nlcurl 0.1.0

package/dist/proxy/http-proxy.js

@@ -0,0 +1,93 @@
+/**
+ * HTTP CONNECT proxy tunneling.
+ *
+ * Establishes a TCP tunnel through an HTTP proxy using the CONNECT
+ * method, then returns the raw socket for TLS negotiation.
+ */
+import * as net from 'node:net';
+import { ProxyError } from '../core/errors.js';
+/**
+ * Connect to a target host:port through an HTTP CONNECT proxy.
+ *
+ * Returns a raw TCP socket with the tunnel established, ready for
+ * TLS handshake.
+ */
+export async function httpProxyConnect(proxy, targetHost, targetPort) {
+    return new Promise((resolve, reject) => {
+        let settled = false;
+        const socket = net.createConnection({
+            host: proxy.host,
+            port: proxy.port,
+        });
+        const timeoutMs = proxy.timeout ?? 30_000;
+        let timer;
+        if (timeoutMs > 0) {
+            timer = setTimeout(() => {
+                if (!settled) {
+                    settled = true;
+                    socket.destroy();
+                    reject(new ProxyError('Proxy connection timed out'));
+                }
+            }, timeoutMs);
+        }
+        socket.once('connect', () => {
+            // Send CONNECT request
+            let connectReq = `CONNECT ${targetHost}:${targetPort} HTTP/1.1\r\n`;
+            connectReq += `Host: ${targetHost}:${targetPort}\r\n`;
+            if (proxy.auth) {
+                const encoded = Buffer.from(proxy.auth).toString('base64');
+                connectReq += `Proxy-Authorization: Basic ${encoded}\r\n`;
+            }
+            connectReq += '\r\n';
+            socket.write(connectReq);
+            // Read proxy response
+            let buffer = '';
+            const onData = (chunk) => {
+                buffer += chunk.toString('latin1');
+                const headerEnd = buffer.indexOf('\r\n\r\n');
+                if (headerEnd >= 0) {
+                    socket.removeListener('data', onData);
+                    // Parse status line
+                    const statusLine = buffer.substring(0, buffer.indexOf('\r\n'));
+                    const match = /^HTTP\/\d\.\d\s+(\d{3})/.exec(statusLine);
+                    if (!match) {
+                        settled = true;
+                        if (timer)
+                            clearTimeout(timer);
+                        socket.destroy();
+                        reject(new ProxyError(`Invalid proxy response: ${statusLine.substring(0, 100)}`));
+                        return;
+                    }
+                    const statusCode = parseInt(match[1], 10);
+                    if (statusCode !== 200) {
+                        settled = true;
+                        if (timer)
+                            clearTimeout(timer);
+                        socket.destroy();
+                        reject(new ProxyError(`Proxy CONNECT failed with status ${statusCode}`));
+                        return;
+                    }
+                    settled = true;
+                    if (timer)
+                        clearTimeout(timer);
+                    // Push any remaining data back
+                    const remaining = buffer.substring(headerEnd + 4);
+                    if (remaining.length > 0) {
+                        socket.unshift(Buffer.from(remaining, 'latin1'));
+                    }
+                    resolve(socket);
+                }
+            };
+            socket.on('data', onData);
+        });
+        socket.once('error', (err) => {
+            if (!settled) {
+                settled = true;
+                if (timer)
+                    clearTimeout(timer);
+                reject(new ProxyError(`Proxy connection failed: ${err.message}`));
+            }
+        });
+    });
+}
+//# sourceMappingURL=http-proxy.js.map

package/dist/proxy/http-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-proxy.js","sourceRoot":"","sources":["../../src/proxy/http-proxy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAW/C;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAuB,EACvB,UAAkB,EAClB,UAAkB;IAElB,OAAO,IAAI,OAAO,CAAa,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACjD,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,MAAM,MAAM,GAAG,GAAG,CAAC,gBAAgB,CAAC;YAClC,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,IAAI,EAAE,KAAK,CAAC,IAAI;SACjB,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,IAAI,MAAM,CAAC;QAC1C,IAAI,KAAgD,CAAC;QAErD,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YAClB,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBACtB,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM,CAAC,OAAO,EAAE,CAAC;oBACjB,MAAM,CAAC,IAAI,UAAU,CAAC,4BAA4B,CAAC,CAAC,CAAC;gBACvD,CAAC;YACH,CAAC,EAAE,SAAS,CAAC,CAAC;QAChB,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE;YAC1B,uBAAuB;YACvB,IAAI,UAAU,GAAG,WAAW,UAAU,IAAI,UAAU,eAAe,CAAC;YACpE,UAAU,IAAI,SAAS,UAAU,IAAI,UAAU,MAAM,CAAC;YAEtD,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC3D,UAAU,IAAI,8BAA8B,OAAO,MAAM,CAAC;YAC5D,CAAC;YAED,UAAU,IAAI,MAAM,CAAC;YACrB,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YAEzB,sBAAsB;YACtB,IAAI,MAAM,GAAG,EAAE,CAAC;YAEhB,MAAM,MAAM,GAAG,CAAC,KAAa,EAAE,EAAE;gBAC/B,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACnC,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAC7C,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;oBACnB,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;oBAEtC,oBAAoB;oBACpB,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC/D,MAAM,KAAK,GAAG,yBAAyB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;oBAEzD,IAAI,CAAC,KAAK,EAAE,CAAC;wBACX,OAAO,GAAG,IAAI,CAAC;wBACf,IAAI,KAAK;4BAAE,YAAY,CAAC,KAAK,CAAC,CAAC;wBAC/B,MAAM,CAAC,OAAO,EAAE,CAAC;wBACjB,MAAM,CAAC,IAAI,UAAU,CAAC,2BAA2B,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;wBAClF,OAAO;oBACT,CAAC;oBAED,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC;oBAC3C,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;wBACvB,OAAO,GAAG,IAAI,CAAC;wBACf,IAAI,KAAK;4BAAE,YAAY,CAAC,KAAK,CAAC,CAAC;wBAC/B,MAAM,CAAC,OAAO,EAAE,CAAC;wBACjB,MAAM,CAAC,IAAI,UAAU,CAAC,oCAAoC,UAAU,EAAE,CAAC,CAAC,CAAC;wBACzE,OAAO;oBACT,CAAC;oBAED,OAAO,GAAG,IAAI,CAAC;oBACf,IAAI,KAAK;wBAAE,YAAY,CAAC,KAAK,CAAC,CAAC;oBAE/B,+BAA+B;oBAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;oBAClD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACzB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;oBACnD,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YAC3B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,IAAI,KAAK;oBAAE,YAAY,CAAC,KAAK,CAAC,CAAC;gBAC/B,MAAM,CAAC,IAAI,UAAU,CAAC,4BAA4B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACpE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/proxy/socks.d.ts

@@ -0,0 +1,24 @@
+/**
+ * SOCKS proxy support (SOCKS4, SOCKS4a, SOCKS5).
