@aep-foundation/platform 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {\n AEP_MEDIA_TYPE,\n AEP_PROBLEM_MEDIA_TYPE,\n createProblemDetails,\n decodeJwtUnverified,\n didWebDocumentUrl,\n signClientAssertionJwt,\n verifyClientAssertionJwt\n} from \"@aep-foundation/core\";\nimport type {\n AepAuthenticatedCommand,\n AepClientAssertionClaims,\n AepImportableJoseKey,\n AepProblemDetails,\n AepSigningAlgorithm\n} from \"@aep-foundation/core\";\n\nexport const packageName = \"@aep-foundation/platform\";\nexport const platformHostedIdentityDraft = \"draft-kavian-aep-platform-hosted-identity-00\";\n\nexport const defaultAssertionLifetimeSeconds = 300;\n\nexport type ManagedAgentStatus = \"active\" | \"revoked\" | \"suspended\" | \"terminated\";\n\nexport interface PlatformDiscoveryDocument {\n aep_version: string;\n endpoints: {\n hosted_verification?: string;\n lifecycle: string;\n list: string;\n provision: string;\n sign: string;\n [key: string]: unknown;\n };\n http: {\n endpoint_base: string;\n [key: string]: unknown;\n };\n identity: {\n did_methods: string[];\n did_url_template: string;\n [key: string]: unknown;\n };\n platform: {\n did?: string;\n hosted_verification: boolean;\n name: string;\n [key: string]: unknown;\n };\n signing: {\n algorithms: AepSigningAlgorithm[];\n default_lifetime_seconds: string;\n [key: string]: unknown;\n };\n [key: string]: unknown;\n}\n\nexport interface PlatformDiscoveryDocumentOptions {\n aepVersion?: string;\n defaultLifetimeSeconds?: number;\n didMethods?: string[];\n didUrlTemplate: string;\n endpointBase: string;\n endpoints: {\n hostedVerification?: string;\n lifecycle: string;\n list: string;\n provision: string;\n sign: string;\n };\n hostedVerification?: boolean;\n maxLifetimeSeconds?: number;\n platformDid?: string;\n platformName: string;\n signingAlgorithms: AepSigningAlgorithm[];\n}\n\nexport interface ManagedAgentIdentity {\n accountId?: string;\n agentDid: string;\n createdAt: string;\n metadata: Record<string, unknown>;\n status: ManagedAgentStatus;\n subjectDid?: string;\n tenantId?: string;\n updatedAt: string;\n}\n\nexport interface ServiceScopedAgentDidOptions {\n agentDidId: string;\n host: string;\n pathPrefix?: string;\n}\n\nexport interface PlatformAgentIdentity {\n agent_did: string;\n agent_identity_id: string;\n created_at: string;\n did_document_url: string;\n key_id: string;\n service_did: string;\n signing_algorithms: AepSigningAlgorithm[];\n status: ManagedAgentStatus;\n updated_at: string;\n}\n\nexport interface PlatformPage<T> {\n count: string;\n data: T[];\n total: string;\n}\n\nexport type PlatformAgentIdentityListResponse = PlatformPage<PlatformAgentIdentity>;\n\nexport interface PlatformAgentIdentityOptions {\n agentDid: string;\n agentIdentityId: string;\n clock?: () => Date;\n didDocumentUrl?: string;\n keyId?: string;\n serviceDid: string;\n signingAlgorithms: AepSigningAlgorithm[];\n status?: ManagedAgentStatus;\n}\n\nexport interface ManagedAgentIdentityOptions {\n accountId?: string;\n agentDid: string;\n clock?: () => Date;\n metadata?: Record<string, unknown>;\n status?: ManagedAgentStatus;\n subjectDid?: string;\n tenantId?: string;\n}\n\nexport interface ManagedAgentIdentityUpdate {\n accountId?: string;\n metadata?: Record<string, unknown>;\n status?: ManagedAgentStatus;\n subjectDid?: string;\n tenantId?: string;\n}\n\nexport interface PlatformLifecycleRequest {\n status: ManagedAgentStatus;\n}\n\nexport interface PlatformLifecycleRequestOptions {\n status: ManagedAgentStatus;\n}\n\nexport interface ManagedAgentRegistry {\n get(agentDid: string): ManagedAgentIdentity | undefined;\n list(filter?: ManagedAgentListFilter): ManagedAgentIdentity[];\n remove(agentDid: string): boolean;\n setStatus(agentDid: string, status: ManagedAgentStatus): ManagedAgentIdentity;\n upsert(identity: ManagedAgentIdentity): ManagedAgentIdentity;\n}\n\nexport interface ManagedAgentListFilter {\n accountId?: string;\n status?: ManagedAgentStatus;\n tenantId?: string;\n}\n\nexport interface PlatformEnrollRequest {\n agent_did: string;\n claims?: Record<string, unknown>;\n idempotency_key: string;\n}\n\nexport interface PlatformEnrollRequestOptions {\n claims?: Record<string, unknown>;\n identity: ManagedAgentIdentity;\n idempotencyKey: string;\n}\n\nexport interface PlatformProvisionRequest {\n idempotency_key: string;\n service_did: string;\n}\n\nexport interface PlatformProvisionRequestOptions {\n idempotencyKey: string;\n serviceDid: string;\n}\n\nexport interface PlatformClientAssertionClaims {\n aud: string;\n exp: number;\n iat: number;\n iss: string;\n jti: string;\n op: AepAuthenticatedCommand;\n sub: string;\n}\n\nexport interface PlatformClientAssertionClaimsOptions {\n command: AepAuthenticatedCommand;\n identity: ManagedAgentIdentity;\n issuedAt?: Date | number;\n jti: string;\n maxLifetimeSeconds?: number;\n serviceDid: string;\n lifetimeSeconds?: number;\n}\n\nexport type DidVerificationRelationship =\n | \"assertionMethod\"\n | \"authentication\"\n | \"capabilityDelegation\"\n | \"capabilityInvocation\"\n | \"keyAgreement\";\n\nexport interface DidVerificationMethod {\n controller: string;\n id: string;\n publicKeyJwk?: Record<string, unknown>;\n publicKeyMultibase?: string;\n publicKeyPem?: string;\n type: string;\n [key: string]: unknown;\n}\n\nexport interface DidService {\n id: string;\n serviceEndpoint: string | string[] | Record<string, unknown>;\n type: string;\n [key: string]: unknown;\n}\n\nexport interface DidDocument {\n \"@context\": string | string[];\n assertionMethod?: Array<string | DidVerificationMethod>;\n authentication?: Array<string | DidVerificationMethod>;\n capabilityDelegation?: Array<string | DidVerificationMethod>;\n capabilityInvocation?: Array<string | DidVerificationMethod>;\n controller?: string | string[];\n id: string;\n keyAgreement?: Array<string | DidVerificationMethod>;\n service?: DidService[];\n verificationMethod?: DidVerificationMethod[];\n [key: string]: unknown;\n}\n\nexport interface ManagedAgentDidVerificationMethodOptions {\n controller?: string;\n id?: string;\n publicKeyJwk?: Record<string, unknown>;\n publicKeyMultibase?: string;\n publicKeyPem?: string;\n relationships?: DidVerificationRelationship[];\n type: string;\n [key: string]: unknown;\n}\n\nexport interface ManagedAgentDidDocumentOptions {\n additionalContexts?: string[];\n controller?: string | string[];\n identity: ManagedAgentIdentity;\n service?: DidService[];\n verificationMethods: ManagedAgentDidVerificationMethodOptions[];\n}\n\nexport interface DidDocumentPublication {\n document: DidDocument;\n publishedAt: string;\n url?: string;\n}\n\nexport interface DidDocumentPublisher {\n publish(document: DidDocument): Promise<DidDocumentPublication> | DidDocumentPublication;\n}\n\nexport interface PublishManagedAgentDidDocumentOptions extends ManagedAgentDidDocumentOptions {\n publisher: DidDocumentPublisher;\n}\n\nexport interface PlatformDelegatedSigningContext {\n identity: ManagedAgentIdentity;\n signingAlgorithms: AepSigningAlgorithm[];\n}\n\nexport type PlatformDelegatedSigner = (\n claims: AepClientAssertionClaims,\n context: PlatformDelegatedSigningContext\n) => Promise<string> | string;\n\nexport interface JwtPlatformDelegatedSignerOptions {\n alg?: AepSigningAlgorithm;\n key: AepImportableJoseKey;\n kid?: string;\n typ?: string;\n}\n\nexport interface SignPlatformClientAssertionOptions extends PlatformClientAssertionClaimsOptions {\n signer: PlatformDelegatedSigner;\n signingAlgorithms?: AepSigningAlgorithm[];\n}\n\nexport interface PlatformSignRequest {\n jti: string;\n lifetime_seconds?: string;\n op: AepAuthenticatedCommand;\n service_did: string;\n}\n\nexport interface PlatformSignRequestOptions {\n command: AepAuthenticatedCommand;\n jti: string;\n maxLifetimeSeconds?: number;\n serviceDid: string;\n lifetimeSeconds?: number;\n}\n\nexport interface PlatformSignResponse {\n agent_did: string;\n client_assertion: string;\n expires_at: string;\n issued_at: string;\n jti: string;\n service_did: string;\n}\n\nexport interface PlatformSignResponseOptions {\n clientAssertion: string;\n identity: ManagedAgentIdentity;\n issuedAt?: Date | number;\n jti: string;\n maxLifetimeSeconds?: number;\n serviceDid: string;\n lifetimeSeconds?: number;\n}\n\nexport interface PlatformVerificationRequest {\n client_assertion: string;\n op: AepAuthenticatedCommand;\n service_did: string;\n}\n\nexport interface PlatformVerificationRequestOptions {\n clientAssertion: string;\n command: AepAuthenticatedCommand;\n serviceDid: string;\n}\n\nexport interface PlatformVerificationResponse {\n agent_did?: string;\n agent_identity_id?: string;\n op?: AepAuthenticatedCommand;\n reason: string;\n service_did: string;\n status?: ManagedAgentStatus;\n verified: boolean;\n}\n\nexport interface PlatformVerificationResponseOptions {\n agentDid?: string;\n agentIdentityId?: string;\n command?: AepAuthenticatedCommand;\n reason: string;\n serviceDid: string;\n status?: ManagedAgentStatus;\n verified: boolean;\n}\n\nexport type Awaitable<T> = T | Promise<T>;\n\nexport interface PlatformHttpResponse<TBody = unknown> {\n body: TBody;\n contentType: string;\n status: number;\n}\n\nexport interface PlatformRequestContext {\n authorization?: string;\n now?: Date;\n requestId?: string;\n subject?: string;\n}\n\nexport interface PlatformIdentityRecord {\n agentDid: string;\n agentDidId: string;\n agentIdentityId: string;\n createdAt: string;\n didDocumentUrl: string;\n keyId: string;\n serviceDid: string;\n signingAlgorithms: AepSigningAlgorithm[];\n status: ManagedAgentStatus;\n updatedAt: string;\n}\n\nexport interface PlatformIdentityListQuery {\n limit?: number;\n offset?: number;\n serviceDid?: string;\n status?: ManagedAgentStatus;\n}\n\nexport interface PlatformIdentityListResult {\n identities: PlatformIdentityRecord[];\n total: number;\n}\n\nexport interface PlatformIdentityStore {\n create(identity: PlatformIdentityRecord, context: PlatformRequestContext): Awaitable<void>;\n findByAgentDid(\n agentDid: string,\n context: PlatformRequestContext\n ): Awaitable<PlatformIdentityRecord | undefined>;\n get(\n agentIdentityId: string,\n context: PlatformRequestContext\n ): Awaitable<PlatformIdentityRecord | undefined>;\n list(\n query: PlatformIdentityListQuery,\n context: PlatformRequestContext\n ): Awaitable<PlatformIdentityListResult>;\n update(\n agentIdentityId: string,\n update: { status: ManagedAgentStatus; updatedAt: string },\n context: PlatformRequestContext\n ): Awaitable<PlatformIdentityRecord | undefined>;\n}\n\nexport interface PlatformProvisionIdempotencyRecord {\n idempotencyKey: string;\n requestHash: string;\n response: PlatformAgentIdentity;\n}\n\nexport interface PlatformProvisionIdempotencyStore {\n get(\n idempotencyKey: string,\n context: PlatformRequestContext\n ): Awaitable<PlatformProvisionIdempotencyRecord | undefined>;\n set(record: PlatformProvisionIdempotencyRecord, context: PlatformRequestContext): Awaitable<void>;\n}\n\nexport interface PlatformReplayStore {\n consume(key: string, expiresAt: Date, context: PlatformRequestContext): Awaitable<boolean>;\n}\n\nexport interface PlatformKeyStore {\n create(identity: PlatformIdentityRecord, context: PlatformRequestContext): Awaitable<void>;\n didVerificationMethod(\n identity: PlatformIdentityRecord,\n context: PlatformRequestContext\n ): Awaitable<ManagedAgentDidVerificationMethodOptions>;\n sign(\n identity: PlatformIdentityRecord,\n claims: AepClientAssertionClaims,\n context: PlatformRequestContext\n ): Awaitable<string>;\n verificationKey(\n identity: PlatformIdentityRecord,\n context: PlatformRequestContext\n ): Awaitable<AepImportableJoseKey>;\n}\n\nexport interface PlatformServiceDidResolver {\n resolve(serviceDid: string, context: PlatformRequestContext): Awaitable<boolean>;\n}\n\nexport interface PlatformAuthorizer {\n authorizeIdentityAccess?