptoKey = keyObject.toCryptoKey({
-                name: 'ECDSA',
-                namedCurve,
-            }, extractable, [isPublic ? 'verify' : 'sign']);
-        }
-        if (alg === 'ES384' && namedCurve === 'P-384') {
-            cryptoKey = keyObject.toCryptoKey({
-                name: 'ECDSA',
-                namedCurve,
-            }, extractable, [isPublic ? 'verify' : 'sign']);
-        }
-        if (alg === 'ES512' && namedCurve === 'P-521') {
+        const expectedCurve = { ES256: 'P-256', ES384: 'P-384', ES512: 'P-521' };
+        if (expectedCurve[alg] && namedCurve === expectedCurve[alg]) {
             cryptoKey = keyObject.toCryptoKey({
                 name: 'ECDSA',
                 namedCurve,
@@ -132,7 +122,7 @@ const handleKeyObject = (keyObject, alg) => {
         }
     }
     if (!cryptoKey) {
-        throw new TypeError('given KeyObject instance cannot be used for this algorithm');
+        throw new TypeError(unusableForAlg);
     }
     if (!cached) {
         cache.set(keyObject, { [alg]: cryptoKey });

package/node_modules/jose/dist/webapi/lib/rsaes.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { checkEncCryptoKey } from './crypto_key.js';
-import { checkKeyLength } from './check_key_length.js';
+import { checkKeyLength } from './signing.js';
 import { JOSENotSupported } from '../util/errors.js';
 const subtleAlgorithm = (alg) => {
     switch (alg) {

package/node_modules/jose/dist/webapi/lib/signing.js ADDED Viewed

@@ -0,0 +1,68 @@
+import { JOSENotSupported } from '../util/errors.js';
+import { checkSigCryptoKey } from './crypto_key.js';
+import { invalidKeyInput } from './invalid_key_input.js';
+export function checkKeyLength(alg, key) {
+    if (alg.startsWith('RS') || alg.startsWith('PS')) {
+        const { modulusLength } = key.algorithm;
+        if (typeof modulusLength !== 'number' || modulusLength < 2048) {
+            throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);
+        }
+    }
+}
+function subtleAlgorithm(alg, algorithm) {
+    const hash = `SHA-${alg.slice(-3)}`;
+    switch (alg) {
+        case 'HS256':
+        case 'HS384':
+        case 'HS512':
+            return { hash, name: 'HMAC' };
+        case 'PS256':
+        case 'PS384':
+        case 'PS512':
+            return { hash, name: 'RSA-PSS', saltLength: parseInt(alg.slice(-3), 10) >> 3 };
+        case 'RS256':
+        case 'RS384':
+        case 'RS512':
+            return { hash, name: 'RSASSA-PKCS1-v1_5' };
+        case 'ES256':
+        case 'ES384':
+        case 'ES512':
+            return { hash, name: 'ECDSA', namedCurve: algorithm.namedCurve };
+        case 'Ed25519':
+        case 'EdDSA':
+            return { name: 'Ed25519' };
+        case 'ML-DSA-44':
+        case 'ML-DSA-65':
+        case 'ML-DSA-87':
+            return { name: alg };
+        default:
+            throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
+    }
+}
+async function getSigKey(alg, key, usage) {
+    if (key instanceof Uint8Array) {
+        if (!alg.startsWith('HS')) {
+            throw new TypeError(invalidKeyInput(key, 'CryptoKey', 'KeyObject', 'JSON Web Key'));
+        }
+        return crypto.subtle.importKey('raw', key, { hash: `SHA-${alg.slice(-3)}`, name: 'HMAC' }, false, [usage]);
+    }
+    checkSigCryptoKey(key, alg, usage);
+    return key;
+}
+export async function sign(alg, key, data) {
+    const cryptoKey = await getSigKey(alg, key, 'sign');
+    checkKeyLength(alg, cryptoKey);
+    const signature = await crypto.subtle.sign(subtleAlgorithm(alg, cryptoKey.algorithm), cryptoKey, data);
+    return new Uint8Array(signature);
+}
+export async function verify(alg, key, signature, data) {
+    const cryptoKey = await getSigKey(alg, key, 'verify');
+    checkKeyLength(alg, cryptoKey);
+    const algorithm = subtleAlgorithm(alg, cryptoKey.algorithm);
+    try {
+        return await crypto.subtle.verify(algorithm, cryptoKey, signature, data);
+    }
+    catch {
+        return false;
+    }
+}

