@aep-foundation/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/index.ts","../src/constants.ts","../src/did-web.ts","../src/errors.ts","../src/http.ts","../src/inspect.ts","../src/jwt.ts","../src/protocol.ts","../src/schemas.ts"],"sourcesContent":["export * from \"./constants.js\";\nexport * from \"./did-web.js\";\nexport * from \"./errors.js\";\nexport * from \"./http.js\";\nexport * from \"./inspect.js\";\nexport * from \"./jwt.js\";\nexport * from \"./protocol.js\";\nexport * from \"./schemas.js\";\nexport type * from \"./types.js\";\n","export const AEP_VERSION = \"1.0\";\n\nexport const AEP_MEDIA_TYPE = \"application/aep+json\";\nexport const AEP_PROBLEM_MEDIA_TYPE = \"application/problem+json\";\nexport const AEP_AUTH_SCHEME = \"AEP\";\nexport const AEP_WELL_KNOWN_PATH = \"/.well-known/aep\";\nexport const DEFAULT_HTTP_ENDPOINT_BASE = \"/aep/\";\n\nexport const AEP_COMMANDS = [\"inspect\", \"enroll\", \"grant\", \"revoke\", \"status\"] as const;\nexport const AEP_AUTHENTICATED_COMMANDS = [\"enroll\", \"grant\", \"revoke\", \"status\"] as const;\n\nexport const AEP_BINDINGS = [\"http\"] as const;\nexport const AEP_SIGNING_ALGORITHMS = [\"EdDSA\", \"ES256\"] as const;\n\nexport const AEP_IDENTITY_METHOD_DID_WEB = \"did:web\";\n\nexport const AEP_GRANT_TYPE_OAUTH_BEARER = \"oauth-bearer\";\nexport const AEP_GRANT_TYPE_API_KEY = \"api-key\";\nexport const AEP_GRANT_TYPE_BASIC = \"basic\";\n\nexport const AEP_BUILT_IN_GRANT_TYPES = [\n AEP_GRANT_TYPE_OAUTH_BEARER,\n AEP_GRANT_TYPE_API_KEY,\n AEP_GRANT_TYPE_BASIC\n] as const;\n","import type { AepImportableJoseKey } from \"./jwt.js\";\n\nexport type DidWebFetchLike = (input: URL | string, init?: RequestInit) => Promise<Response>;\n\nexport interface ResolveDidWebPublicKeyOptions {\n did: string;\n fetch?: DidWebFetchLike;\n kid?: string;\n}\n\nexport function didWebDocumentUrl(did: string): URL {\n const prefix = \"did:web:\";\n\n if (!did.startsWith(prefix)) {\n throw new Error(`Unsupported DID method: ${did}`);\n }\n\n const [encodedHost, ...pathParts] = did.slice(prefix.length).split(\":\");\n\n if (encodedHost === undefined || encodedHost.length === 0) {\n throw new Error(`Invalid did:web identifier: ${did}`);\n }\n\n const hostName = decodeURIComponent(encodedHost);\n const protocol =\n hostName.startsWith(\"localhost\") || hostName.startsWith(\"127.0.0.1\") ? \"http\" : \"https\";\n const documentPath =\n pathParts.length === 0\n ? \"/.well-known/did.json\"\n : `/${pathParts.map(decodeURIComponent).join(\"/\")}/did.json`;\n\n return new URL(`${protocol}://${hostName}${documentPath}`);\n}\n\nexport async function resolveDidWebPublicKey(\n options: ResolveDidWebPublicKeyOptions\n): Promise<AepImportableJoseKey> {\n const fetchImpl = options.fetch ?? globalThis.fetch;\n\n if (typeof fetchImpl !== \"function\") {\n throw new TypeError(\"AEP did:web resolution requires a fetch implementation.\");\n }\n\n const document = await fetchJson(didWebDocumentUrl(options.did), fetchImpl);\n const methods = arrayField(document, \"verificationMethod\").filter(isRecord);\n const method =\n options.kid === undefined\n ? methods.find((candidate) => isRecord(candidate[\"publicKeyJwk\"]))\n : methods.find(\n (candidate) => candidate[\"id\"] === options.kid && isRecord(candidate[\"publicKeyJwk\"])\n );\n\n if (method === undefined || !isRecord(method[\"publicKeyJwk\"])) {\n throw new Error(`No public JWK found for ${options.kid ?? options.did}.`);\n }\n\n return method[\"publicKeyJwk\"];\n}\n\nasync function fetchJson(url: URL, fetchImpl: DidWebFetchLike): Promise<unknown> {\n const response = await fetchImpl(url);\n\n if (!response.ok) {\n throw new Error(`Failed to fetch ${url.toString()}: ${response.status}`);\n }\n\n return response.json();\n}\n\nfunction arrayField(value: unknown, field: string): unknown[] {\n if (!isRecord(value)) {\n return [];\n }\n\n const fieldValue = value[field];\n return Array.isArray(fieldValue) ? fieldValue : [];\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return typeof value === \"object\" && value !== null && !Array.isArray(value);\n}\n","import type {\n AepErrorCode,\n AepExtensibleString,\n AepProblemDetails,\n ValidationIssue\n} from \"./types.js\";\n\nexport class AepValidationError extends Error {\n readonly issues: ValidationIssue[];\n\n constructor(message: string, issues: ValidationIssue[]) {\n super(message);\n this.name = \"AepValidationError\";\n this.issues = issues;\n }\n}\n\nexport function createProblemDetails(input: {\n code: AepExtensibleString<AepErrorCode>;\n title: string;\n status: number;\n detail?: string;\n instance?: string;\n type?: string;\n}): AepProblemDetails {\n const problem: AepProblemDetails = {\n type: input.type ?? `urn:aep:error:${input.code}`,\n title: input.title,\n status: input.status,\n code: input.code\n };\n\n if (input.detail !== undefined) {\n problem.detail = input.detail;\n }\n\n if (input.instance !== undefined) {\n problem.instance = input.instance;\n }\n\n return problem;\n}\n","import { DEFAULT_HTTP_ENDPOINT_BASE } from \"./constants.js\";\nimport type { AepCommand, InspectDocument } from \"./types.js\";\n\nexport type AepHttpCommand = Exclude<AepCommand, \"inspect\">;\n\nconst COMMAND_PATHS: Record<AepHttpCommand, string> = {\n enroll: \"enroll\",\n grant: \"grant\",\n revoke: \"revoke\",\n status: \"status\"\n};\n\nexport function normalizeEndpointBase(endpointBase = DEFAULT_HTTP_ENDPOINT_BASE): string {\n if (!endpointBase.startsWith(\"/\")) {\n throw new TypeError(\"AEP endpoint_base must start with '/'.\");\n }\n\n return endpointBase.endsWith(\"/\") ? endpointBase : `${endpointBase}/`;\n}\n\nexport function commandPath(\n command: AepHttpCommand,\n endpointBase = DEFAULT_HTTP_ENDPOINT_BASE\n): string {\n return `${normalizeEndpointBase(endpointBase)}${COMMAND_PATHS[command]}`;\n}\n\nexport function commandPathFromInspect(document: InspectDocument, command: AepHttpCommand): string {\n return commandPath(command, document.http.endpoint_base);\n}\n","import { AEP_BINDINGS, AEP_COMMANDS } from \"./constants.js\";\nimport { AepValidationError } from \"./errors.js\";\nimport type { InspectDocument, ValidationIssue, ValidationResult } from \"./types.js\";\n\nconst VERSION_PATTERN = /^[0-9]+\\.[0-9]+$/;\nconst ENDPOINT_BASE_PATTERN = /^\\//;\nconst DID_PATTERN = /^did:/;\nconst IDENTITY_METHOD_PATTERN = /^[a-z0-9]+(?::[a-z0-9]+)*(?:-[a-z0-9]+)*$/;\n\nconst COMMANDS = new Set<string>(AEP_COMMANDS);\nconst BINDINGS = new Set<string>(AEP_BINDINGS);\n\nexport function validateInspectDocument(value: unknown): ValidationResult<InspectDocument> {\n const issues: ValidationIssue[] = [];\n\n if (!isRecord(value)) {\n return {\n ok: false,\n issues: [{ path: \"$\", message: \"Expected an object.\" }]\n };\n }\n\n requireString(value, \"aep_version\", issues, VERSION_PATTERN);\n validateBindings(value[\"bindings\"], issues);\n validateClaims(value[\"claims\"], issues);\n validateCommands(value[\"commands\"], issues);\n validateCore(value[\"core\"], issues);\n validateExtensions(value[\"extensions\"], issues);\n validateHttp(value[\"http\"], issues);\n validateIdentity(value[\"identity\"], issues);\n validateService(value[\"service\"], issues);\n\n if (issues.length > 0) {\n return { ok: false, issues };\n }\n\n return { ok: true, value: value as InspectDocument, issues: [] };\n}\n\nexport function isInspectDocument(value: unknown): value is InspectDocument {\n return validateInspectDocument(value).ok;\n}\n\nexport function parseInspectDocument(value: unknown): InspectDocument {\n const result = validateInspectDocument(value);\n\n if (result.ok) {\n return result.value;\n }\n\n throw new AepValidationError(\"Invalid AEP Inspect document.