(\n identity: PlatformIdentityRecord,\n context: PlatformRequestContext\n ): Awaitable<boolean>;\n authorizeList?(context: PlatformRequestContext): Awaitable<boolean>;\n authorizeProvision?(\n request: PlatformProvisionRequest,\n context: PlatformRequestContext\n ): Awaitable<boolean>;\n}\n\nexport interface PlatformLifecyclePolicy {\n canSign(identity: PlatformIdentityRecord, context: PlatformRequestContext): Awaitable<boolean>;\n canTransition(\n identity: PlatformIdentityRecord,\n nextStatus: ManagedAgentStatus,\n context: PlatformRequestContext\n ): Awaitable<boolean>;\n canVerify(identity: PlatformIdentityRecord, context: PlatformRequestContext): Awaitable<boolean>;\n}\n\nexport interface CreateAepPlatformOptions {\n authorizer?: PlatformAuthorizer;\n clock?: () => Date;\n defaultLifetimeSeconds?: number;\n didHost: string;\n didPathPrefix?: string;\n didUrlTemplate: string;\n discovery: Omit<\n PlatformDiscoveryDocumentOptions,\n \"defaultLifetimeSeconds\" | \"didUrlTemplate\" | \"signingAlgorithms\"\n >;\n idGenerator?: () => string;\n idempotencyStore: PlatformProvisionIdempotencyStore;\n identityStore: PlatformIdentityStore;\n keyStore: PlatformKeyStore;\n lifecyclePolicy?: PlatformLifecyclePolicy;\n maxLifetimeSeconds?: number;\n replayStore: PlatformReplayStore;\n serviceDidResolver: PlatformServiceDidResolver;\n signingAlgorithms: AepSigningAlgorithm[];\n}\n\nexport interface AepPlatform {\n discovery(): PlatformHttpResponse<PlatformDiscoveryDocument>;\n getDidDocument(\n agentIdentityId: string,\n context?: PlatformRequestContext\n ): Promise<PlatformHttpResponse<DidDocument | AepProblemDetails>>;\n getIdentity(\n agentIdentityId: string,\n context?: PlatformRequestContext\n ): Promise<PlatformHttpResponse<PlatformAgentIdentity | AepProblemDetails>>;\n list(\n query?: PlatformIdentityListQuery,\n context?: PlatformRequestContext\n ): Promise<PlatformHttpResponse<PlatformAgentIdentityListResponse | AepProblemDetails>>;\n provision(\n body: unknown,\n context?: PlatformRequestContext\n ): Promise<PlatformHttpResponse<PlatformAgentIdentity | AepProblemDetails>>;\n sign(\n agentIdentityId: string,\n body: unknown,\n context?: PlatformRequestContext\n ): Promise<PlatformHttpResponse<PlatformSignResponse | AepProblemDetails>>;\n updateIdentity(\n agentIdentityId: string,\n body: unknown,\n context?: PlatformRequestContext\n ): Promise<PlatformHttpResponse<PlatformAgentIdentity | AepProblemDetails>>;\n verify(\n body: unknown,\n context?: PlatformRequestContext\n ): Promise<PlatformHttpResponse<PlatformVerificationResponse>>;\n}\n\nexport class InMemoryManagedAgentRegistry implements ManagedAgentRegistry {\n readonly #identities = new Map<string, ManagedAgentIdentity>();\n\n constructor(identities: ManagedAgentIdentity[] = []) {\n identities.forEach((identity) => this.upsert(identity));\n }\n\n get(agentDid: string): ManagedAgentIdentity | undefined {\n const identity = this.#identities.get(agentDid);\n return identity === undefined ? undefined : cloneManagedAgentIdentity(identity);\n }\n\n list(filter: ManagedAgentListFilter = {}): ManagedAgentIdentity[] {\n return Array.from(this.#identities.values())\n .filter(\n (identity) => filter.accountId === undefined || identity.accountId === filter.accountId\n )\n .filter((identity) => filter.status === undefined || identity.status === filter.status)\n .filter((identity) => filter.tenantId === undefined || identity.tenantId === filter.tenantId)\n .map(cloneManagedAgentIdentity);\n }\n\n remove(agentDid: string): boolean {\n return this.#identities.delete(agentDid);\n }\n\n setStatus(agentDid: string, status: ManagedAgentStatus): ManagedAgentIdentity {\n const identity = this.#identities.get(agentDid);\n\n if (identity === undefined) {\n throw new Error(`Managed Agent identity not found: ${agentDid}.`);\n }\n\n const updated = {\n ...identity,\n status,\n updatedAt: new Date().toISOString()\n };\n\n this.#identities.set(agentDid, updated);\n return cloneManagedAgentIdentity(updated);\n }\n\n upsert(identity: ManagedAgentIdentity): ManagedAgentIdentity {\n assertNonEmpty(\"agentDid\", identity.agentDid);\n const cloned = cloneManagedAgentIdentity(identity);\n this.#identities.set(cloned.agentDid, cloned);\n return cloneManagedAgentIdentity(cloned);\n }\n}\n\nexport function createManagedAgentIdentity(\n options: ManagedAgentIdentityOptions\n): ManagedAgentIdentity {\n assertNonEmpty(\"agentDid\", options.agentDid);\n const now = (options.clock ?? (() => new Date()))().toISOString();\n\n return {\n agentDid: options.agentDid,\n createdAt: now,\n metadata: structuredClone(options.metadata ?? {}),\n status: options.status ?? \"active\",\n updatedAt: now,\n ...(options.accountId === undefined ? {} : { accountId: options.accountId }),\n ...(options.subjectDid === undefined ? {} : { subjectDid: options.subjectDid }),\n ...(options.tenantId === undefined ? {} : { tenantId: options.tenantId })\n };\n}\n\nexport function updateManagedAgentIdentity(\n identity: ManagedAgentIdentity,\n update: ManagedAgentIdentityUpdate,\n clock: () => Date = () => new Date()\n): ManagedAgentIdentity {\n return {\n ...cloneManagedAgentIdentity(identity),\n ...update,\n metadata:\n update.metadata === undefined\n ? cloneRecord(identity.metadata)\n : {\n ...cloneRecord(identity.metadata),\n ...cloneRecord(update.metadata)\n },\n updatedAt: clock().toISOString()\n };\n}\n\nexport function createPlatformDiscoveryDocument(\n options: PlatformDiscoveryDocumentOptions\n): PlatformDiscoveryDocument {\n assertNonEmpty(\"didUrlTemplate\", options.didUrlTemplate);\n assertNonEmpty(\"endpointBase\", options.endpointBase);\n assertNonEmpty(\"lifecycle endpoint\", options.endpoints.lifecycle);\n assertNonEmpty(\"list endpoint\", options.endpoints.list);\n assertNonEmpty(\"platformName\", options.platformName);\n assertNonEmpty(\"provision endpoint\", options.endpoints.provision);\n assertNonEmpty(\"sign endpoint\", options.endpoints.sign);\n const defaultLifetimeSeconds = options.defaultLifetimeSeconds ?? defaultAssertionLifetimeSeconds;\n validateLifetimeSeconds(defaultLifetimeSeconds, options.maxLifetimeSeconds);\n\n if (options.signingAlgorithms.length === 0) {\n throw new TypeError(\"signingAlgorithms must include at least one algorithm.\");\n }\n\n const didMethods = [...(options.didMethods ?? [\"did:web\"])];\n\n if (didMethods.length === 0) {\n throw new TypeError(\"didMethods must include at least one DID method.\");\n }\n\n return {\n aep_version: options.aepVersion ?? \"1.0\",\n endpoints: {\n ...(options.endpoints.hostedVerification === undefined\n ? {}\n : { hosted_verification: options.endpoints.hostedVerification }),\n lifecycle: options.endpoints.lifecycle,\n list: options.endpoints.list,\n provision: options.endpoints.provision,\n sign: options.endpoints.sign\n },\n http: {\n endpoint_base: options.endpointBase\n },\n identity: {\n did_methods: didMethods,\n did_url_template: options.didUrlTemplate\n },\n platform: {\n ...(options.platformDid === undefined ? {} : { did: options.platformDid }),\n hosted_verification: options.hostedVerification ?? false,\n name: options.platformName\n },\n signing: {\n algorithms: [...options.signingAlgorithms],\n default_lifetime_seconds: String(defaultLifetimeSeconds)\n }\n };\n}\n\nexport function createServiceScopedAgentDid(options: ServiceScopedAgentDidOptions): string {\n assertNonEmpty(\"agentDidId\", options.agentDidId);\n assertNonEmpty(\"host\", options.host);\n const encodedHost = encodeURIComponent(options.host);\n const pathPrefix = options.pathPrefix ?? \"agents\";\n const pathParts = pathPrefix\n .split(\"/\")\n .filter((part) => part.length > 0)\n .map((part) => encodeURIComponent(part));\n\n return [\"did:web\", encodedHost, ...pathParts, encodeURIComponent(options.agentDidId)].join(\":\");\n}\n\nexport function createPlatformAgentIdentity(\n options: PlatformAgentIdentityOptions\n): PlatformAgentIdentity {\n assertNonEmpty(\"agentDid\", options.agentDid);\n assertNonEmpty(\"agentIdentityId\", options.agentIdentityId);\n assertNonEmpty(\"serviceDid\", options.serviceDid);\n\n if (options.signingAlgorithms.length === 0) {\n throw new TypeError(\"signingAlgorithms must include at least one algorithm.\");\n }\n\n const now = (options.clock ?? (() => new Date()))().toISOString();\n const keyId = options.keyId ?? options.agentDid;\n\n return {\n agent_did: options.agentDid,\n agent_identity_id: options.agentIdentityId,\n created_at: now,\n did_document_url: options.didDocumentUrl ?? didWebDocumentUrl(options.agentDid).toString(),\n key_id: keyId,\n service_did: options.serviceDid,\n signing_algorithms: [...options.signingAlgorithms],\n status: options.status ?? \"active\",\n updated_at: now\n };\n}\n\nexport function createPlatformAgentIdentityListResponse(\n identities: PlatformAgentIdentity[],\n total = identities.length\n): PlatformAgentIdentityListResponse {\n return {\n count: String(identities.length),\n data: identities.map((identity) => structuredClone(identity)),\n total: String(total)\n };\n}\n\nexport function createPlatformLifecycleRequest(\n options: PlatformLifecycleRequestOptions\n): PlatformLifecycleRequest {\n return {\n status: options.status\n };\n}\n\nexport function createPlatformProvisionRequest(\n options: PlatformProvisionRequestOptions\n): PlatformProvisionRequest {\n assertNonEmpty(\"idempotencyKey\", options.idempotencyKey);\n assertNonEmpty(\"serviceDid\", options.serviceDid);\n\n return {\n idempotency_key: options.idempotencyKey,\n service_did: options.serviceDid\n };\n}\n\nexport function createPlatformEnrollRequest(\n options: PlatformEnrollRequestOptions\n): PlatformEnrollRequest {\n assertUsableIdentity(options.identity);\n assertNonEmpty(\"idempotencyKey\", options.idempotencyKey);\n\n return {\n agent_did: options.identity.agentDid,\n ...