package/node_modules/jose/dist/webapi/lib/type_checks.js ADDED Viewed

@@ -0,0 +1,40 @@
+const isObjectLike = (value) => typeof value === 'object' && value !== null;
+export function isObject(input) {
+    if (!isObjectLike(input) || Object.prototype.toString.call(input) !== '[object Object]') {
+        return false;
+    }
+    if (Object.getPrototypeOf(input) === null) {
+        return true;
+    }
+    let proto = input;
+    while (Object.getPrototypeOf(proto) !== null) {
+        proto = Object.getPrototypeOf(proto);
+    }
+    return Object.getPrototypeOf(input) === proto;
+}
+export function isDisjoint(...headers) {
+    const sources = headers.filter(Boolean);
+    if (sources.length === 0 || sources.length === 1) {
+        return true;
+    }
+    let acc;
+    for (const header of sources) {
+        const parameters = Object.keys(header);
+        if (!acc || acc.size === 0) {
+            acc = new Set(parameters);
+            continue;
+        }
+        for (const parameter of parameters) {
+            if (acc.has(parameter)) {
+                return false;
+            }
+            acc.add(parameter);
+        }
+    }
+    return true;
+}
+export const isJWK = (key) => isObject(key) && typeof key.kty === 'string';
+export const isPrivateJWK = (key) => key.kty !== 'oct' &&
+    ((key.kty === 'AKP' && typeof key.priv === 'string') || typeof key.d === 'string');
+export const isPublicJWK = (key) => key.kty !== 'oct' && key.d === undefined && key.priv === undefined;
+export const isSecretJWK = (key) => key.kty === 'oct' && typeof key.k === 'string';

package/node_modules/jose/dist/webapi/util/decode_jwt.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { decode as b64u } from './base64url.js';
 import { decoder } from '../lib/buffer_utils.js';
-import { isObject } from '../lib/is_object.js';
+import { isObject } from '../lib/type_checks.js';
 import { JWTInvalid } from './errors.js';
 export function decodeJwt(jwt) {
     if (typeof jwt !== 'string')

package/node_modules/jose/dist/webapi/util/decode_protected_header.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { decode as b64u } from './base64url.js';
 import { decoder } from '../lib/buffer_utils.js';
-import { isObject } from '../lib/is_object.js';
+import { isObject } from '../lib/type_checks.js';
 export function decodeProtectedHeader(token) {
     let protectedB64u;
     if (typeof token === 'string') {