\", result.issues);\n}\n\nfunction validateBindings(value: unknown, issues: ValidationIssue[]): void {\n if (!requireRecord(value, \"bindings\", issues)) {\n return;\n }\n\n requireStringArray(value[\"supported\"], \"$.bindings.supported\", issues, {\n minItems: 1,\n allowedValues: BINDINGS\n });\n}\n\nfunction validateClaims(value: unknown, issues: ValidationIssue[]): void {\n if (value === undefined) {\n return;\n }\n\n if (!requireRecord(value, \"claims\", issues)) {\n return;\n }\n\n optionalStringArray(value[\"required\"], \"$.claims.required\", issues);\n optionalStringArray(value[\"preferred\"], \"$.claims.preferred\", issues);\n optionalStringArray(value[\"optional\"], \"$.claims.optional\", issues);\n}\n\nfunction validateCommands(value: unknown, issues: ValidationIssue[]): void {\n if (!requireRecord(value, \"commands\", issues)) {\n return;\n }\n\n requireStringArray(value[\"supported\"], \"$.commands.supported\", issues, {\n minItems: 1,\n allowedValues: COMMANDS\n });\n optionalStringArray(value[\"grant_types\"], \"$.commands.grant_types\", issues);\n}\n\nfunction validateCore(value: unknown, issues: ValidationIssue[]): void {\n if (!requireRecord(value, \"core\", issues)) {\n return;\n }\n\n if (value[\"signing_algorithms\"] !== undefined) {\n requireStringArray(value[\"signing_algorithms\"], \"$.core.signing_algorithms\", issues, {\n minItems: 1\n });\n }\n}\n\nfunction validateExtensions(value: unknown, issues: ValidationIssue[]): void {\n if (value === undefined) {\n return;\n }\n\n if (!requireRecord(value, \"extensions\", issues)) {\n return;\n }\n\n optionalStringArray(value[\"supported\"], \"$.extensions.supported\", issues);\n}\n\nfunction validateHttp(value: unknown, issues: ValidationIssue[]): void {\n if (!requireRecord(value, \"http\", issues)) {\n return;\n }\n\n requireString(value, \"endpoint_base\", issues, ENDPOINT_BASE_PATTERN, \"$.http.endpoint_base\");\n}\n\nfunction validateIdentity(value: unknown, issues: ValidationIssue[]): void {\n if (!requireRecord(value, \"identity\", issues)) {\n return;\n }\n\n requireStringArray(value[\"methods\"], \"$.identity.methods\", issues, {\n minItems: 1,\n itemPattern: IDENTITY_METHOD_PATTERN\n });\n}\n\nfunction validateService(value: unknown, issues: ValidationIssue[]): void {\n if (!requireRecord(value, \"service\", issues)) {\n return;\n }\n\n requireString(value, \"did\", issues, DID_PATTERN, \"$.service.did\");\n}\n\nfunction requireRecord(\n value: unknown,\n field: string,\n issues: ValidationIssue[]\n): value is Record<string, unknown> {\n if (!isRecord(value)) {\n issues.push({\n path: `$.${field}`,\n message: \"Expected an object.\"\n });\n return false;\n }\n\n return true;\n}\n\nfunction requireString(\n record: Record<string, unknown>,\n field: string,\n issues: ValidationIssue[],\n pattern?: RegExp,\n path = `$.${field}`\n): void {\n const value = record[field];\n\n if (typeof value !== \"string\") {\n issues.push({ path, message: \"Expected a string.\" });\n return;\n }\n\n if (pattern && !pattern.test(value)) {\n issues.push({ path, message: `Expected string to match ${pattern.source}.` });\n }\n}\n\nfunction optionalStringArray(\n value: unknown,\n path: string,\n issues: ValidationIssue[],\n options: StringArrayOptions = {}\n): void {\n if (value === undefined) {\n return;\n }\n\n requireStringArray(value, path, issues, options);\n}\n\ninterface StringArrayOptions {\n minItems?: number;\n allowedValues?: ReadonlySet<string>;\n itemPattern?: RegExp;\n}\n\nfunction requireStringArray(\n value: unknown,\n path: string,\n issues: ValidationIssue[],\n options: StringArrayOptions = {}\n): void {\n if (!Array.isArray(value)) {\n issues.push({ path, message: \"Expected an array.\" });\n return;\n }\n\n if (options.minItems !== undefined && value.length < options.minItems) {\n issues.push({ path, message: `Expected at least ${options.minItems} item(s).` });\n }\n\n value.forEach((item, index) => {\n const itemPath = `${path}[${index}]`;\n\n if (typeof item !== \"string\") {\n issues.push({ path: itemPath, message: \"Expected a string.\" });\n return;\n }\n\n if (options.allowedValues && !options.allowedValues.has(item)) {\n issues.push({ path: itemPath, message: \"Expected a registered AEP value.\" });\n }\n\n if (options.itemPattern && !options.itemPattern.test(item)) {\n issues.push({\n path: itemPath,\n message: `Expected string to match ${options.itemPattern.source}.`\n });\n }\n });\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return typeof value === \"object\" && value !== null && !Array.isArray(value);\n}\n","import { SignJWT, importJWK, importPKCS8, importSPKI, importX509, jwtVerify } from \"jose\";\nimport type {\n CryptoKey,\n FlattenedJWSInput,\n JWK,\n JWTHeaderParameters,\n JWTVerifyOptions,\n KeyObject\n} from \"jose\";\n\nimport { parseClientAssertionClaims } from \"./protocol.js\";\nimport type { AepClientAssertionClaims, AepSigningAlgorithm } from \"./types.js\";\n\nexport type AepJoseKey = CryptoKey | JWK | KeyObject | Uint8Array;\n\nexport type AepPemKeyFormat = \"pkcs8\" | \"spki\" | \"x509\";\n\nexport interface AepPemKey {\n format: AepPemKeyFormat;\n pem: string;\n}\n\nexport type AepImportableJoseKey = AepJoseKey | AepPemKey;\n\nexport type AepJwtVerifyKeyResolver = (\n protectedHeader: JWTHeaderParameters,\n token: FlattenedJWSInput\n) => AepImportableJoseKey | Promise<AepImportableJoseKey>;\n\nexport interface SignClientAssertionJwtOptions {\n alg: AepSigningAlgorithm;\n key: AepImportableJoseKey;\n kid?: string;\n typ?: string;\n}\n\nexport interface VerifyClientAssertionJwtOptions {\n algorithms?: AepSigningAlgorithm[];\n audience?: string;\n clockTolerance?: JWTVerifyOptions[\"clockTolerance\"];\n currentDate?: Date;\n issuer?: string;\n key: AepImportableJoseKey | AepJwtVerifyKeyResolver;\n subject?: string;\n}\n\nexport interface DecodedJwtParts {\n header: Record<string, unknown>;\n payload: Record<string, unknown>;\n}\n\nexport async function signClientAssertionJwt(\n claims: AepClientAssertionClaims,\n options: SignClientAssertionJwtOptions\n): Promise<string> {\n const parsed = parseClientAssertionClaims(claims);\n const key = await importJoseKey(options.key, options.alg);\n\n return new SignJWT(parsed)\n .setProtectedHeader({\n alg: options.alg,\n ...(options.kid === undefined ? {} : { kid: options.kid }),\n typ: options.typ ?? \"JWT\"\n })\n .sign(key);\n}\n\nexport async function verifyClientAssertionJwt(\n clientAssertion: string,\n options: VerifyClientAssertionJwtOptions\n): Promise<AepClientAssertionClaims> {\n const verifyOptions = {\n ...(options.algorithms === undefined ? {} : { algorithms: options.algorithms }),\n ...(options.audience === undefined ? {} : { audience: options.audience }),\n ...(options.clockTolerance === undefined ? {} : { clockTolerance: options.clockTolerance }),\n ...(options.currentDate === undefined ? {} : { currentDate: options.currentDate }),\n ...(options.issuer === undefined ? {} : { issuer: options.issuer }),\n ...(options.subject === undefined ? {} : { subject: options.subject })\n } satisfies JWTVerifyOptions;\n let result;\n\n if (typeof options.key === \"function\") {\n const resolveKey: AepJwtVerifyKeyResolver = options.key;\n\n result = await jwtVerify<AepClientAssertionClaims>(\n clientAssertion,\n async (protectedHeader: JWTHeaderParameters, token: FlattenedJWSInput) =>\n importJoseKey(await resolveKey(protectedHeader, token), protectedHeader.alg),\n verifyOptions\n );\n } else {\n result = await jwtVerify<AepClientAssertionClaims>(\n clientAssertion,\n await importJoseKey(options.key, options.algorithms?.[0]),\n verifyOptions\n );\n }\n\n return parseClientAssertionClaims(result.payload);\n}\n\nexport async function importJoseKey(key: AepImportableJoseKey, alg?: string): Promise<AepJoseKey> {\n if (!isPemKey(key)) {\n return key;\n }\n\n if (alg === undefined) {\n throw new TypeError(\"AEP JOSE PEM key import requires an algorithm.\");\n }\n\n if (key.format === \"pkcs8\") {\n return importPKCS8(key.pem, alg);\n }\n\n if (key.format === \"spki\") {\n return importSPKI(key.pem, alg);\n }\n\n return importX509(key.pem, alg);\n}\n\nexport async function importJwkJoseKey(jwk: JWK, alg?: string): Promise<AepJoseKey> {\n return importJWK(jwk, alg);\n}\n\nexport function decodeJwtUnverified(token: string): DecodedJwtParts {\n const [encodedHeader, encodedPayload] = token.split(\".\");\n\n if (encodedHeader === undefined || encodedPayload === undefined) {\n throw new Error(\"Invalid JWT.\");\n }\n\n return {\n header: parseBase64UrlJson(encodedHeader),\n payload: parseBase64UrlJson(encodedPayload)\n };\n}\n\nfunction isPemKey(key: AepImportableJoseKey): key is AepPemKey {\n return typeof key === \"object\" && \"pem\" in key && typeof key.pem === \"string\" && \"format\" in key;\n}\n\nfunction parseBase64UrlJson(encoded: string): Record<string, unknown> {\n const parsed: unknown = JSON.parse(Buffer.from(encoded, \"base64url\").toString(\"utf8\"));\n\n if (!isRecord(parsed)) {\n throw new Error(\"Expected JWT part to decode to an object.