(options.claims === undefined ? {} : { claims: cloneRecord(options.claims) }),\n idempotency_key: options.idempotencyKey\n };\n}\n\nexport function createPlatformClientAssertionClaims(\n options: PlatformClientAssertionClaimsOptions\n): AepClientAssertionClaims {\n assertUsableIdentity(options.identity);\n assertNonEmpty(\"serviceDid\", options.serviceDid);\n assertNonEmpty(\"jti\", options.jti);\n\n const issuedAt = toEpochSeconds(options.issuedAt ?? new Date());\n const lifetimeSeconds = validateLifetimeSeconds(\n options.lifetimeSeconds ?? defaultAssertionLifetimeSeconds,\n options.maxLifetimeSeconds\n );\n\n return {\n aud: options.serviceDid,\n exp: issuedAt + lifetimeSeconds,\n iat: issuedAt,\n iss: options.identity.agentDid,\n jti: options.jti,\n op: options.command,\n sub: options.identity.agentDid\n };\n}\n\nexport function createManagedAgentDidDocument(\n options: ManagedAgentDidDocumentOptions\n): DidDocument {\n assertUsableIdentity(options.identity);\n\n if (options.verificationMethods.length === 0) {\n throw new TypeError(\"verificationMethods must include at least one method.\");\n }\n\n const document: DidDocument = {\n \"@context\": [\"https://www.w3.org/ns/did/v1\", ...(options.additionalContexts ?? [])],\n id: options.identity.agentDid,\n ...(options.controller === undefined ? {} : { controller: options.controller }),\n verificationMethod: options.verificationMethods.map((method, index) =>\n createDidVerificationMethod(options.identity.agentDid, method, index)\n ),\n ...(options.service === undefined ? {} : { service: options.service.map(cloneDidService) })\n };\n\n for (const relationship of relationshipNames()) {\n const methodIds = document.verificationMethod\n ?.filter((method, index) =>\n (options.verificationMethods[index]?.relationships ?? [\"authentication\"]).includes(\n relationship\n )\n )\n .map((method) => method.id);\n\n if (methodIds !== undefined && methodIds.length > 0) {\n document[relationship] = methodIds;\n }\n }\n\n return document;\n}\n\nexport async function publishManagedAgentDidDocument(\n options: PublishManagedAgentDidDocumentOptions\n): Promise<DidDocumentPublication> {\n const document = createManagedAgentDidDocument(options);\n\n return options.publisher.publish(document);\n}\n\nexport function createJwtPlatformDelegatedSigner(\n options: JwtPlatformDelegatedSignerOptions\n): PlatformDelegatedSigner {\n return (claims, context) =>\n signClientAssertionJwt(claims, {\n alg: options.alg ?? preferredSigningAlgorithm(context.signingAlgorithms),\n key: options.key,\n ...(options.kid === undefined ? {} : { kid: options.kid }),\n ...(options.typ === undefined ? {} : { typ: options.typ })\n });\n}\n\nexport async function signPlatformClientAssertion(\n options: SignPlatformClientAssertionOptions\n): Promise<string> {\n const claims = createPlatformClientAssertionClaims(options);\n\n return options.signer(claims, {\n identity: options.identity,\n signingAlgorithms: [...(options.signingAlgorithms ?? [\"EdDSA\", \"ES256\"])]\n });\n}\n\nexport function createPlatformSignRequest(\n options: PlatformSignRequestOptions\n): PlatformSignRequest {\n assertNonEmpty(\"jti\", options.jti);\n assertNonEmpty(\"serviceDid\", options.serviceDid);\n const lifetimeSeconds =\n options.lifetimeSeconds === undefined\n ? undefined\n : validateLifetimeSeconds(options.lifetimeSeconds, options.maxLifetimeSeconds);\n\n return {\n jti: options.jti,\n ...(lifetimeSeconds === undefined ? {} : { lifetime_seconds: String(lifetimeSeconds) }),\n op: options.command,\n service_did: options.serviceDid\n };\n}\n\nexport function createPlatformSignResponse(\n options: PlatformSignResponseOptions\n): PlatformSignResponse {\n assertUsableIdentity(options.identity);\n assertNonEmpty(\"clientAssertion\", options.clientAssertion);\n assertNonEmpty(\"jti\", options.jti);\n assertNonEmpty(\"serviceDid\", options.serviceDid);\n const issuedAt = toEpochSeconds(options.issuedAt ?? new Date());\n const lifetimeSeconds = validateLifetimeSeconds(\n options.lifetimeSeconds ?? defaultAssertionLifetimeSeconds,\n options.maxLifetimeSeconds\n );\n\n return {\n agent_did: options.identity.agentDid,\n client_assertion: options.clientAssertion,\n expires_at: epochSecondsToIso(issuedAt + lifetimeSeconds),\n issued_at: epochSecondsToIso(issuedAt),\n jti: options.jti,\n service_did: options.serviceDid\n };\n}\n\nexport function createPlatformVerificationRequest(\n options: PlatformVerificationRequestOptions\n): PlatformVerificationRequest {\n assertNonEmpty(\"clientAssertion\", options.clientAssertion);\n assertNonEmpty(\"serviceDid\", options.serviceDid);\n\n return {\n client_assertion: options.clientAssertion,\n op: options.command,\n service_did: options.serviceDid\n };\n}\n\nexport function createPlatformVerificationResponse(\n options: PlatformVerificationResponseOptions\n): PlatformVerificationResponse {\n assertNonEmpty(\"reason\", options.reason);\n assertNonEmpty(\"serviceDid\", options.serviceDid);\n\n return {\n ...(options.agentDid === undefined ? {} : { agent_did: options.agentDid }),\n ...(options.agentIdentityId === undefined\n ? {}\n : { agent_identity_id: options.agentIdentityId }),\n ...(options.command === undefined ? {} : { op: options.command }),\n reason: options.reason,\n service_did: options.serviceDid,\n ...(options.status === undefined ? {} : { status: options.status }),\n verified: options.verified\n };\n}\n\nexport function createAepPlatform(options: CreateAepPlatformOptions): AepPlatform {\n assertNonEmpty(\"didHost\", options.didHost);\n assertNonEmpty(\"didUrlTemplate\", options.didUrlTemplate);\n\n if (options.signingAlgorithms.length === 0) {\n throw new TypeError(\"signingAlgorithms must include at least one algorithm.\");\n }\n\n const clock = options.clock ?? (() => new Date());\n const idGenerator = options.idGenerator ?? randomPlatformId;\n const lifecyclePolicy = options.lifecyclePolicy ?? defaultLifecyclePolicy;\n const authorizer = options.authorizer ?? {};\n\n const discoveryDocument = createPlatformDiscoveryDocument({\n ...options.discovery,\n defaultLifetimeSeconds: options.defaultLifetimeSeconds ?? defaultAssertionLifetimeSeconds,\n didUrlTemplate: options.didUrlTemplate,\n signingAlgorithms: options.signingAlgorithms\n });\n\n return {\n discovery() {\n return ok(200, discoveryDocument);\n },\n\n async getDidDocument(agentIdentityId, context = {}) {\n const identity = await authorizedIdentity(\n agentIdentityId,\n authorizer,\n options.identityStore,\n context\n );\n\n if (identity === undefined) {\n return problem(404, \"not_recognized\", \"Identity not recognized.\");\n }\n\n const verificationMethod = await options.keyStore.didVerificationMethod(identity, context);\n\n return ok(\n 200,\n createManagedAgentDidDocument({\n identity: managedIdentityFromRecord(identity),\n verificationMethods: [verificationMethod]\n })\n );\n },\n\n async getIdentity(agentIdentityId, context = {}) {\n const identity = await authorizedIdentity(\n agentIdentityId,\n authorizer,\n options.identityStore,\n context\n );\n\n if (identity === undefined) {\n return problem(404, \"not_recognized\", \"Identity not recognized.\");\n }\n\n return ok(200, platformIdentityFromRecord(identity));\n },\n\n async list(query = {}, context = {}) {\n if ((await authorizer.authorizeList?.(context)) === false) {\n return problem(404, \"not_recognized\", \"Identity not recognized.\");\n }\n\n const result = await options.identityStore.list(query, context);\n\n return ok(\n 200,\n createPlatformAgentIdentityListResponse(\n result.identities.map(platformIdentityFromRecord),\n result.total\n )\n );\n },\n\n async provision(body, context = {}) {\n const request = parsePlatformProvisionRequestBody(body);\n\n if ((await authorizer.authorizeProvision?.(request, context)) === false) {\n return problem(404, \"not_recognized\", \"Identity not recognized.\");\n }\n\n if (!(await options.serviceDidResolver.resolve(request.service_did, context))) {\n return problem(400, \"invalid_request\", \"Service DID could not be resolved.\");\n }\n\n const requestHash = stableStringify(request);\n const existing = await options.idempotencyStore.get(request.idempotency_key, context);\n\n if (existing !== undefined) {\n if (existing.requestHash !== requestHash) {\n return problem(409, \"idempotency_conflict\", \"Idempotency key already used.\");\n }\n\n return ok(200, existing.response);\n }\n\n const generatedId = idGenerator();\n assertNonEmpty(\"generated identity id\", generatedId);\n const now = clock().toISOString();\n const agentDidId = generatedId;\n const agentDid = createServiceScopedAgentDid({\n agentDidId,\n host: options.didHost,\n pathPrefix: options.didPathPrefix ?? \"agents\"\n });\n const identity: PlatformIdentityRecord = {\n agentDid,\n agentDidId,\n agentIdentityId: generatedId.startsWith(\"pai_\") ? generatedId : `pai_${generatedId}`,\n createdAt: now,\n didDocumentUrl: renderDidUrlTemplate(options.didUrlTemplate, agentDidId),\n keyId: agentDid,\n serviceDid: request.service_did,\n signingAlgorithms: [...options.signingAlgorithms],\n status: \"active\",\n updatedAt: now\n };\n\n await options.keyStore.create(identity, context);\n await options.identityStore.create(identity, context);\n\n const response = platformIdentityFromRecord(identity);\n await options.idempotencyStore.set(\n {\n idempotencyKey: request.idempotency_key,\n requestHash,\n response\n },\n context\n );\n\n return ok(200, response);\n },\n\n async sign(agentIdentityId, body, context = {}) {\n const request = parsePlatformSignRequestBody(body);\n const identity = await authorizedIdentity(\n agentIdentityId,\n authorizer,\n options.identityStore,\n context\n );\n\n if (identity === undefined || identity.serviceDid !== request.service_did) {\n return problem(404, \"not_recognized\", \"Identity not recognized.\");\n }\n\n if (!(await lifecyclePolicy.canSign(identity, context))) {\n return problem(403, lifecycleProblemCode(identity.status), \"Identity cannot sign.