+ *
+ * Implements the SOCKS protocol for tunneling TCP connections through
+ * SOCKS proxies.  Zero dependencies.
+ */
+import * as net from 'node:net';
+export interface SocksProxyOptions {
+    host: string;
+    port: number;
+    /** SOCKS version: 4, 4 (with 4a extension), or 5. */
+    version: 4 | 5;
+    /** Username for SOCKS5 authentication. */
+    username?: string;
+    /** Password for SOCKS5 authentication. */
+    password?: string;
+    /** Timeout in milliseconds. */
+    timeout?: number;
+}
+/**
+ * Connect to a target through a SOCKS proxy.
+ */
+export declare function socksConnect(proxy: SocksProxyOptions, targetHost: string, targetPort: number): Promise<net.Socket>;
+//# sourceMappingURL=socks.d.ts.map

package/dist/proxy/socks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"socks.d.ts","sourceRoot":"","sources":["../../src/proxy/socks.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAGhC,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,qDAAqD;IACrD,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC;IACf,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,wBAAsB,YAAY,CAChC,KAAK,EAAE,iBAAiB,EACxB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAcrB"}

package/dist/proxy/socks.js

@@ -0,0 +1,196 @@
+/**
+ * SOCKS proxy support (SOCKS4, SOCKS4a, SOCKS5).
+ *
+ * Implements the SOCKS protocol for tunneling TCP connections through
+ * SOCKS proxies.  Zero dependencies.
+ */
+import * as net from 'node:net';
+import { ProxyError } from '../core/errors.js';
+/**
+ * Connect to a target through a SOCKS proxy.
+ */
+export async function socksConnect(proxy, targetHost, targetPort) {
+    const socket = await tcpConnect(proxy.host, proxy.port, proxy.timeout);
+    try {
+        if (proxy.version === 5) {
+            await socks5Handshake(socket, proxy, targetHost, targetPort);
+        }
+        else {
+            await socks4Connect(socket, targetHost, targetPort);
+        }
+        return socket;
+    }
+    catch (err) {
+        socket.destroy();
+        throw err;
+    }
+}
+// ---- SOCKS5 ----
+async function socks5Handshake(socket, proxy, host, port) {
+    // 1. Authentication negotiation
+    const hasAuth = proxy.username && proxy.password;
+    const methods = hasAuth ? Buffer.from([0x05, 0x02, 0x00, 0x02]) : Buffer.from([0x05, 0x01, 0x00]);
+    await socketWrite(socket, methods);
+    const authResponse = await socketRead(socket, 2);
+    if (authResponse[0] !== 0x05) {
+        throw new ProxyError('Invalid SOCKS5 response');
+    }
+    const selectedMethod = authResponse[1];
+    if (selectedMethod === 0x02 && hasAuth) {
+        // Username/password authentication (RFC 1929)
+        const user = Buffer.from(proxy.username, 'utf-8');
+        const pass = Buffer.from(proxy.password, 'utf-8');
+        const authReq = Buffer.alloc(3 + user.length + pass.length);
+        authReq[0] = 0x01; // version
+        authReq[1] = user.length;
+        user.copy(authReq, 2);
+        authReq[2 + user.length] = pass.length;
+        pass.copy(authReq, 3 + user.length);
+        await socketWrite(socket, authReq);
+        const authResult = await socketRead(socket, 2);
+        if (authResult[1] !== 0x00) {
+            throw new ProxyError('SOCKS5 authentication failed');
+        }
+    }
+    else if (selectedMethod === 0xff) {
+        throw new ProxyError('SOCKS5 proxy rejected all authentication methods');
+    }
+    // 2. Connection request
+    const hostBuf = Buffer.from(host, 'utf-8');
+    const req = Buffer.alloc(4 + 1 + hostBuf.length + 2);
+    req[0] = 0x05; // version
+    req[1] = 0x01; // CONNECT
+    req[2] = 0x00; // reserved
+    req[3] = 0x03; // DOMAINNAME
+    req[4] = hostBuf.length;
+    hostBuf.copy(req, 5);
+    req.writeUInt16BE(port, 5 + hostBuf.length);
+    await socketWrite(socket, req);
+    // 3. Read response
+    const resp = await socketRead(socket, 4);
+    if (resp[0] !== 0x05) {
+        throw new ProxyError('Invalid SOCKS5 response');
+    }
+    if (resp[1] !== 0x00) {
+        const codes = {
+            0x01: 'general SOCKS server failure',
+            0x02: 'connection not allowed by ruleset',
+            0x03: 'network unreachable',
+            0x04: 'host unreachable',
+            0x05: 'connection refused',
+            0x06: 'TTL expired',
+            0x07: 'command not supported',
+            0x08: 'address type not supported',
+        };
+        throw new ProxyError(`SOCKS5 connect failed: ${codes[resp[1]] ?? 'unknown error'}`);
+    }
+    // Read bound address (we don't use it, but must consume the bytes)
+    const addrType = resp[3];
+    if (addrType === 0x01) {
+        // IPv4
+        await socketRead(socket, 4 + 2);
+    }
+    else if (addrType === 0x03) {
+        // Domain
+        const lenBuf = await socketRead(socket, 1);
+        await socketRead(socket, lenBuf[0] + 2);
+    }
+    else if (addrType === 0x04) {
+        // IPv6
+        await socketRead(socket, 16 + 2);