\");\n }\n\n return parsed;\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return typeof value === \"object\" && value !== null && !Array.isArray(value);\n}\n","import {\n AEP_AUTHENTICATED_COMMANDS,\n AEP_GRANT_TYPE_API_KEY,\n AEP_GRANT_TYPE_BASIC,\n AEP_GRANT_TYPE_OAUTH_BEARER\n} from \"./constants.js\";\nimport { AepValidationError } from \"./errors.js\";\nimport type {\n AepBuiltInGrantResponse,\n AepClientAssertionClaims,\n AepProblemDetails,\n ApiKeyGrantResponse,\n BasicGrantResponse,\n EnrollRequest,\n EnrollResponse,\n GrantRequest,\n OAuthBearerGrantResponse,\n RevokeRequest,\n RevokeResponse,\n StatusResponse,\n ValidationIssue,\n ValidationResult\n} from \"./types.js\";\n\nconst AUTHENTICATED_COMMANDS = new Set<string>(AEP_AUTHENTICATED_COMMANDS);\nconst ENROLLMENT_STATUSES = new Set<string>([\"active\", \"pending\", \"rejected\"]);\nconst AGENT_STATUSES = new Set<string>([\n \"active\",\n \"pending\",\n \"rejected\",\n \"suspended\",\n \"terminated\",\n \"unavailable\"\n]);\nconst OWNER_ACTION_REQUIRED_VALUES = new Set<string>([\"true\", \"false\"]);\nconst PROBLEM_TYPE_PATTERN = /^urn:aep:error:/;\n\nexport function validateEnrollRequest(value: unknown): ValidationResult<EnrollRequest> {\n if (!isRecord(value)) {\n return invalidRoot();\n }\n\n const issues: ValidationIssue[] = [];\n requireString(value, \"agent_did\", issues, { minLength: 1 });\n optionalRecord(value[\"claims\"], \"$.claims\", issues);\n requireString(value, \"idempotency_key\", issues, { minLength: 1 });\n return result(value as EnrollRequest, issues);\n}\n\nexport function parseEnrollRequest(value: unknown): EnrollRequest {\n return parseWith(validateEnrollRequest(value), \"Invalid AEP Enroll request.\");\n}\n\nexport function validateEnrollResponse(value: unknown): ValidationResult<EnrollResponse> {\n if (!isRecord(value)) {\n return invalidRoot();\n }\n\n const issues: ValidationIssue[] = [];\n requireString(value, \"status\", issues, {\n allowedValues: ENROLLMENT_STATUSES\n });\n optionalString(value[\"owner_action_required\"], \"$.owner_action_required\", issues, {\n allowedValues: OWNER_ACTION_REQUIRED_VALUES\n });\n optionalStringArray(value[\"requirements_pending\"], \"$.requirements_pending\", issues);\n return result(value as EnrollResponse, issues);\n}\n\nexport function parseEnrollResponse(value: unknown): EnrollResponse {\n return parseWith(validateEnrollResponse(value), \"Invalid AEP Enroll response.\");\n}\n\nexport function validateStatusResponse(value: unknown): ValidationResult<StatusResponse> {\n if (!isRecord(value)) {\n return invalidRoot();\n }\n\n const issues: ValidationIssue[] = [];\n requireString(value, \"status\", issues, { allowedValues: AGENT_STATUSES });\n optionalString(value[\"owner_action_required\"], \"$.owner_action_required\", issues, {\n allowedValues: OWNER_ACTION_REQUIRED_VALUES\n });\n optionalStringArray(value[\"requirements_pending\"], \"$.requirements_pending\", issues);\n optionalString(value[\"since\"], \"$.since\", issues);\n return result(value as StatusResponse, issues);\n}\n\nexport function parseStatusResponse(value: unknown): StatusResponse {\n return parseWith(validateStatusResponse(value), \"Invalid AEP Status response.\");\n}\n\nexport function validateGrantRequest(value: unknown): ValidationResult<GrantRequest> {\n if (!isRecord(value)) {\n return invalidRoot();\n }\n\n const issues: ValidationIssue[] = [];\n requireString(value, \"grant_type\", issues, { minLength: 1 });\n optionalStringArray(value[\"requested_scopes\"], \"$.requested_scopes\", issues);\n return result(value as GrantRequest, issues);\n}\n\nexport function parseGrantRequest(value: unknown): GrantRequest {\n return parseWith(validateGrantRequest(value), \"Invalid AEP Grant request.\");\n}\n\nexport function validateRevokeRequest(value: unknown): ValidationResult<RevokeRequest> {\n if (!isRecord(value)) {\n return invalidRoot();\n }\n\n const issues: ValidationIssue[] = [];\n optionalString(value[\"grant_type\"], \"$.grant_type\", issues, { minLength: 1 });\n optionalString(value[\"credential_id\"], \"$.credential_id\", issues, { minLength: 1 });\n optionalString(value[\"all_grant_types\"], \"$.all_grant_types\", issues, {\n allowedValues: new Set([\"true\"])\n });\n\n const selectors = [value[\"grant_type\"], value[\"credential_id\"], value[\"all_grant_types\"]].filter(\n (selector) => selector !== undefined\n );\n\n if (selectors.length === 0) {\n issues.push({\n path: \"$\",\n message: \"Expected one of grant_type, credential_id, or all_grant_types.\"\n });\n }\n\n if (selectors.length > 1) {\n issues.push({\n path: \"$\",\n message: \"Expected exactly one of grant_type, credential_id, or all_grant_types.\"\n });\n }\n\n return result(value as RevokeRequest, issues);\n}\n\nexport function parseRevokeRequest(value: unknown): RevokeRequest {\n return parseWith(validateRevokeRequest(value), \"Invalid AEP Revoke request.\");\n}\n\nexport function validateRevokeResponse(value: unknown): ValidationResult<RevokeResponse> {\n if (!isRecord(value)) {\n return invalidRoot();\n }\n\n const issues: ValidationIssue[] = [];\n if (Object.keys(value).length > 0) {\n issues.push({ path: \"$\", message: \"Expected an empty object.\" });\n }\n\n return result(value as RevokeResponse, issues);\n}\n\nexport function parseRevokeResponse(value: unknown): RevokeResponse {\n return parseWith(validateRevokeResponse(value), \"Invalid AEP Revoke response.\");\n}\n\nexport function validateClientAssertionClaims(\n value: unknown\n): ValidationResult<AepClientAssertionClaims> {\n if (!isRecord(value)) {\n return invalidRoot();\n }\n\n const issues: ValidationIssue[] = [];\n requireString(value, \"iss\", issues, { minLength: 1 });\n requireString(value, \"sub\", issues, { minLength: 1 });\n requireString(value, \"aud\", issues, { minLength: 1 });\n requireString(value, \"op\", issues, { allowedValues: AUTHENTICATED_COMMANDS });\n requireInteger(value[\"iat\"], \"$.iat\", issues);\n requireInteger(value[\"exp\"], \"$.exp\", issues);\n requireString(value, \"jti\", issues, { minLength: 1 });\n return result(value as AepClientAssertionClaims, issues);\n}\n\nexport function parseClientAssertionClaims(value: unknown): AepClientAssertionClaims {\n return parseWith(validateClientAssertionClaims(value), \"Invalid AEP client assertion claims.\");\n}\n\nexport function validateProblemDetails(value: unknown): ValidationResult<AepProblemDetails> {\n if (!isRecord(value)) {\n return invalidRoot();\n }\n\n const issues: ValidationIssue[] = [];\n requireString(value, \"type\", issues, { pattern: PROBLEM_TYPE_PATTERN });\n requireString(value, \"title\", issues, { minLength: 1 });\n requireInteger(value[\"status\"], \"$.status\", issues);\n requireString(value, \"code\", issues, { minLength: 1 });\n optionalString(value[\"detail\"], \"$.detail\", issues);\n optionalString(value[\"instance\"], \"$.instance\", issues);\n return result(value as AepProblemDetails, issues);\n}\n\nexport function parseProblemDetails(value: unknown): AepProblemDetails {\n return parseWith(validateProblemDetails(value), \"Invalid AEP Problem Details.