\");\n }\n\n if (!(await options.serviceDidResolver.resolve(request.service_did, context))) {\n return problem(400, \"invalid_request\", \"Service DID could not be resolved.\");\n }\n\n const issuedAt = context.now ?? clock();\n const lifetimeSeconds =\n request.lifetime_seconds === undefined ? undefined : Number(request.lifetime_seconds);\n const managedIdentity = managedIdentityFromRecord(identity);\n const claims = createPlatformClientAssertionClaims({\n command: request.op,\n identity: managedIdentity,\n issuedAt,\n jti: request.jti,\n ...(options.maxLifetimeSeconds === undefined\n ? {}\n : { maxLifetimeSeconds: options.maxLifetimeSeconds }),\n serviceDid: request.service_did,\n ...(lifetimeSeconds === undefined ? {} : { lifetimeSeconds })\n });\n const clientAssertion = await options.keyStore.sign(identity, claims, context);\n\n return ok(\n 200,\n createPlatformSignResponse({\n clientAssertion,\n identity: managedIdentity,\n issuedAt,\n jti: request.jti,\n ...(options.maxLifetimeSeconds === undefined\n ? {}\n : { maxLifetimeSeconds: options.maxLifetimeSeconds }),\n serviceDid: request.service_did,\n ...(lifetimeSeconds === undefined ? {} : { lifetimeSeconds })\n })\n );\n },\n\n async updateIdentity(agentIdentityId, body, context = {}) {\n const request = parsePlatformLifecycleRequestBody(body);\n const identity = await authorizedIdentity(\n agentIdentityId,\n authorizer,\n options.identityStore,\n context\n );\n\n if (identity === undefined) {\n return problem(404, \"not_recognized\", \"Identity not recognized.\");\n }\n\n if (!(await lifecyclePolicy.canTransition(identity, request.status, context))) {\n return problem(\n 403,\n lifecycleProblemCode(identity.status),\n \"Lifecycle transition rejected.\"\n );\n }\n\n const updated = await options.identityStore.update(\n agentIdentityId,\n {\n status: request.status,\n updatedAt: clock().toISOString()\n },\n context\n );\n\n if (updated === undefined) {\n return problem(404, \"not_recognized\", \"Identity not recognized.\");\n }\n\n return ok(200, platformIdentityFromRecord(updated));\n },\n\n async verify(body, context = {}) {\n const request = parsePlatformVerificationRequestBody(body);\n\n try {\n const decoded = decodeJwtUnverified(request.client_assertion);\n const agentDid = requireString(decoded.payload, \"iss\");\n const subject = requireString(decoded.payload, \"sub\");\n const jti = requireString(decoded.payload, \"jti\");\n const expiresAt = requireNumber(decoded.payload, \"exp\");\n\n if (agentDid !== subject) {\n return ok(200, unrecognizedVerification(request, \"not_recognized\"));\n }\n\n const identity = await options.identityStore.findByAgentDid(agentDid, context);\n\n if (\n identity === undefined ||\n identity.serviceDid !== request.service_did ||\n !(await lifecyclePolicy.canVerify(identity, context))\n ) {\n return ok(200, unrecognizedVerification(request, \"not_recognized\"));\n }\n\n const claims = await verifyClientAssertionJwt(request.client_assertion, {\n algorithms: identity.signingAlgorithms,\n audience: request.service_did,\n currentDate: context.now ?? clock(),\n issuer: agentDid,\n key: await options.keyStore.verificationKey(identity, context),\n subject: agentDid\n });\n\n if (claims.op !== request.op) {\n return ok(200, unrecognizedVerification(request, \"not_recognized\"));\n }\n\n const replayKey = [request.service_did, request.op, agentDid, jti].join(\"\\u001f\");\n const consumed = await options.replayStore.consume(\n replayKey,\n new Date(expiresAt * 1000),\n context\n );\n\n if (!consumed) {\n return ok(200, unrecognizedVerification(request, \"not_recognized\"));\n }\n\n return ok(\n 200,\n createPlatformVerificationResponse({\n agentDid: identity.agentDid,\n agentIdentityId: identity.agentIdentityId,\n command: request.op,\n reason: \"verified\",\n serviceDid: request.service_did,\n status: identity.status,\n verified: true\n })\n );\n } catch {\n return ok(200, unrecognizedVerification(request, \"not_recognized\"));\n }\n }\n };\n}\n\nconst defaultLifecyclePolicy: PlatformLifecyclePolicy = {\n canSign(identity) {\n return identity.status === \"active\";\n },\n canTransition() {\n return true;\n },\n canVerify(identity) {\n return identity.status === \"active\";\n }\n};\n\nfunction ok<TBody>(status: number, body: TBody): PlatformHttpResponse<TBody> {\n return {\n body,\n contentType: AEP_MEDIA_TYPE,\n status\n };\n}\n\nfunction problem(\n status: number,\n code: AepProblemDetails[\"code\"],\n title: string\n): PlatformHttpResponse<AepProblemDetails> {\n return {\n body: createProblemDetails({\n code,\n status,\n title\n }),\n contentType: AEP_PROBLEM_MEDIA_TYPE,\n status\n };\n}\n\nasync function authorizedIdentity(\n agentIdentityId: string,\n authorizer: PlatformAuthorizer,\n store: PlatformIdentityStore,\n context: PlatformRequestContext\n): Promise<PlatformIdentityRecord | undefined> {\n const identity = await store.get(agentIdentityId, context);\n\n if (identity === undefined) {\n return undefined;\n }\n\n if ((await authorizer.authorizeIdentityAccess?.(identity, context)) === false) {\n return undefined;\n }\n\n return clonePlatformIdentityRecord(identity);\n}\n\nfunction platformIdentityFromRecord(identity: PlatformIdentityRecord): PlatformAgentIdentity {\n return {\n agent_did: identity.agentDid,\n agent_identity_id: identity.agentIdentityId,\n created_at: identity.createdAt,\n did_document_url: identity.didDocumentUrl,\n key_id: identity.keyId,\n service_did: identity.serviceDid,\n signing_algorithms: [...identity.signingAlgorithms],\n status: identity.status,\n updated_at: identity.updatedAt\n };\n}\n\nfunction managedIdentityFromRecord(identity: PlatformIdentityRecord): ManagedAgentIdentity {\n return {\n agentDid: identity.agentDid,\n createdAt: identity.createdAt,\n metadata: {\n agent_did_id: identity.agentDidId,\n agent_identity_id: identity.agentIdentityId,\n did_document_url: identity.didDocumentUrl,\n key_id: identity.keyId,\n service_did: identity.serviceDid\n },\n status: identity.status,\n updatedAt: identity.updatedAt\n };\n}\n\nfunction clonePlatformIdentityRecord(identity: PlatformIdentityRecord): PlatformIdentityRecord {\n return {\n ...identity,\n signingAlgorithms: [...identity.signingAlgorithms]\n };\n}\n\nfunction parsePlatformProvisionRequestBody(value: unknown): PlatformProvisionRequest {\n const body = requireRecord(value, \"Platform provision request\");\n\n return createPlatformProvisionRequest({\n idempotencyKey: requireString(body, \"idempotency_key\"),\n serviceDid: requireString(body, \"service_did\")\n });\n}\n\nfunction parsePlatformLifecycleRequestBody(value: unknown): PlatformLifecycleRequest {\n const body = requireRecord(value, \"Platform lifecycle request\");\n const status = requireString(body, \"status\");\n\n if (!isManagedAgentStatus(status)) {\n throw new TypeError(\"status must be a supported managed Agent status.\");\n }\n\n return createPlatformLifecycleRequest({ status });\n}\n\nfunction parsePlatformSignRequestBody(value: unknown): PlatformSignRequest {\n const body = requireRecord(value, \"Platform sign request\");\n const command = requireString(body, \"op\");\n\n if (!isAuthenticatedCommand(command)) {\n throw new TypeError(\"op must be an AEP authenticated command.\");\n }\n\n const lifetimeSeconds =\n body[\"lifetime_seconds\"] === undefined ? undefined : requireString(body, \"lifetime_seconds\");\n\n return createPlatformSignRequest({\n command,\n jti: requireString(body, \"jti\"),\n serviceDid: requireString(body, \"service_did\"),\n ...(lifetimeSeconds === undefined ? {} : { lifetimeSeconds: Number(lifetimeSeconds) })\n });\n}\n\nfunction parsePlatformVerificationRequestBody(value: unknown): PlatformVerificationRequest {\n const body = requireRecord(value, \"Platform verification request\");\n const command = requireString(body, \"op\");\n\n if (!isAuthenticatedCommand(command)) {\n throw new TypeError(\"op must be an AEP authenticated command.\");\n }\n\n return createPlatformVerificationRequest({\n clientAssertion: requireString(body, \"client_assertion\"),\n command,\n serviceDid: requireString(body, \"service_did\")\n });\n}\n\nfunction unrecognizedVerification(\n request: PlatformVerificationRequest,\n reason: string\n): PlatformVerificationResponse {\n return createPlatformVerificationResponse({\n reason,\n serviceDid: request.service_did,\n verified: false\n });\n}\n\nfunction renderDidUrlTemplate(template: string, agentDidId: string): string {\n if (!template.includes(\"{agent_did_id}\")) {\n throw new TypeError(\"didUrlTemplate must include {agent_did_id}.\");\n }\n\n return template.replace(\"{agent_did_id}\", encodeURIComponent(agentDidId));\n}\n\nfunction lifecycleProblemCode(status: ManagedAgentStatus): AepProblemDetails[\"code\"] {\n if (status === \"terminated\") {\n return \"identity_terminated\";\n }\n\n if (status === \"suspended\" || status === \"revoked\") {\n return \"identity_suspended\";\n }\n\n return \"identity_unavailable\";\n}\n\nfunction stableStringify(value: unknown): string {\n if (Array.isArray(value)) {\n return `[${value.map(stableStringify).join(\",\")}]`;\n }\n\n if (typeof value === \"object\" && value !== null) {\n return `{${Object.entries(value)\n .sort(([left], [right]) => left.localeCompare(right))\n .map(([key, item]) => `${JSON.stringify(key)}:${stableStringify(item)}`)\n .join(\",\")}}`;\n }\n\n return JSON.stringify(value);\n}\n\nfunction randomPlatformId(): string {\n return globalThis.crypto.randomUUID().replaceAll(\"-\", \"\");\n}\n\nfunction requireRecord(value: unknown, label: string): Record<string, unknown> {\n if (typeof value !== \"object\" || value === null || Array.isArray(value)) {\n throw new TypeError(`${label} must be an object.`);\n }\n\n return value as Record<string, unknown>;\n}\n\nfunction requireString(record: Record<string, unknown>, key: string): string {\n const value = record[key];\n\n if (typeof value !== \"string\" || value.trim().length === 0) {\n throw new TypeError(`${key} must be a non-empty string.`);\n }\n\n return value;\n}\n\nfunction requireNumber(record: Record<string, unknown>, key: string): number {\n const value = record[key];\n\n if (typeof value !== \"number\" || !Number.isInteger(value)) {\n throw new TypeError(`${key} must be an integer.