+    }
+}
+// ---- SOCKS4/4a ----
+async function socks4Connect(socket, host, port) {
+    // SOCKS4a: use 0.0.0.1 as IP and append hostname
+    const hostBuf = Buffer.from(host + '\0', 'utf-8');
+    const req = Buffer.alloc(9 + hostBuf.length);
+    req[0] = 0x04; // version
+    req[1] = 0x01; // CONNECT
+    req.writeUInt16BE(port, 2);
+    // IP = 0.0.0.1 (triggers SOCKS4a)
+    req[4] = 0;
+    req[5] = 0;
+    req[6] = 0;
+    req[7] = 1;
+    req[8] = 0; // user ID null terminator
+    hostBuf.copy(req, 9);
+    await socketWrite(socket, req);
+    const resp = await socketRead(socket, 8);
+    if (resp[1] !== 0x5a) {
+        throw new ProxyError(`SOCKS4 connect failed: status 0x${resp[1].toString(16)}`);
+    }
+}
+// ---- Helpers ----
+function tcpConnect(host, port, timeout) {
+    return new Promise((resolve, reject) => {
+        let settled = false;
+        const socket = net.createConnection({ host, port });
+        const timeoutMs = timeout ?? 30_000;
+        let timer;
+        if (timeoutMs > 0) {
+            timer = setTimeout(() => {
+                if (!settled) {
+                    settled = true;
+                    socket.destroy();
+                    reject(new ProxyError('SOCKS proxy connection timed out'));
+                }
+            }, timeoutMs);
+        }
+        socket.once('connect', () => {
+            if (!settled) {
+                settled = true;
+                if (timer)
+                    clearTimeout(timer);
+                resolve(socket);
+            }
+        });
+        socket.once('error', (err) => {
+            if (!settled) {
+                settled = true;
+                if (timer)
+                    clearTimeout(timer);
+                reject(new ProxyError(`SOCKS proxy: ${err.message}`));
+            }
+        });
+    });
+}
+function socketWrite(socket, data) {
+    return new Promise((resolve, reject) => {
+        socket.write(data, (err) => {
+            if (err)
+                reject(new ProxyError(err.message));
+            else
+                resolve();
+        });
+    });
+}
+function socketRead(socket, length) {
+    return new Promise((resolve, reject) => {
+        let buffer = Buffer.alloc(0);
+        let settled = false;
+        const onData = (chunk) => {
+            buffer = Buffer.concat([buffer, chunk]);
+            if (buffer.length >= length) {
+                settled = true;
+                socket.removeListener('data', onData);
+                socket.removeListener('error', onError);
+                const result = buffer.subarray(0, length);
+                if (buffer.length > length) {
+                    socket.unshift(buffer.subarray(length));
+                }
+                resolve(result);
+            }
+        };
+        const onError = (err) => {
+            if (!settled) {
+                settled = true;
+                socket.removeListener('data', onData);
+                reject(new ProxyError(err.message));
+            }
+        };
+        socket.on('data', onData);
+        socket.once('error', onError);
+    });
+}
+//# sourceMappingURL=socks.js.map

package/dist/proxy/socks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"socks.js","sourceRoot":"","sources":["../../src/proxy/socks.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAe/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,KAAwB,EACxB,UAAkB,EAClB,UAAkB;IAElB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IAEvE,IAAI,CAAC;QACH,IAAI,KAAK,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACN,MAAM,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,OAAO,EAAE,CAAC;QACjB,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,mBAAmB;AAEnB,KAAK,UAAU,eAAe,CAC5B,MAAkB,EAClB,KAAwB,EACxB,IAAY,EACZ,IAAY;IAEZ,gCAAgC;IAChC,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC;IACjD,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IAClG,MAAM,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEnC,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjD,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7B,MAAM,IAAI,UAAU,CAAC,yBAAyB,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,cAAc,GAAG,YAAY,CAAC,CAAC,CAAE,CAAC;IAExC,IAAI,cAAc,KAAK,IAAI,IAAI,OAAO,EAAE,CAAC;QACvC,8CAA8C;QAC9C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAS,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAS,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5D,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,UAAU;QAC7B,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACtB,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;QACvC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAEnC,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC/C,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3B,MAAM,IAAI,UAAU,CAAC,8BAA8B,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;SAAM,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,UAAU,CAAC,kDAAkD,CAAC,CAAC;IAC3E