\");\n}\n\nexport function validateOAuthBearerGrantResponse(\n value: unknown\n): ValidationResult<OAuthBearerGrantResponse> {\n if (!isRecord(value)) {\n return invalidRoot();\n }\n\n const issues: ValidationIssue[] = [];\n requireString(value, \"access_token\", issues, { minLength: 1 });\n requireString(value, \"credential_id\", issues, { minLength: 1 });\n requireString(value, \"expires_at\", issues, { minLength: 1 });\n requireStringArray(value[\"scopes\"], \"$.scopes\", issues);\n requireString(value, \"token_type\", issues, { allowedValues: new Set([\"Bearer\"]) });\n return result(value as OAuthBearerGrantResponse, issues);\n}\n\nexport function validateApiKeyGrantResponse(value: unknown): ValidationResult<ApiKeyGrantResponse> {\n if (!isRecord(value)) {\n return invalidRoot();\n }\n\n const issues: ValidationIssue[] = [];\n requireString(value, \"api_key\", issues, { minLength: 1 });\n requireString(value, \"credential_id\", issues, { minLength: 1 });\n requireString(value, \"expires_at\", issues, { minLength: 1 });\n requireString(value, \"header\", issues, { minLength: 1 });\n requireStringArray(value[\"scopes\"], \"$.scopes\", issues);\n return result(value as ApiKeyGrantResponse, issues);\n}\n\nexport function validateBasicGrantResponse(value: unknown): ValidationResult<BasicGrantResponse> {\n if (!isRecord(value)) {\n return invalidRoot();\n }\n\n const issues: ValidationIssue[] = [];\n requireString(value, \"credential_id\", issues, { minLength: 1 });\n requireString(value, \"expires_at\", issues, { minLength: 1 });\n requireString(value, \"password\", issues, { minLength: 1 });\n optionalString(value[\"realm\"], \"$.realm\", issues, { minLength: 1 });\n requireStringArray(value[\"scopes\"], \"$.scopes\", issues);\n requireString(value, \"username\", issues, { minLength: 1 });\n return result(value as BasicGrantResponse, issues);\n}\n\nexport function validateBuiltInGrantResponse(\n grantType: string,\n value: unknown\n): ValidationResult<AepBuiltInGrantResponse> {\n if (grantType === AEP_GRANT_TYPE_OAUTH_BEARER) {\n return validateOAuthBearerGrantResponse(value);\n }\n\n if (grantType === AEP_GRANT_TYPE_API_KEY) {\n return validateApiKeyGrantResponse(value);\n }\n\n if (grantType === AEP_GRANT_TYPE_BASIC) {\n return validateBasicGrantResponse(value);\n }\n\n return {\n ok: false,\n issues: [{ path: \"$.grant_type\", message: \"Expected a built-in AEP grant type.\" }]\n };\n}\n\nexport function parseBuiltInGrantResponse(\n grantType: string,\n value: unknown\n): AepBuiltInGrantResponse {\n return parseWith(validateBuiltInGrantResponse(grantType, value), \"Invalid AEP Grant response.\");\n}\n\nfunction parseWith<T>(validation: ValidationResult<T>, message: string): T {\n if (validation.ok) {\n return validation.value;\n }\n\n throw new AepValidationError(message, validation.issues);\n}\n\nfunction invalidRoot<T>(): ValidationResult<T> {\n return {\n ok: false,\n issues: [{ path: \"$\", message: \"Expected an object.\" }]\n };\n}\n\nfunction result<T>(value: T, issues: ValidationIssue[]): ValidationResult<T> {\n if (issues.length > 0) {\n return { ok: false, issues };\n }\n\n return { ok: true, issues: [], value };\n}\n\ninterface StringOptions {\n allowedValues?: ReadonlySet<string>;\n minLength?: number;\n pattern?: RegExp;\n}\n\nfunction requireString(\n record: Record<string, unknown>,\n field: string,\n issues: ValidationIssue[],\n options: StringOptions = {}\n): void {\n validateString(record[field], `$.${field}`, issues, options);\n}\n\nfunction optionalString(\n value: unknown,\n path: string,\n issues: ValidationIssue[],\n options: StringOptions = {}\n): void {\n if (value === undefined) {\n return;\n }\n\n validateString(value, path, issues, options);\n}\n\nfunction validateString(\n value: unknown,\n path: string,\n issues: ValidationIssue[],\n options: StringOptions\n): void {\n if (typeof value !== \"string\") {\n issues.push({ path, message: \"Expected a string.\" });\n return;\n }\n\n if (options.minLength !== undefined && value.length < options.minLength) {\n issues.push({ path, message: `Expected at least ${options.minLength} character(s).` });\n }\n\n if (options.allowedValues !== undefined && !options.allowedValues.has(value)) {\n issues.push({ path, message: \"Expected a registered AEP value.\" });\n }\n\n if (options.pattern !== undefined && !options.pattern.test(value)) {\n issues.push({ path, message: `Expected string to match ${options.pattern.source}.` });\n }\n}\n\nfunction optionalRecord(value: unknown, path: string, issues: ValidationIssue[]): void {\n if (value === undefined) {\n return;\n }\n\n if (!isRecord(value)) {\n issues.push({ path, message: \"Expected an object.\" });\n }\n}\n\nfunction requireInteger(value: unknown, path: string, issues: ValidationIssue[]): void {\n if (!Number.isInteger(value)) {\n issues.push({ path, message: \"Expected an integer.\" });\n }\n}\n\nfunction optionalStringArray(value: unknown, path: string, issues: ValidationIssue[]): void {\n if (value === undefined) {\n return;\n }\n\n requireStringArray(value, path, issues);\n}\n\nfunction requireStringArray(value: unknown, path: string, issues: ValidationIssue[]): void {\n if (!Array.isArray(value)) {\n issues.push({ path, message: \"Expected an array.\" });\n return;\n }\n\n value.forEach((item, index) => {\n if (typeof item !== \"string\") {\n issues.push({ path: `${path}[${index}]`, message: \"Expected a string.\" });\n }\n });\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return typeof value === \"object\" && value !== null && !Array.isArray(value);\n}\n","export const inspectDocumentSchema = {\n $schema: \"https://json-schema.org/draft/2020-12/schema\",\n $id: \"https://www.aep.foundation/schemas/inspect-document.schema.json\",\n title: \"AEP Inspect Document\",\n type: \"object\",\n required: [\"aep_version\", \"bindings\", \"commands\", \"core\", \"http\", \"identity\", \"service\"],\n additionalProperties: true,\n properties: {\n aep_version: {\n type: \"string\",\n pattern: \"^[0-9]+\\\\.[0-9]+$\"\n },\n bindings: {\n type: \"object\",\n required: [\"supported\"],\n additionalProperties: true,\n properties: {\n supported: {\n type: \"array\",\n minItems: 1,\n items: {\n type: \"string\",\n enum: [\"http\"]\n }\n }\n }\n },\n claims: {\n type: \"object\",\n additionalProperties: true,\n properties: {\n required: {\n type: \"array\",\n items: {\n type: \"string\"\n }\n },\n preferred: {\n type: \"array\",\n items: {\n type: \"string\"\n }\n },\n optional: {\n type: \"array\",\n items: {\n type: \"string\"\n }\n }\n }\n },\n commands: {\n type: \"object\",\n required: [\"supported\"],\n additionalProperties: true,\n properties: {\n supported: {\n type: \"array\",\n minItems: 1,\n items: {\n type: \"string\",\n enum: [\"inspect\", \"enroll\", \"grant\", \"revoke\", \"status\"]\n }\n },\n grant_types: {\n type: \"array\",\n items: {\n type: \"string\"\n }\n }\n }\n },\n core: {\n type: \"object\",\n additionalProperties: true,\n properties: {\n signing_algorithms: {\n type: \"array\",\n minItems: 1,\n items: {\n type: \"string\"\n }\n }\n }\n },\n extensions: {\n type: \"object\",\n additionalProperties: true,\n properties: {\n supported: {\n type: \"array\",\n items: {\n type: \"string\"\n }\n }\n }\n },\n http: {\n type: \"object\",\n required: [\"endpoint_base\"],\n additionalProperties: true,\n properties: {\n endpoint_base: {\n type: \"string\",\n pattern: \"^/\"\n }\n }\n },\n identity: {\n type: \"object\",\n required: [\"methods\"],\n additionalProperties: true,\n properties: {\n methods: {\n type: \"array\",\n minItems: 1,\n items: {\n type: \"string\",\n pattern: \"^[a-z0-9]+(?::[a-z0-9]+)*(?:-[a-z0-9]+)*$\"\n }\n }\n }\n },\n service: {\n type: \"object\",\n required: [\"did\"],\n additionalProperties: true,\n properties: {\n did: {\n type: \"string\",\n pattern: \"^did:\"\n }\n }\n }\n }\n} as const;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAO,IAAM,cAAc;AAEpB,IAAM,iBAAiB;AACvB,IAAM,yBAAyB;AAC/B,IAAM,kBAAkB;AACxB,IAAM,sBAAsB;AAC5B,IAAM,6BAA6B;AAEnC,IAAM,eAAe,CAAC,WAAW,UAAU,SAAS,UAAU,QAAQ;AACtE,IAAM,6BAA6B,CAAC,UAAU,SAAS,UAAU,QAAQ;AAEzE,IAAM,eAAe,CAAC,MAAM;AAC5B,IAAM,yBAAyB,CAAC,SAAS,OAAO;AAEhD,IAAM,8BAA8B;AAEpC,IAAM,8BAA8B;AACpC,IAAM,yBAAyB;AAC/B,IAAM,uBAAuB;AAE7B,IAAM,2BAA2B;AAAA,EACtC;AAAA,EACA;AAAA,EACA;AACF;;;ACdO,SAAS,kBAAkB,KAAkB;AAClD,QAAM,SAAS;AAEf,MAAI,CAAC,IAAI,WAAW,MAAM,GAAG;AAC3B,UAAM,IAAI,MAAM,2BAA2B,GAAG,EAAE;AAAA,EAClD;AAEA,QAAM,CAAC,aAAa,GAAG,SAAS,IAAI,IAAI,MAAM,OAAO,MAAM,EAAE,MAAM,GAAG;AAEtE,MAAI,gBAAgB,UAAa,YAAY,WAAW,GAAG;AACzD,UAAM,IAAI,MAAM,+BAA+B,GAAG,EAAE;AAAA,EACtD;AAEA,QAAM,WAAW,mBAAmB,WAAW;AAC/C,QAAM,WACJ,SAAS,WAAW,WAAW,KAAK,SAAS,WAAW,WAAW,IAAI,SAAS;AAClF,QAAM,eACJ,UAAU,WAAW,IACjB,0BACA,IAAI,UAAU,IAAI,kBAAkB,EAAE,KAAK,GAAG,CAAC;AAErD,SAAO,IAAI,IAAI,GAAG,QAAQ,MAAM,QAAQ,GAAG,YAAY,EAAE;AAC3D;AAEA,eAAsB,uBACpB,SAC+B;AAC/B,QAAM,YAAY,QAAQ,SAAS,WAAW;AAE9C,MAAI,OAAO,cAAc,YAAY;AACnC,UAAM,IAAI,UAAU,yDAAyD;AAAA,EAC/E;AAEA,QAAM,WAAW,MAAM,UAAU,kBAAkB,QAAQ,GAAG,GAAG,SAAS;AAC1E,QAAM,UAAU,WAAW,UAAU,oBAAoB,EAAE,OAAO,QAAQ;AAC1E,QAAM,SACJ,QAAQ,QAAQ,SACZ,QAAQ,KAAK,CAAC,cAAc,SAAS,UAAU,cAAc,CAAC,CAAC,IAC/D,QAAQ;AAAA,IACN,CAAC,cAAc,UAAU,IAAI,MAAM,QAAQ,OAAO,SAAS,UAAU,cAAc,CAAC;AAAA,EACtF;AAEN,MAAI,WAAW,UAAa,CAAC,SAAS,OAAO,cAAc,CAAC,GAAG;AAC7D,UAAM,IAAI,MAAM,2BAA2B,QAAQ,OAAO,QAAQ,GAAG,GAAG;AAAA,EAC1E;AAEA,SAAO,OAAO,cAAc;AAC9B;AAEA,eAAe,UAAU,KAAU,WAA8C;AAC/E,QAAM,WAAW,MAAM,UAAU,GAAG;AAEpC,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,IAAI,MAAM,mBAAmB,IAAI,SAAS,CAAC,KAAK,SAAS,MAAM,EAAE;AAAA,EACzE;AAEA,SAAO,SAAS,KAAK;AACvB;AAEA,SAAS,WAAW,OAAgB,OAA0B;AAC5D,MAAI,CAAC,SAAS,KAAK,GAAG;AACpB,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,aAAa,MAAM,KAAK;AAC9B,SAAO,MAAM,QAAQ,UAAU,IAAI,aAAa,CAAC;AACnD;AAEA,SAAS,SAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAC5E;;;ACzEO,IAAM,qBAAN,cAAiC,MAAM;AAAA,EACnC;AAAA,EAET,YAAY,SAAiB,QAA2B;AACtD,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AAAA,EAChB;AACF;AAEO,SAAS,qBAAqB,OAOf;AACpB,QAAM,UAA6B;AAAA,IACjC,MAAM,MAAM,QAAQ,iBAAiB,MAAM,IAAI;AAAA,IAC/C,OAAO,MAAM;AAAA,IACb,QAAQ,MAAM;AAAA,IACd,MAAM,MAAM;AAAA,EACd;AAEA,MAAI,MAAM,WAAW,QAAW;AAC9B,YAAQ,SAAS,MAAM;AAAA,EACzB;AAEA,MAAI,MAAM,aAAa,QAAW;AAChC,YAAQ,WAAW,MAAM;AAAA,EAC3B;AAEA,SAAO;AACT;;;ACpCA,IAAM,gBAAgD;AAAA,EACpD,QAAQ;AAAA,EACR,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,QAAQ;AACV;AAEO,SAAS,sBAAsB,eAAe,4BAAoC;AACvF,MAAI,CAAC,aAAa,WAAW,GAAG,GAAG;AACjC,UAAM,IAAI,UAAU,wCAAwC;AAAA,EAC9D;AAEA,SAAO,aAAa,SAAS,GAAG,IAAI,eAAe,GAAG,YAAY;AACpE;AAEO,SAAS,YACd,SACA,eAAe,4BACP;AACR,SAAO,GAAG,sBAAsB,YAAY,CAAC,GAAG,cAAc,OAAO,CAAC;AACxE;AAEO,SAAS,uBAAuB,UAA2B,SAAiC;AACjG,SAAO,YAAY,SAAS,SAAS,KAAK,aAAa;AACzD;;;ACzBA,IAAM,kBAAkB;AACxB,IAAM,wBAAwB;AAC9B,IAAM,cAAc;AACpB,IAAM,0BAA0B;AAEhC,IAAM,WAAW,IAAI,IAAY,YAAY;AAC7C,IAAM,WAAW,IAAI,IAAY,YAAY;AAEtC,SAAS,wBAAwB,OAAmD;AACzF,QAAM,SAA4B,CAAC;AAEnC,MAAI,CAACA,UAAS,KAAK,GAAG;AACpB,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,QAAQ,CAAC,EAAE,MAAM,KAAK,SAAS,sBAAsB,CAAC;AAAA,IACxD;AAAA,EACF;AAEA,gBAAc,OAAO,eAAe,QAAQ,eAAe;AAC3D,mBAAiB,MAAM,UAAU,GAAG,MAAM;AAC1C,iBAAe,MAAM,QAAQ,GAAG,MAAM;AACtC,mBAAiB,MAAM,UAAU,GAAG,MAAM;AAC1C,eAAa,MAAM,MAAM,GAAG,MAAM;AAClC,qBAAmB,MAAM,YAAY,GAAG,MAAM;AAC9C,eAAa,MAAM,MAAM,GAAG,MAAM;AAClC,mBAAiB,MAAM,UAAU,GAAG,MAAM;AAC1C,kBAAgB,MAAM,SAAS,GAAG,MAAM;AAExC,MAAI,OAAO,SAAS,GAAG;AACrB,WAAO,EAAE,IAAI,OAAO,OAAO;AAAA,EAC7B;AAEA,SAAO,EAAE,IAAI,MAAM,OAAiC,QAAQ,CAAC,EAAE;AACjE;AAEO,SAAS,kBAAkB,OAA0C;AAC1E,SAAO,wBAAwB,KAAK,EAAE;AACxC;AAEO,SAAS,qBAAqB,OAAiC;AACpE,QAAMC,UAAS,wBAAwB,KAAK;AAE5C,MAAIA,QAAO,IAAI;AACb,WAAOA,QAAO;AAAA,EAChB;AAEA,QAAM,IAAI,mBAAmB,iCAAiCA,QAAO,MAAM;AAC7E;AAEA,SAAS,iBAAiB,OAAgB,QAAiC;AACzE,MAAI,CAAC,cAAc,OAAO,YAAY,MAAM,GAAG;AAC7C;AAAA,EACF;AAEA,qBAAmB,MAAM,WAAW,GAAG,wBAAwB,QAAQ;AAAA,IACrE,UAAU;AAAA,IACV,eAAe;AAAA,EACjB,CAAC;AACH;AAEA,SAAS,eAAe,OAAgB,QAAiC;AACvE,MAAI,UAAU,QAAW;AACvB;AAAA,EACF;AAEA,MAAI,CAAC,cAAc,OAAO,UAAU,MAAM,GAAG;AAC3C;AAAA,EACF;AAEA,sBAAoB,MAAM,UAAU,GAAG,qBAAqB,MAAM;AAClE,sBAAoB,MAAM,WAAW,GAAG,sBAAsB,MAAM;AACpE,sBAAoB,MAAM,UAAU,GAAG,qBAAqB,MAAM;AACpE;AAEA,SAAS,iBAAiB,OAAgB,QAAiC;AACzE,MAAI,CAAC,cAAc,OAAO,YAAY,MAAM,GAAG;AAC7C;AAAA,EACF;AAEA,qBAAmB,MAAM,WAAW,GAAG,wBAAwB,QAAQ;AAAA,IACrE,UAAU;AAAA,IACV,eAAe;AAAA,EACjB,CAAC;AACD,sBAAoB,MAAM,aAAa,GAAG,0BAA0B,MAAM;AAC5E;AAEA,SAAS,aAAa,OAAgB,QAAiC;AACrE,MAAI,CAAC,cAAc,OAAO,QAAQ,MAAM,GAAG;AACzC;AAAA,EACF;AAEA,MAAI,MAAM,oBAAoB,MAAM,QAAW;AAC7C,uBAAmB,MAAM,oBAAoB,GAAG,6BAA6B,QAAQ;AAAA,MACnF,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AACF;AAEA,SAAS,mBAAmB,OAAgB,QAAiC;AAC3E,MAAI,UAAU,QAAW;AACvB;AAAA,EACF;AAEA,MAAI,CAAC,cAAc,OAAO,cAAc,MAAM,GAAG;AAC/C;AAAA,EACF;AAEA,sBAAoB,MAAM,WAAW,GAAG,0BAA0B,MAAM;AAC1E;AAEA,SAAS,aAAa,OAAgB,QAAiC;AACrE,MAAI,CAAC,cAAc,OAAO,QAAQ,MAAM,GAAG;AACzC;AAAA,EACF;AAEA,gBAAc,OAAO,iBAAiB,QAAQ,uBAAuB,sBAAsB;AAC7F;AAEA,SAAS,iBAAiB,OAAgB,QAAiC;AACzE,MAAI,CAAC,cAAc,OAAO,YAAY,MAAM,GAAG;AAC7C;AAAA,EACF;AAEA,qBAAmB,MAAM,SAAS,GAAG,sBAAsB,QAAQ;AAAA,IACjE,UAAU;AAAA,IACV,aAAa;AAAA,EACf,CAAC;AACH;AAEA,SAAS,gBAAgB,OAAgB,QAAiC;AACxE,MAAI,CAAC,cAAc,OAAO,WAAW,MAAM,GAAG;AAC5C;AAAA,EACF;AAEA,gBAAc,OAAO,OAAO,QAAQ,aAAa,eAAe;AAClE;AAEA,SAAS,cACP,OACA,OACA,QACkC;AAClC,MAAI,CAACD,UAAS,KAAK,GAAG;AACpB,WAAO,KAAK;AAAA,MACV,MAAM,KAAK,KAAK;AAAA,MAChB,SAAS;AAAA,IACX,CAAC;AACD,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAEA,SAAS,cACP,QACA,OACA,QACA,SACA,OAAO,KAAK,KAAK,IACX;AACN,QAAM,QAAQ,OAAO,KAAK;AAE1B,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,KAAK,EAAE,MAAM,SAAS,qBAAqB,CAAC;AACnD;AAAA,EACF;AAEA,MAAI,WAAW,CAAC,QAAQ,KAAK,KAAK,GAAG;AACnC,WAAO,KAAK,EAAE,MAAM,SAAS,4BAA4B,QAAQ,MAAM,IAAI,CAAC;AAAA,EAC9E;AACF;AAEA,SAAS,oBACP,OACA,MACA,QACA,UAA8B,CAAC,GACzB;AACN,MAAI,UAAU,QAAW;AACvB;AAAA,EACF;AAEA,qBAAmB,OAAO,MAAM,QAAQ,OAAO;AACjD;AAQA,SAAS,mBACP,OACA,MACA,QACA,UAA8B,CAAC,GACzB;AACN,MAAI,CAAC,MAAM,QAAQ,KAAK,GAAG;AACzB,WAAO,KAAK,EAAE,MAAM,SAAS,qBAAqB,CAAC;AACnD;AAAA,EACF;AAEA,MAAI,QAAQ,aAAa,UAAa,MAAM,SAAS,QAAQ,UAAU;AACrE,WAAO,KAAK,EAAE,MAAM,SAAS,qBAAqB,QAAQ,QAAQ,YAAY,CAAC;AAAA,EACjF;AAEA,QAAM,QAAQ,CAAC,MAAM,UAAU;AAC7B,UAAM,WAAW,GAAG,IAAI,IAAI,KAAK;AAEjC,QAAI,OAAO,SAAS,UAAU;AAC5B,aAAO,KAAK,EAAE,MAAM,UAAU,SAAS,qBAAqB,CAAC;AAC7D;AAAA,IACF;AAEA,QAAI,QAAQ,iBAAiB,CAAC,QAAQ,cAAc,IAAI,IAAI,GAAG;AAC7D,aAAO,KAAK,EAAE,MAAM,UAAU,SAAS,mCAAmC,CAAC;AAAA,IAC7E;AAEA,QAAI,QAAQ,eAAe,CAAC,QAAQ,YAAY,KAAK,IAAI,GAAG;AAC1D,aAAO,KAAK;AAAA,QACV,MAAM;AAAA,QACN,SAAS,4BAA4B,QAAQ,YAAY,MAAM;AAAA,MACjE,CAAC;AAAA,IACH;AAAA,EACF,CAAC;AACH;AAEA,SAASA,UAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAC5E;;;ACzOA,kBAAmF;;;ACwBnF,IAAM,yBAAyB,IAAI,IAAY,0BAA0B;AACzE,IAAM,sBAAsB,oBAAI,IAAY,CAAC,UAAU,WAAW,UAAU,CAAC;AAC7E,IAAM,iBAAiB,oBAAI,IAAY;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AACD,IAAM,+BAA+B,oBAAI,IAAY,CAAC,QAAQ,OAAO,CAAC;AACtE,IAAM,uBAAuB;AAEtB,SAAS,sBAAsB,OAAiD;AACrF,MAAI,CAACE,UAAS,KAAK,GAAG;AACpB,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAA4B,CAAC;AACnC,EAAAC,eAAc,OAAO,aAAa,QAAQ,EAAE,WAAW,EAAE,CAAC;AAC1D,iBAAe,MAAM,QAAQ,GAAG,YAAY,MAAM;AAClD,EAAAA,eAAc,OAAO,mBAAmB,QAAQ,EAAE,WAAW,EAAE,CAAC;AAChE,SAAO,OAAO,OAAwB,MAAM;AAC9C;AAEO,SAAS,mBAAmB,OAA+B;AAChE,SAAO,UAAU,sBAAsB,KAAK,GAAG,6BAA6B;AAC9E;AAEO,SAAS,uBAAuB,OAAkD;AACvF,MAAI,CAACD,UAAS,KAAK,GAAG;AACpB,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAA4B,CAAC;AACnC,EAAAC,eAAc,OAAO,UAAU,QAAQ;AAAA,IACrC,eAAe;AAAA,EACjB,CAAC;AACD,iBAAe,MAAM,uBAAuB,GAAG,2BAA2B,QAAQ;AAAA,IAChF,eAAe;AAAA,EACjB,CAAC;AACD,EAAAC,qBAAoB,MAAM,sBAAsB,GAAG,0BAA0B,MAAM;AACnF,SAAO,OAAO,OAAyB,MAAM;AAC/C;AAEO,SAAS,oBAAoB,OAAgC;AAClE,SAAO,UAAU,uBAAuB,KAAK,GAAG,8BAA8B;AAChF;AAEO,SAAS,uBAAuB,OAAkD;AACvF,MAAI,CAACF,UAAS,KAAK,GAAG;AACpB,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAA4B,CAAC;AACnC,EAAAC,eAAc,OAAO,UAAU,QAAQ,EAAE,eAAe,eAAe,CAAC;AACxE,iBAAe,MAAM,uBAAuB,GAAG,2BAA2B,QAAQ;AAAA,IAChF,eAAe;AAAA,EACjB,CAAC;AACD,EAAAC,qBAAoB,MAAM,sBAAsB,GAAG,0BAA0B,MAAM;AACnF,iBAAe,MAAM,OAAO,GAAG,WAAW,MAAM;AAChD,SAAO,OAAO,OAAyB,MAAM;AAC/C;AAEO,SAAS,oBAAoB,OAAgC;AAClE,SAAO,UAAU,uBAAuB,KAAK,GAAG,8BAA8B;AAChF;AAEO,SAAS,qBAAqB,OAAgD;AACnF,MAAI,CAACF,UAAS,KAAK,GAAG;AACpB,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAA4B,CAAC;AACnC,EAAAC,eAAc,OAAO,cAAc,QAAQ,EAAE,WAAW,EAAE,CAAC;AAC3D,EAAAC,qBAAoB,MAAM,kBAAkB,GAAG,sBAAsB,MAAM;AAC3E,SAAO,OAAO,OAAuB,MAAM;AAC7C;AAEO,SAAS,kBAAkB,OAA8B;AAC9D,SAAO,UAAU,qBAAqB,KAAK,GAAG,4BAA4B;AAC5E;AAEO,SAAS,sBAAsB,OAAiD;AACrF,MAAI,CAACF,UAAS,KAAK,GAAG;AACpB,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAA4B,CAAC;AACnC,iBAAe,MAAM,YAAY,GAAG,gBAAgB,QAAQ,EAAE,WAAW,EAAE,CAAC;AAC5E,iBAAe,MAAM,eAAe,GAAG,mBAAmB,QAAQ,EAAE,WAAW,EAAE,CAAC;AAClF,iBAAe,MAAM,iBAAiB,GAAG,qBAAqB,QAAQ;AAAA,IACpE,eAAe,oBAAI,IAAI,CAAC,MAAM,CAAC;AAAA,EACjC,CAAC;AAED,QAAM,YAAY,CAAC,MAAM,YAAY,GAAG,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,EAAE;AAAA,IACxF,CAAC,aAAa,aAAa;AAAA,EAC7B;AAEA,MAAI,UAAU,WAAW,GAAG;AAC1B,WAAO,KAAK;AAAA,MACV,MAAM;AAAA,MACN,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,MAAI,UAAU,SAAS,GAAG;AACxB,WAAO,KAAK;AAAA,MACV,MAAM;AAAA,MACN,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,SAAO,OAAO,OAAwB,MAAM;AAC9C;AAEO,SAAS,mBAAmB,OAA+B;AAChE,SAAO,UAAU,sBAAsB,KAAK,GAAG,6BAA6B;AAC9E;AAEO,SAAS,uBAAuB,OAAkD;AACvF,MAAI,CAACA,UAAS,KAAK,GAAG;AACpB,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAA4B,CAAC;AACnC,MAAI,OAAO,KAAK,KAAK,EAAE,SAAS,GAAG;AACjC,WAAO,KAAK,EAAE,MAAM,KAAK,SAAS,4BAA4B,CAAC;AAAA,EACjE;AAEA,SAAO,OAAO,OAAyB,MAAM;AAC/C;AAEO,SAAS,oBAAoB,OAAgC;AAClE,SAAO,UAAU,uBAAuB,KAAK,GAAG,8BAA8B;AAChF;AAEO,SAAS,8BACd,OAC4C;AAC5C,MAAI,CAACA,UAAS,KAAK,GAAG;AACpB,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAA4B,CAAC;AACnC,EAAAC,eAAc,OAAO,OAAO,QAAQ,EAAE,WAAW,EAAE,CAAC;AACpD,