package/node_modules/jose/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "jose",
-  "version": "6.2.0",
+  "version": "6.2.1",
   "description": "JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes",
   "keywords": [
     "akp",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "conductor-oss",
-  "version": "0.4.0",
+  "version": "0.6.0",
   "license": "MIT",
   "type": "module",
   "main": "dist/launcher.js",
@@ -33,25 +33,25 @@
     "directory": "packages/cli"
   },
   "dependencies": {
-    "@conductor-oss/core": "0.4.0",
-    "@conductor-oss/plugin-agent-claude-code": "0.4.0",
-    "@conductor-oss/plugin-agent-codex": "0.4.0",
-    "@conductor-oss/plugin-agent-gemini": "0.4.0",
-    "@conductor-oss/plugin-agent-amp": "0.4.0",
-    "@conductor-oss/plugin-agent-cursor-cli": "0.4.0",
-    "@conductor-oss/plugin-agent-opencode": "0.4.0",
-    "@conductor-oss/plugin-agent-droid": "0.4.0",
-    "@conductor-oss/plugin-agent-qwen-code": "0.4.0",
-    "@conductor-oss/plugin-agent-ccr": "0.4.0",
-    "@conductor-oss/plugin-agent-github-copilot": "0.4.0",
-    "@conductor-oss/plugin-mcp-server": "0.4.0",
-    "@conductor-oss/plugin-notifier-desktop": "0.4.0",
-    "@conductor-oss/plugin-notifier-discord": "0.4.0",
-    "@conductor-oss/plugin-runtime-tmux": "0.4.0",
-    "@conductor-oss/plugin-scm-github": "0.4.0",
-    "@conductor-oss/plugin-terminal-web": "0.4.0",
-    "@conductor-oss/plugin-tracker-github": "0.4.0",
-    "@conductor-oss/plugin-workspace-worktree": "0.4.0",
+    "@conductor-oss/core": "0.6.0",
+    "@conductor-oss/plugin-agent-claude-code": "0.6.0",
+    "@conductor-oss/plugin-agent-codex": "0.6.0",
+    "@conductor-oss/plugin-agent-gemini": "0.6.0",
+    "@conductor-oss/plugin-agent-amp": "0.6.0",
+    "@conductor-oss/plugin-agent-cursor-cli": "0.6.0",
+    "@conductor-oss/plugin-agent-opencode": "0.6.0",
+    "@conductor-oss/plugin-agent-droid": "0.6.0",
+    "@conductor-oss/plugin-agent-qwen-code": "0.6.0",
+    "@conductor-oss/plugin-agent-ccr": "0.6.0",
+    "@conductor-oss/plugin-agent-github-copilot": "0.6.0",
+    "@conductor-oss/plugin-mcp-server": "0.6.0",
+    "@conductor-oss/plugin-notifier-desktop": "0.6.0",
+    "@conductor-oss/plugin-notifier-discord": "0.6.0",
+    "@conductor-oss/plugin-runtime-tmux": "0.6.0",
+    "@conductor-oss/plugin-scm-github": "0.6.0",
+    "@conductor-oss/plugin-terminal-web": "0.6.0",
+    "@conductor-oss/plugin-tracker-github": "0.6.0",
+    "@conductor-oss/plugin-workspace-worktree": "0.6.0",
     "chalk": "^5.6.2",
     "commander": "^14.0.3",
     "ora": "^9.3.0",
@@ -82,9 +82,9 @@
     "tailwind-merge": "^3.5.0"
   },
   "optionalDependencies": {
-    "conductor-oss-native-darwin-universal": "0.4.0",
-    "conductor-oss-native-linux-x64": "0.4.0",
-    "conductor-oss-native-win32-x64": "0.4.0"
+    "conductor-oss-native-darwin-universal": "0.6.0",
+    "conductor-oss-native-linux-x64": "0.6.0",
+    "conductor-oss-native-win32-x64": "0.6.0"
   },
   "files": [
     "dist/",

package/web/.next/standalone/packages/web/.next/BUILD_ID CHANGED Viewed

	@@ -1 +1 @@
1	- ~~E4-NvSai1Ps20r9dtdpps~~
1	+ BHEBqfhQTyzF7_rs_EqmL

package/web/.next/standalone/packages/web/.next/build-manifest.json CHANGED Viewed

@@ -7,8 +7,8 @@
     "static/chunks/a6dad97d9634a72d.js"
   ],
   "lowPriorityFiles": [
-    "static/E4-NvSai1Ps20r9dtdpps/_ssgManifest.js",
-    "static/E4-NvSai1Ps20r9dtdpps/_buildManifest.js"
+    "static/BHEBqfhQTyzF7_rs_EqmL/_ssgManifest.js",
+    "static/BHEBqfhQTyzF7_rs_EqmL/_buildManifest.js"
   ],
   "rootMainFiles": [
     "static/chunks/ba2aa8b54e912820.js",

package/web/.next/standalone/packages/web/.next/prerender-manifest.json CHANGED Viewed

@@ -83,8 +83,8 @@
   "dynamicRoutes": {},
   "notFoundRoutes": [],
   "preview": {
-    "previewModeId": "fce92a1f1342f1b13ed91b6bdd62464f",
-    "previewModeSigningKey": "36400662164e8e9f828a442b4c6e70fd6e3c64f04eb5388674ca49fc4a3132b1",
-    "previewModeEncryptionKey": "3e887dce7449921a6b7eff2086b8a7decf80741749bc475da0ea45d92a39055b"
+    "previewModeId": "ce02106457fbec85b89dd65ba8686ff4",
+    "previewModeSigningKey": "f5b80feb5acbddec31748ebc2b7f56558b217c67ee652925d9d92ac17112d4ac",
+    "previewModeEncryptionKey": "37e3c5666d5cda7e7922b3a4acd78fae37fe8b5461ec0118a783dc1f078e2cf2"
   }
 }