,CAAC;IAED,wBAAwB;IACxB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACrD,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,UAAU;IACzB,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,UAAU;IACzB,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,WAAW;IAC1B,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,aAAa;IAC5B,GAAG,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;IACxB,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACrB,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC5C,MAAM,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE/B,mBAAmB;IACnB,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACzC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACrB,MAAM,IAAI,UAAU,CAAC,yBAAyB,CAAC,CAAC;IAClD,CAAC;IACD,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACrB,MAAM,KAAK,GAA2B;YACpC,IAAI,EAAE,8BAA8B;YACpC,IAAI,EAAE,mCAAmC;YACzC,IAAI,EAAE,qBAAqB;YAC3B,IAAI,EAAE,kBAAkB;YACxB,IAAI,EAAE,oBAAoB;YAC1B,IAAI,EAAE,aAAa;YACnB,IAAI,EAAE,uBAAuB;YAC7B,IAAI,EAAE,4BAA4B;SACnC,CAAC;QACF,MAAM,IAAI,UAAU,CAAC,0BAA0B,KAAK,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC;IACvF,CAAC;IAED,mEAAmE;IACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;IAC1B,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,OAAO;QACP,MAAM,UAAU,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAClC,CAAC;SAAM,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QAC7B,SAAS;QACT,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC3C,MAAM,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAE,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC;SAAM,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QAC7B,OAAO;QACP,MAAM,UAAU,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,sBAAsB;AAEtB,KAAK,UAAU,aAAa,CAC1B,MAAkB,EAClB,IAAY,EACZ,IAAY;IAEZ,iDAAiD;IACjD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7C,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,UAAU;IACzB,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,UAAU;IACzB,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC3B,kCAAkC;IAClC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACX,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACX,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACX,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACX,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,0BAA0B;IACtC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAErB,MAAM,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE/B,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACzC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACrB,MAAM,IAAI,UAAU,CAAC,mCAAmC,IAAI,CAAC,CAAC,CAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IACnF,CAAC;AACH,CAAC;AAED,oBAAoB;AAEpB,SAAS,UAAU,CAAC,IAAY,EAAE,IAAY,EAAE,OAAgB;IAC9D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,MAAM,MAAM,GAAG,GAAG,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpD,MAAM,SAAS,GAAG,OAAO,IAAI,MAAM,CAAC;QACpC,IAAI,KAAgD,CAAC;QAErD,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YAClB,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBACtB,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM,CAAC,OAAO,EAAE,CAAC;oBACjB,MAAM,CAAC,IAAI,UAAU,CAAC,kCAAkC,CAAC,CAAC,CAAC;gBAC7D,CAAC;YACH,CAAC,EAAE,SAAS,CAAC,CAAC;QAChB,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE;YAC1B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,IAAI,KAAK;oBAAE,YAAY,CAAC,KAAK,CAAC,CAAC;gBAC/B,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YAC3B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,IAAI,KAAK;oBAAE,YAAY,CAAC,KAAK,CAAC,CAAC;gBAC/B,MAAM,CAAC,IAAI,UAAU,CAAC,gBAAgB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACxD,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,MAAkB,EAAE,IAAY;IACnD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE;YACzB,IAAI,GAAG;gBAAE,MAAM,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;;gBACxC,OAAO,EAAE,CAAC;QACjB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU,CAAC,MAAkB,EAAE,MAAc;IACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,MAAM,MAAM,GAAG,CAAC,KAAa,EAAE,EAAE;YAC/B,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACxC,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC;gBAC5B,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBACtC,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACxC,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;gBAC1C,IAAI,MAAM,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;oBAC3B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC1C,CAAC;gBACD,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,OAAO,GAAG,CAAC,GAAU,EAAE,EAAE;YAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBACtC,MAAM,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;YACtC,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/tls/constants.d.ts

@@ -0,0 +1,142 @@
+/**
+ * TLS protocol constants.
+ *
+ * Values taken directly from the IANA TLS registry and relevant RFCs
+ * (RFC 8446 for TLS 1.3, RFC 5246 for TLS 1.2).