EAAAA,eAAc,OAAO,OAAO,QAAQ,EAAE,WAAW,EAAE,CAAC;AACpD,EAAAA,eAAc,OAAO,OAAO,QAAQ,EAAE,WAAW,EAAE,CAAC;AACpD,EAAAA,eAAc,OAAO,MAAM,QAAQ,EAAE,eAAe,uBAAuB,CAAC;AAC5E,iBAAe,MAAM,KAAK,GAAG,SAAS,MAAM;AAC5C,iBAAe,MAAM,KAAK,GAAG,SAAS,MAAM;AAC5C,EAAAA,eAAc,OAAO,OAAO,QAAQ,EAAE,WAAW,EAAE,CAAC;AACpD,SAAO,OAAO,OAAmC,MAAM;AACzD;AAEO,SAAS,2BAA2B,OAA0C;AACnF,SAAO,UAAU,8BAA8B,KAAK,GAAG,sCAAsC;AAC/F;AAEO,SAAS,uBAAuB,OAAqD;AAC1F,MAAI,CAACD,UAAS,KAAK,GAAG;AACpB,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAA4B,CAAC;AACnC,EAAAC,eAAc,OAAO,QAAQ,QAAQ,EAAE,SAAS,qBAAqB,CAAC;AACtE,EAAAA,eAAc,OAAO,SAAS,QAAQ,EAAE,WAAW,EAAE,CAAC;AACtD,iBAAe,MAAM,QAAQ,GAAG,YAAY,MAAM;AAClD,EAAAA,eAAc,OAAO,QAAQ,QAAQ,EAAE,WAAW,EAAE,CAAC;AACrD,iBAAe,MAAM,QAAQ,GAAG,YAAY,MAAM;AAClD,iBAAe,MAAM,UAAU,GAAG,cAAc,MAAM;AACtD,SAAO,OAAO,OAA4B,MAAM;AAClD;AAEO,SAAS,oBAAoB,OAAmC;AACrE,SAAO,UAAU,uBAAuB,KAAK,GAAG,8BAA8B;AAChF;AAEO,SAAS,iCACd,OAC4C;AAC5C,MAAI,CAACD,UAAS,KAAK,GAAG;AACpB,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAA4B,CAAC;AACnC,EAAAC,eAAc,OAAO,gBAAgB,QAAQ,EAAE,WAAW,EAAE,CAAC;AAC7D,EAAAA,eAAc,OAAO,iBAAiB,QAAQ,EAAE,WAAW,EAAE,CAAC;AAC9D,EAAAA,eAAc,OAAO,cAAc,QAAQ,EAAE,WAAW,EAAE,CAAC;AAC3D,EAAAE,oBAAmB,MAAM,QAAQ,GAAG,YAAY,MAAM;AACtD,EAAAF,eAAc,OAAO,cAAc,QAAQ,EAAE,eAAe,oBAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;AACjF,SAAO,OAAO,OAAmC,MAAM;AACzD;AAEO,SAAS,4BAA4B,OAAuD;AACjG,MAAI,CAACD,UAAS,KAAK,GAAG;AACpB,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAA4B,CAAC;AACnC,EAAAC,eAAc,OAAO,WAAW,QAAQ,EAAE,WAAW,EAAE,CAAC;AACxD,EAAAA,eAAc,OAAO,iBAAiB,QAAQ,EAAE,WAAW,EAAE,CAAC;AAC9D,EAAAA,eAAc,OAAO,cAAc,QAAQ,EAAE,WAAW,EAAE,CAAC;AAC3D,EAAAA,eAAc,OAAO,UAAU,QAAQ,EAAE,WAAW,EAAE,CAAC;AACvD,EAAAE,oBAAmB,MAAM,QAAQ,GAAG,YAAY,MAAM;AACtD,SAAO,OAAO,OAA8B,MAAM;AACpD;AAEO,SAAS,2BAA2B,OAAsD;AAC/F,MAAI,CAACH,UAAS,KAAK,GAAG;AACpB,WAAO,YAAY;AAAA,EACrB;AAEA,QAAM,SAA4B,CAAC;AACnC,EAAAC,eAAc,OAAO,iBAAiB,QAAQ,EAAE,WAAW,EAAE,CAAC;AAC9D,EAAAA,eAAc,OAAO,cAAc,QAAQ,EAAE,WAAW,EAAE,CAAC;AAC3D,EAAAA,eAAc,OAAO,YAAY,QAAQ,EAAE,WAAW,EAAE,CAAC;AACzD,iBAAe,MAAM,OAAO,GAAG,WAAW,QAAQ,EAAE,WAAW,EAAE,CAAC;AAClE,EAAAE,oBAAmB,MAAM,QAAQ,GAAG,YAAY,MAAM;AACtD,EAAAF,eAAc,OAAO,YAAY,QAAQ,EAAE,WAAW,EAAE,CAAC;AACzD,SAAO,OAAO,OAA6B,MAAM;AACnD;AAEO,SAAS,6BACd,WACA,OAC2C;AAC3C,MAAI,cAAc,6BAA6B;AAC7C,WAAO,iCAAiC,KAAK;AAAA,EAC/C;AAEA,MAAI,cAAc,wBAAwB;AACxC,WAAO,4BAA4B,KAAK;AAAA,EAC1C;AAEA,MAAI,cAAc,sBAAsB;AACtC,WAAO,2BAA2B,KAAK;AAAA,EACzC;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,QAAQ,CAAC,EAAE,MAAM,gBAAgB,SAAS,sCAAsC,CAAC;AAAA,EACnF;AACF;AAEO,SAAS,0BACd,WACA,OACyB;AACzB,SAAO,UAAU,6BAA6B,WAAW,KAAK,GAAG,6BAA6B;AAChG;AAEA,SAAS,UAAa,YAAiC,SAAoB;AACzE,MAAI,WAAW,IAAI;AACjB,WAAO,WAAW;AAAA,EACpB;AAEA,QAAM,IAAI,mBAAmB,SAAS,WAAW,MAAM;AACzD;AAEA,SAAS,cAAsC;AAC7C,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,QAAQ,CAAC,EAAE,MAAM,KAAK,SAAS,sBAAsB,CAAC;AAAA,EACxD;AACF;AAEA,SAAS,OAAU,OAAU,QAAgD;AAC3E,MAAI,OAAO,SAAS,GAAG;AACrB,WAAO,EAAE,IAAI,OAAO,OAAO;AAAA,EAC7B;AAEA,SAAO,EAAE,IAAI,MAAM,QAAQ,CAAC,GAAG,MAAM;AACvC;AAQA,SAASA,eACP,QACA,OACA,QACA,UAAyB,CAAC,GACpB;AACN,iBAAe,OAAO,KAAK,GAAG,KAAK,KAAK,IAAI,QAAQ,OAAO;AAC7D;AAEA,SAAS,eACP,OACA,MACA,QACA,UAAyB,CAAC,GACpB;AACN,MAAI,UAAU,QAAW;AACvB;AAAA,EACF;AAEA,iBAAe,OAAO,MAAM,QAAQ,OAAO;AAC7C;AAEA,SAAS,eACP,OACA,MACA,QACA,SACM;AACN,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,KAAK,EAAE,MAAM,SAAS,qBAAqB,CAAC;AACnD;AAAA,EACF;AAEA,MAAI,QAAQ,cAAc,UAAa,MAAM,SAAS,QAAQ,WAAW;AACvE,WAAO,KAAK,EAAE,MAAM,SAAS,qBAAqB,QAAQ,SAAS,iBAAiB,CAAC;AAAA,EACvF;AAEA,MAAI,QAAQ,kBAAkB,UAAa,CAAC,QAAQ,cAAc,IAAI,KAAK,GAAG;AAC5E,WAAO,KAAK,EAAE,MAAM,SAAS,mCAAmC,CAAC;AAAA,EACnE;AAEA,MAAI,QAAQ,YAAY,UAAa,CAAC,QAAQ,QAAQ,KAAK,KAAK,GAAG;AACjE,WAAO,KAAK,EAAE,MAAM,SAAS,4BAA4B,QAAQ,QAAQ,MAAM,IAAI,CAAC;AAAA,EACtF;AACF;AAEA,SAAS,eAAe,OAAgB,MAAc,QAAiC;AACrF,MAAI,UAAU,QAAW;AACvB;AAAA,EACF;AAEA,MAAI,CAACD,UAAS,KAAK,GAAG;AACpB,WAAO,KAAK,EAAE,MAAM,SAAS,sBAAsB,CAAC;AAAA,EACtD;AACF;AAEA,SAAS,eAAe,OAAgB,MAAc,QAAiC;AACrF,MAAI,CAAC,OAAO,UAAU,KAAK,GAAG;AAC5B,WAAO,KAAK,EAAE,MAAM,SAAS,uBAAuB,CAAC;AAAA,EACvD;AACF;AAEA,SAASE,qBAAoB,OAAgB,MAAc,QAAiC;AAC1F,MAAI,UAAU,QAAW;AACvB;AAAA,EACF;AAEA,EAAAC,oBAAmB,OAAO,MAAM,MAAM;AACxC;AAEA,SAASA,oBAAmB,OAAgB,MAAc,QAAiC;AACzF,MAAI,CAAC,MAAM,QAAQ,KAAK,GAAG;AACzB,WAAO,KAAK,EAAE,MAAM,SAAS,qBAAqB,CAAC;AACnD;AAAA,EACF;AAEA,QAAM,QAAQ,CAAC,MAAM,UAAU;AAC7B,QAAI,OAAO,SAAS,UAAU;AAC5B,aAAO,KAAK,EAAE,MAAM,GAAG,IAAI,IAAI,KAAK,KAAK,SAAS,qBAAqB,CAAC;AAAA,IAC1E;AAAA,EACF,CAAC;AACH;AAEA,SAASH,UAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAC5E;;;ADnVA,eAAsB,uBACpB,QACA,SACiB;AACjB,QAAM,SAAS,2BAA2B,MAAM;AAChD,QAAM,MAAM,MAAM,cAAc,QAAQ,KAAK,QAAQ,GAAG;AAExD,SAAO,IAAI,oBAAQ,MAAM,EACtB,mBAAmB;AAAA,IAClB,KAAK,QAAQ;AAAA,IACb,GAAI,QAAQ,QAAQ,SAAY,CAAC,IAAI,EAAE,KAAK,QAAQ,IAAI;AAAA,IACxD,KAAK,QAAQ,OAAO;AAAA,EACtB,CAAC,EACA,KAAK,GAAG;AACb;AAEA,eAAsB,yBACpB,iBACA,SACmC;AACnC,QAAM,gBAAgB;AAAA,IACpB,GAAI,QAAQ,eAAe,SAAY,CAAC,IAAI,EAAE,YAAY,QAAQ,WAAW;AAAA,IAC7E,GAAI,QAAQ,aAAa,SAAY,CAAC,IAAI,EAAE,UAAU,QAAQ,SAAS;AAAA,IACvE,GAAI,QAAQ,mBAAmB,SAAY,CAAC,IAAI,EAAE,gBAAgB,QAAQ,eAAe;AAAA,IACzF,GAAI,QAAQ,gBAAgB,SAAY,CAAC,IAAI,EAAE,aAAa,QAAQ,YAAY;AAAA,IAChF,GAAI,QAAQ,WAAW,SAAY,CAAC,IAAI,EAAE,QAAQ,QAAQ,OAAO;AAAA,IACjE,GAAI,QAAQ,YAAY,SAAY,CAAC,IAAI,EAAE,SAAS,QAAQ,QAAQ;AAAA,EACtE;AACA,MAAII;AAEJ,MAAI,OAAO,QAAQ,QAAQ,YAAY;AACrC,UAAM,aAAsC,QAAQ;AAEpD,IAAAA,UAAS,UAAM;AAAA,MACb;AAAA,MACA,OAAO,iBAAsC,UAC3C,cAAc,MAAM,WAAW,iBAAiB,KAAK,GAAG,gBAAgB,GAAG;AAAA,MAC7E;AAAA,IACF;AAAA,EACF,OAAO;AACL,IAAAA,UAAS,UAAM;AAAA,MACb;AAAA,MACA,MAAM,cAAc,QAAQ,KAAK,QAAQ,aAAa,CAAC,CAAC;AAAA,MACxD;AAAA,IACF;AAAA,EACF;AAEA,SAAO,2BAA2BA,QAAO,OAAO;AAClD;AAEA,eAAsB,cAAc,KAA2B,KAAmC;AAChG,MAAI,CAAC,SAAS,GAAG,GAAG;AAClB,WAAO;AAAA,EACT;AAEA,MAAI,QAAQ,QAAW;AACrB,UAAM,IAAI,UAAU,gDAAgD;AAAA,EACtE;AAEA,MAAI,IAAI,WAAW,SAAS;AAC1B,eAAO,yBAAY,IAAI,KAAK,GAAG;AAAA,EACjC;AAEA,MAAI,IAAI,WAAW,QAAQ;AACzB,eAAO,wBAAW,IAAI,KAAK,GAAG;AAAA,EAChC;AAEA,aAAO,wBAAW,IAAI,KAAK,GAAG;AAChC;AAEA,eAAsB,iBAAiB,KAAU,KAAmC;AAClF,aAAO,uBAAU,KAAK,GAAG;AAC3B;AAEO,SAAS,oBAAoB,OAAgC;AAClE,QAAM,CAAC,eAAe,cAAc,IAAI,MAAM,MAAM,GAAG;AAEvD,MAAI,kBAAkB,UAAa,mBAAmB,QAAW;AAC/D,UAAM,IAAI,MAAM,cAAc;AAAA,EAChC;AAEA,SAAO;AAAA,IACL,QAAQ,mBAAmB,aAAa;AAAA,IACxC,SAAS,mBAAmB,cAAc;AAAA,EAC5C;AACF;AAEA,SAAS,SAAS,KAA6C;AAC7D,SAAO,OAAO,QAAQ,YAAY,SAAS,OAAO,OAAO,IAAI,QAAQ,YAAY,YAAY;AAC/F;AAEA,SAAS,mBAAmB,SAA0C;AACpE,QAAM,SAAkB,KAAK,MAAM,OAAO,KAAK,SAAS,WAAW,EAAE,SAAS,MAAM,CAAC;AAErF,MAAI,CAACC,UAAS,MAAM,GAAG;AACrB,UAAM,IAAI,MAAM,2CAA2C;AAAA,EAC7D;AAEA,SAAO;AACT;AAEA,SAASA,UAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAC5E;;;AE1JO,IAAM,wBAAwB;AAAA,EACnC,SAAS;AAAA,EACT,KAAK;AAAA,EACL,OAAO;AAAA,EACP,MAAM;AAAA,EACN,UAAU,CAAC,eAAe,YAAY,YAAY,QAAQ,QAAQ,YAAY,SAAS;AAAA,EACvF,sBAAsB;AAAA,EACtB,YAAY;AAAA,IACV,aAAa;AAAA,MACX,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU,CAAC,WAAW;AAAA,MACtB,sBAAsB;AAAA,MACtB,YAAY;AAAA,QACV,WAAW;AAAA,UACT,MAAM;AAAA,UACN,UAAU;AAAA,UACV,OAAO;AAAA,YACL,MAAM;AAAA,YACN,MAAM,CAAC,MAAM;AAAA,UACf;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,MAAM;AAAA,MACN,sBAAsB;AAAA,MACtB,YAAY;AAAA,QACV,UAAU;AAAA,UACR,MAAM;AAAA,UACN,OAAO;AAAA,YACL,MAAM;AAAA,UACR;AAAA,QACF;AAAA,QACA,WAAW;AAAA,UACT,MAAM;AAAA,UACN,OAAO;AAAA,YACL,MAAM;AAAA,UACR;AAAA,QACF;AAAA,QACA,UAAU;AAAA,UACR,MAAM;AAAA,UACN,OAAO;AAAA,YACL,MAAM;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU,CAAC,WAAW;AAAA,MACtB,sBAAsB;AAAA,MACtB,YAAY;AAAA,QACV,WAAW;AAAA,UACT,MAAM;AAAA,UACN,UAAU;AAAA,UACV,OAAO;AAAA,YACL,MAAM;AAAA,YACN,MAAM,CAAC,WAAW,UAAU,SAAS,UAAU,QAAQ;AAAA,UACzD;AAAA,QACF;AAAA,QACA,aAAa;AAAA,UACX,MAAM;AAAA,UACN,OAAO;AAAA,YACL,MAAM;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,sBAAsB;AAAA,MACtB,YAAY;AAAA,QACV,oBAAoB;AAAA,UAClB,MAAM;AAAA,UACN,UAAU;AAAA,UACV,OAAO;AAAA,YACL,MAAM;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,YAAY;AAAA,MACV,MAAM;AAAA,MACN,sBAAsB;AAAA,MACtB,YAAY;AAAA,QACV,WAAW;AAAA,UACT,MAAM;AAAA,UACN,OAAO;AAAA,YACL,MAAM;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,UAAU,CAAC,eAAe;AAAA,MAC1B,sBAAsB;AAAA,MACtB,YAAY;AAAA,QACV,eAAe;AAAA,UACb,MAAM;AAAA,UACN,SAAS;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAAA,IACA,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU,CAAC,SAAS;AAAA,MACpB,sBAAsB;AAAA,MACtB,YAAY;AAAA,QACV,SAAS;AAAA,UACP,MAAM;AAAA,UACN,UAAU;AAAA,UACV,OAAO;AAAA,YACL,MAAM;AAAA,YACN,SAAS;AAAA,UACX;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,MAAM;AAAA,MACN,UAAU,CAAC,KAAK;AAAA,MAChB,sBAAsB;AAAA,MACtB,YAAY;AAAA,QACV,KAAK;AAAA,UACH,MAAM;AAAA,UACN,SAAS;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;","names":["isRecord","result","isRecord","requireString","optionalStringArray","requireStringArray","result","isRecord"]}