`);\n }\n\n return value;\n}\n\nfunction isAuthenticatedCommand(value: string): value is AepAuthenticatedCommand {\n return value === \"enroll\" || value === \"grant\" || value === \"revoke\" || value === \"status\";\n}\n\nfunction isManagedAgentStatus(value: string): value is ManagedAgentStatus {\n return (\n value === \"active\" || value === \"revoked\" || value === \"suspended\" || value === \"terminated\"\n );\n}\n\nfunction assertUsableIdentity(identity: ManagedAgentIdentity): void {\n assertNonEmpty(\"agentDid\", identity.agentDid);\n\n if (identity.status !== \"active\") {\n throw new Error(`Managed Agent identity is not active: ${identity.agentDid}.`);\n }\n}\n\nfunction assertNonEmpty(label: string, value: string): void {\n if (value.trim().length === 0) {\n throw new TypeError(`${label} must be a non-empty string.`);\n }\n}\n\nfunction cloneManagedAgentIdentity(identity: ManagedAgentIdentity): ManagedAgentIdentity {\n return {\n ...identity,\n metadata: cloneRecord(identity.metadata)\n };\n}\n\nfunction cloneRecord(record: Record<string, unknown>): Record<string, unknown> {\n return structuredClone(record);\n}\n\nfunction toEpochSeconds(value: Date | number): number {\n const epochSeconds = typeof value === \"number\" ? value : Math.floor(value.getTime() / 1000);\n\n if (!Number.isInteger(epochSeconds) || epochSeconds < 0) {\n throw new TypeError(\"issuedAt must resolve to a non-negative epoch second.\");\n }\n\n return epochSeconds;\n}\n\nfunction epochSecondsToIso(value: number): string {\n return new Date(value * 1000).toISOString();\n}\n\nfunction validateLifetimeSeconds(\n lifetimeSeconds: number,\n maxLifetimeSeconds = defaultAssertionLifetimeSeconds\n): number {\n if (!Number.isInteger(lifetimeSeconds) || lifetimeSeconds <= 0) {\n throw new TypeError(\"lifetimeSeconds must be a positive integer.\");\n }\n\n if (!Number.isInteger(maxLifetimeSeconds) || maxLifetimeSeconds <= 0) {\n throw new TypeError(\"maxLifetimeSeconds must be a positive integer.\");\n }\n\n if (lifetimeSeconds > maxLifetimeSeconds) {\n throw new TypeError(\"lifetimeSeconds must not exceed maxLifetimeSeconds.\");\n }\n\n return lifetimeSeconds;\n}\n\nfunction createDidVerificationMethod(\n agentDid: string,\n method: ManagedAgentDidVerificationMethodOptions,\n index: number\n): DidVerificationMethod {\n const id = method.id ?? `${agentDid}#key-${index + 1}`;\n const controller = method.controller ?? agentDid;\n const methodBody = { ...method };\n delete methodBody.relationships;\n\n assertNonEmpty(\"verification method id\", id);\n assertNonEmpty(\"verification method type\", method.type);\n assertNonEmpty(\"verification method controller\", controller);\n\n return {\n ...structuredClone(methodBody),\n controller,\n id,\n type: method.type\n };\n}\n\nfunction cloneDidService(service: DidService): DidService {\n return structuredClone(service);\n}\n\nfunction relationshipNames(): DidVerificationRelationship[] {\n return [\n \"authentication\",\n \"assertionMethod\",\n \"capabilityInvocation\",\n \"capabilityDelegation\",\n \"keyAgreement\"\n ];\n}\n\nfunction preferredSigningAlgorithm(algorithms: AepSigningAlgorithm[]): AepSigningAlgorithm {\n const algorithm = algorithms.find((candidate) => candidate === \"ES256\" || candidate === \"EdDSA\");\n\n if (algorithm === undefined) {\n throw new TypeError(\"No supported AEP JOSE signing algorithm is available.\");\n }\n\n return algorithm;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAQO;AASA,IAAM,cAAc;AACpB,IAAM,8BAA8B;AAEpC,IAAM,kCAAkC;AA4gBxC,IAAM,+BAAN,MAAmE;AAAA,EAC/D,cAAc,oBAAI,IAAkC;AAAA,EAE7D,YAAY,aAAqC,CAAC,GAAG;AACnD,eAAW,QAAQ,CAAC,aAAa,KAAK,OAAO,QAAQ,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,UAAoD;AACtD,UAAM,WAAW,KAAK,YAAY,IAAI,QAAQ;AAC9C,WAAO,aAAa,SAAY,SAAY,0BAA0B,QAAQ;AAAA,EAChF;AAAA,EAEA,KAAK,SAAiC,CAAC,GAA2B;AAChE,WAAO,MAAM,KAAK,KAAK,YAAY,OAAO,CAAC,EACxC;AAAA,MACC,CAAC,aAAa,OAAO,cAAc,UAAa,SAAS,cAAc,OAAO;AAAA,IAChF,EACC,OAAO,CAAC,aAAa,OAAO,WAAW,UAAa,SAAS,WAAW,OAAO,MAAM,EACrF,OAAO,CAAC,aAAa,OAAO,aAAa,UAAa,SAAS,aAAa,OAAO,QAAQ,EAC3F,IAAI,yBAAyB;AAAA,EAClC;AAAA,EAEA,OAAO,UAA2B;AAChC,WAAO,KAAK,YAAY,OAAO,QAAQ;AAAA,EACzC;AAAA,EAEA,UAAU,UAAkB,QAAkD;AAC5E,UAAM,WAAW,KAAK,YAAY,IAAI,QAAQ;AAE9C,QAAI,aAAa,QAAW;AAC1B,YAAM,IAAI,MAAM,qCAAqC,QAAQ,GAAG;AAAA,IAClE;AAEA,UAAM,UAAU;AAAA,MACd,GAAG;AAAA,MACH;AAAA,MACA,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC;AAEA,SAAK,YAAY,IAAI,UAAU,OAAO;AACtC,WAAO,0BAA0B,OAAO;AAAA,EAC1C;AAAA,EAEA,OAAO,UAAsD;AAC3D,mBAAe,YAAY,SAAS,QAAQ;AAC5C,UAAM,SAAS,0BAA0B,QAAQ;AACjD,SAAK,YAAY,IAAI,OAAO,UAAU,MAAM;AAC5C,WAAO,0BAA0B,MAAM;AAAA,EACzC;AACF;AAEO,SAAS,2BACd,SACsB;AACtB,iBAAe,YAAY,QAAQ,QAAQ;AAC3C,QAAM,OAAO,QAAQ,UAAU,MAAM,oBAAI,KAAK,IAAI,EAAE,YAAY;AAEhE,SAAO;AAAA,IACL,UAAU,QAAQ;AAAA,IAClB,WAAW;AAAA,IACX,UAAU,gBAAgB,QAAQ,YAAY,CAAC,CAAC;AAAA,IAChD,QAAQ,QAAQ,UAAU;AAAA,IAC1B,WAAW;AAAA,IACX,GAAI,QAAQ,cAAc,SAAY,CAAC,IAAI,EAAE,WAAW,QAAQ,UAAU;AAAA,IAC1E,GAAI,QAAQ,eAAe,SAAY,CAAC,IAAI,EAAE,YAAY,QAAQ,WAAW;AAAA,IAC7E,GAAI,QAAQ,aAAa,SAAY,CAAC,IAAI,EAAE,UAAU,QAAQ,SAAS;AAAA,EACzE;AACF;AAEO,SAAS,2BACd,UACA,QACA,QAAoB,MAAM,oBAAI,KAAK,GACb;AACtB,SAAO;AAAA,IACL,GAAG,0BAA0B,QAAQ;AAAA,IACrC,GAAG;AAAA,IACH,UACE,OAAO,aAAa,SAChB,YAAY,SAAS,QAAQ,IAC7B;AAAA,MACE,GAAG,YAAY,SAAS,QAAQ;AAAA,MAChC,GAAG,YAAY,OAAO,QAAQ;AAAA,IAChC;AAAA,IACN,WAAW,MAAM,EAAE,YAAY;AAAA,EACjC;AACF;AAEO,SAAS,gCACd,SAC2B;AAC3B,iBAAe,kBAAkB,QAAQ,cAAc;AACvD,iBAAe,gBAAgB,QAAQ,YAAY;AACnD,iBAAe,sBAAsB,QAAQ,UAAU,SAAS;AAChE,iBAAe,iBAAiB,QAAQ,UAAU,IAAI;AACtD,iBAAe,gBAAgB,QAAQ,YAAY;AACnD,iBAAe,sBAAsB,QAAQ,UAAU,SAAS;AAChE,iBAAe,iBAAiB,QAAQ,UAAU,IAAI;AACtD,QAAM,yBAAyB,QAAQ,0BAA0B;AACjE,0BAAwB,wBAAwB,QAAQ,kBAAkB;AAE1E,MAAI,QAAQ,kBAAkB,WAAW,GAAG;AAC1C,UAAM,IAAI,UAAU,wDAAwD;AAAA,EAC9E;AAEA,QAAM,aAAa,CAAC,GAAI,QAAQ,cAAc,CAAC,SAAS,CAAE;AAE1D,MAAI,WAAW,WAAW,GAAG;AAC3B,UAAM,IAAI,UAAU,kDAAkD;AAAA,EACxE;AAEA,SAAO;AAAA,IACL,aAAa,QAAQ,cAAc;AAAA,IACnC,WAAW;AAAA,MACT,GAAI,QAAQ,UAAU,uBAAuB,SACzC,CAAC,IACD,EAAE,qBAAqB,QAAQ,UAAU,mBAAmB;AAAA,MAChE,WAAW,QAAQ,UAAU;AAAA,MAC7B,MAAM,QAAQ,UAAU;AAAA,MACxB,WAAW,QAAQ,UAAU;AAAA,MAC7B,MAAM,QAAQ,UAAU;AAAA,IAC1B;AAAA,IACA,MAAM;AAAA,MACJ,eAAe,QAAQ;AAAA,IACzB;AAAA,IACA,UAAU;AAAA,MACR,aAAa;AAAA,MACb,kBAAkB,QAAQ;AAAA,IAC5B;AAAA,IACA,UAAU;AAAA,MACR,GAAI,QAAQ,gBAAgB,SAAY,CAAC,IAAI,EAAE,KAAK,QAAQ,YAAY;AAAA,MACxE,qBAAqB,QAAQ,sBAAsB;AAAA,MACnD,MAAM,QAAQ;AAAA,IAChB;AAAA,IACA,SAAS;AAAA,MACP,YAAY,CAAC,GAAG,QAAQ,iBAAiB;AAAA,MACzC,0BAA0B,OAAO,sBAAsB;AAAA,IACzD;AAAA,EACF;AACF;AAEO,SAAS,4BAA4B,SAA+C;AACzF,iBAAe,cAAc,QAAQ,UAAU;AAC/C,iBAAe,QAAQ,QAAQ,IAAI;AACnC,QAAM,cAAc,mBAAmB,QAAQ,IAAI;AACnD,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,YAAY,WACf,MAAM,GAAG,EACT,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC,EAChC,IAAI,CAAC,SAAS,mBAAmB,IAAI,CAAC;AAEzC,SAAO,CAAC,WAAW,aAAa,GAAG,WAAW,mBAAmB,QAAQ,UAAU,CAAC,EAAE,KAAK,GAAG;AAChG;AAEO,SAAS,4BACd,SACuB;AACvB,iBAAe,YAAY,QAAQ,QAAQ;AAC3C,iBAAe,mBAAmB,QAAQ,eAAe;AACzD,iBAAe,cAAc,QAAQ,UAAU;AAE/C,MAAI,QAAQ,kBAAkB,WAAW,GAAG;AAC1C,UAAM,IAAI,UAAU,wDAAwD;AAAA,EAC9E;AAEA,QAAM,OAAO,QAAQ,UAAU,MAAM,oBAAI,KAAK,IAAI,EAAE,YAAY;AAChE,QAAM,QAAQ,QAAQ,SAAS,QAAQ;AAEvC,SAAO;AAAA,IACL,WAAW,QAAQ;AAAA,IACnB,mBAAmB,QAAQ;AAAA,IAC3B,YAAY;AAAA,IACZ,kBAAkB,QAAQ,sBAAkB,+BAAkB,QAAQ,QAAQ,EAAE,SAAS;AAAA,IACzF,QAAQ;AAAA,IACR,aAAa,QAAQ;AAAA,IACrB,oBAAoB,CAAC,GAAG,QAAQ,iBAAiB;AAAA,IACjD,QAAQ,QAAQ,UAAU;AAAA,IAC1B,YAAY;AAAA,EACd;AACF;AAEO,SAAS,wCACd,YACA,QAAQ,WAAW,QACgB;AACnC,SAAO;AAAA,IACL,OAAO,OAAO,WAAW,MAAM;AAAA,IAC/B,MAAM,WAAW,IAAI,CAAC,aAAa,gBAAgB,QAAQ,CAAC;AAAA,IAC5D,OAAO,OAAO,KAAK;AAAA,EACrB;AACF;AAEO,SAAS,+BACd,SAC0B;AAC1B,SAAO;AAAA,IACL,QAAQ,QAAQ;AAAA,EAClB;AACF;AAEO,SAAS,+BACd,SAC0B;AAC1B,iBAAe,kBAAkB,QAAQ,cAAc;AACvD,iBAAe,cAAc,QAAQ,UAAU;AAE/C,SAAO;AAAA,IACL,iBAAiB,QAAQ;AAAA,IACzB,aAAa,QAAQ;AAAA,EACvB;AACF;AAEO,SAAS,4BACd,SACuB;AACvB,uBAAqB,QAAQ,QAAQ;AACrC,iBAAe,kBAAkB,QAAQ,cAAc;AAEvD,SAAO;AAAA,IACL,WAAW,QAAQ,SAAS;AAAA,IAC5B,GAAI,QAAQ,WAAW,SAAY,CAAC,IAAI,EAAE,QAAQ,YAAY,QAAQ,MAAM,EAAE;AAAA,IAC9E,iBAAiB,QAAQ;AAAA,EAC3B;AACF;AAEO,SAAS,oCACd,SAC0B;AAC1B,uBAAqB,QAAQ,QAAQ;AACrC,iBAAe,cAAc,QAAQ,UAAU;AAC/C,iBAAe,OAAO,QAAQ,GAAG;AAEjC,QAAM,WAAW,eAAe,QAAQ,YAAY,oBAAI,KAAK,CAAC;AAC9D,QAAM,kBAAkB;AAAA,IACtB,QAAQ,mBAAmB;AAAA,IAC3B,QAAQ;AAAA,EACV;AAEA,SAAO;AAAA,IACL,KAAK,QAAQ;AAAA,IACb,KAAK,WAAW;AAAA,IAChB,KAAK;AAAA,IACL,KAAK,QAAQ,SAAS;AAAA,IACtB,KAAK,QAAQ;AAAA,IACb,IAAI,QAAQ;AAAA,IACZ,KAAK,QAAQ,SAAS;AAAA,EACxB;AACF;AAEO,SAAS,8BACd,SACa;AACb,uBAAqB,QAAQ,QAAQ;AAErC,MAAI,QAAQ,oBAAoB,WAAW,GAAG;AAC5C,UAAM,IAAI,UAAU,uDAAuD;AAAA,EAC7E;AAEA,QAAM,WAAwB;AAAA,IAC5B,YAAY,CAAC,gCAAgC,GAAI,QAAQ,sBAAsB,CAAC,CAAE;AAAA,IAClF,IAAI,QAAQ,SAAS;AAAA,IACrB,GAAI,QAAQ,eAAe,SAAY,CAAC,IAAI,EAAE,YAAY,QAAQ,WAAW;AAAA,IAC7E,oBAAoB,QAAQ,oBAAoB;AAAA,MAAI,CAAC,QAAQ,UAC3D,4BAA4B,QAAQ,SAAS,UAAU,QAAQ,KAAK;AAAA,IACtE;AAAA,IACA,GAAI,QAAQ,YAAY,SAAY,CAAC,IAAI,EAAE,SAAS,QAAQ,QAAQ,IAAI,eAAe,EAAE;AAAA,EAC3F;AAEA,aAAW,gBAAgB,kBAAkB,GAAG;AAC9C,UAAM,YAAY,SAAS,oBACvB;AAAA,MAAO,CAAC,QAAQ,WACf,QAAQ,oBAAoB,KAAK,GAAG,iBAAiB,CAAC,gBAAgB,GAAG;AAAA,QACxE;AAAA,MACF;AAAA,IACF,EACC,IAAI,CAAC,WAAW,OAAO,EAAE;AAE5B,QAAI,cAAc,UAAa,UAAU,SAAS,GAAG;AACnD,eAAS,YAAY,IAAI;AAAA,IAC3B;AAAA,EACF;AAEA,SAAO;AACT;AAEA,eAAsB,+BACpB,SACiC;AACjC,QAAM,WAAW,8BAA8B,OAAO;AAEtD,SAAO,QAAQ,UAAU,QAAQ,QAAQ;AAC3C;AAEO,SAAS,iCACd,SACyB;AACzB,SAAO,CAAC,QAAQ,gBACd,oCAAuB,QAAQ;AAAA,IAC7B,KAAK,QAAQ,OAAO,0BAA0B,QAAQ,iBAAiB;AAAA,IACvE,KAAK,QAAQ;AAAA,IACb,GAAI,QAAQ,QAAQ,SAAY,CAAC,IAAI,EAAE,KAAK,QAAQ,IAAI;AAAA,IACxD,GAAI,QAAQ,QAAQ,SAAY,CAAC,IAAI,EAAE,KAAK,QAAQ,IAAI;AAAA,EAC1D,CAAC;AACL;AAEA,eAAsB,4BACpB,SACiB;AACjB,QAAM,SAAS,oCAAoC,OAAO;AAE1D,SAAO,QAAQ,OAAO,QAAQ;AAAA,IAC5B,UAAU,QAAQ;AAAA,IAClB,mBAAmB,CAAC,GAAI,QAAQ,qBAAqB,CAAC,SAAS,OAAO,CAAE;AAAA,EAC1E,CAAC;AACH;AAEO,SAAS,0BACd,SACqB;AACrB,iBAAe,OAAO,QAAQ,GAAG;AACjC,iBAAe,cAAc,QAAQ,UAAU;AAC/C,QAAM,kBACJ,QAAQ,oBAAoB,SACxB,SACA,wBAAwB,QAAQ,iBAAiB,QAAQ,kBAAkB;AAEjF,SAAO;AAAA,IACL,KAAK,QAAQ;AAAA,IACb,GAAI,oBAAoB,SAAY,CAAC,IAAI,EAAE,kBAAkB,OAAO,eAAe,EAAE;AAAA,IACrF,IAAI,QAAQ;AAAA,IACZ,aAAa,QAAQ;AAAA,EACvB;AACF;AAEO,SAAS,2BACd,SACsB;AACtB,uBAAqB,QAAQ,QAAQ;AACrC,iBAAe,mBAAmB,QAAQ,eAAe;AACzD,iBAAe,OAAO,QAAQ,GAAG;AACjC,iBAAe,cAAc,QAAQ,UAAU;AAC/C,QAAM,WAAW,eAAe,QAAQ,YAAY,oBAAI,KAAK,CAAC;AAC9D,QAAM,kBAAkB;AAAA,IACtB,QAAQ,mBAAmB;AAAA,IAC3B,QAAQ;AAAA,EACV;AAEA,SAAO;AAAA,IACL,WAAW,QAAQ,SAAS;AAAA,IAC5B,kBAAkB,QAAQ;AAAA,IAC1B,YAAY,kBAAkB,WAAW,eAAe;AAAA,IACxD,WAAW,kBAAkB,QAAQ;AAAA,IACrC,KAAK,QAAQ;AAAA,IACb,aAAa,QAAQ;AAAA,EACvB;AACF;AAEO,SAAS,kCACd,SAC6B;AAC7B,iBAAe,mBAAmB,QAAQ,eAAe;AACzD,iBAAe,cAAc,QAAQ,UAAU;AAE/C,SAAO;AAAA,IACL,kBAAkB,QAAQ;AAAA,IAC1B,IAAI,QAAQ;AAAA,IACZ,aAAa,QAAQ;AAAA,EACvB;AACF;AAEO,SAAS,mCACd,SAC8B;AAC9B,iBAAe,UAAU,QAAQ,MAAM;AACvC,iBAAe,cAAc,QAAQ,UAAU;AAE/C,SAAO;AAAA,IACL,GAAI,QAAQ,aAAa,SAAY,CAAC,IAAI,EAAE,WAAW,QAAQ,SAAS;AAAA,IACxE,GAAI,QAAQ,oBAAoB,SAC5B,CAAC,IACD,EAAE,mBAAmB,QAAQ,gBAAgB;AAAA,IACjD,GAAI,QAAQ,YAAY,SAAY,CAAC,IAAI,EAAE,IAAI,QAAQ,QAAQ;AAAA,IAC/D,QAAQ,QAAQ;AAAA,IAChB,aAAa,QAAQ;AAAA