+ */
+export declare const RecordType: {
+    readonly CHANGE_CIPHER_SPEC: 20;
+    readonly ALERT: 21;
+    readonly HANDSHAKE: 22;
+    readonly APPLICATION_DATA: 23;
+};
+export declare const ProtocolVersion: {
+    readonly TLS_1_0: 769;
+    readonly TLS_1_1: 770;
+    readonly TLS_1_2: 771;
+    readonly TLS_1_3: 772;
+};
+export declare const HandshakeType: {
+    readonly CLIENT_HELLO: 1;
+    readonly SERVER_HELLO: 2;
+    readonly NEW_SESSION_TICKET: 4;
+    readonly END_OF_EARLY_DATA: 5;
+    readonly ENCRYPTED_EXTENSIONS: 8;
+    readonly CERTIFICATE: 11;
+    readonly CERTIFICATE_REQUEST: 13;
+    readonly CERTIFICATE_VERIFY: 15;
+    readonly FINISHED: 20;
+    readonly KEY_UPDATE: 24;
+    readonly MESSAGE_HASH: 254;
+};
+export declare const CipherSuite: {
+    readonly TLS_AES_128_GCM_SHA256: 4865;
+    readonly TLS_AES_256_GCM_SHA384: 4866;
+    readonly TLS_CHACHA20_POLY1305_SHA256: 4867;
+    readonly TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 49195;
+    readonly TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 49199;
+    readonly TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 49196;
+    readonly TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 49200;
+    readonly TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: 52393;
+    readonly TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: 52392;
+    readonly TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: 49171;
+    readonly TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: 49172;
+    readonly TLS_RSA_WITH_AES_128_GCM_SHA256: 156;
+    readonly TLS_RSA_WITH_AES_256_GCM_SHA384: 157;
+    readonly TLS_RSA_WITH_AES_128_CBC_SHA: 47;
+    readonly TLS_RSA_WITH_AES_256_CBC_SHA: 53;
+    readonly TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: 49161;
+    readonly TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: 49162;
+};
+export declare const ExtensionType: {
+    readonly SERVER_NAME: 0;
+    readonly EC_POINT_FORMATS: 11;
+    readonly SUPPORTED_GROUPS: 10;
+    readonly SESSION_TICKET: 35;
+    readonly ENCRYPT_THEN_MAC: 22;
+    readonly EXTENDED_MASTER_SECRET: 23;
+    readonly SIGNATURE_ALGORITHMS: 13;
+    readonly SUPPORTED_VERSIONS: 43;
+    readonly PSK_KEY_EXCHANGE_MODES: 45;
+    readonly KEY_SHARE: 51;
+    readonly RENEGOTIATION_INFO: 65281;
+    readonly STATUS_REQUEST: 5;
+    readonly SIGNED_CERTIFICATE_TIMESTAMP: 18;
+    readonly APPLICATION_LAYER_PROTOCOL_NEGOTIATION: 16;
+    readonly COMPRESS_CERTIFICATE: 27;
+    readonly TOKEN_BINDING: 24;
+    readonly APPLICATION_SETTINGS: 17513;
+    readonly DELEGATED_CREDENTIALS: 34;
+    readonly RECORD_SIZE_LIMIT: 28;
+    readonly PADDING: 21;
+    readonly PRE_SHARED_KEY: 41;
+    readonly EARLY_DATA: 42;
+    readonly ENCRYPTED_CLIENT_HELLO: 65037;
+    readonly POST_HANDSHAKE_AUTH: 49;
+};
+export declare const NamedGroup: {
+    readonly X25519: 29;
+    readonly SECP256R1: 23;
+    readonly SECP384R1: 24;
+    readonly SECP521R1: 25;
+    readonly X448: 30;
+    readonly FFDHE2048: 256;
+    readonly FFDHE3072: 257;
+    readonly X25519_KYBER768: 25497;
+    readonly X25519_MLKEM768: 17800;
+};
+export declare const SignatureScheme: {
+    readonly ECDSA_SECP256R1_SHA256: 1027;
+    readonly ECDSA_SECP384R1_SHA384: 1283;
+    readonly ECDSA_SECP521R1_SHA512: 1539;
+    readonly RSA_PSS_RSAE_SHA256: 2052;
+    readonly RSA_PSS_RSAE_SHA384: 2053;
+    readonly RSA_PSS_RSAE_SHA512: 2054;
+    readonly RSA_PKCS1_SHA256: 1025;
+    readonly RSA_PKCS1_SHA384: 1281;
+    readonly RSA_PKCS1_SHA512: 1537;
+    readonly ED25519: 2055;
+    readonly ED448: 2056;
+    readonly RSA_PSS_PSS_SHA256: 2057;
+    readonly RSA_PSS_PSS_SHA384: 2058;
+    readonly RSA_PSS_PSS_SHA512: 2059;
+    readonly RSA_PKCS1_SHA1: 513;
+    readonly ECDSA_SHA1: 515;
+};
+export declare const ECPointFormat: {
+    readonly UNCOMPRESSED: 0;
+};
+export declare const PskKeyExchangeMode: {
+    readonly PSK_KE: 0;
+    readonly PSK_DHE_KE: 1;
+};
+export declare const CertCompressAlg: {
+    readonly ZLIB: 1;
+    readonly BROTLI: 2;
+    readonly ZSTD: 3;
+};
+export declare const GREASE_VALUES: readonly number[];
+/** Pick a deterministic but varied GREASE value seeded by an index. */
+export declare function greaseValue(seed: number): number;
+export declare const AlertDescription: {
+    readonly CLOSE_NOTIFY: 0;
+    readonly UNEXPECTED_MESSAGE: 10;
+    readonly BAD_RECORD_MAC: 20;
+    readonly RECORD_OVERFLOW: 22;
+    readonly HANDSHAKE_FAILURE: 40;
+    readonly BAD_CERTIFICATE: 42;
+    readonly CERTIFICATE_EXPIRED: 45;
+    readonly CERTIFICATE_UNKNOWN: 46;
+    readonly ILLEGAL_PARAMETER: 47;
+    readonly UNKNOWN_CA: 48;
+    readonly DECODE_ERROR: 50;
+    readonly DECRYPT_ERROR: 51;
+    readonly PROTOCOL_VERSION: 70;
+    readonly INSUFFICIENT_SECURITY: 71;
+    readonly INTERNAL_ERROR: 80;
+    readonly NO_RENEGOTIATION: 100;
+    readonly MISSING_EXTENSION: 109;
+    readonly UNRECOGNIZED_NAME: 112;
+    readonly CERTIFICATE_REQUIRED: 116;
+};
+//# sourceMappingURL=constants.d.ts.map

package/dist/tls/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/tls/constants.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,eAAO,MAAM,UAAU;;;;;CAKb,CAAC;AAIX,eAAO,MAAM,eAAe;;;;;CAKlB,CAAC;AAIX,eAAO,MAAM,aAAa;;;;;;;;;;;;CAYhB,CAAC;AAKX,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;CAuBd,CAAC;AAIX,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;CAyBhB,CAAC;AAIX,eAAO,MAAM,UAAU;;;;;;;;;;CAUb,CAAC;AAIX,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;CAiBlB,CAAC;AAIX,eAAO,MAAM,aAAa;;CAEhB,CAAC;AAIX,eAAO,MAAM,kBAAkB;;;CAGrB,CAAC;AAIX,eAAO,MAAM,eAAe;;;;CAIlB,CAAC;AAIX,eAAO,MAAM,aAAa,EAAE,SAAS,MAAM,EAG1C,CAAC;AAEF,uEAAuE;AACvE,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEhD;AAID,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;CAoBnB,CAAC"}

package/dist/tls/constants.js

@@ -0,0 +1,163 @@
+/**
+ * TLS protocol constants.