@@ -0,0 +1,392 @@
1
+ import { CryptoKey, JWK, KeyObject, JWTHeaderParameters, FlattenedJWSInput, JWTVerifyOptions } from 'jose';
2
+
3
+ declare const AEP_VERSION = "1.0";
4
+ declare const AEP_MEDIA_TYPE = "application/aep+json";
5
+ declare const AEP_PROBLEM_MEDIA_TYPE = "application/problem+json";
6
+ declare const AEP_AUTH_SCHEME = "AEP";
7
+ declare const AEP_WELL_KNOWN_PATH = "/.well-known/aep";
8
+ declare const DEFAULT_HTTP_ENDPOINT_BASE = "/aep/";
9
+ declare const AEP_COMMANDS: readonly ["inspect", "enroll", "grant", "revoke", "status"];
10
+ declare const AEP_AUTHENTICATED_COMMANDS: readonly ["enroll", "grant", "revoke", "status"];
11
+ declare const AEP_BINDINGS: readonly ["http"];
12
+ declare const AEP_SIGNING_ALGORITHMS: readonly ["EdDSA", "ES256"];
13
+ declare const AEP_IDENTITY_METHOD_DID_WEB = "did:web";
14
+ declare const AEP_GRANT_TYPE_OAUTH_BEARER = "oauth-bearer";
15
+ declare const AEP_GRANT_TYPE_API_KEY = "api-key";
16
+ declare const AEP_GRANT_TYPE_BASIC = "basic";
17
+ declare const AEP_BUILT_IN_GRANT_TYPES: readonly ["oauth-bearer", "api-key", "basic"];
18
+
19
+ type AepCommand = (typeof AEP_COMMANDS)[number];
20
+ type AepBinding = (typeof AEP_BINDINGS)[number];
21
+ type AepExtensibleString<TValue extends string> = TValue | (string & Record<never, never>);
22
+ type AepSigningAlgorithm = AepExtensibleString<(typeof AEP_SIGNING_ALGORITHMS)[number]>;
23
+ type AepBuiltInGrantType = (typeof AEP_BUILT_IN_GRANT_TYPES)[number];
24
+ type AepGrantType = AepExtensibleString<AepBuiltInGrantType>;
25
+ type AepIdentityMethod = string;
26
+ type AepAuthenticatedCommand = Exclude<AepCommand, "inspect">;
27
+ type AepEnrollmentStatus = "active" | "pending" | "rejected";
28
+ type AepAgentStatus = AepEnrollmentStatus | "suspended" | "terminated" | "unavailable";
29
+ interface InspectDocument {
30
+ aep_version: string;
31
+ bindings: {
32
+ supported: AepBinding[];
33
+ [key: string]: unknown;
34
+ };
35
+ claims?: {
36
+ required?: string[];
37
+ preferred?: string[];
38
+ optional?: string[];
39
+ [key: string]: unknown;
40
+ };
41
+ commands: {
42
+ supported: AepCommand[];
43
+ grant_types?: AepGrantType[];
44
+ grant_types_config?: Record<string, unknown>;
45
+ [key: string]: unknown;
46
+ };
47
+ core: {
48
+ signing_algorithms?: AepSigningAlgorithm[];
49
+ [key: string]: unknown;
50
+ };
51
+ extensions?: {
52
+ supported?: string[];
53
+ [key: string]: unknown;
54
+ };
55
+ http: {
56
+ endpoint_base: string;
57
+ [key: string]: unknown;
58
+ };
59
+ identity: {
60
+ methods: AepIdentityMethod[];
61
+ [key: string]: unknown;
62
+ };
63
+ service: {
64
+ did: string;
65
+ [key: string]: unknown;
66
+ };
67
+ [key: string]: unknown;
68
+ }
69
+ interface AepProblemDetails {
70
+ type: string;
71
+ title: string;
72
+ status: number;
73
+ detail?: string;
74
+ instance?: string;
75
+ code: AepExtensibleString<AepErrorCode>;
76
+ [key: string]: unknown;
77
+ }
78
+ type AepErrorCode = "invalid_request" | "not_recognized" | "identity_suspended" | "identity_terminated" | "identity_unavailable" | "verification_pending" | "unsupported_grant_type" | "idempotency_conflict";
79
+ interface EnrollRequest {
80
+ agent_did: string;
81
+ claims?: Record<string, unknown>;
82
+ idempotency_key: string;
83
+ [key: string]: unknown;
84
+ }
85
+ interface EnrollResponse {
86
+ status: AepEnrollmentStatus;
87
+ owner_action_required?: "true" | "false";
88
+ requirements_pending?: string[];
89
+ [key: string]: unknown;
90
+ }
91
+ interface StatusResponse {
92
+ status: AepAgentStatus;
93
+ owner_action_required?: "true" | "false";
94
+ requirements_pending?: string[];
95
+ since?: string;
96
+ [key: string]: unknown;
97
+ }
98
+ interface GrantRequest {
99
+ grant_type: AepGrantType;
100
+ requested_scopes?: string[];
101
+ [key: string]: unknown;
102
+ }
103
+ type RevokeRequest = {
104
+ grant_type: AepGrantType;
105
+ credential_id?: string;
106
+ all_grant_types?: never;
107
+ [key: string]: unknown;
108
+ } | {
109
+ credential_id: string;
110
+ grant_type?: AepGrantType;
111
+ all_grant_types?: never;
112
+ [key: string]: unknown;
113
+ } | {
114
+ all_grant_types: "true";
115
+ credential_id?: string;
116
+ grant_type?: AepGrantType;
117
+ [key: string]: unknown;
118
+ };
119
+ type RevokeResponse = Record<string, never>;
120
+ interface AepClientAssertionClaims {
121
+ aud: string;
122
+ exp: number;
123
+ iat: number;
124
+ iss: string;
125
+ jti: string;
126
+ op: AepAuthenticatedCommand;
127
+ sub: string;
128
+ [key: string]: unknown;
129
+ }
130
+ interface OAuthBearerGrantResponse {
131
+ access_token: string;
132
+ credential_id: string;
133
+ expires_at: string;
134
+ scopes: string[];
135
+ token_type: "Bearer";
136
+ [key: string]: unknown;
137
+ }
138
+ interface ApiKeyGrantResponse {
139
+ api_key: string;
140
+ credential_id: string;
141
+ expires_at: string;
142
+ header: string;
143
+ scopes: string[];
144
+ [key: string]: unknown;
145
+ }
146
+ interface BasicGrantResponse {
147
+ credential_id: string;
148
+ expires_at: string;
149
+ password: string;
150
+ realm?: string;
151
+ scopes: string[];
152
+ username: string;
153
+ [key: string]: unknown;
154
+ }
155
+ type AepBuiltInGrantResponse = OAuthBearerGrantResponse | ApiKeyGrantResponse | BasicGrantResponse;
156
+ interface ValidationIssue {
157
+ path: string;
158
+ message: string;
159
+ }
160
+ type ValidationResult<T> = {
161
+ ok: true;
162
+ value: T;
163
+ issues: [];
164
+ } | {
165
+ ok: false;
166
+ issues: ValidationIssue[];
167
+ };
168
+
169
+ type AepJoseKey = CryptoKey | JWK | KeyObject | Uint8Array;
170
+ type AepPemKeyFormat = "pkcs8" | "spki" | "x509";
171
+ interface AepPemKey {
172
+ format: AepPemKeyFormat;
173
+ pem: string;
174
+ }
175
+ type AepImportableJoseKey = AepJoseKey | AepPemKey;
176
+ type AepJwtVerifyKeyResolver = (protectedHeader: JWTHeaderParameters, token: FlattenedJWSInput) => AepImportableJoseKey | Promise<AepImportableJoseKey>;
177
+ interface SignClientAssertionJwtOptions {
178
+ alg: AepSigningAlgorithm;
179
+ key: AepImportableJoseKey;
180
+ kid?: string;
181
+ typ?: string;
182
+ }
183
+ interface VerifyClientAssertionJwtOptions {
184
+ algorithms?: AepSigningAlgorithm[];
185
+ audience?: string;
186
+ clockTolerance?: JWTVerifyOptions["clockTolerance"];
187
+ currentDate?: Date;
188
+ issuer?: string;
189
+ key: AepImportableJoseKey | AepJwtVerifyKeyResolver;
190
+ subject?: string;
191
+ }
192
+ interface DecodedJwtParts {
193
+ header: Record<string, unknown>;
194
+ payload: Record<string, unknown>;
195
+ }
196
+ declare function signClientAssertionJwt(claims: AepClientAssertionClaims, options: SignClientAssertionJwtOptions): Promise<string>;
197
+ declare function verifyClientAssertionJwt(clientAssertion: string, options: VerifyClientAssertionJwtOptions): Promise<AepClientAssertionClaims>;
198
+ declare function importJoseKey(key: AepImportableJoseKey, alg?: string): Promise<AepJoseKey>;
199
+ declare function importJwkJoseKey(jwk: JWK, alg?: string): Promise<AepJoseKey>;
200
+ declare function decodeJwtUnverified(token: string): DecodedJwtParts;
201
+
202
+ type DidWebFetchLike = (input: URL | string, init?: RequestInit) => Promise<Response>;
203
+ interface ResolveDidWebPublicKeyOptions {
204
+ did: string;
205
+ fetch?: DidWebFetchLike;
206
+ kid?: string;
207
+ }
208
+ declare function didWebDocumentUrl(did: string): URL;
209
+ declare function resolveDidWebPublicKey(options: ResolveDidWebPublicKeyOptions): Promise<AepImportableJoseKey>;
210
+
211
+ declare class AepValidationError extends Error {
212
+ readonly issues: ValidationIssue[];
213
+ constructor(message: string, issues: ValidationIssue[]);
214
+ }
215
+ declare function createProblemDetails(input: {
216
+ code: AepExtensibleString<AepErrorCode>;
217
+ title: string;
218
+ status: number;
219
+ detail?: string;
220
+ instance?: string;
221
+ type?: string;
222
+ }): AepProblemDetails;
223
+
224
+ type AepHttpCommand = Exclude<AepCommand, "inspect">;
225
+ declare function normalizeEndpointBase(endpointBase?: string): string;