,IACrB,GAAI,QAAQ,WAAW,SAAY,CAAC,IAAI,EAAE,QAAQ,QAAQ,OAAO;AAAA,IACjE,UAAU,QAAQ;AAAA,EACpB;AACF;AAEO,SAAS,kBAAkB,SAAgD;AAChF,iBAAe,WAAW,QAAQ,OAAO;AACzC,iBAAe,kBAAkB,QAAQ,cAAc;AAEvD,MAAI,QAAQ,kBAAkB,WAAW,GAAG;AAC1C,UAAM,IAAI,UAAU,wDAAwD;AAAA,EAC9E;AAEA,QAAM,QAAQ,QAAQ,UAAU,MAAM,oBAAI,KAAK;AAC/C,QAAM,cAAc,QAAQ,eAAe;AAC3C,QAAM,kBAAkB,QAAQ,mBAAmB;AACnD,QAAM,aAAa,QAAQ,cAAc,CAAC;AAE1C,QAAM,oBAAoB,gCAAgC;AAAA,IACxD,GAAG,QAAQ;AAAA,IACX,wBAAwB,QAAQ,0BAA0B;AAAA,IAC1D,gBAAgB,QAAQ;AAAA,IACxB,mBAAmB,QAAQ;AAAA,EAC7B,CAAC;AAED,SAAO;AAAA,IACL,YAAY;AACV,aAAO,GAAG,KAAK,iBAAiB;AAAA,IAClC;AAAA,IAEA,MAAM,eAAe,iBAAiB,UAAU,CAAC,GAAG;AAClD,YAAM,WAAW,MAAM;AAAA,QACrB;AAAA,QACA;AAAA,QACA,QAAQ;AAAA,QACR;AAAA,MACF;AAEA,UAAI,aAAa,QAAW;AAC1B,eAAO,QAAQ,KAAK,kBAAkB,0BAA0B;AAAA,MAClE;AAEA,YAAM,qBAAqB,MAAM,QAAQ,SAAS,sBAAsB,UAAU,OAAO;AAEzF,aAAO;AAAA,QACL;AAAA,QACA,8BAA8B;AAAA,UAC5B,UAAU,0BAA0B,QAAQ;AAAA,UAC5C,qBAAqB,CAAC,kBAAkB;AAAA,QAC1C,CAAC;AAAA,MACH;AAAA,IACF;AAAA,IAEA,MAAM,YAAY,iBAAiB,UAAU,CAAC,GAAG;AAC/C,YAAM,WAAW,MAAM;AAAA,QACrB;AAAA,QACA;AAAA,QACA,QAAQ;AAAA,QACR;AAAA,MACF;AAEA,UAAI,aAAa,QAAW;AAC1B,eAAO,QAAQ,KAAK,kBAAkB,0BAA0B;AAAA,MAClE;AAEA,aAAO,GAAG,KAAK,2BAA2B,QAAQ,CAAC;AAAA,IACrD;AAAA,IAEA,MAAM,KAAK,QAAQ,CAAC,GAAG,UAAU,CAAC,GAAG;AACnC,UAAK,MAAM,WAAW,gBAAgB,OAAO,MAAO,OAAO;AACzD,eAAO,QAAQ,KAAK,kBAAkB,0BAA0B;AAAA,MAClE;AAEA,YAAM,SAAS,MAAM,QAAQ,cAAc,KAAK,OAAO,OAAO;AAE9D,aAAO;AAAA,QACL;AAAA,QACA;AAAA,UACE,OAAO,WAAW,IAAI,0BAA0B;AAAA,UAChD,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAAA,IAEA,MAAM,UAAU,MAAM,UAAU,CAAC,GAAG;AAClC,YAAM,UAAU,kCAAkC,IAAI;AAEtD,UAAK,MAAM,WAAW,qBAAqB,SAAS,OAAO,MAAO,OAAO;AACvE,eAAO,QAAQ,KAAK,kBAAkB,0BAA0B;AAAA,MAClE;AAEA,UAAI,CAAE,MAAM,QAAQ,mBAAmB,QAAQ,QAAQ,aAAa,OAAO,GAAI;AAC7E,eAAO,QAAQ,KAAK,mBAAmB,oCAAoC;AAAA,MAC7E;AAEA,YAAM,cAAc,gBAAgB,OAAO;AAC3C,YAAM,WAAW,MAAM,QAAQ,iBAAiB,IAAI,QAAQ,iBAAiB,OAAO;AAEpF,UAAI,aAAa,QAAW;AAC1B,YAAI,SAAS,gBAAgB,aAAa;AACxC,iBAAO,QAAQ,KAAK,wBAAwB,+BAA+B;AAAA,QAC7E;AAEA,eAAO,GAAG,KAAK,SAAS,QAAQ;AAAA,MAClC;AAEA,YAAM,cAAc,YAAY;AAChC,qBAAe,yBAAyB,WAAW;AACnD,YAAM,MAAM,MAAM,EAAE,YAAY;AAChC,YAAM,aAAa;AACnB,YAAM,WAAW,4BAA4B;AAAA,QAC3C;AAAA,QACA,MAAM,QAAQ;AAAA,QACd,YAAY,QAAQ,iBAAiB;AAAA,MACvC,CAAC;AACD,YAAM,WAAmC;AAAA,QACvC;AAAA,QACA;AAAA,QACA,iBAAiB,YAAY,WAAW,MAAM,IAAI,cAAc,OAAO,WAAW;AAAA,QAClF,WAAW;AAAA,QACX,gBAAgB,qBAAqB,QAAQ,gBAAgB,UAAU;AAAA,QACvE,OAAO;AAAA,QACP,YAAY,QAAQ;AAAA,QACpB,mBAAmB,CAAC,GAAG,QAAQ,iBAAiB;AAAA,QAChD,QAAQ;AAAA,QACR,WAAW;AAAA,MACb;AAEA,YAAM,QAAQ,SAAS,OAAO,UAAU,OAAO;AAC/C,YAAM,QAAQ,cAAc,OAAO,UAAU,OAAO;AAEpD,YAAM,WAAW,2BAA2B,QAAQ;AACpD,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,UACE,gBAAgB,QAAQ;AAAA,UACxB;AAAA,UACA;AAAA,QACF;AAAA,QACA;AAAA,MACF;AAEA,aAAO,GAAG,KAAK,QAAQ;AAAA,IACzB;AAAA,IAEA,MAAM,KAAK,iBAAiB,MAAM,UAAU,CAAC,GAAG;AAC9C,YAAM,UAAU,6BAA6B,IAAI;AACjD,YAAM,WAAW,MAAM;AAAA,QACrB;AAAA,QACA;AAAA,QACA,QAAQ;AAAA,QACR;AAAA,MACF;AAEA,UAAI,aAAa,UAAa,SAAS,eAAe,QAAQ,aAAa;AACzE,eAAO,QAAQ,KAAK,kBAAkB,0BAA0B;AAAA,MAClE;AAEA,UAAI,CAAE,MAAM,gBAAgB,QAAQ,UAAU,OAAO,GAAI;AACvD,eAAO,QAAQ,KAAK,qBAAqB,SAAS,MAAM,GAAG,uBAAuB;AAAA,MACpF;AAEA,UAAI,CAAE,MAAM,QAAQ,mBAAmB,QAAQ,QAAQ,aAAa,OAAO,GAAI;AAC7E,eAAO,QAAQ,KAAK,mBAAmB,oCAAoC;AAAA,MAC7E;AAEA,YAAM,WAAW,QAAQ,OAAO,MAAM;AACtC,YAAM,kBACJ,QAAQ,qBAAqB,SAAY,SAAY,OAAO,QAAQ,gBAAgB;AACtF,YAAM,kBAAkB,0BAA0B,QAAQ;AAC1D,YAAM,SAAS,oCAAoC;AAAA,QACjD,SAAS,QAAQ;AAAA,QACjB,UAAU;AAAA,QACV;AAAA,QACA,KAAK,QAAQ;AAAA,QACb,GAAI,QAAQ,uBAAuB,SAC/B,CAAC,IACD,EAAE,oBAAoB,QAAQ,mBAAmB;AAAA,QACrD,YAAY,QAAQ;AAAA,QACpB,GAAI,oBAAoB,SAAY,CAAC,IAAI,EAAE,gBAAgB;AAAA,MAC7D,CAAC;AACD,YAAM,kBAAkB,MAAM,QAAQ,SAAS,KAAK,UAAU,QAAQ,OAAO;AAE7E,aAAO;AAAA,QACL;AAAA,QACA,2BAA2B;AAAA,UACzB;AAAA,UACA,UAAU;AAAA,UACV;AAAA,UACA,KAAK,QAAQ;AAAA,UACb,GAAI,QAAQ,uBAAuB,SAC/B,CAAC,IACD,EAAE,oBAAoB,QAAQ,mBAAmB;AAAA,UACrD,YAAY,QAAQ;AAAA,UACpB,GAAI,oBAAoB,SAAY,CAAC,IAAI,EAAE,gBAAgB;AAAA,QAC7D,CAAC;AAAA,MACH;AAAA,IACF;AAAA,IAEA,MAAM,eAAe,iBAAiB,MAAM,UAAU,CAAC,GAAG;AACxD,YAAM,UAAU,kCAAkC,IAAI;AACtD,YAAM,WAAW,MAAM;AAAA,QACrB;AAAA,QACA;AAAA,QACA,QAAQ;AAAA,QACR;AAAA,MACF;AAEA,UAAI,aAAa,QAAW;AAC1B,eAAO,QAAQ,KAAK,kBAAkB,0BAA0B;AAAA,MAClE;AAEA,UAAI,CAAE,MAAM,gBAAgB,cAAc,UAAU,QAAQ,QAAQ,OAAO,GAAI;AAC7E,eAAO;AAAA,UACL;AAAA,UACA,qBAAqB,SAAS,MAAM;AAAA,UACpC;AAAA,QACF;AAAA,MACF;AAEA,YAAM,UAAU,MAAM,QAAQ,cAAc;AAAA,QAC1C;AAAA,QACA;AAAA,UACE,QAAQ,QAAQ;AAAA,UAChB,WAAW,MAAM,EAAE,YAAY;AAAA,QACjC;AAAA,QACA;AAAA,MACF;AAEA,UAAI,YAAY,QAAW;AACzB,eAAO,QAAQ,KAAK,kBAAkB,0BAA0B;AAAA,MAClE;AAEA,aAAO,GAAG,KAAK,2BAA2B,OAAO,CAAC;AAAA,IACpD;AAAA,IAEA,MAAM,OAAO,MAAM,UAAU,CAAC,GAAG;AAC/B,YAAM,UAAU,qCAAqC,IAAI;AAEzD,UAAI;AACF,cAAM,cAAU,iCAAoB,QAAQ,gBAAgB;AAC5D,cAAM,WAAW,cAAc,QAAQ,SAAS,KAAK;AACrD,cAAM,UAAU,cAAc,QAAQ,SAAS,KAAK;AACpD,cAAM,MAAM,cAAc,QAAQ,SAAS,KAAK;AAChD,cAAM,YAAY,cAAc,QAAQ,SAAS,KAAK;AAEtD,YAAI,aAAa,SAAS;AACxB,iBAAO,GAAG,KAAK,yBAAyB,SAAS,gBAAgB,CAAC;AAAA,QACpE;AAEA,cAAM,WAAW,MAAM,QAAQ,cAAc,eAAe,UAAU,OAAO;AAE7E,YACE,aAAa,UACb,SAAS,eAAe,QAAQ,eAChC,CAAE,MAAM,gBAAgB,UAAU,UAAU,OAAO,GACnD;AACA,iBAAO,GAAG,KAAK,yBAAyB,SAAS,gBAAgB,CAAC;AAAA,QACpE;AAEA,cAAM,SAAS,UAAM,sCAAyB,QAAQ,kBAAkB;AAAA,UACtE,YAAY,SAAS;AAAA,UACrB,UAAU,QAAQ;AAAA,UAClB,aAAa,QAAQ,OAAO,MAAM;AAAA,UAClC,QAAQ;AAAA,UACR,KAAK,MAAM,QAAQ,SAAS,gBAAgB,UAAU,OAAO;AAAA,UAC7D,SAAS;AAAA,QACX,CAAC;AAED,YAAI,OAAO,OAAO,QAAQ,IAAI;AAC5B,iBAAO,GAAG,KAAK,yBAAyB,SAAS,gBAAgB,CAAC;AAAA,QACpE;AAEA,cAAM,YAAY,CAAC,QAAQ,aAAa,QAAQ,IAAI,UAAU,GAAG,EAAE,KAAK,GAAQ;AAChF,cAAM,WAAW,MAAM,QAAQ,YAAY;AAAA,UACzC;AAAA,UACA,IAAI,KAAK,YAAY,GAAI;AAAA,UACzB;AAAA,QACF;AAEA,YAAI,CAAC,UAAU;AACb,iBAAO,GAAG,KAAK,yBAAyB,SAAS,gBAAgB,CAAC;AAAA,QACpE;AAEA,eAAO;AAAA,UACL;AAAA,UACA,mCAAmC;AAAA,YACjC,UAAU,SAAS;AAAA,YACnB,iBAAiB,SAAS;AAAA,YAC1B,SAAS,QAAQ;AAAA,YACjB,QAAQ;AAAA,YACR,YAAY,QAAQ;AAAA,YACpB,QAAQ,SAAS;AAAA,YACjB,UAAU;AAAA,UACZ,CAAC;AAAA,QACH;AAAA,MACF,QAAQ;AACN,eAAO,GAAG,KAAK,yBAAyB,SAAS,gBAAgB,CAAC;AAAA,MACpE;AAAA,IACF;AAAA,EACF;AACF;AAEA,IAAM,yBAAkD;AAAA,EACtD,QAAQ,UAAU;AAChB,WAAO,SAAS,WAAW;AAAA,EAC7B;AAAA,EACA,gBAAgB;AACd,WAAO;AAAA,EACT;AAAA,EACA,UAAU,UAAU;AAClB,WAAO,SAAS,WAAW;AAAA,EAC7B;AACF;AAEA,SAAS,GAAU,QAAgB,MAA0C;AAC3E,SAAO;AAAA,IACL;AAAA,IACA,aAAa;AAAA,IACb;AAAA,EACF;AACF;AAEA,SAAS,QACP,QACA,MACA,OACyC;AACzC,SAAO;AAAA,IACL,UAAM,kCAAqB;AAAA,MACzB;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,IACD,aAAa;AAAA,IACb;AAAA,EACF;AACF;AAEA,eAAe,mBACb,iBACA,YACA,OACA,SAC6C;AAC7C,QAAM,WAAW,MAAM,MAAM,IAAI,iBAAiB,OAAO;AAEzD,MAAI,aAAa,QAAW;AAC1B,WAAO;AAAA,EACT;AAEA,MAAK,MAAM,WAAW,0BAA0B,UAAU,OAAO,MAAO,OAAO;AAC7E,WAAO;AAAA,EACT;AAEA,SAAO,4BAA4B,QAAQ;AAC7C;AAEA,SAAS,2BAA2B,UAAyD;AAC3F,SAAO;AAAA,IACL,WAAW,SAAS;AAAA,IACpB,mBAAmB,SAAS;AAAA,IAC5B,YAAY,SAAS;AAAA,IACrB,kBAAkB,SAAS;AAAA,IAC3B,QAAQ,SAAS;AAAA,IACjB,aAAa,SAAS;AAAA,IACtB,oBAAoB,CAAC,GAAG,SAAS,iBAAiB;AAAA,IAClD,QAAQ,SAAS;AAAA,IACjB,YAAY,SAAS;AAAA,EACvB;AACF;AAEA,SAAS,0BAA0B,UAAwD;AACzF,SAAO;AAAA,IACL,UAAU,SAAS;AAAA,IACnB,WAAW,SAAS;AAAA,IACpB,UAAU;AAAA,MACR,cAAc,SAAS;AAAA,MACvB,mBAAmB,SAAS;AAAA,MAC5B,kBAAkB,SAAS;AAAA,MAC3B,QAAQ,SAAS;AAAA,MACjB,aAAa,SAAS;AAAA,IACxB;AAAA,IACA,QAAQ,SAAS;AAAA,IACjB,WAAW,SAAS;AAAA,EACtB;AACF;AAEA,SAAS,4BAA4B,UAA0D;AAC7F,SAAO;AAAA,IACL,GAAG;AAAA,IACH,mBAAmB,CAAC,GAAG,SAAS,iBAAiB;AAAA,EACnD;AACF;AAEA,SAAS,kCAAkC,OAA0C;AACnF,QAAM,OAAO,cAAc,OAAO,4BAA4B;AAE9D,SAAO,+BAA+B;AAAA,IACpC,gBAAgB,cAAc,MAAM,iBAAiB;AAAA,IACrD,YAAY,cAAc,MAAM,aAAa;AAAA,EAC/C,CAAC;AACH;AAEA,SAAS,kCAAkC,OAA0C;AACnF,QAAM,OAAO,cAAc,OAAO,4BAA4B;AAC9D,QAAM,SAAS,cAAc,MAAM,QAAQ;AAE3C,MAAI,CAAC,qBAAqB,MAAM,GAAG;AACjC,UAAM,IAAI,UAAU,kDAAkD;AAAA,EACxE;AAEA,SAAO,+BAA+B,EAAE,OAAO,CAAC;AAClD;AAEA,SAAS,6BAA6B,OAAqC;AACzE,QAAM,OAAO,cAAc,OAAO,uBAAuB;AACzD,QAAM,UAAU,cAAc,MAAM,IAAI;AAExC,MAAI,CAAC,uBAAuB,OAAO,GAAG;AACpC,UAAM,IAAI,UAAU,0CAA0C;AAAA,EAChE;AAEA,QAAM,kBACJ,KAAK,kBAAkB,MAAM,SAAY,SAAY,cAAc,MAAM,kBAAkB;AAE7F,SAAO,0BAA0B;AAAA,IAC/B;AAAA,IACA,KAAK,cAAc,MAAM,KAAK;AAAA,IAC9B,YAAY,cAAc,MAAM,aAAa;AAAA,IAC7C,GAAI,oBAAoB,SAAY,CAAC,IAAI,EAAE,iBAAiB,OAAO,eAAe,EAAE;AAAA,EACtF,CAAC;AACH;AAEA,SAAS,qCAAqC,OAA6C;AACzF,QAAM,OAAO,cAAc,OAAO,+BAA+B;AACjE,QAAM,UAAU,cAAc,MAAM,IAAI;AAExC,MAAI,CAAC,uBAAuB,OAAO,GAAG;AACpC,UAAM,IAAI,UAAU,0CAA0C;AAAA,EAChE;AAEA,SAAO,kCAAkC;AAAA,IACvC,iBAAiB,cAAc,MAAM,kBAAkB;AAAA,IACvD;AAAA,IACA,YAAY,cAAc,MAAM,aAAa;AAAA,EAC/C,CAAC;AACH;AAEA,SAAS,yBACP,SACA,QAC8B;AAC9B,SAAO,mCAAmC;AAAA,IACxC;AAAA,IACA,YAAY,QAAQ;AAAA,IACpB,UAAU;AAAA,EACZ,CAAC;AACH;AAEA,SAAS,qBAAqB,UAAkB,YAA4B;AAC1E,MAAI,CAAC,SAAS,SAAS,gBAAgB,GAAG;AACxC,UAAM,IAAI,UAAU,6CAA6C;AAAA,EACnE;AAEA,SAAO,SAAS,QAAQ,kBAAkB,mBAAmB,UAAU,CAAC;AAC1E;AAEA,SAAS,qBAAqB,QAAuD;AACnF,MAAI,WAAW,cAAc;AAC3B,WAAO;AAAA,EACT;AAEA,MAAI,WAAW,eAAe,WAAW,WAAW;AAClD,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAEA,SAAS,gBAAgB,OAAwB;AAC/C,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,IAAI,MAAM,IAAI,eAAe,EAAE,KAAK,GAAG,CAAC;AAAA,EACjD;AAEA,MAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAC/C,WAAO,IAAI,OAAO,QAAQ,KAAK,EAC5B,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,MAAM,KAAK,cAAc,KAAK,CAAC,EACnD,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,GAAG,KAAK,UAAU,GAAG,CAAC,IAAI,gBAAgB,IAAI,CAAC,EAAE,EACtE,KAAK,GAAG,CAAC;AAAA,EACd;AAEA,SAAO,KAAK,UAAU,KAAK;AAC7B;AAEA,SAAS,mBAA2B;AAClC,SAAO,WAAW,OAAO,WAAW,EAAE,WAAW,KAAK,EAAE;AAC1D;AAEA,SAAS,cAAc,OAAgB,OAAwC;AAC7E,MAAI,OAAO,UAAU,YAAY,UAAU,QAAQ,MAAM,QAAQ,KAAK,GAAG;AACvE,UAAM,IAAI,UAAU,GAAG,KAAK,qBAAqB;AAAA,EACnD;AAEA,SAAO;AACT;AAEA,SAAS,cAAc,QAAiC,KAAqB;AAC3E,QAAM,QAAQ,OAAO,GAAG;AAExB,MAAI,OAAO,UAAU,YAAY,MAAM,KAAK,EAAE,WAAW,GAAG;AAC1D,UAAM,IAAI,UAAU,GAAG,GAAG,8BAA8B;AAAA,EAC1D;AAEA,SAAO;AACT;AAEA,SAAS,cAAc,QAAiC,KAAqB;AAC3E,QAAM,QAAQ,OAAO,GAAG;AAExB,MAAI,OAAO,UAAU,YAAY,CAAC,OAAO,UAAU,KAAK,GAAG;AACzD,UAAM,IAAI,UAAU,GAAG,GAAG,sBAAsB;AAAA,EAClD;AAEA,SAAO;AACT;AAEA,SAAS,uBAAuB,OAAiD;AAC/E,SAAO,UAAU,YAAY,UAAU,WAAW,UAAU,YAAY,UAAU;AACpF;AAEA,SAAS,qBAAqB,OAA4C;AACxE,SACE,UAAU,YAAY,UAAU,aAAa,UAAU,eAAe,UAAU;AAEpF;AAEA,SAAS,qBAAqB,UAAsC;AAClE,iBAAe,YAAY,SAAS,QAAQ;AAE5C,MAAI,SAAS,WAAW,UAAU;AAChC,UAAM,IAAI,MAAM,yCAAyC,SAAS,QAAQ,GAAG;AAAA,EAC/E;AACF;AAEA,SAAS,eAAe,OAAe,OAAqB;AAC1D,MAAI,MAAM,KAAK,EAAE,WAAW,GAAG;AAC7B,UAAM,IAAI,UAAU,GAAG,KAAK,8BAA8B;AAAA,EAC5D;AACF;AAEA,SAAS,0BAA0B,UAAsD;AACvF,SAAO;AAAA,IACL,GAAG;AAAA,IACH,UAAU,YAAY,SAAS,QAAQ;AAAA,EACzC;AACF;AAEA,SAAS,YAAY,QAA0D;AAC7E,SAAO,gBAAgB,MAAM;AAC/B;AAEA,SAAS,eAAe,OAA8B;AACpD,QAAM,eAAe,OAAO,UAAU,WAAW,QAAQ,KAAK,MAAM,MAAM,QAAQ,IAAI,GAAI;AAE1F,MAAI,CAAC,OAAO,UAAU,YAAY,KAAK,eAAe,GAAG;AACvD,UAAM,IAAI,UAAU,uDAAuD;AAAA,EAC7E;AAEA,SAAO;AACT;AAEA,SAAS,kBAAkB,OAAuB;AAChD,SAAO,IAAI,KAAK,QAAQ,GAAI,EAAE,YAAY;AAC5C;AAEA,SAAS,wBACP,iBACA,qBAAqB,iCACb;AACR,MAAI,CAAC,OAAO,UAAU,eAAe,KAAK,mBAAmB,GAAG;AAC9D,UAAM,IAAI,UAAU,6CAA6C;AAAA,EACnE;AAEA,MAAI,CAAC,OAAO,UAAU,kBAAkB,KAAK,sBAAsB,GAAG;AACpE,UAAM,IAAI,UAAU,gDAAgD;AAAA,EACtE;AAEA,MAAI,kBAAkB,oBAAoB;AACxC,UAAM,IAAI,UAAU,qDAAqD;AAAA,EAC3E;AAEA,SAAO;AACT;AAEA,SAAS,4BACP,UACA,QACA,OACuB;AACvB,QAAM,KAAK,OAAO,MAAM,GAAG,QAAQ,QAAQ,QAAQ,CAAC;AACpD,QAAM,aAAa,OAAO,cAAc;AACxC,QAAM,aAAa,EAAE,GAAG,OAAO;AAC/B,SAAO,WAAW;AAElB,iBAAe,0BAA0B,EAAE;AAC3C,iBAAe,4BAA4B,OAAO,IAAI;AACtD,iBAAe,kCAAkC,UAAU;AAE3D,SAAO;AAAA,IACL,GAAG,gBAAgB,UAAU;AAAA,IAC7B;AAAA,IACA;AAAA,IACA,MAAM,OAAO;AAAA,EACf;AACF;AAEA,SAAS,gBAAgB,SAAiC;AACxD,SAAO,gBAAgB,OAAO;AAChC;AAEA,SAAS,oBAAmD;AAC1D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEA,SAAS,0BAA0B,YAAwD;AACzF,QAAM,YAAY,WAAW,KAAK,CAAC,cAAc,cAAc,WAAW,cAAc,OAAO;AAE/F,MAAI,cAAc,QAAW;AAC3B,UAAM,IAAI,UAAU,uDAAuD;AAAA,EAC7E;AAEA,SAAO;AACT;","names":[]}