+ *
+ * Values taken directly from the IANA TLS registry and relevant RFCs
+ * (RFC 8446 for TLS 1.3, RFC 5246 for TLS 1.2).
+ */
+// ---- Record types ----
+export const RecordType = {
+    CHANGE_CIPHER_SPEC: 20,
+    ALERT: 21,
+    HANDSHAKE: 22,
+    APPLICATION_DATA: 23,
+};
+// ---- Protocol versions ----
+export const ProtocolVersion = {
+    TLS_1_0: 0x0301,
+    TLS_1_1: 0x0302,
+    TLS_1_2: 0x0303,
+    TLS_1_3: 0x0304,
+};
+// ---- Handshake message types ----
+export const HandshakeType = {
+    CLIENT_HELLO: 1,
+    SERVER_HELLO: 2,
+    NEW_SESSION_TICKET: 4,
+    END_OF_EARLY_DATA: 5,
+    ENCRYPTED_EXTENSIONS: 8,
+    CERTIFICATE: 11,
+    CERTIFICATE_REQUEST: 13,
+    CERTIFICATE_VERIFY: 15,
+    FINISHED: 20,
+    KEY_UPDATE: 24,
+    MESSAGE_HASH: 254,
+};
+// ---- Cipher suites (hex values) ----
+// Only suites used in modern browser fingerprints are listed.
+export const CipherSuite = {
+    // TLS 1.3
+    TLS_AES_128_GCM_SHA256: 0x1301,
+    TLS_AES_256_GCM_SHA384: 0x1302,
+    TLS_CHACHA20_POLY1305_SHA256: 0x1303,
+    // TLS 1.2 (Chrome / Edge)
+    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 0xc02b,
+    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 0xc02f,
+    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 0xc02c,
+    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 0xc030,
+    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: 0xcca9,
+    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: 0xcca8,
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: 0xc013,
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: 0xc014,
+    TLS_RSA_WITH_AES_128_GCM_SHA256: 0x009c,
+    TLS_RSA_WITH_AES_256_GCM_SHA384: 0x009d,
+    TLS_RSA_WITH_AES_128_CBC_SHA: 0x002f,
+    TLS_RSA_WITH_AES_256_CBC_SHA: 0x0035,
+    // Firefox additional
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: 0xc009,
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: 0xc00a,
+};
+// ---- TLS Extensions ----
+export const ExtensionType = {
+    SERVER_NAME: 0x0000,
+    EC_POINT_FORMATS: 0x000b,
+    SUPPORTED_GROUPS: 0x000a,
+    SESSION_TICKET: 0x0023,
+    ENCRYPT_THEN_MAC: 0x0016,
+    EXTENDED_MASTER_SECRET: 0x0017,
+    SIGNATURE_ALGORITHMS: 0x000d,
+    SUPPORTED_VERSIONS: 0x002b,
+    PSK_KEY_EXCHANGE_MODES: 0x002d,
+    KEY_SHARE: 0x0033,
+    RENEGOTIATION_INFO: 0xff01,
+    STATUS_REQUEST: 0x0005,
+    SIGNED_CERTIFICATE_TIMESTAMP: 0x0012,
+    APPLICATION_LAYER_PROTOCOL_NEGOTIATION: 0x0010,
+    COMPRESS_CERTIFICATE: 0x001b,
+    TOKEN_BINDING: 0x0018,
+    APPLICATION_SETTINGS: 0x4469, // ALPS
+    DELEGATED_CREDENTIALS: 0x0022,
+    RECORD_SIZE_LIMIT: 0x001c,
+    PADDING: 0x0015,
+    PRE_SHARED_KEY: 0x0029,
+    EARLY_DATA: 0x002a,
+    ENCRYPTED_CLIENT_HELLO: 0xfe0d,
+    POST_HANDSHAKE_AUTH: 0x0031,
+};
+// ---- Supported groups (named curves) ----
+export const NamedGroup = {
+    X25519: 0x001d,
+    SECP256R1: 0x0017,
+    SECP384R1: 0x0018,
+    SECP521R1: 0x0019,
+    X448: 0x001e,
+    FFDHE2048: 0x0100,
+    FFDHE3072: 0x0101,
+    X25519_KYBER768: 0x6399,
+    X25519_MLKEM768: 0x4588,
+};
+// ---- Signature algorithms ----
+export const SignatureScheme = {
+    ECDSA_SECP256R1_SHA256: 0x0403,
+    ECDSA_SECP384R1_SHA384: 0x0503,