226
+ declare function commandPath(command: AepHttpCommand, endpointBase?: string): string;
227
+ declare function commandPathFromInspect(document: InspectDocument, command: AepHttpCommand): string;
228
+
229
+ declare function validateInspectDocument(value: unknown): ValidationResult<InspectDocument>;
230
+ declare function isInspectDocument(value: unknown): value is InspectDocument;
231
+ declare function parseInspectDocument(value: unknown): InspectDocument;
232
+
233
+ declare function validateEnrollRequest(value: unknown): ValidationResult<EnrollRequest>;
234
+ declare function parseEnrollRequest(value: unknown): EnrollRequest;
235
+ declare function validateEnrollResponse(value: unknown): ValidationResult<EnrollResponse>;
236
+ declare function parseEnrollResponse(value: unknown): EnrollResponse;
237
+ declare function validateStatusResponse(value: unknown): ValidationResult<StatusResponse>;
238
+ declare function parseStatusResponse(value: unknown): StatusResponse;
239
+ declare function validateGrantRequest(value: unknown): ValidationResult<GrantRequest>;
240
+ declare function parseGrantRequest(value: unknown): GrantRequest;
241
+ declare function validateRevokeRequest(value: unknown): ValidationResult<RevokeRequest>;
242
+ declare function parseRevokeRequest(value: unknown): RevokeRequest;
243
+ declare function validateRevokeResponse(value: unknown): ValidationResult<RevokeResponse>;
244
+ declare function parseRevokeResponse(value: unknown): RevokeResponse;
245
+ declare function validateClientAssertionClaims(value: unknown): ValidationResult<AepClientAssertionClaims>;
246
+ declare function parseClientAssertionClaims(value: unknown): AepClientAssertionClaims;
247
+ declare function validateProblemDetails(value: unknown): ValidationResult<AepProblemDetails>;
248
+ declare function parseProblemDetails(value: unknown): AepProblemDetails;
249
+ declare function validateOAuthBearerGrantResponse(value: unknown): ValidationResult<OAuthBearerGrantResponse>;
250
+ declare function validateApiKeyGrantResponse(value: unknown): ValidationResult<ApiKeyGrantResponse>;
251
+ declare function validateBasicGrantResponse(value: unknown): ValidationResult<BasicGrantResponse>;
252
+ declare function validateBuiltInGrantResponse(grantType: string, value: unknown): ValidationResult<AepBuiltInGrantResponse>;
253
+ declare function parseBuiltInGrantResponse(grantType: string, value: unknown): AepBuiltInGrantResponse;
254
+
255
+ declare const inspectDocumentSchema: {
256
+ readonly $schema: "https://json-schema.org/draft/2020-12/schema";
257
+ readonly $id: "https://www.aep.foundation/schemas/inspect-document.schema.json";
258
+ readonly title: "AEP Inspect Document";
259
+ readonly type: "object";
260
+ readonly required: readonly ["aep_version", "bindings", "commands", "core", "http", "identity", "service"];
261
+ readonly additionalProperties: true;
262
+ readonly properties: {
263
+ readonly aep_version: {
264
+ readonly type: "string";
265
+ readonly pattern: "^[0-9]+\\.[0-9]+$";
266
+ };
267
+ readonly bindings: {
268
+ readonly type: "object";
269
+ readonly required: readonly ["supported"];
270
+ readonly additionalProperties: true;
271
+ readonly properties: {
272
+ readonly supported: {
273
+ readonly type: "array";
274
+ readonly minItems: 1;
275
+ readonly items: {
276
+ readonly type: "string";
277
+ readonly enum: readonly ["http"];
278
+ };
279
+ };
280
+ };
281
+ };
282
+ readonly claims: {
283
+ readonly type: "object";
284
+ readonly additionalProperties: true;
285
+ readonly properties: {
286
+ readonly required: {
287
+ readonly type: "array";
288
+ readonly items: {
289
+ readonly type: "string";
290
+ };
291
+ };
292
+ readonly preferred: {
293
+ readonly type: "array";
294
+ readonly items: {
295
+ readonly type: "string";
296
+ };
297
+ };
298
+ readonly optional: {
299
+ readonly type: "array";
300
+ readonly items: {
301
+ readonly type: "string";
302
+ };
303
+ };
304
+ };
305
+ };
306
+ readonly commands: {
307
+ readonly type: "object";
308
+ readonly required: readonly ["supported"];
309
+ readonly additionalProperties: true;
310
+ readonly properties: {
311
+ readonly supported: {
312
+ readonly type: "array";
313
+ readonly minItems: 1;
314
+ readonly items: {
315
+ readonly type: "string";
316
+ readonly enum: readonly ["inspect", "enroll", "grant", "revoke", "status"];
317
+ };
318
+ };
319
+ readonly grant_types: {
320
+ readonly type: "array";
321
+ readonly items: {
322
+ readonly type: "string";
323
+ };
324
+ };
325
+ };
326
+ };
327
+ readonly core: {
328
+ readonly type: "object";
329
+ readonly additionalProperties: true;
330
+ readonly properties: {
331
+ readonly signing_algorithms: {
332
+ readonly type: "array";
333
+ readonly minItems: 1;
334
+ readonly items: {
335
+ readonly type: "string";
336
+ };
337
+ };
338
+ };
339
+ };
340
+ readonly extensions: {
341
+ readonly type: "object";
342
+ readonly additionalProperties: true;
343
+ readonly properties: {
344
+ readonly supported: {
345
+ readonly type: "array";
346
+ readonly items: {
347
+ readonly type: "string";
348
+ };
349
+ };
350
+ };
351
+ };
352
+ readonly http: {
353
+ readonly type: "object";
354
+ readonly required: readonly ["endpoint_base"];
355
+ readonly additionalProperties: true;
356
+ readonly properties: {
357
+ readonly endpoint_base: {
358
+ readonly type: "string";
359
+ readonly pattern: "^/";
360
+ };
361
+ };
362
+ };
363
+ readonly identity: {
364
+ readonly type: "object";
365
+ readonly required: readonly ["methods"];
366
+ readonly additionalProperties: true;
367
+ readonly properties: {
368
+ readonly methods: {
369
+ readonly type: "array";
370
+ readonly minItems: 1;
371
+ readonly items: {
372
+ readonly type: "string";
373
+ readonly pattern: "^[a-z0-9]+(?::[a-z0-9]+)*(?:-[a-z0-9]+)*$";
374
+ };
375
+ };
376
+ };
377
+ };
378
+ readonly service: {
379
+ readonly type: "object";
380
+ readonly required: readonly ["did"];
381
+ readonly additionalProperties: true;
382
+ readonly properties: {
383
+ readonly did: {
384
+ readonly type: "string";
385
+ readonly pattern: "^did:";
386
+ };
387
+ };
388
+ };
389
+ };
390
+ };
391
+
392
+ export { AEP_AUTHENTICATED_COMMANDS, AEP_AUTH_SCHEME, AEP_BINDINGS, AEP_BUILT_IN_GRANT_TYPES, AEP_COMMANDS, AEP_GRANT_TYPE_API_KEY, AEP_GRANT_TYPE_BASIC, AEP_GRANT_TYPE_OAUTH_BEARER, AEP_IDENTITY_METHOD_DID_WEB, AEP_MEDIA_TYPE, AEP_PROBLEM_MEDIA_TYPE, AEP_SIGNING_ALGORITHMS, AEP_VERSION, AEP_WELL_KNOWN_PATH, type AepAgentStatus, type AepAuthenticatedCommand, type AepBinding, type AepBuiltInGrantResponse, type AepBuiltInGrantType, type AepClientAssertionClaims, type AepCommand, type AepEnrollmentStatus, type AepErrorCode, type AepExtensibleString, type AepGrantType, type AepHttpCommand, type AepIdentityMethod, type AepImportableJoseKey, type AepJoseKey, type AepJwtVerifyKeyResolver, type AepPemKey, type AepPemKeyFormat, type AepProblemDetails, type AepSigningAlgorithm, AepValidationError, type ApiKeyGrantResponse, type BasicGrantResponse, DEFAULT_HTTP_ENDPOINT_BASE, type DecodedJwtParts, type DidWebFetchLike, type EnrollRequest, type EnrollResponse, type GrantRequest, type InspectDocument, type OAuthBearerGrantResponse, type ResolveDidWebPublicKeyOptions, type RevokeRequest, type RevokeResponse, type SignClientAssertionJwtOptions, type StatusResponse, type ValidationIssue, type ValidationResult, type VerifyClientAssertionJwtOptions, commandPath, commandPathFromInspect, createProblemDetails, decodeJwtUnverified, didWebDocumentUrl, importJoseKey, importJwkJoseKey, inspectDocumentSchema, isInspectDocument, normalizeEndpointBase, parseBuiltInGrantResponse, parseClientAssertionClaims, parseEnrollRequest, parseEnrollResponse, parseGrantRequest, parseInspectDocument, parseProblemDetails, parseRevokeRequest, parseRevokeResponse, parseStatusResponse, resolveDidWebPublicKey, signClientAssertionJwt, validateApiKeyGrantResponse, validateBasicGrantResponse, validateBuiltInGrantResponse, validateClientAssertionClaims, validateEnrollRequest, validateEnrollResponse, validateGrantRequest, validateInspectDocument, validateOAuthBearerGrantResponse, validateProblemDetails, validateRevokeRequest, validateRevokeResponse, validateStatusResponse, verifyClientAssertionJwt };