@@ -0,0 +1,432 @@
1
+ import { AepSigningAlgorithm, AepProblemDetails, AepAuthenticatedCommand, AepClientAssertionClaims, AepImportableJoseKey } from '@aep-foundation/core';
2
+
3
+ declare const packageName = "@aep-foundation/platform";
4
+ declare const platformHostedIdentityDraft = "draft-kavian-aep-platform-hosted-identity-00";
5
+ declare const defaultAssertionLifetimeSeconds = 300;
6
+ type ManagedAgentStatus = "active" | "revoked" | "suspended" | "terminated";
7
+ interface PlatformDiscoveryDocument {
8
+ aep_version: string;
9
+ endpoints: {
10
+ hosted_verification?: string;
11
+ lifecycle: string;
12
+ list: string;
13
+ provision: string;
14
+ sign: string;
15
+ [key: string]: unknown;
16
+ };
17
+ http: {
18
+ endpoint_base: string;
19
+ [key: string]: unknown;
20
+ };
21
+ identity: {
22
+ did_methods: string[];
23
+ did_url_template: string;
24
+ [key: string]: unknown;
25
+ };
26
+ platform: {
27
+ did?: string;
28
+ hosted_verification: boolean;
29
+ name: string;
30
+ [key: string]: unknown;
31
+ };
32
+ signing: {
33
+ algorithms: AepSigningAlgorithm[];
34
+ default_lifetime_seconds: string;
35
+ [key: string]: unknown;
36
+ };
37
+ [key: string]: unknown;
38
+ }
39
+ interface PlatformDiscoveryDocumentOptions {
40
+ aepVersion?: string;
41
+ defaultLifetimeSeconds?: number;
42
+ didMethods?: string[];
43
+ didUrlTemplate: string;
44
+ endpointBase: string;
45
+ endpoints: {
46
+ hostedVerification?: string;
47
+ lifecycle: string;
48
+ list: string;
49
+ provision: string;
50
+ sign: string;
51
+ };
52
+ hostedVerification?: boolean;
53
+ maxLifetimeSeconds?: number;
54
+ platformDid?: string;
55
+ platformName: string;
56
+ signingAlgorithms: AepSigningAlgorithm[];
57
+ }
58
+ interface ManagedAgentIdentity {
59
+ accountId?: string;
60
+ agentDid: string;
61
+ createdAt: string;
62
+ metadata: Record<string, unknown>;
63
+ status: ManagedAgentStatus;
64
+ subjectDid?: string;
65
+ tenantId?: string;
66
+ updatedAt: string;
67
+ }
68
+ interface ServiceScopedAgentDidOptions {
69
+ agentDidId: string;
70
+ host: string;
71
+ pathPrefix?: string;
72
+ }
73
+ interface PlatformAgentIdentity {
74
+ agent_did: string;
75
+ agent_identity_id: string;
76
+ created_at: string;
77
+ did_document_url: string;
78
+ key_id: string;
79
+ service_did: string;
80
+ signing_algorithms: AepSigningAlgorithm[];
81
+ status: ManagedAgentStatus;
82
+ updated_at: string;
83
+ }
84
+ interface PlatformPage<T> {
85
+ count: string;
86
+ data: T[];
87
+ total: string;
88
+ }
89
+ type PlatformAgentIdentityListResponse = PlatformPage<PlatformAgentIdentity>;
90
+ interface PlatformAgentIdentityOptions {
91
+ agentDid: string;
92
+ agentIdentityId: string;
93
+ clock?: () => Date;
94
+ didDocumentUrl?: string;
95
+ keyId?: string;
96
+ serviceDid: string;
97
+ signingAlgorithms: AepSigningAlgorithm[];
98
+ status?: ManagedAgentStatus;
99
+ }
100
+ interface ManagedAgentIdentityOptions {
101
+ accountId?: string;
102
+ agentDid: string;
103
+ clock?: () => Date;
104
+ metadata?: Record<string, unknown>;
105
+ status?: ManagedAgentStatus;
106
+ subjectDid?: string;
107
+ tenantId?: string;
108
+ }
109
+ interface ManagedAgentIdentityUpdate {
110
+ accountId?: string;
111
+ metadata?: Record<string, unknown>;
112
+ status?: ManagedAgentStatus;
113
+ subjectDid?: string;
114
+ tenantId?: string;
115
+ }
116
+ interface PlatformLifecycleRequest {
117
+ status: ManagedAgentStatus;
118
+ }
119
+ interface PlatformLifecycleRequestOptions {
120
+ status: ManagedAgentStatus;
121
+ }
122
+ interface ManagedAgentRegistry {
123
+ get(agentDid: string): ManagedAgentIdentity | undefined;
124
+ list(filter?: ManagedAgentListFilter): ManagedAgentIdentity[];
125
+ remove(agentDid: string): boolean;
126
+ setStatus(agentDid: string, status: ManagedAgentStatus): ManagedAgentIdentity;
127
+ upsert(identity: ManagedAgentIdentity): ManagedAgentIdentity;
128
+ }
129
+ interface ManagedAgentListFilter {
130
+ accountId?: string;
131
+ status?: ManagedAgentStatus;
132
+ tenantId?: string;
133
+ }
134
+ interface PlatformEnrollRequest {
135
+ agent_did: string;
136
+ claims?: Record<string, unknown>;
137
+ idempotency_key: string;
138
+ }
139
+ interface PlatformEnrollRequestOptions {
140
+ claims?: Record<string, unknown>;
141
+ identity: ManagedAgentIdentity;
142
+ idempotencyKey: string;
143
+ }
144
+ interface PlatformProvisionRequest {
145
+ idempotency_key: string;
146
+ service_did: string;
147
+ }
148
+ interface PlatformProvisionRequestOptions {
149
+ idempotencyKey: string;
150
+ serviceDid: string;
151
+ }
152
+ interface PlatformClientAssertionClaims {
153
+ aud: string;
154
+ exp: number;
155
+ iat: number;
156
+ iss: string;
157
+ jti: string;
158
+ op: AepAuthenticatedCommand;
159
+ sub: string;
160
+ }
161
+ interface PlatformClientAssertionClaimsOptions {
162
+ command: AepAuthenticatedCommand;
163
+ identity: ManagedAgentIdentity;
164
+ issuedAt?: Date | number;
165
+ jti: string;
166
+ maxLifetimeSeconds?: number;
167
+ serviceDid: string;
168
+ lifetimeSeconds?: number;
169
+ }
170
+ type DidVerificationRelationship = "assertionMethod" | "authentication" | "capabilityDelegation" | "capabilityInvocation" | "keyAgreement";
171
+ interface DidVerificationMethod {
172
+ controller: string;
173
+ id: string;
174
+ publicKeyJwk?: Record<string, unknown>;
175
+ publicKeyMultibase?: string;
176
+ publicKeyPem?: string;
177
+ type: string;
178
+ [key: string]: unknown;
179
+ }
180
+ interface DidService {
181
+ id: string;
182
+ serviceEndpoint: string | string[] | Record<string, unknown>;
183
+ type: string;
184
+ [key: string]: unknown;
185
+ }
186
+ interface DidDocument {
187
+ "@context": string | string[];
188
+ assertionMethod?: Array<string | DidVerificationMethod>;
189
+ authentication?: Array<string | DidVerificationMethod>;
190
+ capabilityDelegation?: Array<string | DidVerificationMethod>;
191
+ capabilityInvocation?: Array<string | DidVerificationMethod>;
192
+ controller?: string | string[];
193
+ id: string;
194
+ keyAgreement?: Array<string | DidVerificationMethod>;
195
+ service?: DidService[];
196
+ verificationMethod?: DidVerificationMethod[];
197
+ [key: string]: unknown;
198
+ }
199
+ interface ManagedAgentDidVerificationMethodOptions {
200
+ controller?: string;
201
+ id?: string;
202
+ publicKeyJwk?: Record<string, unknown>;
203
+ publicKeyMultibase?: string;
204
+ publicKeyPem?: string;
205
+ relationships?: DidVerificationRelationship[];
206
+ type: string;
207
+ [key: string]: unknown;
208
+ }
209
+ interface ManagedAgentDidDocumentOptions {
210
+ additionalContexts?: string[];
211
+ controller?: string | string[];
212
+ identity: ManagedAgentIdentity;
213
+ service?: DidService[];
214
+ verificationMethods: ManagedAgentDidVerificationMethodOptions[];
215
+ }
216
+ interface DidDocumentPublication {
217
+ document: DidDocument;
218
+ publishedAt: string;
219
+ url?: string;
220
+ }
221
+ interface DidDocumentPublisher {
222
+ publish(document: DidDocument): Promise<DidDocumentPublication> | DidDocumentPublication;
223
+ }
224
+ interface PublishManagedAgentDidDocumentOptions extends ManagedAgentDidDocumentOptions {
225
+ publisher: DidDocumentPublisher;
226
+ }
227
+ interface PlatformDelegatedSigningContext {
228
+ identity: ManagedAgentIdentity;
229
+ signingAlgorithms: AepSigningAlgorithm[];
230
+ }
231
+ type PlatformDelegatedSigner = (claims: AepClientAssertionClaims, context: PlatformDelegatedSigningContext) => Promise<string> | string;
232
+ interface JwtPlatformDelegatedSignerOptions {
233
+ alg?: AepSigningAlgorithm;
234
+ key: AepImportableJoseKey;
235
+ kid?: string;
236
+ typ?: string;
237
+ }
238
+ interface SignPlatformClientAssertionOptions extends PlatformClientAssertionClaimsOptions {
239
+ signer: PlatformDelegatedSigner;
240
+ signingAlgorithms?: AepSigningAlgorithm[];
241
+ }
242
+ interface PlatformSignRequest {
243
+ jti: string;
244
+ lifetime_seconds?: string;
245
+ op: AepAuthenticatedCommand;
246
+ service_did: string;
247
+ }
248
+ interface PlatformSignRequestOptions {
249
+ command: AepAuthenticatedCommand;
250
+ jti: string;
251
+ maxLifetimeSeconds?: number;
252
+ serviceDid: string;
253
+ lifetimeSeconds?: number;
254
+ }
255
+ interface PlatformSignResponse {
256
+ agent_did: string;
257
+ client_assertion: string;
258
+ expires_at: string;
259
+ issued_at: string;
260
+ jti: string;
261
+ service_did: string;
262
+ }
263
+ interface PlatformSignResponseOptions {
264
+ clientAssertion: string;
265
+ identity: ManagedAgentIdentity;
266
+ issuedAt?: Date | number;
267
+ jti: string;
268
+ maxLifetimeSeconds?: number;
269
+ serviceDid: string;
270
+ lifetimeSeconds?: number;
271
+ }
272
+ interface PlatformVerificationRequest {
273
+ client_assertion: string;
274
+ op: AepAuthenticatedCommand;
275
+ service_did: string;
276
+ }
277
+ interface PlatformVerificationRequestOptions {
278
+ clientAssertion: string;
279
+ command: AepAuthenticatedCommand;
280
+ serviceDid: string;
281
+ }
282
+ interface PlatformVerificationResponse {
283
+ agent_did?: string;
284
+ agent_identity_id?: string;
285
+ op?: AepAuthenticatedCommand;
286
+ reason: string;
287
+ service_did: string;
288
+ status?: ManagedAgentStatus;
289
+ verified: boolean;
290
+ }
291
+ interface PlatformVerificationResponseOptions {
292
+ agentDid?: string;
293
+ agentIdentityId?: string;
294
+ command?: AepAuthenticatedCommand;
295
+ reason: string;
296
+ serviceDid: string;
297
+ status?: ManagedAgentStatus;
298
+ verified: boolean;
299
+ }
300
+ type Awaitable<T> = T | Promise<T>;
301
+ interface PlatformHttpResponse<TBody = unknown> {
302
+ body: TBody;
303
+ contentType: string;
304
+ status: number;
305
+ }
306
+ interface PlatformRequestContext {
307
+ authorization?: string;
308
+ now?: Date;
309
+ requestId?: string;
310
+ subject?: string;
311
+ }
312
+ interface PlatformIdentityRecord {
313
+ agentDid: string;
314