+    ECDSA_SECP521R1_SHA512: 0x0603,
+    RSA_PSS_RSAE_SHA256: 0x0804,
+    RSA_PSS_RSAE_SHA384: 0x0805,
+    RSA_PSS_RSAE_SHA512: 0x0806,
+    RSA_PKCS1_SHA256: 0x0401,
+    RSA_PKCS1_SHA384: 0x0501,
+    RSA_PKCS1_SHA512: 0x0601,
+    ED25519: 0x0807,
+    ED448: 0x0808,
+    RSA_PSS_PSS_SHA256: 0x0809,
+    RSA_PSS_PSS_SHA384: 0x080a,
+    RSA_PSS_PSS_SHA512: 0x080b,
+    RSA_PKCS1_SHA1: 0x0201,
+    ECDSA_SHA1: 0x0203,
+};
+// ---- EC point formats ----
+export const ECPointFormat = {
+    UNCOMPRESSED: 0,
+};
+// ---- PSK key exchange modes ----
+export const PskKeyExchangeMode = {
+    PSK_KE: 0,
+    PSK_DHE_KE: 1,
+};
+// ---- Compress-certificate algorithms ----
+export const CertCompressAlg = {
+    ZLIB: 1,
+    BROTLI: 2,
+    ZSTD: 3,
+};
+// ---- GREASE values (RFC 8701) ----
+export const GREASE_VALUES = [
+    0x0a0a, 0x1a1a, 0x2a2a, 0x3a3a, 0x4a4a, 0x5a5a, 0x6a6a, 0x7a7a,
+    0x8a8a, 0x9a9a, 0xaaaa, 0xbaba, 0xcaca, 0xdada, 0xeaea, 0xfafa,
+];
+/** Pick a deterministic but varied GREASE value seeded by an index. */
+export function greaseValue(seed) {
+    return GREASE_VALUES[seed % GREASE_VALUES.length];
+}
+// ---- Alert descriptions ----
+export const AlertDescription = {
+    CLOSE_NOTIFY: 0,
+    UNEXPECTED_MESSAGE: 10,
+    BAD_RECORD_MAC: 20,
+    RECORD_OVERFLOW: 22,
+    HANDSHAKE_FAILURE: 40,
+    BAD_CERTIFICATE: 42,
+    CERTIFICATE_EXPIRED: 45,
+    CERTIFICATE_UNKNOWN: 46,
+    ILLEGAL_PARAMETER: 47,
+    UNKNOWN_CA: 48,
+    DECODE_ERROR: 50,
+    DECRYPT_ERROR: 51,
+    PROTOCOL_VERSION: 70,
+    INSUFFICIENT_SECURITY: 71,
+    INTERNAL_ERROR: 80,
+    NO_RENEGOTIATION: 100,
+    MISSING_EXTENSION: 109,
+    UNRECOGNIZED_NAME: 112,
+    CERTIFICATE_REQUIRED: 116,
+};
+//# sourceMappingURL=constants.js.map

package/dist/tls/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/tls/constants.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,yBAAyB;AAEzB,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,kBAAkB,EAAE,EAAE;IACtB,KAAK,EAAE,EAAE;IACT,SAAS,EAAE,EAAE;IACb,gBAAgB,EAAE,EAAE;CACZ,CAAC;AAEX,8BAA8B;AAE9B,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,OAAO,EAAE,MAAM;IACf,OAAO,EAAE,MAAM;IACf,OAAO,EAAE,MAAM;IACf,OAAO,EAAE,MAAM;CACP,CAAC;AAEX,oCAAoC;AAEpC,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,YAAY,EAAE,CAAC;IACf,YAAY,EAAE,CAAC;IACf,kBAAkB,EAAE,CAAC;IACrB,iBAAiB,EAAE,CAAC;IACpB,oBAAoB,EAAE,CAAC;IACvB,WAAW,EAAE,EAAE;IACf,mBAAmB,EAAE,EAAE;IACvB,kBAAkB,EAAE,EAAE;IACtB,QAAQ,EAAE,EAAE;IACZ,UAAU,EAAE,EAAE;IACd,YAAY,EAAE,GAAG;CACT,CAAC;AAEX,uCAAuC;AACvC,8DAA8D;AAE9D,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,UAAU;IACV,sBAAsB,EAAE,MAAM;IAC9B,sBAAsB,EAAE,MAAM;IAC9B,4BAA4B,EAAE,MAAM;IAEpC,0BAA0B;IAC1B,uCAAuC,EAAE,MAAM;IAC/C,qCAAqC,EAAE,MAAM;IAC7C,uCAAuC,EAAE,MAAM;IAC/C,qCAAqC,EAAE,MAAM;IAC7C,6CAA6C,EAAE,MAAM;IACrD,2CAA2C,EAAE,MAAM;IACnD,kCAAkC,EAAE,MAAM;IAC1C,kCAAkC,EAAE,MAAM;IAC1C,+BAA+B,EAAE,MAAM;IACvC,+BAA+B,EAAE,MAAM;IACvC,4BAA4B,EAAE,MAAM;IACpC,4BAA4B,EAAE,MAAM;IAEpC,qBAAqB;IACrB,oCAAoC,EAAE,MAAM;IAC5C,oCAAoC,EAAE,MAAM;CACpC,CAAC;AAEX,2BAA2B;AAE3B,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,WAAW,EAAE,MAAM;IACnB,gBAAgB,EAAE,MAAM;IACxB,gBAAgB,EAAE,MAAM;IACxB,cAAc,EAAE,MAAM;IACtB,gBAAgB,EAAE,MAAM;IACxB,sBAAsB,EAAE,MAAM;IAC9B,oBAAoB,EAAE,MAAM;IAC5B,kBAAkB,EAAE,MAAM;IAC1B,sBAAsB,EAAE,MAAM;IAC9B,SAAS,EAAE,MAAM;IACjB,kBAAkB,EAAE,MAAM;IAC1B,cAAc,EAAE,MAAM;IACtB,4BAA4B,EAAE,MAAM;IACpC,sCAAsC,EAAE,MAAM;IAC9C,oBAAoB,EAAE,MAAM;IAC5B,aAAa,EAAE,MAAM;IACrB,oBAAoB,EAAE,MAAM,EAAE,OAAO;IACrC,qBAAqB,EAAE,MAAM;IAC7B,iBAAiB,EAAE,MAAM;IACzB,OAAO,EAAE,MAAM;IACf,cAAc,EAAE,MAAM;IACtB,UAAU,EAAE,MAAM;IAClB,sBAAsB,EAAE,MAAM;IAC9B,mBAAmB,EAAE,MAAM;CACnB,CAAC;AAEX,4CAA4C;AAE5C,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,MAAM,EAAE,MAAM;IACd,SAAS,EAAE,MAAM;IACjB,SAAS,EAAE,MAAM;IACjB,SAAS,EAAE,MAAM;IACjB,IAAI,EAAE,MAAM;IACZ,SAAS,EAAE,MAAM;IACjB,SAAS,EAAE,MAAM;IACjB,eAAe,EAAE,MAAM;IACvB,eAAe,EAAE,MAAM;CACf,CAAC;AAEX,iCAAiC;AAEjC,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,sBAAsB,EAAE,MAAM;IAC9B,sBAAsB,EAAE,MAAM;IAC9B,sBAAsB,EAAE,MAAM;IAC9B,mBAAmB,EAAE,MAAM;IAC3B,mBAAmB,EAAE,MAAM;IAC3B,mBAAmB,EAAE,MAAM;IAC3B,gBAAgB,EAAE,MAAM;IACxB,gBAAgB,EAAE,MAAM;IACxB,gBAAgB,EAAE,MAAM;IACxB,OAAO,EAAE,MAAM;IACf,KAAK,EAAE,MAAM;IACb,kBAAkB,EAAE,MAAM;IAC1B,kBAAkB,EAAE,MAAM;IAC1B,kBAAkB,EAAE,MAAM;IAC1B,cAAc,EAAE,MAAM;IACtB,UAAU,EAAE,MAAM;CACV,CAAC;AAEX,6BAA6B;AAE7B,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,YAAY,EAAE,CAAC;CACP,CAAC;AAEX,mCAAmC;AAEnC,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,MAAM,EAAE,CAAC;IACT,UAAU,EAAE,CAAC;CACL,CAAC;AAEX,4CAA4C;AAE5C,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;CACC,CAAC;AAEX,qCAAqC;AAErC,MAAM,CAAC,MAAM,aAAa,GAAsB;IAC9C,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAC9D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;CAC/D,CAAC;AAEF,uEAAuE;AACvE,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,OAAO,aAAa,CAAC,IAAI,GAAG,aAAa,CAAC,MAAM,CAAE,CAAC;AACrD,CAAC;AAED,+BAA+B;AAE/B,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,YAAY,EAAE,CAAC;IACf,kBAAkB,EAAE,EAAE;IACtB,cAAc,EAAE,EAAE;IAClB,eAAe,EAAE,EAAE;IACnB,iBAAiB,EAAE,EAAE;IACrB,eAAe,EAAE,EAAE;IACnB,mBAAmB,EAAE,EAAE;IACvB,mBAAmB,EAAE,EAAE;IACvB,iBAAiB,EAAE,EAAE;IACrB,UAAU,EAAE,EAAE;IACd,YAAY,EAAE,EAAE;IAChB,aAAa,EAAE,EAAE;IACjB,gBAAgB,EAAE,EAAE;IACpB,qBAAqB,EAAE,EAAE;IACzB,cAAc,EAAE,EAAE;IAClB,gBAAgB,EAAE,GAAG;IACrB,iBAAiB,EAAE,GAAG;IACtB,iBAAiB,EAAE,GAAG;IACtB,oBAAoB,EAAE,GAAG;CACjB,CAAC"}

package/dist/tls/node-engine.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Standard TLS engine.
+ *
+ * Uses Node.js built-in `node:tls` module with maximum configuration
+ * from browser profiles.  This engine controls:
+ *   - Cipher suite order (via the `ciphers` option)
+ *   - Named groups / ECDH curves (via `ecdhCurve`)
+ *   - Signature algorithms (via `sigalgs`)
+ *   - ALPN protocols
+ *   - Min/max protocol version
+ *   - Session tickets, SNI
+ *
+ * Limitations: `node:tls` does not expose extension ordering, GREASE
+ * injection, or padding extension control.  For full JA3 fingerprint
+ * matching use the Stealth engine instead.
+ */
+import type { ITLSEngine, TLSConnectOptions, TLSSocket } from './types.js';
+import type { BrowserProfile } from '../fingerprints/types.js';
+export declare class NodeTLSEngine implements ITLSEngine {
+    connect(options: TLSConnectOptions, profile?: BrowserProfile): Promise<TLSSocket>;
+}
+//# sourceMappingURL=node-engine.d.ts.map