+ agentDidId: string;
315
+ agentIdentityId: string;
316
+ createdAt: string;
317
+ didDocumentUrl: string;
318
+ keyId: string;
319
+ serviceDid: string;
320
+ signingAlgorithms: AepSigningAlgorithm[];
321
+ status: ManagedAgentStatus;
322
+ updatedAt: string;
323
+ }
324
+ interface PlatformIdentityListQuery {
325
+ limit?: number;
326
+ offset?: number;
327
+ serviceDid?: string;
328
+ status?: ManagedAgentStatus;
329
+ }
330
+ interface PlatformIdentityListResult {
331
+ identities: PlatformIdentityRecord[];
332
+ total: number;
333
+ }
334
+ interface PlatformIdentityStore {
335
+ create(identity: PlatformIdentityRecord, context: PlatformRequestContext): Awaitable<void>;
336
+ findByAgentDid(agentDid: string, context: PlatformRequestContext): Awaitable<PlatformIdentityRecord | undefined>;
337
+ get(agentIdentityId: string, context: PlatformRequestContext): Awaitable<PlatformIdentityRecord | undefined>;
338
+ list(query: PlatformIdentityListQuery, context: PlatformRequestContext): Awaitable<PlatformIdentityListResult>;
339
+ update(agentIdentityId: string, update: {
340
+ status: ManagedAgentStatus;
341
+ updatedAt: string;
342
+ }, context: PlatformRequestContext): Awaitable<PlatformIdentityRecord | undefined>;
343
+ }
344
+ interface PlatformProvisionIdempotencyRecord {
345
+ idempotencyKey: string;
346
+ requestHash: string;
347
+ response: PlatformAgentIdentity;
348
+ }
349
+ interface PlatformProvisionIdempotencyStore {
350
+ get(idempotencyKey: string, context: PlatformRequestContext): Awaitable<PlatformProvisionIdempotencyRecord | undefined>;
351
+ set(record: PlatformProvisionIdempotencyRecord, context: PlatformRequestContext): Awaitable<void>;
352
+ }
353
+ interface PlatformReplayStore {
354
+ consume(key: string, expiresAt: Date, context: PlatformRequestContext): Awaitable<boolean>;
355
+ }
356
+ interface PlatformKeyStore {
357
+ create(identity: PlatformIdentityRecord, context: PlatformRequestContext): Awaitable<void>;
358
+ didVerificationMethod(identity: PlatformIdentityRecord, context: PlatformRequestContext): Awaitable<ManagedAgentDidVerificationMethodOptions>;
359
+ sign(identity: PlatformIdentityRecord, claims: AepClientAssertionClaims, context: PlatformRequestContext): Awaitable<string>;
360
+ verificationKey(identity: PlatformIdentityRecord, context: PlatformRequestContext): Awaitable<AepImportableJoseKey>;
361
+ }
362
+ interface PlatformServiceDidResolver {
363
+ resolve(serviceDid: string, context: PlatformRequestContext): Awaitable<boolean>;
364
+ }
365
+ interface PlatformAuthorizer {
366
+ authorizeIdentityAccess?(identity: PlatformIdentityRecord, context: PlatformRequestContext): Awaitable<boolean>;
367
+ authorizeList?(context: PlatformRequestContext): Awaitable<boolean>;
368
+ authorizeProvision?(request: PlatformProvisionRequest, context: PlatformRequestContext): Awaitable<boolean>;
369
+ }
370
+ interface PlatformLifecyclePolicy {
371
+ canSign(identity: PlatformIdentityRecord, context: PlatformRequestContext): Awaitable<boolean>;
372
+ canTransition(identity: PlatformIdentityRecord, nextStatus: ManagedAgentStatus, context: PlatformRequestContext): Awaitable<boolean>;
373
+ canVerify(identity: PlatformIdentityRecord, context: PlatformRequestContext): Awaitable<boolean>;
374
+ }
375
+ interface CreateAepPlatformOptions {
376
+ authorizer?: PlatformAuthorizer;
377
+ clock?: () => Date;
378
+ defaultLifetimeSeconds?: number;
379
+ didHost: string;
380
+ didPathPrefix?: string;
381
+ didUrlTemplate: string;
382
+ discovery: Omit<PlatformDiscoveryDocumentOptions, "defaultLifetimeSeconds" | "didUrlTemplate" | "signingAlgorithms">;
383
+ idGenerator?: () => string;
384
+ idempotencyStore: PlatformProvisionIdempotencyStore;
385
+ identityStore: PlatformIdentityStore;
386
+ keyStore: PlatformKeyStore;
387
+ lifecyclePolicy?: PlatformLifecyclePolicy;
388
+ maxLifetimeSeconds?: number;
389
+ replayStore: PlatformReplayStore;
390
+ serviceDidResolver: PlatformServiceDidResolver;
391
+ signingAlgorithms: AepSigningAlgorithm[];
392
+ }
393
+ interface AepPlatform {
394
+ discovery(): PlatformHttpResponse<PlatformDiscoveryDocument>;
395
+ getDidDocument(agentIdentityId: string, context?: PlatformRequestContext): Promise<PlatformHttpResponse<DidDocument | AepProblemDetails>>;
396
+ getIdentity(agentIdentityId: string, context?: PlatformRequestContext): Promise<PlatformHttpResponse<PlatformAgentIdentity | AepProblemDetails>>;
397
+ list(query?: PlatformIdentityListQuery, context?: PlatformRequestContext): Promise<PlatformHttpResponse<PlatformAgentIdentityListResponse | AepProblemDetails>>;
398
+ provision(body: unknown, context?: PlatformRequestContext): Promise<PlatformHttpResponse<PlatformAgentIdentity | AepProblemDetails>>;
399
+ sign(agentIdentityId: string, body: unknown, context?: PlatformRequestContext): Promise<PlatformHttpResponse<PlatformSignResponse | AepProblemDetails>>;
400
+ updateIdentity(agentIdentityId: string, body: unknown, context?: PlatformRequestContext): Promise<PlatformHttpResponse<PlatformAgentIdentity | AepProblemDetails>>;
401
+ verify(body: unknown, context?: PlatformRequestContext): Promise<PlatformHttpResponse<PlatformVerificationResponse>>;
402
+ }
403
+ declare class InMemoryManagedAgentRegistry implements ManagedAgentRegistry {
404
+ #private;
405
+ constructor(identities?: ManagedAgentIdentity[]);
406
+ get(agentDid: string): ManagedAgentIdentity | undefined;
407
+ list(filter?: ManagedAgentListFilter): ManagedAgentIdentity[];
408
+ remove(agentDid: string): boolean;
409
+ setStatus(agentDid: string, status: ManagedAgentStatus): ManagedAgentIdentity;
410
+ upsert(identity: ManagedAgentIdentity): ManagedAgentIdentity;
411
+ }
412
+ declare function createManagedAgentIdentity(options: ManagedAgentIdentityOptions): ManagedAgentIdentity;
413
+ declare function updateManagedAgentIdentity(identity: ManagedAgentIdentity, update: ManagedAgentIdentityUpdate, clock?: () => Date): ManagedAgentIdentity;
414
+ declare function createPlatformDiscoveryDocument(options: PlatformDiscoveryDocumentOptions): PlatformDiscoveryDocument;
415
+ declare function createServiceScopedAgentDid(options: ServiceScopedAgentDidOptions): string;
416
+ declare function createPlatformAgentIdentity(options: PlatformAgentIdentityOptions): PlatformAgentIdentity;
417
+ declare function createPlatformAgentIdentityListResponse(identities: PlatformAgentIdentity[], total?: number): PlatformAgentIdentityListResponse;
418
+ declare function createPlatformLifecycleRequest(options: PlatformLifecycleRequestOptions): PlatformLifecycleRequest;
419
+ declare function createPlatformProvisionRequest(options: PlatformProvisionRequestOptions): PlatformProvisionRequest;
420
+ declare function createPlatformEnrollRequest(options: PlatformEnrollRequestOptions): PlatformEnrollRequest;
421
+ declare function createPlatformClientAssertionClaims(options: PlatformClientAssertionClaimsOptions): AepClientAssertionClaims;
422
+ declare function createManagedAgentDidDocument(options: ManagedAgentDidDocumentOptions): DidDocument;
423
+ declare function publishManagedAgentDidDocument(options: PublishManagedAgentDidDocumentOptions): Promise<DidDocumentPublication>;
424
+ declare function createJwtPlatformDelegatedSigner(options: JwtPlatformDelegatedSignerOptions): PlatformDelegatedSigner;
425
+ declare function signPlatformClientAssertion(options: SignPlatformClientAssertionOptions): Promise<string>;
426
+ declare function createPlatformSignRequest(options: PlatformSignRequestOptions): PlatformSignRequest;
427
+ declare function createPlatformSignResponse(options: PlatformSignResponseOptions): PlatformSignResponse;
428
+ declare function createPlatformVerificationRequest(options: PlatformVerificationRequestOptions): PlatformVerificationRequest;
429
+ declare function createPlatformVerificationResponse(options: PlatformVerificationResponseOptions): PlatformVerificationResponse;
430
+ declare function createAepPlatform(options: CreateAepPlatformOptions): AepPlatform;
431
+
432
+ export { type AepPlatform, type Awaitable, type CreateAepPlatformOptions, type DidDocument, type DidDocumentPublication, type DidDocumentPublisher, type DidService, type DidVerificationMethod, type DidVerificationRelationship, InMemoryManagedAgentRegistry, type JwtPlatformDelegatedSignerOptions, type ManagedAgentDidDocumentOptions, type ManagedAgentDidVerificationMethodOptions, type ManagedAgentIdentity, type ManagedAgentIdentityOptions, type ManagedAgentIdentityUpdate, type ManagedAgentListFilter, type ManagedAgentRegistry, type ManagedAgentStatus, type PlatformAgentIdentity, type PlatformAgentIdentityListResponse, type PlatformAgentIdentityOptions, type PlatformAuthorizer, type PlatformClientAssertionClaims, type PlatformClientAssertionClaimsOptions, type PlatformDelegatedSigner, type PlatformDelegatedSigningContext, type PlatformDiscoveryDocument, type PlatformDiscoveryDocumentOptions, type PlatformEnrollRequest, type PlatformEnrollRequestOptions, type PlatformHttpResponse, type PlatformIdentityListQuery, type PlatformIdentityListResult, type PlatformIdentityRecord, type PlatformIdentityStore, type PlatformKeyStore, type PlatformLifecyclePolicy, type PlatformLifecycleRequest, type PlatformLifecycleRequestOptions, type PlatformPage, type PlatformProvisionIdempotencyRecord, type PlatformProvisionIdempotencyStore, type PlatformProvisionRequest, type PlatformProvisionRequestOptions, type PlatformReplayStore, type PlatformRequestContext, type PlatformServiceDidResolver, type PlatformSignRequest, type PlatformSignRequestOptions, type PlatformSignResponse, type PlatformSignResponseOptions, type PlatformVerificationRequest, type PlatformVerificationRequestOptions, type PlatformVerificationResponse, type PlatformVerificationResponseOptions, type PublishManagedAgentDidDocumentOptions, type ServiceScopedAgentDidOptions, type SignPlatformClientAssertionOptions, createAepPlatform, createJwtPlatformDelegatedSigner, createManagedAgentDidDocument, createManagedAgentIdentity, createPlatformAgentIdentity, createPlatformAgentIdentityListResponse, createPlatformClientAssertionClaims, createPlatformDiscoveryDocument, createPlatformEnrollRequest, createPlatformLifecycleRequest, createPlatformProvisionRequest, createPlatformSignRequest, createPlatformSignResponse, createPlatformVerificationRequest, createPlatformVerificationResponse, createServiceScopedAgentDid, defaultAssertionLifetimeSeconds, packageName, platformHostedIdentityDraft, publishManagedAgentDidDocument, signPlatformClientAssertion, updateManagedAgentIdentity };